Uploaded image for project: 'Drivers'
  1. Drivers
  2. DRIVERS-2581

Benchmark and use `mongocrypt_binary_t` definition to improve performance of In-Use Encryption

    • Needed
    • Hide

      Goal: Improve performance of In-Use Encryption for the workload identified in HELP-27047.

      Proposed changes for drivers:

      Refer to the changes made for the Java driver bindings:

      The benchmark may be useful for testing future performance improvements (DRIVERS-2718).

      Proposed changes may not benefit languages with no extra cost for calling into a C library: (C, C++, PHP via C driver) or drivers that are not using the crypto callbacks (Go).

      Show
      Goal: Improve performance of In-Use Encryption for the workload identified in HELP-27047. Proposed changes for drivers: Benchmark throughput of decrypting documents with many (e.g. 1500) encrypted fields. The benchmark is specified here: https://github.com/mongodb/specifications/commit/db3114e957f7c0976a1af09882dbb46cb4a70049 Attempt to use fields of `mongocrypt_binary_t` to avoid calls to `mongocrypt_binary_data` and `mongocrypt_binary_len`. The fields are exported as of MONGOCRYPT-589 . Expect an improvement in throughput. Refer to the changes made for the Java driver bindings: Benchmark added in: https://github.com/mongodb/libmongocrypt/pull/690 Use of `mongocrypt_binary_t` fields done in: https://github.com/mongodb/libmongocrypt/pull/693 The benchmark may be useful for testing future performance improvements ( DRIVERS-2718 ). Proposed changes may not benefit languages with no extra cost for calling into a C library: (C, C++, PHP via C driver) or drivers that are not using the crypto callbacks (Go).
    • $i18n.getText("admin.common.words.hide")
      Key Status/Resolution FixVersion
      CDRIVER-4685 Works as Designed
      CXX-2716 Works as Designed
      CSHARP-4719 Done 2.24.0
      GODRIVER-2907 Done
      JAVA-5073 Duplicate
      NODE-5455 Fixed mongodb-client-encryption-6.1.0
      MOTOR-1155 Won't Do
      PYTHON-3838 Fixed pymongocrypt-1.8.0
      PHPC-2304 Works as Designed
      RUBY-3299 Fixed 2.22.0
      RUST-1704 Won't Do
      $i18n.getText("admin.common.words.show")
      #scriptField, #scriptField *{ border: 1px solid black; } #scriptField{ border-collapse: collapse; } #scriptField td { text-align: center; /* Center-align text in table cells */ } #scriptField td.key { text-align: left; /* Left-align text in the Key column */ } #scriptField a { text-decoration: none; /* Remove underlines from links */ border: none; /* Remove border from links */ } /* Add green background color to cells with FixVersion */ #scriptField td.hasFixVersion { background-color: #00FF00; /* Green color code */ } /* Center-align the first row headers */ #scriptField th { text-align: center; } Key Status/Resolution FixVersion CDRIVER-4685 Works as Designed CXX-2716 Works as Designed CSHARP-4719 Done 2.24.0 GODRIVER-2907 Done JAVA-5073 Duplicate NODE-5455 Fixed mongodb-client-encryption-6.1.0 MOTOR-1155 Won't Do PYTHON-3838 Fixed pymongocrypt-1.8.0 PHPC-2304 Works as Designed RUBY-3299 Fixed 2.22.0 RUST-1704 Won't Do

      Summary

      Reduce overhead of encryption callbacks by providing bulk-oriented encryption and decryption callbacks

      Motivation

      HELP-27047 identified a slow workload with In-Use Encryption: decrypting documents with many encrypted fields. The crypto callbacks in libmongocrypt were identified as a possible cause.

      Driver bindings optionally set crypto callbacks to provide the crypto functions (HMAC, AES, SHA). Setting the callback enables using libmongocrypt without taking a dependency on OpenSSL or a system native crypto library. On last survey, Java, Python, C#, Ruby, Node, and Rust implement the crypto callbacks.

      The crypto callbacks showed in profiling HELP-27047. MONGOCRYPT-589 exports the fields of mongocrypt_binary_t. This allows bindings to use fields of mongocrypt_binary_t in callbacks directly and avoid calls to mongocrypt_binary_data and mongocrypt_binary_len.

      Who is the affected end user?

      Applications using implicit encryption where a single command requires many encryption/decryption operations

      How does this affect the end user?

      They are annoyed because implicit encryption/decryption is slower than they expect

      How likely is it that this problem or use case will occur?

      Fairly likely for users of implicit encryption.

      If the problem does occur, what are the consequences and how severe are they?

      It's a performance concern. 

      Is this issue urgent?

      No

      Is this ticket required by a downstream team?

      No

      Is this ticket only for tests?

      No

      Acceptance Criteria

      Implicit decryption is benchmarked. Implicit decryption performance is improved.

            Assignee:
            kevin.albertson@mongodb.com Kevin Albertson
            Reporter:
            jeff.yemin@mongodb.com Jeffrey Yemin
            James Kovacs James Kovacs
            Esha Bhargava Esha Bhargava
            Votes:
            0 Vote for this issue
            Watchers:
            5 Start watching this issue

              Created:
              Updated: