Re: [PATCH] crypto: x86/aesni - Update aesni_set_key() to return void

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On 3/12/2024 8:18 AM, Ard Biesheuvel wrote:

I wonder whether we need aesni_set_key() at all.

The following looks to be relevant from the AES-NI whitepaper [1]:

The Relative Cost of the Key Expansion
    ...
    Some less frequent applications require frequent key scheduling. For
    example, some random number generators may rekey frequently to
    achieve forward secrecy. One extreme example is a Davies-Meyer
    hashing construction, which uses a block cipher primitive as a
    compression function, and the cipher is re-keyed for each processed
    data block.

    Although these are not the mainstream usage models of the AES
    instructions, we point out that the AESKEYGENASSIST and AESIMC
    instructions facilitate Key Expansion procedure which is lookup
    tables free, and faster than software only key expansion. In
    addition, we point out that unrolling of the key expansion code,
    which is provided in the previous sections, improves the key
    expansion performance. The AES256 case can also utilize the
    instruction AESENCLAST, for the sbox transformation, that is faster
    than using AESKEYGENASSIST.

[1] https://www.intel.com/content/dam/doc/white-paper/advanced-encryption-standard-new-instructions-set-paper.pdf

Thanks,
Chang




[Index of Archives]     [Kernel]     [Gnu Classpath]     [Gnu Crypto]     [DM Crypt]     [Netfilter]     [Bugtraq]
  Powered by Linux