SPARC T4 Digest and Crypto Optimizations in Solaris 11.1

In a previous article I mentioned SPARC T4 processor optimizations added to OpenSSL. The SPARC T4 processor supports new instructions to assist AES, RSA, SHA, and other crypto and hash algorithms. These optimizations were added in Oracle Solaris 11 using a new OpenSSL "t4 engine". The OpenSSL t4 engine would automatically detect if it's running on a SPARC T4 platform and engage it's optimized crypto algorithms without manual intervention (either from the CLI or API). Optimizations supported were several AES modes, including AES-CBC, AES-CBC, and AES-ECB, and AES-CFB128.

Oracle Solaris 11.1 adds T4 optimization for SHA-2, SHA-1, and MD5 digest algorithms. Although use of SHA-1 and MD5 is no longer recommended, its use is still required by standard protocols such as HTTPS/SSL. Solaris 11.1 also adds T4 optimization for RSA, DSA, and DES-3 crypto algorithms.

Digest Algorithms

SHA-256 This graph shows the dramatic performance improvement in SHA-256 using T4 hardware crypto (4x for 1K data, 8x for 8K data) over the previous C implementation. SHA-256 is performed by a single, new instruction "sha256". The context and data are loaded in SPARC %f floating point registers and the results are placed in the same fp registers.

All measurements here were taken on Oracle Solaris 11.1 running on a SPARC T4-1 with 2.8GHz CPUs. The commands used to measure were:
openssl speed -evp {sha1,sha256,sha512}

Note that no special flag is required to use the optimized OpenSSL t4 engine. T4 hardware is automatically detected and used. Not shown are results for MD5, SHA-224, and SHA-384, which give results similar to SHA-1, SHA-256, and SHA-512.

SHA-512 It's counter-intuitive, but you can get better performance by using SHA-512 instead of SHA-256? Why? Because SHA-512 can exploit 64-bit arithmetic and use only 62.5% of the rounds required by SHA-256. Further more, SHA-512 provides more security with it's longer digest value.

If you require SHA-256-length results consider using the new SHA512/256 truncated digest algorithm, where the SHA-512 digest result is truncated to a 256-bit digest (for details see FIPS PUB 180-4 (March 2012)). Truncated SHA-512 hash operations are available in Solaris 11.1

SHA-1 SHA-1 is the classical SHA digest algorithm, although it's no longer recommended for use. Both SHA-1 and MD5 are optimized in SPARC T4 for legacy applications that still use these digest algorithms. The performance gain shown here is over the previous SPARC assembly implementation.

Crypto Algorithms

RSA The chart here shows RSA-1024 signing improves by 5.8x and RSA verification impoves by 2.8x. This was measured with openssl speed rsa

DSA The less-popular DSA signing algorithm improves by about 5x for signing and verification. This was measured with openssl speed dsa

DES-3 Finally, for those still using Triple DES, DES-3 CBC mode improves by an incredible 10x when using T4 hardware crypto. This was measured withopenssl speed -evp des3

Availability

The optimized SHA-1 and SHA-2 hash algorithms are available in OpenSSL on SPARC T4 running Oracle Solaris, the Solaris libmd(3LIB) library, and industry-standard libpkcs11(3LIB) library. The optimized AES, DES3, RSA, and DSA algorithms are available through libpkcs11. Additionally, these algorithms are all available as Solaris kernel modules for authors of kernel module and device drivers.

The AES optimizations were introduced in Solaris 11 in 2011. The SHA-1, SHA-256, SHA-384, SHA512, and MD5 optimizations are available in Solaris 11 SRU2 and Solaris 11.1. The RSA, DSA, and SHA-224 optimizations are available in Solaris 11.1

Source code download Oracle Solaris Source code for all of this is available for download from http://www.oracle.com/technetwork/opensource/systems-solaris-1562786.html

Object code download Oracle Solaris object code is available for download from http://www.oracle.com/technetwork/server-storage/solaris11/downloads/

Further information

• How to tell if SPARC T4 crypto is being used? (2012). Here I discuss detection of T4 crypto instruction usage
SPARC T4 OpenSSL Engine (2011). I discuss the Openssl T4 engine and reviews the SPARC T4 processor for the Solaris 11 release.
• Exciting Crypto Advances with the T4 processor and Oracle Solaris 11 by Valerie Fenwick (2011) discusses crypto algorithms that were optimized for the T4 processor with the Solaris 11 FCS (11/11) and Solaris 10 08/11 (U10) release.
• T4 Crypto Cheat Sheet by Stefan Hinker (2012) discusses how to make T4 crypto optimization available to various consumers (such as SSH, Java, OpenSSL, Apache, etc.)
• High Performance Security For Oracle Database and Fusion Middleware Applications using SPARC T4 (PDF, 2012) discusses SPARC T4 and its usage to optimize application security.
• Configuring Oracle iPlanet WebServer / Oracle Traffic Director to use crypto accelerators on T4-1 servers by Meena Vyas (2012)