Re: [PATCH 16/21] KEYS: PGP-based public key signature verification [ver #3]

From: David Howells
Date: Wed Jan 18 2012 - 07:50:13 EST


Kasatkin, Dmitry <dmitry.kasatkin@xxxxxxxxx> wrote:

> Synchronous hash SHASH is used only for software hash implementation...
> HW acceleration is not supported by this hash.
> It is good for short data.
> But when calculating a hash over long data as files can be,
> async hash AHASH is a preferred choice as enables HW acceleration.

Indeed. The asynchronous hash is a pain to use in the kernel, though, for a
couple of reasons: kernel addresses don't necessarily correspond to addresses
the h/w accel will see and you have to handle the h/w not signalling
completion. Herbert created shash to make it easier, and for module signing,
they're perfectly sufficient.

> As in my response to [PATCH 08/21] KEYS: Add signature verification facility
> [ver #3] It would be nice to have API to pass pre-computed hash, then client
> might tackle async peculiarities by itself...

True. If you can give me the completed hash data, then I don't need to care
how you managed it. If you give me an uncompleted hash, I then have to deal
with the async hash in the kernel.

It might make sense for me to provide an API call to give you the postamble you
need to add to the hash to complete it. That call could also indicate which
hash you require and could also be combined with the call to find the
appropriate key.

David
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/