[Samba] AES-GCM with AES-NI

Scott Rosenberg scott.rosenberg at relativity.com
Fri Sep 21 15:34:25 UTC 2018

This is in regards to:


Would it be possible to find out the current state of AES-GCM mode for file shares?

Outside of Samba, CCM  is typically slower and considered inferior to GCM

I apologize for formatting issues, I typically don’t use email lists.
In /source3/smbd/smb2_negprot.c lines 494 to 502

    * For now we preferr CCM because our implementation

    * is faster than GCM, see bug #11451.


if (aes_128_ccm_supported) {

    xconn->smb2.server.cipher = SMB2_ENCRYPTION_AES128_CCM;

} else if (aes_128_gcm_supported) {

    xconn->smb2.server.cipher = SMB2_ENCRYPTION_AES128_GCM;

This implies that GCM is not used unless as a fallback. The bug is titled

Poor SMB3 encryption performance with AES-GCM

This implies the bug is with software implementation of GCM.
The “patch” appears to simply bypass the usage of AES-GCM, instead of fixing it.

The implementation of GCM hasn’t changed in 3 years, though AES-NI has since been enabled.

This leads to a few questions:

Am I misunderstanding something about GCM being dis-preferred even with AES-NI available?
Is the implementation of AES-GCM still inferior when AES-NI is enabled, which was which bugtracker 13008<https://bugzilla.samba.org/show_bug.cgi?id=13008> enabled?

Are there plans to enable AES-GCM functionality?

My company crypto policy bans the prioritization of anything cbc mode over gcm mode, so this is a compliance issue for me.

More information about the samba mailing list