The Samba-Bugzilla – Attachment 11346 Details for
Bug 11451
Poor SMB3 encryption performance with AES-GCM
Home
|
New
|
Browse
|
Search
|
[?]
|
Reports
|
Requests
|
Help
|
New Account
|
Log In
[x]
|
Forgot Password
Login:
[x]
[patch]
Patches for v4-3-test (part1)
tmp43p1.diff.txt (text/plain), 3.24 KB, created by
Stefan Metzmacher
on 2015-08-17 19:59:53 UTC
(
hide
)
Description:
Patches for v4-3-test (part1)
Filename:
MIME Type:
Creator:
Stefan Metzmacher
Created:
2015-08-17 19:59:53 UTC
Size:
3.24 KB
patch
obsolete
>From e281c2403cfdc9a012bc93405b2edc86b36c43ef Mon Sep 17 00:00:00 2001 >From: Stefan Metzmacher <metze@samba.org> >Date: Mon, 17 Aug 2015 08:56:43 +0200 >Subject: [PATCH 1/2] libcli/smb: prefer AES128_CCM > >Callgrind showed that we use 28,165,720,719 cpu cycles to send >a 100MB file to a client using aes-ccm. > >With aes-gcm this is raises up to 723,094,413,831 cpu cycles. > >BUG: https://bugzilla.samba.org/show_bug.cgi?id=11451 > >Signed-off-by: Stefan Metzmacher <metze@samba.org> >Reviewed-by: Ralph Boehme <slow@samba.org> >(cherry picked from commit 05dbd3b47a728acada971b545df458ae0e082ec5) >--- > libcli/smb/smbXcli_base.c | 8 ++++++-- > 1 file changed, 6 insertions(+), 2 deletions(-) > >diff --git a/libcli/smb/smbXcli_base.c b/libcli/smb/smbXcli_base.c >index 6c35430..c1e9e58 100644 >--- a/libcli/smb/smbXcli_base.c >+++ b/libcli/smb/smbXcli_base.c >@@ -4598,8 +4598,12 @@ static struct tevent_req *smbXcli_negprot_smb2_subreq(struct smbXcli_negprot_sta > } > > SSVAL(p, 0, 2); /* ChiperCount */ >- SSVAL(p, 2, SMB2_ENCRYPTION_AES128_GCM); >- SSVAL(p, 4, SMB2_ENCRYPTION_AES128_CCM); >+ /* >+ * For now we preferr CCM because our implementation >+ * is faster than GCM, see bug #11451. >+ */ >+ SSVAL(p, 2, SMB2_ENCRYPTION_AES128_CCM); >+ SSVAL(p, 4, SMB2_ENCRYPTION_AES128_GCM); > > b = data_blob_const(p, 6); > status = smb2_negotiate_context_add(state, &c, >-- >1.9.1 > > >From 862e38caad7fbb5362868aa3f1d970f7ad9ebbdf Mon Sep 17 00:00:00 2001 >From: Stefan Metzmacher <metze@samba.org> >Date: Mon, 17 Aug 2015 08:56:43 +0200 >Subject: [PATCH 2/2] s3:smb2_negprot: prefer AES128_CCM if the client supports > it > >Callgrind showed that we use 28,165,720,719 cpu cycles to send >a 100MB file to a client using aes-ccm. > >With aes-gcm this is raises up to 723,094,413,831 cpu cycles. > >BUG: https://bugzilla.samba.org/show_bug.cgi?id=11451 > >Signed-off-by: Stefan Metzmacher <metze@samba.org> >Reviewed-by: Ralph Boehme <slow@samba.org> >(cherry picked from commit bd0ec51cfca2b3baed60d304125079c74815073a) >--- > source3/smbd/smb2_negprot.c | 18 ++++++++++++++---- > 1 file changed, 14 insertions(+), 4 deletions(-) > >diff --git a/source3/smbd/smb2_negprot.c b/source3/smbd/smb2_negprot.c >index 3106ef3..18382a9 100644 >--- a/source3/smbd/smb2_negprot.c >+++ b/source3/smbd/smb2_negprot.c >@@ -421,6 +421,8 @@ NTSTATUS smbd_smb2_request_process_negprot(struct smbd_smb2_request *req) > uint8_t buf[4]; > DATA_BLOB b; > size_t i; >+ bool aes_128_ccm_supported = false; >+ bool aes_128_gcm_supported = false; > > capabilities &= ~SMB2_CAP_ENCRYPTION; > >@@ -451,15 +453,23 @@ NTSTATUS smbd_smb2_request_process_negprot(struct smbd_smb2_request *req) > p += 2; > > if (v == SMB2_ENCRYPTION_AES128_GCM) { >- xconn->smb2.server.cipher = v; >- break; >+ aes_128_gcm_supported = true; > } > if (v == SMB2_ENCRYPTION_AES128_CCM) { >- xconn->smb2.server.cipher = v; >- break; >+ aes_128_ccm_supported = true; > } > } > >+ /* >+ * For now we preferr CCM because our implementation >+ * is faster than GCM, see bug #11451. >+ */ >+ if (aes_128_ccm_supported) { >+ xconn->smb2.server.cipher = SMB2_ENCRYPTION_AES128_CCM; >+ } else if (aes_128_gcm_supported) { >+ xconn->smb2.server.cipher = SMB2_ENCRYPTION_AES128_GCM; >+ } >+ > SSVAL(buf, 0, 1); /* ChiperCount */ > SSVAL(buf, 2, xconn->smb2.server.cipher); > >-- >1.9.1 >
You cannot view the attachment while viewing its details because your browser does not support IFRAMEs.
View the attachment on a separate page
.
View Attachment As Raw
Flags:
slow
:
review+
vl
:
review+
metze
:
review?
(
obnox
)
Actions:
View
Attachments on
bug 11451
: 11346 |
11374