mirror of
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
synced 2024-09-12 21:57:43 +00:00
5172d322d3
Add an ARM scalar optimized implementation of BLAKE2s. NEON isn't very useful for BLAKE2s because the BLAKE2s block size is too small for NEON to help. Each NEON instruction would depend on the previous one, resulting in poor performance. With scalar instructions, on the other hand, we can take advantage of ARM's "free" rotations (like I did in chacha-scalar-core.S) to get an implementation get runs much faster than the C implementation. Performance results on Cortex-A7 in cycles per byte using the shash API: 4096-byte messages: blake2s-256-arm: 18.8 blake2s-256-generic: 26.0 500-byte messages: blake2s-256-arm: 20.3 blake2s-256-generic: 27.9 100-byte messages: blake2s-256-arm: 29.7 blake2s-256-generic: 39.2 32-byte messages: blake2s-256-arm: 50.6 blake2s-256-generic: 66.2 Except on very short messages, this is still slower than the NEON implementation of BLAKE2b which I've written; that is 14.0, 16.4, 25.8, and 76.1 cpb on 4096, 500, 100, and 32-byte messages, respectively. However, optimized BLAKE2s is useful for cases where BLAKE2s is used instead of BLAKE2b, such as WireGuard. This new implementation is added in the form of a new module blake2s-arm.ko, which is analogous to blake2s-x86_64.ko in that it provides blake2s_compress_arch() for use by the library API as well as optionally register the algorithms with the shash API. Acked-by: Ard Biesheuvel <ardb@kernel.org> Signed-off-by: Eric Biggers <ebiggers@google.com> Tested-by: Ard Biesheuvel <ardb@kernel.org> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au> |
||
|---|---|---|
| .. | ||
| .gitignore | ||
| aes-ce-core.S | ||
| aes-ce-glue.c | ||
| aes-cipher-core.S | ||
| aes-cipher-glue.c | ||
| aes-neonbs-core.S | ||
| aes-neonbs-glue.c | ||
| blake2s-core.S | ||
| blake2s-glue.c | ||
| chacha-glue.c | ||
| chacha-neon-core.S | ||
| chacha-scalar-core.S | ||
| crc32-ce-core.S | ||
| crc32-ce-glue.c | ||
| crct10dif-ce-core.S | ||
| crct10dif-ce-glue.c | ||
| curve25519-core.S | ||
| curve25519-glue.c | ||
| ghash-ce-core.S | ||
| ghash-ce-glue.c | ||
| Kconfig | ||
| Makefile | ||
| nh-neon-core.S | ||
| nhpoly1305-neon-glue.c | ||
| poly1305-armv4.pl | ||
| poly1305-core.S_shipped | ||
| poly1305-glue.c | ||
| sha1-armv4-large.S | ||
| sha1-armv7-neon.S | ||
| sha1-ce-core.S | ||
| sha1-ce-glue.c | ||
| sha1.h | ||
| sha1_glue.c | ||
| sha1_neon_glue.c | ||
| sha2-ce-core.S | ||
| sha2-ce-glue.c | ||
| sha256-armv4.pl | ||
| sha256-core.S_shipped | ||
| sha256_glue.c | ||
| sha256_glue.h | ||
| sha256_neon_glue.c | ||
| sha512-armv4.pl | ||
| sha512-core.S_shipped | ||
| sha512-glue.c | ||
| sha512-neon-glue.c | ||
| sha512.h | ||