PKEY CMAC timings

Richard Levitte levitte at openssl.org
Thu Jun 18 07:04:14 UTC 2020 

On Thu, 18 Jun 2020 08:27:13 +0200,
Richard Levitte wrote:
> 
> I think 16k was enough to demonstrate that the timing difference
> becomes more marginal the larger the amount of data to encrypt in the
> same session is.
> 
> This makes me think that we might want to rethink the reset functions,
> i.e. the likes of EVP_CIPHER_CTX_reset()...  could we change that
> function to become a call down to provider code?  We do allow that for
> the non-provider back-ends, they can implement a 'cleanup' function.
> Right now, EVP_CIPHER_CTX_reset() just calls the provider's function
> to free its operation context, which forces us to re-initialize
> everything with a restarted session, i.e. pass the key anew, etc etc
> etc.

Never mind what I just said, just calling EVP_EncryptInit_ex(ctx,
NULL, NULL, NULL, NULL) performs (or should perform) the reset I was
thinking of.

Cheers,
Richard

> On Thu, 18 Jun 2020 06:50:45 +0200,
> Hal Murray wrote:
> > 
> > > How does it look for large input?  As in many kilobytes or megabytes?
> > 
> > 16K is all I was willing to wait for.  Timing for really long blocks turns 
> > into a memory test.  The right unit is ns/byte.  If that's an interesting 
> > case, I'll hack some code to do longer blocks.
> pp> 
> > 1.1.1g
> >      AES-128  16 48 16    225   0.225  475ac1c053379e7dbd4ce80b87d2178e
> >      AES-128  16 1024 16   1682   1.682  159d6d5c13f35d37c72efc5f6dbf40ad
> >      AES-128  16 16384 16  24566  24.566  581f7b133ad6f3697f33c3f836fdb6e6
> > 
> > 3.0.0 alpha3
> >      AES-128  16 48 16    496   0.496  475ac1c053379e7dbd4ce80b87d2178e
> >      AES-128  16 1024 16   1953   1.953  159d6d5c13f35d37c72efc5f6dbf40ad
> >      AES-128  16 16384 16  24820  24.820  581f7b133ad6f3697f33c3f836fdb6e6
> > 
> > -----------
> > 
> > 3.0.0 alpha3:
> > CMAC
> >      AES-128  16 16384 16  25270  25.270  581f7b133ad6f3697f33c3f836fdb6e6
> > PKEY
> >      AES-128  16 16384 16  24839  24.839  581f7b133ad6f3697f33c3f836fdb6e6
> > EVP_MAC
> >      AES-128  16 16384 16  25462  25.462  581f7b133ad6f3697f33c3f836fdb6e6
> > EVP_MAC with Preload cipher and key
> >      AES-128  16 16384 16  24567  24.567  581f7b133ad6f3697f33c3f836fdb6e6
> > 
> > 
> > 
> > -- 
> > These are my opinions.  I hate spam.
> > 
> > 
> > 
> -- 
> Richard Levitte         levitte at openssl.org
> OpenSSL Project         http://www.openssl.org/~levitte/
> 
-- 
Richard Levitte         levitte at openssl.org
OpenSSL Project         http://www.openssl.org/~levitte/

More information about the openssl-users mailing list