Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Update EVP AES GCM and XTS benchmarks to reuse the key and cipher during the benchmark #965

Merged
merged 5 commits into from
Apr 27, 2023

Conversation

andrewhop
Copy link
Contributor

@andrewhop andrewhop commented Apr 18, 2023

Description of changes:

From #963 we know this is a supported use case and has considerable implications to the performance of AES GCM/XTS. We expect most customers to use the same key for a lot of data and this changes the benchmark to match that behavior so we can provide more realistic data to customers.

This is what the AEAD benchmark was already doing: only calling EVP_AEAD_CTX_init_with_direction once, and then reusing the key but passing in the iv when calling EVP_AEAD_CTX_seal_scatter

Call-outs:

This will make comparisons with historical data in the canary impossible. This makes both OpenSSL and AWS-LC look faster, the change is more noticeable for small messages (where initialization time was a bigger factor).

Testing:

Before AES GCM

./tool/before_bssl speed -filter EVP-AES-128-GCM
Did 5541000 EVP-AES-128-GCM Encrypt (16 bytes) operations in 1000025us (5540861.5 ops/sec): 88.7 MB/s
Did 4497000 EVP-AES-128-GCM Encrypt (256 bytes) operations in 1000029us (4496869.6 ops/sec): 1151.2 MB/s
Did 2661000 EVP-AES-128-GCM Encrypt (1350 bytes) operations in 1000367us (2660023.8 ops/sec): 3591.0 MB/s
Did 792000 EVP-AES-128-GCM Encrypt (8192 bytes) operations in 1001133us (791103.7 ops/sec): 6480.7 MB/s
Did 426000 EVP-AES-128-GCM Encrypt (16384 bytes) operations in 1000775us (425670.1 ops/sec): 6974.2 MB/s
Did 5615250 EVP-AES-128-GCM Decrypt (16 bytes) operations in 1000040us (5615025.4 ops/sec): 89.8 MB/s
Did 4610750 EVP-AES-128-GCM Decrypt (256 bytes) operations in 1000017us (4610671.6 ops/sec): 1180.3 MB/s
Did 2798000 EVP-AES-128-GCM Decrypt (1350 bytes) operations in 1000092us (2797742.6 ops/sec): 3777.0 MB/s
Did 800000 EVP-AES-128-GCM Decrypt (8192 bytes) operations in 1000987us (799211.2 ops/sec): 6547.1 MB/s
Did 428000 EVP-AES-128-GCM Decrypt (16384 bytes) operations in 1001698us (427274.5 ops/sec): 7000.5 MB/s

After AES GCM

./tool/after_bssl speed -filter EVP-AES-128-GCM
Did 13842500 EVP-AES-128-GCM encrypt (16 bytes) operations in 1000008us (13842389.3 ops/sec): 221.5 MB/s
Did 8704250 EVP-AES-128-GCM encrypt (256 bytes) operations in 1000026us (8704023.7 ops/sec): 2228.2 MB/s
Did 3660000 EVP-AES-128-GCM encrypt (1350 bytes) operations in 1000141us (3659484.0 ops/sec): 4940.3 MB/s
Did 852000 EVP-AES-128-GCM encrypt (8192 bytes) operations in 1000962us (851181.2 ops/sec): 6972.9 MB/s
Did 445000 EVP-AES-128-GCM encrypt (16384 bytes) operations in 1001092us (444514.6 ops/sec): 7282.9 MB/s
Did 14392000 EVP-AES-128-GCM decrypt (16 bytes) operations in 1000012us (14391827.3 ops/sec): 230.3 MB/s
Did 9169750 EVP-AES-128-GCM decrypt (256 bytes) operations in 1000011us (9169649.1 ops/sec): 2347.4 MB/s
Did 3944000 EVP-AES-128-GCM decrypt (1350 bytes) operations in 1000031us (3943877.7 ops/sec): 5324.2 MB/s
Did 869000 EVP-AES-128-GCM decrypt (8192 bytes) operations in 1001070us (868071.2 ops/sec): 7111.2 MB/s
Did 446000 EVP-AES-128-GCM decrypt (16384 bytes) operations in 1000233us (445896.1 ops/sec): 7305.6 MB/s

AEAD AES GCM is now almost the same performance as the legacy EVP API (before == after as the AEAD benchmark wasn't changed):

./tool/after_bssl speed -filter AEAD-AES-128-GCM
Did 12382250 AEAD-AES-128-GCM seal (16 bytes) operations in 1000007us (12382163.3 ops/sec): 198.1 MB/s
Did 7760500 AEAD-AES-128-GCM seal (256 bytes) operations in 1000013us (7760399.1 ops/sec): 1986.7 MB/s
Did 3581500 AEAD-AES-128-GCM seal (1350 bytes) operations in 1000017us (3581439.1 ops/sec): 4834.9 MB/s
Did 845000 AEAD-AES-128-GCM seal (8192 bytes) operations in 1000384us (844675.6 ops/sec): 6919.6 MB/s
Did 438000 AEAD-AES-128-GCM seal (16384 bytes) operations in 1001320us (437422.6 ops/sec): 7166.7 MB/s
Did 11980500 AEAD-AES-128-GCM open (16 bytes) operations in 1000002us (11980476.0 ops/sec): 191.7 MB/s
Did 8100000 AEAD-AES-128-GCM open (256 bytes) operations in 1000029us (8099765.1 ops/sec): 2073.5 MB/s
Did 3688000 AEAD-AES-128-GCM open (1350 bytes) operations in 1000014us (3687948.4 ops/sec): 4978.7 MB/s
Did 855000 AEAD-AES-128-GCM open (8192 bytes) operations in 1000036us (854969.2 ops/sec): 7003.9 MB/s
Did 443000 AEAD-AES-128-GCM open (16384 bytes) operations in 1001152us (442490.3 ops/sec): 7249.8 MB/s

