Re: [PATCH] crypto: ccm - avoid scatterlist for MAC encryption

2016-10-19 Thread Ben Greear
On 10/19/2016 08:08 AM, Ard Biesheuvel wrote: On 19 October 2016 at 08:43, Johannes Berg wrote: On Wed, 2016-10-19 at 11:31 +0800, Herbert Xu wrote: We could probably make mac80211 do that too, but can we guarantee in- order processing? Anyway, it's pretty low

Re: [PATCH] crypto: ccm - avoid scatterlist for MAC encryption

2016-10-19 Thread Ben Greear
On 10/19/2016 08:08 AM, Ard Biesheuvel wrote: On 19 October 2016 at 08:43, Johannes Berg wrote: On Wed, 2016-10-19 at 11:31 +0800, Herbert Xu wrote: We could probably make mac80211 do that too, but can we guarantee in- order processing? Anyway, it's pretty low priority, maybe never

Re: [PATCH] crypto: ccm - avoid scatterlist for MAC encryption

2016-10-19 Thread Johannes Berg
On Wed, 2016-10-19 at 08:59 -0700, Ben Greear wrote: >  > Do you actually expect performance regressions?  I'll be complaining > if so, but will test first :) I think we can expect this to use a bit more CPU time, but unless you're very tight on that you probably shouldn't expect any throughput

Re: [PATCH] crypto: ccm - avoid scatterlist for MAC encryption

2016-10-19 Thread Johannes Berg
On Wed, 2016-10-19 at 08:59 -0700, Ben Greear wrote: >  > Do you actually expect performance regressions?  I'll be complaining > if so, but will test first :) I think we can expect this to use a bit more CPU time, but unless you're very tight on that you probably shouldn't expect any throughput

Re: [PATCH] crypto: ccm - avoid scatterlist for MAC encryption

2016-10-19 Thread Johannes Berg
On Wed, 2016-10-19 at 11:31 +0800, Herbert Xu wrote: > On Mon, Oct 17, 2016 at 06:21:14PM +0100, Ard Biesheuvel wrote: > > > > > > Annoyingly, all this complication with scatterlists etc is for > > doing > > asynchronous crypto via DMA capable crypto accelerators, and the > > networking code

Re: [PATCH] crypto: ccm - avoid scatterlist for MAC encryption

2016-10-19 Thread Johannes Berg
On Wed, 2016-10-19 at 11:31 +0800, Herbert Xu wrote: > On Mon, Oct 17, 2016 at 06:21:14PM +0100, Ard Biesheuvel wrote: > > > > > > Annoyingly, all this complication with scatterlists etc is for > > doing > > asynchronous crypto via DMA capable crypto accelerators, and the > > networking code

Re: [PATCH] crypto: ccm - avoid scatterlist for MAC encryption

2016-10-19 Thread Ard Biesheuvel
On 19 October 2016 at 08:43, Johannes Berg wrote: > On Wed, 2016-10-19 at 11:31 +0800, Herbert Xu wrote: >> On Mon, Oct 17, 2016 at 06:21:14PM +0100, Ard Biesheuvel wrote: >> > >> > >> > Annoyingly, all this complication with scatterlists etc is for >> > doing >> >

Re: [PATCH] crypto: ccm - avoid scatterlist for MAC encryption

2016-10-19 Thread Ard Biesheuvel
On 19 October 2016 at 08:43, Johannes Berg wrote: > On Wed, 2016-10-19 at 11:31 +0800, Herbert Xu wrote: >> On Mon, Oct 17, 2016 at 06:21:14PM +0100, Ard Biesheuvel wrote: >> > >> > >> > Annoyingly, all this complication with scatterlists etc is for >> > doing >> > asynchronous crypto via DMA

Re: [PATCH] crypto: ccm - avoid scatterlist for MAC encryption

2016-10-18 Thread Herbert Xu
On Mon, Oct 17, 2016 at 06:21:14PM +0100, Ard Biesheuvel wrote: > > Annoyingly, all this complication with scatterlists etc is for doing > asynchronous crypto via DMA capable crypto accelerators, and the > networking code (ipsec as well as mac80211, afaik) only allow > synchronous in the first

Re: [PATCH] crypto: ccm - avoid scatterlist for MAC encryption

2016-10-18 Thread Herbert Xu
On Mon, Oct 17, 2016 at 06:21:14PM +0100, Ard Biesheuvel wrote: > > Annoyingly, all this complication with scatterlists etc is for doing > asynchronous crypto via DMA capable crypto accelerators, and the > networking code (ipsec as well as mac80211, afaik) only allow > synchronous in the first

Re: [PATCH] crypto: ccm - avoid scatterlist for MAC encryption

2016-10-17 Thread Ard Biesheuvel
On 17 October 2016 at 18:08, Andy Lutomirski wrote: > On Mon, Oct 17, 2016 at 12:37 AM, Ard Biesheuvel > wrote: >> On 17 October 2016 at 08:28, Johannes Berg wrote: >>> On Sat, 2016-10-15 at 18:16 +0100, Ard Biesheuvel

Re: [PATCH] crypto: ccm - avoid scatterlist for MAC encryption

2016-10-17 Thread Ard Biesheuvel
On 17 October 2016 at 18:08, Andy Lutomirski wrote: > On Mon, Oct 17, 2016 at 12:37 AM, Ard Biesheuvel > wrote: >> On 17 October 2016 at 08:28, Johannes Berg wrote: >>> On Sat, 2016-10-15 at 18:16 +0100, Ard Biesheuvel wrote: The CCM code goes out of its way to perform the CTR encryption

