luks and aes-ni

Latest response

Hi, I have a question regarding luks full disk encryption I did not found an authoritative answer for. If I have a cpu with a hardware chip for aes (aes-ni), does full disk encryption with luks use this chip (rhel6) ? Or in other words, is luks full disk encryption performance better on such aes-ni systems?

Regards, Markus

Responses

Interesting question, Markus. Hopefully someone here can help you out with a definitive answer.

Markus:

If your CPU has support for AES-NI (i.e., you get results with a command like: grep ^flags.*aes /proc/cpuinfo), then YES, your system will automatically take advantage of that, improving performance on dm-crypt volumes that use the AES cipher.

On later kernels cryptsetup has a benchmark action which makes it very easy to confirm this. Here's what I get on my mostly-idle Fedora 18 laptop (with Core i5-2540M CPU @ 2.60GHz).

[root:~]# cryptsetup benchmark
# Tests are approximate using memory only (no storage IO).
PBKDF2-sha1       483660 iterations per second
PBKDF2-sha256     242725 iterations per second
PBKDF2-sha512     157728 iterations per second
PBKDF2-ripemd160  367148 iterations per second
PBKDF2-whirlpool  199197 iterations per second
#  Algorithm | Key |  Encryption |  Decryption
     aes-cbc   128b   525.0 MiB/s  1672.0 MiB/s
 serpent-cbc   128b    70.9 MiB/s   269.6 MiB/s
 twofish-cbc   128b   158.3 MiB/s   294.2 MiB/s
     aes-cbc   256b   401.4 MiB/s  1313.5 MiB/s
 serpent-cbc   256b    74.4 MiB/s   271.2 MiB/s
 twofish-cbc   256b   159.6 MiB/s   294.6 MiB/s
     aes-xts   256b   927.7 MiB/s   926.4 MiB/s
 serpent-xts   256b   246.0 MiB/s   237.9 MiB/s
 twofish-xts   256b   250.2 MiB/s   255.0 MiB/s
     aes-xts   512b   794.0 MiB/s   794.3 MiB/s
 serpent-xts   512b   247.5 MiB/s   237.3 MiB/s
 twofish-xts   512b   253.2 MiB/s   256.5 MiB/s

You can see clearly how AES blows serpent and twofish out of the water, thanks to my modern CPU's AES instructions.

Sadly, we won't ever have anything like that in RHEL6, so if you want to do benchmarking you'll just have to do it yourself by creating a few different volumes and then using dd.

In other news, can someone tell me what html code I need to use to ensure code blocks like above make it in without getting mucked with (i.e., the spacing is not preserved)? Using <tt> works fine in the editor but breaks once it gets posted.

On a tangentially related topic (i.e., not trying to thread-jack): anyone know if NetBackup's client-side encryption benefits on RHEL 6 clients on hardware with the embeddec crypto accelerators? I put the question to Symantec, but haven't gotten a reply yet. Given the recent RedHat/Symantec co-presentation, earlier this month (granted that was for HA/DR), figured maybe someone at RH knows.