git.baikalelectronics.ru Git - kernel.git/commit

author	Ard Biesheuvel <ard.biesheuvel@linaro.org>
	Mon, 24 Jul 2017 10:28:18 +0000 (11:28 +0100)
committer	Herbert Xu <herbert@gondor.apana.org.au>
	Fri, 4 Aug 2017 01:27:25 +0000 (09:27 +0800)
commit	84dbed9cb110c4692759aa1808093b95c8720480
tree	4e6464450d8176e49f1d2a959e24bb9209ce9466	tree \| snapshot
parent	9c3c27d6d572ca24b5d650a5f62a4f7052cc167f	commit \| diff

crypto: arm64/ghash - add NEON accelerated fallback for 64-bit PMULL

Implement a NEON fallback for systems that do support NEON but have
no support for the optional 64x64->128 polynomial multiplication
instruction that is part of the ARMv8 Crypto Extensions. It is based
on the paper "Fast Software Polynomial Multiplication on ARM Processors
Using the NEON Engine" by Danilo Camara, Conrado Gouvea, Julio Lopez and
Ricardo Dahab (https://hal.inria.fr/hal-01506572), but has been reworked
extensively for the AArch64 ISA.

On a low-end core such as the Cortex-A53 found in the Raspberry Pi3, the
NEON based implementation is 4x faster than the table based one, and
is time invariant as well, making it less vulnerable to timing attacks.
When combined with the bit-sliced NEON implementation of AES-CTR, the
AES-GCM performance increases by 2x (from 58 to 29 cycles per byte).

Signed-off-by: Ard Biesheuvel <ard.biesheuvel@linaro.org>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>

arch/arm64/crypto/ghash-ce-core.S		diff \| blob \| history
arch/arm64/crypto/ghash-ce-glue.c		diff \| blob \| history