On Tue, 1 Dec 2020 at 23:04, Herbert Xu <herbert@xxxxxxxxxxxxxxxxxxx> wrote: > > On Tue, Dec 01, 2020 at 11:01:57PM +0100, Ard Biesheuvel wrote: > > > > This is not the first time this has come up. The point is that CCMP in > > the wireless stack is not used in 99% of the cases, given that any > > wifi hardware built in the last ~10 years can do it in hardware. Only > > in exceptional cases, such as Ben's, is there a need for exercising > > this interface. > > Either it matters or it doesn't. If it doesn't matter why are we > having this dicussion at all? If it does then fixing just one > direction makes no sense. > What do you mean by just one direction? Ben just confirmed a substantial speedup for his use case, which requires the use of software encryption even on hardware that could support doing it in hardware, and that software encryption currently only supports the synchronous interface. Even if it is nicer in theory, I don't see the point of implementing support for the asynchronous interface, given that nobody is going to wire up a AES accelerator to a wifi controller. > > Also, care to explain why we have synchronous AEADs in the first place > > if they are not supposed to be used? > > Sync AEADs would make sense if you were dealing with a very small > amount of data, e.g., one block. > Why? The processing occurs in *exactly* the same way, given that the wifi stack never calls into the AEAD from a context where the FPU is unavailable. So we basically have to choose between a non-SIMD fallback path that never gets exercised, or a SIMD async helper that always relays the request directly, and never queues it for asynchronous completion. IOW, we are arguing a theoretical difference here, and the code paths that actually get exercised are 100% the same.
