Samba Crypto Benchmarks
=======================
*by Andreas Schneider <asn@samba.org>*
Benchmarks about the work moving to GnuTLS for crypto.
```
make -j20 testenv SELFTEST_TESTENV=fileserver
```
```
dd if=/dev/urandom of=1GB.bin bs=64M count=16 iflag=fullblock
```
## TESTS 2021
These tests are done with better hardware than in 2019!
Here are some results from my desktop machine (AMD Ryzen 9 3900X, 64GB RAM) for SMB3 signing and encryption
#### gnutls_aead_cipher_encryptv2()
##### SMB3 encrypt with GnuTLS AES-256-GCM
```bash
time bin/smbclient //$SERVER/tmp -U$USERNAME%$PASSWORD -mSMB3 --client-protection=encrypt --option=clientsmb3encryptionalgorithms=aes-256-gcm -c 'put 1GB.bin; get 1GB.bin /dev/null'
putting file 1GB.bin as \1GB.bin (373557.5 kb/s) (average 373557.5 kb/s)
getting file \1GB.bin of size 1073741824 as /dev/null (447918.0 KiloBytes/sec) (average 447918.0 KiloBytes/sec)
real 0m5.226s
user 0m1.490s
sys 0m3.018s
```
##### SMB3 encrypt with GnuTLS AES-256-CCM
```bash
time bin/smbclient //$SERVER/tmp -U$USERNAME%$PASSWORD -mSMB3 --client-protection=encrypt --option=clientsmb3encryptionalgorithms=aes-256-ccm -c 'put 1GB.bin; get 1GB.bin /dev/null'
putting file 1GB.bin as \1GB.bin (182361.0 kb/s) (average 182361.0 kb/s)
getting file \1GB.bin of size 1073741824 as /dev/null (206169.1 KiloBytes/sec) (average 206169.1 KiloBytes/sec)
real 0m10.914s
user 0m3.987s
sys 0m3.371s
```
##### SMB3 encrypt with GnuTLS AES-128-GCM
```bash
time bin/smbclient //$SERVER/tmp -U$USERNAME%$PASSWORD -mSMB3 --client-protection=encrypt --option=clientsmb3encryptionalgorithms=aes-128-gcm -c 'put 1GB.bin; get 1GB.bin /dev/null'
putting file 1GB.bin as \1GB.bin (376373.3 kb/s) (average 376373.3 kb/s)
getting file \1GB.bin of size 1073741824 as /dev/null (501951.1 KiloBytes/sec) (average 501951.2 KiloBytes/sec)
real 0m4.955s
user 0m1.350s
sys 0m2.870s
```
##### SMB3 encrypt with GnuTLS AES-128-CCM
```bash
time bin/smbclient //$SERVER/tmp -U$USERNAME%$PASSWORD -mSMB3 --client-protection=encrypt --option=clientsmb3encryptionalgorithms=aes-128-ccm -c 'put 1GB.bin; get 1GB.bin /dev/null'
putting file 1GB.bin as \1GB.bin (214126.2 kb/s) (average 214126.2 kb/s)
getting file \1GB.bin of size 1073741824 as /dev/null (242389.3 KiloBytes/sec) (average 242389.3 KiloBytes/sec)
real 0m9.298s
user 0m3.318s
sys 0m3.237s
```
##### SMB3 sign with GnuTLS AES-128-GMAC
```bash
time bin/smbclient //$SERVER/tmp -U$USERNAME%$PASSWORD -mSMB3 --client-protection=sign --option=clientsmb3signingalgorithms=aes-128-gmac -c 'put 1GB.bin; get 1GB.bin /dev/null'
putting file 1GB.bin as \1GB.bin (417925.9 kb/s) (average 417925.9 kb/s)
getting file \1GB.bin of size 1073741824 as /dev/null (510753.0 KiloBytes/sec) (average 510753.0 KiloBytes/sec)
real 0m4.643s
user 0m1.125s
sys 0m2.931s
```
#### gnutls_aead_cipher_encrypt()
##### SMB3 encrypt with GnuTLS AES-256-GCM
```bash
time bin/smbclient //$SERVER/tmp -U$USERNAME%$PASSWORD -mSMB3 --client-protection=encrypt --option=clientsmb3encryptionalgorithms=aes-256-gcm -c 'put 1GB.bin; get 1GB.bin /dev/null'
putting file 1GB.bin as \1GB.bin (295373.5 kb/s) (average 295373.5 kb/s)
