[PATCH] Use Intel AES instruction set if it exists.

Jeremy Allison jra at samba.org
Fri Sep 1 16:11:40 UTC 2017 

On Fri, Sep 01, 2017 at 12:30:08PM +0200, Stefan Metzmacher wrote:
> 
> There's also some work in progress here:
> https://git.samba.org/?p=metze/samba/wip.git;a=shortlog;h=refs/heads/master3-smb-crypto
> 
> https://git.samba.org/?p=metze/samba/wip.git;a=commitdiff;h=3759eb23b38c
> makes use of libnettle.
> 
> But is only replaces the low level aes and xor functions.
> 
> But what we really need are APIs like this (our current one):
> 
> void aes_gcm_128_init(struct aes_gcm_128_context *ctx,
>                       const uint8_t K[AES_BLOCK_SIZE],
>                       const uint8_t IV[AES_GCM_128_IV_SIZE]);
> void aes_gcm_128_updateA(struct aes_gcm_128_context *ctx,
>                          const uint8_t *a, size_t a_len);
> void aes_gcm_128_updateC(struct aes_gcm_128_context *ctx,
>                          const uint8_t *c, size_t c_len);
> void aes_gcm_128_crypt(struct aes_gcm_128_context *ctx,
>                        uint8_t *m, size_t m_len);
> void aes_gcm_128_digest(struct aes_gcm_128_context *ctx,
>                         uint8_t T[AES_BLOCK_SIZE]);
> 
> Or maybe even better:
> 
> void aes_gcm_128_init(struct aes_gcm_128_context *ctx,
>                       const uint8_t K[AES_BLOCK_SIZE],
>                       const uint8_t IV[AES_GCM_128_IV_SIZE]);
> void aes_gcm_128_update(struct aes_gcm_128_context *ctx,
>                         const struct iovec *a_iov, size_t a_iov_count,
>                         struct iovec *m, size_t m_iov_count,
> 			bool forward);
> void aes_gcm_128_digest(struct aes_gcm_128_context *ctx,
>                         uint8_t T[AES_BLOCK_SIZE]);
> 
> and give it a chance to be completely optimized by the hardware,
> by doing parallel encryption, but still allow it to be passed
> in chunks.
> 
> https://git.samba.org/?p=metze/samba/wip.git;a=commitdiff;h=1f83cbefd1b
> gives the best performance with aes_gcm_128 using openssl as
> it does almost everything with hardware instructions.
> 
> If I remember correctly aes_block_rshift and aes_block_shift consumed
> the most cycles.
> 
> If we would rely an a crypto library, we'll have to extent that ourself
> first and then live with a third_party copy for quite some time.

Andreas and Andrew - PLEASE READ THE ABOVE..

"we'll have to extent that ourself first and then
live with a third_party copy for quite some time."

On what planet is that not VENDING OUR OWN crypto ?????

So right now I see you NAK'ing working code
that gives immediate performance improvements that
is being used by a vendor because it's vending our
own crypto, in favour of a plan that involves
vending our own crypto.

Please explain your logic here.

Jeremy.

More information about the samba-technical mailing list