Received: by 2002:a05:6500:1b45:b0:1f5:f2ab:c469 with SMTP id cz5csp419343lqb; Tue, 16 Apr 2024 23:14:55 -0700 (PDT) X-Forwarded-Encrypted: i=3; AJvYcCWcMTMyFU+buI3DzTqhynrMEg1nYB1Dn++xLPnKYZbwc3wi2sHav0tf2ghz9rtNsm3YSAqsXy2lL0PpjkbiP4Y7sFtY9myjwaUXA4KMjQ== X-Google-Smtp-Source: AGHT+IG9jo39a26dLer5liynpivYDMIsQPGU9/LohSFTQL4IBbhTvgOiOPdrwLF93JhyoiMW46XT X-Received: by 2002:a54:4e82:0:b0:3c6:500:a14f with SMTP id c2-20020a544e82000000b003c60500a14fmr16306822oiy.5.1713334495487; Tue, 16 Apr 2024 23:14:55 -0700 (PDT) ARC-Seal: i=2; a=rsa-sha256; t=1713334495; cv=pass; d=google.com; s=arc-20160816; b=K1rJKzhb6ACC2ted45XwstI3tSTNoaG1yF4UqDtKPNQbdq6WaoIyVS3dIvCBI08McI 7Sm/+ePsHrpK6WJHey4lhQ0TrbvDw46VUD3++SdEiFt6pT5RJCTp6mF5lLxyr0GDoi5d F3oYhePot5c0HKzUhb/QMtz2lifwY0wfYOqSGzlpE7IfIsfpSabmlu/C6hd+8Fyyx22C 0aXtT/gCjIbICwI6SjBSTLdXinHEk0kJmK4ZsSJVFCW4WSg4oK5Q29DXg1/QfZdB4QTh 0dk5gsshKNCfdr2nbE5wkXhPyhyVWdI9q+bt0yGURO6ddfydAWtCLTfcgJEjZIQEjnDL jHUw== ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=in-reply-to:content-disposition:mime-version:list-unsubscribe :list-subscribe:list-id:precedence:references:message-id:subject:cc :to:from:date:dkim-signature; bh=5ueWLNjbXLvIm18vZundL8nHLuUu5rvgrLoGb+JwNdw=; fh=EXxZ/72fMEkTHxeKNgDlarXIXbYte0yY0GKUHyn8PBY=; b=gY6irt1nF+YNMDHtssKMTAV+9JxuooG/91Q89ildqg4EM1JtECzntQh6MVBOQAD7ph YkdXDo/7bA8lrfXZN2t+kxA8/nCyPk18SsKQ+xwTsNXqovuvvmtyB+Tf8cs+viY9Az9D +/BK+ZcP36YNlT4QRRnh3PHcPZ4b35W7+OcitBjytMNCSTeNpYMInKmRCM1YrDlCjdNE sdqj+KvWQdHgbuSDr6JS+k2Rd/DW3piRgUEbGzqJqI8vhm7qmKJ2K3ZQutELTx8iLQ3/ 5gIMImpe9el84fkbpsaVXpc7ilfaj4abmPA9H2fzBUD7Hv6owSRea4nHfhkwqAAnnxm2 ANhQ==; dara=google.com ARC-Authentication-Results: i=2; mx.google.com; dkim=pass header.i=@kernel.org header.s=k20201202 header.b=AK3L4FQp; arc=pass (i=1 dkim=pass dkdomain=kernel.org); spf=pass (google.com: domain of linux-crypto+bounces-3595-linux.lists.archive=gmail.com@vger.kernel.org designates 139.178.88.99 as permitted sender) smtp.mailfrom="linux-crypto+bounces-3595-linux.lists.archive=gmail.com@vger.kernel.org"; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org Return-Path: Received: from sv.mirrors.kernel.org (sv.mirrors.kernel.org. [139.178.88.99]) by mx.google.com with ESMTPS id z4-20020a634c04000000b005f76a7ec3f0si3036074pga.199.2024.04.16.23.14.55 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 16 Apr 2024 23:14:55 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-crypto+bounces-3595-linux.lists.archive=gmail.com@vger.kernel.org designates 139.178.88.99 as permitted sender) client-ip=139.178.88.99; Authentication-Results: mx.google.com; dkim=pass header.i=@kernel.org header.s=k20201202 header.b=AK3L4FQp; arc=pass (i=1 dkim=pass dkdomain=kernel.org); spf=pass (google.com: domain of linux-crypto+bounces-3595-linux.lists.archive=gmail.com@vger.kernel.org designates 139.178.88.99 as permitted sender) smtp.mailfrom="linux-crypto+bounces-3595-linux.lists.archive=gmail.com@vger.kernel.org"; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org Received: from smtp.subspace.kernel.org (wormhole.subspace.