Re: [PATCH] crypto: vmx - convert to skcipher API
On Mon, May 20, 2019 at 09:44:48AM -0700, Eric Biggers wrote: > From: Eric Biggers > > Convert the VMX implementations of AES-CBC, AES-CTR, and AES-XTS from > the deprecated "blkcipher" API to the "skcipher" API. > > As part of this, I moved the skcipher_request for the fallback algorithm > off the stack and into the request context of the parent algorithm. > > I tested this in a PowerPC VM with CONFIG_CRYPTO_MANAGER_EXTRA_TESTS=y. > > Signed-off-by: Eric Biggers > --- > drivers/crypto/vmx/aes_cbc.c | 183 - > drivers/crypto/vmx/aes_ctr.c | 165 + > drivers/crypto/vmx/aes_xts.c | 175 ++- > drivers/crypto/vmx/aesp8-ppc.h | 2 - > drivers/crypto/vmx/vmx.c | 72 +++-- > 5 files changed, 252 insertions(+), 345 deletions(-) Patch applied. Thanks. -- Email: Herbert Xu Home Page: http://gondor.apana.org.au/~herbert/ PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt
Re: [PATCH] crypto: vmx - convert to skcipher API
Eric Biggers writes: > From: Eric Biggers > > Convert the VMX implementations of AES-CBC, AES-CTR, and AES-XTS from > the deprecated "blkcipher" API to the "skcipher" API. > > As part of this, I moved the skcipher_request for the fallback algorithm > off the stack and into the request context of the parent algorithm. > > I tested this in a PowerPC VM with CONFIG_CRYPTO_MANAGER_EXTRA_TESTS=y. I booted it a few times on a Power9 bare metal machine with panic_on_fail=1 and fuzz_iterations=400, no issues. Tested-by: Michael Ellerman cheers > Signed-off-by: Eric Biggers > --- > drivers/crypto/vmx/aes_cbc.c | 183 - > drivers/crypto/vmx/aes_ctr.c | 165 + > drivers/crypto/vmx/aes_xts.c | 175 ++- > drivers/crypto/vmx/aesp8-ppc.h | 2 - > drivers/crypto/vmx/vmx.c | 72 +++-- > 5 files changed, 252 insertions(+), 345 deletions(-) > > diff --git a/drivers/crypto/vmx/aes_cbc.c b/drivers/crypto/vmx/aes_cbc.c > index dae8af3c46dce..92e75a05d6a9e 100644 > --- a/drivers/crypto/vmx/aes_cbc.c > +++ b/drivers/crypto/vmx/aes_cbc.c > @@ -7,64 +7,52 @@ > * Author: Marcelo Henrique Cerri > */ > > -#include > -#include > -#include > -#include > #include > #include > #include > #include > -#include > -#include > +#include > > #include "aesp8-ppc.h" > > struct p8_aes_cbc_ctx { > - struct crypto_sync_skcipher *fallback; > + struct crypto_skcipher *fallback; > struct aes_key enc_key; > struct aes_key dec_key; > }; > > -static int p8_aes_cbc_init(struct crypto_tfm *tfm) > +static int p8_aes_cbc_init(struct crypto_skcipher *tfm) > { > - const char *alg = crypto_tfm_alg_name(tfm); > - struct crypto_sync_skcipher *fallback; > - struct p8_aes_cbc_ctx *ctx = crypto_tfm_ctx(tfm); > - > - fallback = crypto_alloc_sync_skcipher(alg, 0, > - CRYPTO_ALG_NEED_FALLBACK); > + struct p8_aes_cbc_ctx *ctx = crypto_skcipher_ctx(tfm); > + struct crypto_skcipher *fallback; > > + fallback = crypto_alloc_skcipher("cbc(aes)", 0, > + CRYPTO_ALG_NEED_FALLBACK | > + CRYPTO_ALG_ASYNC); > if (IS_ERR(fallback)) { > - printk(KERN_ERR > -"Failed to allocate transformation for '%s': %ld\n", > -alg, PTR_ERR(fallback)); > + pr_err("Failed