[Qemu-devel] [PATCH v6 00/18] crypto: add afalg-backend support

longpeng.mike@gmail.com posted 18 patches 6 years, 8 months ago
Patches applied successfully (tree, apply log)
git fetch https://github.com/patchew-project/qemu tags/patchew/1500055451-14041-1-git-send-email-longpeng.mike@gmail.com
Test FreeBSD passed
Test checkpatch passed
Test docker passed
Test s390x passed
configure                       |  30 ++++++
crypto/Makefile.objs            |   3 +
crypto/afalg.c                  | 116 +++++++++++++++++++++
crypto/afalgpriv.h              |  64 ++++++++++++
crypto/cipher-afalg.c           | 226 ++++++++++++++++++++++++++++++++++++++++
crypto/cipher-builtin.c         | 125 +++++++++++-----------
crypto/cipher-gcrypt.c          | 105 ++++++++++---------
crypto/cipher-nettle.c          |  84 ++++++++-------
crypto/cipher.c                 |  80 ++++++++++++++
crypto/cipherpriv.h             |  56 ++++++++++
crypto/hash-afalg.c             | 214 +++++++++++++++++++++++++++++++++++++
crypto/hash-gcrypt.c            |  19 ++--
crypto/hash-glib.c              |  19 ++--
crypto/hash-nettle.c            |  19 ++--
crypto/hash.c                   |  30 ++++++
crypto/hashpriv.h               |  39 +++++++
crypto/hmac-gcrypt.c            |  42 ++++----
crypto/hmac-glib.c              |  63 ++++++-----
crypto/hmac-nettle.c            |  42 ++++----
crypto/hmac.c                   |  58 +++++++++++
crypto/hmac.h                   | 166 -----------------------------
crypto/hmacpriv.h               |  48 +++++++++
include/crypto/cipher.h         |   1 +
include/crypto/hmac.h           | 167 +++++++++++++++++++++++++++++
tests/Makefile.include          |  13 ++-
tests/benchmark-crypto-cipher.c |  88 ++++++++++++++++
tests/benchmark-crypto-hash.c   |  67 ++++++++++++
tests/benchmark-crypto-hmac.c   |  82 +++++++++++++++
28 files changed, 1655 insertions(+), 411 deletions(-)
create mode 100644 crypto/afalg.c
create mode 100644 crypto/afalgpriv.h
create mode 100644 crypto/cipher-afalg.c
create mode 100644 crypto/cipherpriv.h
create mode 100644 crypto/hash-afalg.c
create mode 100644 crypto/hashpriv.h
delete mode 100644 crypto/hmac.h
create mode 100644 crypto/hmacpriv.h
create mode 100644 include/crypto/hmac.h
create mode 100644 tests/benchmark-crypto-cipher.c
create mode 100644 tests/benchmark-crypto-hash.c
create mode 100644 tests/benchmark-crypto-hmac.c
[Qemu-devel] [PATCH v6 00/18] crypto: add afalg-backend support
Posted by longpeng.mike@gmail.com 6 years, 8 months ago
From: "Longpeng(Mike)" <longpeng2@huawei.com>

The AF_ALG socket family is the userspace interface for linux
crypto API, users can use it to access hardware accelerators.

This patchset adds a afalg-backend for qemu crypto subsystem. QEMU
would try to use afalg-backend first if configures '--enable-crypto
-afalg' and hostos support AF_ALG.

I measured the performance about the afalg-backend impls, I tested
how many data could be encrypted in 5 seconds.

NOTE: In some scenarios library-backend using CPU insns for crypto
      would be faster.

test-environment: Intel(R) Core(TM) i5-6500 CPU @ 3.20GHz

*sha256*
chunk_size(bytes)   MB/sec(afalg:sha256-ssse3)  MB/sec(nettle)
512                 93.03                       185.87
1024                146.32                      201.78
2048                213.32                      210.93
4096                275.48                      215.26
8192                321.77                      217.49
16384               349.60                      219.26
32768               363.59                      219.73
65536               375.79                      219.99

*hmac(sha256)*
chunk_size(bytes)   MB/sec(afalg:sha256-ssse3)  MB/sec(nettle)
512                 71.26                       165.55
1024                117.43                      189.15
2048                180.96                      203.24
4096                247.60                      211.38
8192                301.99                      215.65
16384               340.79                      218.22
32768               365.51                      219.49
65536               377.92                      220.24

