Received: by 2002:a25:824b:0:0:0:0:0 with SMTP id d11csp2045411ybn; Thu, 26 Sep 2019 06:16:45 -0700 (PDT) X-Google-Smtp-Source: APXvYqygNlcU+eI5YEeyuuOlFGBVH7bA1XoOEs0u3l1aNizvWQyP4ksFAd4eqLs9e33GFZLPs9R2 X-Received: by 2002:a05:6402:16d5:: with SMTP id r21mr3482310edx.71.1569503805538; Thu, 26 Sep 2019 06:16:45 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1569503805; cv=none; d=google.com; s=arc-20160816; b=IFpwypn+6U7ZrueLtcRJJIb90rs61WiyLkepkCBJJpSL0v/w9omjb8m4eE4atwasaA Yk6s7/i2D4jzH4Squ11L0mgBR/C+LLkGcPfUuIpsgrjKZwsX00z/U9BSNvfR7aQjv2G1 NTDXGb/jyPzPOn08sMPZHxZvuE/q0skNqvSdTiajReOUAepZ69GWNCdvUUtvML5gakUO z0x6tuXXlgXdR9dYgRnQOMqHq+tmbVsP1LIQTUzCnfCtjIRocJi6r3JOqIwU5rxjtWwi x7kr3VgDWZZ8k8naTb5K9htF5KY9Ql75lrpJjIePGvFYms/mAwWBl76vXD+VjeLc+SFb znQQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:cc:to:subject:message-id:date:from :in-reply-to:references:mime-version:dkim-signature; bh=DYKCkf/9udb08zDyVDa+j9RshyXNha3pc6th2ByyF9c=; b=HyznbIwl4PqOgMkLVcjHPCeAoqo9KT5zf+bi6TGWh7tnWBwA0vT3HYa/gB7FGQXEAV 4wynvIbOdXMlC5kUOpiVDWe+brPMF+fq5yD8mELuqPlSBV5fGeEe58SFeJKvagBzezjQ tSQUwL/7Mktn+Lw4HkZpmuiuVvji4l0leB1lJ2AFI7oThyFJr23pbjabddRgAP+rHrwV JHapJsQd+YWg4muvQvzjS/T2N6M3H7giG9dNft0+UBp0IiQhOwx8RW8/UTmScNAXMCBe i+2SmkOL3rNaZCJz4+RBG9Be2aPGPWigUnXgqv7NpMwiynpCX+6e2VXvRjT0i3FUbOo8 skeQ== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@linaro.org header.s=google header.b=Ui7A0IxW; spf=pass (google.com: best guess record for domain of linux-crypto-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-crypto-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linaro.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id q12si1302562edr.136.2019.09.26.06.16.16; Thu, 26 Sep 2019 06:16:45 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-crypto-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=pass header.i=@linaro.org header.s=google header.b=Ui7A0IxW; spf=pass (google.com: best guess record for domain of linux-crypto-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-crypto-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linaro.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1726101AbfIZNQH (ORCPT + 99 others); Thu, 26 Sep 2019 09:16:07 -0400 Received: from mail-wm1-f66.google.com ([209.85.128.66]:38894 "EHLO mail-wm1-f66.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1725836AbfIZNQH (ORCPT ); Thu, 26 Sep 2019 09:16:07 -0400 Received: by mail-wm1-f66.google.com with SMTP id 3so2540525wmi.3 for ; Thu, 26 Sep 2019 06:16:04 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linaro.org; s=google; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=DYKCkf/9udb08zDyVDa+j9RshyXNha3pc6th2ByyF9c=; b=Ui7A0IxWRvD0n0EPRBZpCiL8RXAZI/9JhGIUii+M0h6Q8WYWVbYy0nUBC7r3squbUl irrFobTVKHJX3kf4n2zrVZeYwzoTefH4ZWP6FUhvrECNsblCL7Dqm0k7k5Udg33WQaHp 0F3e6q2ovkiS0FX0g/BxfK45pGLxom7LBR2tdpqaU3rTF54kruEBUhnkIsP+/xwFrhVn Uo8ij4fKonWcV1N6ZhF5oxpZ1PwKOEeSIwy4HeUINl2afp7e43/lFpUZaiqlcxezNgXe