tjh.dev / kernel
Linux kernel mirror (for testing) git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git
kernel os linux
1
fork

Configure Feed

Select the types of activity you want to include in your feed.

octeontx2-pf: macsec: Use AES library instead of ecb(aes) skcipher

cn10k_ecb_aes_encrypt() just encrypts a single block with AES. That is
much more easily and efficiently done with the AES library than
crypto_skcipher. Use the AES library instead.

Signed-off-by: Eric Biggers <ebiggers@kernel.org>
Reviewed-by: Subbaraya Sundeep <sbhatta@marvell.com>
Link: https://patch.msgid.link/20260321225208.64508-1-ebiggers@kernel.org
Signed-off-by: Paolo Abeni <pabeni@redhat.com>

authored by

Eric Biggers and committed by
Paolo Abeni 8f303194 d1e59a46

+13 -41
+1
drivers/net/ethernet/marvell/octeontx2/Kconfig
··· 33 33 select OCTEONTX2_MBOX 34 34 select NET_DEVLINK 35 35 select PAGE_POOL 36 + select CRYPTO_LIB_AES if MACSEC 36 37 depends on (64BIT && COMPILE_TEST) || ARM64 37 38 select DIMLIB 38 39 depends on PCI
+12 -41
drivers/net/ethernet/marvell/octeontx2/nic/cn10k_macsec.c
··· 4 4 * Copyright (C) 2022 Marvell. 5 5 */ 6 6 7 - #include <crypto/skcipher.h> 7 + #include <crypto/aes.h> 8 8 #include <linux/rtnetlink.h> 9 9 #include <linux/bitfield.h> 10 10 #include "otx2_common.h" ··· 46 46 #define CN10K_MAX_HASH_LEN 16 47 47 #define CN10K_MAX_SAK_LEN 32 48 48 49 - static int cn10k_ecb_aes_encrypt(struct otx2_nic *pfvf, u8 *sak, 50 - u16 sak_len, u8 *hash) 49 + static int cn10k_ecb_aes_encrypt(struct otx2_nic *pfvf, const u8 *sak, 50 + u16 sak_len, u8 hash[CN10K_MAX_HASH_LEN]) 51 51 { 52 - u8 data[CN10K_MAX_HASH_LEN] = { 0 }; 53 - struct skcipher_request *req = NULL; 54 - struct scatterlist sg_src, sg_dst; 55 - struct crypto_skcipher *tfm; 56 - DECLARE_CRYPTO_WAIT(wait); 57 - int err; 52 + static const u8 zeroes[CN10K_MAX_HASH_LEN]; 53 + struct aes_enckey aes; 58 54 59 - tfm = crypto_alloc_skcipher("ecb(aes)", 0, 0); 60 - if (IS_ERR(tfm)) { 61 - dev_err(pfvf->dev, "failed to allocate transform for ecb-aes\n"); 62 - return PTR_ERR(tfm); 55 + if (aes_prepareenckey(&aes, sak, sak_len) != 0) { 56 + dev_err(pfvf->dev, "invalid AES key length: %d\n", sak_len); 57 + return -EINVAL; 63 58 } 64 59 65 - req = skcipher_request_alloc(tfm, GFP_KERNEL); 66 - if (!req) { 67 - dev_err(pfvf->dev, "failed to allocate request for skcipher\n"); 68 - err = -ENOMEM; 69 - goto free_tfm; 70 - } 60 + static_assert(CN10K_MAX_HASH_LEN == AES_BLOCK_SIZE); 61 + aes_encrypt(&aes, hash, zeroes); 71 62 72 - err = crypto_skcipher_setkey(tfm, sak, sak_len); 73 - if (err) { 74 - dev_err(pfvf->dev, "failed to set key for skcipher\n"); 75 - goto free_req; 76 - } 77 - 78 - /* build sg list */ 79 - sg_init_one(&sg_src, data, CN10K_MAX_HASH_LEN); 80 - sg_init_one(&sg_dst, hash, CN10K_MAX_HASH_LEN); 81 - 82 - skcipher_request_set_callback(req, 0, crypto_req_done, &wait); 83 - skcipher_request_set_crypt(req, &sg_src, &sg_dst, 84 - CN10K_MAX_HASH_LEN, NULL); 85 - 86 - err = crypto_skcipher_encrypt(req); 87 - err = crypto_wait_req(err, &wait); 88 - 89 - free_req: 90 - skcipher_request_free(req); 91 - free_tfm: 92 - crypto_free_skcipher(tfm); 93 - return err; 63 + memzero_explicit(&aes, sizeof(aes)); 64 + return 0; 94 65 } 95 66 96 67 static struct cn10k_mcs_txsc *cn10k_mcs_get_txsc(struct cn10k_mcs_cfg *cfg,