Received: by 2002:ab2:3350:0:b0:1f4:6588:b3a7 with SMTP id o16csp1950681lqe;
        Tue, 9 Apr 2024 05:45:06 -0700 (PDT)
X-Forwarded-Encrypted: i=3; AJvYcCXQbwF1dGNce3i/Nu1q7mMiqc+IuCwHNLfuqwNGCdzn/D5mrIV6QMhvmLL8iMP+42Oy9i+xuG0r/MP5HHJVP244/Ew5kV15Tx2w6hmCvA==
X-Google-Smtp-Source: AGHT+IEnOPbnbkmuvggUkqkgSr1MYFWEo79aDpiN5DPeSOfDXYJBp6RbTgKGrDWPsKMQqaTkeROo
X-Received: by 2002:a05:622a:14a:b0:434:3a39:9139 with SMTP id v10-20020a05622a014a00b004343a399139mr13814526qtw.41.1712666705871;
        Tue, 09 Apr 2024 05:45:05 -0700 (PDT)
ARC-Seal: i=2; a=rsa-sha256; t=1712666705; cv=pass;
        d=google.com; s=arc-20160816;
        b=tfz42FsvxNyaK39EbcbRM5qriK9B/iGSskZVfHRrlyOxjg5zgTneSqfzIu+jVIuHYA
         L3FYR8B2dVMa7jnkFL8HD62a6sFGlVsj/6DIxwZveTSM+Iz4S0Y9Me0XEMzcybJd3FY5
         bHtCb+KFuN/jNendfNGlismGwehYW6YkQFulh5dAWyAqhrqBZNO/xDWEZvF7aMz/fS+v
         bqGKqwV9DoApXHXlkpm6lzwNbjbigvdreObTXleYR3zcsX1gu70kD2w1RFf4FRof93sa
         KIxHIwpb4WMaaaSR9NZS6lkJ+EHDYAdfQ6d8fSDmR9Urns6WG8L4bvIvgxHA4000Gk37
         cACA==
ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=cc:to:subject:message-id:date:from:in-reply-to:references
         :mime-version:list-unsubscribe:list-subscribe:list-id:precedence
         :dkim-signature;
        bh=c2rFbsHWRQRbU9Eb2xVaqTkEcaobDdCvKdDDsI5Rvns=;
        fh=PaxSlu/Mw8DiwAAf4nNEqN5c0XsdIkfg15VezKGGe84=;
        b=MY1gmQAI83L/VqLPnSywPVRelnI7bP5ax8c8fbUZdgEkYa7mliy8JHfFWpV2XFBvB5
         BDFoBGr8gBlis39T8gm9rfysmJuXI4Lar8e8Eh1OFerJg/PQTaov7tTy8FCqwjIcywfA
         2f9ZciP/DSLwCn764ZCvWcxlrNTsyyrU92jyqeJfFRJU1UrmdRp9DxNeEFm0Hc5D1vmG
         0i+sCxVDrgLxBLScOk7SWoxSsSCQXMA6I/h+xQ4EgmUbUXfedBGr+wc98LHxUA1AbDAm
         3akCY/kvE5BSkLe8uZZZjTKI3xyppueCf1GV6SOR/SbVL3wFxMw/K2bo5V0DzFUFro8i
         Ht8w==;
        dara=google.com
ARC-Authentication-Results: i=2; mx.google.com;
       dkim=pass header.i=@kernel.org header.s=k20201202 header.b=pY6p3tJ0;
       arc=pass (i=1 dkim=pass dkdomain=kernel.org);
       spf=pass (google.com: domain of linux-crypto+bounces-3426-linux.lists.archive=gmail.com@vger.kernel.org designates 2604:1380:45d1:ec00::1 as permitted sender) smtp.mailfrom="linux-crypto+bounces-3426-linux.lists.archive=gmail.com@vger.kernel.org";
       dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org
Return-Path: <linux-crypto+bounces-3426-linux.lists.archive=gmail.com@vger.kernel.org>
Received: from ny.mirrors.kernel.org (ny.mirrors.kernel.org. [2604:1380:45d1:ec00::1])
        by mx.google.com with ESMTPS id bp34-20020a05622a1ba200b004343e82dd51si2182878qtb.135.2024.04.09.05.45.05
        for <linux.lists.archive@gmail.com>
        (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
        Tue, 09 Apr 2024 05:45:05 -0700 (PDT)
Received-SPF: pass (google.com: domain of linux-crypto+bounces-3426-linux.lists.archive=gmail.com@vger.kernel.org designates 2604:1380:45d1:ec00::1 as permitted sender) client-ip=2604:1380:45d1:ec00::1;
Authentication-Results: mx.google.com;
       dkim=pass header.i=@kernel.org header.s=k20201202 header.b=pY6p3tJ0;
