From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from bombadil.infradead.org (bombadil.infradead.org [198.137.202.133]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.lore.kernel.org (Postfix) with ESMTPS id A862BCCF9F1 for ; Thu, 30 Oct 2025 10:11:21 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=lists.infradead.org; s=bombadil.20210309; h=Sender:Reply-To:List-Subscribe: List-Help:List-Post:List-Archive:List-Unsubscribe:List-Id: Content-Transfer-Encoding:Content-Type:Message-ID:References:In-Reply-To: Subject:Cc:To:From:Date:MIME-Version:Content-ID:Content-Description: Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID: List-Owner; bh=b+9c//CqGqXs1EvYyaw9p4mfVGksibj40nFftwj0X2c=; b=qGiJ2OgoHaTl4r wCoJhvJdm+J3p1eEX2ic1kCtrO/SpcqZzx1kAW3lV7pN+v+/6Sxoh/mCicOvt6ShIg2JaSIm+OnCL M5BwmQL76OGDue3eyYtHrZGLO1VhNhuyeSN9xsY7fjl9YDckrEPDH681s18oDN0CNXKXkFBg6+7GK 5mATrxGEPBxhOQkslQjJZhTP47TbZzpKCMWEHARVBjY6x/xwH41CpAuIICnKQmz82ejFzmNphyF2a XS7gsodf0ypPPFn5MoblapjIcUhDBKYmiPf+ijBH6xW0JskfBo7+qN/HfZ90Ww1GU7Ph1f77aKpG+ y9uQm5AdZHfajx7NCtdQ==; Received: from localhost ([::1] helo=bombadil.infradead.org) by bombadil.infradead.org with esmtp (Exim 4.98.2 #2 (Red Hat Linux)) id 1vEPce-00000003x3E-3s6i; Thu, 30 Oct 2025 10:11:12 +0000 Received: from mx0b-001b2d01.pphosted.com ([148.163.158.5]) by bombadil.infradead.org with esmtps (Exim 4.98.2 #2 (Red Hat Linux)) id 1vEPcZ-00000003x1e-1kgK for linux-arm-kernel@lists.infradead.org; Thu, 30 Oct 2025 10:11:11 +0000 Received: from pps.filterd (m0356516.ppops.net [127.0.0.1]) by mx0a-001b2d01.pphosted.com (8.18.1.2/8.18.1.2) with ESMTP id 59TKfqth026155; Thu, 30 Oct 2025 10:10:25 GMT DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ibm.com; h=cc :content-transfer-encoding:content-type:date:from:in-reply-to :message-id:mime-version:references:reply-to:subject:to; s=pp1; bh=b+9c//CqGqXs1EvYyaw9p4mfVGksibj40nFftwj0X2c=; b=HZ5pUGLAVosr D4gJY0ZzWO1qUpd3FYVqOCF8utJoR3aEb/BDWGkwS/Afbg2zab+PQkt0RIGZ/hF2 kFXQAv4Z6IgNC854SpCnTgfaypHNn8COBdn+csFJrOouRbhhjGaDCku8Vo3JwxMy wkiwweW9/VJ3IpTLZDYgz9IjafSQ6iJyX3dm9JEsrGIzX78bHIRWp8eXSfulal79 iTTR8viyJ1RkQ6+fPh9CETL3L26Uh2YM1CRPa5qX4mWMwLd4JdrEkxHF3Ne8I9cm q4FXpvT4QRDvzV0Zz5L+f200NqxGKcF/7vAKiVjCMwrBlqouAocMTUneQ4vvHbqp cisQz6jnvw== Received: from ppma22.wdc07v.mail.ibm.com (5c.69.3da9.ip4.static.sl-reverse.com [169.61.105.92]) by mx0a-001b2d01.pphosted.com (PPS) with ESMTPS id 4a34aaqhjv-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Thu, 30 Oct 2025 10:10:25 +0000 (GMT) Received: from pps.filterd (ppma22.wdc07v.mail.ibm.com [127.0.0.1]) by ppma22.wdc07v.mail.ibm.com (8.18.1.2/8.18.1.2) with ESMTP id 59U9exwE023919; Thu, 30 Oct 2025 10:10:24 GMT Received: from smtprelay07.dal12v.mail.ibm.com ([172.16.1.9]) by ppma22.wdc07v.mail.ibm.com (PPS) with ESMTPS id 4a33vx849j-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Thu, 30 Oct 2025 10:10:24 +0000 Received: from smtpav02.wdc07v.mail.ibm.com (smtpav02.wdc07v.mail.ibm.com [10.39.53.229]) by smtprelay07.dal12v.mail.ibm.com (8.14.9/8.14.9/NCO v10.0) with ESMTP id 59UAANik6947366 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=OK); Thu, 30 Oct 2025 10:10:23 GMT Received: from smtpav02.wdc07v.mail.ibm.com (unknown [127.0.0.1]) by IMSVA (Postfix) with ESMTP id 8EE825805F; Thu, 30 Oct 2025 10:10:23 +0000 (GMT) Received: from smtpav02.wdc07v.mail.ibm.com (unknown [127.0.0.1]) by IMSVA (Postfix) with ESMTP id AB5705805B; Thu, 30 Oct 2025 10:10:22 +0000 (GMT) Received: from ltc.linux.ibm.com (unknown [9.5.196.140]) by smtpav02.wdc07v.mail.ibm.com (Postfix) with ESMTP; Thu, 30 Oct 2025 10:10:22 +0000 (GMT) MIME-Version: 1.0 Date: Thu, 30 Oct 2025 11:10:22 +0100 From: Harald Freudenberger To: Eric Biggers Cc: linux-crypto@vger.kernel.org, David Howells , Ard Biesheuvel , "Jason A . Donenfeld" , Holger Dengler , Herbert Xu , linux-arm-kernel@lists.infradead.org, linux-s390@vger.kernel.org, linux-kernel@vger.kernel.org Subject: Re: [PATCH v2 00/15] SHA-3 library Mail-Reply-To: freude@linux.ibm.com In-Reply-To: <20251029163216.GA1603@sol> References: <20251026055032.1413733-1-ebiggers@kernel.org> <20251029163216.GA1603@sol> Message-ID: X-Sender: freude@linux.ibm.com Content-Type: text/plain; charset=US-ASCII; format=flowed Content-Transfer-Encoding: 7bit X-TM-AS-GCONF: 00 X-Authority-Analysis: v=2.4 cv=ALkgKXG8 c=1 sm=1 tr=0 ts=69033991 cx=c_pps a=5BHTudwdYE3Te8bg5FgnPg==:117 a=5BHTudwdYE3Te8bg5FgnPg==:17 a=kj9zAlcOel0A:10 a=x6icFKpwvdMA:10 a=VkNPw1HP01LnGYTKEx00:22 a=WVmDiQGdFGOvvYNDNwwA:9 a=CjuIK1q_8ugA:10 a=cPQSjfK2_nFv0Q5t_7PE:22 X-Proofpoint-ORIG-GUID: 1NTO-GqcrkTuq3zAPtgiiup9KtYe8xFC X-Proofpoint-Spam-Details-Enc: AW1haW4tMjUxMDI4MDE2NiBTYWx0ZWRfX0VdIDefrEemR oyDicGdm8gl6OM91qy96lykDj0F3lXrv1kMFJVJAUdfu0jEUzASdRCCQM7SfwK1NE/rsG8Te3Q5 JNzilqS6YwqXXpIwlBbVSIeg+tzYGxwC7w9a1tcMjLmQeer7HIF9SBVhYiCxKR2Ya4GqqVcsVEy j/2PkkhSMd77aXOTnuuc6d+Q5KJ26B9lX9vyevKa23naSUPGstkGRhIn4ililE+S8JI/+hJRMGy JGQsVG03xdEC3liLanplyG5a4d90DWOHxCGJbSOzlat6gFMkzyaRS3PjvhLgJD2MDJ1ro643trg NEhilKFA4uRJF33gnTQZv+DbJ0dNc8pnO5s9nut3kgssduKZWp/VI2wKxgCI+WomEC30IGB+15Y CMsz8wTp7kAtxx6K/vIvlAkT2fL8Kg== X-Proofpoint-GUID: 1NTO-GqcrkTuq3zAPtgiiup9KtYe8xFC X-Proofpoint-Virus-Version: vendor=baseguard engine=ICAP:2.0.293,Aquarius:18.0.1121,Hydra:6.1.9,FMLib:17.12.100.49 definitions=2025-10-30_02,2025-10-29_03,2025-10-01_01 X-Proofpoint-Spam-Details: rule=outbound_notspam policy=outbound score=0 priorityscore=1501 suspectscore=0 impostorscore=0 lowpriorityscore=0 clxscore=1015 adultscore=0 bulkscore=0 malwarescore=0 phishscore=0 spamscore=0 classifier=typeunknown authscore=0 authtc= authcc= route=outbound adjust=0 reason=mlx scancount=1 engine=8.19.0-2510240000 definitions=main-2510280166 X-CRM114-Version: 20100106-BlameMichelson ( TRE 0.8.0 (BSD) ) MR-646709E3 X-CRM114-CacheID: sfid-20251030_031107_586029_D0666FB6 X-CRM114-Status: GOOD ( 31.49 ) X-BeenThere: linux-arm-kernel@lists.infradead.org X-Mailman-Version: 2.1.34 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Reply-To: freude@linux.ibm.com Sender: "linux-arm-kernel" Errors-To: linux-arm-kernel-bounces+linux-arm-kernel=archiver.kernel.org@lists.infradead.org On 2025-10-29 17:32, Eric Biggers wrote: > On Wed, Oct 29, 2025 at 10:30:40AM +0100, Harald Freudenberger wrote: >> > If the s390 folks could re-test the s390 optimized SHA-3 code (by >> > enabling CRYPTO_LIB_SHA3_KUNIT_TEST and CRYPTO_LIB_BENCHMARK), that >> > would be