SMB3 encryption performance
Andrew Bartlett
abartlet at samba.org
Wed Feb 18 00:47:04 MST 2015
On Wed, 2015-02-18 at 20:42 +1300, Andrew Bartlett wrote:
> On Wed, 2015-02-18 at 08:21 +0100, Andreas Schneider wrote:
> > On Wednesday 18 February 2015 10:42:39 Andrew Bartlett wrote:
> > > On Tue, 2015-02-17 at 16:01 +0100, Andreas Schneider wrote:
> > > > On Sunday 15 February 2015 11:25:16 Volker Lendecke wrote:
> > > > > On Sat, Feb 14, 2015 at 03:41:46PM -0500, Michael Ledford wrote:
> > > > > > There are a few libraries that can provide CPU optimization for AES.
> > > > > > Here are a few which might fit.
> > > > > >
> > > > > > If you are looking for a C based library then libgcrypt
> > > > > > <http://www.gnu.org/software/libgcrypt/> might be a good choice.
> > > > >
> > > > > Thanks. I've already found libgcrypt, it seems to be part of
> > > > > the gpg suite. The question I have is broader: libcrypt,
> > > > > mozilla nss, probably some Kerberos base libs,
> > > > > open/libressl/, etc all offer AES. What do we want to put
> > > > > development effort on? Not so much a question to you,
> > > > > Michael, but rather more to the broader audience here, in
> > > > > particular for example Simo, Andrew and others involved with
> > > > > crypto.
> > > >
> > > > Forget libgcrypt, it is one of the most horrible APIs out there. It is
> > > > simply a pain for every programmer. We have libgcrypt in libssh and I
> > > > want to get rid of it.
> > > >
> > > > If you prefer something which is LGPL, then use nettle [1]. GnuTLS
> > > > switched
> > > > from libgcrypt to libnettle ...
> > >
> > > According to GnuTLS, nettle doesn't have the hardware acceleration,
> > > sadly, which is why that is rather oddly in the GnuTLS layer.
> >
> > https://git.lysator.liu.se/nettle/nettle/tree/master/x86_64/aesni
>
> Great! Can you take the patch I posted earlier (sadly it doesn't seem
> to have got into master, presumably another flapping autobuild),
(sorry, it is in, just missed it under the other patches).
> and
> then follow up with confirmation what ciphers are supported, and which
> are hardware accelerated in nettle and any other libs you know well?
>
> Thanks,
>
> Andrew Bartlett
>
--
Andrew Bartlett http://samba.org/~abartlet/
Authentication Developer, Samba Team http://samba.org
Samba Developer, Catalyst IT http://catalyst.net.nz/services/samba
More information about the samba-technical
mailing list