From: Ard Biesheuvel <ardb@kernel.org>
To: linux-crypto@vger.kernel.org
Cc: herbert@gondor.apana.org.au, Ard Biesheuvel <ardb@kernel.org>,
Eric Biggers <ebiggers@google.com>,
Ayush Sawal <ayush.sawal@chelsio.com>,
Vinay Kumar Yadav <vinay.yadav@chelsio.com>,
Rohit Maheshwari <rohitm@chelsio.com>
Subject: [PATCH v2 1/2] chcr_ktls: use AES library for single use cipher
Date: Fri, 11 Dec 2020 13:27:14 +0100 [thread overview]
Message-ID: <20201211122715.15090-2-ardb@kernel.org> (raw)
In-Reply-To: <20201211122715.15090-1-ardb@kernel.org>
Allocating a cipher via the crypto API only to free it again after using
it to encrypt a single block is unnecessary in cases where the algorithm
is known at compile time. So replace this pattern with a call to the AES
library.
Cc: Ayush Sawal <ayush.sawal@chelsio.com>
Cc: Vinay Kumar Yadav <vinay.yadav@chelsio.com>
Cc: Rohit Maheshwari <rohitm@chelsio.com>
Signed-off-by: Ard Biesheuvel <ardb@kernel.org>
---
drivers/net/ethernet/chelsio/inline_crypto/Kconfig | 1 +
drivers/net/ethernet/chelsio/inline_crypto/ch_ktls/chcr_ktls.c | 19 +++++++------------
2 files changed, 8 insertions(+), 12 deletions(-)
diff --git a/drivers/net/ethernet/chelsio/inline_crypto/Kconfig b/drivers/net/ethernet/chelsio/inline_crypto/Kconfig
index bc06e83fd3c6..521955e1f894 100644
--- a/drivers/net/ethernet/chelsio/inline_crypto/Kconfig
+++ b/drivers/net/ethernet/chelsio/inline_crypto/Kconfig
@@ -42,6 +42,7 @@ config CHELSIO_TLS_DEVICE
depends on CHELSIO_T4
depends on TLS
depends on TLS_DEVICE
+ select CRYPTO_LIB_AES
help
This flag enables support for kernel tls offload over Chelsio T6
crypto accelerator. CONFIG_CHELSIO_TLS_DEVICE flag can be enabled
diff --git a/drivers/net/ethernet/chelsio/inline_crypto/ch_ktls/chcr_ktls.c b/drivers/net/ethernet/chelsio/inline_crypto/ch_ktls/chcr_ktls.c
index 5195f692f14d..e9b75cec34db 100644
--- a/drivers/net/ethernet/chelsio/inline_crypto/ch_ktls/chcr_ktls.c
+++ b/drivers/net/ethernet/chelsio/inline_crypto/ch_ktls/chcr_ktls.c
@@ -9,6 +9,7 @@
#include <linux/ip.h>
#include <net/ipv6.h>
#include <linux/netdevice.h>
+#include <crypto/aes.h>
#include "chcr_ktls.h"
static LIST_HEAD(uld_ctx_list);
@@ -30,7 +31,7 @@ static int chcr_ktls_save_keys(struct chcr_ktls_info *tx_info,
unsigned char ghash_h[TLS_CIPHER_AES_GCM_256_TAG_SIZE];
struct tls12_crypto_info_aes_gcm_128 *info_128_gcm;
struct ktls_key_ctx *kctx = &tx_info->key_ctx;
- struct crypto_cipher *cipher;
+ struct crypto_aes_ctx aes_ctx;
unsigned char *key, *salt;
switch (crypto_info->cipher_type) {
@@ -91,18 +92,14 @@ static int chcr_ktls_save_keys(struct chcr_ktls_info *tx_info,
/* Calculate the H = CIPH(K, 0 repeated 16 times).
* It will go in key context
*/
- cipher = crypto_alloc_cipher("aes", 0, 0);
- if (IS_ERR(cipher)) {
- ret = -ENOMEM;
- goto out;
- }
- ret = crypto_cipher_setkey(cipher, key, keylen);
+ ret = aes_expandkey(&aes_ctx, key, keylen);
if (ret)
- goto out1;
+ goto out;
memset(ghash_h, 0, ghash_size);
- crypto_cipher_encrypt_one(cipher, ghash_h, ghash_h);
+ aes_encrypt(&aes_ctx, ghash_h, ghash_h);
+ memzero_explicit(&aes_ctx, sizeof(aes_ctx));
/* fill the Key context */
if (direction == TLS_OFFLOAD_CTX_DIR_TX) {
@@ -111,7 +108,7 @@ static int chcr_ktls_save_keys(struct chcr_ktls_info *tx_info,
key_ctx_size >> 4);
} else {
ret = -EINVAL;
- goto out1;
+ goto out;
}
memcpy(kctx->salt, salt, tx_info->salt_size);
@@ -119,8 +116,6 @@ static int chcr_ktls_save_keys(struct chcr_ktls_info *tx_info,
memcpy(kctx->key + keylen, ghash_h, ghash_size);
tx_info->key_ctx_len = key_ctx_size;
-out1:
- crypto_free_cipher(cipher);
out:
return ret;
}
--
2.17.1
next prev parent reply other threads:[~2020-12-11 12:29 UTC|newest]
Thread overview: 6+ messages / expand[flat|nested] mbox.gz Atom feed top
2020-12-11 12:27 [PATCH v2 0/2] crypto: remove bare cipher from public API Ard Biesheuvel
2020-12-11 12:27 ` Ard Biesheuvel [this message]
2020-12-11 22:40 ` [PATCH v2 1/2] chcr_ktls: use AES library for single use cipher Eric Biggers
2020-12-11 12:27 ` [PATCH v2 2/2] crypto: remove cipher routines from public crypto API Ard Biesheuvel
2020-12-11 22:45 ` Eric Biggers
2021-01-02 22:06 ` [PATCH v2 0/2] crypto: remove bare cipher from public API Herbert Xu
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20201211122715.15090-2-ardb@kernel.org \
--to=ardb@kernel.org \
--cc=ayush.sawal@chelsio.com \
--cc=ebiggers@google.com \
--cc=herbert@gondor.apana.org.au \
--cc=linux-crypto@vger.kernel.org \
--cc=rohitm@chelsio.com \
--cc=vinay.yadav@chelsio.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).