Re: [PATCH] crypto: ccm - avoid scatterlist for MAC encryption

2016-10-17 Thread Andy Lutomirski
On Mon, Oct 17, 2016 at 12:37 AM, Ard Biesheuvel wrote: > On 17 October 2016 at 08:28, Johannes Berg wrote: >> On Sat, 2016-10-15 at 18:16 +0100, Ard Biesheuvel wrote: >>> The CCM code goes out of its way to perform the CTR encryption of the

Re: [PATCH] crypto: ccm - avoid scatterlist for MAC encryption

2016-10-17 Thread Andy Lutomirski
On Mon, Oct 17, 2016 at 12:37 AM, Ard Biesheuvel wrote: > On 17 October 2016 at 08:28, Johannes Berg wrote: >> On Sat, 2016-10-15 at 18:16 +0100, Ard Biesheuvel wrote: >>> The CCM code goes out of its way to perform the CTR encryption of the >>> MAC using the subordinate CTR driver. To this end,

Re: [PATCH] crypto: ccm - avoid scatterlist for MAC encryption

2016-10-17 Thread Johannes Berg
On Mon, 2016-10-17 at 08:50 +0100, Ard Biesheuvel wrote: > I just realised that patch should probably use > aead_request_alloc/aead_request_free [and drop the memset]. That also > fixes the latent bug where the alignment of the req ctx is not take > into account. Good point, I'll fix that up. >

Re: [PATCH] crypto: ccm - avoid scatterlist for MAC encryption

2016-10-17 Thread Johannes Berg
On Mon, 2016-10-17 at 08:50 +0100, Ard Biesheuvel wrote: > I just realised that patch should probably use > aead_request_alloc/aead_request_free [and drop the memset]. That also > fixes the latent bug where the alignment of the req ctx is not take > into account. Good point, I'll fix that up. >

Re: [PATCH] crypto: ccm - avoid scatterlist for MAC encryption

2016-10-17 Thread Ard Biesheuvel
On 17 October 2016 at 08:47, Johannes Berg wrote: > On Mon, 2016-10-17 at 08:37 +0100, Ard Biesheuvel wrote: >> >> Could we get a statement first whether it is supported to allocate >> aead_req (and other crypto req structures) on the stack? > > Well, we haven't heard

Re: [PATCH] crypto: ccm - avoid scatterlist for MAC encryption

2016-10-17 Thread Ard Biesheuvel
On 17 October 2016 at 08:47, Johannes Berg wrote: > On Mon, 2016-10-17 at 08:37 +0100, Ard Biesheuvel wrote: >> >> Could we get a statement first whether it is supported to allocate >> aead_req (and other crypto req structures) on the stack? > > Well, we haven't heard from Herbert :) > >> If not,

Re: [PATCH] crypto: ccm - avoid scatterlist for MAC encryption

2016-10-17 Thread Johannes Berg
On Mon, 2016-10-17 at 08:37 +0100, Ard Biesheuvel wrote: >  > Could we get a statement first whether it is supported to allocate > aead_req (and other crypto req structures) on the stack? Well, we haven't heard from Herbert :) > If not, then > we have our work cut out for us. But if it is, I'd

Re: [PATCH] crypto: ccm - avoid scatterlist for MAC encryption

2016-10-17 Thread Johannes Berg
On Mon, 2016-10-17 at 08:37 +0100, Ard Biesheuvel wrote: >  > Could we get a statement first whether it is supported to allocate > aead_req (and other crypto req structures) on the stack? Well, we haven't heard from Herbert :) > If not, then > we have our work cut out for us. But if it is, I'd

Re: [PATCH] crypto: ccm - avoid scatterlist for MAC encryption

2016-10-17 Thread Ard Biesheuvel
On 17 October 2016 at 08:28, Johannes Berg wrote: > On Sat, 2016-10-15 at 18:16 +0100, Ard Biesheuvel wrote: >> The CCM code goes out of its way to perform the CTR encryption of the >> MAC using the subordinate CTR driver. To this end, it tweaks the >> input and output

Re: [PATCH] crypto: ccm - avoid scatterlist for MAC encryption

2016-10-17 Thread Ard Biesheuvel
On 17 October 2016 at 08:28, Johannes Berg wrote: > On Sat, 2016-10-15 at 18:16 +0100, Ard Biesheuvel wrote: >> The CCM code goes out of its way to perform the CTR encryption of the >> MAC using the subordinate CTR driver. To this end, it tweaks the >> input and output scatterlists so the

Re: [PATCH] crypto: ccm - avoid scatterlist for MAC encryption

2016-10-17 Thread Johannes Berg
On Sat, 2016-10-15 at 18:16 +0100, Ard Biesheuvel wrote: > The CCM code goes out of its way to perform the CTR encryption of the > MAC using the subordinate CTR driver. To this end, it tweaks the > input and output scatterlists so the aead_req 'odata' and/or > 'auth_tag' fields [which may live on

Re: [PATCH] crypto: ccm - avoid scatterlist for MAC encryption

2016-10-17 Thread Johannes Berg
On Sat, 2016-10-15 at 18:16 +0100, Ard Biesheuvel wrote: > The CCM code goes out of its way to perform the CTR encryption of the > MAC using the subordinate CTR driver. To this end, it tweaks the > input and output scatterlists so the aead_req 'odata' and/or > 'auth_tag' fields [which may live on