RIPE-MD 256 is never referenced anywhere in the kernel, and unlikely
to be depended upon by userspace via AF_ALG. So let's remove it
Signed-off-by: Ard Biesheuvel
---
crypto/Kconfig | 12 -
crypto/Makefile | 1 -
crypto/ripemd.h | 3 -
crypto/rmd256.c
Remove a set of algorithms that are never used in the kernel, and are
highly unlikely to be depended upon by user space either.
Cc: Eric Biggers
Cc: Herbert Xu
Ard Biesheuvel (5):
crypto: remove RIPE-MD 128 hash algorithm
crypto: remove RIPE-MD 256 hash algorithm
crypto: remove RIPE-MD
On Thu, 21 Jan 2021 at 10:54, Christophe Leroy
wrote:
>
>
>
> Le 21/01/2021 à 08:31, Ard Biesheuvel a écrit :
> > On Thu, 21 Jan 2021 at 06:35, Christophe Leroy
> > wrote:
> >>
> >>
> >>
> >> Le 20/01/2021 à 23:23, Ard Biesheuvel a
On Wed, 20 Jan 2021 at 20:00, Alessandrelli, Daniele
wrote:
>
> Hi Ard,
>
> Thank you very much for your valuable feedback.
>
> On Mon, 2021-01-18 at 13:09 +0100, Ard Biesheuvel wrote:
> > This is rather unusual compared with how the crypto API is typically
> > us
On Thu, 21 Jan 2021 at 06:35, Christophe Leroy
wrote:
>
>
>
> Le 20/01/2021 à 23:23, Ard Biesheuvel a écrit :
> > On Wed, 20 Jan 2021 at 19:59, Christophe Leroy
> > wrote:
> >>
> >> Talitos Security Engine AESU considers any input
> >> data siz
On Wed, 20 Jan 2021 at 19:59, Christophe Leroy
wrote:
>
> Talitos Security Engine AESU considers any input
> data size that is not a multiple of 16 bytes to be an error.
> This is not a problem in general, except for Counter mode
> that is a stream cipher and can have an input of any size.
>
> Tes
On Tue, 19 Jan 2021 at 17:01, Dave Martin wrote:
>
> On Fri, Dec 18, 2020 at 06:01:05PM +0100, Ard Biesheuvel wrote:
> > Kernel mode NEON can be used in task or softirq context, but only in
> > a non-nesting manner, i.e., softirq context is only permitted if the
> > inte
On Mon, 18 Jan 2021 at 12:55, Reshetova, Elena
wrote:
>
> > On Thu, 14 Jan 2021 at 11:25, Reshetova, Elena
> > wrote:
> > >
> > > > > On Mon, Jan 04, 2021 at 08:04:15AM +, Reshetova, Elena wrote:
> > > > > > > 2. The OCS ECC HW does not support the NIST P-192 curve. We were
> > planning
> > >
On Mon, 28 Dec 2020 at 20:11, Dey, Megha wrote:
>
> Hi Eric,
>
> On 12/21/2020 3:20 PM, Eric Biggers wrote:
> > On Fri, Dec 18, 2020 at 01:10:57PM -0800, Megha Dey wrote:
> >> Optimize crypto algorithms using VPCLMULQDQ and VAES AVX512 instructions
> >> (first implemented on Intel's Icelake client
On Sat, 16 Jan 2021 at 06:13, Dave Hansen wrote:
>
> On 1/15/21 6:04 PM, Eric Biggers wrote:
> > On Fri, Jan 15, 2021 at 04:20:44PM -0800, Dave Hansen wrote:
> >> On 1/15/21 4:14 PM, Dey, Megha wrote:
> >>> Also, I do not know of any cores that implement PCLMULQDQ and not AES-NI.
> >> That's true,
On Fri, 18 Dec 2020 at 22:07, Megha Dey wrote:
>
> This is a preparatory patch to introduce the optimized crypto algorithms
> using AVX512 instructions which would require VAES and VPLCMULQDQ support.
>
> Check for VAES and VPCLMULQDQ assembler support using AVX512 registers.
>
> Cc: x...@kernel.o
On Fri, 18 Dec 2020 at 22:08, Megha Dey wrote:
>
> Introduce the AVX512 implementation that optimizes the AESNI-GCM encode
> and decode routines using VPCLMULQDQ.
