On Fri, Sep 05, 2025 at 08:59:13PM -0700, Eric Biggers wrote: > For the HKDF-SHA512 key derivation needed by fscrypt, just use the > HMAC-SHA512 library functions directly. These functions were introduced > in v6.17, and they provide simple and efficient direct support for > HMAC-SHA512. This ends up being quite a bit simpler and more efficient > than using crypto/hkdf.c, as it avoids the generic crypto layer: > > - The HMAC library can't fail, so callers don't need to handle errors > - No inefficient indirect calls > - No inefficient and error-prone dynamic allocations > - No inefficient and error-prone loading of algorithm by name > - Less stack usage > > Benchmarks on x86_64 show that deriving a per-file key gets about 30% > faster, and FS_IOC_ADD_ENCRYPTION_KEY gets nearly twice as fast. > > The only small downside is the HKDF-Expand logic gets duplicated again. > Then again, even considering that, the new fscrypt_hkdf_expand() is only > 7 lines longer than the version that called hkdf_expand(). Later we > could add HKDF support to lib/crypto/, but for now let's just do this. > > Signed-off-by: Eric Biggers <[email protected]> > --- > > This patch is targeting fscrypt/for-next
Applied to https://git.kernel.org/pub/scm/fs/fscrypt/linux.git/log/?h=for-next - Eric
