Merge pull request openzfs#11 from lundman/master

Correct KeyGen, importing pools sets feature flags

README.markdown

@@ -1,11 +1,18 @@
 
 Welcome to the unofficial zfs-crypto branch.
 
-This is the experimental 'features-flags' branch.
-
 To make it clear, this branch has nothing to do with Sun, Oracle,
 ZFSOnLinux, OpenSolaris, IllumOS, OpenIndiana, SmartOS, FreeBSD etc.
 
+If you run a legacy pool version=30, this branch will let you
+import and upgrade your pool to the standard pool version=5000,
+and it will set feature@encryption for any filesystem using
+encryption.
+
+It is to aid those who happen to use zfs-crypto with pool version=30
+for the short window that it was available. Before the feature@
+pool version became standard, or when importing pools from Solaris.
+
 There are new files,
 
 zcrypt.c
@@ -25,26 +32,23 @@ The crypto/api/ header files are from OpenSolaris.
 The crypto/api implementation is brand new, and supports "bare
 minimum" features as needed by ZFS only.
 
-Current support is in BETA. Real ciphers are used, but key generation
-function could do with more work. It is NOT compatible with Solaris pools.
-Currently it is the authentication MAC that appears to differ.
+Current support is in BETA.
+
+Importing a Solaris pool can be done using:
+ Solaris: zpool create -o version=30 -O version=5 thepool $devices...
+ Solaris: zfs create -o encryption=aes-256-ccm thepool/secure
+ Linux: zpool import -N thepool
+ Linux: zpool upgrade thepool
+ Linux: zfs mount thepool/secure
 
-* MACs are in use, but compute_mac() is empty, not called?
 
-* Key needs to be CK_AES prepared, better than current
+* MACs are in use, but compute_mac() is empty, not called?
 
 * All "// FIXME" should be inspected. In particular, known areas
   which differ are PROP_ALIAS, PROP_INHERIT, crypto vs userquota,
 
 * Removed KEY methods "https URI" (requires curl) and pkcs11 types.
 
-* The pool version is now 5000, and added feature flag
-  "feature@encryption".
-
-* feature@encryption goes active if any ZFS are created with encryption=on.
-
-* Allow for readonly import of active feature@encryption, so that the non-
-  encrypted filesystems could be recovered.
 
