Intel AES NI performance test
boss sent me to go and find it there any cheap and easy to use AES hardware accelerator card, so I wanted to try the Intel CPU hardware acceleration.
my test environment is CentOS release 5.7 (Final), used by the CPU is the Intel (R) Xeon (R) CPU X5675@3.07GHz. Have to say, such a good one CPU with the old operating system is really a pity.
First, take the system comes with the openssl test
$ openssl speed-evp aes-128-cbc
Doing aes-128-cbc for 3s on 16 size blocks: 16189439 aes-128-cbc’s in 3.00s
Doing aes-128-cbc for 3s on 64 size blocks: 4972096 aes-128-cbc’s in 3.00s
Doing aes-128-cbc for 3s on 256 size blocks: 1280673 aes-128-cbc’s in 3.00s
Doing aes-128-cbc for 3s on 1024 size blocks: 321781 aes-128-cbc’s in 3.00s
Doing aes-128-cbc for 3s on 8192 size blocks: 40365 aes-128-cbc’s in 3.00s
OpenSSL 0.9.8e-fips-rhel5 01 Jul 2008
built on: Sat Aug 13 18:21:50 EDT 2011
options: bn (64,64) md2 (int) rc4 (ptr, int) des (idx, cisc, 16, int) aes (partial) blowfish (ptr2)
compiler: gcc-fPIC-DOPENSSL_PIC-DZLIB-DOPENSSL_THREADS-D_REENTRANT-DDSO_DLFCN-DHAVE_DLFCN_H-DKRB5_MIT -I/usr/kerberos/include-DL_ENDIAN-DTERMIO-Wall-DMD32_REG_T = int-O2-g-pipe-Wall-Wp,-D_FORTIFY_SOURCE = 2-fexceptions-fstack-protector-param = ssp-buffer-size = 4-m64-mtune = generic-Wa,-noexecstack-DOPENSSL_USE_NEW_FUNCTIONS-fno-strict-aliasing-DOPENSSL_BN_ASM_MONT-DSHA1_ASM-DSHA256_ASM-DSHA512_ASM-DMD5_ASM-DAES_ASM
available timing options: TIMES TIMEB HZ = 100 [sysconf value]
timing function used: times
The ‘numbers’ are in 1000s of bytes per second processed.
type 16 bytes 64 bytes 256 bytes 1024 bytes 8192 bytes
aes-128-cbc 86343.67k 106071.38k 109284.10k 109834.58k 110223.36k
then, to compile the openssl one, more than 1.0 version of the openssl support for AES-NI.
$ . / openssl speed-evp aes-128-cbc
WARNING: can’t open config file: / usr / local / ssl / openssl.cnf
Doing aes-128-cbc for 3s on 16 size blocks: 133851129 aes-128-cbc’s in 3.00s
Doing aes-128-cbc for 3s on 64 size blocks: 39974385 aes-128-cbc’s in 3.00s
Doing aes-128-cbc for 3s on 256 size blocks: 10430354 aes-128-cbc’s in 3.00s
Doing aes-128-cbc for 3s on 1024 size blocks: 2623128 aes-128-cbc’s in 3.00s
Doing aes-128-cbc for 3s on 8192 size blocks: 327487 aes-128-cbc’s in 3.00s
OpenSSL 1.0.1c 10 May 2012
built on: Tue Jul 31 19:00:23 CST 2012
options: bn (64,64) rc4 (16x, int) des (idx, cisc, 16, int) aes (partial) idea (int) blowfish (idx)
compiler: gcc-DOPENSSL_THREADS-D_REENTRANT-DDSO_DLFCN-DHAVE_DLFCN_H-Wa,-noexecstack-m64-DL_ENDIAN-DTERMIO-O3-Wall-DOPENSSL_IA32_SSE2-DOPENSSL_BN_ASM_MONT-DOPENSSL_BN_ASM_MONT5-DOPENSSL_BN_ASM_GF2m-DSHA1_ASM-DSHA256_ASM-DSHA512_ASM-DMD5_ASM-DAES_ASM-DVPAES_ASM-DBSAES_ASM-DWHIRLPOOL_ASM -DGHASH_ASM
The ‘numbers’ are in 1000s of bytes per second processed.
type 16 bytes 64 bytes 256 bytes 1024 bytes 8192 bytes
aes-128-cbc 713872.69k 852786.88k 890056.87k 895361.02k 894257.83k
| 16 bytes | 64 bytes | 256 bytes | 1024 bytes | 8192 bytes | |
| old | 86343 | 106071 | 109284 | 109834 | 110223 |
| new | 713872 | 852786 | 890056 | 895361 | 894257 |
can be seen from this table, enable AES-NI, the encryption speed enhanced approximately 8-9 times.
but the strange is made to Intel’s own test results is not the case. This is a report just issued this year, http: / / software.intel.com / en-us / articles / intel-aes-ni-performance-testing-on-linuxjava-stack / , AES-NI test Java program on Linux performance impact, the conclusion is: “ 38% (average) for encryption and 37.5% (average) for decryption” . This shows that the JAVA minimal. Why? Will not be using the wrong provider? The default is com.sun.crypto.provider.AESCrypt take JAVA, is not subject to the new directive.
snnn’s blog
No comments yet.