Received: by 2002:a25:ad19:0:0:0:0:0 with SMTP id y25csp2504305ybi; Thu, 18 Jul 2019 09:23:44 -0700 (PDT) X-Google-Smtp-Source: APXvYqwZdqj9PrgcIq/+LEOd1l9Kp7aDAwe9wg4NaZlhn5ipi88KYXR+EhwNBX1As09oGNg4W+/m X-Received: by 2002:a65:6081:: with SMTP id t1mr49213235pgu.9.1563467024709; Thu, 18 Jul 2019 09:23:44 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1563467024; cv=none; d=google.com; s=arc-20160816; b=ckjHX5q6VJv4hcClHAiMr1PIS74COZ3V2B9DEJg7rUeORsKOqJmAoemy0SDBJdhKKd X2cPQP6jbX/aXpkR5U+/kGpkiWJ0nmJLCwtRMBLZgvo0+uJhifndBy0GpRK9Id+ZFB2d 2tKwdxeQ/Etqhr1c7Q3YAq56RrjpIw3JQR4xb0acZnfFlH5OWVA5wXBxU+cQenCZBZ4g 5/Cy09heXF9yBEySJwQUJGUR48Gg085Ae57lswG4it7ZTB7HUen3PfDqMI0hozblNuqd f4Al0fr7aApzwTNu4q5SpE00GvXVoMtsWtsnOj5Oogw0gfGmnp9eY3TRQFUyfbfJPjSU Ta5A== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:user-agent:in-reply-to :content-disposition:mime-version:references:message-id:subject:cc :to:from:date; bh=BfSme+TA+fVljAMlkxzVHKxppOiTPhJ9qUep/Bo4hzc=; b=LmRA6LrEiXcK4IZEM4jtrGbbBwCVHXWPktlm0EjEoKGdFxEkHIPc50X/CN939MVFdy 3SYVJWLrLL0mc/gxQJATyP+ZPQ3jEEv/5uukapf2pAxwGV+decXIv8GA3X6TGHNFei7P Ek1xPAFKI5D5/VlzKBhfavB6b6YSz4x+ETzKwqrFmGTJVG1JUi6l2dpChqm2pUUH1qV7 x4HdTVDt74tngkvnfBf8EGgsQDOy8b6UyHsPknu2q90A6Z/xJYCQ43UXVflIIDNzEZQ0 fFn0buf7TLgILXdJZGWVWh3A25gNVp0l/N5X7C/6pXYHr4HknuBwO6gBlNbvzrYhgFxg wssg== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: best guess record for domain of linux-crypto-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-crypto-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id p125si1516220pfp.35.2019.07.18.09.23.30; Thu, 18 Jul 2019 09:23:44 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-crypto-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of linux-crypto-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-crypto-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1727762AbfGRQWR (ORCPT + 99 others); Thu, 18 Jul 2019 12:22:17 -0400 Received: from helcar.hmeau.com ([216.24.177.18]:55502 "EHLO deadmen.hmeau.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1726040AbfGRQWR (ORCPT ); Thu, 18 Jul 2019 12:22:17 -0400 Received: from gondobar.mordor.me.apana.org.au ([192.168.128.4] helo=gondobar) by deadmen.hmeau.com with esmtps (Exim 4.89 #2 (Debian)) id 1ho9Aa-00024I-9h; Fri, 19 Jul 2019 00:22:12 +0800 Received: from herbert by gondobar with local (Exim 4.89) (envelope-from ) id 1ho9AX-0006pm-Fg; Fri, 19 Jul 2019 00:22:09 +0800 Date: Fri, 19 Jul 2019 00:22:09 +0800 From: Herbert Xu To: Ard Biesheuvel Cc: Pascal Van Leeuwen , Milan Broz , Horia Geanta , "linux-crypto@vger.kernel.org" , "dm-devel@redhat.com" Subject: Re: xts fuzz testing and lack of ciphertext stealing support Message-ID: <20190718162209.keahd3nexkp5ay7l@gondor.apana.org.au> References: <20190718065223.4xaefcwjoxvujntw@gondor.apana.org.au> <20190718072154.m2umem24x4grbf6w@gondor.apana.org.au> <36e78459-1594-6d19-0ab4-95b03a6de036@gmail.com> <20190718152908.xiuze3kb3fdc7ov6@gondor.apana.org.au> <20190718155140.b6ig3zq22askmfpy@gondor.apana.org.au> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: User-Agent: NeoMutt/20170113 (1.7.2) Sender: linux-crypto-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-crypto@vger.kernel.org On Thu, Jul 18, 2019 at 06:19:24PM +0200, Ard Biesheuvel wrote: > > Note that for software algorithms such as the bit sliced NEON > implementation of AES, which can only operate on 8 AES blocks at a > time, doing the final 2 blocks sequentially is going to seriously > impact performance. This means whatever wrapper we invent around xex() > (or whatever we call it) should go out of its way to ensure that the > common, non-CTS case does not regress in performance, and the special > handling is only invoked when necessary (which will be never). Agreed. Cheers, -- Email: Herbert Xu Home Page: http://gondor.apana.org.au/~herbert/ PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt