...

Linux on system z cryptographic support Martin Kammerer 7/20/10

by user

on
Category: Documents
1

views

Report

Comments

Transcript

Linux on system z cryptographic support Martin Kammerer 7/20/10
Martin Kammerer
7/20/10
[email protected]
Linux on system z cryptographic support
visit us at http://www.ibm.com/developerworks/linux/linux390/perf/index.html
© 2010 IBM Corporation
Linux on System z Performance Evaluation
System z hardware
 For the use of cryptographic services, IBM System z9 supports the cryptographic hardware
functions Central Processor Assist for Cryptographic Function (CPACF) and Crypto
Express2 (CEX2) Feature.
 CPACF
– CPACF provides support for symmetric ciphers and secure hash algorithms (SHA) on every
central processor. Hence the potential encryption/decryption throughput scales with the
number of central processors in the system.
 CEX2
– The two PCI-X adapters on a CEX2 feature can be configured in two ways: Either as
cryptographic Coprocessor (CEX2C) for secure key encrypted transactions, or as
cryptographic Accelerator (CEX2A) for Secure Sockets Layer (SSL) acceleration. A CEX2A
works only in clear key mode.
 Both adapters can be of the same type, or you can configure one adapter as CEX2A and the
other as CEX2C.
2
July 20, 2010
Linux on system z cryptographic support
© 2010 IBM Corporation
Linux on System z Performance Evaluation
SSL acceleration
 The SSL communication protocol was designed to provide a secure communication over an
open insecure network like the Internet. OpenSSL is the Open Source implementation of the
SSL protocol. OpenSSL may use the hardware accelerated cryptographic services to speed
up an SSL communication. Other applications or protocols may use these cryptographic
services using different APIs (e.g. PKCS#11).
 OpenSSL needs the engine ibmca to communicate with the interface library (libICA). The
libICA library then communicates with CPACF or via the Linux generic device driver zcrypt
with a CEX2 (if available). Hence the device driver zcrypt must be loaded in order to use
CEX2 features.
3
July 20, 2010
Linux on system z cryptographic support
© 2010 IBM Corporation
Linux on System z Performance Evaluation
Cryptographic support – Linux SSL stack flow
Application
symmetric ciphers
Central Processor
July 20, 2010
Shared
System
Libraries
LibICA
CPACF
4
User
Space
engine ibmca
OpenSSL
software implementation
, e.g. Apache w/ mod_ssl
Linux on system z cryptographic support
zcrypt
device driver
CEX2A
Kernel
Space
Cryptographic
Hardware
© 2010 IBM Corporation
Linux on System z Performance Evaluation
Performance tests
 The Linux SSL performance tests show the benefit of a Crypto Express2 Feature (CEX2)
configured for SSL acceleration (CEX2A) in combination with the Central Processor Assist
for Cryptographic Function (CPACF).
 Our tests compare the performance with and without System z hardware support. The
throughput numbers for a CEX2 configured as a cryptographic coprocessor (CEX2C) are
also available for reference. However a CEX2C is designed and optimized for secure
encrypted transactions.
 The SSL protocol for secure network connections establishes a connection between a client
and a server node with an SSL handshake.
 For data encryption, SSL uses a symmetric cipher for performance reasons. For the SSL
handshake process, an asymmetric cipher (RSA) is used which is very cost intensive. The
SSL handshake exchanges the keys for the symmetric cipher and chooses the symmetric
cipher for the data encryption. The symmetric ciphers DES, TDES, and AES are supported
through the System z CPACF function.
 A CEX2 adapter can be configured as an SSL Accelerator (CEX2A), which gives best
performance in supporting the SSL handshake (RSA acceleration). An adapter configured as
Coprocessor (CEX2C) speeds up SSL handshakes as well, but is optimized to support
secure key encrypted transactions.
5
July 20, 2010
Linux on system z cryptographic support
© 2010 IBM Corporation
Linux on System z Performance Evaluation
Cryptographic support – Exemplary Workload




