From: Eric Biggers <ebiggers@kernel.org>
To: Ard Biesheuvel <ard.biesheuvel@linaro.org>
Cc: "open list:HARDWARE RANDOM NUMBER GENERATOR CORE"
<linux-crypto@vger.kernel.org>,
Herbert Xu <herbert@gondor.apana.org.au>,
Benjamin Herrenschmidt <benh@kernel.crashing.org>,
Paul Mackerras <paulus@samba.org>,
Michael Ellerman <mpe@ellerman.id.au>,
Markus Stockhausen <stockhausen@collogia.de>,
linuxppc-dev <linuxppc-dev@lists.ozlabs.org>
Subject: Re: [PATCH] crypto: powerpc - convert SPE AES algorithms to skcipher API
Date: Mon, 14 Oct 2019 10:38:49 -0700 [thread overview]
Message-ID: <20191014173848.GA104009@gmail.com> (raw)
In-Reply-To: <CAKv+Gu9qS838o+jJv3My=ibvfgE=3yeVbH5SB=yraKb3S7sV6A@mail.gmail.com>
On Mon, Oct 14, 2019 at 10:45:22AM +0200, Ard Biesheuvel wrote:
> Hi Eric,
>
> On Sat, 12 Oct 2019 at 04:32, Eric Biggers <ebiggers@kernel.org> wrote:
> >
> > From: Eric Biggers <ebiggers@google.com>
> >
> > Convert the glue code for the PowerPC SPE implementations of AES-ECB,
> > AES-CBC, AES-CTR, and AES-XTS from the deprecated "blkcipher" API to the
> > "skcipher" API.
> >
> > Tested with:
> >
> > export ARCH=powerpc CROSS_COMPILE=powerpc-linux-gnu-
> > make mpc85xx_defconfig
> > cat >> .config << EOF
> > # CONFIG_MODULES is not set
> > # CONFIG_CRYPTO_MANAGER_DISABLE_TESTS is not set
> > CONFIG_DEBUG_KERNEL=y
> > CONFIG_CRYPTO_MANAGER_EXTRA_TESTS=y
> > CONFIG_CRYPTO_AES=y
> > CONFIG_CRYPTO_CBC=y
> > CONFIG_CRYPTO_CTR=y
> > CONFIG_CRYPTO_ECB=y
> > CONFIG_CRYPTO_XTS=y
> > CONFIG_CRYPTO_AES_PPC_SPE=y
> > EOF
> > make olddefconfig
> > make -j32
> > qemu-system-ppc -M mpc8544ds -cpu e500 -nographic \
> > -kernel arch/powerpc/boot/zImage \
> > -append cryptomgr.fuzz_iterations=1000
> >
> > Note that xts-ppc-spe still fails the comparison tests due to the lack
> > of ciphertext stealing support. This is not addressed by this patch.
> >
> > Signed-off-by: Eric Biggers <ebiggers@google.com>
> > ---
> > arch/powerpc/crypto/aes-spe-glue.c | 416 +++++++++++++----------------
> > crypto/Kconfig | 1 +
> > 2 files changed, 186 insertions(+), 231 deletions(-)
> >
> > diff --git a/arch/powerpc/crypto/aes-spe-glue.c b/arch/powerpc/crypto/aes-spe-glue.c
> > index 3a4ca7d32477..374e3e51e998 100644
> > --- a/arch/powerpc/crypto/aes-spe-glue.c
> > +++ b/arch/powerpc/crypto/aes-spe-glue.c
> > @@ -17,6 +17,7 @@
> > #include <asm/byteorder.h>
> > #include <asm/switch_to.h>
> > #include <crypto/algapi.h>
> > +#include <crypto/internal/skcipher.h>
> > #include <crypto/xts.h>
> >
> > /*
> > @@ -86,17 +87,13 @@ static void spe_end(void)
> > preempt_enable();
> > }
> >
> > -static int ppc_aes_setkey(struct crypto_tfm *tfm, const u8 *in_key,
> > - unsigned int key_len)
> > +static int expand_key(struct ppc_aes_ctx *ctx,
> > + const u8 *in_key, unsigned int key_len)
> > {
> > - struct ppc_aes_ctx *ctx = crypto_tfm_ctx(tfm);
> > -
> > if (key_len != AES_KEYSIZE_128 &&
