| Message ID | 20200901062804.GA1533@gondor.apana.org.au (mailing list archive) |
|---|---|
| State | Superseded |
| Delegated to: | Herbert Xu |
| Headers | show |
| Series | [1/2] crypto: arm/aes-neonbs - Use generic cbc encryption path | expand |
On Tue, 1 Sep 2020 at 09:28, Herbert Xu <herbert@gondor.apana.org.au> wrote: > > Since commit b56f5cbc7e08ec7d31c42fc41e5247677f20b143 ("crypto: > arm/aes-neonbs - resolve fallback cipher at runtime") the CBC > encryption path in aes-neonbs is now identical to that obtained > through the cbc template. This means that it can simply call > the generic cbc template instead of doing its own thing. > > This patch removes the custom encryption path and simply invokes > the generic cbc template. > > Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au> > Aren't we ending up with a cbc(aes) implementation that allocates a cbc(aes) implementation as a fallback? > diff --git a/arch/arm/crypto/aes-neonbs-glue.c b/arch/arm/crypto/aes-neonbs-glue.c > index e6fd32919c81..b324c5500846 100644 > --- a/arch/arm/crypto/aes-neonbs-glue.c > +++ b/arch/arm/crypto/aes-neonbs-glue.c > @@ -8,7 +8,6 @@ > #include <asm/neon.h> > #include <asm/simd.h> > #include <crypto/aes.h> > -#include <crypto/cbc.h> > #include <crypto/ctr.h> > #include <crypto/internal/simd.h> > #include <crypto/internal/skcipher.h> > @@ -49,7 +48,7 @@ struct aesbs_ctx { > > struct aesbs_cbc_ctx { > struct aesbs_ctx key; > - struct crypto_cipher *enc_tfm; > + struct crypto_skcipher *enc_tfm; > }; > > struct aesbs_xts_ctx { > @@ -140,19 +139,23 @@ static int aesbs_cbc_setkey(struct crypto_skcipher *tfm, const u8 *in_key, > kernel_neon_end(); > memzero_explicit(&rk, sizeof(rk)); > > - return crypto_cipher_setkey(ctx->enc_tfm, in_key, key_len); > + return crypto_skcipher_setkey(ctx->enc_tfm, in_key, key_len); > } > > -static void cbc_encrypt_one(struct crypto_skcipher *tfm, const u8 *src, u8 *dst) > +static int cbc_encrypt(struct skcipher_request *req) > { > + struct skcipher_request *subreq = skcipher_request_ctx(req); > + struct crypto_skcipher *tfm = crypto_skcipher_reqtfm(req); > struct aesbs_cbc_ctx *ctx = crypto_skcipher_ctx(tfm); > > - crypto_cipher_encrypt_one(ctx->enc_tfm, dst, src); > -} > + skcipher_request_set_tfm(subreq, ctx->enc_tfm); > + skcipher_request_set_callback(subreq, > + skcipher_request_flags(req), > + NULL, NULL); > + skcipher_request_set_crypt(subreq, req->src, req->dst, > + req->cryptlen, req->iv); > > -static int cbc_encrypt(struct skcipher_request *req) > -{ > - return crypto_cbc_encrypt_walk(req, cbc_encrypt_one); > + return crypto_skcipher_encrypt(subreq); > } > > static int cbc_decrypt(struct skcipher_request *req) > @@ -183,20 +186,27 @@ static int cbc_decrypt(struct skcipher_request *req) > return err; > } > > -static int cbc_init(struct crypto_tfm *tfm) > +static int cbc_init(struct crypto_skcipher *tfm) > { > - struct aesbs_cbc_ctx *ctx = crypto_tfm_ctx(tfm); > + struct aesbs_cbc_ctx *ctx = crypto_skcipher_ctx(tfm); > + unsigned int reqsize; > + > + ctx->enc_tfm = crypto_alloc_skcipher("cbc(aes)", 0, 0); > + if (IS_ERR(ctx->enc_tfm)) > + return PTR_ERR(ctx->enc_tfm); > > - ctx->enc_tfm = crypto_alloc_cipher("aes", 0, 0); > + reqsize = sizeof(struct skcipher_request); > + reqsize += crypto_skcipher_reqsize(ctx->enc_tfm); > + crypto_skcipher_set_reqsize(tfm, reqsize); > > - return