diff options
| author | Ard Biesheuvel <ardb@kernel.org> | 2023-01-16 12:01:48 +0100 |
|---|---|---|
| committer | Russell King (Oracle) <rmk+kernel@armlinux.org.uk> | 2023-01-18 15:04:51 +0000 |
| commit | b575b5a1e625b589ba1b1eb36c05fcca588cbc85 (patch) | |
| tree | 6f6fe162d68873370effbe60f51494837e63bc3a /drivers/gpu/drm/amd/amdgpu/amdgpu_object.c | |
| parent | cdc3116f191ad4250f992d750b2d6f72fb98afde (diff) | |
ARM: 9286/1: crypto: Implement fused AES-CTR/GHASH version of GCM
On 32-bit ARM, AES in GCM mode takes full advantage of the ARMv8 Crypto
Extensions when available, resulting in a performance of 6-7 cycles per
byte for typical IPsec frames on cores such as Cortex-A53, using the
generic GCM template encapsulating the accelerated AES-CTR and GHASH
implementations.
At such high rates, any time spent copying data or doing other poorly
optimized work in the generic layer hurts disproportionately, and we can
get a significant performance improvement by combining the optimized
AES-CTR and GHASH implementations into a single GCM driver.
On Cortex-A53, this results in a performance improvement of around 75%,
and AES-256-GCM-128 with RFC4106 encapsulation runs in 4 cycles per
byte.
Note that this code takes advantage of the fact that kernel mode NEON is
now supported in softirq context as well, and therefore does not provide
a non-NEON fallback path at all. (AEADs are only callable in process or
softirq context)
Acked-by: Herbert Xu <herbert@gondor.apana.org.au>
Signed-off-by: Ard Biesheuvel <ardb@kernel.org>
Signed-off-by: Russell King (Oracle) <rmk+kernel@armlinux.org.uk>
Diffstat (limited to 'drivers/gpu/drm/amd/amdgpu/amdgpu_object.c')
0 files changed, 0 insertions, 0 deletions