Received: by 2002:a25:31c3:0:0:0:0:0 with SMTP id x186csp2437732ybx; Fri, 8 Nov 2019 04:24:26 -0800 (PST) X-Google-Smtp-Source: APXvYqwu4DKi4mAc5/M/esErmlTIPouPNysI3V9G1ZCn8QAja7JIOzY6zmxdXF6xdouaTEv9eTGp X-Received: by 2002:a50:b2c4:: with SMTP id p62mr9678300edd.128.1573215866288; Fri, 08 Nov 2019 04:24:26 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1573215866; cv=none; d=google.com; s=arc-20160816; b=eB5+7sIq1XS6CBAI9NbZ3KXna+0no1y1mu1kZP/kCkHHkSJzmG7dJ6k2hKNXfooXIE c+eNGIGt8B0wET2AMmckmaGXg/SJtvWdCxZQDFN5N9hmO/paSXDk7A4TyTWgAKFkBoGJ mF3TdcsIq7uWz9MUOvano4V84I5uRFAnJNsSKfjbU1iSkQBfhfVc6CfN53/HaHftPSjX TTlzFGxk4/8mYaqk6PNVGc8Qgkh6uXq7Cg3Eg9DKZkNvQ5HB8oE34rWdQ1xReiJZy6Rf j31o++3pzpEcFfpx00AJoLu8cx3p/LuOcs/A3ZqSaHCfuKftLdAvyHWXIszJsgpCLsW8 7kaA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:content-transfer-encoding:mime-version :references:in-reply-to:message-id:date:subject:cc:to:from :dkim-signature; bh=dtFhB7ttmmtCVhkyPEq9dMTJ5X9LRmYpYvfeH9Ivu7g=; b=ONMi3N3GMvo7Mag4ii3dR3BsqQPKRXK7AO6lftJSqlK+cOexiwYkiuQGoPIydflQ4P IdIxrQ39/pgcij6jMnxAbJ0LZuwRVfkbTV5W3yWlcwtopE/NOWJ+rg1WOGrr6qUK/3h+ W/twU//8JvOpXoigG2JRbxjzEmaigmKamjxmuB1NkYKdu21aGK3IISz9+1aN6l40hfEi vwbfOuIxkYyAZHfym5BfA9o+MjpYFQt4M3cNU/L8aKvQVjCH1YofSJgr2y8J76ua/I9H jA0Cezk/hWpuwaP4i6JBzpPpQmcCQJA+bSiXR/z4ay+EL47bi+YorhgtvhGSLFR3Awod rq6w== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@kernel.org header.s=default header.b="EAN8wQa/"; spf=pass (google.com: best guess record for domain of linux-crypto-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-crypto-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id cb6si3384251ejb.359.2019.11.08.04.24.02; Fri, 08 Nov 2019 04:24:26 -0800 (PST) Received-SPF: pass (google.com: best guess record for domain of linux-crypto-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=pass header.i=@kernel.org header.s=default header.b="EAN8wQa/"; spf=pass (google.com: best guess record for domain of linux-crypto-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-crypto-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1732254AbfKHMXQ (ORCPT + 99 others); Fri, 8 Nov 2019 07:23:16 -0500 Received: from mail.kernel.org ([198.145.29.99]:37800 "EHLO mail.kernel.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1727598AbfKHMXP (ORCPT ); Fri, 8 Nov 2019 07:23:15 -0500 Received: from localhost.localdomain (laubervilliers-657-1-83-120.w92-154.abo.wanadoo.fr [92.154.90.120]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by mail.kernel.org (Postfix) with ESMTPSA id A064D222C4; Fri, 8 Nov 2019 12:23:12 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=default; t=1573215795; bh=e5RENLWDRI1PmhtIZ58pJR4idFmiKspyVH7WGbl6U/I=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=EAN8wQa/7FsiyOCCDcm9tSp+MNk0dni2usA6zQFsO+Y/itsSMsZU1GiOKyL9DiKmT rcm5HFgaj7O6ccvv12TVMuoPEnYJWd0svEIoqsi5PZvUxH2rsvCE0OsFLoSHCdBIvh RddjrUNWKwSgrqzhSTqa0GofikDmEBgzaA49Zmk8= From: Ard Biesheuvel To: linux-crypto@vger.kernel.org Cc: Ard Biesheuvel , Herbert Xu , David Miller , "Jason A . Donenfeld" , Samuel Neves , Arnd Bergmann , Eric Biggers , Andy Lutomirski , Martin Willi , Rene van Dorst , David Sterba Subject: [PATCH v5 05/34] crypto: arm64/chacha - depend on generic chacha library instead of crypto driver Date: Fri, 8 Nov 2019 13:22:11 +0100 Message-Id: <20191108122240.28479-6-ardb@kernel.org> X-Mailer: git-send-email 2.20.1 In-Reply-To: <20191108122240.28479-1-ardb@kernel.org> References: <20191108122240.28479-1-ardb@kernel.org> MIME-Version: 1.0 Content-Transfer-Encoding: 8bit Sender: linux-crypto-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-crypto@vger.kernel.org Depend on the generic ChaCha library routines instead of pulling in the generic ChaCha skcipher driver, which is more than we need, and makes managing the dependencies between the generic library, generic driver, accelerated library and driver more complicated. While at