1. 27 11月, 2010 1 次提交
    • M
      crypto: aesni-intel - Ported implementation to x86-32 · 0d258efb
      Mathias Krause 提交于
      The AES-NI instructions are also available in legacy mode so the 32-bit
      architecture may profit from those, too.
      
      To illustrate the performance gain here's a short summary of a dm-crypt
      speed test on a Core i7 M620 running at 2.67GHz comparing both assembler
      implementations:
      
      x86:                   i568       aes-ni    delta
      ECB, 256 bit:     93.8 MB/s   123.3 MB/s   +31.4%
      CBC, 256 bit:     84.8 MB/s   262.3 MB/s  +209.3%
      LRW, 256 bit:    108.6 MB/s   222.1 MB/s  +104.5%
      XTS, 256 bit:    105.0 MB/s   205.5 MB/s   +95.7%
      
      Additionally, due to some minor optimizations, the 64-bit version also
      got a minor performance gain as seen below:
      
      x86-64:           old impl.    new impl.    delta
      ECB, 256 bit:    121.1 MB/s   123.0 MB/s    +1.5%
      CBC, 256 bit:    285.3 MB/s   290.8 MB/s    +1.9%
      LRW, 256 bit:    263.7 MB/s   265.3 MB/s    +0.6%
      XTS, 256 bit:    251.1 MB/s   255.3 MB/s    +1.7%
      Signed-off-by: NMathias Krause <minipli@googlemail.com>
      Reviewed-by: NHuang Ying <ying.huang@intel.com>
      Signed-off-by: NHerbert Xu <herbert@gondor.apana.org.au>
      0d258efb
  2. 26 11月, 2010 1 次提交
    • H
      crypto: algif_skcipher - User-space interface for skcipher operations · 8ff59090
      Herbert Xu 提交于
      This patch adds the af_alg plugin for symmetric key ciphers,
      corresponding to the ablkcipher kernel operation type.
      
      Keys can optionally be set through the setsockopt interface.
      
      Once a sendmsg call occurs without MSG_MORE no further writes
      may be made to the socket until all previous data has been read.
      
      IVs and and whether encryption/decryption is performed can be
      set through the setsockopt interface or as a control message
      to sendmsg.
      
      The interface is completely synchronous, all operations are
      carried out in recvmsg(2) and will complete prior to the system
      call returning.
      
      The splice(2) interface support reading the user-space data directly
      without copying (except that the Crypto API itself may copy the data
      if alignment is off).
      
      The recvmsg(2) interface supports directly writing to user-space
      without additional copying, i.e., the kernel crypto interface will
      receive the user-space address as its output SG list.
      
      Thakns to Miloslav Trmac for reviewing this and contributing
      fixes and improvements.
      Signed-off-by: NHerbert Xu <herbert@gondor.apana.org.au>
      Acked-by: NDavid S. Miller <davem@davemloft.net>
      8ff59090
  3. 19 11月, 2010 2 次提交
    • H
      crypto: algif_hash - User-space interface for hash operations · fe869cdb
      Herbert Xu 提交于
      This patch adds the af_alg plugin for hash, corresponding to
      the ahash kernel operation type.
      
      Keys can optionally be set through the setsockopt interface.
      
      Each sendmsg call will finalise the hash unless sent with a MSG_MORE
      flag.
      
      Partial hash states can be cloned using accept(2).
      
      The interface is completely synchronous, all operations will
      complete prior to the system call returning.
      
      Both sendmsg(2) and splice(2) support reading the user-space
      data directly without copying (except that the Crypto API itself
      may copy the data if alignment is off).
      
      For now only the splice(2) interface supports performing digest
      instead of init/update/final.  In future the sendmsg(2) interface
      will also be modified to use digest/finup where possible so that
      hardware that cannot return a partial hash state can still benefit
      from this interface.
      
      Thakns to Miloslav Trmac for reviewing this and contributing
      fixes and improvements.
      Signed-off-by: NHerbert Xu <herbert@gondor.apana.org.au>
      Acked-by: NDavid S. Miller <davem@davemloft.net>
      Tested-by: NMartin Willi <martin@strongswan.org>
      fe869cdb
    • H
      crypto: af_alg - User-space interface for Crypto API · 03c8efc1
      Herbert Xu 提交于
      This patch creates the backbone of the user-space interface for
      the Crypto API, through a new socket family AF_ALG.
      
