diff options
author | Stefan Metzmacher <metze@samba.org> | 2015-08-17 08:56:43 +0200 |
---|---|---|
committer | Stefan Metzmacher <metze@samba.org> | 2015-08-17 22:30:20 +0200 |
commit | 2aff77c172de0b87553cc2754f22af6613b9288c (patch) | |
tree | 67c965b580aa58cdb35da203dae0c411c47a7285 | |
parent | ef11f8d2674b750c35456379db17d55d8744cd3c (diff) | |
download | samba-2aff77c172de0b87553cc2754f22af6613b9288c.tar.gz |
s3:smb2_negprot: prefer AES128_CCM if the client supports it
Callgrind showed that we use 28,165,720,719 cpu cycles to send
a 100MB file to a client using aes-ccm.
With aes-gcm this is raises up to 723,094,413,831 cpu cycles.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11451
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
(cherry picked from commit bd0ec51cfca2b3baed60d304125079c74815073a)
-rw-r--r-- | source3/smbd/smb2_negprot.c | 18 |
1 files changed, 14 insertions, 4 deletions
diff --git a/source3/smbd/smb2_negprot.c b/source3/smbd/smb2_negprot.c index 3106ef38c7a..18382a9dc1a 100644 --- a/source3/smbd/smb2_negprot.c +++ b/source3/smbd/smb2_negprot.c @@ -421,6 +421,8 @@ NTSTATUS smbd_smb2_request_process_negprot(struct smbd_smb2_request *req) uint8_t buf[4]; DATA_BLOB b; size_t i; + bool aes_128_ccm_supported = false; + bool aes_128_gcm_supported = false; capabilities &= ~SMB2_CAP_ENCRYPTION; @@ -451,15 +453,23 @@ NTSTATUS smbd_smb2_request_process_negprot(struct smbd_smb2_request *req) p += 2; if (v == SMB2_ENCRYPTION_AES128_GCM) { - xconn->smb2.server.cipher = v; - break; + aes_128_gcm_supported = true; } if (v == SMB2_ENCRYPTION_AES128_CCM) { - xconn->smb2.server.cipher = v; - break; + aes_128_ccm_supported = true; } } + /* + * For now we preferr CCM because our implementation + * is faster than GCM, see bug #11451. + */ + if (aes_128_ccm_supported) { + xconn->smb2.server.cipher = SMB2_ENCRYPTION_AES128_CCM; + } else if (aes_128_gcm_supported) { + xconn->smb2.server.cipher = SMB2_ENCRYPTION_AES128_GCM; + } + SSVAL(buf, 0, 1); /* ChiperCount */ SSVAL(buf, 2, xconn->smb2.server.cipher); |