| Message ID | 20190702194150.10405-25-ard.biesheuvel@linaro.org (mailing list archive) |
|---|---|
| State | Accepted |
| Delegated to: | Herbert Xu |
| Headers | show |
| Series | crypto: AES cleanup | expand |
Hi, On Tuesday, July 2, 2019 9:41:42 PM CET Ard Biesheuvel wrote: > The AMCC code for GCM key derivation allocates a AES cipher to > perform a single block encryption. So let's switch to the new > and more lightweight AES library instead. > > Signed-off-by: Ard Biesheuvel <ard.biesheuvel@linaro.org> > --- > drivers/crypto/Kconfig | 2 +- > drivers/crypto/amcc/crypto4xx_alg.c | 24 +++++++------------- > 2 files changed, 9 insertions(+), 17 deletions(-) > > diff --git a/drivers/crypto/Kconfig b/drivers/crypto/Kconfig > index b30b84089d11..c7ac1e6d23d4 100644 > --- a/drivers/crypto/Kconfig > +++ b/drivers/crypto/Kconfig > @@ -311,7 +311,7 @@ config CRYPTO_DEV_PPC4XX > depends on PPC && 4xx > select CRYPTO_HASH > select CRYPTO_AEAD > - select CRYPTO_AES > + select CRYPTO_LIB_AES I think that getting rid of CRYPTO_AES was not a good idea here. Reason being that the crypto4xx driver registers fallbacks to cover edge-cases for AES-CTR, AES-CCM and AES-GCM modes that the hardware is incapbale of handling itself. So without the dependency of CRYPTO_AES, I think there's now a way to build the crypto4xx module without necessarily having CRYPTO_AES. And if that's the case then the necessary fallbacks cannot be instantiated and the driver will not provide the afromentioned modes. Can somebody clarify? Regards, Christian
diff --git a/drivers/crypto/Kconfig b/drivers/crypto/Kconfig index b30b84089d11..c7ac1e6d23d4 100644 --- a/drivers/crypto/Kconfig +++ b/drivers/crypto/Kconfig @@ -311,7 +311,7 @@ config CRYPTO_DEV_PPC4XX depends on PPC && 4xx select CRYPTO_HASH select CRYPTO_AEAD - select CRYPTO_AES + select CRYPTO_LIB_AES select CRYPTO_CCM select CRYPTO_CTR select CRYPTO_GCM diff --git a/drivers/crypto/amcc/crypto4xx_alg.c b/drivers/crypto/amcc/crypto4xx_alg.c index 26f86fd7532b..d3660703a36c 100644 --- a/drivers/crypto/amcc/crypto4xx_alg.c +++ b/drivers/crypto/amcc/crypto4xx_alg.c @@ -536,28 +536,20 @@ static int crypto4xx_aes_gcm_validate_keylen(unsigned int keylen) static int crypto4xx_compute_gcm_hash_key_sw(__le32 *hash_start, const u8 *key, unsigned int keylen) { - struct crypto_cipher *aes_tfm = NULL; + struct crypto_aes_ctx ctx; uint8_t src[16] = { 0 }; - int rc = 0; - - aes_tfm = crypto_alloc_cipher("aes", 0, CRYPTO_ALG_NEED_FALLBACK); - if (IS_ERR(aes_tfm)) { - rc = PTR_ERR(aes_tfm); - pr_warn("could not load aes cipher driver: %d\n", rc); - return rc; - } + int rc; - rc = crypto_cipher_setkey(aes_tfm, key, keylen); + rc = aes_expandkey(&ctx, key, keylen); if (rc) { - pr_err("setkey() failed: %d\n", rc); - goto out; + pr_err("aes_expandkey() failed: %d\n", rc); + return rc; } - crypto_cipher_encrypt_one(aes_tfm, src, src); + aes_encrypt(&ctx, src, src); crypto4xx_memcpy_to_le32(hash_start, src, 16); -out: - crypto_free_cipher(aes_tfm); - return rc; + memzero_explicit(&ctx, sizeof(ctx)); + return 0; } int crypto4xx_setkey_aes_gcm(struct crypto_aead *cipher,
The AMCC code for GCM key derivation allocates a AES cipher to perform a single block encryption. So let's switch to the new and more lightweight AES library instead. Signed-off-by: Ard Biesheuvel <ard.biesheuvel@linaro.org> --- drivers/crypto/Kconfig | 2 +- drivers/crypto/amcc/crypto4xx_alg.c | 24 +++++++------------- 2 files changed, 9 insertions(+), 17 deletions(-)