Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

AES256 GCM Performance #147

Open
jyizheng opened this issue Dec 31, 2022 · 3 comments
Open

AES256 GCM Performance #147

jyizheng opened this issue Dec 31, 2022 · 3 comments

Comments

@jyizheng
Copy link

Hi,

I am using intel-sgx-ssl to calculate ghash (256 bit key). The result shows that calculating a hash for 4096B data took 11 us inside sgx.
However, when I used the openssl library outside sgx, the same computation only took 900 ns. Both SSL library versions are 1.1.1.

My code is below:
`
// data, key, iv, aad : Input
// tags : Output
int ghash(char *data, int data_len, char *sig, int sig_len) {
EVP_CIPHER_CTX *ctx;
int outlen;

ctx = EVP_CIPHER_CTX_new();
EVP_EncryptInit_ex(ctx, EVP_aes_256_gcm(), NULL, NULL, NULL);
//IV : 12 bytes (96bits)
EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_SET_IVLEN, 12, NULL);
EVP_EncryptInit_ex(ctx, NULL, NULL, aes_key, aes_iv);
//AAD : 16 bytes (128bits)
EVP_EncryptUpdate(ctx, NULL, &outlen, (const unsigned char*)data, data_len);
EVP_EncryptFinal_ex(ctx, NULL, &outlen);
//tags : 16 bytes (128bits)
EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_GET_TAG, 16, sig);
EVP_CIPHER_CTX_free(ctx);
return 0;
}

`
According to post in 2017 (https://medium.com/@danny_harnik/impressions-of-intel-sgx-performance-22442093595a),
this was a known problem for AES. This post also mentioned the reason for this degradation:
"The root-cause was related to the auto initiation flow of OpenSSL and it’s integration into SGX SW stack. OpenSSL didn’t receive the CPU capabilities to determine the best AES-GCM implementation for the given platform. Therefore due to the lack of platform information, OpenSSL have fallback to the basic C implementation (which is not optimized at all).
Solution: To get maximum performance, enclave developers should explicitly initialize OpenSSL crypto library. The auto initiation flow will be fixed in a future releases.”

I did follow the steps in "Intel(R) Software Guard Extensions SSL Library Linux Developer Guide.pdf" by linking both libsgx_usgxssl.a (in App code) and libsgx_tsgxssl_crypto.a libsgx_tsgxssl.a libsgx_pthread.a (in Enclave code).

I am wondering why there is still a big gap in the performance b/w ghash computation inside and outside SGX.

@jinghe-INTC
Copy link
Contributor

Have you used an explicit crypto library initialization like that in the unit test project?

OPENSSL_init_crypto(0, NULL);

Not sure if it works in your project.

@jinghe-INTC
Copy link
Contributor

Since the problem was found with the deprecated OpenSSL 1.1.1, please check it still happens with the latest version with OpenSSL 3.0.*?

@jinghe-INTC
Copy link
Contributor

Since the problem was found with the deprecated OpenSSL 1.1.1, please check it still happens with the latest version with OpenSSL 3.0.*?

I tried putting the function you provided in an SGX sample, but I didn't see a significant performance difference between an application linked with libcrypto.a v3.0.2 from the Linux system and an enclave linked with the SGX SSL crypto library based on OpenSSL 3.0.13.

Please try it and let me know if you get different results. Thanks!

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

2 participants