These are some improvements to the Poly1305 code that I think should be
fairly uncontroversial. The first part, the new C implementations, adds
cleaner code in two forms that can easily be compared and reviewed, and
also results in performance speedups. The second part, the new x86_64
implementation, replaces an slow unvetted implementation with an
extremely fast implementation that has received many eyeballs. Finally,
we fix up some deadcode.
This v5 improves on v3 with better function signatures for the core
implementation, and on v4 with more information about performance and
benchmarking in the commit messages.
Cc: Eric Biggers <ebiggers@xxxxxxxxxx>
Cc: Ard Biesheuvel <ard.biesheuvel@xxxxxxxxxx>
Jason A. Donenfeld (3):
crypto: poly1305 - add new 32 and 64-bit generic versions
crypto: x86_64/poly1305 - add faster implementations
crypto: arm/arm64/mips/poly1305 - remove redundant non-reduction from
emit
arch/arm/crypto/poly1305-glue.c | 18 +-
arch/arm64/crypto/poly1305-glue.c | 18 +-
arch/mips/crypto/poly1305-glue.c | 18 +-
arch/x86/crypto/Makefile | 11 +-
arch/x86/crypto/poly1305-avx2-x86_64.S | 390 ---
arch/x86/crypto/poly1305-sse2-x86_64.S | 590 ----
arch/x86/crypto/poly1305-x86_64.pl | 4266 ++++++++++++++++++++++++
arch/x86/crypto/poly1305_glue.c | 308 +-
crypto/adiantum.c | 4 +-
crypto/nhpoly1305.c | 2 +-
crypto/poly1305_generic.c | 27 +-
include/crypto/internal/poly1305.h | 50 +-
include/crypto/nhpoly1305.h | 4 +-
include/crypto/poly1305.h | 16 +-
lib/crypto/Kconfig | 4 +-
lib/crypto/Makefile | 4 +-
lib/crypto/poly1305-donna32.c | 204 ++
lib/crypto/poly1305-donna64.c | 185 +
lib/crypto/poly1305.c | 174 +-
19 files changed, 4926 insertions(+), 1367 deletions(-)
delete mode 100644 arch/x86/crypto/poly1305-avx2-x86_64.S
delete mode 100644 arch/x86/crypto/poly1305-sse2-x86_64.S
create mode 100644 arch/x86/crypto/poly1305-x86_64.pl
create mode 100644 lib/crypto/poly1305-donna32.c
create mode 100644 lib/crypto/poly1305-donna64.c
--
2.24.1
