[RFC PATCH v2] Initial implementation of GCM

Jussi Kivilinna jussi.kivilinna at iki.fi
Mon Nov 11 13:46:23 CET 2013

On 08.11.2013 16:08, Jussi Kivilinna wrote:
> On 08.11.2013 15:43, Jussi Kivilinna wrote:
>> On 08.11.2013 12:03, Dmitry Eremin-Solenikov wrote:
>>> +#define GHASH(c, result, buf) ghash (result, buf, c->gcm_table);
>> Following is faster:
> But does not work on big-endian :P

I ended up doing small patch-set on top of this patch, which adds more optimized
versions of generic ghash for 32-bit (~33 cpb on Cortex-A8) and 64-bit machines
(~11 cpb on Intel Haswell, ~16 on Intel Core2). I've also added Intel PCLMUL
acceleration which gets GCM-auth to ~0.83 cpb on haswell.

Patches are at

So, do we make v3 of this initial implementation and rebase these patches on it
or do I push v2 and these patches to repo and we'll work on from there?


More information about the Gcrypt-devel mailing list