search

stefanberger / libtpms

The libtpms library provides software emulation of a Trusted Platform Module (TPM 1.2 and TPM 2.0)
Other
219 stars 95 forks source link

Use explicit pre-fetching to improve performance #356

Closed DemiMarie closed 1 year ago

DemiMarie commented 1 year ago

See https://github.com/openssl/openssl/pull/20354.

stefanberger commented 1 year ago

@DemiMarie Do you have any more concrete issues/suggestion than just pointing to the openssl issue?

DemiMarie commented 1 year ago

@stefanberger No, but you did mention that the low-level functions are much faster than the high-level ones, and I wonder if the lack of pre-fetching is partially to blame.

stefanberger commented 1 year ago

This code base here maintains backwards compatibility with OpenSSL 1.1 as well and in some cases there's a lot more cycles to spend for OpenSSL 3.0 than for OpenSSL 1.1 using deprecated lower level APIs:

I am not sure whether anyone will performance test the TPM 2 implementation but it would be a bit slower once one uses the OpenSSL 3.0 functions.

DemiMarie commented 1 year ago

https://github.com/stefanberger/libtpms/pull/349/files#diff-dd8458cfda3caf2ace6e574df79ae81819aed9651b6f84f5ae1f233b9c32c62eR150-R156 is going to be slow. Calling EVP_CIPHER_fetch() and EVP_MD_fetch() during initialization will be much faster.

stefanberger commented 1 year ago

TPM 2 cannot use the EVP functions for hashes since libtpms needs access to the context: https://github.com/stefanberger/libtpms/wiki/OpenSSL-3-port#shaxyz_init-shaxyz_update-shaxyz_final

stefanberger commented 1 year ago

In PR #357 I have now added a caching layer to avoid having to call functions like EVP_aes_128_ctr() multiple times. To avoid yet more #ifdefs for older and newer versions of OpenSSL I am not using the new EVP_CIPHER_fetch() function but extended the existing function that also worked before 3.0.0 and doesn't touch any deprecated functions.