From: "Bae, Chang Seok" <chang.seok.bae@intel.com>
To: Ard Biesheuvel <ardb@kernel.org>
Cc: Herbert Xu <herbert@gondor.apana.org.au>,
Thomas Gleixner <tglx@linutronix.de>,
Ingo Molnar <mingo@kernel.org>, Borislav Petkov <bp@suse.de>,
Andy Lutomirski <luto@kernel.org>, X86 ML <x86@kernel.org>,
"Williams, Dan J" <dan.j.williams@intel.com>,
"Hansen, Dave" <dave.hansen@intel.com>,
"Shankar, Ravi V" <ravi.v.shankar@intel.com>,
"Sun, Ning" <ning.sun@intel.com>,
"Dwarakanath, Kumar N" <kumar.n.dwarakanath@intel.com>,
Linux Crypto Mailing List <linux-crypto@vger.kernel.org>,
Linux Kernel Mailing List <linux-kernel@vger.kernel.org>
Subject: Re: [RFC PATCH 7/8] crypto: x86/aes-kl - Support AES algorithm using Key Locker instructions
Date: Fri, 14 May 2021 20:36:06 +0000 [thread overview]
Message-ID: <89A68071-B57B-49E4-B034-514CA43BC46C@intel.com> (raw)
In-Reply-To: <CAMj1kXGa4f21eH0mdxd1pQsZMUjUr1Btq+Dgw-gC=O-yYft7xw@mail.gmail.com>
On Dec 17, 2020, at 02:16, Ard Biesheuvel <ardb@kernel.org> wrote:
>
> We will need to refactor this - cloning the entire driver and just
> replacing aes-ni with aes-kl is a maintenance nightmare.
>
> Please refer to the arm64 tree for an example how to combine chaining
> mode routines implemented in assembler with different implementations
> of the core AES transforms (aes-modes.S is combined with either
> aes-ce.S or aes-neon.S to produce two different drivers)
I just post v2 [1]. PATCH9 [2] refactors some glue code out of AES-NI to
prepare AES-KL.
[ Past a few months were not fully spent on this but it took a while to
address comments and to debug test cases. ]
> ...
>> diff --git a/arch/x86/crypto/aeskl-intel_glue.c b/arch/x86/crypto/aeskl-intel_glue.c
>> new file mode 100644
>> index 000000000000..9e3f900ad4af
>> --- /dev/null
>> +++ b/arch/x86/crypto/aeskl-intel_glue.c
>> @@ -0,0 +1,697 @@
> ...
>> +static void aeskl_encrypt(struct crypto_tfm *tfm, u8 *dst, const u8 *src)
>> +{
>> + struct crypto_aes_ctx *ctx = aes_ctx(crypto_tfm_ctx(tfm));
>> + int err = 0;
>> +
>> + if (!crypto_simd_usable())
>> + return;
>> +
>
> It is clear that AES-KL cannot be handled by a fallback algorithm,
> given that the key is no longer available. But that doesn't mean that
> you can just give up like this.
>
> This basically implies that we cannot expose the cipher interface at
> all, and so AES-KL can only be used by callers that use the
> asynchronous interface, which rules out 802.11, s/w kTLS, macsec and
> kerberos.
I made not to expose the synchronous interface, in v2.
> This ties in to a related discussion that is going on about when to
> allow kernel mode SIMD. I am currently investigating whether we can
> change the rules a bit so that crypto_simd_usable() is guaranteed to
> be true.
I saw your series [3]. Yes, I’m very interested in it.
>> +static int ecb_encrypt(struct skcipher_request *req)
>> +{
>> + struct crypto_skcipher *tfm;
>> + struct crypto_aes_ctx *ctx;
>> + struct skcipher_walk walk;
>> + unsigned int nbytes;
>> + int err;
>> +
>> + tfm = crypto_skcipher_reqtfm(req);
>> + ctx = aes_ctx(crypto_skcipher_ctx(tfm));
>> +
>> + err = skcipher_walk_virt(&walk, req, true);
>> + if (err)
>> + return err;
>> +
>> + while ((nbytes = walk.nbytes)) {
>> + unsigned int len = nbytes & AES_BLOCK_MASK;
>> + const u8 *src = walk.src.virt.addr;
>> + u8 *dst = walk.dst.virt.addr;
>> +
>> + kernel_fpu_begin();
>> + if (unlikely(ctx->key_length == AES_KEYSIZE_192))
>> + aesni_ecb_enc(ctx, dst, src, len);
>
> Could we please use a proper fallback here, and relay the entire request?
