Samba Crypto Benchmarks

by Andreas Schneider asn@samba.org

Benchmarks about the work moving to GnuTLS for crypto.

make -j20 testenv SELFTEST_TESTENV=fileserver

dd if=/dev/urandom of=1GB.bin bs=64M count=16 iflag=fullblock

TESTS 2021

These tests are done with better hardware than in 2019!

Here are some results from my desktop machine (AMD Ryzen 9 3900X, 64GB RAM) for SMB3 signing and encryption

gnutls_aead_cipher_encryptv2()

SMB3 encrypt with GnuTLS AES-256-GCM

time bin/smbclient //$SERVER/tmp -U$USERNAME%$PASSWORD -mSMB3 --client-protection=encrypt --option=clientsmb3encryptionalgorithms=aes-256-gcm -c 'put 1GB.bin; get 1GB.bin /dev/null'
putting file 1GB.bin as \1GB.bin (373557.5 kb/s) (average 373557.5 kb/s)
getting file \1GB.bin of size 1073741824 as /dev/null (447918.0 KiloBytes/sec) (average 447918.0 KiloBytes/sec)

real    0m5.226s
user    0m1.490s
sys     0m3.018s

SMB3 encrypt with GnuTLS AES-256-CCM

time bin/smbclient //$SERVER/tmp -U$USERNAME%$PASSWORD -mSMB3 --client-protection=encrypt --option=clientsmb3encryptionalgorithms=aes-256-ccm -c 'put 1GB.bin; get 1GB.bin /dev/null'
putting file 1GB.bin as \1GB.bin (182361.0 kb/s) (average 182361.0 kb/s)
getting file \1GB.bin of size 1073741824 as /dev/null (206169.1 KiloBytes/sec) (average 206169.1 KiloBytes/sec)

real    0m10.914s
user    0m3.987s
sys     0m3.371s

SMB3 encrypt with GnuTLS AES-128-GCM

time bin/smbclient //$SERVER/tmp -U$USERNAME%$PASSWORD -mSMB3 --client-protection=encrypt --option=clientsmb3encryptionalgorithms=aes-128-gcm -c 'put 1GB.bin; get 1GB.bin /dev/null'
putting file 1GB.bin as \1GB.bin (376373.3 kb/s) (average 376373.3 kb/s)
getting file \1GB.bin of size 1073741824 as /dev/null (501951.1 KiloBytes/sec) (average 501951.2 KiloBytes/sec)

real    0m4.955s
user    0m1.350s
sys     0m2.870s

SMB3 encrypt with GnuTLS AES-128-CCM

time bin/smbclient //$SERVER/tmp -U$USERNAME%$PASSWORD -mSMB3 --client-protection=encrypt --option=clientsmb3encryptionalgorithms=aes-128-ccm -c 'put 1GB.bin; get 1GB.bin /dev/null'
putting file 1GB.bin as \1GB.bin (214126.2 kb/s) (average 214126.2 kb/s)
getting file \1GB.bin of size 1073741824 as /dev/null (242389.3 KiloBytes/sec) (average 242389.3 KiloBytes/sec)

real    0m9.298s
user    0m3.318s
sys     0m3.237s

SMB3 sign with GnuTLS AES-128-GMAC

time bin/smbclient //$SERVER/tmp -U$USERNAME%$PASSWORD -mSMB3 --client-protection=sign --option=clientsmb3signingalgorithms=aes-128-gmac -c 'put 1GB.bin; get 1GB.bin /dev/null'
putting file 1GB.bin as \1GB.bin (417925.9 kb/s) (average 417925.9 kb/s)
getting file \1GB.bin of size 1073741824 as /dev/null (510753.0 KiloBytes/sec) (average 510753.0 KiloBytes/sec)

real    0m4.643s
user    0m1.125s
sys     0m2.931s

gnutls_aead_cipher_encrypt()

SMB3 encrypt with GnuTLS AES-256-GCM

time bin/smbclient //$SERVER/tmp -U$USERNAME%$PASSWORD -mSMB3 --client-protection=encrypt --option=clientsmb3encryptionalgorithms=aes-256-gcm -c 'put 1GB.bin; get 1GB.bin /dev/null'
putting file 1GB.bin as \1GB.bin (295373.5 kb/s) (average 295373.5 kb/s)
getting file \1GB.bin of size 1073741824 as /dev/null (327475.3 KiloBytes/sec) (average 327475.3 KiloBytes/sec)

real    0m6.831s
user    0m1.672s
sys     0m3.667s

SMB3 encrypt with GnuTLS AES-128-GCM

time bin/smbclient //$SERVER/tmp -U$USERNAME%$PASSWORD -mSMB3 --client-protection=encrypt --option=clientsmb3encryptionalgorithms=aes-128-gcm -c 'put 1GB.bin; get 1GB.bin /dev/null'
putting file 1GB.bin as \1GB.bin (297468.4 kb/s) (average 297468.4 kb/s)
getting file \1GB.bin of size 1073741824 as /dev/null (327577.6 KiloBytes/sec) (average 327577.6 KiloBytes/sec)

real    0m6.805s
user    0m1.723s
sys     0m3.660s

SMB3 encrypt with GnuTLS AES-256-CCM

 time bin/smbclient //$SERVER/tmp -U$USERNAME%$PASSWORD -mSMB3 --client-protection=encrypt --option=clientsmb3encryptionalgorithms=aes-256-ccm -c 'put 1GB.bin; get 1GB.bin /dev/null'
putting file 1GB.bin as \1GB.bin (175083.7 kb/s) (average 175083.7 kb/s)
getting file \1GB.bin of size 1073741824 as /dev/null (222627.6 KiloBytes/sec) (average 222627.6 KiloBytes/sec)

real    0m10.779s
user    0m4.125s
sys     0m2.833s

SMB3 encrypt with GnuTLS AES-128-CCM

time bin/smbclient //$SERVER/tmp -U$USERNAME%$PASSWORD -mSMB3 --client-protection=encrypt --option=clientsmb3encryptionalgorithms=aes-128-ccm -c 'put 1GB.bin; get 1GB.bin /dev/null'
putting file 1GB.bin as \1GB.bin (196215.6 kb/s) (average 196215.6 kb/s)
getting file \1GB.bin of size 1073741824 as /dev/null (218498.8 KiloBytes/sec) (average 218498.9 KiloBytes/sec)

real    0m10.221s
user    0m3.609s
sys     0m3.297s

SMB3 sign with GnuTLS AES-128-GMAC

time bin/smbclient //$SERVER/tmp -U$USERNAME%$PASSWORD -mSMB3 --client-protection=sign --option=clientsmb3signingalgorithms=aes-128-gmac -c 'put 1GB.bin; get 1GB.bin /dev/null'
putting file 1GB.bin as \1GB.bin (354488.2 kb/s) (average 354488.2 kb/s)
getting file \1GB.bin of size 1073741824 as /dev/null (419934.3 KiloBytes/sec) (average 419934.3 KiloBytes/sec)

real    0m5.532s
user    0m1.437s
sys     0m3.110s

non-aead

SMB3 sign with GnuTLS AES-128-CMAC

time bin/smbclient //$SERVER/tmp -U$USERNAME%$PASSWORD -mSMB3 --client-protection=sign --option=clientsmb3signingalgorithms=aes-128-cmac -c 'put 1GB.bin; get 1GB.bin /dev/null'
putting file 1GB.bin as \1GB.bin (234057.1 kb/s) (average 234057.1 kb/s)
getting file \1GB.bin of size 1073741824 as /dev/null (265059.6 KiloBytes/sec) (average 265059.7 KiloBytes/sec)

real    0m8.517s
user    0m3.204s
sys     0m2.804s

SMB3 sign with GnuTLS HMAC-SHA-256

time bin/smbclient //$SERVER/tmp -U$USERNAME%$PASSWORD -mSMB3 --client-protection=sign --option=clientsmb3signingalgorithms=hmac-sha-256 -c 'put 1GB.bin; get 1GB.bin /dev/null'
putting file 1GB.bin as \1GB.bin (142064.2 kb/s) (average 142064.2 kb/s)
getting file \1GB.bin of size 1073741824 as /dev/null (152742.3 KiloBytes/sec) (average 152742.3 KiloBytes/sec)

real    0m14.322s
user    0m6.073s
sys     0m2.849s

TESTS 2019

Here are some results from my desktop machine (Intel i7-4960X CPU @ 3.60GHz, 32GB RAM) for SMB3 signing and encryption

AES-GCM (Encryption)

SMB3 encrypt with Samba AES-GCM (Intel AES NI)

time smbclient //LOCALNT4DC2/tmp -mSMB3 -e -c 'put 1GB.bin; get 1GB.bin /dev/null'
putting file 1GB.bin as \1GB.bin (3268.4 kb/s) (average 3268.4 kb/s)
getting file \1GB.bin of size 1073741824 as /dev/null (3240.0 KiloBytes/sec) (average 3240.0 KiloBytes/sec)

real    10m44.602s
user    5m21.525s
sys     0m3.820s

SMB3 encrypt with GnuTLS AES-GCM

time smbclient //LOCALNT4DC2/tmp -mSMB3 -e -c 'put 1GB.bin; get 1GB.bin /dev/null'
putting file 1GB.bin as \1GB.bin (172010.5 kb/s) (average 172010.5 kb/s)
getting file \1GB.bin of size 1073741824 as /dev/null (183445.8 KiloBytes/sec) (average 183445.8 KiloBytes/sec)

real    0m12.299s
user    0m3.883s
sys     0m4.610s

AES-CCM (Encryption)

