RFR: 8252204: AArch64: Implement SHA3 accelerator/intrinsic [v10]

Vladimir Kozlov kvn at openjdk.java.net
Tue Oct 20 23:11:19 UTC 2020


On Tue, 20 Oct 2020 13:42:27 GMT, Fei Yang <fyang at openjdk.org> wrote:

>> Contributed-by: ard.biesheuvel at linaro.org, dongbo4 at huawei.com
>> 
>> This added an intrinsic for SHA3 using aarch64 v8.2 SHA3 Crypto Extensions.
>> Reference implementation for core SHA-3 transform using ARMv8.2 Crypto Extensions:
>> https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/tree/arch/arm64/crypto/sha3-ce-core.S?h=v5.4.52
>> 
>> Trivial adaptation in SHA3. implCompress is needed for the purpose of adding the intrinsic.
>> For SHA3, we need to pass one extra parameter "digestLength" to the stub for the calculation of block size.
>> "digestLength" is also used in for the EOR loop before keccak to differentiate different SHA3 variants.
>> 
>> We added jtreg tests for SHA3 and used QEMU system emulator which supports SHA3 instructions to test the functionality.
>> Patch passed jtreg tier1-3 tests with QEMU system emulator.
>> Also verified with jtreg tier1-3 tests without SHA3 instructions on aarch64-linux-gnu and x86_64-linux-gnu, to make
>> sure that there's no regression.
>> We used one existing JMH test for performance test: test/micro/org/openjdk/bench/java/security/MessageDigests.java
>> We measured the performance benefit with an aarch64 cycle-accurate simulator.
>> Patch delivers 20% - 40% performance improvement depending on specific SHA3 digest length and size of the message.
>> 
>> For now, this feature will not be enabled automatically for aarch64. We can auto-enable this when it is fully tested on
>> real hardware.  But for the above testing purposes, this is auto-enabled when the corresponding hardware feature is
>> detected.
>
> Fei Yang has updated the pull request with a new target base due to a merge or a rebase. The pull request now contains
> 13 commits:
>  - Fix trailing whitespace issue reported by jcheck
>  - Merge master
>  - Merge master
>  - Remove unnecessary code changes in vm_version_aarch64.cpp
>  - Merge master
>  - Merge master
>  - Merge master
>  - Merge master
>  - Add sha3 instructions to cpu/aarch64/aarch64-asmtest.py and regenerate the test in assembler_aarch64.cpp:asm_check
>  - Rebase
>  - ... and 3 more: https://git.openjdk.java.net/jdk/compare/cdc8c401...d32c8ad7

Someone in Oracle have to run tier1-tier3 testing with these changes to make sure nothing is broken. I don't want to
repeat 8254790.

src/jdk.internal.vm.compiler/share/classes/org.graalvm.compiler.hotspot.test/src/org/graalvm/compiler/hotspot/test/CheckGraalIntrinsics.java
line 604:

> 602:             add(ignore, "sun/security/provider/SHA5." + shaCompressName + "([BI)V");
> 603:         }
> 604:         add(toBeInvestigated, "sun/security/provider/SHA3." + shaCompressName + "([BI)V");

This should be under `if (isJDK16OrHigher())` check. Something like this:
https://github.com/openjdk/jdk/pull/650/files#diff-d1f378fc1b7fe041309e854d40b3a95a91e63fdecf0ecd9826b7c95eaeba314eR527
You can wait when Aleksey push it and update your changes

-------------

Changes requested by kvn (Reviewer).

PR: https://git.openjdk.java.net/jdk/pull/207



More information about the security-dev mailing list