From owner-freebsd-arch@freebsd.org Mon Aug 5 17:15:10 2019 Return-Path: Delivered-To: freebsd-arch@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id 01918A8629 for ; Mon, 5 Aug 2019 17:15:10 +0000 (UTC) (envelope-from jhb@FreeBSD.org) Received: from smtp.freebsd.org (smtp.freebsd.org [96.47.72.83]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) server-signature RSA-PSS (4096 bits) client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "smtp.freebsd.org", Issuer "Let's Encrypt Authority X3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 462PXY6DMnz3xRN; Mon, 5 Aug 2019 17:15:09 +0000 (UTC) (envelope-from jhb@FreeBSD.org) Received: from John-Baldwins-MacBook-Pro-4.local (ralph.baldwin.cx [66.234.199.215]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (Client did not present a certificate) (Authenticated sender: jhb) by smtp.freebsd.org (Postfix) with ESMTPSA id 53657677; Mon, 5 Aug 2019 17:15:09 +0000 (UTC) (envelope-from jhb@FreeBSD.org) Subject: Re: Open Crypto Framework Changes: Round 1 To: Fabien Thomas Cc: freebsd-arch@freebsd.org References: <9E88949D-92D5-40EA-8ACA-B10E56102476@stormshield.eu> From: John Baldwin Openpgp: preference=signencrypt Autocrypt: addr=jhb@FreeBSD.org; keydata= mQGiBETQ+XcRBADMFybiq69u+fJRy/0wzqTNS8jFfWaBTs5/OfcV7wWezVmf9sgwn8TW0Dk0 c9MBl0pz+H01dA2ZSGZ5fXlmFIsee1WEzqeJzpiwd/pejPgSzXB9ijbLHZ2/E0jhGBcVy5Yo /Tw5+U/+laeYKu2xb0XPvM0zMNls1ah5OnP9a6Ql6wCgupaoMySb7DXm2LHD1Z9jTsHcAQMD /1jzh2BoHriy/Q2s4KzzjVp/mQO5DSm2z14BvbQRcXU48oAosHA1u3Wrov6LfPY+0U1tG47X 1BGfnQH+rNAaH0livoSBQ0IPI/8WfIW7ub4qV6HYwWKVqkDkqwcpmGNDbz3gfaDht6nsie5Z pcuCcul4M9CW7Md6zzyvktjnbz61BADGDCopfZC4of0Z3Ka0u8Wik6UJOuqShBt1WcFS8ya1 oB4rc4tXfSHyMF63aPUBMxHR5DXeH+EO2edoSwViDMqWk1jTnYza51rbGY+pebLQOVOxAY7k do5Ordl3wklBPMVEPWoZ61SdbcjhHVwaC5zfiskcxj5wwXd2E9qYlBqRg7QeSm9obiBCYWxk d2luIDxqaGJARnJlZUJTRC5vcmc+iGAEExECACAFAkTQ+awCGwMGCwkIBwMCBBUCCAMEFgID AQIeAQIXgAAKCRBy3lIGd+N/BI6RAJ9S97fvbME+3hxzE3JUyUZ6vTewDACdE1stFuSfqMvM jomvZdYxIYyTUpC5Ag0ERND5ghAIAPwsO0B7BL+bz8sLlLoQktGxXwXQfS5cInvL17Dsgnr3 1AKa94j9EnXQyPEj7u0d+LmEe6CGEGDh1OcGFTMVrof2ZzkSy4+FkZwMKJpTiqeaShMh+Goj XlwIMDxyADYvBIg3eN5YdFKaPQpfgSqhT+7El7w+wSZZD8pPQuLAnie5iz9C8iKy4/cMSOrH YUK/tO+Nhw8Jjlw94Ik0T80iEhI2t+XBVjwdfjbq3HrJ0ehqdBwukyeJRYKmbn298KOFQVHO EVbHA4rF/37jzaMadK43FgJ0SAhPPF5l4l89z5oPu0b/+5e2inA3b8J3iGZxywjM+Csq1tqz hltEc7Q+E08AAwUIAL+15XH8bPbjNJdVyg2CMl10JNW2wWg2Q6qdljeaRqeR6zFus7EZTwtX sNzs5bP8y51PSUDJbeiy2RNCNKWFMndM22TZnk3GNG45nQd4OwYK0RZVrikalmJY5Q6m7Z16 4yrZgIXFdKj2t8F+x613/SJW1lIr9/bDp4U9tw0V1g3l2dFtD3p3ZrQ3hpoDtoK70ioIAjjH aIXIAcm3FGZFXy503DOA0KaTWwvOVdYCFLm3zWuSOmrX/GsEc7ovasOWwjPn878qVjbUKWwx Q4QkF4OhUV9zPtf9tDSAZ3x7QSwoKbCoRCZ/xbyTUPyQ1VvNy/mYrBcYlzHodsaqUDjHuW+I SQQYEQIACQUCRND5ggIbDAAKCRBy3lIGd+N/BCO8AJ9j1dWVQWxw/YdTbEyrRKOY8YZNwwCf afMAg8QvmOWnHx3wl8WslCaXaE8= Message-ID: Date: Mon, 5 Aug 2019 10:15:08 -0700 User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.12; rv:60.0) Gecko/20100101 Thunderbird/60.7.1 MIME-Version: 1.0 In-Reply-To: <9E88949D-92D5-40EA-8ACA-B10E56102476@stormshield.eu> Content-Type: text/plain; charset=utf-8 Content-Language: en-US Content-Transfer-Encoding: 8bit X-BeenThere: freebsd-arch@freebsd.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Discussion related to FreeBSD architecture List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 05 Aug 2019 17:15:10 -0000 On 8/5/19 3:19 AM, Fabien Thomas wrote: >> - Drivers no longer register a list of supported algorithms. This >> doesn't quite work when you factor in modes (e.g. a driver might >> support both AES-CBC and SHA2-256-HMAC separately but not combined >> for ETA). Instead, a new 'crypto_probesession' method has been >> added to the kobj interface for symmteric crypto drivers. This >> method returns a negative value on success (similar to how >> device_probe works) and the crypto framework uses this value to pick >> the "best" driver. There are three constants for hardware >> (e.g. ccr), accelerated software (e.g. aesni), and plain software >> (cryptosoft) that give preference in that order. One effect of this >> is that if you request hardware when creating a new session, you >> will no longer get a session using accelerated software. >> >> Once a driver is chosen, 'crypto_newsession' is invoked as before. > > Is there an interest to have a software driver and then an accelerated > software ? > Another approach would be to have a software driver with runtime > detection of accelerated algorithms. > For example, base SHA1, SSE3 version, VIA SHA1, intel SHA1 instruction > It has the advantage to: > - allow all combination of software / accelerated software > - single driver code (session db, …) > - avoid duplicate driver for software things I'm not sure of the best approach. I do think it can be a feature that, for example, aesni.ko is a separate driver that can be unloaded if it had a bug (or if there was some future CPU vuln, etc.). My leaning is probably to use an approach where the existing accelerated software drivers would use the existing software code to implementing missing ETA modes as those are the only ones missing. > Regarding the session db every driver has done its own implementation > with various performance issue in the past. > Do you also plan to refactor the session db ? Conrad already fixed this. He changed sessions to be opaque pointers with driver-specific allocated data similar to device_get_softc which removed all the driver-side version of this entirely. Driver's now get a pointer to the session object during the process callback and are able to obtain their driver-specific session state in constant time via a single indirection. This change might only be in 12.0 or later (or head and later). -- John Baldwin