diff options
| author | Peter Maydell <peter.maydell@linaro.org> | 2019-10-29 15:33:15 +0000 |
|---|---|---|
| committer | Peter Maydell <peter.maydell@linaro.org> | 2019-10-29 15:33:15 +0000 |
| commit | 4599cb953c9744bb7dc3513d688f7f0100ee35e2 (patch) | |
| tree | 1bc16847037aa0983be66fdabce3d99d172d7847 /configure | |
| parent | 8c68ff250ac3dbb63632a7e9e703c71786132147 (diff) | |
| parent | dc2207af2de162005f7e9e534850d07232290cee (diff) | |
Merge remote-tracking branch 'remotes/berrange/tags/crypto-luks-pull-request' into staging
crypto: improve performance of ciphers in XTS mode
Currently QEMU uses its own XTS cipher mode, however, this has
relatively poor performance.
Gcrypt now includes its own XTS cipher which is at least x2 faster than
what we get with QEMU's on Fedora/RHEL hosts. With gcrypt git master, a
further x5-6 speed up is seen.
This is essential for QEMU's LUKS performance to be viable.
# gpg: Signature made Mon 28 Oct 2019 15:48:38 GMT
# gpg: using RSA key DAF3A6FDB26B62912D0E8E3FBE86EBB415104FDF
# gpg: Good signature from "Daniel P. Berrange <dan@berrange.com>" [full]
# gpg: aka "Daniel P. Berrange <berrange@redhat.com>" [full]
# Primary key fingerprint: DAF3 A6FD B26B 6291 2D0E 8E3F BE86 EBB4 1510 4FDF
* remotes/berrange/tags/crypto-luks-pull-request:
crypto: add support for nettle's native XTS impl
crypto: add support for gcrypt's native XTS impl
tests: benchmark crypto with fixed data size, not time period
tests: allow filtering crypto cipher benchmark tests
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Diffstat (limited to 'configure')
| -rwxr-xr-x | configure | 40 |
1 files changed, 40 insertions, 0 deletions
@@ -472,8 +472,11 @@ gtk_gl="no" tls_priority="NORMAL" gnutls="" nettle="" +nettle_xts="no" gcrypt="" gcrypt_hmac="no" +gcrypt_xts="no" +qemu_private_xts="yes" auth_pam="" vte="" virglrenderer="" @@ -2869,6 +2872,19 @@ if test "$nettle" != "no"; then pass="yes" fi fi + if test "$pass" = "yes" + then + cat > $TMPC << EOF +#include <nettle/xts.h> +int main(void) { + return 0; +} +EOF + if compile_prog "$nettle_cflags" "$nettle_libs" ; then + nettle_xts=yes + qemu_private_xts=no + fi + fi if test "$pass" = "no" && test "$nettle" = "yes"; then feature_not_found "nettle" "Install nettle devel >= 2.7.1" else @@ -2911,6 +2927,18 @@ EOF if compile_prog "$gcrypt_cflags" "$gcrypt_libs" ; then gcrypt_hmac=yes fi + cat > $TMPC << EOF +#include <gcrypt.h> +int main(void) { + gcry_cipher_hd_t handle; + gcry_cipher_open(&handle, GCRY_CIPHER_AES, GCRY_CIPHER_MODE_XTS, 0); + return 0; +} +EOF + if compile_prog "$gcrypt_cflags" "$gcrypt_libs" ; then + gcrypt_xts=yes + qemu_private_xts=no + fi elif test "$gcrypt" = "yes"; then feature_not_found "gcrypt" "Install gcrypt devel >= 1.5.0" else @@ -6341,7 +6369,16 @@ echo "VTE support $vte $(echo_version $vte $vteversion)" echo "TLS priority $tls_priority" echo "GNUTLS support $gnutls" echo "libgcrypt $gcrypt" +if test "$gcrypt" = "yes" +then + echo " hmac $gcrypt_hmac" + echo " XTS $gcrypt_xts" +fi echo "nettle $nettle $(echo_version $nettle $nettle_version)" +if test "$nettle" = "yes" +then + echo " XTS $nettle_xts" +fi echo "libtasn1 $tasn1" echo "PAM $auth_pam" echo "iconv support $iconv" @@ -6819,6 +6856,9 @@ if test "$nettle" = "yes" ; then echo "CONFIG_NETTLE=y" >> $config_host_mak echo "CONFIG_NETTLE_VERSION_MAJOR=${nettle_version%%.*}" >> $config_host_mak fi +if test "$qemu_private_xts" = "yes" ; then + echo "CONFIG_QEMU_PRIVATE_XTS=y" >> $config_host_mak +fi if test "$tasn1" = "yes" ; then echo "CONFIG_TASN1=y" >> $config_host_mak fi |