Received: by 2002:ab2:b82:0:b0:1f3:401:3cfb with SMTP id 2csp958645lqh; Fri, 29 Mar 2024 02:33:49 -0700 (PDT) X-Forwarded-Encrypted: i=3; AJvYcCUZy8Bvl8j5hFi03yhQjKesVV9qt2zDyQELA7pEW3Q27q9ncWwSqi7Zg70XeQNFWp+6fTYT10259piN7SoazPh0Ksd94LH5L+8kPVWxzQ== X-Google-Smtp-Source: AGHT+IGrQ/vrhaZ1XQwyDUdmD+Q/+PWj23xdMEk1ZtFnF/QuqKIDzbT2SMnjZ1UMy0D/QHsQszzT X-Received: by 2002:a05:6402:268c:b0:566:ab45:e6c5 with SMTP id w12-20020a056402268c00b00566ab45e6c5mr1292777edd.28.1711704829271; Fri, 29 Mar 2024 02:33:49 -0700 (PDT) ARC-Seal: i=2; a=rsa-sha256; t=1711704829; cv=pass; d=google.com; s=arc-20160816; b=cY3Kc/Cw7sGR6xu5R71YdI3WJ0N9l4sEcXl6EIYd7vfs8+95Cmhb152o97kmaOP/3V SSVc//3/KzJXxg4XFpK8eeJN/b1jz6kLa7ttCcn8mCb618vdzyYd32VV3/WWFbaj1bMn 1EKnMie5USfrrmUOgAmVzn1QNebqUk37Y9UvsTHieTaDhwiHkRqxqmqFKHFrVAQjy/aJ uAy3CzVucQi/FtqUXZOzuVqRik+93skD8qQHya38V0TrqHEV27asRO/hlaEGDt/lNAId /wmqvfSCJYSl/DLqNpySZnlnHXffIEHx63J1MFqvYb+V7cJgJZ4IorAVPLItmBGJ6EdT S2Lg== ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=in-reply-to:content-disposition:mime-version:list-unsubscribe :list-subscribe:list-id:precedence:references:message-id:subject:cc :to:from:date:dkim-signature; bh=dhr0m824EtJZT0bbpIwR2OUM2FZstMeXMnhQq6+DvhI=; fh=gt2QsdVbW4Jc4aJd3HbkynInUy9EIu51p64EnAL9Prs=; b=omHr4k8ZQ4bEHwzhuRlGR7thjx02pjgAFdtONM74UApv7xuXkU5UjyPxPCM2Hr8urD leWkRvR6b1BCtrwg2K18t+4VTdS7p36p4/YCEOGh9S8HYZKXwTib81JNhUJWB+VifXZb RBBptbDPjpTcRawPFRWQQgtZoZ6FFRomsZvOMLuMHCz+nA8JsrhDr/yn4zwwU/S3ALg6 L99erOzRSxoW4h6fMwPzlXvHHsLpyCsWJaMS9iOwKdY5wBe+R+i9rwiYHXtQOJMEbOeY 3inmjvKsJerM1BbAMMxFEXIUsWPH/RQYs5j4Qeo7q3iR04kP9APz5L8L39r/5qqrUoZP WUeA==; dara=google.com ARC-Authentication-Results: i=2; mx.google.com; dkim=pass header.i=@kernel.org header.s=k20201202 header.b=jq6iCQ5z; arc=pass (i=1 dkim=pass dkdomain=kernel.org); spf=pass (google.com: domain of linux-crypto+bounces-3067-linux.lists.archive=gmail.com@vger.kernel.org designates 147.75.80.249 as permitted sender) smtp.mailfrom="linux-crypto+bounces-3067-linux.lists.archive=gmail.com@vger.kernel.org"; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org Return-Path: Received: from am.mirrors.kernel.org (am.mirrors.kernel.org. [147.75.80.249]) by mx.google.com with ESMTPS id q12-20020a50aa8c000000b0056bdcde4468si1683403edc.590.2024.03.29.02.33.49 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Fri, 29 Mar 2024 02:33:49 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-crypto+bounces-3067-linux.lists.archive=gmail.com@vger.kernel.org designates 147.75.80.249 as permitted sender) client-ip=147.75.80.249; Authentication-Results: mx.google.com; dkim=pass header.i=@kernel.org header.s=k20201202 header.b=jq6iCQ5z; arc=pass (i=1 dkim=pass dkdomain=kernel.org); spf=pass (google.com: domain of linux-crypto+bounces-3067-linux.lists.archive=gmail.com@vger.kernel.org designates 147.75.80.249 as permitted sender) smtp.mailfrom="linux-crypto+bounces-3067-linux.lists.archive=gmail.com@vger.kernel.org"; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org Received: from smtp.subspace.kernel.org (wormhole.subspace.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by am.mirrors.kernel.org (Postfix) with ESMTPS id 034F81F21AE7 for ; Fri, 29 Mar 2024 09:33:49 +0000 (UTC) Received: from localhost.localdomain (localhost.localdomain [127.0.0.1]) by smtp.subspace.kernel.org (Postfix) with ESMTP id 3E6A5535D9; Fri, 29 Mar 2024 09:31:35 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b="jq6iCQ5z" X-Original-To: linux-crypto@vger.kernel.org Received: from smtp.kernel.org (aws-us-west-2-korg-mail-1.web.codeaurora.org [10.30.226.201]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id DDC8A4F5E6; Fri, 29 Mar 