PTR_ERR_OR_ZERO(ctx->enc_tfm); > + return 0; > } > > -static void cbc_exit(struct crypto_tfm *tfm) > +static void cbc_exit(struct crypto_skcipher *tfm) > { > - struct aesbs_cbc_ctx *ctx = crypto_tfm_ctx(tfm); > + struct aesbs_cbc_ctx *ctx = crypto_skcipher_ctx(tfm); > > - crypto_free_cipher(ctx->enc_tfm); > + crypto_free_skcipher(ctx->enc_tfm); > } > > static int aesbs_ctr_setkey_sync(struct crypto_skcipher *tfm, const u8 *in_key, > @@ -432,8 +442,6 @@ static struct skcipher_alg aes_algs[] = { { > .base.cra_ctxsize = sizeof(struct aesbs_cbc_ctx), > .base.cra_module = THIS_MODULE, > .base.cra_flags = CRYPTO_ALG_INTERNAL, > - .base.cra_init = cbc_init, > - .base.cra_exit = cbc_exit, > > .min_keysize = AES_MIN_KEY_SIZE, > .max_keysize = AES_MAX_KEY_SIZE, > @@ -442,6 +450,8 @@ static struct skcipher_alg aes_algs[] = { { > .setkey = aesbs_cbc_setkey, > .encrypt = cbc_encrypt, > .decrypt = cbc_decrypt, > + .init = cbc_init, > + .exit = cbc_exit, > }, { > .base.cra_name = "__ctr(aes)", > .base.cra_driver_name = "__ctr-aes-neonbs", > -- > Email: Herbert Xu <herbert@gondor.apana.org.au> > Home Page: http://gondor.apana.org.au/~herbert/ > PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt
On Tue, Sep 01, 2020 at 11:47:03AM +0300, Ard Biesheuvel wrote: > On Tue, 1 Sep 2020 at 09:28, Herbert Xu <herbert@gondor.apana.org.au> wrote: > > > > Since commit b56f5cbc7e08ec7d31c42fc41e5247677f20b143 ("crypto: > > arm/aes-neonbs - resolve fallback cipher at runtime") the CBC > > encryption path in aes-neonbs is now identical to that obtained > > through the cbc template. This means that it can simply call > > the generic cbc template instead of doing its own thing. > > > > This patch removes the custom encryption path and simply invokes > > the generic cbc template. > > > > Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au> > > > > Aren't we ending up with a cbc(aes) implementation that allocates a > cbc(aes) implementation as a fallback? Good catch, I meant to make the fallback sync only. Thanks,
On Tue, 1 Sep 2020 at 14:48, Herbert Xu <herbert@gondor.apana.org.au> wrote: > > Since commit b56f5cbc7e08ec7d31c42fc41e5247677f20b143 ("crypto: > arm/aes-neonbs - resolve fallback cipher at runtime") the CBC > encryption path in aes-neonbs is now identical to that obtained > through the cbc template. This means that it can simply call > the generic cbc template instead of doing its own thing. > > This patch removes the custom encryption path and simply invokes > the generic cbc template. > > Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au> For the series, Reviewed-by: Ard Biesheuvel <ardb@kernel.org> > > diff --git a/arch/arm/crypto/aes-neonbs-glue.c b/arch/arm/crypto/aes-neonbs-glue.c > index e6fd32919c81..b324c5500846 100644 > --- a/arch/arm/crypto/aes-neonbs-glue.c > +++ b/arch/arm/crypto/aes-neonbs-glue.c > @@ -8,7 +8,6 @@ > #include <asm/neon.h> > #include <asm/simd.h> > #include <crypto/aes.h> > -#include <crypto/cbc.h> > #include <crypto/ctr.h> > #include <crypto/internal/simd.h> > #include <crypto/internal/skcipher.h> > @@ -49,7 +48,7 @@ struct aesbs_ctx { > > struct aesbs_cbc_ctx { > struct aesbs_ctx key; > - struct crypto_cipher *enc_tfm; > + struct crypto_skcipher *enc_tfm; > }; > > struct aesbs_xts_ctx { > @@ -140,19 +139,23 @@ static int aesbs_cbc_setkey(struct crypto_skcipher *tfm, const u8 *in_key, > kernel_neon_end(); > memzero_explicit(&rk, sizeof(rk)); > > - return crypto_cipher_setkey(ctx->enc_tfm, in_key, key_len); > + return crypto_skcipher_setkey(ctx->enc_tfm, in_key, key_len); > } > > -static void cbc_encrypt_one(struct crypto_skcipher *tfm, const u8 *src, u8 *dst) > +static int cbc_encrypt(struct skcipher_request *req) > { > + struct skcipher_request *subreq = skcipher_request_ctx(req); > + struct crypto_skcipher *tfm = crypto_skcipher_reqtfm(req); > struct aesbs_cbc_ctx *ctx = crypto_skcipher_ctx(tfm); > > - crypto_cipher_encrypt_one(ctx->enc_tfm, dst, src); > -} > + skcipher_request_set_tfm(subreq, ctx->enc_tfm); > + skcipher_request_set_callback(subreq, > + skcipher_request_flags(req), > + NULL, NULL); > + skcipher_request_set_crypt(subreq, req->src, req->dst, > + req->cryptlen, req->iv); > > -static int cbc_encrypt(struct skcipher_request *req) > -{ > - return crypto_cbc_encrypt_walk(req, cbc_encrypt_one); > + return crypto_skcipher_encrypt(subreq); > } > > static int cbc_decrypt(struct skcipher_request *req) > @@ -183,20 +186,27 @@ static int cbc_decrypt(struct skcipher_request *req) > return err; > } > > -static int cbc_init(struct crypto_tfm *tfm) > +static int cbc_init(struct crypto_skcipher *tfm) > { > - struct aesbs_cbc_ctx *ctx = crypto_tfm_ctx(tfm); > + struct aesbs_cbc_ctx *ctx = crypto_skcipher_ctx(tfm); > + unsigned int reqsize; > + > + ctx->enc_tfm = crypto_alloc_skcipher("cbc(aes)", 0, CRYPTO_ALG_ASYNC); > + if (IS_ERR(ctx->enc_tfm)) > + return PTR_ERR(ctx->enc_tfm); > > - ctx->enc_tfm = crypto_alloc_cipher("aes", 0, 0); > + reqsize = sizeof(struct skcipher_request); > + reqsize += crypto_skcipher_reqsize(ctx->enc_tfm); > + crypto_skcipher_set_reqsize(tfm, reqsize); > > - return PTR_ERR_OR_ZERO(ctx->enc_tfm); > + return 0; > } > > -static void cbc_exit(struct crypto_tfm *tfm) > +static void cbc_exit(struct crypto_skcipher *tfm) > { > - struct aesbs_cbc_ctx *ctx = crypto_tfm_ctx(tfm); > + struct aesbs_cbc_ctx *ctx = crypto_skcipher_ctx(tfm); > > - crypto_free_cipher(ctx->enc_tfm); > + crypto_free_skcipher(ctx->enc_tfm); > } > > static int aesbs_ctr_setkey_sync(struct crypto_skcipher *tfm, const u8 *in_key, > @@ -432,8 +442,6 @@ static struct skcipher_alg aes_algs[] = { { > .base.cra_ctxsize = sizeof(struct aesbs_cbc_ctx), > .base.cra_module = THIS_MODULE, > .base.cra_flags = CRYPTO_ALG_INTERNAL, > - .base.cra_init = cbc_init, > - .base.cra_exit = cbc_exit, > > .min_keysize = AES_MIN_KEY_SIZE, > .max_keysize = AES_MAX_KEY_SIZE, > @@ -442,6 +450,8 @@ static struct skcipher_alg aes_algs[] = { { > .setkey = aesbs_cbc_setkey, > .encrypt = cbc_encrypt, > .decrypt = cbc_decrypt, > + .init = cbc_init, > + .exit = cbc_exit, > }, { > .base.cra_name = "__ctr(aes)", > .base.cra_driver_name = "__ctr-aes-neonbs", > -- > Email: Herbert Xu <herbert@gondor.apana.org.au> > Home Page: http://gondor.apana.org.au/~herbert/ > PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt
