On Fri, Sep 17, 2021 at 2:31 PM austin clifton <
austin....@otoy.com> wrote:
>
> Hey Jeff, thanks for the fast response!
>
> Yes, the encrypted sha from your AMD CPUs matches what I get on my Ryzen 7 3700X.
>
> The encrypted sha from the i7 is 8F16077454F8477594CAD4304126B0A6F30C8C4D2536E2441FFFD320656E1DF1. That's also the sha I get if I disable AVX on my Ryzen when compiling cryptopp.
>
> I'm not sure which sha is "correct" but we are seeing the same behavior across the AMD CPUs. Would it make sense to disable assembly altogether to get a reference encrypted sha256?
Yes, that is what I usually do when I need a reference. I add
-DCRYPTOPP_DISABLE_ASM to CXXFLAGS. That removes all inline assembly
and intrinsics.
In the case of ChaCha there is another option for a reference. You can
use Bernstein's reference implementation. I use the author's
implementation for test vectors, when available. I keep them stashed
away at
https://github.com/noloader/cryptopp-test.
Note that Bernstein's ChaCah and the IETF's ChaCha are slightly
different. Bernstein uses a 64-bit counter that starts at 0 and cannot
wrap. IETF uses a 32-bit counter that can wrap. The IETF never
specified what to do when wrap occurs.
> We are seeing the same behavior from MSVC and GCC compilers. I can try master with GCC here too but sounds like that fix is unrelated?
Yeah, I think that is an issue with the CPU, not the compiler.
> I'll try to glean more useful data from logs I have here. We distribute encrypted assets to lots of machines (all running Windows) but I have to dig around some.
The guy to ask is Agner Fog,
https://www.agner.org. I'm not sure
whether he runs a mailing list.
Jeff