Here are some numbers that show the speed difference between PadLock AES and software AES in different applications.
The appropriate patches are of course available for download and your own testing.
Results of a simple benchmark that measured disk access speed with bonnie and
2GB files with ext2 filesystem on Seagate Barracuda
ST3120022A (7200 r.p.m., UDMA100).
The CPU used was VIA C3
Nehemiah with integrated PadLock Advanced Crypto Engine.
Linux kernel 2.6.10-bk1
The tests were run always on the same partition - either mounted
directly or using the device mapper crypto module and
cryptsetup command. The partition was reformated before each
test to ensure the same start conditions for file allocation.
Five tests were run:
The slowdown is computed relative to the non-encrypted case (which is 100%).
No encryption | PadLock AES (multiblock) |
PadLock AES (singleblock) |
Software AES (aes-i586.ko) |
Software AES (aes.ko) |
||||||
Writing with putc() | 10454 kB/s | 100% | 9353 kB/s | 89% | 7479 kB/s | 72% | 5930 kB/s | 57% | 5383 kB/s | 51% |
Rewriting | 16510 kB/s | 100% | 10611 kB/s | 64% | 7628 kB/s | 46% | 4642 kB/s | 28% | 4062 kB/s | 25% |
Writing intelligently | 61128 kB/s | 100% | 48103 kB/s | 79% | 21132 kB/s | 35% | 12215 kB/s | 20% | 10068 kB/s | 16% |
Reading with getc() | 9406 kB/s | 100% | 8801 kB/s | 94% | 6916 kB/s | 74% | 5529 kB/s | 59% | 4816 kB/s | 51% |
Reading intelligently | 35885 kB/s | 100% | 23202 kB/s | 65% | 15271 kB/s | 43% | 9785 kB/s | 27% | 7657 kB/s | 21% |
Yes, I know this "benchmark" is far from ideal, but it shows that the hardware crypto engine easily overrules the software AES implementation.
In this test I was transferring 100MB file of random numbers over 100Mbps network. The server side was the same system as above: VIA C3 Nehemiah with VIA Rhine-II network card. The client side was AMD Athlon XP 1600+ with PCnet/FAST+ 79C972 network card. Both computers were connected over a crosslink cable.
Server side used vsftpd 2.0.1 and kernel vanilla 2.6.9 with my PadLock patches applied. The throughput speed was measured using wget 1.9.1. The maximum throughput without IPsec was 11.22 MB/s.
For setting up IPsec I used setkey tool from IPsec-tools 0.4rc1. I have run the tests with AES encryption in all available key lengths (128, 192, 256 bits) both with and without HMAC-SHA256 hashing. Here are the results:
AES without HMAC | AES with HMAC-SHA256 | |||||
128 bit | 192 bit | 256 bit | 128 bit | 192 bit | 256 bit | |
aes.ko | 8.24 MB/s | 7.33 MB/s | 6.37 MB/s | 4.43 MB/s | 4.17 MB/s | 3.93 MB/s |
aes-i586.ko | 9.84 MB/s | 8.69 MB/s | 8.01 MB/s | 4.94 MB/s | 4.69 MB/s | 4.45 MB/s |
padlock.ko | 11.00 MB/s | 10.99 MB/s | 10.99 MB/s | 8.08 MB/s | 8.06 MB/s | 8.06 MB/s |
As you can see in the last row with PadLock you can get the IPsec security for free as there is almost no slowdown. I was running the tests on a VIA Nehemiah CPU that doesn't have the SHA engine, i.e. the hashing was done in software. With VIA Esther CPU I believe the hashing will be as fast as the encryption, i.e. almost no slowdown. Once I get VIA Esther CPU I will update the results of course.
Results with CVS version of OpenSSL library (from 2004-09-21). So far it only works with EVP_*() functions.
Command used:
openssl speed -evp aes-128-ecb [-engine padlock]
The 'numbers' are in 1000s of bytes per second processed.
type 16 bytes 64 bytes 256 bytes 1024 bytes 8192 bytes aes-128-ecb 11274.53k 14327.79k 14608.64k 14672.55k 14693.72k (software) aes-128-ecb 66892.82k 346583.52k 910704.21k 1489932.59k 1832151.72k (PadLock) aes-128-cbc 8276.27k 12915.75k 13264.13k 13313.02k 13322.92k (software) aes-128-cbc 48542.30k 241898.79k 523706.28k 745157.61k 846402.90k (PadLock)