New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

AES-NI support #118

Closed
HazCod opened this Issue Oct 12, 2015 · 8 comments

Comments

Projects
None yet
6 participants
@HazCod

HazCod commented Oct 12, 2015

Is it possible to enable hardware acceleration?
I see high CPU usage when doing large files.

@benrubson

This comment has been minimized.

Show comment
Hide comment
@benrubson

benrubson Nov 25, 2015

Collaborator

Hello,

Yes, I would also be glad to see AES-NI / hardware acceleration into EncFS !
Especially on FreeBSD.
Sounds like OpenCrypto framework could be used for this purpose as AES-NI is already implemented there.

Thank you very much !

Ben

Collaborator

benrubson commented Nov 25, 2015

Hello,

Yes, I would also be glad to see AES-NI / hardware acceleration into EncFS !
Especially on FreeBSD.
Sounds like OpenCrypto framework could be used for this purpose as AES-NI is already implemented there.

Thank you very much !

Ben

@rfjakob rfjakob added the enhancement label Nov 30, 2015

@vgough

This comment has been minimized.

Show comment
Hide comment
@vgough

vgough Nov 30, 2015

Owner

This should already be supported via OpenSSL's engine support:

https://github.com/vgough/encfs/blob/master/encfs/openssl.cpp#L75

At one time, I recall having to set global openssl configuration to enable the AES-NI hardware engine. I don't know if that's still necessary, or if OpenSSL is supposed to auto-detect.

Owner

vgough commented Nov 30, 2015

This should already be supported via OpenSSL's engine support:

https://github.com/vgough/encfs/blob/master/encfs/openssl.cpp#L75

At one time, I recall having to set global openssl configuration to enable the AES-NI hardware engine. I don't know if that's still necessary, or if OpenSSL is supposed to auto-detect.

@benrubson

This comment has been minimized.

Show comment
Hide comment
@benrubson

benrubson Nov 30, 2015

Collaborator

Thank you for your feedback vgough !

According to this link, EVP_* methods must be used to activate AES-NI.
Is it the case ?

Perhaps it could be a good idea to add an EncFS option to show AES-NI status ?
Test seems to be easy according to the previous link.

# encfs --help
(...)
encfs --aesni     will return yes or no whether AES-NI is available / activated or not.

Thank you very much !

Ben

Collaborator

benrubson commented Nov 30, 2015

Thank you for your feedback vgough !

According to this link, EVP_* methods must be used to activate AES-NI.
Is it the case ?

Perhaps it could be a good idea to add an EncFS option to show AES-NI status ?
Test seems to be easy according to the previous link.

# encfs --help
(...)
encfs --aesni     will return yes or no whether AES-NI is available / activated or not.

Thank you very much !

Ben

@HazCod

This comment has been minimized.

Show comment
Hide comment
@HazCod

HazCod Dec 1, 2015

@benrubson Maybe it does, I see following line in

encfs/ChangeLog

Line 1265 in 340fefd

check for various OpenSSL EVP_* functions

HazCod commented Dec 1, 2015

@benrubson Maybe it does, I see following line in

encfs/ChangeLog

Line 1265 in 340fefd

check for various OpenSSL EVP_* functions

@mcronce

This comment has been minimized.

Show comment
Hide comment
@mcronce

mcronce Jan 29, 2016

It definitely looks like EVP functions are being used, at least in some places.

EDIT: Removed ridiculously long grep output. Suffice to say a grep for EVP suggests they're being used :)

mcronce commented Jan 29, 2016

It definitely looks like EVP functions are being used, at least in some places.

EDIT: Removed ridiculously long grep output. Suffice to say a grep for EVP suggests they're being used :)

@benrubson

This comment has been minimized.

Show comment
Hide comment
@benrubson

benrubson Apr 14, 2016

Collaborator

Yes having a closed look at the code, sounds like EVP_* functions are used.

In addition, according to this link, would be "useless" to make a function telling that AES-NI is supported, the main thing being to use the correct functions in the code itself.

We then first have to be sure that AES-NI functions are used everywhere in the code (developper confirmation needed).
Then a function/option could be implemented to tell whether or not AES-NI is supported on the current hardware, but simply looking at the CPU embedded functions will tell it.

Collaborator

benrubson commented Apr 14, 2016

Yes having a closed look at the code, sounds like EVP_* functions are used.

In addition, according to this link, would be "useless" to make a function telling that AES-NI is supported, the main thing being to use the correct functions in the code itself.

We then first have to be sure that AES-NI functions are used everywhere in the code (developper confirmation needed).
Then a function/option could be implemented to tell whether or not AES-NI is supported on the current hardware, but simply looking at the CPU embedded functions will tell it.

@aidan-fitz

This comment has been minimized.

Show comment
Hide comment
@aidan-fitz

aidan-fitz Jul 17, 2016

Maybe a good alternative for computers that don't have AES-NI would be a GPU implementation.

aidan-fitz commented Jul 17, 2016

Maybe a good alternative for computers that don't have AES-NI would be a GPU implementation.

@benrubson

This comment has been minimized.

Show comment
Hide comment
@benrubson

benrubson Mar 10, 2017

Collaborator

I think we can now close this. Thx !

Collaborator

benrubson commented Mar 10, 2017

I think we can now close this. Thx !

@HazCod HazCod closed this Mar 11, 2017

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment