|
|
Log in / Subscribe / Register

Internal kernel changes - crypto subsystem

Internal kernel changes - crypto subsystem

Posted Nov 21, 2024 22:58 UTC (Thu) by l1k (subscriber, #112260)
Parent article: The beginning of the 6.13 merge window

The kernel's cryptographic subsystem has gained a new internal API for signature generation. There is some kerneldoc documentation available.

Author here. More accurately the goal of my patches was to move sign/verify operations out of akcipher and into a new, separate crypto algorithm type. akcipher is thus now solely for asymmetric encrypt/decrypt. Of note here is that the new sign/verify API uses kernel buffers, whereas akcipher uses sglists.

Herbert Xu started the transition to the new crypto algorithm type for sign/verify a year ago by introducing a frontend:

https://lore.kernel.org/linux-crypto/ZIg4b8kAeW7x%2FoM1@gondor.apana.org.au/

I completed that effort by adding a backend and migrating all asymmetric sign/verify algorithms to it:

https://lore.kernel.org/all/cover.1725972333.git.lukas@wunner.de/

We currently have 3 algorithms in the tree: RSA (only PKCS1 encoding), ECDSA (X9.62 encoding and from v6.13 also P1363) and ECRDSA (aka GOST). Signing is currently only supported by the RSA algorithm implementation. Verifying by all three.

to post comments


Copyright © 2026, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds