diff options
author | Jussi Kivilinna <jussi.kivilinna@iki.fi> | 2022-07-21 11:05:43 +0300 |
---|---|---|
committer | Jussi Kivilinna <jussi.kivilinna@iki.fi> | 2022-07-21 11:05:43 +0300 |
commit | cf956793afc2cdbd3b20caa3d186ccb8023b804c (patch) | |
tree | c093c636f3556b0065aeaf72fdd2ec8725834010 /cipher/camellia-glue.c | |
parent | eaed633c1662d8a98042ac146c981113f2807b22 (diff) | |
download | libgcrypt-cf956793afc2cdbd3b20caa3d186ccb8023b804c.tar.gz |
sm4 & camellia: add generic bulk acceleration for CTR32LE mode (GCM-SIV)
* cipher/bulkhelp.h (bulk_ctr32le_enc_128): New.
* cipher/camellia-glue.c (_gcry_camellia_ctr32le_enc): New.
(camellia_setkey): Setup `bulk_ops->ctr32le_enc` if any AVX2
implementation is available.
* cipher/sm4.c (_gcry_sm4_ctr32le_enc): New.
(sm4_setkey): Setup `bulk_ops->ctr32le_enc`.
* tests/basic.c (check_gcm_siv_cipher): Add large bulk encryption
test vectors for SM4 and CAMELLIA128.
--
On Intel tigerlake, SM4-GCM-SIV encryption performance is now
1.69 cycles/byte (was 32.9 c/B). CAMELLIA128-GCM-SIV encryption
is now 1.38 cycles/byte (was 21.2 c/B).
Signed-off-by: Jussi Kivilinna <jussi.kivilinna@iki.fi>
Diffstat (limited to 'cipher/camellia-glue.c')
-rw-r--r-- | cipher/camellia-glue.c | 42 |
1 files changed, 41 insertions, 1 deletions
diff --git a/cipher/camellia-glue.c b/cipher/camellia-glue.c index c938be71..b2a50233 100644 --- a/cipher/camellia-glue.c +++ b/cipher/camellia-glue.c @@ -407,6 +407,9 @@ static void _gcry_camellia_cfb_dec (void *context, unsigned char *iv, static void _gcry_camellia_xts_crypt (void *context, unsigned char *tweak, void *outbuf_arg, const void *inbuf_arg, size_t nblocks, int encrypt); +static void _gcry_camellia_ctr32le_enc (void *context, unsigned char *ctr, + void *outbuf_arg, const void *inbuf_arg, + size_t nblocks); static size_t _gcry_camellia_ocb_crypt (gcry_cipher_hd_t c, void *outbuf_arg, const void *inbuf_arg, size_t nblocks, int encrypt); @@ -469,7 +472,13 @@ camellia_setkey(void *c, const byte *key, unsigned keylen, bulk_ops->ocb_auth = _gcry_camellia_ocb_auth; #ifdef USE_AESNI_AVX2 if (ctx->use_aesni_avx2 || ctx->use_vaes_avx2 || ctx->use_gfni_avx2) - bulk_ops->xts_crypt = _gcry_camellia_xts_crypt; + { + bulk_ops->xts_crypt = _gcry_camellia_xts_crypt; + bulk_ops->ctr32le_enc = _gcry_camellia_ctr32le_enc; + } +#else + (void)_gcry_camellia_xts_crypt; + (void)_gcry_camellia_ctr32le_enc; #endif if (0) @@ -1149,6 +1158,37 @@ _gcry_camellia_xts_crypt (void *context, unsigned char *tweak, _gcry_burn_stack(burn_stack_depth); } +/* Bulk encryption of complete blocks in CTR32LE mode (for GCM-SIV). */ +static void +_gcry_camellia_ctr32le_enc(void *context, unsigned char *ctr, + void *outbuf_arg, const void *inbuf_arg, + size_t nblocks) +{ + CAMELLIA_context *ctx = context; + byte *outbuf = outbuf_arg; + const byte *inbuf = inbuf_arg; + int burn_stack_depth = 0; + + /* Process remaining blocks. */ + if (nblocks) + { + byte tmpbuf[64 * CAMELLIA_BLOCK_SIZE]; + unsigned int tmp_used = CAMELLIA_BLOCK_SIZE; + size_t nburn; + + nburn = bulk_ctr32le_enc_128 (ctx, camellia_encrypt_blk1_64, outbuf, + inbuf, nblocks, ctr, tmpbuf, + sizeof(tmpbuf) / CAMELLIA_BLOCK_SIZE, + &tmp_used); + burn_stack_depth = nburn > burn_stack_depth ? nburn : burn_stack_depth; + + wipememory (tmpbuf, tmp_used); + } + + if (burn_stack_depth) + _gcry_burn_stack (burn_stack_depth); +} + /* Bulk encryption/decryption of complete blocks in OCB mode. */ static size_t _gcry_camellia_ocb_crypt (gcry_cipher_hd_t c, void *outbuf_arg, |