From patchwork Mon Dec 4 12:26:35 2017 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Ard Biesheuvel X-Patchwork-Id: 120519 Delivered-To: patch@linaro.org Received: by 10.140.22.227 with SMTP id 90csp4365710qgn; Mon, 4 Dec 2017 04:27:27 -0800 (PST) X-Google-Smtp-Source: AGs4zMbQ9TatcA6LKujakOvLPLbjS9EUc7jE8t/CPQSzxEiGu0jgpIF/gkCiYbfvkRdhhDWw74Ym X-Received: by 10.98.74.148 with SMTP id c20mr19172527pfj.200.1512390447304; Mon, 04 Dec 2017 04:27:27 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1512390447; cv=none; d=google.com; s=arc-20160816; b=tsJTSeJG+oZlyAslZ5teShTIxQ736HQ439k14qVWJb2l1DG0LPscCrASKi6gqIdQBl tfTvlkkdMMAwm2n2Gruv0oEOaDkJJSCCcyIa4+WQ3idYMRItdye8+Fq3tOqLCn/tzDp4 EICb3TH00oKtFYVfkVypzaJ9U2WpuGHCxlYa5gbo7CaUEOsmMLMn842A0lRXmxMgjp7S U0UoK0lJkU5uMafbwU/TDN/szjW9OEr2VnvNmYxyVAWR7vttxec76E2EtG+kH27akmfC t2rbPXy/ZkbCY3oNYisF5LpB2obj+0+e7a2aWTA7XaFz7LuGJaBo6DSFzPrmYnbHsz04 vMHg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:references:in-reply-to:message-id:date :subject:cc:to:from:dkim-signature:arc-authentication-results; bh=AVGr1XiAAq1ruDzOgmfaJd5iqwO5GoptNYnkdzAZJA8=; b=0wZoSEh7c9UryhEsZHegqAIV2Ku+ml1GxiPrQKqcXR74QhThpGdqPprd4dp9mzGFIW RJl8ezg30nBWuH+LvIh8kw4zwMi2c4gG/dI47Eq7K1ebTyETf2gNoAjjd8hXogrLps/9 4YWP1H23kvpCxaa+oqoxdIRqTY4YnvpUWaqBcm5Fk19P6WxVmbf9bpIpclq8DQEM+8Cq htGsLmDxGaWi2FvyYCs1DL2uRjwPu5zuDyh1NpaUjEfOHyHWH1W4rEvF8pplRYvJjvUU wdfYPzVDNS+7VIvARRFscmDnNszyslMVwo225jDdDPk21bG25RXuWnlJZnXk3viYsb7r Pokw== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@linaro.org header.s=google header.b=T5X6DWNb; spf=pass (google.com: best guess record for domain of linux-crypto-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-crypto-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linaro.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id u144si9409634pgb.226.2017.12.04.04.27.27; Mon, 04 Dec 2017 04:27:27 -0800 (PST) Received-SPF: pass (google.com: best guess record for domain of linux-crypto-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=pass header.i=@linaro.org header.s=google header.b=T5X6DWNb; spf=pass (google.com: best guess record for domain of linux-crypto-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-crypto-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linaro.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1753248AbdLDM1Z (ORCPT + 1 other); Mon, 4 Dec 2017 07:27:25 -0500 Received: from mail-wm0-f66.google.com ([74.125.82.66]:39401 "EHLO mail-wm0-f66.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1753241AbdLDM1Y (ORCPT ); Mon, 4 Dec 2017 07:27:24 -0500 Received: by mail-wm0-f66.google.com with SMTP id i11so13902077wmf.4 for ; Mon, 04 Dec 2017 04:27:23 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linaro.org; s=google; h=from:to:cc:subject:date:message-id:in-reply-to:references; bh=AVGr1XiAAq1ruDzOgmfaJd5iqwO5GoptNYnkdzAZJA8=; b=T5X6DWNbBmJA75bMdo7t4EtdknQlVh3wODDqkcpC2B9iB3A+E2TZ8a08nksjXWb5Kg hJ0+u2S9QNy37nEpnp42RLFX8VhZnBuQnSkZrtab4tR+Kjj3ngiFnBgNPbB8SR9ftSmA ZeCDCI6+BHfNlx27OKpZhf1IKSi7Ke+hfa3OA= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references; bh=AVGr1XiAAq1ruDzOgmfaJd5iqwO5GoptNYnkdzAZJA8=; b=rXMSdNA8youDphL8Wo6Iw+qHboHQFUKfKVtvCzX8Q2Des5++zIlLEixcwcU4YHBJu+ 