537c1445ab
Currently, the AES-GCM implementation for arm64 systems that support the ARMv8 Crypto Extensions is based on the generic GCM module, which combines the AES-CTR implementation using AES instructions with the PMULL based GHASH driver. This is suboptimal, given the fact that the input data needs to be loaded twice, once for the encryption and again for the MAC calculation. On Cortex-A57 (r1p2) and other recent cores that implement micro-op fusing for the AES instructions, AES executes at less than 1 cycle per byte, which means that any cycles wasted on loading the data twice hurt even more. So implement a new GCM driver that combines the AES and PMULL instructions at the block level. This improves performance on Cortex-A57 by ~37% (from 3.5 cpb to 2.6 cpb) Signed-off-by: Ard Biesheuvel <ard.biesheuvel@linaro.org> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
98 lines
2.6 KiB
Plaintext
98 lines
2.6 KiB
Plaintext
|
|
menuconfig ARM64_CRYPTO
|
|
bool "ARM64 Accelerated Cryptographic Algorithms"
|
|
depends on ARM64
|
|
help
|
|
Say Y here to choose from a selection of cryptographic algorithms
|
|
implemented using ARM64 specific CPU features or instructions.
|
|
|
|
if ARM64_CRYPTO
|
|
|
|
config CRYPTO_SHA256_ARM64
|
|
tristate "SHA-224/SHA-256 digest algorithm for arm64"
|
|
select CRYPTO_HASH
|
|
|
|
config CRYPTO_SHA512_ARM64
|
|
tristate "SHA-384/SHA-512 digest algorithm for arm64"
|
|
select CRYPTO_HASH
|
|
|
|
config CRYPTO_SHA1_ARM64_CE
|
|
tristate "SHA-1 digest algorithm (ARMv8 Crypto Extensions)"
|
|
depends on KERNEL_MODE_NEON
|
|
select CRYPTO_HASH
|
|
select CRYPTO_SHA1
|
|
|
|
config CRYPTO_SHA2_ARM64_CE
|
|
tristate "SHA-224/SHA-256 digest algorithm (ARMv8 Crypto Extensions)"
|
|
depends on KERNEL_MODE_NEON
|
|
select CRYPTO_HASH
|
|
select CRYPTO_SHA256_ARM64
|
|
|
|
config CRYPTO_GHASH_ARM64_CE
|
|
tristate "GHASH/AES-GCM using ARMv8 Crypto Extensions"
|
|
depends on KERNEL_MODE_NEON
|
|
select CRYPTO_HASH
|
|
select CRYPTO_GF128MUL
|
|
select CRYPTO_AES
|
|
select CRYPTO_AES_ARM64
|
|
|
|
config CRYPTO_CRCT10DIF_ARM64_CE
|
|
tristate "CRCT10DIF digest algorithm using PMULL instructions"
|
|
depends on KERNEL_MODE_NEON && CRC_T10DIF
|
|
select CRYPTO_HASH
|
|
|
|
config CRYPTO_CRC32_ARM64_CE
|
|
tristate "CRC32 and CRC32C digest algorithms using ARMv8 extensions"
|
|
depends on CRC32
|
|
select CRYPTO_HASH
|
|
|
|
config CRYPTO_AES_ARM64
|
|
tristate "AES core cipher using scalar instructions"
|
|
select CRYPTO_AES
|
|
|
|
config CRYPTO_AES_ARM64_CE
|
|
tristate "AES core cipher using ARMv8 Crypto Extensions"
|
|
depends on ARM64 && KERNEL_MODE_NEON
|
|
select CRYPTO_ALGAPI
|
|
select CRYPTO_AES_ARM64
|
|
|
|
config CRYPTO_AES_ARM64_CE_CCM
|
|
tristate "AES in CCM mode using ARMv8 Crypto Extensions"
|
|
depends on ARM64 && KERNEL_MODE_NEON
|
|
select CRYPTO_ALGAPI
|
|
select CRYPTO_AES_ARM64_CE
|
|
select CRYPTO_AES_ARM64
|
|
select CRYPTO_AEAD
|
|
|
|
config CRYPTO_AES_ARM64_CE_BLK
|
|
tristate "AES in ECB/CBC/CTR/XTS modes using ARMv8 Crypto Extensions"
|
|
depends on KERNEL_MODE_NEON
|
|
select CRYPTO_BLKCIPHER
|
|
select CRYPTO_AES_ARM64_CE
|
|
select CRYPTO_AES_ARM64
|
|
select CRYPTO_SIMD
|
|
|
|
config CRYPTO_AES_ARM64_NEON_BLK
|
|
tristate "AES in ECB/CBC/CTR/XTS modes using NEON instructions"
|
|
depends on KERNEL_MODE_NEON
|
|
select CRYPTO_BLKCIPHER
|
|
select CRYPTO_AES_ARM64
|
|
select CRYPTO_AES
|
|
select CRYPTO_SIMD
|
|
|
|
config CRYPTO_CHACHA20_NEON
|
|
tristate "NEON accelerated ChaCha20 symmetric cipher"
|
|
depends on KERNEL_MODE_NEON
|
|
select CRYPTO_BLKCIPHER
|
|
select CRYPTO_CHACHA20
|
|
|
|
config CRYPTO_AES_ARM64_BS
|
|
tristate "AES in ECB/CBC/CTR/XTS modes using bit-sliced NEON algorithm"
|
|
depends on KERNEL_MODE_NEON
|
|
select CRYPTO_BLKCIPHER
|
|
select CRYPTO_AES_ARM64_NEON_BLK
|
|
select CRYPTO_AES_ARM64
|
|
select CRYPTO_SIMD
|
|
|
|
endif
|