Add ktls_armv8 kernel modules that implements AES-GCM encryption
usign ARMv8-accelerated crypto primitives from OpenSSL.
The module supports:
- AES128-GCM encryption
- AES256-GCM encryption
- TLS v1.2
- TLS v1.3
gonzo on Dec 3 2020, 2:48 AM.Authored by
This is an almost ready version to get the initial discussion going. I'd like to get it in shape for HEAD before 13.0 freeze. There are still some issues.
The requirement of AQUIRE_CTX/RELEASE_CTX is not exactly clear to me, the driver seems to work fine without locking on an 80-CPU platform under heavy load. I'd appreciate some help on this topic. What is the failure mode for a race like this?
Also, the driver wasn't tested on the big-endian platform yet.
You would be better off adding AES-GCM support to an OCF driver for arm64 instead. I'm currently looking at retiring the software interface for KTLS and instead only using OCF for software KTLS. In addition, AES-GCM support in OCF would also benefit other use cases like IPsec and ZFS.
That said, my thoughts for arm64 AES-GCM support was to extend ossl(4) to support AES-GCM and use that. However, you could take your AES-GCM implementation and add it to armv8crypto(4).
OK, I'll switch it to OCF and armv8crypto. I wrote it as a kTLS interface to avoid extra indirection levels (kTLS/GCM instead of kTLS/OCF/GCM), do you think switching to OCF can have any performance penalties?
I'm looking at D21017, which adds AES-XTS support to armv8_crypto, and has been sitting in review for some time.
I am hoping to get it committed soon, but wanted to get your attention here as it will create some small conflicts with this patch. Let me know if you have any major concerns about that, I'm happy to accommodate so that we might get both of these patches in before 13 branches.