I made a change like this in v2:
+static int ecb_encrypt(struct skcipher_request *req)
+{
+ struct crypto_skcipher *tfm = crypto_skcipher_reqtfm(req);
+
+ if (likely(keylength(crypto_skcipher_ctx(tfm)) != AES_KEYSIZE_192))
+ return ecb_crypt_common(req, aeskl_ecb_enc);
+ else
+ return ecb_crypt_common(req, aesni_ecb_enc);
+}
>> + else
>> + err = __aeskl_ecb_enc(ctx, dst, src, len);
>> + kernel_fpu_end();
>> +
>> + if (err) {
>> + skcipher_walk_done(&walk, nbytes & (AES_BLOCK_SIZE - 1));
>
> This doesn't look right. The skcipher scatterlist walker may have a
> live kmap() here so you can't just return.
I’ve added a preparatory patch [4] to deal with cases like this.
Thanks,
Chang
[1] https://lore.kernel.org/lkml/20210514201508.27967-1-chang.seok.bae@intel.com/
[2] https://lore.kernel.org/lkml/20210514201508.27967-10-chang.seok.bae@intel.com/
[3] https://lore.kernel.org/lkml/20201218170106.23280-1-ardb@kernel.org/
[4] https://lore.kernel.org/lkml/20210514201508.27967-9-chang.seok.bae@intel.com/
next prev parent reply other threads:[~2021-05-14 20:36 UTC|newest]
Thread overview: 30+ messages / expand[flat|nested] mbox.gz Atom feed top
2020-12-16 17:41 [RFC PATCH 0/8] x86: Support Intel Key Locker Chang S. Bae
2020-12-16 17:41 ` [RFC PATCH 1/8] x86/cpufeature: Enumerate Key Locker feature Chang S. Bae
2020-12-16 17:41 ` [RFC PATCH 2/8] x86/cpu: Load Key Locker internal key at boot-time Chang S. Bae
2020-12-16 17:41 ` [RFC PATCH 3/8] x86/msr-index: Add MSRs for Key Locker internal key Chang S. Bae
2020-12-16 17:41 ` [RFC PATCH 4/8] x86/power: Restore Key Locker internal key from the ACPI S3/4 sleep states Chang S. Bae
2020-12-17 19:10 ` Eric Biggers
2020-12-18 1:00 ` Bae, Chang Seok
2021-01-28 10:34 ` Rafael J. Wysocki
2021-01-28 16:10 ` Bae, Chang Seok
2020-12-16 17:41 ` [RFC PATCH 5/8] x86/cpu: Add a config option and a chicken bit for Key Locker Chang S. Bae
2020-12-16 17:41 ` [RFC PATCH 6/8] selftests/x86: Test Key Locker internal key maintenance Chang S. Bae
2020-12-18 9:59 ` Peter Zijlstra
2020-12-18 10:43 ` Bae, Chang Seok
2020-12-16 17:41 ` [RFC PATCH 7/8] crypto: x86/aes-kl - Support AES algorithm using Key Locker instructions Chang S. Bae
2020-12-17 10:16 ` Ard Biesheuvel
2021-05-14 20:36 ` Bae, Chang Seok [this message]
2020-12-17 20:54 ` Andy Lutomirski
2021-05-14 20:48 ` Bae, Chang Seok
2020-12-17 20:58 ` [NEEDS-REVIEW] " Dave Hansen
2020-12-18 9:56 ` Peter Zijlstra
2020-12-18 10:11 ` Peter Zijlstra
2020-12-18 10:34 ` Bae, Chang Seok
2020-12-18 11:00 ` Borislav Petkov
2020-12-18 14:33 ` Peter Zijlstra
2020-12-16 17:41 ` [RFC PATCH 8/8] x86/cpu: Support the hardware randomization option for Key Locker internal key Chang S. Bae
2020-12-17 19:10 ` [RFC PATCH 0/8] x86: Support Intel Key Locker Eric Biggers
2020-12-17 20:07 ` Dan Williams
2020-12-18 1:08 ` Bae, Chang Seok
2020-12-19 18:59 ` Andy Lutomirski
2020-12-22 19:03 ` Bae, Chang Seok
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=89A68071-B57B-49E4-B034-514CA43BC46C@intel.com \
--to=chang.seok.bae@intel.com \
--cc=ardb@kernel.org \
--cc=bp@suse.de \
--cc=dan.j.williams@intel.com \
--cc=dave.hansen@intel.com \
--cc=herbert@gondor.apana.org.au \
--cc=kumar.n.dwarakanath@intel.com \
--cc=linux-crypto@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=luto@kernel.org \
--cc=mingo@kernel.org \
--cc=ning.sun@intel.com \
--cc=ravi.v.shankar@intel.com \
--cc=tglx@linutronix.de \
--cc=x86@kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).