Attachment 11346 Details for Bug 11451 – Patches for v4-3-test (part1)

[patch] Patches for v4-3-test (part1)

tmp43p1.diff.txt (text/plain), 3.24 KB, created by Stefan Metzmacher on 2015-08-17 19:59:53 UTC

(hide)

Description:

Filename:

MIME Type:

Creator: Stefan Metzmacher

Created: 2015-08-17 19:59:53 UTC

Size: 3.24 KB

patch

obsolete

>From e281c2403cfdc9a012bc93405b2edc86b36c43ef Mon Sep 17 00:00:00 2001
>From: Stefan Metzmacher <metze@samba.org>
>Date: Mon, 17 Aug 2015 08:56:43 +0200
>Subject: [PATCH 1/2] libcli/smb: prefer AES128_CCM
>
>Callgrind showed that we use 28,165,720,719 cpu cycles to send
>a 100MB file to a client using aes-ccm.
>
>With aes-gcm this is raises up to 723,094,413,831 cpu cycles.
>
>BUG: https://bugzilla.samba.org/show_bug.cgi?id=11451
>
>Signed-off-by: Stefan Metzmacher <metze@samba.org>
>Reviewed-by: Ralph Boehme <slow@samba.org>
>(cherry picked from commit 05dbd3b47a728acada971b545df458ae0e082ec5)
>---
> libcli/smb/smbXcli_base.c | 8 ++++++--
> 1 file changed, 6 insertions(+), 2 deletions(-)
>
>diff --git a/libcli/smb/smbXcli_base.c b/libcli/smb/smbXcli_base.c
>index 6c35430..c1e9e58 100644
>--- a/libcli/smb/smbXcli_base.c
>+++ b/libcli/smb/smbXcli_base.c
>@@ -4598,8 +4598,12 @@ static struct tevent_req *smbXcli_negprot_smb2_subreq(struct smbXcli_negprot_sta
> 		}
> 
> 		SSVAL(p, 0, 2); /* ChiperCount */
>-		SSVAL(p, 2, SMB2_ENCRYPTION_AES128_GCM);
>-		SSVAL(p, 4, SMB2_ENCRYPTION_AES128_CCM);
>+		/*
>+		 * For now we preferr CCM because our implementation
>+		 * is faster than GCM, see bug #11451.
>+		 */
>+		SSVAL(p, 2, SMB2_ENCRYPTION_AES128_CCM);
>+		SSVAL(p, 4, SMB2_ENCRYPTION_AES128_GCM);
> 
> 		b = data_blob_const(p, 6);
> 		status = smb2_negotiate_context_add(state, &c,
>-- 
>1.9.1
>
>
>From 862e38caad7fbb5362868aa3f1d970f7ad9ebbdf Mon Sep 17 00:00:00 2001
>From: Stefan Metzmacher <metze@samba.org>
>Date: Mon, 17 Aug 2015 08:56:43 +0200
>Subject: [PATCH 2/2] s3:smb2_negprot: prefer AES128_CCM if the client supports
> it
>
>Callgrind showed that we use 28,165,720,719 cpu cycles to send
>a 100MB file to a client using aes-ccm.
>
>With aes-gcm this is raises up to 723,094,413,831 cpu cycles.
>
>BUG: https://bugzilla.samba.org/show_bug.cgi?id=11451
>
>Signed-off-by: Stefan Metzmacher <metze@samba.org>
>Reviewed-by: Ralph Boehme <slow@samba.org>
>(cherry picked from commit bd0ec51cfca2b3baed60d304125079c74815073a)
>---
> source3/smbd/smb2_negprot.c | 18 ++++++++++++++----
> 1 file changed, 14 insertions(+), 4 deletions(-)
>
>diff --git a/source3/smbd/smb2_negprot.c b/source3/smbd/smb2_negprot.c
>index 3106ef3..18382a9 100644
>--- a/source3/smbd/smb2_negprot.c
>+++ b/source3/smbd/smb2_negprot.c
>@@ -421,6 +421,8 @@ NTSTATUS smbd_smb2_request_process_negprot(struct smbd_smb2_request *req)
> 		uint8_t buf[4];
> 		DATA_BLOB b;
> 		size_t i;
>+		bool aes_128_ccm_supported = false;
>+		bool aes_128_gcm_supported = false;
> 
> 		capabilities &= ~SMB2_CAP_ENCRYPTION;
> 
>@@ -451,15 +453,23 @@ NTSTATUS smbd_smb2_request_process_negprot(struct smbd_smb2_request *req)
> 			p += 2;
> 
> 			if (v == SMB2_ENCRYPTION_AES128_GCM) {
>-				xconn->smb2.server.cipher = v;
>-				break;
>+				aes_128_gcm_supported = true;
> 			}
> 			if (v == SMB2_ENCRYPTION_AES128_CCM) {
>-				xconn->smb2.server.cipher = v;
>-				break;
>+				aes_128_ccm_supported = true;
> 			}
> 		}
> 
>+		/*
>+		 * For now we preferr CCM because our implementation
>+		 * is faster than GCM, see bug #11451.
>+		 */
>+		if (aes_128_ccm_supported) {
>+			xconn->smb2.server.cipher = SMB2_ENCRYPTION_AES128_CCM;
>+		} else if (aes_128_gcm_supported) {
>+			xconn->smb2.server.cipher = SMB2_ENCRYPTION_AES128_GCM;
>+		}
>+
> 		SSVAL(buf, 0, 1); /* ChiperCount */
> 		SSVAL(buf, 2, xconn->smb2.server.cipher);
> 
>-- 
>1.9.1
>

Flags:

slow: review+
vl: review+
metze: review? (obnox)

Actions: View

Attachments on bug 11451: 11346 | 11374