VIA PadLock ACE benchmarks

Here are some numbers that show the speed difference between PadLock AES and software AES in different applications.
The appropriate patches are of course available for download and your own testing.

PadLock in the linux kernel

Results of a simple benchmark that measured disk access speed with bonnie and 2GB files with ext2 filesystem on Seagate Barracuda ST3120022A (7200 r.p.m., UDMA100).
The CPU used was VIA C3 Nehemiah with integrated PadLock Advanced Crypto Engine.
Linux kernel 2.6.10-bk1

The tests were run always on the same partition - either mounted directly or using the device mapper crypto module and cryptsetup command. The partition was reformated before each test to ensure the same start conditions for file allocation.

Five tests were run:

The slowdown is computed relative to the non-encrypted case (which is 100%).

No encryption PadLock AES
(multiblock)
PadLock AES
(singleblock)
Software AES
(aes-i586.ko)
Software AES
(aes.ko)
Writing with putc() 10454 kB/s100% 9353 kB/s89% 7479 kB/s72% 5930 kB/s57% 5383 kB/s51%
Rewriting 16510 kB/s100% 10611 kB/s64% 7628 kB/s46% 4642 kB/s28% 4062 kB/s25%
Writing intelligently 61128 kB/s100% 48103 kB/s79% 21132 kB/s35% 12215 kB/s20% 10068 kB/s16%
Reading with getc() 9406 kB/s100% 8801 kB/s94% 6916 kB/s74% 5529 kB/s59% 4816 kB/s51%
Reading intelligently 35885 kB/s100% 23202 kB/s65% 15271 kB/s43% 9785 kB/s27% 7657 kB/s21%

Yes, I know this "benchmark" is far from ideal, but it shows that the hardware crypto engine easily overrules the software AES implementation.

PadLock speeds up IPsec

In this test I was transferring 100MB file of random numbers over 100Mbps network. The server side was the same system as above: VIA C3 Nehemiah with VIA Rhine-II network card. The client side was AMD Athlon XP 1600+ with PCnet/FAST+ 79C972 network card. Both computers were connected over a crosslink cable.

Server side used vsftpd 2.0.1 and kernel vanilla 2.6.9 with my PadLock patches applied. The throughput speed was measured using wget 1.9.1. The maximum throughput without IPsec was 11.22 MB/s.

For setting up IPsec I used setkey tool from IPsec-tools 0.4rc1. I have run the tests with AES encryption in all available key lengths (128, 192, 256 bits) both with and without HMAC-SHA256 hashing. Here are the results:

AES without HMAC AES with HMAC-SHA256
128 bit 192 bit 256 bit 128 bit 192 bit 256 bit
aes.ko 8.24 MB/s 7.33 MB/s 6.37 MB/s 4.43 MB/s 4.17 MB/s 3.93 MB/s
aes-i586.ko 9.84 MB/s 8.69 MB/s 8.01 MB/s 4.94 MB/s 4.69 MB/s 4.45 MB/s
padlock.ko 11.00 MB/s 10.99 MB/s 10.99 MB/s 8.08 MB/s 8.06 MB/s 8.06 MB/s

As you can see in the last row with PadLock you can get the IPsec security for free as there is almost no slowdown. I was running the tests on a VIA Nehemiah CPU that doesn't have the SHA engine, i.e. the hashing was done in software. With VIA Esther CPU I believe the hashing will be as fast as the encryption, i.e. almost no slowdown. Once I get VIA Esther CPU I will update the results of course.

PadLock in OpenSSL

Results with CVS version of OpenSSL library (from 2004-09-21). So far it only works with EVP_*() functions.
Command used:
openssl speed -evp aes-128-ecb [-engine padlock]

The 'numbers' are in 1000s of bytes per second processed.

type             16 bytes     64 bytes    256 bytes   1024 bytes   8192 bytes
aes-128-ecb      11274.53k    14327.79k    14608.64k    14672.55k    14693.72k (software)
aes-128-ecb      66892.82k   346583.52k   910704.21k  1489932.59k  1832151.72k (PadLock)

aes-128-cbc       8276.27k    12915.75k    13264.13k    13313.02k    13322.92k (software)
aes-128-cbc      48542.30k   241898.79k   523706.28k   745157.61k   846402.90k (PadLock)