Re: [PATCH] crypto: x86/aes-ctr - rewrite AES-NI optimized CTR and add VAES support

[Eric Biggers]

On Mon, Jan 27, 2025 at 10:31:18PM -0800, Eric Biggers wrote:
> From: Eric Biggers <ebiggers@xxxxxxxxxx>
> 
> Delete aes_ctrby8_avx-x86_64.S and add a new assembly file
> aes-ctr-avx-x86_64.S which follows a similar approach to
> aes-xts-avx-x86_64.S in that it uses a "template" to provide AESNI+AVX,
> VAES+AVX2, VAES+AVX10/256, and VAES+AVX10/512 code, instead of just
> AESNI+AVX.  Wire it up to the crypto API accordingly.

I realized there's a slight oversight in this patch: the existing AES-CTR had
both AVX and non-AVX variants, with the non-AVX assembly located in
aesni-intel_asm.S.  This patch deletes the non-AVX glue code but leaves the
non-AVX assembly, causing it to become unused.

The non-AVX AES-CTR code is x86_64 specific, so it is useful only in x86_64
kernels running on a CPU microarchitecture that supports AES-NI but not AVX:
namely Intel Westmere (2010) and the low-power Intel CPU microarchitectures
Silvermont (2013), Goldmont (2016), Goldmont Plus (2017), and Tremont (2020).
Tremont's successor, Gracemont (2021), supports AVX.

I'd lean towards just deleting the non-AVX AES-CTR code.  AES-CTR is less
important to optimize than AES-XTS and AES-GCM.  But it probably should be a
separate patch.

- Eric