Re: [PATCH 0/4] crypto: nx - convert to skcipher API

From: Ard Biesheuvel <ard.biesheuvel@linaro.org>
To: Eric Biggers <ebiggers@kernel.org>
Cc: "Herbert Xu" <herbert@gondor.apana.org.au>,
	"Nayna Jain" <nayna@linux.ibm.com>,
	"Paulo Flabiano Smorigo" <pfsmorigo@gmail.com>,
	"open list:HARDWARE RANDOM NUMBER GENERATOR CORE"
	<linux-crypto@vger.kernel.org>,
	"Breno Leitão" <leitao@debian.org>,
	linuxppc-dev <linuxppc-dev@lists.ozlabs.org>
Subject: Re: [PATCH 0/4] crypto: nx - convert to skcipher API
Date: Sun, 13 Oct 2019 21:48:58 +0200	[thread overview]
Message-ID: <CAKv+Gu_+yG0grjr+Y7rO8KYkvO5xjB-Y7B_AzuMPEHVTaUJB8w@mail.gmail.com> (raw)
In-Reply-To: <20191013185616.GA10007@sol.localdomain>

On Sun, 13 Oct 2019 at 20:56, Eric Biggers <ebiggers@kernel.org> wrote:
>
> On Sun, Oct 13, 2019 at 05:31:31PM +0200, Ard Biesheuvel wrote:
> > On Sun, 13 Oct 2019 at 08:29, Ard Biesheuvel <ard.biesheuvel@linaro.org> wrote:
> > >
> > > On Sun, 13 Oct 2019 at 06:40, Eric Biggers <ebiggers@kernel.org> wrote:
> > > >
> > > > This series converts the PowerPC Nest (NX) implementations of AES modes
> > > > from the deprecated "blkcipher" API to the "skcipher" API.  This is
> > > > needed in order for the blkcipher API to be removed.
> > > >
> > > > This patchset is compile-tested only, as I don't have this hardware.
> > > > If anyone has this hardware, please test this patchset with
> > > > CONFIG_CRYPTO_MANAGER_EXTRA_TESTS=y.
> > > >
> > > > Eric Biggers (4):
> > > >   crypto: nx - don't abuse blkcipher_desc to pass iv around
> > > >   crypto: nx - convert AES-ECB to skcipher API
> > > >   crypto: nx - convert AES-CBC to skcipher API
> > > >   crypto: nx - convert AES-CTR to skcipher API
> > > >
> > > >  drivers/crypto/nx/nx-aes-cbc.c | 81 ++++++++++++++-----------------
> > > >  drivers/crypto/nx/nx-aes-ccm.c | 40 ++++++----------
> > > >  drivers/crypto/nx/nx-aes-ctr.c | 87 +++++++++++++++-------------------
> > > >  drivers/crypto/nx/nx-aes-ecb.c | 76 +++++++++++++----------------
> > > >  drivers/crypto/nx/nx-aes-gcm.c | 24 ++++------
> > > >  drivers/crypto/nx/nx.c         | 64 ++++++++++++++-----------
> > > >  drivers/crypto/nx/nx.h         | 19 ++++----
> > > >  7 files changed, 176 insertions(+), 215 deletions(-)
> > > >
> > >
> > > Hi Eric,
> > >
> > > Thanks for taking this on. I'll look in more detail at these patches
> > > during the week. In the meantime, I may have a stab at converting ccp,
> > > virtio-crypto and omap aes/des myself, since i have the hardware to
> > > test those.
> > >
> >
> > OK, I got a bit carried away, and converted a bunch of platforms in
> > drivers/crypto (build tested only, except for the virtio driver)
> >
> > crypto: qce - switch to skcipher API
> > crypto: rockchip - switch to skcipher API
> > crypto: stm32 - switch to skcipher API
> > crypto: sahara - switch to skcipher API
> > crypto: picoxcell - switch to skcipher API
> > crypto: mediatek - switch to skcipher API
> > crypto: mxs - switch to skcipher API
> > crypto: ixp4xx - switch to skcipher API
> > crypto: hifn - switch to skcipher API
> > crypto: chelsio - switch to skcipher API
> > crypto: cavium/cpt - switch to skcipher API
> > crypto: nitrox - remove cra_type reference to ablkcipher
> > crypto: bcm-spu - switch to skcipher API
> > crypto: atmel-tdes - switch to skcipher API
> > crypto: atmel-aes - switch to skcipher API
> > crypto: s5p - switch to skcipher API
> > crypto: ux500 - switch to skcipher API
> > crypto: omap - switch to skcipher API
> > crypto: virtio - switch to skcipher API
> > crypto: virtio - deal with unsupported input sizes
> > crypto: virtio - implement missing support for output IVs
> > crypto: ccp - switch from ablkcipher to skcipher
> >
> > https://git.kernel.org/pub/scm/linux/kernel/git/ardb/linux.git/log/?h=ablkcipher-removal
> >
> > I pushed the branch to kernelci, so hopefully we'll get some automated
> > results, but I think only a small subset of these are boot tested atm.
>
> Awesome, thanks for doing this!  I was just planning to do "blkcipher" for now,
> but your patches will take care of almost all of "ablkcipher" too.
>

Yeah. I thought it was about time we take care of this, and ablkcipher
is much more straightforward anyway.

> A few things I noticed from quickly skimming through your patches:
>

Thanks. These are all mistakes on my part - I went through these at
high speed with lots of mechanical search-replace.

> "ecb-des3-omap", "cbc-des3-omap", "atmel-ecb-tdes", "atmel-cbc-tdes", and
> "atmel-ofb-tdes" had their min and/or max key size incorrectly changed to 8
> (DES_BLOCK_SIZE or DES3_EDE_BLOCK_SIZE) rather than left as 24
> (DES3_EDE_KEY_SIZE or 3*DES_KEY_SIZE).
>
> cra_blocksize for "atmel-cfb64-aes" was changed from CFB64_BLOCK_SIZE to
> AES_BLOCKSIZE.  Intentional?
>
> cra_blocksize for "stm32-ctr-aes" and for "cfb-aes-mtk" was changed from 1 to
> AES_BLOCK_SIZE.  Intentional?
>
> CRYPTO_ALG_NEED_FALLBACK was added to "cbc-des-picoxcell" and "ecb-des-picoxcell".
> Intentional?
>
> In drivers/crypto/ixp4xx_crypto.c, .walksize was set on "rfc3686(ctr(aes))"
> rather than .chunksize.  Intentional?
>
> In drivers/crypto/qce/, CRYPTO_ALG_TYPE_ABLKCIPHER should be replaced with
> CRYPTO_ALG_TYPE_SKCIPHER.
>
> In drivers/crypto/stm32/, could rename crypto_algs[] to skcipher_algs[].
>
> Thanks!
>
> - Eric