Message ID | 20191017145654.11371-5-berrange@redhat.com |
---|---|
State | New |
Headers | show |
Series | crypto: improve performance of ciphers in XTS mode | expand |
On 10/17/19 4:56 PM, Daniel P. Berrangé wrote: > Nettle 3.5.0 will add support for the XTS mode. Use this because long > term we wish to delete QEMU's XTS impl to avoid carrying private crypto > algorithm impls. > > Unfortunately this degrades nettle performance from 612 MB/s to 568 MB/s > as nettle's XTS impl isn't so well optimized yet. > > Signed-off-by: Daniel P. Berrangé <berrange@redhat.com> > --- > configure | 18 ++++++++++++++++++ > crypto/cipher-nettle.c | 18 ++++++++++++++++++ > 2 files changed, 36 insertions(+) > > diff --git a/configure b/configure > index 98edb0ff44..6650c72348 100755 > --- a/configure > +++ b/configure > @@ -471,6 +471,7 @@ gtk_gl="no" > tls_priority="NORMAL" > gnutls="" > nettle="" > +nettle_xts="no" > gcrypt="" > gcrypt_hmac="no" > gcrypt_xts="no" > @@ -2862,6 +2863,19 @@ if test "$nettle" != "no"; then > pass="yes" > fi > fi > + if test "$pass" = "yes" > + then > + cat > $TMPC << EOF > +#include <nettle/xts.h> > +int main(void) { > + return 0; > +} > +EOF > + if compile_prog "$nettle_cflags" "$nettle_libs" ; then > + nettle_xts=yes > + qemu_private_xts=no Ah, now this variable makes sense. Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com> > + fi > + fi > if test "$pass" = "no" && test "$nettle" = "yes"; then > feature_not_found "nettle" "Install nettle devel >= 2.7.1" > else > @@ -6337,6 +6351,10 @@ then > echo " XTS $gcrypt_xts" > fi > echo "nettle $nettle $(echo_version $nettle $nettle_version)" > +if test "$nettle" = "yes" > +then > + echo " XTS $nettle_xts" > +fi > echo "libtasn1 $tasn1" > echo "PAM $auth_pam" > echo "iconv support $iconv" > diff --git a/crypto/cipher-nettle.c b/crypto/cipher-nettle.c > index d7411bb8ff..08794a9b10 100644 > --- a/crypto/cipher-nettle.c > +++ b/crypto/cipher-nettle.c > @@ -19,7 +19,9 @@ > */ > > #include "qemu/osdep.h" > +#ifdef CONFIG_QEMU_PRIVATE_XTS > #include "crypto/xts.h" > +#endif > #include "cipherpriv.h" > > #include <nettle/nettle-types.h> > @@ -30,6 +32,9 @@ > #include <nettle/serpent.h> > #include <nettle/twofish.h> > #include <nettle/ctr.h> > +#ifndef CONFIG_QEMU_PRIVATE_XTS > +#include <nettle/xts.h> > +#endif > > typedef void (*QCryptoCipherNettleFuncWrapper)(const void *ctx, > size_t length, > @@ -626,9 +631,15 @@ qcrypto_nettle_cipher_encrypt(QCryptoCipher *cipher, > break; > > case QCRYPTO_CIPHER_MODE_XTS: > +#ifdef CONFIG_QEMU_PRIVATE_XTS > xts_encrypt(ctx->ctx, ctx->ctx_tweak, > ctx->alg_encrypt_wrapper, ctx->alg_encrypt_wrapper, > ctx->iv, len, out, in); > +#else > + xts_encrypt_message(ctx->ctx, ctx->ctx_tweak, > + ctx->alg_encrypt_native, > + ctx->iv, len, out, in); > +#endif > break; > > case QCRYPTO_CIPHER_MODE_CTR: > @@ -673,9 +684,16 @@ qcrypto_nettle_cipher_decrypt(QCryptoCipher *cipher, > break; > > case QCRYPTO_CIPHER_MODE_XTS: > +#ifdef CONFIG_QEMU_PRIVATE_XTS > xts_decrypt(ctx->ctx, ctx->ctx_tweak, > ctx->alg_encrypt_wrapper, ctx->alg_decrypt_wrapper, > ctx->iv, len, out, in); > +#else > + xts_decrypt_message(ctx->ctx, ctx->ctx_tweak, > + ctx->alg_encrypt_native, > + ctx->alg_decrypt_native, > + ctx->iv, len, out, in); > +#endif > break; > case QCRYPTO_CIPHER_MODE_CTR: > ctr_crypt(ctx->ctx, ctx->alg_encrypt_native, >
