git.ipfire.org Git - thirdparty/linux.git/commit

author	Eric Biggers <ebiggers@kernel.org>
	Mon, 12 Jan 2026 19:20:15 +0000 (11:20 -0800)
committer	Eric Biggers <ebiggers@kernel.org>
	Thu, 15 Jan 2026 22:09:07 +0000 (14:09 -0800)
commit	24eb22d8161380eba65edc5b499299639cbe8bf9
tree	9b8d27f95019560e2bf80ab8d265c0a4cd747f09	tree
parent	293c7cd5c6c00f3b6fa0072fc4b017a3a13ad1e7	commit \| diff

lib/crypto: x86/aes: Add AES-NI optimization

Optimize the AES library with x86 AES-NI instructions.

The relevant existing assembly functions, aesni_set_key(), aesni_enc(),
and aesni_dec(), are a bit difficult to extract into the library:

- They're coupled to the code for the AES modes.
- They operate on struct crypto_aes_ctx.  The AES library now uses
  different structs.
- They assume the key is 16-byte aligned.  The AES library only
  *prefers* 16-byte alignment; it doesn't require it.

Moreover, they're not all that great in the first place:

- They use unrolled loops, which isn't a great choice on x86.
- They use the 'aeskeygenassist' instruction, which is unnecessary, is
  slow on Intel CPUs, and forces the loop to be unrolled.
- They have special code for AES-192 key expansion, despite that being
  kind of useless.  AES-128 and AES-256 are the ones used in practice.

These are small functions anyway.

Therefore, I opted to just write replacements of these functions for the
library.  They address all the above issues.

Acked-by: Ard Biesheuvel <ardb@kernel.org>
Link: https://lore.kernel.org/r/20260112192035.10427-18-ebiggers@kernel.org
Signed-off-by: Eric Biggers <ebiggers@kernel.org>

lib/crypto/Kconfig		diff \| blob \| blame \| history
lib/crypto/Makefile		diff \| blob \| blame \| history
lib/crypto/x86/aes-aesni.S	[new file with mode: 0644]	blob
lib/crypto/x86/aes.h	[new file with mode: 0644]	blob