linux-crypto.vger.kernel.org archive mirror
 help / color / mirror / Atom feed
From: Cyrille Pitchen <cyrille.pitchen@atmel.com>
To: <herbert@gondor.apana.org.au>, <davem@davemloft.net>,
	<nicolas.ferre@atmel.com>
Cc: <smueller@chronox.de>, <linux-crypto@vger.kernel.org>,
	<linux-kernel@vger.kernel.org>,
	<linux-arm-kernel@lists.infradead.org>,
	Cyrille Pitchen <cyrille.pitchen@atmel.com>
Subject: [PATCH v3 00/12] crypto: atmel-authenc: add support to authenc(hmac(shaX),Y(aes)) modes
Date: Thu, 26 Jan 2017 17:07:45 +0100	[thread overview]
Message-ID: <cover.1485443478.git.cyrille.pitchen@atmel.com> (raw)

Hi all,

this series of patches has been based and tested on next-20170125 with
CRYPTO_MANAGER_DISABLED_TESTS not set.

The series adds support to the hmac(shaX) algorithms first, then combines
both the Atmel SHA and AES hardware accelerators to implement
authenc(hmac(shaX),Y(aes)) algorithms as used by IPSEC/SSL connections.

It has also been tested with strongswan + xl2tpd to create an IPSEC+L2TP
(transport mode) VPN and strongswan only (tunnel mode) for an IPSEC VPN.

Then iperf was used to measure the bandwidth improvement in tunnel mode:

drivers                                    AES SHA SPLIP iperf half-duplex
                                                         Mbit/s
authenc(hmac(sha1-generic),cbc(aes))        SW   SW  N/A 27.7
authenc(hmac(sha1-generic),atmel-cbc-aes)   HW   SW  N/A 30.2 (mainline)
authenc(atmel-hmac-sha1,atmel-cbc-aes)      HW   HW   no 29.1
atmel-authenc-hmac-sha1-cbc-aes             HW   HW  yes 38.8

SPLIP: Secure Protocol Layers Improved Performances (AES+SHA combined).

Some patches of this series are purely transitional: I've split the
modifications into many patches to ease the review.

Best regards,

Cyrille


ChangeLog:

v2 -> v3:
- add calls to memzero_explicit(&keys, ...) before exiting from
  atmel_aes_authenc_setkey().
- add missing comparison test between req->cryptlen and authsize values
  in atmel_aes_authenc_crypt().
- remove the atmel_aes_authenc_copy_assoc() function: I have tested with
  a strongswan IPSec ESP Tunnel Mode connection and it still works even if
  this driver no longer copies the AAD. FWI, I have also tested with the
  crypto/authenc.c driver after having removed the
  crypto_authenc_copy_assoc() function and it worked as well. However I
  didn't check whether I was in the special case req->src == req->dst.

v1 -> v2:
- add missing drivers/crypto/atmel-authenc.h file in patch 11.


Cyrille Pitchen (12):
  crypto: atmel-sha: create function to get an Atmel SHA device
  crypto: atmel-sha: update request queue management to make it more
    generic
  crypto: atmel-sha: make atmel_sha_done_task more generic
  crypto: atmel-sha: redefine SHA_FLAGS_SHA* flags to match
    SHA_MR_ALGO_SHA*
  crypto: atmel-sha: add atmel_sha_wait_for_data_ready()
  crypto: atmel-sha: add SHA_MR_MODE_IDATAR0
  crypto: atmel-sha: add atmel_sha_cpu_start()
  crypto: atmel-sha: add simple DMA transfers
  crypto: atmel-sha: add support to hmac(shaX)
  crypto: atmel-aes: fix atmel_aes_handle_queue()
  crypto: atmel-authenc: add support to authenc(hmac(shaX),Y(aes)) modes
  crypto: atmel-sha: add verbose debug facilities to print hw register
    names

 drivers/crypto/Kconfig          |   12 +
 drivers/crypto/atmel-aes-regs.h |   16 +
 drivers/crypto/atmel-aes.c      |  455 ++++++++++++-
 drivers/crypto/atmel-authenc.h  |   64 ++
 drivers/crypto/atmel-sha-regs.h |   20 +
 drivers/crypto/atmel-sha.c      | 1438 +++++++++++++++++++++++++++++++++++++--
 6 files changed, 1937 insertions(+), 68 deletions(-)
 create mode 100644 drivers/crypto/atmel-authenc.h

-- 
2.7.4

             reply	other threads:[~2017-01-26 16:08 UTC|newest]

Thread overview: 14+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2017-01-26 16:07 Cyrille Pitchen [this message]
2017-01-26 16:07 ` [PATCH v3 01/12] crypto: atmel-sha: create function to get an Atmel SHA device Cyrille Pitchen
2017-01-26 16:07 ` [PATCH v3 02/12] crypto: atmel-sha: update request queue management to make it more generic Cyrille Pitchen
2017-01-26 16:07 ` [PATCH v3 03/12] crypto: atmel-sha: make atmel_sha_done_task " Cyrille Pitchen
2017-01-26 16:07 ` [PATCH v3 04/12] crypto: atmel-sha: redefine SHA_FLAGS_SHA* flags to match SHA_MR_ALGO_SHA* Cyrille Pitchen
2017-01-26 16:07 ` [PATCH v3 05/12] crypto: atmel-sha: add atmel_sha_wait_for_data_ready() Cyrille Pitchen
2017-01-26 16:07 ` [PATCH v3 06/12] crypto: atmel-sha: add SHA_MR_MODE_IDATAR0 Cyrille Pitchen
2017-01-26 16:07 ` [PATCH v3 07/12] crypto: atmel-sha: add atmel_sha_cpu_start() Cyrille Pitchen
2017-01-26 16:07 ` [PATCH v3 08/12] crypto: atmel-sha: add simple DMA transfers Cyrille Pitchen
2017-01-26 16:07 ` [PATCH v3 09/12] crypto: atmel-sha: add support to hmac(shaX) Cyrille Pitchen
2017-01-26 16:07 ` [PATCH v3 10/12] crypto: atmel-aes: fix atmel_aes_handle_queue() Cyrille Pitchen
2017-01-26 16:07 ` [PATCH v3 11/12] crypto: atmel-authenc: add support to authenc(hmac(shaX), Y(aes)) modes Cyrille Pitchen
2017-01-26 16:07 ` [PATCH v3 12/12] crypto: atmel-sha: add verbose debug facilities to print hw register names Cyrille Pitchen
2017-02-03 10:20 ` [PATCH v3 00/12] crypto: atmel-authenc: add support to authenc(hmac(shaX),Y(aes)) modes Herbert Xu

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=cover.1485443478.git.cyrille.pitchen@atmel.com \
    --to=cyrille.pitchen@atmel.com \
    --cc=davem@davemloft.net \
    --cc=herbert@gondor.apana.org.au \
    --cc=linux-arm-kernel@lists.infradead.org \
    --cc=linux-crypto@vger.kernel.org \
    --cc=linux-kernel@vger.kernel.org \
    --cc=nicolas.ferre@atmel.com \
    --cc=smueller@chronox.de \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).