> > key_len != AES_KEYSIZE_192 &&
> > - key_len != AES_KEYSIZE_256) {
> > - tfm->crt_flags |= CRYPTO_TFM_RES_BAD_KEY_LEN;
> > + key_len != AES_KEYSIZE_256)
> > return -EINVAL;
> > - }
> >
> > switch (key_len) {
> > case AES_KEYSIZE_128:
> > @@ -114,17 +111,40 @@ static int ppc_aes_setkey(struct crypto_tfm *tfm, const u8 *in_key,
> > }
> >
> > ppc_generate_decrypt_key(ctx->key_dec, ctx->key_enc, key_len);
> > + return 0;
> > +}
> >
> > +static int ppc_aes_setkey(struct crypto_tfm *tfm, const u8 *in_key,
> > + unsigned int key_len)
> > +{
> > + struct ppc_aes_ctx *ctx = crypto_tfm_ctx(tfm);
> > +
> > + if (expand_key(ctx, in_key, key_len) != 0) {
> > + tfm->crt_flags |= CRYPTO_TFM_RES_BAD_KEY_LEN;
> > + return -EINVAL;
> > + }
> > + return 0;
> > +}
> > +
> > +static int ppc_aes_setkey_skcipher(struct crypto_skcipher *tfm,
> > + const u8 *in_key, unsigned int key_len)
> > +{
> > + struct ppc_aes_ctx *ctx = crypto_skcipher_ctx(tfm);
> > +
> > + if (expand_key(ctx, in_key, key_len) != 0) {
> > + crypto_skcipher_set_flags(tfm, CRYPTO_TFM_RES_BAD_KEY_LEN);
> > + return -EINVAL;
> > + }
> > return 0;
> > }
> >
> > -static int ppc_xts_setkey(struct crypto_tfm *tfm, const u8 *in_key,
> > +static int ppc_xts_setkey(struct crypto_skcipher *tfm, const u8 *in_key,
> > unsigned int key_len)
> > {
> > - struct ppc_xts_ctx *ctx = crypto_tfm_ctx(tfm);
> > + struct ppc_xts_ctx *ctx = crypto_skcipher_ctx(tfm);
> > int err;
> >
> > - err = xts_check_key(tfm, in_key, key_len);
> > + err = xts_verify_key(tfm, in_key, key_len);
> > if (err)
> > return err;
> >
> > @@ -133,7 +153,7 @@ static int ppc_xts_setkey(struct crypto_tfm *tfm, const u8 *in_key,
> > if (key_len != AES_KEYSIZE_128 &&
> > key_len != AES_KEYSIZE_192 &&
> > key_len != AES_KEYSIZE_256) {
> > - tfm->crt_flags |= CRYPTO_TFM_RES_BAD_KEY_LEN;
> > + crypto_skcipher_set_flags(tfm, CRYPTO_TFM_RES_BAD_KEY_LEN);
> > return -EINVAL;
> > }
> >
> > @@ -178,208 +198,154 @@ static void ppc_aes_decrypt(struct crypto_tfm *tfm, u8 *out, const u8 *in)
> > spe_end();
> > }
> >
> > -static int ppc_ecb_encrypt(struct blkcipher_desc *desc, struct scatterlist *dst,
> > - struct scatterlist *src, unsigned int nbytes)
> > +static int ppc_ecb_crypt(struct skcipher_request *req, bool enc)
> > {
> > - struct ppc_aes_ctx *ctx = crypto_blkcipher_ctx(desc->tfm);
> > - struct blkcipher_walk walk;
> > - unsigned int ubytes;
> > + struct crypto_skcipher *tfm = crypto_skcipher_reqtfm(req);
> > + struct ppc_aes_ctx *ctx = crypto_skcipher_ctx(tfm);
> > + struct skcipher_walk walk;
> > + unsigned int nbytes;
> > int err;
> >
> > - desc->flags &= ~CRYPTO_TFM_REQ_MAY_SLEEP;
> > - blkcipher_walk_init(&walk, dst, src, nbytes);
> > - err = blkcipher_walk_virt(desc, &walk);
> > + err = skcipher_walk_virt(&walk, req, false);
> >
>
> Shouldn't atomic be set to 'true' here to retain the non-sleeping behavior?
