mirror of
https://github.com/torvalds/linux.git
synced 2026-04-18 14:53:58 -04:00
1546d3feb5
Convert the implementation of the v1 (original / deprecated) fscrypt per-file key derivation algorithm to use the AES library instead of an "ecb(aes)" crypto_skcipher. This is much simpler. While the AES library doesn't support AES-ECB directly yet, we can still simply call aes_encrypt() in a loop. While that doesn't explicitly parallelize the AES encryptions, it doesn't really matter in this case, where a new key is used each time and only 16 to 64 bytes are encrypted. In fact, a quick benchmark (AMD Ryzen 9 9950X) shows that this commit actually greatly improves performance, from ~7000 cycles per key derived to ~1500. The times don't differ much between 32 bytes and 64 bytes either, so clearly the bottleneck is API stuff and key expansion. Granted, performance of the v1 key derivation is no longer very relevant: most users have moved onto v2 encryption policies. The v2 key derivation uses HKDF-SHA512 (which is ~3500 cycles on the same CPU). Still, it's nice that the simpler solution is much faster as well. Compatibility verified with xfstests generic/548. Link: https://lore.kernel.org/r/20260321075338.99809-1-ebiggers@kernel.org Signed-off-by: Eric Biggers <ebiggers@kernel.org>
41 lines
1.6 KiB
Plaintext
41 lines
1.6 KiB
Plaintext
# SPDX-License-Identifier: GPL-2.0-only
|
|
config FS_ENCRYPTION
|
|
bool "FS Encryption (Per-file encryption)"
|
|
select CRYPTO
|
|
select CRYPTO_SKCIPHER
|
|
select CRYPTO_LIB_AES
|
|
select CRYPTO_LIB_SHA256
|
|
select CRYPTO_LIB_SHA512
|
|
select KEYS
|
|
help
|
|
Enable encryption of files and directories. This
|
|
feature is similar to ecryptfs, but it is more memory
|
|
efficient since it avoids caching the encrypted and
|
|
decrypted pages in the page cache. Currently Ext4,
|
|
F2FS, UBIFS, and CephFS make use of this feature.
|
|
|
|
# Filesystems supporting encryption must select this if FS_ENCRYPTION. This
|
|
# allows the algorithms to be built as modules when all the filesystems are,
|
|
# whereas selecting them from FS_ENCRYPTION would force them to be built-in.
|
|
#
|
|
# Note: this option only pulls in the algorithms that filesystem encryption
|
|
# needs "by default". If userspace will use "non-default" encryption modes such
|
|
# as Adiantum encryption, then those other modes need to be explicitly enabled
|
|
# in the crypto API; see Documentation/filesystems/fscrypt.rst for details.
|
|
#
|
|
# Also note that this option only pulls in the generic implementations of the
|
|
# algorithms, not any per-architecture optimized implementations. It is
|
|
# strongly recommended to enable optimized implementations too.
|
|
config FS_ENCRYPTION_ALGS
|
|
tristate
|
|
select CRYPTO_AES
|
|
select CRYPTO_CBC
|
|
select CRYPTO_CTS
|
|
select CRYPTO_XTS
|
|
|
|
config FS_ENCRYPTION_INLINE_CRYPT
|
|
bool "Enable fscrypt to use inline crypto"
|
|
depends on FS_ENCRYPTION && BLK_INLINE_ENCRYPTION
|
|
help
|
|
Enable fscrypt to use inline encryption hardware if available.
|