Received: by 2002:a05:6a10:a0d1:0:0:0:0 with SMTP id j17csp2926470pxa; Tue, 18 Aug 2020 01:33:25 -0700 (PDT) X-Google-Smtp-Source: ABdhPJwqPPsSWauSV3VqAnDUpAS8cy7cZ2TEtR8tiJG39BClcxiPFADsSSAUY8TIJk6D7kn3+K5R X-Received: by 2002:a50:ccd1:: with SMTP id b17mr18465132edj.165.1597739605680; Tue, 18 Aug 2020 01:33:25 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1597739605; cv=none; d=google.com; s=arc-20160816; b=PZTmTDZ71i9Vu0QVYijj/A6fWMlZOAcLEDU0GoUsGizot2APDsdmyzSsygKuuigRXn W9g/Du0xhyWNOW9MJIYOUboqd54XkWZvfKU7mBd2vX+PNQFV0i+hWSfPy3tM0qCOBmu5 gcRR3j0V7Hw3GCPt7uZRmr6kQIL+OSdMbHpJynBlLc4m31WNq0M/+AaEtC1i7wcH9+DZ yTk4W2T1pQ6FW0up0eZtA5Ydz5q4Hq/kgW6hms8QH33VyGGea9ZpMn47YYvRfNRDTqio xcdoMmGG61YHPgyFilTkinbGoWs268uaduGh6UgtaKweaoEgTVj6lyCOFZfgEZL3oq0d E1FQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:cc:to:subject:message-id:date:from :in-reply-to:references:mime-version:dkim-signature; bh=FrAz6xgkiB6TaRCa7pi2W7tRPOQd3Hcyt/pcbxYjeAY=; b=o/hwxIyNjuQlyA8p8bhOOqw7IxheuLM3RGXhDQJC7rF4qptyamOhGeZlvA1W4LB89k qUa74R4G/IpX2H21r6sFOEx3sv/WZCKYXBMZA1JFZSYFKRY4rcvQw2ztEJ+UkEggg/kL 6cU3Z9DkxukAFtLREI6pwprU/fYrKpfAVGxtnCdQRP7I2mbvRp3ycc3JoBHpsN+WfmdS 80ZYnG/ZylCktnQxVPsSK1TfbnqPCbCi81oyX6oRXK6fo6oLbzyXEf/ZP3Sgsvho+3bO 1+DagNP2UZ9QDeztJuqlnIE1PQZx7kTee2oiZnafVJRjoKlxuEbhTW6jZp5BllLeVAV+ Scyw== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@kernel.org header.s=default header.b=eBtu5l0p; spf=pass (google.com: domain of linux-crypto-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-crypto-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id co6si13339776edb.407.2020.08.18.01.32.59; Tue, 18 Aug 2020 01:33:25 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-crypto-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; dkim=pass header.i=@kernel.org header.s=default header.b=eBtu5l0p; spf=pass (google.com: domain of linux-crypto-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-crypto-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1726590AbgHRIb4 (ORCPT + 99 others); Tue, 18 Aug 2020 04:31:56 -0400 Received: from mail.kernel.org ([198.145.29.99]:35750 "EHLO mail.kernel.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1726408AbgHRIbw (ORCPT ); Tue, 18 Aug 2020 04:31:52 -0400 Received: from mail-ot1-f54.google.com (mail-ot1-f54.google.com [209.85.210.54]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by mail.kernel.org (Postfix) with ESMTPSA id A6ED220789 for ; Tue, 18 Aug 2020 08:31:51 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=default; t=1597739511; bh=UW7nnIQ76NC7iO+hRkeklUdTODs+X3AQJBdrj1XNqLQ=; h=References:In-Reply-To:From:Date:Subject:To:Cc:From; b=eBtu5l0pFBwihrjirIAdDakm5+AJAV1FBSSbDGrOBmgpQuTL/E0lWrf7MOyNXozMg oeExdhbu3dW9hasM81BVrFoOB/YUis9D1TQtid0fVFhY42Er/NM2rClWCdtUFYHkko nxQg6EEZdrY60wT+dIFORHra3I3EW5ggeqN3QJyI= Received: by mail-ot1-f54.google.com with SMTP id v6so15606617ota.13 for ; Tue, 18 Aug 2020 01:31:51 -0700 (PDT) X-Gm-Message-State: AOAM532ag1IzWRdKj2ZSbNiUsfSKRpAAqHhgHiVINBASE3ii4NDjP+dk gm7n7ro6DCHdmCRSkBobwdrw25Tq7DIkj8s1j1k= X-Received: by 2002:a9d:774d:: with SMTP id t13mr13703952otl.108.1597739510995; Tue, 18 Aug 2020 01:31:50 -0700 (PDT) MIME-Version: 1.0 References: <20200802090616.1328-1-ardb@kernel.org> <20200818082410.GA24497@gondor.apana.org.au> In-Reply-To: <20200818082410.GA24497@gondor.apana.org.au> From: Ard Biesheuvel Date: Tue, 18 Aug 2020 10:31:39 +0200 X-Gmail-Original-Message-ID: Message-ID: Subject: Re: [PATCH 0/5] crypto: Implement cmac based on cbc skcipher To: Herbert Xu Cc: Linux Crypto Mailing List , Eric Biggers , Ben Greear Content-Type: text/plain; charset="UTF-8" Sender: linux-crypto-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-crypto@vger.kernel.org On Tue, 18 Aug 2020 at 10:24, Herbert Xu wrote: > > On Sun, Aug 02, 2020 at 12:06:16PM +0300, Ard Biesheuvel wrote: > > Ben reports that CCM using AES-NI instructions performs pathologically > > poorly, which is due to the overhead of preserving/restoring the SIMD > > state, which is repeated after every 16 bytes of input when executing > > the CBCMAC portion of the algorithm. > > > > So let's clone the arm64 implementation of cbcmac(aes), which takes > > care to only preserve/restore the SIMD state after processing the > > whole input. Since cmac(aes) and xcbc(aes) can reuse most of the code, > > let's expose those as well. > > > > Cc: Ben Greear > > Signed-off-by: Ard Biesheuvel > > --- > > arch/x86/crypto/Makefile | 2 +- > > arch/x86/crypto/aesni-intel.h | 39 +++ > > arch/x86/crypto/aesni-intel_glue.c | 42 +--- > > arch/x86/crypto/aesni-intel_mac.c | 257 ++++++++++++++++++++ > > 4 files changed, 306 insertions(+), 34 deletions(-) > > We should just use the accelerated cbc skcipher. > What do you mean? You cannot implement cbcmac using a cbc skcipher unless you provide a scratch buffer of arbitrary size as the destination, in order to capture the skcipher output IV as the MAC.