1. Patchew
  2. linux
  3. View series

[PATCH 0/9] POLYVAL library

Eric Biggers posted 9 patches 1 month, 1 week ago 
Documentation/filesystems/fscrypt.rst         |   2 -
arch/arm64/crypto/Kconfig                     |  10 -
arch/arm64/crypto/Makefile                    |   3 -
arch/arm64/crypto/polyval-ce-glue.c           | 158 ---------
arch/x86/crypto/Kconfig                       |  10 -
arch/x86/crypto/Makefile                      |   3 -
arch/x86/crypto/polyval-clmulni_glue.c        | 180 ----------
crypto/Kconfig                                |  12 +-
crypto/Makefile                               |   1 -
crypto/hctr2.c                                | 226 ++++---------
crypto/polyval-generic.c                      | 205 ------------
crypto/tcrypt.c                               |   4 -
crypto/testmgr.c                              |   9 +-
crypto/testmgr.h                              | 171 ----------
include/crypto/polyval.h                      | 182 ++++++++++-
lib/crypto/Kconfig                            |  12 +
lib/crypto/Makefile                           |  10 +
.../crypto/arm64}/polyval-ce-core.S           |  38 +--
lib/crypto/arm64/polyval.h                    |  82 +++++
lib/crypto/polyval.c                          | 307 ++++++++++++++++++
lib/crypto/tests/Kconfig                      |   9 +
lib/crypto/tests/Makefile                     |   1 +
lib/crypto/tests/polyval-testvecs.h           | 186 +++++++++++
lib/crypto/tests/polyval_kunit.c              | 223 +++++++++++++
.../crypto/x86/polyval-pclmul-avx.S           |  40 ++-
lib/crypto/x86/polyval.h                      |  83 +++++
scripts/crypto/gen-hash-testvecs.py           |  47 ++-
27 files changed, 1240 insertions(+), 974 deletions(-)
delete mode 100644 arch/arm64/crypto/polyval-ce-glue.c
delete mode 100644 arch/x86/crypto/polyval-clmulni_glue.c
delete mode 100644 crypto/polyval-generic.c
rename {arch/arm64/crypto => lib/crypto/arm64}/polyval-ce-core.S (92%)
create mode 100644 lib/crypto/arm64/polyval.h
create mode 100644 lib/crypto/polyval.c
create mode 100644 lib/crypto/tests/polyval-testvecs.h
create mode 100644 lib/crypto/tests/polyval_kunit.c
rename arch/x86/crypto/polyval-clmulni_asm.S => lib/crypto/x86/polyval-pclmul-avx.S (91%)
create mode 100644 lib/crypto/x86/polyval.h
[PATCH 0/9] POLYVAL library
Posted by Eric Biggers 1 month, 1 week ago 
This series is targeting libcrypto-next.  It can also be retrieved from:

    git fetch https://git.kernel.org/pub/scm/linux/kernel/git/ebiggers/linux.git polyval-lib-v1

This series migrates the POLYVAL code to lib/crypto/.  It turns out that
just like Poly1305, the library is a much better fit for it.

This series also replaces the generic implementation of POLYVAL with a
much better one.

Notably, this series improves the performance of HCTR2, since it
eliminates unnecessary overhead that was being incurred by accessing
POLYVAL via the crypto_shash API.  I see a 45% increase in throughput
with 64-byte messages, 53% with 128-byte, or 6% with 4096-byte.

It also eliminates the need to explicitly enable the optimized POLYVAL
code, as it's now enabled automatically when HCTR2 support is enabled.

Eric Biggers (9):
  crypto: polyval - Rename conflicting functions
  lib/crypto: polyval: Add POLYVAL library
  lib/crypto: tests: Add KUnit tests for POLYVAL
  lib/crypto: arm64/polyval: Migrate optimized code into library
  lib/crypto: x86/polyval: Migrate optimized code into library
  crypto: hctr2 - Convert to use POLYVAL library
  crypto: polyval - Remove the polyval crypto_shash
  crypto: testmgr - Remove polyval tests
  fscrypt: Drop obsolete recommendation to enable optimized POLYVAL

