From: Eric Biggers <ebiggers@kernel.org>
To: David Howells <dhowells@redhat.com>
Cc: netdev@vger.kernel.org, Herbert Xu <herbert@gondor.apana.org.au>,
Marc Dionne <marc.dionne@auristor.com>,
Jakub Kicinski <kuba@kernel.org>,
"David S. Miller" <davem@davemloft.net>,
Eric Dumazet <edumazet@google.com>,
Paolo Abeni <pabeni@redhat.com>, Simon Horman <horms@kernel.org>,
Trond Myklebust <trond.myklebust@hammerspace.com>,
Chuck Lever <chuck.lever@oracle.com>,
Ard Biesheuvel <ardb@kernel.org>,
"Cabiddu, Giovanni" <giovanni.cabiddu@intel.com>,
qat-linux <qat-linux@intel.com>,
linux-crypto@vger.kernel.org, linux-afs@lists.infradead.org,
linux-nfs@vger.kernel.org, linux-fsdevel@vger.kernel.org,
linux-kernel@vger.kernel.org
Subject: Re: [PATCH net 03/24] crypto: Add 'krb5enc' hash and cipher AEAD algorithm
Date: Sun, 9 Feb 2025 11:05:25 -0800 [thread overview]
Message-ID: <20250209190525.GA6017@sol.localdomain> (raw)
In-Reply-To: <1934772.1739126247@warthog.procyon.org.uk>
On Sun, Feb 09, 2025 at 06:37:27PM +0000, David Howells wrote:
> One of the issues I have with doing it on the CPU is that you have to do two
> operations and, currently, they're done synchronously and serially.
>
> Can you implement "auth5enc(hmac(sha256),cts(cbc(aes)))" in assembly and
> actually make the assembly do both the AES and SHA at the same time? It looks
> like it *might* be possible - but that you might be an XMM register short of
> being able to do it:-/
Yes, that would be the proper way to optimize that algorithm. Someone just
needs to do it. (And presumably you want this one and not Camellia which you
are also pushing for some reason?)
> > I don't see why off-CPU hardware offload support should deserve much
> > attention here, given the extremely high speed of on-CPU crypto these days
> > and the great difficulty of integrating off-CPU acceleration efficiently.
> > In particular it seems weird to consider Intel QAT a reasonable thing to use
> > over VAES.
>
> Because some modern CPUs come with on-die crypto offload - and that can do
> hash+encrypt or encrypt+hash in parallel. Now, there are a couple of issues
> with using the QAT here:
>
> (1) It doesn't support CTS. This means we'd have to impose the CTS from
> above - and that may well make it unusable in doing hash + encrypt
> simultaneously.
>
> (2) It really needs batching to make it cheap enough to use. This might
> actually be less of a problem - at least for rxgk. The data is split up
> into fixed-size packets, but for a large amount of data we can end up
> filling packets faster than we can transmit them. This offers the
> opportunity to batch them - up to ~8192 packets in a single batch.
>
> For NFS, things are a bit different. Because that mostly uses a streaming
> transport these days, it wants to prepare a single huge message in one go -
> and being able to parallellise the encrypt and the hash could be a benefit.
Right, the batching is always a huge issue for those types of accelerators. A
much more promising approach is to just fully take advantage of the CPU
instructions that already accelerate the same algorithms very well.
