Re: [PATCH v4 6/8] crypto: x86/polyval: Add PCLMULQDQ accelerated implementation of POLYVAL

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



A few more comments:

On Tue, Apr 12, 2022 at 05:28:14PM +0000, Nathan Huckleberry wrote:
> +/*
> + * Computes the 256-bit polynomial represented by LO, HI, MI. Stores
> + * the result in PL, PH.
> + *   [PH :: PL] = [HI_1 : HI_0 + MI_1 :: LO_1 + MI_0 : LO_0]
> + */

It is unclear what the double colon means.  Maybe you meant for it to indicate
128-bit boundaries, as opposed to 64-bit boundaries?  It is not used
consistently, though.

> +/*
> + * Computes the 128-bit reduction of PL : PH. Stores the result in dest.

This should use the order "PH : PL", to be consistent with the notation
elsewhere.

> diff --git a/arch/x86/crypto/polyval-clmulni_glue.c b/arch/x86/crypto/polyval-clmulni_glue.c
[...]
> +struct polyval_ctx {
> +	/*
> +	 * These powers must be in the order h^8, ..., h^1.
> +	 */
> +	u8 key_powers[NUM_PRECOMPUTE_POWERS][POLYVAL_BLOCK_SIZE];
> +};
> +
> +struct polyval_desc_ctx {
> +	u8 buffer[POLYVAL_BLOCK_SIZE];
> +	u32 bytes;
> +};

As I've mentioned elsewhere, it is confusing to have both ctx and desc_ctx.  The
former should be called polyval_tfm_ctx, like it is in polyval-generic.c.

> +asmlinkage void clmul_polyval_update(const u8 *in, struct polyval_ctx *keys,
> +				     size_t nblocks, u8 *accumulator);

The argument order here is a bit weird.  It would be more logical to have it be
(keys, in, nblocks, accumulator), similar to crypto_shash_digest().

Also, 'keys' should be const.

- Eric



[Index of Archives]     [Kernel]     [Gnu Classpath]     [Gnu Crypto]     [DM Crypt]     [Netfilter]     [Bugtraq]

  Powered by Linux