tech-kern archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

Reducing AES tables spaces

Hi Folks,

I've got this patch for quite a time in my tree, I think some might find
this interesting.

We currently use in `sys/crypto/rijndael' an AES implementation which
use 10 huges static tables (in fact, 4 + 4 + 2). They are intended to
fasten the implementation. Each table entry is a circular permutation of
the same-index entry of another table. The comment on top of explain
this better:

Te0[x] = S [x].[02, 01, 01, 03];
Te1[x] = S [x].[03, 02, 01, 01];
Te2[x] = S [x].[01, 03, 02, 01];
Te3[x] = S [x].[01, 01, 03, 02];

The same goes for TdX's table.

For space-constrained arch where AES speed is not the key factor, it
could be interesting to avoid using the (4+4+2) tables and use only 2+2.
Extra value can be obtained by a simple bit rotation (which is slow in
pure C, but can be "fast" with inline ASM).

The patch is available there:

It saves about 8k of code. I didn't yet figure out a clean way to kill
Te4 and only use S, but this can save another .7k.

Feels free to comment :-)

 - Arnaud

Home | Main Index | Thread Index | Old Index