SMB3 encryption performance

Andrew Bartlett abartlet at samba.org
Wed Feb 18 00:47:04 MST 2015 

On Wed, 2015-02-18 at 20:42 +1300, Andrew Bartlett wrote:
> On Wed, 2015-02-18 at 08:21 +0100, Andreas Schneider wrote:
> > On Wednesday 18 February 2015 10:42:39 Andrew Bartlett wrote:
> > > On Tue, 2015-02-17 at 16:01 +0100, Andreas Schneider wrote:
> > > > On Sunday 15 February 2015 11:25:16 Volker Lendecke wrote:
> > > > > On Sat, Feb 14, 2015 at 03:41:46PM -0500, Michael Ledford wrote:
> > > > > > There are a few libraries that can provide CPU optimization for AES.
> > > > > > Here are a few which might fit.
> > > > > > 
> > > > > > If you are looking for a C based library then libgcrypt
> > > > > > <http://www.gnu.org/software/libgcrypt/> might be a good choice.
> > > > > 
> > > > > Thanks. I've already found libgcrypt, it seems to be part of
> > > > > the gpg suite. The question I have is broader: libcrypt,
> > > > > mozilla nss, probably some Kerberos base libs,
> > > > > open/libressl/, etc all offer AES. What do we want to put
> > > > > development effort on? Not so much a question to you,
> > > > > Michael, but rather more to the broader audience here, in
> > > > > particular for example Simo, Andrew and others involved with
> > > > > crypto.
> > > > 
> > > > Forget libgcrypt, it is one of the most horrible APIs out there. It is
> > > > simply a pain for every programmer. We have libgcrypt in libssh and I
> > > > want to get rid of it.
> > > > 
> > > > If you prefer something which is LGPL, then use nettle [1]. GnuTLS
> > > > switched
> > > > from libgcrypt to libnettle ...
> > > 
> > > According to GnuTLS, nettle doesn't have the hardware acceleration,
> > > sadly, which is why that is rather oddly in the GnuTLS layer.
> > 
> > https://git.lysator.liu.se/nettle/nettle/tree/master/x86_64/aesni
> 
> Great!  Can you take the patch I posted earlier (sadly it doesn't seem
> to have got into master, presumably another flapping autobuild), 

(sorry, it is in, just missed it under the other patches). 

> and
> then follow up with confirmation what ciphers are supported, and which
> are hardware accelerated in nettle and any other libs you know well?
> 
> Thanks,
> 
> Andrew Bartlett
> 

-- 
Andrew Bartlett                       http://samba.org/~abartlet/
Authentication Developer, Samba Team  http://samba.org
Samba Developer, Catalyst IT          http://catalyst.net.nz/services/samba

More information about the samba-technical mailing list