Skip site navigation (1)Skip section navigation (2)
Date:      Thu, 22 Aug 2013 13:20:27 -0700
From:      John-Mark Gurney <jmg@funkthat.com>
To:        security@FreeBSD.org, current@FreeBSD.org
Subject:   patch to improve AES-NI performance
Message-ID:  <20130822202027.GH94127@funkthat.com>

next in thread | raw e-mail | index | archive | help
I have developed a patch to improve AES-NI performance.  If you took the
AES-XTS algorithm into userland (no cryptodev or geli usage), these
changes improve the performance over 10x in my tests (from ~150MB/sec to
over 2GB/sec).  In tests of geli on gnop, the performance improvement is
more moderate, around 4x due to overhead in other parts of the system.

This is patch will be committed after the gcc intrinsics patch so that
kernels will continue to compile w/ both clang and gcc w/o change.

I have tested both AES-XTS and AES-CBC mode of geli and verified no
difference between this and software mode.  I plan to commit the test
scripts for this in the future too.  I have validated the AES-XTS via
cryptodev against the standard test vectors and all the block sized
vectors pass.  The non-block sized test vectors cannot pass since our
cryptodev implementation only allows block sized requests.

Thanks to Mike Hamburg for help and advice in making the AES-XTS
algorithm go really fast.

The patch removes some assembly, and also replaces some hard coded
instructions (as .byte values) to their proper instructions now that
gcc can assemble them properly.

The patch:
https://people.freebsd.org/~jmg/aesni.new1.patch

-- 
  John-Mark Gurney				Voice: +1 415 225 5579

     "All that I will do, has been done, All that I have, has not."



Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20130822202027.GH94127>