tjh.dev / kernel
Linux kernel mirror (for testing) git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git
kernel os linux
1
fork

Configure Feed

Select the types of activity you want to include in your feed.

crypto: drbg - Use new AES library API

Switch from the old AES library functions (which use struct
crypto_aes_ctx) to the new ones (which use struct aes_enckey). This
eliminates the unnecessary computation and caching of the decryption
round keys. The new AES en/decryption functions are also much faster
and use AES instructions when supported by the CPU.

Note that in addition to the change in the key preparation function and
the key struct type itself, the change in the type of the key struct
results in aes_encrypt() (which is temporarily a type-generic macro)
calling the new encryption function rather than the old one.

Acked-by: Ard Biesheuvel <ardb@kernel.org>
Link: https://lore.kernel.org/r/20260112192035.10427-30-ebiggers@kernel.org
Signed-off-by: Eric Biggers <ebiggers@kernel.org>

Eric Biggers b2c15db7 9b95f3a4

+21 -31
+10 -20
crypto/df_sp80090a.c
··· 14 14 #include <crypto/df_sp80090a.h> 15 15 #include <crypto/internal/drbg.h> 16 16 17 - static void drbg_kcapi_symsetkey(struct crypto_aes_ctx *aesctx, 18 - const unsigned char *key, 19 - u8 keylen); 20 - static void drbg_kcapi_symsetkey(struct crypto_aes_ctx *aesctx, 21 - const unsigned char *key, u8 keylen) 22 - { 23 - aes_expandkey(aesctx, key, keylen); 24 - } 25 - 26 - static void drbg_kcapi_sym(struct crypto_aes_ctx *aesctx, 27 - unsigned char *outval, 17 + static void drbg_kcapi_sym(struct aes_enckey *aeskey, unsigned char *outval, 28 18 const struct drbg_string *in, u8 blocklen_bytes) 29 19 { 30 20 /* there is only component in *in */ 31 21 BUG_ON(in->len < blocklen_bytes); 32 - aes_encrypt(aesctx, outval, in->buf); 22 + aes_encrypt(aeskey, outval, in->buf); 33 23 } 34 24 35 25 /* BCC function for CTR DRBG as defined in 10.4.3 */ 36 26 37 - static void drbg_ctr_bcc(struct crypto_aes_ctx *aesctx, 27 + static void drbg_ctr_bcc(struct aes_enckey *aeskey, 38 28 unsigned char *out, const unsigned char *key, 39 29 struct list_head *in, 40 30 u8 blocklen_bytes, ··· 37 47 drbg_string_fill(&data, out, blocklen_bytes); 38 48 39 49 /* 10.4.3 step 2 / 4 */ 40 - drbg_kcapi_symsetkey(aesctx, key, keylen); 50 + aes_prepareenckey(aeskey, key, keylen); 41 51 list_for_each_entry(curr, in, list) { 42 52 const unsigned char *pos = curr->buf; 43 53 size_t len = curr->len; ··· 46 56 /* 10.4.3 step 4.2 */ 47 57 if (blocklen_bytes == cnt) { 48 58 cnt = 0; 49 - drbg_kcapi_sym(aesctx, out, &data, blocklen_bytes); 59 + drbg_kcapi_sym(aeskey, out, &data, blocklen_bytes); 50 60 } 51 61 out[cnt] ^= *pos; 52 62 pos++; ··· 56 66 } 57 67 /* 10.4.3 step 4.2 for last block */ 58 68 if (cnt) 59 - drbg_kcapi_sym(aesctx, out, &data, blocklen_bytes); 69 + drbg_kcapi_sym(aeskey, out, &data, blocklen_bytes); 60 70 } 61 71 62 72 /* ··· 100 110 */ 101 111 102 112 /* Derivation Function for CTR DRBG as defined in 10.4.2 */ 103 - int crypto_drbg_ctr_df(struct crypto_aes_ctx *aesctx, 113 + int crypto_drbg_ctr_df(struct aes_enckey *aeskey, 104 114 unsigned char *df_data, size_t bytes_to_return, 105 115 struct list_head *seedlist, 106 116 u8 blocklen_bytes, ··· 177 187 */ 178 188 drbg_cpu_to_be32(i, iv); 179 189 /* 10.4.2 step 9.2 -- BCC and concatenation with temp */ 180 - drbg_ctr_bcc(aesctx, temp + templen, K, &bcc_list, 190 + drbg_ctr_bcc(aeskey, temp + templen, K, &bcc_list, 181 191 blocklen_bytes, keylen); 182 192 /* 10.4.2 step 9.3 */ 183 193 i++; ··· 191 201 /* 10.4.2 step 12: overwriting of outval is implemented in next step */ 192 202 193 203 /* 10.4.2 step 13 */ 194 - drbg_kcapi_symsetkey(aesctx, temp, keylen); 204 + aes_prepareenckey(aeskey, temp, keylen); 195 205 while (generated_len < bytes_to_return) { 196 206 short blocklen = 0; 197 207 /* ··· 199 209 * implicit as the key is only drbg_blocklen in size based on 200 210 * the implementation of the cipher function callback 201 211 */ 202 - drbg_kcapi_sym(aesctx, X, &cipherin, blocklen_bytes); 212 + drbg_kcapi_sym(aeskey, X, &cipherin, blocklen_bytes); 203 213 blocklen = (blocklen_bytes < 204 214 (bytes_to_return - generated_len)) ? 205 215 blocklen_bytes :
+6 -6
crypto/drbg.c
··· 1505 1505 #ifdef CONFIG_CRYPTO_DRBG_CTR 1506 1506 static int drbg_fini_sym_kernel(struct drbg_state *drbg) 1507 1507 { 1508 - struct crypto_aes_ctx *aesctx = (struct crypto_aes_ctx *)drbg->priv_data; 1508 + struct aes_enckey *aeskey = drbg->priv_data; 1509 1509 1510 - kfree(aesctx); 1510 + kfree(aeskey); 1511 1511 drbg->priv_data = NULL; 1512 1512 1513 1513 if (drbg->ctr_handle) ··· 1526 1526 1527 1527 static int drbg_init_sym_kernel(struct drbg_state *drbg) 1528 1528 { 1529 - struct crypto_aes_ctx *aesctx; 1529 + struct aes_enckey *aeskey; 1530 1530 struct crypto_skcipher *sk_tfm; 1531 1531 struct skcipher_request *req; 1532 1532 unsigned int alignmask; 1533 1533 char ctr_name[CRYPTO_MAX_ALG_NAME]; 1534 1534 1535 - aesctx = kzalloc(sizeof(*aesctx), GFP_KERNEL); 1536 - if (!aesctx) 1535 + aeskey = kzalloc(sizeof(*aeskey), GFP_KERNEL); 1536 + if (!aeskey) 1537 1537 return -ENOMEM; 1538 - drbg->priv_data = aesctx; 1538 + drbg->priv_data = aeskey; 1539 1539 1540 1540 if (snprintf(ctr_name, CRYPTO_MAX_ALG_NAME, "ctr(%s)", 1541 1541 drbg->core->backend_cra_name) >= CRYPTO_MAX_ALG_NAME) {
+4 -4
drivers/crypto/xilinx/xilinx-trng.c
··· 60 60 void __iomem *rng_base; 61 61 struct device *dev; 62 62 unsigned char *scratchpadbuf; 63 - struct crypto_aes_ctx *aesctx; 63 + struct aes_enckey *aeskey; 64 64 struct mutex lock; /* Protect access to TRNG device */ 65 65 struct hwrng trng; 66 66 }; ··· 198 198 ret = xtrng_collect_random_data(rng, entropy, TRNG_SEED_LEN_BYTES, true); 199 199 if (ret != TRNG_SEED_LEN_BYTES) 200 200 return -EINVAL; 201 - ret = crypto_drbg_ctr_df(rng->aesctx, rng->scratchpadbuf, 201 + ret = crypto_drbg_ctr_df(rng->aeskey, rng->scratchpadbuf, 202 202 TRNG_SEED_LEN_BYTES, &seedlist, AES_BLOCK_SIZE, 203 203 TRNG_SEED_LEN_BYTES); 204 204 if (ret) ··· 349 349 return PTR_ERR(rng->rng_base); 350 350 } 351 351 352 - rng->aesctx = devm_kzalloc(&pdev->dev, sizeof(*rng->aesctx), GFP_KERNEL); 353 - if (!rng->aesctx) 352 + rng->aeskey = devm_kzalloc(&pdev->dev, sizeof(*rng->aeskey), GFP_KERNEL); 353 + if (!rng->aeskey) 354 354 return -ENOMEM; 355 355 356 356 sb_size = crypto_drbg_ctr_df_datalen(TRNG_SEED_LEN_BYTES, AES_BLOCK_SIZE);
+1 -1
include/crypto/df_sp80090a.h
··· 18 18 statelen + blocklen; /* temp */ 19 19 } 20 20 21 - int crypto_drbg_ctr_df(struct crypto_aes_ctx *aes, 21 + int crypto_drbg_ctr_df(struct aes_enckey *aes, 22 22 unsigned char *df_data, 23 23 size_t bytes_to_return, 24 24 struct list_head *seedlist,