8

I wrote a basic function to test the speed of the AES-256-CBC mode of the Node.js built-in crypto functions. These functions use OpenSSL, so they should support AES-NI, but when I correctly enable AES-NI and do a command-line test of OpenSSL the encryption speed is ~350MB/s on OpenSSL and only ~100MB/s on Node.js Crypto.

I used this answer to enable OpenSSL AES-NI in the command line and ran it as follows:

openssl speed -evp aes-256-cbc

My question is, how do I make the speed of the Node.js crypto functions for AES match that of OpenSSL run in the command line? I suspect the reason is failure to use AES-NI

Community
  • 1
  • 1
Philberg
  • 620
  • 7
  • 14
  • 1
    Did you compile node or using a binary – user568109 Oct 11 '13 at 09:24
  • Compiled it v 0.10.20 – Philberg Oct 11 '13 at 20:14
  • 4
    If you are using the latest openssl, you don't need to do anything. This optimisation is done when compiling openssl with -mtune/-maes flag. See http://security.stackexchange.com/questions/11815/where-can-i-find-information-about-how-to-implement-intel-embedded-aes256-encryp . Right now I don't know if these options are used or not. All I know is that it is compiled with node-gyp for that, see https://github.com/joyent/node/blob/master/deps/openssl/openssl.gyp. – user568109 Oct 18 '13 at 04:23
  • 350MB/s is pretty low for AES-NI based AES, I would have expected about twice that number. I wonder if that's caused by CBC encryption being sequential. Do your numbers differ for CBC decryption or CTR? – CodesInChaos Feb 24 '15 at 09:27

2 Answers2

3

It seems that this was not correctly enabled until the latest release v0.12 (that was just released publicly).

Some of the notes are available here http://strongloop.com/strongblog/performance-node-js-v-0-12-whats-new/

Philberg
  • 620
  • 7
  • 14
2

No, you are doing it right. The performance of OpenSSL in Node is a bit disappointing. Most production Node.js deployments terminate SSL connections in something other than Node.js and then forward the unencrypted connections to Node.js.

Edmond Meinfelder
  • 313
  • 1
  • 5
  • 19