linux/arch/arm64/crypto
Ard Biesheuvel 571e557cba crypto: arm64/aes-ce - Simplify round key load sequence
Tweak the round key logic so that they can be loaded using a single
branchless sequence using overlapping loads. This is shorter and
simpler, and puts the conditional branches based on the key size further
apart, which might benefit microarchitectures that cannot record taken
branches at every instruction. For these branches, use test-bit-branch
instructions that don't clobber the condition flags.

Note that none of this has any impact on performance, positive or
otherwise (and the branch prediction benefit would only benefit AES-192
which nobody uses). It does make for nicer code, though.

While at it, use \@ to generate the labels inside the macros, which is
more robust than using fixed numbers, which could clash inadvertently.
Also, bring aes-neon.S in line with these changes, including the switch
to test-and-branch instructions, to avoid surprises in the future when
we might start relying on the condition flags being preserved in the
chaining mode wrappers in aes-modes.S

Signed-off-by: Ard Biesheuvel <ardb@kernel.org>
Reviewed-by: Eric Biggers <ebiggers@google.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2024-04-26 17:26:09 +08:00
..
.gitignore
aes-ce-ccm-core.S crypto: arm64/aes-ccm - Merge finalization into en/decrypt asm helpers 2024-01-26 16:39:32 +08:00
aes-ce-ccm-glue.c crypto: arm64/aes-ccm - Merge finalization into en/decrypt asm helpers 2024-01-26 16:39:32 +08:00
aes-ce-core.S
aes-ce-glue.c crypto: Prepare to move crypto_tfm_ctx 2022-12-02 18:12:40 +08:00
aes-ce-setkey.h
aes-ce.S crypto: arm64/aes-ce - Simplify round key load sequence 2024-04-26 17:26:09 +08:00
aes-cipher-core.S
aes-cipher-glue.c crypto: Prepare to move crypto_tfm_ctx 2022-12-02 18:12:40 +08:00
aes-glue-ce.c crypto: arm64/aes - remove Makefile hack 2023-08-11 19:19:27 +08:00
aes-glue-neon.c crypto: arm64/aes - remove Makefile hack 2023-08-11 19:19:27 +08:00
aes-glue.c crypto: arm64/aes-ccm - Reuse existing MAC update for AAD input 2024-01-26 16:39:32 +08:00
aes-modes.S crypto: arm64/aes-modes - use frame_push/pop macros consistently 2022-12-09 18:45:00 +08:00
aes-neon.S crypto: arm64/aes-ce - Simplify round key load sequence 2024-04-26 17:26:09 +08:00
aes-neonbs-core.S crypto: arm64/aes-neonbs - fix crash with CFI enabled 2023-03-14 17:06:44 +08:00
aes-neonbs-glue.c crypto: arm64/neonbs - fix out-of-bounds access on short input 2024-02-24 08:37:24 +08:00
chacha-neon-core.S
chacha-neon-glue.c
crct10dif-ce-core.S crypto: arm64/crct10dif - use frame_push/pop macros consistently 2022-12-09 18:45:00 +08:00
crct10dif-ce-glue.c
ghash-ce-core.S crypto: arm64/ghash-ce - use frame_push/pop macros consistently 2022-12-09 18:45:00 +08:00
ghash-ce-glue.c crypto: arm64/gcm - add RFC4106 support 2023-01-20 18:29:31 +08:00
Kconfig crypto: arm64/aes-ccm - Reuse existing MAC update for AAD input 2024-01-26 16:39:32 +08:00
Makefile crypto: arm64/aes - remove Makefile hack 2023-08-11 19:19:27 +08:00
