Received: by 2002:a05:6a10:f347:0:0:0:0 with SMTP id d7csp6428974pxu; Thu, 24 Dec 2020 01:58:26 -0800 (PST) X-Google-Smtp-Source: ABdhPJyy84qsW/2O8tus7eYdAcYs9F9eMBS1af0ore2Z0wkvQVjdXo8iF8LDNoYWuGWVXkTB2SjY X-Received: by 2002:a50:f089:: with SMTP id v9mr28783544edl.353.1608803906342; Thu, 24 Dec 2020 01:58:26 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1608803906; cv=none; d=google.com; s=arc-20160816; b=eOUKR1G9NIDBSJkesicvSDj8hirYGfgJgEGRpzJQLUZTrZnSvTaMxBfW+trWc6UxLk D9LNb2MQ8VQmprgjYthj2Tq2mZBNX6KBkGInBHot/bkF3EFbXqmqqjFA2B9wrozPXGMJ nCAyklc7YFynig+mI0b86AyqhlH5dhnU0zTr6c8E05Hz/ZnEFDW1xGHunX/2LgXFul6K kITPSFTzaVBRKEDfw3kx56Jjs4Z81AqPGO215A2fBv4QS9z6ltFPBLIvrd0gaXZylP7X rUGZ4d1aOLr2zhNqX0BETuVrze8bmia03JX6tjPWpqg0xkAZGe8w3f+VsGPEnmaOTzLn MJpQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:cc:to:subject:message-id:date:from:in-reply-to :references:mime-version:dkim-signature; bh=FaH+aUDPfv9aEaqn2OQODZ7wMaqcyGEzBVlxSt4e2ME=; b=yQ7Hhn2eT7ZtxZnABJ4DqqV3eGVfKYTOzxCS3gyWB2iXh1/ABC5q68KupEtVZ85vg8 VFhM4bEh4JwYB+6d8GlKL95zVCoAAM6Pc/NgloJ7qO96XgwX6wGTOsVz4V7VYhEKvlmd ztWuQtMoHXSMOF9JfGY17yQP3LRYCoa0TjwXUBavCX32hnmUDIRvWEoJiTSagIUjIk6o 7oxo/USe+Iwb1o+mUAzI8gXPZ4GM2Xt4Cg3lsN1HwaXSNbSIE7j4Dq/haB/2GLF0gwwd 5fWtMjx/zZ2500fBy7n5PLo3Z5938UYf94xQifeY/fgfaCrvXM7o4qO5ufcV1c7ekLpD 4CWw== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@kernel.org header.s=k20201202 header.b=hOKtiF1V; spf=pass (google.com: domain of linux-crypto-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-crypto-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id u9si14958674edd.596.2020.12.24.01.58.06; Thu, 24 Dec 2020 01:58:26 -0800 (PST) Received-SPF: pass (google.com: domain of linux-crypto-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; dkim=pass header.i=@kernel.org header.s=k20201202 header.b=hOKtiF1V; spf=pass (google.com: domain of linux-crypto-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-crypto-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1726746AbgLXJ5b (ORCPT + 99 others); Thu, 24 Dec 2020 04:57:31 -0500 Received: from mail.kernel.org ([198.145.29.99]:38356 "EHLO mail.kernel.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1726186AbgLXJ5a (ORCPT ); Thu, 24 Dec 2020 04:57:30 -0500 Received: by mail.kernel.org (Postfix) with ESMTPSA id CE723229CA for ; Thu, 24 Dec 2020 09:56:49 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1608803809; bh=FaH+aUDPfv9aEaqn2OQODZ7wMaqcyGEzBVlxSt4e2ME=; h=References:In-Reply-To:From:Date:Subject:To:Cc:From; b=hOKtiF1VNXOh9ThiewHgZElhZP1FCc8jBEvTfa1GxTQAoSa9/Xo9Y9VxQJ3eI8ncR UWxsjyyZe6xj2jP46ZTH42Iqo5Z5cp8RUtDlaJh2Wfjhv6gHqmCz0w2itptSajKQt5 ys3QyoQ08NJtgtUDbLgmSFy+dkar3dENtBvIf7nTeXgkjTXaenqE3Un0p6C77tls+X v9Jd3yZigMHbj+RgD4MsQaMt0CoXivnQmIWF+rQ0XRO39LOT3sDds+W3Dkmiru4fOT MXcJjDtzk8jYH2OZMPs3YDXR+aBSaqIDMMCsG9FGJjwu2jtRu8kqM6uY4jw0SO6SPi 1RIV6+gaFqiTg== Received: