Received: by 2002:a05:6902:102b:0:0:0:0 with SMTP id x11csp3536653ybt; Tue, 30 Jun 2020 05:29:24 -0700 (PDT) X-Google-Smtp-Source: ABdhPJySQTOse4zhPKZckO9YjZGbxu42luZkX244TV0apy14cJhDZ3xQJ6C5ehx/at/VEkEPBeLf X-Received: by 2002:a17:906:3152:: with SMTP id e18mr18655554eje.137.1593520164075; Tue, 30 Jun 2020 05:29:24 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1593520164; cv=none; d=google.com; s=arc-20160816; b=wa6jPoGPLC74jtmXGR0T8EHFcwsJyMYH/y1oRJwkPFVrxDFoNkVRytlMoyD3EJZWCI k4phMJeTX7lXC+LnjM+SU09g4m84A/epch/7EaTU2aohHOKocQfesjfcP8C7sBbX4zha G41RPubVWVfeK9+pgK2e1lOLa5CFaQurKZq4RD8f1F5n8bT22WWflGuhc6j5jHsPZhxE p3nsafYXUm99VBv/Cv8M4kaF5PkY+DOoTWQCsbEHKdokkF7CGkzc3XVmMuXutZMDTpm5 XXes1sILXhyB2OjRgsOCtvAu4ebfvIzIYfjoSqY2P4vBNt39Mt2KVTEV/eNPj9DUqC7z LTzw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:references:in-reply-to:message-id:date :subject:cc:to:from:dkim-signature; bh=8WzQpa1GlAWIP04ZhuJUYUXFo6I3oChBlU8tKBZ6VvQ=; b=kStlywIEmevKn2XaEmDLRVGcOTHBWp5dF948bWRkJc5MWYDwtTbeSIBTMlp0xnQiTl zSihc658PI0jkzxz8EUnMl04dWqnvGRInNnA3e92N8ie7M55pHxdEXn0Z7f3U1DRsP9L lQJzz01V+YMR21F2Ust86yie7v3QEYt6nT8ZNfnx9+RlLwZvil7+w7auH+qskfQGDMgQ h36WqzTUDpphAbP4feV9qEnMWKzCaWbz8b8G1ddGoBAmLo0nhi0VYqIxG5yyvE442Go3 3fu0sWxVkmmulnnS1t/LP28ohCwbx6GG2G9dj/GKxUtB0i8bgshYj7VkTk1GmvJbpiWR 4wcQ== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@kernel.org header.s=default header.b=cq47PJn5; spf=pass (google.com: domain of linux-crypto-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-crypto-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id cx25si1567759edb.75.2020.06.30.05.29.01; Tue, 30 Jun 2020 05:29:24 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-crypto-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; dkim=pass header.i=@kernel.org header.s=default header.b=cq47PJn5; spf=pass (google.com: domain of linux-crypto-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-crypto-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S2387623AbgF3MUR (ORCPT + 99 others); Tue, 30 Jun 2020 08:20:17 -0400 Received: from mail.kernel.org ([198.145.29.99]:36754 "EHLO mail.kernel.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1732804AbgF3MUR (ORCPT ); Tue, 30 Jun 2020 08:20:17 -0400 Received: from e123331-lin.nice.arm.com (lfbn-nic-1-188-42.w2-15.abo.wanadoo.fr [2.15.37.42]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by mail.kernel.org (Postfix) with ESMTPSA id 33E2C20780; Tue, 30 Jun 2020 12:20:11 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=default; t=1593519616; bh=H0011zelgyIx0MUuXYWh9MFPAsRNumkOWpzTnMxw0Ww=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=cq47PJn5z1xZwhWox2oawvY84eQDArGpEZqyeLsOKTnwUsqc/wcIR1nzZtyCbXqar EFH/avEq6tQ5850MPEgBio+zHtjq4uKZlfm7RgvbZI9kpdEa28mtSHUkWMjYCeRfZz MXtcEbvWGYJVc21xHcinu/dOvuzT/dy8D9ZT8VTc= From: Ard Biesheuvel To: linux-crypto@vger.kernel.org Cc: Ard Biesheuvel , Corentin Labbe , Herbert Xu , "David S. Miller" , Maxime Ripard , Chen-Yu Tsai , Tom Lendacky , Ayush Sawal , Vinay Kumar Yadav , Rohit Maheshwari , Shawn Guo , Sascha Hauer , Pengutronix Kernel Team , Fabio Estevam , NXP Linux Team , Jamie Iles , Eric Biggers , Tero Kristo , Matthias Brugger Subject: [PATCH v3 13/13] crypto: mediatek - use AES library for GCM key derivation Date: Tue, 30 Jun 2020 14:19:07 +0200 Message-Id: <20200630121907.24274-14-ardb@kernel.org> X-Mailer: git-send-email 2.17.1 In-Reply-To: <20200630121907.24274-1-ardb@kernel.org> References: <20200630121907.24274-1-ardb@kernel.org> Sender: linux-crypto-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-crypto@vger.kernel.org The Mediatek accelerator driver calls into a dynamically allocated skcipher of the ctr(aes) variety to perform GCM key derivation, which involves AES encryption of a single block consisting of NUL bytes. There is no point in using the skcipher API for this, so