Received: by 2002:a25:ab43:0:0:0:0:0 with SMTP id u61csp1107824ybi; Fri, 14 Jun 2019 08:45:43 -0700 (PDT) X-Google-Smtp-Source: APXvYqz1aBfFHu5u2n5h4NH112naqqo4bPxuITWJWGsmruvtqkXS6EU3fN6ll4Hv/s9ykON+3miW X-Received: by 2002:a63:1b56:: with SMTP id b22mr34890742pgm.87.1560527143501; Fri, 14 Jun 2019 08:45:43 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1560527143; cv=none; d=google.com; s=arc-20160816; b=pi/ij0n3+XwXw7lwKrfNqs/HNNRuW81CQaKYzQgFNQOVMRop05XzH6TrRaAN3kys5l xIj+Ndu3x0mYjoRjRmHK5NkmjdMzzTWXd5rm/FWtAOCVPgLS7o3+XcnSy87r11VSOiwr ahlx40OIWuPizTl0uwtzuFUSrJlRypr/S52VrI1vYaH+Cyh5M5lHp+URZBXMsFHyAbIX ZHmNJkDCgljtSc+fvp0IqD5oMeB/OGbQgd9x0H9UT95MSfZsBvCih5cmizdxSq4wbo0y JYqPssW89EWFE/SpRmee+tQJFhr3aA34w3DILTUmWUcMd7QG69UJw/ffoZZLgOOrubST /pjg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:content-transfer-encoding :content-language:in-reply-to:mime-version:user-agent:date :message-id:autocrypt:openpgp:from:references:cc:to:subject :dkim-signature; bh=rBFP4iDf2mjnO69FxuwgAfTuf3a8Dx4FxHDxv0FVeUk=; b=rE5cR8tphpEFRNKQPTdz1Ijth9fVX4EUQ7QjR3013Pts6Zgz77/YTvKyTgYd6t16ht j5TgUZJfEwh0VHj9VKbIyRAs9xHMLT422wpCgEbaPQH1SvP3jTTMRyZTfenn5huTY0TQ BTToJr2GtQETHJYqiIeVtvsLqeprk/ogHw67b6EcJzR69QItfV39jSn+0lfFGtZQhztL qrReVQm6SO5tTFhf/c//3WwzqHnrtzyFWGQuKzHaC7721Z5wRJH1dyQV4NMrR+R8st79 8WaO6Dzfv54NgiGk77dEmopeIVRF6gl6JkrpEFH3BNUs6f3URIGCIIrtH3Sbie1VGkFW /Lnw== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@akamai.com header.s=jan2016.eng header.b=j4Hws4Ad; spf=pass (google.com: best guess record for domain of linux-crypto-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-crypto-owner@vger.kernel.org; dmarc=pass (p=QUARANTINE sp=NONE dis=NONE) header.from=akamai.com Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id l11si2619092plb.414.2019.06.14.08.45.25; Fri, 14 Jun 2019 08:45:43 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-crypto-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=pass header.i=@akamai.com header.s=jan2016.eng header.b=j4Hws4Ad; spf=pass (google.com: best guess record for domain of linux-crypto-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-crypto-owner@vger.kernel.org; dmarc=pass (p=QUARANTINE sp=NONE dis=NONE) header.from=akamai.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1725999AbfFNPod (ORCPT + 99 others); Fri, 14 Jun 2019 11:44:33 -0400 Received: from mx0a-00190b01.pphosted.com ([67.231.149.131]:50298 "EHLO mx0a-00190b01.pphosted.