[S390x] Optimize AES modes
This patch takes advantage of built-in AES functions to optimize AES modes.
Added configurable options: --enable-s390x-msa (Enable message-security assist on z/Architecture) --enable-s390x-msa-x4 (Enable message-security-assist extension 4 on z/Architecture) --enable-s390x-msa-x8 (Enable message-security-assist extension 8 on z/Architecture)
The patch contains fat support that checks the CPU features at runtime and run the optimized cores when the corresponding features are enabled.
Benchmark: This benchmark is run on z15 with 5.2 GHz CPU frequency.
benchmark of AES functions measured by cycles per byte when message-security-assist extension 8 is enabled (KMA-GCM-AES is used to optimize AES-GCM mode).
Function | C (CPB) | [MSA-X8] Hardware accelerated (CPB) |
---|---|---|
AES128 Encrypt | 21.7 | 0.9 |
AES128 Decrypt | 23.7 | 0.8 |
AES192 Encrypt | 25.7 | 0.7 |
AES192 Decrypt | 26.6 | 0.7 |
AES256 Encrypt | 28.7 | 0.7 |
AES256 Decrypt | 30.3 | 0.7 |
CBC-AES128 Encrypt | 27.2 | 1.2 |
CBC-AES128 Decrypt | 26.6 | 0.8 |
CBC-AES192 Encrypt | 31.5 | 1.4 |
CBC-AES192 Decrypt | 29.6 | 0.8 |
CBC-AES256 Encrypt | 34.7 | 1.6 |
CBC-AES256 Decrypt | 33.3 | 0.8 |
CFB-AES128 Encrypt | 28.6 | 1.3 |
CFB-AES128 Decrypt | 23.5 | 1.3 |
CFB-AES192 Encrypt | 32.7 | 1.6 |
CFB-AES192 Decrypt | 28.4 | 1.5 |
CFB-AES256 Encrypt | 35.8 | 1.7 |
CFB-AES256 Decrypt | 31.2 | 1.7 |
CFB8-AES128 Encrypt | 341.6 | 17.3 |
CFB8-AES128 Decrypt | 328.3 | 17.4 |
CFB8-AES192 Encrypt | 398.2 | 20.4 |
CFB8-AES192 Decrypt | 385.0 | 20.4 |
CFB8-AES256 Encrypt | 453.3 | 23.4 |
CFB8-AES256 Decrypt | 440.7 | 23.4 |
CMAC-AES128 Update | 21.9 | 1.0 |
CMAC-AES256 Update | 28.8 | 1.3 |
CCM-AES128 Encrypt | 44.3 | 1.8 |
CCM-AES128 Decrypt | 44.0 | 3.0 |
CCM-AES128 Update | 21.6 | 1.0 |
CCM-AES192 Encrypt | 52.0 | 2.0 |
CCM-AES192 Decrypt | 52.0 | 3.2 |
CCM-AES192 Update | 25.3 | 1.2 |
CCM-AES256 Encrypt | 58.6 | 2.2 |
CCM-AES256 Decrypt | 58.6 | 3.3 |
CCM-AES256 Update | 28.4 | 1.4 |
CTR-AES128 Crypt | 22.6 | 0.8 |
CTR-AES192 Crypt | 26.7 | 0.8 |
CTR-AES256 Crypt | 29.9 | 0.8 |
XTS-AES128 Encrypt | 26.5 | 0.8 |
XTS-AES128 Decrypt | 27.2 | 0.8 |
XTS-AES256 Encrypt | 33.4 | 0.8 |
XTS-AES256 Decrypt | 35.9 | 0.8 |
GCM-AES128 Encrypt | 33.8 | 0.8 |
GCM-AES128 Decrypt | 34.0 | 0.8 |
GCM-AES128 Update | 11.6 | 0.5 |
GCM-AES192 Encrypt | 38.4 | 0.8 |
GCM-AES192 Decrypt | 39.1 | 0.8 |
GCM-AES192 Update | 11.6 | 0.5 |
GCM-AES256 Encrypt | 41.7 | 0.8 |
GCM-AES256 Decrypt | 41.7 | 0.8 |
GCM-AES256 Update | 11.5 | 0.5 |
benchmark of AES-GCM mode functions measured by cycles per byte when message-security-assist extension 4 is enabled (KM-AES and KIMD-GHASH are used to optimize AES-GCM mode).
Function | C (CPB) | [MSA-X4] Hardware accelerated (CPB) |
---|---|---|
GCM-AES128 Encrypt | 33.8 | 6.8 |
GCM-AES128 Decrypt | 34.0 | 5.0 |
GCM-AES128 Update | 11.6 | 0.4 |
GCM-AES192 Encrypt | 38.4 | 6.8 |
GCM-AES192 Decrypt | 39.1 | 5.0 |
GCM-AES192 Update | 11.6 | 0.4 |
GCM-AES256 Encrypt | 41.7 | 6.6 |
GCM-AES256 Decrypt | 41.7 | 4.6 |
GCM-AES256 Update | 11.5 | 0.4 |