qemu-devel
[Top][All Lists]
Advanced
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Qemu-devel] Question about add AF_ALG backend for virtio-crypto

From: Longpeng (Mike)
Subject: Re: [Qemu-devel] Question about add AF_ALG backend for virtio-crypto
Date: Thu, 9 Feb 2017 19:03:57 +0800
User-agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:11.0) Gecko/20120327 Thunderbird/11.0.1 
Hi Daniel,

On 2017/2/9 18:11, Daniel P. Berrange wrote:

> On Thu, Feb 09, 2017 at 10:58:55AM +0800, Longpeng (Mike) wrote:
>> Hi Daniel,


>>
>> So...you prefer approach 1 with a driver-table dispatch layer, right?
>> And this implies that we must either rename some public methods in
>> cipher-gcrypt.c/cipher-nettle.c, or change them to 'static'.
> 
> I'd suggest both - renaming them to have 'gcrypt' or 'nettle' in their
> name, and also make them static.
> 


OK.

>> I also have some other ideas:
>>

>> 2) *maybe we need a heuristic policy*
>>
>> I added some speed test in test-crypto-cipher/hash and found that for big
>> packets AF_ALG is much faster than library-impl while library-impl is better
>> when the packets is small:
>>
>> packet(bytes)        AF_ALG(MB/sec, intel QAT)       Library-impl(MB/sec)
>> 512          53.68                           127.82
>> 1024         98.39                           133.21
>> 2048         167.56                          134.62
>> 4096         276.21                          135.10
>> 8192         410.80                          135.82
>> 16384                545.08                          136.01
>> 32768                654.49                          136.30
>> 65536                723.00                          136.29
>>
>> If a @alg is both supported by AF_ALG and library-impl, I think we should 
>> decide
>> to use which one dynamically.
> 
> What exactly are you measuring here?
> 
> Is this comparing encryption of a fixed total size of data, and
> varying the packet size. ie sending 1024 * 512 byte packets against
> 256  * 2048 byte packages.
> 
> Or is it sending a constant number of packets eg 1024 * 512 byte
> packets against 1024 * 2048 byte packets ?
> 


The testcase encrypts data for 5 seconds and then calculates how many MBs it can
encrypt per second, as below:

    g_test_timer_start();
    do {
        g_assert(qcrypto_cipher_setiv(cipher,
                                      iv, niv,
                                      &err) == 0);

        g_assert(qcrypto_cipher_encrypt(cipher,
                                        plaintext,
                                        ciphertext,
                                        chunk_size,
                                        &err) == 0);
        total += chunk_size;
    } while (g_test_timer_elapsed() < 5.0);

    total /= 1024 * 1024; /* to MB */
    g_print("Testing cbc(aes128): ");
    g_print("Encrypting in chunks of %ld bytes: ", chunk_size);
    g_print("done. %.2f MB in %.2f secs: ", total, g_test_timer_last());
    g_print("%.2f MB/sec\t", total / g_test_timer_last());

chunk_size = 512/1024/2048/.../65536 bytes.

Some other projects (ie. cryptodev-linux, libkcapi) also use this way to test 
speed.

> The problem is that when constructing the cipher initially, we have no
> about the intended usage pattern, so can't decide which impl to use as
> is
> 


Yep, I wanted to allocate both af_alg and library-impl objects and then we can
choose dynamically before, but now it seems too stupid. :)

Thanks.

> 
> Regards,
> Daniel


-- 
Regards,
Longpeng(Mike)
reply via email to
[Prev in Thread] Current Thread [Next in Thread]