       arc=pass (i=1 dkim=pass dkdomain=kernel.org);
       spf=pass (google.com: domain of linux-crypto+bounces-3426-linux.lists.archive=gmail.com@vger.kernel.org designates 2604:1380:45d1:ec00::1 as permitted sender) smtp.mailfrom="linux-crypto+bounces-3426-linux.lists.archive=gmail.com@vger.kernel.org";
       dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org
Received: from smtp.subspace.kernel.org (wormhole.subspace.kernel.org [52.25.139.140])
	(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
	(No client certificate requested)
	by ny.mirrors.kernel.org (Postfix) with ESMTPS id 7B1011C21EB9
	for <linux.lists.archive@gmail.com>; Tue,  9 Apr 2024 12:45:05 +0000 (UTC)
Received: from localhost.localdomain (localhost.localdomain [127.0.0.1])
	by smtp.subspace.kernel.org (Postfix) with ESMTP id 341FE12D77D;
	Tue,  9 Apr 2024 12:45:00 +0000 (UTC)
Authentication-Results: smtp.subspace.kernel.org;
	dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b="pY6p3tJ0"
X-Original-To: linux-crypto@vger.kernel.org
Received: from smtp.kernel.org (aws-us-west-2-korg-mail-1.web.codeaurora.org [10.30.226.201])
	(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
	(No client certificate requested)
	by smtp.subspace.kernel.org (Postfix) with ESMTPS id E4D0B12D755;
	Tue,  9 Apr 2024 12:44:59 +0000 (UTC)
Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=10.30.226.201
ARC-Seal:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116;
	t=1712666700; cv=none; b=fkLScKcDpO+PcLaz5Ez9f9NKAj+Z4yUAWjPbEbGxI8xCSwp0RXQSI69+7ZT/NuqAlEhvFXhCc0uQ9GelXYLGAlmBD0e/Dl+NEmdOg3UFJl3C6jl0opeClZkqb+3azYCM3PJ8FwH2xz3jnQZWECd91QeLUuilelF1AE53OALpjOo=
ARC-Message-Signature:i=1; a=rsa-sha256; d=subspace.kernel.org;
	s=arc-20240116; t=1712666700; c=relaxed/simple;
	bh=X7rdsbL7+LXMFqNdb3JPRvZ93H2cU4KFKkX7IKVa+0I=;
	h=MIME-Version:References:In-Reply-To:From:Date:Message-ID:Subject:
	 To:Cc:Content-Type; b=fpXFdl8sqDbkgyBN136AAY8jYW2F4lt/KtN2wPief6S45fMM1uy3n5429Mcm2x5mPg7XN617FW8rxFoO4xbS9Ttg4+nqMoVoQLDQOpCYkC+PyvXLScHvkC+UsPqJEH50pQRYR+vFx/5vR3r+EfVACw4vDwfxdb6O7BRSPeG1EDM=
ARC-Authentication-Results:i=1; smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b=pY6p3tJ0; arc=none smtp.client-ip=10.30.226.201
Received: by smtp.kernel.org (Postfix) with ESMTPSA id 77581C433F1;
	Tue,  9 Apr 2024 12:44:59 +0000 (UTC)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org;
	s=k20201202; t=1712666699;
	bh=X7rdsbL7+LXMFqNdb3JPRvZ93H2cU4KFKkX7IKVa+0I=;
	h=References:In-Reply-To:From:Date:Subject:To:Cc:From;
	b=pY6p3tJ0VLACzQ+VlxGKbtfCJIg1EdeWyxf17BxhDSP16I7MMXsci8Geyk1z07aWt
	 DvdLzFOhuH4ygHHW7ur5qP1MTUCwqzQAPxZVKq5Mwn1aVi7ty808IveODZsxxRv8EL
	 ZB3eZ3Vecj5qQAsHAb2h3lxXZT2ccMD0hNEyoyZui7BQ63reZ4JY1P/d9QLoTY/nCC
	 UnN6j8+obxLD2xOvaXMS9F367B+dHwsddkIGcociYcnuRNAA5wukd9rlsBoX7QAj47
	 rrdDXHocB1BfRqccT/YBSmqab3rC3FXYGZ7ygpf6t3hrg4EyE4/wt5mZtNqvOHdAmG
	 FjfRgMhzqc+7A==
Received: by mail-lj1-f176.google.com with SMTP id 38308e7fff4ca-2d8b4778f5fso2593561fa.3;
        Tue, 09 Apr 2024 05:44:59 -0700 (PDT)
