Received: by 2002:a05:6a10:1a4d:0:0:0:0 with SMTP id nk13csp5574459pxb;
        Mon, 14 Feb 2022 02:21:38 -0800 (PST)
X-Google-Smtp-Source: ABdhPJzeEfxtIb7qM5NF62VrwepERod1Gx3iDmTfvKLBi15uFes7H1Nqd9LBbCQMy+fms3jIlQnw
X-Received: by 2002:a63:a102:: with SMTP id b2mr11161692pgf.459.1644834098127;
        Mon, 14 Feb 2022 02:21:38 -0800 (PST)
ARC-Seal: i=1; a=rsa-sha256; t=1644834098; cv=none;
        d=google.com; s=arc-20160816;
        b=NFZ1CUDDmE7NlJj4G4m5VFaZ+AF+td8Xu1E4OckY9ct1SNIe1dKZ4UKG+GjlbDQgJD
         +x7lkpMPzNHA8Ms2o+ST0SpzXGzcw5gia0HzqMLF6FnhQNVvh41SJF5H8KR45q5QlkHg
         nOIbSYwcGBlZmMRcwYd3UAjKsAThHHMp/+AB0i/pMaV78hgs+Eqgk0igem5CR4/oBOW6
         t/+K67ebQ3i0SIYvezHNkG9K4/o3zg5NqKKCTYUnrSZORfiO3/kDFq4r7QeJzR6xMqwh
         EMO3Jh2AlBsKIuzYhj9FLEjFTJED5cyDxxdNxlGC9fTkcaykF3BnXqtJkyJXwhA0MDEI
         PkVg==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=list-id:precedence:cc:to:subject:message-id:date:from:in-reply-to
         :references:mime-version:dkim-signature;
        bh=NYN0sjbizyaH2zsaGUmY5EGqtS267aE81b0+et026/M=;
        b=lkY6GdBQUk71KvtNIFqOvIcBv8upaQ0e9p4bWZHLbjfz4BHd0TDqetm+O+XqIM67az
         tnXgwD/iU28RAPfY0g2XLHQ4VIs5VGU4CytMjjl0jqIfgeMqZV1L2KBikHz/XcIh8NZ8
         vnRzJXxYQveV4gx/qjGH2plX1RFxd97kgu0nBIgTWPlpyUfNI6riG4hVHzCZR/pM9oZY
         7d66fqCh/SS+C2IHZCFmYZR6W7C2h1Ojkr7EG4HCCe3GmKynoJ150QRClWTDy31zUP2Z
         BTXdNPEuhKTazd6tRtU9HJm+aqqLLUl20C0KLfUR9DXdH75EzG4hrPwSre64D0/F3tEH
         zGxw==
ARC-Authentication-Results: i=1; mx.google.com;
       dkim=pass header.i=@kernel.org header.s=k20201202 header.b="oqgq/yLj";
       spf=pass (google.com: domain of linux-crypto-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-crypto-owner@vger.kernel.org;
       dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org
Return-Path: <linux-crypto-owner@vger.kernel.org>
Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20])
        by mx.google.com with ESMTP id h188si29047029pgc.819.2022.02.14.02.21.23;
        Mon, 14 Feb 2022 02:21:38 -0800 (PST)
Received-SPF: pass (google.com: domain of linux-crypto-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20;
Authentication-Results: mx.google.com;
       dkim=pass header.i=@kernel.org header.s=k20201202 header.b="oqgq/yLj";
       spf=pass (google.com: domain of linux-crypto-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-crypto-owner@vger.kernel.org;
       dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S233290AbiBLKId (ORCPT <rfc822;benevolent.opressor@gmail.com>
        + 99 others); Sat, 12 Feb 2022 05:08:33 -0500
Received: from mxb-00190b01.gslb.pphosted.com ([23.128.96.19]:60222 "EHLO
        lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
        with ESMTP id S233065AbiBLKIc (ORCPT
        <rfc822;linux-crypto@vger.kernel.org>);
        Sat, 12 Feb 2022 05:08:32 -0500
Received: from ams.source.kernel.org (ams.source.kernel.org [IPv6:2604:1380:4601:e00::1])
        by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 8825326110
        for <linux-crypto@vger.kernel.org>; Sat, 12 Feb 2022 02:08:29 -0800 (PST)
Received: from smtp.kernel.org (relay.kernel.org [52.25.139.140])
        (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
        (No client certificate requested)
        by ams.source.kernel.org (Postfix) with ESMTPS id 3B497B80011
        for <linux-crypto@vger.kernel.org>; Sat, 12 Feb 2022 10:08:28 +0000 (UTC)
Received: by smtp.kernel.org (Postfix) with ESMTPSA id E935FC340E7
        for <linux-crypto@vger.kernel.org>; Sat, 12 Feb 2022 10:08:26 +0000 (UTC)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org;
        s=k20201202; t=1644660506;
        bh=uwvHwvTce5f8VcNRgtGyM1W8Vj+7as84ydlj6IEdMl0=;
