8334999: RISC-V: implement AES single block encryption/decryption intrinsics #19960
Conversation
|
👋 Welcome back ArsenyBochkarev! A progress list of the required criteria for merging this PR into |
|
@ArsenyBochkarev This change is no longer ready for integration - check the PR body for details. |
|
@ArsenyBochkarev The following label will be automatically applied to this pull request:
When this pull request is ready to be reviewed, an "RFR" email will be sent to the corresponding mailing list. If you would like to change these labels, use the /label pull request command. |
Webrevs
|
|
As for comparison with the openssl version: first of all, thanks for the sources, @RealFYang! The main difference that I see is that they introduced three different different versions of encryption depending on the key sizes, which allows them to skip a couple of instructions, like when I did |
Does [1] https://github.com/openssl/openssl/blob/master/crypto/aes/asm/aes-riscv64-zvkned.pl#L451 |
|
@ArsenyBochkarev This pull request has been inactive for more than 4 weeks and will be automatically closed if another 4 weeks passes without any activity. To avoid this, simply add a new comment to the pull request. Feel free to ask for assistance if you need help with progressing this pull request towards integration! |
|
Hello @RealFYang! Sorry for such a late reply.
As far as I know, the
I missed this case in initial multiversioning commit, so I multiversioned the decrypt intrisic also, thanks for pointing it out! |
|
@RealFYang following up on your questions. I would love to see this one go through as it promises some pretty significant gains on compatible hardware! Thanks again |
Yeah, will take another look. Have you tried this on real hardware? Interesting to see the numbers. |
There is no real hardware that I know of that have vector crypto just yet. I expect it's one of these that we'll want to test as soon as hardware is available, and even possibly enable by default then |
| for (int i = 0; i < reg_number; i++) { | ||
| __ vxor_vv(res, res, working_vregs[i]); | ||
| __ vaesdm_vv(res, vzero); | ||
| } |
There was a problem hiding this comment.
Seems that a lot more vxor.vv are emitted here compared with the openssl version [1]. I wonder if this could be further optimized. Or is there anything I missed? Thanks.
There was a problem hiding this comment.
You're absolutely right, thanks! Turned out I missed the fact that we can just use the encryption keys in reversed order for decryption
| const VectorRegister &vtemp, VectorRegister *working_vregs, int reg_number) { | ||
| assert(reg_number <= 14, "reg_number should be less than or equal to working_vregs size"); | ||
|
|
||
| for (int i = 0; i < reg_number; i++) { |
There was a problem hiding this comment.
Hello, I have a question about the order of register handling in loops. Why is it in ascending order instead of descending? Here’s an example: https://github.com/riscv/riscv-crypto/blob/main/doc/vector/code-samples/zvkned.s.
And I look forward to your reply. Thanks.
There was a problem hiding this comment.
Hi! It was in ascending order because I used different keys for encryption and decryption, while it is possible to use same set for both cases. Though both decryption implementations are functionally correct, the current one is more optimal
|
Hi all! I'm sorry for such a late replies. I was able to optimize decryption sequence by using keys from encryption stage with reversed rounds order |
Hello everyone! Please review this port of vector AES single block encryption/decryption intrinsics. On my QEMU with
Zvknedextension enabled thetest/hotspot/jtreg/compiler/codegen/aes/TestAESMain.javatest is OK. I know that currently hardware implementing this extension is not available on the market but I suppose this PR can be a good starting point on supporting AES intrinsics for RISC-V in OpenJDK.Progress
Issue
Reviewers
Reviewing
Using
gitCheckout this PR locally:
$ git fetch https://git.openjdk.org/jdk.git pull/19960/head:pull/19960$ git checkout pull/19960Update a local copy of the PR:
$ git checkout pull/19960$ git pull https://git.openjdk.org/jdk.git pull/19960/headUsing Skara CLI tools
Checkout this PR locally:
$ git pr checkout 19960View PR using the GUI difftool:
$ git pr show -t 19960Using diff file
Download this PR as a diff file:
https://git.openjdk.org/jdk/pull/19960.diff
Webrev
Link to Webrev Comment