[0/5] crypto: Add akcipher interface without SGs

Message ID	ZIg4b8kAeW7x/oM1@gondor.apana.org.au (mailing list archive)
Headers	show Return-Path: <linux-crypto-owner@vger.kernel.org> Date: Tue, 13 Jun 2023 17:35:43 +0800 From: Herbert Xu <herbert@gondor.apana.org.au> To: Linus Torvalds <torvalds@linux-foundation.org>, Roberto Sassu <roberto.sassu@huaweicloud.com>, David Howells <dhowells@redhat.com>, Eric Biggers <ebiggers@kernel.org>, Stefan Berger <stefanb@linux.ibm.com>, Mimi Zohar <zohar@linux.ibm.com>, dmitry.kasatkin@gmail.com, Jarkko Sakkinen <jarkko@kernel.org>, Ard Biesheuvel <ardb@kernel.org>, keyrings@vger.kernel.org, Linux Crypto Mailing List <linux-crypto@vger.kernel.org> Subject: [PATCH 0/5] crypto: Add akcipher interface without SGs Message-ID: <ZIg4b8kAeW7x/oM1@gondor.apana.org.au> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Precedence: bulk
Series	crypto: Add akcipher interface without SGs \| expand [0/5] crypto: Add akcipher interface without SGs [1/5] crypto: akcipher - Add sync interface without SG lists [2/5] crypto: dsa - Add interface for sign/verify [3/5] KEYS: Add forward declaration in asymmetric-parser.h [4/5] KEYS: asymmetric: Move sm2 code into x509_public_key [5/5] KEYS: asymmetric: Use new crypto interface without scatterlists

Message ID

ZIg4b8kAeW7x/oM1@gondor.apana.org.au (mailing list archive)

Headers

Date: Tue, 13 Jun 2023 17:35:43 +0800
From: Herbert Xu <herbert@gondor.apana.org.au>
To: Linus Torvalds <torvalds@linux-foundation.org>,
        Roberto Sassu <roberto.sassu@huaweicloud.com>,
        David Howells <dhowells@redhat.com>,
        Eric Biggers <ebiggers@kernel.org>,
        Stefan Berger <stefanb@linux.ibm.com>,
        Mimi Zohar <zohar@linux.ibm.com>, dmitry.kasatkin@gmail.com,
        Jarkko Sakkinen <jarkko@kernel.org>,
        Ard Biesheuvel <ardb@kernel.org>, keyrings@vger.kernel.org,
        Linux Crypto Mailing List <linux-crypto@vger.kernel.org>
Subject: [PATCH 0/5] crypto: Add akcipher interface without SGs
Message-ID: <ZIg4b8kAeW7x/oM1@gondor.apana.org.au>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Precedence: bulk

Series

crypto: Add akcipher interface without SGs | expand

Message

Herbert Xu June 13, 2023, 9:35 a.m. UTC

The crypto akcipher interface has exactly one user, the keyring
subsystem.  That user only deals with kernel pointers, not SG lists.
Therefore the use of SG lists in the akcipher interface is
completely pointless.

As there is only one user, changing it isn't that hard.  This
patch series is a first step in that direction.  It introduces
a new interface for encryption and decryption without SG lists:

int crypto_akcipher_sync_encrypt(struct crypto_akcipher *tfm,
				 const void *src, unsigned int slen,
				 void *dst, unsigned int dlen);

int crypto_akcipher_sync_decrypt(struct crypto_akcipher *tfm,
				 const void *src, unsigned int slen,
				 void *dst, unsigned int dlen);

I've decided to split out signing and verification because most
(all but one) of our signature algorithms do not support encryption
or decryption.  These can now be accessed through the dsa interface:

int crypto_dsa_sign(struct crypto_dsa *tfm,
		    const void *src, unsigned int slen,
		    void *dst, unsigned int dlen);

int crypto_dsa_verify(struct crypto_dsa *tfm,
		      const void *src, unsigned int slen,
		      const void *digest, unsigned int dlen);

The keyring system has been converted to this interface.

The next step would be to convert the code within the Crypto API so
that SG lists are not used at all on the software path.  This
would eliminate the unnecessary copying that currently happens.

Thanks,

Comments

David Howells June 13, 2023, 12:53 p.m. UTC | #1

Herbert Xu <herbert@gondor.apana.org.au> wrote:

> I've decided to split out signing and verification because most
> (all but one) of our signature algorithms do not support encryption
> or decryption.  These can now be accessed through the dsa interface:

That feels wrongly named as there's a DSA public key algorithm.

David

Herbert Xu June 14, 2023, 10:10 a.m. UTC | #2

On Tue, Jun 13, 2023 at 01:53:28PM +0100, David Howells wrote:
.
> That feels wrongly named as there's a DSA public key algorithm.

You're quite right.  This is indeed confusing.  I'll rename it
to sig instead.  So we'll have crypto_sig_sign and crypto_sig_verify.

Thanks,