On Thu, Oct 17, 2019 at 03:56:54PM +0100, Daniel P. Berrangé wrote: > Nettle 3.5.0 will add support for the XTS mode. Use this because long > term we wish to delete QEMU's XTS impl to avoid carrying private crypto > algorithm impls. > > Unfortunately this degrades nettle performance from 612 MB/s to 568 MB/s > as nettle's XTS impl isn't so well optimized yet. > > Signed-off-by: Daniel P. Berrangé <berrange@redhat.com> > --- > configure | 18 ++++++++++++++++++ > crypto/cipher-nettle.c | 18 ++++++++++++++++++ > 2 files changed, 36 insertions(+) > > diff --git a/configure b/configure > index 98edb0ff44..6650c72348 100755 > --- a/configure > +++ b/configure > @@ -471,6 +471,7 @@ gtk_gl="no" > tls_priority="NORMAL" > gnutls="" > nettle="" > +nettle_xts="no" > gcrypt="" > gcrypt_hmac="no" > gcrypt_xts="no" > @@ -2862,6 +2863,19 @@ if test "$nettle" != "no"; then > pass="yes" > fi > fi > + if test "$pass" = "yes" > + then > + cat > $TMPC << EOF > +#include <nettle/xts.h> > +int main(void) { > + return 0; > +} > +EOF > + if compile_prog "$nettle_cflags" "$nettle_libs" ; then > + nettle_xts=yes > + qemu_private_xts=no > + fi > + fi > if test "$pass" = "no" && test "$nettle" = "yes"; then > feature_not_found "nettle" "Install nettle devel >= 2.7.1" > else > @@ -6337,6 +6351,10 @@ then > echo " XTS $gcrypt_xts" > fi > echo "nettle $nettle $(echo_version $nettle $nettle_version)" > +if test "$nettle" = "yes" > +then > + echo " XTS $nettle_xts" > +fi > echo "libtasn1 $tasn1" > echo "PAM $auth_pam" > echo "iconv support $iconv" > diff --git a/crypto/cipher-nettle.c b/crypto/cipher-nettle.c > index d7411bb8ff..08794a9b10 100644 > --- a/crypto/cipher-nettle.c > +++ b/crypto/cipher-nettle.c > @@ -19,7 +19,9 @@ > */ > > #include "qemu/osdep.h" > +#ifdef CONFIG_QEMU_PRIVATE_XTS > #include "crypto/xts.h" > +#endif > #include "cipherpriv.h" > > #include <nettle/nettle-types.h> > @@ -30,6 +32,9 @@ > #include <nettle/serpent.h> > #include <nettle/twofish.h> > #include <nettle/ctr.h> > +#ifndef CONFIG_QEMU_PRIVATE_XTS > +#include <nettle/xts.h> > +#endif > > typedef void (*QCryptoCipherNettleFuncWrapper)(const void *ctx, > size_t length, > @@ -626,9 +631,15 @@ qcrypto_nettle_cipher_encrypt(QCryptoCipher *cipher, > break; > > case QCRYPTO_CIPHER_MODE_XTS: > +#ifdef CONFIG_QEMU_PRIVATE_XTS > xts_encrypt(ctx->ctx, ctx->ctx_tweak, > ctx->alg_encrypt_wrapper, ctx->alg_encrypt_wrapper, > ctx->iv, len, out, in); > +#else > + xts_encrypt_message(ctx->ctx, ctx->ctx_tweak, > + ctx->alg_encrypt_native, > + ctx->iv, len, out, in); > +#endif > break; > > case QCRYPTO_CIPHER_MODE_CTR: > @@ -673,9 +684,16 @@ qcrypto_nettle_cipher_decrypt(QCryptoCipher *cipher, > break; > > case QCRYPTO_CIPHER_MODE_XTS: > +#ifdef CONFIG_QEMU_PRIVATE_XTS > xts_decrypt(ctx->ctx, ctx->ctx_tweak, > ctx->alg_encrypt_wrapper, ctx->alg_decrypt_wrapper, > ctx->iv, len, out, in); > +#else > + xts_decrypt_message(ctx->ctx, ctx->ctx_tweak, > + ctx->alg_encrypt_native, > + ctx->alg_decrypt_native, > + ctx->iv, len, out, in); > +#endif > break; > case QCRYPTO_CIPHER_MODE_CTR: > ctr_crypt(ctx->ctx, ctx->alg_encrypt_native, It seems clear to me: Reviewed-by: Stefano Garzarella <sgarzare@redhat.com>
