All of lore.kernel.org
 help / color / mirror / Atom feed
From: Eric Biggers <ebiggers@kernel.org>
To: linux-crypto@vger.kernel.org
Cc: linux-kernel@vger.kernel.org, Eric Biggers <ebiggers@kernel.org>
Subject: [PATCH 20/33] KEYS: trusted: dcp: Use AES-GCM library instead of crypto_aead
Date: Mon,  6 Jul 2026 22:34:50 -0700	[thread overview]
Message-ID: <20260707053503.209874-21-ebiggers@kernel.org> (raw)
In-Reply-To: <20260707053503.209874-1-ebiggers@kernel.org>

Now that there's a library API for AES-GCM, use it instead of a
"gcm(aes)" crypto_aead.  This significantly simplifies the code.

Note, I've left unchanged two pre-existing issues with this code:

- trusted_key_unseal() doesn't validate that the decrypted key actually
  fits in the buffer to which it's written.

- dcp_blob_fmt::nonce is unnecessarily long, at 16 bytes rather than the
  12 bytes that are actually used by the AES-GCM operations.  Probably
  unfixable since it's part of the blob format.

Signed-off-by: Eric Biggers <ebiggers@kernel.org>
---
 security/keys/trusted-keys/Kconfig       |  1 +
 security/keys/trusted-keys/trusted_dcp.c | 69 +++++-------------------
 2 files changed, 15 insertions(+), 55 deletions(-)

diff --git a/security/keys/trusted-keys/Kconfig b/security/keys/trusted-keys/Kconfig
index e5a4a53aeab2..361882191ff9 100644
--- a/security/keys/trusted-keys/Kconfig
+++ b/security/keys/trusted-keys/Kconfig
@@ -63,6 +63,7 @@ config TRUSTED_KEYS_DCP
 	bool "DCP-based trusted keys"
 	depends on CRYPTO_DEV_MXS_DCP >= TRUSTED_KEYS
 	default y
+	select CRYPTO_LIB_AES_GCM
 	select HAVE_TRUSTED_KEYS_DEBUG
 	select HAVE_TRUSTED_KEYS
 	help
diff --git a/security/keys/trusted-keys/trusted_dcp.c b/security/keys/trusted-keys/trusted_dcp.c
index 7b6eb655df0c..f9b2e0ad162d 100644
--- a/security/keys/trusted-keys/trusted_dcp.c
+++ b/security/keys/trusted-keys/trusted_dcp.c
@@ -3,10 +3,8 @@
  * Copyright (C) 2021 sigma star gmbh
  */
 
-#include <crypto/aead.h>
 #include <crypto/aes.h>
-#include <crypto/algapi.h>
-#include <crypto/gcm.h>
+#include <crypto/aes-gcm.h>
 #include <crypto/skcipher.h>
 #include <keys/trusted-type.h>
 #include <linux/key-type.h>
@@ -126,64 +124,25 @@ static int do_dcp_crypto(u8 *in, u8 *out, bool do_encrypt)
 	return res;
 }
 
-static int do_aead_crypto(u8 *in, u8 *out, size_t len, u8 *key, u8 *nonce,
+static int do_aead_crypto(u8 *in, u8 *out, size_t len,
+			  const u8 key[AES_KEYSIZE_128], const u8 nonce[12],
 			  bool do_encrypt)
 {
-	struct aead_request *aead_req = NULL;
-	struct scatterlist src_sg, dst_sg;
-	struct crypto_aead *aead;
+	struct aes_gcm_key gcm;
 	int ret;
-	DECLARE_CRYPTO_WAIT(wait);
-
-	aead = crypto_alloc_aead("gcm(aes)", 0, CRYPTO_ALG_ASYNC);
-	if (IS_ERR(aead)) {
-		ret = PTR_ERR(aead);
-		goto out;
-	}
 
-	ret = crypto_aead_setauthsize(aead, DCP_BLOB_AUTHLEN);
-	if (ret < 0) {
-		pr_err("Can't set crypto auth tag len: %d\n", ret);
-		goto free_aead;
-	}
-
-	aead_req = aead_request_alloc(aead, GFP_KERNEL);
-	if (!aead_req) {
-		ret = -ENOMEM;
-		goto free_aead;
-	}
+	ret = aes_gcm_preparekey(&gcm, key, AES_KEYSIZE_128, DCP_BLOB_AUTHLEN);
+	if (ret) /* Should never fail here, since valid lengths were used. */
+		return ret;
 
-	sg_init_one(&src_sg, in, len);
 	if (do_encrypt) {
-		/*
-		 * If we encrypt our buffer has extra space for the auth tag.
-		 */
-		sg_init_one(&dst_sg, out, len + DCP_BLOB_AUTHLEN);
+		aes_gcm_encrypt(out, out + len, in, len, NULL, 0, nonce, &gcm);
+		ret = 0;
 	} else {
-		sg_init_one(&dst_sg, out, len);
+		ret = aes_gcm_decrypt(out, in, in + len, len, NULL, 0, nonce,
+				      &gcm);
 	}
-
-	aead_request_set_crypt(aead_req, &src_sg, &dst_sg, len, nonce);
-	aead_request_set_callback(aead_req, CRYPTO_TFM_REQ_MAY_SLEEP,
-				  crypto_req_done, &wait);
-	aead_request_set_ad(aead_req, 0);
-
-	if (crypto_aead_setkey(aead, key, AES_KEYSIZE_128)) {
-		pr_err("Can't set crypto AEAD key\n");
-		ret = -EINVAL;
-		goto free_req;
-	}
-
-	if (do_encrypt)
-		ret = crypto_wait_req(crypto_aead_encrypt(aead_req), &wait);
-	else
-		ret = crypto_wait_req(crypto_aead_decrypt(aead_req), &wait);
-
-free_req:
-	aead_request_free(aead_req);
-free_aead:
-	crypto_free_aead(aead);
-out:
+	memzero_explicit(&gcm, sizeof(gcm));
 	return ret;
 }
 
@@ -273,8 +232,8 @@ static int trusted_dcp_unseal(struct trusted_key_payload *p, char *datablob)
 		goto out;
 	}
 
-	ret = do_aead_crypto(b->payload, p->key, p->key_len + DCP_BLOB_AUTHLEN,
-			     plain_blob_key, b->nonce, false);
+	ret = do_aead_crypto(b->payload, p->key, p->key_len, plain_blob_key,
+			     b->nonce, false);
 	if (ret) {
 		pr_err("Unwrap of DCP payload failed: %i\n", ret);
 		goto out;
-- 
2.54.0


  parent reply	other threads:[~2026-07-07  5:37 UTC|newest]

Thread overview: 54+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2026-07-07  5:34 [PATCH 00/33] Library APIs for AES encryption modes Eric Biggers
2026-07-07  5:34 ` [PATCH 01/33] crypto: xts - Split out __xts_verify_key() helper Eric Biggers
2026-07-07 13:20   ` Thomas Huth
2026-07-07  5:34 ` [PATCH 02/33] lib/crypto: aes: Add ECB support Eric Biggers
2026-07-07 13:59   ` Thomas Huth
2026-07-07 19:22     ` Eric Biggers
2026-07-08  5:29       ` Thomas Huth
2026-07-07  5:34 ` [PATCH 03/33] lib/crypto: aes: Add CBC and CBC-CTS support Eric Biggers
2026-07-09 13:06   ` Thomas Huth
2026-07-13 23:37     ` Eric Biggers
2026-07-07  5:34 ` [PATCH 04/33] lib/crypto: aes: Add CTR and XCTR support Eric Biggers
2026-07-13  8:39   ` Thomas Huth
2026-07-13 23:54     ` Eric Biggers
2026-07-14  4:53       ` Thomas Huth
2026-07-07  5:34 ` [PATCH 05/33] lib/crypto: aes: Add XTS support Eric Biggers
2026-07-13 12:15   ` Thomas Huth
2026-07-14  0:23     ` Eric Biggers
2026-07-07  5:34 ` [PATCH 06/33] lib/crypto: aes: Add GCM support Eric Biggers
2026-07-07  5:34 ` [PATCH 07/33] lib/crypto: aes: Add CCM support Eric Biggers
2026-07-07  5:34 ` [PATCH 08/33] crypto: aes - Add ECB support using library Eric Biggers
2026-07-07  5:34 ` [PATCH 09/33] crypto: aes - Add CBC and CBC-CTS " Eric Biggers
2026-07-07  5:34 ` [PATCH 10/33] crypto: aes - Add CTR and XCTR " Eric Biggers
2026-07-07  5:34 ` [PATCH 11/33] crypto: aes - Add XTS " Eric Biggers
2026-07-07  5:34 ` [PATCH 12/33] crypto: aes - Add GCM " Eric Biggers
2026-07-07  5:34 ` [PATCH 13/33] crypto: aes - Add CCM " Eric Biggers
2026-07-07  5:34 ` [PATCH 14/33] x86/sev: Use new AES-GCM library Eric Biggers
2026-07-07  5:34 ` [PATCH 15/33] lib/crypto: aesgcm: Remove old " Eric Biggers
2026-07-07  5:34 ` [PATCH 16/33] crypto: aes - Remove AES-CBC-MAC support Eric Biggers
2026-07-07  5:34 ` [PATCH 17/33] lib/crypto: aes: Remove aes_cbcmac_* functions Eric Biggers
2026-07-07  5:34 ` [PATCH 18/33] fscrypt: Use aes_ecb_encrypt() for v1 key derivation Eric Biggers
2026-07-07  5:34 ` [PATCH 19/33] KEYS: encrypted: Use AES-CBC library instead of crypto_skcipher Eric Biggers
2026-07-07  5:34 ` Eric Biggers [this message]
2026-07-07  5:34 ` [PATCH 21/33] libceph: Use AES-CBC library in ceph_aes_crypt() Eric Biggers
2026-07-07  5:34 ` [PATCH 22/33] libceph: Reimplement messenger v2 encryption using AES-GCM library Eric Biggers
2026-07-07  5:34 ` [PATCH 23/33] wifi: mac80211: Use AES-CTR library in fils_aead.c Eric Biggers
2026-07-07  5:34 ` [PATCH 24/33] wifi: mac80211: Use AES-GCM library for GMAC suite Eric Biggers
2026-07-07  5:34 ` [PATCH 25/33] wifi: mac80211: Use crypto libraries for GCMP and CCMP suites Eric Biggers
2026-07-07  5:34 ` [PATCH 26/33] macsec: Use AES-GCM library instead of crypto_aead Eric Biggers
2026-07-07  5:34 ` [PATCH 27/33] wifi: ipw2x00: Use AES-CCM library Eric Biggers
2026-07-07  5:34 ` [PATCH 28/33] mac802154: Use AES-CCM and AES-CTR libraries Eric Biggers
2026-07-07  5:34 ` [PATCH 29/33] bpf: crypto: Use AES-CBC and AES-ECB libraries Eric Biggers
2026-07-07 15:01   ` Vadim Fedorenko
2026-07-07 18:20     ` Eric Biggers
2026-07-07 22:50       ` Vadim Fedorenko
2026-07-07 23:16         ` Eric Biggers
2026-07-08 11:47           ` Vadim Fedorenko
2026-07-09 15:47             ` Eric Biggers
2026-07-09 16:46               ` Vadim Fedorenko
2026-07-07  5:35 ` [PATCH 30/33] bpf: crypto: Add AES-GCM support Eric Biggers
2026-07-07 15:02   ` Vadim Fedorenko
2026-07-07  5:35 ` [PATCH 31/33] smb: client: Use AES-GCM and AES-CCM libraries Eric Biggers
2026-07-07  5:35 ` [PATCH 32/33] ksmbd: " Eric Biggers
2026-07-07 10:51   ` Namjae Jeon
2026-07-07  5:35 ` [PATCH 33/33] net: tipc: Use AES-GCM library instead of crypto_aead Eric Biggers

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20260707053503.209874-21-ebiggers@kernel.org \
    --to=ebiggers@kernel.org \
    --cc=linux-crypto@vger.kernel.org \
    --cc=linux-kernel@vger.kernel.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.