[PATCH] Use Intel AES instruction set if it exists.

Jeremy Allison jra at samba.org
Fri Sep 1 17:05:18 UTC 2017


On Fri, Sep 01, 2017 at 07:00:17PM +0200, Andreas Schneider wrote:
> On Friday, 1 September 2017 18:51:04 CEST Jeremy Allison wrote:
> > On Fri, Sep 01, 2017 at 06:45:53PM +0200, Andreas Schneider wrote:
> > > On Friday, 1 September 2017 17:42:37 CEST Jeremy Allison wrote:
> > > > Andreas and Andrew, this is an *OUT OF THE BOX* 2x performance
> > > > improvement
> > > > when using signing and sealing, which is becoming an increasingly
> > > > important
> > > > workload.
> > > > 
> > > > I understand wanting to use clean API's, and am willing to work
> > > > towards that. I have no problems working towards using libnettle.
> > > 
> > > I'm ok if you add it but then start working on moving us in the direction
> > > to libnettle or GnuTLS.
> > 
> > That's fair - I'm willing to do that.
> > 
> > > Günther and I normally have a major pain when Samba adds new crypto in its
> > > source code.
> > 
> > I understand. I won't add this until I've spoken to you in person
> > (or over the phone :-). Will you be at the SNIA SDC Conference next
> > week ? If not let's chat on the phone.
> 
> I wont be at SNIA SDC. I'm going on vacation soon.

OK, let's chat. In the meantime, parsing Metze's cryptic words
of wisdom... :-)

Isn't this:

https://git.samba.org/?p=metze/samba/wip.git;a=commitdiff;h=3759eb23b38c

*exactly* what we're both talking about ?

This replaces the low-level AES functions:

AES_set_encrypt_key()
AES_set_decrypt_key()
AES_encrypt()
AES_decrypt()

with the libnettle calls in pretty much
the same way as the proposed NetGear patchset.

If that libnettle code uses the Intel AES instruction
set directly this patch should produce exactly the
same beenfits as the one I posted....

It doesn't do the sophisticated changes, but
right now all we're taling about is replacing
the low-level calls.

It wouldn't surprise me if metze had already done
99% of the work I've just repeated, and just
hadn't told anyone about it :-).

Jeremy.



More information about the samba-technical mailing list