crypto:hmac/3 using hardware acceleration

classic Classic list List threaded Threaded
4 messages Options
Reply | Threaded
Open this post in threaded view
|

crypto:hmac/3 using hardware acceleration

Ben Browitt
Profiling my server with eprof show that my app spends most of the time on  crypto:hmac(sha, Key, Data) while crypto:stream_encrypt/2 using aes_ctr is much faster.

This answer [1] says that HMAC_* routines are software based and don't use hardware. The hmac nif seems to use them [2].

Is my resolution correct?
Is it possible to use EVP_* functions instead of HMAC_* functions in the nif?

_______________________________________________
erlang-questions mailing list
[hidden email]
http://erlang.org/mailman/listinfo/erlang-questions
Reply | Threaded
Open this post in threaded view
|

Re: crypto:hmac/3 using hardware acceleration

Hans Nilsson R (AL/EAB)
Yes it's possible to use the EVP_* functions. But it is nothing that we plan to do for the moment.

But pull-requests are always welcome :)

/Hans

On Tue, 2019-05-07 at 19:19 +0300, Ben Browitt wrote:
Profiling my server with eprof show that my app spends most of the time on  crypto:hmac(sha, Key, Data) while crypto:stream_encrypt/2 using aes_ctr is much faster.

This answer [1] says that HMAC_* routines are software based and don't use hardware. The hmac nif seems to use them [2].

Is my resolution correct?
Is it possible to use EVP_* functions instead of HMAC_* functions in the nif?
_______________________________________________
erlang-questions mailing list
[hidden email]
http://erlang.org/mailman/listinfo/erlang-questions


_______________________________________________
erlang-questions mailing list
[hidden email]
http://erlang.org/mailman/listinfo/erlang-questions
Reply | Threaded
Open this post in threaded view
|

Re: crypto:hmac/3 using hardware acceleration

Ben Browitt
I've tested the speed with and without evp. evp is slower because Intel cpus don't have hardware acceleration for sha.
So it's best to leave it without evp for now. Thanks.
openssl speed sha1
openssl speed -evp sha1

On Wed, May 8, 2019 at 1:06 PM Hans Nilsson R <[hidden email]> wrote:
Yes it's possible to use the EVP_* functions. But it is nothing that we plan to do for the moment.

But pull-requests are always welcome :)

/Hans

On Tue, 2019-05-07 at 19:19 +0300, Ben Browitt wrote:
Profiling my server with eprof show that my app spends most of the time on  crypto:hmac(sha, Key, Data) while crypto:stream_encrypt/2 using aes_ctr is much faster.

This answer [1] says that HMAC_* routines are software based and don't use hardware. The hmac nif seems to use them [2].

Is my resolution correct?
Is it possible to use EVP_* functions instead of HMAC_* functions in the nif?
_______________________________________________
erlang-questions mailing list
[hidden email]
http://erlang.org/mailman/listinfo/erlang-questions


_______________________________________________
erlang-questions mailing list
[hidden email]
http://erlang.org/mailman/listinfo/erlang-questions
Reply | Threaded
Open this post in threaded view
|

Re: crypto:hmac/3 using hardware acceleration

zxq9-2
On 2019年5月8日水曜日 14時15分51秒 JST Ben Browitt wrote:
> I've tested the speed with and without evp. evp is slower because Intel
> cpus don't have hardware acceleration for sha.
> So it's best to leave it without evp for now. Thanks.
> openssl speed sha1
> openssl speed -evp sha1

I think it depends on how your openssl was built and which processor
family you have. IIRC Intel has SHA1 hardware support, and AMD has
SHA1 and SHA256 hardware instructions since RyZen.

May also depend on if you are running virtualized and whether the
hypervisor is exposing the instructions.

In the base case I imagine it would "just work", but not if this is
disabled in a vanilla Linux/BSD/whatever distribution binary, or if
your system is set to a mode that restricts some instructions.

-Craig
_______________________________________________
erlang-questions mailing list
[hidden email]
http://erlang.org/mailman/listinfo/erlang-questions