helpful. QEMU doesn't support the instructions it uses. Also, >> > it would be helpful to provide the benchmark output from just before >> > "lib/crypto: s390/sha3: Add optimized Keccak function", just after it, >> > and after "lib/crypto: s390/sha3: Add optimized one-shot SHA-3 digest >> > functions". Then we can verify that each change is useful. > [...] >> >> Picked this series from your ebiggers repo branch sha3-lib-v2. >> Build on s390 runs without any complains, no warnings. >> As recommended I enabled the KUNIT option and also >> CRYPTO_SELFTESTS_FULL. >> With an "modprobe tcrypt" I enforced to run the selftests >> and in parallel I checked that the s390 specific CPACF instructions >> are really used (can be done with the pai command and check for >> the KIMD_SHA3_* counters). Also ran some AF-alg tests to verify >> all the the sha3 hashes and check for thread safety. >> All this ran without any findings. However there are NO performance >> related tests involved. > > Thanks! Just to confirm, did you actually run the sha3 KUnit test and > verify that all its test cases passed? That's the most important one. > It also includes a benchmark, if CONFIG_CRYPTO_LIB_BENCHMARK=y is > enabled, and I was hoping to see your results from that after each > change. The results get printed to the kernel log when the test runs. > Here it is - as this is a zVM system the benchmark values may show poor performance. Oct 30 10:46:44 b3545008.lnxne.boe kernel: KTAP version 1 Oct 30 10:46:44 b3545008.lnxne.boe kernel: 1..1 Oct 30 10:46:44 b3545008.lnxne.boe kernel: KTAP version 1 Oct 30 10:46:44 b3545008.lnxne.boe kernel: # Subtest: sha3 Oct 30 10:46:44 b3545008.lnxne.boe kernel: # module: sha3_kunit Oct 30 10:46:44 b3545008.lnxne.boe kernel: 1..21 Oct 30 10:46:44 b3545008.lnxne.boe kernel: ok 1 test_hash_test_vectors Oct 30 10:46:44 b3545008.lnxne.boe kernel: ok 2 test_hash_all_lens_up_to_4096 Oct 30 10:46:44 b3545008.lnxne.boe kernel: ok 3 test_hash_incremental_updates Oct 30 10:46:44 b3545008.lnxne.boe kernel: ok 4 test_hash_buffer_overruns Oct 30 10:46:44 b3545008.lnxne.boe kernel: ok 5 test_hash_overlaps Oct 30 10:46:44 b3545008.lnxne.boe kernel: ok 6 test_hash_alignment_consistency Oct 30 10:46:44 b3545008.lnxne.boe kernel: ok 7 test_hash_ctx_zeroization Oct 30 10:46:44 b3545008.lnxne.boe kernel: ok 8 test_hash_interrupt_context_1 Oct 30 10:46:44 b3545008.lnxne.boe kernel: ok 9 test_hash_interrupt_context_2 Oct 30 10:46:44 b3545008.lnxne.boe kernel: ok 10 test_sha3_224_basic Oct 30 10:46:44 b3545008.lnxne.boe kernel: ok 11 test_sha3_256_basic Oct 30 10:46:44 b3545008.lnxne.boe kernel: ok 12 test_sha3_384_basic Oct 30 10:46:44 b3545008.lnxne.boe kernel: ok 13 test_sha3_512_basic Oct 30 10:46:44 b3545008.lnxne.boe kernel: ok 14 test_shake128_basic Oct 30 10:46:44 b3545008.lnxne.boe kernel: ok 15 test_shake256_basic Oct 30 10:46:44 b3545008.lnxne.boe kernel: ok 16 test_shake128_nist Oct 30 10:46:44 b3545008.lnxne.boe kernel: ok 17 test_shake256_nist Oct 30 10:46:44 b3545008.lnxne.boe kernel: ok 18 test_shake_all_lens_up_to_4096 Oct 30 10:46:44 b3545008.lnxne.boe kernel: ok 19 test_shake_multiple_squeezes Oct 30 10:46:44 b3545008.lnxne.boe kernel: ok 20 