Crypto card speed (was Re: FreeBSD + Rainbow Cryptoswift)

Mike Tancsa mike at sentex.net
Mon Jan 26 12:06:14 PST 2004 

Here is a quick example of encryption speeds

The file "big" is the result of cat /dev/urandom > big and is 577MB. Before 
the test was run, I did a cat big > /dev/null to make the cache similar in 
both tests.

The hardware is the same, except on the second test I compiled in the hifn 
support. This is a Intel(R) Pentium(R) 4 CPU 2.66GHz (2665.40-MHz 686-class 
CPU) with 512MB of DDR-333.


pp-duke% time openssl enc -des3 -in big -out big.enc -k test1234567890
97.498u 2.070s 1:40.20 99.3%    384+343k 4430+4404io 2pf+0w
pp-duke%

pp-duke% time openssl enc -des3 -in big -out big.enc -k test1234567890
0.331u 3.282s 1:22.68 4.3%      429+383k 4439+4404io 31pf+0w
pp-duke%


The crypto card is faster.  But the real interesting part (for me) is the 
CPU utilization.... 99.3% vs 4.3%.  So for my "backups over ssh" 
application this is a big gain.  I suspect once kernel crypto is added, 
things like the GEOM encrypted filesystem would see similar big gains.  If 
you think of the card more as an "offloader" you will see it in a more 
appropriate light.

         ---Mike

At 11:30 AM 26/01/2004, Charles Swiger wrote:
>On Jan 26, 2004, at 10:56 AM, Rumen Telbizov wrote:
>[ ... ]
>>I don't see anything related to RSA computations?!
>>Do you see any real acceleration in the RSA operations
>>while using this card or there is NO support for RSA in
>>the crypto device ?
>
>It might be worth asking the author of cryptodev and hifn whether the 
>manpage is current with regard to RSA support.  For my purposes, adding 
>entropy and speeding up 3DES for ssh is useful, but you are right that 
>HTTPS acceleration will want RSA.
>
>The hifn cards will do ARC4/MD5/SHA, which is still helpful to your 
>situation, but doing SSL session startup with a 1024-bit RSA server 
>certificate tends to be the hit that slows down a busy site, not streaming 
>40/128-bit encryption afterwards.
>
>Here's the results of an "openssl speed" on a machine with a 933MHz Tualatin:
>
>OpenSSL 0.9.7c 30 Sep 2003
>built on: Mon Jan 19 17:09:38 EST 2004
>options:bn(64,32) md2(int) rc4(idx,int) des(ptr,risc1,16,long) 
>aes(partial) blowfish(idx)
>compiler: cc
>available timing options: USE_TOD HZ=128 [sysconf value]
>timing function used: getrusage
>The 'numbers' are in 1000s of bytes per second processed.
>type             16 bytes     64 bytes    256 bytes   1024 bytes   8192 bytes
>md2                620.93k     1321.03k     1840.87k     2043.58k
>2109.85k
>mdc2              1216.23k     1340.13k     1379.00k     1386.49k
>1392.69k
>md4               5238.60k    18516.78k    53933.28k   103206.39k
>141003.58k
>md5               3403.53k    10198.36k    23224.80k    34163.24k
>39580.86k
>hmac(md5)         1853.72k     6250.73k    17093.20k    30202.23k
>38852.70k
>sha1              3834.47k     9754.21k    23442.41k    36293.86k
>43284.01k
>rmd160            3402.43k     9754.38k    20798.38k    28830.32k
>32526.01k
>rc4              63056.66k    72429.52k    76481.40k    76876.09k
>77175.42k
>des cbc           5793.26k     5932.76k     5974.18k     5984.65k
>5987.75k
>des ede3          2522.17k     2549.38k     2560.15k     2562.74k
>2565.13k
>idea cbc             0.00         0.00         0.00         0.00
>  0.00
>rc2 cbc           7170.32k     7373.37k     7451.72k     7474.13k
>7527.15k
>rc5-32/12 cbc    36376.64k    42649.09k    45031.39k    45666.52k
>45844.24k
>blowfish cbc     15556.50k    16535.16k    16851.46k    16930.07k
>16962.81k
>cast cbc         15316.29k    16194.30k    16490.12k    16564.61k
>16580.42k
>aes-128 cbc      14087.20k    14768.17k    14920.34k    14969.05k
>14981.57k
>aes-192 cbc      12415.22k    12648.94k    12721.03k    12741.74k
>12740.70k
>aes-256 cbc      11021.74k    11247.24k    11286.85k    11298.91k
>11300.38k
>                   sign    verify    sign/s verify/s
>rsa  512 bits   0.0031s   0.0003s    326.2   3032.8
>rsa 1024 bits   0.0161s   0.0009s     61.9   1114.6
>rsa 2048 bits   0.0959s   0.0029s     10.4    346.7
>rsa 4096 bits   0.6236s   0.0098s      1.6    101.9
>                   sign    verify    sign/s verify/s
>dsa  512 bits   0.0026s   0.0033s    382.9    304.3
>dsa 1024 bits   0.0079s   0.0097s    126.8    102.6
>dsa 2048 bits   0.0263s   0.0319s     38.1     31.3
>396.70s real  395.67s user  0.03s system  99%
>
>--
>-Chuck
>
>_______________________________________________
>freebsd-stable at freebsd.org mailing list
>http://lists.freebsd.org/mailman/listinfo/freebsd-stable
>To unsubscribe, send any mail to "freebsd-stable-unsubscribe at freebsd.org"

More information about the freebsd-stable mailing list