git.openssl.org Git - openssl.git/commit

author	Christoph Müllner <christoph.muellner@vrull.eu>
	Wed, 18 Jan 2023 10:57:33 +0000 (11:57 +0100)
committer	Pauli <pauli@openssl.org>
	Thu, 16 Mar 2023 02:12:19 +0000 (13:12 +1100)
commit	b24684369b76df8b226fe9aa95fca2bccfc6a175
tree	2aed331bc37f57dcf4e0ff961004e82268db4239	tree \| snapshot
parent	75623ed8d01555e7c719f3b1c598e555c0878da0	commit \| diff

riscv: GCM: Simplify GCM calculation

The existing GCM calculation provides some potential
for further optimizations. Let's use the demo code
from the RISC-V cryptography extension groups
(https://github.com/riscv/riscv-crypto), which represents
the extension architect's intended use of the clmul instruction.

The GCM calculation depends on bit and byte reversal.
Therefore, we use the corresponding instructions to do that
(if available at run-time).

The resulting computation becomes quite compact and passes
all tests.

Note, that a side-effect of this change is a reduced register
usage in .gmult(), which opens the door for an efficient .ghash()
implementation.

Signed-off-by: Christoph Müllner <christoph.muellner@vrull.eu>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/20078)

crypto/modes/asm/ghash-riscv64.pl		diff \| blob \| history
crypto/modes/gcm128.c		diff \| blob \| history
crypto/perlasm/riscv.pm		diff \| blob \| history