      Each session corresponds to one or more connections obtained from
      that socket.  The number depends on the number of inputs/outputs
      of that particular type of operation.  For most types there will
      be a s ingle connection/file descriptor that is used for both input
      and output.  AEAD is one of the few that require two inputs.
      
      Each algorithm type will provide its own implementation that plugs
      into af_alg.  They're keyed using a string such as "skcipher" or
      "hash".
      
      IOW this patch only contains the boring bits that is required
      to hold everything together.
      
      Thakns to Miloslav Trmac for reviewing this and contributing
      fixes and improvements.
      Signed-off-by: NHerbert Xu <herbert@gondor.apana.org.au>
      Acked-by: NDavid S. Miller <davem@davemloft.net>
      Tested-by: NMartin Willi <martin@strongswan.org>
      03c8efc1
  4. 12 9月, 2010 1 次提交
  5. 03 9月, 2010 1 次提交
  6. 06 8月, 2010 2 次提交
    • H
      crypto: testmgr - Default to no tests · 00ca28a5
      Herbert Xu 提交于
      On Thu, Aug 05, 2010 at 07:01:21PM -0700, Linus Torvalds wrote:
      > On Thu, Aug 5, 2010 at 6:40 PM, Herbert Xu <herbert@gondor.hengli.com.au> wrote:
      > >
      > > -config CRYPTO_MANAGER_TESTS
      > > -       bool "Run algolithms' self-tests"
      > > -       default y
      > > -       depends on CRYPTO_MANAGER2
      > > +config CRYPTO_MANAGER_DISABLE_TESTS
      > > +       bool "Disable run-time self tests"
      > > +       depends on CRYPTO_MANAGER2 && EMBEDDED
      >
      > Why do you still want to force-enable those tests? I was going to
      > complain about the "default y" anyway, now I'm _really_ complaining,
      > because you've now made it impossible to disable those tests. Why?
      
      As requested, this patch sets the default to y and removes the
      EMBEDDED dependency.
      Signed-off-by: NHerbert Xu <herbert@gondor.apana.org.au>
      00ca28a5
    • H
      crypto: testmgr - Fix test disabling option · 326a6346
      Herbert Xu 提交于
      This patch fixes a serious bug in the test disabling patch where
      it can cause an spurious load of the cryptomgr module even when
      it's compiled in.
      
      It also negates the test disabling option so that its absence
      causes tests to be enabled.
      
      The Kconfig option is also now behind EMBEDDED.
      Signed-off-by: NHerbert Xu <herbert@gondor.apana.org.au>
      326a6346
  7. 03 6月, 2010 2 次提交
  8. 29 3月, 2010 1 次提交
  9. 05 2月, 2010 1 次提交
  10. 07 1月, 2010 1 次提交
  11. 27 10月, 2009 1 次提交
  12. 19 10月, 2009 1 次提交
  13. 02 9月, 2009 1 次提交
  14. 20 8月, 2009 1 次提交
    • N
      crypto: fips - Depend on ansi_cprng · 4e4ed83b
      Neil Horman 提交于
      What about something like this?  It defaults the CPRNG to m and makes FIPS
      dependent on the CPRNG.  That way you get a module build by default, but you can
      change it to y manually during config and still satisfy the dependency, and if
      you select N it disables FIPS as well.  I rather like that better than making
      FIPS a tristate.  I just tested it out here and it seems to work well.  Let me
      know what you think
      Signed-off-by: NNeil Horman <nhorman@tuxdriver.com>
      Signed-off-by: NHerbert Xu <herbert@gondor.apana.org.au>
      4e4ed83b
  15. 13 8月, 2009 1 次提交
  16. 06 8月, 2009 2 次提交
  17. 21 6月, 2009 1 次提交
  18. 19 6月, 2009 1 次提交
  19. 02 6月, 2009 2 次提交
    • H
      crypto: aes-ni - Add support for more modes · 2cf4ac8b
      Huang Ying 提交于
      Because kernel_fpu_begin() and kernel_fpu_end() operations are too
      slow, the performance gain of general mode implementation + aes-aesni
      is almost all compensated.
      
      The AES-NI support for more modes are implemented as follow:
      
      - Add a new AES algorithm implementation named __aes-aesni without
        kernel_fpu_begin/end()
      
      - Use fpu(<mode>(AES)) to provide kenrel_fpu_begin/end() invoking
      
      - Add <mode>(AES) ablkcipher, which uses cryptd(fpu(<mode>(AES))) to
        defer cryption to cryptd context in soft_irq context.
      
