From patchwork Sat Jul 28 18:53:58 2018 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Ard Biesheuvel X-Patchwork-Id: 143106 Delivered-To: patch@linaro.org Received: by 2002:a2e:9754:0:0:0:0:0 with SMTP id f20-v6csp2271822ljj; Sat, 28 Jul 2018 11:54:14 -0700 (PDT) X-Google-Smtp-Source: AAOMgpefdih+k0g5f8bq81JWFX8UKAFZxHh6LWCHo0LeYtARmx5/jqkgVLsML0ICzR1mZ1MlCIH8 X-Received: by 2002:a63:8a41:: with SMTP id y62-v6mr10311103pgd.291.1532804053916; Sat, 28 Jul 2018 11:54:13 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1532804053; cv=none; d=google.com; s=arc-20160816; b=cDvCP3kQ18oAZXBChyExcQBPJa1jj/KAVlxz92+T26rE2UAJGzI12H2+rNX8wIpiG0 HHUCukGaBraAtJfgP0n5TASvtnsGe+RS00TkEEeLnfwhNI79V8oeTxEsqU1sh6wNeShr jCqE1h/u23Nq6nfuGLDaRH43TCMzwNDfSoQmCnSXviiCU2Ppet/3M6leTJEWJ7FYZ+nc mf6qJ/weuriOG4iLgPEbsu7nNmPBSRAXDwJFO9Q4PSCmbWgLKVu1ejJqxVTY6yIAGHHY XBBnJAcw3sbUSI/DdamHnwg1hWU8anv1nIpQd1jECYxKBV2WbdLbhP7+Dr80cz7KgZuT 6XmA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:message-id:date:subject:cc:to:from :dkim-signature:arc-authentication-results; bh=AWCWLRS28uGxilOtYgUOm9tPseNZHy32Qb6DSC8khDc=; b=uzg7nCYO98JR+HNjbD8oM68qunrpW6H0ZE28Qq5cEowuzM27+2/n/oIjsfGRuY9EtI 37dYDNpBBdrdATv1/o4nBeJwMo+9KuDbb1GJs8uxhf8izvwFWrSmGnXA+R/aHAD0hFZe 9bFQKbu5i99/Fa2K5IUzrM9wtyXNrzSv33hZYT21M299wZ6Xh+ZQ7/bVgeP9kaDr7bDc XgJmCkbpP2cPlkcLeg5QllPZCnzCHxdV+EYSCHAPo5cq0Xmuwv+9VARpushZqzWLLguh 73VOn3STElojSXTSj2FE3AjfTSGEghTBBZZg018PpxZGMM13/nvzVJ8Zb5Zvi4ufYV1y Oyaw== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@linaro.org header.s=google header.b=V0Ar3qW3; spf=pass (google.com: best guess record for domain of linux-crypto-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-crypto-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linaro.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id a72-v6si6300178pge.497.2018.07.28.11.54.13; Sat, 28 Jul 2018 11:54:13 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-crypto-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=pass header.i=@linaro.org header.s=google header.b=V0Ar3qW3; spf=pass (google.com: best guess record for domain of linux-crypto-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-crypto-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linaro.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1730364AbeG1UVh (ORCPT + 1 other); Sat, 28 Jul 2018 16:21:37 -0400 Received: from mail-wr1-f65.google.com ([209.85.221.65]:38557 "EHLO mail-wr1-f65.