[erlang-questions] crypto:hmac/3 using hardware acceleration

Ben Browitt ben.browitt@REDACTED
Thu Feb 20 15:34:25 CET 2020


Hope to test soon. AMD servers on GCP will probably be available in the
next few days.
This is how I'm going to benchmark unless someone have a better suggestion:
Key = crypto:strong_rand_bytes(20),
Data = crypto:strong_rand_bytes(1000),
MacLength = 10,
TC = fun(TC_M, TC_F, TC_A, TC_N) when TC_N > 0 -> TC_L = tl([begin {TC_T,
_Result} = timer:tc(TC_M, TC_F, TC_A), TC_T end || _ <- lists:seq(1,
TC_N)]), TC_Min = lists:min(TC_L), TC_Max = lists:max(TC_L), TC_Med =
lists:nth(round((TC_N - 1) / 2), lists:sort(TC_L)), TC_Avg =
round(lists:foldl(fun(TC_X, TC_Sum) -> TC_X + TC_Sum end, 0, TC_L) / (TC_N
- 1)), io:format("Range: ~b - ~b mics~nMedian: ~b mics ~nAverage: ~b
mics~n", [TC_Min, TC_Max, TC_Med, TC_Avg]), TC_Med end.
TC(crypto, macN, [hmac, sha, Key, Data, MacLength], 1000).

And with:
openssl speed -evp sha1

On Thu, Feb 20, 2020 at 2:15 PM Hans Nilsson R <hans.r.nilsson@REDACTED>
wrote:

> Well, it isn't super clear in the release notes, so it is not strange you
> didn't know it.
>
> I'm VERY interested in the results of your benchmarking!
>
> /Hans
> ------------------------------
> *Från:* Ben Browitt <ben.browitt@REDACTED>
> *Skickat:* den 19 februari 2020 18:14
> *Till:* Hans Nilsson R <hans.r.nilsson@REDACTED>
> *Kopia:* zxq9@REDACTED <zxq9@REDACTED>; erlang-questions@REDACTED <
> erlang-questions@REDACTED>
> *Ämne:* Re: [erlang-questions] crypto:hmac/3 using hardware acceleration
>
> Thank you Hans, that's great.
> I probably missed it in the release notes.
> I'll benchmark and compare hmac on a server with and without sha hardware
> accelerations.
>
> On Wed, Feb 19, 2020 at 5:18 PM Hans Nilsson R <
> hans.r.nilsson@REDACTED> wrote:
>
> Crypto uses the EVP interfase for hash and mac (as well ass ciphers) with
> some conditions:
>
> Since OTP-22.1:
> The hash functions in crypto (hash,/2, hash_init/1, hash_update/2 and
> hash_final/1) use the EVP interface if the underlying cryptolib is OpenSSL
> 1.0.0 or higher.
>
> Since OTP-22.1.3:
> The mac functions (mac, macN, mac_init, mac_update, mac_final and
> mac_finalN) use the EVP interface if the underlying cryptolib is OpenSSL
> 1.1.1 or higher.
>
> /Hans
> ------------------------------
> *Från:* erlang-questions <erlang-questions-bounces@REDACTED> för Ben
> Browitt <ben.browitt@REDACTED>
> *Skickat:* den 18 februari 2020 17:55
> *Till:* zxq9@REDACTED <zxq9@REDACTED>
> *Kopia:* erlang-questions@REDACTED <erlang-questions@REDACTED>
> *Ämne:* Re: [erlang-questions] crypto:hmac/3 using hardware acceleration
>
> AWS [1] and GCP [2] provide AMD EPYC servers  with SHA hardware
> accelerations.
> Intel Ice Lake servers will also have SHA hardware accelerations [3].
> Is there a chance OTP 23 could use EVP for SHA? This will give a large
> performance boost.
>
> [1] https://aws.amazon.com/ec2/amd/
> [2]
> https://cloud.google.com/blog/products/compute/announcing-the-n2d-vm-family-based-on-amd
> <https://protect2.fireeye.com/v1/url?k=5f4e9246-03c459b2-5f4ed2dd-86cd58c48020-a6f86d945d59dea5&q=1&e=ae3465f0-e6c3-4143-ae82-51afb4cdbf8e&u=https%3A%2F%2Fcloud.google.com%2Fblog%2Fproducts%2Fcompute%2Fannouncing-the-n2d-vm-family-based-on-amd>
> [3] https://en.wikipedia.org/wiki/Ice_Lake_(microprocessor)
>
> On Wed, May 8, 2019 at 4:34 PM <zxq9@REDACTED> wrote:
>
> On 2019年5月8日水曜日 14時15分51秒 JST Ben Browitt wrote:
> > I've tested the speed with and without evp. evp is slower because Intel
> > cpus don't have hardware acceleration for sha.
> > So it's best to leave it without evp for now. Thanks.
> > openssl speed sha1
> > openssl speed -evp sha1
>
> I think it depends on how your openssl was built and which processor
> family you have. IIRC Intel has SHA1 hardware support, and AMD has
> SHA1 and SHA256 hardware instructions since RyZen.
>
> May also depend on if you are running virtualized and whether the
> hypervisor is exposing the instructions.
>
> In the base case I imagine it would "just work", but not if this is
> disabled in a vanilla Linux/BSD/whatever distribution binary, or if
> your system is set to a mode that restricts some instructions.
>
> -Craig
> _______________________________________________
> erlang-questions mailing list
> erlang-questions@REDACTED
> http://erlang.org/mailman/listinfo/erlang-questions
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://erlang.org/pipermail/erlang-questions/attachments/20200220/5da814e0/attachment.htm>


More information about the erlang-questions mailing list