On Mon, Jan 24, 2022 at 07:44:21PM -0600, Nathan Huckleberry wrote: > Add hardware accelerated version of POLYVAL for x86-64 CPUs with > PCLMULQDQ support. > > This implementation is accelerated using PCLMULQDQ instructions to > perform the finite field computations. For added efficiency, 8 blocks > of the plaintext are processed simultaneously by precomputing the first > 8 powers of the key. > > Schoolbook multiplication is used instead of Karatsuba multiplication > because it was found to be slightly faster on x86-64 machines. > Montgomery reduction must be used instead of Barrett reduction due to > the difference in modulus between POLYVAL's field and other finite > fields. > > More information on POLYVAL can be found in the HCTR2 paper: > Length-preserving encryption with HCTR2: > https://eprint.iacr.org/2021/1441.pdf > > Signed-off-by: Nathan Huckleberry <nhuck@xxxxxxxxxx> > --- > arch/x86/crypto/Makefile | 3 + > arch/x86/crypto/polyval-clmulni-intel_asm.S | 319 +++++++++++++++++++ This file is causing a build-time warning: arch/x86/crypto/polyval-clmulni-intel_asm.o: warning: objtool: .text+0x0: unreachable instruction - Eric
