Nikos Mavrogiannopoulos <[email protected]> writes:
> On Tue, 2015-01-27 at 22:53 +0100, Niels Möller wrote:
>> Nikos Mavrogiannopoulos <[email protected]> writes:
>>
>> > About the release... Since you added the fat, would it include AESNI
>> > +PCLMUL?
>>
>> AESNI is in. If you have the time, it would be interesting if you could
>> benchmark it against the gnutls code. The nettle implementation is
>> pretty basic, maybe it could be sped up a bit by unrolling or by caching
>> subkeys in registers.
>
> Currently the numbers I get with the current implementation:
> $ ./gnutls-cli --benchmark-ciphers
> AES-128-CBC-SHA1 0.41 GB/sec
> AES-128-CBC-SHA256 0.27 GB/sec
> AES-128-GCM 3.02 GB/sec
>
> If I use nettle's only
> $ GNUTLS_CPUID_OVERRIDE=0x1 ./gnutls-cli --benchmark-ciphers
> AES-128-CBC-SHA1 0.29 GB/sec
> AES-128-CBC-SHA256 188.68 MB/sec
> AES-128-GCM 0.29 GB/sec
>
> (I verified that nettle detects aesni)
Ok, so it's a factor 1.4 for the first two. And even with aesni, it seems
aes is a lot of work compared to the sha1 or sha256 mac ("-SHA1" means
HMAC-SHA1, right?).
> Unrelated but I realized that I also have overrides for non-AESNI
> systems which use this implementation by Mike Hamburg:
> https://github.com/openssl/openssl/blob/e0fc7961c4fbd27577fb519d9aea2dc788742715/crypto/aes/asm/vpaes-x86_64.pl
>
> This takes advantage of SSSE3 and is faster while being constant time as
> well.
Constant time definitely is a good feature. Impressing that it can be
done *and* be faster.
Regards,
/Niels
--
Niels Möller. PGP-encrypted email is preferred. Keyid C0B98E26.
Internet email is subject to wholesale government surveillance.
_______________________________________________
nettle-bugs mailing list
[email protected]
http://lists.lysator.liu.se/mailman/listinfo/nettle-bugs
