linux-stable/arch/riscv/crypto
Eric Biggers c70dfa4a27
crypto: riscv - add vector crypto accelerated AES-CBC-CTS
Add an implementation of cts(cbc(aes)) accelerated using the Zvkned
RISC-V vector crypto extension.  This is mainly useful for fscrypt,
where cts(cbc(aes)) is the "default" filenames encryption algorithm.  In
that use case, typically most messages are short and are block-aligned.
The CBC-CTS variant implemented is CS3; this is the variant Linux uses.

To perform well on short messages, the new implementation processes the
full message in one call to the assembly function if the data is
contiguous.  Otherwise it falls back to CBC operations followed by CTS
at the end.  For decryption, to further improve performance on short
messages, especially block-aligned messages, the CBC-CTS assembly
function parallelizes the AES decryption of all full blocks.  This
improves on the arm64 implementation of cts(cbc(aes)), which always
splits the CBC part(s) from the CTS part, doing the AES decryptions for
the last two blocks serially and usually loading the round keys twice.

Tested in QEMU with CONFIG_CRYPTO_MANAGER_EXTRA_TESTS=y.

Signed-off-by: Eric Biggers <ebiggers@google.com>
Link: https://lore.kernel.org/r/20240213055442.35954-1-ebiggers@kernel.org
Signed-off-by: Palmer Dabbelt <palmer@rivosinc.com>
2024-03-20 08:56:11 -07:00
..
aes-macros.S crypto: riscv - add vector crypto accelerated AES-{ECB,CBC,CTR,XTS} 2024-01-22 17:55:18 -08:00
aes-riscv64-glue.c crypto: riscv - add vector crypto accelerated AES-CBC-CTS 2024-03-20 08:56:11 -07:00
aes-riscv64-zvkned-zvbb-zvkg.S crypto: riscv - add vector crypto accelerated AES-{ECB,CBC,CTR,XTS} 2024-01-22 17:55:18 -08:00
aes-riscv64-zvkned-zvkb.S crypto: riscv - add vector crypto accelerated AES-{ECB,CBC,CTR,XTS} 2024-01-22 17:55:18 -08:00
aes-riscv64-zvkned.S crypto: riscv - add vector crypto accelerated AES-CBC-CTS 2024-03-20 08:56:11 -07:00
chacha-riscv64-glue.c crypto: riscv - add vector crypto accelerated ChaCha20 2024-01-22 17:55:19 -08:00
chacha-riscv64-zvkb.S crypto: riscv - add vector crypto accelerated ChaCha20 2024-01-22 17:55:19 -08:00
ghash-riscv64-glue.c crypto: riscv - add vector crypto accelerated GHASH 2024-01-22 17:55:20 -08:00
ghash-riscv64-zvkg.S crypto: riscv - add vector crypto accelerated GHASH 2024-01-22 17:55:20 -08:00
Kconfig crypto: riscv - add vector crypto accelerated AES-CBC-CTS 2024-03-20 08:56:11 -07:00
Makefile crypto: riscv - add vector crypto accelerated SM4 2024-01-22 17:55:24 -08:00
sha256-riscv64-glue.c crypto: riscv - add vector crypto accelerated SHA-{256,224} 2024-01-22 17:55:21 -08:00
sha256-riscv64-zvknha_or_zvknhb-zvkb.S crypto: riscv - add vector crypto accelerated SHA-{256,224} 2024-01-22 17:55:21 -08:00
sha512-riscv64-glue.c crypto: riscv - add vector crypto accelerated SHA-{512,384} 2024-01-22 17:55:22 -08:00
sha512-riscv64-zvknhb-zvkb.S crypto: riscv - add vector crypto accelerated SHA-{512,384} 2024-01-22 17:55:22 -08:00
sm3-riscv64-glue.c crypto: riscv - add vector crypto accelerated SM3 2024-01-22 17:55:23 -08:00
sm3-riscv64-zvksh-zvkb.S crypto: riscv - add vector crypto accelerated SM3 2024-01-22 17:55:23 -08:00
sm4-riscv64-glue.c crypto: riscv - add vector crypto accelerated SM4 2024-01-22 17:55:24 -08:00
sm4-riscv64-zvksed-zvkb.S crypto: riscv - add vector crypto accelerated SM4 2024-01-22 17:55:24 -08:00