tjh.dev / kernel
Linux kernel mirror (for testing) git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git
kernel os linux
fork atom

chcr_ktls: use AES library for single use cipher

Allocating a cipher via the crypto API only to free it again after using
it to encrypt a single block is unnecessary in cases where the algorithm
is known at compile time. So replace this pattern with a call to the AES
library.

Cc: Ayush Sawal <ayush.sawal@chelsio.com>
Cc: Vinay Kumar Yadav <vinay.yadav@chelsio.com>
Cc: Rohit Maheshwari <rohitm@chelsio.com>
Signed-off-by: Ard Biesheuvel <ardb@kernel.org>
Reviewed-by: Eric Biggers <ebiggers@google.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>

authored by

Ard Biesheuvel and committed by
Herbert Xu a3b01ffd bbfd06c7

+8 -12
+1
drivers/net/ethernet/chelsio/inline_crypto/Kconfig
··· 42 42 depends on CHELSIO_T4 43 43 depends on TLS 44 44 depends on TLS_DEVICE 45 + select CRYPTO_LIB_AES 45 46 help 46 47 This flag enables support for kernel tls offload over Chelsio T6 47 48 crypto accelerator. CONFIG_CHELSIO_TLS_DEVICE flag can be enabled
+7 -12
drivers/net/ethernet/chelsio/inline_crypto/ch_ktls/chcr_ktls.c
··· 9 9 #include <linux/ip.h> 10 10 #include <net/ipv6.h> 11 11 #include <linux/netdevice.h> 12 + #include <crypto/aes.h> 12 13 #include "chcr_ktls.h" 13 14 14 15 static LIST_HEAD(uld_ctx_list); ··· 75 74 unsigned char ghash_h[TLS_CIPHER_AES_GCM_256_TAG_SIZE]; 76 75 struct tls12_crypto_info_aes_gcm_128 *info_128_gcm; 77 76 struct ktls_key_ctx *kctx = &tx_info->key_ctx; 78 - struct crypto_cipher *cipher; 77 + struct crypto_aes_ctx aes_ctx; 79 78 unsigned char *key, *salt; 80 79 81 80 switch (crypto_info->cipher_type) { ··· 136 135 /* Calculate the H = CIPH(K, 0 repeated 16 times). 137 136 * It will go in key context 138 137 */ 139 - cipher = crypto_alloc_cipher("aes", 0, 0); 140 - if (IS_ERR(cipher)) { 141 - ret = -ENOMEM; 142 - goto out; 143 - } 144 138 145 - ret = crypto_cipher_setkey(cipher, key, keylen); 139 + ret = aes_expandkey(&aes_ctx, key, keylen); 146 140 if (ret) 147 - goto out1; 141 + goto out; 148 142 149 143 memset(ghash_h, 0, ghash_size); 150 - crypto_cipher_encrypt_one(cipher, ghash_h, ghash_h); 144 + aes_encrypt(&aes_ctx, ghash_h, ghash_h); 145 + memzero_explicit(&aes_ctx, sizeof(aes_ctx)); 151 146 152 147 /* fill the Key context */ 153 148 if (direction == TLS_OFFLOAD_CTX_DIR_TX) { ··· 152 155 key_ctx_size >> 4); 153 156 } else { 154 157 ret = -EINVAL; 155 - goto out1; 158 + goto out; 156 159 } 157 160 158 161 memcpy(kctx->salt, salt, tx_info->salt_size); ··· 160 163 memcpy(kctx->key + keylen, ghash_h, ghash_size); 161 164 tx_info->key_ctx_len = key_ctx_size; 162 165 163 - out1: 164 - crypto_free_cipher(cipher); 165 166 out: 166 167 return ret; 167 168 }