On Fri, Jul 14, 2017 at 02:03:53PM -0400, longpeng.mike@gmail.com wrote:
> From: "Longpeng(Mike)" <longpeng2@huawei.com>
>
> The AF_ALG socket family is the userspace interface for linux
> crypto API, users can use it to access hardware accelerators.
>
> This patchset adds a afalg-backend for qemu crypto subsystem. QEMU
> would try to use afalg-backend first if configures '--enable-crypto
> -afalg' and hostos support AF_ALG.
>
> I measured the performance about the afalg-backend impls, I tested
> how many data could be encrypted in 5 seconds.
>
> NOTE: In some scenarios library-backend using CPU insns for crypto
> would be faster.
>
> test-environment: Intel(R) Core(TM) i5-6500 CPU @ 3.20GHz
>
> *sha256*
> chunk_size(bytes) MB/sec(afalg:sha256-ssse3) MB/sec(nettle)
> 512 93.03 185.87
> 1024 146.32 201.78
> 2048 213.32 210.93
> 4096 275.48 215.26
> 8192 321.77 217.49
> 16384 349.60 219.26
> 32768 363.59 219.73
> 65536 375.79 219.99
>
> *hmac(sha256)*
> chunk_size(bytes) MB/sec(afalg:sha256-ssse3) MB/sec(nettle)
> 512 71.26 165.55
> 1024 117.43 189.15
> 2048 180.96 203.24
> 4096 247.60 211.38
> 8192 301.99 215.65
> 16384 340.79 218.22
> 32768 365.51 219.49
> 65536 377.92 220.24
>
> *cbc(aes128)*
> chunk_size(bytes) MB/sec(afalg:cbc-aes-aesni) MB/sec(nettle)
> 512 371.76 188.41
> 1024 559.86 189.64
> 2048 768.66 192.11
> 4096 939.15 192.40
> 8192 1029.48 192.49
> 16384 1072.79 190.52
> 32768 1109.38 190.41
> 65536 1102.38 190.40
>
> ---
> Changes since v5:
> - use afalg-backend first only when configured with
> '--enable-crypto-afalg' and AF_ALG is supportted.
> [Daniel]
>
> Changes since v4:
> - remove 'name' field in 'struct CryptoAFAlg'. [Daniel]
> - add error handling for read() returning less than requested. [Daniel]
> - use iov_send_recv to recv msg in hash-afalg.c. [Daniel]
> - refactor hmac benchmark as suggestion. [Daniel]
>
> Changes since v3:
> - add "Reviewed-by: Daniel P. Berrange <address@hidden>" in
> commit messages of PATCH 1/2/3/4/5/7/8/9/10/11.
> - PATCH 12: use strlen() instead of qemu_strnlen() in
> qcrypto_afalg_build_saddr(). [Daniel]
> - PATCH 12: rather than indenting the entire method, just return immediately
> if afalg=NULL. [Daniel]
> - PATCH 13: use g_strdup_printf() instead of g_new0+snprintf() and remove
> redundant bounds check in qcrypto_afalg_cipher_format_name().
> [Daniel]
> - PATCH 13: s/except_niv/expect_niv s/origin_contorllen/origin_controllen.
> [Daniel]
> - PATCH 13: use '%zu' to print 'size_t' in qcrypto_afalg_cipher_setiv().
> [Daniel]
> - PATCH 13: remove qcrypto_cipher_using_afalg_drv(). [Daniel]
> - PATCH 13: refactor the qcrypto_cipher_new() as Daniel's suggestion.
> [Daniel]
> - PATCH 13: correct the ->cmsg initialization int
> qcrypto_afalg_cipher_ctx_new() to
> avoid different behaviour in test_cipher_null_iv(). [Daniel]
> - PATCH 14: use g_strdup_printf() instead of g_new0+snprintf() and remove
> edundant bounds check in qcrypto_afalg_hash_format_name().
> [Daniel]
> - PATCH 14: s/except_len/expect_len. [Daniel]
> - PATCH 14: free 'errp' if afalg_driver.hash_bytesv() failed. [Daniel]
> - PATCH 14: maybe some afalg errors should be treated as fatal, but we
> have no idea yet, so add a "TODO" comment.
