From patchwork Fri Jun 7 20:23:30 2019 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Steve French X-Patchwork-Id: 10982751 Return-Path: Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org [172.30.200.125]) by pdx-korg-patchwork-2.web.codeaurora.org (Postfix) with ESMTP id 75A3492A for ; Fri, 7 Jun 2019 20:23:44 +0000 (UTC) Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 5B50A28A94 for ; Fri, 7 Jun 2019 20:23:44 +0000 (UTC) Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486) id 4EF8128BA6; Fri, 7 Jun 2019 20:23:44 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on pdx-wl-mail.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-8.0 required=2.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,FREEMAIL_FROM,MAILING_LIST_MULTI,RCVD_IN_DNSWL_HI autolearn=ham version=3.3.1 Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 9C16B28A94 for ; Fri, 7 Jun 2019 20:23:43 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1729677AbfFGUXn (ORCPT ); Fri, 7 Jun 2019 16:23:43 -0400 Received: from mail-pl1-f181.google.com ([209.85.214.181]:45623 "EHLO mail-pl1-f181.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1729345AbfFGUXn (ORCPT ); Fri, 7 Jun 2019 16:23:43 -0400 Received: by mail-pl1-f181.google.com with SMTP id bi6so836321plb.12 for ; Fri, 07 Jun 2019 13:23:42 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:from:date:message-id:subject:to; bh=+Ph/P+aMyTVBBlMtGSxpuwyoARzDz0vtltO+wZhBOEY=; b=HubCRacH1axPdEHp/w8vC34pB9Ej36JlZeXyR3MgBdcSphRX3aw55SE9srv6E74FLb NWELkW25enTINjJNKOMoYY+52gof4vEAg6kEW3p0pHCnPEfClpYUJBNVVrp9X+p4t7N4 +4IpJWLtGcvv2Ixy5VTem5k+5TvYjUKGERhU4AVTrplLY1E14cuugBWKJLx+Ip4lHwvR ywzS2FotC0X4ArJWL4v/6B2e3MiNpKOwNk8ZN1navy7kE8g3GtHgXRMsRHnckv6s/Ap1 xA1682k5X7CrabDSQ4a39/xRkPo0WqapGbt3qbm3qQsnBD/3+VnLyblJoVzAuatoYUEd a1EQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:from:date:message-id:subject:to; bh=+Ph/P+aMyTVBBlMtGSxpuwyoARzDz0vtltO+wZhBOEY=; b=kKLR+G4dKhqfBhpWP0lPWxsCmh2vntk8n++Um/GV2bpgYJa4pR7HC4nYjYWHF+V22i D0OWj4MR0p/2tRKg1K88aNcnMq85fexJubsWghZ6kMyM3EjqyUcWODd/nlseJ+MSsXEa fcgITnVpaZDkqv4uaUAoehTtXN8bjkG5Zwe/dXehpHCSnm49eD0QEg2RUqEsSkysTyah ur2hQ2JE9r5utCPAfFfVlhCm9R6i4EqrzmtGuI9oQhzHQq8iSYU2xmns8ZDDChl/YL9c vIqFS3Mh/tQJsX9hRZp6Ye1hrac6orvtpEhysfPac6/pi2jEyiVJPDJR0duvcMMkMAoL gjpg== X-Gm-Message-State: APjAAAUjWTFxweeNJQ2uPfPRjl/mvhFcwX5ey14Js0Au3LTRlJ19Tebz Gqkmh0TytS7mMlHJ/aZawWNtOQXtBHMjB79u0+CH/bT1 X-Google-Smtp-Source: APXvYqzmGIpn512iQXzwziJHhdyM3s5VJ9sDGJ8jPV331CRB2F+HD2oUPzcAiGFdvw2PHy2Mf/P+vMjgrLCP13Cnf7E= X-Received: by 2002:a17:902:728b:: with SMTP id d11mr28303949pll.78.1559939021753; Fri, 07 Jun 2019 13:23:41 -0700 (PDT) MIME-Version: 1.0 From: Steve French Date: Fri, 7 Jun 2019 15:23:30 -0500 Message-ID: Subject: [SMB3.1.1] Faster crypto (GCM) for Linux kernel SMB3.1.1 mounts To: CIFS , samba-technical Sender: linux-cifs-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-cifs@vger.kernel.org X-Virus-Scanned: ClamAV using ClamSMTP I am seeing more than double the performance of copy to Samba on encrypted mount with this two patch set, and 80%+ faster on copy from Samba server (when running Ralph's GCM capable experimental branch of Samba) Patches to update the kernel client (cifs.ko) attached: From 1dc851a452ebbc191b750fee8fb41da45d9b20fb Mon Sep 17 00:00:00 2001 From: Steve French Date: Fri, 7 Jun 