[gnutls-devel] GnuTLS | Consider removing bundled AArch64 acceleration (#1549)
Read-only notification of GnuTLS library development activities
gnutls-devel at lists.gnutls.org
Sun May 12 02:49:22 CEST 2024
Daiki Ueno created an issue: https://gitlab.com/gnutls/gnutls/-/issues/1549
Prompted by !1804 I tried to run `gnutls-cli` on Raspberry Pi 5 ([BCM2712](https://www.raspberrypi.com/documentation/computers/processors.html#bcm2712)) with and without `GNUTLS_CPUID_OVERRIDE=0x1` (i.e., all crypto operations are delegated to Nettle).
Using the current Nettle master branch, here are the results for the algorithms with AArch64 acceleration:
- AES-128-GCM: Nettle implementation is twice faster (1)
- AES-192-GCM: Not tested
- AES-256-GCM: Not tested
- AES-128-CCM: Comparable
- AES-192-CCM: Not tested
- AES-256-CCM: Not tested
- AES-128-CBC: Bundled implementation is twice faster (2)
- AES-192-CBC: Not tested
- AES-256-CBC: Not tested
- HMAC-SHA1: Comparable
- HMAC-SHA256: Comparable
- HMAC-SHA512: Comparable
(1) is a bit surprising as `nettle-benchmark` included in Nettle actually indicates the opposite for encrypt/decrypt operations, while the update operation is indeed faster. (2) is also interesting as ECB results in `nettle-benchmark` are comparable with OpenSSL. Overall, I think it's mostly ready to drop AArch64 after a bit closer look at (2).
The more detailed results are below:
With `GNUTLS_CPUID_OVERRIDE=0x1`:
```console
LD_LIBRARY_PATH=$PWD/../nettle/install/lib GNUTLS_CPUID_OVERRIDE=0x1 libtool --mode=execute ./src/gnutls-cli --benchmark-ciphers
Checking AEAD ciphers, payload size: 16384
AES-128-GCM 1.58 GB/sec
AES-128-CCM 0.69 GB/sec
CHACHA20-POLY1305 0.41 GB/sec
Checking cipher-MAC combinations, payload size: 16384
SALSA20-256-SHA1 0.36 GB/sec
AES-128-CBC-SHA1 0.55 GB/sec
AES-128-CBC-SHA256 0.57 GB/sec
GOST28147-TC26Z-CNT-GOST28147-TC26Z-IMIT 31.95 MB/sec
Checking MAC algorithms, payload size: 16384
SHA1 1.32 GB/sec
SHA256 1.47 GB/sec
SHA512 0.38 GB/sec
GOST28147-TC26Z-IMIT 99.20 MB/sec
GOSTR341194 46.45 MB/sec
STREEBOG-512 69.03 MB/sec
Checking ciphers, payload size: 16384
3DES-CBC 19.06 MB/sec
AES-128-CBC 0.91 GB/sec
AES-128-XTS 0.81 GB/sec
AES-256-XTS 0.69 GB/sec
SALSA20-256 0.48 GB/sec
NULL 13.96 GB/sec
GOST28147-TC26Z-CNT 47.01 MB/sec
```
Without `GNUTLS_CPUID_OVERRIDE=0x1`:
```console
LD_LIBRARY_PATH=$PWD/../nettle/install/lib libtool --mode=execute ./src/gnutls-cli --benchmark-ciphers
Checking AEAD ciphers, payload size: 16384
AES-128-GCM 0.75 GB/sec
AES-128-CCM 0.63 GB/sec
CHACHA20-POLY1305 0.41 GB/sec
Checking cipher-MAC combinations, payload size: 16384
SALSA20-256-SHA1 0.37 GB/sec
AES-128-CBC-SHA1 0.83 GB/sec
AES-128-CBC-SHA256 0.85 GB/sec
GOST28147-TC26Z-CNT-GOST28147-TC26Z-IMIT 31.93 MB/sec
Checking MAC algorithms, payload size: 16384
SHA1 1.43 GB/sec
SHA256 1.48 GB/sec
SHA512 0.38 GB/sec
GOST28147-TC26Z-IMIT 99.20 MB/sec
GOSTR341194 46.46 MB/sec
STREEBOG-512 68.80 MB/sec
Checking ciphers, payload size: 16384
3DES-CBC 19.05 MB/sec
AES-128-CBC 1.91 GB/sec
AES-128-XTS 0.80 GB/sec