diff --git a/configure b/configure index 98edb0ff44..6650c72348 100755 --- a/configure +++ b/configure @@ -471,6 +471,7 @@ gtk_gl="no" tls_priority="NORMAL" gnutls="" nettle="" +nettle_xts="no" gcrypt="" gcrypt_hmac="no" gcrypt_xts="no" @@ -2862,6 +2863,19 @@ if test "$nettle" != "no"; then pass="yes" fi fi + if test "$pass" = "yes" + then + cat > $TMPC << EOF +#include <nettle/xts.h> +int main(void) { + return 0; +} +EOF + if compile_prog "$nettle_cflags" "$nettle_libs" ; then + nettle_xts=yes + qemu_private_xts=no + fi + fi if test "$pass" = "no" && test "$nettle" = "yes"; then feature_not_found "nettle" "Install nettle devel >= 2.7.1" else @@ -6337,6 +6351,10 @@ then echo " XTS $gcrypt_xts" fi echo "nettle $nettle $(echo_version $nettle $nettle_version)" +if test "$nettle" = "yes" +then + echo " XTS $nettle_xts" +fi echo "libtasn1 $tasn1" echo "PAM $auth_pam" echo "iconv support $iconv" diff --git a/crypto/cipher-nettle.c b/crypto/cipher-nettle.c index d7411bb8ff..08794a9b10 100644 --- a/crypto/cipher-nettle.c +++ b/crypto/cipher-nettle.c @@ -19,7 +19,9 @@ */ #include "qemu/osdep.h" +#ifdef CONFIG_QEMU_PRIVATE_XTS #include "crypto/xts.h" +#endif #include "cipherpriv.h" #include <nettle/nettle-types.h> @@ -30,6 +32,9 @@ #include <nettle/serpent.h> #include <nettle/twofish.h> #include <nettle/ctr.h> +#ifndef CONFIG_QEMU_PRIVATE_XTS +#include <nettle/xts.h> +#endif typedef void (*QCryptoCipherNettleFuncWrapper)(const void *ctx, size_t length, @@ -626,9 +631,15 @@ qcrypto_nettle_cipher_encrypt(QCryptoCipher *cipher, break; case QCRYPTO_CIPHER_MODE_XTS: +#ifdef CONFIG_QEMU_PRIVATE_XTS xts_encrypt(ctx->ctx, ctx->ctx_tweak, ctx->alg_encrypt_wrapper, ctx->alg_encrypt_wrapper, ctx->iv, len, out, in); +#else + xts_encrypt_message(ctx->ctx, ctx->ctx_tweak, + ctx->alg_encrypt_native, + ctx->iv, len, out, in); +#endif break; case QCRYPTO_CIPHER_MODE_CTR: @@ -673,9 +684,16 @@ qcrypto_nettle_cipher_decrypt(QCryptoCipher *cipher, break; case QCRYPTO_CIPHER_MODE_XTS: +#ifdef CONFIG_QEMU_PRIVATE_XTS xts_decrypt(ctx->ctx, ctx->ctx_tweak, ctx->alg_encrypt_wrapper, ctx->alg_decrypt_wrapper, ctx->iv, len, out, in); +#else + xts_decrypt_message(ctx->ctx, ctx->ctx_tweak, + ctx->alg_encrypt_native, + ctx->alg_decrypt_native, + ctx->iv, len, out, in); +#endif break; case QCRYPTO_CIPHER_MODE_CTR: ctr_crypt(ctx->ctx, ctx->alg_encrypt_native,
Nettle 3.5.0 will add support for the XTS mode. Use this because long term we wish to delete QEMU's XTS impl to avoid carrying private crypto algorithm impls. Unfortunately this degrades nettle performance from 612 MB/s to 568 MB/s as nettle's XTS impl isn't so well optimized yet. Signed-off-by: Daniel P. Berrangé <berrange@redhat.com> --- configure | 18 ++++++++++++++++++ crypto/cipher-nettle.c | 18 ++++++++++++++++++ 2 files changed, 36 insertions(+)