[PATCH] hardware crypto in GnuTls 3.X

Sun Jul 15 18:16:49 CEST 2012

Hello,

I recently enable GnuTls hardware crypto on my Marvell Dove CPU.
Unfortunately the benchmarks indicated the same speed for
benchmark-ciphers as benchmark-soft-ciphers.

So I started adding printf's to the code until I figured out
what the problem was.  It turns out the logic that decides
whether the algorithms are hardware enabled has inverted logic.
So removing three "!"s fixed the problem.  I've listed the benchmark
results with the patched GnuTls after the patch.  This does not
affect GnuTls 2.X since it does not check to see if the algorithms
are hardware enabled.

--- ./lib/accelerated/cryptodev.c.orig    2012-04-12 14:05:11.000000000 
-0600
+++ ./lib/accelerated/cryptodev.c    2012-07-12 21:52:07.796464191 -0600
@@ -208,7 +208,7 @@ register_crypto (int cfd)
        siop.ses = sess.ses; /* do not register ciphers that are not hw 
accelerated */
        if (ioctl(cfd, CIOCGSESSINFO, &siop) == 0)
          {
-          if (!(siop.flags & SIOP_FLAG_KERNEL_DRIVER_ONLY))
+          if ( (siop.flags & SIOP_FLAG_KERNEL_DRIVER_ONLY) )
              {
                ioctl (cfd, CIOCFSESSION, &sess.ses);
                continue;
@@ -441,7 +441,7 @@ register_mac_digest (int cfd)
        siop.ses = sess.ses; /* do not register ciphers that are not hw 
accelerated */
        if (ioctl(cfd, CIOCGSESSINFO, &siop) == 0)
          {
-          if (!(siop.flags & SIOP_FLAG_KERNEL_DRIVER_ONLY))
+          if ( (siop.flags & SIOP_FLAG_KERNEL_DRIVER_ONLY) )
              {
                ioctl (cfd, CIOCFSESSION, &sess.ses);
                continue;
@@ -480,7 +480,7 @@ register_mac_digest (int cfd)
        siop.ses = sess.ses;
        if (ioctl(cfd, CIOCGSESSINFO, &siop) == 0)
          {
-          if (!(siop.flags & SIOP_FLAG_KERNEL_DRIVER_ONLY))
+          if ( (siop.flags & SIOP_FLAG_KERNEL_DRIVER_ONLY) )
              {
                ioctl (cfd, CIOCFSESSION, &sess.ses);
                continue;



  gnutls-cli --benchmark-ciphers
Checking AES-128-CBC with SHA1 (16kb payload)... Processed 20.77 MB in 
2.00 secs: 10.38 MB/sec
Checking AES-128-CBC with SHA256 (16kb payload)... Processed 16.25 MB in 
2.00 secs: 8.13 MB/sec
Checking AES-128-GCM (16kb payload)... Processed 14.53 MB in 2.00 secs: 
7.26 MB/sec
Checking SHA1 (16kb payload)... Processed 84.48 MB in 2.00 secs: 42.22 
MB/sec
Checking SHA256 (16kb payload)... Processed 40.80 MB in 2.00 secs: 20.40 
MB/sec
Checking SHA512 (16kb payload)... Processed 10.35 MB in 2.00 secs: 5.17 
MB/sec
Checking 3DES-CBC (16kb payload)... Processed 8.09 MB in 2.00 secs: 4.04 
MB/sec
Checking AES-128-CBC (16kb payload)... Processed 32.85 MB in 2.00 secs: 
16.42 MB/sec
Checking ARCFOUR-128 (16kb payload)... Processed 74.99 MB in 2.00 secs: 
37.49 MB/sec

gnutls-cli --benchmark-soft-ciphers
Checking AES-128-CBC with SHA1 (16kb payload)... Processed 15.52 MB in 
2.00 secs: 7.75 MB/sec
Checking AES-128-CBC with SHA256 (16kb payload)... Processed 11.86 MB in 
2.00 secs: 5.93 MB/sec
Checking AES-128-GCM (16kb payload)... Processed 15.34 MB in 2.00 secs: 
7.66 MB/sec
Checking SHA1 (16kb payload)... Processed 67.22 MB in 2.00 secs: 33.61 
MB/sec
Checking SHA256 (16kb payload)... Processed 32.65 MB in 2.00 secs: 16.33 
MB/sec
Checking SHA512 (16kb payload)... Processed 9.55 MB in 2.00 secs: 4.78 
MB/sec
Checking 3DES-CBC (16kb payload)... Processed 5.21 MB in 2.00 secs: 2.60 
MB/sec
Checking AES-128-CBC (16kb payload)... Processed 19.87 MB in 2.00 secs: 
9.93 MB/sec
Checking ARCFOUR-128 (16kb payload)... Processed 73.88 MB in 2.00 secs: 
36.94 MB/sec


Regards,

Kelly Anderson


