Skip site navigation (1)Skip section navigation (2)
Date:      Thu, 11 Sep 2014 17:45:41 -0700
From:      John-Mark Gurney <jmg@funkthat.com>
To:        Wojciech Puchar <wojtek@puchar.net>
Cc:        hackers@freebsd.org
Subject:   Re: openssl with aes-in or padlock
Message-ID:  <20140912004541.GQ82175@funkthat.com>
In-Reply-To: <alpine.BSF.2.00.1409112332160.2140@wojtek.dom>
References:  <alpine.BSF.2.00.1409111858470.1185@wojtek.dom> <20140911180258.GN82175@funkthat.com> <alpine.BSF.2.00.1409112332160.2140@wojtek.dom>

next in thread | previous in thread | raw e-mail | index | archive | help
Wojciech Puchar wrote this message on Thu, Sep 11, 2014 at 23:33 +0200:
> >>#openssl speed -evp aes-256-cbc
> >
> >First off, you won't get much speed up w/ CBC encrypt...  Try testing
> >using aes-256-ctr instead...  CBC can't process multiple blocks in
> >parallel like CTR can...  if you measure the cbc _decrypt_ speed, you
> >should see a big improvement as CBC decrypt can be parallelized...
> >
> >>in the same time dd from geli encrypted ramdisk to /dev/null is 66MB/s
> >
> >geli uses a different framework for it's crypto processing.. for geli,
> >make sure you have the aesni kernel module loaded before you attach
> >to a geli disk...  You should get kernel messages like the following:
> >GEOM_ELI: Device gpt/werner.eli created.
> >GEOM_ELI: Encryption: AES-XTS 256
> >GEOM_ELI:     Crypto: hardware
> 
> yes i have this. contrary to what you say - both AES-XTC and AES-CBC gets 
> MUCH faster with AES-NI.

Well, AES-NI CBC may be faster w/ AES-NI, but it's not as fast as using
another mode...  AES-XTS should be many times faster than CBC...  Also,
above you compared two different modes... on CBC encrypt (the OpenSSL
test) and CBC decrypt (the geli test) so of course you're going to get
very different performances...

You didn't tell me if you're using a new enough version of OpenSSL or
not..  What release are you using?  iirc, 10.0-R was the first release
that the included OpenSSL suppoed AES-NI...  You can always install
OpenSSL from ports to get a version that supports AES-NI...

> >notice the Crypto: hardware line..  Also, make sure that your geli
> >sector size is 4k instead of 512...  This reduces the loop overhead,
> 
> as i already said - geli works fast and make use of AES-NI or padlock
> 
> openssl does not

For comparision:
$ openssl speed -evp aes-256-cbc
[...]
type             16 bytes     64 bytes    256 bytes   1024 bytes   8192 bytes
aes-256-cbc     348326.67k   408978.79k   431361.86k   456647.06k   460708.89k
$ openssl speed -decrypt -evp aes-256-cbc
[...]
type             16 bytes     64 bytes    256 bytes   1024 bytes   8192 bytes
aes-256-cbc     318017.94k  1263192.77k  2938389.38k  3288584.50k  3400531.97k

notice, encrypt is 460MB/sec vs 3.4GB/sec decrypt...  This is HEAD:
$ openssl version
OpenSSL 1.0.1h-freebsd 5 Jun 2014

Also, 66MB/sec seems VERY slow to me to be using AES-NI, but it just
could be you're on 9.x which didn't have very good AES-NI kernel
support...

We need more information about which version of FreeBSD, and what
processor you have before we can be more help...  The first part of
dmesg would be useful...  and also openssl version too..

-- 
  John-Mark Gurney				Voice: +1 415 225 5579

     "All that I will do, has been done, All that I have, has not."



Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20140912004541.GQ82175>