*cbc(aes128)*
chunk_size(bytes)   MB/sec(afalg:cbc-aes-aesni)  MB/sec(nettle)
512                 371.76                       188.41
1024                559.86                       189.64
2048                768.66                       192.11
4096                939.15                       192.40
8192                1029.48                      192.49
16384               1072.79                      190.52
32768               1109.38                      190.41
65536               1102.38                      190.40

---
Changes since v5:
    - use afalg-backend first only when configured with
      '--enable-crypto-afalg' and AF_ALG is supportted. 
      [Daniel]

Changes since v4:
    - remove 'name' field in 'struct CryptoAFAlg'. [Daniel]
    - add error handling for read() returning less than requested. [Daniel]
    - use iov_send_recv to recv msg in hash-afalg.c. [Daniel]
    - refactor hmac benchmark as suggestion. [Daniel]

Changes since v3:
    - add "Reviewed-by: Daniel P. Berrange <address@hidden>" in
      commit messages of PATCH 1/2/3/4/5/7/8/9/10/11.
    - PATCH 12: use strlen() instead of qemu_strnlen() in 
qcrypto_afalg_build_saddr(). [Daniel]
    - PATCH 12: rather than indenting the entire method, just return immediately
                if afalg=NULL. [Daniel]
    - PATCH 13: use g_strdup_printf() instead of g_new0+snprintf() and remove
                redundant bounds check in qcrypto_afalg_cipher_format_name(). 
[Daniel]
    - PATCH 13: s/except_niv/expect_niv  s/origin_contorllen/origin_controllen. 
[Daniel]
    - PATCH 13: use '%zu' to print 'size_t' in qcrypto_afalg_cipher_setiv(). 
[Daniel]
    - PATCH 13: remove qcrypto_cipher_using_afalg_drv(). [Daniel]
    - PATCH 13: refactor the qcrypto_cipher_new() as Daniel's suggestion. 
[Daniel]
    - PATCH 13: correct the ->cmsg initialization int 
qcrypto_afalg_cipher_ctx_new() to
                avoid different behaviour in test_cipher_null_iv(). [Daniel]
    - PATCH 14: use g_strdup_printf() instead of g_new0+snprintf() and remove
                edundant bounds check in qcrypto_afalg_hash_format_name(). 
[Daniel]
    - PATCH 14: s/except_len/expect_len. [Daniel]
    - PATCH 14: free 'errp' if afalg_driver.hash_bytesv() failed. [Daniel]
    - PATCH 14: maybe some afalg errors should be treated as fatal, but we
                have no idea yet, so add a "TODO" comment.
    - PATCH 15: refactor the qcrypto_hmac_new() as Daniel's suggestion. [Daniel]

Changes since v2:
    - init sockaddr_alg object when it's defined. [Gonglei]
    - fix some superfluous initialization. [Gonglei]
    - s/opeartion/operation/g in crypto/afalgpriv.h. [Gonglei]
    - check 'niv' in qcrypto_afalg_cipher_setiv. [Gonglei]

Changes since v1:
    - use "make check-speed" to testing the performance. [Daniel]
    - put private definations into crypto/***priv.h. [Daniel]
    - remove afalg socket from qapi-schema, put them into crypto/. [Daniel]
    - some Error report change. [Daniel]
    - s/QCryptoAfalg/QCryptoAFAlg. [Daniel]
    - use snprintf with bounds checking instead of sprintf. [Daniel]
    - use "qcrypto_afalg_" prefix and "qcrypto_nettle(gcrypt,glib,builtin)_" 
prefix. [Daniel]
    - add testing results in cover-letter. [Gonglei]

