Received: by 2002:ab2:6c55:0:b0:1fd:c486:4f03 with SMTP id v21csp523630lqp; Wed, 12 Jun 2024 08:27:23 -0700 (PDT) X-Forwarded-Encrypted: i=3; AJvYcCUcMl0cBvKs9nGnLW61MyZDaqUi7+A79OX7f5pgyQv1jWcmqN8hatFN+ZVUpH8mC5hrVUEEfdcMnpq1A1870B6z14/lOxb5L2gg9oT/5A== X-Google-Smtp-Source: AGHT+IEvBul4vOCP1eKqvVrQmXbX45LdcX1v8vDt7skCf2CBHgbbG1VzSaiWE5SZ6l1hqo/xZBCs X-Received: by 2002:a50:96d1:0:b0:57a:339f:1b2d with SMTP id 4fb4d7f45d1cf-57ca9749c57mr1476197a12.5.1718206043277; Wed, 12 Jun 2024 08:27:23 -0700 (PDT) ARC-Seal: i=2; a=rsa-sha256; t=1718206043; cv=pass; d=google.com; s=arc-20160816; b=FIAqXF27jFzM0SS7XmrAsZhvd1ftT+m49XivWys+s+9OJyrbyeEnNAhjfGhwTY0IUs pvfIsaTQClhKi/O1cBT22qbBQHseVlYUbm5vv1jCaCvoocNWIh6XyhxFJ1c7sa+lPrSG 8/NdSM5srzjbl5VmSKXBbR6lJ00IHQ+QBHvp9y7Y+I+e7e0JrPz9bZI7G0zKq+wHBkH9 YlYO+qXJJyJkhhdW9BOGqCyM77Mim+xPZA+XsAROsJLiblaGjKvfMhSZVX3ook15s0FP BcOPYURVindA9BHVzXHjRjvL0sLDtP+jRccsoMQ+NAbCWPEegAl8a7WO9qjyf942XNAA lfXQ== ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=in-reply-to:content-disposition:mime-version:list-unsubscribe :list-subscribe:list-id:precedence:references:message-id:subject:cc :to:from:date:dkim-signature; bh=g19FXxc2HCIZmOfL0Bf0g7lAxZqNTZxprUI2+vu+pgY=; fh=PhjcRUevoInpMasAa/8hoLgoaNjfou5FLS3vcqu9Nww=; b=OJhdOUmL55x0VDlY6ze2S5S+cX+xZA3VusG8xu7/UJdhl5kPPuJUZDAM3iUfhsR/cl LiX2YEBjDLb+kU3voTaPvYWmv5FgEjQ1PC1ySdHqc171aZI63J5+EQNWExSfgcgUT2Hm mITBqTpYoWwDPBDM/mKN6iS4HYPvR0sSMLxR19n9ayvHER50g6UIjI+dmKoin2ooRmWg Dai1oDp/8lHPIQmFps7ivSXALVawbdRfEGBZ8Lcc2w1W5ROaEPmxGM6UckyeZ/yAzfUh GR6ypOImrbgQQ5R7uYbJpBRwU/3UXqKf5lNVEz/exArrPw4dQ/ovfoPgtZCBSI0lMzCn +U6g==; dara=google.com ARC-Authentication-Results: i=2; mx.google.com; dkim=pass header.i=@kernel.org header.s=k20201202 header.b=LXGyOHqV; arc=pass (i=1 dkim=pass dkdomain=kernel.org); spf=pass (google.com: domain of linux-crypto+bounces-4919-linux.lists.archive=gmail.com@vger.kernel.org designates 147.75.80.249 as permitted sender) smtp.mailfrom="linux-crypto+bounces-4919-linux.lists.archive=gmail.com@vger.kernel.org"; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org Return-Path: Received: from am.mirrors.kernel.org (am.mirrors.kernel.org. [147.75.80.249]) by mx.google.com with ESMTPS id 4fb4d7f45d1cf-57aae0c7893si7178651a12.134.2024.06.12.08.27.23 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 12 Jun 2024 08:27:23 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-crypto+bounces-4919-linux.lists.archive=gmail.com@vger.kernel.org designates 147.75.80.249 as permitted sender) client-ip=147.75.80.249; Authentication-Results: mx.google.com; dkim=pass header.i=@kernel.org header.s=k20201202 header.b=LXGyOHqV; arc=pass (i=1 dkim=pass dkdomain=kernel.org); spf=pass (google.com: domain of linux-crypto+bounces-4919-linux.lists.archive=gmail.com@vger.kernel.org designates 147.75.80.249 as permitted sender) smtp.mailfrom="linux-crypto+bounces-4919-linux.lists.archive=gmail.com@vger.kernel.org"; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org Received: from smtp.subspace.kernel.org (wormhole.subspace.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by am.mirrors.kernel.org (Postfix) with ESMTPS id 060611F22FFB for ; Wed, 12 Jun 2024 15:27:23 +0000 (UTC) Received: from localhost.localdomain (localhost.localdomain [127.0.0.1]) by smtp.subspace.kernel.org (Postfix) with ESMTP id 357E417F510; Wed, 12 Jun 2024 15:27:10 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b="LXGyOHqV" X-Original-To: linux-crypto@vger.kernel.org Received: from smtp.kernel.org (aws-us-west-2-korg-mail-1.web.codeaurora.org [10.30.226.201]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id E1EE517C7C8; Wed, 12 Jun 2024 15:27:09 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=10.30.226.201 