| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <20250824013644.71928-3-ebiggers@kernel.org>
Date: Sat, 23 Aug 2025 21:36:44 -0400
From: Eric Biggers <ebiggers@...nel.org>
To: netdev@...r.kernel.org,
Andrea Mayer <andrea.mayer@...roma2.it>
Cc: David Lebrun <dlebrun@...gle.com>,
Minhong He <heminhong@...inos.cn>,
linux-crypto@...r.kernel.org,
Eric Biggers <ebiggers@...nel.org>
Subject: [PATCH net-next v2 2/2] ipv6: sr: Prepare HMAC key ahead of time
Prepare the HMAC key when it is added to the kernel, instead of
preparing it implicitly for every packet. This significantly improves
the performance of seg6_hmac_compute(). A microbenchmark on x86_64
shows seg6_hmac_compute() (with HMAC-SHA256) dropping from ~1978 cycles
to ~1419 cycles, a 28% improvement.
The size of 'struct seg6_hmac_info' increases by 128 bytes, but that
should be fine, since there should not be a massive number of keys.
Signed-off-by: Eric Biggers <ebiggers@...nel.org>
---
include/net/seg6_hmac.h | 8 ++++++++
net/ipv6/seg6_hmac.c | 14 +++++++++-----
2 files changed, 17 insertions(+), 5 deletions(-)
diff --git a/include/net/seg6_hmac.h b/include/net/seg6_hmac.h
index 3fe4123dbbf0a..e9f41725933e4 100644
--- a/include/net/seg6_hmac.h
+++ b/include/net/seg6_hmac.h
@@ -7,10 +7,12 @@
*/
#ifndef _NET_SEG6_HMAC_H
#define _NET_SEG6_HMAC_H
+#include <crypto/sha1.h>
+#include <crypto/sha2.h>
#include <net/flow.h>
#include <net/ip6_fib.h>
#include <net/sock.h>
#include <linux/ip.h>
#include <linux/ipv6.h>
@@ -24,13 +26,19 @@
struct seg6_hmac_info {
struct rhash_head node;
struct rcu_head rcu;
u32 hmackeyid;
+ /* The raw key, kept only so it can be returned back to userspace */
char secret[SEG6_HMAC_SECRET_LEN];
u8 slen;
u8 alg_id;
+ /* The prepared key, which the calculations actually use */
+ union {
+ struct hmac_sha1_key sha1;
+ struct hmac_sha256_key sha256;
+ } key;
};
extern int seg6_hmac_compute(struct seg6_hmac_info *hinfo,
struct ipv6_sr_hdr *hdr, struct in6_addr *saddr,
u8 *output);
diff --git a/net/ipv6/seg6_hmac.c b/net/ipv6/seg6_hmac.c
index 61f6019df55b6..ee6bac0160ace 100644
--- a/net/ipv6/seg6_hmac.c
+++ b/net/ipv6/seg6_hmac.c
@@ -146,23 +146,22 @@ int seg6_hmac_compute(struct seg6_hmac_info *hinfo, struct ipv6_sr_hdr *hdr,
off += 16;
}
switch (hinfo->alg_id) {
case SEG6_HMAC_ALGO_SHA1:
- hmac_sha1_usingrawkey(hinfo->secret, hinfo->slen, ring, plen,
- output);
+ hmac_sha1(&hinfo->key.sha1, ring, plen, output);
static_assert(SEG6_HMAC_FIELD_LEN > SHA1_DIGEST_SIZE);
memset(&output[SHA1_DIGEST_SIZE], 0,
SEG6_HMAC_FIELD_LEN - SHA1_DIGEST_SIZE);
break;
case SEG6_HMAC_ALGO_SHA256:
- hmac_sha256_usingrawkey(hinfo->secret, hinfo->slen, ring, plen,
- output);
+ hmac_sha256(&hinfo->key.sha256, ring, plen, output);
static_assert(SEG6_HMAC_FIELD_LEN == SHA256_DIGEST_SIZE);
break;
default:
- ret = -ENOENT;
+ WARN_ON_ONCE(1);
+ ret = -EINVAL;
break;
}
local_unlock_nested_bh(&hmac_storage.bh_lock);
local_bh_enable();
return ret;
@@ -236,11 +235,16 @@ int seg6_hmac_info_add(struct net *net, u32 key, struct seg6_hmac_info *hinfo)
struct seg6_pernet_data *sdata = seg6_pernet(net);
int err;
switch (hinfo->alg_id) {
case SEG6_HMAC_ALGO_SHA1:
+ hmac_sha1_preparekey(&hinfo->key.sha1,
+ hinfo->secret, hinfo->slen);
+ break;
case SEG6_HMAC_ALGO_SHA256:
+ hmac_sha256_preparekey(&hinfo->key.sha256,
+ hinfo->secret, hinfo->slen);
break;
default:
return -EINVAL;
}
--
2.50.1
Powered by blists - more mailing lists