path: root/sound
diff options
authorJason A. Donenfeld <Jason@zx2c4.com>2018-08-07 10:15:18 -0700
committerJason A. Donenfeld <Jason@zx2c4.com>2019-03-22 00:50:53 -0600
commitf09c8358ffb4d97f27a112d6d5293c7222445c39 (patch)
tree8801c4486f81e614a4df74cf2f3f91e626b0ba3f /sound
parentzinc: Poly1305 x86_64 implementation (diff)
zinc: Poly1305 ARM and ARM64 implementations
These ARM implementations come from Andy Polyakov's implementations, and perform extremely well on ARMv4+, with optimized paths for NEON and non-NEON. The NEON code uses base 2^26, while the scalar code uses base 2^64 on 64-bit and base 2^32 on 32-bit. If we hit the unfortunate situation of using NEON and then having to go back to scalar -- because the user is silly and has called the update function from two separate contexts -- then we need to convert back to the original base before proceeding. It is possible to reason that the initial reduction below is sufficient given the implementation invariants. However, for an avoidance of doubt and because this is not performance critical, we do the full reduction anyway. This conversion is found in the glue code, and a proof of correctness may be easily obtained from Z3: <https://xn--4db.cc/ltPtHCKN/py>. While this is CRYPTOGAMS code, the originating code for this happens to be the same as OpenSSL's commit 9925a82146f2503b4dd11423d0eba649b43450c0 Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com> Co-developed-by: Andy Polyakov <appro@openssl.org> Cc: Andy Polyakov <appro@openssl.org> Cc: Russell King <linux@armlinux.org.uk> Cc: linux-arm-kernel@lists.infradead.org Cc: Samuel Neves <sneves@dei.uc.pt> Cc: Jean-Philippe Aumasson <jeanphilippe.aumasson@gmail.com> Cc: Andy Lutomirski <luto@kernel.org> Cc: Greg KH <gregkh@linuxfoundation.org> Cc: Andrew Morton <akpm@linux-foundation.org> Cc: Linus Torvalds <torvalds@linux-foundation.org> Cc: kernel-hardening@lists.openwall.com Cc: linux-crypto@vger.kernel.org
Diffstat (limited to 'sound')
0 files changed, 0 insertions, 0 deletions