On Tue, Dec 08, 2020 at 12:34:02AM +0100, Ard Biesheuvel wrote: > Follow the same approach as the arm64 driver for implementing a version > of AES-NI in CBC mode that supports ciphertext stealing. This results in > a ~2x speed increase for relatively short inputs (less than 256 bytes), > which is relevant given that AES-CBC with ciphertext stealing is used > for filename encryption in the fscrypt layer. For larger inputs, the > speedup is still significant (~25% on decryption, ~6% on encryption) > > Tested-by: Eric Biggers <ebiggers@xxxxxxxxxx> # x86_64 > Signed-off-by: Ard Biesheuvel <ardb@xxxxxxxxxx> > --- > v2: add 32-bit support: > . load IV earlier so we can reuse the IVP register to replace T2 which is > not defined on i386 > . add i386 boilerplate for preserving/restoring callee-saved registers > . use absolute reference to .Lcts_permute_table on i386 > > arch/x86/crypto/aesni-intel_asm.S | 129 ++++++++++++++++++- > arch/x86/crypto/aesni-intel_glue.c | 133 ++++++++++++++++++++ > 2 files changed, 261 insertions(+), 1 deletion(-) Patch applied. Thanks. -- Email: Herbert Xu <herbert@xxxxxxxxxxxxxxxxxxx> Home Page: http://gondor.apana.org.au/~herbert/ PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt