From patchwork Wed Dec 23 22:38:31 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Ard Biesheuvel X-Patchwork-Id: 11997417 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-9.0 required=3.0 tests=BAYES_00,INCLUDES_PATCH, MAILING_LIST_MULTI,SPF_HELO_NONE,SPF_PASS,URIBL_BLOCKED autolearn=unavailable autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id 39161C4332B for ; Mon, 4 Jan 2021 19:03:44 +0000 (UTC) Received: from us-smtp-delivery-124.mimecast.com (us-smtp-delivery-124.mimecast.com [63.128.21.124]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits)) (No client certificate requested) by mail.kernel.org (Postfix) with ESMTPS id A00262068D for ; Mon, 4 Jan 2021 19:03:43 +0000 (UTC) DMARC-Filter: OpenDMARC Filter v1.3.2 mail.kernel.org A00262068D Authentication-Results: mail.kernel.org; dmarc=fail (p=none dis=none) header.from=kernel.org Authentication-Results: mail.kernel.org; spf=tempfail smtp.mailfrom=dm-devel-bounces@redhat.com Received: from mimecast-mx01.redhat.com (mimecast-mx01.redhat.com [209.132.183.4]) (Using TLS) by relay.mimecast.com with ESMTP id us-mta-332-rbVwRURkMIeDX2Y1J-5_Nw-1; Mon, 04 Jan 2021 14:03:39 -0500 X-MC-Unique: rbVwRURkMIeDX2Y1J-5_Nw-1 Received: from smtp.corp.redhat.com (int-mx06.intmail.prod.int.phx2.redhat.com [10.5.11.16]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mimecast-mx01.redhat.com (Postfix) with ESMTPS id 888D8879520; Mon, 4 Jan 2021 19:03:32 +0000 (UTC) Received: from colo-mx.corp.redhat.com (colo-mx01.intmail.prod.int.phx2.redhat.com [10.5.11.20]) by smtp.corp.redhat.com (Postfix) with ESMTPS id 6707271C95; Mon, 4 Jan 2021 19:03:32 +0000 (UTC) Received: from lists01.pubmisc.prod.ext.phx2.redhat.com (lists01.pubmisc.prod.ext.phx2.redhat.com [10.5.19.33]) by colo-mx.corp.redhat.com (Postfix) with ESMTP id 3B8D21809CA4; Mon, 4 Jan 2021 19:03:32 +0000 (UTC) Received: from smtp.corp.redhat.com (int-mx06.intmail.prod.int.rdu2.redhat.com [10.11.54.6]) by lists01.pubmisc.prod.ext.phx2.redhat.com (8.13.8/8.13.8) with ESMTP id 0BNMm0eR014985 for ; Wed, 23 Dec 2020 17:48:00 -0500 Received: by smtp.corp.redhat.com (Postfix) id 4C8282166B2D; Wed, 23 Dec 2020 22:48:00 +0000 (UTC) Received: from mimecast-mx02.redhat.com (mimecast01.extmail.prod.ext.rdu2.redhat.com [10.11.55.17]) by smtp.corp.redhat.com (Postfix) with ESMTPS id 459842166B29 for ; Wed, 23 Dec 2020 22:47:57 +0000 (UTC) Received: from us-smtp-1.mimecast.com (us-smtp-2.mimecast.com [205.139.110.61]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits)) (No client certificate requested) by mimecast-mx02.redhat.com (Postfix) with ESMTPS id 8CC6D858281 for ; Wed, 23 Dec 2020 22:47:57 +0000 (UTC) Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) (Using TLS) by relay.mimecast.com with ESMTP id us-mta-406-gpqy7DFtMOCK7wLuq7Q8fw-1; Wed, 23 Dec 2020 17:47:55 -0500 X-MC-Unique: gpqy7DFtMOCK7wLuq7Q8fw-1 Received: by mail.kernel.org (Postfix) with ESMTPSA id BB3A322273; Wed, 23 Dec 2020 22:38:58 +0000 (UTC) From: Ard Biesheuvel To: linux-crypto@vger.kernel.org Date: Wed, 23 Dec 2020 23:38:31 +0100 Message-Id: <20201223223841.11311-1-ardb@kernel.org> X-Mimecast-Impersonation-Protect: Policy=CLT - Impersonation Protection Definition; Similar Internal Domain=false; Similar Monitored External Domain=false; Custom External Domain=false; Mimecast External Domain=false; Newly Observed Domain=false; Internal User Name=false; Custom Display Name List=false; Reply-to Address Mismatch=false; Targeted Threat Dictionary=false; Mimecast Threat Dictionary=false; Custom Threat Dictionary=false X-Scanned-By: MIMEDefang 2.78 on 10.11.54.6 X-loop: dm-devel@redhat.com X-Mailman-Approved-At: Mon, 04 Jan 2021 14:03:11 -0500 Cc: Herbert Xu , Mike Snitzer , Ard Biesheuvel , Eric Biggers , dm-devel@redhat.com, Milan Broz , Megha Dey Subject: [dm-devel] [RFC PATCH 00/10] crypto: x86 - remove XTS and CTR glue helper code X-BeenThere: dm-devel@redhat.com X-Mailman-Version: 2.1.12 Precedence: junk List-Id: device-mapper development List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , MIME-Version: 1.0 Sender: dm-devel-bounces@redhat.com Errors-To: dm-devel-bounces@redhat.com X-Scanned-By: MIMEDefang 2.79 on 10.5.11.16 Authentication-Results: relay.mimecast.com; auth=pass smtp.auth=CUSA124A263 smtp.mailfrom=dm-devel-bounces@redhat.com X-Mimecast-Spam-Score: 0 X-Mimecast-Originator: redhat.com After applying my performance fixes for AES-NI in XTS mode, the only remaining users of the x86 glue helper module are the niche algorithms camellia, cast6, serpent and twofish. It is not clear from the history why all these different versions of these algorithms in XTS and CTR modes were added in the first place: the only in-kernel references that seem to exist are to cbc(serpent), cbc(camellia) and cbc(twofish) in the IPsec stack. The XTS spec only mentions AES, and CTR modes don't seem to be widely used either. Since the glue helper code relies heavily on indirect calls for small chunks of in/output, it needs some work to recover from the performance hit caused by the retpoline changes. However, it makes sense to only expend the effort for algorithms that are being used in the first place, and this does not seem to be the case for XTS and CTR. CTR mode can simply be removed: it is not used in the kernel, and it is highly unlikely that it is being relied upon via algif_skcipher. And even if it was, the generic CTR mode driver can still provide the CTR transforms if necessary. XTS mode may actually be in use by dm-crypt users, so we cannot simply drop this code entirely. However, as it turns out, the XTS template wrapped around the ECB mode skciphers perform roughly on par *, and so there is no need to retain all the complicated XTS helper logic. In the unlikely case that dm-crypt users are relying on xts(camellia) or xts(serpent) in the field, they should not be impacted by these changes at all. As a follow-up, it makes sense to rework the ECB and CBC mode implementations to get rid of the indirect calls. Or perhaps we could drop [some of] these algorithms entirely ... * tcrypt results for various XTS implementations below, captured on a Intel(R) Core(TM) i7-8650U CPU @ 1.90GHz Cc: Megha Dey Cc: Eric Biggers Cc: Herbert Xu Cc: Milan Broz Cc: Mike Snitzer Ard Biesheuvel (10): crypto: x86/camellia - switch to XTS template crypto: x86/cast6 - switch to XTS template crypto: x86/serpent- switch to XTS template crypto: x86/twofish - switch to XTS template crypto: x86/glue-helper - drop XTS helper routines crypto: x86/camellia - drop CTR mode implementation crypto: x86/cast6 - drop CTR mode implementation crypto: x86/serpent - drop CTR mode implementation crypto: x86/twofish - drop CTR mode implementation crypto: x86/glue-helper - drop CTR helper routines arch/x86/crypto/camellia-aesni-avx-asm_64.S | 297 ---------------- arch/x86/crypto/camellia-aesni-avx2-asm_64.S | 350 ------------------- arch/x86/crypto/camellia_aesni_avx2_glue.c | 111 ------ arch/x86/crypto/camellia_aesni_avx_glue.c | 141 +------- arch/x86/crypto/camellia_glue.c | 68 ---- arch/x86/crypto/cast6-avx-x86_64-asm_64.S | 84 ----- arch/x86/crypto/cast6_avx_glue.c | 146 -------- arch/x86/crypto/glue_helper-asm-avx.S | 104 ------ arch/x86/crypto/glue_helper-asm-avx2.S | 136 ------- arch/x86/crypto/glue_helper.c | 226 ------------ arch/x86/crypto/serpent-avx-x86_64-asm_64.S | 68 ---- arch/x86/crypto/serpent-avx2-asm_64.S | 87 ----- arch/x86/crypto/serpent_avx2_glue.c | 110 ------ arch/x86/crypto/serpent_avx_glue.c | 152 -------- arch/x86/crypto/serpent_sse2_glue.c | 67 ---- arch/x86/crypto/twofish-avx-x86_64-asm_64.S | 80 ----- arch/x86/crypto/twofish_avx_glue.c | 136 ------- arch/x86/crypto/twofish_glue_3way.c | 72 ---- arch/x86/include/asm/crypto/camellia.h | 24 -- arch/x86/include/asm/crypto/glue_helper.h | 44 --- arch/x86/include/asm/crypto/serpent-avx.h | 21 -- arch/x86/include/asm/crypto/twofish.h | 4 - 22 files changed, 1 insertion(+), 2527 deletions(-)