AES XTS before:

./tool/before_bssl speed -filter AES-256-XTS
Did 10205000 AES-256-XTS init and encrypt (16 bytes) operations in 1000017us (10204826.5 ops/sec): 163.3 MB/s
Did 7432500 AES-256-XTS init and encrypt (256 bytes) operations in 1000013us (7432403.4 ops/sec): 1902.7 MB/s
Did 2859500 AES-256-XTS init and encrypt (1350 bytes) operations in 1000006us (2859482.8 ops/sec): 3860.3 MB/s
Did 601000 AES-256-XTS init and encrypt (8192 bytes) operations in 1000590us (600645.6 ops/sec): 4920.5 MB/s
Did 319000 AES-256-XTS init and encrypt (16384 bytes) operations in 1002070us (318341.0 ops/sec): 5215.7 MB/s
Did 9102000 AES-256-XTS init and decrypt (16 bytes) operations in 1000063us (9101426.6 ops/sec): 145.6 MB/s
Did 6744500 AES-256-XTS init and decrypt (256 bytes) operations in 1000006us (6744459.5 ops/sec): 1726.6 MB/s
Did 2671000 AES-256-XTS init and decrypt (1350 bytes) operations in 1000056us (2670850.4 ops/sec): 3605.6 MB/s
Did 609000 AES-256-XTS init and decrypt (8192 bytes) operations in 1000753us (608541.8 ops/sec): 4985.2 MB/s
Did 319000 AES-256-XTS init and decrypt (16384 bytes) operations in 1001941us (318382.0 ops/sec): 5216.4 MB/s

AES XTS after:

./tool/after_bssl speed -filter AES-256-XTS
Did 28945250 AES-256-XTS encrypt (16 bytes) operations in 1000001us (28945221.1 ops/sec): 463.1 MB/s
Did 14192500 AES-256-XTS encrypt (256 bytes) operations in 1000002us (14192471.6 ops/sec): 3633.3 MB/s
Did 3493000 AES-256-XTS encrypt (1350 bytes) operations in 1000196us (3492315.5 ops/sec): 4714.6 MB/s
Did 656000 AES-256-XTS encrypt (8192 bytes) operations in 1000408us (655732.5 ops/sec): 5371.8 MB/s
Did 331000 AES-256-XTS encrypt (16384 bytes) operations in 1001246us (330588.1 ops/sec): 5416.4 MB/s
Did 26642000 AES-256-XTS decrypt (16 bytes) operations in 1000002us (26641946.7 ops/sec): 426.3 MB/s
Did 13618250 AES-256-XTS decrypt (256 bytes) operations in 1000007us (13618154.7 ops/sec): 3486.2 MB/s
Did 3324000 AES-256-XTS decrypt (1350 bytes) operations in 1000019us (3323936.8 ops/sec): 4487.3 MB/s
Did 655000 AES-256-XTS decrypt (8192 bytes) operations in 1001184us (654225.4 ops/sec): 5359.4 MB/s
Did 331000 AES-256-XTS decrypt (16384 bytes) operations in 1001752us (330421.1 ops/sec): 5413.6 MB/s

New init benchmarks:

Did 6819750 EVP-AES-128-GCM encrypt init operations in 1000023us (6819593.1 ops/sec)
Did 6829250 EVP-AES-128-GCM decrypt init operations in 1000027us (6829065.6 ops/sec)
Did 14679250 AES-256-XTS encrypt init operations in 1000006us (14679161.9 ops/sec)
Did 13079250 AES-256-XTS decrypt init operations in 1000017us (13079027.7 ops/sec)

By submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 license and
the ISC license.

@andrewhop andrewhop requested a review from torben-hansen April 18, 2023 23:54
@andrewhop andrewhop requested a review from nebeid April 19, 2023 22:59
@nebeid
Copy link
Contributor

nebeid commented Apr 26, 2023

I suggest you put EVP in the title and then later in the commit message.

nebeid
nebeid previously approved these changes Apr 26, 2023
@andrewhop andrewhop changed the title Update AES GCM and XTS benchmarks to reuse the key and cipher during the benchmark Update EVP AES GCM and XTS benchmarks to reuse the key and cipher during the benchmark Apr 27, 2023
@andrewhop andrewhop merged commit c51fd81 into aws:main Apr 27, 2023
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

4 participants