getting file \1GB.bin of size 1073741824 as /dev/null (327475.3 KiloBytes/sec) (average 327475.3 KiloBytes/sec)
real 0m6.831s
user 0m1.672s
sys 0m3.667s
```
##### SMB3 encrypt with GnuTLS AES-128-GCM
```bash
time bin/smbclient //$SERVER/tmp -U$USERNAME%$PASSWORD -mSMB3 --client-protection=encrypt --option=clientsmb3encryptionalgorithms=aes-128-gcm -c 'put 1GB.bin; get 1GB.bin /dev/null'
putting file 1GB.bin as \1GB.bin (297468.4 kb/s) (average 297468.4 kb/s)
getting file \1GB.bin of size 1073741824 as /dev/null (327577.6 KiloBytes/sec) (average 327577.6 KiloBytes/sec)
real 0m6.805s
user 0m1.723s
sys 0m3.660s
```
##### SMB3 encrypt with GnuTLS AES-256-CCM
```bash
time bin/smbclient //$SERVER/tmp -U$USERNAME%$PASSWORD -mSMB3 --client-protection=encrypt --option=clientsmb3encryptionalgorithms=aes-256-ccm -c 'put 1GB.bin; get 1GB.bin /dev/null'
putting file 1GB.bin as \1GB.bin (175083.7 kb/s) (average 175083.7 kb/s)
getting file \1GB.bin of size 1073741824 as /dev/null (222627.6 KiloBytes/sec) (average 222627.6 KiloBytes/sec)
real 0m10.779s
user 0m4.125s
sys 0m2.833s
```
##### SMB3 encrypt with GnuTLS AES-128-CCM
```bash
time bin/smbclient //$SERVER/tmp -U$USERNAME%$PASSWORD -mSMB3 --client-protection=encrypt --option=clientsmb3encryptionalgorithms=aes-128-ccm -c 'put 1GB.bin; get 1GB.bin /dev/null'
putting file 1GB.bin as \1GB.bin (196215.6 kb/s) (average 196215.6 kb/s)
getting file \1GB.bin of size 1073741824 as /dev/null (218498.8 KiloBytes/sec) (average 218498.9 KiloBytes/sec)
real 0m10.221s
user 0m3.609s
sys 0m3.297s
```
##### SMB3 sign with GnuTLS AES-128-GMAC
```bash
time bin/smbclient //$SERVER/tmp -U$USERNAME%$PASSWORD -mSMB3 --client-protection=sign --option=clientsmb3signingalgorithms=aes-128-gmac -c 'put 1GB.bin; get 1GB.bin /dev/null'
putting file 1GB.bin as \1GB.bin (354488.2 kb/s) (average 354488.2 kb/s)
getting file \1GB.bin of size 1073741824 as /dev/null (419934.3 KiloBytes/sec) (average 419934.3 KiloBytes/sec)
real 0m5.532s
user 0m1.437s
sys 0m3.110s
```
#### non-aead
##### SMB3 sign with GnuTLS AES-128-CMAC
```bash
time bin/smbclient //$SERVER/tmp -U$USERNAME%$PASSWORD -mSMB3 --client-protection=sign --option=clientsmb3signingalgorithms=aes-128-cmac -c 'put 1GB.bin; get 1GB.bin /dev/null'
putting file 1GB.bin as \1GB.bin (234057.1 kb/s) (average 234057.1 kb/s)
getting file \1GB.bin of size 1073741824 as /dev/null (265059.6 KiloBytes/sec) (average 265059.7 KiloBytes/sec)
real 0m8.517s
user 0m3.204s
sys 0m2.804s
```
##### SMB3 sign with GnuTLS HMAC-SHA-256
```bash
time bin/smbclient //$SERVER/tmp -U$USERNAME%$PASSWORD -mSMB3 --client-protection=sign --option=clientsmb3signingalgorithms=hmac-sha-256 -c 'put 1GB.bin; get 1GB.bin /dev/null'
putting file 1GB.bin as \1GB.bin (142064.2 kb/s) (average 142064.2 kb/s)
getting file \1GB.bin of size 1073741824 as /dev/null (152742.3 KiloBytes/sec) (average 152742.3 KiloBytes/sec)
real 0m14.322s
user 0m6.073s
sys 0m2.849s
```
## TESTS 2019
Here are some results from my desktop machine (Intel i7-4960X CPU @ 3.60GHz, 32GB RAM) for SMB3 signing and encryption