nh-neon-core.S crypto: arm64/nhpoly1305 - eliminate unnecessary CFI wrapper 2022-11-25 17:39:19 +08:00
nhpoly1305-neon-glue.c crypto: arm64/nhpoly1305 - implement ->digest 2023-10-20 13:39:25 +08:00
poly1305-armv8.pl
poly1305-glue.c crypto: arm64/poly1305 - fix a read out-of-bound 2022-07-29 18:29:17 +08:00
polyval-ce-core.S crypto: arm64/polyval - Add PMULL accelerated implementation of POLYVAL 2022-06-10 16:40:18 +08:00
polyval-ce-glue.c crypto: arm64/polyval - Add PMULL accelerated implementation of POLYVAL 2022-06-10 16:40:18 +08:00
sha1-ce-core.S crypto: arm64/sha1-ce - clean up backwards function names 2023-10-20 13:39:25 +08:00
sha1-ce-glue.c crypto: arm64/sha1-ce - clean up backwards function names 2023-10-20 13:39:25 +08:00
sha2-ce-core.S crypto: arm64/sha2-ce - clean up backwards function names 2023-10-20 13:39:25 +08:00
sha2-ce-glue.c crypto: arm64/sha2-ce - clean up backwards function names 2023-10-20 13:39:25 +08:00
sha3-ce-core.S
sha3-ce-glue.c crypto: arm64 - cleanup comments 2022-03-09 15:12:32 +12:00
sha256-glue.c crypto: arm64/sha256 - clean up backwards function names 2023-10-20 13:39:26 +08:00
sha512-armv8.pl crypto: arm64 - cleanup comments 2022-03-09 15:12:32 +12:00
sha512-ce-core.S crypto: arm64/sha512-ce - clean up backwards function names 2023-10-20 13:39:25 +08:00
sha512-ce-glue.c crypto: arm64/sha512-ce - clean up backwards function names 2023-10-20 13:39:25 +08:00
sha512-glue.c crypto: arm64/sha512 - clean up backwards function names 2023-10-20 13:39:26 +08:00
sm3-ce-core.S arm64: Add types to indirect called assembly functions 2022-09-26 10:13:13 -07:00
sm3-ce-glue.c crypto: arm64/sm3 - raise the priority of the CE implementation 2022-11-04 17:33:22 +08:00
sm3-neon-core.S crypto: arm64/sm3 - fix possible crash with CFI enabled 2022-11-25 17:39:19 +08:00
sm3-neon-glue.c crypto: arm64/sm3 - add NEON assembly implementation 2022-11-04 17:34:21 +08:00
sm4-ce-asm.h crypto: arm64/sm4 - refactor and simplify CE implementation 2022-11-04 17:34:31 +08:00
sm4-ce-ccm-core.S crypto: arm64/sm4 - fix possible crash with CFI enabled 2022-12-30 17:57:42 +08:00
sm4-ce-ccm-glue.c crypto: arm64/sm4-ccm - Rewrite skcipher walker loop 2023-02-10 17:20:19 +08:00
sm4-ce-cipher-core.S crypto: arm64/sm4-ce - rename to sm4-ce-cipher 2022-04-08 16:12:47 +08:00
sm4-ce-cipher-glue.c crypto: Prepare to move crypto_tfm_ctx 2022-12-02 18:12:40 +08:00
sm4-ce-core.S crypto: arm64/sm4 - Remove cfb(sm4) 2023-12-08 11:59:45 +08:00
sm4-ce-gcm-core.S crypto: arm64/sm4 - fix possible crash with CFI enabled 2022-12-30 17:57:42 +08:00
sm4-ce-gcm-glue.c crypto: arm64/sm4-gcm - Fix possible crash in GCM cryption 2023-02-10 17:20:19 +08:00
sm4-ce-glue.c crypto: arm64/sm4 - Remove cfb(sm4) 2023-12-08 11:59:45 +08:00
sm4-ce.h crypto: arm64/sm4 - Remove cfb(sm4) 2023-12-08 11:59:45 +08:00
sm4-neon-core.S crypto: arm64/sm4 - Remove cfb(sm4) 2023-12-08 11:59:45 +08:00
sm4-neon-glue.c crypto: arm64/sm4 - Remove cfb(sm4) 2023-12-08 11:59:45 +08:00