From ee4a0afdcdf0c11528d685efd64fb8f4b4efcbb1 Mon Sep 17 00:00:00 2001 From: Eneas U de Queiroz Date: Fri, 21 Feb 2020 15:44:39 -0300 Subject: ipq40xx: use neon crypto drivers This adds the neon based implementations of AES & SHA256. For AES, according to the kernel config help: Use a faster and more secure NEON based implementation of AES in CBC, CTR and XTS modes. Bit sliced AES gives around 45% speedup on Cortex-A15 for CTR mode and for XTS mode encryption, CBC and XTS mode decryption speedup is around 25%. (CBC encryption speed is not affected by this driver.) This implementation does not rely on any lookup tables so it is believed to be invulnerable to cache timing attacks. ... The observed speedups on ipq40xx are more modest: speedup is around 20% for CTR mode and for XTS mode encryption, CBC and XTS mode decryption speedup is around 10%. Measurements were made using tcrypt, with 1024-bytes blocks for CTR & CBC, and 4096-bytes for XTS. The aes-neon-bs driver uses a fallback for CBC encryption; that fallback could be either the generic driver written in C, or the scalar arm-asm one. Even though aes-arm is 1.9% slower, it is more resilient to timing attacks (the reason for being slower), so it is being included here. The neon sha256 module increases performance over the generic module by 33%. Signed-off-by: Eneas U de Queiroz [Enable only ciphers for now, reorder patch in series to help bisect as new symbols could lead to build failures, 5.4] Signed-off-by: Christian Lamparter --- target/linux/ipq40xx/config-4.19 | 12 ++++++++++++ target/linux/ipq40xx/config-5.4 | 12 ++++++++++++ 2 files changed, 24 insertions(+) (limited to 'target') diff --git a/target/linux/ipq40xx/config-4.19 b/target/linux/ipq40xx/config-4.19 index a28497aaec..f74ba5e152 100644 --- a/target/linux/ipq40xx/config-4.19 +++ b/target/linux/ipq40xx/config-4.19 @@ -47,6 +47,7 @@ CONFIG_ARM_ARCH_TIMER_EVTSTREAM=y CONFIG_ARM_CPUIDLE=y CONFIG_ARM_CPU_SUSPEND=y # CONFIG_ARM_CPU_TOPOLOGY is not set +CONFIG_ARM_CRYPTO=y CONFIG_ARM_GIC=y CONFIG_ARM_HAS_SG_CHAIN=y CONFIG_ARM_L1_CACHE_SHIFT=6 @@ -114,17 +115,24 @@ CONFIG_CRC32_SLICEBY8=y CONFIG_CRYPTO_ACOMP2=y CONFIG_CRYPTO_AEAD=y CONFIG_CRYPTO_AEAD2=y +CONFIG_CRYPTO_AES_ARM=y +CONFIG_CRYPTO_AES_ARM_BS=y CONFIG_CRYPTO_CBC=y CONFIG_CRYPTO_CTR=y CONFIG_CRYPTO_DEFLATE=y CONFIG_CRYPTO_DES=y CONFIG_CRYPTO_DEV_QCE=y +# CONFIG_CRYPTO_DEV_QCE_ENABLE_ALL is not set +# CONFIG_CRYPTO_DEV_QCE_ENABLE_SHA is not set +CONFIG_CRYPTO_DEV_QCE_ENABLE_SKCIPHER=y +CONFIG_CRYPTO_DEV_QCE_SW_MAX_LEN=512 CONFIG_CRYPTO_DEV_QCOM_RNG=y CONFIG_CRYPTO_DRBG=y CONFIG_CRYPTO_DRBG_HMAC=y CONFIG_CRYPTO_DRBG_MENU=y CONFIG_CRYPTO_ECB=y CONFIG_CRYPTO_GF128MUL=y +# CONFIG_CRYPTO_GHASH_ARM_CE is not set CONFIG_CRYPTO_HASH=y CONFIG_CRYPTO_HASH2=y CONFIG_CRYPTO_HMAC=y @@ -139,7 +147,11 @@ CONFIG_CRYPTO_RNG=y CONFIG_CRYPTO_RNG2=y CONFIG_CRYPTO_RNG_DEFAULT=y CONFIG_CRYPTO_SEQIV=y +# CONFIG_CRYPTO_SHA1_ARM_CE is not set +# CONFIG_CRYPTO_SHA1_ARM_NEON is not set CONFIG_CRYPTO_SHA256=y +CONFIG_CRYPTO_SHA256_ARM=y +CONFIG_CRYPTO_SIMD=y CONFIG_CRYPTO_WORKQUEUE=y CONFIG_CRYPTO_XTS=y CONFIG_DCACHE_WORD_ACCESS=y diff --git a/target/linux/ipq40xx/config-5.4 b/target/linux/ipq40xx/config-5.4 index 6d9cd4edae..9d3ac78e44 100644 --- a/target/linux/ipq40xx/config-5.4 +++ b/target/linux/ipq40xx/config-5.4 @@ -58,6 +58,7 @@ CONFIG_ARM_ARCH_TIMER_EVTSTREAM=y CONFIG_ARM_CPUIDLE=y CONFIG_ARM_CPU_SUSPEND=y # CONFIG_ARM_CPU_TOPOLOGY is not set +CONFIG_ARM_CRYPTO=y # CONFIG_ARM_ERRATA_814220 is not set # CONFIG_ARM_ERRATA_857271 is not set # CONFIG_ARM_ERRATA_857272 is not set @@ -144,6 +145,8 @@ CONFIG_CRYPTO_ACOMP2=y # CONFIG_CRYPTO_ADIANTUM is not set CONFIG_CRYPTO_AEAD=y CONFIG_CRYPTO_AEAD2=y +CONFIG_CRYPTO_AES_ARM=y +CONFIG_CRYPTO_AES_ARM_BS=y CONFIG_CRYPTO_AKCIPHER2=y CONFIG_CRYPTO_CBC=y CONFIG_CRYPTO_CTR=y @@ -151,6 +154,10 @@ CONFIG_CRYPTO_DEFLATE=y CONFIG_CRYPTO_DES=y # CONFIG_CRYPTO_DEV_ATMEL_SHA204A is not set CONFIG_CRYPTO_DEV_QCE=y +# CONFIG_CRYPTO_DEV_QCE_ENABLE_ALL is not set +# CONFIG_CRYPTO_DEV_QCE_ENABLE_SHA is not set +CONFIG_CRYPTO_DEV_QCE_ENABLE_SKCIPHER=y +CONFIG_CRYPTO_DEV_QCE_SW_MAX_LEN=512 CONFIG_CRYPTO_DEV_QCOM_RNG=y CONFIG_CRYPTO_DRBG=y CONFIG_CRYPTO_DRBG_HMAC=y @@ -158,6 +165,7 @@ CONFIG_CRYPTO_DRBG_MENU=y CONFIG_CRYPTO_ECB=y # CONFIG_CRYPTO_ECRDSA is not set # CONFIG_CRYPTO_ESSIV is not set +# CONFIG_CRYPTO_GHASH_ARM_CE is not set CONFIG_CRYPTO_HASH=y CONFIG_CRYPTO_HASH2=y CONFIG_CRYPTO_HASH_INFO=y @@ -177,8 +185,12 @@ CONFIG_CRYPTO_NULL2=y CONFIG_CRYPTO_RNG=y CONFIG_CRYPTO_RNG2=y CONFIG_CRYPTO_RNG_DEFAULT=y +# CONFIG_CRYPTO_SHA1_ARM_CE is not set +# CONFIG_CRYPTO_SHA1_ARM_NEON is not set CONFIG_CRYPTO_SEQIV=y CONFIG_CRYPTO_SHA256=y +CONFIG_CRYPTO_SHA256_ARM=y +CONFIG_CRYPTO_SIMD=y # CONFIG_CRYPTO_STREEBOG is not set CONFIG_CRYPTO_XTS=y # CONFIG_CRYPTO_XXHASH is not set -- cgit v1.2.3