From patchwork Fri Aug 2 15:15:07 2019 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Ard Biesheuvel X-Patchwork-Id: 170434 Delivered-To: patch@linaro.org Received: by 2002:ac9:2daa:0:0:0:0:0 with SMTP id g42csp1020960oce; Fri, 2 Aug 2019 08:15:37 -0700 (PDT) X-Google-Smtp-Source: APXvYqyAhW9+KULJkwpc6sPjZcdfxLBbh2Qe4TO0RCpGAfIs7XPZ3DLkgjnt8BhEJOq1LYth4SLK X-Received: by 2002:aa7:9f1c:: with SMTP id g28mr59475594pfr.81.1564758937429; Fri, 02 Aug 2019 08:15:37 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1564758937; cv=none; d=google.com; s=arc-20160816; b=QJw41mLTXDKJKPts3W6WdmItBWvhPBX6vuG1KVD4POeVSAU49+vwjkVgfzIBLqK4AH Sl9eWms61VkcVFiX4mUsGmDLrLHr2VH0aEU+p7oYcbU84J2BfqxkEW/8yayy8PZOsCwl /sEg8/lSLybZ1bkbZxUK/PJGC2aKdoPy9Omn1y+eiurHqkXytKL2PeYzHwysZQHSnk+7 ucb1Pr90Thy0ZgUSEuwZYByEOpXo01T4ydb3Ry8OX4Kqb0QU4ha8P1OfumuNqltLOsTw 1gaiUdgAlSVm0ZH5LKxxS82v33o6HvuUM+RP3RAkvn88i0h6oNS2Rwi+EshOITWyWIAs izOg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:message-id:date:subject:cc:to:from :dkim-signature; bh=zA2V1McRviwHllhYYcASe0BRgwhy5K7FlqfTLCVepZo=; b=iR/MFelm8uNeKLqVTJ2XZbwlPfciXQ0tVey125eGhjtQk1CP6SqxMm/AqkxGvMamyh ZNyLWRITcTLy7qRTnPiSBaUl93sNIgIR8NCASEX1EjzLQGjE9HZQncHCyEtZRA4gHgc+ I0jXj5+cb/CiqgLO6gzdCoXo9YTiMI3aoC/Yctz4ZwEbb3VAAnQbtGmu7e3n2wTmlMn0 TbSKfp3yN4XSKrrY9WZnHq6FnAz6Wry8txhpBTs7PkTbsQ7PzGBYsCJ8etuZA2K8suKy egjjAPDQZT5RAE/7RUuD+WXzF0xVPgRzzkPgVJsaMuPGdCJUeC1QnUkSw3cJ4Kps0fQp bh3Q== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@linaro.org header.s=google header.b=dFTlqhry; spf=pass (google.com: best guess record for domain of linux-crypto-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-crypto-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linaro.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id x126si66222262pgx.356.2019.08.02.08.15.37; Fri, 02 Aug 2019 08:15:37 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-crypto-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=pass header.i=@linaro.org header.s=google header.b=dFTlqhry; spf=pass (google.com: best guess record for domain of linux-crypto-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-crypto-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linaro.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1733238AbfHBPPg (ORCPT + 3 others); Fri, 2 Aug 2019 11:15:36 -0400 Received: from mail-wm1-f41.google.com ([209.85.128.41]:39566 "EHLO mail-wm1-f41.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1732689AbfHBPPg (ORCPT ); Fri, 2 Aug 2019 11:15:36 -0400 Received: by mail-wm1-f41.google.com with SMTP id u25so56335899wmc.4 for ; Fri, 02 Aug 2019 08:15:34 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linaro.org; s=google; h=from:to:cc:subject:date:message-id; bh=zA2V1McRviwHllhYYcASe0BRgwhy5K7FlqfTLCVepZo=; b=dFTlqhryi3vHvBelaj38g1Y8UK6EgVMPnXZ2t2Tr9G+LwZCm0zDIpSRYIrlPUJ8TmV TngXhqIo1Io5LHM0RveHpMzT78pZGT2XhvUEqC6AHk6HullFmbZVsVE6w1kfsJBP8whB ZzRUBIqMdLwHn4u4hcTsVmAmDKTVGpoBz1djJHl+RT0ANykpg7UkOyjSZdO7BBDkPtTM l1gHUKyy80kjuS6T3M0UgZ/R7nvE+39YxS2JtjAeQePrV7v5nsLSjcdRVtPmSljVuiJX BHNRDR3cnvAcYOPa6hpyCGh/jQpxPSbSqCfbrgpNwyfcVqIsURMke46Xebi8ZplFQCXn