Re: [PATCH] crypto: vmx - convert to skcipher API
On Mon, May 20, 2019 at 09:44:48AM -0700, Eric Biggers wrote: > From: Eric Biggers > > Convert the VMX implementations of AES-CBC, AES-CTR, and AES-XTS from > the deprecated "blkcipher" API to the "skcipher" API. > > As part of this, I moved the skcipher_request for the fallback algorithm > off the stack and into the request context of the parent algorithm. > > I tested this in a PowerPC VM with CONFIG_CRYPTO_MANAGER_EXTRA_TESTS=y. > > Signed-off-by: Eric Biggers > --- > drivers/crypto/vmx/aes_cbc.c | 183 - > drivers/crypto/vmx/aes_ctr.c | 165 + > drivers/crypto/vmx/aes_xts.c | 175 ++- > drivers/crypto/vmx/aesp8-ppc.h | 2 - > drivers/crypto/vmx/vmx.c | 72 +++-- > 5 files changed, 252 insertions(+), 345 deletions(-) Patch applied. Thanks. -- Email: Herbert Xu Home Page: http://gondor.apana.org.au/~herbert/ PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt
Re: [PATCH] crypto: vmx - convert to skcipher API
Eric Biggers writes:
> From: Eric Biggers
>
> Convert the VMX implementations of AES-CBC, AES-CTR, and AES-XTS from
> the deprecated "blkcipher" API to the "skcipher" API.
>
> As part of this, I moved the skcipher_request for the fallback algorithm
> off the stack and into the request context of the parent algorithm.
>
> I tested this in a PowerPC VM with CONFIG_CRYPTO_MANAGER_EXTRA_TESTS=y.
I booted it a few times on a Power9 bare metal machine with
panic_on_fail=1 and fuzz_iterations=400, no issues.
Tested-by: Michael Ellerman
cheers
> Signed-off-by: Eric Biggers
> ---
> drivers/crypto/vmx/aes_cbc.c | 183 -
> drivers/crypto/vmx/aes_ctr.c | 165 +
> drivers/crypto/vmx/aes_xts.c | 175 ++-
> drivers/crypto/vmx/aesp8-ppc.h | 2 -
> drivers/crypto/vmx/vmx.c | 72 +++--
> 5 files changed, 252 insertions(+), 345 deletions(-)
>
> diff --git a/drivers/crypto/vmx/aes_cbc.c b/drivers/crypto/vmx/aes_cbc.c
> index dae8af3c46dce..92e75a05d6a9e 100644
> --- a/drivers/crypto/vmx/aes_cbc.c
> +++ b/drivers/crypto/vmx/aes_cbc.c
> @@ -7,64 +7,52 @@
> * Author: Marcelo Henrique Cerri
> */
>
> -#include
> -#include
> -#include
> -#include
> #include
> #include
> #include
> #include
> -#include
> -#include
> +#include
>
> #include "aesp8-ppc.h"
>
> struct p8_aes_cbc_ctx {
> - struct crypto_sync_skcipher *fallback;
> + struct crypto_skcipher *fallback;
> struct aes_key enc_key;
> struct aes_key dec_key;
> };
>
> -static int p8_aes_cbc_init(struct crypto_tfm *tfm)
> +static int p8_aes_cbc_init(struct crypto_skcipher *tfm)
> {
> - const char *alg = crypto_tfm_alg_name(tfm);
> - struct crypto_sync_skcipher *fallback;
> - struct p8_aes_cbc_ctx *ctx = crypto_tfm_ctx(tfm);
> -
> - fallback = crypto_alloc_sync_skcipher(alg, 0,
> - CRYPTO_ALG_NEED_FALLBACK);
> + struct p8_aes_cbc_ctx *ctx = crypto_skcipher_ctx(tfm);