AES-256-XTS 0.69 GB/sec
SALSA20-256 0.49 GB/sec
NULL 13.96 GB/sec
GOST28147-TC26Z-CNT 46.89 MB/sec
```
`nettle-benchmark`:
```console
LD_LIBRARY_PATH=$PWD/.lib examples/nettle-benchmark
Algorithm mode Mbyte/s
memxor aligned 11897.54
memxor unaligned 7149.55
memxor3 aligned 12008.90
memxor3 unaligned01 7565.25
memxor3 unaligned11 7116.17
memxor3 unaligned12 5138.12
md2 update 6.94
md4 update 679.35
md5 update 376.36
openssl md5 update 377.82
sha1 update 1317.35
openssl sha1 update 1407.35
sha224 update 1463.49
sha256 update 1463.49
sha384 update 375.19
sha512 update 376.08
sha512_224 update 375.20
sha512_256 update 376.02
sha3_224 update 217.71
sha3_256 update 209.93
sha3_384 update 156.12
sha3_512 update 108.54
ripemd160 update 269.93
gosthash94 update 45.02
gosthash94cp update 45.02
streebog256 update 74.01
streebog512 update 74.03
sm3 update 215.34
umac32 update 7091.12
umac64 update 2636.61
umac96 update 1884.70
umac128 update 1457.98
cmac-aes128 update 1019.49
poly1305-aes update 925.05
aes128 ECB encrypt 3567.71
aes128 ECB decrypt 3566.64
aes128 CBC encrypt 911.02
aes128 CBC decrypt 2743.49
aes128 (in-place) 2489.08
aes128 CTR 2061.18
aes128 (in-place) 1977.04
aes192 ECB encrypt 2985.42
aes192 ECB decrypt 2984.63
aes192 CBC encrypt 814.95
aes192 CBC decrypt 2385.25
aes192 (in-place) 2188.22
aes192 CTR 1852.44
aes192 (in-place) 1785.40
aes256 ECB encrypt 2566.49
aes256 ECB decrypt 2565.93
aes256 CBC encrypt 748.30
aes256 CBC decrypt 2110.19
aes256 (in-place) 1951.08
aes256 CTR 1680.12
aes256 (in-place) 1630.13
openssl aes128 ECB encrypt 3296.32
openssl aes128 ECB decrypt 3295.94
openssl aes192 ECB encrypt 2808.85
openssl aes192 ECB decrypt 2808.83
openssl aes256 ECB encrypt 2419.09
openssl aes256 ECB decrypt 2419.12
blowfish128 ECB encrypt 109.17
blowfish128 ECB decrypt 113.48
blowfish128 CBC encrypt 73.83
blowfish128 CBC decrypt 112.47
blowfish128 (in-place) 111.62
blowfish128 CTR 100.29
blowfish128 (in-place) 99.48
camellia128 ECB encrypt 115.59
camellia128 ECB decrypt 115.59
camellia128 CBC encrypt 102.06
camellia128 CBC decrypt 114.52
camellia128 (in-place) 113.71
camellia128 CTR 113.13
camellia128 (in-place) 112.52
camellia192 ECB encrypt 86.77
camellia192 ECB decrypt 86.78
camellia192 CBC encrypt 79.32
camellia192 CBC decrypt 86.19
camellia192 (in-place) 85.71
camellia192 CTR 85.28
camellia192 (in-place) 85.00
camellia256 ECB encrypt 86.78
camellia256 ECB decrypt 86.77
camellia256 CBC encrypt 79.32
camellia256 CBC decrypt 86.18
camellia256 (in-place) 85.71
camellia256 CTR 85.29
camellia256 (in-place) 85.01
cast128 ECB encrypt 109.75
cast128 ECB decrypt 110.17
cast128 CBC encrypt 71.62
cast128 CBC decrypt 108.78
cast128 (in-place) 108.14
cast128 CTR 100.80
cast128 (in-place) 100.69
des ECB encrypt 62.84
des ECB decrypt 62.78
des CBC encrypt 51.00
des CBC decrypt 62.46
des (in-place) 62.21
des CTR 59.77
des (in-place) 59.68
des3 ECB encrypt 20.94
des3 ECB decrypt 20.94
des3 CBC encrypt 18.16
des3 CBC decrypt 20.89
des3 (in-place) 20.86
des3 CTR 20.57
des3 (in-place) 20.54
serpent256 ECB encrypt 73.71
