Re: [PATCH] crypto: x86/aes-xts - handle CTS encryption more efficiently
From: Herbert Xu
Date: Fri Apr 19 2024 - 07:04:13 EST
Eric Biggers <ebiggers@xxxxxxxxxx> wrote:
> From: Eric Biggers <ebiggers@xxxxxxxxxx>
>
> When encrypting a message whose length isn't a multiple of 16 bytes,
> encrypt the last full block in the main loop. This works because only
> decryption uses the last two tweaks in reverse order, not encryption.
>
> This improves the performance of decrypting messages whose length isn't
> a multiple of the AES block length, shrinks the size of
> aes-xts-avx-x86_64.o by 5.0%, and eliminates two instructions (a test
> and a not-taken conditional jump) when encrypting a message whose length
> *is* a multiple of the AES block length.
>
> While it's not super useful to optimize for ciphertext stealing given
> that it's rarely needed in practice, the other two benefits mentioned
> above make this optimization worthwhile.
>
> Signed-off-by: Eric Biggers <ebiggers@xxxxxxxxxx>
> ---
> arch/x86/crypto/aes-xts-avx-x86_64.S | 53 +++++++++++++++-------------
> 1 file changed, 29 insertions(+), 24 deletions(-)
Patch applied. Thanks.
--
Email: Herbert Xu <herbert@xxxxxxxxxxxxxxxxxxx>
Home Page: http://gondor.apana.org.au/~herbert/
PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt