[gnutls-devel] GnuTLS | Investigate the performance of FIPS self-tests (#1577)
Read-only notification of GnuTLS library development activities
gnutls-devel at lists.gnutls.org
Thu Dec 12 22:29:55 CET 2024
Daiki Ueno commented: https://gitlab.com/gnutls/gnutls/-/issues/1577#note_2256702895
perf shows that the most significant part is in the PBKDF2 self-tests (see below), which we run a test with 80000 iterations. Skipping that test alone makes it 50% faster already.
The other costly test is test_dh, though I don't think we can make any optimization for it. The rest (e.g., cipher tests) are fast enough, though there are some redundancies (e.g., testing for multiple modes for AES).
```console
GNUTLS_FORCE_FIPS_MODE=1 GNUTLS_CPUID_OVERRIDE=0x0 NETTLE_FAT_OVERRIDE=none perf record -F 999 -a -g -e cycles --call-graph lbr --user-callchains src/gnutls-cli --list
perf report -G -n --stdio
[...]
62.65% 62.65% 85 gnutls-cli libnettle.so.8.8 >
|
|--33.58%--nettle_pbkdf2
| |
| |--32.88%--nettle_hmac_digest
| | |
| | |--32.12%--nettle_sha256_digest
| | | 0x7f5b1645a300
| | | nettle_sha256_compress at plt
| | |
| | --0.76%--nettle_sha256_update
| | _nettle_sha256_compress_n at plt
| |
| --0.70%--nettle_sha256_update
| _nettle_sha256_compress_n at plt
|
|--12.73%--check_lib_hmac
| gnutls_hmac_fast
| _gnutls_mac_fast
| wrap_nettle_mac_fast
| nettle_sha256_update
| _nettle_sha256_compress_n at plt
|
|--7.24%--_gnutls_fips_perform_self_checks2
| |
| |--6.48%--test_pbkdf2.constprop.0
```
--
Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/1577#note_2256702895
You're receiving this email because of your account on gitlab.com.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.gnupg.org/pipermail/gnutls-devel/attachments/20241212/01ddbef8/attachment.html>
More information about the Gnutls-devel
mailing list