SMB3 encryption performance

Andrew Bartlett abartlet at samba.org
Wed Feb 18 00:42:30 MST 2015


On Wed, 2015-02-18 at 08:21 +0100, Andreas Schneider wrote:
> On Wednesday 18 February 2015 10:42:39 Andrew Bartlett wrote:
> > On Tue, 2015-02-17 at 16:01 +0100, Andreas Schneider wrote:
> > > On Sunday 15 February 2015 11:25:16 Volker Lendecke wrote:
> > > > On Sat, Feb 14, 2015 at 03:41:46PM -0500, Michael Ledford wrote:
> > > > > There are a few libraries that can provide CPU optimization for AES.
> > > > > Here are a few which might fit.
> > > > > 
> > > > > If you are looking for a C based library then libgcrypt
> > > > > <http://www.gnu.org/software/libgcrypt/> might be a good choice.
> > > > 
> > > > Thanks. I've already found libgcrypt, it seems to be part of
> > > > the gpg suite. The question I have is broader: libcrypt,
> > > > mozilla nss, probably some Kerberos base libs,
> > > > open/libressl/, etc all offer AES. What do we want to put
> > > > development effort on? Not so much a question to you,
> > > > Michael, but rather more to the broader audience here, in
> > > > particular for example Simo, Andrew and others involved with
> > > > crypto.
> > > 
> > > Forget libgcrypt, it is one of the most horrible APIs out there. It is
> > > simply a pain for every programmer. We have libgcrypt in libssh and I
> > > want to get rid of it.
> > > 
> > > If you prefer something which is LGPL, then use nettle [1]. GnuTLS
> > > switched
> > > from libgcrypt to libnettle ...
> > 
> > According to GnuTLS, nettle doesn't have the hardware acceleration,
> > sadly, which is why that is rather oddly in the GnuTLS layer.
> 
> https://git.lysator.liu.se/nettle/nettle/tree/master/x86_64/aesni

Great!  Can you take the patch I posted earlier (sadly it doesn't seem
to have got into master, presumably another flapping autobuild), and
then follow up with confirmation what ciphers are supported, and which
are hardware accelerated in nettle and any other libs you know well?

Thanks,

Andrew Bartlett

-- 
Andrew Bartlett                       http://samba.org/~abartlet/
Authentication Developer, Samba Team  http://samba.org
Samba Developer, Catalyst IT          http://catalyst.net.nz/services/samba




More information about the samba-technical mailing list