From 76354f945e839a3d7b7332e32a9acc569548f8b8 Mon Sep 17 00:00:00 2001
From: Attila Fülöp <attila@fueloep.org>
Date: Mon, 10 Feb 2020 21:59:50 +0100
Subject: ICP: Improve AES-GCM performance
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Currently SIMD accelerated AES-GCM performance is limited by two
factors:

a. The need to disable preemption and interrupts and save the FPU
state before using it and to do the reverse when done. Due to the
way the code is organized (see (b) below) we have to pay this price
twice for each 16 byte GCM block processed.

b. Most processing is done in C, operating on single GCM blocks.
The use of SIMD instructions is limited to the AES encryption of the
counter block (AES-NI) and the Galois multiplication (PCLMULQDQ).
This leads to the FPU not being fully utilized for crypto
operations.

To solve (a) we do crypto processing in larger chunks while owning
the FPU. An `icp_gcm_avx_chunk_size` module parameter was introduced
to make this chunk size tweakable. It defaults to 32 KiB. This step
alone roughly doubles performance. (b) is tackled by porting and
using the highly optimized openssl AES-GCM assembler routines, which
do all the processing (CTR, AES, GMULT) in a single routine. Both
steps together result in up to 32x reduction of the time spend in
the en/decryption routines, leading up to approximately 12x
throughput increase for large (128 KiB) blocks.

Lastly, this commit changes the default encryption algorithm from
AES-CCM to AES-GCM when setting the `encryption=on` property.

Reviewed-By: Brian Behlendorf <behlendorf1@llnl.gov>
Reviewed-By: Jason King <jason.king@joyent.com>
Reviewed-By: Tom Caputi <tcaputi@datto.com>
Reviewed-By: Richard Laager <rlaager@wiktel.com>
Signed-off-by: Attila Fülöp <attila@fueloep.org>
Closes #9749
---
 .../cli_root/zfs_create/zfs_create_crypt_combos.ksh          |  2 +-
 .../cli_root/zpool_create/zpool_create_crypt_combos.ksh      |  2 +-
 .../tests/functional/rsend/send_encrypted_props.ksh          | 12 ++++++------
 3 files changed, 8 insertions(+), 8 deletions(-)

(limited to 'tests/zfs-tests')

diff --git a/tests/zfs-tests/tests/functional/cli_root/zfs_create/zfs_create_crypt_combos.ksh b/tests/zfs-tests/tests/functional/cli_root/zfs_create/zfs_create_crypt_combos.ksh
index a46cb55f3..141b2557d 100755
--- a/tests/zfs-tests/tests/functional/cli_root/zfs_create/zfs_create_crypt_combos.ksh
+++ b/tests/zfs-tests/tests/functional/cli_root/zfs_create/zfs_create_crypt_combos.ksh
@@ -53,7 +53,7 @@ set -A ENCRYPTION_ALGS \
 	"encryption=aes-256-gcm"
 
 set -A ENCRYPTION_PROPS \
-	"encryption=aes-256-ccm" \
+	"encryption=aes-256-gcm" \
 	"encryption=aes-128-ccm" \
 	"encryption=aes-192-ccm" \
 	"encryption=aes-256-ccm" \
diff --git a/tests/zfs-tests/tests/functional/cli_root/zpool_create/zpool_create_crypt_combos.ksh b/tests/zfs-tests/tests/functional/cli_root/zpool_create/zpool_create_crypt_combos.ksh
index d28d5953c..63391e8ad 100755
--- a/tests/zfs-tests/tests/functional/cli_root/zpool_create/zpool_create_crypt_combos.ksh
+++ b/tests/zfs-tests/tests/functional/cli_root/zpool_create/zpool_create_crypt_combos.ksh
@@ -48,7 +48,7 @@ set -A ENCRYPTION_ALGS "encryption=on" \
 	"encryption=aes-192-gcm" \
 	"encryption=aes-256-gcm"
 
-set -A ENCRYPTION_PROPS "encryption=aes-256-ccm" \
+set -A ENCRYPTION_PROPS "encryption=aes-256-gcm" \
 	"encryption=aes-128-ccm" \
 	"encryption=aes-192-ccm" \
 	"encryption=aes-256-ccm" \
diff --git a/tests/zfs-tests/tests/functional/rsend/send_encrypted_props.ksh b/tests/zfs-tests/tests/functional/rsend/send_encrypted_props.ksh
index 8e21acd99..793904db9 100755
--- a/tests/zfs-tests/tests/functional/rsend/send_encrypted_props.ksh
+++ b/tests/zfs-tests/tests/functional/rsend/send_encrypted_props.ksh
@@ -124,7 +124,7 @@ ds=$TESTPOOL/recv
 log_must eval "zfs send $snap > $sendfile"
 log_must eval "zfs recv -o encryption=on -o keyformat=passphrase" \
 	"-o keylocation=file://$keyfile $ds < $sendfile"
-log_must test "$(get_prop 'encryption' $ds)" == "aes-256-ccm"
+log_must test "$(get_prop 'encryption' $ds)" == "aes-256-gcm"
 log_must test "$(get_prop 'encryptionroot' $ds)" == "$ds"
 log_must test "$(get_prop 'keyformat' $ds)" == "passphrase"
 log_must test "$(get_prop 'keylocation' $ds)" == "file://$keyfile"
@@ -140,7 +140,7 @@ ds=$TESTPOOL/recv
 log_must eval "zfs send -p $snap > $sendfile"
 log_must eval "zfs recv -o encryption=on -o keyformat=passphrase" \
 	"-o keylocation=file://$keyfile $ds < $sendfile"
-log_must test "$(get_prop 'encryption' $ds)" == "aes-256-ccm"
+log_must test "$(get_prop 'encryption' $ds)" == "aes-256-gcm"
 log_must test "$(get_prop 'encryptionroot' $ds)" == "$ds"
 log_must test "$(get_prop 'keyformat' $ds)" == "passphrase"
 log_must test "$(get_prop 'keylocation' $ds)" == "file://$keyfile"
@@ -158,7 +158,7 @@ ds=$TESTPOOL/recv
 log_must eval "zfs send -R $snap > $sendfile"
 log_must eval "zfs recv -o encryption=on -o keyformat=passphrase" \
 	"-o keylocation=file://$keyfile $ds < $sendfile"
-log_must test "$(get_prop 'encryption' $ds)" == "aes-256-ccm"
+log_must test "$(get_prop 'encryption' $ds)" == "aes-256-gcm"
 log_must test "$(get_prop 'encryptionroot' $ds)" == "$ds"
 log_must test "$(get_prop 'keyformat' $ds)" == "passphrase"
 log_must test "$(get_prop 'keylocation' $ds)" == "file://$keyfile"
@@ -174,7 +174,7 @@ ds=$TESTPOOL/crypt/recv
 log_must eval "zfs send -p $snap > $sendfile"
 log_must eval "zfs recv -x encryption $ds < $sendfile"
 log_must test "$(get_prop 'encryptionroot' $ds)" == "$TESTPOOL/crypt"
-log_must test "$(get_prop 'encryption' $ds)" == "aes-256-ccm"
+log_must test "$(get_prop 'encryption' $ds)" == "aes-256-gcm"
 log_must test "$(get_prop 'keyformat' $ds)" == "passphrase"
 log_must test "$(get_prop 'mounted' $ds)" == "yes"
 recv_cksum=$(md5digest /$ds/$TESTFILE0)
@@ -188,7 +188,7 @@ ds=$TESTPOOL/crypt/recv
 log_must eval "zfs send -R $snap > $sendfile"
 log_must eval "zfs recv -x encryption $ds < $sendfile"
 log_must test "$(get_prop 'encryptionroot' $ds)" == "$TESTPOOL/crypt"
-log_must test "$(get_prop 'encryption' $ds)" == "aes-256-ccm"
+log_must test "$(get_prop 'encryption' $ds)" == "aes-256-gcm"
 log_must test "$(get_prop 'keyformat' $ds)" == "passphrase"
 log_must test "$(get_prop 'mounted' $ds)" == "yes"
 recv_cksum=$(md5digest /$ds/$TESTFILE0)
@@ -202,7 +202,7 @@ ds=$TESTPOOL/crypt/recv
 log_must eval "zfs send -R $snap2 > $sendfile"
 log_must eval "zfs recv -x encryption $ds < $sendfile"
 log_must test "$(get_prop 'encryptionroot' $ds)" == "$TESTPOOL/crypt"
-log_must test "$(get_prop 'encryption' $ds)" == "aes-256-ccm"
+log_must test "$(get_prop 'encryption' $ds)" == "aes-256-gcm"
 log_must test "$(get_prop 'keyformat' $ds)" == "passphrase"
 log_must test "$(get_prop 'mounted' $ds)" == "yes"
 recv_cksum=$(md5digest /$ds/$TESTFILE0)
-- 
cgit v1.2.3