1. Patchew
  2. QEMU
  3. [PULL 0/4] Crypto luks patches
  4. View patch

[PULL 4/4] crypto: add support for nettle's native XTS impl

Daniel P. Berrangé posted 4 patches 6 years, 3 months ago
Maintainers: "Daniel P. Berrangé" <berrange@redhat.com>
[PULL 4/4] crypto: add support for nettle's native XTS impl
Posted by Daniel P. Berrangé 6 years, 3 months ago 
Nettle 3.5.0 will add support for the XTS mode. Use this because long
term we wish to delete QEMU's XTS impl to avoid carrying private crypto
algorithm impls.

Unfortunately this degrades nettle performance from 612 MB/s to 568 MB/s
as nettle's XTS impl isn't so well optimized yet.

Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com>
Reviewed-by: Stefano Garzarella <sgarzare@redhat.com>
Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
---
 configure              | 18 ++++++++++++++++++
 crypto/cipher-nettle.c | 18 ++++++++++++++++++
 2 files changed, 36 insertions(+)

diff --git a/configure b/configure
index d1e9e457ce..452c2dfe4e 100755
--- a/configure
+++ b/configure
@@ -472,6 +472,7 @@ gtk_gl="no"
 tls_priority="NORMAL"
 gnutls=""
 nettle=""
+nettle_xts="no"
 gcrypt=""
 gcrypt_hmac="no"
 gcrypt_xts="no"
@@ -2871,6 +2872,19 @@ if test "$nettle" != "no"; then
             pass="yes"
         fi
     fi
+    if test "$pass" = "yes"
+    then
+        cat > $TMPC << EOF
+#include <nettle/xts.h>
+int main(void) {
+  return 0;
+}
+EOF
+        if compile_prog "$nettle_cflags" "$nettle_libs" ; then
+            nettle_xts=yes
+            qemu_private_xts=no
+        fi
+    fi
     if test "$pass" = "no" && test "$nettle" = "yes"; then
         feature_not_found "nettle" "Install nettle devel >= 2.7.1"
     else
@@ -6346,6 +6360,10 @@ then
    echo "  XTS             $gcrypt_xts"
 fi
 echo "nettle            $nettle $(echo_version $nettle $nettle_version)"
+if test "$nettle" = "yes"
+then
+   echo "  XTS             $nettle_xts"
+fi
 echo "libtasn1          $tasn1"
 echo "PAM               $auth_pam"
 echo "iconv support     $iconv"
diff --git a/crypto/cipher-nettle.c b/crypto/cipher-nettle.c
index d7411bb8ff..7e9a4cc199 100644
--- a/crypto/cipher-nettle.c
+++ b/crypto/cipher-nettle.c
@@ -19,7 +19,9 @@
  */
 
 #include "qemu/osdep.h"
+#ifdef CONFIG_QEMU_PRIVATE_XTS
 #include "crypto/xts.h"
+#endif
 #include "cipherpriv.h"
 
 #include <nettle/nettle-types.h>
@@ -30,6 +32,9 @@
 #include <nettle/serpent.h>
 #include <nettle/twofish.h>
 #include <nettle/ctr.h>
+#ifndef CONFIG_QEMU_PRIVATE_XTS
+#include <nettle/xts.h>
+#endif
 
 typedef void (*QCryptoCipherNettleFuncWrapper)(const void *ctx,
                                                size_t length,
@@ -626,9 +631,15 @@ qcrypto_nettle_cipher_encrypt(QCryptoCipher *cipher,
         break;
 
     case QCRYPTO_CIPHER_MODE_XTS:
+#ifdef CONFIG_QEMU_PRIVATE_XTS
         xts_encrypt(ctx->ctx, ctx->ctx_tweak,
                     ctx->alg_encrypt_wrapper, ctx->alg_encrypt_wrapper,
                     ctx->iv, len, out, in);
+#else
+        xts_encrypt_message(ctx->ctx, ctx->ctx_tweak,
+                            ctx->alg_encrypt_native,
+                            ctx->iv, len, out, in);
+#endif
         break;
 
     case QCRYPTO_CIPHER_MODE_CTR:
@@ -673,9 +684,16 @@ qcrypto_nettle_cipher_decrypt(QCryptoCipher *cipher,
         break;
 
     case QCRYPTO_CIPHER_MODE_XTS:
+#ifdef CONFIG_QEMU_PRIVATE_XTS
         xts_decrypt(ctx->ctx, ctx->ctx_tweak,
                     ctx->alg_encrypt_wrapper, ctx->alg_decrypt_wrapper,
                     ctx->iv, len, out, in);
+#else
+        xts_decrypt_message(ctx->ctx, ctx->ctx_tweak,
+                            ctx->alg_decrypt_native,
+                            ctx->alg_encrypt_native,
+                            ctx->iv, len, out, in);
+#endif
         break;
     case QCRYPTO_CIPHER_MODE_CTR:
         ctr_crypt(ctx->ctx, ctx->alg_encrypt_native,
-- 
2.23.0
Re: [PULL 4/4] crypto: add support for nettle's native XTS impl
Posted by Alex Bennée 6 years, 3 months ago 
Daniel P. Berrangé <berrange@redhat.com> writes:

> Nettle 3.5.0 will add support for the XTS mode. Use this because long
> term we wish to delete QEMU's XTS impl to avoid carrying private crypto
> algorithm impls.
>
> Unfortunately this degrades nettle performance from 612 MB/s to 568 MB/s
> as nettle's XTS impl isn't so well optimized yet.

