Linux kernel mirror (for testing)
git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git
kernel
os
linux
crypto: x86/aegis128 - don't bother with special code for aligned data
Remove the AEGIS assembly code paths that were "optimized" to operate on
16-byte aligned data using movdqa, and instead just use the code paths
that use movdqu and can handle data with any alignment.
This does not reduce performance. movdqa is basically a historical
artifact; on aligned data, movdqu and movdqa have had the same
performance since Intel Nehalem (2008) and AMD Bulldozer (2011). And
code that requires AES-NI cannot run on CPUs older than those anyway.
Reviewed-by: Ondrej Mosnacek <omosnace@redhat.com>
Signed-off-by: Eric Biggers <ebiggers@google.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
authored by
Eric Biggers
and committed by
Herbert Xu
595bca25
b8d2e7ba
+22
-100
+22
-100
arch/x86/crypto/aegis128-aesni-asm.S
+22
-100
arch/x86/crypto/aegis128-aesni-asm.S
···
245
245
movdqu 0x30(STATEP), STATE3
246
246
movdqu 0x40(STATEP), STATE4
247
247
248
-
mov SRC, %r8
249
-
and $0xF, %r8
250
-
jnz .Lad_u_loop
251
-
252
248
.align 8
253
-
.Lad_a_loop:
254
-
movdqa 0x00(SRC), MSG
255
-
aegis128_update
256
-
pxor MSG, STATE4
257
-
sub $0x10, LEN
258
-
cmp $0x10, LEN
259
-
jl .Lad_out_1
260
-
261
-
movdqa 0x10(SRC), MSG
262
-
aegis128_update
263
-
pxor MSG, STATE3
264
-
sub $0x10, LEN
265
-
cmp $0x10, LEN
266
-
jl .Lad_out_2
267
-
268
-
movdqa 0x20(SRC), MSG
269
-
aegis128_update
270
-
pxor MSG, STATE2
271
-
sub $0x10, LEN
272
-
cmp $0x10, LEN
273
-
jl .Lad_out_3
274
-
275
-
movdqa 0x30(SRC), MSG
276
-
aegis128_update
277
-
pxor MSG, STATE1
278
-
sub $0x10, LEN
279
-
cmp $0x10, LEN
280
-
jl .Lad_out_4
281
-
282
-
movdqa 0x40(SRC), MSG
283
-
aegis128_update
284
-
pxor MSG, STATE0
285
-
sub $0x10, LEN
286
-
cmp $0x10, LEN
287
-
jl .Lad_out_0
288
-
289
-
add $0x50, SRC
290
-
jmp .Lad_a_loop
291
-
292
-
.align 8
293
-
.Lad_u_loop:
249
+
.Lad_loop:
294
250
movdqu 0x00(SRC), MSG
295
251
aegis128_update
296
252
pxor MSG, STATE4
···
283
327
jl .Lad_out_0
284
328
285
329
add $0x50, SRC
286
-
jmp .Lad_u_loop
330
+
jmp .Lad_loop
287
331
288
332
/* store the state: */
289
333
.Lad_out_0:
···
336
380
RET
337
381
SYM_FUNC_END(crypto_aegis128_aesni_ad)
338
382
339
-
.macro encrypt_block a s0 s1 s2 s3 s4 i
340
-
movdq\a (\i * 0x10)(SRC), MSG
383
+
.macro encrypt_block s0 s1 s2 s3 s4 i
384
+
movdqu (\i * 0x10)(SRC), MSG
341
385
movdqa MSG, T0
342
386
pxor \s1, T0
343
387
pxor \s4, T0
344
388
movdqa \s2, T1
345
389
pand \s3, T1
346
390
pxor T1, T0
347
-
movdq\a T0, (\i * 0x10)(DST)
391
+
movdqu T0, (\i * 0x10)(DST)
348
392
349
393
aegis128_update
350
394
pxor MSG, \s4
···
371
415
movdqu 0x30(STATEP), STATE3
372
416
movdqu 0x40(STATEP), STATE4
373
417
374
-
mov SRC, %r8
375
-
or DST, %r8
376
-
and $0xF, %r8
377
-
jnz .Lenc_u_loop
378
-
379
418
.align 8
380
-
.Lenc_a_loop:
381
-
encrypt_block a STATE0 STATE1 STATE2 STATE3 STATE4 0