- Eric
next prev parent reply other threads:[~2025-02-09 19:05 UTC|newest]
Thread overview: 35+ messages / expand[flat|nested] mbox.gz Atom feed top
2025-02-03 14:23 [PATCH net 00/24] net/rxrpc, crypto: Add Kerberos crypto lib and AF_RXRPC GSSAPI security class David Howells
2025-02-03 14:23 ` [PATCH net 01/24] crypto/krb5: Add API Documentation David Howells
2025-02-03 14:23 ` [PATCH net 02/24] crypto/krb5: Add some constants out of sunrpc headers David Howells
2025-02-03 14:23 ` [PATCH net 03/24] crypto: Add 'krb5enc' hash and cipher AEAD algorithm David Howells
2025-02-07 8:56 ` Herbert Xu
2025-02-09 17:53 ` David Howells
2025-02-07 20:04 ` Eric Biggers
2025-02-09 18:37 ` David Howells
2025-02-09 19:05 ` Eric Biggers [this message]
2025-02-10 8:10 ` Herbert Xu
2025-03-18 10:51 ` Geert Uytterhoeven
2025-03-18 11:09 ` David Howells
2025-02-03 14:23 ` [PATCH net 04/24] crypto/krb5: Test manager data David Howells
2025-02-03 14:23 ` [PATCH net 05/24] crypto/krb5: Implement Kerberos crypto core David Howells
2025-02-03 14:23 ` [PATCH net 06/24] crypto/krb5: Add an API to query the layout of the crypto section David Howells
2025-02-03 14:23 ` [PATCH net 07/24] crypto/krb5: Add an API to alloc and prepare a crypto object David Howells
2025-02-03 14:23 ` [PATCH net 08/24] crypto/krb5: Add an API to perform requests David Howells
2025-02-03 14:23 ` [PATCH net 09/24] crypto/krb5: Provide infrastructure and key derivation David Howells
2025-02-03 14:23 ` [PATCH net 10/24] crypto/krb5: Implement the Kerberos5 rfc3961 " David Howells
2025-02-03 14:23 ` [PATCH net 11/24] crypto/krb5: Provide RFC3961 setkey packaging functions David Howells
2025-02-03 14:23 ` [PATCH net 12/24] crypto/krb5: Implement the Kerberos5 rfc3961 encrypt and decrypt functions David Howells
2025-02-03 14:23 ` [PATCH net 13/24] crypto/krb5: Implement the Kerberos5 rfc3961 get_mic and verify_mic David Howells
2025-02-03 14:23 ` [PATCH net 14/24] crypto/krb5: Implement the AES enctypes from rfc3962 David Howells
2025-02-03 14:23 ` [PATCH net 15/24] crypto/krb5: Implement the AES enctypes from rfc8009 David Howells
2025-02-03 14:23 ` [PATCH net 16/24] crypto/krb5: Implement the Camellia enctypes from rfc6803 David Howells
2025-02-03 14:23 ` [PATCH net 17/24] crypto/krb5: Implement crypto self-testing David Howells
2025-02-03 14:23 ` [PATCH net 18/24] rxrpc: Pull out certain app callback funcs into an ops table David Howells
2025-02-03 14:23 ` [PATCH net 19/24] rxrpc: Pass CHALLENGE packets to the call for recvmsg() to respond to David Howells
2025-02-03 14:23 ` [PATCH net 20/24] rxrpc: Add the security index for yfs-rxgk David Howells
2025-02-06 9:54 ` Jeffrey Altman
2025-02-03 14:23 ` [PATCH net 21/24] rxrpc: Add YFS RxGK (GSSAPI) security class David Howells
2025-02-03 14:23 ` [PATCH net 22/24] rxrpc: rxgk: Provide infrastructure and key derivation David Howells
2025-02-03 14:23 ` [PATCH net 23/24] rxrpc: rxgk: Implement the yfs-rxgk security class (GSSAPI) David Howells
2025-02-03 14:23 ` [PATCH net 24/24] rxrpc: rxgk: Implement connection rekeying David Howells
2025-02-03 14:51 ` [PATCH net 00/24] net/rxrpc, crypto: Add Kerberos crypto lib and AF_RXRPC GSSAPI security class David Howells
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20250209190525.GA6017@sol.localdomain \
--to=ebiggers@kernel.org \
--cc=ardb@kernel.org \
--cc=chuck.lever@oracle.com \
--cc=davem@davemloft.net \
--cc=dhowells@redhat.com \
--cc=edumazet@google.com \
--cc=giovanni.cabiddu@intel.com \
--cc=herbert@gondor.apana.org.au \
--cc=horms@kernel.org \
--cc=kuba@kernel.org \
--cc=linux-afs@lists.infradead.org \
--cc=linux-crypto@vger.kernel.org \
--cc=linux-fsdevel@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-nfs@vger.kernel.org \
--cc=marc.dionne@auristor.com \
--cc=netdev@vger.kernel.org \
--cc=pabeni@redhat.com \
--cc=qat-linux@intel.com \
--cc=trond.myklebust@hammerspace.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox