Re: [PATCH] crypto: arm64/aes-ce - Simplify round key load sequence

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Mon, Apr 15, 2024 at 03:04:26PM +0200, Ard Biesheuvel wrote:
> From: Ard Biesheuvel <ardb@xxxxxxxxxx>
> 
> Tweak the round key logic so that they can be loaded using a single
> branchless sequence using overlapping loads. This is shorter and
> simpler, and puts the conditional branches based on the key size further
> apart, which might benefit microarchitectures that cannot record taken
> branches at every instruction. For these branches, use test-bit-branch
> instructions that don't clobber the condition flags.
> 
> Note that none of this has any impact on performance, positive or
> otherwise (and the branch prediction benefit would only benefit AES-192
> which nobody uses). It does make for nicer code, though.
> 
> While at it, use \@ to generate the labels inside the macros, which is
> more robust than using fixed numbers, which could clash inadvertently.
> Also, bring aes-neon.S in line with these changes, including the switch
> to test-and-branch instructions, to avoid surprises in the future when
> we might start relying on the condition flags being preserved in the
> chaining mode wrappers in aes-modes.S
> 
> Signed-off-by: Ard Biesheuvel <ardb@xxxxxxxxxx>
> ---
>  arch/arm64/crypto/aes-ce.S   | 34 ++++++++++++++--------------------
>  arch/arm64/crypto/aes-neon.S | 20 ++++++++++----------
>  2 files changed, 24 insertions(+), 30 deletions(-)

Patch applied.  Thanks.
-- 
Email: Herbert Xu <herbert@xxxxxxxxxxxxxxxxxxx>
Home Page: http://gondor.apana.org.au/~herbert/
PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt




[Index of Archives]     [Kernel]     [Gnu Classpath]     [Gnu Crypto]     [DM Crypt]     [Netfilter]     [Bugtraq]
  Powered by Linux