crypto: add support for nettle's native XTS impl

qemu with hax to log dma reads & writes jcs.org/2018/11/12/vfio

Nettle 3.5.0 will add support for the XTS mode. Use this because long
term we wish to delete QEMU's XTS impl to avoid carrying private crypto
algorithm impls.

Unfortunately this degrades nettle performance from 612 MB/s to 568 MB/s
as nettle's XTS impl isn't so well optimized yet.

Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com>
Reviewed-by: Stefano Garzarella <sgarzare@redhat.com>
Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>

Daniel P. Berrangé 6 years ago dc2207af e0576942

+36

2 changed files

expand all

configure

crypto

cipher-nettle.c

+18

configure

··· 472 472 tls_priority="NORMAL" 473 473 gnutls="" 474 474 nettle="" 475 + nettle_xts="no" 475 476 gcrypt="" 476 477 gcrypt_hmac="no" 477 478 gcrypt_xts="no" ··· 2869 2870 gcrypt="no" 2870 2871 fi 2871 2872 pass="yes" 2873 + fi 2874 + fi 2875 + if test "$pass" = "yes" 2876 + then 2877 + cat > $TMPC << EOF 2878 + #include <nettle/xts.h> 2879 + int main(void) { 2880 + return 0; 2881 + } 2882 + EOF 2883 + if compile_prog "$nettle_cflags" "$nettle_libs" ; then 2884 + nettle_xts=yes 2885 + qemu_private_xts=no 2872 2886 fi 2873 2887 fi 2874 2888 if test "$pass" = "no" && test "$nettle" = "yes"; then ··· 6346 6360 echo " XTS $gcrypt_xts" 6347 6361 fi 6348 6362 echo "nettle $nettle $(echo_version $nettle $nettle_version)" 6363 + if test "$nettle" = "yes" 6364 + then 6365 + echo " XTS $nettle_xts" 6366 + fi 6349 6367 echo "libtasn1 $tasn1" 6350 6368 echo "PAM $auth_pam" 6351 6369 echo "iconv support $iconv"

+18

crypto/cipher-nettle.c

··· 19 19 */ 20 20 21 21 #include "qemu/osdep.h" 22 + #ifdef CONFIG_QEMU_PRIVATE_XTS 22 23 #include "crypto/xts.h" 24 + #endif 23 25 #include "cipherpriv.h" 24 26 25 27 #include <nettle/nettle-types.h> ··· 30 32 #include <nettle/serpent.h> 31 33 #include <nettle/twofish.h> 32 34 #include <nettle/ctr.h> 35 + #ifndef CONFIG_QEMU_PRIVATE_XTS 36 + #include <nettle/xts.h> 37 + #endif 33 38 34 39 typedef void (*QCryptoCipherNettleFuncWrapper)(const void *ctx, 35 40 size_t length, ··· 626 631 break; 627 632 628 633 case QCRYPTO_CIPHER_MODE_XTS: 634 + #ifdef CONFIG_QEMU_PRIVATE_XTS 629 635 xts_encrypt(ctx->ctx, ctx->ctx_tweak, 630 636 ctx->alg_encrypt_wrapper, ctx->alg_encrypt_wrapper, 631 637 ctx->iv, len, out, in); 638 + #else 639 + xts_encrypt_message(ctx->ctx, ctx->ctx_tweak, 640 + ctx->alg_encrypt_native, 641 + ctx->iv, len, out, in); 642 + #endif 632 643 break; 633 644 634 645 case QCRYPTO_CIPHER_MODE_CTR: ··· 673 684 break; 674 685 675 686 case QCRYPTO_CIPHER_MODE_XTS: 687 + #ifdef CONFIG_QEMU_PRIVATE_XTS 676 688 xts_decrypt(ctx->ctx, ctx->ctx_tweak, 677 689 ctx->alg_encrypt_wrapper, ctx->alg_decrypt_wrapper, 678 690 ctx->iv, len, out, in); 691 + #else 692 + xts_decrypt_message(ctx->ctx, ctx->ctx_tweak, 693 + ctx->alg_decrypt_native, 694 + ctx->alg_encrypt_native, 695 + ctx->iv, len, out, in); 696 + #endif 679 697 break; 680 698 case QCRYPTO_CIPHER_MODE_CTR: 681 699 ctr_crypt(ctx->ctx, ctx->alg_encrypt_native,