On Sat, 3 Jun 2023 at 04:34, Richard Henderson <richard.hender...@linaro.org> wrote: > > Inspired by Ard Biesheuvel's RFC patches for accelerating AES > under emulation, provide a set of primitives that maps between > the guest and host fragments. > > There is a small guest correctness test case. > > I think the end result is quite a bit cleaner, since the logic > is now centralized, rather than spread across 4 different guests. > > Further work could clean up crypto/aes.c itself to use these > instead of the tables directly. I'm sure that's just an ultimate > fallback when an appropriate system library is not available, and > so not terribly important, but it could still significantly reduce > the amount of code we carry. > > I would imagine structuring a polynomial multiplication header > in a similar way. There are 4 or 5 versions of those spread across > the different guests. > > Anyway, please review. > > > r~ > > > Richard Henderson (35): > tests/multiarch: Add test-aes > target/arm: Move aesmc and aesimc tables to crypto/aes.c > crypto/aes: Add constants for ShiftRows, InvShiftRows > crypto: Add aesenc_SB_SR > target/i386: Use aesenc_SB_SR > target/arm: Demultiplex AESE and AESMC > target/arm: Use aesenc_SB_SR > target/ppc: Use aesenc_SB_SR > target/riscv: Use aesenc_SB_SR > crypto: Add aesdec_ISB_ISR > target/i386: Use aesdec_ISB_ISR > target/arm: Use aesdec_ISB_ISR > target/ppc: Use aesdec_ISB_ISR > target/riscv: Use aesdec_ISB_ISR > crypto: Add aesenc_MC > target/arm: Use aesenc_MC > crypto: Add aesdec_IMC > target/i386: Use aesdec_IMC > target/arm: Use aesdec_IMC > target/riscv: Use aesdec_IMC > crypto: Add aesenc_SB_SR_MC_AK > target/i386: Use aesenc_SB_SR_MC_AK > target/ppc: Use aesenc_SB_SR_MC_AK > target/riscv: Use aesenc_SB_SR_MC_AK > crypto: Add aesdec_ISB_ISR_IMC_AK > target/i386: Use aesdec_ISB_ISR_IMC_AK > target/riscv: Use aesdec_ISB_ISR_IMC_AK > crypto: Add aesdec_ISB_ISR_AK_IMC > target/ppc: Use aesdec_ISB_ISR_AK_IMC > host/include/i386: Implement aes-round.h > host/include/aarch64: Implement aes-round.h > crypto: Remove AES_shifts, AES_ishifts > crypto: Implement aesdec_IMC with AES_imc_rot > crypto: Remove AES_imc > crypto: Unexport AES_*_rot, AES_TeN, AES_TdN >
This is looking very good - it is clearly a much better abstraction than what I proposed, and I'd expect the performance boost to be the same.
