0
0

AES加密/解密速度

ning 发表于 2014年08月27日 16:34 | Hits: 7921
Tag: all

Table of Contents

假设我们有2台 千兆网卡的机器AB, 我们想在它们中间加密传数据, 能打满网卡么?

我们用AES 256位加密, 这个问题就是说, AES能达到多大的加密带宽?

1   openssl 测试

openssl 自己的测试工具

1.1   服务器

$ openssl speed aes-256-cbc
Doing aes-256 cbc for 3s on 16 size blocks: 9568470 aes-256 cbc's in 2.97s
Doing aes-256 cbc for 3s on 64 size blocks: 2539056 aes-256 cbc's in 2.99s
Doing aes-256 cbc for 3s on 256 size blocks: 648494 aes-256 cbc's in 3.00s
Doing aes-256 cbc for 3s on 1024 size blocks: 162687 aes-256 cbc's in 3.00s
Doing aes-256 cbc for 3s on 8192 size blocks: 20466 aes-256 cbc's in 3.00s
OpenSSL 1.0.1c 10 May 2012
built on: Tue Jul 24 16:47:56 CST 2012
options:bn(64,64) md2(int) rc4(16x,int) des(idx,cisc,16,int) aes(partial) idea(int) blowfish(idx)
compiler: gcc -fPIC -DOPENSSL_PIC -DZLIB -DOPENSSL_THREADS -D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H -DOPENSSL_NO_TLS1_2_CLIENT -Wa,--noexecstack -m64 -DL_ENDIAN -DTERMIO -O3 -Wall -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DMD5_ASM -DAES_ASM -DVPAES_ASM -DBSAES_ASM -DWHIRLPOOL_ASM -DGHASH_ASM
The 'numbers' are in 1000s of bytes per second processed.
type             16 bytes     64 bytes    256 bytes   1024 bytes   8192 bytes
aes-256 cbc      51547.31k    54347.69k    55338.15k    55530.50k    55885.82k

所用cpu:

model name  : Intel(R) Xeon(R) CPU           E5620  @ 2.40GHz
stepping    : 2
cpu MHz             : 2400.179
cache size  : 256 KB

1.2   我自己机器

$ openssl speed aes-256-cbc
Doing aes-256 cbc for 3s on 16 size blocks: 16090456 aes-256 cbc's in 2.95s
Doing aes-256 cbc for 3s on 64 size blocks: 5139523 aes-256 cbc's in 2.98s
Doing aes-256 cbc for 3s on 256 size blocks: 1344415 aes-256 cbc's in 2.97s
Doing aes-256 cbc for 3s on 1024 size blocks: 357930 aes-256 cbc's in 2.98s
Doing aes-256 cbc for 3s on 8192 size blocks: 44507 aes-256 cbc's in 2.98s
OpenSSL 0.9.8k 25 Mar 2009
built on: Tue Jun  4 07:31:34 UTC 2013
options:bn(64,64) md2(int) rc4(ptr,char) des(idx,cisc,16,int) aes(partial) blowfish(ptr2)
compiler: cc -fPIC -DOPENSSL_PIC -DZLIB -DOPENSSL_THREADS -D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H -m64 -DL_ENDIAN -DTERMIO -O3 -Wa,--noexecstack -g -Wall -DMD32_REG_T=int -DOPENSSL_BN_ASM_MONT -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DMD5_ASM -DAES_ASM
available timing options: TIMES TIMEB HZ=100 [sysconf value]
timing function used: times
The 'numbers' are in 1000s of bytes per second processed.
type             16 bytes     64 bytes    256 bytes   1024 bytes   8192 bytes
aes-256 cbc      87270.27k   110379.02k   115882.24k   122993.40k   122349.44k

cpu:

model name  : Intel(R) Core(TM) i3 CPU       M 390  @ 2.67GHz
stepping    : 5
cpu MHz             : 933.000
cache size  : 3072 KB

为啥我的机器性能比服务器好呢... 可能是因为有gpu?

2   CPU公司的测试

做cpu的公司, 有的也会针对加密做优化, 或者硬件加密卡:

Architecture        CPU     eSTREAM         cycles/byte
amd64       Intel Core 2 Duo (6f6)?         9.2
amd64       AMD Athlon 64 (15,75,2)?        10.625
amd64       AMD Athlon 64 (15,75,2)?        12.4375

放在cpu 上, 一般是说加密每个byte需要多少个cpu cycle.这样的话, 假设一个1G主频的cpu, 每个byte需要10个cycle, 那么每秒可以加密0.1G内容.

参考:http://cr.yp.to/aes-speed.html

3   自己写个程序测一下

int main(int argc, char** argv) {
    AES_KEY aes;
    unsigned char key[AES_BLOCK_SIZE];        // AES_BLOCK_SIZE = 16
    unsigned char iv[AES_BLOCK_SIZE];        // init vector
    unsigned char* input_string;
    unsigned char* encrypt_string;
    unsigned char* decrypt_string;
    unsigned int len;        // encrypt length (in multiple of AES_BLOCK_SIZE)
    unsigned int i;

    // set the encryption length
    len = 256*1024;
    input_string = (unsigned char*)calloc(len, sizeof(unsigned char));

    // Generate AES 128-bit key
    for (i=0; i<16; ++i) {
        key[i] = 32 + i;
    }

    // Set encryption key
    for (i=0; i<AES_BLOCK_SIZE; ++i) {
        iv[i] = 0;
    }
    if (AES_set_encrypt_key(key, 128, &aes) < 0) {
        fprintf(stderr, "Unable to set encryption key in AES\n");
        exit(-1);
    }

    // alloc encrypt_string
    encrypt_string = (unsigned char*)calloc(len, sizeof(unsigned char));
    if (encrypt_string == NULL) {
        fprintf(stderr, "Unable to allocate memory for encrypt_string\n");
        exit(-1);
    }

    for (i=0; i<1024*10; i++) {
        // encrypt (iv will change)
        AES_cbc_encrypt(input_string, encrypt_string, len, &aes, iv, AES_ENCRYPT);
    }
    ...

在公司机器上, 每秒大约80M/s.

原文链接: /aes-speed.html

0     0

我要给这篇文章打分:

可以不填写评论, 而只是打分. 如果发表评论, 你可以给的分值是-5到+5, 否则, 你只能评-1, +1两种分数. 你的评论可能需要审核.

评价列表(0)