From owner-freebsd-stable@FreeBSD.ORG Mon Jan 26 12:06:14 2004 Return-Path: Delivered-To: freebsd-stable@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 2158016A4E8 for ; Mon, 26 Jan 2004 12:06:14 -0800 (PST) Received: from smtp3.sentex.ca (smtp3.sentex.ca [64.7.153.18]) by mx1.FreeBSD.org (Postfix) with ESMTP id 9B0B843D46 for ; Mon, 26 Jan 2004 12:06:10 -0800 (PST) (envelope-from mike@sentex.net) Received: from lava.sentex.ca (pyroxene.sentex.ca [199.212.134.18]) by smtp3.sentex.ca (8.12.10/8.12.10) with ESMTP id i0QK5xUE053336; Mon, 26 Jan 2004 15:05:59 -0500 (EST) (envelope-from mike@sentex.net) Received: from simian.sentex.net (simeon.sentex.ca [192.168.43.27]) by lava.sentex.ca (8.12.9p2/8.12.9) with ESMTP id i0QK5xNq004029; Mon, 26 Jan 2004 15:05:59 -0500 (EST) (envelope-from mike@sentex.net) Message-Id: <6.0.1.1.0.20040126145751.047cad70@209.112.4.2> X-Sender: mdtpop@209.112.4.2 (Unverified) X-Mailer: QUALCOMM Windows Eudora Version 6.0.1.1 Date: Mon, 26 Jan 2004 15:05:26 -0500 To: Charles Swiger , Rumen Telbizov From: Mike Tancsa In-Reply-To: References: <20040126091424.GI688@e-card.bg> <6889E365-5016-11D8-B821-003065A20588@mac.com> <20040126155600.GB230@e-card.bg> Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii"; format=flowed X-Virus-Scanned: by amavisd-new cc: stable@freebsd.org Subject: Crypto card speed (was Re: FreeBSD + Rainbow Cryptoswift) X-BeenThere: freebsd-stable@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Production branch of FreeBSD source code List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 26 Jan 2004 20:06:14 -0000 Here is a quick example of encryption speeds The file "big" is the result of cat /dev/urandom > big and is 577MB. Before the test was run, I did a cat big > /dev/null to make the cache similar in both tests. The hardware is the same, except on the second test I compiled in the hifn support. This is a Intel(R) Pentium(R) 4 CPU 2.66GHz (2665.40-MHz 686-class CPU) with 512MB of DDR-333. pp-duke% time openssl enc -des3 -in big -out big.enc -k test1234567890 97.498u 2.070s 1:40.20 99.3% 384+343k 4430+4404io 2pf+0w pp-duke% pp-duke% time openssl enc -des3 -in big -out big.enc -k test1234567890 0.331u 3.282s 1:22.68 4.3% 429+383k 4439+4404io 31pf+0w pp-duke% The crypto card is faster. But the real interesting part (for me) is the CPU utilization.... 99.3% vs 4.3%. So for my "backups over ssh" application this is a big gain. I suspect once kernel crypto is added, things like the GEOM encrypted filesystem would see similar big gains. If you think of the card more as an "offloader" you will see it in a more appropriate light. ---Mike At 11:30 AM 26/01/2004, Charles Swiger wrote: >On Jan 26, 2004, at 10:56 AM, Rumen Telbizov wrote: >[ ... ] >>I don't see anything related to RSA computations?! >>Do you see any real acceleration in the RSA operations >>while using this card or there is NO support for RSA in >>the crypto device ? > >It might be worth asking the author of cryptodev and hifn whether the >manpage is current with regard to RSA support. For my purposes, adding >entropy and speeding up 3DES for ssh is useful, but you are right that >HTTPS acceleration will want RSA. > >The hifn cards will do ARC4/MD5/SHA, which is still helpful to your >situation, but doing SSL session startup with a 1024-bit RSA server >certificate tends to be the hit that slows down a busy site, not streaming >40/128-bit encryption afterwards. > >Here's the results of an "openssl speed" on a machine with a 933MHz Tualatin: > >OpenSSL 0.9.7c 30 Sep 2003 >built on: Mon Jan 19 17:09:38 EST 2004 >options:bn(64,32) md2(int) rc4(idx,int) des(ptr,risc1,16,long) >aes(partial) blowfish(idx) >compiler: cc >available timing options: USE_TOD HZ=128 [sysconf value] >timing function used: getrusage >The 'numbers' are in 1000s of bytes per second processed. >type 16 bytes 64 bytes 256 bytes 1024 bytes 8192 bytes >md2 620.93k 1321.03k 1840.87k 2043.58k >2109.85k >mdc2 1216.23k 1340.13k 1379.00k 1386.49k >1392.69k >md4 5238.60k 18516.78k 53933.28k 103206.39k >141003.58k >md5 3403.53k 10198.36k 23224.80k 34163.24k >39580.86k >hmac(md5) 1853.72k 6250.73k 17093.20k 30202.23k >38852.70k >sha1 3834.47k 9754.21k 23442.41k 36293.86k >43284.01k >rmd160 3402.43k 9754.38k 20798.38k 28830.32k >32526.01k >rc4 63056.66k 72429.52k 76481.40k 76876.09k >77175.42k >des cbc 5793.26k 5932.76k 5974.18k 5984.65k >5987.75k >des ede3 2522.17k 2549.38k 2560.15k 2562.74k >2565.13k >idea cbc 0.00 0.00 0.00 0.00 > 0.00 >rc2 cbc 7170.32k 7373.37k 7451.72k 7474.13k >7527.15k >rc5-32/12 cbc 36376.64k 42649.09k 45031.39k 45666.52k >45844.24k >blowfish cbc 15556.50k 16535.16k 16851.46k 16930.07k >16962.81k >cast cbc 15316.29k 16194.30k 16490.12k 16564.61k >16580.42k >aes-128 cbc 14087.20k 14768.17k 14920.34k 14969.05k >14981.57k >aes-192 cbc 12415.22k 12648.94k 12721.03k 12741.74k >12740.70k >aes-256 cbc 11021.74k 11247.24k 11286.85k 11298.91k >11300.38k > sign verify sign/s verify/s >rsa 512 bits 0.0031s 0.0003s 326.2 3032.8 >rsa 1024 bits 0.0161s 0.0009s 61.9 1114.6 >rsa 2048 bits 0.0959s 0.0029s 10.4 346.7 >rsa 4096 bits 0.6236s 0.0098s 1.6 101.9 > sign verify sign/s verify/s >dsa 512 bits 0.0026s 0.0033s 382.9 304.3 >dsa 1024 bits 0.0079s 0.0097s 126.8 102.6 >dsa 2048 bits 0.0263s 0.0319s 38.1 31.3 >396.70s real 395.67s user 0.03s system 99% > >-- >-Chuck > >_______________________________________________ >freebsd-stable@freebsd.org mailing list >http://lists.freebsd.org/mailman/listinfo/freebsd-stable >To unsubscribe, send any mail to "freebsd-stable-unsubscribe@freebsd.org"