to allocate cbc(aes) fallback: %ld\n", > +PTR_ERR(fallback)); > return PTR_ERR(fallback); > } > > - crypto_sync_skcipher_set_flags( > - fallback, > - crypto_skcipher_get_flags((struct crypto_skcipher *)tfm)); > + crypto_skcipher_set_reqsize(tfm, sizeof(struct skcipher_request) + > + crypto_skcipher_reqsize(fallback)); > ctx->fallback = fallback; > - > return 0; > } > > -static void p8_aes_cbc_exit(struct crypto_tfm *tfm) > +static void p8_aes_cbc_exit(struct crypto_skcipher *tfm) > { > - struct p8_aes_cbc_ctx *ctx = crypto_tfm_ctx(tfm); > + struct p8_aes_cbc_ctx *ctx = crypto_skcipher_ctx(tfm); > > - if (ctx->fallback) { > - crypto_free_sync_skcipher(ctx->fallback); > - ctx->fallback = NULL; > - } > + crypto_free_skcipher(ctx->fallback); > } > > -static int p8_aes_cbc_setkey(struct crypto_tfm *tfm, const u8 *key, > +static int p8_aes_cbc_setkey(struct crypto_skcipher *tfm, const u8 *key, >unsigned int keylen) > { > + struct p8_aes_cbc_ctx *ctx = crypto_skcipher_ctx(tfm); > int ret; > - struct p8_aes_cbc_ctx *ctx = crypto_tfm_ctx(tfm); > > preempt_disable(); > pagefault_disable(); > @@ -75,108 +63,71 @@ static int p8_aes_cbc_setkey(struct crypto_tfm *tfm, > const u8 *key, > pagefault_enable(); > preempt_enable(); > > - ret |= crypto_sync_skcipher_setkey(ctx->fallback, key, keylen); > + ret |= crypto_skcipher_setkey(ctx->fallback, key, keylen); > > return ret ? -EINVAL : 0; > } > > -static int p8_aes_cbc_encrypt(struct blkcipher_desc *desc, > - struct scatterlist *dst, > - struct scatterlist *src, unsigned int nbytes) > +static int p8_aes_cbc_crypt(struct skcipher_request *req, int enc) > { > + struct crypto_skcipher *tfm = crypto_skcipher_reqtfm(req); > + const struct p8_aes_cbc_ctx *ctx = crypto_skcipher_ctx(tfm); > + struct skcipher_walk walk; > + unsigned int nbytes; > int ret; > - struct blkcipher_walk walk; > - struct p8_aes_cbc_ctx *ctx = > - crypto_tfm_ctx(crypto_blkcipher_tfm(desc->tfm)); > > if (!crypto_simd_usable()) { > - SYNC_SKCIPHER_REQUEST_ON_STACK(req, ctx->fallback); > - skcipher_request_set_sync_tfm(req, ctx->fallback); > - skcipher_request_s
[PATCH] crypto: vmx - convert to skcipher API
From: Eric Biggers Convert the VMX implementations of AES-CBC, AES-CTR, and AES-XTS from the deprecated "blkcipher" API to the "skcipher" API. As part of this, I moved the skcipher_request for the fallback algorithm off the stack and into the request context of the parent algorithm. I tested this in a PowerPC VM with CONFIG_CRYPTO_MANAGER_EXTRA_TESTS=y. Signed-off-by: Eric Biggers --- drivers/crypto/vmx/aes_cbc.c | 183 - drivers/crypto/vmx/aes_ctr.c | 165 + drivers/crypto/vmx/aes_xts.c | 175 ++- drivers/crypto/vmx/aesp8-ppc.h | 2 - drivers/crypto/vmx/vmx.c | 72 +++-- 5 files changed, 252 insertions(+), 345 deletions(-) diff --git a/drivers/crypto/vmx/aes_cbc.c b/drivers/crypto/vmx/aes_cbc.c index dae8af3c46dce..92e75a05d6a9e 100644 --- a/drivers/crypto/vmx/aes_cbc.c +++ b/drivers/crypto/vmx/aes_cbc.c @@ -7,64 +7,52 @@ * Author: Marcelo Henrique Cerri */ -#include -#include -#include -#include #include #include #include #include -#include -#include +#include #include "aesp8-ppc.h" struct p8_aes_cbc_ctx { - struct crypto_sync_skcipher *fallback; + struct crypto_skcipher *fallback; struct aes_key enc_key; struct aes_key dec_key; }; -static int p8_aes_cbc_init(struct crypto_tfm *tfm) +static int p8_aes_cbc_init(struct crypto_skcipher *tfm) { - const char *alg = crypto_tfm_alg_name(tfm); - struct crypto_sync_skcipher *fallback; - struct p8_aes_cbc_ctx *ctx = crypto_tfm_ctx(tfm); - - fallback = crypto_alloc_sync_skcipher(alg, 0, - CRYPTO_ALG_NEED_FALLBACK); + struct p8_aes_cbc_ctx *ctx = crypto_skcipher_ctx(tfm); + struct crypto_skcipher *fallback; + fallback = crypto_alloc_skcipher("cbc(aes)", 0, +CRYPTO_ALG_NEED_FALLBACK | +CRYPTO_ALG_ASYNC); if (IS_ERR(fallback)) { - printk(KERN_ERR - "Failed to allocate transformation for '%s': %ld\n", - alg, PTR_ERR(fallback)); + pr_err("Failed to allocate cbc(aes) fallback: %ld\n", + PTR_ERR(fallback)); return PTR_ERR(fallback); } - crypto_sync_skcipher_set_flags( - fallback, - crypto_skcipher_get_flags((struct crypto_skcipher *)tfm)); + crypto_skcipher_set_reqsize(tfm, sizeof(struct skcipher_request) + + crypto_skcipher_reqsize(fallback)); ctx->fallback = fallback; - return 0; } -static void p8_aes_cbc_exit(struct crypto_tfm *tfm) +static void p8_aes_cbc_exit(struct crypto_skcipher *tfm) { - struct p8_aes_cbc_ctx *ctx = crypto_tfm_ctx(tfm); + struct p8_aes_cbc_ctx *ctx = crypto_skcipher_ctx(tfm); - if (ctx->fallback) { - crypto_free_sync_skcipher(ctx->fallback); - ctx->fallback = NULL; - } + crypto_free_skcipher(ctx->fallback); } -static int p8_aes_cbc_setkey(struct crypto_tfm *tfm, const u8 *key, +static int p8_aes_cbc_setkey(struct crypto_skcipher *tfm, const u8 *key, unsigned int keylen) { + struct p8_aes_cbc_ctx *ctx = crypto_skcipher_ctx(tfm); int ret; - struct p8_aes_cbc_ctx *ctx = crypto_tfm_ctx(tfm); preempt_disable(); pagefault_disable(); @@ -75,108 +63,71 @@ static int p8_aes_cbc_setkey(struct crypto_tfm *tfm, const u8 *key, pagefault_enable(); preempt_enable(); - ret |= crypto_sync_skcipher_setkey(ctx->fallback, key, keylen); + ret |= crypto_skcipher_setkey(ctx->fallback, key, keylen); return ret ? -EINVAL : 0; } -static int p8_aes_cbc_encrypt(struct blkcipher_desc *desc, - struct scatterlist *dst, - struct scatterlist *src, unsigned int nbytes) +static int p8_aes_cbc_crypt(struct skcipher_request *req, int enc) { + struct crypto_skcipher *tfm = crypto_skcipher_reqtfm(req); + const struct p8_aes_cbc_ctx *ctx = crypto_skcipher_ctx(tfm); + struct skcipher_walk walk; + unsigned int nbytes; int ret; - struct blkcipher_walk walk; - struct p8_aes_cbc_ctx *ctx = - crypto_tfm_ctx(crypto_blkcipher_tfm(desc->tfm)); if (!crypto_simd_usable()) { - SYNC_SKCIPHER_REQUEST_ON_STACK(req, ctx->fallback); - skcipher_request_set_sync_tfm(req, ctx->fallback); - skcipher_request_set_callback(req, desc->flags, NULL, NULL); - skcipher_request_set_crypt(req, src, dst, nbytes, desc->info); - ret = crypto_skcipher_encrypt(req); - skcipher_request_zero(req); - } else { - blkcipher_walk_init(&walk, dst, src, nbytes); -