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1725807AbfFNPoc (ORCPT ); Fri, 14 Jun 2019 11:44:32 -0400 Received: from pps.filterd (m0122332.ppops.net [127.0.0.1]) by mx0a-00190b01.pphosted.com (8.16.0.27/8.16.0.27) with SMTP id x5EFgeRI002076; Fri, 14 Jun 2019 16:44:05 +0100 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=akamai.com; h=subject : to : cc : references : from : message-id : date : mime-version : in-reply-to : content-type : content-transfer-encoding; s=jan2016.eng; bh=rBFP4iDf2mjnO69FxuwgAfTuf3a8Dx4FxHDxv0FVeUk=; b=j4Hws4AdM9U3xpmedv0a1ttVpj7RWxzGHZzDppYs92K7MPO5dHznK9eLHc036EGGjiz/ MJdeIk9idJGd70mR+8aSxWY0B7i91jiMaljOn42/4Ebo+vizMlxCmquDvKHq4ozRsnd8 8tbGSeE5e2AHKfMGf0NyJAN89n3LD1jQcdpbeO4lZqXhlr86gYKCKm0GLP4nBA6MRjed R2mMhD0+9kT4IZAbLOQ43A3hy65mOtQG2a9N6EpCFcdIeELBzR/UnCE0JGAkMicTkt98 Hh2oTNk5u3kAuhEwdM+4NoX32V/p67cbJV/5MWIZkErEyqImiXuCh0C5DJV2rdAf52nJ lQ== Received: from prod-mail-ppoint1 (prod-mail-ppoint1.akamai.com [184.51.33.18] (may be forged)) by mx0a-00190b01.pphosted.com with ESMTP id 2t401t2fyc-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Fri, 14 Jun 2019 16:44:05 +0100 Received: from pps.filterd (prod-mail-ppoint1.akamai.com [127.0.0.1]) by prod-mail-ppoint1.akamai.com (8.16.0.27/8.16.0.27) with SMTP id x5EFZ4tV023155; Fri, 14 Jun 2019 11:44:03 -0400 Received: from prod-mail-relay11.akamai.com ([172.27.118.250]) by prod-mail-ppoint1.akamai.com with ESMTP id 2t08bxrg0d-5; Fri, 14 Jun 2019 11:44:02 -0400 Received: from [172.29.170.83] (bos-lpjec.kendall.corp.akamai.com [172.29.170.83]) by prod-mail-relay11.akamai.com (Postfix) with ESMTP id 841E832A9D; Fri, 14 Jun 2019 15:43:59 +0000 (GMT) Subject: Re: [PATCH v2] net: ipv4: move tcp_fastopen server side code to SipHash library To: Eric Dumazet , Ard Biesheuvel Cc: netdev , linux-crypto@vger.kernel.org, Herbert Xu , ebiggers@kernel.org, David Miller , Christoph Paasch , David Laight , Yuchung Cheng References: <20190614140122.20934-1-ard.biesheuvel@linaro.org> From: Jason Baron Openpgp: preference=signencrypt Autocrypt: addr=jbaron@akamai.com; prefer-encrypt=mutual; keydata= xsFNBFnyIJMBEADamFSO/WCelO/HZTSNbJ1YU9uoEUwmypV2TvyrTrXULcAlH1sXVHS3pNdR I/koZ1V7Ruew5HJC4K9Z5Fuw/RHYWcnQz2X+dSL6rX3BwRZEngjA4r/GDi0EqIdQeQQWCAgT VLWnIenNgmEDCoFQjFny5NMNL+i8SA6hPPRdNjxDowDhbFnkuVUBp1DBqPjHpXMzf3UYsZZx rxNY5YKFNLCpQb1cZNsR2KXZYDKUVALN3jvjPYReWkqRptOSQnvfErikwXRgCTasWtowZ4cu hJFSM5Asr/WN9Wy6oPYObI4yw+KiiWxiAQrfiQVe7fwznStaYxZ2gZmlSPG/Y2/PyoCWYbNZ mJ/7TyED5MTt22R7dqcmrvko0LIpctZqHBrWnLTBtFXZPSne49qGbjzzHywZ0OqZy9nqdUFA ZH+DALipwVFnErjEjFFRiwCWdBNpIgRrHd2bomlyB5ZPiavoHprgsV5ZJNal6fYvvgCik77u 6QgE4MWfhf3i9A8Dtyf8EKQ62AXQt4DQ0BRwhcOW5qEXIcKj33YplyHX2rdOrD8J07graX2Q 2VsRedNiRnOgcTx5Zl3KARHSHEozpHqh7SsthoP2yVo4A3G2DYOwirLcYSCwcrHe9pUEDhWF bxdyyESSm/ysAVjvENsdcreWJqafZTlfdOCE+S5fvC7BGgZu7QARAQABzR9KYXNvbiBCYXJv biA8amJhcm9uQGFrYW1haS5jb20+wsF+BBMBAgAoBQJZ8iCTAhsDBQkJZgGABgsJCAcDAgYV CAIJCgsEFgIDAQIeAQIXgAAKCRC4s7mct4u0M9E0EADBxyL30W9HnVs3x7umqUbl+uBqbBIS GIvRdMDIJXX+EEA6c82ElV2cCOS7dvE3ssG1jRR7g3omW7qEeLdy/iQiJ/qGNdcf0JWHYpmS