-
Notifications
You must be signed in to change notification settings - Fork 5.5k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
8334999: RISC-V: implement AES single block encryption/decryption intrinsics #19960
base: master
Are you sure you want to change the base?
Conversation
👋 Welcome back ArsenyBochkarev! A progress list of the required criteria for merging this PR into |
@ArsenyBochkarev This change is no longer ready for integration - check the PR body for details. |
@ArsenyBochkarev The following label will be automatically applied to this pull request:
When this pull request is ready to be reviewed, an "RFR" email will be sent to the corresponding mailing list. If you would like to change these labels, use the /label pull request command. |
Webrevs
|
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Thank you, looks good!
As for comparison with the openssl version: first of all, thanks for the sources, @RealFYang! The main difference that I see is that they introduced three different different versions of encryption depending on the key sizes, which allows them to skip a couple of instructions, like when I did |
Does [1] https://github.com/openssl/openssl/blob/master/crypto/aes/asm/aes-riscv64-zvkned.pl#L451 |
@ArsenyBochkarev This pull request has been inactive for more than 4 weeks and will be automatically closed if another 4 weeks passes without any activity. To avoid this, simply add a new comment to the pull request. Feel free to ask for assistance if you need help with progressing this pull request towards integration! |
Hello @RealFYang! Sorry for such a late reply.
As far as I know, the
I missed this case in initial multiversioning commit, so I multiversioned the decrypt intrisic also, thanks for pointing it out! |
@RealFYang following up on your questions. I would love to see this one go through as it promises some pretty significant gains on compatible hardware! Thanks again |
Yeah, will take another look. Have you tried this on real hardware? Interesting to see the numbers. |
There is no real hardware that I know of that have vector crypto just yet. I expect it's one of these that we'll want to test as soon as hardware is available, and even possibly enable by default then |
for (int i = 0; i < reg_number; i++) { | ||
__ vxor_vv(res, res, working_vregs[i]); | ||
__ vaesdm_vv(res, vzero); | ||
} |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Seems that a lot more vxor.vv
are emitted here compared with the openssl version [1]. I wonder if this could be further optimized. Or is there anything I missed? Thanks.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
You're absolutely right, thanks! Turned out I missed the fact that we can just use the encryption keys in reversed order for decryption
const VectorRegister &vtemp, VectorRegister *working_vregs, int reg_number) { | ||
assert(reg_number <= 14, "reg_number should be less than or equal to working_vregs size"); | ||
|
||
for (int i = 0; i < reg_number; i++) { |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Hello, I have a question about the order of register handling in loops. Why is it in ascending order instead of descending? Here’s an example: https://github.com/riscv/riscv-crypto/blob/main/doc/vector/code-samples/zvkned.s.
And I look forward to your reply. Thanks.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Hi! It was in ascending order because I used different keys for encryption and decryption, while it is possible to use same set for both cases. Though both decryption implementations are functionally correct, the current one is more optimal
Hi all! I'm sorry for such a late replies. I was able to optimize decryption sequence by using keys from encryption stage with reversed rounds order |
Hello everyone! Please review this port of vector AES single block encryption/decryption intrinsics. On my QEMU with
Zvkned
extension enabled thetest/hotspot/jtreg/compiler/codegen/aes/TestAESMain.java
test is OK. I know that currently hardware implementing this extension is not available on the market but I suppose this PR can be a good starting point on supporting AES intrinsics for RISC-V in OpenJDK.Progress
Issue
Reviewers
Reviewing
Using
git
Checkout this PR locally:
$ git fetch https://git.openjdk.org/jdk.git pull/19960/head:pull/19960
$ git checkout pull/19960
Update a local copy of the PR:
$ git checkout pull/19960
$ git pull https://git.openjdk.org/jdk.git pull/19960/head
Using Skara CLI tools
Checkout this PR locally:
$ git pr checkout 19960
View PR using the GUI difftool:
$ git pr show -t 19960
Using diff file
Download this PR as a diff file:
https://git.openjdk.org/jdk/pull/19960.diff
Webrev
Link to Webrev Comment