by mail-oi1-f179.google.com with SMTP id 15so1915916oix.8 for ; Thu, 24 Dec 2020 01:56:49 -0800 (PST) X-Gm-Message-State: AOAM531fTSu9LabNZPCXLju/ktGqa24KDwpoy8hiqluVdtxrQYf/A9uZ UgBvABBQt47CPp5UUG4pse0ga3oTTqFJAcbVePw= X-Received: by 2002:aca:dd03:: with SMTP id u3mr2420893oig.47.1608803809071; Thu, 24 Dec 2020 01:56:49 -0800 (PST) MIME-Version: 1.0 References: <20201223223841.11311-1-ardb@kernel.org> In-Reply-To: From: Ard Biesheuvel Date: Thu, 24 Dec 2020 10:56:38 +0100 X-Gmail-Original-Message-ID: Message-ID: Subject: Re: [RFC PATCH 00/10] crypto: x86 - remove XTS and CTR glue helper code To: Milan Broz Cc: Linux Crypto Mailing List , dm-devel@redhat.com, Megha Dey , Eric Biggers , Herbert Xu , Mike Snitzer Content-Type: text/plain; charset="UTF-8" Precedence: bulk List-ID: X-Mailing-List: linux-crypto@vger.kernel.org On Thu, 24 Dec 2020 at 10:33, Milan Broz wrote: > > On 23/12/2020 23:38, Ard Biesheuvel wrote: > > After applying my performance fixes for AES-NI in XTS mode, the only > > remaining users of the x86 glue helper module are the niche algorithms > > camellia, cast6, serpent and twofish. > > > > It is not clear from the history why all these different versions of these > > algorithms in XTS and CTR modes were added in the first place: the only > > in-kernel references that seem to exist are to cbc(serpent), cbc(camellia) > > and cbc(twofish) in the IPsec stack. The XTS spec only mentions AES, and > > CTR modes don't seem to be widely used either. > > FYI: Serpent, Camellia and Twofish are used in TrueCrypt/VeraCrypt implementation; > cryptsetup and I perhaps even VeraCrypt itself tries to use native dm-crypt mapping. > (They also added Russian GOST Kuznyechik with XTS, but this is not in mainline, > but Debian packages it as gost-crypto-dkms). > > Serpent and Twofish can be also used with LRW and CBC modes (for old containers only). > > Cryptsetup uses crypto userspace API to decrypt the key from header, then it configures > dm-crypt mapping for data. We need both use and in-kernel API here. > > For reference, see this table (my independent implementation of TrueCrypt/VeraCrypt modes, > it should be complete history though): > https://gitlab.com/cryptsetup/cryptsetup/-/blob/master/lib/tcrypt/tcrypt.c#L77 > > If the above still works (I would really like to have way to open old containers) > it is ok to do whatever you want to change here :-) > Thanks Milan. With the XTS code removed from these drivers, the XTS template will be used, which relies on the ECB mode helpers instead. So once we fix those to get rid of the indirect calls, I'd expect XTS to actually improve in performance for these algorithms. > I have no info that CTR is used anywhere related to dm-crypt > (IIRC it can be tricked to be used there but it does not make any sense). > Yes, that was my assumption. Thanks for confirming.