crypto: x86/aegis128 - take advantage of block-aligned len

Update a caller of aegis128_aesni_ad() to round down the length to a block boundary. After that, aegis128_aesni_ad(), aegis128_aesni_enc(), and aegis128_aesni_dec() are only passed whole blocks. Update the assembly code to take advantage of that, which eliminates some unneeded instructions. For aegis128_aesni_enc() and aegis128_aesni_dec(), the length is also always nonzero, so stop checking for zero length. Reviewed-by: Ondrej Mosnacek <omosnace@redhat.com> Signed-off-by: Eric Biggers <ebiggers@google.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2026-06-06 21:45:45 +02:00 · 2024-10-16 17:00:49 -07:00 · 2024-10-16 17:00:49 -07:00 · a0927a03e7
commit a0927a03e7
parent 933e897431
2 changed files with 17 additions and 24 deletions
--- a/arch/x86/crypto/aegis128-aesni-asm.S
+++ b/arch/x86/crypto/aegis128-aesni-asm.S
@ -190,6 +190,8 @@ SYM_FUNC_END(aegis128_aesni_init)
 /*
 * void aegis128_aesni_ad(struct aegis_state *state, const u8 *data,
 *			  unsigned int len);
+ *
+ * len must be a multiple of 16.
 */
 SYM_FUNC_START(aegis128_aesni_ad)
 	.set STATEP, %rdi
@ -197,8 +199,8 @@ SYM_FUNC_START(aegis128_aesni_ad)
 	.set LEN, %edx
 	FRAME_BEGIN

-	cmp $0x10, LEN
-	jb .Lad_out
+	test LEN, LEN
+	jz .Lad_out

 	/* load the state: */
 	movdqu 0x00(STATEP), STATE0
@ -213,36 +215,31 @@ SYM_FUNC_START(aegis128_aesni_ad)
 	aegis128_update
 	pxor MSG, STATE4
 	sub $0x10, LEN
-	cmp $0x10, LEN
-	jl .Lad_out_1
+	jz .Lad_out_1

 	movdqu 0x10(SRC), MSG
 	aegis128_update
 	pxor MSG, STATE3
 	sub $0x10, LEN
-	cmp $0x10, LEN
-	jl .Lad_out_2
+	jz .Lad_out_2

 	movdqu 0x20(SRC), MSG
 	aegis128_update
 	pxor MSG, STATE2
 	sub $0x10, LEN
-	cmp $0x10, LEN
-	jl .Lad_out_3
+	jz .Lad_out_3

 	movdqu 0x30(SRC), MSG
 	aegis128_update
 	pxor MSG, STATE1
 	sub $0x10, LEN
-	cmp $0x10, LEN
-	jl .Lad_out_4
+	jz .Lad_out_4

 	movdqu 0x40(SRC), MSG
 	aegis128_update
 	pxor MSG, STATE0
 	sub $0x10, LEN
-	cmp $0x10, LEN
-	jl .Lad_out_0
+	jz .Lad_out_0

 	add $0x50, SRC
 	jmp .Lad_loop
@ -312,13 +309,14 @@ SYM_FUNC_END(aegis128_aesni_ad)
 	pxor MSG, \s4

 	sub $0x10, LEN
-	cmp $0x10, LEN
-	jl .Lenc_out_\i
+	jz .Lenc_out_\i
 .endm

 /*
 * void aegis128_aesni_enc(struct aegis_state *state, const u8 *src, u8 *dst,
 *			   unsigned int len);
+ *
+ * len must be nonzero and a multiple of 16.
 */
 SYM_FUNC_START(aegis128_aesni_enc)
 	.set STATEP, %rdi
@ -327,9 +325,6 @@ SYM_FUNC_START(aegis128_aesni_enc)
 	.set LEN, %ecx
 	FRAME_BEGIN

-	cmp $0x10, LEN
-	jb .Lenc_out
-
 	/* load the state: */
 	movdqu 0x00(STATEP), STATE0
 	movdqu 0x10(STATEP), STATE1
@ -459,13 +454,14 @@ SYM_FUNC_END(aegis128_aesni_enc_tail)
 	pxor MSG, \s4

 	sub $0x10, LEN
-	cmp $0x10, LEN
-	jl .Ldec_out_\i
+	jz .Ldec_out_\i
 .endm

 /*
 * void aegis128_aesni_dec(struct aegis_state *state, const u8 *src, u8 *dst,
 *			   unsigned int len);
+ *
+ * len must be nonzero and a multiple of 16.
 */
 SYM_FUNC_START(aegis128_aesni_dec)
 	.set STATEP, %rdi
@ -474,9 +470,6 @@ SYM_FUNC_START(aegis128_aesni_dec)
 	.set LEN, %ecx
 	FRAME_BEGIN

-	cmp $0x10, LEN
-	jb .Ldec_out
-
 	/* load the state: */
 	movdqu 0x00(STATEP), STATE0
 	movdqu 0x10(STATEP), STATE1
--- a/arch/x86/crypto/aegis128-aesni-glue.c
+++ b/arch/x86/crypto/aegis128-aesni-glue.c
@ -87,8 +87,8 @@ static void crypto_aegis128_aesni_process_ad(
 				src += fill;
 			}

-			aegis128_aesni_ad(state, src, left);
-
+			aegis128_aesni_ad(state, src,
+					  left & ~(AEGIS128_BLOCK_SIZE - 1));
 			src += left & ~(AEGIS128_BLOCK_SIZE - 1);
 			left &= AEGIS128_BLOCK_SIZE - 1;
 		}