]> git.baikalelectronics.ru Git - kernel.git/commit
crypto: arm64/polyval - Add PMULL accelerated implementation of POLYVAL
authorNathan Huckleberry <nhuck@google.com>
Fri, 20 May 2022 18:15:00 +0000 (18:15 +0000)
committerHerbert Xu <herbert@gondor.apana.org.au>
Fri, 10 Jun 2022 08:40:18 +0000 (16:40 +0800)
commitbca21725bf55b2d77150c9fdfb314269a7e9f4e1
tree66e8f069b9f6b51d2ebeff326129d85c9134c23b
parenta9af51e80c471c46da2a1a916fffcfa12d836465
crypto: arm64/polyval - Add PMULL accelerated implementation of POLYVAL

Add hardware accelerated version of POLYVAL for ARM64 CPUs with
Crypto Extensions support.

This implementation is accelerated using PMULL instructions to perform
the finite field computations.  For added efficiency, 8 blocks of the
message are processed simultaneously by precomputing the first 8
powers of the key.

Karatsuba multiplication is used instead of Schoolbook multiplication
because it was found to be slightly faster on ARM64 CPUs.  Montgomery
reduction must be used instead of Barrett reduction due to the
difference in modulus between POLYVAL's field and other finite fields.

More information on POLYVAL can be found in the HCTR2 paper:
"Length-preserving encryption with HCTR2":
https://eprint.iacr.org/2021/1441.pdf

Signed-off-by: Nathan Huckleberry <nhuck@google.com>
Reviewed-by: Ard Biesheuvel <ardb@kernel.org>
Reviewed-by: Eric Biggers <ebiggers@google.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
arch/arm64/crypto/Kconfig
arch/arm64/crypto/Makefile
arch/arm64/crypto/polyval-ce-core.S [new file with mode: 0644]
arch/arm64/crypto/polyval-ce-glue.c [new file with mode: 0644]