use the AES library interface instead. Signed-off-by: Ard Biesheuvel --- drivers/crypto/Kconfig | 3 +- drivers/crypto/mediatek/mtk-aes.c | 63 +++----------------- 2 files changed, 9 insertions(+), 57 deletions(-) diff --git a/drivers/crypto/Kconfig b/drivers/crypto/Kconfig index 802b9ada4e9e..c8c3ebb248f8 100644 --- a/drivers/crypto/Kconfig +++ b/drivers/crypto/Kconfig @@ -756,10 +756,9 @@ config CRYPTO_DEV_ZYNQMP_AES config CRYPTO_DEV_MEDIATEK tristate "MediaTek's EIP97 Cryptographic Engine driver" depends on (ARM && ARCH_MEDIATEK) || COMPILE_TEST - select CRYPTO_AES + select CRYPTO_LIB_AES select CRYPTO_AEAD select CRYPTO_SKCIPHER - select CRYPTO_CTR select CRYPTO_SHA1 select CRYPTO_SHA256 select CRYPTO_SHA512 diff --git a/drivers/crypto/mediatek/mtk-aes.c b/drivers/crypto/mediatek/mtk-aes.c index 78d660d963e2..4ad3571ab6af 100644 --- a/drivers/crypto/mediatek/mtk-aes.c +++ b/drivers/crypto/mediatek/mtk-aes.c @@ -137,8 +137,6 @@ struct mtk_aes_gcm_ctx { u32 authsize; size_t textlen; - - struct crypto_skcipher *ctr; }; struct mtk_aes_drv { @@ -996,17 +994,8 @@ static int mtk_aes_gcm_setkey(struct crypto_aead *aead, const u8 *key, u32 keylen) { struct mtk_aes_base_ctx *ctx = crypto_aead_ctx(aead); - struct mtk_aes_gcm_ctx *gctx = mtk_aes_gcm_ctx_cast(ctx); - struct crypto_skcipher *ctr = gctx->ctr; - struct { - u32 hash[4]; - u8 iv[8]; - - struct crypto_wait wait; - - struct scatterlist sg[1]; - struct skcipher_request req; - } *data; + u8 hash[AES_BLOCK_SIZE] __aligned(4) = {}; + struct crypto_aes_ctx aes_ctx; int err; switch (keylen) { @@ -1026,39 +1015,18 @@ static int mtk_aes_gcm_setkey(struct crypto_aead *aead, const u8 *key, ctx->keylen = SIZE_IN_WORDS(keylen); - /* Same as crypto_gcm_setkey() from crypto/gcm.c */ - crypto_skcipher_clear_flags(ctr, CRYPTO_TFM_REQ_MASK); - crypto_skcipher_set_flags(ctr, crypto_aead_get_flags(aead) & - CRYPTO_TFM_REQ_MASK); - err = crypto_skcipher_setkey(ctr, key, keylen); + err = aes_expandkey(&aes_ctx, key, keylen); if (err) return err; - data = kzalloc(sizeof(*data) + crypto_skcipher_reqsize(ctr), - GFP_KERNEL); - if (!data) - return -ENOMEM; - - crypto_init_wait(&data->wait); - sg_init_one(data->sg, &data->hash, AES_BLOCK_SIZE); - skcipher_request_set_tfm(&data->req, ctr); - skcipher_request_set_callback(&data->req, CRYPTO_TFM_REQ_MAY_SLEEP | - CRYPTO_TFM_REQ_MAY_BACKLOG, - crypto_req_done, &data->wait); - skcipher_request_set_crypt(&data->req, data->sg, data->sg, - AES_BLOCK_SIZE, data->iv); - - err = crypto_wait_req(crypto_skcipher_encrypt(&data->req), - &data->wait); - if (err) - goto out; + aes_encrypt(&aes_ctx, hash, hash); + memzero_explicit(&aes_ctx, sizeof(aes_ctx)); mtk_aes_write_state_le(ctx->key, (const u32 *)key, keylen); - mtk_aes_write_state_be(ctx->key + ctx->keylen, data->hash, + mtk_aes_write_state_be(ctx->key + ctx->keylen, (const u32 *)hash, AES_BLOCK_SIZE); -out: - kzfree(data); - return err; + + return 0; } static int mtk_aes_gcm_setauthsize(struct crypto_aead *aead, @@ -1095,32 +1063,17 @@ static int mtk_aes_gcm_init(struct crypto_aead *aead) { struct mtk_aes_gcm_ctx *ctx = crypto_aead_ctx(aead); - ctx->ctr = crypto_alloc_skcipher("ctr(aes)", 0, - CRYPTO_ALG_ASYNC); - if (IS_ERR(ctx->ctr)) { - pr_err("Error allocating ctr(aes)\n"); - return PTR_ERR(ctx->ctr); - } - crypto_aead_set_reqsize(aead, sizeof(struct mtk_aes_reqctx)); ctx->base.start = mtk_aes_gcm_start; return 0; } -static void mtk_aes_gcm_exit(struct crypto_aead *aead) -{ - struct mtk_aes_gcm_ctx *ctx = crypto_aead_ctx(aead); - - crypto_free_skcipher(ctx->ctr); -} - static struct aead_alg aes_gcm_alg = { .setkey = mtk_aes_gcm_setkey, .setauthsize = mtk_aes_gcm_setauthsize, .encrypt = mtk_aes_gcm_encrypt, .decrypt = mtk_aes_gcm_decrypt, .init = mtk_aes_gcm_init, - .exit = mtk_aes_gcm_exit, .ivsize = GCM_AES_IV_SIZE, .maxauthsize = AES_BLOCK_SIZE, -- 2.17.1