A bit of benchmarking ...
Steve French
smfrench at gmail.com
Fri Mar 1 14:38:12 UTC 2019
Sounds like I need to do GCM in the client now
On Fri, Mar 1, 2019 at 2:39 AM Andreas Schneider via samba-technical
<samba-technical at lists.samba.org> wrote:
>
> On Thursday, February 28, 2019 5:52:26 PM CET Jeremy Allison wrote:
> > On Wed, Feb 27, 2019 at 03:50:45PM +0100, Andreas Schneider via samba-
> technical wrote:
> > > Hello,
> > >
> > > as you might have noticed from my commits, I'm working on migrating Samba
> > > to GnuTLS. I've already done some work and there is still a lot ahead,
> > > but as I've migrated SMB3 encryption the last days I've did a bit of
> > > benchmarking ...
> > >
> > > https://hackmd.io/s/S1bJnG4IN#
> > >
> > > callgrind output as requested by metze is here:
> > >
> > > https://xor.cryptomilk.org/samba/crypto/
> > >
> > > The numbers for gnutls could be a bit better, I need to malloc buffers and
> > > memcpy vectors into them.
> > >
> > > Lately they added a gnutls_aead_cipher_encryptv() so we could pass in the
> > > vector directly. However they don't work inplace and there is no decryptv
> > > function. So I've opened bugs so we get better APIs.
> > >
> > > https://gitlab.com/gnutls/gnutls/issues/717
> > > https://gitlab.com/gnutls/gnutls/issues/718
> > > https://gitlab.com/gnutls/gnutls/issues/719
> >
> > Oh, this looks really great Andreas - thanks !
> >
> > It would be wonderful to move from any home-grown
> > crypto to GnuTLS for everything !
>
> I've tested AES-GCM with Samba Crypto (Intel AES NI) and GnuTLS.
>
> TL;DR
>
> Samba Crypto (Intel AES NI): 10 min
> GnuTLS: 12 sec
>
> https://hackmd.io/s/S1bJnG4IN
>
> Also AES-GCM is faster than AES-CCM if we use GnuTLS.
>
>
>
> Andreas
>
>
> --
> Andreas Schneider asn at samba.org
> Samba Team www.samba.org
> GPG-ID: 8DFF53E18F2ABC8D8F3C92237EE0FC4DCC014E3D
>
>
>
--
Thanks,
Steve
More information about the samba-technical
mailing list