tech-crypto archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

Re: Patch: cprng_fast performance - please review.

On Fri, Apr 18, 2014 at 06:11:39PM +0000, Taylor R Campbell wrote:
> The majority of systems certainly don't have AES-NI.  Only some recent
> Intel CPUs do, and we can't use it in the kernel anyway.

Right: plenty of systems accellerate AES, but in the wide world of
systems that are not all x86 desktops or servers (embedded MIPS and ARM
are particularly important targets for NetBSD), comparatively few
accelerate AES using instructions rather than an offboard accellerator.

Unless we are going to pre-buffer huge amounts of this keystream in the
kernel (which poses its own risks) using an offboard accellerator for
this purpose doesn't seem practical to me.  And I've worked with them
a lot.

Of the few systems which do have instructions that accellerate AES, on
the most common implementation -- x86 -- we cannot use the instructions
in question in the kernel because they use CPU state we do not save/
restore when the kernel runs.  I'd welcome anyone's work to fix that,
so long as it does not impose major performance costs of its own, but
I do not personally have the skill to do it, and if wishes were horses...


Home | Main Index | Thread Index | Old Index