* Accelerate GCM with PCLMULQDQ-NI
@ 2009-03-18 8:52 Huang Ying
2009-03-29 7:43 ` Herbert Xu
0 siblings, 1 reply; 3+ messages in thread
From: Huang Ying @ 2009-03-18 8:52 UTC (permalink / raw)
To: Herbert Xu, Sebastian Andrzej Siewior; +Cc: linux-kernel, linux-crypto
[-- Attachment #1: Type: text/plain, Size: 621 bytes --]
Hi,
In addition to AES-NI, Intel will provide PCLMULQDQ-NI (carry-less
multiplication) in future CPU to accelerate GCM mode. The document can
be found here:
http://software.intel.com/en-us/articles/carry-less-multiplication-and-its-usage-for-computing-the-gcm-mode/
It follows the same design as that of AES-NI, that is, XMM registers are
used.
To accelerate GCM with it, I make the following design:
1. Implement ghash as an ahash algorithm, Use ghash in gcm
implementation.
2. Provide a new implementation of ghash with PCLMULQDQ-NI.
What do you think about that?
Best Regards,
Huang Ying
[-- Attachment #2: This is a digitally signed message part --]
[-- Type: application/pgp-signature, Size: 197 bytes --]
^ permalink raw reply [flat|nested] 3+ messages in thread
* Re: Accelerate GCM with PCLMULQDQ-NI
2009-03-18 8:52 Accelerate GCM with PCLMULQDQ-NI Huang Ying
@ 2009-03-29 7:43 ` Herbert Xu
2009-03-30 1:36 ` Huang Ying
0 siblings, 1 reply; 3+ messages in thread
From: Herbert Xu @ 2009-03-29 7:43 UTC (permalink / raw)
To: Huang Ying; +Cc: Sebastian Andrzej Siewior, linux-kernel, linux-crypto
On Wed, Mar 18, 2009 at 04:52:12PM +0800, Huang Ying wrote:
>
> To accelerate GCM with it, I make the following design:
>
> 1. Implement ghash as an ahash algorithm, Use ghash in gcm
> implementation.
> 2. Provide a new implementation of ghash with PCLMULQDQ-NI.
>
> What do you think about that?
Sounds OK to me. I presume the choice of ahash instead of shash
is due to the use of XMM registers, just like AES?
Cheers,
--
Visit Openswan at http://www.openswan.org/
Email: Herbert Xu ~{PmV>HI~} <herbert@gondor.apana.org.au>
Home Page: http://gondor.apana.org.au/~herbert/
PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt
^ permalink raw reply [flat|nested] 3+ messages in thread* Re: Accelerate GCM with PCLMULQDQ-NI
2009-03-29 7:43 ` Herbert Xu
@ 2009-03-30 1:36 ` Huang Ying
0 siblings, 0 replies; 3+ messages in thread
From: Huang Ying @ 2009-03-30 1:36 UTC (permalink / raw)
To: Herbert Xu
Cc: Sebastian Andrzej Siewior, linux-kernel@vger.kernel.org,
linux-crypto@vger.kernel.org
[-- Attachment #1: Type: text/plain, Size: 669 bytes --]
On Sun, 2009-03-29 at 15:43 +0800, Herbert Xu wrote:
> On Wed, Mar 18, 2009 at 04:52:12PM +0800, Huang Ying wrote:
> >
> > To accelerate GCM with it, I make the following design:
> >
> > 1. Implement ghash as an ahash algorithm, Use ghash in gcm
> > implementation.
> > 2. Provide a new implementation of ghash with PCLMULQDQ-NI.
> >
> > What do you think about that?
>
> Sounds OK to me. I presume the choice of ahash instead of shash
> is due to the use of XMM registers, just like AES?
Yes, because PCLMULQDQ touches XMMs too. Just like AES, there is a raw
shash: ghash-clmul and an ahash via cryptd(ghash-clmul).
Best Regards,
Huang Ying
[-- Attachment #2: This is a digitally signed message part --]
[-- Type: application/pgp-signature, Size: 197 bytes --]
^ permalink raw reply [flat|nested] 3+ messages in thread
end of thread, other threads:[~2009-03-30 1:36 UTC | newest]
Thread overview: 3+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2009-03-18 8:52 Accelerate GCM with PCLMULQDQ-NI Huang Ying
2009-03-29 7:43 ` Herbert Xu
2009-03-30 1:36 ` Huang Ying
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox