dc4b64816ae00a3f542f02524fccd19f2c223024
[openwrt/staging/ansuel.git] /
1 From 457ff5f820cbee7e7d687bd7cd078dcbba4d4c4e Mon Sep 17 00:00:00 2001
2 From: Ben Avison <bavison@riscosopen.org>
3 Date: Mon, 8 Mar 2021 15:32:25 +0000
4 Subject: [PATCH] Assign crypto aliases to different AES implementation
5 modules
6
7 The kernel modules aes-neon-blk and aes-neon-bs perform poorly, at least on
8 Cortex-A72 without crypto extensions. In fact, aes-arm64 outperforms them
9 on benchmarks, despite it being a simpler implementation (only accelerating
10 the single-block AES cipher).
11
12 For modes of operation where multiple cipher blocks can be processed in
13 parallel, aes-neon-bs outperforms aes-neon-blk by around 60-70% and aes-arm64
14 is another 10-20% faster still. But the difference is even more marked with
15 modes of operation with dependencies between neighbouring blocks, such as
16 CBC encryption, which defeat parallelism: in these cases, aes-arm64 is
17 typically around 250% faster than either aes-neon-blk or aes-neon-bs.
18
19 The key trade-off with aes-arm64 is that the look-up tables are situated in
20 RAM. This leaves them potentially open to cache timing attacks. The two other
21 modules, by contrast, load the look-up tables into NEON registers and so are
22 able to perform in constant time.
23
24 This patch aims to load aes-arm64 more often.
25
26 If none of the currently-loaded crypto modules implement a given algorithm,
27 a new one is typically selected for loading using a platform-neutral alias
28 describing the required algorithm. To enable users to still
29 load aes-neon-blk or aes-neon-bs if they really want them, while still
30 ensuring that aes-arm64 is usually selected, remove the aliases from
31 aes-neonbs-glue.c and aes-glue.c and apply them to aes-cipher-glue.c, but
32 still build the two NEON modules.
33
34 Since aes-glue.c can also be used to build aes-ce-blk, leave them enabled
35 if USE_V8_CRYPTO_EXTENSIONS is defined, to ensure they are selected if we
36 in future use a CPU which has the crypto extensions enabled.
37
38 Note that the algorithm priority specifiers are unchanged, so if
39 aes-neon-bs is loaded at the same time as aes-arm64, the former will be
40 used in preference. However, aes-neon-blk and aes-arm64 have tied priority,
41 so whichever module was loaded first will be used (assuming aes-neon-bs is
42 not loaded).
43
44 Signed-off-by: Ben Avison <bavison@riscosopen.org>
45 ---
46 arch/arm64/crypto/aes-cipher-glue.c | 11 +++++++++++
47 arch/arm64/crypto/aes-glue.c | 4 ++--
48 arch/arm64/crypto/aes-neonbs-glue.c | 5 -----
49 3 files changed, 13 insertions(+), 7 deletions(-)
50
51 --- a/arch/arm64/crypto/aes-cipher-glue.c
52 +++ b/arch/arm64/crypto/aes-cipher-glue.c
53 @@ -9,6 +9,17 @@
54 #include <linux/crypto.h>
55 #include <linux/module.h>
56
57 +MODULE_ALIAS_CRYPTO("ecb(aes)");
58 +MODULE_ALIAS_CRYPTO("cbc(aes)");
59 +MODULE_ALIAS_CRYPTO("ctr(aes)");
60 +MODULE_ALIAS_CRYPTO("xts(aes)");
61 +MODULE_ALIAS_CRYPTO("xctr(aes)");
62 +MODULE_ALIAS_CRYPTO("cts(cbc(aes))");
63 +MODULE_ALIAS_CRYPTO("essiv(cbc(aes),sha256)");
64 +MODULE_ALIAS_CRYPTO("cmac(aes)");
65 +MODULE_ALIAS_CRYPTO("xcbc(aes)");
66 +MODULE_ALIAS_CRYPTO("cbcmac(aes)");
67 +
68 asmlinkage void __aes_arm64_encrypt(u32 *rk, u8 *out, const u8 *in, int rounds);
69 asmlinkage void __aes_arm64_decrypt(u32 *rk, u8 *out, const u8 *in, int rounds);
70
71 --- a/arch/arm64/crypto/aes-glue.c
72 +++ b/arch/arm64/crypto/aes-glue.c
73 @@ -57,18 +57,18 @@ MODULE_DESCRIPTION("AES-ECB/CBC/CTR/XTS/
74 #define aes_mac_update neon_aes_mac_update
75 MODULE_DESCRIPTION("AES-ECB/CBC/CTR/XTS/XCTR using ARMv8 NEON");
76 #endif
77 -#if defined(USE_V8_CRYPTO_EXTENSIONS) || !IS_ENABLED(CONFIG_CRYPTO_AES_ARM64_BS)
78 +#if defined(USE_V8_CRYPTO_EXTENSIONS)
79 MODULE_ALIAS_CRYPTO("ecb(aes)");
80 MODULE_ALIAS_CRYPTO("cbc(aes)");
81 MODULE_ALIAS_CRYPTO("ctr(aes)");
82 MODULE_ALIAS_CRYPTO("xts(aes)");
83 MODULE_ALIAS_CRYPTO("xctr(aes)");
84 -#endif
85 MODULE_ALIAS_CRYPTO("cts(cbc(aes))");
86 MODULE_ALIAS_CRYPTO("essiv(cbc(aes),sha256)");
87 MODULE_ALIAS_CRYPTO("cmac(aes)");
88 MODULE_ALIAS_CRYPTO("xcbc(aes)");
89 MODULE_ALIAS_CRYPTO("cbcmac(aes)");
90 +#endif
91
92 MODULE_AUTHOR("Ard Biesheuvel <ard.biesheuvel@linaro.org>");
93 MODULE_LICENSE("GPL v2");
94 --- a/arch/arm64/crypto/aes-neonbs-glue.c
95 +++ b/arch/arm64/crypto/aes-neonbs-glue.c
96 @@ -18,11 +18,6 @@
97 MODULE_AUTHOR("Ard Biesheuvel <ard.biesheuvel@linaro.org>");
98 MODULE_LICENSE("GPL v2");
99
100 -MODULE_ALIAS_CRYPTO("ecb(aes)");
101 -MODULE_ALIAS_CRYPTO("cbc(aes)");
102 -MODULE_ALIAS_CRYPTO("ctr(aes)");
103 -MODULE_ALIAS_CRYPTO("xts(aes)");
104 -
105 asmlinkage void aesbs_convert_key(u8 out[], u32 const rk[], int rounds);
106
107 asmlinkage void aesbs_ecb_encrypt(u8 out[], u8 const in[], u8 const rk[],