workload emulates a secured webserver
the connection between client and server is SSL secured
scaling over number of parallel connections
HTML files of different sizes are exchanged
–
–
–
–
40 Bytes (SSL handshake)
20 KB (small data portion)
250 KB and 500KB (medium data portions)
1 MB (big data portion)
OpenSSL
s_time
program
SSL secured
connection
OpenSSL
s_server
program
OSA
Express
System p client
6
July 20, 2010
Linux on system z cryptographic support
System z webserver
© 2010 IBM Corporation
Linux on System z Performance Evaluation
Crypto Express2 Accelerator (CEX2A) SSL handshakes
3500
3000
2500
2000
1500
1000
500
0
100%
4 CPUs - 40B data
60%
No HW
1 CEX2A
July 20, 2010
40%
idle
system
user
20%
1
2
4
8 16 32
number of parallel connections
7
32 parallel connections
80%
CPU load
connections/s
 CEX2A accelerates SSL handshake process (asymmetric cipher RSA)
 the number of SSL handshakes is up to 4x higher with CEX2A support
 in the 32 connections case we save about 50% of the CPU resources
Linux on system z cryptographic support
0%
no HW
CEX2A
© 2010 IBM Corporation
Linux on System z Performance Evaluation
Generic cryptographic device driver polling thread (1)
 zcrypt device driver has a configurable polling thread
– introduced with driver version 2.1.0 (SLES10 SP1 and RHEL 5.1); default was enabled
– since SLES10 SP2 and RHEL 5.2 disabled per default
1==enabled; 0==disabled
– check state: cat /sys/bus/ap/poll_thread
 enabled
–
–
–
–
–
polls cryptographic adapter for finished cryptographic requests
best utilization of CEX2 cryptographic adapter
uses one CPU for the thread when polling
only active during outstanding adapter requests
enable: echo 1 > /sys/bus/ap/poll_thread
 disabled
–
–
–
–
8
finished requests are fetched with Linux timer interrupt
poor performance when cryptographic adapter is not fully utilized
no further CPU costs for polling
disable: echo 0 > /sys/bus/ap/poll_thread
July 20, 2010
Linux on system z cryptographic support
© 2010 IBM Corporation
Linux on System z Performance Evaluation
Generic cryptographic device driver polling thread (2)
 performance degradations until adapter limit is reached for poll=no
connections/sec
3500
3000
1 CEX2A / 40b data
2500
2000
1500
poll no
poll yes
1000
500
0
1
2
4
8
16
number of parallel connections
9
July 20, 2010
Linux on system z cryptographic support
© 2010 IBM Corporation
Linux on System z Performance Evaluation
CP Assist for Cryptographic Function (CPACF) (1)
 z10 newly supports AES-192, AES-256
 use your cryptographic hardware! – software configuration issue
normalized throughput
6
4 CPUs - 1MB data - OpenSSL
5
4
3
no CPACF
1 CPACF
2
1
0
TDESSHA
DESSHA
AES128 AES256
-SHA
-SHA
RC4SHA *
* only SHA portion is calculated by CPACF
10
July 20, 2010
Linux on system z cryptographic support
© 2010 IBM Corporation
Linux on System z Performance Evaluation
CP Assist for Cryptographic Function (CPACF) (2)
 reduced CPU costs for fully supported block ciphers
 TDES most expensive cipher when calculated in software
mormalized CPU costs
14
12
4 CPUs - 1MB data - OpenSSL
10
8
no CPACF
1 CPACF
6
4
2
0
DESSHA
TDES- AES128 AES256
SHA
-SHA
-SHA
* only SHA portion is calculated by CPACF
11
July 20, 2010
Linux on system z cryptographic support
RC4SHA *
© 2010 IBM Corporation
Linux on System z Performance Evaluation
CP Assist for Cryptographic Function (CPACF) (3)
 supported ciphers and secure hash functions per System z machine
System z machine
supports
zSeries z890, z990 DES, TDES, SHA-1
DES, TDES, AES-128,
SHA-1, SHA-256
z9
DES, TDES, AES-128,
AES-192, AES-256,
SHA-1, SHA-224,
SHA-256, SHA-384,
z10
SHA-512
12
July 20, 2010
Linux on system z cryptographic support
© 2010 IBM Corporation
Linux on System z Performance Evaluation
SSL traffic with CEX2A and CPACF




