tjh.dev / kernel
Linux kernel mirror (for testing) git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git
kernel os linux
1
fork

Configure Feed

Select the types of activity you want to include in your feed.

crypto: inside-secure - Use new AES library API

Switch from the old AES library functions (which use struct
crypto_aes_ctx) to the new ones (which use struct aes_enckey). This
eliminates the unnecessary computation and caching of the decryption
round keys. The new AES en/decryption functions are also much faster
and use AES instructions when supported by the CPU.

Note that in addition to the change in the key preparation function and
the key struct type itself, the change in the type of the key struct
results in aes_encrypt() (which is temporarily a type-generic macro)
calling the new encryption function rather than the old one.

This driver used crypto_aes_ctx::key_enc, but only to access the copy of
the raw key that is stored at the beginning of the expanded key. To
eliminate the dependency on this field, instead just access the raw key
directly, which is already available in the relevant functions.

Acked-by: Ard Biesheuvel <ardb@kernel.org>
Link: https://lore.kernel.org/r/20260112192035.10427-31-ebiggers@kernel.org
Signed-off-by: Eric Biggers <ebiggers@kernel.org>

Eric Biggers 65c7022b b2c15db7

+12 -14
+5 -7
drivers/crypto/inside-secure/safexcel_cipher.c
··· 2507 2507 struct crypto_tfm *tfm = crypto_aead_tfm(ctfm); 2508 2508 struct safexcel_cipher_ctx *ctx = crypto_tfm_ctx(tfm); 2509 2509 struct safexcel_crypto_priv *priv = ctx->base.priv; 2510 - struct crypto_aes_ctx aes; 2510 + struct aes_enckey aes; 2511 2511 u32 hashkey[AES_BLOCK_SIZE >> 2]; 2512 2512 int ret, i; 2513 2513 2514 - ret = aes_expandkey(&aes, key, len); 2515 - if (ret) { 2516 - memzero_explicit(&aes, sizeof(aes)); 2514 + ret = aes_prepareenckey(&aes, key, len); 2515 + if (ret) 2517 2516 return ret; 2518 - } 2519 2517 2520 2518 if (priv->flags & EIP197_TRC_CACHE && ctx->base.ctxr_dma) { 2521 2519 for (i = 0; i < len / sizeof(u32); i++) { 2522 - if (le32_to_cpu(ctx->key[i]) != aes.key_enc[i]) { 2520 + if (ctx->key[i] != get_unaligned((__le32 *)key + i)) { 2523 2521 ctx->base.needs_inv = true; 2524 2522 break; 2525 2523 } ··· 2525 2527 } 2526 2528 2527 2529 for (i = 0; i < len / sizeof(u32); i++) 2528 - ctx->key[i] = cpu_to_le32(aes.key_enc[i]); 2530 + ctx->key[i] = get_unaligned((__le32 *)key + i); 2529 2531 2530 2532 ctx->key_len = len; 2531 2533
+7 -7
drivers/crypto/inside-secure/safexcel_hash.c
··· 30 30 bool fb_init_done; 31 31 bool fb_do_setkey; 32 32 33 - struct crypto_aes_ctx *aes; 33 + struct aes_enckey *aes; 34 34 struct crypto_ahash *fback; 35 35 struct crypto_shash *shpre; 36 36 struct shash_desc *shdesc; ··· 1976 1976 u32 key_tmp[3 * AES_BLOCK_SIZE / sizeof(u32)]; 1977 1977 int ret, i; 1978 1978 1979 - ret = aes_expandkey(ctx->aes, key, len); 1979 + ret = aes_prepareenckey(ctx->aes, key, len); 1980 1980 if (ret) 1981 1981 return ret; 1982 1982 ··· 1990 1990 for (i = 0; i < 3 * AES_BLOCK_SIZE / sizeof(u32); i++) 1991 1991 ctx->base.ipad.word[i] = swab32(key_tmp[i]); 1992 1992 1993 - ret = aes_expandkey(ctx->aes, 1994 - (u8 *)key_tmp + 2 * AES_BLOCK_SIZE, 1995 - AES_MIN_KEY_SIZE); 1993 + ret = aes_prepareenckey(ctx->aes, 1994 + (u8 *)key_tmp + 2 * AES_BLOCK_SIZE, 1995 + AES_MIN_KEY_SIZE); 1996 1996 if (ret) 1997 1997 return ret; 1998 1998 ··· 2062 2062 int ret, i; 2063 2063 2064 2064 /* precompute the CMAC key material */ 2065 - ret = aes_expandkey(ctx->aes, key, len); 2065 + ret = aes_prepareenckey(ctx->aes, key, len); 2066 2066 if (ret) 2067 2067 return ret; 2068 2068 2069 2069 for (i = 0; i < len / sizeof(u32); i++) 2070 - ctx->base.ipad.word[i + 8] = swab32(ctx->aes->key_enc[i]); 2070 + ctx->base.ipad.word[i + 8] = get_unaligned_be32(&key[4 * i]); 2071 2071 2072 2072 /* code below borrowed from crypto/cmac.c */ 2073 2073 /* encrypt the zero block */