> + struct crypto_skcipher *fallback;
>
> + fallback = crypto_alloc_skcipher("cbc(aes)", 0,
> + CRYPTO_ALG_NEED_FALLBACK |
> + CRYPTO_ALG_ASYNC);
> if (IS_ERR(fallback)) {
> - printk(KERN_ERR
> -"Failed to allocate transformation for '%s': %ld\n",
> -alg, PTR_ERR(fallback));
> + pr_err("Failed to allocate cbc(aes) fallback: %ld\n",
> +PTR_ERR(fallback));
> return PTR_ERR(fallback);
> }
>
> - crypto_sync_skcipher_set_flags(
> - fallback,
> - crypto_skcipher_get_flags((struct crypto_skcipher *)tfm));
> + crypto_skcipher_set_reqsize(tfm, sizeof(struct skcipher_request) +
> + crypto_skcipher_reqsize(fallback));
> ctx->fallback = fallback;
> -
> return 0;
> }
>
> -static void p8_aes_cbc_exit(struct crypto_tfm *tfm)
> +static void p8_aes_cbc_exit(struct crypto_skcipher *tfm)
> {
> - struct p8_aes_cbc_ctx *ctx = crypto_tfm_ctx(tfm);
> + struct p8_aes_cbc_ctx *ctx = crypto_skcipher_ctx(tfm);
>
> - if (ctx->fallback) {
> - crypto_free_sync_skcipher(ctx->fallback);
> - ctx->fallback = NULL;
> - }
> + crypto_free_skcipher(ctx->fallback);
> }
>
> -static int p8_aes_cbc_setkey(struct crypto_tfm *tfm, const u8 *key,
> +static int p8_aes_cbc_setkey(struct crypto_skcipher *tfm, const u8 *key,
>unsigned int keylen)
> {
> + struct p8_aes_cbc_ctx *ctx = crypto_skcipher_ctx(tfm);
> int ret;
> - struct p8_aes_cbc_ctx *ctx = crypto_tfm_ctx(tfm);
>
> preempt_disable();
> pagefault_disable();
> @@ -75,108 +63,71 @@ static int p8_aes_cbc_setkey(struct crypto_tfm *tfm,
> const u8 *key,
> pagefault_enable();
> preempt_enable();
>
> - ret |= crypto_sync_skcipher_setkey(ctx->fallback, key, keylen);
> + ret |= crypto_skcipher_setkey(ctx->fallback, key, keylen);
>
> return ret ? -EINVAL : 0;
> }
>
> -static int p8_aes_cbc_encrypt(struct blkcipher_desc *desc,
> - struct scatterlist *dst,
> - struct scatterlist *src, unsigned int nbytes)
> +static int p8_aes_cbc_crypt(struct skcipher_request *req, int enc)
> {
> + struct crypto_skcipher *tfm = crypto_skcipher_reqtfm(req);
> + const struct p8_aes_cbc_ctx *ctx = crypto_skcipher_ctx(tfm);
> + struct skcipher_walk walk;
> + unsigned int nbytes;
> int ret;
> - struct blkcipher_walk walk;
> - struct p8_aes_cbc_ctx *ctx =
> - crypto_tfm_ctx(crypto_blkcipher_tfm(desc->tfm));
>
> if (!crypto_simd_usable()) {
> - SYNC_SKCIPHER_REQUEST_ON_STACK(req, ctx->fallback);
> - skcipher_request_set_sync_tfm(req, ctx->fallback);
> -
[PATCH] crypto: vmx - convert to skcipher API
From: Eric Biggers
Convert the VMX implementations of AES-CBC, AES-CTR, and AES-XTS from
the deprecated "blkcipher" API to the "skcipher" API.
As part of this, I moved the skcipher_request for the fallback algorithm
off the stack and into the request context of the parent algorithm.
I tested this in a PowerPC VM with CONFIG_CRYPTO_MANAGER_EXTRA_TESTS=y.
