Re: [Cryptodev-linux-devel] performance questions (PPC32 talitos v3.3, linux v3.4.36, cryptodev-linux v1.6)
Nikos -- Thanks for the reply. I have a few more comments below. On Tue, Apr 30, 2013 at 6:57 AM, Nikos Mavrogiannopoulos wrote: > In some (many?) systems the CPU can handle hashes much faster than the > crypto chip. Note also that in that time includes the context switch > from user-space to kernel space. It depends on you on whether you want > to off-load that operation from the CPU, and do something else with > it. If your system is generally idle you could avoid cryptodev for > hashes. The offload would be nice, so I might keep using that just for that purpose. Although, until the talitos issue is resolved (see other thread), I can't use cryptodev on my platform anyway. > cryptodev-linux does not support modular exponentiation with cryptodev > because the Linux kernel crypto drivers don't include that capability. > So you shouldn't see any difference with RSA. Ok. (It turns out that I'm using a hardware token for the actual signing, anyway, so the signing speed is limited by the token, and the speed of CPU-based RSA signing is not relevant. I might eventually be verifying uploads (using keys / certs on the token), but that's so rare that I'm not going to worry about it for now.) > > > Finally, why does specifying the EVP result in such a huge difference? > > E.g, with aes-128-cbc and 8KiB blocks: > > no cryptodev, no evp -- 6MiB/s > > no cryptodev, with evp -- 6MiB/s > > with cryptodev, no evp -- 6MiB/s > > No evp in openssl means that the software implementation is used (not > the cryptodev engine). > > > with cryptodev, with evp -- 33MiB/s (!) > > Here the engine is used. Ok. I think I'm simply confused as to why openssl would ever choose to not use the EVP layer, even if the flag wasn't provided on the command line. (That is, I expected the interface to be simply "do this", not "do this, and do it in this way". Because there are other aspects of openssl that it seems one can't control at that level, e.g., to switch back to the software routines if cryptodev is compiled in...) Thanks again for the reply. Best regards, Anthony Foiani ___ Cryptodev-linux-devel mailing list Cryptodev-linux-devel@gna.org https://mail.gna.org/listinfo/cryptodev-linux-devel
Re: [Cryptodev-linux-devel] performance questions (PPC32 talitos v3.3, linux v3.4.36, cryptodev-linux v1.6)
On Tue, Apr 30, 2013 at 6:51 AM, Anthony Foiani wrote: > SHA1 -- about 2.5x slower using cryptodev than native CPU > instructions. Is that expected? In some (many?) systems the CPU can handle hashes much faster than the crypto chip. Note also that in that time includes the context switch from user-space to kernel space. It depends on you on whether you want to off-load that operation from the CPU, and do something else with it. If your system is generally idle you could avoid cryptodev for hashes. > RSA -- signing seems to be exactly the same, while verifying is about > 10% faster in native. That seems odd, since cryptodev advertises RSA > capabilities, and the SEC v3.3 engine of the MPC8315E supports RSA > operations. cryptodev-linux does not support modular exponentiation with cryptodev because the Linux kernel crypto drivers don't include that capability. So you shouldn't see any difference with RSA. > Finally, why does specifying the EVP result in such a huge difference? > E.g, with aes-128-cbc and 8KiB blocks: > no cryptodev, no evp -- 6MiB/s > no cryptodev, with evp -- 6MiB/s > with cryptodev, no evp -- 6MiB/s No evp in openssl means that the software implementation is used (not the cryptodev engine). > with cryptodev, with evp -- 33MiB/s (!) Here the engine is used. regards, Nikos ___ Cryptodev-linux-devel mailing list Cryptodev-linux-devel@gna.org https://mail.gna.org/listinfo/cryptodev-linux-devel
[Cryptodev-linux-devel] performance questions (PPC32 talitos v3.3, linux v3.4.36, cryptodev-linux v1.6)
Greetings, again. I went ahead and subscribed to the list, so you can ignore the "cc" request in my previous mail. :) I have some questions about the performance I'm seeing on my platform (a 266MHz MPC8315E): AES-128-CBC -- using cryptodev + evp gives 5x performance (with larger block sizes), so that's a great win, and that's exactly what I wanted to see. SHA1 -- about 2.5x slower using cryptodev than native CPU instructions. Is that expected? RSA -- signing seems to be exactly the same, while verifying is about 10% faster in native. That seems odd, since cryptodev advertises RSA capabilities, and the SEC v3.3 engine of the MPC8315E supports RSA operations. Finally, why does specifying the EVP result in such a huge difference? E.g, with aes-128-cbc and 8KiB blocks: no cryptodev, no evp -- 6MiB/s no cryptodev, with evp -- 6MiB/s with cryptodev, no evp -- 6MiB/s with cryptodev, with evp -- 33MiB/s (!) Apologies if these questions are simple. I've tried going through the OpenSSL code, but it's... painful. Again, thanks in advance if you have the time to reply. Best regards, Anthony Foiani -- All times below are with "-elapsed" and "-evp" where applicable. === With cryptodev module loaded: === / # openssl engine cryptodev -t -c (cryptodev) BSD cryptodev engine [RSA, DSA, DH, DES-CBC, DES-EDE3-CBC, AES-128-CBC, AES-192-CBC, AES-256-CBC, BF-CBC, hmacWithMD5, hmacWithSHA1, MD5, SHA1] [ available ] / # openssl speed -engine cryptodev -elapsed -evp AES-128-CBC engine "cryptodev" set. type 16 bytes 64 bytes256 bytes 1024 bytes 8192 bytes aes-128-cbc136.56k 539.35k 2106.79k 7275.52k33822.04k / # openssl speed -engine cryptodev -elapsed -evp SHA1 engine "cryptodev" set. type 16 bytes 64 bytes256 bytes 1024 bytes 8192 bytes sha141.40k 165.01k 535.72k 2068.48k13475.84k / # openssl speed -engine cryptodev -elapsed rsa2048 engine "cryptodev" set. signverifysign/s verify/s rsa 2048 bits 0.166230s 0.005128s 6.0195.0 === Without cryptodev loaded: === / # openssl speed -elapsed -evp AES-128-CBC type 16 bytes 64 bytes256 bytes 1024 bytes 8192 bytes aes-128-cbc 4895.94k 5716.93k 6005.42k 6028.97k 6023.85k / # openssl speed -elapsed -evp SHA1 type 16 bytes 64 bytes256 bytes 1024 bytes 8192 bytes sha1 798.14k 3209.90k 9863.34k20525.06k30086.49k / # openssl speed -elapsed rsa2048 signverifysign/s verify/s rsa 2048 bits 0.165574s 0.004564s 6.0219.1 ___ Cryptodev-linux-devel mailing list Cryptodev-linux-devel@gna.org https://mail.gna.org/listinfo/cryptodev-linux-devel