On Fri, 4 Oct 2019 at 15:46, Jason A. Donenfeld <Jason@xxxxxxxxx> wrote: > > On Wed, Oct 02, 2019 at 04:16:58PM +0200, Ard Biesheuvel wrote: > > This integrates the accelerated MIPS 32r2 implementation of ChaCha > > into both the API and library interfaces of the kernel crypto stack. > > > > The significance of this is that, in addition to becoming available > > as an accelerated library implementation, it can also be used by > > existing crypto API code such as Adiantum (for block encryption on > > ultra low performance cores) or IPsec using chacha20poly1305. These > > are use cases that have already opted into using the abstract crypto > > API. In order to support Adiantum, the core assembler routine has > > been adapted to take the round count as a function argument rather > > than hardcoding it to 20. > > Could you resubmit this with first my original commit and then with your > changes on top? I'd like to see and be able to review exactly what's > changed. If I recall correctly, René and I were really starved for > registers and tried pretty hard to avoid spilling to the stack, so I'm > interested to learn how you crammed a bit more sauce in there. > The round count is passed via the fifth function parameter, so it is already on the stack. Reloading it for every block doesn't sound like a huge deal to me. > I also wonder if maybe it'd be better to just leave this as is with 20 > rounds, which it was previously optimized for, and just not do > accelerated Adiantum for MIPS. Android has long since given up on the > ISA entirely. Adiantum does not depend on Android - anyone running linux on his MIPS router can use it if they want encrypted storage.