ThZP3etrl5n7FwLm+51GPqD0046HUdoVshRs10qERDo+qnvMtTdXsfk8uoQ5lyTSvgX4s1H1 ppN1BfkG10epsAtjOJJlBoV9e92vnVRIUTnDeTVXfK11+hT5hjBxxs7uS46wVbwPuPjMlbSa ifLnt7Jz590rtzkeGrUoM5SKRL4DVZYNoAVFp/ik1fe53Wr5GJZEgDC3SNGS/u+IEzEGCytj gejvv6KDs3KcTVSp9oJ4EIZRmX6amG3dksXa4W2GEQJfPfV5+/FR8IOg42pz9RpcET32AL1n GxWzY4FokZB0G6eJ4h53DNx39/zaGX1i0cH+EkyZpfgvFlBWkS58JRFrgY25qhPZiySRLe0R TkUcQdqdK77XDJN5zmUP5xJgF488dGKy58DcTmLoaBTwuCnX2OF+xFS4bCHJy93CluyudOKs e4CUCWaZ2SsrMRuAepypdnuYf3DjP4DpEwBeLznqih4hMv5/4E/jMy1ZMdT+Q8Qz/9pjEuVF Yz2AXF83Fqi45ILNlwRjCjdmG9oJRJ+Yusn3A8EbCtsi2g443dKBzhFcmdA28m6MN9RPNAVS ucz3Oc7BTQRZ8iCTARAA2uvxdOFjeuOIpayvoMDFJ0v94y4xYdYGdtiaqnrv01eOac8msBKy 4WRNQ2vZeoilcrPxLf2eRAfsA4dx8Q8kOPvVqDc8UX6ttlHcnwxkH2X4XpJJliA6jx29kBOc oQOeL9R8c3CWL36dYbosZZwHwY5Jjs7R6TJHx1FlF9mOGIPxIx3B5SuJLsm+/WPZW1td7hS0 Alt4Yp8XWW8a/X765g3OikdmvnJryTo1s7bojmwBCtu1TvT0NrX5AJId4fELlCTFSjr+J3Up MnmkTSyovPkj8KcvBU1JWVvMnkieqrhHOmf2qdNMm61LGNG8VZQBVDMRg2szB79p54DyD+qb gTi8yb0MFqNvXGRnU/TZmLlxblHA4YLMAuLlJ3Y8Qlw5fJ7F2U1Xh6Z6m6YCajtsIF1VkUhI G2dSAigYpe6wU71Faq1KHp9C9VsxlnSR1rc4JOdj9pMoppzkjCphyX3eV9eRcfm4TItTNTGJ 7DAUQHYS3BVy1fwyuSDIJU/Jrg7WWCEzZkS4sNcBz0/GajYFM7Swybn/VTLtCiioThw4OQIw 9Afb+3sB9WR86B7N7sSUTvUArknkNDFefTJJLMzEboRMJBWzpR5OAyLxCWwVSQtPp0IdiIC2 KGF3QXccv/Q9UkI38mWvkilr3EWAOJnPgGCM/521axcyWqXsqNtIxpUAEQEAAcLBZQQYAQIA DwUCWfIgkwIbDAUJCWYBgAAKCRC4s7mct4u0M+AsD/47Q9Gi+HmLyqmaaLBzuI3mmU4vDn+f 50A/U9GSVTU/sAN83i1knpv1lmfG2DgjLXslU+NUnzwFMLI3QsXD3Xx/hmdGQnZi9oNpTMVp tG5hE6EBPsT0BM6NGbghBsymc827LhfYICiahOR/iv2yv6nucKGBM51C3A15P8JgfJcngEnM fCKRuQKWbRDPC9dEK9EBglUYoNPVNL7AWJWKAbVQyCCsJzLBgh9jIfmZ9GClu8Sxi0vu/PpA DSDSJuc9wk+m5mczzzwd4Y6ly9+iyk/CLNtqjT4sRMMV0TCl8ichxlrdt9rqltk22HXRF7ng txomp7T/zRJAqhH/EXWI6CXJPp4wpMUjEUd1B2+s1xKypq//tChF+HfUU4zXUyEXY8nHl6lk hFjW/geTcf6+i6mKaxGY4oxuIjF1s2Ak4J3viSeYfTDBH/fgUzOGI5siBhHWvtVzhQKHfOxg i8t1q09MJY6je8l8DLEIWTHXXDGnk+ndPG3foBucukRqoTv6AOY49zjrt6r++sujjkE4ax8i ClKvS0n+XyZUpHFwvwjSKc+UV1Q22BxyH4jRd1paCrYYurjNG5guGcDDa51jIz69rj6Q/4S9 Pizgg49wQXuci1kcC1YKjV2nqPC4ybeT6z/EuYTGPETKaegxN46vRVoE2RXwlVk+vmadVJlG JeQ7iQ== Message-ID: Date: Fri, 14 Jun 2019 11:42:40 -0400 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:60.0) Gecko/20100101 Thunderbird/60.7.0 MIME-Version: 1.0 In-Reply-To: Content-Type: text/plain; charset=utf-8 Content-Language: en-US Content-Transfer-Encoding: 7bit X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10434:,, definitions=2019-06-14_07:,, signatures=0 X-Proofpoint-Spam-Details: rule=notspam policy=default score=0 suspectscore=0 malwarescore=0 phishscore=0 bulkscore=0 spamscore=0 mlxscore=0 mlxlogscore=999 adultscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.0.1-1810050000 definitions=main-1906140128 X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10434:,, definitions=2019-06-14_07:,, signatures=0 