From: Eric Biggers <ebiggers@kernel.org>
To: Pascal Van Leeuwen <pvanleeuwen@verimatrix.com>
Cc: "linux-crypto@vger.kernel.org" <linux-crypto@vger.kernel.org>,
"herbert@gondor.apana.org.au" <herbert@gondor.apana.org.au>,
"davem@davemloft.net" <davem@davemloft.net>
Subject: Re: XTS template wrapping question
Date: Fri, 9 Aug 2019 09:46:10 -0700 [thread overview]
Message-ID: <20190809164610.GA658@sol.localdomain> (raw)
In-Reply-To: <MN2PR20MB2973BB8A78D663C6A3D6A223CAD60@MN2PR20MB2973.namprd20.prod.outlook.com>
On Fri, Aug 09, 2019 at 11:39:12AM +0000, Pascal Van Leeuwen wrote:
> Herbert, Eric,
>
> While working on the XTS template, I noticed that it is being used
> (e.g. from testmgr, but also when explictly exported from other drivers)
> as e.g. "xts(aes)", with the generic driver actually being
> "xts(ecb(aes-generic))".
>
> While what I would expect would be "xts(ecb(aes))", the reason being
> that plain "aes" is defined as a single block cipher while the XTS
> template actually efficiently wraps an skcipher (like ecb(aes)).
> The generic driver reference actually proves this point.
>
> The problem with XTS being used without the ecb template in between,
> is that hardware accelerators will typically advertise an ecb(aes)
> skcipher and the current approach makes it impossible to leverage
> that for XTS (while the XTS template *could* actually do that
> efficiently, from what I understand from the code ...).
> Advertising a single block "aes" cipher from a hardware accelerator
> unfortunately defeats the purpose of acceleration.
>
> I also wonder what happens if aes-generic is the only AES
> implementation available? How would the crypto API know it needs to
> do "xts(aes)" as "xts(ecb(aes))" without some explicit export?
> (And I don't see how xts(aes) would work directly, considering
> that only seems to handle single cipher blocks? Or ... will
> the crypto API actually wrap some multi-block skcipher thing
> around the single block cipher instance automatically??)
>
"xts(aes)" is the cra_name for AES-XTS, while everything else (e.g.
"xts(ecb(aes-generic))", "xts-aes-aesni", "xts(ecb-aes-aesni)")
is a cra_driver_name for AES-XTS.
"xts(ecb(aes))" doesn't make sense, as it's neither the cra_name nor does it
name a specific implementation.
See create() in crypto/xts.c. It allows the XTS template to be passed either
the string "aes", *or* a string which names an *implementation* of "ecb(aes)",
like "ecb(aes-generic)" or "ecb-aes-aesni". In the first case it allocates
"ecb(aes)" so it gets the highest priority AES-ECB implementation.
So in both cases the XTS template uses AES-ECB via the skcipher API.
- Eric
next prev parent reply other threads:[~2019-08-09 16:46 UTC|newest]
Thread overview: 7+ messages / expand[flat|nested] mbox.gz Atom feed top
2019-08-09 11:39 XTS template wrapping question Pascal Van Leeuwen
2019-08-09 14:18 ` Pascal Van Leeuwen
2019-08-09 15:06 ` Pascal Van Leeuwen
2019-08-09 17:06 ` Eric Biggers
2019-08-09 21:55 ` Pascal Van Leeuwen
2019-08-09 16:46 ` Eric Biggers [this message]
2019-08-09 21:49 ` Pascal Van Leeuwen
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20190809164610.GA658@sol.localdomain \
--to=ebiggers@kernel.org \
--cc=davem@davemloft.net \
--cc=herbert@gondor.apana.org.au \
--cc=linux-crypto@vger.kernel.org \
--cc=pvanleeuwen@verimatrix.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.