From: Jonathan Cameron <Jonathan.Cameron@Huawei.com>
To: Lukas Wunner <lukas@wunner.de>
Cc: Herbert Xu <herbert@gondor.apana.org.au>,
"David S. Miller" <davem@davemloft.net>,
Stefan Berger <stefanb@linux.ibm.com>,
David Howells <dhowells@redhat.com>,
Vitaly Chikunov <vt@altlinux.org>,
Tadeusz Struk <tstruk@gigaio.com>,
Andrew Zaborowski <andrew.zaborowski@intel.com>,
"Saulo Alessandre" <saulo.alessandre@tse.jus.br>,
<linux-crypto@vger.kernel.org>, <keyrings@vger.kernel.org>
Subject: Re: [PATCH 2/5] crypto: akcipher - Drop usage of sglists for verify op
Date: Thu, 1 Aug 2024 17:02:26 +0100 [thread overview]
Message-ID: <20240801170226.000070ea@Huawei.com> (raw)
In-Reply-To: <eb13c292f60a61b0af14f0c5afd23719b3cb0bd7.1722260176.git.lukas@wunner.de>
On Mon, 29 Jul 2024 15:48:00 +0200
Lukas Wunner <lukas@wunner.de> wrote:
> Commit 6cb8815f41a9 ("crypto: sig - Add interface for sign/verify")
> introduced an API which accepts kernel buffers instead of sglists for
> signature generation and verification.
>
> Commit 63ba4d67594a ("KEYS: asymmetric: Use new crypto interface without
> scatterlists") converted the sole user in the tree to the new API.
>
> Although the API externally accepts kernel buffers, internally it still
> converts them to sglists, which results in overhead for asymmetric
> algorithms because they need to copy the sglists back into kernel
> buffers.
>
> Take the next step and switch signature verification over to using
> kernel buffers internally, thereby avoiding the sglists overhead.
>
> Because all ->verify implementations are synchronous, forego invocation
> of crypto_akcipher_sync_{prep,post}() and call crypto_akcipher_verify()
> directly from crypto_sig_verify().
>
> Signed-off-by: Lukas Wunner <lukas@wunner.de>
I'm a little out of my depth in this code, but one question did
come to mind. Rather than passing scatter lists and buffers
via the same function void akcipher_request_set_crypt()
why not add a variant that takes buffers for signing cases so
that you can maintain the scatterlist pointers for the encrypt/decrypt
cases?
> diff --git a/include/crypto/akcipher.h b/include/crypto/akcipher.h
> index 18a10cad07aa..2c5bc35d297a 100644
> --- a/include/crypto/akcipher.h
> +++ b/include/crypto/akcipher.h
> @@ -16,28 +16,39 @@
> *
> * @base: Common attributes for async crypto requests
> * @src: Source data
> - * For verify op this is signature + digest, in that case
> - * total size of @src is @src_len + @dst_len.
> - * @dst: Destination data (Should be NULL for verify op)
> + * @dst: Destination data
> * @src_len: Size of the input buffer
> - * For verify op it's size of signature part of @src, this part
> - * is supposed to be operated by cipher.
> - * @dst_len: Size of @dst buffer (for all ops except verify).
> + * @dst_len: Size of @dst buffer
> * It needs to be at least as big as the expected result
> * depending on the operation.
> * After operation it will be updated with the actual size of the
> * result.
> * In case of error where the dst sgl size was insufficient,
> * it will be updated to the size required for the operation.
> - * For verify op this is size of digest part in @src.
