From: Herbert Xu <herbert@gondor.apana.org.au>
To: "Ondrej Mosnáček" <omosnacek@gmail.com>
Cc: linux-crypto@vger.kernel.org
Subject: Re: AEAD: Having separate underlying cipher handle for each request
Date: Wed, 6 Jul 2016 14:31:49 +0800 [thread overview]
Message-ID: <20160706063149.GA14106@gondor.apana.org.au> (raw)
In-Reply-To: <CAAUqJDvY9x+iOkH_vNQS9+qV+ONkbfgprOKFGcRXNe2788JnBA@mail.gmail.com>
Ondrej Mosnáček <omosnacek@gmail.com> wrote:
> Hi,
>
> I'm trying to experimentally implement the GCM-SIV AEAD algorithm from
> [1] for the Linux crypto API and I've ran into a problem...
>
> Basically, the encryption/decryption process starts by deriving a
> so-called "record-encryption key" from the nonce (by encrypting it
> using another key) and this key is then used to encrypt the plaintext
> in CTR mode and to encrypt the final authentication tag (otherwise it
> works similarly to GCM).
>
> Since the API is asynchronous and multiple requests can be executed in
> parallel over a single cipher handle (according to [2]), I need to
> have a separate underlying cipher handle for each AEAD request.
>
> Now this is a problem, because aead_request has no init/destroy
> mechanism where I could allocate/free the cipher handle, which means I
> would have to do this inside the encrypt/decrypt function. AFAIK,
> allocating with GFP_KERNEL inside encrypt/decrypt functions is
> problematic, as they may be called from an atomic context.
>
> Besides, it seems that also the crypto_*_setkey functions are not
> guaranteed to be atomic [3], and I will need to call such function
> either way... OTOH, the CTR mode/AES driver should not really need to
> allocate any memory there, so this may be tolerable...
>
> Does anyone have any ideas how to deal with this?
Well you're pretty much screwed as far as performance is concerned.
So just postpone all processing to process context and allocate a new
tfm for each request.
Cheers,
--
Email: Herbert Xu <herbert@gondor.apana.org.au>
Home Page: http://gondor.apana.org.au/~herbert/
PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt
next prev parent reply other threads:[~2016-07-06 7:03 UTC|newest]
Thread overview: 5+ messages / expand[flat|nested] mbox.gz Atom feed top
2016-07-05 11:44 AEAD: Having separate underlying cipher handle for each request Ondrej Mosnáček
2016-07-05 16:11 ` Stephan Mueller
2016-07-06 13:07 ` Ondrej Mosnáček
2016-07-06 6:31 ` Herbert Xu [this message]
2016-07-06 13:10 ` Ondrej Mosnáček
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20160706063149.GA14106@gondor.apana.org.au \
--to=herbert@gondor.apana.org.au \
--cc=linux-crypto@vger.kernel.org \
--cc=omosnacek@gmail.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox