From: Eric Biggers <ebiggers@kernel.org>
To: netdev@vger.kernel.org
Cc: Andrew Lunn <andrew+netdev@lunn.ch>,
"David S . Miller" <davem@davemloft.net>,
Eric Dumazet <edumazet@google.com>,
Jakub Kicinski <kuba@kernel.org>, Paolo Abeni <pabeni@redhat.com>,
Sunil Goutham <sgoutham@marvell.com>,
Geetha sowjanya <gakula@marvell.com>,
Subbaraya Sundeep <sbhatta@marvell.com>,
hariprasad <hkelam@marvell.com>,
Bharat Bhushan <bbhushan2@marvell.com>,
Sabrina Dubroca <sd@queasysnail.net>,
Eric Biggers <ebiggers@kernel.org>,
linux-crypto@vger.kernel.org, linux-kernel@vger.kernel.org
Subject: [PATCH net-next] octeontx2-pf: macsec: Use AES library instead of ecb(aes) skcipher
Date: Sat, 21 Mar 2026 15:52:08 -0700 [thread overview]
Message-ID: <20260321225208.64508-1-ebiggers@kernel.org> (raw)
cn10k_ecb_aes_encrypt() just encrypts a single block with AES. That is
much more easily and efficiently done with the AES library than
crypto_skcipher. Use the AES library instead.
Signed-off-by: Eric Biggers <ebiggers@kernel.org>
---
.../net/ethernet/marvell/octeontx2/Kconfig | 1 +
.../marvell/octeontx2/nic/cn10k_macsec.c | 53 +++++--------------
2 files changed, 13 insertions(+), 41 deletions(-)
diff --git a/drivers/net/ethernet/marvell/octeontx2/Kconfig b/drivers/net/ethernet/marvell/octeontx2/Kconfig
index 35c4f5f64f58..47e549c581f0 100644
--- a/drivers/net/ethernet/marvell/octeontx2/Kconfig
+++ b/drivers/net/ethernet/marvell/octeontx2/Kconfig
@@ -31,10 +31,11 @@ config NDC_DIS_DYNAMIC_CACHING
config OCTEONTX2_PF
tristate "Marvell OcteonTX2 NIC Physical Function driver"
select OCTEONTX2_MBOX
select NET_DEVLINK
select PAGE_POOL
+ select CRYPTO_LIB_AES if MACSEC
depends on (64BIT && COMPILE_TEST) || ARM64
select DIMLIB
depends on PCI
depends on PTP_1588_CLOCK_OPTIONAL
depends on MACSEC || !MACSEC
diff --git a/drivers/net/ethernet/marvell/octeontx2/nic/cn10k_macsec.c b/drivers/net/ethernet/marvell/octeontx2/nic/cn10k_macsec.c
index 4649996dc7da..2cc1bdfd9b2e 100644
--- a/drivers/net/ethernet/marvell/octeontx2/nic/cn10k_macsec.c
+++ b/drivers/net/ethernet/marvell/octeontx2/nic/cn10k_macsec.c
@@ -2,11 +2,11 @@
/* Marvell MACSEC hardware offload driver
*
* Copyright (C) 2022 Marvell.
*/
-#include <crypto/skcipher.h>
+#include <crypto/aes.h>
#include <linux/rtnetlink.h>
#include <linux/bitfield.h>
#include "otx2_common.h"
#define MCS_TCAM0_MAC_DA_MASK GENMASK_ULL(47, 0)
@@ -44,55 +44,26 @@
#define MCS_TCI_C 0x04 /* changed text */
#define CN10K_MAX_HASH_LEN 16
#define CN10K_MAX_SAK_LEN 32
-static int cn10k_ecb_aes_encrypt(struct otx2_nic *pfvf, u8 *sak,
- u16 sak_len, u8 *hash)
+static int cn10k_ecb_aes_encrypt(struct otx2_nic *pfvf, const u8 *sak,
+ u16 sak_len, u8 hash[CN10K_MAX_HASH_LEN])
{
- u8 data[CN10K_MAX_HASH_LEN] = { 0 };
- struct skcipher_request *req = NULL;
- struct scatterlist sg_src, sg_dst;
- struct crypto_skcipher *tfm;
- DECLARE_CRYPTO_WAIT(wait);
- int err;
-
- tfm = crypto_alloc_skcipher("ecb(aes)", 0, 0);
- if (IS_ERR(tfm)) {
- dev_err(pfvf->dev, "failed to allocate transform for ecb-aes\n");
- return PTR_ERR(tfm);
- }
-
- req = skcipher_request_alloc(tfm, GFP_KERNEL);
- if (!req) {
- dev_err(pfvf->dev, "failed to allocate request for skcipher\n");
- err = -ENOMEM;
- goto free_tfm;
- }
+ static const u8 zeroes[CN10K_MAX_HASH_LEN];
+ struct aes_enckey aes;
- err = crypto_skcipher_setkey(tfm, sak, sak_len);
- if (err) {
- dev_err(pfvf->dev, "failed to set key for skcipher\n");
- goto free_req;
+ if (aes_prepareenckey(&aes, sak, sak_len) != 0) {
+ dev_err(pfvf->dev, "invalid AES key length: %d\n", sak_len);
+ return -EINVAL;
}
- /* build sg list */
- sg_init_one(&sg_src, data, CN10K_MAX_HASH_LEN);
- sg_init_one(&sg_dst, hash, CN10K_MAX_HASH_LEN);
-
- skcipher_request_set_callback(req, 0, crypto_req_done, &wait);
- skcipher_request_set_crypt(req, &sg_src, &sg_dst,
- CN10K_MAX_HASH_LEN, NULL);
+ static_assert(CN10K_MAX_HASH_LEN == AES_BLOCK_SIZE);
+ aes_encrypt(&aes, hash, zeroes);
- err = crypto_skcipher_encrypt(req);
- err = crypto_wait_req(err, &wait);
-
-free_req:
- skcipher_request_free(req);
-free_tfm:
- crypto_free_skcipher(tfm);
- return err;
+ memzero_explicit(&aes, sizeof(aes));
+ return 0;
}
static struct cn10k_mcs_txsc *cn10k_mcs_get_txsc(struct cn10k_mcs_cfg *cfg,
struct macsec_secy *secy)
{
base-commit: fb78a629b4f0eb399b413f6c093a3da177b3a4eb
--
2.53.0
next reply other threads:[~2026-03-21 22:52 UTC|newest]
Thread overview: 4+ messages / expand[flat|nested] mbox.gz Atom feed top
2026-03-21 22:52 Eric Biggers [this message]
2026-03-23 7:02 ` [PATCH net-next] octeontx2-pf: macsec: Use AES library instead of ecb(aes) skcipher Subbaraya Sundeep
2026-03-25 18:08 ` Subbaraya Sundeep
2026-03-26 10:50 ` patchwork-bot+netdevbpf
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20260321225208.64508-1-ebiggers@kernel.org \
--to=ebiggers@kernel.org \
--cc=andrew+netdev@lunn.ch \
--cc=bbhushan2@marvell.com \
--cc=davem@davemloft.net \
--cc=edumazet@google.com \
--cc=gakula@marvell.com \
--cc=hkelam@marvell.com \
--cc=kuba@kernel.org \
--cc=linux-crypto@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=netdev@vger.kernel.org \
--cc=pabeni@redhat.com \
--cc=sbhatta@marvell.com \
--cc=sd@queasysnail.net \
--cc=sgoutham@marvell.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox