Hi everyone,
As a performance test, I measured the time needed to execute mbedtls_ssl_read
and mbedtls_ssl_write.
The time needed by mbedtls_ssl_read and mbedtls_ssl_write should be the same
as the operation is symmetric. However, mbedtls_ssl_read takes always more time
than mbedtls_ssl_write.
Could anyone explain the reason?!
Thanks,
Best regards
@okba Thank you for your question!
Note that mbedtls_ssl_write() encrypts the data and mbedtls_ssl_read() decrypts and checks the data…
This is very much dependent on the negotiated cipher suite.
If for example, you are using AES and HASH, then the crypto operations are not symmetric, as AES encryption and AES decryption may not necessary have the same throughput.
If you have negotiated a ciphersuite with AEAD (as you probably have ), such as GCM, the the encryption and decryption are symmetrical, however, when decrypting, after generating the MAc, you also compare it.
However, the functions of mbedtls_ssl_read() and mbedtls_ssl_write() are not symmetrical at all.
Assuming we already have a negotiated TLS session, mbedtls_ssl_write() just wirtes the record by calling mbedtls_ssl_write_record(). However, mbedtls_ssl_read(), after reading the record adds much more checking of the given data.
After all, you know what you are sending, but you don’t know what you are receiving.
Regards,
mbed TLS Team member
Ron