Received: by 2002:a05:6358:16cc:b0:ea:6187:17c9 with SMTP id r12csp7348186rwl; Fri, 30 Dec 2022 07:16:01 -0800 (PST) X-Google-Smtp-Source: AMrXdXsWhFIT+5VgHxOGWV900fm8UaJeHEOTzonNnmyzJpBrZ+bIyu9hyJ9pHhit1gRYm6OTXlVp X-Received: by 2002:aa7:d8da:0:b0:474:5de4:a5d1 with SMTP id k26-20020aa7d8da000000b004745de4a5d1mr32434410eds.39.1672413361019; Fri, 30 Dec 2022 07:16:01 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1672413361; cv=none; d=google.com; s=arc-20160816; b=cTKbpBYDSPW1mRCeruo4YojxOXsIJwyggLfgWGVCVgabPAovLb0w7PtvMiTUjPbF0G 4uV2MOQm7QQRlGvnqhhYvV9Iss835nZKVARcOiDj9nnwEHLByZjofjgIXgeNuCc8Ar+D vCjm6lsrh2H7xkvmLxuXe139YLh3mKxspKrE65Y9HSE/NcylmMqHPi94mtBqqwKmERVU 3rrn580522Of7O6JmYXj4uAiex3Omyc/ASWxyk2yz/zbkQevXGT+kJMGw3EmNlVbsaCQ QRzhrsg0uaDDzetihAvzG6sbEk/iTVy5hfaT6NejnoZmswv5TNy6FBwQ3bpvNmwqxjbu 5JZg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:in-reply-to:content-disposition:mime-version :references:message-id:subject:cc:to:from:date; bh=Q83FBGFD58wOzdXDEncaxHoMLJ6jk0UF0OwU6w92Ud0=; b=YMQV/soHh0YWfFMZYumURXYtR3C28vSCWDN/bprqmPaHllvSSNI1NrxKoolb0rUI0t rjWfBVv+mamAaXsNg2aFeDcbdRkHy/roag6/W7/LKP6VXU+PRuPUTFb4OO7xE7qoFnUG f7HM9fT860xojg6Bl33HnBHJHsbNsFy/LAK0T6FRYIQW35n3hOgpv3nt/zLpgDB9cnLK RX2Jzsn4Y/Qpr8oTYWGJ95B6RlKD1mzu6nIelJGzIWffguedW4eslX72LIFZKBobmSSO H827ainZC213lPGxPi38RZr/EOkJccUwFPhQ5c/VVJf5HAGZKQOTnUF4DfXjTYOtTH7E 0YVA== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: domain of linux-crypto-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-crypto-owner@vger.kernel.org Return-Path: Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id b16-20020a056402351000b004690097d852si9104681edd.252.2022.12.30.07.15.34; Fri, 30 Dec 2022 07:16:00 -0800 (PST) Received-SPF: pass (google.com: domain of linux-crypto-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; spf=pass (google.com: domain of linux-crypto-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-crypto-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S235127AbiL3PME (ORCPT + 99 others); Fri, 30 Dec 2022 10:12:04 -0500 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:40952 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S235073AbiL3PMA (ORCPT ); Fri, 30 Dec 2022 10:12:00 -0500 Received: from formenos.hmeau.com (helcar.hmeau.com [216.24.177.18]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 198D92633 for ; Fri, 30 Dec 2022 07:12:00 -0800 (PST) Received: from loth.rohan.me.apana.org.au ([192.168.167.2]) by formenos.hmeau.com with smtp (Exim 4.94.2 #2 (Debian)) id 1pBH37-00COqO-CA; Fri, 30 Dec 2022 23:11:58 +0800 Received: by loth.rohan.me.apana.org.au (sSMTP sendmail emulation); Fri, 30 Dec 2022 23:11:57 +0800 Date: Fri, 30 Dec 2022 23:11:57 +0800 From: Herbert Xu To: Ard Biesheuvel Cc: linux-crypto@vger.kernel.org, ebiggers@kernel.org Subject: Re: [PATCH] crypto: arm/ghash - implement fused AES/GHASH implementation of GCM Message-ID: References: <20221212183758.1079283-1-ardb@kernel.org> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: X-Spam-Status: No, score=-1.9 required=5.0 tests=BAYES_00,SPF_HELO_NONE, SPF_PASS autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-crypto@vger.kernel.org On Fri, Dec 30, 2022 at 11:03:43PM +0800, Herbert Xu wrote: > On Mon, Dec 12, 2022 at 07:37:58PM +0100, Ard Biesheuvel wrote: > > On 32-bit ARM, AES in GCM mode takes full advantage of the ARMv8 Crypto > > Extensions when available, resulting in a performance of 6-7 cycles per > > byte for typical IPsec frames on cores such as Cortex-A53, using the > > generic GCM template encapsulating the accelerated AES-CTR and GHASH > > implementations. > > > > At such high rates, any time spent copying data or doing other poorly > > optimized work in the generic layer hurts disproportionately, and we can > > get a significant performance improvement by combining the optimized > > AES-CTR and GHASH implementations into a single one. > > > > On Cortex-A53, this results in a performance improvement of around 70%, > > or 4.2 cycles per byte for AES-256-GCM-128 with RFC4106 encapsulation. > > The fastest mode on this core is bare AES-128-GCM using 8k blocks, which > > manages 2.66 cycles per byte. > > > > Signed-off-by: Ard Biesheuvel > > --- > > Note: this patch depends on the softirq context patches for kernel mode > > NEON I sent last week. More specifically, this implements a sync AEAD > > that does not implement a !simd fallback, as AEADs are not callable in > > IRQ context anyway. > > > > arch/arm/crypto/Kconfig | 2 + > > arch/arm/crypto/ghash-ce-core.S | 381 +++++++++++++++++++- > > arch/arm/crypto/ghash-ce-glue.c | 350 +++++++++++++++++- > > 3 files changed, 718 insertions(+), 15 deletions(-) > > Patch applied. Thanks. Oops, this email was an error. This patch hasn't been applied as it was already superceded. -- Email: Herbert Xu Home Page: http://gondor.apana.org.au/~herbert/ PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt