Samba Crypto Benchmarks ======================= *by Andreas Schneider <asn@samba.org>* Benchmarks about the work moving to GnuTLS for crypto. ``` make -j20 testenv SELFTEST_TESTENV=fileserver ``` ``` dd if=/dev/urandom of=1GB.bin bs=64M count=16 iflag=fullblock ``` ## TESTS 2021 These tests are done with better hardware than in 2019! Here are some results from my desktop machine (AMD Ryzen 9 3900X, 64GB RAM) for SMB3 signing and encryption #### gnutls_aead_cipher_encryptv2() ##### SMB3 encrypt with GnuTLS AES-256-GCM ```bash time bin/smbclient //$SERVER/tmp -U$USERNAME%$PASSWORD -mSMB3 --client-protection=encrypt --option=clientsmb3encryptionalgorithms=aes-256-gcm -c 'put 1GB.bin; get 1GB.bin /dev/null' putting file 1GB.bin as \1GB.bin (373557.5 kb/s) (average 373557.5 kb/s) getting file \1GB.bin of size 1073741824 as /dev/null (447918.0 KiloBytes/sec) (average 447918.0 KiloBytes/sec) real 0m5.226s user 0m1.490s sys 0m3.018s ``` ##### SMB3 encrypt with GnuTLS AES-256-CCM ```bash time bin/smbclient //$SERVER/tmp -U$USERNAME%$PASSWORD -mSMB3 --client-protection=encrypt --option=clientsmb3encryptionalgorithms=aes-256-ccm -c 'put 1GB.bin; get 1GB.bin /dev/null' putting file 1GB.bin as \1GB.bin (182361.0 kb/s) (average 182361.0 kb/s) getting file \1GB.bin of size 1073741824 as /dev/null (206169.1 KiloBytes/sec) (average 206169.1 KiloBytes/sec) real 0m10.914s user 0m3.987s sys 0m3.371s ``` ##### SMB3 encrypt with GnuTLS AES-128-GCM ```bash time bin/smbclient //$SERVER/tmp -U$USERNAME%$PASSWORD -mSMB3 --client-protection=encrypt --option=clientsmb3encryptionalgorithms=aes-128-gcm -c 'put 1GB.bin; get 1GB.bin /dev/null' putting file 1GB.bin as \1GB.bin (376373.3 kb/s) (average 376373.3 kb/s) getting file \1GB.bin of size 1073741824 as /dev/null (501951.1 KiloBytes/sec) (average 501951.2 KiloBytes/sec) real 0m4.955s user 0m1.350s sys 0m2.870s ``` ##### SMB3 encrypt with GnuTLS AES-128-CCM ```bash time bin/smbclient //$SERVER/tmp -U$USERNAME%$PASSWORD -mSMB3 --client-protection=encrypt --option=clientsmb3encryptionalgorithms=aes-128-ccm -c 'put 1GB.bin; get 1GB.bin /dev/null' putting file 1GB.bin as \1GB.bin (214126.2 kb/s) (average 214126.2 kb/s) getting file \1GB.bin of size 1073741824 as /dev/null (242389.3 KiloBytes/sec) (average 242389.3 KiloBytes/sec) real 0m9.298s user 0m3.318s sys 0m3.237s ``` ##### SMB3 sign with GnuTLS AES-128-GMAC ```bash time bin/smbclient //$SERVER/tmp -U$USERNAME%$PASSWORD -mSMB3 --client-protection=sign --option=clientsmb3signingalgorithms=aes-128-gmac -c 'put 1GB.bin; get 1GB.bin /dev/null' putting file 1GB.bin as \1GB.bin (417925.9 kb/s) (average 417925.9 kb/s) getting file \1GB.bin of size 1073741824 as /dev/null (510753.0 KiloBytes/sec) (average 510753.0 KiloBytes/sec) real 0m4.643s user 0m1.125s sys 0m2.931s ``` #### gnutls_aead_cipher_encrypt() ##### SMB3 encrypt with GnuTLS AES-256-GCM ```bash time bin/smbclient //$SERVER/tmp -U$USERNAME%$PASSWORD -mSMB3 --client-protection=encrypt --option=clientsmb3encryptionalgorithms=aes-256-gcm -c 'put 1GB.bin; get 1GB.bin /dev/null' putting