Bug 13008 - smbd does not use the Intel AES instruction set for signing and encryption.
Summary: smbd does not use the Intel AES instruction set for signing and encryption.
Status: RESOLVED FIXED
Alias: None
Product: Samba 4.1 and newer
Classification: Unclassified
Component: File services (show other bugs)
Version: unspecified
Hardware: All All
: P5 normal (vote)
Target Milestone: ---
Assignee: Karolin Seeger
QA Contact: Samba QA Contact
URL:
Keywords:
: 11286 (view as bug list)
Depends on:
Blocks:
 
Reported: 2017-08-31 18:27 UTC by Jeremy Allison
Modified: 2021-02-11 14:21 UTC (History)
4 users (show)

See Also:

Attachments
Original patch from Justin. (94.74 KB, patch)
2017-08-31 18:29 UTC, Jeremy Allison 		no flags Details
git-am fix for master. (99.73 KB, patch)
2017-08-31 19:49 UTC, Jeremy Allison 		no flags Details
git-am fix for master (99.73 KB, patch)
2017-08-31 20:10 UTC, Jeremy Allison 		no flags Details
git-am fix for master (99.80 KB, patch)
2017-08-31 22:26 UTC, Jeremy Allison 		no flags Details
git-am fix for master (3.97 KB, patch)
2017-09-01 19:02 UTC, Jeremy Allison 		no flags Details
Slightly improved git-am fix for master (3.98 KB, patch)
2017-09-01 19:45 UTC, Jeremy Allison 		no flags Details
git am fix allowing configure-time selectable AES cryto. (107.89 KB, patch)
2017-09-06 00:01 UTC, Jeremy Allison 		no flags Details
git-am fix allowing configure time switch between AES implementations. (111.25 KB, patch)
2017-09-06 00:04 UTC, Jeremy Allison 		no flags Details
Latest version submitted to master. (108.30 KB, patch)
2017-09-06 20:28 UTC, Jeremy Allison 		no flags Details
git-am cherry-pick from master. (109.27 KB, patch)
2017-09-07 17:23 UTC, Jeremy Allison 		metze: review+
Details
Show Obsolete (7) View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Jeremy Allison 2017-08-31 18:27:35 UTC 
This means we are much slower than we should be on traffic using signing or sealing.
Comment 1 Jeremy Allison 2017-08-31 18:29:05 UTC 
Created attachment 13524 [details]
Original patch from Justin.

I've modified this, but for the record.
Comment 2 Jeremy Allison 2017-08-31 19:49:28 UTC 
Created attachment 13525 [details]
git-am fix for master.

Should back-port cleanly to 4.7.0.
Comment 3 Jeremy Allison 2017-08-31 20:10:22 UTC 
Created attachment 13526 [details]
git-am fix for master

Fix typo in non-AES-ni code path (struct struct doesn't work :-).
Comment 4 Justin Maggard 2017-08-31 22:19:33 UTC 
This wasn't in my original patch, but I think we'll need this or non-x86 platforms:

diff --git a/third_party/aesni-intel/wscript b/third_party/aesni-intel/wscript
index 151892f6889..ee7be031fd0 100644
--- a/third_party/aesni-intel/wscript
+++ b/third_party/aesni-intel/wscript
@@ -5,6 +5,9 @@ def configure(conf):
                conf.DEFINE('HAVE_AESNI_INTEL', 1)
 
 def build(bld):
+    if not bld.CONFIG_SET('HAVE_AESNI_INTEL'):
+        return
+
     bld.SAMBA_LIBRARY('aesni-intel',
                       source='aesni-intel_asm.c',
                       cflags='-Wp,-E,-lang-asm',
Comment 5 Jeremy Allison 2017-08-31 22:26:22 UTC 
Created attachment 13527 [details]
git-am fix for master

Updated patch containing Justin's fix for non-x86 systems.
Comment 6 Jeremy Allison 2017-09-01 19:02:16 UTC 
Created attachment 13528 [details]
git-am fix for master

So this is the version requested by Andreas, based on Metze's patch here:

https://git.samba.org/?p=metze/samba/wip.git;a=commitdiff;h=3759eb23b38c

that calls into libnettle.

Can you check it provides the same effects as directly calling the Intel AESNI instructions ?

Cheers,

Jeremy.
Comment 7 Jeremy Allison 2017-09-01 19:45:35 UTC 
Created attachment 13529 [details]
Slightly improved git-am fix for master

Updated lib/crypto/wscript_configure to check for nettle/memxor.h as well as nettle/aes.h
Comment 8 Jeremy Allison 2017-09-06 00:01:49 UTC 
Created attachment 13549 [details]
git am fix allowing configure-time selectable AES cryto.
Comment 9 Jeremy Allison 2017-09-06 00:03:23 UTC 
Comment on attachment 13549 [details]
git am fix allowing configure-time selectable AES cryto.

Incorrect patch uploaded - sorry.
Comment 10 Jeremy Allison 2017-09-06 00:04:50 UTC 
Created attachment 13550 [details]
git-am fix allowing configure time switch between AES implementations.
Comment 11 Jeremy Allison 2017-09-06 20:28:11 UTC 
Created attachment 13552 [details]
Latest version submitted to master.
Comment 12 Justin Maggard 2017-09-06 22:59:41 UTC 
Comment on attachment 13552 [details]
Latest version submitted to master.

I ran a couple quick tests and it's working well. I don't see a place to add a + to the review, but LGTM.
Comment 13 Jeremy Allison 2017-09-07 17:23:28 UTC 
Created attachment 13557 [details]
git-am cherry-pick from master.

I think we should only back-port this to 4.7.
Comment 14 Karolin Seeger 2017-09-10 13:36:59 UTC 
(In reply to Jeremy Allison from comment #13)
Pushed to autobuild-v4-7-test.
Comment 15 Karolin Seeger 2017-09-11 16:15:48 UTC 
Pushed to v4-7-test.
Closing out bug report.

Thanks!
Comment 16 Björn Jacke 2017-09-21 07:24:52 UTC 
*** Bug 11286 has been marked as a duplicate of this bug. ***
Comment 17 Björn Jacke 2017-09-21 07:32:10 UTC 
AFAIK the AES-NI instructions are also supported in 32-bit mode of the CPUs (I know 32bit is quite old-fashioned these days :). Is the aes-ni code 64bit specific or could we allow the same also for i?68 architecture systems maybe?
Comment 18 Jeremy Allison 2017-09-21 16:06:46 UTC 
(In reply to Björn Jacke from comment #17)

I don't have an x86 32-bit test environment, so someone with access to that will need to test if it can work.