git.baikalelectronics.ru Git - kernel.git/commit

author	Nathan Huckleberry <nhuck@google.com>
	Fri, 20 May 2022 18:14:59 +0000 (18:14 +0000)
committer	Herbert Xu <herbert@gondor.apana.org.au>
	Fri, 10 Jun 2022 08:40:17 +0000 (16:40 +0800)
commit	a9af51e80c471c46da2a1a916fffcfa12d836465
tree	54cceaf783df3b379afd1b6c52a699c5ed8301c4	tree \| snapshot
parent	96c3010b25e3293c3f823c3a22a46a11b8b45a55	commit \| diff

crypto: x86/polyval - Add PCLMULQDQ accelerated implementation of POLYVAL

Add hardware accelerated version of POLYVAL for x86-64 CPUs with
PCLMULQDQ support.

This implementation is accelerated using PCLMULQDQ instructions to
perform the finite field computations. For added efficiency, 8 blocks
of the message are processed simultaneously by precomputing the first
8 powers of the key.

Schoolbook multiplication is used instead of Karatsuba multiplication
because it was found to be slightly faster on x86-64 machines.
Montgomery reduction must be used instead of Barrett reduction due to
the difference in modulus between POLYVAL's field and other finite
fields.

More information on POLYVAL can be found in the HCTR2 paper:
"Length-preserving encryption with HCTR2":
https://eprint.iacr.org/2021/1441.pdf

Signed-off-by: Nathan Huckleberry <nhuck@google.com>
Reviewed-by: Ard Biesheuvel <ardb@kernel.org>
Reviewed-by: Eric Biggers <ebiggers@google.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>

arch/x86/crypto/Makefile		diff \| blob \| history
arch/x86/crypto/polyval-clmulni_asm.S	[new file with mode: 0644]	blob
arch/x86/crypto/polyval-clmulni_glue.c	[new file with mode: 0644]	blob
crypto/Kconfig		diff \| blob \| history
crypto/polyval-generic.c		diff \| blob \| history
include/crypto/polyval.h		diff \| blob \| history