Page MenuHomeFreeBSD
Differential D25058

Various optimizations to software AES-CCM and AES-GCM.
ClosedPublic
Actions

Authored by jhb on May 29 2020, 11:28 PM.
Tags
None
Referenced Files
Unknown Object (File)
Mon, Feb 10, 8:46 PM
Unknown Object (File)
Sun, Feb 9, 3:53 AM
Unknown Object (File)
Sat, Feb 8, 10:24 PM
Unknown Object (File)
Mon, Feb 3, 1:16 AM
Unknown Object (File)
Sun, Jan 26, 7:02 PM
Unknown Object (File)
Fri, Jan 17, 11:49 PM
Unknown Object (File)
Dec 12 2024, 9:04 AM
Unknown Object (File)
Dec 2 2024, 12:04 PM
View All 62 Files
Subscribers
imp

Details

Reviewers
cem
jmg
Commits
rS362135: Various optimizations to software AES-CCM and AES-GCM.
Summary
  • Make use of cursors to avoid data copies for AES-CCM and AES-GCM.

    Pass pointers into the request's input and/or output buffers directly to the Update, encrypt, and decrypt hooks rather than always copying all data into a temporary block buffer on the stack.
  • Use encrypt/decrypt_last for partial blocks which avoids a memset to clear the rest of the block on the stack.
  • Shrink the on-stack buffers to assume AES block sizes and CCM/GCM tag lengths.
  • For AAD data, pass larger chunks to axf->Update. CCM can take each AAD segment in a single call. GMAC can take multiple blocks at a time.
Test Plan
  • cryptocheck and KTLS TX

Diff Detail

Lint
Lint Skipped
Unit
Tests Skipped
Build Status
Buildable 31672
Build 29250: arc lint + arc unit

Event Timeline

jhb requested review of this revision.May 29 2020, 11:28 PM
jhb created this revision.
Harbormaster completed remote builds in B31382: Diff 72432.May 29 2020, 11:28 PM
jhb added a parent revision: D25057: Explicitly zero potentially sensitive data in software crypto and cxgbe..May 29 2020, 11:30 PM
jhb added a comment.May 29 2020, 11:34 PM

With this change, a simple KTLS TX benchmark using 100% of a 4x2 Haswell box went from ~3.04 Gbps to ~3.20 Gbps. Still paltry, but at least some improvement.

sys/opencrypto/cryptosoft.c
448

One other thing I didn't mention in the message (should perhaps add it), is that in general I moved the special cases for a final partial block out of the main loop for both AAD and cipher/plain text to avoid conditional zeroing, etc. It also permitted using encrypt_last/decrypt_last and simplified the main loop bodies as they could assume a length of a block.

865

Not sure if CCM uses "tag" like GCM or of it uses "digest" as the normal name for this. I think I found some other references (perhaps in cbc_mac.c) that made me use "digest" here.

jhb updated this revision to Diff 73046.Jun 12 2020, 10:28 PM
  • Rebase
  • Use 'tag' instead of 'digest' for CCM.
Harbormaster completed remote builds in B31672: Diff 73046.Jun 12 2020, 10:28 PM
jhb updated this revision to Diff 73047.Jun 12 2020, 11:01 PM
  • Rebase
  • Fixes after rebasing.
Harbormaster completed remote builds in B31673: Diff 73047.Jun 12 2020, 11:01 PM
This revision was not accepted when it landed; it landed in state Needs Review.Jun 12 2020, 11:10 PM
Closed by commit rS362135: Various optimizations to software AES-CCM and AES-GCM. (authored by jhb). · Explain Why
This revision was automatically updated to reflect the committed changes.
jhb added a commit: rS362135: Various optimizations to software AES-CCM and AES-GCM..
Herald added a reviewer: jmg. · View Herald TranscriptJun 12 2020, 11:10 PM
Herald added a subscriber: imp. · View Herald Transcript

Revision Contents
Changeset List

PathSize
sys/
opencrypto/
324 lines

Diff 73046

View Options

sys/opencrypto/cryptosoft.c

Loading...