Re: [PATCH 1/2] Crypto: Add support for 192 & 256 bit keys to AESNI RFC4106

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Fri, 2014-02-28 at 17:00 -0600, McCaffrey, Timothy M wrote:
> These patches fix the RFC4106 implementation in the aesni-intel module so it supports 192 & 256 bit keys.
> Since AVX was recently added to this module, and this patch only affects the SSE implementation, changes 
> were also made to use the SSE version if key sizes other than 128 are specified.
> 
> RFC4106 specifies that 192 & 256 bit keys must be supported (section 8.4).
> 
> Also, this should fix Strongswan issue 341 where the aesni module needs to be unloaded if 256 bit keys are used:
> http://wiki.strongswan.org/issues/341
> 
> This patch has been tested with Sandy Bridge and Haswell processors.  With 128 bit keys and 
> input buffers > 512 bytes a slight performance degradation was noticed (~1%), 

We may need to test this further on our side to make sure that there 
is no more than 1% of performance degradation for the 128 bit key case,
which is the most used one.

Thanks.

Tim
>
> input buffers 
> less than 512 bytes there was no performance impact.  Compared to 128 bit keys,
> 256 bit key size performance is approx. .5 cycles per byte slower on Sandy Bridge, 
> and .37 cycles per byte slower on Haswell (vs. SSE code).
> 
> This patch has also been tested with StrongSwan IPSec connections where it worked correctly.
> 
> I created this diff from a git clone of crypto-2.6.git.  
> 
> Any questions, please feel free to contact me.
> 


--
To unsubscribe from this list: send the line "unsubscribe linux-crypto" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html




[Index of Archives]     [Kernel]     [Gnu Classpath]     [Gnu Crypto]     [DM Crypt]     [Netfilter]     [Bugtraq]

  Powered by Linux