Skip to content

[S390x] Optimize AES modes

Maamoun TK requested to merge mamonet/nettle:s390x-aes into master

This patch takes advantage of built-in AES functions to optimize AES modes.

Added configurable options: --enable-s390x-msa (Enable message-security assist on z/Architecture) --enable-s390x-msa-x4 (Enable message-security-assist extension 4 on z/Architecture) --enable-s390x-msa-x8 (Enable message-security-assist extension 8 on z/Architecture)

The patch contains fat support that checks the CPU features at runtime and run the optimized cores when the corresponding features are enabled.

Benchmark: This benchmark is run on z15 with 5.2 GHz CPU frequency.

benchmark of AES functions measured by cycles per byte when message-security-assist extension 8 is enabled (KMA-GCM-AES is used to optimize AES-GCM mode).

Function C (CPB) [MSA-X8] Hardware accelerated (CPB)
AES128 Encrypt 21.7 0.9
AES128 Decrypt 23.7 0.8
AES192 Encrypt 25.7 0.7
AES192 Decrypt 26.6 0.7
AES256 Encrypt 28.7 0.7
AES256 Decrypt 30.3 0.7
CBC-AES128 Encrypt 27.2 1.2
CBC-AES128 Decrypt 26.6 0.8
CBC-AES192 Encrypt 31.5 1.4
CBC-AES192 Decrypt 29.6 0.8
CBC-AES256 Encrypt 34.7 1.6
CBC-AES256 Decrypt 33.3 0.8
CFB-AES128 Encrypt 28.6 1.3
CFB-AES128 Decrypt 23.5 1.3
CFB-AES192 Encrypt 32.7 1.6
CFB-AES192 Decrypt 28.4 1.5
CFB-AES256 Encrypt 35.8 1.7
CFB-AES256 Decrypt 31.2 1.7
CFB8-AES128 Encrypt 341.6 17.3
CFB8-AES128 Decrypt 328.3 17.4
CFB8-AES192 Encrypt 398.2 20.4
CFB8-AES192 Decrypt 385.0 20.4
CFB8-AES256 Encrypt 453.3 23.4
CFB8-AES256 Decrypt 440.7 23.4
CMAC-AES128 Update 21.9 1.0
CMAC-AES256 Update 28.8 1.3
CCM-AES128 Encrypt 44.3 1.8
CCM-AES128 Decrypt 44.0 3.0
CCM-AES128 Update 21.6 1.0
CCM-AES192 Encrypt 52.0 2.0
CCM-AES192 Decrypt 52.0 3.2
CCM-AES192 Update 25.3 1.2
CCM-AES256 Encrypt 58.6 2.2
CCM-AES256 Decrypt 58.6 3.3
CCM-AES256 Update 28.4 1.4
CTR-AES128 Crypt 22.6 0.8
CTR-AES192 Crypt 26.7 0.8
CTR-AES256 Crypt 29.9 0.8
XTS-AES128 Encrypt 26.5 0.8
XTS-AES128 Decrypt 27.2 0.8
XTS-AES256 Encrypt 33.4 0.8
XTS-AES256 Decrypt 35.9 0.8
GCM-AES128 Encrypt 33.8 0.8
GCM-AES128 Decrypt 34.0 0.8
GCM-AES128 Update 11.6 0.5
GCM-AES192 Encrypt 38.4 0.8
GCM-AES192 Decrypt 39.1 0.8
GCM-AES192 Update 11.6 0.5
GCM-AES256 Encrypt 41.7 0.8
GCM-AES256 Decrypt 41.7 0.8
GCM-AES256 Update 11.5 0.5

benchmark of AES-GCM mode functions measured by cycles per byte when message-security-assist extension 4 is enabled (KM-AES and KIMD-GHASH are used to optimize AES-GCM mode).

Function C (CPB) [MSA-X4] Hardware accelerated (CPB)
GCM-AES128 Encrypt 33.8 6.8
GCM-AES128 Decrypt 34.0 5.0
GCM-AES128 Update 11.6 0.4
GCM-AES192 Encrypt 38.4 6.8
GCM-AES192 Decrypt 39.1 5.0
GCM-AES192 Update 11.6 0.4
GCM-AES256 Encrypt 41.7 6.6
GCM-AES256 Decrypt 41.7 4.6
GCM-AES256 Update 11.5 0.4
Edited by Maamoun TK

Merge request reports