Re: [PATCH v2 05/20] crypto: mips/chacha - import accelerated 32r2 code from Zinc

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Fri, 4 Oct 2019 at 15:46, Jason A. Donenfeld <Jason@xxxxxxxxx> wrote:
>
> On Wed, Oct 02, 2019 at 04:16:58PM +0200, Ard Biesheuvel wrote:
> > This integrates the accelerated MIPS 32r2 implementation of ChaCha
> > into both the API and library interfaces of the kernel crypto stack.
> >
> > The significance of this is that, in addition to becoming available
> > as an accelerated library implementation, it can also be used by
> > existing crypto API code such as Adiantum (for block encryption on
> > ultra low performance cores) or IPsec using chacha20poly1305. These
> > are use cases that have already opted into using the abstract crypto
> > API. In order to support Adiantum, the core assembler routine has
> > been adapted to take the round count as a function argument rather
> > than hardcoding it to 20.
>
> Could you resubmit this with first my original commit and then with your
> changes on top? I'd like to see and be able to review exactly what's
> changed. If I recall correctly, René and I were really starved for
> registers and tried pretty hard to avoid spilling to the stack, so I'm
> interested to learn how you crammed a bit more sauce in there.
>

The round count is passed via the fifth function parameter, so it is
already on the stack. Reloading it for every block doesn't sound like
a huge deal to me.

> I also wonder if maybe it'd be better to just leave this as is with 20
> rounds, which it was previously optimized for, and just not do
> accelerated Adiantum for MIPS. Android has long since given up on the
> ISA entirely.

Adiantum does not depend on Android - anyone running linux on his MIPS
router can use it if they want encrypted storage.




[Index of Archives]     [Kernel]     [Gnu Classpath]     [Gnu Crypto]     [DM Crypt]     [Netfilter]     [Bugtraq]

  Powered by Linux