From: "Stephan Müller" <smueller@chronox.de>
To: Herbert Xu <herbert@gondor.apana.org.au>
Cc: linux-crypto@vger.kernel.org
Subject: Re: [PATCH 00/13] crypto: copy AAD during encrypt for AEAD ciphers
Date: Thu, 12 Jan 2017 17:37:33 +0100 [thread overview]
Message-ID: <3463059.TVfkfLOfNf@tauon.atsec.com> (raw)
In-Reply-To: <20170112160629.GA19577@gondor.apana.org.au>
Am Freitag, 13. Januar 2017, 00:06:29 CET schrieb Herbert Xu:
Hi Herbert,
> On Thu, Jan 12, 2017 at 05:01:13PM +0100, Stephan Müller wrote:
> > I fully agree. Therefore, I was under the impression that disregarding the
> > AAD in recvmsg entirely would be most appropriate as offered with the
> > patch "crypto: AF_ALG - disregard AAD buffer space for output". In this
> > case we would be fully POSIX compliant, the kernel would not copy the AAD
> > (and thus perform multiple memcpy operations due to copy_from_user and
> > copy_to_user round trips) and leave the AAD copy operation entirely to
> > user space.
> Yes but then you'd have to play nasty games to fit this through
> the kernel API.
I would not understand that statement.
With the patch mentioned above that I provided some weeks ago, we have the
following scenario for an encryption (in case of decryption, it is almost
identical, just the tag location is reversed):
user calls sendmsg with data buffer/IOVEC: AAD || PT
-> algif_aead turns this into the src SGL
user calls recvmsg with data buffer/IOVEC: CT || Tag
-> algif_aead creates the first SG entry in the dst SGL pointing to the
AAD from the src SGL
-> algif_aead appends the user buffers to the dst SGL
-> algif_aead performs its operation and during that operation, only the
CT and Tag parts are changed
I.e. with the pre-pending of the SG pointing to the AAD from the src SGL to
the dst SGL we have a clean invocation of the kernel API.
Yet, we avoid copy round trips of the AAD from src to dst in the kernel.
> Besides, we could still do in-place crypto even
> though you suggested that it's complicated.
Is that crypto-in-place operation really a goal we want to achieve if we "buy"
it with a memcpy of the data from the src SGL to the dst SGL before the crypto
operation?
Can we really call such implementation a crypto-in-place operation?
> It's not really.
I concur, for encryption the suggested memcpy is not difficult. Only for
decryption, the memcpy is more challenging.
> All we have to do is walk through the SG list and compare each
> page/offset. For the common case it's going to be a single-entry
> list.
>
> Cheers,
Ciao
Stephan
next prev parent reply other threads:[~2017-01-12 16:37 UTC|newest]
Thread overview: 42+ messages / expand[flat|nested] mbox.gz Atom feed top
2017-01-10 1:36 [PATCH 00/13] crypto: copy AAD during encrypt for AEAD ciphers Stephan Müller
2017-01-10 1:36 ` [PATCH 01/13] crypto: service function to copy AAD from src to dst Stephan Müller
2017-01-10 1:37 ` [PATCH 02/13] crypto: gcm_generic - copy AAD during encryption Stephan Müller
2017-01-10 1:37 ` [PATCH 03/13] crypto: ccm_generic " Stephan Müller
2017-01-10 1:37 ` [PATCH 04/13] crypto: rfc4106-gcm-aesni " Stephan Müller
2017-01-10 1:38 ` [PATCH 05/13] crypto: ccm-aes-ce " Stephan Müller
2017-01-10 1:38 ` [PATCH 06/13] crypto: talitos " Stephan Müller
2017-01-10 1:38 ` [PATCH 07/13] crypto: picoxcell " Stephan Müller
2017-01-10 1:39 ` [PATCH 08/13] crypto: ixp4xx " Stephan Müller
2017-01-10 1:39 ` [PATCH 09/13] crypto: atmel " Stephan Müller
2017-01-10 1:39 ` [PATCH 10/13] crypto: caam " Stephan Müller
2017-01-10 1:40 ` [PATCH 11/13] crypto: chelsio " Stephan Müller
2017-01-10 1:40 ` [PATCH 12/13] crypto: nx " Stephan Müller
2017-01-10 1:41 ` [PATCH 13/13] crypto: qat " Stephan Müller
2017-01-12 6:19 ` [PATCH 00/13] crypto: copy AAD during encrypt for AEAD ciphers Herbert Xu
2017-01-12 11:22 ` Stephan Müller
2017-01-12 14:57 ` Herbert Xu
2017-01-12 15:23 ` Stephan Müller
2017-01-12 15:27 ` Herbert Xu
2017-01-12 15:34 ` Stephan Müller
2017-01-12 15:39 ` Herbert Xu
2017-01-12 15:50 ` Stephan Müller
2017-01-12 15:53 ` Herbert Xu
2017-01-12 16:01 ` Stephan Müller
2017-01-12 16:06 ` Herbert Xu
2017-01-12 16:37 ` Stephan Müller [this message]
2017-01-13 10:23 ` Herbert Xu
2017-01-13 10:58 ` Stephan Müller
2017-01-13 11:04 ` Herbert Xu
2017-01-13 11:12 ` Stephan Müller
2017-01-13 11:14 ` Herbert Xu
2017-01-13 11:19 ` Stephan Müller
2017-01-13 11:26 ` Herbert Xu
2017-01-13 11:30 ` Stephan Müller
2017-01-13 11:33 ` Herbert Xu
2017-01-13 11:36 ` Stephan Müller
2017-01-13 11:39 ` Herbert Xu
2017-01-20 17:07 ` Cyrille Pitchen
2017-01-20 20:28 ` Stephan Müller
2017-01-23 13:10 ` Herbert Xu
2017-01-12 12:43 ` Stephan Müller
2017-01-18 14:57 ` Cyrille Pitchen
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=3463059.TVfkfLOfNf@tauon.atsec.com \
--to=smueller@chronox.de \
--cc=herbert@gondor.apana.org.au \
--cc=linux-crypto@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).