On Fri, 2014-02-28 at 17:00 -0600, McCaffrey, Timothy M wrote: > These patches fix the RFC4106 implementation in the aesni-intel module so it supports 192 & 256 bit keys. > Since AVX was recently added to this module, and this patch only affects the SSE implementation, changes > were also made to use the SSE version if key sizes other than 128 are specified. > > RFC4106 specifies that 192 & 256 bit keys must be supported (section 8.4). > > Also, this should fix Strongswan issue 341 where the aesni module needs to be unloaded if 256 bit keys are used: > http://wiki.strongswan.org/issues/341 > > This patch has been tested with Sandy Bridge and Haswell processors. With 128 bit keys and > input buffers > 512 bytes a slight performance degradation was noticed (~1%), We may need to test this further on our side to make sure that there is no more than 1% of performance degradation for the 128 bit key case, which is the most used one. Thanks. Tim > > input buffers > less than 512 bytes there was no performance impact. Compared to 128 bit keys, > 256 bit key size performance is approx. .5 cycles per byte slower on Sandy Bridge, > and .37 cycles per byte slower on Haswell (vs. SSE code). > > This patch has also been tested with StrongSwan IPSec connections where it worked correctly. > > I created this diff from a git clone of crypto-2.6.git. > > Any questions, please feel free to contact me. > -- To unsubscribe from this list: send the line "unsubscribe linux-crypto" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