Unfortunately this has broken some of the Travis tests, specifically:

  # QEMU configure log Wed 30 Oct 14:16:57 GMT 2019
  # Configured with: '../../configure' '--disable-tools' '--disable-docs' '--static' '--disable-system'

> Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com>
> Reviewed-by: Stefano Garzarella <sgarzare@redhat.com>
> Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
> ---
>  configure              | 18 ++++++++++++++++++
>  crypto/cipher-nettle.c | 18 ++++++++++++++++++
>  2 files changed, 36 insertions(+)
>
> diff --git a/configure b/configure
> index d1e9e457ce..452c2dfe4e 100755
> --- a/configure
> +++ b/configure
> @@ -472,6 +472,7 @@ gtk_gl="no"
>  tls_priority="NORMAL"
>  gnutls=""
>  nettle=""
> +nettle_xts="no"
>  gcrypt=""
>  gcrypt_hmac="no"
>  gcrypt_xts="no"
> @@ -2871,6 +2872,19 @@ if test "$nettle" != "no"; then
>              pass="yes"
>          fi
>      fi
> +    if test "$pass" = "yes"
> +    then
> +        cat > $TMPC << EOF
> +#include <nettle/xts.h>
> +int main(void) {
> +  return 0;
> +}
> +EOF
> +        if compile_prog "$nettle_cflags" "$nettle_libs" ; then
> +            nettle_xts=yes
> +            qemu_private_xts=no
> +        fi
> +    fi
>      if test "$pass" = "no" && test "$nettle" = "yes"; then
>          feature_not_found "nettle" "Install nettle devel >= 2.7.1"
>      else
> @@ -6346,6 +6360,10 @@ then
>     echo "  XTS             $gcrypt_xts"
>  fi
>  echo "nettle            $nettle $(echo_version $nettle $nettle_version)"
> +if test "$nettle" = "yes"
> +then
> +   echo "  XTS             $nettle_xts"
> +fi
>  echo "libtasn1          $tasn1"
>  echo "PAM               $auth_pam"
>  echo "iconv support     $iconv"
> diff --git a/crypto/cipher-nettle.c b/crypto/cipher-nettle.c
> index d7411bb8ff..7e9a4cc199 100644
> --- a/crypto/cipher-nettle.c
> +++ b/crypto/cipher-nettle.c
> @@ -19,7 +19,9 @@
>   */
>
>  #include "qemu/osdep.h"
> +#ifdef CONFIG_QEMU_PRIVATE_XTS
>  #include "crypto/xts.h"
> +#endif
>  #include "cipherpriv.h"
>
>  #include <nettle/nettle-types.h>
> @@ -30,6 +32,9 @@
>  #include <nettle/serpent.h>
>  #include <nettle/twofish.h>
>  #include <nettle/ctr.h>
> +#ifndef CONFIG_QEMU_PRIVATE_XTS
> +#include <nettle/xts.h>
> +#endif
>
>  typedef void (*QCryptoCipherNettleFuncWrapper)(const void *ctx,
>                                                 size_t length,
> @@ -626,9 +631,15 @@ qcrypto_nettle_cipher_encrypt(QCryptoCipher *cipher,
>          break;
>
>      case QCRYPTO_CIPHER_MODE_XTS:
> +#ifdef CONFIG_QEMU_PRIVATE_XTS
>          xts_encrypt(ctx->ctx, ctx->ctx_tweak,
>                      ctx->alg_encrypt_wrapper, ctx->alg_encrypt_wrapper,
>                      ctx->iv, len, out, in);
> +#else
> +        xts_encrypt_message(ctx->ctx, ctx->ctx_tweak,
> +                            ctx->alg_encrypt_native,
> +                            ctx->iv, len, out, in);
> +#endif
>          break;
>
>      case QCRYPTO_CIPHER_MODE_CTR:
> @@ -673,9 +684,16 @@ qcrypto_nettle_cipher_decrypt(QCryptoCipher *cipher,
>          break;
>
>      case QCRYPTO_CIPHER_MODE_XTS:
> +#ifdef CONFIG_QEMU_PRIVATE_XTS
>          xts_decrypt(ctx->ctx, ctx->ctx_tweak,
>                      ctx->alg_encrypt_wrapper, ctx->alg_decrypt_wrapper,
>                      ctx->iv, len, out, in);
> +#else
> +        xts_decrypt_message(ctx->ctx, ctx->ctx_tweak,
> +                            ctx->alg_decrypt_native,
> +                            ctx->alg_encrypt_native,
> +                            ctx->iv, len, out, in);
> +#endif
>          break;
>      case QCRYPTO_CIPHER_MODE_CTR:
>          ctr_crypt(ctx->ctx, ctx->alg_encrypt_native,


--
Alex Bennée

Patchew 2.1-devel-b67e4c2

© 2016 - 2026 Red Hat, Inc.