4gm6W/wBlHwQ4609H0bnPOMPJNeU+i6o/0Qa46yf2x0Hf9mjMRjtsFDy223xDrJVBg8Z Ls3IkDGcxDQAXcHZh80rwzhHFWsOcw9XL6+iCe7vDuDiKzMbENI+T1GqFyinv4VkEkde i+/qldo62mRQjxkOB9TXrUy2Ratf8hPulcqEH+p7GEQI6OPDh7aoosl9g6iqR2W7Ye23 Y+T6CM8hTbo+8p77togjTM7w5fuSexUeBeyC0g4O5P9kxNi/mgUzukEteZIZsajkFvOJ apVQ== X-Gm-Message-State: AJaThX7tXG50ghRNqRQSQXtJtMir/O6Hzk2nGSxO6jwRSlzFnp/4zRAj KZpdIDMXvdi/el3CEfF2spyOOCxiH/E= X-Received: by 10.28.216.196 with SMTP id p187mr6452225wmg.158.1512390442611; Mon, 04 Dec 2017 04:27:22 -0800 (PST) Received: from localhost.localdomain ([105.150.171.234]) by smtp.gmail.com with ESMTPSA id a8sm7665839wmh.41.2017.12.04.04.27.19 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Mon, 04 Dec 2017 04:27:21 -0800 (PST) From: Ard Biesheuvel To: linux-crypto@vger.kernel.org Cc: herbert@gondor.apana.org.au, linux-arm-kernel@lists.infradead.org, Ard Biesheuvel , Dave Martin , Russell King - ARM Linux , Sebastian Andrzej Siewior , Mark Rutland , linux-rt-users@vger.kernel.org, Peter Zijlstra , Catalin Marinas , Will Deacon , Steven Rostedt , Thomas Gleixner Subject: [PATCH v2 09/19] crypto: arm64/aes-blk - add 4 way interleave to CBC-MAC encrypt path Date: Mon, 4 Dec 2017 12:26:35 +0000 Message-Id: <20171204122645.31535-10-ard.biesheuvel@linaro.org> X-Mailer: git-send-email 2.11.0 In-Reply-To: <20171204122645.31535-1-ard.biesheuvel@linaro.org> References: <20171204122645.31535-1-ard.biesheuvel@linaro.org> Sender: linux-crypto-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-crypto@vger.kernel.org CBC MAC is strictly sequential, and so the current AES code simply processes the input one block at a time. However, we are about to add yield support, which adds a bit of overhead, and which we prefer to align with other modes in terms of granularity (i.e., it is better to have all routines yield every 64 bytes and not have an exception for CBC MAC which yields every 16 bytes) So unroll the loop by 4. We still cannot perform the AES algorithm in parallel, but we can at least merge the loads and stores. Signed-off-by: Ard Biesheuvel --- arch/arm64/crypto/aes-modes.S | 23 ++++++++++++++++++-- 1 file changed, 21 insertions(+), 2 deletions(-) -- 2.11.0 diff --git a/arch/arm64/crypto/aes-modes.S b/arch/arm64/crypto/aes-modes.S index e86535a1329d..a68412e1e3a4 100644 --- a/arch/arm64/crypto/aes-modes.S +++ b/arch/arm64/crypto/aes-modes.S @@ -395,8 +395,28 @@ AES_ENDPROC(aes_xts_decrypt) AES_ENTRY(aes_mac_update) ld1 {v0.16b}, [x4] /* get dg */ enc_prepare w2, x1, x7 - cbnz w5, .Lmacenc + cbz w5, .Lmacloop4x + encrypt_block v0, w2, x1, x7, w8 + +.Lmacloop4x: + subs w3, w3, #4 + bmi .Lmac1x + ld1 {v1.16b-v4.16b}, [x0], #64 /* get next pt block */ + eor v0.16b, v0.16b, v1.16b /* ..and xor with dg */ + encrypt_block v0, w2, x1, x7, w8 + eor v0.16b, v0.16b, v2.16b + encrypt_block v0, w2, x1, x7, w8 + eor v0.16b, v0.16b, v3.16b + encrypt_block v0, w2, x1, x7, w8 + eor v0.16b, v0.16b, v4.16b + cmp w3, wzr + csinv x5, x6, xzr, eq + cbz w5, .Lmacout + encrypt_block v0, w2, x1, x7, w8 + b .Lmacloop4x +.Lmac1x: + add w3, w3, #4 .Lmacloop: cbz w3, .Lmacout ld1 {v1.16b}, [x0], #16 /* get next pt block */ @@ -406,7 +426,6 @@ AES_ENTRY(aes_mac_update) csinv x5, x6, xzr, eq cbz w5, .Lmacout -.Lmacenc: encrypt_block v0, w2, x1, x7, w8 b .Lmacloop