diff options
| author | Ard Biesheuvel <ard.biesheuvel@linaro.org> | 2019-06-24 19:38:31 +0200 |
|---|---|---|
| committer | Herbert Xu <herbert@gondor.apana.org.au> | 2019-07-03 22:13:12 +0800 |
| commit | 7367bfeb2c141fb3ddff6b09bb5dfeb739b3d245 (patch) | |
| tree | 39a672738a414e61d0e2afd3d6460a8ab4afa262 /arch/arm64/crypto/aes-ce.S | |
| parent | e217413964a453fc2eeb437c32deb00581cf899d (diff) | |
| download | linux-7367bfeb2c141fb3ddff6b09bb5dfeb739b3d245.tar.bz2 | |
crypto: arm64/aes-ce - implement 5 way interleave for ECB, CBC and CTR
This implements 5-way interleaving for ECB, CBC decryption and CTR,
resulting in a speedup of ~11% on Marvell ThunderX2, which has a
very deep pipeline and therefore a high issue latency for NEON
instructions operating on the same registers.
Note that XTS is left alone: implementing 5-way interleave there
would either involve spilling of the calculated tweaks to the
stack, or recalculating them after the encryption operation, and
doing either of those would most likely penalize low end cores.
For ECB, this is not a concern at all, given that we have plenty
of spare registers. For CTR and CBC decryption, we take advantage
of the fact that v16 is not used by the CE version of the code
(which is the only one targeted by the optimization), and so we
can reshuffle the code a bit and avoid having to spill to memory
(with the exception of one extra reload in the CBC routine)
Signed-off-by: Ard Biesheuvel <ard.biesheuvel@linaro.org>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Diffstat (limited to 'arch/arm64/crypto/aes-ce.S')
| -rw-r--r-- | arch/arm64/crypto/aes-ce.S | 2 |
1 files changed, 2 insertions, 0 deletions
diff --git a/arch/arm64/crypto/aes-ce.S b/arch/arm64/crypto/aes-ce.S index 0fca5f463406..dbfc04ea20c7 100644 --- a/arch/arm64/crypto/aes-ce.S +++ b/arch/arm64/crypto/aes-ce.S @@ -18,6 +18,8 @@ .arch armv8-a+crypto xtsmask .req v16 + cbciv .req v16 + vctr .req v16 .macro xts_reload_mask, tmp .endm |