test_shake_with_guarded_bufs Oct 30 10:46:44 b3545008.lnxne.boe kernel: # benchmark_hash: len=1: 14 MB/s Oct 30 10:46:44 b3545008.lnxne.boe kernel: # benchmark_hash: len=16: 109 MB/s Oct 30 10:46:44 b3545008.lnxne.boe kernel: # benchmark_hash: len=64: 911 MB/s Oct 30 10:46:44 b3545008.lnxne.boe kernel: # benchmark_hash: len=127: 1849 MB/s Oct 30 10:46:44 b3545008.lnxne.boe kernel: # benchmark_hash: len=128: 1872 MB/s Oct 30 10:46:44 b3545008.lnxne.boe kernel: # benchmark_hash: len=200: 2647 MB/s Oct 30 10:46:44 b3545008.lnxne.boe kernel: # benchmark_hash: len=256: 3338 MB/s Oct 30 10:46:44 b3545008.lnxne.boe kernel: # benchmark_hash: len=511: 5484 MB/s Oct 30 10:46:44 b3545008.lnxne.boe kernel: # benchmark_hash: len=512: 5562 MB/s Oct 30 10:46:44 b3545008.lnxne.boe kernel: # benchmark_hash: len=1024: 8297 MB/s Oct 30 10:46:44 b3545008.lnxne.boe kernel: # benchmark_hash: len=3173: 12625 MB/s Oct 30 10:46:44 b3545008.lnxne.boe kernel: # benchmark_hash: len=4096: 11242 MB/s Oct 30 10:46:44 b3545008.lnxne.boe kernel: # benchmark_hash: len=16384: 12853 MB/s Oct 30 10:46:44 b3545008.lnxne.boe kernel: ok 21 benchmark_hash Oct 30 10:46:44 b3545008.lnxne.boe kernel: # sha3: pass:21 fail:0 skip:0 total:21 Oct 30 10:46:44 b3545008.lnxne.boe kernel: # Totals: pass:21 fail:0 skip:0 total:21 Oct 30 10:46:44 b3545008.lnxne.boe kernel: ok 1 sha3 >> What's a little bit tricky here is that the sha3 lib is statically >> build into the kernel. So no chance to unload/load this as a module. >> For sha1 and the sha2 stuff I can understand the need to have this >> statically enabled in the kernel. Sha3 is only supposed to be >> available >> as backup in case of sha2 deficiencies. So I can't see why this is >> really statically needed. > > CONFIG_CRYPTO_LIB_SHA3 is a tristate option. It can be either built-in > or a loadable module, depending on what other kconfig options select > it. > Same as all the other crypto library modules. I know and see this. However, I am unable to switch this to 'm'. It seems like the root cause is that CRYPTO_SHA3='y' and I can't change this to 'm'. And honestly I am unable to read these dependencies (forgive my ignorance): CONFIG_CRYPTO_SHA3: SHA-3 secure hash algorithms (FIPS 202, ISO/IEC 10118-3) Symbol: CRYPTO_SHA3 [=y] Type : tristate Defined at crypto/Kconfig:1006 Prompt: SHA-3 Depends on: CRYPTO [=y] Location: -> Cryptographic API (CRYPTO [=y]) -> Hashes, digests, and MACs -> SHA-3 (CRYPTO_SHA3 [=y]) Selects: CRYPTO_HASH [=y] && CRYPTO_LIB_SHA3 [=y] Selected by [y]: - CRYPTO_JITTERENTROPY [=y] && CRYPTO [=y] Selected by [n]: - MODULE_SIG_SHA3_256 [=n] && MODULES [=y] && (MODULE_SIG [=y] || IMA_APPRAISE_MODSIG [=n]) - MODULE_SIG_SHA3_384 [=n] && MODULES [=y] && (MODULE_SIG [=y] || IMA_APPRAISE_MODSIG [=n]) - MODULE_SIG_SHA3_512 [=n] && MODULES [=y] && (MODULE_SIG [=y] || IMA_APPRAISE_MODSIG [=n]) - CRYPTO_DEV_ZYNQMP_SHA3 [=n] && CRYPTO [=y] && CRYPTO_HW [=y] && (ZYNQMP_FIRMWARE [=n] || COMPILE_TEST [=n]) - CRYPTO_DEV_STM32_HASH [=n] && CRYPTO [=y] && CRYPTO_HW [=y] && (ARCH_STM32 || ARCH_U8500) && HAS_DMA [=y] - CRYPTO_DEV_SAFEXCEL [=n] && CRYPTO [=y] && CRYPTO_HW [=y] && (OF [=n] || PCI [=y] || COMPILE_TEST [=n]) && HAS_IOMEM [=y] > > - Eric