On Mon, Jul 29, 2024 at 03:48:00PM +0200, Lukas Wunner wrote:
> Commit 6cb8815f41a9 ("crypto: sig - Add interface for sign/verify")
> introduced an API which accepts kernel buffers instead of sglists for
> signature generation and verification.
>
> Commit 63ba4d67594a ("KEYS: asymmetric: Use new crypto interface without
> scatterlists") converted the sole user in the tree to the new API.
>
> Although the API externally accepts kernel buffers, internally it still
> converts them to sglists, which results in overhead for asymmetric
> algorithms because they need to copy the sglists back into kernel
> buffers.
>
> Take the next step and switch signature verification over to using
> kernel buffers internally, thereby avoiding the sglists overhead.
>
> Because all ->verify implementations are synchronous, forego invocation
> of crypto_akcipher_sync_{prep,post}() and call crypto_akcipher_verify()
> directly from crypto_sig_verify().
>
> Signed-off-by: Lukas Wunner <lukas@xxxxxxxxx>
> ---
> crypto/akcipher.c | 11 +++-----
> crypto/ecdsa.c | 27 +++++---------------
> crypto/ecrdsa.c | 28 +++++++--------------
> crypto/rsa-pkcs1pad.c | 27 ++++++++------------
> crypto/sig.c | 24 +++++++++---------
> crypto/testmgr.c | 12 ++++-----
> include/crypto/akcipher.h | 53 +++++++++++++++++++++------------------
> 7 files changed, 76 insertions(+), 106 deletions(-)
The link between sig and akcipher is meant to be temporary. The
plan is to create a new low-level API for sig and then migrate
the signature code over to that from akcipher.
Yes we do want to get rid of the unnecessary SG list ops but is
it possible to side-step this for your work? If not perhaps you
could help by creating the low-level API for sig? :)
Thanks,
--
Email: Herbert Xu <herbert@xxxxxxxxxxxxxxxxxxx>
Home Page: http://gondor.apana.org.au/~herbert/
PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt
