AES crypto performance improvements
Jeremy Allison
jra at samba.org
Wed Aug 26 21:44:02 UTC 2015
On Mon, Aug 17, 2015 at 10:51:49PM +0200, Stefan Metzmacher wrote:
> Am 14.08.2015 um 15:28 schrieb Stefan Metzmacher:
> > Am 13.08.2015 um 23:22 schrieb Stefan Metzmacher:
> >> Hi,
> >>
> >> while debugging poor performance of our SMB3 crypto
> >> I developed the following performance improvements.
> >>
> >> The aes_block_xor() improved by a factor of ~10.
> >> The aes_block_[r|l]shift() functions improved by 25%.
> >>
> >> Please review and push.
> >>
> >> The real solution will be to use hardware support,
> >> I've extended the work from Simo in the following branch
> >> https://git.samba.org/?p=metze/samba/wip.git;a=shortlog;h=refs/heads/master3-smb-crypto
> >> (ignore the unrelated and directly reverted commits on top)
> >>
> >> But I'm not that happy with the abstraction yet.
> >
> > There's a regression in the aes_ccm_128 optimization because that doesn't
> > have test cases... I'm working on it.
>
> Here's an updated patchset, please review and push.
OK, just FYI this patchset breaks SMB3 transport
level encryption somehow.
Just do:
smbclient //localhost/tmp -UUSER%PASS -mSMB3 -e
and you'll find the client terminates the
connection on finding a bad signature after
decryption inside smb2_signing_decrypt_pdu() here:
sig_ptr = tf + SMB2_TF_SIGNATURE;
if (memcmp(sig_ptr, sig, 16) != 0) {
return NT_STATUS_ACCESS_DENIED;
}
Interestingly enough the first encrypted
request/response pair is fine, it's the
response to the second SMB3 request that
fails.
I'm still trying to track this down but
thought I'd dump what I found out on you
to try and help you track down the issue
quicker.
Cheers,
Jeremy.
More information about the samba-technical
mailing list