[RFC PATCH v2] Initial implementation of GCM
Jussi Kivilinna
jussi.kivilinna at iki.fi
Mon Nov 11 15:09:32 CET 2013
On 11.11.2013 15:02, Dmitry Eremin-Solenikov wrote:
> Hello,
>
> On Mon, Nov 11, 2013 at 4:46 PM, Jussi Kivilinna <jussi.kivilinna at iki.fi> wrote:
>> On 08.11.2013 16:08, Jussi Kivilinna wrote:
>>> On 08.11.2013 15:43, Jussi Kivilinna wrote:
>>>> On 08.11.2013 12:03, Dmitry Eremin-Solenikov wrote:
>>>>> +#define GHASH(c, result, buf) ghash (result, buf, c->gcm_table);
>>>>
>>>> Following is faster:
>>>>
>>>
>>> But does not work on big-endian :P
>>>
>>
>> I ended up doing small patch-set on top of this patch, which adds more optimized
>> versions of generic ghash for 32-bit (~33 cpb on Cortex-A8) and 64-bit machines
>> (~11 cpb on Intel Haswell, ~16 on Intel Core2). I've also added Intel PCLMUL
>> acceleration which gets GCM-auth to ~0.83 cpb on haswell.
>>
>> Patches are at
>> https://github.com/jkivilin/libgcrypt/commits/gcm
>>
>> So, do we make v3 of this initial implementation and rebase these patches on it
>> or do I push v2 and these patches to repo and we'll work on from there?
>
> I'm unsure about generate_iv/set_iv argument. More on that here:
> http://thread.gmane.org/gmane.comp.encryption.gpg.libgcrypt.devel/2896/focus=2897
>
How is this handled in other libraries?
> I'm fine with pushing this version of patches (I have to write proper
> changelog though)
> + your patches on top of that (have you tested big-endian? I can
> execute tests on G5
> in a few hours).
I've tested 32-bit and 64-bit binaries with qemu-powerpc.
-Jussi
More information about the Gcrypt-devel
mailing list