diff --git a/arch/arm/crypto/aes-neonbs-glue.c b/arch/arm/crypto/aes-neonbs-glue.c index e6fd32919c81..b324c5500846 100644 --- a/arch/arm/crypto/aes-neonbs-glue.c +++ b/arch/arm/crypto/aes-neonbs-glue.c @@ -8,7 +8,6 @@ #include <asm/neon.h> #include <asm/simd.h> #include <crypto/aes.h> -#include <crypto/cbc.h> #include <crypto/ctr.h> #include <crypto/internal/simd.h> #include <crypto/internal/skcipher.h> @@ -49,7 +48,7 @@ struct aesbs_ctx { struct aesbs_cbc_ctx { struct aesbs_ctx key; - struct crypto_cipher *enc_tfm; + struct crypto_skcipher *enc_tfm; }; struct aesbs_xts_ctx { @@ -140,19 +139,23 @@ static int aesbs_cbc_setkey(struct crypto_skcipher *tfm, const u8 *in_key, kernel_neon_end(); memzero_explicit(&rk, sizeof(rk)); - return crypto_cipher_setkey(ctx->enc_tfm, in_key, key_len); + return crypto_skcipher_setkey(ctx->enc_tfm, in_key, key_len); } -static void cbc_encrypt_one(struct crypto_skcipher *tfm, const u8 *src, u8 *dst) +static int cbc_encrypt(struct skcipher_request *req) { + struct skcipher_request *subreq = skcipher_request_ctx(req); + struct crypto_skcipher *tfm = crypto_skcipher_reqtfm(req); struct aesbs_cbc_ctx *ctx = crypto_skcipher_ctx(tfm); - crypto_cipher_encrypt_one(ctx->enc_tfm, dst, src); -} + skcipher_request_set_tfm(subreq, ctx->enc_tfm); + skcipher_request_set_callback(subreq, + skcipher_request_flags(req), + NULL, NULL); + skcipher_request_set_crypt(subreq, req->src, req->dst, + req->cryptlen, req->iv); -static int cbc_encrypt(struct skcipher_request *req) -{ - return crypto_cbc_encrypt_walk(req, cbc_encrypt_one); + return crypto_skcipher_encrypt(subreq); } static int cbc_decrypt(struct skcipher_request *req) @@ -183,20 +186,27 @@ static int cbc_decrypt(struct skcipher_request *req) return err; } -static int cbc_init(struct crypto_tfm *tfm) +static int cbc_init(struct crypto_skcipher *tfm) { - struct aesbs_cbc_ctx *ctx = crypto_tfm_ctx(tfm); + struct aesbs_cbc_ctx *ctx = crypto_skcipher_ctx(tfm); + unsigned int reqsize; + + ctx->enc_tfm = crypto_alloc_skcipher("cbc(aes)", 0, 0); + if (IS_ERR(ctx->enc_tfm)) + return PTR_ERR(ctx->enc_tfm); - ctx->enc_tfm = crypto_alloc_cipher("aes", 0, 0); + reqsize = sizeof(struct skcipher_request); + reqsize += crypto_skcipher_reqsize(ctx->enc_tfm); + crypto_skcipher_set_reqsize(tfm, reqsize); - return PTR_ERR_OR_ZERO(ctx->enc_tfm); + return 0; } -static void cbc_exit(struct crypto_tfm *tfm) +static void cbc_exit(struct crypto_skcipher *tfm) { - struct aesbs_cbc_ctx *ctx = crypto_tfm_ctx(tfm); + struct aesbs_cbc_ctx *ctx = crypto_skcipher_ctx(tfm); - crypto_free_cipher(ctx->enc_tfm); + crypto_free_skcipher(ctx->enc_tfm); } static int aesbs_ctr_setkey_sync(struct crypto_skcipher *tfm, const u8 *in_key, @@ -432,8 +442,6 @@ static struct skcipher_alg aes_algs[] = { { .base.cra_ctxsize = sizeof(struct aesbs_cbc_ctx), .base.cra_module = THIS_MODULE, .base.cra_flags = CRYPTO_ALG_INTERNAL, - .base.cra_init = cbc_init, - .base.cra_exit = cbc_exit, .min_keysize = AES_MIN_KEY_SIZE, .max_keysize = AES_MAX_KEY_SIZE, @@ -442,6 +450,8 @@ static struct skcipher_alg aes_algs[] = { { .setkey = aesbs_cbc_setkey, .encrypt = cbc_encrypt, .decrypt = cbc_decrypt, + .init = cbc_init, + .exit = cbc_exit, }, { .base.cra_name = "__ctr(aes)", .base.cra_driver_name = "__ctr-aes-neonbs",
Since commit b56f5cbc7e08ec7d31c42fc41e5247677f20b143 ("crypto: arm/aes-neonbs - resolve fallback cipher at runtime") the CBC encryption path in aes-neonbs is now identical to that obtained through the cbc template. This means that it can simply call the generic cbc template instead of doing its own thing. This patch removes the custom encryption path and simply invokes the generic cbc template. Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>