From: Herbert Xu <herbert@gondor.apana.org.au>
To: Ard Biesheuvel <ardb@kernel.org>
Cc: Linux Crypto Mailing List <linux-crypto@vger.kernel.org>,
Eric Biggers <ebiggers@kernel.org>,
Ben Greear <greearb@candelatech.com>
Subject: Re: [PATCH 6/6] crypto: cmac - Use cbc skcipher instead of raw cipher
Date: Mon, 24 Aug 2020 21:20:50 +1000 [thread overview]
Message-ID: <20200824112050.GA23301@gondor.apana.org.au> (raw)
In-Reply-To: <CAMj1kXH6FTYDvzpwmga5K_2SRDBCyfPOmJJd3JN2vUjZLzTL7w@mail.gmail.com>
On Mon, Aug 24, 2020 at 11:47:30AM +0200, Ard Biesheuvel wrote:
>
> OK, so you are using a page size buffer for every request in flight,
> and using that as a scratch buffer for the destination of the cbc()
> transform?
Not necessarily. It'll only allocate the page if the request size
exceeds the buffer we already have in the request context. The
request context size is dependent on the request context size of
the underlying CBC, but it should be at least 512 bytes long.
I should probably test always using the 512-byte buffer and perhaps
it might be good enough.
Note that the numbers I'm getting with aesni is already very close
to the numbers of the underly cbc-aesni encryption so there is not
much room for improvement.
> I am not a fan of this approach, tbh. High latency/high bandwidth
> users will cause lots of GFP_ATOMIC allocations, and synchronous CPU
We could make the request context size be at least 2048 bytes long
and that would obviate the need to allocate the page buffer.
In any case, the cost of the page allocation is going to be drowned
out by the crypto since this would only happen for large requests.
> implementations will cause lots of writes polluting the D-cache for no
> good reason. Non-cache coherent accelerators will cause unnecessary
> traffic on the memory bus in addition to the undesirable D-cache
> behavior.
Perhaps, but would this be significant compared to the crypto cost?
Only numbers can tell.
> What we could do instead is having a certain flag/behavior in skcipher
> where writes are omitted entirely, and cbcmac/cmac could opt into
> that. But imho, the best way to improve this is to have a new AES-NI
> asm helper (which I already implemented in my v2) that wraps the
> AES-NI primitives in the right way to implement cbcmac.
As I said before, I'm totally fine with a native aesni implementation
for ccm/cbcmac as long as it's fully async like everything else. But
a ccm/cbcmac based on cbc still makes sense since we're not going to
reimplement the same thing in every crypto driver out there.
Cheers,
--
Email: Herbert Xu <herbert@gondor.apana.org.au>
Home Page: http://gondor.apana.org.au/~herbert/
PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt
next prev parent reply other threads:[~2020-08-24 11:20 UTC|newest]
Thread overview: 46+ messages / expand[flat|nested] mbox.gz Atom feed top
2020-08-02 9:06 [PATCH] crypto: x86/aesni - implement accelerated CBCMAC, CMAC and XCBC shashes Ard Biesheuvel
2020-08-03 19:11 ` Ben Greear
2020-08-04 12:55 ` Ard Biesheuvel
2020-08-04 13:01 ` Ben Greear
2020-08-04 13:08 ` Ard Biesheuvel
2020-08-04 13:22 ` Ben Greear
2020-08-04 19:45 ` Ben Greear
2020-08-04 20:12 ` Ard Biesheuvel
2020-09-23 11:03 ` Ben Greear
2020-10-29 16:58 ` Ard Biesheuvel
2020-08-18 8:24 ` [PATCH 0/5] crypto: Implement cmac based on cbc skcipher Herbert Xu
2020-08-18 8:25 ` [PATCH 1/6] crypto: skcipher - Add helpers for sync skcipher spawn Herbert Xu
2020-08-18 8:25 ` [PATCH 2/6] crypto: ahash - Add helper to free single spawn instance Herbert Xu
2020-08-18 8:25 ` [PATCH 3/6] crypto: ahash - Add init_tfm/exit_tfm Herbert Xu
2020-08-18 8:25 ` [PATCH 4/6] crypto: ahash - Add ahash_alg_instance Herbert Xu
2020-08-18 8:25 ` [PATCH 5/6] crypto: ahash - Remove AHASH_REQUEST_ON_STACK Herbert Xu
2020-08-26 10:55 ` Ard Biesheuvel
2020-08-18 8:25 ` [PATCH 6/6] crypto: cmac - Use cbc skcipher instead of raw cipher Herbert Xu
2020-08-24 9:47 ` Ard Biesheuvel
2020-08-24 11:20 ` Herbert Xu [this message]
2020-08-18 8:31 ` [PATCH 0/5] crypto: Implement cmac based on cbc skcipher Ard Biesheuvel
2020-08-18 13:51 ` Herbert Xu
2020-08-18 13:56 ` Ben Greear
2020-08-18 14:05 ` Herbert Xu
2020-08-18 14:17 ` Ben Greear
2020-08-18 22:15 ` Herbert Xu
2020-08-18 22:27 ` Herbert Xu
2020-08-18 22:31 ` Ben Greear
2020-08-18 22:33 ` Herbert Xu
2020-08-18 22:39 ` Ben Greear
2020-08-20 6:58 ` Ard Biesheuvel
2020-08-20 7:01 ` Herbert Xu
2020-08-20 7:04 ` Ard Biesheuvel
2020-08-20 7:06 ` Herbert Xu
2020-08-20 7:19 ` Ard Biesheuvel
2020-08-20 7:29 ` Herbert Xu
2020-08-20 7:33 ` Ard Biesheuvel
2020-08-20 7:44 ` Herbert Xu
2020-08-20 7:48 ` Ard Biesheuvel
2020-08-20 7:53 ` Herbert Xu
2020-08-20 7:56 ` Ard Biesheuvel
2020-08-20 13:54 ` Ben Greear
2020-08-20 20:10 ` Herbert Xu
2020-08-20 22:09 ` Ben Greear
2020-08-20 22:12 ` Herbert Xu
2020-08-22 22:35 ` Christian Lamparter
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20200824112050.GA23301@gondor.apana.org.au \
--to=herbert@gondor.apana.org.au \
--cc=ardb@kernel.org \
--cc=ebiggers@kernel.org \
--cc=greearb@candelatech.com \
--cc=linux-crypto@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).