ARC-Seal:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1718206030; cv=none; b=Db8HSM9XDeeTpuCknLNsddaI9LmgGPaykhUnKL1NHEF0AjmlEA6DWjh6j9a3pMgtXBAHLGASElvhiq9YKrW8lOFoE5j/TQxlgT3Gdf/bQP38bQoDN+85ffHz6y1Cw+RItNSzIjxgLRBpWdXDsChD3cTb1kW1i9j948/jHDc727U= ARC-Message-Signature:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1718206030; c=relaxed/simple; bh=KE9bUaqEpu2RJsSsU4Se8f2nefjiYvwAZR+iz4KwldM=; h=Date:From:To:Cc:Subject:Message-ID:References:MIME-Version: Content-Type:Content-Disposition:In-Reply-To; b=r0Cjz10Zba5Pt3Mq9FhqeX2QgYfN0hT6i3nCGwIGQ7zOiRRo/0BhJlzGHpLyBm5EUgBVmW0/2FoKcqE2QgjwD/ujTQ+OINZagHtg0P+n0evyN3EBtlGnkhgbrEEnv4m4xLngGi5ww7faZXm6pzxGKIeLGWIwTls5GDc8yzCfCqE= ARC-Authentication-Results:i=1; smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b=LXGyOHqV; arc=none smtp.client-ip=10.30.226.201 Received: by smtp.kernel.org (Postfix) with ESMTPSA id 77344C116B1; Wed, 12 Jun 2024 15:27:09 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1718206029; bh=KE9bUaqEpu2RJsSsU4Se8f2nefjiYvwAZR+iz4KwldM=; h=Date:From:To:Cc:Subject:References:In-Reply-To:From; b=LXGyOHqVVzVWn2OFkyZKMYG2RlYiAjOuhlc0b0XUFZyjWra87fCl0AMPj4fd1sPQS ygXpM+will0lrddn7C4PLYkJuxgnS1DBHlBYNrzWqubIjvrxgynZ/xBNeCASiSXz9/ I/cyn9zNcH5TqLOpnC+LEtPMQfczR/tueRmqAbGNgfKDXSWU8SiXQolH2TqfC/OX0G RPYin3RE8sGHVFdR4RGlnUobks26qVAK1F8fFM8ve4CogOmzPdiPPBqehHxp/NSrl5 frDgTuMyt/9AlcH/TPkQaD6Ww6frSjmPRwATxoJeQNnqB/X4pYAB9+BXu5nJzraa5Y mA2cxpQ7B93ag== Date: Wed, 12 Jun 2024 08:27:07 -0700 From: Eric Biggers To: Herbert Xu Cc: linux-crypto@vger.kernel.org, fsverity@lists.linux.dev, dm-devel@lists.linux.dev, x86@kernel.org, linux-arm-kernel@lists.infradead.org, Ard Biesheuvel , Sami Tolvanen , Bart Van Assche Subject: Re: [PATCH v5 04/15] crypto: x86/sha256-ni - add support for finup_mb Message-ID: <20240612152707.GB1170@sol.localdomain> References: <20240611034822.36603-1-ebiggers@kernel.org> <20240611034822.36603-5-ebiggers@kernel.org> Precedence: bulk X-Mailing-List: linux-crypto@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: On Wed, Jun 12, 2024 at 05:42:20PM +0800, Herbert Xu wrote: > On Mon, Jun 10, 2024 at 08:48:11PM -0700, Eric Biggers wrote: > > From: Eric Biggers > > > > Add an implementation of finup_mb to sha256-ni, using an interleaving > > factor of 2. It interleaves a finup operation for two equal-length > > messages that share a common prefix. dm-verity and fs-verity will take > > I think the limitation on equal length is artificial. There is > no reason why the code couldn't handle two messages with different > lengths. Simply execute in dual mode up until the shorter message > runs out. Then carry on as if you have a single message. Sure, as I mentioned the algorithm could fall back to single-buffer hashing once the messages get out of sync. This would actually have to be implemented and tested, of course, which gets especially tricky with your proposal to support arbitrary scatterlists. And there's no actual use case for adding that complexity yet. > In fact, there is no reason why the two hashes have to start from > the same initial state either. It has no bearing on the performance > of the actual hashing as far as I can see. The SHA-256 inner loop would indeed be the same, but the single state has several advantages: - The caller only needs to allocate and prepare a single state. This saves per-IO memory and reduces overhead. - The glue code doesn't need to check that the number of internally buffered bytes are synced up. - The assembly code only needs to load from the one state. All of this simplifies the code slightly and boosts performance slightly. These advantages aren't *too* large, of course, and if a use case for supporting update arose, then support for multiple states would be added. But it doesn't make sense to add this functionality prematurely before it actually has a user. - Eric