From c10c559bdf31cac58e77b81ac69d579ee92a8c06 Mon Sep 17 00:00:00 2001 From: Richard Henderson Date: Sat, 3 Jun 2023 01:26:20 +0000 Subject: crypto: Implement aesdec_IMC with AES_imc_rot MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit This method uses one uint32_t * 256 table instead of 4, which means its data cache overhead is less. Acked-by: Daniel P. Berrangé Reviewed-by: Philippe Mathieu-Daudé Signed-off-by: Richard Henderson --- crypto/aes.c | 42 +++++++++++++++++++++--------------------- 1 file changed, 21 insertions(+), 21 deletions(-) (limited to 'crypto/aes.c') diff --git a/crypto/aes.c b/crypto/aes.c index 00e16d3f92..d93883eb18 100644 --- a/crypto/aes.c +++ b/crypto/aes.c @@ -1377,39 +1377,39 @@ aesdec_IMC_swap(AESState *r, const AESState *st, bool swap) bool be = HOST_BIG_ENDIAN ^ swap; uint32_t t; - /* Note that AES_imc is encoded for big-endian. */ - t = (AES_imc[st->b[swap_b ^ 0x0]][0] ^ - AES_imc[st->b[swap_b ^ 0x1]][1] ^ - AES_imc[st->b[swap_b ^ 0x2]][2] ^ - AES_imc[st->b[swap_b ^ 0x3]][3]); - if (!be) { + /* Note that AES_imc_rot is encoded for little-endian. */ + t = ( AES_imc_rot[st->b[swap_b ^ 0x0]] ^ + rol32(AES_imc_rot[st->b[swap_b ^ 0x1]], 8) ^ + rol32(AES_imc_rot[st->b[swap_b ^ 0x2]], 16) ^ + rol32(AES_imc_rot[st->b[swap_b ^ 0x3]], 24)); + if (be) { t = bswap32(t); } r->w[swap_w ^ 0] = t; - t = (AES_imc[st->b[swap_b ^ 0x4]][0] ^ - AES_imc[st->b[swap_b ^ 0x5]][1] ^ - AES_imc[st->b[swap_b ^ 0x6]][2] ^ - AES_imc[st->b[swap_b ^ 0x7]][3]); - if (!be) { + t = ( AES_imc_rot[st->b[swap_b ^ 0x4]] ^ + rol32(AES_imc_rot[st->b[swap_b ^ 0x5]], 8) ^ + rol32(AES_imc_rot[st->b[swap_b ^ 0x6]], 16) ^ + rol32(AES_imc_rot[st->b[swap_b ^ 0x7]], 24)); + if (be) { t = bswap32(t); } r->w[swap_w ^ 1] = t; - t = (AES_imc[st->b[swap_b ^ 0x8]][0] ^ - AES_imc[st->b[swap_b ^ 0x9]][1] ^ - AES_imc[st->b[swap_b ^ 0xA]][2] ^ - AES_imc[st->b[swap_b ^ 0xB]][3]); - if (!be) { + t = ( AES_imc_rot[st->b[swap_b ^ 0x8]] ^ + rol32(AES_imc_rot[st->b[swap_b ^ 0x9]], 8) ^ + rol32(AES_imc_rot[st->b[swap_b ^ 0xA]], 16) ^ + rol32(AES_imc_rot[st->b[swap_b ^ 0xB]], 24)); + if (be) { t = bswap32(t); } r->w[swap_w ^ 2] = t; - t = (AES_imc[st->b[swap_b ^ 0xC]][0] ^ - AES_imc[st->b[swap_b ^ 0xD]][1] ^ - AES_imc[st->b[swap_b ^ 0xE]][2] ^ - AES_imc[st->b[swap_b ^ 0xF]][3]); - if (!be) { + t = ( AES_imc_rot[st->b[swap_b ^ 0xC]] ^ + rol32(AES_imc_rot[st->b[swap_b ^ 0xD]], 8) ^ + rol32(AES_imc_rot[st->b[swap_b ^ 0xE]], 16) ^ + rol32(AES_imc_rot[st->b[swap_b ^ 0xF]], 24)); + if (be) { t = bswap32(t); } r->w[swap_w ^ 3] = t; -- cgit v1.2.3