Reducing AES tables spaces

To: tech-kern%netbsd.org@localhost
Subject: Reducing AES tables spaces
From: Arnaud Lacombe <lacombar%gmail.com@localhost>
Date: Tue, 18 Nov 2008 17:05:54 -0500

Hi Folks,

I've got this patch for quite a time in my tree, I think some might find
this interesting.

We currently use in `sys/crypto/rijndael' an AES implementation which
use 10 huges static tables (in fact, 4 + 4 + 2). They are intended to
fasten the implementation. Each table entry is a circular permutation of
the same-index entry of another table. The comment on top of explain
this better:

Te0[x] = S [x].[02, 01, 01, 03];
Te1[x] = S [x].[03, 02, 01, 01];
Te2[x] = S [x].[01, 03, 02, 01];
Te3[x] = S [x].[01, 01, 03, 02];

The same goes for TdX's table.

For space-constrained arch where AES speed is not the key factor, it
could be interesting to avoid using the (4+4+2) tables and use only 2+2.
Extra value can be obtained by a simple bit rotation (which is slow in
pure C, but can be "fast" with inline ASM).

The patch is available there:

http://github.com/lacombar/netbsd-alc/commits/aes-reduce-bloat/

It saves about 8k of code. I didn't yet figure out a clean way to kill
Te4 and only use S, but this can save another .7k.

Feels free to comment :-)

 - Arnaud

Follow-Ups:
- Re: Reducing AES tables spaces
  - From: Matt Thomas

Prev by Date: Re: Kernel Single-user Memory usage breakdown results and tools posted in the NetBSD WIKI
Next by Date: "Monitoring" proplib's memory consumption
Previous by Thread: Kernel Single-user Memory usage breakdown results and tools posted in the NetBSD WIKI
Next by Thread: Re: Reducing AES tables spaces
Indexes:

Home | Main Index | Thread Index | Old Index