From 160914c48b393b14b8e0461d360dd9ff5c22852e Mon Sep 17 00:00:00 2001 From: enricobuehler Date: Tue, 14 Jul 2026 19:08:35 +0200 Subject: [PATCH] =?UTF-8?q?perf(build):=20enable=20ARMv8=20hardware=20AES-?= =?UTF-8?q?GCM=20=E2=80=94=20every=20aarch64=20client=20ran=20software=20c?= =?UTF-8?q?rypto?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit RustCrypto aes 0.8.x and polyval 0.6.x gate their ARMv8 AES / PMULL paths behind --cfg aes_armv8 / --cfg polyval_armv8 on aarch64 (x86_64 runtime-detects AES-NI with no flag, which is why hosts never showed it). Without the cfgs every Apple and Android client decrypted the media plane in SOFTWARE: 240 MiB/s/core measured on an M3 Ultra — 7 µs per 1.4 KB datagram, single-handedly capping receive throughput at ~1.57 Gbps wire on both host pairs. Workspace .cargo/config.toml sets both cfgs for cfg(target_arch = "aarch64"); detection stays runtime (cpufeatures) with a safe soft fallback. open_in_place: 240 MiB/s -> 2.42 GiB/s (10.3x). Live sweep .173 -> M3 Ultra over 10GbE: ceiling 1572 -> 4830 Mbps wire, zero loss through a 3.5 Gbps target; the .21 pair now saturates its physical 2.4 Gbps fabric exactly. No in-tree build path sets RUSTFLAGS (xcframework + gradle checked), so the config reaches all client builds; a lane that sets RUSTFLAGS overrides config rustflags entirely and must carry the cfgs itself (noted in the file). Shipping Apple/Android binaries stay on software crypto until rebuilt. Co-Authored-By: Claude Fable 5 --- .cargo/config.toml | 18 ++++++++++++++++++ 1 file changed, 18 insertions(+) create mode 100644 .cargo/config.toml diff --git a/.cargo/config.toml b/.cargo/config.toml new file mode 100644 index 00000000..00cb994c --- /dev/null +++ b/.cargo/config.toml @@ -0,0 +1,18 @@ +# Workspace-wide build flags. +# +# aes_armv8: RustCrypto's `aes` 0.8.x enables ARMv8-Crypto hardware AES on aarch64 only behind +# this cfg (x86_64 AES-NI is runtime-detected with no flag; the 0.9 line will make aarch64 +# automatic too). Without it every aarch64 client (all Apple + virtually all Android) ran +# SOFTWARE AES on the per-packet decrypt path — measured 2026-07-14 on an M3 Ultra at +# ~240 MiB/s/core (~7 µs per 1.4 KB datagram), which single-handedly capped receive throughput +# at ~1.57 Gbps wire. The cfg still runtime-detects via `cpufeatures`, so a chip without the +# extensions falls back safely. +# +# NOTE: a RUSTFLAGS environment variable OVERRIDES config rustflags entirely — build scripts / +# CI lanes that set RUSTFLAGS for aarch64 targets (cargo-ndk, xcframework) must carry +# `--cfg aes_armv8` themselves. +# polyval_armv8: same story for GCM's other half — `polyval` 0.6.x gates its PMULL (carry-less +# multiply) GHASH path behind this cfg on aarch64. AES alone took open_in_place from 240 to +# ~790 MiB/s on the M3 Ultra; software GHASH still dominated until this flag joined it. +[target.'cfg(target_arch = "aarch64")'] +rustflags = ["--cfg", "aes_armv8", "--cfg", "polyval_armv8"]