[OpenAFS-devel] bg-fcrypt

Marcus Watts mdw@umich.edu
Mon, 04 Dec 2006 23:20:18 -0500


While tracking down the aix rxkad weirdness, I couldn't
help but notice two implementations of fcrypt:
	src/rxkad/domestic/fcrypt.c
	src/rxkad/bg-fcrypt.c
It appears the latter came from kth, and was put
briefly into openafs builds between about Oct & December 2002.
Apparently it was pulled because of unexplained runtime
problems.  Unfortunately, nobody seems to have documented
exactly what those runtime problems were.

I experimented a bit with this, and as best I can tell,
the "runtime" problem is that there's a hairy ifdef
around line 553 in bg-fcrypt.c that starts off with:
	#if ((1ul << 31) << 1) && defined(ULONG_MAX) && ((ULONG_MAX >> 55) != 0) && ((1ul << 55) != 0)
		unsigned long k;
and if this succeeds it assumes it can store 56 bits into
a long.  With gcc 3.3.1 on intel i386, this case gets tripped,
but since longs on that platform are 32-bits, things don't work.
In general, I don't believe it's safe to assume that cpp math
will work exactly like gcc, especially in regards to word sizes,
sign expansion, etc.  Fortunately, there's a simplier alternative
	#ifdef AFS_64BIT_ENV
	    afs_uint64 k;
which should be safe because this also conditions other 64-bit logic
inside of afs/stds.h .

There's a program fc_test which can be used to determine if
encryption works, which will also report on speed.  So using
that here's how the speed boils down.

Speed differences of fcrypt.o vs. bg-fcrypt.o

				setkey	ecb	cbc
ultrasparc-IIe 500 Mhz.  solaris 8.  Sun WorkShop 6 update 1 C 5.2
32 bit  kernel fcrypt.o         1.81    2.65    18.24
        "kernel" bg-fcrypt.o    1.42    1.57    10.56
64 bit  kernel fcrypt.o         0.49    2.19    15.15
        "kernel" bg-fcrypt.o    0.21    1.26    8.69

PowerPC_RS64-II @ ( 340 Mhz ?? ).  aix 4.3.  "vac C" 5.0.1.0
32-bit kernel fcrypt.o          1.66    2.94    18.87
        "kernel" bg-fcrypt.o    1.38    1.77    11.09

Xeon 3.06 Ghz.  linux 2.4.24.  gcc 3.3.1
        kernel fcrypt           0.07    0.56    3.39
        "kernel" bg-fcrypt.o    0.20    0.08    0.52    
        user fcrypt.o           0.07    0.59    3.67
        user bg-fcrypt.o        0.20    0.08    0.54    

kernel/"kernel" means built with the same compiler options
as the kernel module for that architecture--optimization, word
size, & whatever.

Apparently bg-fcrypt key schedule loses on i386 because it does lots
of "ntohl" byte swapping.

				-Marcus Watts