From: Steffen Klassert <steffen.klassert@secunet.com>
To: netdev@vger.kernel.org
Cc: davem@davemloft.net, herbert@gondor.apana.org.au,
klassert@mathematik.tu-chemnitz.de
Subject: [RFC PATCH 3/5] crypto: add possibility to force sync transform
Date: Mon, 1 Dec 2008 08:19:03 +0100 [thread overview]
Message-ID: <20081201071903.GS476@secunet.com> (raw)
In-Reply-To: <20081201071614.GP476@secunet.com>
From: Steffen Klassert <steffen.klassert@secunet.com>
If IPsec is parallelized by xfrm_padata, async transform
is not allowed. So Add a possibility to force sync
transform in this case.
Signed-off-by: Steffen Klassert <steffen.klassert@secunet.com>
---
crypto/chainiv.c | 14 ++++++++++++--
net/ipv4/esp4.c | 12 ++++++++++--
net/ipv6/esp6.c | 12 ++++++++++--
3 files changed, 32 insertions(+), 6 deletions(-)
diff --git a/crypto/chainiv.c b/crypto/chainiv.c
index 7c37a49..2079fdd 100644
--- a/crypto/chainiv.c
+++ b/crypto/chainiv.c
@@ -168,8 +168,12 @@ static int async_chainiv_givencrypt_tail(struct skcipher_givcrypt_request *req)
memcpy(subreq->info, ctx->iv, ivsize);
ctx->err = crypto_ablkcipher_encrypt(subreq);
- if (ctx->err)
- goto out;
+ if (ctx->err) {
+ if (ablkcipher_request_flags(&req->creq) & CRYPTO_TFM_REQ_FORCE_SYNC)
+ return ctx->err;
+ else
+ goto out;
+ }
memcpy(ctx->iv, subreq->info, ivsize);
@@ -190,6 +194,11 @@ static int async_chainiv_givencrypt(struct skcipher_givcrypt_request *req)
ablkcipher_request_set_crypt(subreq, req->creq.src, req->creq.dst,
req->creq.nbytes, req->creq.info);
+ if (ablkcipher_request_flags(&req->creq) & CRYPTO_TFM_REQ_FORCE_SYNC) {
+ clear_bit(CHAINIV_STATE_INUSE, &ctx->state);
+ goto sync_out;
+ }
+
if (test_and_set_bit(CHAINIV_STATE_INUSE, &ctx->state))
goto postpone;
@@ -198,6 +207,7 @@ static int async_chainiv_givencrypt(struct skcipher_givcrypt_request *req)
goto postpone;
}
+sync_out:
return async_chainiv_givencrypt_tail(req);
postpone:
diff --git a/net/ipv4/esp4.c b/net/ipv4/esp4.c
index 21515d4..3ea3fb2 100644
--- a/net/ipv4/esp4.c
+++ b/net/ipv4/esp4.c
@@ -114,6 +114,7 @@ static int esp_output(struct xfrm_state *x, struct sk_buff *skb)
void *tmp;
u8 *iv;
u8 *tail;
+ u32 flags;
int blksize;
int clen;
int alen;
@@ -123,6 +124,8 @@ static int esp_output(struct xfrm_state *x, struct sk_buff *skb)
err = -ENOMEM;
+ flags = 0;
+
/* Round to block size */
clen = skb->len;
@@ -207,7 +210,9 @@ static int esp_output(struct xfrm_state *x, struct sk_buff *skb)
clen + alen);
sg_init_one(asg, esph, sizeof(*esph));
- aead_givcrypt_set_callback(req, 0, esp_output_done, skb);
+ xfrm_aead_set_flags(skb, flags);
+
+ aead_givcrypt_set_callback(req, flags, esp_output_done, skb);
aead_givcrypt_set_crypt(req, sg, sg, clen, iv);
aead_givcrypt_set_assoc(req, asg, sizeof(*esph));
aead_givcrypt_set_giv(req, esph->enc_data,
@@ -332,6 +337,7 @@ static int esp_input(struct xfrm_state *x, struct sk_buff *skb)
int nfrags;
void *tmp;
u8 *iv;
+ u32 flags = 0;
struct scatterlist *sg;
struct scatterlist *asg;
int err = -EINVAL;
@@ -368,7 +374,9 @@ static int esp_input(struct xfrm_state *x, struct sk_buff *skb)
skb_to_sgvec(skb, sg, sizeof(*esph) + crypto_aead_ivsize(aead), elen);
sg_init_one(asg, esph, sizeof(*esph));
- aead_request_set_callback(req, 0, esp_input_done, skb);
+ xfrm_aead_set_flags(skb, flags);
+
+ aead_request_set_callback(req, flags, esp_input_done, skb);
aead_request_set_crypt(req, sg, sg, elen, iv);
aead_request_set_assoc(req, asg, sizeof(*esph));
diff --git a/net/ipv6/esp6.c b/net/ipv6/esp6.c
index b181b08..9874adf 100644
--- a/net/ipv6/esp6.c
+++ b/net/ipv6/esp6.c
