From 93cfd23599454e9397e9c80a0bb8bf078fb91a39 Mon Sep 17 00:00:00 2001 From: Richard Allen Date: Tue, 6 Aug 2024 08:53:48 -0500 Subject: [PATCH] perf(mbedtls/port): unroll first GCM iteration The first loop of gcm_mult() is different from the others. By unrolling it separately from the others, the other iterations may take advantage of the zero-overhead loop construct, in addition to saving a conditional branch in the loop. --- components/mbedtls/port/aes/esp_aes_gcm.c | 25 ++++++++++++++--------- 1 file changed, 15 insertions(+), 10 deletions(-) diff --git a/components/mbedtls/port/aes/esp_aes_gcm.c b/components/mbedtls/port/aes/esp_aes_gcm.c index dd50ec92a92c..652162eeaabd 100644 --- a/components/mbedtls/port/aes/esp_aes_gcm.c +++ b/components/mbedtls/port/aes/esp_aes_gcm.c @@ -211,23 +211,28 @@ static void gcm_mult( esp_gcm_context *ctx, const unsigned char x[16], uint64_t zh, zl; lo = x[15] & 0xf; + hi = x[15] >> 4; zh = ctx->HH[lo]; zl = ctx->HL[lo]; - for ( i = 15; i >= 0; i-- ) { + rem = (unsigned char) zl & 0xf; + zl = ( zh << 60 ) | ( zl >> 4 ); + zh = ( zh >> 4 ); + zh ^= (uint64_t) last4[rem] << 32; + zh ^= ctx->HH[hi]; + zl ^= ctx->HL[hi]; + + for ( i = 14; i >= 0; i-- ) { lo = x[i] & 0xf; hi = x[i] >> 4; - if ( i != 15 ) { - rem = (unsigned char) zl & 0xf; - zl = ( zh << 60 ) | ( zl >> 4 ); - zh = ( zh >> 4 ); - zh ^= (uint64_t) last4[rem] << 32; - zh ^= ctx->HH[lo]; - zl ^= ctx->HL[lo]; - - } + rem = (unsigned char) zl & 0xf; + zl = ( zh << 60 ) | ( zl >> 4 ); + zh = ( zh >> 4 ); + zh ^= (uint64_t) last4[rem] << 32; + zh ^= ctx->HH[lo]; + zl ^= ctx->HL[lo]; rem = (unsigned char) zl & 0xf; zl = ( zh << 60 ) | ( zl >> 4 );