diff options
author | Eneas U de Queiroz <cotequeiroz@gmail.com> | 2020-02-21 15:44:39 -0300 |
---|---|---|
committer | Christian Lamparter <chunkeey@gmail.com> | 2020-02-28 22:46:09 +0100 |
commit | ee4a0afdcdf0c11528d685efd64fb8f4b4efcbb1 (patch) | |
tree | 28c892a8d0c29bd29425491ce3e1c65147870dd8 /target | |
parent | 26681de412df956f154ae938dcc587065ed3973a (diff) | |
download | upstream-ee4a0afdcdf0c11528d685efd64fb8f4b4efcbb1.tar.gz upstream-ee4a0afdcdf0c11528d685efd64fb8f4b4efcbb1.tar.bz2 upstream-ee4a0afdcdf0c11528d685efd64fb8f4b4efcbb1.zip |
ipq40xx: use neon crypto drivers
This adds the neon based implementations of AES & SHA256.
For AES, according to the kernel config help:
Use a faster and more secure NEON based implementation of AES in CBC,
CTR and XTS modes.
Bit sliced AES gives around 45% speedup on Cortex-A15 for CTR mode
and for XTS mode encryption, CBC and XTS mode decryption speedup is
around 25%. (CBC encryption speed is not affected by this driver.)
This implementation does not rely on any lookup tables so it is
believed to be invulnerable to cache timing attacks.
...
The observed speedups on ipq40xx are more modest: speedup is around 20%
for CTR mode and for XTS mode encryption, CBC and XTS mode decryption
speedup is around 10%. Measurements were made using tcrypt, with
1024-bytes blocks for CTR & CBC, and 4096-bytes for XTS.
The aes-neon-bs driver uses a fallback for CBC encryption; that fallback
could be either the generic driver written in C, or the scalar arm-asm
one. Even though aes-arm is 1.9% slower, it is more resilient to timing
attacks (the reason for being slower), so it is being included here.
The neon sha256 module increases performance over the generic module by
33%.
Signed-off-by: Eneas U de Queiroz <cotequeiroz@gmail.com>
[Enable only ciphers for now, reorder patch in series to help bisect
as new symbols could lead to build failures, 5.4]
Signed-off-by: Christian Lamparter <chunkeey@gmail.com>
Diffstat (limited to 'target')
-rw-r--r-- | target/linux/ipq40xx/config-4.19 | 12 | ||||
-rw-r--r-- | target/linux/ipq40xx/config-5.4 | 12 |
2 files changed, 24 insertions, 0 deletions
diff --git a/target/linux/ipq40xx/config-4.19 b/target/linux/ipq40xx/config-4.19 index a28497aaec..f74ba5e152 100644 --- a/target/linux/ipq40xx/config-4.19 +++ b/target/linux/ipq40xx/config-4.19 @@ -47,6 +47,7 @@ CONFIG_ARM_ARCH_TIMER_EVTSTREAM=y CONFIG_ARM_CPUIDLE=y CONFIG_ARM_CPU_SUSPEND=y # CONFIG_ARM_CPU_TOPOLOGY is not set +CONFIG_ARM_CRYPTO=y CONFIG_ARM_GIC=y CONFIG_ARM_HAS_SG_CHAIN=y CONFIG_ARM_L1_CACHE_SHIFT=6 @@ -114,17 +115,24 @@ CONFIG_CRC32_SLICEBY8=y CONFIG_CRYPTO_ACOMP2=y CONFIG_CRYPTO_AEAD=y