      Now the ctr, lrw, pcbc and xts support are added.
      
      Performance testing based on dm-crypt shows that cryption time can be
      reduced to 50% of general mode implementation + aes-aesni implementation.
      Signed-off-by: NHuang Ying <ying.huang@intel.com>
      Signed-off-by: NHerbert Xu <herbert@gondor.apana.org.au>
      2cf4ac8b
    • H
      crypto: fpu - Add template for blkcipher touching FPU · 150c7e85
      Huang Ying 提交于
      Blkcipher touching FPU need to be enclosed by kernel_fpu_begin() and
      kernel_fpu_end(). If they are invoked in cipher algorithm
      implementation, they will be invoked for each block, so that
      performance will be hurt, because they are "slow" operations. This
      patch implements "fpu" template, which makes these operations to be
      invoked for each request.
      Signed-off-by: NHuang Ying <ying.huang@intel.com>
      Signed-off-by: NHerbert Xu <herbert@gondor.apana.org.au>
      150c7e85
  20. 04 3月, 2009 3 次提交
  21. 19 2月, 2009 3 次提交
    • H
      crypto: chainiv - Use kcrypto_wq instead of keventd_wq · 0a2e821d
      Huang Ying 提交于
      keventd_wq has potential starvation problem, so use dedicated
      kcrypto_wq instead.
      Signed-off-by: NHuang Ying <ying.huang@intel.com>
      Signed-off-by: NHerbert Xu <herbert@gondor.apana.org.au>
      0a2e821d
    • H
      crypto: cryptd - Per-CPU thread implementation based on kcrypto_wq · 254eff77
      Huang Ying 提交于
      Original cryptd thread implementation has scalability issue, this
      patch solve the issue with a per-CPU thread implementation.
      
      struct cryptd_queue is defined to be a per-CPU queue, which holds one
      struct cryptd_cpu_queue for each CPU. In struct cryptd_cpu_queue, a
      struct crypto_queue holds all requests for the CPU, a struct
      work_struct is used to run all requests for the CPU.
      
      Testing based on dm-crypt on an Intel Core 2 E6400 (two cores) machine
      shows 19.2% performance gain. The testing script is as follow:
      
      -------------------- script begin ---------------------------
      #!/bin/sh
      
      dmc_create()
      {
              # Create a crypt device using dmsetup
              dmsetup create $2 --table "0 `blockdev --getsize $1` crypt cbc(aes-asm)?cryptd?plain:plain babebabebabebabebabebabebabebabe 0 $1 0"
      }
      
      dmsetup remove crypt0
      dmsetup remove crypt1
      
      dd if=/dev/zero of=/dev/ram0 bs=1M count=4 >& /dev/null
      dd if=/dev/zero of=/dev/ram1 bs=1M count=4 >& /dev/null
      
      dmc_create /dev/ram0 crypt0
      dmc_create /dev/ram1 crypt1
      
      cat >tr.sh <<EOF
      #!/bin/sh
      
      for n in \$(seq 10); do
              dd if=/dev/dm-0 of=/dev/null >& /dev/null &
              dd if=/dev/dm-1 of=/dev/null >& /dev/null &
      done
      wait
      EOF
      
      for n in $(seq 10); do
              /usr/bin/time sh tr.sh
      done
      rm tr.sh
      -------------------- script end   ---------------------------
      
      The separator of dm-crypt parameter is changed from "-" to "?", because
      "-" is used in some cipher driver name too, and cryptds need to specify
      cipher driver name instead of cipher name.
      
      The test result on an Intel Core2 E6400 (two cores) is as follow:
      