### AES-GCM (Encryption)
#### SMB3 encrypt with Samba AES-GCM (Intel AES NI)
time smbclient //LOCALNT4DC2/tmp -mSMB3 -e -c 'put 1GB.bin; get 1GB.bin /dev/null'
putting file 1GB.bin as \1GB.bin (3268.4 kb/s) (average 3268.4 kb/s)
getting file \1GB.bin of size 1073741824 as /dev/null (3240.0 KiloBytes/sec) (average 3240.0 KiloBytes/sec)
real 10m44.602s
user 5m21.525s
sys 0m3.820s
#### SMB3 encrypt with GnuTLS AES-GCM
time smbclient //LOCALNT4DC2/tmp -mSMB3 -e -c 'put 1GB.bin; get 1GB.bin /dev/null'
putting file 1GB.bin as \1GB.bin (172010.5 kb/s) (average 172010.5 kb/s)
getting file \1GB.bin of size 1073741824 as /dev/null (183445.8 KiloBytes/sec) (average 183445.8 KiloBytes/sec)
real 0m12.299s
user 0m3.883s
sys 0m4.610s
### AES-CCM (Encryption)
#### SMB3 encrypt with Samba AES-CCM
time smbclient //LOCALNT4DC2/tmp -mSMB3 -e -c 'put 1GB.bin; get 1GB.bin /dev/null'
putting file 1GB.bin as \1GB.bin (46458.8 kb/s) (average 46458.8 kb/s)
getting file \1GB.bin of size 1073741824 as /dev/null (47832.1 KiloBytes/sec) (average 47832.1 KiloBytes/sec)
real 0m44.613s
user 0m20.914s
sys 0m3.623s
#### SMB3 encrypt with Samba AES-CCM (Intel AES NI)
time smbclient //LOCALNT4DC2/tmp -mSMB3 -e -c 'put 1GB.bin; get 1GB.bin /dev/null'
putting file 1GB.bin as \1GB.bin (88397.9 kb/s) (average 88397.9 kb/s)
getting file \1GB.bin of size 1073741824 as /dev/null (90668.0 KiloBytes/sec) (average 90668.1 KiloBytes/sec)
real 0m23.595s
user 0m10.427s
sys 0m3.694s
#### SMB3 encrypt with GnuTLS AES-CCM
time smbclient //LOCALNT4DC2/tmp -mSMB3 -e -c 'put 1GB.bin; get 1GB.bin /dev/null'
putting file 1GB.bin as \1GB.bin (106747.0 kb/s) (average 106747.0 kb/s)
getting file \1GB.bin of size 1073741824 as /dev/null (110901.7 KiloBytes/sec) (average 110901.7 KiloBytes/sec)
real 0m19.454s
user 0m7.716s
sys 0m4.484s
### AES-CMAC (Signing)
#### SMB3 signing off
time smbclient //LOCALNT4DC2/tmp -mSMB3 --signing=off -c 'put 1GB.bin; get 1GB.bin /dev/null'
putting file 1GB.bin as \1GB.bin (363836.2 kb/s) (average 363836.2 kb/s)
getting file \1GB.bin of size 1073741824 as /dev/null (361702.6 KiloBytes/sec) (average 361702.7 KiloBytes/sec)
real 0m5.959s
user 0m1.615s
sys 0m3.750s
#### SMB3 signing with Samba AES-CMAC (Intel AES NI)
time smbclient //LOCALNT4DC2/tmp -mSMB3 --signing=required -c 'put 1GB.bin; get 1GB.bin /dev/null'
putting file 1GB.bin as \1GB.bin (132012.6 kb/s) (average 132012.6 kb/s)
getting file \1GB.bin of size 1073741824 as /dev/null (146102.3 KiloBytes/sec) (average 146102.3 KiloBytes/sec)
real 0m15.239s
user 0m6.355s
sys 0m3.654s
#### SMB3 signing with GnuTLS AES-CMAC
time smbclient //LOCALNT4DC2/tmp -mSMB3 --signing=required -c 'put 1GB.bin; get 1GB.bin /dev/null'
putting file 1GB.bin as \1GB.bin (140315.3 kb/s) (average 140315.3 kb/s)
getting file \1GB.bin of size 1073741824 as /dev/null (145091.5 KiloBytes/sec) (average 145091.5 KiloBytes/sec)
real 0m14.833s
user 0m6.042s
sys 0m3.696s
**More at SambaXP ;-)**
###### tags: `samba` `crypto` `benchmark`
Sign in via Google
Sign in via Facebook
Sign in via X(Twitter)
Sign in via GitHub
Sign in via Dropbox
Sign in with Wallet
Connect another wallet