The Samba-Bugzilla – Attachment 13529 Details for
Bug 13008
smbd does not use the Intel AES instruction set for signing and encryption.
Home
|
New
|
Browse
|
Search
|
[?]
|
Reports
|
Requests
|
Help
|
New Account
|
Log In
[x]
|
Forgot Password
Login:
[x]
[patch]
Slightly improved git-am fix for master
0001-lib-crypto-Add-the-ability-to-call-AES-implementatio.patch (text/plain), 3.98 KB, created by
Jeremy Allison
on 2017-09-01 19:45:35 UTC
(
hide
)
Description:
Slightly improved git-am fix for master
Filename:
MIME Type:
Creator:
Jeremy Allison
Created:
2017-09-01 19:45:35 UTC
Size:
3.98 KB
patch
obsolete
>From f3885bd497cdc53e478dc309009581ecbc6bcd98 Mon Sep 17 00:00:00 2001 >From: Jeremy Allison <jra@samba.org> >Date: Fri, 1 Sep 2017 11:44:21 -0700 >Subject: [PATCH] lib: crypto: Add the ability to call AES implementations from > libnettle. > >libnettle implements the AESNI Intel instruction set, so should be >faster than our internal implementation if available on x86_64. > >BUG: https://bugzilla.samba.org/show_bug.cgi?id=13008 > >Signed-off-by: Stefan Metzmacher <metze@samba.org> >Signed-off-by: Jeremy Allison <jra@samba.org> >--- > lib/crypto/aes.h | 57 ++++++++++++++++++++++++++++++++++++++++++++ > lib/crypto/wscript_build | 2 ++ > lib/crypto/wscript_configure | 2 ++ > 3 files changed, 61 insertions(+) > >diff --git a/lib/crypto/aes.h b/lib/crypto/aes.h >index 48ea764d514..a3b98bc15c9 100644 >--- a/lib/crypto/aes.h >+++ b/lib/crypto/aes.h >@@ -36,6 +36,56 @@ > #ifndef LIB_CRYPTO_AES_H > #define LIB_CRYPTO_AES_H 1 > >+#if CRYPTO_AES_USE_NETTLE >+#include <nettle/aes.h> >+#include <nettle/memxor.h> >+ >+/* >+ * Defining these as 1 means use the Samba implementations in >+ * lib/crypto/aes.c >+ */ >+ >+#define SAMBA_AES_CBC_ENCRYPT 1 >+#define SAMBA_AES_CFB8_ENCRYPT 1 >+ >+typedef struct aes_ctx AES_KEY; >+ >+/* >+ * Symbol renaming to call libnettle functions - not Samba implementations >+ * in lib/crypto/aes.c >+ */ >+ >+#define AES_set_encrypt_key(userkey, bits, key) \ >+ aes_set_encrypt_key(key, bits/8, userkey) >+#define AES_set_decrypt_key(userkey, bits, key) aes_set_decrypt_key(key, bits/8, userkey) >+#define AES_encrypt(src, dst, key) aes_encrypt(key, AES_BLOCK_SIZE, dst, src) >+#define AES_decrypt(src, dst, key) aes_decrypt(key, AES_BLOCK_SIZE, dst, src) >+#define aes_block_xor(in1, in2, out) memxor3(out, in1, in2, AES_BLOCK_SIZE) >+ >+/* >+ * Symbol renaming to call Samba implementations in >+ * lib/crypto/aes.c >+ */ >+ >+#define AES_cbc_encrypt samba_AES_cbc_encrypt >+#define AES_cfb8_encrypt samba_AES_cfb8_encrypt >+ >+#define AES_ENCRYPT 1 >+#define AES_DECRYPT 0 >+ >+void AES_cbc_encrypt(const unsigned char *, unsigned char *, >+ const unsigned long, const AES_KEY *, >+ unsigned char *, int); >+ >+void AES_cfb8_encrypt(const unsigned char *in, unsigned char *out, >+ unsigned long size, const AES_KEY *key, >+ unsigned char *iv, int forward_encrypt); >+ >+#define aes_cfb8_encrypt(in, out, size, key, iv, forward_encrypt) \ >+ AES_cfb8_encrypt(in, out, size, key, iv, forward_encrypt) >+ >+#else /* CRYPTO_AES_USE_NETTLE */ >+ > #define SAMBA_RIJNDAEL 1 > #define SAMBA_AES_CBC_ENCRYPT 1 > #define SAMBA_AES_CFB8_ENCRYPT 1 >@@ -119,6 +169,13 @@ static inline void aes_block_xor(const uint8_t in1[AES_BLOCK_SIZE], > } > #endif /* SAMBA_AES_BLOCK_XOR */ > >+#endif /* CRYPTO_AES_USE_NETTLE */ >+ >+/* >+ * These next inline functions are not included in libnettle, >+ * so are needed for both Samba and libnettle choices. >+ */ >+ > static inline void aes_block_lshift(const uint8_t in[AES_BLOCK_SIZE], > uint8_t out[AES_BLOCK_SIZE]) > { >diff --git a/lib/crypto/wscript_build b/lib/crypto/wscript_build >index d1f152ebcf1..38a6b616b69 100644 >--- a/lib/crypto/wscript_build >+++ b/lib/crypto/wscript_build >@@ -10,6 +10,8 @@ elif bld.CONFIG_SET('HAVE_SYS_MD5_H') and bld.CONFIG_SET('HAVE_LIBMD'): > extra_deps += ' md' > elif not bld.CONFIG_SET('HAVE_SYS_MD5_H') and not bld.CONFIG_SET('HAVE_COMMONCRYPTO_COMMONDIGEST_H'): > extra_source += ' md5.c' >+if bld.CONFIG_SET('CRYPTO_AES_USE_NETTLE'): >+ extra_deps += ' nettle' > > bld.SAMBA_SUBSYSTEM('LIBCRYPTO', > source='''crc32.c hmacmd5.c md4.c arcfour.c sha256.c sha512.c hmacsha256.c >diff --git a/lib/crypto/wscript_configure b/lib/crypto/wscript_configure >index 130acec4381..11ee0f3e7d2 100644 >--- a/lib/crypto/wscript_configure >+++ b/lib/crypto/wscript_configure >@@ -13,3 +13,5 @@ if conf.CHECK_FUNCS('SHA256_Update'): > conf.DEFINE('SHA256_RENAME_NEEDED', 1) > if conf.CHECK_FUNCS('SHA512_Update'): > conf.DEFINE('SHA512_RENAME_NEEDED', 1) >+if conf.CHECK_FUNCS_IN('aes_set_encrypt_key', 'nettle', headers='nettle/aes.h nettle/memxor.h'): >+ conf.DEFINE('CRYPTO_AES_USE_NETTLE', 1) >-- >2.14.1.581.gf28d330327-goog >
You cannot view the attachment while viewing its details because your browser does not support IFRAMEs.
View the attachment on a separate page
.
View Attachment As Raw
Actions:
View
Attachments on
bug 13008
:
13524
|
13525
|
13526
|
13527
|
13528
|
13529
|
13549
|
13550
|
13552
|
13557