jolynch/AesGcmBenchmark.java Secret

## AesGcmBenchmark.java
import java.security.Security;
import java.io.File;
import java.io.FileInputStream;
import java.io.FileOutputStream;
import java.security.SecureRandom;

import javax.crypto.Cipher;
import javax.crypto.KeyGenerator;
import javax.crypto.spec.GCMParameterSpec;
import javax.crypto.SecretKey;
import javax.crypto.spec.IvParameterSpec;
import javax.crypto.spec.SecretKeySpec;

public class AesGcmBenchmark {
     static {
         try {
             Security.setProperty("crypto.policy", "unlimited");
         } catch (Exception e) {
             e.printStackTrace();
         }
     }

     static final int BUF_LEN = 4096;
     static final int AES_KEY_SIZE = 256;
     static final int GCM_NONCE_LENGTH = 12;
     static final int GCM_TAG_LENGTH = 16;

     public static void main(String[] args) throws Exception
     {
         // Generate Key
         SecureRandom random = SecureRandom.getInstanceStrong();
         KeyGenerator keyGen = KeyGenerator.getInstance("AES");
         keyGen.init(AES_KEY_SIZE, random);
         SecretKey key = keyGen.generateKey();

         Cipher cipher = Cipher.getInstance("AES/GCM/NoPadding", "SunJCE");
         final byte[] nonce = new byte[GCM_NONCE_LENGTH];
         random.nextBytes(nonce);
         GCMParameterSpec spec = new GCMParameterSpec(GCM_TAG_LENGTH * 8, nonce);
         cipher.init(Cipher.ENCRYPT_MODE, key, spec);

         byte[] bufInput = new byte[BUF_LEN];
         FileInputStream fis = new FileInputStream(new
File("/dev/stdin"));
         FileOutputStream fos = new FileOutputStream(new
File("/dev/stdout"));
         int nBytes;
         while ((nBytes = fis.read(bufInput, 0, BUF_LEN)) != -1)
         {
             fos.write(cipher.update(bufInput, 0, nBytes));
         }
         fos.write(cipher.doFinal());
    }
}


## authenticated_encryption_perf.txt
$ head -c 1G </dev/urandom > test
# Touch it into page cache to test algorithm speed
$ vmtouch -t test
           Files: 1
     Directories: 0
   Touched Pages: 262144 (1G)
         Elapsed: 0.15648 seconds

# AES-GCM via keypipe @ 3.7 GiBps
$ time ./aepipe <(echo "4d8ec20204895b1b875ad2c8a68a06f488c10ffb57b511c0deefc3e6f46dd7c9" | xxd -p -r) < test > /dev/null
./aepipe  < test > /dev/null  0.25s user 0.16s system 99% cpu 0.412 total

$ time ./aepipe <(echo "4d8ec20204895b1b875ad2c8a68a06f488c10ffb57b511c0deefc3e6f46dd7c9" | xxd -p -r) < test > /dev/null
./aepipe  < test > /dev/null  0.27s user 0.15s system 99% cpu 0.421 total

# ChaCha20-Poly1305 via age @ 1.8GiBps
$ time age -r age1z8m5kna2mz0qh46k6fqephfrx2ayfswvpdvz0dyyvvfzkus9y3fqfs9sls test > /dev/null                                                                                          130 ↵
age -r age1z8m5kna2mz0qh46k6fqephfrx2ayfswvpdvz0dyyvvfzkus9y3fqfs9sls test >   0.56s user 0.17s system 103% cpu 0.704 total

$ time age -r age1z8m5kna2mz0qh46k6fqephfrx2ayfswvpdvz0dyyvvfzkus9y3fqfs9sls test > /dev/null
age -r age1z8m5kna2mz0qh46k6fqephfrx2ayfswvpdvz0dyyvvfzkus9y3fqfs9sls test >   0.53s user 0.17s system 102% cpu 0.680 total

