diff options
| author | Eric Biggers <ebiggers@kernel.org> | 2026-03-22 01:52:08 +0300 |
|---|---|---|
| committer | Paolo Abeni <pabeni@redhat.com> | 2026-03-26 12:32:21 +0300 |
| commit | 8f303194b241c2795bb9b79ee80bc93e7876879c (patch) | |
| tree | aa2489bbac854f008e88838fd977635a05c9f73e | |
| parent | d1e59a46973719e458bec78d00dd767d7a7ba71f (diff) | |
| download | linux-8f303194b241c2795bb9b79ee80bc93e7876879c.tar.xz | |
octeontx2-pf: macsec: Use AES library instead of ecb(aes) skcipher
cn10k_ecb_aes_encrypt() just encrypts a single block with AES. That is
much more easily and efficiently done with the AES library than
crypto_skcipher. Use the AES library instead.
Signed-off-by: Eric Biggers <ebiggers@kernel.org>
Reviewed-by: Subbaraya Sundeep <sbhatta@marvell.com>
Link: https://patch.msgid.link/20260321225208.64508-1-ebiggers@kernel.org
Signed-off-by: Paolo Abeni <pabeni@redhat.com>
| -rw-r--r-- | drivers/net/ethernet/marvell/octeontx2/Kconfig | 1 | ||||
| -rw-r--r-- | drivers/net/ethernet/marvell/octeontx2/nic/cn10k_macsec.c | 53 |
2 files changed, 13 insertions, 41 deletions
diff --git a/drivers/net/ethernet/marvell/octeontx2/Kconfig b/drivers/net/ethernet/marvell/octeontx2/Kconfig index 35c4f5f64f58..47e549c581f0 100644 --- a/drivers/net/ethernet/marvell/octeontx2/Kconfig +++ b/drivers/net/ethernet/marvell/octeontx2/Kconfig @@ -33,6 +33,7 @@ config OCTEONTX2_PF select OCTEONTX2_MBOX select NET_DEVLINK select PAGE_POOL + select CRYPTO_LIB_AES if MACSEC depends on (64BIT && COMPILE_TEST) || ARM64 select DIMLIB depends on PCI diff --git a/drivers/net/ethernet/marvell/octeontx2/nic/cn10k_macsec.c b/drivers/net/ethernet/marvell/octeontx2/nic/cn10k_macsec.c index 4649996dc7da..2cc1bdfd9b2e 100644 --- a/drivers/net/ethernet/marvell/octeontx2/nic/cn10k_macsec.c +++ b/drivers/net/ethernet/marvell/octeontx2/nic/cn10k_macsec.c @@ -4,7 +4,7 @@ * Copyright (C) 2022 Marvell. */ -#include <crypto/skcipher.h> +#include <crypto/aes.h> #include <linux/rtnetlink.h> #include <linux/bitfield.h> #include "otx2_common.h" @@ -46,51 +46,22 @@ #define CN10K_MAX_HASH_LEN 16 #define CN10K_MAX_SAK_LEN 32 -static int cn10k_ecb_aes_encrypt(struct otx2_nic *pfvf, u8 *sak, - u16 sak_len, u8 *hash) +static int cn10k_ecb_aes_encrypt(struct otx2_nic *pfvf, const u8 *sak, + u16 sak_len, u8 hash[CN10K_MAX_HASH_LEN]) { - u8 data[CN10K_MAX_HASH_LEN] = { 0 }; - struct skcipher_request *req = NULL; - struct scatterlist sg_src, sg_dst; - struct crypto_skcipher *tfm; - DECLARE_CRYPTO_WAIT(wait); - int err; - - tfm = crypto_alloc_skcipher("ecb(aes)", 0, 0); - if (IS_ERR(tfm)) { - dev_err(pfvf->dev, "failed to allocate transform for ecb-aes\n"); - return PTR_ERR(tfm); - } - - req = skcipher_request_alloc(tfm, GFP_KERNEL); - if (!req) { - dev_err(pfvf->dev, "failed to allocate request for skcipher\n"); - err = -ENOMEM; - goto free_tfm; - } + static const u8 zeroes[CN10K_MAX_HASH_LEN]; + struct aes_enckey aes; - err = crypto_skcipher_setkey(tfm, sak, sak_len); - if (err) { - dev_err(pfvf->dev, "failed to set key for skcipher\n"); - goto free_req; + if (aes_prepareenckey(&aes, sak, sak_len) != 0) { + dev_err(pfvf->dev, "invalid AES key length: %d\n", sak_len); + return -EINVAL; } - /* build sg list */ - sg_init_one(&sg_src, data, CN10K_MAX_HASH_LEN); - sg_init_one(&sg_dst, hash, CN10K_MAX_HASH_LEN); - - skcipher_request_set_callback(req, 0, crypto_req_done, &wait); - skcipher_request_set_crypt(req, &sg_src, &sg_dst, - CN10K_MAX_HASH_LEN, NULL); + static_assert(CN10K_MAX_HASH_LEN == AES_BLOCK_SIZE); + aes_encrypt(&aes, hash, zeroes); - err = crypto_skcipher_encrypt(req); - err = crypto_wait_req(err, &wait); - -free_req: - skcipher_request_free(req); -free_tfm: - crypto_free_skcipher(tfm); - return err; + memzero_explicit(&aes, sizeof(aes)); + return 0; } static struct cn10k_mcs_txsc *cn10k_mcs_get_txsc(struct cn10k_mcs_cfg *cfg, |