[SMB3.1.1] Faster crypto (GCM) for Linux kernel SMB3.1.1 mounts

Steve French smfrench at gmail.com
Mon Jun 10 22:34:09 UTC 2019


Updated the patch with Pavel's suggestion and added reviewed by and
repushed to cifs-2.6.git for-next.

On Mon, Jun 10, 2019 at 2:19 PM Pavel Shilovsky
<pavel.shilovsky at gmail.com> wrote:
>
> пт, 7 июн. 2019 г. в 13:23, Steve French via samba-technical
> <samba-technical at lists.samba.org>:
> >
> > I am seeing more than double the performance of copy to Samba on
> > encrypted mount with this two patch set, and 80%+ faster on copy from
> > Samba server (when running Ralph's GCM capable experimental branch of
> > Samba)
> >
> > Patches to update the kernel client (cifs.ko) attached:
> >
> > --
> > Thanks,
> >
> > Steve
>
>
> --- a/fs/cifs/smb2ops.c
> +++ b/fs/cifs/smb2ops.c
> @@ -3324,7 +3324,7 @@ smb2_dir_needs_close(struct cifsFileInfo *cfile)
>
>  static void
>  fill_transform_hdr(struct smb2_transform_hdr *tr_hdr, unsigned int orig_len,
> -                  struct smb_rqst *old_rq)
> +                  struct smb_rqst *old_rq, struct TCP_Server_Info *server)
>  {
>         struct smb2_sync_hdr *shdr =
>                         (struct smb2_sync_hdr *)old_rq->rq_iov[0].iov_base;
> @@ -3333,7 +3333,10 @@ fill_transform_hdr(struct smb2_transform_hdr
> *tr_hdr, unsigned int orig_len,
>         tr_hdr->ProtocolId = SMB2_TRANSFORM_PROTO_NUM;
>         tr_hdr->OriginalMessageSize = cpu_to_le32(orig_len);
>         tr_hdr->Flags = cpu_to_le16(0x01);
> -       get_random_bytes(&tr_hdr->Nonce, SMB3_AES128CCM_NONCE);
> +       if (server->cipher_type == SMB2_ENCRYPTION_AES128_GCM)
>
> We only use server->cipher_type here and below. Let's pass just this
> integer instead of whole server pointer to fill_transform_hdr then
>
> +               get_random_bytes(&tr_hdr->Nonce, SMB3_AES128GCM_NONCE);
> +       else
> +               get_random_bytes(&tr_hdr->Nonce, SMB3_AES128CCM_NONCE);
>         memcpy(&tr_hdr->SessionId, &shdr->SessionId, 8);
>  }
>
> @@ -3491,8 +3494,13 @@ crypt_message(struct TCP_Server_Info *server,
> int num_rqst,
>                 rc = -ENOMEM;
>                 goto free_sg;
>         }
> -       iv[0] = 3;
> -       memcpy(iv + 1, (char *)tr_hdr->Nonce, SMB3_AES128CCM_NONCE);
> +
> +       if (server->cipher_type == SMB2_ENCRYPTION_AES128_GCM)
> +               memcpy(iv, (char *)tr_hdr->Nonce, SMB3_AES128GCM_NONCE);
> +       else {
> +               iv[0] = 3;
> +               memcpy(iv + 1, (char *)tr_hdr->Nonce, SMB3_AES128CCM_NONCE);
> +       }
>
>         aead_request_set_crypt(req, sg, sg, crypt_len, iv);
>         aead_request_set_ad(req, assoc_data_len);
>
> Other than the note above looks good.
>
> --
> Best regards,
> Pavel Shilovskiy



-- 
Thanks,

Steve
-------------- next part --------------
A non-text attachment was scrubbed...
Name: 0006-Add-SMB3.1.1-GCM-crypto-to-the-encrypt-and-decrypt-f.patch
Type: text/x-patch
Size: 3707 bytes
Desc: not available
URL: <http://lists.samba.org/pipermail/samba-technical/attachments/20190610/2ee6c5d1/0006-Add-SMB3.1.1-GCM-crypto-to-the-encrypt-and-decrypt-f.bin>


More information about the samba-technical mailing list