Received: by 2002:a05:6358:16cc:b0:ea:6187:17c9 with SMTP id r12csp7349720rwl;
        Fri, 30 Dec 2022 07:17:05 -0800 (PST)
X-Google-Smtp-Source: AMrXdXtZa31nt6fK4ebCWZzAFJ2Oy3YDEaWT6GdPRBbpdqsrTfB9tV2pqSzveEWhfOsdPCdGVCci
X-Received: by 2002:a17:906:eda2:b0:7c0:cee0:2f55 with SMTP id sa2-20020a170906eda200b007c0cee02f55mr28066295ejb.28.1672413424755;
        Fri, 30 Dec 2022 07:17:04 -0800 (PST)
ARC-Seal: i=1; a=rsa-sha256; t=1672413424; cv=none;
        d=google.com; s=arc-20160816;
        b=sLLYsy/lMan3Mc9nSRZ10VEVda1JWt7MrOovBMwubFyhnCoN5XxcPXk/he1fCnrv3Z
         sSj1axrmahbVAlgGk78dOhvcM97v2bgYJ4GvZArkN0klY4vI+qIjJFHqXHHFEy03zFhO
         aclJLXViww1thZqYhnjJKCsA0hJ+/H2pzpF3/CbWYOC7HVEGeaaCYa0gQ2Dh8FcBWYg9
         mlcxrLdF/DoeyWfG4HU6N7ENVoD13ifD8pECkl3oWD6+r2+ZrIK7OByJiVL2rrzcVPu6
         fY8sXFdNOPnQQtrofX9G11Ah1NvX/R9oC2B30v6/ivjWNQFwZcYE69f/BIfn+LwA06c/
         A0ZA==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=list-id:precedence:in-reply-to:content-disposition:mime-version
         :references:message-id:subject:cc:to:from:date;
        bh=c7Zqb+bu7FLMYKMJMzWlAUKv2+qfntzr8pdtPv/Ghqs=;
        b=xzPlFHCAuYU8TobC8F+ZCxdPf616/g84vhDs5DJwh98AjbJgczUS4KJ5WB1WuvPN48
         hQ5bDg8EyFkW4y9DuWgtf47wtODgmkUUylIs1Z5/hu7B/BCfwezh30nTQKTxkzEqR1yT
         e/PZ/mZ3/vbvV3epSyJkbHJgvtfd+rUCOlrwhWPR1Z5sk74Fv73ekzbjJbkamWhblOVt
         udtTpXWjBgXmBVsOFEXF4DUqMN+FVwkKF+LPBYKx17j1W29cwDL7lNc7kIM1SExAGz83
         T+XRb7j1bdbe3xGNPZiN+P6G0rM5rEAnZuH5CPs48FMWPtYYZu86FxPKFOz8SYGtvjlu
         GrGA==
ARC-Authentication-Results: i=1; mx.google.com;
       spf=pass (google.com: domain of linux-crypto-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-crypto-owner@vger.kernel.org
Return-Path: <linux-crypto-owner@vger.kernel.org>
Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20])
        by mx.google.com with ESMTP id jg32-20020a170907972000b007c1286ad884si20060544ejc.677.2022.12.30.07.16.40;
        Fri, 30 Dec 2022 07:17:04 -0800 (PST)
Received-SPF: pass (google.com: domain of linux-crypto-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20;
Authentication-Results: mx.google.com;
       spf=pass (google.com: domain of linux-crypto-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-crypto-owner@vger.kernel.org
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S229464AbiL3PDr (ORCPT <rfc822;vik.reck@gmail.com> + 99 others);
        Fri, 30 Dec 2022 10:03:47 -0500
Received: from lindbergh.monkeyblade.net ([23.128.96.19]:39452 "EHLO
        lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
        with ESMTP id S229456AbiL3PDq (ORCPT
        <rfc822;linux-crypto@vger.kernel.org>);
        Fri, 30 Dec 2022 10:03:46 -0500
Received: from formenos.hmeau.com (helcar.hmeau.com [216.24.177.18])
        by lindbergh.monkeyblade.net (Postfix) with ESMTPS id C23D8140DF
        for <linux-crypto@vger.kernel.org>; Fri, 30 Dec 2022 07:03:45 -0800 (PST)
Received: from loth.rohan.me.apana.org.au ([192.168.167.2])
        by formenos.hmeau.com with smtp (Exim 4.94.2 #2 (Debian))
        id 1pBGv9-00COfN-2i; Fri, 30 Dec 2022 23:03:44 +0800
Received: by loth.rohan.me.apana.org.au (sSMTP sendmail emulation); Fri, 30 Dec 2022 23:03:43 +0800
Date:   Fri, 30 Dec 2022 23:03:43 +0800
From:   Herbert Xu <herbert@gondor.apana.org.au>
To:     Ard Biesheuvel <ardb@kernel.org>
Cc:     linux-crypto@vger.kernel.org, ebiggers@kernel.org
Subject: Re: [PATCH] crypto: arm/ghash - implement fused AES/GHASH
 implementation of GCM
Message-ID: <Y679z3SPiHn+y7Zt@gondor.apana.org.au>
References: <20221212183758.1079283-1-ardb@kernel.org>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <20221212183758.1079283-1-ardb@kernel.org>
X-Spam-Status: No, score=-1.9 required=5.0 tests=BAYES_00,SPF_HELO_NONE,
        SPF_PASS autolearn=ham autolearn_force=no version=3.4.6
X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on
        lindbergh.monkeyblade.net
Precedence: bulk
List-ID: <linux-crypto.vger.kernel.org>
X-Mailing-List: linux-crypto@vger.kernel.org

On Mon, Dec 12, 2022 at 07:37:58PM +0100, Ard Biesheuvel wrote:
> On 32-bit ARM, AES in GCM mode takes full advantage of the ARMv8 Crypto
> Extensions when available, resulting in a performance of 6-7 cycles per
> byte for typical IPsec frames on cores such as Cortex-A53, using the
> generic GCM template encapsulating the accelerated AES-CTR and GHASH
> implementations.
> 
> At such high rates, any time spent copying data or doing other poorly
> optimized work in the generic layer hurts disproportionately, and we can
> get a significant performance improvement by combining the optimized
> AES-CTR and GHASH implementations into a single one.
> 
> On Cortex-A53, this results in a performance improvement of around 70%,
> or 4.2 cycles per byte for AES-256-GCM-128 with RFC4106 encapsulation.
> The fastest mode on this core is bare AES-128-GCM using 8k blocks, which
> manages 2.66 cycles per byte.
> 
> Signed-off-by: Ard Biesheuvel <ardb@kernel.org>
> ---
> Note: this patch depends on the softirq context patches for kernel mode
> NEON I sent last week. More specifically, this implements a sync AEAD
> that does not implement a !simd fallback, as AEADs are not callable in
> IRQ context anyway.
> 
>  arch/arm/crypto/Kconfig         |   2 +
>  arch/arm/crypto/ghash-ce-core.S | 381 +++++++++++++++++++-
>  arch/arm/crypto/ghash-ce-glue.c | 350 +++++++++++++++++-
>  3 files changed, 718 insertions(+), 15 deletions(-)

Patch applied.  Thanks.
-- 
Email: Herbert Xu <herbert@gondor.apana.org.au>
Home Page: http://gondor.apana.org.au/~herbert/
PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt