On Fri, Dec 30, 2022 at 11:03:43PM +0800, Herbert Xu wrote: > On Mon, Dec 12, 2022 at 07:37:58PM +0100, Ard Biesheuvel wrote: > > On 32-bit ARM, AES in GCM mode takes full advantage of the ARMv8 Crypto > > Extensions when available, resulting in a performance of 6-7 cycles per > > byte for typical IPsec frames on cores such as Cortex-A53, using the > > generic GCM template encapsulating the accelerated AES-CTR and GHASH > > implementations. > > > > At such high rates, any time spent copying data or doing other poorly > > optimized work in the generic layer hurts disproportionately, and we can > > get a significant performance improvement by combining the optimized > > AES-CTR and GHASH implementations into a single one. > > > > On Cortex-A53, this results in a performance improvement of around 70%, > > or 4.2 cycles per byte for AES-256-GCM-128 with RFC4106 encapsulation. > > The fastest mode on this core is bare AES-128-GCM using 8k blocks, which > > manages 2.66 cycles per byte. > > > > Signed-off-by: Ard Biesheuvel <ardb@xxxxxxxxxx> > > --- > > Note: this patch depends on the softirq context patches for kernel mode > > NEON I sent last week. More specifically, this implements a sync AEAD > > that does not implement a !simd fallback, as AEADs are not callable in > > IRQ context anyway. > > > > arch/arm/crypto/Kconfig | 2 + > > arch/arm/crypto/ghash-ce-core.S | 381 +++++++++++++++++++- > > arch/arm/crypto/ghash-ce-glue.c | 350 +++++++++++++++++- > > 3 files changed, 718 insertions(+), 15 deletions(-) > > Patch applied. Thanks. Oops, this email was an error. This patch hasn't been applied as it was already superceded. -- Email: Herbert Xu <herbert@xxxxxxxxxxxxxxxxxxx> Home Page: http://gondor.apana.org.au/~herbert/ PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt
