Re: [RFC PATCH] crypto: x86/aes-ni - remove special handling of AES in PCBC mode

[Herbert Xu]

On Mon, Sep 24, 2018 at 02:48:16PM +0200, Ard Biesheuvel wrote:
> For historical reasons, the AES-NI based implementation of the PCBC
> chaining mode uses a special FPU chaining mode wrapper template to
> amortize the FPU start/stop overhead over multiple blocks.
> 
> When this FPU wrapper was introduced, it supported widely used
> chaining modes such as XTS and CTR (as well as LRW), but currently,
> PCBC is the only remaining user.
> 
> Since there are no known users of pcbc(aes) in the kernel, let's remove
> this special driver, and rely on the generic pcbc driver to encapsulate
> the AES-NI core cipher.
> 
> Signed-off-by: Ard Biesheuvel 
> ---
>  arch/x86/crypto/Makefile   |   2 +-
>  arch/x86/crypto/aesni-intel_glue.c |  32 ---
>  arch/x86/crypto/fpu.c  | 207 
>  crypto/Kconfig |   2 +-
>  4 files changed, 2 insertions(+), 241 deletions(-)

Patch applied.  Thanks.
-- 
Email: Herbert Xu 
Home Page: http://gondor.apana.org.au/~herbert/
PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt

[RFC PATCH] crypto: x86/aes-ni - remove special handling of AES in PCBC mode

[Ard Biesheuvel]

For historical reasons, the AES-NI based implementation of the PCBC
chaining mode uses a special FPU chaining mode wrapper template to
amortize the FPU start/stop overhead over multiple blocks.

When this FPU wrapper was introduced, it supported widely used
chaining modes such as XTS and CTR (as well as LRW), but currently,
PCBC is the only remaining user.

Since there are no known users of pcbc(aes) in the kernel, let's remove
this special driver, and rely on the generic pcbc driver to encapsulate
the AES-NI core cipher.

Signed-off-by: Ard Biesheuvel 
---
 arch/x86/crypto/Makefile   |   2 +-
 arch/x86/crypto/aesni-intel_glue.c |  32 ---
 arch/x86/crypto/fpu.c  | 207 
 crypto/Kconfig |   2 +-
 4 files changed, 2 insertions(+), 241 deletions(-)

diff --git a/arch/x86/crypto/Makefile b/arch/x86/crypto/Makefile
index a450ad573dcb..42d22005764c 100644
--- a/arch/x86/crypto/Makefile
+++ b/arch/x86/crypto/Makefile
@@ -106,7 +106,7 @@ ifeq ($(avx2_supported),yes)
morus1280-avx2-y := morus1280-avx2-asm.o morus1280-avx2-glue.o
 endif
 
-aesni-intel-y := aesni-intel_asm.o aesni-intel_glue.o fpu.o
+aesni-intel-y := aesni-intel_asm.o aesni-intel_glue.o
 aesni-intel-$(CONFIG_64BIT) += aesni-intel_avx-x86_64.o aes_ctrby8_avx-x86_64.o
 ghash-clmulni-intel-y := ghash-clmulni-intel_asm.o ghash-clmulni-intel_glue.o
 sha1-ssse3-y := sha1_ssse3_asm.o sha1_ssse3_glue.o
diff --git a/arch/x86/crypto/aesni-intel_glue.c 
b/arch/x86/crypto/aesni-intel_glue.c
index acbe7e8336d8..d90770c43b40 100644
--- a/arch/x86/crypto/aesni-intel_glue.c
+++ b/arch/x86/crypto/aesni-intel_glue.c
@@ -1253,22 +1253,6 @@ static struct skcipher_alg aesni_skciphers[] = {
 static
 struct simd_skcipher_alg *aesni_simd_skciphers[ARRAY_SIZE(aesni_skciphers)];
 
-static struct {
-   const char *algname;
-   const char *drvname;
-   const char *basename;
-   struct simd_skcipher_alg *simd;
-} aesni_simd_skciphers2[] = {
-#if (defined(MODULE) && IS_ENABLED(CONFIG_CRYPTO_PCBC)) || \
-IS_BUILTIN(CONFIG_CRYPTO_PCBC)
-   {
-   .algname= "pcbc(aes)",
-   .drvname= "pcbc-aes-aesni",
-   .basename   = "fpu(pcbc(__aes-aesni))",
-   },
-#endif
-};
-
 #ifdef CONFIG_X86_64
 static int generic_gcmaes_set_key(struct crypto_aead *aead, const u8 *key,
  unsigned int key_len)
@@ -1422,10 +1406,6 @@ static void aesni_free_simds(void)
for (i = 0; i < ARRAY_SIZE(aesni_simd_skciphers) &&
aesni_simd_skciphers[i]; i++)
simd_skcipher_free(aesni_simd_skciphers[i]);
-
-   for (i = 0; i < ARRAY_SIZE(aesni_simd_skciphers2); i++)
-   if (aesni_simd_skciphers2[i].simd)
-   simd_skcipher_free(aesni_simd_skciphers2[i].simd);
 }
 
 static int __init aesni_init(void)
@@ -1499,18 +1479,6 @@ static int __init aesni_init(void)
aesni_simd_skciphers[i] = simd;
}
 
-   for (i = 0; i < ARRAY_SIZE(aesni_simd_skciphers2); i++) {
-   algname = aesni_simd_skciphers2[i].algname;
-   drvname = aesni_simd_skciphers2[i].drvname;
-   basename = aesni_simd_skciphers2[i].basename;
-   simd = simd_skcipher_create_compat(algname, drvname, basename);
-   err = PTR_ERR(simd);
-   if (IS_ERR(simd))
-   continue;
-
-   aesni_simd_skciphers2[i].simd = simd;
-   }
-
return 0;
 
 unregister_simds:
diff --git a/arch/x86/crypto/fpu.c b/arch/x86/crypto/fpu.c
deleted file mode 100644
index 406680476c52..
--- a/arch/x86/crypto/fpu.c
+++ /dev/null
@@ -1,207 +0,0 @@
-/*
- * FPU: Wrapper for blkcipher touching fpu
- *
- * Copyright (c) Intel Corp.
- *   Author: Huang Ying 
- *
- * This program is free software; you can redistribute it and/or modify it
- * under the terms of the GNU General Public License as published by the Free
- * Software Foundation; either version 2 of the License, or (at your option)
- * any later version.
- *
- */
-
-#include 
-#include 
-#include 
-#include 
-#include 
-#include 
-#include 
-
-struct crypto_fpu_ctx {
-   struct crypto_skcipher *child;
-};
-
-static int crypto_fpu_setkey(struct crypto_skcipher *parent, const u8 *key,
-unsigned int keylen)
-{
-   struct crypto_fpu_ctx *ctx = crypto_skcipher_ctx(parent);
-   struct crypto_skcipher *child = ctx->child;
-   int err;
-
-   crypto_skcipher_clear_flags(child, CRYPTO_TFM_REQ_MASK);
-   crypto_skcipher_set_flags(child, crypto_skcipher_get_flags(parent) &
-CRYPTO_TFM_REQ_MASK);
-   err = crypto_skcipher_setkey(child, key, keylen);
-   crypto_skcipher_set_flags(parent, crypto_skcipher_get_flags(child) &
- CRYPTO_TFM_RES_MASK);
-   return err;
-}
-
-static int crypto_fpu_encrypt(struct