>
> The glue code in AESNI module overrides the existing AVX2 GCM mode
> encryption/decryption routines with the AX512 AES GCM mode one
On Fri, 18 Dec 2020 at 22:08, Megha Dey wrote:
>
> Introduce the "by16" implementation of the AES CTR mode using AVX512
> optimizations. "by16" means that 16 independent blocks (each block
> being 128 bits) can be ciphered simultaneously as opposed to the
> current 8 blocks.
>
> The glue code in A
can change the 'atomic' bool argument in the calls to
skcipher_walk_virt() to false as well.
Signed-off-by: Ard Biesheuvel
---
arch/x86/crypto/aesni-intel_glue.c | 73 +---
1 file changed, 32 insertions(+), 41 deletions(-)
diff --git a/arch/x86/crypto/aesni-intel_glue
which is unnecessary, and potentially
problematic for workloads that are sensitive to scheduling latency.
Let's also switch to a static call for the CTR mode asm helper, which
gets chosen once at driver init time.
Cc: Megha Dey
Cc: Eric Biggers
Cc: Herbert Xu
Ard Biesheuvel (2):
cry
Indirect calls are very expensive on x86, so use a static call to set
the system-wide AES-NI/CTR asm helper.
Signed-off-by: Ard Biesheuvel
---
arch/x86/crypto/aesni-intel_glue.c | 13 +++--
1 file changed, 7 insertions(+), 6 deletions(-)
diff --git a/arch/x86/crypto/aesni-intel_glue.c
On Fri, 18 Dec 2020 at 22:07, Megha Dey wrote:
>
> From: Kyung Min Park
>
> Update the crc_pcl function that calculates T10 Data Integrity Field
> CRC16 (CRC T10 DIF) using VPCLMULQDQ instruction. VPCLMULQDQ instruction
> with AVX-512F adds EVEX encoded 512 bit version of PCLMULQDQ instruction.
>
gt;
> Reported-by: John Donnelly
> Signed-off-by: Jason A. Donenfeld
Acked-by: Ard Biesheuvel
> ---
> lib/crypto/chacha20poly1305.c | 5 +
> 1 file changed, 5 insertions(+)
>
> diff --git a/lib/crypto/chacha20poly1305.c b/lib/crypto/chacha20poly1305.c
> index 5850f
On Thu, 14 Jan 2021 at 11:25, Reshetova, Elena
wrote:
>
> > > On Mon, Jan 04, 2021 at 08:04:15AM +, Reshetova, Elena wrote:
> > > > > 2. The OCS ECC HW does not support the NIST P-192 curve. We were
> > > > > planning
> > to
> > > > >add SW fallback for P-192 in the driver, but the Intel
: Ard Biesheuvel
---
arch/arm64/crypto/sha1-ce-glue.c | 1 +
arch/arm64/crypto/sha2-ce-glue.c | 2 ++
arch/arm64/crypto/sha3-ce-glue.c | 4
arch/arm64/crypto/sha512-ce-glue.c | 2 ++
4 files changed, 9 insertions(+)
diff --git a/arch/arm64/crypto/sha1-ce-glue.c b/arch/arm64/crypto/sha1
On Sat, 19 Dec 2020 at 03:05, Herbert Xu wrote:
>
> On Fri, Dec 18, 2020 at 06:01:01PM +0100, Ard Biesheuvel wrote:
> >
> > Questions:
> > - what did I miss or break horribly?
> > - does any of this matter for RT? AIUI, RT runs softirqs from a dedicated
> >
Horn
> Cc: Theodore Ts'o
> Reviewed-by: Andy Lutomirski
> Signed-off-by: Eric Biggers
Acked-by: Ard Biesheuvel
> ---
>
> Andrew, please consider taking this patch since the maintainer has been
> ignoring it for 4 months
> (https://lkml.kernel.org/lkml/202009160436
haCha20 anymore. Fix it to always use the standard constants.
