Re: hardware encryption

To: debian-arm@lists.debian.org, noloader@gmail.com
Subject: Re: hardware encryption
From: Diederik de Haas <didi.debian@cknow.org>
Date: Thu, 03 Jun 2021 19:34:19 +0200
Message-id: <[🔎] 1793936.8RqjB4Fbxk@bagend>
In-reply-to: <[🔎] CAH8yC8ks_Ps8X_ofWWBN64mFdr0NGXW04pK7bOm8MeCN0dndwQ@mail.gmail.com>
References: <71a9809a280bd3c2d25a6a87d0cc41b5@posteo.net> <[🔎] 2285154.v5cX1IG16i@bagend> <[🔎] CAH8yC8ks_Ps8X_ofWWBN64mFdr0NGXW04pK7bOm8MeCN0dndwQ@mail.gmail.com>

On donderdag 3 juni 2021 17:52:50 CEST Jeffrey Walton wrote:
> I _think_ OpenSSH uses OpenSSL, not kernel crypto.

If that means that hardware/accelerated crypto is dependent on 
the program being used, that would suck

> To benchmark OpenSSL, you use something like:
>     # C implementation
>     openssl speed aes-128-cbc
>     # Hardware acceleration
>     openssl speed -evp aes-128-cbc
> 
> You can see the difference in the numbers below ... on a Core i7-8700.
> 
> $ openssl speed aes-128-cbc
> ...
> OpenSSL 1.1.1f  31 Mar 2020
> built on: Wed Apr 28 00:37:28 2021 UTC
> ...
> The 'numbers' are in 1000s of bytes per second processed.
> type                    16 bytes        64 bytes        256 bytes     1024 bytes    8192 bytes  16384 bytes
> aes-128 cbc     307929.67k   318790.74k   319262.46k   322336.43k   322890.41k   322939.56k
> 
> $ openssl speed -evp aes-128-cbc
> ...
> The 'numbers' are in 1000s of bytes per second processed.
> type                     16 bytes       64 bytes         256 bytes       1024 bytes     8192 bytes  16384 bytes
> aes-128-cbc     999800.57k  1682301.12k  1730221.65k  1736772.61k  1738702.85k  1738746.54k

$ openssl speed aes-128-cbc
...
version: 3.0.0-alpha16
built on: built on: Thu May  6 19:54:38 2021 UTC
...
The 'numbers' are in 1000s of bytes per second processed.
type                    16 bytes        64 bytes       256 bytes     1024 bytes    8192 bytes  16384 bytes
aes-128-cbc      84716.70k   269243.61k   584986.37k   830015.83k   944873.47k   953417.73k

$ openssl speed -evp aes-128-cbc
...
The 'numbers' are in 1000s of bytes per second processed.
type                      16 bytes        64 bytes       256 bytes     1024 bytes    8192 bytes   16384 bytes
AES-128-CBC      95904.58k   297023.53k   611697.15k   855083.69k   966412.97k   956033.71k

At first glance there seems to be some improvement, particular with 16/64 bytes, 
but the difference is nowhere near as significant as with you.

But I also tried it a few more times and generally speaking 16/64 bytes saw 
higher scores with '-evp', but I've also had higher scores on the larger types
WITHOUT '-evp' ?!?

(Included the version as it was very different; turns out mine if from experimental)


Thanks for your reply,
   Diederik

Attachment: signature.asc
Description: This is a digitally signed message part.

Reply to:

Follow-Ups:
- Re: hardware encryption,Re: hardware encryption
  - From: Ryutaroh Matsumoto <ryutaroh@ict.e.titech.ac.jp>

References:
- Re: hardware encryption
  - From: Diederik de Haas <didi.debian@cknow.org>
- Re: hardware encryption
  - From: Jeffrey Walton <noloader@gmail.com>

Prev by Date: Re: hardware encryption
Next by Date: Re: hardware encryption,Re: hardware encryption
Previous by thread: Re: hardware encryption
Next by thread: Re: hardware encryption,Re: hardware encryption
Index(es):
- Date
- Thread