[dm-devel] [PATCH v5] crypto: xts - Drop use of auxiliary buffer
Herbert Xu
herbert at gondor.apana.org.au
Fri Sep 21 05:44:28 UTC 2018
On Tue, Sep 11, 2018 at 09:40:08AM +0200, Ondrej Mosnacek wrote:
> Since commit acb9b159c784 ("crypto: gf128mul - define gf128mul_x_* in
> gf128mul.h"), the gf128mul_x_*() functions are very fast and therefore
> caching the computed XTS tweaks has only negligible advantage over
> computing them twice.
>
> In fact, since the current caching implementation limits the size of
> the calls to the child ecb(...) algorithm to PAGE_SIZE (usually 4096 B),
> it is often actually slower than the simple recomputing implementation.
>
> This patch simplifies the XTS template to recompute the XTS tweaks from
> scratch in the second pass and thus also removes the need to allocate a
> dynamic buffer using kmalloc().
>
> As discussed at [1], the use of kmalloc causes deadlocks with dm-crypt.
>
> PERFORMANCE RESULTS
> I measured time to encrypt/decrypt a memory buffer of varying sizes with
> xts(ecb-aes-aesni) using a tool I wrote ([2]) and the results suggest
> that after this patch the performance is either better or comparable for
> both small and large buffers. Note that there is a lot of noise in the
> measurements, but the overall difference is easy to see.
>
> Old code:
> ALGORITHM KEY (b) DATA (B) TIME ENC (ns) TIME DEC (ns)
> xts(aes) 256 64 331 328
> xts(aes) 384 64 332 333
> xts(aes) 512 64 338 348
> xts(aes) 256 512 889 920
> xts(aes) 384 512 1019 993
> xts(aes) 512 512 1032 990
> xts(aes) 256 4096 2152 2292
> xts(aes) 384 4096 2453 2597
> xts(aes) 512 4096 3041 2641
> xts(aes) 256 16384 9443 8027
> xts(aes) 384 16384 8536 8925
> xts(aes) 512 16384 9232 9417
> xts(aes) 256 32768 16383 14897
> xts(aes) 384 32768 17527 16102
> xts(aes) 512 32768 18483 17322
>
> New code:
> ALGORITHM KEY (b) DATA (B) TIME ENC (ns) TIME DEC (ns)
> xts(aes) 256 64 328 324
> xts(aes) 384 64 324 319
> xts(aes) 512 64 320 322
> xts(aes) 256 512 476 473
> xts(aes) 384 512 509 492
> xts(aes) 512 512 531 514
> xts(aes) 256 4096 2132 1829
> xts(aes) 384 4096 2357 2055
> xts(aes) 512 4096 2178 2027
> xts(aes) 256 16384 6920 6983
> xts(aes) 384 16384 8597 7505
> xts(aes) 512 16384 7841 8164
> xts(aes) 256 32768 13468 12307
> xts(aes) 384 32768 14808 13402
> xts(aes) 512 32768 15753 14636
>
> [1] https://lkml.org/lkml/2018/8/23/1315
> [2] https://gitlab.com/omos/linux-crypto-bench
>
> Signed-off-by: Ondrej Mosnacek <omosnace at redhat.com>
> ---
> crypto/xts.c | 269 +++++++++------------------------------------------
> 1 file changed, 46 insertions(+), 223 deletions(-)
>
> Changes in v5:
> - fix dumb mistakes
Patch applied. Thanks.
--
Email: Herbert Xu <herbert at gondor.apana.org.au>
Home Page: http://gondor.apana.org.au/~herbert/
PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt
More information about the dm-devel
mailing list