X-Proofpoint-Spam-Details: rule=notspam policy=default score=0 priorityscore=1501 malwarescore=0 suspectscore=0 phishscore=0 bulkscore=0 spamscore=0 clxscore=1011 lowpriorityscore=0 mlxscore=0 impostorscore=0 mlxlogscore=999 adultscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.0.1-1810050000 definitions=main-1906140130 Sender: linux-crypto-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-crypto@vger.kernel.org On 6/14/19 11:34 AM, Eric Dumazet wrote: > On Fri, Jun 14, 2019 at 7:01 AM Ard Biesheuvel > wrote: >> >> Using a bare block cipher in non-crypto code is almost always a bad idea, >> not only for security reasons (and we've seen some examples of this in >> the kernel in the past), but also for performance reasons. >> >> In the TCP fastopen case, we call into the bare AES block cipher one or >> two times (depending on whether the connection is IPv4 or IPv6). On most >> systems, this results in a call chain such as >> >> crypto_cipher_encrypt_one(ctx, dst, src) >> crypto_cipher_crt(tfm)->cit_encrypt_one(crypto_cipher_tfm(tfm), ...); >> aesni_encrypt >> kernel_fpu_begin(); >> aesni_enc(ctx, dst, src); // asm routine >> kernel_fpu_end(); >> >> It is highly unlikely that the use of special AES instructions has a >> benefit in this case, especially since we are doing the above twice >> for IPv6 connections, instead of using a transform which can process >> the entire input in one go. >> >> We could switch to the cbcmac(aes) shash, which would at least get >> rid of the duplicated overhead in *some* cases (i.e., today, only >> arm64 has an accelerated implementation of cbcmac(aes), while x86 will >> end up using the generic cbcmac template wrapping the AES-NI cipher, >> which basically ends up doing exactly the above). However, in the given >> context, it makes more sense to use a light-weight MAC algorithm that >> is more suitable for the purpose at hand, such as SipHash. >> >> Since the output size of SipHash already matches our chosen value for >> TCP_FASTOPEN_COOKIE_SIZE, and given that it accepts arbitrary input >> sizes, this greatly simplifies the code as well. >> >> Signed-off-by: Ard Biesheuvel > > While the patch looks fine (I yet have to run our tests with it), it > might cause some deployment issues > for server farms. > > They usually share a common fastopen key, so that clients can reuse > the same token for different sessions. > > Changing some servers in the pool will lead to inconsistencies. The inconsistencies coming from kernel version skew with some servers being on the old hash and some on the newer one? Or is there another source for the inconsistency you are referring to? Thanks, -Jason > > Probably not a too big deal, but worth mentioning. >