From owner-freebsd-current@FreeBSD.ORG Thu Aug 22 20:20:31 2013 Return-Path: Delivered-To: current@FreeBSD.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTP id 2C5D9A13; Thu, 22 Aug 2013 20:20:31 +0000 (UTC) (envelope-from jmg@h2.funkthat.com) Received: from h2.funkthat.com (gate2.funkthat.com [208.87.223.18]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by mx1.freebsd.org (Postfix) with ESMTPS id 039CA2DD2; Thu, 22 Aug 2013 20:20:27 +0000 (UTC) Received: from h2.funkthat.com (localhost [127.0.0.1]) by h2.funkthat.com (8.14.3/8.14.3) with ESMTP id r7MKKRcJ091450 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Thu, 22 Aug 2013 13:20:27 -0700 (PDT) (envelope-from jmg@h2.funkthat.com) Received: (from jmg@localhost) by h2.funkthat.com (8.14.3/8.14.3/Submit) id r7MKKR2j091449; Thu, 22 Aug 2013 13:20:27 -0700 (PDT) (envelope-from jmg) Date: Thu, 22 Aug 2013 13:20:27 -0700 From: John-Mark Gurney To: security@FreeBSD.org, current@FreeBSD.org Subject: patch to improve AES-NI performance Message-ID: <20130822202027.GH94127@funkthat.com> Mail-Followup-To: security@FreeBSD.org, current@FreeBSD.org Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.4.2.3i X-Operating-System: FreeBSD 7.2-RELEASE i386 X-PGP-Fingerprint: 54BA 873B 6515 3F10 9E88 9322 9CB1 8F74 6D3F A396 X-Files: The truth is out there X-URL: http://resnet.uoregon.edu/~gurney_j/ X-Resume: http://resnet.uoregon.edu/~gurney_j/resume.html X-to-the-FBI-CIA-and-NSA: HI! HOW YA DOIN? can i haz chizburger? X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-4.2.2 (h2.funkthat.com [127.0.0.1]); Thu, 22 Aug 2013 13:20:27 -0700 (PDT) X-BeenThere: freebsd-current@freebsd.org X-Mailman-Version: 2.1.14 Precedence: list List-Id: Discussions about the use of FreeBSD-current List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 22 Aug 2013 20:20:31 -0000 I have developed a patch to improve AES-NI performance. If you took the AES-XTS algorithm into userland (no cryptodev or geli usage), these changes improve the performance over 10x in my tests (from ~150MB/sec to over 2GB/sec). In tests of geli on gnop, the performance improvement is more moderate, around 4x due to overhead in other parts of the system. This is patch will be committed after the gcc intrinsics patch so that kernels will continue to compile w/ both clang and gcc w/o change. I have tested both AES-XTS and AES-CBC mode of geli and verified no difference between this and software mode. I plan to commit the test scripts for this in the future too. I have validated the AES-XTS via cryptodev against the standard test vectors and all the block sized vectors pass. The non-block sized test vectors cannot pass since our cryptodev implementation only allows block sized requests. Thanks to Mike Hamburg for help and advice in making the AES-XTS algorithm go really fast. The patch removes some assembly, and also replaces some hard coded instructions (as .byte values) to their proper instructions now that gcc can assemble them properly. The patch: https://people.freebsd.org/~jmg/aesni.new1.patch -- John-Mark Gurney Voice: +1 415 225 5579 "All that I will do, has been done, All that I have, has not."