From: Eric Biggers <ebiggers@kernel.org>
To: linux-crypto@vger.kernel.org
Cc: linux-kernel@vger.kernel.org, Ard Biesheuvel <ardb@kernel.org>,
"Jason A . Donenfeld" <Jason@zx2c4.com>,
Herbert Xu <herbert@gondor.apana.org.au>,
linux-arm-kernel@lists.infradead.org,
linuxppc-dev@lists.ozlabs.org, linux-riscv@lists.infradead.org,
linux-s390@vger.kernel.org, sparclinux@vger.kernel.org,
x86@kernel.org, Holger Dengler <dengler@linux.ibm.com>,
Harald Freudenberger <freude@linux.ibm.com>,
Eric Biggers <ebiggers@kernel.org>
Subject: [PATCH 24/36] crypto: arm64/ghash - Use new AES library API
Date: Sun, 4 Jan 2026 21:12:57 -0800 [thread overview]
Message-ID: <20260105051311.1607207-25-ebiggers@kernel.org> (raw)
In-Reply-To: <20260105051311.1607207-1-ebiggers@kernel.org>
Switch from the old AES library functions (which use struct
crypto_aes_ctx) to the new ones (which use struct aes_enckey). This
eliminates the unnecessary computation and caching of the decryption
round keys. The new AES en/decryption functions are also much faster
and use AES instructions when supported by the CPU.
Note: aes_encrypt_new() will be renamed to aes_encrypt() once all
callers of the old aes_encrypt() have been updated.
Signed-off-by: Eric Biggers <ebiggers@kernel.org>
---
arch/arm64/crypto/ghash-ce-glue.c | 29 ++++++++---------------------
1 file changed, 8 insertions(+), 21 deletions(-)
diff --git a/arch/arm64/crypto/ghash-ce-glue.c b/arch/arm64/crypto/ghash-ce-glue.c
index ef249d06c92c..bfd38e485e77 100644
--- a/arch/arm64/crypto/ghash-ce-glue.c
+++ b/arch/arm64/crypto/ghash-ce-glue.c
@@ -38,11 +38,11 @@ struct ghash_key {
struct arm_ghash_desc_ctx {
u64 digest[GHASH_DIGEST_SIZE/sizeof(u64)];
};
struct gcm_aes_ctx {
- struct crypto_aes_ctx aes_key;
+ struct aes_enckey aes_key;
u8 nonce[RFC4106_NONCE_SIZE];
struct ghash_key ghash_key;
};
asmlinkage void pmull_ghash_update_p64(int blocks, u64 dg[], const char *src,
@@ -184,35 +184,23 @@ static struct shash_alg ghash_alg = {
.import = ghash_import,
.descsize = sizeof(struct arm_ghash_desc_ctx),
.statesize = sizeof(struct ghash_desc_ctx),
};
-static int num_rounds(struct crypto_aes_ctx *ctx)
-{
- /*
- * # of rounds specified by AES:
- * 128 bit key 10 rounds
- * 192 bit key 12 rounds
- * 256 bit key 14 rounds
- * => n byte key => 6 + (n/4) rounds
- */
- return 6 + ctx->key_length / 4;
-}
-
static int gcm_aes_setkey(struct crypto_aead *tfm, const u8 *inkey,
unsigned int keylen)
{
struct gcm_aes_ctx *ctx = crypto_aead_ctx(tfm);
u8 key[GHASH_BLOCK_SIZE];
be128 h;
int ret;
- ret = aes_expandkey(&ctx->aes_key, inkey, keylen);
+ ret = aes_prepareenckey(&ctx->aes_key, inkey, keylen);
if (ret)
return -EINVAL;
- aes_encrypt(&ctx->aes_key, key, (u8[AES_BLOCK_SIZE]){});
+ aes_encrypt_new(&ctx->aes_key, key, (u8[AES_BLOCK_SIZE]){});
/* needed for the fallback */
memcpy(&ctx->ghash_key.k, key, GHASH_BLOCK_SIZE);
ghash_reflect(ctx->ghash_key.h[0], &ctx->ghash_key.k);
