Tony Harminc wrote: >Do the zArch crypto instructions support the crypto operations used by >Wireguard? I see PCKMO supports Curve25519 for key exchange, but I'm not >seeing any of the others. Does the apparent high performance of the >symmetric crypto running on a CP or specialty engine outdo the crypto >hardware on z?
WireGuard has been part of the Linux kernel since kernel 5.6 (March 29, 2020). WireGuard leans heavily on ChaCha20-Poly1305. Its designers picked ChaCha20-Poly1305 in large part because even generic implementations typically perform well even on extremely resource limited systems. Even so, ChaCha20-Poly1305 performance optimizations are possible to raise “excellent” to “super excellent” performance. See here for one important example: https://community.ibm.com/community/user/ibmz-and-linuxone/blogs/bill-ofarrell/2023/09/22/killer-crypto-in-go-on-zos-crypto-acceleration The mainline Linux kernel includes a non-generic, performance optimized implementation of ChaCha20-Poly1305 for s390x. Refer to arch/s390/crypto/chacha-s390.S. Wireguard is supposed to use kernel default cryptographic APIs if/when it doesn’t supply its own, so it should pick up those same ChaCha20-Poly1305 optimizations on s390x. Or at least that’s my understanding, and only with a cursory glance at kernel source code. ————— Timothy Sipples Senior Architect Digital Assets, Industry Solutions, and Cybersecurity IBM zSystems/LinuxONE, Asia-Pacific [email protected] ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [email protected] with the message: INFO IBM-MAIN
