diff options
| author | Martin Willi <martin@strongswan.org> | 2018-11-20 17:30:48 +0100 |
|---|---|---|
| committer | Herbert Xu <herbert@gondor.apana.org.au> | 2018-11-29 09:27:04 +0100 |
| commit | cee7a36ecb5bafef8c87fb2c10641e6125044154 (patch) | |
| tree | 7e52243f3733ef595aeaa7df6094a8db30fb3747 /arch/x86/crypto/aegis128l-aesni-glue.c | |
| parent | crypto: adiantum - add Adiantum support (diff) | |
| download | linux-cee7a36ecb5bafef8c87fb2c10641e6125044154.tar.xz linux-cee7a36ecb5bafef8c87fb2c10641e6125044154.zip | |
crypto: x86/chacha20 - Add a 8-block AVX-512VL variant
This variant is similar to the AVX2 version, but benefits from the AVX-512
rotate instructions and the additional registers, so it can operate without
any data on the stack. It uses ymm registers only to avoid the massive core
throttling on Skylake-X platforms. Nontheless does it bring a ~30% speed
improvement compared to the AVX2 variant for random encryption lengths.
The AVX2 version uses "rep movsb" for partial block XORing via the stack.
With AVX-512, the new "vmovdqu8" can do this much more efficiently. The
associated "kmov" instructions to work with dynamic masks is not part of
the AVX-512VL instruction set, hence we depend on AVX-512BW as well. Given
that the major AVX-512VL architectures provide AVX-512BW and this extension
does not affect core clocking, this seems to be no problem at least for
now.
Signed-off-by: Martin Willi <martin@strongswan.org>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Diffstat (limited to 'arch/x86/crypto/aegis128l-aesni-glue.c')
0 files changed, 0 insertions, 0 deletions