From: "Stephan Müller" <smueller@chronox.de>
To: Herbert Xu <herbert@gondor.apana.org.au>
Cc: linux-crypto@vger.kernel.org
Subject: Re: [RFC] how to handle AAD copy operation for algif_aead
Date: Thu, 09 Mar 2017 11:08:32 +0100 [thread overview]
Message-ID: <9194388.iDFJIB4SCo@tauon.atsec.com> (raw)
In-Reply-To: <20170309100554.GA6945@gondor.apana.org.au>
Am Donnerstag, 9. März 2017, 11:05:54 CET schrieb Herbert Xu:
Hi Herbert,
> On Thu, Mar 09, 2017 at 11:02:41AM +0100, Stephan Müller wrote:
> > > > The patch
> > > > 0001-crypto-algif_aead-copy-AAD-from-src-to-dst_separate.patch
> > > > simply copies the AAD over from TX SGL to RX SGL. The pro is that the
> > > > patch is small. The con is that this approach does *not* provide an
> > > > in-place crypto operation.
> > >
> > > I prefer this patch with the proviso that it copy the whole thing
> > > instead of just the AD. That way you can just feed the dst memory
> > > to crypto_aead for in-place operation. Of course you have to mangle
> > > the tag data onto the dst SG list for decryption but it shouldn't
> > > be too hard.
> >
> > I thought that is exactly the second patch. It copies the entire data to
> > the dst SGL and extends the SGL with the tag in case of decryption.
>
> Are you sure? The patch says:
>
> + /* copy AAD from src to dst */
> + err = crypto_aead_copy_sgl(ctx->null, areq->tsgl,
> + areq->first_rsgl.sgl.sg,
> ctx->aead_assoclen);
>
> Which seems to only copy the AD.
This is the first patch (0001-crypto-algif_aead-copy-AAD-from-src-to-
dst_separate.patch).
The second alternative patch (0001-crypto-algif_aead-copy-AAD-from-src-to-
dst_inplace.patch) does:
+ if (ctx->enc) {
+ /* Copy AAD || PT to RX SGL buffer for in-place operation. */
+ err = crypto_aead_copy_sgl(ctx->null, tsgl->sg,
+ areq->first_rsgl.sgl.sg, processed);
+ if (err)
+ goto free;
+ aead_pull_tsgl(sk, processed, NULL, 0);
+ } else {
+ /* Copy AAD || CT to RX SGL buffer for in-place operation. */
+ err = crypto_aead_copy_sgl(ctx->null, tsgl->sg,
+ areq->first_rsgl.sgl.sg, outlen);
+ if (err)
+ goto free;
+
+ /* Create TX SGL for tag and chain it to RX SGL. */
+ areq->tsgl_entries = aead_count_tsgl(sk, processed);
+ if (!areq->tsgl_entries)
+ areq->tsgl_entries = 1;
+ areq->tsgl = sock_kmalloc(sk, sizeof(*areq->tsgl) *
+ areq->tsgl_entries,
+ GFP_KERNEL);
+ if (!areq->tsgl) {
+ err = -ENOMEM;
+ goto free;
+ }
+ sg_init_table(areq->tsgl, areq->tsgl_entries);
+
+ /* Release TX SGL, except for tag data. */
+ aead_pull_tsgl(sk, processed, areq->tsgl, processed - as);
+
+ /* chain the areq TX SGL holding the tag with RX SGL */
+ if (!last_rsgl) {
+ /* no RX SGL present (e.g. only authentication) */
+ sg_init_table(areq->first_rsgl.sgl.sg, 2);
+ sg_chain(areq->first_rsgl.sgl.sg, 2, areq->tsgl);
+ } else {
+ /* RX SGL present */
+ struct af_alg_sgl *sgl_prev = &last_rsgl->sgl;
+
+ sg_unmark_end(sgl_prev->sg + sgl_prev->npages - 1);
+ sg_chain(sgl_prev->sg, sgl_prev->npages + 1, areq->tsgl);
+ }
}
Ciao
Stephan
next prev parent reply other threads:[~2017-03-09 10:23 UTC|newest]
Thread overview: 7+ messages / expand[flat|nested] mbox.gz Atom feed top
2017-02-24 13:24 [RFC] how to handle AAD copy operation for algif_aead Stephan Müller
2017-03-09 10:00 ` Herbert Xu
2017-03-09 10:02 ` Stephan Müller
2017-03-09 10:05 ` Herbert Xu
2017-03-09 10:08 ` Stephan Müller [this message]
2017-03-09 10:23 ` Herbert Xu
2017-03-09 10:27 ` Stephan Müller
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=9194388.iDFJIB4SCo@tauon.atsec.com \
--to=smueller@chronox.de \
--cc=herbert@gondor.apana.org.au \
--cc=linux-crypto@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).