On Wed, Jan 18, 2012 at 2:49 PM, David Howells <dhowells@xxxxxxxxxx> wrote: > Kasatkin, Dmitry <dmitry.kasatkin@xxxxxxxxx> wrote: > >> Synchronous hash SHASH is used only for software hash implementation... >> HW acceleration is not supported by this hash. >> It is good for short data. >> But when calculating a hash over long data as files can be, >> async hash AHASH is a preferred choice as enables HW acceleration. > > Indeed. The asynchronous hash is a pain to use in the kernel, though, for a > couple of reasons: kernel addresses don't necessarily correspond to addresses > the h/w accel will see and you have to handle the h/w not signalling > completion. Herbert created shash to make it easier, and for module signing, > they're perfectly sufficient. > Well, from client side, API is not that more complicate. It is just about scatterlist. Rest is handled by particular driver/HW. I agree, modules are not that big and SHASH is perfect choice for that... >> As in my response to [PATCH 08/21] KEYS: Add signature verification facility >> [ver #3] It would be nice to have API to pass pre-computed hash, then client >> might tackle async peculiarities by itself... > > True. If you can give me the completed hash data, then I don't need to care > how you managed it. If you give me an uncompleted hash, I then have to deal > with the async hash in the kernel. > > It might make sense for me to provide an API call to give you the postamble you > need to add to the hash to complete it. That call could also indicate which > hash you require and could also be combined with the call to find the > appropriate key. > Indeed, some blob with metadata to update before closing the hash would work well. PS.. As I understand, it is PGP spec which requires such processing. Otherwise, plain data hash could be used to produce another hash for signing, similar to what has been done in digsig project.... I have used the same approach for IMA. Thanks! > David -- To unsubscribe from this list: send the line "unsubscribe linux-crypto" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
