RE: Request for Comments about Chained-IV feature in Linux crypto framework

[Yu, Wenqian]

Thanks for the information, Herbert.  Let me check see the detail of explicit 
IV generators.

Thanks,
- Wenqian

-Original Message-
From: linux-crypto-ow...@vger.kernel.org 
[mailto:linux-crypto-ow...@vger.kernel.org] On Behalf Of Herbert Xu
Sent: Thursday, August 3, 2017 12:00 PM
To: Yu, Wenqian <wenqian...@intel.com>
Cc: linux-crypto@vger.kernel.org; dm-de...@redhat.com; m-cr...@saout.de; Milan 
Broz <gmazyl...@gmail.com>; Keating, Brian A <brian.a.keat...@intel.com>; Will, 
Brian <brian.w...@intel.com>; Li, Weigang <weigang...@intel.com>; Cabiddu, 
Giovanni <giovanni.cabi...@intel.com>
Subject: Re: Request for Comments about Chained-IV feature in Linux crypto 
framework

On Thu, Aug 03, 2017 at 01:12:32AM +, Yu, Wenqian wrote:
> Hi, Herbert and all,
> 
> For saving the offload cost of symmetric cipher to hardware accelerator, we 
> have a proposal (chained-IV) to batch multiple SG with different IV into one 
> skcipher request, which also benefits SW implementation. The existing 
> skcipher with SG list in crypto framework is treating all SG in the SG list 
> as one single buffer to symmetric crypto operation with same IV.  In some use 
> case the IV for each SG is different (e.g. dm-crypt, the IV for each sector 
> is different). Could you please give quick comments on the below proposal 
> before implementation?

We've had this discussion already.  The current plan is to use explicit IV 
generators, as seen here

https://patchwork.kernel.org/patch/9803473/

So please help review the existing patches and if there are any inadequacies, 
please comment.

Thanks.
--
Email: Herbert Xu <herb...@gondor.apana.org.au> Home Page: 
http://gondor.apana.org.au/~herbert/
PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt

Re: Request for Comments about Chained-IV feature in Linux crypto framework

[Herbert Xu]

On Thu, Aug 03, 2017 at 01:12:32AM +, Yu, Wenqian wrote:
> Hi, Herbert and all,
> 
> For saving the offload cost of symmetric cipher to hardware accelerator, we 
> have a proposal (chained-IV) to batch multiple SG with different IV into one 
> skcipher request, which also benefits SW implementation. The existing 
> skcipher with SG list in crypto framework is treating all SG in the SG list 
> as one single buffer to symmetric crypto operation with same IV.  In some use 
> case the IV for each SG is different (e.g. dm-crypt, the IV for each sector 
> is different). Could you please give quick comments on the below proposal 
> before implementation?

We've had this discussion already.  The current plan is to use
explicit IV generators, as seen here

https://patchwork.kernel.org/patch/9803473/

So please help review the existing patches and if there are any
inadequacies, please comment.

Thanks.
-- 
Email: Herbert Xu 
Home Page: http://gondor.apana.org.au/~herbert/
PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt

RE: Request for Comments about Chained-IV feature in Linux crypto framework

[Yu, Wenqian]

Format it to plaintext and resend it as HTML subpart is treated as SPAM or 
Outlook Virus by the system.

Thanks,
- Wenqian


From: Yu, Wenqian 
Sent: Thursday, August 3, 2017 9:13 AM
To: linux-crypto@vger.kernel.org
Cc: herb...@gondor.apana.org.au; dm-de...@redhat.com; m-cr...@saout.de; Milan 
Broz ; Keating, Brian A ; Will, 
Brian ; Li, Weigang ; Cabiddu, 
Giovanni ; Yu, Wenqian 
Subject: Request for Comments about Chained-IV feature in Linux crypto framework

Hi, Herbert and all,

For saving the offload cost of symmetric cipher to hardware accelerator, we 
have a proposal (chained-IV) to batch multiple SG with different IV into one 
skcipher request, which also benefits SW implementation. The existing skcipher 
with SG list in crypto framework is treating all SG in the SG list as one 
single buffer to symmetric crypto operation with same IV.  In some use case the 
IV for each SG is different (e.g. dm-crypt, the IV for each sector is 
different). Could you please give quick comments on the below proposal before 
implementation?

1) Add a new flag CRYPTO_TFM_REQ_CHAINED_IV for chained IV request.

2) Reuse the existing iv in skcipher_request structure to include all the IVs 
for each different sg with agreement that the first block size length data of 
IV is for the data in first sg and so on. Same as aead_request.
struct skcipher_request {
    unsigned int cryptlen;
    u8 *iv;

    struct scatterlist *src;
    struct scatterlist *dst;

    struct crypto_async_request base;

    void *__ctx[] CRYPTO_MINALIGN_ATTR;
};

3) No API change but implementation change required inside of skcipher API to 
handle chained-IV support and API should inforce the same number of IV elements 
as that of SG elements.

Thanks,
- Wenqian