 
 Example:
@@ -67,4 +71,114 @@ mypool  feature@encryption     active                 local
 
 ```
 
+======================================================================
+striped, unencrypted
+======================================================================
+
+$ tiotest -t8 -f 200 -d /striped_zpool/
+Tiotest results for 8 concurrent io threads:
+,----------------------------------------------------------------------.
+| Item                  | Time     | Rate         | Usr CPU  | Sys CPU |
++-----------------------+----------+--------------+----------+---------+
+| Write        1600 MBs |    3.2 s | 502.596 MB/s |  37.4 %  | 1290.1 % |
+| Random Write   31 MBs |    0.3 s | 120.682 MB/s |   0.0 %  | 903.7 % |
+| Read         1600 MBs |    0.3 s | 4682.758 MB/s | 222.4 %  | 5104.2 % |
+| Random Read    31 MBs |    0.0 s | 4521.777 MB/s |   0.0 %  | 5787.9 % |
+`----------------------------------------------------------------------'
+Tiotest latency results:
+,-------------------------------------------------------------------------.
+| Item         | Average latency | Maximum latency | % >2 sec | % >10 sec |
++--------------+-----------------+-----------------+----------+-----------+
+| Write        |        0.015 ms |        8.793 ms |  0.00000 |   0.00000 |
+| Random Write |        0.026 ms |        7.953 ms |  0.00000 |   0.00000 |
+| Read         |        0.006 ms |        9.339 ms |  0.00000 |   0.00000 |
+| Random Read  |        0.007 ms |        0.030 ms |  0.00000 |   0.00000 |
+|--------------+-----------------+-----------------+----------+-----------|
+| Total        |        0.011 ms |        9.339 ms |  0.00000 |   0.00000 |
+`--------------+-----------------+-----------------+----------+-----------'
+
+
+======================================================================
+zfs-crypt aes-256-ccm
+======================================================================
+
+$ tiotest -t8 -f 200 -d /striped_zpool/fs/
+Tiotest results for 8 concurrent io threads:
+,----------------------------------------------------------------------.
+| Item                  | Time     | Rate         | Usr CPU  | Sys CPU |
++-----------------------+----------+--------------+----------+---------+
+| Write        1600 MBs |    7.4 s | 216.343 MB/s |   5.4 %  | 742.1 % |
+| Random Write   31 MBs |    0.2 s | 180.906 MB/s |  92.6 %  | 775.7 % |
+| Read         1600 MBs |    0.3 s | 5341.238 MB/s |  73.4 %  | 6276.0 % |
+| Random Read    31 MBs |    0.0 s | 4783.407 MB/s | 4898.2 %  | 1224.6 % |
+`----------------------------------------------------------------------'
+Tiotest latency results:
+,-------------------------------------------------------------------------.
+| Item         | Average latency | Maximum latency | % >2 sec | % >10 sec |
++--------------+-----------------+-----------------+----------+-----------+
+| Write        |        0.026 ms |      835.720 ms |  0.00000 |   0.00000 |
+| Random Write |        0.021 ms |        0.087 ms |  0.00000 |   0.00000 |
+| Read         |        0.006 ms |        0.245 ms |  0.00000 |   0.00000 |
+| Random Read  |        0.006 ms |        0.025 ms |  0.00000 |   0.00000 |
+|--------------+-----------------+-----------------+----------+-----------|
+| Total        |        0.016 ms |      835.720 ms |  0.00000 |   0.00000 |
+`--------------+-----------------+-----------------+----------+-----------'
+
+
+======================================================================
+LUKS volumes with plain ZFS
+======================================================================
+
+dmcrypt/luks cipher/keysize: aes-xts-plain64, 512
+------------------------------------------------------------------------------------
+tiotest -t 8 -f 200 -d /striped_crypt/
+Tiotest results for 8 concurrent io threads:
+,----------------------------------------------------------------------.
+| Item                  | Time     | Rate         | Usr CPU  | Sys CPU |
++-----------------------+----------+--------------+----------+---------+
+| Write        1600 MBs |    3.4 s | 477.243 MB/s |  11.9 %  | 1169.2 % |
+| Random Write   31 MBs |    0.5 s |  68.848 MB/s |  52.9 %  | 332.7 % |
+| Read         1600 MBs |    0.3 s | 4999.844 MB/s | 318.7 %  | 5899.8 % |
+| Random Read    31 MBs |    0.0 s | 4510.030 MB/s | 5051.2 %  | 1154.6 % |
+`----------------------------------------------------------------------'
+Tiotest latency results:
+,-------------------------------------------------------------------------.
+| Item         | Average latency | Maximum latency | % >2 sec | % >10 sec |
++--------------+-----------------+-----------------+----------+-----------+
+| Write        |        0.031 ms |       69.994 ms |  0.00000 |   0.00000 |
+| Random Write |        0.066 ms |       35.496 ms |  0.00000 |   0.00000 |
+| Read         |        0.006 ms |       15.828 ms |  0.00000 |   0.00000 |
+| Random Read  |        0.007 ms |        0.030 ms |  0.00000 |   0.00000 |
+|--------------+-----------------+-----------------+----------+-----------|
+| Total        |        0.019 ms |       69.994 ms |  0.00000 |   0.00000 |
+`--------------+-----------------+-----------------+----------+-----------'
+
+
+
+dmcrypt/luks cipher/keysize: aes-cbc-essiv:sha256, 256
+-----------------------------------------------------------------------------------
+tiotest -t 8 -f 200 -d /striped_crypt/
+Tiotest results for 8 concurrent io threads:
+,----------------------------------------------------------------------.
+| Item                  | Time     | Rate         | Usr CPU  | Sys CPU |
++-----------------------+----------+--------------+----------+---------+
+| Write        1600 MBs |    3.4 s | 467.855 MB/s |  37.4 %  | 1121.4 % |
+| Random Write   31 MBs |    0.3 s | 105.175 MB/s |  80.8 %  | 518.3 % |
+| Read         1600 MBs |    0.3 s | 5061.753 MB/s | 126.5 %  | 6150.0 % |
+| Random Read    31 MBs |    0.0 s | 4566.711 MB/s |   0.0 %  | 5845.4 % |
+`----------------------------------------------------------------------'
+Tiotest latency results:
+,-------------------------------------------------------------------------.
+| Item         | Average latency | Maximum latency | % >2 sec | % >10 sec |
++--------------+-----------------+-----------------+----------+-----------+
+| Write        |        0.028 ms |       59.958 ms |  0.00000 |   0.00000 |
+| Random Write |        0.070 ms |       27.873 ms |  0.00000 |   0.00000 |
+| Read         |        0.006 ms |        0.168 ms |  0.00000 |   0.00000 |
+| Random Read  |        0.007 ms |        0.030 ms |  0.00000 |   0.00000 |
+|--------------+-----------------+-----------------+----------+-----------|
+| Total        |        0.017 ms |       59.958 ms |  0.00000 |   0.00000 |
+`--------------+-----------------+-----------------+----------+-----------'
+
+```
+
 zfs/rogue

include/sys/fs/zfs.h

@@ -364,6 +364,7 @@ typedef enum {
 #define	SPA_VERSION_26			26ULL
 #define	SPA_VERSION_27			27ULL
 #define	SPA_VERSION_28			28ULL
+#define	SPA_VERSION_30			30ULL
 #define	SPA_VERSION_5000		5000ULL
 
 /*
@@ -424,7 +425,8 @@ typedef enum {
 #define	SPA_VERSION_DEADLISTS		SPA_VERSION_26
 #define	SPA_VERSION_FAST_SNAP		SPA_VERSION_27
 #define	SPA_VERSION_MULTI_REPLACE	SPA_VERSION_28
-#define	SPA_VERSION_BEFORE_FEATURES	SPA_VERSION_28
+#define	SPA_VERSION_ENCRYPTION		SPA_VERSION_30
+#define	SPA_VERSION_BEFORE_FEATURES	SPA_VERSION_30
 #define	SPA_VERSION_FEATURES		SPA_VERSION_5000
 
 #define	SPA_VERSION_IS_SUPPORTED(v) \

lib/libspl/Makefile.am

@@ -14,7 +14,7 @@ AM_CCASFLAGS = \
 noinst_LTLIBRARIES = libspl.la
 
 libspl_la_SOURCES = \
-	$(top_srcdir)/lib/libspl/aes.c \
+	$(top_srcdir)/lib/libspl/sha1.c \
 	$(top_srcdir)/lib/libspl/crypto.c \
 	$(top_srcdir)/lib/libspl/getexecname.c \
 	$(top_srcdir)/lib/libspl/gethrtime.c \