[PATCH 00/18] crypto: misc cleanup and introduce gnutls backend driver

[Daniel P . Berrangé]

Currently the crypto layer has a choice of backend drivers

 * builtin - AES/DES for ciphers using in-tree impl,
             glib for hash / hmac
 * gcrypt - all ciphers and al hash/hmac algs
 * nettle - all ciphers and al hash/hmac algs

We currently default to nettle because that minimizes the
deps from QEMU, as gnutls already pulls in nettle.

In retrospect, however, this was the wrong metric to optimize
for. Instead we should have picked backend based on the
performance of the drivers.

The nettle impls have some limited CPU hardware acceleration,
but aside from in ECB mode, nettle is slower than gcrypt in
every case. In the most important AES-XTS case used for luks
disk encryption, nettle is achieves just 15%  of the performance
of gcrypt. It is clear we should prefer gcrypt over nettle.

gnutls uses nettle internally and also exposes many of the
ciphers for direct usage. Unexpectedly, gnutls is actually
faster than nettle, despite using nettle. The reason for
this is that gnutls provides CPU accelerated code for handling
CBC and XTS modes. This lets gnutls get in the same ballpark as
gcrypt for the most important encryption modes. It is also good
for hash impls.

This series thus does a number of things

 - Introduce gnutls as a backe driver
 - Change priority order gnutls > gcrypt > nettle > builtin
 - Cleanup cruft from older versions of crypto libraries
 - Make some tests more robust and easier to debug
 - Drop support for built-in XTS impl, as it is too slow
   to be useful for LUKS
 - Drop support for built-in DES impl, to minize amount of
   custom crypto code carried. VNC password auth will
   require use of an grypt/nettle/gnutls

Daniel P. Berrangé (18):
  crypto: remove conditional around 3DES crypto test cases
  crypto: remove obsolete crypto test condition
  crypto: skip essiv ivgen tests if AES+ECB isn't available
  crypto: use &error_fatal in crypto tests
  crypto: fix gcrypt min version 1.8 regression
  crypto: drop gcrypt thread initialization code
  crypto: drop custom XTS support in gcrypt driver
  crypto: add crypto tests for single block DES-ECB and DES-CBC
  crypto: delete built-in DES implementation
  crypto: delete built-in XTS cipher mode support
  crypto: rename des-rfb cipher to just des
  crypto: flip priority of backends to prefer gcrypt
  crypto: introduce build system for gnutls crypto backend
  crypto: add gnutls cipher provider
  crypto: add gnutls hash provider
  crypto: add gnutls hmac provider
  crypto: add gnutls pbkdf provider
  crypto: prefer gnutls as the crypto backend if new enough

 crypto/cipher-builtin.c.inc     | 132 ----------
 crypto/cipher-gcrypt.c.inc      | 143 +----------
 crypto/cipher-gnutls.c.inc      | 325 +++++++++++++++++++++++++
 crypto/cipher-nettle.c.inc      |  26 +-
 crypto/cipher.c                 |  30 +--
 crypto/desrfb.c                 | 416 --------------------------------
 crypto/hash-gnutls.c            | 104 ++++++++
 crypto/hmac-gnutls.c            | 136 +++++++++++
 crypto/init.c                   |  62 -----
 crypto/meson.build              |   9 +-
 crypto/pbkdf-gnutls.c           |  90 +++++++
 meson.build                     | 102 +++++---
 qapi/crypto.json                |   4 +-
 tests/unit/test-crypto-cipher.c |  31 ++-
 tests/unit/test-crypto-hash.c   |  12 +-
 tests/unit/test-crypto-hmac.c   |  28 +--
 tests/unit/test-crypto-ivgen.c  |  14 +-
 tests/unit/test-crypto-pbkdf.c  |   5 +-
 ui/vnc.c                        |  20 +-
 19 files changed, 814 insertions(+), 875 deletions(-)
 create mode 100644 crypto/cipher-gnutls.c.inc
 delete mode 100644 crypto/desrfb.c
 create mode 100644 crypto/hash-gnutls.c
 create mode 100644 crypto/hmac-gnutls.c
 create mode 100644 crypto/pbkdf-gnutls.c

-- 
2.31.1