git.ipfire.org Git - thirdparty/linux.git/commit

author	Eric Biggers <ebiggers@kernel.org>
	Sun, 9 Nov 2025 23:47:17 +0000 (15:47 -0800)
committer	Eric Biggers <ebiggers@kernel.org>
	Tue, 11 Nov 2025 19:03:38 +0000 (11:03 -0800)
commit	3d176751e541362ff40c2478d6a2de41f8c62318
tree	c56c111a0f2af61bc38cc7163293601958a2094b	tree \| snapshot
parent	e1c360849794c2e638cff5486e4ee256568dd3b3	commit \| diff

lib/crypto: polyval: Add POLYVAL library

Add support for POLYVAL to lib/crypto/.

This will replace the polyval crypto_shash algorithm and its use in the
hctr2 template, simplifying the code and reducing overhead.

Specifically, this commit introduces the POLYVAL library API and a
generic implementation of it. Later commits will migrate the existing
architecture-optimized implementations of POLYVAL into lib/crypto/ and
add a KUnit test suite.

I've also rewritten the generic implementation completely, using a more
modern approach instead of the traditional table-based approach. It's
now constant-time, requires no precomputation or dynamic memory
allocations, decreases the per-key memory usage from 4096 bytes to 16
bytes, and is faster than the old polyval-generic even on bulk data
reusing the same key (at least on x86_64, where I measured 15% faster).
We should do this for GHASH too, but for now just do it for POLYVAL.

Reviewed-by: Ard Biesheuvel <ardb@kernel.org>
Tested-by: Ard Biesheuvel <ardb@kernel.org>
Link: https://lore.kernel.org/r/20251109234726.638437-3-ebiggers@kernel.org
Signed-off-by: Eric Biggers <ebiggers@kernel.org>

include/crypto/polyval.h		diff \| blob \| blame \| history
lib/crypto/Kconfig		diff \| blob \| blame \| history
lib/crypto/Makefile		diff \| blob \| blame \| history
lib/crypto/polyval.c	[new file with mode: 0644]	blob