CEX2A accelerates SSL handshakes
CPACF accelerates data encryption (symmetric ciphers)
use of both hardware features can double the throughput
using pure software encryption costs up to 6x more CPU
2.5
20K
1MB
AES-128
1.5
1
0.5
0
13
normalized CPU costs
normalized throughput
2
July 20, 2010
No HW
CPACF
CPACF+
CEX2A
Linux on system z cryptographic support
7
6
5
4
3
2
1
0
No HW
CPACF
CPACF
+CEX2
A
© 2010 IBM Corporation
Linux on System z Performance Evaluation
IPsec
 IPsec is an extension of the IP protocol providing security to IP and upper-layer protocols.
 IPsec uses in-kernel cryptographic algorithms.The IPsec protocols use secure hash
algorithms and symmetric ciphers.
 The following charts show results for three different network workload types with a secure IP
connection between the client and server.
 The workload types are:
– rr200x1k
– crr64x8k
– rr200x32k
emulates an online transaction
emulates a website request
emulates a database query
 For each workload type three sequences were measured:
– no IPsec
– IPsec - no CPACF
– IPsec - CPACF
IPsec is not used
HW support for in-kernel cryptography is disabled in the kernel
HW support for in-kernel cryptography is enabled in the kernel
 The chart shows normalized transaction rates. When doing IPsec, there is an additional
overhead to secure the network connection, which decreases the number of achievable
transactions. Enabling the HW support for in-kernel crypto dramatically absorbs this
decrease.
14
July 20, 2010
Linux on system z cryptographic support
© 2010 IBM Corporation
Linux on System z Performance Evaluation
Linux in-kernel crypto (1)
example: IP security (IPsec) is done in the Linux kernel
Linux kernel itself is capable of exploiting CPACF
carefully choose a CPACF supported cipher and hash function
strong performance impacts with pure software in-kernel crypto
normalized to no IPsec