# AES-GCM via java 8 @ 0.283 GiBps
$ /usr/lib/jvm/java-8-openjdk-amd64/bin/java -version                                                                                                                                    1 ↵
openjdk version "1.8.0_292"
OpenJDK Runtime Environment (build 1.8.0_292-8u292-b10-0ubuntu1~20.04-b10)
OpenJDK 64-Bit Server VM (build 25.292-b10, mixed mode)

$ time /usr/lib/jvm/java-8-openjdk-amd64/bin/java AesGcmBenchmark < test >/dev/null
/usr/lib/jvm/java-8-openjdk-amd64/bin/java AesGcmBenchmark < test > /dev/null  3.53s user 0.67s system 108% cpu 3.885 total

$ time /usr/lib/jvm/java-8-openjdk-amd64/bin/java AesGcmBenchmark < test >/dev/null
/usr/lib/jvm/java-8-openjdk-amd64/bin/java AesGcmBenchmark < test > /dev/null  3.65s user 0.56s system 108% cpu 3.870 total

# AES-GCM via java 11 @ 0.75 GiBps
$ /usr/lib/jvm/java-11-openjdk-amd64/bin/java --version                                                                                                                                  1 ↵
openjdk 11.0.11 2021-04-20
OpenJDK Runtime Environment (build 11.0.11+9-Ubuntu-0ubuntu2.20.04)
OpenJDK 64-Bit Server VM (build 11.0.11+9-Ubuntu-0ubuntu2.20.04, mixed mode, sharing)

$ time /usr/lib/jvm/java-11-openjdk-amd64/bin/java AesGcmBenchmark < test >/dev/null
/usr/lib/jvm/java-11-openjdk-amd64/bin/java AesGcmBenchmark < test > /dev/nul  1.33s user 0.65s system 124% cpu 1.591 total

$ time /usr/lib/jvm/java-11-openjdk-amd64/bin/java AesGcmBenchmark < test >/dev/null
/usr/lib/jvm/java-11-openjdk-amd64/bin/java AesGcmBenchmark < test > /dev/nul  1.33s user 0.63s system 124% cpu 1.570 total


## benchmarkon.sh
#!/bin/bash
echo "Setting performance @ 4GHz"

cd /sys/devices/system/cpu

FREQ=4000000
for c in ./cpu[0-9]* ; do
    echo $FREQ | sudo tee -a ${c}/cpufreq/scaling_max_freq
    echo $FREQ | sudo tee -a ${c}/cpufreq/scaling_min_freq
    echo "performance" | sudo tee -a ${c}/cpufreq/scaling_governor
done

## summary.txt
# Authenticated ciphers
C (native) AES-GCM: 3.7 GiBps
Golang (mostly native) ChaCha20-Poly1305: 1.8 GiBps
Java8 AES-GCM: 0.283 GiBps
Java11 AES-GCM: 0.75 GiBps

# Unauthenticated ciphers (we should not be using these)
Java8 AES-CBC: 0.6 GiB/s
Java11 AES-CBC: 0.6 GiB/s
OpenSSL (native): 0.94 GiB/s

## unauthenticated_encryption_perf.txt
# AES-CBC via java8 @ 0.6 GiB/s
$ /usr/lib/jvm/java-8-openjdk-amd64/bin/java -version                                                                                                                                    1 ↵
openjdk version "1.8.0_292"
OpenJDK Runtime Environment (build 1.8.0_292-8u292-b10-0ubuntu1~20.04-b10)
OpenJDK 64-Bit Server VM (build 25.292-b10, mixed mode)

$ time /usr/lib/jvm/java-8-openjdk-amd64/bin/java AesBenchmark < test >/dev/null                                                                                                         1 ↵
/usr/lib/jvm/java-8-openjdk-amd64/bin/java AesBenchmark < test > /dev/null  1.60s user 0.83s system 112% cpu 2.159 total
$ time /usr/lib/jvm/java-8-openjdk-amd64/bin/java AesBenchmark < test >/dev/null
/usr/lib/jvm/java-8-openjdk-amd64/bin/java AesBenchmark < test > /dev/null  1.66s user 0.74s system 112% cpu 2.137 total

# AES-CBC via java11 @ 0.6 GiB/s
$ /usr/lib/jvm/java-11-openjdk-amd64/bin/java --version                                                                                                                                  1 ↵
openjdk 11.0.11 2021-04-20
OpenJDK Runtime Environment (build 11.0.11+9-Ubuntu-0ubuntu2.20.04)
OpenJDK 64-Bit Server VM (build 11.0.11+9-Ubuntu-0ubuntu2.20.04, mixed mode, sharing)

$ time /usr/lib/jvm/java-11-openjdk-amd64/bin/java AesBenchmark < test >/dev/null
/usr/lib/jvm/java-11-openjdk-amd64/bin/java AesBenchmark < test > /dev/null  1.66s user 0.82s system 122% cpu 2.025 total

$ time /usr/lib/jvm/java-11-openjdk-amd64/bin/java AesBenchmark < test >/dev/null
/usr/lib/jvm/java-11-openjdk-amd64/bin/java AesBenchmark < test > /dev/null  1.69s user 0.77s system 120% cpu 2.041 total


# AES-CBC via openssl @ 0.94 GiB/s
$ time openssl enc -aes-256-cbc -K "0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef" -iv "0123456789abcdef0123456789abcdef" -in test -out /dev/null
openssl enc -aes-256-cbc -K  -iv "0123456789abcdef0123456789abcdef" -in test   1.10s user 0.20s system 99% cpu 1.297 total

$ time openssl enc -aes-256-cbc -K "0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef" -iv "0123456789abcdef0123456789abcdef" -in test -out /dev/null
openssl enc -aes-256-cbc -K  -iv "0123456789abcdef0123456789abcdef" -in test   1.06s user 0.21s system 99% cpu 1.269 total
	import java.security.Security;
	import java.io.File;
	import java.io.FileInputStream;
	import java.io.FileOutputStream;
	import java.security.SecureRandom;

	import javax.crypto.Cipher;
	import javax.crypto.KeyGenerator;
	import javax.crypto.spec.GCMParameterSpec;
	import javax.crypto.SecretKey;
	import javax.crypto.spec.IvParameterSpec;
	import javax.crypto.spec.SecretKeySpec;

	public class AesGcmBenchmark {
	static {
	try {
	Security.setProperty("crypto.policy", "unlimited");
	} catch (Exception e) {
	e.printStackTrace();
	}
	}

	static final int BUF_LEN = 4096;
	static final int AES_KEY_SIZE = 256;
	static final int GCM_NONCE_LENGTH = 12;
	static final int GCM_TAG_LENGTH = 16;

	public static void main(String[] args) throws Exception
	{
	// Generate Key
	SecureRandom random = SecureRandom.getInstanceStrong();
	KeyGenerator keyGen = KeyGenerator.getInstance("AES");
	keyGen.init(AES_KEY_SIZE, random);
	SecretKey key = keyGen.generateKey();

	Cipher cipher = Cipher.getInstance("AES/GCM/NoPadding", "SunJCE");
	final byte[] nonce = new byte[GCM_NONCE_LENGTH];
	random.nextBytes(nonce);
	GCMParameterSpec spec = new GCMParameterSpec(GCM_TAG_LENGTH * 8, nonce);
	cipher.init(Cipher.ENCRYPT_MODE, key, spec);

	byte[] bufInput = new byte[BUF_LEN];
	FileInputStream fis = new FileInputStream(new
	File("/dev/stdin"));
	FileOutputStream fos = new FileOutputStream(new
	File("/dev/stdout"));
	int nBytes;
	while ((nBytes = fis.read(bufInput, 0, BUF_LEN)) != -1)
	{
	fos.write(cipher.update(bufInput, 0, nBytes));
	}
	fos.write(cipher.doFinal());
	}
	}
	$ head -c 1G </dev/urandom > test
	# Touch it into page cache to test algorithm speed
	$ vmtouch -t test
	Files: 1
	Directories: 0
	Touched Pages: 262144 (1G)
	Elapsed: 0.15648 seconds

	# AES-GCM via keypipe @ 3.7 GiBps
	$ time ./aepipe <(echo "4d8ec20204895b1b875ad2c8a68a06f488c10ffb57b511c0deefc3e6f46dd7c9" \| xxd -p -r) < test > /dev/null
	./aepipe < test > /dev/null 0.25s user 0.16s system 99% cpu 0.412 total

	$ time ./aepipe <(echo "4d8ec20204895b1b875ad2c8a68a06f488c10ffb57b511c0deefc3e6f46dd7c9" \| xxd -p -r) < test > /dev/null
	./aepipe < test > /dev/null 0.27s user 0.15s system 99% cpu 0.421 total

	# ChaCha20-Poly1305 via age @ 1.8GiBps
	$ time age -r age1z8m5kna2mz0qh46k6fqephfrx2ayfswvpdvz0dyyvvfzkus9y3fqfs9sls test > /dev/null 130 ↵
	age -r age1z8m5kna2mz0qh46k6fqephfrx2ayfswvpdvz0dyyvvfzkus9y3fqfs9sls test > 0.56s user 0.17s system 103% cpu 0.704 total

	$ time age -r age1z8m5kna2mz0qh46k6fqephfrx2ayfswvpdvz0dyyvvfzkus9y3fqfs9sls test > /dev/null
	age -r age1z8m5kna2mz0qh46k6fqephfrx2ayfswvpdvz0dyyvvfzkus9y3fqfs9sls test > 0.53s user 0.17s system 102% cpu 0.680 total

	# AES-GCM via java 8 @ 0.283 GiBps
	$ /usr/lib/jvm/java-8-openjdk-amd64/bin/java -version 1 ↵
	openjdk version "1.8.0_292"
	OpenJDK Runtime Environment (build 1.8.0_292-8u292-b10-0ubuntu1~20.04-b10)
	OpenJDK 64-Bit Server VM (build 25.292-b10, mixed mode)

	$ time /usr/lib/jvm/java-8-openjdk-amd64/bin/java AesGcmBenchmark < test >/dev/null
	/usr/lib/jvm/java-8-openjdk-amd64/bin/java AesGcmBenchmark < test > /dev/null 3.53s user 0.67s system 108% cpu 3.885 total

	$ time /usr/lib/jvm/java-8-openjdk-amd64/bin/java AesGcmBenchmark < test >/dev/null
	/usr/lib/jvm/java-8-openjdk-amd64/bin/java AesGcmBenchmark < test > /dev/null 3.65s user 0.56s system 108% cpu 3.870 total

	# AES-GCM via java 11 @ 0.75 GiBps
	$ /usr/lib/jvm/java-11-openjdk-amd64/bin/java --version 1 ↵
	openjdk 11.0.11 2021-04-20
	OpenJDK Runtime Environment (build 11.0.11+9-Ubuntu-0ubuntu2.20.04)
	OpenJDK 64-Bit Server VM (build 11.0.11+9-Ubuntu-0ubuntu2.20.04, mixed mode, sharing)

	$ time /usr/lib/jvm/java-11-openjdk-amd64/bin/java AesGcmBenchmark < test >/dev/null
	/usr/lib/jvm/java-11-openjdk-amd64/bin/java AesGcmBenchmark < test > /dev/nul 1.33s user 0.65s system 124% cpu 1.591 total