Signed-off-by: Eric Biggers
---
drivers/crypto/vmx/aes_cbc.c | 183 -
drivers/crypto/vmx/aes_ctr.c | 165 +
drivers/crypto/vmx/aes_xts.c | 175 ++-
drivers/crypto/vmx/aesp8-ppc.h | 2 -
drivers/crypto/vmx/vmx.c | 72 +++--
5 files changed, 252 insertions(+), 345 deletions(-)
diff --git a/drivers/crypto/vmx/aes_cbc.c b/drivers/crypto/vmx/aes_cbc.c
index dae8af3c46dce..92e75a05d6a9e 100644
--- a/drivers/crypto/vmx/aes_cbc.c
+++ b/drivers/crypto/vmx/aes_cbc.c
@@ -7,64 +7,52 @@
* Author: Marcelo Henrique Cerri
*/
-#include
-#include
-#include
-#include
#include
#include
#include
#include
-#include
-#include
+#include
#include "aesp8-ppc.h"
struct p8_aes_cbc_ctx {
- struct crypto_sync_skcipher *fallback;
+ struct crypto_skcipher *fallback;
struct aes_key enc_key;
struct aes_key dec_key;
};
-static int p8_aes_cbc_init(struct crypto_tfm *tfm)
+static int p8_aes_cbc_init(struct crypto_skcipher *tfm)
{
- const char *alg = crypto_tfm_alg_name(tfm);
- struct crypto_sync_skcipher *fallback;
- struct p8_aes_cbc_ctx *ctx = crypto_tfm_ctx(tfm);
-
- fallback = crypto_alloc_sync_skcipher(alg, 0,
- CRYPTO_ALG_NEED_FALLBACK);
+ struct p8_aes_cbc_ctx *ctx = crypto_skcipher_ctx(tfm);
+ struct crypto_skcipher *fallback;
+ fallback = crypto_alloc_skcipher("cbc(aes)", 0,
+CRYPTO_ALG_NEED_FALLBACK |
+CRYPTO_ALG_ASYNC);
if (IS_ERR(fallback)) {
- printk(KERN_ERR
- "Failed to allocate transformation for '%s': %ld\n",
- alg, PTR_ERR(fallback));
+ pr_err("Failed to allocate cbc(aes) fallback: %ld\n",
+ PTR_ERR(fallback));
return PTR_ERR(fallback);
}
- crypto_sync_skcipher_set_flags(
- fallback,
- crypto_skcipher_get_flags((struct crypto_skcipher *)tfm));
+ crypto_skcipher_set_reqsize(tfm, sizeof(struct skcipher_request) +
+ crypto_skcipher_reqsize(fallback));
ctx->fallback = fallback;
-
return 0;
}
-static void p8_aes_cbc_exit(struct crypto_tfm *tfm)
+static void p8_aes_cbc_exit(struct crypto_skcipher *tfm)
{
- struct p8_aes_cbc_ctx *ctx = crypto_tfm_ctx(tfm);
+ struct p8_aes_cbc_ctx *ctx = crypto_skcipher_ctx(tfm);
- if (ctx->fallback) {
- crypto_free_sync_skcipher(ctx->fallback);
- ctx->fallback = NULL;
- }
+ crypto_free_skcipher(ctx->fallback);
}
-static int p8_aes_cbc_setkey(struct crypto_tfm *tfm, const u8 *key,
+static int p8_aes_cbc_setkey(struct crypto_skcipher *tfm, const u8 *key,
unsigned int keylen)
{
+ struct p8_aes_cbc_ctx *ctx = crypto_skcipher_ctx(tfm);
int ret;
- struct p8_aes_cbc_ctx *ctx = crypto_tfm_ctx(tfm);
preempt_disable();
pagefault_disable();
@@ -75,108 +63,71 @@ static int p8_aes_cbc_setkey(struct crypto_tfm *tfm, const
u8 *key,
pagefault_enable();
preempt_enable();
- ret |= crypto_sync_skcipher_setkey(ctx->fallback, key, keylen);
+ ret |= crypto_skcipher_setkey(ctx->fallback, key, keylen);
return ret ? -EINVAL : 0;
}
-static int p8_aes_cbc_encrypt(struct blkcipher_desc *desc,
- struct scatterlist *dst,
- struct scatterlist *src, unsigned int nbytes)
+static int p8_aes_cbc_crypt(struct skcipher_request *req, int enc)
{
+ struct crypto_skcipher *tfm = crypto_skcipher_reqtfm(req);
+ const struct p8_aes_cbc_ctx *ctx = crypto_skcipher_ctx(tfm);
+ struct skcipher_walk walk;
+ unsigned int nbytes;
int ret;
- struct blkcipher_walk walk;
- struct p8_aes_cbc_ctx *ctx =
- crypto_tfm_ctx(crypto_blkcipher_tfm(desc->tfm));
if (!crypto_simd_usable()) {
- SYNC_SKCIPHER_REQUEST_ON_STACK(req, ctx->fallback);
- skcipher_request_set_sync_tfm(req, ctx->fallback);
- skcipher_request_set_callback(req, desc->flags, NULL, NULL);
- skcipher_request_set_crypt(req, src, dst, nbytes, desc->info);
- ret = crypto_skcipher_encrypt(req);
- skcipher_request_zero(req);
- } else {
- blkcipher_walk_init(, dst, src, nbytes);
- ret
