假设我们有2台 千兆网卡的机器AB, 我们想在它们中间加密传数据, 能打满网卡么?
我们用AES 256位加密, 这个问题就是说, AES能达到多大的加密带宽?
1 openssl 测试
openssl 自己的测试工具
1.1 服务器
$ openssl speed aes-256-cbc Doing aes-256 cbc for 3s on 16 size blocks: 9568470 aes-256 cbc's in 2.97s Doing aes-256 cbc for 3s on 64 size blocks: 2539056 aes-256 cbc's in 2.99s Doing aes-256 cbc for 3s on 256 size blocks: 648494 aes-256 cbc's in 3.00s Doing aes-256 cbc for 3s on 1024 size blocks: 162687 aes-256 cbc's in 3.00s Doing aes-256 cbc for 3s on 8192 size blocks: 20466 aes-256 cbc's in 3.00s OpenSSL 1.0.1c 10 May 2012 built on: Tue Jul 24 16:47:56 CST 2012 options:bn(64,64) md2(int) rc4(16x,int) des(idx,cisc,16,int) aes(partial) idea(int) blowfish(idx) compiler: gcc -fPIC -DOPENSSL_PIC -DZLIB -DOPENSSL_THREADS -D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H -DOPENSSL_NO_TLS1_2_CLIENT -Wa,--noexecstack -m64 -DL_ENDIAN -DTERMIO -O3 -Wall -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DMD5_ASM -DAES_ASM -DVPAES_ASM -DBSAES_ASM -DWHIRLPOOL_ASM -DGHASH_ASM The 'numbers' are in 1000s of bytes per second processed. type 16 bytes 64 bytes 256 bytes 1024 bytes 8192 bytes aes-256 cbc 51547.31k 54347.69k 55338.15k 55530.50k 55885.82k
所用cpu:
model name : Intel(R) Xeon(R) CPU E5620 @ 2.40GHz stepping : 2 cpu MHz : 2400.179 cache size : 256 KB
1.2 我自己机器
$ openssl speed aes-256-cbc Doing aes-256 cbc for 3s on 16 size blocks: 16090456 aes-256 cbc's in 2.95s Doing aes-256 cbc for 3s on 64 size blocks: 5139523 aes-256 cbc's in 2.98s Doing aes-256 cbc for 3s on 256 size blocks: 1344415 aes-256 cbc's in 2.97s Doing aes-256 cbc for 3s on 1024 size blocks: 357930 aes-256 cbc's in 2.98s Doing aes-256 cbc for 3s on 8192 size blocks: 44507 aes-256 cbc's in 2.98s OpenSSL 0.9.8k 25 Mar 2009 built on: Tue Jun 4 07:31:34 UTC 2013 options:bn(64,64) md2(int) rc4(ptr,char) des(idx,cisc,16,int) aes(partial) blowfish(ptr2) compiler: cc -fPIC -DOPENSSL_PIC -DZLIB -DOPENSSL_THREADS -D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H -m64 -DL_ENDIAN -DTERMIO -O3 -Wa,--noexecstack -g -Wall -DMD32_REG_T=int -DOPENSSL_BN_ASM_MONT -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DMD5_ASM -DAES_ASM available timing options: TIMES TIMEB HZ=100 [sysconf value] timing function used: times The 'numbers' are in 1000s of bytes per second processed. type 16 bytes 64 bytes 256 bytes 1024 bytes 8192 bytes aes-256 cbc 87270.27k 110379.02k 115882.24k 122993.40k 122349.44k cpu: model name : Intel(R) Core(TM) i3 CPU M 390 @ 2.67GHz stepping : 5 cpu MHz : 933.000 cache size : 3072 KB
为啥我的机器性能比服务器好呢… 可能是因为有gpu?
2 CPU公司的测试
做cpu的公司, 有的也会针对加密做优化, 或者硬件加密卡:
Architecture CPU eSTREAM cycles/byte amd64 Intel Core 2 Duo (6f6)? 9.2 amd64 AMD Athlon 64 (15,75,2)? 10.625 amd64 AMD Athlon 64 (15,75,2)? 12.4375
放在cpu 上, 一般是说加密每个byte需要多少个cpu cycle.这样的话, 假设一个1G主频的cpu, 每个byte需要10个cycle, 那么每秒可以加密0.1G内容.
参考:http://cr.yp.to/aes-speed.html
3 自己写个程序测一下
int main(int argc, char** argv) { AES_KEY aes; unsigned char key[AES_BLOCK_SIZE]; // AES_BLOCK_SIZE = 16 unsigned char iv[AES_BLOCK_SIZE]; // init vector unsigned char* input_string; unsigned char* encrypt_string; unsigned char* decrypt_string; unsigned int len; // encrypt length (in multiple of AES_BLOCK_SIZE) unsigned int i; // set the encryption length len = 256*1024; input_string = (unsigned char*)calloc(len, sizeof(unsigned char)); // Generate AES 128-bit key for (i=0; i<16; ++i) { key[i] = 32 + i; } // Set encryption key for (i=0; i<AES_BLOCK_SIZE; ++i) { iv[i] = 0; } if (AES_set_encrypt_key(key, 128, &aes) < 0) { fprintf(stderr, "Unable to set encryption key in AES\n"); exit(-1); } // alloc encrypt_string encrypt_string = (unsigned char*)calloc(len, sizeof(unsigned char)); if (encrypt_string == NULL) { fprintf(stderr, "Unable to allocate memory for encrypt_string\n"); exit(-1); } for (i=0; i<1024*10; i++) { // encrypt (iv will change) AES_cbc_encrypt(input_string, encrypt_string, len, &aes, iv, AES_ENCRYPT); } ...
在公司机器上, 每秒大约80M/s.
转载请注明:爱开源 » AES加密/解密速度