> - PATCH 15: refactor the qcrypto_hmac_new() as Daniel's suggestion. [Daniel]
>
> Changes since v2:
> - init sockaddr_alg object when it's defined. [Gonglei]
> - fix some superfluous initialization. [Gonglei]
> - s/opeartion/operation/g in crypto/afalgpriv.h. [Gonglei]
> - check 'niv' in qcrypto_afalg_cipher_setiv. [Gonglei]
>
> Changes since v1:
> - use "make check-speed" to testing the performance. [Daniel]
> - put private definations into crypto/***priv.h. [Daniel]
> - remove afalg socket from qapi-schema, put them into crypto/. [Daniel]
> - some Error report change. [Daniel]
> - s/QCryptoAfalg/QCryptoAFAlg. [Daniel]
> - use snprintf with bounds checking instead of sprintf. [Daniel]
> - use "qcrypto_afalg_" prefix and "qcrypto_nettle(gcrypt,glib,builtin)_"
> prefix. [Daniel]
> - add testing results in cover-letter. [Gonglei]
>
> ---
> Longpeng(Mike) (18):
> crypto: cipher: introduce context free function
> crypto: cipher: introduce qcrypto_cipher_ctx_new for gcrypt-backend
> crypto: cipher: introduce qcrypto_cipher_ctx_new for nettle-backend
> crypto: cipher: introduce qcrypto_cipher_ctx_new for builtin-backend
> crypto: cipher: add cipher driver framework
> crypto: hash: add hash driver framework
> crypto: hmac: move crypto/hmac.h into include/crypto/
> crypto: hmac: introduce qcrypto_hmac_ctx_new for gcrypt-backend
> crypto: hmac: introduce qcrypto_hmac_ctx_new for nettle-backend
> crypto: hmac: introduce qcrypto_hmac_ctx_new for glib-backend
> crypto: hmac: add hmac driver framework
> crypto: introduce some common functions for af_alg backend
> crypto: cipher: add afalg-backend cipher support
> crypto: hash: add afalg-backend hash support
> crypto: hmac: add af_alg-backend hmac support
> tests: crypto: add cipher speed benchmark support
> tests: crypto: add hash speed benchmark support
> tests: crypto: add hmac speed benchmark support
>
> configure | 30 ++++++
> crypto/Makefile.objs | 3 +
> crypto/afalg.c | 116 +++++++++++++++++++++
> crypto/afalgpriv.h | 64 ++++++++++++
> crypto/cipher-afalg.c | 226 ++++++++++++++++++++++++++++++++++++++++
> crypto/cipher-builtin.c | 125 +++++++++++-----------
> crypto/cipher-gcrypt.c | 105 ++++++++++---------
> crypto/cipher-nettle.c | 84 ++++++++-------
> crypto/cipher.c | 80 ++++++++++++++
> crypto/cipherpriv.h | 56 ++++++++++
> crypto/hash-afalg.c | 214 +++++++++++++++++++++++++++++++++++++
> crypto/hash-gcrypt.c | 19 ++--
> crypto/hash-glib.c | 19 ++--
> crypto/hash-nettle.c | 19 ++--
> crypto/hash.c | 30 ++++++
> crypto/hashpriv.h | 39 +++++++
> crypto/hmac-gcrypt.c | 42 ++++----
> crypto/hmac-glib.c | 63 ++++++-----
> crypto/hmac-nettle.c | 42 ++++----
> crypto/hmac.c | 58 +++++++++++
> crypto/hmac.h | 166 -----------------------------
> crypto/hmacpriv.h | 48 +++++++++
> include/crypto/cipher.h | 1 +
> include/crypto/hmac.h | 167 +++++++++++++++++++++++++++++
> tests/Makefile.include | 13 ++-
> tests/benchmark-crypto-cipher.c | 88 ++++++++++++++++
> tests/benchmark-crypto-hash.c | 67 ++++++++++++
> tests/benchmark-crypto-hmac.c | 82 +++++++++++++++
> 28 files changed, 1655 insertions(+), 411 deletions(-)
> create mode 100644 crypto/afalg.c
> create mode 100644 crypto/afalgpriv.h
> create mode 100644 crypto/cipher-afalg.c
> create mode 100644 crypto/cipherpriv.h
> create mode 100644 crypto/hash-afalg.c
> create mode 100644 crypto/hashpriv.h
> delete mode 100644 crypto/hmac.h
> create mode 100644 crypto/hmacpriv.h
> create mode 100644 include/crypto/hmac.h
> create mode 100644 tests/benchmark-crypto-cipher.c
> create mode 100644 tests/benchmark-crypto-hash.c
> create mode 100644 tests/benchmark-crypto-hmac.c
Queued for merge.
Thanks for your contribution to QEMU
Regards,
Daniel
--
|: https://berrange.com -o- https://www.flickr.com/photos/dberrange :|
|: https://libvirt.org -o- https://fstop138.berrange.com :|
|: https://entangle-photo.org -o- https://www.instagram.com/dberrange :|