Received: by 2002:a05:6902:102b:0:0:0:0 with SMTP id x11csp781521ybt; Mon, 6 Jul 2020 23:34:49 -0700 (PDT) X-Google-Smtp-Source: ABdhPJwpKY21CrkGDANaIKCZ65iX/Tw9m5ZFB13iGkvRdext+VnKxFbfb1oYtZhVD6q58LVTydGP X-Received: by 2002:a17:906:454d:: with SMTP id s13mr45275967ejq.319.1594103689581; Mon, 06 Jul 2020 23:34:49 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1594103689; cv=none; d=google.com; s=arc-20160816; b=BW55j0C5UQIRTKJRV7DFG1u4SM/A8/7a6cN9AzNP73x4JenvA8kTRTi9eQ0uJNIg4v 9j+67qQ0zvrcE5weHOiVI+FOtk0hyOUaVfbT9c1Ayo0OlH9oM+AWrTr0qeGT+Hn/F/dV EVTPdkX9DDyTX6AuJSlEslViw4vro0I/aZa8aGyn11lj2QgR++ICm6DODkmh6eojQMVs C+r7PFRZHrtAo/lTJQCNCZ0kGGoXiSIOlUbCnknz+iRcN9mpnihS/8sAz2BUAikHz1ty 9eAsE7Y0agg+gbYgLif8AT2V166RBjkzTKEueiEGfWR0SIz2WljS+yNTINyIeiIKWqdV A5SQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:references:in-reply-to:message-id:date :subject:cc:to:from:dkim-signature; bh=CMwLLcduPlBOW5wx8+ySqT1uYu1XSVs3Rexy4X28o/M=; b=OJTdxDJC2BaBG+3RdDXl8BBZjdZlubS0urgk85KX0XfGKI963zPh77oFi5ywHEJdRA orfKo/bqQGkaBr0/pchwEMdsz3vXDsuPwgv0N/VaMIb8LehNYLCQkijw48A5oI+fy/dD 4OIsIOptdHDYoQ6YNYBcsekbonM47UeGeMvoaPucFZiPK50NE/kx+m+wp1fOz14Kjsd3 sgNKWSUxA/D4X6JexcJe4cG9DM87vD9RG9YXW7xnFMi5MJdKIbnMSwauXtDO50gqIB/i BL8KVzwOWKwokEC34JVvux07XOf1lbEDrPsGusFt2zC0DKR4BqLneLxZ3fgF0nVN+0FC DS/A== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@kernel.org header.s=default header.b=fWakJNjF; spf=pass (google.com: domain of linux-crypto-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-crypto-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id de19si15529364edb.285.2020.07.06.23.34.25; Mon, 06 Jul 2020 23:34:49 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-crypto-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; dkim=pass header.i=@kernel.org header.s=default header.b=fWakJNjF; spf=pass (google.com: domain of linux-crypto-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-crypto-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1728126AbgGGGeS (ORCPT + 99 others); Tue, 7 Jul 2020 02:34:18 -0400 Received: from mail.kernel.org ([198.145.29.99]:33764 "EHLO mail.kernel.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1726889AbgGGGeS (ORCPT ); Tue, 7 Jul 2020 02:34:18 -0400 Received: from e123331-lin.nice.arm.com (adsl-70.109.242.21.tellas.gr [109.242.21.70]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by mail.kernel.org (Postfix) with ESMTPSA id E1C20206DF; Tue, 7 Jul 2020 06:34:09 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=default; t=1594103657; bh=FlnqUkR6D2FzpMUbB72LD/tiEaX3AxeocPOstTJminM=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=fWakJNjFwn/Vqm9MCsOcTSlyCVc/jgj57qDaGQGrAAIPyYH050HQMOZHYk0ccj7UR Bi85Z5PCHyFzd34bIY7s06nW9x1rjnwVRzpzJhJr1YycvVZvHZpD9DZ8KMZR2aqnFU 04dprrqJJiAY0Vwl3k10YQ2gv+Ia/gVb5Q1hJel0= From: Ard Biesheuvel To: linux-crypto@vger.kernel.org Cc: Ard Biesheuvel , Corentin Labbe , Corentin Labbe , Herbert Xu , "David S. Miller" , Maxime Ripard , Chen-Yu Tsai , Tom Lendacky , John Allen , Ayush Sawal , Vinay Kumar Yadav , Rohit Maheshwari , Shawn Guo , Sascha Hauer , Pengutronix Kernel Team , Fabio Estevam , NXP Linux Team , Jamie Iles , Eric Biggers , Tero Kristo , Matthias Brugger , =?UTF-8?q?Horia=20Geant=C4=83?= , linux-arm-kernel@lists.infradead.org, linux-omap@vger.kernel.org, linux-amlogic@lists.infradead.org Subject: [PATCH v4 13/13] crypto: mediatek - use AES library for GCM key derivation Date: Tue, 7 Jul 2020 09:32:03 +0300 Message-Id: <20200707063203.5018-14-ardb@kernel.org> X-Mailer: git-send-email 2.17.1 In-Reply-To: <20200707063203.5018-1-ardb@kernel.org> References: <20200707063203.5018-1-ardb@kernel.org> Sender: linux-crypto-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-crypto@vger.kernel.org The Mediatek accelerator driver calls into a dynamically allocated skcipher of the ctr(aes) variety to perform GCM key derivation, which involves AES encryption of a single block consisting