mirror of
https://github.com/torvalds/linux.git
synced 2026-03-08 00:44:31 +01:00
24eb22d816
Optimize the AES library with x86 AES-NI instructions. The relevant existing assembly functions, aesni_set_key(), aesni_enc(), and aesni_dec(), are a bit difficult to extract into the library: - They're coupled to the code for the AES modes. - They operate on struct crypto_aes_ctx. The AES library now uses different structs. - They assume the key is 16-byte aligned. The AES library only *prefers* 16-byte alignment; it doesn't require it. Moreover, they're not all that great in the first place: - They use unrolled loops, which isn't a great choice on x86. - They use the 'aeskeygenassist' instruction, which is unnecessary, is slow on Intel CPUs, and forces the loop to be unrolled. - They have special code for AES-192 key expansion, despite that being kind of useless. AES-128 and AES-256 are the ones used in practice. These are small functions anyway. Therefore, I opted to just write replacements of these functions for the library. They address all the above issues. Acked-by: Ard Biesheuvel <ardb@kernel.org> Link: https://lore.kernel.org/r/20260112192035.10427-18-ebiggers@kernel.org Signed-off-by: Eric Biggers <ebiggers@kernel.org> |
||
|---|---|---|
| .. | ||
| .gitignore | ||
| aes-aesni.S | ||
| aes.h | ||
| blake2s-core.S | ||
| blake2s.h | ||
| chacha-avx2-x86_64.S | ||
| chacha-avx512vl-x86_64.S | ||
| chacha-ssse3-x86_64.S | ||
| chacha.h | ||
| curve25519.h | ||
| nh-avx2.S | ||
| nh-sse2.S | ||
| nh.h | ||
| poly1305-x86_64-cryptogams.pl | ||
| poly1305.h | ||
| polyval-pclmul-avx.S | ||
| polyval.h | ||
| sha1-avx2-asm.S | ||
| sha1-ni-asm.S | ||
| sha1-ssse3-and-avx.S | ||
| sha1.h | ||
| sha256-avx-asm.S | ||
| sha256-avx2-asm.S | ||
| sha256-ni-asm.S | ||
| sha256-ssse3-asm.S | ||
| sha256.h | ||
| sha512-avx-asm.S | ||
| sha512-avx2-asm.S | ||
| sha512-ssse3-asm.S | ||
| sha512.h | ||