My apologies if this has been discussed/debated before on linux-crypto. When working on accelerated crypto for ARM and arm64, I noticed that many of the existing accelerated implementations for other architectures duplicate much of the chaining modes, not because they can be accelerated themselves but mainly because the generic chaining mode implementations cannot present the data in large enough chunks for the accelerated implementations to reach their optimal speed. This series proposes a way to improve on that. I have only implemented the CBC example because it makes for nice a benchmark, but CTR and XTS are other obvious candidates for the treatment. I have included my arm64 AES cipher implementation for reference. Ard Biesheuvel (3): crypto: add interleave option to cipher_alg crypto: take interleave into account for CBC decryption arm64: add Crypto Extensions based core AES cipher arch/arm64/Makefile | 1 + arch/arm64/crypto/Makefile | 13 ++ arch/arm64/crypto/aes-ce-cipher.c | 257 ++++++++++++++++++++++++++++++++++++++ crypto/Kconfig | 6 + crypto/cbc.c | 109 ++++++++++++---- include/linux/crypto.h | 4 + 6 files changed, 363 insertions(+), 27 deletions(-) create mode 100644 arch/arm64/crypto/Makefile create mode 100644 arch/arm64/crypto/aes-ce-cipher.c -- 1.8.3.2 -- To unsubscribe from this list: send the line "unsubscribe linux-crypto" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html