qemu-devel
[Top][All Lists]
Advanced
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [PATCH 4/4] crypto: add support for nettle's native XTS impl

From: Philippe Mathieu-Daudé
Subject: Re: [PATCH 4/4] crypto: add support for nettle's native XTS impl
Date: Fri, 25 Oct 2019 15:33:39 +0200
User-agent: Mozilla/5.0 (X11; Linux x86_64; rv:68.0) Gecko/20100101 Thunderbird/68.1.1 
On 10/17/19 4:56 PM, Daniel P. Berrangé wrote:

Nettle 3.5.0 will add support for the XTS mode. Use this because long
term we wish to delete QEMU's XTS impl to avoid carrying private crypto
algorithm impls.

Unfortunately this degrades nettle performance from 612 MB/s to 568 MB/s
as nettle's XTS impl isn't so well optimized yet.

Signed-off-by: Daniel P. Berrangé <address@hidden>
---
  configure              | 18 ++++++++++++++++++
  crypto/cipher-nettle.c | 18 ++++++++++++++++++
  2 files changed, 36 insertions(+)

diff --git a/configure b/configure
index 98edb0ff44..6650c72348 100755
--- a/configure
+++ b/configure
@@ -471,6 +471,7 @@ gtk_gl="no"
  tls_priority="NORMAL"
  gnutls=""
  nettle=""
+nettle_xts="no"
  gcrypt=""
  gcrypt_hmac="no"
  gcrypt_xts="no"
@@ -2862,6 +2863,19 @@ if test "$nettle" != "no"; then
              pass="yes"
          fi
      fi
+    if test "$pass" = "yes"
+    then
+        cat > $TMPC << EOF
+#include <nettle/xts.h>
+int main(void) {
+  return 0;
+}
+EOF
+        if compile_prog "$nettle_cflags" "$nettle_libs" ; then
+            nettle_xts=yes
+            qemu_private_xts=no


Ah, now this variable makes sense.

Reviewed-by: Philippe Mathieu-Daudé <address@hidden>


+        fi
+    fi
      if test "$pass" = "no" && test "$nettle" = "yes"; then
          feature_not_found "nettle" "Install nettle devel >= 2.7.1"
      else
@@ -6337,6 +6351,10 @@ then
     echo "  XTS             $gcrypt_xts"
  fi
  echo "nettle            $nettle $(echo_version $nettle $nettle_version)"
+if test "$nettle" = "yes"
+then
+   echo "  XTS             $nettle_xts"
+fi
  echo "libtasn1          $tasn1"
  echo "PAM               $auth_pam"
  echo "iconv support     $iconv"
diff --git a/crypto/cipher-nettle.c b/crypto/cipher-nettle.c
index d7411bb8ff..08794a9b10 100644
--- a/crypto/cipher-nettle.c
+++ b/crypto/cipher-nettle.c
@@ -19,7 +19,9 @@
   */
#include "qemu/osdep.h" 
+#ifdef CONFIG_QEMU_PRIVATE_XTS
  #include "crypto/xts.h"
+#endif
  #include "cipherpriv.h"
#include <nettle/nettle-types.h> 
@@ -30,6 +32,9 @@
  #include <nettle/serpent.h>
  #include <nettle/twofish.h>
  #include <nettle/ctr.h>
+#ifndef CONFIG_QEMU_PRIVATE_XTS
+#include <nettle/xts.h>
+#endif
typedef void (*QCryptoCipherNettleFuncWrapper)(const void *ctx, 
                                                 size_t length,
@@ -626,9 +631,15 @@ qcrypto_nettle_cipher_encrypt(QCryptoCipher *cipher,
          break;
case QCRYPTO_CIPHER_MODE_XTS: 
+#ifdef CONFIG_QEMU_PRIVATE_XTS
          xts_encrypt(ctx->ctx, ctx->ctx_tweak,
                      ctx->alg_encrypt_wrapper, ctx->alg_encrypt_wrapper,
                      ctx->iv, len, out, in);
+#else
+        xts_encrypt_message(ctx->ctx, ctx->ctx_tweak,
+                            ctx->alg_encrypt_native,
+                            ctx->iv, len, out, in);
+#endif
          break;
case QCRYPTO_CIPHER_MODE_CTR: 
@@ -673,9 +684,16 @@ qcrypto_nettle_cipher_decrypt(QCryptoCipher *cipher,
          break;
case QCRYPTO_CIPHER_MODE_XTS: 
+#ifdef CONFIG_QEMU_PRIVATE_XTS
          xts_decrypt(ctx->ctx, ctx->ctx_tweak,
                      ctx->alg_encrypt_wrapper, ctx->alg_decrypt_wrapper,
                      ctx->iv, len, out, in);
+#else
+        xts_decrypt_message(ctx->ctx, ctx->ctx_tweak,
+                            ctx->alg_encrypt_native,
+                            ctx->alg_decrypt_native,
+                            ctx->iv, len, out, in);
+#endif
          break;
      case QCRYPTO_CIPHER_MODE_CTR:
          ctr_crypt(ctx->ctx, ctx->alg_encrypt_native,
reply via email to
[Prev in Thread] Current Thread [Next in Thread]