---
Longpeng(Mike) (18):
  crypto: cipher: introduce context free function
  crypto: cipher: introduce qcrypto_cipher_ctx_new for gcrypt-backend
  crypto: cipher: introduce qcrypto_cipher_ctx_new for nettle-backend
  crypto: cipher: introduce qcrypto_cipher_ctx_new for builtin-backend
  crypto: cipher: add cipher driver framework
  crypto: hash: add hash driver framework
  crypto: hmac: move crypto/hmac.h into include/crypto/
  crypto: hmac: introduce qcrypto_hmac_ctx_new for gcrypt-backend
  crypto: hmac: introduce qcrypto_hmac_ctx_new for nettle-backend
  crypto: hmac: introduce qcrypto_hmac_ctx_new for glib-backend
  crypto: hmac: add hmac driver framework
  crypto: introduce some common functions for af_alg backend
  crypto: cipher: add afalg-backend cipher support
  crypto: hash: add afalg-backend hash support
  crypto: hmac: add af_alg-backend hmac support
  tests: crypto: add cipher speed benchmark support
  tests: crypto: add hash speed benchmark support
  tests: crypto: add hmac speed benchmark support

 configure                       |  30 ++++++
 crypto/Makefile.objs            |   3 +
 crypto/afalg.c                  | 116 +++++++++++++++++++++
 crypto/afalgpriv.h              |  64 ++++++++++++
 crypto/cipher-afalg.c           | 226 ++++++++++++++++++++++++++++++++++++++++
 crypto/cipher-builtin.c         | 125 +++++++++++-----------
 crypto/cipher-gcrypt.c          | 105 ++++++++++---------
 crypto/cipher-nettle.c          |  84 ++++++++-------
 crypto/cipher.c                 |  80 ++++++++++++++
 crypto/cipherpriv.h             |  56 ++++++++++
 crypto/hash-afalg.c             | 214 +++++++++++++++++++++++++++++++++++++
 crypto/hash-gcrypt.c            |  19 ++--
 crypto/hash-glib.c              |  19 ++--
 crypto/hash-nettle.c            |  19 ++--
 crypto/hash.c                   |  30 ++++++
 crypto/hashpriv.h               |  39 +++++++
 crypto/hmac-gcrypt.c            |  42 ++++----
 crypto/hmac-glib.c              |  63 ++++++-----
 crypto/hmac-nettle.c            |  42 ++++----
 crypto/hmac.c                   |  58 +++++++++++
 crypto/hmac.h                   | 166 -----------------------------
 crypto/hmacpriv.h               |  48 +++++++++
 include/crypto/cipher.h         |   1 +
 include/crypto/hmac.h           | 167 +++++++++++++++++++++++++++++
 tests/Makefile.include          |  13 ++-
 tests/benchmark-crypto-cipher.c |  88 ++++++++++++++++
 tests/benchmark-crypto-hash.c   |  67 ++++++++++++
 tests/benchmark-crypto-hmac.c   |  82 +++++++++++++++
 28 files changed, 1655 insertions(+), 411 deletions(-)
 create mode 100644 crypto/afalg.c
 create mode 100644 crypto/afalgpriv.h
 create mode 100644 crypto/cipher-afalg.c
 create mode 100644 crypto/cipherpriv.h
 create mode 100644 crypto/hash-afalg.c
 create mode 100644 crypto/hashpriv.h
 delete mode 100644 crypto/hmac.h
 create mode 100644 crypto/hmacpriv.h
 create mode 100644 include/crypto/hmac.h
 create mode 100644 tests/benchmark-crypto-cipher.c
 create mode 100644 tests/benchmark-crypto-hash.c
 create mode 100644 tests/benchmark-crypto-hmac.c