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1730154AbeG1UVg (ORCPT ); Sat, 28 Jul 2018 16:21:36 -0400 Received: by mail-wr1-f65.google.com with SMTP id v14-v6so8375171wro.5 for ; Sat, 28 Jul 2018 11:54:11 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linaro.org; s=google; h=from:to:cc:subject:date:message-id; bh=AWCWLRS28uGxilOtYgUOm9tPseNZHy32Qb6DSC8khDc=; b=V0Ar3qW33ioEYOSWTr+mJkVa7y9TUmjnd2Y5APxbq6CI7W8sLVMMGMarYJJn+JtA29 v4oHTJ0tQkXMwBC18Q7ibq2C2NZB/bMaO+o4xdY+OQcJG3nFx/sr1GGYiwyYoOHIir+a Rsc8lvoCaIA9AU8gTmg+BbSS12fBovP2/2RMQ= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id; bh=AWCWLRS28uGxilOtYgUOm9tPseNZHy32Qb6DSC8khDc=; b=INZvGvnykQhsxPQVcYVmJhcVxj2Pfj6+9toHl8aXls3Y6eRpf0WPSQ9WGZVgG1xtFW ri5/9AcoMVzTeuqqNBBVIcBqVtGMtQOFVkCtog8F8HTO021Pw+X4fYJ2grqSQ6HDItMU +SvayfgwvJuBzi00eANoc5NXX2LxRqVfIqNl5jVWoxj3uvZqdMQGosv0JEzNtuOtRzUP Bv/Oe97xJHsDQ/trE1hhCtUtm/JpUIbXK5Xg97tU1mZgwPgu8FEoK1v8zBVVxrRLAwN5 wzdmKOwKM/Sq5w/J1QIU7seTmqeG06dkR00XaTPBAm6Kg76EanKVtXGWKnmGwrhufRY9 rwtQ== X-Gm-Message-State: AOUpUlHQNGV7ODdIdTPjY1xNaRI+IC41+Ohv9L/hgT7SInOO20ABvaQ/ 8uYaSmFHoM/1oWbei5SNV7rOJg20cxY= X-Received: by 2002:adf:959a:: with SMTP id p26-v6mr10278537wrp.202.1532804050079; Sat, 28 Jul 2018 11:54:10 -0700 (PDT) Received: from rev02.home (b80182.upc-b.chello.nl. [212.83.80.182]) by smtp.gmail.com with ESMTPSA id v188-v6sm10308407wme.43.2018.07.28.11.54.08 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Sat, 28 Jul 2018 11:54:09 -0700 (PDT) From: Ard Biesheuvel To: linux-crypto@vger.kernel.org Cc: herbert@gondor.apana.org.au, linux-arm-kernel@lists.infradead.org, will.deacon@arm.com, catalin.marinas@arm.com, vakul.garg@nxp.com, jerome.forissier@linaro.org, jens.wiklander@linaro.org, Ard Biesheuvel Subject: [PATCH 0/2] crypto/arm64: aes-ce-gcm - switch to 2-way aggregation Date: Sat, 28 Jul 2018 20:53:58 +0200 Message-Id: <20180728185400.8237-1-ard.biesheuvel@linaro.org> X-Mailer: git-send-email 2.18.0 Sender: linux-crypto-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-crypto@vger.kernel.org Update the combined AES-GCM AEAD implementation to process two blocks at a time, allowing us to switch to a faster version of the GHASH implementation. Note that this does not update the core GHASH transform, only the combined AES-GCM AEAD mode. GHASH is mostly used with AES anyway, and the ARMv8 architecture mandates support for AES instructions if 64-bit polynomial multiplication instructions are implemented. This means that mosts users of the pmull.p64 based GHASH routines are better off using the combined AES-GCM code anyway. Users of the pmull.p8 based GHASH implementation are unlikely to benefit substantially from aggregation, given that the multiplication phase is much more dominant in this case (and it is only the reduction phase that is amortized over multiple blocks) Performance numbers for Cortex-A53 can be found after patch #2. Ard Biesheuvel (2): crypto/arm64: aes-ce-gcm - operate on two input blocks at a time crypto/arm64: aes-ce-gcm - implement 2-way aggregation arch/arm64/crypto/ghash-ce-core.S | 128 +++++++++++++------- arch/arm64/crypto/ghash-ce-glue.c | 117 ++++++++++++------ 2 files changed, 165 insertions(+), 80 deletions(-) -- 2.18.0