>
> Cc: linux-crypto@vger.kernel.org
> Cc: Andy Lutomirski
> Cc: Jann Horn
> Cc: Theodore Ts'o
> Acked-by: Herbert Xu
> Signed-off-by: Eric Biggers
Acked-by: Ard Biesheuvel
> ---
>
> An
ioctl RNDRESEEDCRNG")
> Cc: sta...@vger.kernel.org
> Cc: linux-crypto@vger.kernel.org
> Cc: Andy Lutomirski
> Cc: Jann Horn
> Cc: Theodore Ts'o
> Reviewed-by: Jann Horn
> Signed-off-by: Eric Biggers
Acked-by: Ard Biesheuvel
> ---
>
> Andrew, please consider tak
esulting in an increased stack footprint of up to
232 bytes.) So instead, let's switch to the minimum SLAB alignment, which
does not take DMA constraints into account.
Note that this is a no-op for x86.
Signed-off-by: Ard Biesheuvel
---
v3: - drop skcipher_request change again - this needs
On Wed, 13 Jan 2021 at 07:27, Herbert Xu wrote:
>
> On Fri, Jan 08, 2021 at 11:49:32PM +0100, Ard Biesheuvel wrote:
> >
> > The assumption is that ARCH_SLAB_MINALIGN should be sufficient for any
> > POD type, But I guess that in order to be fully correct, the actual
>
On Mon, 11 Jan 2021 at 22:05, Eric Biggers wrote:
>
> On Mon, Jan 11, 2021 at 05:52:30PM +0100, Ard Biesheuvel wrote:
> > CRC-T10DIF is a very poor match for the crypto API:
> > - every user in the kernel calls it via a library wrapper around the
> > shash API, so al
On Mon, 11 Jan 2021 at 21:56, Peter Zijlstra wrote:
>
> On Mon, Jan 11, 2021 at 07:36:20PM +0100, Ard Biesheuvel wrote:
> > On Mon, 11 Jan 2021 at 18:27, Ard Biesheuvel wrote:
> > > On Mon, 11 Jan 2021 at 17:52, Ard Biesheuvel wrote:
>
> > > > Special request
On Mon, 11 Jan 2021 at 18:27, Ard Biesheuvel wrote:
>
> On Mon, 11 Jan 2021 at 17:52, Ard Biesheuvel wrote:
> >
> > CRC-T10DIF is a very poor match for the crypto API:
> > - every user in the kernel calls it via a library wrapper around the
> > shash API, so all c
On Mon, 11 Jan 2021 at 17:52, Ard Biesheuvel wrote:
>
> CRC-T10DIF is a very poor match for the crypto API:
> - every user in the kernel calls it via a library wrapper around the
> shash API, so all callers share a single instance of the transform
> - each architecture provides a
Get rid of the shash boilerplate, and register the accelerated ARM
version of the CRC-T10DIF algorithm with the library interface instead.
Signed-off-by: Ard Biesheuvel
---
arch/arm/crypto/crct10dif-ce-glue.c | 58
1 file changed, 11 insertions(+), 47 deletions(-)
diff
Get rid of the shash boilerplate, and register the accelerated PowerPC
version of the CRC-T10DIF algorithm with the library interface instead.
Signed-off-by: Ard Biesheuvel
---
arch/powerpc/crypto/crct10dif-vpmsum_glue.c | 51 ++--
1 file changed, 4 insertions(+), 47 deletions
Get rid of the shash boilerplate, and register the accelerated arm64
version of the CRC-T10DIF algorithm with the library interface instead.
Signed-off-by: Ard Biesheuvel
---
arch/arm64/crypto/crct10dif-ce-glue.c | 85
1 file changed, 15 insertions(+), 70 deletions(-)
diff
Wire up the new static call facility to the CRC-T10DIF library code, so
that optimized implementations can be swapped in easily, without having
to rely on the complexity of the crypto API shash infrastructure.
Signed-off-by: Ard Biesheuvel
---
include/linux/crc-t10dif.h | 21 --
lib
modules in question are autoloaded via CPU feature matching, but
let's use a module soft-dependency as well to trigger a load of such
modules if they exist on the system.
Signed-off-by: Ard Biesheuvel
---
crypto/crct10dif_generic.c | 100 ++--
1 file changed, 72 insertions(+
Get rid of the shash boilerplate, and register the accelerated x86
version of the CRC-T10DIF algorithm with the library interface instead.
Signed-off-by: Ard Biesheuvel
---
arch/x86/crypto/crct10dif-pclmul_glue.c | 90 +++-
1 file changed, 10 insertions(+), 80 deletions(-)
diff
register and unregister optimized implementations.