-- 
1.8.3.1


Re: [Qemu-devel] [PATCH v6 00/18] crypto: add afalg-backend support
Posted by Daniel P. Berrange 6 years, 8 months ago
On Fri, Jul 14, 2017 at 02:03:53PM -0400, longpeng.mike@gmail.com wrote:
> From: "Longpeng(Mike)" <longpeng2@huawei.com>
> 
> The AF_ALG socket family is the userspace interface for linux
> crypto API, users can use it to access hardware accelerators.
> 
> This patchset adds a afalg-backend for qemu crypto subsystem. QEMU
> would try to use afalg-backend first if configures '--enable-crypto
> -afalg' and hostos support AF_ALG.
> 
> I measured the performance about the afalg-backend impls, I tested
> how many data could be encrypted in 5 seconds.
> 
> NOTE: In some scenarios library-backend using CPU insns for crypto
>       would be faster.
> 
> test-environment: Intel(R) Core(TM) i5-6500 CPU @ 3.20GHz
> 
> *sha256*
> chunk_size(bytes)   MB/sec(afalg:sha256-ssse3)  MB/sec(nettle)
> 512                 93.03                       185.87
> 1024                146.32                      201.78
> 2048                213.32                      210.93
> 4096                275.48                      215.26
> 8192                321.77                      217.49
> 16384               349.60                      219.26
> 32768               363.59                      219.73
> 65536               375.79                      219.99
> 
> *hmac(sha256)*
> chunk_size(bytes)   MB/sec(afalg:sha256-ssse3)  MB/sec(nettle)
> 512                 71.26                       165.55
> 1024                117.43                      189.15
> 2048                180.96                      203.24
> 4096                247.60                      211.38
> 8192                301.99                      215.65
> 16384               340.79                      218.22
> 32768               365.51                      219.49
> 65536               377.92                      220.24
> 
> *cbc(aes128)*
> chunk_size(bytes)   MB/sec(afalg:cbc-aes-aesni)  MB/sec(nettle)
> 512                 371.76                       188.41
> 1024                559.86                       189.64
> 2048                768.66                       192.11
> 4096                939.15                       192.40
> 8192                1029.48                      192.49
> 16384               1072.79                      190.52
> 32768               1109.38                      190.41
> 65536               1102.38                      190.40
> 
> ---
> Changes since v5:
>     - use afalg-backend first only when configured with
>       '--enable-crypto-afalg' and AF_ALG is supportted. 
>       [Daniel]
> 
> Changes since v4:
>     - remove 'name' field in 'struct CryptoAFAlg'. [Daniel]
>     - add error handling for read() returning less than requested. [Daniel]
>     - use iov_send_recv to recv msg in hash-afalg.c. [Daniel]
>     - refactor hmac benchmark as suggestion. [Daniel]
> 
> Changes since v3:
>     - add "Reviewed-by: Daniel P. Berrange <address@hidden>" in
>       commit messages of PATCH 1/2/3/4/5/7/8/9/10/11.
>     - PATCH 12: use strlen() instead of qemu_strnlen() in 
> qcrypto_afalg_build_saddr(). [Daniel]
>     - PATCH 12: rather than indenting the entire method, just return immediately
>                 if afalg=NULL. [Daniel]
>     - PATCH 13: use g_strdup_printf() instead of g_new0+snprintf() and remove
>                 redundant bounds check in qcrypto_afalg_cipher_format_name(). 
> [Daniel]
>     - PATCH 13: s/except_niv/expect_niv  s/origin_contorllen/origin_controllen. 
> [Daniel]
>     - PATCH 13: use '%zu' to print 'size_t' in qcrypto_afalg_cipher_setiv(). 
> [Daniel]
>     - PATCH 13: remove qcrypto_cipher_using_afalg_drv(). [Daniel]
>     - PATCH 13: refactor the qcrypto_cipher_new() as Daniel's suggestion. 
> [Daniel]
>     - PATCH 13: correct the ->cmsg initialization int 
> qcrypto_afalg_cipher_ctx_new() to
>                 avoid different behaviour in test_cipher_null_iv(). [Daniel]
>     - PATCH 14: use g_strdup_printf() instead of g_new0+snprintf() and remove
>                 edundant bounds check in qcrypto_afalg_hash_format_name(). 
> [Daniel]
>     - PATCH 14: s/except_len/expect_len. [Daniel]
>     - PATCH 14: free 'errp' if afalg_driver.hash_bytesv() failed. [Daniel]
>     - PATCH 14: maybe some afalg errors should be treated as fatal, but we
>                 have no idea yet, so add a "TODO" comment.