        h=References:In-Reply-To:From:Date:Subject:To:Cc:From;
        b=oqgq/yLjHleytQn0/V0dZY+n4hjrm57I1h5BBgQQD+aOB/o6bav41hItoAAE+FERM
         LokVy4VVmPx9JLCkKXDdyaJRBe8+rjQONu05Ho5q/8UHeslPW7UpvyNjJnKcJf1L7c
         pSeA4uIh1QD3DXkiH5mIzZv68ooJHVnbVMWtX49QB35GDLjYAR9s/LmGwXvWkqjjon
         NJMkJdFVCFnUjwFGEf7CyL1uZNFKY1M09yLAMEv9Zul0dOaaOr4aEcpHjv7ZYASuWJ
         3BpArrU4LlS+XOqBtBv7DBSzrP8N/AfpwxOPNKBVn/jjduKlyEnYRUdXbXmAdsAF3m
         CedzW7kZLefxw==
Received: by mail-wr1-f44.google.com with SMTP id s10so5472705wrb.1
        for <linux-crypto@vger.kernel.org>; Sat, 12 Feb 2022 02:08:26 -0800 (PST)
X-Gm-Message-State: AOAM530EFYqprRPduNO4Bxehny7eZSFqZ4rtTVn+xltW/IPVMmr4smsh
        SFIeFNbFivj69nBIlmvvA9Mp5NLA5OEUf9dEYr8=
X-Received: by 2002:a05:6000:1b88:: with SMTP id r8mr4540819wru.447.1644660505301;
 Sat, 12 Feb 2022 02:08:25 -0800 (PST)
MIME-Version: 1.0
References: <20220210232812.798387-1-nhuck@google.com> <20220210232812.798387-6-nhuck@google.com>
 <CAMj1kXEJRBcLBsO6HVQJNmGkxmY+aXY+BnyApn6s_MCtXo0eng@mail.gmail.com> <CAJkfWY7bet2V-w7NwMxqAsiwUqF5q7-FmFsgKJaMOBYSuY9M2g@mail.gmail.com>
In-Reply-To: <CAJkfWY7bet2V-w7NwMxqAsiwUqF5q7-FmFsgKJaMOBYSuY9M2g@mail.gmail.com>
From:   Ard Biesheuvel <ardb@kernel.org>
Date:   Sat, 12 Feb 2022 11:08:14 +0100
X-Gmail-Original-Message-ID: <CAMj1kXHtkxNkdpX46EmT94+ZkFyEkgXzZHOhpzb+DUu15r=7gQ@mail.gmail.com>
Message-ID: <CAMj1kXHtkxNkdpX46EmT94+ZkFyEkgXzZHOhpzb+DUu15r=7gQ@mail.gmail.com>
Subject: Re: [RFC PATCH v2 5/7] crypto: arm64/aes-xctr: Add accelerated
 implementation of XCTR
To:     Nathan Huckleberry <nhuck@google.com>
Cc:     Linux Crypto Mailing List <linux-crypto@vger.kernel.org>,
        Herbert Xu <herbert@gondor.apana.org.au>,
        "David S. Miller" <davem@davemloft.net>,
        Linux ARM <linux-arm-kernel@lists.infradead.org>,
        Paul Crowley <paulcrowley@google.com>,
        Eric Biggers <ebiggers@kernel.org>,
        Sami Tolvanen <samitolvanen@google.com>
Content-Type: text/plain; charset="UTF-8"
X-Spam-Status: No, score=-7.1 required=5.0 tests=BAYES_00,DKIMWL_WL_HIGH,
        DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,RCVD_IN_DNSWL_HI,
        SPF_HELO_NONE,SPF_PASS,T_SCC_BODY_TEXT_LINE autolearn=ham
        autolearn_force=no version=3.4.6
X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on
        lindbergh.monkeyblade.net
Precedence: bulk
List-ID: <linux-crypto.vger.kernel.org>
X-Mailing-List: linux-crypto@vger.kernel.org

On Fri, 11 Feb 2022 at 21:30, Nathan Huckleberry <nhuck@google.com> wrote:
>
> On Fri, Feb 11, 2022 at 5:48 AM Ard Biesheuvel <ardb@kernel.org> wrote:
> >
> > On Fri, 11 Feb 2022 at 00:28, Nathan Huckleberry <nhuck@google.com> wrote:
> > >
> > > Add hardware accelerated version of XCTR for ARM64 CPUs with ARMv8
> > > Crypto Extension support.  This XCTR implementation is based on the CTR
> > > implementation in aes-modes.S.
> > >
> > > More information on XCTR can be found in
> > > the HCTR2 paper: Length-preserving encryption with HCTR2:
> > > https://eprint.iacr.org/2021/1441.pdf
> > >
> > > Signed-off-by: Nathan Huckleberry <nhuck@google.com>
> > > ---
> > >
> > > Changes since v1:
> > >  * Added STRIDE back to aes-glue.c
> > >
> >
> > NAK. Feel free to respond to my comments/questions against v1 if you
> > want to discuss this.
>
>  Oops, I misunderstood the tail block behavior of the CTR implementation and
>  thought it wouldn't work with XCTR mode.  I have XCTR mirroring the tail
>  behavior of CTR now. I'll submit it with the v3.

Yes, here's my version for reference:
https://git.kernel.org/pub/scm/linux/kernel/git/ardb/linux.git/commit/?h=hctr2&id=5bb01649223080b7cde5740f441eb5e758ec357f