chiark / gitweb /
symm/gcm-*.S: GCM acceleration using hardware polynomial multiplication.
authorMark Wooding <mdw@distorted.org.uk>
Tue, 13 Nov 2018 11:28:53 +0000 (11:28 +0000)
committerMark Wooding <mdw@distorted.org.uk>
Sun, 8 Sep 2019 17:35:39 +0000 (18:35 +0100)
commit9e6a4409d58d1ed9dfe2de3c6ffaee822e051c9f
tree034d713dcc91193e8488bef21f3bafdce8ebd3c3
parent1d30a9b905cb0d622934dd438117e0a1b354c3f8
symm/gcm-*.S: GCM acceleration using hardware polynomial multiplication.

Add assembler implementations of the low-level GCM arithmetic which make
use of polynomial multiplication instructions on x86 (the delightfully
named `pclmul{l,h}q{l,h}dq' instructions) and ARM processors (the ARM32
`vmull.p64' and ARM64 `pmull{,2}' instructions).  Of course, this
involves adding the necessary CPU feature detection.

GCM's bit and byte order is remarkably confusing.  I've tried quite hard
to write the code so as to help the reader keep track of which bits are
where, but it's very difficult.

There's also a Python implementation which has proven invaluable while
debugging these things.
base/dispatch.c
base/dispatch.h
symm/Makefile.am
symm/gcm-arm-crypto.S [new file with mode: 0644]
symm/gcm-arm64-pmull.S [new file with mode: 0644]
symm/gcm-x86ish-pclmul.S [new file with mode: 0644]
symm/gcm.c
utils/gcm-ref [new file with mode: 0755]