@@ -294,11 +282,10 @@ static void gcm_calculate_auth_mac(struct aead_request *req, u64 dg[], u32 len)
static int gcm_encrypt(struct aead_request *req, char *iv, int assoclen)
{
struct crypto_aead *aead = crypto_aead_reqtfm(req);
struct gcm_aes_ctx *ctx = crypto_aead_ctx(aead);
- int nrounds = num_rounds(&ctx->aes_key);
struct skcipher_walk walk;
u8 buf[AES_BLOCK_SIZE];
u64 dg[2] = {};
be128 lengths;
u8 *tag;
@@ -329,12 +316,12 @@ static int gcm_encrypt(struct aead_request *req, char *iv, int assoclen)
tag = NULL;
}
scoped_ksimd()
pmull_gcm_encrypt(nbytes, dst, src, ctx->ghash_key.h,
- dg, iv, ctx->aes_key.key_enc, nrounds,
- tag);
+ dg, iv, ctx->aes_key.k.rndkeys,
+ ctx->aes_key.nrounds, tag);
if (unlikely(!nbytes))
break;
if (unlikely(nbytes > 0 && nbytes < AES_BLOCK_SIZE))
@@ -357,11 +344,10 @@ static int gcm_encrypt(struct aead_request *req, char *iv, int assoclen)
static int gcm_decrypt(struct aead_request *req, char *iv, int assoclen)
{
struct crypto_aead *aead = crypto_aead_reqtfm(req);
struct gcm_aes_ctx *ctx = crypto_aead_ctx(aead);
unsigned int authsize = crypto_aead_authsize(aead);
- int nrounds = num_rounds(&ctx->aes_key);
struct skcipher_walk walk;
u8 otag[AES_BLOCK_SIZE];
u8 buf[AES_BLOCK_SIZE];
u64 dg[2] = {};
be128 lengths;
@@ -399,12 +385,13 @@ static int gcm_decrypt(struct aead_request *req, char *iv, int assoclen)
}
scoped_ksimd()
ret = pmull_gcm_decrypt(nbytes, dst, src,
ctx->ghash_key.h,
- dg, iv, ctx->aes_key.key_enc,
- nrounds, tag, otag, authsize);
+ dg, iv, ctx->aes_key.k.rndkeys,
+ ctx->aes_key.nrounds, tag, otag,
+ authsize);
if (unlikely(!nbytes))
break;
if (unlikely(nbytes > 0 && nbytes < AES_BLOCK_SIZE))
--
2.52.0
next prev parent reply other threads:[~2026-01-05 5:15 UTC|newest]
Thread overview: 51+ messages / expand[flat|nested] mbox.gz Atom feed top
2026-01-05 5:12 [PATCH 00/36] AES library improvements Eric Biggers
2026-01-05 5:12 ` [PATCH 01/36] crypto: powerpc/aes - Rename struct aes_key Eric Biggers
2026-01-05 5:12 ` [PATCH 02/36] lib/crypto: aes: Introduce improved AES library Eric Biggers
2026-01-05 7:47 ` Qingfang Deng
2026-01-06 6:36 ` Eric Biggers
2026-01-05 5:12 ` [PATCH 03/36] crypto: arm/aes-neonbs - Use AES library for single blocks Eric Biggers
2026-01-05 5:12 ` [PATCH 04/36] crypto: arm/aes - Switch to aes_enc_tab[] and aes_dec_tab[] Eric Biggers
2026-01-05 5:12 ` [PATCH 05/36] crypto: arm64/aes " Eric Biggers
2026-01-05 5:12 ` [PATCH 06/36] crypto: arm64/aes - Select CRYPTO_LIB_SHA256 from correct places Eric Biggers
2026-01-05 5:12 ` [PATCH 07/36] crypto: aegis - Switch from crypto_ft_tab[] to aes_enc_tab[] Eric Biggers
2026-01-05 5:12 ` [PATCH 08/36] crypto: aes - Remove aes-fixed-time / CONFIG_CRYPTO_AES_TI Eric Biggers
2026-01-05 5:12 ` [PATCH 09/36] crypto: aes - Replace aes-generic with wrapper around lib Eric Biggers
2026-01-05 5:12 ` [PATCH 10/36] lib/crypto: arm/aes: Migrate optimized code into library Eric Biggers
2026-01-05 5:12 ` [PATCH 11/36] lib/crypto: arm64/aes: " Eric Biggers
2026-01-05 5:12 ` [PATCH 12/36] lib/crypto: powerpc/aes: Migrate SPE " Eric Biggers
2026-01-05 5:12 ` [PATCH 13/36] lib/crypto: powerpc/aes: Migrate POWER8 " Eric Biggers
2026-01-05 5:12 ` [PATCH 14/36] lib/crypto: riscv/aes: Migrate " Eric Biggers
2026-01-05 5:12 ` [PATCH 15/36] lib/crypto: s390/aes: " Eric Biggers
2026-01-07 7:41 ` Holger Dengler
2026-01-07 20:34 ` Eric Biggers
2026-01-14 12:12 ` Holger Dengler
2026-01-05 5:12 ` [PATCH 16/36] lib/crypto: sparc/aes: " Eric Biggers
2026-01-05 5:12 ` [PATCH 17/36] lib/crypto: x86/aes: Add AES-NI optimization Eric Biggers
2026-01-05 5:12 ` [PATCH 18/36] crypto: x86/aes - Remove the superseded AES-NI crypto_cipher Eric Biggers
2026-01-05 5:12 ` [PATCH 19/36] Bluetooth: SMP: Use new AES library API Eric Biggers
2026-01-05 15:40 ` Andrew Cooper
2026-01-05 19:05 ` David Laight
2026-01-06 6:58 ` Eric Biggers
2026-01-05 5:12 ` [PATCH 20/36] chelsio: " Eric Biggers
2026-01-05 5:12 ` [PATCH 21/36] net: phy: mscc: macsec: " Eric Biggers
2026-01-05 5:12 ` [PATCH 22/36] staging: rtl8723bs: core: " Eric Biggers
2026-01-05 5:12 ` [PATCH 23/36] crypto: arm/ghash - " Eric Biggers
2026-01-05 5:12 ` Eric Biggers [this message]
2026-01-05 5:12 ` [PATCH 25/36] crypto: x86/aes-gcm " Eric Biggers
2026-01-05 5:12 ` [PATCH 26/36] crypto: ccp " Eric Biggers
2026-01-05 5:13 ` [PATCH 27/36] crypto: chelsio " Eric Biggers
2026-01-05 5:13 ` [PATCH 28/36] crypto: crypto4xx " Eric Biggers
2026-01-05 5:13 ` [PATCH 29/36] crypto: drbg " Eric Biggers
2026-01-05 5:13 ` [PATCH 30/36] crypto: inside-secure " Eric Biggers
2026-01-07 3:48 ` Qingfang Deng
2026-01-07 4:01 ` Eric Biggers
2026-01-05 5:13 ` [PATCH 31/36] crypto: omap " Eric Biggers
2026-01-05 5:13 ` [PATCH 32/36] lib/crypto: aescfb: " Eric Biggers
2026-01-05 5:13 ` [PATCH 33/36] lib/crypto: aesgcm: " Eric Biggers
2026-01-05 5:13 ` [PATCH 34/36] lib/crypto: aes: Remove old AES en/decryption functions Eric Biggers
2026-01-05 5:13 ` [PATCH 35/36] lib/crypto: aes: Drop "_new" suffix from " Eric Biggers
2026-01-05 5:13 ` [PATCH 36/36] lib/crypto: aes: Drop 'volatile' from aes_sbox and aes_inv_sbox Eric Biggers
2026-01-08 11:32 ` [PATCH 00/36] AES library improvements Ard Biesheuvel
2026-01-08 20:26 ` Eric Biggers
2026-01-09 1:27 ` Eric Biggers
2026-01-09 9:08 ` Ard Biesheuvel
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20260105051311.1607207-25-ebiggers@kernel.org \
--to=ebiggers@kernel.org \
--cc=Jason@zx2c4.com \
--cc=ardb@kernel.org \
--cc=dengler@linux.ibm.com \
--cc=freude@linux.ibm.com \
--cc=herbert@gondor.apana.org.au \
--cc=linux-arm-kernel@lists.infradead.org \
--cc=linux-crypto@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-riscv@lists.infradead.org \
--cc=linux-s390@vger.kernel.org \
--cc=linuxppc-dev@lists.ozlabs.org \
--cc=sparclinux@vger.kernel.org \
--cc=x86@kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox