RFR: 8296411: AArch64: Accelerated Poly1305 intrinsics [v2]
Andrew Haley
aph at openjdk.org
Wed May 24 16:17:16 UTC 2023
On Wed, 24 May 2023 13:39:10 GMT, Claes Redestad <redestad at openjdk.org> wrote:
>> See https://loup-vaillant.fr/tutorials/poly1305-design for more explanation
>
> Thanks for the link!
>
> So `r` refers to the value passed via `r_start` and it wasn't clear from the immediate context that `r_start` is already split into 26-bit limbs. So the `pack26` takes the 5 26-bit limbs and repacks them so that `R_0` has the low 64-bit of `r`, `R_1` the high bits. Makes sense.
>
> `R_2` is unused and could be reclaimed. Perhaps an override for `pack26` that only takes two registers and discards the last 2 bits? Might help clarify the setup.
Done.
-------------
PR Review Comment: https://git.openjdk.org/jdk/pull/14085#discussion_r1204459514
More information about the security-dev
mailing list