This was intentional since the non-sleeping behavior is unnecessary, as the call
to skcipher_walk_done() is not within the spe_begin() / spe_end() section.
I can split this into a separate patch if it would make it clearer, though.
>
> > - while ((nbytes = walk.nbytes)) {
> > - ubytes = nbytes > MAX_BYTES ?
> > - nbytes - MAX_BYTES : nbytes & (AES_BLOCK_SIZE - 1);
> > - nbytes -= ubytes;
> > + while ((nbytes = walk.nbytes) != 0) {
> > + nbytes = min_t(unsigned int, nbytes, MAX_BYTES);
> > + nbytes = round_down(nbytes, AES_BLOCK_SIZE);
> >
> > spe_begin();
> > - ppc_encrypt_ecb(walk.dst.virt.addr, walk.src.virt.addr,
> > - ctx->key_enc, ctx->rounds, nbytes);
> > + if (enc)
> > + ppc_encrypt_ecb(walk.dst.virt.addr, walk.src.virt.addr,
> > + ctx->key_enc, ctx->rounds, nbytes);
> > + else
> > + ppc_decrypt_ecb(walk.dst.virt.addr, walk.src.virt.addr,
> > + ctx->key_dec, ctx->rounds, nbytes);
> > spe_end();
> >
> > - err = blkcipher_walk_done(desc, &walk, ubytes);
> > + err = skcipher_walk_done(&walk, walk.nbytes - nbytes);
> > }
> >
> > return err;
> > }
WARNING: multiple messages have this Message-ID (diff)
From: Eric Biggers <ebiggers@kernel.org>
To: Ard Biesheuvel <ard.biesheuvel@linaro.org>
Cc: Herbert Xu <herbert@gondor.apana.org.au>,
Markus Stockhausen <stockhausen@collogia.de>,
"open list:HARDWARE RANDOM NUMBER GENERATOR CORE"
<linux-crypto@vger.kernel.org>, Paul Mackerras <paulus@samba.org>,
linuxppc-dev <linuxppc-dev@lists.ozlabs.org>
Subject: Re: [PATCH] crypto: powerpc - convert SPE AES algorithms to skcipher API
Date: Mon, 14 Oct 2019 10:38:49 -0700 [thread overview]
Message-ID: <20191014173848.GA104009@gmail.com> (raw)
In-Reply-To: <CAKv+Gu9qS838o+jJv3My=ibvfgE=3yeVbH5SB=yraKb3S7sV6A@mail.gmail.com>
On Mon, Oct 14, 2019 at 10:45:22AM +0200, Ard Biesheuvel wrote:
> Hi Eric,
>
> On Sat, 12 Oct 2019 at 04:32, Eric Biggers <ebiggers@kernel.org> wrote:
> >
> > From: Eric Biggers <ebiggers@google.com>
> >
> > Convert the glue code for the PowerPC SPE implementations of AES-ECB,
> > AES-CBC, AES-CTR, and AES-XTS from the deprecated "blkcipher" API to the
> > "skcipher" API.
> >
> > Tested with:
> >
> > export ARCH=powerpc CROSS_COMPILE=powerpc-linux-gnu-
> > make mpc85xx_defconfig
> > cat >> .config << EOF
> > # CONFIG_MODULES is not set
> > # CONFIG_CRYPTO_MANAGER_DISABLE_TESTS is not set
> > CONFIG_DEBUG_KERNEL=y
> > CONFIG_CRYPTO_MANAGER_EXTRA_TESTS=y
> > CONFIG_CRYPTO_AES=y
> > CONFIG_CRYPTO_CBC=y
> > CONFIG_CRYPTO_CTR=y
> > CONFIG_CRYPTO_ECB=y
> > CONFIG_CRYPTO_XTS=y
> > CONFIG_CRYPTO_AES_PPC_SPE=y
> > EOF
> > make olddefconfig
> > make -j32
> > qemu-system-ppc -M mpc8544ds -cpu e500 -nographic \
> > -kernel arch/powerpc/boot/zImage \
> > -append cryptomgr.fuzz_iterations=1000
> >
> > Note that xts-ppc-spe still fails the comparison tests due to the lack
> > of ciphertext stealing support. This is not addressed by this patch.
> >
> > Signed-off-by: Eric Biggers <ebiggers@google.com>
> > ---
> > arch/powerpc/crypto/aes-spe-glue.c | 416 +++++++++++++----------------
> > crypto/Kconfig | 1 +
> > 2 files changed, 186 insertions(+), 231 deletions(-)
> >
> > diff --git a/arch/powerpc/crypto/aes-spe-glue.c b/arch/powerpc/crypto/aes-spe-glue.c
> > index 3a4ca7d32477..374e3e51e998 100644
> > --- a/arch/powerpc/crypto/aes-spe-glue.c
> > +++ b/arch/powerpc/crypto/aes-spe-glue.c
> > @@ -17,6 +17,7 @@
> > #include <asm/byteorder.h>
> > #include <asm/switch_to.h>
> > #include <crypto/algapi.h>
> > +#include <crypto/internal/skcipher.h>
> > #include <crypto/xts.h>
> >
> > /*
> > @@ -86,17 +87,13 @@ static void spe_end(void)
> > preempt_enable();
> > }
> >
> > -static int ppc_aes_setkey(struct crypto_tfm *tfm, const u8 *in_key,
> > - unsigned int key_len)
> > +static int expand_key(struct ppc_aes_ctx *ctx,
> > + const u8 *in_key, unsigned int key_len)
> > {
> > - struct ppc_aes_ctx *ctx = crypto_tfm_ctx(tfm);
> > -
> > if (key_len != AES_KEYSIZE_128 &&
> > key_len != AES_KEYSIZE_192 &&
> > - key_len != AES_KEYSIZE_256) {
> > - tfm->crt_flags |= CRYPTO_TFM_RES_BAD_KEY_LEN;
> > + key_len != AES_KEYSIZE_256)
> > return -EINVAL;
> > - }
> >
> > switch (key_len) {
> > case AES_KEYSIZE_128:
> > @@ -114,17 +111,40 @@ static int ppc_aes_setkey(struct crypto_tfm *tfm, const u8 *in_key,
> > }
> >
> > ppc_generate_decrypt_key(ctx->key_dec, ctx->key_enc, key_len);
> > + return 0;
> > +}
> >
> > +static int ppc_aes_setkey(struct crypto_tfm *tfm, const u8 *in_key,
> > + unsigned int key_len)
> > +{
> > + struct ppc_aes_ctx *ctx = crypto_tfm_ctx(tfm);
> > +
> > + if (expand_key(ctx, in_key, key_len) != 0) {
> > + tfm->crt_flags |= CRYPTO_TFM_RES_BAD_KEY_LEN;
> > + return -EINVAL;
> > + }
> > + return 0;
> > +}
> > +
> > +static int ppc_aes_setkey_skcipher(struct crypto_skcipher *tfm,
> > + const u8 *in_key, unsigned int key_len)
> > +{
> > + struct ppc_aes_ctx *ctx = crypto_skcipher_ctx(tfm);
> > +
> > + if (expand_key(ctx, in_key, key_len) != 0) {
> > + crypto_skcipher_set_flags(tfm, CRYPTO_TFM_RES_BAD_KEY_LEN);
> > + return -EINVAL;
> > + }
> > return 0;
> > }
> >
> > -static int ppc_xts_setkey(struct crypto_tfm *tfm, const u8 *in_key,
> > +static int ppc_xts_setkey(struct crypto_skcipher *tfm, const u8 *in_key,
> > unsigned int key_len)
> > {
> > - struct ppc_xts_ctx *ctx = crypto_tfm_ctx(tfm);
> > + struct ppc_xts_ctx *ctx = crypto_skcipher_ctx(tfm);
> > int err;
> >
> > - err = xts_check_key(tfm, in_key, key_len);
> > + err = xts_verify_key(tfm, in_key, key_len);
> > if (err)
> > return err;
> >
> > @@ -133,7 +153,7 @@ static int ppc_xts_setkey(struct crypto_tfm *tfm, const u8 *in_key,
> > if (key_len != AES_KEYSIZE_128 &&
> > key_len != AES_KEYSIZE_192 &&
> > key_len != AES_KEYSIZE_256) {
> > - tfm->crt_flags |= CRYPTO_TFM_RES_BAD_KEY_LEN;
> > + crypto_skcipher_set_flags(tfm, CRYPTO_TFM_RES_BAD_KEY_LEN);
> > return -EINVAL;