> + * @sig: Signature
> + * @digest: Digest
> + * @sig_len: Size of @sig
> + * @digest_len: Size of @digest
> * @__ctx: Start of private context data
> */
> struct akcipher_request {
> struct crypto_async_request base;
> - struct scatterlist *src;
> - struct scatterlist *dst;
> - unsigned int src_len;
> - unsigned int dst_len;
> + union {
> + struct {
> + /* sign, encrypt, decrypt operations */
> + struct scatterlist *src;
> + struct scatterlist *dst;
> + unsigned int src_len;
> + unsigned int dst_len;
> + };
> + struct {
> + /* verify operation */
> + const void *sig;
> + const void *digest;
> + unsigned int sig_len;
> + unsigned int digest_len;
> + };
> + };
> void *__ctx[] CRYPTO_MINALIGN_ATTR;
> };
>
> @@ -242,20 +253,18 @@ static inline void akcipher_request_set_callback(struct akcipher_request *req,
> * Sets parameters required by crypto operation
> *
> * @req: public key request
> - * @src: ptr to input scatter list
> - * @dst: ptr to output scatter list or NULL for verify op
> - * @src_len: size of the src input scatter list to be processed
> - * @dst_len: size of the dst output scatter list or size of signature
> - * portion in @src for verify op
> + * @src: ptr to input scatter list or signature for verify op
> + * @dst: ptr to output scatter list or digest for verify op
> + * @src_len: size of @src
> + * @dst_len: size of @dst
> */
> static inline void akcipher_request_set_crypt(struct akcipher_request *req,
> - struct scatterlist *src,
> - struct scatterlist *dst,
> + const void *src, const void *dst,
Maybe it's worth a 'special' variant.
static inline void akcipher_request_set_crypt_for_verify()
so that you can keep the other list typed and not rely
on overlapping pointer fields via the union.
> unsigned int src_len,
> unsigned int dst_len)
> {
> - req->src = src;
> - req->dst = dst;
> + req->sig = src;
> + req->digest = dst;
> req->src_len = src_len;
> req->dst_len = dst_len;
> }
> @@ -372,10 +381,6 @@ static inline int crypto_akcipher_sign(struct akcipher_request *req)
> *
> * @req: asymmetric key request
> *
> - * Note: req->dst should be NULL, req->src should point to SG of size
> - * (req->src_size + req->dst_size), containing signature (of req->src_size
> - * length) with appended digest (of req->dst_size length).
> - *
> * Return: zero on verification success; error code in case of error.
> */
> static inline int crypto_akcipher_verify(struct akcipher_request *req)
next prev parent reply other threads:[~2024-08-01 16:02 UTC|newest]
Thread overview: 20+ messages / expand[flat|nested] mbox.gz Atom feed top
2024-07-29 13:46 [PATCH 0/5] Templatize ecdsa signature decoding Lukas Wunner
2024-07-29 13:47 ` [PATCH 1/5] ASN.1: Add missing include <linux/types.h> Lukas Wunner
2024-07-30 13:50 ` Stefan Berger
2024-08-01 14:42 ` Jonathan Cameron
2024-07-29 13:48 ` [PATCH 2/5] crypto: akcipher - Drop usage of sglists for verify op Lukas Wunner
2024-08-01 16:02 ` Jonathan Cameron [this message]
2024-08-02 21:40 ` Lukas Wunner
2024-08-06 5:55 ` Herbert Xu
2024-08-06 8:32 ` Lukas Wunner
2024-08-06 8:58 ` Herbert Xu
2024-08-22 12:25 ` Lukas Wunner
2024-09-06 6:59 ` Herbert Xu
2024-07-29 13:49 ` [PATCH 3/5] crypto: ecdsa - Avoid signed integer overflow on signature decoding Lukas Wunner
2024-07-30 13:50 ` Stefan Berger
2024-08-01 16:12 ` Jonathan Cameron
2024-07-29 13:50 ` [PATCH 4/5] crypto: ecdsa - Move X9.62 signature decoding into template Lukas Wunner
2024-08-01 16:58 ` Jonathan Cameron
2024-08-03 10:13 ` Lukas Wunner
2024-07-29 13:51 ` [PATCH 5/5] crypto: ecdsa - Support P1363 signature decoding Lukas Wunner
2024-08-01 17:06 ` Jonathan Cameron
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20240801170226.000070ea@Huawei.com \
--to=jonathan.cameron@huawei.com \
--cc=andrew.zaborowski@intel.com \
--cc=davem@davemloft.net \
--cc=dhowells@redhat.com \
--cc=herbert@gondor.apana.org.au \
--cc=keyrings@vger.kernel.org \
--cc=linux-crypto@vger.kernel.org \
--cc=lukas@wunner.de \
--cc=saulo.alessandre@tse.jus.br \
--cc=stefanb@linux.ibm.com \
--cc=tstruk@gigaio.com \
--cc=vt@altlinux.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.