PR/59774 CVS commit: src

To: kern-bug-people%netbsd.org@localhost,gnats-admin%netbsd.org@localhost,netbsd-bugs%netbsd.org@localhost,nia%pkgsrc.org@localhost
Subject: PR/59774 CVS commit: src
From: "Taylor R Campbell" <riastradh%netbsd.org@localhost>
Date: Sun, 23 Nov 2025 22:45:01 +0000 (UTC)

The following reply was made to PR kern/59774; it has been noted by GNATS.

From: "Taylor R Campbell" <riastradh%netbsd.org@localhost>
To: gnats-bugs%gnats.NetBSD.org@localhost
Cc: 
Subject: PR/59774 CVS commit: src
Date: Sun, 23 Nov 2025 22:44:14 +0000

 Module Name:	src
 Committed By:	riastradh
 Date:		Sun Nov 23 22:44:14 UTC 2025

 Modified Files:
 	src/sys/conf: copts.mk
 	src/sys/crypto/aes: aes_impl.c aes_keysched.c files.aes
 	src/tests/sys/crypto/aes: Makefile t_aes.c
 Added Files:
 	src/sys/crypto/aes: aes_bear64.c aes_bear64.h aes_ct64.c aes_ct64_dec.c
 	    aes_ct64_enc.c

 Log Message:
 aes(9): New 64-bit bitsliced implementation.

 Derived from BearSSL's aes_ct64 code.  Compared to the aes_ct code,
 on machines with native 64-bit integer arithmetic, aes_ct64 should
 have approximately:

 - the same throughput for:
   . CBC encryption,
   . CCM encryption/decryption, and
   . CBC-MAC;

 - double the throughput for:
   . CBC decryption,
   . XTS encryption/decryption.

 (aes_ct computes AES on two blocks at a time; aes_ct64 computes it on
 four blocks at a time, with roughly the same number of instructions.
 CBC encryption and CBC-MAC are inherently sequential; CCM, being a
 combination of CTR and CBC-MAC, can only really be parallelized two
 ways, so having four ways available doesn't help; and CBC decryption
 and XTS admit parallelism limited only by the size of the inputs.)

 Enable with `options AES_BEAR64'.  Should be a reasonable default on
 all platforms with 64-bit integer registers.  Caveat: uses about 1200
 bytes of stack space.  (Could approximately halve that, like the
 BearSSL aes_ct code, at some speed cost which I haven't measured --
 by moving the br_aes_ct64_skey_expand logic into add_round_key in
 aes_ct64_{enc,dec}.c.)

 PR kern/59774: bearssl 32-bit AES is too slow, want 64-bit optimized
 version in kernel

 To generate a diff of this commit:
 cvs rdiff -u -r1.12 -r1.13 src/sys/conf/copts.mk
 cvs rdiff -u -r0 -r1.1 src/sys/crypto/aes/aes_bear64.c \
     src/sys/crypto/aes/aes_bear64.h src/sys/crypto/aes/aes_ct64.c \
     src/sys/crypto/aes/aes_ct64_dec.c src/sys/crypto/aes/aes_ct64_enc.c
 cvs rdiff -u -r1.11 -r1.12 src/sys/crypto/aes/aes_impl.c
 cvs rdiff -u -r1.1 -r1.2 src/sys/crypto/aes/aes_keysched.c
 cvs rdiff -u -r1.4 -r1.5 src/sys/crypto/aes/files.aes
 cvs rdiff -u -r1.8 -r1.9 src/tests/sys/crypto/aes/Makefile
 cvs rdiff -u -r1.4 -r1.5 src/tests/sys/crypto/aes/t_aes.c

 Please note that diffs are not public domain; they are subject to the
 copyright notices on the relevant files.

Prev by Date: Re: lib/59751 (dlclose is not MT-safe depending on the libraries unloaded)
Next by Date: PR/59774 CVS commit: src
Previous by Thread: PR/59774 CVS commit: src
Next by Thread: PR/59774 CVS commit: src
Indexes:

Home | Main Index | Thread Index | Old Index