Received: by 2002:a05:6a10:206:0:0:0:0 with SMTP id 6csp437417pxj; Fri, 7 May 2021 11:59:13 -0700 (PDT) X-Google-Smtp-Source: ABdhPJxHefVpEF5bWf8d7NEO2U3xF+C7DldVNvESPPvWjI2NZRSmayN6k7BVCLebHReHCWIZLDVS X-Received: by 2002:a17:906:a1c5:: with SMTP id bx5mr11970594ejb.166.1620413953213; Fri, 07 May 2021 11:59:13 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1620413953; cv=none; d=google.com; s=arc-20160816; b=hewu3e/5r55zdC4w+YHQAaboU8f0YM9g6FHw9wUdhK8VioQ+90IRpAbNK+RcQpqXUx Tpo0W1PWA+knJuX6TUz6VJRUio21z17YZcG6iUHQb3QlPvNVmIsFAbK+KGDntsYbtAez aGM85s4cWP0FqpxQ2FbXWn0E+xwwN5HnaOI8BTlykTctQIbGDskyd/GCQVcoRXmfs5yJ v3zG0ppfFjdDaLGgqAf2gc8IlPrhQLhyYSrIvkL9xukHunxYEOSoNRg7Kyga/EQCjidZ QrWH+81/72NkrSnmuTyk35oMkX3EjilH5c11zCxsxQ1GQWSjfgQUMCW7qhENTn0lbnyS R0+Q== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:in-reply-to:content-disposition:mime-version :references:message-id:subject:cc:to:from:date:dkim-signature; bh=2S6inw/9XrXx3pxh23htkBMedufX3vvjUOc5TqTi3Pg=; b=dPrhippnk6GL7W0x0t/2t/SSJ5kaBvacTr/6/E7a7WZVaCOtNLPvMtAhQhLWVZdSUq Phi/wpMiafe8uVdkDuGcmJ8tQYpc+KVUPzM8BHrRbbaYm1sCwV/0R2nBkcw9Im+ggm2z 6/NLbl1roE597+RSZeeX0i6m90fmDFeNx1YadnoQy4sJ7pJu83reE6AKUKZoAm/uUPeE t1hkCd30lNuiA0RL4hhYGrB1ngQkNNFTMWFWPc9gvKzpjMEZ+YqyJ6EHokcJIi71Th0l mkTHP6g9WK0ysg7gWELyW7llj1m0piyhEAmfrGGs2ZtxX/g5RKbz0uDK9cTuh0/priwk oWwA== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@kernel.org header.s=k20201202 header.b=FcTMEemz; spf=pass (google.com: domain of linux-crypto-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-crypto-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id qc25si5953411ejb.326.2021.05.07.11.58.37; Fri, 07 May 2021 11:59:13 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-crypto-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; dkim=pass header.i=@kernel.org header.s=k20201202 header.b=FcTMEemz; spf=pass (google.com: domain of linux-crypto-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-crypto-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S229470AbhEGS5O (ORCPT + 99 others); Fri, 7 May 2021 14:57:14 -0400 Received: from mail.kernel.org ([198.145.29.99]:51406 "EHLO mail.kernel.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S229476AbhEGS5N (ORCPT ); Fri, 7 May 2021 14:57:13 -0400 Received: by mail.kernel.org (Postfix) with ESMTPSA id 6EA3C613C0; Fri, 7 May 2021 18:56:13 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1620413773; bh=l86gpragp24H58Ehi4smcNiwWwod2AAFVjXdHM3A3zU=; h=Date:From:To:Cc:Subject:References:In-Reply-To:From; b=FcTMEemz2dnHM+DuCJvV0g74Vli18ERy0GpOYgiSC6bEKQpUtJ0/NMpTMRu9PYRAZ 3KJMiX0iHqDRk2pVXl1NvYQFuvVNDmCUy0DiRrvDuBFK+yQkucC1mZnBQSxVgLdYv0 1BUMYti2NoF0NUELkO2AVRB939Sgq/IjJBYrKe6KkvDqm28er2CVOcfDydRpMAux0R PdX/a1IoFyF2mITqXmVY7+E6G2FINKcatm8m+NREA+AWtaYomBl0Y4OHmVsBOh2KaI L8IQlcijVIXQUK/yTVBeeu8CxpyOrxbEQgeUt7TKCcdb81SNplUGEO6+4Q162PMeMI hZecyHC6s0uZg== Date: Fri, 7 May 2021 11:56:11 -0700 From: Eric Biggers To: Kestrel seventyfour Cc: linux-crypto@vger.kernel.org Subject: Re: Fwd: xts.c and block size inkonsistency? cannot pass generic driver comparision tests Message-ID: References: MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: Precedence: bulk List-ID: X-Mailing-List: linux-crypto@vger.kernel.org On Fri, May 07, 2021 at 03:02:11PM +0200, Kestrel seventyfour wrote: > Hi Eric, > > I agree, that it can't be built on top of the kernels CBC. But in the > hardware CBC, e.g. for encryption I set the IV (encrypted tweak), set > the hardwares aes mode to CBC and start the encrypt of a 16 byte > block, then do an additional xor after that -> result of that full > block is the same as XTS. Then I gfmul the tweak and repeat the > previous starting with setting the tweak as iv. > Doing that is much faster and much more efficient than using the > kernels xts on top of ecb(aes). But it introduces the problem that I > have somehow to handle the CTS after my walk loop that just processes > full blocks or multiples of that. And I am trying to figure out, what > the best way is to do that with the least amount of code in my driver. > I cannot set blocksize to 1, because then the block size comparison to > generic xts fails and If I set the walksize to 1, I get the alignment > and split errors and would have to handle the splits and > missalignments manually. > So actually I need a combination of what the walk does (handle > alignment and splits) plus getting the last complete and incomplete > block after walk_skcipher_done returns -EINVAL. At least thats my > current idea. I could just copy most of the code from xts, but there > is a lot of stuff, that is not needed, if I combine the hardware CBC > and xor to be XEX (XTS without the cipher text stealing). > Wouldn't it be easier to just implement ecb(aes) in your driver (using your workaround to do it 1 block at a time using the hardware CBC engine)? If you implement ecb(aes), then the xts template can use it, so you wouldn't need to implement xts(aes) directly. And this would still avoid all the individual calls to crypto_cipher_{encrypt,decrypt}, which I expect is the performance bottleneck that you were seeing. - Eric