 Documentation/filesystems/fscrypt.rst         |   2 -
 arch/arm64/crypto/Kconfig                     |  10 -
 arch/arm64/crypto/Makefile                    |   3 -
 arch/arm64/crypto/polyval-ce-glue.c           | 158 ---------
 arch/x86/crypto/Kconfig                       |  10 -
 arch/x86/crypto/Makefile                      |   3 -
 arch/x86/crypto/polyval-clmulni_glue.c        | 180 ----------
 crypto/Kconfig                                |  12 +-
 crypto/Makefile                               |   1 -
 crypto/hctr2.c                                | 226 ++++---------
 crypto/polyval-generic.c                      | 205 ------------
 crypto/tcrypt.c                               |   4 -
 crypto/testmgr.c                              |   9 +-
 crypto/testmgr.h                              | 171 ----------
 include/crypto/polyval.h                      | 182 ++++++++++-
 lib/crypto/Kconfig                            |  12 +
 lib/crypto/Makefile                           |  10 +
 .../crypto/arm64}/polyval-ce-core.S           |  38 +--
 lib/crypto/arm64/polyval.h                    |  82 +++++
 lib/crypto/polyval.c                          | 307 ++++++++++++++++++
 lib/crypto/tests/Kconfig                      |   9 +
 lib/crypto/tests/Makefile                     |   1 +
 lib/crypto/tests/polyval-testvecs.h           | 186 +++++++++++
 lib/crypto/tests/polyval_kunit.c              | 223 +++++++++++++
 .../crypto/x86/polyval-pclmul-avx.S           |  40 ++-
 lib/crypto/x86/polyval.h                      |  83 +++++
 scripts/crypto/gen-hash-testvecs.py           |  47 ++-
 27 files changed, 1240 insertions(+), 974 deletions(-)
 delete mode 100644 arch/arm64/crypto/polyval-ce-glue.c
 delete mode 100644 arch/x86/crypto/polyval-clmulni_glue.c
 delete mode 100644 crypto/polyval-generic.c
 rename {arch/arm64/crypto => lib/crypto/arm64}/polyval-ce-core.S (92%)
 create mode 100644 lib/crypto/arm64/polyval.h
 create mode 100644 lib/crypto/polyval.c
 create mode 100644 lib/crypto/tests/polyval-testvecs.h
 create mode 100644 lib/crypto/tests/polyval_kunit.c
 rename arch/x86/crypto/polyval-clmulni_asm.S => lib/crypto/x86/polyval-pclmul-avx.S (91%)
 create mode 100644 lib/crypto/x86/polyval.h


base-commit: ce59a87d1cbd3fa075aba73efde946e61d5ef089
-- 
2.51.2
Re: [PATCH 0/9] POLYVAL library
Posted by Eric Biggers 1 month, 1 week ago 
On Sun, Nov 09, 2025 at 03:47:15PM -0800, Eric Biggers wrote:
> This series is targeting libcrypto-next.  It can also be retrieved from:
> 
>     git fetch https://git.kernel.org/pub/scm/linux/kernel/git/ebiggers/linux.git polyval-lib-v1
> 
> This series migrates the POLYVAL code to lib/crypto/.  It turns out that
> just like Poly1305, the library is a much better fit for it.
> 
> This series also replaces the generic implementation of POLYVAL with a
> much better one.
> 
> Notably, this series improves the performance of HCTR2, since it
> eliminates unnecessary overhead that was being incurred by accessing
> POLYVAL via the crypto_shash API.  I see a 45% increase in throughput
> with 64-byte messages, 53% with 128-byte, or 6% with 4096-byte.
> 
> It also eliminates the need to explicitly enable the optimized POLYVAL
> code, as it's now enabled automatically when HCTR2 support is enabled.
> 
> Eric Biggers (9):
>   crypto: polyval - Rename conflicting functions
>   lib/crypto: polyval: Add POLYVAL library
>   lib/crypto: tests: Add KUnit tests for POLYVAL
>   lib/crypto: arm64/polyval: Migrate optimized code into library
>   lib/crypto: x86/polyval: Migrate optimized code into library
>   crypto: hctr2 - Convert to use POLYVAL library
>   crypto: polyval - Remove the polyval crypto_shash
>   crypto: testmgr - Remove polyval tests
>   fscrypt: Drop obsolete recommendation to enable optimized POLYVAL
> 

Applied to https://git.kernel.org/pub/scm/linux/kernel/git/ebiggers/linux.git/log/?h=libcrypto-next

- Eric
Re: [PATCH 0/9] POLYVAL library
Posted by Ard Biesheuvel 1 month, 1 week ago 
On Mon, 10 Nov 2025 at 00:49, Eric Biggers <ebiggers@kernel.org> wrote:
>
> This series is targeting libcrypto-next.  It can also be retrieved from:
>
>     git fetch https://git.kernel.org/pub/scm/linux/kernel/git/ebiggers/linux.git polyval-lib-v1
>
> This series migrates the POLYVAL code to lib/crypto/.  It turns out that
> just like Poly1305, the library is a much better fit for it.
>
> This series also replaces the generic implementation of POLYVAL with a
> much better one.
>
> Notably, this series improves the performance of HCTR2, since it
> eliminates unnecessary overhead that was being incurred by accessing
> POLYVAL via the crypto_shash API.  I see a 45% increase in throughput
> with 64-byte messages, 53% with 128-byte, or 6% with 4096-byte.
>
> It also eliminates the need to explicitly enable the optimized POLYVAL
> code, as it's now enabled automatically when HCTR2 support is enabled.
>
> Eric Biggers (9):
>   crypto: polyval - Rename conflicting functions
>   lib/crypto: polyval: Add POLYVAL library
>   lib/crypto: tests: Add KUnit tests for POLYVAL
>   lib/crypto: arm64/polyval: Migrate optimized code into library
>   lib/crypto: x86/polyval: Migrate optimized code into library
>   crypto: hctr2 - Convert to use POLYVAL library
>   crypto: polyval - Remove the polyval crypto_shash
>   crypto: testmgr - Remove polyval tests
>   fscrypt: Drop obsolete recommendation to enable optimized POLYVAL
>

Reviewed-by: Ard Biesheuvel <ardb@kernel.org>

Patchew 2.1-devel-b67e4c2

© 2016 - 2025 Red Hat, Inc.