Signed-off-by: Ard Biesheuvel
---
arch/arm/crypto/Kconfig | 2 +-
arch/arm64/crypto/Kconfig | 3 +-
crypto/Kconfig| 7 +-
crypto/Makefile | 2 +-
crypto/crct10dif_common.c | 82
lib/Kconfig
r Zijlstra
Ard Biesheuvel (7):
crypto: crc-t10dif - turn library wrapper for shash into generic
library
crypto: lib/crc-t10dif - add static call support for optimized
versions
crypto: generic/crc-t10dif - expose both arch and generic shashes
crypto: x86/crc-t10dif - convert to s
On Fri, 8 Jan 2021 at 22:16, Eric Biggers wrote:
>
> On Fri, Jan 08, 2021 at 06:17:06PM +0100, Ard Biesheuvel wrote:
> > diff --git a/include/crypto/skcipher.h b/include/crypto/skcipher.h
> > index 6a733b171a5d..aa133dc3bf39 100644
> > --- a/include/crypto/skcipher.h
, document the DMA aspect of this in the comment that explains the
purpose of CRYPTO_MINALIGN_ATTR.
Note that this is a no-op for x86.
Signed-off-by: Ard Biesheuvel
---
v2: - reduce alignment for SYNC_SKCIPHER_REQUEST_ON_STACK as well
- update CRYPTO_MINALIGN_ATTR comment with DMA requi
On Fri, 8 Jan 2021 at 11:59, Arnd Bergmann wrote:
>
> On Fri, Jan 8, 2021 at 11:44 AM Herbert Xu
> wrote:
> >
> > On Fri, Jan 08, 2021 at 11:42:53AM +0100, Arnd Bergmann wrote:
> > >
> > > How does this work for kernels with CONFIG_VMAP_STACK?
> > > I remember some other subsystems (usb, hid) ad
On Fri, 8 Jan 2021 at 10:23, Herbert Xu wrote:
>
> On Fri, Jan 08, 2021 at 09:36:23AM +0100, Ard Biesheuvel wrote:
> >
> > scatterlists, and I don't think we permit pointing the scatterlist
> > into request structures)
>
> Not only do we allow that, we do tha
On Thu, 7 Jan 2021 at 20:02, Eric Biggers wrote:
>
> On Thu, Jan 07, 2021 at 01:41:28PM +0100, Ard Biesheuvel wrote:
> > Unlike many other structure types defined in the crypto API, the
> > 'shash_desc' structure is permitted to live on the stack, which
> &g
esulting in an increased stack footprint of up to
232 bytes.) So instead, let's switch to the minimum SLAB alignment, which
does not take DMA constraints into account.
Note that this is a no-op for x86.
Signed-off-by: Ard Biesheuvel
---
include/crypto/hash.h | 8
1 file changed, 4
All dependencies on the x86 glue helper module have been replaced by
local instantiations of the new ECB/CBC preprocessor helper macros, so
the glue helper module can be retired.
Acked-by: Eric Biggers
Signed-off-by: Ard Biesheuvel
---
arch/x86/crypto/Makefile | 2 -
arch
Now that the XTS template can wrap accelerated ECB modes, it can be
used to implement CAST6 in XTS mode as well, which turns out to
be at least as fast, and sometimes even faster
Acked-by: Eric Biggers
Signed-off-by: Ard Biesheuvel
---
arch/x86/crypto/cast6-avx-x86_64-asm_64.S | 56
Now that the XTS template can wrap accelerated ECB modes, it can be
used to implement Camellia in XTS mode as well, which turns out to
be at least as fast, and sometimes even faster.
Acked-by: Eric Biggers
Signed-off-by: Ard Biesheuvel
---
arch/x86/crypto/camellia-aesni-avx-asm_64.S | 181
Replace the glue helper dependency with implementations of ECB and CBC
based on the new CPP macros, which avoid the need for indirect calls.
Acked-by: Eric Biggers
Signed-off-by: Ard Biesheuvel
---
arch/x86/crypto/serpent_avx2_glue.c | 73 +-
arch/x86/crypto/serpent_avx_glue.c
Replace the glue helper dependency with implementations of ECB and CBC
based on the new CPP macros, which avoid the need for indirect calls.
