|
[20070623]
|
NetBSD on Soekris net5501 - AMD Geode LX AES crypto performance
Jared McNeill has worked on getting support for the AES/RNG security block
found in the AMD Geode LX family of processors, which in turn can be found
on e.g.
Soekris net5501
machines. The code was ported from OpenBSD, see his
posting to tech-crypto
for some numbers:
engine type 16 bytes 64 bytes 256 bytes 1024 bytes 8192 bytes
swcrypto: aes-128-cbc 3688.28k 4064.06k 4185.64k 4216.48k 4221.59k
hwcrypto: aes-128-cbc 372.70k 1422.76k 5098.58k 13612.23k 26804.31k
The numbers were obtained by running
"openssl speed -evp aes-128-cbc -elapsed" for the "swcrypto"
case that uses the CPU for the crypto operatin, and
"openssl speed -evp aes-128-cbc -elapsed -engine cryptodev"
for the "hwcrypto" case that uses the
crypto(4)
routines. For a list of crypto engines available, run
"openssl engine".
Noteworthy details in the above numbers are that the throughput
for swcrypto remains mostly constant regardless of the
blocksize, while the throughput for small blocks in the hwcrypto
case is rather mediocre. The reason for this is that the crypto hardware
requires some setup overhead that's ammounting when using small blocks.
A remaining mysteria is how to tell ssh(1)/sshd(1) what crypto engine
to use... anyone got details?
[Tags: geode, openssl, soekris]
|
