[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <20250401040852.GC56851@sol.localdomain>
Date: Mon, 31 Mar 2025 21:08:52 -0700
From: Eric Biggers <ebiggers@...nel.org>
To: Herbert Xu <herbert@...dor.apana.org.au>
Cc: Linus Torvalds <torvalds@...ux-foundation.org>,
"David S. Miller" <davem@...emloft.net>,
Linux Kernel Mailing List <linux-kernel@...r.kernel.org>,
Linux Crypto Mailing List <linux-crypto@...r.kernel.org>
Subject: Re: Chaining is dead
On Tue, Apr 01, 2025 at 11:55:02AM +0800, Herbert Xu wrote:
> On Mon, Mar 31, 2025 at 08:33:03PM -0700, Eric Biggers wrote:
> >
> > - It would add the overhead of keyslot management to software crypto
>
> That seems to be a design error in blk_crypto. Why should we
> model the inadequacies of hardware in software?
>
> If we're going through the software crypto path in blk_crypto,
> it should be done as a first-clsas citizen, and not as a poor
> man's version of hardware crypto.
Interesting seeing this argument coming from you when the whole Crypto API is
built around forcing software crypto to use interfaces designed for hardware.
Currently the blk-crypto keyslots are "needed" even for blk-crypto-fallback
since otherwise it would be necessary to expand the key
(crypto_skcipher_setkey() in the Crypto API, or its library equivalent like
aes_expandkey() if we switch to that) for every I/O request. The blk-crypto
interface could be reworked to support pre-expansion of the key, but that would
differ from what actual inline encryption hardware needs. So this is just
another case where the needs of hardware vs. software diverge...
- Eric
Powered by blists - more mailing lists