	$ time /usr/lib/jvm/java-11-openjdk-amd64/bin/java AesGcmBenchmark < test >/dev/null
	/usr/lib/jvm/java-11-openjdk-amd64/bin/java AesGcmBenchmark < test > /dev/nul 1.33s user 0.63s system 124% cpu 1.570 total
	#!/bin/bash
	echo "Setting performance @ 4GHz"

	cd /sys/devices/system/cpu

	FREQ=4000000
	for c in ./cpu[0-9]* ; do
	echo $FREQ \| sudo tee -a ${c}/cpufreq/scaling_max_freq
	echo $FREQ \| sudo tee -a ${c}/cpufreq/scaling_min_freq
	echo "performance" \| sudo tee -a ${c}/cpufreq/scaling_governor
	done
	# Authenticated ciphers
	C (native) AES-GCM: 3.7 GiBps
	Golang (mostly native) ChaCha20-Poly1305: 1.8 GiBps
	Java8 AES-GCM: 0.283 GiBps
	Java11 AES-GCM: 0.75 GiBps

	# Unauthenticated ciphers (we should not be using these)
	Java8 AES-CBC: 0.6 GiB/s
	Java11 AES-CBC: 0.6 GiB/s
	OpenSSL (native): 0.94 GiB/s
	# AES-CBC via java8 @ 0.6 GiB/s
	$ /usr/lib/jvm/java-8-openjdk-amd64/bin/java -version 1 ↵
	openjdk version "1.8.0_292"
	OpenJDK Runtime Environment (build 1.8.0_292-8u292-b10-0ubuntu1~20.04-b10)
	OpenJDK 64-Bit Server VM (build 25.292-b10, mixed mode)

	$ time /usr/lib/jvm/java-8-openjdk-amd64/bin/java AesBenchmark < test >/dev/null 1 ↵
	/usr/lib/jvm/java-8-openjdk-amd64/bin/java AesBenchmark < test > /dev/null 1.60s user 0.83s system 112% cpu 2.159 total
	$ time /usr/lib/jvm/java-8-openjdk-amd64/bin/java AesBenchmark < test >/dev/null
	/usr/lib/jvm/java-8-openjdk-amd64/bin/java AesBenchmark < test > /dev/null 1.66s user 0.74s system 112% cpu 2.137 total

	# AES-CBC via java11 @ 0.6 GiB/s
	$ /usr/lib/jvm/java-11-openjdk-amd64/bin/java --version 1 ↵
	openjdk 11.0.11 2021-04-20
	OpenJDK Runtime Environment (build 11.0.11+9-Ubuntu-0ubuntu2.20.04)
	OpenJDK 64-Bit Server VM (build 11.0.11+9-Ubuntu-0ubuntu2.20.04, mixed mode, sharing)

	$ time /usr/lib/jvm/java-11-openjdk-amd64/bin/java AesBenchmark < test >/dev/null
	/usr/lib/jvm/java-11-openjdk-amd64/bin/java AesBenchmark < test > /dev/null 1.66s user 0.82s system 122% cpu 2.025 total

	$ time /usr/lib/jvm/java-11-openjdk-amd64/bin/java AesBenchmark < test >/dev/null
	/usr/lib/jvm/java-11-openjdk-amd64/bin/java AesBenchmark < test > /dev/null 1.69s user 0.77s system 120% cpu 2.041 total


	# AES-CBC via openssl @ 0.94 GiB/s
	$ time openssl enc -aes-256-cbc -K "0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef" -iv "0123456789abcdef0123456789abcdef" -in test -out /dev/null
	openssl enc -aes-256-cbc -K -iv "0123456789abcdef0123456789abcdef" -in test 1.10s user 0.20s system 99% cpu 1.297 total

	$ time openssl enc -aes-256-cbc -K "0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef" -iv "0123456789abcdef0123456789abcdef" -in test -out /dev/null
	openssl enc -aes-256-cbc -K -iv "0123456789abcdef0123456789abcdef" -in test 1.06s user 0.21s system 99% cpu 1.269 total