serpent256 ECB decrypt 86.51
serpent256 CBC encrypt 65.50
serpent256 CBC decrypt 86.03
serpent256 (in-place) 86.01
serpent256 CTR 72.70
serpent256 (in-place) 72.37
twofish128 ECB encrypt 137.69
twofish128 ECB decrypt 134.44
twofish128 CBC encrypt 125.72
twofish128 CBC decrypt 132.97
twofish128 (in-place) 131.78
twofish128 CTR 133.91
twofish128 (in-place) 133.23
twofish192 ECB encrypt 137.67
twofish192 ECB decrypt 134.44
twofish192 CBC encrypt 125.73
twofish192 CBC decrypt 132.95
twofish192 (in-place) 131.78
twofish192 CTR 133.89
twofish192 (in-place) 133.18
twofish256 ECB encrypt 137.68
twofish256 ECB decrypt 134.45
twofish256 CBC encrypt 125.71
twofish256 CBC decrypt 132.95
twofish256 (in-place) 131.78
twofish256 CTR 133.71
twofish256 (in-place) 133.01
sm4 ECB encrypt 73.29
sm4 ECB decrypt 73.29
sm4 CBC encrypt 66.87
sm4 CBC decrypt 72.87
sm4 (in-place) 72.56
sm4 CTR 72.19
sm4 (in-place) 72.06
arcfour128 encrypt 396.90
arcfour128 decrypt 396.90
salsa20 encrypt 462.02
salsa20 decrypt 465.80
salsa20r12 encrypt 659.52
salsa20r12 decrypt 658.80
chacha encrypt 676.57
chacha decrypt 676.55
cbc_aes128 encrypt 881.78
cbc_aes192 encrypt 830.92
cbc_aes256 encrypt 724.60
gcm_aes128 encrypt 1614.26
gcm_aes128 decrypt 1622.30
gcm_aes128 update 5816.98
gcm_aes192 encrypt 1500.22
gcm_aes192 decrypt 1479.97
gcm_aes192 update 5817.06
gcm_aes256 encrypt 1380.56
gcm_aes256 decrypt 1366.11
gcm_aes256 update 5817.06
openssl gcm_aes128 encrypt 2287.15
openssl gcm_aes128 decrypt 2353.98
openssl gcm_aes128 update 4816.93
openssl gcm_aes192 encrypt 2062.99
openssl gcm_aes192 decrypt 2100.81
openssl gcm_aes192 update 4818.81
openssl gcm_aes256 encrypt 1830.44
openssl gcm_aes256 decrypt 1927.47
openssl gcm_aes256 update 4816.94
gcm_camellia128 encrypt 110.85
gcm_camellia128 decrypt 110.85
gcm_camellia128 update 5818.36
gcm_camellia256 encrypt 84.06
gcm_camellia256 decrypt 84.07
gcm_camellia256 update 5815.41
eax_aes128 encrypt 687.48
eax_aes128 decrypt 686.52
eax_aes128 update 1044.49
chacha_poly1305 encrypt 391.71
chacha_poly1305 decrypt 391.68
chacha_poly1305 update 929.00
ocb_aes128 encrypt 1285.49
ocb_aes128 decrypt 1282.56
ocb_aes128 update 1525.43
hmac-md5 64 bytes 113.14
hmac-md5 256 bytes 237.08
hmac-md5 1024 bytes 327.40
hmac-md5 4096 bytes 360.23
hmac-md5 single msg 370.98
hmac-sha1 64 bytes 312.78
hmac-sha1 256 bytes 730.61
hmac-sha1 1024 bytes 1079.82
hmac-sha1 4096 bytes 1229.92
hmac-sha1 single msg 1283.38
hmac-sha256 64 bytes 301.64
hmac-sha256 256 bytes 744.35
hmac-sha256 1024 bytes 1175.25
hmac-sha256 4096 bytes 1362.03
hmac-sha256 single msg 1429.03
hmac-sha512 64 bytes 79.35
hmac-sha512 256 bytes 171.81
hmac-sha512 1024 bytes 287.39
hmac-sha512 4096 bytes 343.00
hmac-sha512 single msg 363.48
```
--
Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/1549
You're receiving this email because of your account on gitlab.com.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.gnupg.org/pipermail/gnutls-devel/attachments/20240512/eb02e74a/attachment-0001.html>
More information about the Gnutls-devel
mailing list