lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Message-ID: <ZxyTSVK5xrcSbkAB@gondor.apana.org.au>
Date: Sat, 26 Oct 2024 14:59:21 +0800
From: Herbert Xu <herbert@...dor.apana.org.au>
To: Eric Biggers <ebiggers@...nel.org>
Cc: linux-crypto@...r.kernel.org, x86@...nel.org, omosnace@...hat.com,
	linux-kernel@...r.kernel.org
Subject: Re: [PATCH v2 00/10] AEGIS x86 assembly tuning

Eric Biggers <ebiggers@...nel.org> wrote:
> This series cleans up the AES-NI optimized implementation of AEGIS-128.
> 
> Performance is improved by 1-5% depending on the input lengths.  Binary
> code size is reduced by about 20% (measuring glue + assembly combined),
> and source code length is reduced by about 150 lines.
> 
> The first patch also fixes a bug which could theoretically cause
> incorrect behavior but was seemingly not being encountered in practice.
> 
> Note: future optimizations for AEGIS-128 could involve adding AVX512 /
> AVX10 optimized assembly code.  However, unfortunately due to the way
> that AEGIS-128 is specified, its level of parallelism is limited, and it
> can't really take advantage of vector lengths greater than 128 bits.
> So, probably this would provide only another modest improvement, mostly
> coming from being able to use the ternary logic instructions.
> 
> Changed in v2:
> - Put assoclen and cryptlen in the correct order in the prototype of
>  aegis128_aesni_final().
> - Expanded commit message of "eliminate some indirect calls"
> - Added Ondrej's Reviewed-by.
> 
> Eric Biggers (10):
>  crypto: x86/aegis128 - access 32-bit arguments as 32-bit
>  crypto: x86/aegis128 - remove no-op init and exit functions
>  crypto: x86/aegis128 - eliminate some indirect calls
>  crypto: x86/aegis128 - don't bother with special code for aligned data
>  crypto: x86/aegis128 - optimize length block preparation using SSE4.1
>  crypto: x86/aegis128 - improve assembly function prototypes
>  crypto: x86/aegis128 - optimize partial block handling using SSE4.1
>  crypto: x86/aegis128 - take advantage of block-aligned len
>  crypto: x86/aegis128 - remove unneeded FRAME_BEGIN and FRAME_END
>  crypto: x86/aegis128 - remove unneeded RETs
> 
> arch/x86/crypto/Kconfig               |   4 +-
> arch/x86/crypto/aegis128-aesni-asm.S  | 532 ++++++++++----------------
> arch/x86/crypto/aegis128-aesni-glue.c | 145 ++++---
> 3 files changed, 261 insertions(+), 420 deletions(-)
> 
> base-commit: 5c20772738e1d1d7bec41664eb9d61497e53c10e

All applied.  Thanks.
-- 
Email: Herbert Xu <herbert@...dor.apana.org.au>
Home Page: http://gondor.apana.org.au/~herbert/
PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