1. 05 Oct, 2018 1 commit
  2. 21 Sep, 2018 3 commits
    • Ondrej Mosnacek's avatar
      crypto: lrw - Do not use auxiliary buffer · ac3c8f36
      Ondrej Mosnacek authored
      This patch simplifies the LRW template to recompute the LRW tweaks from
      scratch in the second pass and thus also removes the need to allocate a
      dynamic buffer using kmalloc().
      
      As discussed at [1], the use of kmalloc causes deadlocks with dm-crypt.
      
      PERFORMANCE MEASUREMENTS (x86_64)
      Performed using: https://gitlab.com/omos/linux-crypto-bench
      Crypto driver used: lrw(ecb-aes-aesni)
      
      The results show that the new code has about the same performance as the
      old code. For 512-byte message it seems to be even slightly faster, but
      that might be just noise.
      
      Before:
             ALGORITHM KEY (b)        DATA (B)   TIME ENC (ns)   TIME DEC (ns)
              lrw(aes)     256              64             200             203
              lrw(aes)     320              64             202             204
              lrw(aes)     384              64             204             205
              lrw(aes)     256             512             415             415
              lrw(aes)     320             512             432             440
              lrw(aes)     384             512             449             451
              lrw(aes)     256            4096            1838            1995
              lrw(aes)     320            4096            2123            1980
              lrw(aes)     384            4096            2100            2119
              lrw(aes)     256           16384            7183            6954
              lrw(aes)     320           16384            7844            7631
              lrw(aes)     384           16384            8256            8126
              lrw(aes)     256           32768           14772           14484
              lrw(aes)     320           32768           15281           15431
              lrw(aes)     384           32768           16469           16293
      
      After:
             ALGORITHM KEY (b)        DATA (B)   TIME ENC (ns)   TIME DEC (ns)
              lrw(aes)     256              64             197             196
              lrw(aes)     320              64             200             197
              lrw(aes)     384              64             203             199
              lrw(aes)     256             512             385             380
              lrw(aes)     320             512             401             395
              lrw(aes)     384             512             415             415
              lrw(aes)     256            4096            1869            1846
              lrw(aes)     320            4096            2080            1981
              lrw(aes)     384            4096            2160            2109
              lrw(aes)     256           16384            7077            7127
              lrw(aes)     320           16384            7807            7766
              lrw(aes)     384           16384            8108            8357
              lrw(aes)     256           32768           14111           14454
              lrw(aes)     320           32768           15268           15082
              lrw(aes)     384           32768           16581           16250
      
      [1] https://lkml.org/lkml/2018/8/23/1315Signed-off-by: 's avatarOndrej Mosnacek <omosnace@redhat.com>
      Signed-off-by: 's avatarHerbert Xu <herbert@gondor.apana.org.au>
      ac3c8f36
    • Ondrej Mosnacek's avatar
      crypto: lrw - Optimize tweak computation · c778f96b
      Ondrej Mosnacek authored
      This patch rewrites the tweak computation to a slightly simpler method
      that performs less bswaps. Based on performance measurements the new
      code seems to provide slightly better performance than the old one.
      
      PERFORMANCE MEASUREMENTS (x86_64)
      Performed using: https://gitlab.com/omos/linux-crypto-bench
      Crypto driver used: lrw(ecb-aes-aesni)
      
      Before:
             ALGORITHM KEY (b)        DATA (B)   TIME ENC (ns)   TIME DEC (ns)
              lrw(aes)     256              64             204             286
              lrw(aes)     320              64             227             203
              lrw(aes)     384              64             208             204
              lrw(aes)     256             512             441             439
              lrw(aes)     320             512             456             455
              lrw(aes)     384             512             469             483
              lrw(aes)     256            4096            2136            2190
              lrw(aes)     320            4096            2161            2213
              lrw(aes)     384            4096            2295            2369
              lrw(aes)     256           16384            7692            7868
              lrw(aes)     320           16384            8230            8691
              lrw(aes)     384           16384            8971            8813
              lrw(aes)     256           32768           15336           15560
              lrw(aes)     320           32768           16410           16346
              lrw(aes)     384           32768           18023           17465
      
