On Tue, 22 Jul 2025, Harald Freudenberger wrote:
> Support for ahashes in dm-integrity.
>
> Changelog:
>
> v1: First implementation. Tested with crc32, sha256, hmac-sha256 and
> the s390 specific implementations for hmac-sha256 and protected
> key phmac-sha256. Also ran with some instrumented code (in the digest
> implementation) to verify that in fact now the code runs asynchronous.
> v2: Support shash and ahash. Based on Mikulas' idea about implementing
> ahash support similar to dm-verity this version now adds support
> for ahash but does not replace the shash support. For more details
> see the text of the patch header.
> v3: The line to store the digestsize into the new internal variable
> did not make it into the patch set which was sent out. So now
> this important code piece is also there. Also rebuilded, sparse
> checked and tested to make sure the patches are ok.
> v4: Thanks to Mikulas a total new implementation of the ahash support
> for the dm-integrity layer :-)
> v5: Slight rework around the allocation and comparing of ahash and
> shash algorithm.
> V5 has been tested with the new introduced ahash phmac which is a
> protected key ("hardware key") version of a hmac for s390. As of now
> phmac is only available in Herbert Xu's cryptodev-2.6 kernel tree
> but will be merged into mainline with the next merge window for
> the 6.17 development kernel.
>
> Mikulas Patocka (2):
> dm-integrity: use internal variable for digestsize
> dm-integrity: introduce ahash support for the internal hash
>
> drivers/md/dm-integrity.c | 370 +++++++++++++++++++++++++++-----------
> 1 file changed, 265 insertions(+), 105 deletions(-)
>
>
> base-commit: 89be9a83ccf1f88522317ce02f854f30d6115c41
> --
> 2.43.0
>
Hi
Eric Biggers recently removed ahash support from dm-verity - see this
commit:
https://kernel.googlesource.com/pub/scm/linux/kernel/git/device-mapper/linux-dm/+/f43309c6743257244f11f14d31c297ee6a410ded
Should I revert Eric's patch? - would you need dm-verity with asynchronous
hashes on zseries too?
Is this patch series needed for performance (does it perform better than
the in-cpu instructions)? Or is it need because of better security (the
keys are hidden in the hardware)?
Mikulas