1.2
1
0.8
0.6
0.4
0.2
0
IPsec config:
HMAC-SHA256
AES-128
no IPsec
IPsec - no CPACF
IPsec - CPACF
rr200x1k
transaction
crr64x8k
webserver
rr200x32k
DB_query
workload type
15
July 20, 2010
Linux on system z cryptographic support
© 2010 IBM Corporation
Linux on System z Performance Evaluation
Linux in-kernel crypto (2)
normalized CPU costs
 IPsec overhead is significant
 CPU costs can be 16x higher with software in-kernel crypto
 by using CPACF the CPU costs can be reduced up to 4x
16
18
16
14
12
10
8
6
4
2
0
July 20, 2010
IPsec config:
HMAC-SHA256
AES-128
no IPsec
IPsec - no CPACF
IPsec - CPACF
rr200x1k
transaction
Linux on system z cryptographic support
crr64x8k
webserver
workload type
rr200x32k
DB_query
© 2010 IBM Corporation
Linux on System z Performance Evaluation
Linux in-kernel crypto (3)
 response times <= 5 ms for emulated DB request with IPsec/CPACF
25
IPsec config:
HMAC-SHA256
AES-128
response time in ms
20
15
no IPsec
IPsec - no CPACF
IPsec - CPACF
10
5
0
rr200x32k
workload type
17
July 20, 2010
Linux on system z cryptographic support
© 2010 IBM Corporation
Linux on System z Performance Evaluation
Generic cryptographic device driver AP interrupts (1)
 zcrypt device driver uses AP interrupts instead of polling mechanism
–
–
–
–
since System z10 EC GA2, z10 BC
only in LPAR, z/VM delivers no AP interrupts
supported with driver version 2.1.x (SLES10 SP3, SLES11 SP1 and RHEL 5.4, RHEL6)
if available, zcrypt polling thread cannot be activated
 reduces the CPU costs for CEX2 crypto operations
– no additional CPU costs for the polling thread
 same throughput rates compared to an enabled polling thread
 new read-only attribute shows status
– cat /sys/bus/ap/devices/cardxy/subsystem/ap_interrupts
– 1 == interrupts used
– 0 == no interrupts used
18
July 20, 2010
Linux on system z cryptographic support
© 2010 IBM Corporation
Linux on System z Performance Evaluation
Generic cryptographic device driver AP interrupts (2)
3500
3000
2500
2000
1500
1000
500
0
1 CEX2A / 40b data
poll thread
AP interrupts
no HW
1
2
4
8 16
number of parallel connections
19
July 20, 2010
Linux on system z cryptographic support
normalized CPU costs
connections/sec
 SSL handshake rates similar to polling thread
 reduced CPU costs
14
12
10
8
6
4
2
0
1
2
4
8
16
number of parallel connections
© 2010 IBM Corporation
Linux on System z Performance Evaluation
Useful crypto display commands (1)
 icainfo
– CPACF supported operations by libICA on this system
– supported since libica library version 1.3.8
Sample command output:
System z10:
System z9:
# icainfo
The following CPACF operations are
supported by libica on this system:
SHA-1:
yes
SHA-256: yes
SHA-512: no
DES:
yes
TDES-128: yes
TDES-192: yes
AES-128: yes
AES-192: no
AES-256: no
PRNG:
yes
20
July 20, 2010
Linux on system z cryptographic support
# icainfo
The following CPACF operations are
supported by libica on this system:
SHA-1:
yes
SHA-256: yes
SHA-512: yes
DES:
yes
TDES-128: yes
TDES-192: yes
AES-128: yes
AES-192: yes
AES-256: yes
PRNG:
yes
© 2010 IBM Corporation
Linux on System z Performance Evaluation
Useful crypto display commands (2)
 icastats
– libICA request statistics
– supported since libica library version 2.0.1
Sample command outputs for a OpenSSL workload:
 no engine ibmca used
 engine ibmca + CPACF
# icastats
# icastats
function | # hardware | # software
function | # hardware | # software
----------+------------+------------ ----------+------------+-----------SHA1 |
0 |
0
SHA1 |
549736 |
0
SHA224 |
0 |
0
SHA224 |
0 |
0
SHA256 |
0 |
0
SHA256 |
0 |
0
SHA384 |
0 |
0
SHA384 |
0 |
0
SHA512 |
0 |
0
SHA512 |
0 |
0
RANDOM |
1 |
0
RANDOM |
1 |
0
MOD EXPO |
0 |
0
MOD EXPO |
0 |
0
RSA CRT |
0 |
0
RSA CRT |
0 |
6247
DES ENC |
0 |
0
DES ENC |
0 |
0
DES DEC |
0 |
0
DES DEC |
0 |
0
3DES ENC |
0 |
0
3DES ENC |
0 |
0
3DES DEC |
0 |
0
3DES DEC |
0 |
0
AES ENC |
0 |
0
AES ENC |
31235 |
0
AES DEC |
0 |
0
AES DEC |
18741 |
0
21
July 20, 2010
Linux on system z cryptographic support
 engine ibmca + CPACF + CEX2
# icastats
function | # hardware | # software
----------+------------+-----------SHA1 |
1082664 |
0
SHA224 |
0 |
0
SHA256 |
0 |
0
SHA384 |
0 |
0
SHA512 |
0 |
0
RANDOM |
1 |
0
MOD EXPO |
0 |
0
RSA CRT |
12303 |
0
DES ENC |
0 |
0
DES DEC |
0 |
0
3DES ENC |
0 |
0
3DES DEC |
0 |
0
AES ENC |
61515 |
0
AES DEC |
36909 |
0
© 2010 IBM Corporation
Linux on System z Performance Evaluation
Linux cryptographic support - Summary
 Crypto Express2 Accelerator (CEX2A)
–
–
–
–
–
optional feature for System z machines
executes cryptographic requests asynchronously to the Central Processor (CP)
accelerates public key operations used for the SSL protocol (SSL handshake)
requires generic zcrypt device driver
zcrypt device driver with enabled polling thread utilizes adapter best
 CP Assist for Cryptographic Function (CPACF)
–
–
–
–
supports several block ciphers and secure hash functions
executes cryptographic requests synchronously to the Central Processor (CP)
Linux kernel can use CPACF as well (in-kernel crypto)
software must be configured appropriately to exploit the hardware
 CEX2A and CPACF can be combined
– for example: SSL uses symmetric and asymmetric ciphers
– best throughput results with both cryptographic features together
22
July 20, 2010
Linux on system z cryptographic support
© 2010 IBM Corporation
Linux on System z Performance Evaluation
Trademarks
IBM, the IBM logo, and ibm.com are trademarks or registered trademarks of International Business
Machines Corp., registered in many jurisdictions worldwide. Other product and service names might be
trademarks of IBM or other companies. A current list of IBM trademarks is available on the Web at
“Copyright and trademark information” at www.ibm.com/legal/copytrade.shtml.
Linux is a registered trademark of Linus Torvalds in the United States, other countries, or both.
Java and all Java-based trademarks and logos are trademarks of Sun Microsystems, Inc. in the United
States, other countries, or both.
Other product and service names might be trademarks of IBM or other companies.
Source: If applicable, describe source origin
23
July 20, 2010
Linux on system z cryptographic support
© 2010 IBM Corporation
Fly UP