file 1GB.bin as \1GB.bin (295373.5 kb/s) (average 295373.5 kb/s) getting file \1GB.bin of size 1073741824 as /dev/null (327475.3 KiloBytes/sec) (average 327475.3 KiloBytes/sec) real 0m6.831s user 0m1.672s sys 0m3.667s ``` ##### SMB3 encrypt with GnuTLS AES-128-GCM ```bash time bin/smbclient //$SERVER/tmp -U$USERNAME%$PASSWORD -mSMB3 --client-protection=encrypt --option=clientsmb3encryptionalgorithms=aes-128-gcm -c 'put 1GB.bin; get 1GB.bin /dev/null' putting file 1GB.bin as \1GB.bin (297468.4 kb/s) (average 297468.4 kb/s) getting file \1GB.bin of size 1073741824 as /dev/null (327577.6 KiloBytes/sec) (average 327577.6 KiloBytes/sec) real 0m6.805s user 0m1.723s sys 0m3.660s ``` ##### SMB3 encrypt with GnuTLS AES-256-CCM ```bash time bin/smbclient //$SERVER/tmp -U$USERNAME%$PASSWORD -mSMB3 --client-protection=encrypt --option=clientsmb3encryptionalgorithms=aes-256-ccm -c 'put 1GB.bin; get 1GB.bin /dev/null' putting file 1GB.bin as \1GB.bin (175083.7 kb/s) (average 175083.7 kb/s) getting file \1GB.bin of size 1073741824 as /dev/null (222627.6 KiloBytes/sec) (average 222627.6 KiloBytes/sec) real 0m10.779s user 0m4.125s sys 0m2.833s ``` ##### SMB3 encrypt with GnuTLS AES-128-CCM ```bash time bin/smbclient //$SERVER/tmp -U$USERNAME%$PASSWORD -mSMB3 --client-protection=encrypt --option=clientsmb3encryptionalgorithms=aes-128-ccm -c 'put 1GB.bin; get 1GB.bin /dev/null' putting file 1GB.bin as \1GB.bin (196215.6 kb/s) (average 196215.6 kb/s) getting file \1GB.bin of size 1073741824 as /dev/null (218498.8 KiloBytes/sec) (average 218498.9 KiloBytes/sec) real 0m10.221s user 0m3.609s sys 0m3.297s ``` ##### SMB3 sign with GnuTLS AES-128-GMAC ```bash time bin/smbclient //$SERVER/tmp -U$USERNAME%$PASSWORD -mSMB3 --client-protection=sign --option=clientsmb3signingalgorithms=aes-128-gmac -c 'put 1GB.bin; get 1GB.bin /dev/null' putting file 1GB.bin as \1GB.bin (354488.2 kb/s) (average 354488.2 kb/s) getting file \1GB.bin of size 1073741824 as /dev/null (419934.3 KiloBytes/sec) (average 419934.3 KiloBytes/sec) real 0m5.532s user 0m1.437s sys 0m3.110s ``` #### non-aead ##### SMB3 sign with GnuTLS AES-128-CMAC ```bash time bin/smbclient //$SERVER/tmp -U$USERNAME%$PASSWORD -mSMB3 --client-protection=sign --option=clientsmb3signingalgorithms=aes-128-cmac -c 'put 1GB.bin; get 1GB.bin /dev/null' putting file 1GB.bin as \1GB.bin (234057.1 kb/s) (average 234057.1 kb/s) getting file \1GB.bin of size 1073741824 as /dev/null (265059.6 KiloBytes/sec) (average 265059.7 KiloBytes/sec) real 0m8.517s user 0m3.204s sys 0m2.804s ``` ##### SMB3 sign with GnuTLS HMAC-SHA-256 ```bash time bin/smbclient //$SERVER/tmp -U$USERNAME%$PASSWORD -mSMB3 --client-protection=sign --option=clientsmb3signingalgorithms=hmac-sha-256 -c 'put 1GB.bin; get 1GB.bin /dev/null' putting file 1GB.bin as \1GB.bin (142064.2 kb/s) (average 142064.2 kb/s) getting file \1GB.bin of size 1073741824 as /dev/null (152742.3 KiloBytes/sec) (average 152742.3 KiloBytes/sec) real 0m14.322s user 0m6.073s sys 0m2.849s ``` ## TESTS 2019 Here are some results from my desktop