T2 acceleration of encrypt()
By sprack on Jun 01, 2009
Following from my recent post mentioning the acceleration of encrypt/decrypt and OpenSSL enc using the T2 crypto HW (here) I went and did some basic tests to see what kind of uptick was achieved:
Large file processing. File in /tmp
(1) openssl perf test (SW crypto)
timex /usr/sfw/bin/openssl enc -aes-128-cbc -k testpass -in /tmp/file.data -out /tmp/file.data.enc
(2) openssl perf test (HW crypto)
timex /usr/sfw/bin/openssl enc -aes-128-cbc -k testpass -engine pkcs11 -in /tmp/file.data -out /tmp/file.data.enc
(3) encrypt perf test (HW crypto)
timex encrypt -a aes -i /tmp/file.data -o /tmp/file.data.enc
Comparing (1) versus (2) I saw about a 4X improvement in performance when I started using the T2 HW crypto. With (1) versus (3) I saw a 2.5X improvement. So a fairly decent performance improvement! I looked into why encrypt is currently being outperformed by OpenSSL and it looks like it is due to buffer sizing – OpenSSL is using a buffer that is 2X larger than is being used by encrypt to read(), encrypt and write() the file data. I modified encrypt to use a 64KB buffer size and saw encrypt performance improvement over (1) increase to over 7X.
So, it looks like you can get get a serious performance from the HW crypto when encrypting large files like ZFS snapshots. In fact, for the above experiment just doing a simple “cp /tmp/file.data /tmp/file.data.enc” is less than 2X faster than using the enhanced version of encrypt to perform AES-128-CBC encryption of the data too.