d80HRJckphF7lqkcfbirFGMlowoIItQF+dcGBtm8Y5fh2hRT4U+zzPVykdybR+hNFP/H lYuw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=DYKCkf/9udb08zDyVDa+j9RshyXNha3pc6th2ByyF9c=; b=QEOGrjlte/1vE1AEKMum/arWaJxkwmDazKoINy4dORyoJ9AWHg85bBGObkdt1UFv69 yEL9aTI7V7x1S/X3mTxOLtjDdsE+gKiiNoQiUbefTKn58GoSbpjC7o95CMvOMivXM2SH aLymDjLlaUazV6Pt4T8h2zM30UaGkWoEqZfLMDtMTWPPHiIhGZBTN35wvgGmwa0hHSVU zK51PKSaBWDxO6TsQ9rBk/yikB0BYARAAq+bhl5p1LZCMKlWH3/Xo0MmZkfv72F81CPE wbRIOT8iHT8PdUB4Z14Ju8V/XREEBwPjb8H8RDt4Roo4T69ItTo9b2KxMoBnfmYzT5Pw qPiQ== X-Gm-Message-State: APjAAAVl8aOpFB+W9EfKQLlTzCfhKsebqr8QqL/2lWtMgpZGu89BRRLC rUD4Tx8QQOEIM1pRuvnDCdB4Z9z6bdItyBWRoJaWuA== X-Received: by 2002:a1c:e906:: with SMTP id q6mr2812638wmc.136.1569503763943; Thu, 26 Sep 2019 06:16:03 -0700 (PDT) MIME-Version: 1.0 References: <20190925161255.1871-1-ard.biesheuvel@linaro.org> In-Reply-To: From: Ard Biesheuvel Date: Thu, 26 Sep 2019 15:15:52 +0200 Message-ID: Subject: Re: [RFC PATCH 00/18] crypto: wireguard using the existing crypto API To: Pascal Van Leeuwen Cc: "Jason A. Donenfeld" , Linux Crypto Mailing List , linux-arm-kernel , Herbert Xu , David Miller , Greg KH , Linus Torvalds , Samuel Neves , Dan Carpenter , Arnd Bergmann , Eric Biggers , Andy Lutomirski , Will Deacon , Marc Zyngier , Catalin Marinas Content-Type: text/plain; charset="UTF-8" Sender: linux-crypto-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-crypto@vger.kernel.org On Thu, 26 Sep 2019 at 15:06, Pascal Van Leeuwen wrote: ... > > > > My preference would be to address this by permitting per-request keys > > in the AEAD layer. That way, we can instantiate the transform only > > once, and just invoke it with the appropriate key on the hot path (and > > avoid any per-keypair allocations) > > > This part I do not really understand. Why would you need to allocate a > new transform if you change the key? Why can't you just call setkey() > on the already allocated transform? > Because the single transform will be shared between all users running on different CPUs etc, and so the key should not be part of the TFM state but of the request state. > > > > It all depends on whether we are interested in supporting async > > accelerators or not, and it is clear what my position is on this > > point. > > > Maybe not for an initial upstream, but it should be a longer-term goal. > > > > > What I *don't* want is to merge WireGuard with its own library based > > crypto now, and extend that later for async accelerators once people > > realize that we really do need that as well. > > > What's wrong with a step-by-step approach though? i.e. merge it with > library calls now and then gradually work towards the goal of integrating > (a tweaked version of) the Crypto API where that actually makes sense? > Rome wasn't built in one day either ... > I should clarify: what I don't want is two frameworks in the kernel for doing async crypto, the existing one plus a new library-based one.