> > }
> >
> > @@ -178,208 +198,154 @@ static void ppc_aes_decrypt(struct crypto_tfm *tfm, u8 *out, const u8 *in)
> > spe_end();
> > }
> >
> > -static int ppc_ecb_encrypt(struct blkcipher_desc *desc, struct scatterlist *dst,
> > - struct scatterlist *src, unsigned int nbytes)
> > +static int ppc_ecb_crypt(struct skcipher_request *req, bool enc)
> > {
> > - struct ppc_aes_ctx *ctx = crypto_blkcipher_ctx(desc->tfm);
> > - struct blkcipher_walk walk;
> > - unsigned int ubytes;
> > + struct crypto_skcipher *tfm = crypto_skcipher_reqtfm(req);
> > + struct ppc_aes_ctx *ctx = crypto_skcipher_ctx(tfm);
> > + struct skcipher_walk walk;
> > + unsigned int nbytes;
> > int err;
> >
> > - desc->flags &= ~CRYPTO_TFM_REQ_MAY_SLEEP;
> > - blkcipher_walk_init(&walk, dst, src, nbytes);
> > - err = blkcipher_walk_virt(desc, &walk);
> > + err = skcipher_walk_virt(&walk, req, false);
> >
>
> Shouldn't atomic be set to 'true' here to retain the non-sleeping behavior?
This was intentional since the non-sleeping behavior is unnecessary, as the call
to skcipher_walk_done() is not within the spe_begin() / spe_end() section.
I can split this into a separate patch if it would make it clearer, though.
>
> > - while ((nbytes = walk.nbytes)) {
> > - ubytes = nbytes > MAX_BYTES ?
> > - nbytes - MAX_BYTES : nbytes & (AES_BLOCK_SIZE - 1);
> > - nbytes -= ubytes;
> > + while ((nbytes = walk.nbytes) != 0) {
> > + nbytes = min_t(unsigned int, nbytes, MAX_BYTES);
> > + nbytes = round_down(nbytes, AES_BLOCK_SIZE);
> >
> > spe_begin();
> > - ppc_encrypt_ecb(walk.dst.virt.addr, walk.src.virt.addr,
> > - ctx->key_enc, ctx->rounds, nbytes);
> > + if (enc)
> > + ppc_encrypt_ecb(walk.dst.virt.addr, walk.src.virt.addr,
> > + ctx->key_enc, ctx->rounds, nbytes);
> > + else
> > + ppc_decrypt_ecb(walk.dst.virt.addr, walk.src.virt.addr,
> > + ctx->key_dec, ctx->rounds, nbytes);
> > spe_end();
> >
> > - err = blkcipher_walk_done(desc, &walk, ubytes);
> > + err = skcipher_walk_done(&walk, walk.nbytes - nbytes);
> > }
> >
> > return err;
> > }
next prev parent reply other threads:[~2019-10-14 17:38 UTC|newest]
Thread overview: 8+ messages / expand[flat|nested] mbox.gz Atom feed top
2019-10-12 2:29 [PATCH] crypto: powerpc - convert SPE AES algorithms to skcipher API Eric Biggers
2019-10-12 2:29 ` Eric Biggers
2019-10-14 8:45 ` Ard Biesheuvel
2019-10-14 8:45 ` Ard Biesheuvel
2019-10-14 17:38 ` Eric Biggers [this message]
2019-10-14 17:38 ` Eric Biggers
2019-10-14 17:52 ` Ard Biesheuvel
2019-10-14 17:52 ` Ard Biesheuvel
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20191014173848.GA104009@gmail.com \
--to=ebiggers@kernel.org \
--cc=ard.biesheuvel@linaro.org \
--cc=benh@kernel.crashing.org \
--cc=herbert@gondor.apana.org.au \
--cc=linux-crypto@vger.kernel.org \
--cc=linuxppc-dev@lists.ozlabs.org \
--cc=mpe@ellerman.id.au \
--cc=paulus@samba.org \
--cc=stockhausen@collogia.de \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.