diff mbox series

[SMB3.1.1] Faster crypto (GCM) for Linux kernel SMB3.1.1 mounts

Message ID CAH2r5mvA3t2Nm4F=LuBwHkN+E19pHuiLaSv0JV9SMNYvZrxAiQ@mail.gmail.com (mailing list archive)
State New, archived
Headers show
Series [SMB3.1.1] Faster crypto (GCM) for Linux kernel SMB3.1.1 mounts | expand

Commit Message

Steve French June 7, 2019, 8:23 p.m. UTC
I am seeing more than double the performance of copy to Samba on
encrypted mount with this two patch set, and 80%+ faster on copy from
Samba server (when running Ralph's GCM capable experimental branch of
Samba)

Patches to update the kernel client (cifs.ko) attached:

Comments

ronnie sahlberg June 7, 2019, 9:24 p.m. UTC | #1
First patch, fix the comment :
+ pneg_ctxt->DataLength = cpu_to_le16(6); /* Cipher Count + le16 cipher */
to
+ pneg_ctxt->DataLength = cpu_to_le16(6); /* Cipher Count + 2 * le16 cipher */

You can add a Reviewed-by me.
Very nice!

On Sat, Jun 8, 2019 at 6:24 AM Steve French via samba-technical
<samba-technical@lists.samba.org> wrote:
>
> I am seeing more than double the performance of copy to Samba on
> encrypted mount with this two patch set, and 80%+ faster on copy from
> Samba server (when running Ralph's GCM capable experimental branch of
> Samba)
>
> Patches to update the kernel client (cifs.ko) attached:
>
> --
> Thanks,
>
> Steve
Steve French June 8, 2019, 8:38 a.m. UTC | #2
updated and repushed to cifs-2.6.git for-next

On Fri, Jun 7, 2019 at 4:24 PM ronnie sahlberg <ronniesahlberg@gmail.com> wrote:
>
> First patch, fix the comment :
> + pneg_ctxt->DataLength = cpu_to_le16(6); /* Cipher Count + le16 cipher */
> to
> + pneg_ctxt->DataLength = cpu_to_le16(6); /* Cipher Count + 2 * le16 cipher */
>
> You can add a Reviewed-by me.
> Very nice!
>
> On Sat, Jun 8, 2019 at 6:24 AM Steve French via samba-technical
> <samba-technical@lists.samba.org> wrote:
> >
> > I am seeing more than double the performance of copy to Samba on
> > encrypted mount with this two patch set, and 80%+ faster on copy from
> > Samba server (when running Ralph's GCM capable experimental branch of
> > Samba)
> >
> > Patches to update the kernel client (cifs.ko) attached:
> >
> > --
> > Thanks,
> >
> > Steve
Andreas Schneider June 10, 2019, 2:56 p.m. UTC | #3
On Friday, 7 June 2019 22:23:30 CEST Steve French via samba-technical wrote:
> I am seeing more than double the performance of copy to Samba on
> encrypted mount with this two patch set, and 80%+ faster on copy from
> Samba server (when running Ralph's GCM capable experimental branch of
> Samba)

I'm sorry but I have to disappoint you, my name is Andreas and not Ralph ;-)
Pavel Shilovsky June 10, 2019, 7:19 p.m. UTC | #4
пт, 7 июн. 2019 г. в 13:23, Steve French via samba-technical
<samba-technical@lists.samba.org>:
>
> I am seeing more than double the performance of copy to Samba on
> encrypted mount with this two patch set, and 80%+ faster on copy from
> Samba server (when running Ralph's GCM capable experimental branch of
> Samba)
>
> Patches to update the kernel client (cifs.ko) attached:
>
> --
> Thanks,
>
> Steve


