Unacelerated AES Detection

aes.md

High level test setup:

apache-bench <-> s2nd <-> python SimpleHTTPServer (serving ~1GB file)

• Start up a simple webserver, this may limit overall thruput because it's a slow webserver but bulk encryption differences should dominate. This listens on port 8000 by default.

> python3 -m http.server

• Create a big file to server from SimpleHTTPServer

> cat /dev/urandom | head --bytes=1000000000 base64 > ./big_file

• Start s2nd and proxy stdin/out to python webserver on port 8000 s2nd's STDIN/OUT is the plaintext pre/post-TLS traffic.

> cat ./start_s2nd.sh
#!/bin/bash

LD_LIBRARY_PATH=/usr/local/openssl-1.1.1/lib:/workplace/s2n/lib /workplace/s2n/bin/s2nd  127.0.0.1 12222
> killall s2nd ; socat EXEC:./my_s2nd.sh  TCP:127.0.0.1:8000

Test 1: s2nd uses default preferences, client signals lack of AES hardware support

# This turns off AES acceleration in *software* to simulate lack of AES hardware.
> export OPENSSL_ia32cap="~0x200000200000000"
> LD_LIBRARY_PATH=/usr/local/openssl-1.1.1/lib:$LD_LIBARY_PATH \
  /usr/local/httpd/bin/ab -Z "ECDHE-RSA-CHACHA20-POLY1305:ECDHE-RSA-AES128-GCM-SHA256" "https://127.0.0.1:12222/big_file"
Benchmarking 127.0.0.1 (be patient).....done
Server Software:        SimpleHTTP/0.6
Server Hostname:        127.0.0.1
Server Port:            12222
SSL/TLS Protocol:       TLSv1.2,ECDHE-RSA-AES128-GCM-SHA256,2048,128
Server Temp Key:        ECDH P-256 256 bits
Document Path:          /big_file
Document Length:        1350877196 bytes
Concurrency Level:      1
Time taken for tests:   9.798 seconds
Complete requests:      1
Failed requests:        0
Total transferred:      1350877404 bytes
HTML transferred:       1350877196 bytes
Requests per second:    0.10 [#/sec] (mean)
Time per request:       9797.958 [ms] (mean)
Time per request:       9797.958 [ms] (mean, across all concurrent requests)
Transfer rate:          134641.95 [Kbytes/sec] received

Test 2: s2nd uses new unaccelerated AES preferences, client signals lack of AES hardware support

> cat start_s2nd_aes_detection.sh
> #!/bin/bash

LD_LIBRARY_PATH=/usr/local/openssl-1.1.1/lib:/workplace/s2n/lib /workplace/s2n/bin/s2nd -c 20200308 127.0.0.1 12222
> killall s2nd ; socat EXEC:./start_s2nd_aes_detection.sh  TCP:127.0.0.1:8000
# This turns off AES acceleration in *software* to simulate lack of AES hardware.
> export OPENSSL_ia32cap="~0x200000200000000"
> LD_LIBRARY_PATH=/usr/local/openssl-1.1.1/lib:$LD_LIBARY_PATH \
  /usr/local/httpd/bin/ab -Z "ECDHE-RSA-CHACHA20-POLY1305:ECDHE-RSA-AES128-GCM-SHA256" "https://127.0.0.1:12222/big_file"
Server Software:        SimpleHTTP/0.6
Server Hostname:        127.0.0.1
Server Port:            12222
SSL/TLS Protocol:       TLSv1.2,ECDHE-RSA-CHACHA20-POLY1305,2048,256
Server Temp Key:        ECDH P-256 256 bits
Document Path:          /big_file
Document Length:        1350877196 bytes
Concurrency Level:      1
Time taken for tests:   4.572 seconds
Complete requests:      1
Failed requests:        0
Total transferred:      1350877404 bytes
HTML transferred:       1350877196 bytes
Requests per second:    0.22 [#/sec] (mean)
Time per request:       4572.028 [ms] (mean)
Time per request:       4572.028 [ms] (mean, across all concurrent requests)
Transfer rate:          288540.71 [Kbytes/sec] received

Results

• When unacelerated AES detection has a "hit" we see ~288 MB/s vs ~135 MB/s when unacelerated AES detection is not enabled in s2n.
• Note these results are not 100% representative of real client improvement because I have spoofed my x86 system to not use AES-NI. More accurate results can be gathered if we use a real device that lacks AES acceleration and implements both AES-GCM and ChaCha20. Unfortunately, I don't have a 2015 IPad laying around anywhere.