Re: [PATCH] crypto/arc4: now arc needs blockcipher support
Quoting Sebastian Andrzej Siewior sebast...@breakpoint.cc: On Wed, Jun 27, 2012 at 02:52:47PM +0800, Herbert Xu wrote: On a side note: do we pull in the blkcipher block mode for each cipher now to gain some extra performance like the openssl project? I was under the impression that is in general not worth it. You mean normal block ciphers? Does it really make that much of a difference? Yes. Jussi added block mode for RC4 instead that auto block-mode that is prefered over the automatic one that is generated otherwise. I don't know how much performance it brings but I would be supprised if it is a lot on an average CPU. With this patch in I think it is a matter of time until we get the AES-CBC and friends block mode optimized code (which should be a little faster since comparing to calling a function call for the XORâ¦) you get the idea. Sebastian I made quick tests with aes_generic, added block iterating loop into aes_encrypt() and aes_decrypt() and registered ecb(aes). Encryption 0.97x vs auto block-mode, decryption 1.03x. So I'd think, for real block ciphers, it makes no difference if looping is in ecb-module or in cipher module. ARC4 performance difference can be found in d366db605c8c4a9878589bc4a87e55f6063184ac commit log. -Jussi -- To unsubscribe from this list: send the line unsubscribe linux-crypto in the body of a message to majord...@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
Re: [PATCH] crypto/arc4: now arc needs blockcipher support
On Tue, Jun 26, 2012 at 06:13:46PM +0200, Sebastian Andrzej Siewior wrote: Since commit ce6dd368 (crypto: arc4 - improve performance by adding ecb(arc4)) we need to pull in a blkcipher. |ERROR: crypto_blkcipher_type [crypto/arc4.ko] undefined! |ERROR: blkcipher_walk_done [crypto/arc4.ko] undefined! |ERROR: blkcipher_walk_virt [crypto/arc4.ko] undefined! Signed-off-by: Sebastian Andrzej Siewior sebast...@breakpoint.cc Patch applied. Thanks! On a side note: do we pull in the blkcipher block mode for each cipher now to gain some extra performance like the openssl project? I was under the impression that is in general not worth it. You mean normal block ciphers? Does it really make that much of a difference? Cheers, -- Email: Herbert Xu herb...@gondor.apana.org.au Home Page: http://gondor.apana.org.au/~herbert/ PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt -- To unsubscribe from this list: send the line unsubscribe linux-crypto in the body of a message to majord...@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
[PATCH] crypto/arc4: now arc needs blockcipher support
Since commit ce6dd368 (crypto: arc4 - improve performance by adding ecb(arc4)) we need to pull in a blkcipher. |ERROR: crypto_blkcipher_type [crypto/arc4.ko] undefined! |ERROR: blkcipher_walk_done [crypto/arc4.ko] undefined! |ERROR: blkcipher_walk_virt [crypto/arc4.ko] undefined! Signed-off-by: Sebastian Andrzej Siewior sebast...@breakpoint.cc --- On a side note: do we pull in the blkcipher block mode for each cipher now to gain some extra performance like the openssl project? I was under the impression that is in general not worth it. crypto/Kconfig |2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/crypto/Kconfig b/crypto/Kconfig index 2c1c2df..cefbe15 100644 --- a/crypto/Kconfig +++ b/crypto/Kconfig @@ -593,7 +593,7 @@ config CRYPTO_ANUBIS config CRYPTO_ARC4 tristate ARC4 cipher algorithm - select CRYPTO_ALGAPI + select CRYPTO_BLKCIPHER help ARC4 cipher algorithm. -- 1.7.10 -- To unsubscribe from this list: send the line unsubscribe linux-crypto in the body of a message to majord...@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
Re: [PATCH] crypto/arc4: now arc needs blockcipher support
On Wed, Jun 27, 2012 at 12:13 AM, Sebastian Andrzej Siewior sebast...@breakpoint.cc wrote: Since commit ce6dd368 (crypto: arc4 - improve performance by adding ecb(arc4)) we need to pull in a blkcipher. |ERROR: crypto_blkcipher_type [crypto/arc4.ko] undefined! |ERROR: blkcipher_walk_done [crypto/arc4.ko] undefined! |ERROR: blkcipher_walk_virt [crypto/arc4.ko] undefined! Signed-off-by: Sebastian Andrzej Siewior sebast...@breakpoint.cc --- On a side note: do we pull in the blkcipher block mode for each cipher now to gain some extra performance like the openssl project? I was under the impression that is in general not worth it. Arc4 is a stream cipher, NOT a block cipher. They are completely different things, and the requirements for using them securely are different. In particular, modes like ECB apply to block ciphers not to stream ciphers. Unless these changes have been thoroughly analyzed by several people who actually know crypto, they should be immediately reverted. -- To unsubscribe from this list: send the line unsubscribe linux-crypto in the body of a message to majord...@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
Re: [PATCH] crypto/arc4: now arc needs blockcipher support
Quoting Sandy Harris sandyinch...@gmail.com: On Wed, Jun 27, 2012 at 12:13 AM, Sebastian Andrzej Siewior sebast...@breakpoint.cc wrote: Since commit ce6dd368 (crypto: arc4 - improve performance by adding ecb(arc4)) we need to pull in a blkcipher. |ERROR: crypto_blkcipher_type [crypto/arc4.ko] undefined! |ERROR: blkcipher_walk_done [crypto/arc4.ko] undefined! |ERROR: blkcipher_walk_virt [crypto/arc4.ko] undefined! Signed-off-by: Sebastian Andrzej Siewior sebast...@breakpoint.cc --- On a side note: do we pull in the blkcipher block mode for each cipher now to gain some extra performance like the openssl project? I was under the impression that is in general not worth it. Arc4 is a stream cipher, NOT a block cipher. They are completely different things, and the requirements for using them securely are different. In particular, modes like ECB apply to block ciphers not to stream ciphers. Unless these changes have been thoroughly analyzed by several people who actually know crypto, they should be immediately reverted. The 'arc4' is defined as one-byte cipher (that modifies its context to remember current stream state) and ecb module is just used to make arc4 iterate throught variable length buffers. 'ecb(arc4)' is then the actual stream cipher, with confusing and wrong name. I guess now that 'ecb(arc4)' is moved to arc4 module completely, it could be renamed to 'arc4stream' and in-kernel arc4 users which to use that. -Jussi -- To unsubscribe from this list: send the line unsubscribe linux-crypto in the body of a message to majord...@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html