RFR: JDK-8216437 : PPC64: Add intrinsic for GHASH algorithm [v6]
Suchismith Roy
sroy at openjdk.org
Wed Jan 15 16:47:40 UTC 2025
On Fri, 10 Jan 2025 13:07:53 GMT, Andrew Haley <aph at openjdk.org> wrote:
> The commenting here is poor.
>
> GHASH uses little-endian for the byte order, but big-endian for the bit order. For example, the polynomial 1 is represented as the 16-byte string 80 00 00 00 | 12 bytes of 00. So, we must either reverse the bytes in each word and do everything big-endian or reverse the bits in each byte and do it little-endian. Which do you do?
>
> Sure, I could figure it out by reading the code, but please say.
Hi Andrew
I would like to understand if I have fully understood your comment.
Currently the load instruction takes care of the endianness ,for subkey and state. For loading the data, we enforce the endianness and reorder the bytes order using vec_perm.
vec_perm(vH, vHigh, vLow, loadOrder);
I am assuming the inputs for GHASH follows the endianness as per the algorithm, as you have mentioned. I have made sure they are in the appropriate intended representation for both LE and BE platforms(using vec_perm and appropriate load instructions)
In the algorithm that I have used , 0xC2 is the polynomial for reduction.
It is shifted by 56 bits to make It the most significant byte. I think this is little endian byte order ?
I just had to do the operations with the reduction polynomial to align it as per the algorithm.
I did not do any extra swapping for the subkey ,state vector and input.
Is this what you are looking for ?
-------------
PR Comment: https://git.openjdk.org/jdk/pull/20235#issuecomment-2593425586
More information about the hotspot-dev
mailing list