RFR: 8046943: RSA Acceleration

Anthony Scarpino anthony.scarpino at oracle.com
Mon Jun 15 17:06:47 UTC 2015


On 06/15/2015 09:58 AM, Andrew Haley wrote:
> On 06/15/2015 05:38 PM, Anthony Scarpino wrote:
>> On 06/12/2015 04:06 AM, Andrew Haley wrote:
>>> http://cr.openjdk.java.net/~aph/8046943-hs-1/
>>> http://cr.openjdk.java.net/~aph/8046943-jdk-1/
>>
>> Please don't use the JEP 246 in the comments when you push. There are a
>> number of changesets related to 246 and I'd rather not have one
>> associated with it.  We can link the a separate bug id to the JEP.
>
> Right.
>
>>> 3.  I fused squaring and multiplication into a single
>>> montgomeryMultiply method.  This has two advantages.  Firstly, we only
>>> need a single intrinsic, and secondly the decision whether to use
>>> multiply or squaring can be made in the runtime library.  If the
>>> target does not support the montgomeryMultiply intrinsic there is no
>>> slowdown when using C2 because it removes the if (a == b) test in
>>>
>>>           if (a == b) {
>>>               product = squareToLen(a, len, product);
>>>           } else {
>>>               product = multiplyToLen(a, len, b, len, product);
>>>           }
>>
>> I don't agree with fusing them together.  I think there should two
>> separate intrinsics.  For one, SPARC has a montsqr and montmul
>> instructions.  Additionally if someone wants to call montgomerySquare,
>> they should be able to call it directly with it's needed number of
>> arguments and not pass 'a' twice to satisfy an internal if().
>
> OK, fair enough.  I'll think a little more about the best way to do
> this.
>
> Out of curiosity I just had a look at the SPARC instruction
> specifications, and happily (it certainly surprised me!)  they are
> almost exactly the same as what I've done, so using those instructions
> should be a trivial change after this patch.  The SPARC instruction
> seems to be limited to 32 words (2048 bits) but I guess you'd just use
> the software for larger sizes.
>
> Andrew.
>

Correct, I was prototyping a SPARC intrinsic in May and we independently 
had similar methods in BigInteger.  At least I believe you had a 
montgomerySqr and montgomeryMul method in BigInteger back in April/May.

The instruction gets tedious getting the data to the instruction and the 
limitation hurts.

Tony



More information about the security-dev mailing list