Project

General

Profile

Feature #4896

Performance improvements for KCF AES modes

Added by Sašo Kiselkov over 5 years ago.

Status:
New
Priority:
Normal
Assignee:
-
Category:
-
Start date:
2014-05-29
Due date:
% Done:

90%

Estimated time:
Difficulty:
Expert
Tags:
needs-triage

Description

The KCF has numerous serious performance deficiencies under that severely impede its usability:
1) AES-NI acceleration code uses the CLTS instruction every 16 bytes of input, which causes VM exits when virtualized, severely impacting throughput
2) ECB, CTR, CBC and GCM mode implementations give very poor performance (lots of copying, no potential for pipelining)
3) Lack of assembly-optimized pipelineable versions of high-performance cipher combos (AES/CTR, AES/CBC)
4) Buffering of all ciphertext in the kernel when GCM decryption is performed.
This patch also includes work to improve the performance of the GHASH function in GCM ported over from the OpenSSL project.

More details can be found at: http://zfs-create.blogspot.com/2014/05/optimizing-illumos-kernel-crypto.html

Also available in: Atom PDF