Meqw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id; bh=zA2V1McRviwHllhYYcASe0BRgwhy5K7FlqfTLCVepZo=; b=R2ELvZukNmxglKC4t146rpNpvduvkXhqXar3PvEZlLAEkJxG+8BBtspnhwfn924848 QudZhIiQfNiFJJbZzIWgwzBe59hRPYkFpLLEkOTqxLW9fAeO/cSm026NHY/jDULsKhvl OOKzMrUxRpKXJiKAPhb3r7KkdHsUqn9Sz44MssGasenEKfMG8BBiNwSAvnG4PoIWuN8l V5BNUzAI0LuEspmwrJPDE/qyd1VyvehIvtuRLjnMolLrdjPnm+oSfvl2V9aFOevweAAW QV32d8oXNBmtQ7ajTcH1sDG+FJ3GOOrovePdxoTxAOqvcKu0Q0qtrgCt7pQkpXt+HVsb zp4Q== X-Gm-Message-State: APjAAAWd8qfrjm9uzGOi5JFCewakXkBZJ4eqDz5W+S/qbYF2lKEEp66s fYfw04MHO5HYB9vuYce+NGo6+sAJEuKsQQ== X-Received: by 2002:a1c:2e09:: with SMTP id u9mr4954487wmu.137.1564758933414; Fri, 02 Aug 2019 08:15:33 -0700 (PDT) Received: from localhost.localdomain ([2a02:587:a424:b400:cc84:8d83:a434:dd7]) by smtp.gmail.com with ESMTPSA id o3sm63294321wrs.59.2019.08.02.08.15.32 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Fri, 02 Aug 2019 08:15:32 -0700 (PDT) From: Ard Biesheuvel To: linux-crypto@vger.kernel.org Cc: herbert@gondor.apana.org.au, ebiggers@kernel.org, Ard Biesheuvel Subject: [PATCH 0/3] crypto: aegis128 followup Date: Fri, 2 Aug 2019 18:15:07 +0300 Message-Id: <20190802151510.17074-1-ard.biesheuvel@linaro.org> X-Mailer: git-send-email 2.17.1 Sender: linux-crypto-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-crypto@vger.kernel.org This series resubmits the aegis128 SIMD patches that were reverted due to the fact that the compiler's optimization behavior wrt variables with static linkage does not turn out to guarantee that function calls that are conditional on the value of such a variable are optimized away if the value is a compile time constant and the condition evaluates to false at compile time as well. Patch #1 reintroduces the changes to the generic code to permit SIMD routines to be attached to the aegis128 driver. This time, the conditional check is pulled into a helper function which collapses to 'return false' if the CONFIG_CRYPTO_AEGIS128_SIMD Kconfig symbol is not set. (This has been confirmed by one of the reporters of the original issue as sufficient to address the problem). Patch #2 is mostly unchanged wrt the version that got reverted, only some inline annotations were added back. Patch #3 is new and is included as an RFC. It implements the SIMD routines for arm64 without using the optional AES instructions, but using plain SIMD arithmetic instead. This is much slower than AES instructions, but still substantially more efficient than table based scalar AES on systems where memory accesses are expensive, such as the Raspberry Pi 3 (which does not implement the AES instructions) Ard Biesheuvel (3): crypto: aegis128 - add support for SIMD acceleration crypto: aegis128 - provide a SIMD implementation based on NEON intrinsics crypto: arm64/aegis128 - implement plain NEON version crypto/Kconfig | 5 + crypto/Makefile | 18 ++ crypto/{aegis128.c => aegis128-core.c} | 52 ++++- crypto/aegis128-neon-inner.c | 204 ++++++++++++++++++++ crypto/aegis128-neon.c | 57 ++++++ 5 files changed, 332 insertions(+), 4 deletions(-) rename crypto/{aegis128.c => aegis128-core.c} (89%) create mode 100644 crypto/aegis128-neon-inner.c create mode 100644 crypto/aegis128-neon.c -- 2.17.1