crypto: arm/ghash-ce - implement support for 4-way aggregation

Speed up the GHASH algorithm based on 64-bit polynomial multiplication by adding support for 4-way aggregation. This improves throughput by ~85% on Cortex-A53, from 1.7 cycles per byte to 0.9 cycles per byte. When combined with AES into GCM, throughput improves by ~25%, from 3.8 cycles per byte to 3.0 cycles per byte. Signed-off-by: Ard Biesheuvel <ard.biesheuvel@linaro.org> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
author: Ard Biesheuvel <ard.biesheuvel@linaro.org> 2018-08-23 16:48:51 +0200
committer: Herbert Xu <herbert@gondor.apana.org.au> 2018-09-04 05:37:04 +0200
commit: 00227e3a1d0855e9777cf53c52b842503435e22b (patch)
tree: bb7737ca90746dc304e7c5cfae17e396e0912b75 /arch/arm/crypto/Kconfig
parent: crypto: x86 - remove SHA multibuffer routines and mcryptd (diff)
download: linux-00227e3a1d0855e9777cf53c52b842503435e22b.tar.xz
linux-00227e3a1d0855e9777cf53c52b842503435e22b.zip
1 files changed, 1 insertions, 0 deletions
diff --git a/arch/arm/crypto/Kconfig b/arch/arm/crypto/Kconfig
index b8e69fe282b8..ef0c7feea6e2 100644
--- a/arch/arm/crypto/Kconfig
+++ b/arch/arm/crypto/Kconfig
@@ -99,6 +99,7 @@ config CRYPTO_GHASH_ARM_CE
 	depends on KERNEL_MODE_NEON
 	select CRYPTO_HASH
 	select CRYPTO_CRYPTD
+	select CRYPTO_GF128MUL
 	help
 	  Use an implementation of GHASH (used by the GCM AEAD chaining mode)
 	  that uses the 64x64 to 128 bit polynomial multiplication (vmull.p64)
author	Ard Biesheuvel <ard.biesheuvel@linaro.org>	2018-08-23 16:48:51 +0200
committer	Herbert Xu <herbert@gondor.apana.org.au>	2018-09-04 05:37:04 +0200
commit	00227e3a1d0855e9777cf53c52b842503435e22b (patch)
tree	bb7737ca90746dc304e7c5cfae17e396e0912b75 /arch/arm/crypto/Kconfig
parent	crypto: x86 - remove SHA multibuffer routines and mcryptd (diff)
download	linux-00227e3a1d0855e9777cf53c52b842503435e22b.tar.xz linux-00227e3a1d0855e9777cf53c52b842503435e22b.zip