2019 15:16:10 -0500 Subject: [PATCH 2/2] [SMB3] Add SMB3.1.1 GCM crypto to the encrypt and decrypt functions SMB3.1.1 GCM performs much better than the older CCM default: more than twice as fast in the write patch (copy to the Samba server on localhost for example) and 80% faster on the read patch (copy from the server). Signed-off-by: Steve French --- fs/cifs/smb2ops.c | 18 +++++++++++++----- fs/cifs/smb2transport.c | 10 ++++++++-- 2 files changed, 21 insertions(+), 7 deletions(-) diff --git a/fs/cifs/smb2ops.c b/fs/cifs/smb2ops.c index 7fa95929c8fc..a8e28b955c69 100644 --- a/fs/cifs/smb2ops.c +++ b/fs/cifs/smb2ops.c @@ -3324,7 +3324,7 @@ smb2_dir_needs_close(struct cifsFileInfo *cfile) static void fill_transform_hdr(struct smb2_transform_hdr *tr_hdr, unsigned int orig_len, - struct smb_rqst *old_rq) + struct smb_rqst *old_rq, struct TCP_Server_Info *server) { struct smb2_sync_hdr *shdr = (struct smb2_sync_hdr *)old_rq->rq_iov[0].iov_base; @@ -3333,7 +3333,10 @@ fill_transform_hdr(struct smb2_transform_hdr *tr_hdr, unsigned int orig_len, tr_hdr->ProtocolId = SMB2_TRANSFORM_PROTO_NUM; tr_hdr->OriginalMessageSize = cpu_to_le32(orig_len); tr_hdr->Flags = cpu_to_le16(0x01); - get_random_bytes(&tr_hdr->Nonce, SMB3_AES128CCM_NONCE); + if (server->cipher_type == SMB2_ENCRYPTION_AES128_GCM) + get_random_bytes(&tr_hdr->Nonce, SMB3_AES128GCM_NONCE); + else + get_random_bytes(&tr_hdr->Nonce, SMB3_AES128CCM_NONCE); memcpy(&tr_hdr->SessionId, &shdr->SessionId, 8); } @@ -3491,8 +3494,13 @@ crypt_message(struct TCP_Server_Info *server, int num_rqst, rc = -ENOMEM; goto free_sg; } - iv[0] = 3; - memcpy(iv + 1, (char *)tr_hdr->Nonce, SMB3_AES128CCM_NONCE); + + if (server->cipher_type == SMB2_ENCRYPTION_AES128_GCM) + memcpy(iv, (char *)tr_hdr->Nonce, SMB3_AES128GCM_NONCE); + else { + iv[0] = 3; + memcpy(iv + 1, (char *)tr_hdr->Nonce, SMB3_AES128CCM_NONCE); + } aead_request_set_crypt(req, sg, sg, crypt_len, iv); aead_request_set_ad(req, assoc_data_len); @@ -3592,7 +3600,7 @@ smb3_init_transform_rq(struct TCP_Server_Info *server, int num_rqst, } /* fill the 1st iov with a transform header */ - fill_transform_hdr(tr_hdr, orig_len, old_rq); + fill_transform_hdr(tr_hdr, orig_len, old_rq, server); rc = crypt_message(server, num_rqst, new_rq, 1); cifs_dbg(FYI, "Encrypt message returned %d\n", rc); diff --git a/fs/cifs/smb2transport.c b/fs/cifs/smb2transport.c index d1181572758b..1ccbcf9c2c3b 100644 --- a/fs/cifs/smb2transport.c +++ b/fs/cifs/smb2transport.c @@ -734,7 +734,10 @@ smb3_crypto_aead_allocate(struct TCP_Server_Info *server) struct crypto_aead *tfm; if (!server->secmech.ccmaesencrypt) { - tfm = crypto_alloc_aead("ccm(aes)", 0, 0); + if (server->cipher_type == SMB2_ENCRYPTION_AES128_GCM) + tfm = crypto_alloc_aead("gcm(aes)", 0, 0); + else + tfm = crypto_alloc_aead("ccm(aes)", 0, 0); if (IS_ERR(tfm)) { cifs_dbg(VFS, "%s: Failed to alloc encrypt aead\n", __func__); @@ -744,7 +747,10 @@ smb3_crypto_aead_allocate(struct TCP_Server_Info *server) } if (!server->secmech.ccmaesdecrypt) { - tfm = crypto_alloc_aead("ccm(aes)", 0, 0); + if (server->cipher_type == SMB2_ENCRYPTION_AES128_GCM) + tfm = crypto_alloc_aead("gcm(aes)", 0, 0); + else + tfm = crypto_alloc_aead("ccm(aes)", 0, 0); if (IS_ERR(tfm)) { crypto_free_aead(server->secmech.ccmaesencrypt); server->secmech.ccmaesencrypt = NULL; -- 2.20.1