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by sv.mirrors.kernel.org (Postfix) with ESMTPS id E13782850E6 for ; Wed, 17 Apr 2024 06:14:54 +0000 (UTC) Received: from localhost.localdomain (localhost.localdomain [127.0.0.1]) by smtp.subspace.kernel.org (Postfix) with ESMTP id A448C53E08; Wed, 17 Apr 2024 06:14:50 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b="AK3L4FQp" X-Original-To: linux-crypto@vger.kernel.org Received: from smtp.kernel.org (aws-us-west-2-korg-mail-1.web.codeaurora.org [10.30.226.201]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 6530D184D for ; Wed, 17 Apr 2024 06:14:50 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=10.30.226.201 ARC-Seal:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1713334490; cv=none; b=rZnBbjuI36jdCnBsPS0BCZ9KhymwTZU+dCyksUp9jef1qZ0k//GmAj9EKixcMkgJLGJHfI9uN9mscnnKi5Oxvs9QEMOR4NZ7LGTRFeTSUXjjeYrIBBEdfa6fX+deTHDIuCYEUZKOtBiZYgrPMpLHY0FoUhQUQ7hnsocsB7hMF0w= ARC-Message-Signature:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1713334490; c=relaxed/simple; bh=A4RPwYBRHz5Wo3c+mG/mFw/Z0jetzFa4Lzv/Xqu0Vjk=; h=Date:From:To:Cc:Subject:Message-ID:References:MIME-Version: Content-Type:Content-Disposition:In-Reply-To; b=HAjSOjFdRN+6p3QedeEkHN0QoomlanRJp1XmFYMdlhwwNvwaefyyaN0zknXIDhndpvDieFsjLFtRGM2GAJxrEHidpVVXj8+sLYcF3mE5l/N/GHNdOPtBuqoC/Y0gdVgwbAtyWVFqr6daYZhurO8Sv8rDu5dHC6dfT/KCMeOU+v4= ARC-Authentication-Results:i=1; smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b=AK3L4FQp; arc=none smtp.client-ip=10.30.226.201 Received: by smtp.kernel.org (Postfix) with ESMTPSA id B2E90C072AA; Wed, 17 Apr 2024 06:14:49 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1713334489; bh=A4RPwYBRHz5Wo3c+mG/mFw/Z0jetzFa4Lzv/Xqu0Vjk=; h=Date:From:To:Cc:Subject:References:In-Reply-To:From; b=AK3L4FQploa/8XLopgUs2qrPfFv65nEby01w8kuB6IUH9XjXk4bPfABnh09VXW6yH dqPqH8E/+Q74s04rt1RcjvVJb6BMsMRKfI1Cbfiu5gMikLPwee3BqN8H//nH6HF5of symPbCY3+LDv/tSvbFsdHU3lV3C0ZwiYHp2xzr26VUM9X0nn7LxOrUQSZP5a3gbbET ru656FoRfRd4PjkJbd2QVEYLMnM2tETH/6zxjLLeeqkQVKs47cy82G8pvG/HWJu9Ye wvbxzR9a+ghkYYLsWujRuMPPNdvCSpaXzzmNliXRe1Jg0kkFvisnhZHXCRn1GNQJVl sF/OzsUxLSgWQ== Date: Tue, 16 Apr 2024 23:14:48 -0700 From: Eric Biggers To: Ard Biesheuvel Cc: linux-crypto@vger.kernel.org, herbert@gondor.apana.org.au, Ard Biesheuvel Subject: Re: [PATCH] crypto: arm64/aes-ce - Simplify round key load sequence Message-ID: <20240417061448.GB47903@quark.localdomain> References: <20240415130425.2414653-2-ardb+git@google.com> Precedence: bulk X-Mailing-List: linux-crypto@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20240415130425.2414653-2-ardb+git@google.com> On Mon, Apr 15, 2024 at 03:04:26PM +0200, Ard Biesheuvel wrote: > From: Ard Biesheuvel > > Tweak the round key logic so that they can be loaded using a single > branchless sequence using overlapping loads. This is shorter and > simpler, and puts the conditional branches based on the key size further > apart, which might benefit microarchitectures that cannot record taken > branches at every instruction. For these branches, use test-bit-branch > instructions that don't clobber the condition flags. > > Note that none of this has any impact on performance, positive or > otherwise (and the branch prediction benefit would only benefit AES-192 > which nobody uses). It does make for nicer code, though. > > While at it, use \@ to generate the labels inside the macros, which is > more robust than using fixed numbers, which could clash inadvertently. > Also, bring aes-neon.S in line with these changes, including the switch > to test-and-branch instructions, to avoid surprises in the future when > we might start relying on the condition flags being preserved in the > chaining mode wrappers in aes-modes.S > > Signed-off-by: Ard Biesheuvel > --- > arch/arm64/crypto/aes-ce.S | 34 ++++++++++++++-------------------- > arch/arm64/crypto/aes-neon.S | 20 ++++++++++---------- > 2 files changed, 24 insertions(+), 30 deletions(-) Reviewed-by: Eric Biggers - Eric