machine (Intel i7-4960X CPU @ 3.60GHz, 32GB RAM) for SMB3 signing and encryption ### AES-GCM (Encryption) #### SMB3 encrypt with Samba AES-GCM (Intel AES NI) time smbclient //LOCALNT4DC2/tmp -mSMB3 -e -c 'put 1GB.bin; get 1GB.bin /dev/null' putting file 1GB.bin as \1GB.bin (3268.4 kb/s) (average 3268.4 kb/s) getting file \1GB.bin of size 1073741824 as /dev/null (3240.0 KiloBytes/sec) (average 3240.0 KiloBytes/sec) real 10m44.602s user 5m21.525s sys 0m3.820s #### SMB3 encrypt with GnuTLS AES-GCM time smbclient //LOCALNT4DC2/tmp -mSMB3 -e -c 'put 1GB.bin; get 1GB.bin /dev/null' putting file 1GB.bin as \1GB.bin (172010.5 kb/s) (average 172010.5 kb/s) getting file \1GB.bin of size 1073741824 as /dev/null (183445.8 KiloBytes/sec) (average 183445.8 KiloBytes/sec) real 0m12.299s user 0m3.883s sys 0m4.610s ### AES-CCM (Encryption) #### SMB3 encrypt with Samba AES-CCM time smbclient //LOCALNT4DC2/tmp -mSMB3 -e -c 'put 1GB.bin; get 1GB.bin /dev/null' putting file 1GB.bin as \1GB.bin (46458.8 kb/s) (average 46458.8 kb/s) getting file \1GB.bin of size 1073741824 as /dev/null (47832.1 KiloBytes/sec) (average 47832.1 KiloBytes/sec) real 0m44.613s user 0m20.914s sys 0m3.623s #### SMB3 encrypt with Samba AES-CCM (Intel AES NI) time smbclient //LOCALNT4DC2/tmp -mSMB3 -e -c 'put 1GB.bin; get 1GB.bin /dev/null' putting file 1GB.bin as \1GB.bin (88397.9 kb/s) (average 88397.9 kb/s) getting file \1GB.bin of size 1073741824 as /dev/null (90668.0 KiloBytes/sec) (average 90668.1 KiloBytes/sec) real 0m23.595s user 0m10.427s sys 0m3.694s #### SMB3 encrypt with GnuTLS AES-CCM time smbclient //LOCALNT4DC2/tmp -mSMB3 -e -c 'put 1GB.bin; get 1GB.bin /dev/null' putting file 1GB.bin as \1GB.bin (106747.0 kb/s) (average 106747.0 kb/s) getting file \1GB.bin of size 1073741824 as /dev/null (110901.7 KiloBytes/sec) (average 110901.7 KiloBytes/sec) real 0m19.454s user 0m7.716s sys 0m4.484s ### AES-CMAC (Signing) #### SMB3 signing off time smbclient //LOCALNT4DC2/tmp -mSMB3 --signing=off -c 'put 1GB.bin; get 1GB.bin /dev/null' putting file 1GB.bin as \1GB.bin (363836.2 kb/s) (average 363836.2 kb/s) getting file \1GB.bin of size 1073741824 as /dev/null (361702.6 KiloBytes/sec) (average 361702.7 KiloBytes/sec) real 0m5.959s user 0m1.615s sys 0m3.750s #### SMB3 signing with Samba AES-CMAC (Intel AES NI) time smbclient //LOCALNT4DC2/tmp -mSMB3 --signing=required -c 'put 1GB.bin; get 1GB.bin /dev/null' putting file 1GB.bin as \1GB.bin (132012.6 kb/s) (average 132012.6 kb/s) getting file \1GB.bin of size 1073741824 as /dev/null (146102.3 KiloBytes/sec) (average 146102.3 KiloBytes/sec) real 0m15.239s user 0m6.355s sys 0m3.654s #### SMB3 signing with GnuTLS AES-CMAC time smbclient //LOCALNT4DC2/tmp -mSMB3 --signing=required -c 'put 1GB.bin; get 1GB.bin /dev/null' putting file 1GB.bin as \1GB.bin (140315.3 kb/s) (average 140315.3 kb/s) getting file \1GB.bin of size 1073741824 as /dev/null (145091.5 KiloBytes/sec) (average 145091.5 KiloBytes/sec) real 0m14.833s user 0m6.042s sys 0m3.696s **More at SambaXP ;-)** ###### tags: `samba` `crypto` `benchmark`