Re: Padlock results

#48446

KLGIT
Member

aseques posted this, I believe in answer to THIS post, but accidentally replied it to another post of mine.
I’ll quote here and then answer here to bring the conversation back here.

Doing a fast search it seems that there’s no problem to have it in Linux (as far as you’ve the right versions).

Kernel newer than 2.6.19 (like zeroshell) should have support build in:
http://www.logix.cz/michal/devel/padlock/

Portable openssh has support too:
https://bugzilla.mindrot.org/show_bug.cgi?id=1437

Openssl 0.9.8e should have it included too (lenny’s version is 0.9.8g)

So have a look to the versions on zeroshell, and please post the results

You are right! Zeroshell 1.0beta12 does seem to have Padlock support built in. At least for OpenSSL. I’ll test more later.

For now, here are my results for OpenSSL.


root@zeroshell root> openssl speed -evp aes-128-ecb
Doing aes-128-ecb for 3s on 16 size blocks: 2514961 aes-128-ecb's in 3.00s
Doing aes-128-ecb for 3s on 64 size blocks: 670904 aes-128-ecb's in 3.00s
Doing aes-128-ecb for 3s on 256 size blocks: 171155 aes-128-ecb's in 3.00s
Doing aes-128-ecb for 3s on 1024 size blocks: 43010 aes-128-ecb's in 3.00s
Doing aes-128-ecb for 3s on 8192 size blocks: 5384 aes-128-ecb's in 3.00s
OpenSSL 0.9.8k 25 Mar 2009
built on: Sat May 9 12:34:22 CEST 2009
options:bn(64,32) md2(int) rc4(idx,int) des(ptr,risc1,16,long) aes(partial) idea(int) blowfish(idx)
compiler: gcc -fPIC -DOPENSSL_PIC -DOPENSSL_THREADS -D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H -DL_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -Wall -DOPENSSL_BN_ASM_PART_WORDS -DOPENSSL_IA32_SSE2 -DSHA1_ASM -DMD5_ASM -DRMD160_ASM -DAES_ASM
available timing options: TIMES TIMEB HZ=100 [sysconf value]
timing function used: times
The 'numbers' are in 1000s of bytes per second processed.
type 16 bytes 64 bytes 256 bytes 1024 bytes 8192 bytes
aes-128-ecb 13413.13k 14312.62k 14605.23k 14680.75k 14701.91k

Now with Padlock


root@zeroshell root> openssl speed -evp aes-128-ecb -engine padlock
engine "padlock" set.
Doing aes-128-ecb for 3s on 16 size blocks: 8347197 aes-128-ecb's in 3.00s
Doing aes-128-ecb for 3s on 64 size blocks: 5318052 aes-128-ecb's in 3.00s
Doing aes-128-ecb for 3s on 256 size blocks: 2197573 aes-128-ecb's in 3.00s
Doing aes-128-ecb for 3s on 1024 size blocks: 717930 aes-128-ecb's in 3.00s
Doing aes-128-ecb for 3s on 8192 size blocks: 106649 aes-128-ecb's in 3.00s
OpenSSL 0.9.8k 25 Mar 2009
built on: Sat May 9 12:34:22 CEST 2009
options:bn(64,32) md2(int) rc4(idx,int) des(ptr,risc1,16,long) aes(partial) idea(int) blowfish(idx)
compiler: gcc -fPIC -DOPENSSL_PIC -DOPENSSL_THREADS -D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H -DL_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -Wall -DOPENSSL_BN_ASM_PART_WORDS -DOPENSSL_IA32_SSE2 -DSHA1_ASM -DMD5_ASM -DRMD160_ASM -DAES_ASM
available timing options: TIMES TIMEB HZ=100 [sysconf value]
timing function used: times
The 'numbers' are in 1000s of bytes per second processed.
type 16 bytes 64 bytes 256 bytes 1024 bytes 8192 bytes
aes-128-ecb 44518.38k 113451.78k 187526.23k 245053.44k 291222.87k

As you can see, the performance increase with Padlock enabled is HUGE.

Here are the final numbers again for comparison


The 'numbers' are in 1000s of bytes per second processed.
type 16 bytes 64 bytes 256 bytes 1024 bytes 8192 bytes
no padlock aes-128-ecb 13413.13k 14312.62k 14605.23k 14680.75k 14701.91k
w/ padlock aes-128-ecb 44518.38k 113451.78k 187526.23k 245053.44k 291222.87k

In the 8k block size, the performance improvement is 20X !

For reference and to see just how fast Padlock is, here is the same test run on my Dell server with a 3GHz PentiumD-64bit


type 16 bytes 64 bytes 256 bytes 1024 bytes 8192 bytes
aes-128-ecb 97745.47k 104677.59k 110004.92k 111115.99k 110676.65k

Now I just have to figure out how to get all everything in Zeroshell to use padlock by default.

Also, if I find any other benchmarks or tests, I’ll run and post them.
Meanwhile, this is something to consider if you want to put together a high bang for the buck router.
This one I’m testing on cost under $500 Canadian with a 1GHz CPU and 1GB of RAM.

FYI


root@zeroshell root> cat /proc/cpuinfo
processor : 0
vendor_id : CentaurHauls
cpu family : 6
model : 10
model name : VIA Esther processor 1000MHz
stepping : 9
cpu MHz : 997.611
cache size : 128 KB
fdiv_bug : no
hlt_bug : no
f00f_bug : no
coma_bug : no
fpu : yes
fpu_exception : yes
cpuid level : 1
wp : yes
flags : fpu vme de pse tsc msr pae mce apic sep mtrr pge cmov pat clflush acpi mmx fxsr sse sse2 tm nx up pni est tm2 rng rng_en ace ace_en ace2 ace2_en phe phe_en pmm pmm_en
bogomips : 1997.89
clflush size : 64