tjh.dev / kernel
Linux kernel mirror (for testing) git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git
kernel os linux
1
fork

Configure Feed

Select the types of activity you want to include in your feed.

crypto: arm64/ghash - Use new AES library API

Switch from the old AES library functions (which use struct
crypto_aes_ctx) to the new ones (which use struct aes_enckey). This
eliminates the unnecessary computation and caching of the decryption
round keys. The new AES en/decryption functions are also much faster
and use AES instructions when supported by the CPU.

Note that in addition to the change in the key preparation function and
the key struct type itself, the change in the type of the key struct
results in aes_encrypt() (which is temporarily a type-generic macro)
calling the new encryption function rather than the old one.

Acked-by: Ard Biesheuvel <ardb@kernel.org>
Link: https://lore.kernel.org/r/20260112192035.10427-25-ebiggers@kernel.org
Signed-off-by: Eric Biggers <ebiggers@kernel.org>

Eric Biggers 370960c1 cf4b7b99

+7 -20
+7 -20
arch/arm64/crypto/ghash-ce-glue.c
··· 40 40 }; 41 41 42 42 struct gcm_aes_ctx { 43 - struct crypto_aes_ctx aes_key; 43 + struct aes_enckey aes_key; 44 44 u8 nonce[RFC4106_NONCE_SIZE]; 45 45 struct ghash_key ghash_key; 46 46 }; ··· 186 186 .statesize = sizeof(struct ghash_desc_ctx), 187 187 }; 188 188 189 - static int num_rounds(struct crypto_aes_ctx *ctx) 190 - { 191 - /* 192 - * # of rounds specified by AES: 193 - * 128 bit key 10 rounds 194 - * 192 bit key 12 rounds 195 - * 256 bit key 14 rounds 196 - * => n byte key => 6 + (n/4) rounds 197 - */ 198 - return 6 + ctx->key_length / 4; 199 - } 200 - 201 189 static int gcm_aes_setkey(struct crypto_aead *tfm, const u8 *inkey, 202 190 unsigned int keylen) 203 191 { ··· 194 206 be128 h; 195 207 int ret; 196 208 197 - ret = aes_expandkey(&ctx->aes_key, inkey, keylen); 209 + ret = aes_prepareenckey(&ctx->aes_key, inkey, keylen); 198 210 if (ret) 199 211 return -EINVAL; 200 212 ··· 284 296 { 285 297 struct crypto_aead *aead = crypto_aead_reqtfm(req); 286 298 struct gcm_aes_ctx *ctx = crypto_aead_ctx(aead); 287 - int nrounds = num_rounds(&ctx->aes_key); 288 299 struct skcipher_walk walk; 289 300 u8 buf[AES_BLOCK_SIZE]; 290 301 u64 dg[2] = {}; ··· 318 331 319 332 scoped_ksimd() 320 333 pmull_gcm_encrypt(nbytes, dst, src, ctx->ghash_key.h, 321 - dg, iv, ctx->aes_key.key_enc, nrounds, 322 - tag); 334 + dg, iv, ctx->aes_key.k.rndkeys, 335 + ctx->aes_key.nrounds, tag); 323 336 324 337 if (unlikely(!nbytes)) 325 338 break; ··· 346 359 struct crypto_aead *aead = crypto_aead_reqtfm(req); 347 360 struct gcm_aes_ctx *ctx = crypto_aead_ctx(aead); 348 361 unsigned int authsize = crypto_aead_authsize(aead); 349 - int nrounds = num_rounds(&ctx->aes_key); 350 362 struct skcipher_walk walk; 351 363 u8 otag[AES_BLOCK_SIZE]; 352 364 u8 buf[AES_BLOCK_SIZE]; ··· 387 401 scoped_ksimd() 388 402 ret = pmull_gcm_decrypt(nbytes, dst, src, 389 403 ctx->ghash_key.h, 390 - dg, iv, ctx->aes_key.key_enc, 391 - nrounds, tag, otag, authsize); 404 + dg, iv, ctx->aes_key.k.rndkeys, 405 + ctx->aes_key.nrounds, tag, otag, 406 + authsize); 392 407 393 408 if (unlikely(!nbytes)) 394 409 break;