SMB3 encrypt with Samba AES-CCM

time smbclient //LOCALNT4DC2/tmp -mSMB3 -e -c 'put 1GB.bin; get 1GB.bin /dev/null'
putting file 1GB.bin as \1GB.bin (46458.8 kb/s) (average 46458.8 kb/s)
getting file \1GB.bin of size 1073741824 as /dev/null (47832.1 KiloBytes/sec) (average 47832.1 KiloBytes/sec)

real    0m44.613s
user    0m20.914s
sys     0m3.623s

SMB3 encrypt with Samba AES-CCM (Intel AES NI)

time smbclient //LOCALNT4DC2/tmp -mSMB3 -e -c 'put 1GB.bin; get 1GB.bin /dev/null'
putting file 1GB.bin as \1GB.bin (88397.9 kb/s) (average 88397.9 kb/s)
getting file \1GB.bin of size 1073741824 as /dev/null (90668.0 KiloBytes/sec) (average 90668.1 KiloBytes/sec)

real    0m23.595s
user    0m10.427s
sys     0m3.694s

SMB3 encrypt with GnuTLS AES-CCM

time smbclient //LOCALNT4DC2/tmp -mSMB3 -e -c 'put 1GB.bin; get 1GB.bin /dev/null'
putting file 1GB.bin as \1GB.bin (106747.0 kb/s) (average 106747.0 kb/s)
getting file \1GB.bin of size 1073741824 as /dev/null (110901.7 KiloBytes/sec) (average 110901.7 KiloBytes/sec)

real    0m19.454s
user    0m7.716s
sys     0m4.484s

AES-CMAC (Signing)

SMB3 signing off

time smbclient //LOCALNT4DC2/tmp -mSMB3 --signing=off -c 'put 1GB.bin; get 1GB.bin /dev/null'
putting file 1GB.bin as \1GB.bin (363836.2 kb/s) (average 363836.2 kb/s)
getting file \1GB.bin of size 1073741824 as /dev/null (361702.6 KiloBytes/sec) (average 361702.7 KiloBytes/sec)

real    0m5.959s
user    0m1.615s
 sys     0m3.750s

SMB3 signing with Samba AES-CMAC (Intel AES NI)

time smbclient //LOCALNT4DC2/tmp -mSMB3 --signing=required -c 'put 1GB.bin; get 1GB.bin /dev/null'
putting file 1GB.bin as \1GB.bin (132012.6 kb/s) (average 132012.6 kb/s)
getting file \1GB.bin of size 1073741824 as /dev/null (146102.3 KiloBytes/sec) (average 146102.3 KiloBytes/sec)

real    0m15.239s
user    0m6.355s
sys     0m3.654s

SMB3 signing with GnuTLS AES-CMAC

time smbclient //LOCALNT4DC2/tmp -mSMB3 --signing=required -c 'put 1GB.bin; get 1GB.bin /dev/null'
putting file 1GB.bin as \1GB.bin (140315.3 kb/s) (average 140315.3 kb/s)
getting file \1GB.bin of size 1073741824 as /dev/null (145091.5 KiloBytes/sec) (average 145091.5 KiloBytes/sec)

real    0m14.833s
user    0m6.042s
sys     0m3.696s

More at SambaXP ;-)

Samba Crypto Benchmarks

TESTS 2021

gnutls_aead_cipher_encryptv2()

SMB3 encrypt with GnuTLS AES-256-GCM

SMB3 encrypt with GnuTLS AES-256-CCM

SMB3 encrypt with GnuTLS AES-128-GCM

SMB3 encrypt with GnuTLS AES-128-CCM

SMB3 sign with GnuTLS AES-128-GMAC

gnutls_aead_cipher_encrypt()

SMB3 encrypt with GnuTLS AES-256-GCM

SMB3 encrypt with GnuTLS AES-128-GCM

SMB3 encrypt with GnuTLS AES-256-CCM

SMB3 encrypt with GnuTLS AES-128-CCM

SMB3 sign with GnuTLS AES-128-GMAC

non-aead

SMB3 sign with GnuTLS AES-128-CMAC

SMB3 sign with GnuTLS HMAC-SHA-256

TESTS 2019

AES-GCM (Encryption)

SMB3 encrypt with Samba AES-GCM (Intel AES NI)

SMB3 encrypt with GnuTLS AES-GCM

AES-CCM (Encryption)

SMB3 encrypt with Samba AES-CCM

SMB3 encrypt with Samba AES-CCM (Intel AES NI)

SMB3 encrypt with GnuTLS AES-CCM

AES-CMAC (Signing)

SMB3 signing off

SMB3 signing with Samba AES-CMAC (Intel AES NI)

SMB3 signing with GnuTLS AES-CMAC

tags: samba crypto benchmark

tags: `samba` `crypto` `benchmark`