Acked-by: Eric Biggers
Signed-off-by: Ard Biesheuvel
---
arch/x86/crypto/cast5_avx_glue.c | 184 ++--
1 file changed, 17 insertions
Replace the glue helper dependency with implementations of ECB and CBC
based on the new CPP macros, which avoid the need for indirect calls.
Acked-by: Eric Biggers
Signed-off-by: Ard Biesheuvel
---
arch/x86/crypto/twofish_avx_glue.c | 73 +-
arch/x86/crypto/twofish_glue_3way.c
use local #includes instead.
Acked-by: Eric Biggers
Signed-off-by: Ard Biesheuvel
---
arch/x86/{include/asm => }/crypto/camellia.h | 0
arch/x86/crypto/camellia_aesni_avx2_glue.c | 2 +-
arch/x86/crypto/camellia_aesni_avx_glue.c| 2 +-
arch/x86/crypto/camellia_glu
Replace the glue helper dependency with implementations of ECB and CBC
based on the new CPP macros, which avoid the need for indirect calls.
Acked-by: Eric Biggers
Signed-off-by: Ard Biesheuvel
---
arch/x86/crypto/camellia_aesni_avx2_glue.c | 85 ++--
arch/x86/crypto
Replace the glue helper dependency with implementations of ECB and CBC
based on the new CPP macros, which avoid the need for indirect calls.
Acked-by: Eric Biggers
Signed-off-by: Ard Biesheuvel
---
arch/x86/crypto/cast6_avx_glue.c | 61 ++--
crypto/Kconfig
Blowfish in counter mode is never used in the kernel, so there
is no point in keeping an accelerated implementation around.
Acked-by: Eric Biggers
Signed-off-by: Ard Biesheuvel
---
arch/x86/crypto/blowfish_glue.c | 107
crypto/Kconfig | 1 +
2 files
essing, so we can wire
them up for existing users of the glue helper module, i.e., Camellia,
Serpent, Twofish and CAST6.
Acked-by: Eric Biggers
Signed-off-by: Ard Biesheuvel
---
arch/x86/crypto/ecb_cbc_helpers.h | 76
1 file changed, 76 insertions(+)
diff --git a/arch/
The glue helper's CTR routines are no longer used, so drop them.
Acked-by: Eric Biggers
Signed-off-by: Ard Biesheuvel
---
arch/x86/crypto/glue_helper-asm-avx.S | 45
arch/x86/crypto/glue_helper-asm-avx2.S| 58
arch/x86/crypto/glue_helper.c
DES or Triple DES in counter mode is never used in the kernel, so there
is no point in keeping an accelerated implementation around.
Acked-by: Eric Biggers
Signed-off-by: Ard Biesheuvel
---
arch/x86/crypto/des3_ede_glue.c | 104
crypto/Kconfig | 1 +
2
Twofish in CTR mode is never used by the kernel directly, and is highly
unlikely to be relied upon by dm-crypt or algif_skcipher. So let's drop
the accelerated CTR mode implementation, and instead, rely on the CTR
template and the bare cipher.
Acked-by: Eric Biggers
Signed-off-by: Ard Biesh
Serpent in CTR mode is never used by the kernel directly, and is highly
unlikely to be relied upon by dm-crypt or algif_skcipher. So let's drop
the accelerated CTR mode implementation, and instead, rely on the CTR
template and the bare cipher.
Acked-by: Eric Biggers
Signed-off-by: Ard Biesh
CAST6 in CTR mode is never used by the kernel directly, and is highly
unlikely to be relied upon by dm-crypt or algif_skcipher. So let's drop
the accelerated CTR mode implementation, and instead, rely on the CTR
template and the bare cipher.
Acked-by: Eric Biggers
Signed-off-by: Ard Biesh
Camellia in CTR mode is never used by the kernel directly, and is highly
unlikely to be relied upon by dm-crypt or algif_skcipher. So let's drop
the accelerated CTR mode implementation, and instead, rely on the CTR
template and the bare cipher.
Acked-by: Eric Biggers
Signed-off-by
CAST5 in CTR mode is never used by the kernel directly, and is highly
unlikely to be relied upon by dm-crypt or algif_skcipher. So let's drop
the accelerated CTR mode implementation, and instead, rely on the CTR
template and the bare cipher.
