search

intel / QAT_Engine

Intel QuickAssist Technology( QAT) OpenSSL Engine (an OpenSSL Plug-In Engine) which provides cryptographic acceleration for both hardware and optimized software using Intel QuickAssist Technology enabled Intel platforms. https://developer.intel.com/quickassist
BSD 3-Clause "New" or "Revised" License
398 stars 127 forks source link

Enable AES-GCM in kernel LKCF /proc/crypto for QAT in Denverton (C3000 atoms) #237

Open jeff-zheng-silc opened 1 year ago

jeff-zheng-silc commented 1 year ago

Currently QAT only have AES-CBC enabled for the kernel LKCF. Would it be possible to add AES-GCM support as well?

cat /proc/crypto | grep qat

driver : qat-dh module : intel_qat driver : qat-rsa module : intel_qat driver : qat_aes_cbc_hmac_sha512 module : intel_qat driver : qat_aes_cbc_hmac_sha256 module : intel_qat driver : qat_aes_cbc_hmac_sha1 module : intel_qat driver : qat_aes_xts module : intel_qat driver : qat_aes_ctr module : intel_qat driver : qat_aes_cbc module : intel_qat

We understand modern Xeon processor have very good performance using the AESNI instruction sets. However on the Deverton C3000 SoC devices, the performance of AESNI based AES-GCM performance is still limited. We are seeing with software only the IPSec performance is only around 300-400 Mbps for AES-GCM. By using QAT through the LKCF, we can have around 1.5Gbps IPSec with AES-CBC. So we believe by enable AES-GCM in LKCF QAT driver, much better IPSec performance can be achieved.

Yogaraj-Alamenda commented 1 year ago

@jdschuet could you please help here on the LKCF ?

jdschuet commented 1 year ago

You have highlighted the primary reason we do not have AES-GCM support in the LKCF - modern Xeon processors provide very good performance utilizing the AESNI instructions. Due to this, we have not prioritized the upstreaming of AES-GCM into LKCF.