EN DE
Security

Enabling cross platform support for data security products

We assisted a Silicon Valley-based security products company in transitioning their product from x86-64 to ARMv8 processor-based AMI instances. This move aimed to reduce costs for their clients while maintaining high security and performance standards.

Client overview

  • Our client is a leading security software provider for Europe and the Americas, offering security solutions to top banks, retailers, software companies, manufacturing giants, healthcare companies and other major enterprises. Their solutions protect both unstructured data, such as files in a filesystem, and structured data, as in databases. Their products are compatible with major Unix and Windows variants and operate within the kernel or user space based on the security assurances required by their clientele.

Challenge

  • The client’s product, running in user space and protecting the filesystem with FUSE, is deployed as a pod in the Kubernetes environment on Amazon Cloud. Initially designed for x86-64, the client sought to transition their Kubernetes pods to ARMv8 processor-based AMI instances to reduce expenses for their clients.

  • To achieve this, the client required assistance with:

Integrating the above port into the product.

Setting up cross-compilation infrastructure to port the product.

Porting the crypto module, originally written using AVX2 and AESNI processor features, to ARMv8.

Implementing SHA-256 using ARMv8 cryptographic extensions.

Solution

SHA-256 implementation

The following are the four functions exposed for implementing SHA-256:

Performs SHA256 hash update (part 1)

uint32x4_t vsha256hq_u32(uint32x4_t hash_abcd, uint32x4_t hash_efgh, uint32x4_t wk);

Performs SHA256 hash update (part 2)

uint32x4_t vsha256h2q_u32(uint32x4_t hash_efgh, uint32x4_t hash_abcd, uint32x4_t wk);

Performs SHA256 schedule update 0

uint32x4_t vsha256su0q_u32(uint32x4_t w0_3, uint32x4_t w4_7);

Performs SHA256 schedule update 1

uint32x4_t vsha256su1q_u32(uint32x4_t tw0_3, uint32x4_t w8_11, uint32x4_t w12_15);

ARMv8 capabilities

ARMv8 comes with SIMD instructions that help in parallelizing AES encryption and SHA-1, SHA-224, and SHA-256. These instructions are exposed as intrinsic functions and C language extensions can be used to implement them, providing acceleration for cryptographic functions.

Porting process

Utilized the above functions to implement the SHA-256 cryptographic module.

Integrated the new SHA-256 module into the client’s product.

Set up cross-compilation infrastructure to facilitate the porting process.

Results

Enhanced product performance

Implemented ARMv8 cryptographic extensions, improving the product’s performance.

Achieved a seamless transition of the client’s product to ARMv8, enabling the use of cheaper AMI instances without compromising on security or performance.

Conclusion

  • Our team delivered an optimized ARMv8 port of the client’s security product, allowing them to shift workloads to more cost-effective AMI instances. This transition enabled significant cost savings for their customers while maintaining high levels of security and performance.

Other case studies