it, drop the logic to prefer the scalar code on short inputs. Turning the NEON on and off is cheap these days, and one major use case for ChaCha20 is ChaCha20-Poly1305, which is guaranteed to hit the scalar path upon every invocation (when doing the Poly1305 nonce generation) Signed-off-by: Ard Biesheuvel --- arch/arm64/crypto/Kconfig | 2 +- arch/arm64/crypto/chacha-neon-glue.c | 40 +++++++++++--------- 2 files changed, 23 insertions(+), 19 deletions(-) diff --git a/arch/arm64/crypto/Kconfig b/arch/arm64/crypto/Kconfig index 286e3514d34c..22c6642ae464 100644 --- a/arch/arm64/crypto/Kconfig +++ b/arch/arm64/crypto/Kconfig @@ -103,7 +103,7 @@ config CRYPTO_CHACHA20_NEON tristate "ChaCha20, XChaCha20, and XChaCha12 stream ciphers using NEON instructions" depends on KERNEL_MODE_NEON select CRYPTO_SKCIPHER - select CRYPTO_CHACHA20 + select CRYPTO_LIB_CHACHA_GENERIC config CRYPTO_NHPOLY1305_NEON tristate "NHPoly1305 hash function using NEON instructions (for Adiantum)" diff --git a/arch/arm64/crypto/chacha-neon-glue.c b/arch/arm64/crypto/chacha-neon-glue.c index d4cc61bfe79d..cae2cb92eca8 100644 --- a/arch/arm64/crypto/chacha-neon-glue.c +++ b/arch/arm64/crypto/chacha-neon-glue.c @@ -68,7 +68,7 @@ static int chacha_neon_stream_xor(struct skcipher_request *req, err = skcipher_walk_virt(&walk, req, false); - crypto_chacha_init(state, ctx, iv); + chacha_init_generic(state, ctx->key, iv); while (walk.nbytes > 0) { unsigned int nbytes = walk.nbytes; @@ -76,10 +76,16 @@ static int chacha_neon_stream_xor(struct skcipher_request *req, if (nbytes < walk.total) nbytes = rounddown(nbytes, walk.stride); - kernel_neon_begin(); - chacha_doneon(state, walk.dst.virt.addr, walk.src.virt.addr, - nbytes, ctx->nrounds); - kernel_neon_end(); + if (!crypto_simd_usable()) { + chacha_crypt_generic(state, walk.dst.virt.addr, + walk.src.virt.addr, nbytes, + ctx->nrounds); + } else { + kernel_neon_begin(); + chacha_doneon(state, walk.dst.virt.addr, + walk.src.virt.addr, nbytes, ctx->nrounds); + kernel_neon_end(); + } err = skcipher_walk_done(&walk, walk.nbytes - nbytes); } @@ -91,9 +97,6 @@ static int chacha_neon(struct skcipher_request *req) struct crypto_skcipher *tfm = crypto_skcipher_reqtfm(req); struct chacha_ctx *ctx = crypto_skcipher_ctx(tfm); - if (req->cryptlen <= CHACHA_BLOCK_SIZE || !crypto_simd_usable()) - return crypto_chacha_crypt(req); - return chacha_neon_stream_xor(req, ctx, req->iv); } @@ -105,14 +108,15 @@ static int xchacha_neon(struct skcipher_request *req) u32 state[16]; u8 real_iv[16]; - if (req->cryptlen <= CHACHA_BLOCK_SIZE || !crypto_simd_usable()) - return crypto_xchacha_crypt(req); + chacha_init_generic(state, ctx->key, req->iv); - crypto_chacha_init(state, ctx, req->iv); - - kernel_neon_begin(); - hchacha_block_neon(state, subctx.key, ctx->nrounds); - kernel_neon_end(); + if (crypto_simd_usable()) { + kernel_neon_begin(); + hchacha_block_neon(state, subctx.key, ctx->nrounds); + kernel_neon_end(); + } else { + hchacha_block_generic(state, subctx.key, ctx->nrounds); + } subctx.nrounds = ctx->nrounds; memcpy(&real_iv[0], req->iv + 24, 8); @@ -134,7 +138,7 @@ static struct skcipher_alg algs[] = { .ivsize = CHACHA_IV_SIZE, .chunksize = CHACHA_BLOCK_SIZE, .walksize = 5 * CHACHA_BLOCK_SIZE, - .setkey = crypto_chacha20_setkey, + .setkey = chacha20_setkey, .encrypt = chacha_neon, .decrypt = chacha_neon, }, { @@ -150,7 +154,7 @@ static struct skcipher_alg algs[] = { .ivsize = XCHACHA_IV_SIZE, .chunksize = CHACHA_BLOCK_SIZE, .walksize = 5 * CHACHA_BLOCK_SIZE, - .setkey = crypto_chacha20_setkey, + .setkey = chacha20_setkey, .encrypt = xchacha_neon, .decrypt = xchacha_neon, }, { @@ -166,7 +170,7 @@ static struct skcipher_alg algs[] = { .ivsize = XCHACHA_IV_SIZE, .chunksize = CHACHA_BLOCK_SIZE, .walksize = 5 * CHACHA_BLOCK_SIZE, - .setkey = crypto_chacha12_setkey, + .setkey = chacha12_setkey, .encrypt = xchacha_neon, .decrypt = xchacha_neon, } -- 2.20.1