--- a/fs/cifs/smb2ops.c
+++ b/fs/cifs/smb2ops.c
@@ -3324,7 +3324,7 @@ smb2_dir_needs_close(struct cifsFileInfo *cfile)

 static void
 fill_transform_hdr(struct smb2_transform_hdr *tr_hdr, unsigned int orig_len,
-                  struct smb_rqst *old_rq)
+                  struct smb_rqst *old_rq, struct TCP_Server_Info *server)
 {
        struct smb2_sync_hdr *shdr =
                        (struct smb2_sync_hdr *)old_rq->rq_iov[0].iov_base;
@@ -3333,7 +3333,10 @@ fill_transform_hdr(struct smb2_transform_hdr
*tr_hdr, unsigned int orig_len,
        tr_hdr->ProtocolId = SMB2_TRANSFORM_PROTO_NUM;
        tr_hdr->OriginalMessageSize = cpu_to_le32(orig_len);
        tr_hdr->Flags = cpu_to_le16(0x01);
-       get_random_bytes(&tr_hdr->Nonce, SMB3_AES128CCM_NONCE);
+       if (server->cipher_type == SMB2_ENCRYPTION_AES128_GCM)

We only use server->cipher_type here and below. Let's pass just this
integer instead of whole server pointer to fill_transform_hdr then

+               get_random_bytes(&tr_hdr->Nonce, SMB3_AES128GCM_NONCE);
+       else
+               get_random_bytes(&tr_hdr->Nonce, SMB3_AES128CCM_NONCE);
        memcpy(&tr_hdr->SessionId, &shdr->SessionId, 8);
 }

@@ -3491,8 +3494,13 @@ crypt_message(struct TCP_Server_Info *server,
int num_rqst,
                rc = -ENOMEM;
                goto free_sg;
        }
-       iv[0] = 3;
-       memcpy(iv + 1, (char *)tr_hdr->Nonce, SMB3_AES128CCM_NONCE);
+
+       if (server->cipher_type == SMB2_ENCRYPTION_AES128_GCM)
+               memcpy(iv, (char *)tr_hdr->Nonce, SMB3_AES128GCM_NONCE);
+       else {
+               iv[0] = 3;
+               memcpy(iv + 1, (char *)tr_hdr->Nonce, SMB3_AES128CCM_NONCE);
+       }

        aead_request_set_crypt(req, sg, sg, crypt_len, iv);
        aead_request_set_ad(req, assoc_data_len);

Other than the note above looks good.

--
Best regards,
Pavel Shilovskiy
Steve French June 10, 2019, 10:34 p.m. UTC | #5
Updated the patch with Pavel's suggestion and added reviewed by and
repushed to cifs-2.6.git for-next.

On Mon, Jun 10, 2019 at 2:19 PM Pavel Shilovsky
<pavel.shilovsky@gmail.com> wrote:
>
> пт, 7 июн. 2019 г. в 13:23, Steve French via samba-technical
> <samba-technical@lists.samba.org>:
> >
> > I am seeing more than double the performance of copy to Samba on
> > encrypted mount with this two patch set, and 80%+ faster on copy from
> > Samba server (when running Ralph's GCM capable experimental branch of
> > Samba)
> >
> > Patches to update the kernel client (cifs.ko) attached:
> >
> > --
> > Thanks,
> >
> > Steve
>
>
> --- a/fs/cifs/smb2ops.c
> +++ b/fs/cifs/smb2ops.c
> @@ -3324,7 +3324,7 @@ smb2_dir_needs_close(struct cifsFileInfo *cfile)
>
>  static void
>  fill_transform_hdr(struct smb2_transform_hdr *tr_hdr, unsigned int orig_len,
> -                  struct smb_rqst *old_rq)
> +                  struct smb_rqst *old_rq, struct TCP_Server_Info *server)
>  {
>         struct smb2_sync_hdr *shdr =
>                         (struct smb2_sync_hdr *)old_rq->rq_iov[0].iov_base;
> @@ -3333,7 +3333,10 @@ fill_transform_hdr(struct smb2_transform_hdr
> *tr_hdr, unsigned int orig_len,
>         tr_hdr->ProtocolId = SMB2_TRANSFORM_PROTO_NUM;
>         tr_hdr->OriginalMessageSize = cpu_to_le32(orig_len);
>         tr_hdr->Flags = cpu_to_le16(0x01);
> -       get_random_bytes(&tr_hdr->Nonce, SMB3_AES128CCM_NONCE);
> +       if (server->cipher_type == SMB2_ENCRYPTION_AES128_GCM)
>
> We only use server->cipher_type here and below. Let's pass just this
> integer instead of whole server pointer to fill_transform_hdr then
>
> +               get_random_bytes(&tr_hdr->Nonce, SMB3_AES128GCM_NONCE);
> +       else
> +               get_random_bytes(&tr_hdr->Nonce, SMB3_AES128CCM_NONCE);
>         memcpy(&tr_hdr->SessionId, &shdr->SessionId, 8);
>  }
>
> @@ -3491,8 +3494,13 @@ crypt_message(struct TCP_Server_Info *server,
> int num_rqst,
>                 rc = -ENOMEM;
>                 goto free_sg;
>         }
> -       iv[0] = 3;
> -       memcpy(iv + 1, (char *)tr_hdr->Nonce, SMB3_AES128CCM_NONCE);
> +
> +       if (server->cipher_type == SMB2_ENCRYPTION_AES128_GCM)
> +               memcpy(iv, (char *)tr_hdr->Nonce, SMB3_AES128GCM_NONCE);
> +       else {
> +               iv[0] = 3;
> +               memcpy(iv + 1, (char *)tr_hdr->Nonce, SMB3_AES128CCM_NONCE);
> +       }
>
>         aead_request_set_crypt(req, sg, sg, crypt_len, iv);
>         aead_request_set_ad(req, assoc_data_len);
>
> Other than the note above looks good.
>
> --
> Best regards,
> Pavel Shilovskiy
Pavel Shilovsky June 11, 2019, 12:41 a.m. UTC | #6
пн, 10 июн. 2019 г. в 15:34, Steve French <smfrench@gmail.com>:
>
> Updated the patch with Pavel's suggestion and added reviewed by and
> repushed to cifs-2.6.git for-next.
>

Looks good. Thanks!

Best regards,
Pavel Shilovskiy
diff mbox series

Patch

From 1dc851a452ebbc191b750fee8fb41da45d9b20fb Mon Sep 17 00:00:00 2001
From: Steve French <stfrench@microsoft.com>
Date: Fri, 7 Jun 2019 15:16:10 -0500
Subject: [PATCH 2/2] [SMB3] Add SMB3.1.1 GCM crypto to the encrypt and decrypt
 functions

SMB3.1.1 GCM performs much better than the older CCM default:
more than twice as fast in the write patch (copy to the Samba
server on localhost for example) and 80% faster on the read
patch (copy from the server).

Signed-off-by: Steve French <stfrench@microsoft.com>
---
 fs/cifs/smb2ops.c       | 18 +++++++++++++-----
 fs/cifs/smb2transport.c | 10 ++++++++--
 2 files changed, 21 insertions(+), 7 deletions(-)

diff --git a/fs/cifs/smb2ops.c b/fs/cifs/smb2ops.c
index 7fa95929c8fc..a8e28b955c69 100644
--- a/fs/cifs/smb2ops.c
+++ b/fs/cifs/smb2ops.c
@@ -3324,7 +3324,7 @@  smb2_dir_needs_close(struct cifsFileInfo *cfile)
 
 static void
 fill_transform_hdr(struct smb2_transform_hdr *tr_hdr, unsigned int orig_len,
-		   struct smb_rqst *old_rq)
+		   struct smb_rqst *old_rq, struct TCP_Server_Info *server)
 {
 	struct smb2_sync_hdr *shdr =
 			(struct smb2_sync_hdr *)old_rq->rq_iov[0].iov_base;
@@ -3333,7 +3333,10 @@  fill_transform_hdr(struct smb2_transform_hdr *tr_hdr, unsigned int orig_len,
 	tr_hdr->ProtocolId = SMB2_TRANSFORM_PROTO_NUM;
 	tr_hdr->OriginalMessageSize = cpu_to_le32(orig_len);
 	tr_hdr->Flags = cpu_to_le16(0x01);
-	get_random_bytes(&tr_hdr->Nonce, SMB3_AES128CCM_NONCE);
+	if (server->cipher_type == SMB2_ENCRYPTION_AES128_GCM)
+		get_random_bytes(&tr_hdr->Nonce, SMB3_AES128GCM_NONCE);
+	else
+		get_random_bytes(&tr_hdr->Nonce, SMB3_AES128CCM_NONCE);
 	memcpy(&tr_hdr->SessionId, &shdr->SessionId, 8);
 }
 
@@ -3491,8 +3494,13 @@  crypt_message(struct TCP_Server_Info *server, int num_rqst,
 		rc = -ENOMEM;
 		goto free_sg;
 	}
-	iv[0] = 3;
-	memcpy(iv + 1, (char *)tr_hdr->Nonce, SMB3_AES128CCM_NONCE);
+
+	if (server->cipher_type == SMB2_ENCRYPTION_AES128_GCM)
+		memcpy(iv, (char *)tr_hdr->Nonce, SMB3_AES128GCM_NONCE);
+	else {
+		iv[0] = 3;
+		memcpy(iv + 1, (char *)tr_hdr->Nonce, SMB3_AES128CCM_NONCE);
+	}
 
 	aead_request_set_crypt(req, sg, sg, crypt_len, iv);
 	aead_request_set_ad(req, assoc_data_len);
@@ -3592,7 +3600,7 @@  smb3_init_transform_rq(struct TCP_Server_Info *server, int num_rqst,
 	}
 
 	/* fill the 1st iov with a transform header */
-	fill_transform_hdr(tr_hdr, orig_len, old_rq);
+	fill_transform_hdr(tr_hdr, orig_len, old_rq, server);
 
 	rc = crypt_message(server, num_rqst, new_rq, 1);
 	cifs_dbg(FYI, "Encrypt message returned %d\n", rc);
diff --git a/fs/cifs/smb2transport.c b/fs/cifs/smb2transport.c
index d1181572758b..1ccbcf9c2c3b 100644
--- a/fs/cifs/smb2transport.c
+++ b/fs/cifs/smb2transport.c
@@ -734,7 +734,10 @@  smb3_crypto_aead_allocate(struct TCP_Server_Info *server)
 	struct crypto_aead *tfm;
 
 	if (!server->secmech.ccmaesencrypt) {
-		tfm = crypto_alloc_aead("ccm(aes)", 0, 0);
+		if (server->cipher_type == SMB2_ENCRYPTION_AES128_GCM)
+			tfm = crypto_alloc_aead("gcm(aes)", 0, 0);
+		else
+			tfm = crypto_alloc_aead("ccm(aes)", 0, 0);
 		if (IS_ERR(tfm)) {
 			cifs_dbg(VFS, "%s: Failed to alloc encrypt aead\n",
 				 __func__);
@@ -744,7 +747,10 @@  smb3_crypto_aead_allocate(struct TCP_Server_Info *server)
 	}
 
 	if (!server->secmech.ccmaesdecrypt) {
-		tfm = crypto_alloc_aead("ccm(aes)", 0, 0);
+		if (server->cipher_type == SMB2_ENCRYPTION_AES128_GCM)
+			tfm = crypto_alloc_aead("gcm(aes)", 0, 0);
+		else
+			tfm = crypto_alloc_aead("ccm(aes)", 0, 0);
 		if (IS_ERR(tfm)) {
 			crypto_free_aead(server->secmech.ccmaesencrypt);
 			server->secmech.ccmaesencrypt = NULL;
-- 
2.20.1