      After:
             ALGORITHM KEY (b)        DATA (B)   TIME ENC (ns)   TIME DEC (ns)
              lrw(aes)     256              64             200             203
              lrw(aes)     320              64             202             204
              lrw(aes)     384              64             204             205
              lrw(aes)     256             512             415             415
              lrw(aes)     320             512             432             440
              lrw(aes)     384             512             449             451
              lrw(aes)     256            4096            1838            1995
              lrw(aes)     320            4096            2123            1980
              lrw(aes)     384            4096            2100            2119
              lrw(aes)     256           16384            7183            6954
              lrw(aes)     320           16384            7844            7631
              lrw(aes)     384           16384            8256            8126
              lrw(aes)     256           32768           14772           14484
              lrw(aes)     320           32768           15281           15431
              lrw(aes)     384           32768           16469           16293
      Signed-off-by: 's avatarOndrej Mosnacek <omosnace@redhat.com>
      Signed-off-by: 's avatarHerbert Xu <herbert@gondor.apana.org.au>
      c778f96b
    • Ondrej Mosnacek's avatar
      crypto: lrw - Fix out-of bounds access on counter overflow · fbe1a850
      Ondrej Mosnacek authored
      When the LRW block counter overflows, the current implementation returns
      128 as the index to the precomputed multiplication table, which has 128
      entries. This patch fixes it to return the correct value (127).
      
      Fixes: 64470f1b ("[CRYPTO] lrw: Liskov Rivest Wagner, a tweakable narrow block cipher mode")
      Cc: <stable@vger.kernel.org> # 2.6.20+
      Reported-by: 's avatarEric Biggers <ebiggers@kernel.org>
      Signed-off-by: 's avatarOndrej Mosnacek <omosnace@redhat.com>
      Signed-off-by: 's avatarHerbert Xu <herbert@gondor.apana.org.au>
      fbe1a850
  3. 03 Aug, 2018 1 commit
  4. 30 Mar, 2018 1 commit
  5. 02 Mar, 2018 1 commit
  6. 03 Nov, 2017 1 commit
  7. 12 Oct, 2017 2 commits
  8. 10 Apr, 2017 1 commit
  9. 24 Mar, 2017 1 commit
  10. 28 Nov, 2016 1 commit
    • Herbert Xu's avatar
      crypto: lrw - Convert to skcipher · 700cb3f5
      Herbert Xu authored
      This patch converts lrw over to the skcipher interface.  It also
      optimises the implementation to be based on ECB instead of the
      underlying cipher.  For compatibility the existing naming scheme
      of lrw(aes) is maintained as opposed to the more obvious one of
      lrw(ecb(aes)).
      Signed-off-by: 's avatarHerbert Xu <herbert@gondor.apana.org.au>
      700cb3f5
  11. 26 Nov, 2014 1 commit
  12. 09 Nov, 2011 4 commits
  13. 17 Feb, 2009 1 commit
    • Herbert Xu's avatar
      crypto: lrw - Fix big endian support · 8eb2dfac
      Herbert Xu authored
      It turns out that LRW has never worked properly on big endian.
      This was never discussed because nobody actually used it that
      way.  In fact, it was only discovered when Geert Uytterhoeven
      loaded it through tcrypt which failed the test on it.
      
      The fix is straightforward, on big endian the to find the nth
      bit we should be grouping them by words instead of bytes.  So
      setbit128_bbe should xor with 128 - BITS_PER_LONG instead of
      128 - BITS_PER_BYTE == 0x78.
      Tested-by: 's avatarGeert Uytterhoeven <Geert.Uytterhoeven@sonycom.com>
      Signed-off-by: 's avatarHerbert Xu <herbert@gondor.apana.org.au>
      8eb2dfac
  14. 21 Apr, 2008 1 commit
  15. 07 Feb, 2008 1 commit
  16. 02 May, 2007 1 commit
    • Herbert Xu's avatar
      [CRYPTO] templates: Pass type/mask when creating instances · ebc610e5
      Herbert Xu authored
      This patch passes the type/mask along when constructing instances of
      templates.  This is in preparation for templates that may support
      multiple types of instances depending on what is requested.  For example,
      the planned software async crypto driver will use this construct.
      
      For the moment this allows us to check whether the instance constructed
      is of the correct type and avoid returning success if the type does not
      match.
      Signed-off-by: 's avatarHerbert Xu <herbert@gondor.apana.org.au>
      ebc610e5
  17. 06 Feb, 2007 1 commit
  18. 07 Dec, 2006 2 commits