From 19591f7e781fd1e68228f5b3bee60be6425af886 Mon Sep 17 00:00:00 2001 From: Eric Biggers Date: Fri, 5 Sep 2025 20:59:13 -0700 Subject: fscrypt: use HMAC-SHA512 library for HKDF For the HKDF-SHA512 key derivation needed by fscrypt, just use the HMAC-SHA512 library functions directly. These functions were introduced in v6.17, and they provide simple and efficient direct support for HMAC-SHA512. This ends up being quite a bit simpler and more efficient than using crypto/hkdf.c, as it avoids the generic crypto layer: - The HMAC library can't fail, so callers don't need to handle errors - No inefficient indirect calls - No inefficient and error-prone dynamic allocations - No inefficient and error-prone loading of algorithm by name - Less stack usage Benchmarks on x86_64 show that deriving a per-file key gets about 30% faster, and FS_IOC_ADD_ENCRYPTION_KEY gets nearly twice as fast. The only small downside is the HKDF-Expand logic gets duplicated again. Then again, even considering that, the new fscrypt_hkdf_expand() is only 7 lines longer than the version that called hkdf_expand(). Later we could add HKDF support to lib/crypto/, but for now let's just do this. Link: https://lore.kernel.org/r/20250906035913.1141532-1-ebiggers@kernel.org Signed-off-by: Eric Biggers --- fs/crypto/hooks.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'fs/crypto/hooks.c') diff --git a/fs/crypto/hooks.c b/fs/crypto/hooks.c index e0b32ac841f7..0fb3496551b9 100644 --- a/fs/crypto/hooks.c +++ b/fs/crypto/hooks.c @@ -205,7 +205,7 @@ int fscrypt_prepare_setflags(struct inode *inode, mk = ci->ci_master_key; down_read(&mk->mk_sem); if (mk->mk_present) - err = fscrypt_derive_dirhash_key(ci, mk); + fscrypt_derive_dirhash_key(ci, mk); else err = -ENOKEY; up_read(&mk->mk_sem); -- cgit v1.2.3