[PATCH] Use Intel AES instruction set if it exists - v3

Andreas Schneider asn at samba.org
Wed Sep 6 11:35:54 UTC 2017 

On Tuesday, 5 September 2017 23:08:45 CEST Jeremy Allison via samba-technical 
wrote:
> Hi all,
> 
> Off-list Justin @ Netgear has been doing
> some performance measurements between native
> Samba AES, the libnettle crypto library and
> Intel AES instructions.
> 
> Whilst doing that he discovered that on Debian 9,
> and Ubuntu 17.04 and before, libnettle has been
> built without AES instruction support and is thus
> much *slower* than our native crypto. On Fedora
> and SuSE it's correctly built and so provides better
> performance, although the native Intel AES code is
> still the fastest.
> 
> I don't have permission to publish his absolute numbers,
> but have a work-around here of publishing comparative
> results (hope that's OK Justin, but it's easier to
> ask for forgiveness than wait for permission:-).
> Consider native Samba as performance 1.000. We have:
> 
> Native Samba AES code:			1.000
> Intel AES code:				2.386
> libnettle --enable-fat (Fedora|SuSE):	1.704
> libnettle (Debian|Ubuntu):		0.818
> 
> As you can see, Intel AES code gives a significant
> advantage.
> 
> Given that, after discussions offline with Andreas
> (who has to support FIPS certification for Fedora)
> and Metze, here is a patchset that allows configure
> time selection of AES crypto.
> 
> --accel-aes=none (default - use Samba native crypto)
> 
> --accel-aes=nettle|libnettle (Use libnettle)
> 
> --accel-aes=intelaesni (Use third_party code)
> 
> Part of this is a WHATSNEW that specifies that
> the --accel-aes=intelaesni and supporting code
> is a temporary fix and WILL be removed from Samba
> once libnettle reaches performance parity.
> 
> Andreas, let me know if this meets your requirements.

I've talked to Nikos. GnuTLS uses the AES-NI assembler code from OpenSSL and 
it is much much faster than what libnettle offers:

Benchmark with libnettle:
GNUTLS_CPUID_OVERRIDE=1 gnutls-cli --benchmark-ciphers

Benchmark with GnuTLS AES-NI:
gnutls-cli --benchmark-ciphers

Since GnuTLS 3.4 (we require 3.4.7 right now) there are new AEAD cipher 
functions. Maybe this is going into the direction metze wants to have, see

https://www.gnutls.org/manual/html_node/Symmetric-algorithms.html


Jeremy, just push the Intel AES-NI. I think we should use the GnuTLS for this 
which will be faster then what nettle offeres right now. Also distributions 
have probably the GnuTLS version we require and with AES-NI support.



	Andreas

-- 
Andreas Schneider                   GPG-ID: CC014E3D
Samba Team                             asn at samba.org
www.samba.org

More information about the samba-technical mailing list