On Wed, 14 Dec 2022 at 18:20, Ard Biesheuvel <ardb@xxxxxxxxxx> wrote: > > This is a v2 as patch #1 was sent out in isolation a couple of days ago. > > As it turns out, we can get ~10% speedup for RFC4106 on arm64 > (Cortex-A53) by giving it the same treatment as ARM, i.e., avoid the > generic template and implement RFC4106 encapsulation directly in the > driver > > Patch #3 adds larger key sizes to the tcrypt benchmark for RFC4106 > > Patch #4 fixes some prose on AEAD that turned out to be inaccurate. > > Changes since v1: > - minor tweaks to the asm code in patch #1, one of which to fix a Clang > build error > > Note: patch #1 depends on the softirq context patches for kernel mode > NEON I sent out last week. More specifically, this implements a sync > AEAD that does not implement a !simd fallback, as AEADs are not callable > in hard IRQ context anyway. > These prerequisite changes have now been queued up in the ARM tree. Note that these are runtime prerequisites only so I think this series can be safely merged as well, as I don't think anyone builds cryptodev for 32-bit ARM and tests it on 64-bit hardware (which is the only hardware that implements the AES instructions that patch #1 relies on) > Cc: Eric Biggers <ebiggers@xxxxxxxxxx> > Cc: Herbert Xu <herbert@xxxxxxxxxxxxxxxxxxx> > > Ard Biesheuvel (4): > crypto: arm/ghash - implement fused AES/GHASH version of AES-GCM > crypto: arm64/gcm - add RFC4106 support > crypto: tcrypt - include larger key sizes in RFC4106 benchmark > crypto: aead - fix inaccurate documentation > > arch/arm/crypto/Kconfig | 2 + > arch/arm/crypto/ghash-ce-core.S | 382 +++++++++++++++++- > arch/arm/crypto/ghash-ce-glue.c | 424 +++++++++++++++++++- > arch/arm64/crypto/ghash-ce-glue.c | 145 +++++-- > crypto/tcrypt.c | 8 +- > crypto/tcrypt.h | 2 +- > include/crypto/aead.h | 20 +- > 7 files changed, 913 insertions(+), 70 deletions(-) > > -- > 2.35.1 >