int gnutls_aead_cipher_encrypt_vec(gnutls_aead_cipher_hd_t handle,
const void *nonce,
const giovec_t * auth_iov,
const giovec_t *iov,
and a corresponding gnutls_aead_cipher_decrypt_vec()
In Samba we work with io vectors (struct iov). Also the encrypt and decrypt functions for a PDU (protocol data unit) get an iov. Using GnuTLS is already a huge speed up, but the passed in iov for transferring big files is 8MB in total. This we have to allocate 8MB for the plain text and 8MB + tag size for the cipher text. Then memcpy the iov into the allocated plain text buffer and pass it to GnuTLS. Once encypted we need to copy the data from the cipher text buffer back into the iov. Performance in Samba matters and as we move to GnuTLS to get better performance we would like to avoid to allocate the memory and copying the data around. The above API would allow us to be even more performant as we don't have to copy so much data around.
The tag being extra makes it easier to use if it is not part of the cihper text. If it is the last iov, you can just pass that to the tag or calculate the position in the iov easily.
This is related to https://bugzilla.redhat.com/show_bug.cgi?id=1637861
This issue was set to medium priority because this issue does not limit the core functionality of a component.
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.
For information on the advisory, and where to find the updated
files, follow the link below.
If the solution does not work for you, open a new bug report.