Acked-by: Eric Biggers
Signed-off-by: Ard Biesh
The glue helper's XTS routines are no longer used, so drop them.
Acked-by: Eric Biggers
Signed-off-by: Ard Biesheuvel
---
arch/x86/crypto/glue_helper-asm-avx.S | 59
arch/x86/crypto/glue_helper-asm-avx2.S| 78 --
arch/x86/crypto/glue_helper.c
Now that the XTS template can wrap accelerated ECB modes, it can be
used to implement Twofish in XTS mode as well, which turns out to
be at least as fast, and sometimes even faster
Acked-by: Eric Biggers
Signed-off-by: Ard Biesheuvel
---
arch/x86/crypto/twofish-avx-x86_64-asm_64.S | 53
Now that the XTS template can wrap accelerated ECB modes, it can be
used to implement Serpent in XTS mode as well, which turns out to
be at least as fast, and sometimes even faster
Acked-by: Eric Biggers
Signed-off-by: Ard Biesheuvel
---
arch/x86/crypto/serpent-avx-x86_64-asm_64.S | 48
ary memcpy() in camellia_decrypt_cbc_2way()
- add Eric's ack
Changes since RFC:
- add Eric's ack to the initial XTS and CTR patches
- add patches to convert ECB and CBC modes
- add patches to remove DES and Blowfish in CTR mode
Cc: Megha Dey
Cc: Eric Biggers
Cc: Herbert Xu
Cc: Milan Broz
Cc: Mike
the
implementation based on the input size on cores that support AVX and AVX2,
use static branches instead of static calls.
Signed-off-by: Ard Biesheuvel
---
arch/x86/crypto/aesni-intel_glue.c | 98 +++-
1 file changed, 54 insertions(+), 44 deletions(-)
diff --git a/arch/x86
which always do one or the other.
Signed-off-by: Ard Biesheuvel
---
arch/x86/crypto/aesni-intel_glue.c | 139
1 file changed, 56 insertions(+), 83 deletions(-)
diff --git a/arch/x86/crypto/aesni-intel_glue.c
b/arch/x86/crypto/aesni-intel_glue.c
index 26b012065701..d0b4fa7
Drop some prototypes that are declared but never called.
Signed-off-by: Ard Biesheuvel
---
arch/x86/crypto/aesni-intel_glue.c | 67
1 file changed, 67 deletions(-)
diff --git a/arch/x86/crypto/aesni-intel_glue.c
b/arch/x86/crypto/aesni-intel_glue.c
index 880f9f8b5153
The gcm(aes-ni) driver is only built for x86_64, which does not make
use of highmem. So testing for PageHighMem is pointless and can be
omitted.
While at it, replace GFP_ATOMIC with the appropriate runtime decided
value based on the context.
Signed-off-by: Ard Biesheuvel
---
arch/x86/crypto
stack realignment sequence that is needed, and so the
alignment is not guaranteed to be more than 8 bytes.
So instead, allocate some padding on the stack, and realign the IV
pointer by hand.
Cc:
Signed-off-by: Ard Biesheuvel
---
arch/x86/crypto/aesni-intel_glue.c | 28 +++-
1 file
Clean up some issues and peculiarities in the gcm(aes-ni) driver.
Changes since v1:
- fix sleep while atomic issue reported by Eric
- add patch to get rid of indirect calls, to avoid taking the retpoline
performance hit
Cc: Megha Dey
Cc: Eric Biggers
Cc: Herbert Xu
Ard Biesheuvel (5
On Mon, 4 Jan 2021 at 16:13, Marco Chiappero wrote:
>
> Use CRYPTO_LIB_AES in place of CRYPTO_AES in the dependences for the QAT
> common code.
>
> Fixes: c0e583ab2016 ("crypto: qat - add CRYPTO_AES to Kconfig dependencies")
> Reported-by: Ard Biesheuvel
> Signed-
is now in the
cryptodev tree
I will try to remember to use --base next time.
> url:
> https://github.com/0day-ci/linux/commits/Ard-Biesheuvel/crypto-x86-aes-ni-xts-recover-and-improve-performance/20210101-004902
> base:
> https://git.kernel.org/pub/scm/linux/kernel/g
result of
intentional tampering.
