A bit of benchmarking ...
Jeremy Allison
jra at samba.org
Sat Mar 2 16:54:51 UTC 2019
On Sat, Mar 02, 2019 at 10:32:28AM +0100, Andreas Schneider wrote:
> On Friday, 1 March 2019 22:56:31 CET Jeremy Allison wrote:
> > On Fri, Mar 01, 2019 at 08:34:59PM +0100, Stefan Metzmacher wrote:
> > > >>> It would be wonderful to move from any home-grown
> > > >>> crypto to GnuTLS for everything !
> > > >>
> > > >> I've tested AES-GCM with Samba Crypto (Intel AES NI) and GnuTLS.
> > > >>
> > > >> TL;DR
> > > >>
> > > >> Samba Crypto (Intel AES NI): 10 min
> > > >> GnuTLS: 12 sec
> > > >>
> > > >> https://hackmd.io/s/S1bJnG4IN
> > > >
> > > > Wow, that is a .. significant change. Any ideas
> > > > on why the difference is so great ?
> > >
> > > Doing xor and lshift/rshift operations in C is what kills us (even when
> > > using aesni).
> >
> > Thanks for the info Metze, much appreciated !
>
> GnuTLS has several optimized versions of AES GCM implementation, depending on
> what features the CPU provides like AES NI, SSE3 and AVX.
>
> I've requested a better API for AEAD ciphers (CCM and GCM) so we can get rid
> for that allocations and memcpy().
>
> https://gitlab.com/gnutls/gnutls/issues/718
>
> I've opened a RHEL bug too. This way we might get some resources to implement
> in the next month.
>
> Currently I have some issues with AES128 CFB8. Not sure if there is a bug in
> the nettle implementation or in GnuTLS or I have to do something special.
Thanks so much for driving this forward.
Cross-collaboration like this is essential to
keeping us relevent !
Cheers Andreas,
Jeremy.
More information about the samba-technical
mailing list