benchmarks-cyassl

Apple TV 2

(www.apple.com)

Apple A4 (ARM Cortex-A8)

1 GHz

8 GB FLASH

256 MB RAM

Crypto Benchmarks:

AES 5 megs took 0.500 seconds, 9.99 MB/s

ARC4 5 megs took 0.174 seconds, 28.66 MB/s

RABBIT 5 megs took 0.126 seconds, 39.56 MB/s

3DES 5 megs took 2.196 seconds, 2.28 MB/s

MD5 5 megs took 0.163 seconds, 30.73 MB/s

SHA 5 megs took 0.137 seconds, 36.61 MB/s

SHA-256 5 megs took 0.309 seconds, 16.20 MB/s

RSA 1024 encryption took 1.12 milliseconds, avg over 100 iterations

RSA 1024 decryption took 17.81 milliseconds, avg over 100 iterations

DH 1024 key generation 11.90 milliseconds, avg over 100 iterations

DH 1024 key agreement 11.22 milliseconds, avg over 100 iterations

Build Details
- Complete build, compiled with fastmath (--enable-fastmath)

Reference

Blog Post: Running CyaSSL on the Apple TV 2

Documentation

Contact

About

Docs

Docs -> CyaSSL / CTaoCrypt Benchmarks

Support Forums

Documentation:

CyaSSL is dual licensed under both the GPLv2 and commercial licensing. For more information, please see the following links.

Licensing and Ordering:

Follow us on Twitter and Facebook!

Stay up to date:

‣ Follow us on Twitter
‣ Like us on Facebook

Description

The CyaSSL embedded SSL library was written from the ground-up with both portability, performance, and memory usage in mind. Here you will find a collection of existing benchmark information for CyaSSL. If you would like additional benchmark data or have any questions about your specific platform, please contact us at info@yassl.com.

Publications / Flyers

We maintain several publications in relation to benchmarking our SSL and crypto libraries:

CyaSSL+NTRU: High-Performance SSL

This flyer details the performance gains that can be seen when using the CyaSSL embedded SSL library with Security Innovation’s NTRU cipher. NTRU is similar to the RSA public key algorithm but can offer anywhere from a 20-200X speed improvement.

Download Flyer

CyaSSL Benchmarks

Because CyaSSL can offer fast encryption and low memory usage it can easily be leveraged onto high-volume servers supporting many thousands of connections.

Download Flyer

CTaoCrypt Benchmark Application

Many users are curious about how the CyaSSL embedded SSL library will perform on a specific hardware device or in a specific environment. Because of the wide variety of different platforms and compilers used today in embedded, enterprise, and cloud-based environments, it is hard to give generic performance calculations across the board.

To help CyaSSL users and customers in determining SSL performance for CyaSSL / CTaoCrypt, a benchmark application is bundled with CyaSSL. CyaSSL uses the CTaoCrypt cryptography library for all crypto operations by default. Because the underlying cryptography is a very performance-critical aspect of SSL/TLS, our benchmark application runs performance tests on CTaoCrypt’s algorithms.

The benchmark utility is located in the ./ctaocrypt/benchmark directory of the CyaSSL download. After building CyaSSL and the associated examples and apps, the benchmark application can be run by issuing the following command from the root CyaSSL directory:

./ctaocrypt/benchmark/benchmark

Typical output may look similar to this:

AES 5 megs took 0.034 seconds, 148.13 MB/s

ARC4 5 megs took 0.016 seconds, 312.54 MB/s

HC128 5 megs took 0.004 seconds, 1214.12 MB/s

RABBIT 5 megs took 0.011 seconds, 459.31 MB/s

3DES 5 megs took 0.233 seconds, 21.48 MB/s

MD5 5 megs took 0.011 seconds, 464.68 MB/s

SHA 5 megs took 0.018 seconds, 278.27 MB/s

SHA-256 5 megs took 0.040 seconds, 124.32 MB/s

RSA 1024 encryption took 0.04 milliseconds, avg over 100 iterations

RSA 1024 decryption took 0.45 milliseconds, avg over 100 iterations

DH 1024 key generation 0.21 milliseconds, avg over 100 iterations

DH 1024 key agreement 0.22 milliseconds, avg over 100 iterations

This application is especially useful for comparing the public key speed before and after changing the math library. You can test the results using the normal math library (./configure), the fastmath library (./configure --enable-fastmath), and the fasthugemath library (./configure --enable-fasthugemath).