So check params.key_size explicitly against the size of the target buffer
before validating the key further.
Fixes: 17858b140bf4 ("crypto: ecdh - avoid unaligned accesses in
ecdh_set_secret()")
Reported-by: Pavel Machek
Cc:
Signed-off-by: Ard Biesheuvel
--
Now that the XTS template can wrap accelerated ECB modes, it can be
used to implement Serpent in XTS mode as well, which turns out to
be at least as fast, and sometimes even faster
Acked-by: Eric Biggers
Signed-off-by: Ard Biesheuvel
---
arch/x86/crypto/serpent-avx-x86_64-asm_64.S | 48
All dependencies on the x86 glue helper module have been replaced by
local instantiations of the new ECB/CBC preprocessor helper macros, so
the glue helper module can be retired.
Signed-off-by: Ard Biesheuvel
---
arch/x86/crypto/Makefile | 2 -
arch/x86/crypto/glue_helper.c
Replace the glue helper dependency with implementations of ECB and CBC
based on the new CPP macros, which avoid the need for indirect calls.
Signed-off-by: Ard Biesheuvel
---
arch/x86/crypto/serpent_avx2_glue.c | 73 +-
arch/x86/crypto/serpent_avx_glue.c | 61
Replace the glue helper dependency with implementations of ECB and CBC
based on the new CPP macros, which avoid the need for indirect calls.
Signed-off-by: Ard Biesheuvel
---
arch/x86/crypto/cast6_avx_glue.c | 61 ++--
crypto/Kconfig | 1 -
2 files changed, 17
Now that the XTS template can wrap accelerated ECB modes, it can be
used to implement CAST6 in XTS mode as well, which turns out to
be at least as fast, and sometimes even faster
Acked-by: Eric Biggers
Signed-off-by: Ard Biesheuvel
---
arch/x86/crypto/cast6-avx-x86_64-asm_64.S | 56
use local #includes instead.
Signed-off-by: Ard Biesheuvel
---
arch/x86/{include/asm => }/crypto/camellia.h | 0
arch/x86/crypto/camellia_aesni_avx2_glue.c | 2 +-
arch/x86/crypto/camellia_aesni_avx_glue.c| 2 +-
arch/x86/crypto/camellia_glue.c | 2 +-
arch/
Replace the glue helper dependency with implementations of ECB and CBC
based on the new CPP macros, which avoid the need for indirect calls.
Signed-off-by: Ard Biesheuvel
---
arch/x86/crypto/cast5_avx_glue.c | 184 ++--
1 file changed, 17 insertions(+), 167 deletions(-)
diff
Replace the glue helper dependency with implementations of ECB and CBC
based on the new CPP macros, which avoid the need for indirect calls.
Signed-off-by: Ard Biesheuvel
---
arch/x86/crypto/twofish_avx_glue.c | 73 +-
arch/x86/crypto/twofish_glue_3way.c | 80
tatic inline helper routines
modeled after the existing ones. So instead, let's create some CPP macros
that encapsulate the core of the ECB and CBC processing, so we can wire
them up for existing users of the glue helper module, i.e., Camellia,
Serpent, Twofish and CAST6.
Signed-off-by: Ard
Replace the glue helper dependency with implementations of ECB and CBC
based on the new CPP macros, which avoid the need for indirect calls.
Signed-off-by: Ard Biesheuvel
---
arch/x86/crypto/camellia_aesni_avx2_glue.c | 85 ++--
arch/x86/crypto/camellia_aesni_avx_glue.c | 73
The glue helper's CTR routines are no longer used, so drop them.
Acked-by: Eric Biggers
Signed-off-by: Ard Biesheuvel
---
arch/x86/crypto/glue_helper-asm-avx.S | 45
arch/x86/crypto/glue_helper-asm-avx2.S| 58
arch/x86/crypto/glue_helper.c
Blowfish in counter mode is never used in the kernel, so there
is no point in keeping an accelerated implementation around.
Signed-off-by: Ard Biesheuvel
---
arch/x86/crypto/blowfish_glue.c | 107
crypto/Kconfig | 1 +
2 files changed, 1 insertion(+), 107
Twofish in CTR mode is never used by the kernel directly, and is highly
unlikely to be relied upon by dm-crypt or algif_skcipher. So let's drop
the accelerated CTR mode implementation, and instead, rely on the CTR
template and the bare cipher.
Acked-by: Eric Biggers
Signed-off-by: Ard Biesh
DES or Triple DES in counter mode is never used in the kernel, so there
is no point in keeping an accelerated implementation around.
Signed-off-by: Ard Biesheuvel
---
arch/x86/crypto/des3_ede_glue.c | 104
crypto/Kconfig | 1 +
2 files changed, 1
Serpent in CTR mode is never used by the kernel directly, and is highly
unlikely to be relied upon by dm-crypt or algif_skcipher. So let's drop
the accelerated CTR mode implementation, and instead, rely on the CTR
template and the bare cipher.
Acked-by: Eric Biggers
Signed-off-by: Ard Biesh
CAST6 in CTR mode is never used by the kernel directly, and is highly
unlikely to be relied upon by dm-crypt or algif_skcipher. So let's drop
the accelerated CTR mode implementation, and instead, rely on the CTR
template and the bare cipher.
Acked-by: Eric Biggers
Signed-off-by: Ard Biesh
CAST5 in CTR mode is never used by the kernel directly, and is highly
unlikely to be relied upon by dm-crypt or algif_skcipher. So let's drop
the accelerated CTR mode implementation, and instead, rely on the CTR
template and the bare cipher.
Signed-off-by: Ard Biesheuvel
---
arch/x86/c
The glue helper's XTS routines are no longer used, so drop them.
Acked-by: Eric Biggers
Signed-off-by: Ard Biesheuvel
---
arch/x86/crypto/glue_helper-asm-avx.S | 59
arch/x86/crypto/glue_helper-asm-avx2.S| 78 --
arch/x86/crypto/glue_helper.c
Camellia in CTR mode is never used by the kernel directly, and is highly
unlikely to be relied upon by dm-crypt or algif_skcipher. So let's drop
the accelerated CTR mode implementation, and instead, rely on the CTR
template and the bare cipher.
Acked-by: Eric Biggers
Signed-off-by
Now that the XTS template can wrap accelerated ECB modes, it can be
used to implement Camellia in XTS mode as well, which turns out to
be at least as fast, and sometimes even faster.
Acked-by: Eric Biggers
Signed-off-by: Ard Biesheuvel
---
arch/x86/crypto/camellia-aesni-avx-asm_64.S | 181
des
- add patches to remove DES and Blowfish in CTR mode
Cc: Megha Dey
Cc: Eric Biggers
Cc: Herbert Xu
Cc: Milan Broz
Cc: Mike Snitzer
Ard Biesheuvel (21):
crypto: x86/camellia - switch to XTS template
crypto: x86/cast6 - switch to XTS template
crypto: x86/serpent- switch to XTS template
Now that the XTS template can wrap accelerated ECB modes, it can be
used to implement Twofish in XTS mode as well, which turns out to
be at least as fast, and sometimes even faster
Acked-by: Eric Biggers
Signed-off-by: Ard Biesheuvel
---
arch/x86/crypto/twofish-avx-x86_64-asm_64.S | 53
ic Biggers # x86_64
Signed-off-by: Ard Biesheuvel
---
arch/x86/crypto/aesni-intel_asm.S | 280
arch/x86/crypto/aesni-intel_glue.c | 220 ---
crypto/Kconfig | 1 -
3 files changed, 356 insertions(+), 145 deletions(-)
diff --git a/arch/x86/cr
fd3f ("x86/retpoline/crypto: Convert crypto assembler indirect
jumps")
Tested-by: Eric Biggers # x86_64
Signed-off-by: Ard Biesheuvel
---
arch/x86/crypto/aesni-intel_asm.S | 115
arch/x86/crypto/aesni-intel_glue.c | 25 +++--
2 files changed, 84 insertions(+), 56 deleti
] https://lore.kernel.org/linux-crypto/20201207233402.17472-1-a...@kernel.org/
Cc: Megha Dey
Cc: Eric Biggers
Cc: Herbert Xu
Cc: Uros Bizjak
Ard Biesheuvel (2):
crypto: x86/aes-ni-xts - use direct calls to and 4-way stride
crypto: x86/aes-ni-xts - rewrite and drop indirections via glue helpe
101 - 200 of 2556 matches
Mail list logo