[gnutls-devel] GnuTLS | slow performance on IBM POWER architecture (#853)

Development of GNU's TLS library gnutls-devel at lists.gnutls.org
Fri Oct 25 19:27:17 CEST 2019 


Björn Jacke created an issue: https://gitlab.com/gnutls/gnutls/issues/853



the AES performance of GnuTLS is quite bad compared to openssl on AIX on POWER. The POWER architecture has AES instruction and they the shipped openssl version makes use of this obviously, here are the aes gcm/ccm benchmark numbers for openssl on AIX 7.1 on a single core POWER9 machine:

# openssl speed -elapsed -evp aes-128-ccm
...
options:bn(64,32) rc4(ptr,char) des(idx,cisc,2,long) aes(partial) blowfish(idx) 
compiler: cc -I. -I.. -I../include  -DOPENSSL_THREADS -qthreaded -D_THREAD_SAFE -DDSO_DLFCN -DHAVE_DLFCN_H -DSSL_ALLOW_ADH -DAIXSSL_IBM_VERSION=1.0.2.1100 -q32 -O -DB_ENDIAN -qmaxmem=16384 -qro -qroconst -DOPENSSL_BN_ASM_MONT -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DAES_ASM -DVPAES_ASM
The 'numbers' are in 1000s of bytes per second processed.
type             16 bytes     64 bytes    256 bytes   1024 bytes   8192 bytes
aes-128-ccm     230501.53k   931205.48k  3716121.69k 14873766.91k 119393654.10k

# openssl speed -elapsed -evp aes-128-gcm
options:bn(64,32) rc4(ptr,char) des(idx,cisc,2,long) aes(partial) blowfish(idx) 
compiler: cc -I. -I.. -I../include  -DOPENSSL_THREADS -qthreaded -D_THREAD_SAFE -DDSO_DLFCN -DHAVE_DLFCN_H -DSSL_ALLOW_ADH -DAIXSSL_IBM_VERSION=1.0.2.1100 -q32 -O -DB_ENDIAN -qmaxmem=16384 -qro -qroconst -DOPENSSL_BN_ASM_MONT -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DAES_ASM -DVPAES_ASM
The 'numbers' are in 1000s of bytes per second processed.
type             16 bytes     64 bytes    256 bytes   1024 bytes   8192 bytes
aes-128-gcm     227103.28k   545682.50k  1579801.94k  2419030.70k  2795500.89k

The GnuTLS numbers are *magnitudes* lower:

# gnutls-cli --benchmark-tls-ciphers
Testing throughput in cipher/MAC combinations (payload: 1400 bytes)
                   AES-128-GCM - TLS1.2  7.18 MB/sec
                   AES-128-GCM - TLS1.3  12.57 MB/sec
                   AES-128-CCM - TLS1.2  14.71 MB/sec
                   AES-128-CCM - TLS1.3  14.64 MB/sec
             CHACHA20-POLY1305 - TLS1.2  17.14 MB/sec
             CHACHA20-POLY1305 - TLS1.3  16.97 MB/sec
                   AES-128-CBC - TLS1.0  14.48 MB/sec
              CAMELLIA-128-CBC - TLS1.0  7.94 MB/sec

Testing throughput in cipher/MAC combinations (payload: 16384 bytes)
                   AES-128-GCM - TLS1.2  13.30 MB/sec
                   AES-128-GCM - TLS1.3  13.22 MB/sec
                   AES-128-CCM - TLS1.2  15.67 MB/sec
                   AES-128-CCM - TLS1.3  15.61 MB/sec
             CHACHA20-POLY1305 - TLS1.2  18.59 MB/sec
             CHACHA20-POLY1305 - TLS1.3  18.47 MB/sec
                   AES-128-CBC - TLS1.0  16.12 MB/sec
              CAMELLIA-128-CBC - TLS1.0  8.38 MB/sec

Would it be possible to get to get the improvements that openssl has also to GnuTLS? IBM might be interested to push that improvement together with Red Hat also for the Linux PPC architecture and the result might be beneficial for Linux and AIX in the end.

-- 
Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/issues/853
You're receiving this email because of your account on gitlab.com.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.gnupg.org/pipermail/gnutls-devel/attachments/20191025/30b9e3c8/attachment.html>

More information about the Gnutls-devel mailing list