SMB3 encryption performance

Michael Ledford michael at ledford.cc
Sat Feb 14 13:41:46 MST 2015


On Sat, Feb 14, 2015 at 5:48 AM, Volker Lendecke
<Volker.Lendecke at sernet.de> wrote:
>
> On Fri, Feb 13, 2015 at 10:29:27PM -0500, Michael Ledford wrote:
> > I've been investigating the performance of using a SMB3 encrypted
> > connection. Given the performance vs non-encrypted connections it seems
> > that encryption isn't being offloaded to CPU supported AES-NI. I found a
> > list message that indicates that AES encryption is performed by GSSAPI and
> > states that it should be up to the system libraries to provide support. <
> > https://lists.samba.org/archive/samba-technical/2013-May/092081.html>
> > However, giving a terse look at the source it appears that AES functions
> > are provided.
>
> That's correct, right now we don't use any hardware assisted
> AES. We do need this as a fallback for CPUs that don't have
> the instructions, but we did not yet get around to code the
> CPU specific pieces.
>
> My preferred way would be to do this via some kind of
> library. As Simo just pointed out, there's a ton of crypto
> libraries around, and I don't have a clue which one to
> choose.
>
> Any opinions?

There are a few libraries that can provide CPU optimization for AES.
Here are a few which might fit.

If you are looking for a C based library then libgcrypt
<http://www.gnu.org/software/libgcrypt/> might be a good choice.

If you don't mind C++ then either Botan <http://botan.randombit.net>
or Crypto++ <http://www.cryptopp.com/> might be a good choice.

Cheers,
Michael


More information about the samba-technical mailing list