hubertf's NetBSD Blog
Send interesting links to hubert at feyrer dot de!
[20070623] NetBSD on Soekris net5501 - AMD Geode LX AES crypto performance
Jared McNeill has worked on getting support for the AES/RNG security block found in the AMD Geode LX family of processors, which in turn can be found on e.g. Soekris net5501 machines. The code was ported from OpenBSD, see his posting to tech-crypto for some numbers:
engine    type        16 bytes    64 bytes  256 bytes 1024 bytes  8192 bytes
swcrypto: aes-128-cbc  3688.28k   4064.06k   4185.64k   4216.48k    4221.59k
hwcrypto: aes-128-cbc   372.70k   1422.76k   5098.58k  13612.23k   26804.31k 
The numbers were obtained by running "openssl speed -evp aes-128-cbc -elapsed" for the "swcrypto" case that uses the CPU for the crypto operatin, and "openssl speed -evp aes-128-cbc -elapsed -engine cryptodev" for the "hwcrypto" case that uses the crypto(4) routines. For a list of crypto engines available, run "openssl engine".

Noteworthy details in the above numbers are that the throughput for swcrypto remains mostly constant regardless of the blocksize, while the throughput for small blocks in the hwcrypto case is rather mediocre. The reason for this is that the crypto hardware requires some setup overhead that's ammounting when using small blocks.

A remaining mysteria is how to tell ssh(1)/sshd(1) what crypto engine to use... anyone got details?

[Tags: , , ]

Disclaimer: All opinion expressed here is purely my own. No responsibility is taken for anything.

Access count: 31044632
Copyright (c) Hubert Feyrer