On Tue, Feb 13, 2024 at 05:04:25PM +0800, Herbert Xu wrote: > [PATCH 00/15] crypto: Add twopass lskcipher for adiantum Thanks. Can you include an explanation of the high-level context and goals for this work? It's still not clear to me. I'm guessing that the main goal is to get rid of the vaddr => scatterlist => vaddr round trip for software encryption/decryption, which hopefully will improve performance and make the API easier to use? And to do that, all software algorithms need to be converted to "lskcipher"? Will skcipher API users actually be able to convert to lskcipher, or will they be blocked by people expecting to be able to use hardware crypto accelerators? Would you accept lskcipher being used alongside skcipher? Previously you had said you don't want shash being used alongside ahash. I'd prefer there was a clear plan before merging a bunch of patches that leave everything in a half-finished state. By the way, note that hctr2 requires two passes too, as it's an SPRP like Adiantum. Also note that SPRPs in general may require more than two passes, though Adiantum and HCTR2 were designed to only need two (technically they have three passes, but two are combinable). It's fine to support only two passes if that's what's needed now; I just thought I'd mention that there's no guarantee that two passes will be enough forever. > In addition to converting adiantum, the underlying chacha algorithm > is also converted over to lskcipher. > > The algorithms cts + xts have been converted too to ensure that the > tailsize mechanism works properly for them. While doing this the > parameters for cts + xts have been modified so that blocksize is now > 1. This entails changing the paramters of all drivers that support > cts and/or xts. cts and xts have nothing to do with adiantum. So this further indicates that the scope of this work is broader than just "crypto: Add twopass lskcipher for adiantum" as suggested by the title. It would be good to have a sense for the direction of this work. What will be coming next? - Eric