From: "Philippe Mathieu-Daudé" <philmd@redhat.com>
To: "Daniel P. Berrangé" <berrange@redhat.com>, qemu-devel@nongnu.org
Subject: Re: [PATCH 4/4] crypto: add support for nettle's native XTS impl
Date: Fri, 25 Oct 2019 15:33:39 +0200 [thread overview]
Message-ID: <ad516c72-1b66-daf0-60bd-2eeb34aba227@redhat.com> (raw)
In-Reply-To: <20191017145654.11371-5-berrange@redhat.com>
On 10/17/19 4:56 PM, Daniel P. Berrangé wrote:
> Nettle 3.5.0 will add support for the XTS mode. Use this because long
> term we wish to delete QEMU's XTS impl to avoid carrying private crypto
> algorithm impls.
>
> Unfortunately this degrades nettle performance from 612 MB/s to 568 MB/s
> as nettle's XTS impl isn't so well optimized yet.
>
> Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
> ---
> configure | 18 ++++++++++++++++++
> crypto/cipher-nettle.c | 18 ++++++++++++++++++
> 2 files changed, 36 insertions(+)
>
> diff --git a/configure b/configure
> index 98edb0ff44..6650c72348 100755
> --- a/configure
> +++ b/configure
> @@ -471,6 +471,7 @@ gtk_gl="no"
> tls_priority="NORMAL"
> gnutls=""
> nettle=""
> +nettle_xts="no"
> gcrypt=""
> gcrypt_hmac="no"
> gcrypt_xts="no"
> @@ -2862,6 +2863,19 @@ if test "$nettle" != "no"; then
> pass="yes"
> fi
> fi
> + if test "$pass" = "yes"
> + then
> + cat > $TMPC << EOF
> +#include <nettle/xts.h>
> +int main(void) {
> + return 0;
> +}
> +EOF
> + if compile_prog "$nettle_cflags" "$nettle_libs" ; then
> + nettle_xts=yes
> + qemu_private_xts=no
Ah, now this variable makes sense.
Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com>
> + fi
> + fi
> if test "$pass" = "no" && test "$nettle" = "yes"; then
> feature_not_found "nettle" "Install nettle devel >= 2.7.1"
> else
> @@ -6337,6 +6351,10 @@ then
> echo " XTS $gcrypt_xts"
> fi
> echo "nettle $nettle $(echo_version $nettle $nettle_version)"
> +if test "$nettle" = "yes"
> +then
> + echo " XTS $nettle_xts"
> +fi
> echo "libtasn1 $tasn1"
> echo "PAM $auth_pam"
> echo "iconv support $iconv"
> diff --git a/crypto/cipher-nettle.c b/crypto/cipher-nettle.c
> index d7411bb8ff..08794a9b10 100644
> --- a/crypto/cipher-nettle.c
> +++ b/crypto/cipher-nettle.c
> @@ -19,7 +19,9 @@
> */
>
> #include "qemu/osdep.h"
> +#ifdef CONFIG_QEMU_PRIVATE_XTS
> #include "crypto/xts.h"
> +#endif
> #include "cipherpriv.h"
>
> #include <nettle/nettle-types.h>
> @@ -30,6 +32,9 @@
> #include <nettle/serpent.h>
> #include <nettle/twofish.h>
> #include <nettle/ctr.h>
> +#ifndef CONFIG_QEMU_PRIVATE_XTS
> +#include <nettle/xts.h>
> +#endif
>
> typedef void (*QCryptoCipherNettleFuncWrapper)(const void *ctx,
> size_t length,
> @@ -626,9 +631,15 @@ qcrypto_nettle_cipher_encrypt(QCryptoCipher *cipher,
> break;
>
> case QCRYPTO_CIPHER_MODE_XTS:
> +#ifdef CONFIG_QEMU_PRIVATE_XTS
> xts_encrypt(ctx->ctx, ctx->ctx_tweak,
> ctx->alg_encrypt_wrapper, ctx->alg_encrypt_wrapper,
> ctx->iv, len, out, in);
> +#else
> + xts_encrypt_message(ctx->ctx, ctx->ctx_tweak,
> + ctx->alg_encrypt_native,
> + ctx->iv, len, out, in);
> +#endif
> break;
>
> case QCRYPTO_CIPHER_MODE_CTR:
> @@ -673,9 +684,16 @@ qcrypto_nettle_cipher_decrypt(QCryptoCipher *cipher,
> break;
>
> case QCRYPTO_CIPHER_MODE_XTS:
> +#ifdef CONFIG_QEMU_PRIVATE_XTS
> xts_decrypt(ctx->ctx, ctx->ctx_tweak,
> ctx->alg_encrypt_wrapper, ctx->alg_decrypt_wrapper,
> ctx->iv, len, out, in);
> +#else
> + xts_decrypt_message(ctx->ctx, ctx->ctx_tweak,
> + ctx->alg_encrypt_native,
> + ctx->alg_decrypt_native,
> + ctx->iv, len, out, in);
> +#endif
> break;
> case QCRYPTO_CIPHER_MODE_CTR:
> ctr_crypt(ctx->ctx, ctx->alg_encrypt_native,
>
next prev parent reply other threads:[~2019-10-25 13:36 UTC|newest]
Thread overview: 13+ messages / expand[flat|nested] mbox.gz Atom feed top
2019-10-17 14:56 [PATCH 0/4] crypto: improve performance of ciphers in XTS mode Daniel P. Berrangé
2019-10-17 14:56 ` [PATCH 1/4] tests: allow filtering crypto cipher benchmark tests Daniel P. Berrangé
2019-10-25 13:24 ` Philippe Mathieu-Daudé
2019-10-25 13:45 ` Stefano Garzarella
2019-10-17 14:56 ` [PATCH 2/4] tests: benchmark crypto with fixed data size, not time period Daniel P. Berrangé
2019-10-25 13:36 ` Philippe Mathieu-Daudé
2019-10-25 13:46 ` Stefano Garzarella
2019-10-17 14:56 ` [PATCH 3/4] crypto: add support for gcrypt's native XTS impl Daniel P. Berrangé
2019-10-25 13:31 ` Philippe Mathieu-Daudé
2019-10-25 14:03 ` Stefano Garzarella
2019-10-17 14:56 ` [PATCH 4/4] crypto: add support for nettle's " Daniel P. Berrangé
2019-10-25 13:33 ` Philippe Mathieu-Daudé [this message]
2019-10-25 14:13 ` Stefano Garzarella
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=ad516c72-1b66-daf0-60bd-2eeb34aba227@redhat.com \
--to=philmd@redhat.com \
--cc=berrange@redhat.com \
--cc=qemu-devel@nongnu.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).