X-Forwarded-Encrypted: i=1; AJvYcCUuEwjM8mR89kzTpErVt3cFYOO8DgpciIhQ6LdjSONlpujitn2eeJi4wKAXpMCwkvTJWuK6zFGDM7tqMVTRSIGFWGnu97MvWcPs3ZcC
X-Gm-Message-State: AOJu0YzVueE9nOEZ7Hy7c6RZnrPTeAMWDcaZAn949n1Bsyt5Lz+cUQm8
	4JyTXG2kq6ggcNehDSIA8OxOj+toAoOMapdcbUd/mP1ddCll+gkM6HUoMsmCW9PJbvoeKM7gQFV
	lHzzOfvU+m4qol/gaBd6UTEEBU70=
X-Received: by 2002:a2e:9515:0:b0:2d8:918f:55fa with SMTP id
 f21-20020a2e9515000000b002d8918f55famr3962471ljh.18.1712666697842; Tue, 09
 Apr 2024 05:44:57 -0700 (PDT)
Precedence: bulk
X-Mailing-List: linux-crypto@vger.kernel.org
List-Id: <linux-crypto.vger.kernel.org>
List-Subscribe: <mailto:linux-crypto+subscribe@vger.kernel.org>
List-Unsubscribe: <mailto:linux-crypto+unsubscribe@vger.kernel.org>
MIME-Version: 1.0
References: <20240409000154.29799-1-ebiggers@kernel.org> <CAMj1kXEhrPo18dwAuzpn7R7ZGpOxr2pwuoAfGRtWwzgSF+mTsA@mail.gmail.com>
 <20240409121141.GA717@quark.localdomain>
In-Reply-To: <20240409121141.GA717@quark.localdomain>
From: Ard Biesheuvel <ardb@kernel.org>
Date: Tue, 9 Apr 2024 14:44:46 +0200
X-Gmail-Original-Message-ID: <CAMj1kXFxYW-45Ns_C0vss+gwoERiT6QX-h_Pgquf7zggUKdUPA@mail.gmail.com>
Message-ID: <CAMj1kXFxYW-45Ns_C0vss+gwoERiT6QX-h_Pgquf7zggUKdUPA@mail.gmail.com>
Subject: Re: [PATCH] crypto: x86/aes-xts - access round keys using single-byte offsets
To: Eric Biggers <ebiggers@kernel.org>
Cc: linux-crypto@vger.kernel.org, x86@kernel.org, linux-kernel@vger.kernel.org, 
	"Chang S . Bae" <chang.seok.bae@intel.com>, Stefan Kanthak <stefan.kanthak@nexgo.de>
Content-Type: text/plain; charset="UTF-8"

On Tue, 9 Apr 2024 at 14:11, Eric Biggers <ebiggers@kernel.org> wrote:
>
> On Tue, Apr 09, 2024 at 11:12:11AM +0200, Ard Biesheuvel wrote:
> > On Tue, 9 Apr 2024 at 02:02, Eric Biggers <ebiggers@kernel.org> wrote:
> > >
> > > From: Eric Biggers <ebiggers@google.com>
> > >
> > > Access the AES round keys using offsets -7*16 through 7*16, instead of
> > > 0*16 through 14*16.  This allows VEX-encoded instructions to address all
> > > round keys using 1-byte offsets, whereas before some needed 4-byte
> > > offsets.  This decreases the code size of aes-xts-avx-x86_64.o by 4.2%.
> > >
> > > Signed-off-by: Eric Biggers <ebiggers@google.com>
> >
> > Nice optimization!
> >
> > Do you think we might be able to macrofy this a bit so we can use zero
> > based indexing for the round keys, and hide the arithmetic?
> >
> >
>
> There are two alternatives I considered: defining variables KEYOFF0 through
> KEYOFF14 and writing the offsets as KEYOFF\i(KEY), or defining one variable
> KEYOFF and writing the offsets as \i*16-KEYOFF(KEY).  I think I slightly prefer
> the current patch where it's less abstracted out, though.  It makes it clear the
> offsets really are single-byte, and also index 7 is the exact mid-point so going
> from -7 to 7 still feels fairly natural.  If we wanted to do something more
> complex like use different offsets for AVX vs. AVX512, then we'd need the
> abstraction to handle that, but it doesn't seem useful to do that.
>

Fair enough.