Commit 8f303194 authored by Eric Biggers's avatar Eric Biggers Committed by Paolo Abeni
Browse files

octeontx2-pf: macsec: Use AES library instead of ecb(aes) skcipher 



cn10k_ecb_aes_encrypt() just encrypts a single block with AES.  That is
much more easily and efficiently done with the AES library than
crypto_skcipher.  Use the AES library instead.

Signed-off-by: default avatarEric Biggers <ebiggers@kernel.org>
Reviewed-by: default avatarSubbaraya Sundeep <sbhatta@marvell.com>
Link: https://patch.msgid.link/20260321225208.64508-1-ebiggers@kernel.org


Signed-off-by: default avatarPaolo Abeni <pabeni@redhat.com>
parent d1e59a46

drivers/net/ethernet/marvell/octeontx2/Kconfig

+1 −0
Original line number Diff line number Diff line
@@ -33,6 +33,7 @@ config OCTEONTX2_PF 
	select OCTEONTX2_MBOX

	select NET_DEVLINK

	select PAGE_POOL

	select CRYPTO_LIB_AES if MACSEC

	depends on (64BIT && COMPILE_TEST) || ARM64

	select DIMLIB

	depends on PCI

drivers/net/ethernet/marvell/octeontx2/nic/cn10k_macsec.c

+12 −41
Original line number Diff line number Diff line
@@ -4,7 +4,7 @@ 
 * Copyright (C) 2022 Marvell.

 */



#include <crypto/skcipher.h>

#include <crypto/aes.h>

#include <linux/rtnetlink.h>

#include <linux/bitfield.h>

#include "otx2_common.h"
@@ -46,51 +46,22 @@ 
#define CN10K_MAX_HASH_LEN		16

#define CN10K_MAX_SAK_LEN		32



static int cn10k_ecb_aes_encrypt(struct otx2_nic *pfvf, u8 *sak,

				 u16 sak_len, u8 *hash)

static int cn10k_ecb_aes_encrypt(struct otx2_nic *pfvf, const u8 *sak,

				 u16 sak_len, u8 hash[CN10K_MAX_HASH_LEN])

{

	u8 data[CN10K_MAX_HASH_LEN] = { 0 };

	struct skcipher_request *req = NULL;

	struct scatterlist sg_src, sg_dst;

	struct crypto_skcipher *tfm;

	DECLARE_CRYPTO_WAIT(wait);

	int err;



	tfm = crypto_alloc_skcipher("ecb(aes)", 0, 0);

	if (IS_ERR(tfm)) {

		dev_err(pfvf->dev, "failed to allocate transform for ecb-aes\n");

		return PTR_ERR(tfm);

	}

	static const u8 zeroes[CN10K_MAX_HASH_LEN];

	struct aes_enckey aes;



	req = skcipher_request_alloc(tfm, GFP_KERNEL);

	if (!req) {

		dev_err(pfvf->dev, "failed to allocate request for skcipher\n");

		err = -ENOMEM;

		goto free_tfm;

	if (aes_prepareenckey(&aes, sak, sak_len) != 0) {

		dev_err(pfvf->dev, "invalid AES key length: %d\n", sak_len);

		return -EINVAL;

	}



	err = crypto_skcipher_setkey(tfm, sak, sak_len);

	if (err) {

		dev_err(pfvf->dev, "failed to set key for skcipher\n");

		goto free_req;

	}

	static_assert(CN10K_MAX_HASH_LEN == AES_BLOCK_SIZE);

	aes_encrypt(&aes, hash, zeroes);



	/* build sg list */

	sg_init_one(&sg_src, data, CN10K_MAX_HASH_LEN);

	sg_init_one(&sg_dst, hash, CN10K_MAX_HASH_LEN);



	skcipher_request_set_callback(req, 0, crypto_req_done, &wait);

	skcipher_request_set_crypt(req, &sg_src, &sg_dst,

				   CN10K_MAX_HASH_LEN, NULL);



	err = crypto_skcipher_encrypt(req);

	err = crypto_wait_req(err, &wait);



free_req:

	skcipher_request_free(req);

free_tfm:

	crypto_free_skcipher(tfm);

	return err;

	memzero_explicit(&aes, sizeof(aes));

	return 0;

}



static struct cn10k_mcs_txsc *cn10k_mcs_get_txsc(struct cn10k_mcs_cfg *cfg,