@@ -143,11 +143,14 @@ static int esp6_output(struct xfrm_state *x, struct sk_buff *skb)
int nfrags;
u8 *iv;
u8 *tail;
+ u32 flags;
struct esp_data *esp = x->data;
/* skb is pure payload to encrypt */
err = -ENOMEM;
+ flags = 0;
+
/* Round to block size */
clen = skb->len;
@@ -196,7 +199,9 @@ static int esp6_output(struct xfrm_state *x, struct sk_buff *skb)
clen + alen);
sg_init_one(asg, esph, sizeof(*esph));
- aead_givcrypt_set_callback(req, 0, esp_output_done, skb);
+ xfrm_aead_set_flags(skb, flags);
+
+ aead_givcrypt_set_callback(req, flags, esp_output_done, skb);
aead_givcrypt_set_crypt(req, sg, sg, clen, iv);
aead_givcrypt_set_assoc(req, asg, sizeof(*esph));
aead_givcrypt_set_giv(req, esph->enc_data,
@@ -279,6 +284,7 @@ static int esp6_input(struct xfrm_state *x, struct sk_buff *skb)
int ret = 0;
void *tmp;
u8 *iv;
+ u32 flags = 0;
struct scatterlist *sg;
struct scatterlist *asg;
@@ -319,7 +325,9 @@ static int esp6_input(struct xfrm_state *x, struct sk_buff *skb)
skb_to_sgvec(skb, sg, sizeof(*esph) + crypto_aead_ivsize(aead), elen);
sg_init_one(asg, esph, sizeof(*esph));
- aead_request_set_callback(req, 0, esp_input_done, skb);
+ xfrm_aead_set_flags(skb, flags);
+
+ aead_request_set_callback(req, flags, esp_input_done, skb);
aead_request_set_crypt(req, sg, sg, elen, iv);
aead_request_set_assoc(req, asg, sizeof(*esph));
--
1.5.4.2
next prev parent reply other threads:[~2008-12-01 7:48 UTC|newest]
Thread overview: 37+ messages / expand[flat|nested] mbox.gz Atom feed top
2008-12-01 7:16 [RFC PATCH 0/5] IPsec parallelization Steffen Klassert
2008-12-01 7:17 ` [RFC PATCH 1/5] padata: generic interface for parallel processing Steffen Klassert
2008-12-01 7:17 ` [RFC PATCH 2/5] xfrm: add possibility " Steffen Klassert
2008-12-01 7:19 ` Steffen Klassert [this message]
2008-12-01 11:22 ` [RFC PATCH 3/5] crypto: add possibility to force sync transform Herbert Xu
2008-12-01 13:19 ` Steffen Klassert
2008-12-01 7:19 ` [RFC PATCH 4/5] crypto: allow allocation of percpu crypto transforms Steffen Klassert
2008-12-01 11:38 ` Herbert Xu
2008-12-01 12:25 ` David Miller
2008-12-01 12:38 ` Herbert Xu
2008-12-01 13:21 ` Steffen Klassert
2008-12-01 7:20 ` [RFC PATCH 5/5] crypto: make struct aead percpu data Steffen Klassert
2008-12-01 11:40 ` Herbert Xu
2008-12-01 13:36 ` Steffen Klassert
2008-12-01 13:44 ` Herbert Xu
2008-12-01 13:47 ` [PATCH 1/6] crypto: hash - Make setkey optional Herbert Xu
2008-12-01 13:47 ` [PATCH 2/6] crypto: null - Switch to shash Herbert Xu
2008-12-01 13:47 ` [PATCH 3/6] crypto: rmd128 " Herbert Xu
2008-12-01 13:47 ` [PATCH 4/6] crypto: rmd160 " Herbert Xu
2008-12-01 13:47 ` [PATCH 5/6] crypto: rmd256 " Herbert Xu
2008-12-01 13:47 ` [PATCH 6/6] crypto: rmd320 " Herbert Xu
2008-12-01 13:51 ` [RFC PATCH 5/5] crypto: make struct aead percpu data Herbert Xu
2008-12-01 13:55 ` Steffen Klassert
2008-12-01 8:49 ` [RFC PATCH 0/5] IPsec parallelization Herbert Xu
2008-12-01 10:29 ` David Miller
2008-12-01 11:15 ` Herbert Xu
2008-12-02 7:58 ` Steffen Klassert
2008-12-02 8:19 ` Herbert Xu
2008-12-02 8:44 ` Steffen Klassert
2008-12-02 8:50 ` Herbert Xu
2008-12-02 9:21 ` Steffen Klassert
2008-12-02 8:53 ` Herbert Xu
2008-12-02 9:39 ` Steffen Klassert
2008-12-02 10:37 ` Herbert Xu
2008-12-01 11:20 ` Andi Kleen
2008-12-01 13:39 ` Herbert Xu
2008-12-02 8:00 ` Steffen Klassert
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20081201071903.GS476@secunet.com \
--to=steffen.klassert@secunet.com \
--cc=davem@davemloft.net \
--cc=herbert@gondor.apana.org.au \
--cc=klassert@mathematik.tu-chemnitz.de \
--cc=netdev@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.