Enable AES-GCM in kernel LKCF /proc/crypto for QAT in Denverton (C3000 atoms)

[jeff-zheng-silc]

Currently QAT only have AES-CBC enabled for the kernel LKCF. Would it be possible to add AES-GCM support as well?

cat /proc/crypto | grep qat

driver : qat-dh module : intel_qat driver : qat-rsa module : intel_qat driver : qat_aes_cbc_hmac_sha512 module : intel_qat driver : qat_aes_cbc_hmac_sha256 module : intel_qat driver : qat_aes_cbc_hmac_sha1 module : intel_qat driver : qat_aes_xts module : intel_qat driver : qat_aes_ctr module : intel_qat driver : qat_aes_cbc module : intel_qat

We understand modern Xeon processor have very good performance using the AESNI instruction sets. However on the Deverton C3000 SoC devices, the performance of AESNI based AES-GCM performance is still limited. We are seeing with software only the IPSec performance is only around 300-400 Mbps for AES-GCM. By using QAT through the LKCF, we can have around 1.5Gbps IPSec with AES-CBC. So we believe by enable AES-GCM in LKCF QAT driver, much better IPSec performance can be achieved.

[Yogaraj-Alamenda]

@jdschuet could you please help here on the LKCF ?

[jdschuet]

You have highlighted the primary reason we do not have AES-GCM support in the LKCF - modern Xeon processors provide very good performance utilizing the AESNI instructions. Due to this, we have not prioritized the upstreaming of AES-GCM into LKCF.