      without patch:
      -----------------wo begin --------------------------
      0.04user 0.38system 0:00.39elapsed 107%CPU (0avgtext+0avgdata 0maxresident)k
      0inputs+0outputs (0major+6566minor)pagefaults 0swaps
      0.07user 0.35system 0:00.35elapsed 121%CPU (0avgtext+0avgdata 0maxresident)k
      0inputs+0outputs (0major+6567minor)pagefaults 0swaps
      0.06user 0.34system 0:00.30elapsed 135%CPU (0avgtext+0avgdata 0maxresident)k
      0inputs+0outputs (0major+6562minor)pagefaults 0swaps
      0.05user 0.37system 0:00.36elapsed 119%CPU (0avgtext+0avgdata 0maxresident)k
      0inputs+0outputs (0major+6607minor)pagefaults 0swaps
      0.06user 0.36system 0:00.35elapsed 120%CPU (0avgtext+0avgdata 0maxresident)k
      0inputs+0outputs (0major+6562minor)pagefaults 0swaps
      0.05user 0.37system 0:00.31elapsed 136%CPU (0avgtext+0avgdata 0maxresident)k
      0inputs+0outputs (0major+6594minor)pagefaults 0swaps
      0.04user 0.34system 0:00.30elapsed 126%CPU (0avgtext+0avgdata 0maxresident)k
      0inputs+0outputs (0major+6597minor)pagefaults 0swaps
      0.06user 0.32system 0:00.31elapsed 125%CPU (0avgtext+0avgdata 0maxresident)k
      0inputs+0outputs (0major+6571minor)pagefaults 0swaps
      0.06user 0.34system 0:00.31elapsed 134%CPU (0avgtext+0avgdata 0maxresident)k
      0inputs+0outputs (0major+6581minor)pagefaults 0swaps
      0.05user 0.38system 0:00.31elapsed 138%CPU (0avgtext+0avgdata 0maxresident)k
      0inputs+0outputs (0major+6600minor)pagefaults 0swaps
      -----------------wo end   --------------------------
      
      
      with patch:
      ------------------w begin --------------------------
      0.02user 0.31system 0:00.24elapsed 141%CPU (0avgtext+0avgdata 0maxresident)k
      0inputs+0outputs (0major+6554minor)pagefaults 0swaps
      0.05user 0.34system 0:00.31elapsed 127%CPU (0avgtext+0avgdata 0maxresident)k
      0inputs+0outputs (0major+6606minor)pagefaults 0swaps
      0.07user 0.33system 0:00.26elapsed 155%CPU (0avgtext+0avgdata 0maxresident)k
      0inputs+0outputs (0major+6559minor)pagefaults 0swaps
      0.07user 0.32system 0:00.26elapsed 151%CPU (0avgtext+0avgdata 0maxresident)k
      0inputs+0outputs (0major+6562minor)pagefaults 0swaps
      0.05user 0.34system 0:00.26elapsed 150%CPU (0avgtext+0avgdata 0maxresident)k
      0inputs+0outputs (0major+6603minor)pagefaults 0swaps
      0.03user 0.36system 0:00.31elapsed 124%CPU (0avgtext+0avgdata 0maxresident)k
      0inputs+0outputs (0major+6562minor)pagefaults 0swaps
      0.04user 0.35system 0:00.26elapsed 147%CPU (0avgtext+0avgdata 0maxresident)k
      0inputs+0outputs (0major+6586minor)pagefaults 0swaps
      0.03user 0.37system 0:00.27elapsed 146%CPU (0avgtext+0avgdata 0maxresident)k
      0inputs+0outputs (0major+6562minor)pagefaults 0swaps
      0.04user 0.36system 0:00.26elapsed 154%CPU (0avgtext+0avgdata 0maxresident)k
      0inputs+0outputs (0major+6594minor)pagefaults 0swaps
      0.04user 0.35system 0:00.26elapsed 154%CPU (0avgtext+0avgdata 0maxresident)k
      0inputs+0outputs (0major+6557minor)pagefaults 0swaps
      ------------------w end   --------------------------
      
      The middle value of elapsed time is:
      wo cryptwq: 0.31
      w  cryptwq: 0.26
      
      The performance gain is about (0.31-0.26)/0.26 = 0.192.
      Signed-off-by: NHuang Ying <ying.huang@intel.com>
      Signed-off-by: NHerbert Xu <herbert@gondor.apana.org.au>
      254eff77
    • H
      crypto: api - Use dedicated workqueue for crypto subsystem · 25c38d3f
      Huang Ying 提交于
      Use dedicated workqueue for crypto subsystem
      
      A dedicated workqueue named kcrypto_wq is created to be used by crypto
      subsystem. The system shared keventd_wq is not suitable for
      encryption/decryption, because of potential starvation problem.
      Signed-off-by: NHuang Ying <ying.huang@intel.com>
      Signed-off-by: NHerbert Xu <herbert@gondor.apana.org.au>
      25c38d3f
  22. 18 2月, 2009 1 次提交
  23. 25 12月, 2008 9 次提交