Implement AES backend for riscv64 using Zkned scalar crypto extensions #397
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
|
Why did you close this? |
|
Oops, I was trying to rename the branch in my local repo and guess it closed this automatically instead of reflecting the update. I'll just re-open with the new branch though. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
This PR implements AES for riscv64 using the
zknedscalar crypto extensions.Some comments:
This will require
nightlyto build since theriscv64intrinsics are unstable. However, it should be enough to just feature-gate on the respective riscv64 extensions, since those are only available on nightly.Auto-detection of
zkneandzkndis currently problematic.It's possible to detect them (although I haven't tried that it actually works) with
std::arch::is_riscv_feature_detectedbut this requiresstdand also requires the featurestdsimd(unstable).The approach used by
cpufeaturesusinglibc::getauxval(libc::AT_HWCAP)won't work for riscv64 either. However, there is a new Linux syscall that exposes some riscv64 features: [https://www.kernel.org/doc/Documentation/riscv/hwprobe.rst](riscv_hwprobe).Unfortunately, it doesn't expose the
zkneorzkndfeatures yet, although it looks like it is supposed to eventually, based on this code: https://github.com/clementleger/hwprobe_dump/blob/main/hwprobe.hHence, the approach I used here, where the backend is used if
target_arch = "riscv64"andzkneandzkndtarget features are enabled.I've opted not to add the
hazmatmodule forriscv64since supporting that is a little more complicated forriscv64due to how the intrinsics work and how 1, 1.5, or 2 rounds are processed at a time depending on the key length.Also, I don't have useful benchmarks since I don't have any riscv64 hardware with these extensions. However, the implementation produces the correct output and passes the tests when run with QEMU
8.0.4on Ubuntu 23.10.Regarding the CI config, I had some difficulty getting things to build and run properly with
cross, and in any case a more recent QEMU is needed for the riscv64 extensions used here, so I used a custom docker image.EDIT: Marking as draft again since I'm going to try and implement the vector version also.