Beginning with the SPARC T4 microprocessor, new instructions to perform cryptographic functions are available directly in hardware. The instructions are non-privileged. Thus, any program can use the instructions. Because cryptography is performed directly on the hardware, cryptographic operations are faster than operations on legacy systems whose SPARC processors have separate processing units for cryptography.
The following comparison shows the differences in the data flow between SPARC T3 systems and SPARC T4 systems with cryptographic acceleration.
Figure 2 Data Flow Comparison Between SPARC T3 and SPARC T4 Servers
The following table provides a detailed comparison of cryptographic functions in SPARC T4 microprocessor units combined with specific Oracle Solaris releases.
|
The T4 and later microprocessors provide on-chip encryption instruction accelerators with direct nonprivileged support for 15 industry-standard cryptographic algorithms: AES, Camellia, CRC32c, DES, 3DES, DH, DSA, ECC, MD5, RSA, SHA-1, SHA-224, SHA-256, SHA-384, SHA-512.
For AES, the instructions include the following encryption and decryption optimizations:
Key expansion – Expansions of the 128-bit, 192-bit, or 256-bit user-provided AES key into a key schedule. The schedule is used internally during encryption and decryption.
Rounds or transformations – The number of rounds used (for example 10, 12, or 14) varies according to AES key length. By using larger keys, the user indicates a desire for more robust encryption at the cost of more computation.
These hardware cryptographic instructions are available and used automatically. The instructions are also embedded in the OpenSSL upstream code, so beginning with OpenSSL 1.0.1e, OpenSSL uses the instructions. To determine the version, run the openssl version command in a terminal window.
Example 1 Determining Whether Your SPARC System Supports Cryptographic OptimizationsTo determine whether the cryptographic optimizations are supported, use the isainfo command. The inclusion of sparcv9 and aes in the output indicates that the system supports the optimizations.
$ isainfo -v 64-bit sparcv9 applications crc32c cbcond pause mont mpmul sha512 sha256 sha1 md5 camellia kasumi des aes ima hpc vis3 fmaf asi_blk_init vis2 vis popcExample 2 Determining Whether Your SPARC System Is Running Cryptographic Optimizations
To determine whether your system is running SPARC T4 microprocessor optimizations, check for the aes_t4 instruction in the OpenSSL libcrypto.so library. If the following command does not generate output, then your system does not use the SPARC T4 microprocessor optimizations.
$ nm /lib/libcrypto.so.1.0.0 | grep aes_t4 | head -5 [1273] | 1840096| 52|OBJT |LOCL |0 |20 |aes_t4_128_cbc [1344] | 1842800| 52|OBJT |LOCL |0 |20 |aes_t4_128_ccm [1283] | 1840408| 52|OBJT |LOCL |0 |20 |aes_t4_128_cfb [1286] | 1840512| 52|OBJT |LOCL |0 |20 |aes_t4_128_cfb1 [1289] | 1840616| 52|OBJT |LOCL |0 |20 |aes_t4_128_cfb8
For more information, refer to the following articles.
"SPARC T4 OpenSSL Engine" (https://blogs.oracle.com/DanX/entry/sparc_t4_openssl_engine)