mirror of https://gitee.com/openkylin/qemu.git
crypto: add support for nettle's native XTS impl
Nettle 3.5.0 will add support for the XTS mode. Use this because long term we wish to delete QEMU's XTS impl to avoid carrying private crypto algorithm impls. Unfortunately this degrades nettle performance from 612 MB/s to 568 MB/s as nettle's XTS impl isn't so well optimized yet. Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com> Reviewed-by: Stefano Garzarella <sgarzare@redhat.com> Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
This commit is contained in:
parent
e0576942e0
commit
dc2207af2d
|
@ -472,6 +472,7 @@ gtk_gl="no"
|
||||||
tls_priority="NORMAL"
|
tls_priority="NORMAL"
|
||||||
gnutls=""
|
gnutls=""
|
||||||
nettle=""
|
nettle=""
|
||||||
|
nettle_xts="no"
|
||||||
gcrypt=""
|
gcrypt=""
|
||||||
gcrypt_hmac="no"
|
gcrypt_hmac="no"
|
||||||
gcrypt_xts="no"
|
gcrypt_xts="no"
|
||||||
|
@ -2871,6 +2872,19 @@ if test "$nettle" != "no"; then
|
||||||
pass="yes"
|
pass="yes"
|
||||||
fi
|
fi
|
||||||
fi
|
fi
|
||||||
|
if test "$pass" = "yes"
|
||||||
|
then
|
||||||
|
cat > $TMPC << EOF
|
||||||
|
#include <nettle/xts.h>
|
||||||
|
int main(void) {
|
||||||
|
return 0;
|
||||||
|
}
|
||||||
|
EOF
|
||||||
|
if compile_prog "$nettle_cflags" "$nettle_libs" ; then
|
||||||
|
nettle_xts=yes
|
||||||
|
qemu_private_xts=no
|
||||||
|
fi
|
||||||
|
fi
|
||||||
if test "$pass" = "no" && test "$nettle" = "yes"; then
|
if test "$pass" = "no" && test "$nettle" = "yes"; then
|
||||||
feature_not_found "nettle" "Install nettle devel >= 2.7.1"
|
feature_not_found "nettle" "Install nettle devel >= 2.7.1"
|
||||||
else
|
else
|
||||||
|
@ -6346,6 +6360,10 @@ then
|
||||||
echo " XTS $gcrypt_xts"
|
echo " XTS $gcrypt_xts"
|
||||||
fi
|
fi
|
||||||
echo "nettle $nettle $(echo_version $nettle $nettle_version)"
|
echo "nettle $nettle $(echo_version $nettle $nettle_version)"
|
||||||
|
if test "$nettle" = "yes"
|
||||||
|
then
|
||||||
|
echo " XTS $nettle_xts"
|
||||||
|
fi
|
||||||
echo "libtasn1 $tasn1"
|
echo "libtasn1 $tasn1"
|
||||||
echo "PAM $auth_pam"
|
echo "PAM $auth_pam"
|
||||||
echo "iconv support $iconv"
|
echo "iconv support $iconv"
|
||||||
|
|
|
@ -19,7 +19,9 @@
|
||||||
*/
|
*/
|
||||||
|
|
||||||
#include "qemu/osdep.h"
|
#include "qemu/osdep.h"
|
||||||
|
#ifdef CONFIG_QEMU_PRIVATE_XTS
|
||||||
#include "crypto/xts.h"
|
#include "crypto/xts.h"
|
||||||
|
#endif
|
||||||
#include "cipherpriv.h"
|
#include "cipherpriv.h"
|
||||||
|
|
||||||
#include <nettle/nettle-types.h>
|
#include <nettle/nettle-types.h>
|
||||||
|
@ -30,6 +32,9 @@
|
||||||
#include <nettle/serpent.h>
|
#include <nettle/serpent.h>
|
||||||
#include <nettle/twofish.h>
|
#include <nettle/twofish.h>
|
||||||
#include <nettle/ctr.h>
|
#include <nettle/ctr.h>
|
||||||
|
#ifndef CONFIG_QEMU_PRIVATE_XTS
|
||||||
|
#include <nettle/xts.h>
|
||||||
|
#endif
|
||||||
|
|
||||||
typedef void (*QCryptoCipherNettleFuncWrapper)(const void *ctx,
|
typedef void (*QCryptoCipherNettleFuncWrapper)(const void *ctx,
|
||||||
size_t length,
|
size_t length,
|
||||||
|
@ -626,9 +631,15 @@ qcrypto_nettle_cipher_encrypt(QCryptoCipher *cipher,
|
||||||
break;
|
break;
|
||||||
|
|
||||||
case QCRYPTO_CIPHER_MODE_XTS:
|
case QCRYPTO_CIPHER_MODE_XTS:
|
||||||
|
#ifdef CONFIG_QEMU_PRIVATE_XTS
|
||||||
xts_encrypt(ctx->ctx, ctx->ctx_tweak,
|
xts_encrypt(ctx->ctx, ctx->ctx_tweak,
|
||||||
ctx->alg_encrypt_wrapper, ctx->alg_encrypt_wrapper,
|
ctx->alg_encrypt_wrapper, ctx->alg_encrypt_wrapper,
|
||||||
ctx->iv, len, out, in);
|
ctx->iv, len, out, in);
|
||||||
|
#else
|
||||||
|
xts_encrypt_message(ctx->ctx, ctx->ctx_tweak,
|
||||||
|
ctx->alg_encrypt_native,
|
||||||
|
ctx->iv, len, out, in);
|
||||||
|
#endif
|
||||||
break;
|
break;
|
||||||
|
|
||||||
case QCRYPTO_CIPHER_MODE_CTR:
|
case QCRYPTO_CIPHER_MODE_CTR:
|
||||||
|
@ -673,9 +684,16 @@ qcrypto_nettle_cipher_decrypt(QCryptoCipher *cipher,
|
||||||
break;
|
break;
|
||||||
|
|
||||||
case QCRYPTO_CIPHER_MODE_XTS:
|
case QCRYPTO_CIPHER_MODE_XTS:
|
||||||
|
#ifdef CONFIG_QEMU_PRIVATE_XTS
|
||||||
xts_decrypt(ctx->ctx, ctx->ctx_tweak,
|
xts_decrypt(ctx->ctx, ctx->ctx_tweak,
|
||||||
ctx->alg_encrypt_wrapper, ctx->alg_decrypt_wrapper,
|
ctx->alg_encrypt_wrapper, ctx->alg_decrypt_wrapper,
|
||||||
ctx->iv, len, out, in);
|
ctx->iv, len, out, in);
|
||||||
|
#else
|
||||||
|
xts_decrypt_message(ctx->ctx, ctx->ctx_tweak,
|
||||||
|
ctx->alg_decrypt_native,
|
||||||
|
ctx->alg_encrypt_native,
|
||||||
|
ctx->iv, len, out, in);
|
||||||
|
#endif
|
||||||
break;
|
break;
|
||||||
case QCRYPTO_CIPHER_MODE_CTR:
|
case QCRYPTO_CIPHER_MODE_CTR:
|
||||||
ctr_crypt(ctx->ctx, ctx->alg_encrypt_native,
|
ctr_crypt(ctx->ctx, ctx->alg_encrypt_native,
|
||||||
|
|
Loading…
Reference in New Issue