Memory Usage

Footprint sizes (compiled binary size) for CyaSSL range between 30-100kB depending on build options and the compiler being used. Typically on an embedded system with an embedded and optimized compiler, build sizes will be around 60kB. This will include a full-featured TLS 1.2 client and server. For details on build options and ways to further customize CyaSSL, please see Chapter 2 of the CyaSSL Manual.

Regarding runtime memory usage, CyaSSL will generally consume somewhere between 3-36 kB (average is around 3kB). The RAM usage per connection will vary depending the size of the input/output buffers being used. The I/O buffers in CyaSSL default to 128 bytes and are controlled by the RECORD_SIZE define in ./cyassl/internal.h. The maximum size is 16 kB per buffer, making the idle runtime memory consumption range anywhere between 4kB - 35 kB (plus a little overhead). For example, with standard 16kB buffers, the total runtime memory usage of CyaSSL with a single connection would be 3kB (the library) + 16kB (input buffer) + 16kB (output buffer) = around 35kB.

The SSL context (CTX) is shared between all SSL connections of either a client or server. The runtime memory usage can vary depending on how many certificates are being loaded and what size the certificate files are. It will also vary depending on the session cache and whether or not storing session certificates is turned on (--enable-session-certs). If you are concerned with reducing the session cache size, you can define SMALL_SESSION_CACHE (reduce the default session cache from 33 session to 6 sessions) and save almost 2.5 kB. You can disable the session cache by defining NO_SESSION_CACHE, reducing memory by nearly 3 kB.

Reference Benchmarks

As we have ported CyaSSL to various platforms, we have conducted various benchmarks. Below you will find a collection of some of those benchmarks for reference. If you have benchmarked CyaSSL on a specific platform, please send us your benchmark numbers (with specific platform and library configuration) and we’ll add them to the list!

BENCHMARK:

Memory Usage:

RAM Usage: 2.0 kB

Flash Usage*: 64 kB

* This included our test driver code, about 3kB.

Crypto Benchmarks:

public RSA: 10 milliseconds

private RSA: 165 milliseconds

Build Details
- Complete build, everything but SHA-512, DH, DSA, and HC-128

- Compiled using mbed cloud compiler

Reference

http://mbed.org/users/toddouska/libraries/CyaSSL/lm43pv

http://mbed.org/users/toddouska/programs/cyassl-client/lm394s

PLATFORM:

(www.mbed.org)

ARM Cortex-M3

96 MHz

512 kB FLASH

32 kB RAM

Relative Cipher Performance

Although the performance of individual ciphers and algorithms will depend on the host platform, the following graph shows relative performance between CTaoCrypt’s ciphers. These tests were conducted on a Macbook Pro (OS X 10.6.8) running a 2.2 GHz Intel Core i7.

If you want to use only a subset of ciphers, you can customize which specific cipher suites and/or ciphers CyaSSL uses when making an SSL/TLS connection. For example, to force 128-bit AES, add the following line after the call to CyaSSL_CTX_new (SSL_CTX_new):

CyaSSL_CTX_set_cipher_list(ctx, “AES128-SHA”);

Benchmarking Notes

1.The processors native register size (32 vs 64-bit) can make a big difference when doing 1000+ bit public key operations.

2.fastmath (--enable-fastmath) reduces dynamic memory usage and speeds up public key operations. If you are having trouble building on a 32-bit platform with fastmath, disable shared libraries so that PIC isn’t hogging a register (also see notes in the README):

./configure --enable-fastmath --disable-shared
make clean
make

*NOTE: doing a “make clean” is good practice with CyaSSL when switching configure options

3.By default, fastmath tries to use assembly optimizations if possible. If assembly optimizations don’t work, you can still use fastmath without them by adding TFM_NO_ASM to CFLAGS when building CyaSSL:

./configure --enable-fastmath CFLAGS=-DTFM_NO_ASM

4.Using fasthugemath can try to push fastmath even more for users who are not running on embedded platforms:

./configure --enable-fasthugemath

5.With the default CyaSSL build, we have tried to find a good balance between memory usage and performance. If you are more concerned about one of the two, please see Chapter 2 of the CyaSSL manual for additional CyaSSL configuration options.

6.Bulk Transfers: CyaSSL by default uses 128 byte I/O buffers since about 80% of SSL traffic falls within this size and to limit dynamic memory use. It can be configured to use 16K buffers (the maximum SSL size) if bulk transfers are required.