Received: by 2002:a05:6358:700f:b0:131:369:b2a3 with SMTP id 15csp3250972rwo; Fri, 4 Aug 2023 01:39:33 -0700 (PDT) X-Google-Smtp-Source: AGHT+IEEj2rFfLlDfFuPcAHADjMpeiIjzeG9ditZwxbMKzI21uB8mTycXOoi9tc30UbVcEUH6TV3 X-Received: by 2002:a17:907:762b:b0:99b:4ed4:5527 with SMTP id jy11-20020a170907762b00b0099b4ed45527mr838922ejc.25.1691138372934; Fri, 04 Aug 2023 01:39:32 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1691138372; cv=none; d=google.com; s=arc-20160816; b=TQNVZTF9u/5CgUoo0ok+dhZh1r6FSkni5GTm8PvsiznqKXJiKIbRTXtKeX4ECLSxkY 9AW1lMcImgTkElg6qbWhKphF1RQHoXQzhpymAKF/F/Z2Qtbvta+WSKvtvXlh662XLHZO Wkj6LxgjE3Ozv9TArK1WwY4enBsjzBPmQgXnpmYYdl2cYVqd6jrHxgm+AM2GLAJu/slZ tMamk1KKx7mJty1mDpLAVlsOU8dy2XUY2sMm1h+LFxH6OzEV2ZgoXaUcIHhw+00jJyf2 Sl3X06JZnWT9yilUK7QaAjNA9ZguWTTpz77jkbH6EMr+Ryk3CmvmedpKhvdKf5hJrF9p veRQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:in-reply-to:content-transfer-encoding :content-disposition:mime-version:references:message-id:subject:cc :to:from:date; bh=i7GmjuKAKREarHHqVjq/aUGQscDPYKniCIDn3f1KScA=; fh=UyUGxzGrlcFybIgQ0+6SMcMGa2hcQi5B91s5ScI4+Hw=; b=pkZs+h5LY7Hc0YH1BW6szwTnAH7INvD/jyiWFVxRLwVlirg+yp5a8nV22FZg/exMhi Cs8fCHjWL4h9HSORQ+MfW6j8/pAKQvA3Kq4pwVyABaQCljV8+5Wvazav+52hf9KYtTYH fnhNk87Pd5Y0OsSgzYOQ5eNjGWfTJOk1YFxjSO+0pDXpndkFVmEdVymn/zsSLb09muAk Fy80SCH5sRWSxUYc4stnbnd3r50FQL+gUeWEtWAYJQt4x0VPIdybBULxtGu6uKIxANKG ZkzH0QlcEkHMzGF7oqda5fPcYJK2pwvh66SlVhwDiSQRugtjmtLotUZchfmR2buYSNQe bZdg== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: domain of linux-crypto-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-crypto-owner@vger.kernel.org Return-Path: Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id x6-20020a170906b08600b009827e183e9fsi1306125ejy.636.2023.08.04.01.39.07; Fri, 04 Aug 2023 01:39:32 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-crypto-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; spf=pass (google.com: domain of linux-crypto-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-crypto-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S231235AbjHDIVm (ORCPT + 99 others); Fri, 4 Aug 2023 04:21:42 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:56884 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S232024AbjHDIVl (ORCPT ); Fri, 4 Aug 2023 04:21:41 -0400 Received: from 167-179-156-38.a7b39c.syd.nbn.aussiebb.net (167-179-156-38.a7b39c.syd.nbn.aussiebb.net [167.179.156.38]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 51489E6E for ; Fri, 4 Aug 2023 01:21:40 -0700 (PDT) Received: from loth.rohan.me.apana.org.au ([192.168.167.2]) by formenos.hmeau.com with smtp (Exim 4.94.2 #2 (Debian)) id 1qRq3y-003ZoP-IB; Fri, 04 Aug 2023 16:21:35 +0800 Received: by loth.rohan.me.apana.org.au (sSMTP sendmail emulation); Fri, 04 Aug 2023 16:21:34 +0800 Date: Fri, 4 Aug 2023 16:21:34 +0800 From: Herbert Xu To: Ard Biesheuvel Cc: linux-crypto@vger.kernel.org, ebiggers@kernel.org, linux-riscv@lists.infradead.org, Paul Walmsley , Palmer Dabbelt , Albert Ou , Christoph =?iso-8859-1?Q?M=FCllner?= , Heiko Stuebner Subject: Re: [PATCH] crypto: riscv/aes - Implement scalar Zkn version for RV32 Message-ID: References: <20230726172958.1215472-1-ardb@kernel.org> MIME-Version: 1.0 Content-Type: text/plain; charset=iso-8859-1 Content-Disposition: inline Content-Transfer-Encoding: 8bit In-Reply-To: <20230726172958.1215472-1-ardb@kernel.org> X-Spam-Status: No, score=2.7 required=5.0 tests=BAYES_00,HELO_DYNAMIC_IPADDR2, RCVD_IN_DNSWL_BLOCKED,RDNS_DYNAMIC,SPF_HELO_NONE,SPF_PASS,TVD_RCVD_IP, URIBL_BLOCKED autolearn=no autolearn_force=no version=3.4.6 X-Spam-Level: ** X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-crypto@vger.kernel.org On Wed, Jul 26, 2023 at 07:29:58PM +0200, Ard Biesheuvel wrote: > The generic AES implementation we rely on if no architecture specific > one is available relies on lookup tables that are relatively large with > respect to the typical L1 D-cache size, which not only affects > performance, it may also result in timing variances that correlate with > the encryption keys. > > So we tend to avoid the generic code if we can, usually by using a > driver that makes use of special AES instructions which supplant most of > the logic of the table based implementation the AES algorithm. > > The Zkn RISC-V extension provides another interesting take on this: it > defines instructions operating on scalar registers that implement the > table lookups without relying on tables in memory. Those tables carry > 32-bit quantities, making them a natural fit for a 32-bit architecture. > And given the use of scalars, we don't have to rely in in-kernel SIMD, > which is a bonus. > > So let's use the instructions to implement the core AES cipher for RV32. > > Cc: Paul Walmsley > Cc: Palmer Dabbelt > Cc: Albert Ou > Cc: Christoph M?llner > Cc: Heiko Stuebner > Signed-off-by: Ard Biesheuvel > --- > arch/riscv/crypto/Kconfig | 12 ++ > arch/riscv/crypto/Makefile | 3 + > arch/riscv/crypto/aes-riscv32-glue.c | 75 ++++++++++++ > arch/riscv/crypto/aes-riscv32-zkned.S | 119 ++++++++++++++++++++ > 4 files changed, 209 insertions(+) Hi Ard: Any chance you could postpone this til after I've finished removing crypto_cipher? Thanks, -- Email: Herbert Xu Home Page: http://gondor.apana.org.au/~herbert/ PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt