CVS commit: src/sys

To: source-changes%NetBSD.org@localhost
Subject: CVS commit: src/sys
From: "Taylor R Campbell" <riastradh%netbsd.org@localhost>
Date: Mon, 29 Jun 2020 23:47:55 +0000

Module Name:    src
Committed By:   riastradh
Date:           Mon Jun 29 23:47:54 UTC 2020

Modified Files:
        src/sys/arch/x86/conf: files.x86
        src/sys/arch/x86/x86: identcpu.c
        src/sys/crypto/aes: aes.h
Added Files:
        src/sys/crypto/aes/arch/x86: aes_sse2.c aes_sse2.h aes_sse2_dec.c
            aes_sse2_enc.c aes_sse2_impl.c aes_sse2_impl.h files.aessse2
            immintrin.h immintrin_ext.h

Log Message:
New SSE2-based bitsliced AES implementation.

This should work on essentially all x86 CPUs of the last two decades,
and may improve throughput over the portable C aes_ct implementation
from BearSSL by

(a) reducing the number of vector operations in sequence, and
(b) batching four rather than two blocks in parallel.

Derived from BearSSL'S aes_ct64 implementation adjusted so that where
aes_ct64 uses 64-bit q[0],...,q[7], aes_sse2 uses (q[0], q[4]), ...,
(q[3], q[7]), each tuple representing a pair of 64-bit quantities
stacked in a single 128-bit register.  This translation was done very
naively, and mostly reduces the cost of ShiftRows and data movement
without doing anything to address the S-box or (Inv)MixColumns, which
spread all 64-bit quantities across separate registers and ignore the
upper halves.

Unfortunately, SSE2 -- which is all that is guaranteed on all amd64
CPUs -- doesn't have PSHUFB, which would help out a lot more.  For
example, vpaes relies on that.  Perhaps there are enough CPUs out
there with PSHUFB but not AES-NI to make it worthwhile to import or
adapt vpaes too.

Note: This includes local definitions of various Intel compiler
intrinsics for gcc and clang in terms of their __builtin_* &c.,
because the necessary header files are not available during the
kernel build.  This is a kludge -- we should fix it properly; the
present approach is expedient but not ideal.


To generate a diff of this commit:
cvs rdiff -u -r1.114 -r1.115 src/sys/arch/x86/conf/files.x86
cvs rdiff -u -r1.109 -r1.110 src/sys/arch/x86/x86/identcpu.c
cvs rdiff -u -r1.1 -r1.2 src/sys/crypto/aes/aes.h
cvs rdiff -u -r0 -r1.1 src/sys/crypto/aes/arch/x86/aes_sse2.c \
    src/sys/crypto/aes/arch/x86/aes_sse2.h \
    src/sys/crypto/aes/arch/x86/aes_sse2_dec.c \
    src/sys/crypto/aes/arch/x86/aes_sse2_enc.c \
    src/sys/crypto/aes/arch/x86/aes_sse2_impl.c \
    src/sys/crypto/aes/arch/x86/aes_sse2_impl.h \
    src/sys/crypto/aes/arch/x86/files.aessse2 \
    src/sys/crypto/aes/arch/x86/immintrin.h \
    src/sys/crypto/aes/arch/x86/immintrin_ext.h

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.

Prev by Date: CVS commit: src
Next by Date: CVS commit: src/sys/crypto/aes/arch/x86
Previous by Thread: CVS commit: src
Next by Thread: CVS commit: src/sys/crypto/aes/arch/x86
Indexes:

Home | Main Index | Thread Index | Old Index