crypto: arm64/aes-neonbs - implement ciphertext stealing for XTS

Update the AES-XTS implementation based on NEON instructions so that it can deal with inputs whose size is not a multiple of the cipher block size. This is part of the original XTS specification, but was never implemented before in the Linux kernel. Since the bit slicing driver is only faster if it can operate on at least 7 blocks of input at the same time, let's reuse the alternate path we are adding for CTS to process any data tail whose size is not a multiple of 128 bytes. Signed-off-by: Ard Biesheuvel <ard.biesheuvel@linaro.org> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
author: Ard Biesheuvel <ard.biesheuvel@linaro.org> 2019-09-03 18:43:34 +0200
committer: Herbert Xu <herbert@gondor.apana.org.au> 2019-09-09 09:35:39 +0200
commit: 67cfa5d3b7214ce944747908f9a1a3cba8b989b9 (patch)
tree: bd6b8c9d4895e8d9124bead9293687c4f8a04454 /arch/arm64/crypto/aes-ce.S
parent: crypto: arm64/aes - implement support for XTS ciphertext stealing (diff)
download: linux-67cfa5d3b7214ce944747908f9a1a3cba8b989b9.tar.xz
linux-67cfa5d3b7214ce944747908f9a1a3cba8b989b9.zip
1 files changed, 3 insertions, 0 deletions
diff --git a/arch/arm64/crypto/aes-ce.S b/arch/arm64/crypto/aes-ce.S
index 00bd2885feaa..c132c49c89a8 100644
--- a/arch/arm64/crypto/aes-ce.S
+++ b/arch/arm64/crypto/aes-ce.S
@@ -21,6 +21,9 @@
 	.macro		xts_reload_mask, tmp
 	.endm
 
+	.macro		xts_cts_skip_tw, reg, lbl
+	.endm
+
 	/* preload all round keys */
 	.macro		load_round_keys, rounds, rk
 	cmp		\rounds, #12
author	Ard Biesheuvel <ard.biesheuvel@linaro.org>	2019-09-03 18:43:34 +0200
committer	Herbert Xu <herbert@gondor.apana.org.au>	2019-09-09 09:35:39 +0200
commit	67cfa5d3b7214ce944747908f9a1a3cba8b989b9 (patch)
tree	bd6b8c9d4895e8d9124bead9293687c4f8a04454 /arch/arm64/crypto/aes-ce.S
parent	crypto: arm64/aes - implement support for XTS ciphertext stealing (diff)
download	linux-67cfa5d3b7214ce944747908f9a1a3cba8b989b9.tar.xz linux-67cfa5d3b7214ce944747908f9a1a3cba8b989b9.zip