382
-
encrypt_block a STATE4 STATE0 STATE1 STATE2 STATE3 1
383
-
encrypt_block a STATE3 STATE4 STATE0 STATE1 STATE2 2
384
-
encrypt_block a STATE2 STATE3 STATE4 STATE0 STATE1 3
385
-
encrypt_block a STATE1 STATE2 STATE3 STATE4 STATE0 4
419
+
.Lenc_loop:
420
+
encrypt_block STATE0 STATE1 STATE2 STATE3 STATE4 0
421
+
encrypt_block STATE4 STATE0 STATE1 STATE2 STATE3 1
422
+
encrypt_block STATE3 STATE4 STATE0 STATE1 STATE2 2
423
+
encrypt_block STATE2 STATE3 STATE4 STATE0 STATE1 3
424
+
encrypt_block STATE1 STATE2 STATE3 STATE4 STATE0 4
386
425
387
426
add $0x50, SRC
388
427
add $0x50, DST
389
-
jmp .Lenc_a_loop
390
-
391
-
.align 8
392
-
.Lenc_u_loop:
393
-
encrypt_block u STATE0 STATE1 STATE2 STATE3 STATE4 0
394
-
encrypt_block u STATE4 STATE0 STATE1 STATE2 STATE3 1
395
-
encrypt_block u STATE3 STATE4 STATE0 STATE1 STATE2 2
396
-
encrypt_block u STATE2 STATE3 STATE4 STATE0 STATE1 3
397
-
encrypt_block u STATE1 STATE2 STATE3 STATE4 STATE0 4
398
-
399
-
add $0x50, SRC
400
-
add $0x50, DST
401
-
jmp .Lenc_u_loop
428
+
jmp .Lenc_loop
402
429
403
430
/* store the state: */
404
431
.Lenc_out_0:
···
474
535
RET
475
536
SYM_FUNC_END(crypto_aegis128_aesni_enc_tail)
476
537
477
-
.macro decrypt_block a s0 s1 s2 s3 s4 i
478
-
movdq\a (\i * 0x10)(SRC), MSG
538
+
.macro decrypt_block s0 s1 s2 s3 s4 i
539
+
movdqu (\i * 0x10)(SRC), MSG
479
540
pxor \s1, MSG
480
541
pxor \s4, MSG
481
542
movdqa \s2, T1
482
543
pand \s3, T1
483
544
pxor T1, MSG
484
-
movdq\a MSG, (\i * 0x10)(DST)
545
+
movdqu MSG, (\i * 0x10)(DST)
485
546
486
547
aegis128_update
487
548
pxor MSG, \s4
···
508
569
movdqu 0x30(STATEP), STATE3
509
570
movdqu 0x40(STATEP), STATE4
510
571
511
-
mov SRC, %r8
512
-
or DST, %r8
513
-
and $0xF, %r8
514
-
jnz .Ldec_u_loop
515
-
516
572
.align 8
517
-
.Ldec_a_loop:
518
-
decrypt_block a STATE0 STATE1 STATE2 STATE3 STATE4 0
519
-
decrypt_block a STATE4 STATE0 STATE1 STATE2 STATE3 1
520
-
decrypt_block a STATE3 STATE4 STATE0 STATE1 STATE2 2
521
-
decrypt_block a STATE2 STATE3 STATE4 STATE0 STATE1 3
522
-
decrypt_block a STATE1 STATE2 STATE3 STATE4 STATE0 4
573
+
.Ldec_loop:
574
+
decrypt_block STATE0 STATE1 STATE2 STATE3 STATE4 0
575
+
decrypt_block STATE4 STATE0 STATE1 STATE2 STATE3 1
576
+
decrypt_block STATE3 STATE4 STATE0 STATE1 STATE2 2
577
+
decrypt_block STATE2 STATE3 STATE4 STATE0 STATE1 3
578
+
decrypt_block STATE1 STATE2 STATE3 STATE4 STATE0 4
523
579
524
580
add $0x50, SRC
525
581
add $0x50, DST
526
-
jmp .Ldec_a_loop
527
-
528
-
.align 8
529
-
.Ldec_u_loop:
530
-
decrypt_block u STATE0 STATE1 STATE2 STATE3 STATE4 0
531
-
decrypt_block u STATE4 STATE0 STATE1 STATE2 STATE3 1
532
-
decrypt_block u STATE3 STATE4 STATE0 STATE1 STATE2 2
533
-
decrypt_block u STATE2 STATE3 STATE4 STATE0 STATE1 3
534
-
decrypt_block u STATE1 STATE2 STATE3 STATE4 STATE0 4
535
-
536
-
add $0x50, SRC
537
-
add $0x50, DST
538
-
jmp .Ldec_u_loop
582
+
jmp .Ldec_loop
539
583
540
584
/* store the state: */
541
585
.Ldec_out_0: