simd ciphers

simd ciphers

[Stephan Müller]

Hi Herbert,

with the addition of the simd cipher change I seem to be unable to use the 
AESNI ciphers. My .config contains CONFIG_CRYPTO_SIMD=y and 
CONFIG_CRYPTO_AES_NI_INTEL=y. Those options always worked to load the AES-NI 
implementation. But now, I do not see the AES-NI implementations any more in /
proc/crypto.

Ciao
Stephan

Re: simd ciphers

[Stephan Müller]

Am Donnerstag, 8. Dezember 2016, 19:32:03 CET schrieb Stephan Müller:

Hi Herbert,

> Hi Herbert,
> 
> with the addition of the simd cipher change I seem to be unable to use the
> AESNI ciphers. My .config contains CONFIG_CRYPTO_SIMD=y and
> CONFIG_CRYPTO_AES_NI_INTEL=y. Those options always worked to load the AES-NI

(with "always worked" I meant the CONFIG_CRYPTO_AES_NI_INTEL=y option of 
course, that always ensured AES-NI to be present and usable)

> implementation. But now, I do not see the AES-NI implementations any more
> in / proc/crypto.
> 
> Ciao
> Stephan
> --
> To unsubscribe from this list: send the line "unsubscribe linux-crypto" in
> the body of a message to majordomo@vger.kernel.org
> More majordomo info at  http://vger.kernel.org/majordomo-info.html



Ciao
Stephan

Re: simd ciphers

[Stephan Müller]

Am Donnerstag, 8. Dezember 2016, 19:40:38 CET schrieb Stephan Müller:

Hi Herbert,

> Am Donnerstag, 8. Dezember 2016, 19:32:03 CET schrieb Stephan Müller:
> 
> Hi Herbert,
> 
> > Hi Herbert,
> > 
> > with the addition of the simd cipher change I seem to be unable to use the
> > AESNI ciphers. My .config contains CONFIG_CRYPTO_SIMD=y and
> > CONFIG_CRYPTO_AES_NI_INTEL=y. Those options always worked to load the
> > AES-NI
> (with "always worked" I meant the CONFIG_CRYPTO_AES_NI_INTEL=y option of
> course, that always ensured AES-NI to be present and usable)

With 4.10-rc1, I also do not get the AES-NI implementations to work. do you 
have any ideas what may be the issue?

Ciao
Stephan

Re: simd ciphers

[Herbert Xu]

On Wed, Dec 28, 2016 at 09:37:04AM +0100, Stephan Müller wrote:
> Am Donnerstag, 8. Dezember 2016, 19:40:38 CET schrieb Stephan Müller:
> 
> Hi Herbert,
> 
> > Am Donnerstag, 8. Dezember 2016, 19:32:03 CET schrieb Stephan Müller:
> > 
> > Hi Herbert,
> > 
> > > Hi Herbert,
> > > 
> > > with the addition of the simd cipher change I seem to be unable to use the
> > > AESNI ciphers. My .config contains CONFIG_CRYPTO_SIMD=y and
> > > CONFIG_CRYPTO_AES_NI_INTEL=y. Those options always worked to load the
> > > AES-NI
> > (with "always worked" I meant the CONFIG_CRYPTO_AES_NI_INTEL=y option of
> > course, that always ensured AES-NI to be present and usable)
> 
> With 4.10-rc1, I also do not get the AES-NI implementations to work. do you 
> have any ideas what may be the issue?

I'm having problems reproducing this.  Does it work for you if you
build them as modules?

Thanks,
-- 
Email: Herbert Xu <herbert@gondor.apana.org.au>
Home Page: http://gondor.apana.org.au/~herbert/
PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt

Re: simd ciphers

[Stephan Müller]

Am Mittwoch, 28. Dezember 2016, 16:59:38 CET schrieb Herbert Xu:

Hi Herbert,

> > With 4.10-rc1, I also do not get the AES-NI implementations to work. do
> > you
> > have any ideas what may be the issue?
> 
> I'm having problems reproducing this.  Does it work for you if you
> build them as modules?

When I configure AES-NI as module, it works. When compiling it statically, the 
allocation returns an -ENOENT. 

Now, when I diff both config files after a simple toggle from AES-NI=y to =m I 
see (linux-4.10.config contains the static config, .config contains the module 
configuration):

$ diff -urN ../linux-4.10.config .config
--- ../linux-4.10.config        2016-12-28 10:56:51.805526584 +0100
+++ .config     2016-12-28 11:00:17.959608195 +0100
@@ -4062,8 +4062,8 @@
 CONFIG_CRYPTO_AUTHENC=m
 CONFIG_CRYPTO_TEST=m
 CONFIG_CRYPTO_ABLK_HELPER=m
-CONFIG_CRYPTO_SIMD=y
-CONFIG_CRYPTO_GLUE_HELPER_X86=y
+CONFIG_CRYPTO_SIMD=m
+CONFIG_CRYPTO_GLUE_HELPER_X86=m
 
 #
 # Authenticated Encryption with Associated Data
@@ -4132,7 +4132,7 @@
 #
 CONFIG_CRYPTO_AES=y
 CONFIG_CRYPTO_AES_X86_64=y
-CONFIG_CRYPTO_AES_NI_INTEL=y
+CONFIG_CRYPTO_AES_NI_INTEL=m
 CONFIG_CRYPTO_ANUBIS=m
 CONFIG_CRYPTO_ARC4=m
 CONFIG_CRYPTO_BLOWFISH=m

Ciao
Stephan

Re: simd ciphers

[Herbert Xu]

On Wed, Dec 28, 2016 at 11:00:51AM +0100, Stephan Müller wrote:
>
> When I configure AES-NI as module, it works. When compiling it statically, the 
> allocation returns an -ENOENT. 
> 
> Now, when I diff both config files after a simple toggle from AES-NI=y to =m I 
> see (linux-4.10.config contains the static config, .config contains the module 
> configuration):

Thanks Stephan! Does this patch help?

---8<---
Subject: crypto: pcbc - Move pcbc registration up to subsys_initcall

The pcbc template is required by aesni.  As aesni registers itself
at late_initcall, we have to make sure pcbc is registered before
that.

This patch moves it to subsys_initcall like cryptd.

Fixes: 85671860caac ("crypto: aesni - Convert to skcipher")
Reported-by: Stephan Müller <smueller@chronox.de>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>

diff --git a/crypto/pcbc.c b/crypto/pcbc.c
index e4538e0..0855c61 100644
--- a/crypto/pcbc.c
+++ b/crypto/pcbc.c
@@ -307,7 +307,7 @@ static void __exit crypto_pcbc_module_exit(void)
 	crypto_unregister_template(&crypto_pcbc_tmpl);
 }
 
-module_init(crypto_pcbc_module_init);
+subsys_initcall(crypto_pcbc_module_init);
 module_exit(crypto_pcbc_module_exit);
 
 MODULE_LICENSE("GPL");
-- 
Email: Herbert Xu <herbert@gondor.apana.org.au>
Home Page: http://gondor.apana.org.au/~herbert/
PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt

Re: simd ciphers

[Stephan Müller]

Am Mittwoch, 28. Dezember 2016, 18:28:26 CET schrieb Herbert Xu:

Hi Herbert,

> On Wed, Dec 28, 2016 at 11:00:51AM +0100, Stephan Müller wrote:
> > When I configure AES-NI as module, it works. When compiling it statically,
> > the allocation returns an -ENOENT.
> > 
> > Now, when I diff both config files after a simple toggle from AES-NI=y to
> > =m I see (linux-4.10.config contains the static config, .config contains
> > the module
> > configuration):
> Thanks Stephan! Does this patch help?

This patch does not help. But I now found the issue: we need some Kconfig 
wizardry to mandate pcbc to be compiled statically when AES-NI is static. 
Currently I had pcbc always as a module even when selecting AES-NI as static 
compilation.

Ciao
Stephan

Re: simd ciphers

[Herbert Xu]

On Wed, Dec 28, 2016 at 12:21:52PM +0100, Stephan Müller wrote:
> 
> This patch does not help. But I now found the issue: we need some Kconfig 
> wizardry to mandate pcbc to be compiled statically when AES-NI is static. 
> Currently I had pcbc always as a module even when selecting AES-NI as static 
> compilation.

OK, please test this patch and see if it cures the problem with
aesni built-in and pcbc built as a module.

Thanks,

---8<---
Subject: crypto: aesni - Fix failure when built-in with modular pcbc

If aesni is built-in but pcbc is built as a module, then aesni
will fail completely because when it tries to register the pcbc
variant of aes the pcbc template is not available.

This patch fixes this by modifying the pcbc presence test so that
if aesni is built-in then pcbc must also be built-in for it to be
used by aesni.

Fixes: 85671860caac ("crypto: aesni - Convert to skcipher")
Reported-by: Stephan Müller <smueller@chronox.de>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>

diff --git a/arch/x86/crypto/aesni-intel_glue.c b/arch/x86/crypto/aesni-intel_glue.c
index 36ca150..7ad0ed7 100644
--- a/arch/x86/crypto/aesni-intel_glue.c
+++ b/arch/x86/crypto/aesni-intel_glue.c
@@ -1024,7 +1024,8 @@ struct {
 	const char *basename;
 	struct simd_skcipher_alg *simd;
 } aesni_simd_skciphers2[] = {
-#if IS_ENABLED(CONFIG_CRYPTO_PCBC)
+#if (defined(MODULE) && IS_ENABLED(CONFIG_CRYPTO_PCBC)) || \
+    IS_BUILTIN(CONFIG_CRYPTO_PCBC)
 	{
 		.algname	= "pcbc(aes)",
 		.drvname	= "pcbc-aes-aesni",
-- 
Email: Herbert Xu <herbert@gondor.apana.org.au>
Home Page: http://gondor.apana.org.au/~herbert/
PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt

Re: simd ciphers

[Stephan Müller]

Am Donnerstag, 29. Dezember 2016, 17:44:15 CET schrieb Herbert Xu:

Hi Herbert,

> On Wed, Dec 28, 2016 at 12:21:52PM +0100, Stephan Müller wrote:
> > This patch does not help. But I now found the issue: we need some Kconfig
> > wizardry to mandate pcbc to be compiled statically when AES-NI is static.
> > Currently I had pcbc always as a module even when selecting AES-NI as
> > static compilation.
> 
> OK, please test this patch and see if it cures the problem with
> aesni built-in and pcbc built as a module.

This patch works -- PCBC can be compiled as a module whereas AES-NI is 
compiled statically and yet AES-NI can be loaded.

Thanks.

Tested-by: Stephan Müller <smueller@chronox.de>

Ciao
Stephan