CONFIG_CRYPTO_AEAD2=y +CONFIG_CRYPTO_AES_ARM=y +CONFIG_CRYPTO_AES_ARM_BS=y CONFIG_CRYPTO_CBC=y CONFIG_CRYPTO_CTR=y CONFIG_CRYPTO_DEFLATE=y CONFIG_CRYPTO_DES=y CONFIG_CRYPTO_DEV_QCE=y +# CONFIG_CRYPTO_DEV_QCE_ENABLE_ALL is not set +# CONFIG_CRYPTO_DEV_QCE_ENABLE_SHA is not set +CONFIG_CRYPTO_DEV_QCE_ENABLE_SKCIPHER=y +CONFIG_CRYPTO_DEV_QCE_SW_MAX_LEN=512 CONFIG_CRYPTO_DEV_QCOM_RNG=y CONFIG_CRYPTO_DRBG=y CONFIG_CRYPTO_DRBG_HMAC=y CONFIG_CRYPTO_DRBG_MENU=y CONFIG_CRYPTO_ECB=y CONFIG_CRYPTO_GF128MUL=y +# CONFIG_CRYPTO_GHASH_ARM_CE is not set CONFIG_CRYPTO_HASH=y CONFIG_CRYPTO_HASH2=y CONFIG_CRYPTO_HMAC=y @@ -139,7 +147,11 @@ CONFIG_CRYPTO_RNG=y CONFIG_CRYPTO_RNG2=y CONFIG_CRYPTO_RNG_DEFAULT=y CONFIG_CRYPTO_SEQIV=y +# CONFIG_CRYPTO_SHA1_ARM_CE is not set +# CONFIG_CRYPTO_SHA1_ARM_NEON is not set CONFIG_CRYPTO_SHA256=y +CONFIG_CRYPTO_SHA256_ARM=y +CONFIG_CRYPTO_SIMD=y CONFIG_CRYPTO_WORKQUEUE=y CONFIG_CRYPTO_XTS=y CONFIG_DCACHE_WORD_ACCESS=y diff --git a/target/linux/ipq40xx/config-5.4 b/target/linux/ipq40xx/config-5.4 index 6d9cd4edae..9d3ac78e44 100644 --- a/target/linux/ipq40xx/config-5.4 +++ b/target/linux/ipq40xx/config-5.4 @@ -58,6 +58,7 @@ CONFIG_ARM_ARCH_TIMER_EVTSTREAM=y CONFIG_ARM_CPUIDLE=y CONFIG_ARM_CPU_SUSPEND=y # CONFIG_ARM_CPU_TOPOLOGY is not set +CONFIG_ARM_CRYPTO=y # CONFIG_ARM_ERRATA_814220 is not set # CONFIG_ARM_ERRATA_857271 is not set # CONFIG_ARM_ERRATA_857272 is not set @@ -144,6 +145,8 @@ CONFIG_CRYPTO_ACOMP2=y # CONFIG_CRYPTO_ADIANTUM is not set CONFIG_CRYPTO_AEAD=y CONFIG_CRYPTO_AEAD2=y +CONFIG_CRYPTO_AES_ARM=y +CONFIG_CRYPTO_AES_ARM_BS=y CONFIG_CRYPTO_AKCIPHER2=y CONFIG_CRYPTO_CBC=y CONFIG_CRYPTO_CTR=y @@ -151,6 +154,10 @@ CONFIG_CRYPTO_DEFLATE=y CONFIG_CRYPTO_DES=y # CONFIG_CRYPTO_DEV_ATMEL_SHA204A is not set CONFIG_CRYPTO_DEV_QCE=y +# CONFIG_CRYPTO_DEV_QCE_ENABLE_ALL is not set +# CONFIG_CRYPTO_DEV_QCE_ENABLE_SHA is not set +CONFIG_CRYPTO_DEV_QCE_ENABLE_SKCIPHER=y +CONFIG_CRYPTO_DEV_QCE_SW_MAX_LEN=512 CONFIG_CRYPTO_DEV_QCOM_RNG=y CONFIG_CRYPTO_DRBG=y CONFIG_CRYPTO_DRBG_HMAC=y @@ -158,6 +165,7 @@ CONFIG_CRYPTO_DRBG_MENU=y CONFIG_CRYPTO_ECB=y # CONFIG_CRYPTO_ECRDSA is not set # CONFIG_CRYPTO_ESSIV is not set +# CONFIG_CRYPTO_GHASH_ARM_CE is not set CONFIG_CRYPTO_HASH=y CONFIG_CRYPTO_HASH2=y CONFIG_CRYPTO_HASH_INFO=y @@ -177,8 +185,12 @@ CONFIG_CRYPTO_NULL2=y CONFIG_CRYPTO_RNG=y CONFIG_CRYPTO_RNG2=y CONFIG_CRYPTO_RNG_DEFAULT=y +# CONFIG_CRYPTO_SHA1_ARM_CE is not set +# CONFIG_CRYPTO_SHA1_ARM_NEON is not set CONFIG_CRYPTO_SEQIV=y CONFIG_CRYPTO_SHA256=y +CONFIG_CRYPTO_SHA256_ARM=y +CONFIG_CRYPTO_SIMD=y # CONFIG_CRYPTO_STREEBOG is not set CONFIG_CRYPTO_XTS=y # CONFIG_CRYPTO_XXHASH is not set |