2024 09:31:34 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=10.30.226.201 ARC-Seal:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1711704695; cv=none; b=DJmThGbAIA4mcuBsDR1LJC+L0BZp1oFHY7pA+SfFC6Q1cpeXGkEzkKCay15wQc6tYcATsZMTGWQh4P8lzox1UJR3vUilPjX62sWPDUAEBOgyQ8A4ap8h4LptWy8qnCGQLckACtjW8qxlCXBul+EhOMQSM06mMvhRmPIHNedjUkw= ARC-Message-Signature:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1711704695; c=relaxed/simple; bh=22g7mmTzwyhTsP+0wGXlDY7nA4zn4oruXJTUzUq+dRQ=; h=Date:From:To:Cc:Subject:Message-ID:References:MIME-Version: Content-Type:Content-Disposition:In-Reply-To; b=m3EDa6PlgdvizTekpI+Sj1nXzfr2pzXZUdB0VT1L7VWoBqYfXPTKNag/VoH8bQ84rmbSnVgp3uvYSoODQ9XSwRhhq2ARmFFq+4ejoQmgVHPwcikZxvcO1dy7gWfzrcKcAaRjZXDKIl+/mOm2o5wqU0k/XW9KIaz09u3Fba6l/zI= ARC-Authentication-Results:i=1; smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b=jq6iCQ5z; arc=none smtp.client-ip=10.30.226.201 Received: by smtp.kernel.org (Postfix) with ESMTPSA id 53D97C433C7; Fri, 29 Mar 2024 09:31:34 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1711704694; bh=22g7mmTzwyhTsP+0wGXlDY7nA4zn4oruXJTUzUq+dRQ=; h=Date:From:To:Cc:Subject:References:In-Reply-To:From; b=jq6iCQ5znoerRWqIp7rCQTKYh9nrasdXnhphKKBvFgJM+XGHhgofkct75A0ZslnV9 HieVjvWr0eISQ1l21D8eGPxRSLZu0zEPjArajBlO02hekmm9u/ptD/cjO87u0PRJ8m qEnkSjLsI42+GmcMnMc9zXwIKz/gGDVa7XFjNmGh0DtEjAnUQfh3FKdzsdXDkJUn+0 gx1hLCfMMjV28kUkxIeoUKJBzAYKHS7x1QQ38zY2CpAGGmLdYow28MYuPgbXhegEv/ 3Szpmx5OOzYZ8DtlgiK8s+VyzlfA8+2XAZLrbBlbir6b2J2i1tSLtbelbi9kefoQk7 7FVvMwIDs6KIA== Date: Fri, 29 Mar 2024 02:31:30 -0700 From: Eric Biggers To: Ard Biesheuvel Cc: linux-crypto@vger.kernel.org, x86@kernel.org, linux-kernel@vger.kernel.org, Andy Lutomirski , "Chang S . Bae" Subject: Re: [PATCH v2 0/6] Faster AES-XTS on modern x86_64 CPUs Message-ID: <20240329093130.GA65937@sol.localdomain> References: <20240329080355.2871-1-ebiggers@kernel.org> Precedence: bulk X-Mailing-List: linux-crypto@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: On Fri, Mar 29, 2024 at 11:03:07AM +0200, Ard Biesheuvel wrote: > > Retested this v2: > > Tested-by: Ard Biesheuvel > Reviewed-by: Ard Biesheuvel > > Hopefully, the AES-KL keylocker implementation can be based on this > template as well. As-is, it would be a bit ugly to add keylocker support to my template because my template always processes 4 registers of AES blocks per iteration of the main loop (like the existing aes-xts-aesni), whereas the keylocker instructions are hardcoded to operate on 8 AES blocks at a time in xmm0-xmm7, presumably to reduce the overhead of unwrapping the key. I did try an 8-wide version briefly. There are some older CPUs on which it helps. (On newer CPUs, AES latency is lower, and the width increases by moving to ymm or zmm registers anyway.) But it didn't seem too attractive to me. It causes registers to spill, and it becomes a bit awkward to unroll the AES rounds when the code size is twice as large, so it may need to be re-rolled. I should take a closer look, but I decided to just stay with a 4-wide version for now. So I *think* AES-KL is best kept separate for now. I do wonder if the AES-KL code should adopt the idea of using VEX-coded instructions, though --- surely it's the case that in practice, any CPU with AES-KL also supports AVX. > I wouldn't mind retiring the existing xts(aesni) > code entirely, and using the xts() wrapper around ecb-aes-aesni on > 32-bit and on non-AVX uarchs with AES-NI. Yes, it will need to be benchmarked, but that probably makes sense. If Wikipedia is to be trusted, on the Intel side only Westmere (from 2010) has AES-NI but not AVX, and on the AMD side all CPUs with AES-NI have AVX... - Eric