AES256 GCM Performance #147
Description
Hi,
I am using intel-sgx-ssl to calculate ghash (256 bit key). The result shows that calculating a hash for 4096B data took 11 us inside sgx.
However, when I used the openssl library outside sgx, the same computation only took 900 ns. Both SSL library versions are 1.1.1.
My code is below:
`
// data, key, iv, aad : Input
// tags : Output
int ghash(char *data, int data_len, char *sig, int sig_len) {
EVP_CIPHER_CTX *ctx;
int outlen;
ctx = EVP_CIPHER_CTX_new();
EVP_EncryptInit_ex(ctx, EVP_aes_256_gcm(), NULL, NULL, NULL);
//IV : 12 bytes (96bits)
EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_SET_IVLEN, 12, NULL);
EVP_EncryptInit_ex(ctx, NULL, NULL, aes_key, aes_iv);
//AAD : 16 bytes (128bits)
EVP_EncryptUpdate(ctx, NULL, &outlen, (const unsigned char*)data, data_len);
EVP_EncryptFinal_ex(ctx, NULL, &outlen);
//tags : 16 bytes (128bits)
EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_GET_TAG, 16, sig);
EVP_CIPHER_CTX_free(ctx);
return 0;
}
`
According to post in 2017 (https://medium.com/@danny_harnik/impressions-of-intel-sgx-performance-22442093595a),
this was a known problem for AES. This post also mentioned the reason for this degradation:
"The root-cause was related to the auto initiation flow of OpenSSL and it’s integration into SGX SW stack. OpenSSL didn’t receive the CPU capabilities to determine the best AES-GCM implementation for the given platform. Therefore due to the lack of platform information, OpenSSL have fallback to the basic C implementation (which is not optimized at all).
Solution: To get maximum performance, enclave developers should explicitly initialize OpenSSL crypto library. The auto initiation flow will be fixed in a future releases.”
I did follow the steps in "Intel(R) Software Guard Extensions SSL Library Linux Developer Guide.pdf" by linking both libsgx_usgxssl.a (in App code) and libsgx_tsgxssl_crypto.a libsgx_tsgxssl.a libsgx_pthread.a (in Enclave code).
I am wondering why there is still a big gap in the performance b/w ghash computation inside and outside SGX.