of NUL bytes. There is no point in using the skcipher API for this, so use the AES library interface instead. Signed-off-by: Ard Biesheuvel --- drivers/crypto/Kconfig | 3 +- drivers/crypto/mediatek/mtk-aes.c | 63 +++----------------- 2 files changed, 9 insertions(+), 57 deletions(-) diff --git a/drivers/crypto/Kconfig b/drivers/crypto/Kconfig index 7bc58bf99703..585ad584e421 100644 --- a/drivers/crypto/Kconfig +++ b/drivers/crypto/Kconfig @@ -758,10 +758,9 @@ config CRYPTO_DEV_ZYNQMP_AES config CRYPTO_DEV_MEDIATEK tristate "MediaTek's EIP97 Cryptographic Engine driver" depends on (ARM && ARCH_MEDIATEK) || COMPILE_TEST - select CRYPTO_AES + select CRYPTO_LIB_AES select CRYPTO_AEAD select CRYPTO_SKCIPHER - select CRYPTO_CTR select CRYPTO_SHA1 select CRYPTO_SHA256 select CRYPTO_SHA512 diff --git a/drivers/crypto/mediatek/mtk-aes.c b/drivers/crypto/mediatek/mtk-aes.c index 78d660d963e2..4ad3571ab6af 100644 --- a/drivers/crypto/mediatek/mtk-aes.c +++ b/drivers/crypto/mediatek/mtk-aes.c @@ -137,8 +137,6 @@ struct mtk_aes_gcm_ctx { u32 authsize; size_t textlen; - - struct crypto_skcipher *ctr; }; struct mtk_aes_drv { @@ -996,17 +994,8 @@ static int mtk_aes_gcm_setkey(struct crypto_aead *aead, const u8 *key, u32 keylen) { struct mtk_aes_base_ctx *ctx = crypto_aead_ctx(aead); - struct mtk_aes_gcm_ctx *gctx = mtk_aes_gcm_ctx_cast(ctx); - struct crypto_skcipher *ctr = gctx->ctr; - struct { - u32 hash[4]; - u8 iv[8]; - - struct crypto_wait wait; - - struct scatterlist sg[1]; - struct skcipher_request req; - } *data; + u8 hash[AES_BLOCK_SIZE] __aligned(4) = {}; + struct crypto_aes_ctx aes_ctx; int err; switch (keylen) { @@ -1026,39 +1015,18 @@ static int mtk_aes_gcm_setkey(struct crypto_aead *aead, const u8 *key, ctx->keylen = SIZE_IN_WORDS(keylen); - /* Same as crypto_gcm_setkey() from crypto/gcm.c */ - crypto_skcipher_clear_flags(ctr, CRYPTO_TFM_REQ_MASK); - crypto_skcipher_set_flags(ctr, crypto_aead_get_flags(aead) & - CRYPTO_TFM_REQ_MASK); - err = crypto_skcipher_setkey(ctr, key, keylen); + err = aes_expandkey(&aes_ctx, key, keylen); if (err) return err; - data = kzalloc(sizeof(*data) + crypto_skcipher_reqsize(ctr), - GFP_KERNEL); - if (!data) - return -ENOMEM; - - crypto_init_wait(&data->wait); - sg_init_one(data->sg, &data->hash, AES_BLOCK_SIZE); - skcipher_request_set_tfm(&data->req, ctr); - skcipher_request_set_callback(&data->req, CRYPTO_TFM_REQ_MAY_SLEEP | - CRYPTO_TFM_REQ_MAY_BACKLOG, - crypto_req_done, &data->wait); - skcipher_request_set_crypt(&data->req, data->sg, data->sg, - AES_BLOCK_SIZE, data->iv); - - err = crypto_wait_req(crypto_skcipher_encrypt(&data->req), - &data->wait); - if (err) - goto out; + aes_encrypt(&aes_ctx, hash, hash); + memzero_explicit(&aes_ctx, sizeof(aes_ctx)); mtk_aes_write_state_le(ctx->key, (const u32 *)key, keylen); - mtk_aes_write_state_be(ctx->key + ctx->keylen, data->hash, + mtk_aes_write_state_be(ctx->key + ctx->keylen, (const u32 *)hash, AES_BLOCK_SIZE); -out: - kzfree(data); - return err; + + return 0; } static int mtk_aes_gcm_setauthsize(struct crypto_aead *aead, @@ -1095,32 +1063,17 @@ static int mtk_aes_gcm_init(struct crypto_aead *aead) { struct mtk_aes_gcm_ctx *ctx = crypto_aead_ctx(aead); - ctx->ctr = crypto_alloc_skcipher("ctr(aes)", 0, - CRYPTO_ALG_ASYNC); - if (IS_ERR(ctx->ctr)) { - pr_err("Error allocating ctr(aes)\n"); - return PTR_ERR(ctx->ctr); - } - crypto_aead_set_reqsize(aead, sizeof(struct mtk_aes_reqctx)); ctx->base.start = mtk_aes_gcm_start; return 0; } -static void mtk_aes_gcm_exit(struct crypto_aead *aead) -{ - struct mtk_aes_gcm_ctx *ctx = crypto_aead_ctx(aead); - - crypto_free_skcipher(ctx->ctr); -} - static struct aead_alg aes_gcm_alg = { .setkey = mtk_aes_gcm_setkey, .setauthsize = mtk_aes_gcm_setauthsize, .encrypt = mtk_aes_gcm_encrypt, .decrypt = mtk_aes_gcm_decrypt, .init = mtk_aes_gcm_init, - .exit = mtk_aes_gcm_exit, .ivsize = GCM_AES_IV_SIZE, .maxauthsize = AES_BLOCK_SIZE, -- 2.17.1