>     - PATCH 15: refactor the qcrypto_hmac_new() as Daniel's suggestion. [Daniel]
> 
> Changes since v2:
>     - init sockaddr_alg object when it's defined. [Gonglei]
>     - fix some superfluous initialization. [Gonglei]
>     - s/opeartion/operation/g in crypto/afalgpriv.h. [Gonglei]
>     - check 'niv' in qcrypto_afalg_cipher_setiv. [Gonglei]
> 
> Changes since v1:
>     - use "make check-speed" to testing the performance. [Daniel]
>     - put private definations into crypto/***priv.h. [Daniel]
>     - remove afalg socket from qapi-schema, put them into crypto/. [Daniel]
>     - some Error report change. [Daniel]
>     - s/QCryptoAfalg/QCryptoAFAlg. [Daniel]
>     - use snprintf with bounds checking instead of sprintf. [Daniel]
>     - use "qcrypto_afalg_" prefix and "qcrypto_nettle(gcrypt,glib,builtin)_" 
> prefix. [Daniel]
>     - add testing results in cover-letter. [Gonglei]
> 
> ---
> Longpeng(Mike) (18):
>   crypto: cipher: introduce context free function
>   crypto: cipher: introduce qcrypto_cipher_ctx_new for gcrypt-backend
>   crypto: cipher: introduce qcrypto_cipher_ctx_new for nettle-backend
>   crypto: cipher: introduce qcrypto_cipher_ctx_new for builtin-backend
>   crypto: cipher: add cipher driver framework
>   crypto: hash: add hash driver framework
>   crypto: hmac: move crypto/hmac.h into include/crypto/
>   crypto: hmac: introduce qcrypto_hmac_ctx_new for gcrypt-backend
>   crypto: hmac: introduce qcrypto_hmac_ctx_new for nettle-backend
>   crypto: hmac: introduce qcrypto_hmac_ctx_new for glib-backend
>   crypto: hmac: add hmac driver framework
>   crypto: introduce some common functions for af_alg backend
>   crypto: cipher: add afalg-backend cipher support
>   crypto: hash: add afalg-backend hash support
>   crypto: hmac: add af_alg-backend hmac support
>   tests: crypto: add cipher speed benchmark support
>   tests: crypto: add hash speed benchmark support
>   tests: crypto: add hmac speed benchmark support
> 
>  configure                       |  30 ++++++
>  crypto/Makefile.objs            |   3 +
>  crypto/afalg.c                  | 116 +++++++++++++++++++++
>  crypto/afalgpriv.h              |  64 ++++++++++++
>  crypto/cipher-afalg.c           | 226 ++++++++++++++++++++++++++++++++++++++++
>  crypto/cipher-builtin.c         | 125 +++++++++++-----------
>  crypto/cipher-gcrypt.c          | 105 ++++++++++---------
>  crypto/cipher-nettle.c          |  84 ++++++++-------
>  crypto/cipher.c                 |  80 ++++++++++++++
>  crypto/cipherpriv.h             |  56 ++++++++++
>  crypto/hash-afalg.c             | 214 +++++++++++++++++++++++++++++++++++++
>  crypto/hash-gcrypt.c            |  19 ++--
>  crypto/hash-glib.c              |  19 ++--
>  crypto/hash-nettle.c            |  19 ++--
>  crypto/hash.c                   |  30 ++++++
>  crypto/hashpriv.h               |  39 +++++++
>  crypto/hmac-gcrypt.c            |  42 ++++----
>  crypto/hmac-glib.c              |  63 ++++++-----
>  crypto/hmac-nettle.c            |  42 ++++----
>  crypto/hmac.c                   |  58 +++++++++++
>  crypto/hmac.h                   | 166 -----------------------------
>  crypto/hmacpriv.h               |  48 +++++++++
>  include/crypto/cipher.h         |   1 +
>  include/crypto/hmac.h           | 167 +++++++++++++++++++++++++++++
>  tests/Makefile.include          |  13 ++-
>  tests/benchmark-crypto-cipher.c |  88 ++++++++++++++++
>  tests/benchmark-crypto-hash.c   |  67 ++++++++++++
>  tests/benchmark-crypto-hmac.c   |  82 +++++++++++++++
>  28 files changed, 1655 insertions(+), 411 deletions(-)
>  create mode 100644 crypto/afalg.c
>  create mode 100644 crypto/afalgpriv.h
>  create mode 100644 crypto/cipher-afalg.c
>  create mode 100644 crypto/cipherpriv.h
>  create mode 100644 crypto/hash-afalg.c
>  create mode 100644 crypto/hashpriv.h
>  delete mode 100644 crypto/hmac.h
>  create mode 100644 crypto/hmacpriv.h
>  create mode 100644 include/crypto/hmac.h
>  create mode 100644 tests/benchmark-crypto-cipher.c
>  create mode 100644 tests/benchmark-crypto-hash.c
>  create mode 100644 tests/benchmark-crypto-hmac.c

Queued for merge.

Thanks for your contribution to QEMU


Regards,
Daniel
-- 
|: https://berrange.com      -o-    https://www.flickr.com/photos/dberrange :|
|: https://libvirt.org         -o-            https://fstop138.berrange.com :|
|: https://entangle-photo.org    -o-    https://www.instagram.com/dberrange :|