diff options
| author | Fangming.Fang <fangming.fang@arm.com> | 2019-05-31 12:15:10 +0200 |
|---|---|---|
| committer | Pauli <paul.dale@oracle.com> | 2019-12-19 03:36:07 +0100 |
| commit | 31b59078c8245a4ee7f7fa4e6ea98bba7f9a29a5 (patch) | |
| tree | e490a3b2bcf796c9c6e98fe86bcfb3d351a8a1b5 /include/crypto | |
| parent | TEST: Add test recipe and help program to test BIO_f_prefix() (diff) | |
| download | openssl-31b59078c8245a4ee7f7fa4e6ea98bba7f9a29a5.tar.xz openssl-31b59078c8245a4ee7f7fa4e6ea98bba7f9a29a5.zip | |
Optimize AES-GCM implementation on aarch64
Comparing to current implementation, this change can get more
performance improved by tunning the loop-unrolling factor in
interleave implementation as well as by enabling high level parallelism.
Performance(A72)
new
type 16 bytes 64 bytes 256 bytes 1024 bytes 8192 bytes 16384 bytes
aes-128-gcm 113065.51k 375743.00k 848359.51k 1517865.98k 1964040.19k 1986663.77k
aes-192-gcm 110679.32k 364470.63k 799322.88k 1428084.05k 1826917.03k 1848967.17k
aes-256-gcm 104919.86k 352939.29k 759477.76k 1330683.56k 1663175.34k 1670430.72k
old
type 16 bytes 64 bytes 256 bytes 1024 bytes 8192 bytes 16384 bytes
aes-128-gcm 115595.32k 382348.65k 855891.29k 1236452.35k 1425670.14k 1429793.45k
aes-192-gcm 112227.02k 369543.47k 810046.55k 1147948.37k 1286288.73k 1296941.06k
aes-256-gcm 111543.90k 361902.36k 769543.59k 1070693.03k 1208576.68k 1207511.72k
Change-Id: I28a2dca85c001a63a2a942e80c7c64f7a4fdfcf7
Reviewed-by: Bernd Edlinger <bernd.edlinger@hotmail.de>
Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/9818)
Diffstat (limited to 'include/crypto')
| -rw-r--r-- | include/crypto/ciphermode_platform.h | 33 |
1 files changed, 32 insertions, 1 deletions
diff --git a/include/crypto/ciphermode_platform.h b/include/crypto/ciphermode_platform.h index 03afd719af..e6a65bb99d 100644 --- a/include/crypto/ciphermode_platform.h +++ b/include/crypto/ciphermode_platform.h @@ -91,6 +91,32 @@ void AES_xts_decrypt(const unsigned char *inp, unsigned char *out, size_t len, # define HWAES_cbc_encrypt aes_v8_cbc_encrypt # define HWAES_ecb_encrypt aes_v8_ecb_encrypt # define HWAES_ctr32_encrypt_blocks aes_v8_ctr32_encrypt_blocks +# define AES_PMULL_CAPABLE ((OPENSSL_armcap_P & ARMV8_PMULL) && (OPENSSL_armcap_P & ARMV8_AES)) +# define AES_GCM_ENC_BYTES 512 +# define AES_GCM_DEC_BYTES 512 +# if __ARM_MAX_ARCH__>=8 +# define AES_gcm_encrypt armv8_aes_gcm_encrypt +# define AES_gcm_decrypt armv8_aes_gcm_decrypt +# define AES_GCM_ASM(gctx) ((gctx)->ctr==aes_v8_ctr32_encrypt_blocks && \ + (gctx)->gcm.ghash==gcm_ghash_v8) +size_t aes_gcm_enc_128_kernel(const uint8_t * plaintext, uint64_t plaintext_length, uint8_t * ciphertext, + uint64_t *Xi, unsigned char ivec[16], const void *key); +size_t aes_gcm_enc_192_kernel(const uint8_t * plaintext, uint64_t plaintext_length, uint8_t * ciphertext, + uint64_t *Xi, unsigned char ivec[16], const void *key); +size_t aes_gcm_enc_256_kernel(const uint8_t * plaintext, uint64_t plaintext_length, uint8_t * ciphertext, + uint64_t *Xi, unsigned char ivec[16], const void *key); +size_t aes_gcm_dec_128_kernel(const uint8_t * ciphertext, uint64_t plaintext_length, uint8_t * plaintext, + uint64_t *Xi, unsigned char ivec[16], const void *key); +size_t aes_gcm_dec_192_kernel(const uint8_t * ciphertext, uint64_t plaintext_length, uint8_t * plaintext, + uint64_t *Xi, unsigned char ivec[16], const void *key); +size_t aes_gcm_dec_256_kernel(const uint8_t * ciphertext, uint64_t plaintext_length, uint8_t * plaintext, + uint64_t *Xi, unsigned char ivec[16], const void *key); +size_t armv8_aes_gcm_encrypt(const unsigned char *in, unsigned char *out, size_t len, const void *key, + unsigned char ivec[16], u64 *Xi); +size_t armv8_aes_gcm_decrypt(const unsigned char *in, unsigned char *out, size_t len, const void *key, + unsigned char ivec[16], u64 *Xi); +void gcm_ghash_v8(u64 Xi[2],const u128 Htable[16],const u8 *inp, size_t len); +# endif # endif # endif # endif /* OPENSSL_CPUID_OBJ */ @@ -111,6 +137,9 @@ void AES_xts_decrypt(const unsigned char *inp, unsigned char *out, size_t len, # define BSAES_CAPABLE (OPENSSL_ia32cap_P[1]&(1<<(41-32))) # endif +# define AES_GCM_ENC_BYTES 32 +# define AES_GCM_DEC_BYTES 16 + int aesni_set_encrypt_key(const unsigned char *userKey, int bits, AES_KEY *key); int aesni_set_decrypt_key(const unsigned char *userKey, int bits, @@ -181,6 +210,8 @@ size_t aesni_gcm_decrypt(const unsigned char *in, unsigned char *out, size_t len const void *key, unsigned char ivec[16], u64 *Xi); void gcm_ghash_avx(u64 Xi[2], const u128 Htable[16], const u8 *in, size_t len); +# define AES_gcm_encrypt aesni_gcm_encrypt +# define AES_gcm_decrypt aesni_gcm_decrypt # define AES_GCM_ASM(ctx) (ctx->ctr == aesni_ctr32_encrypt_blocks && \ ctx->gcm.ghash == gcm_ghash_avx) # endif @@ -416,7 +447,7 @@ void HWAES_ecb_encrypt(const unsigned char *in, unsigned char *out, size_t length, const AES_KEY *key, const int enc); void HWAES_ctr32_encrypt_blocks(const unsigned char *in, unsigned char *out, - size_t len, const AES_KEY *key, + size_t len, const void *key, const unsigned char ivec[16]); void HWAES_xts_encrypt(const unsigned char *inp, unsigned char *out, size_t len, const AES_KEY *key1, |