chelsio: Use new AES library API

Switch from the old AES library functions (which use struct
crypto_aes_ctx) to the new ones (which use struct aes_enckey).  This
eliminates the unnecessary computation and caching of the decryption
round keys.  The new AES en/decryption functions are also much faster
and use AES instructions when supported by the CPU.

Note that in addition to the change in the key preparation function and
the key struct type itself, the change in the type of the key struct
results in aes_encrypt() (which is temporarily a type-generic macro)
calling the new encryption function rather than the old one.

Acked-by: Ard Biesheuvel <ardb@kernel.org>
Link: https://lore.kernel.org/r/20260112192035.10427-21-ebiggers@kernel.org
Signed-off-by: Eric Biggers <ebiggers@kernel.org>

diff --git a/drivers/net/ethernet/chelsio/inline_crypto/ch_ipsec/chcr_ipsec.c b/drivers/net/ethernet/chelsio/inline_crypto/ch_ipsec/chcr_ipsec.c
index 49b57bb5fac16d2154ae31a52f69cbe2e0b58e77..074717d4bb16596dde0209202cd77921d7283dd1 100644 (file)
--- a/drivers/net/ethernet/chelsio/inline_crypto/ch_ipsec/chcr_ipsec.c
+++ b/drivers/net/ethernet/chelsio/inline_crypto/ch_ipsec/chcr_ipsec.c
@@ -170,7 +170,7 @@ static int ch_ipsec_setkey(struct xfrm_state *x,
        unsigned char *key = x->aead->alg_key;
        int ck_size, key_ctx_size = 0;
        unsigned char ghash_h[AEAD_H_SIZE];
-       struct crypto_aes_ctx aes;
+       struct aes_enckey aes;
        int ret = 0;
 
        if (keylen > 3) {
@@ -204,7 +204,7 @@ static int ch_ipsec_setkey(struct xfrm_state *x,
        /* Calculate the H = CIPH(K, 0 repeated 16 times).
         * It will go in key context
         */
-       ret = aes_expandkey(&aes, key, keylen);
+       ret = aes_prepareenckey(&aes, key, keylen);
        if (ret) {
                sa_entry->enckey_len = 0;
                goto out;

diff --git a/drivers/net/ethernet/chelsio/inline_crypto/ch_ktls/chcr_ktls.c b/drivers/net/ethernet/chelsio/inline_crypto/ch_ktls/chcr_ktls.c
index 4e2096e496844595b94c3d54d5233267eed99a76..b8ebb56de65ebd22507b60015e797bb6805970f4 100644 (file)
--- a/drivers/net/ethernet/chelsio/inline_crypto/ch_ktls/chcr_ktls.c
+++ b/drivers/net/ethernet/chelsio/inline_crypto/ch_ktls/chcr_ktls.c
@@ -76,7 +76,7 @@ static int chcr_ktls_save_keys(struct chcr_ktls_info *tx_info,
        unsigned char ghash_h[TLS_CIPHER_AES_GCM_256_TAG_SIZE];
        struct tls12_crypto_info_aes_gcm_128 *info_128_gcm;
        struct ktls_key_ctx *kctx = &tx_info->key_ctx;
-       struct crypto_aes_ctx aes_ctx;
+       struct aes_enckey aes;
        unsigned char *key, *salt;
 
        switch (crypto_info->cipher_type) {
@@ -138,13 +138,13 @@ static int chcr_ktls_save_keys(struct chcr_ktls_info *tx_info,
         * It will go in key context
         */
 
-       ret = aes_expandkey(&aes_ctx, key, keylen);
+       ret = aes_prepareenckey(&aes, key, keylen);
        if (ret)
                goto out;
 
        memset(ghash_h, 0, ghash_size);
-       aes_encrypt(&aes_ctx, ghash_h, ghash_h);
-       memzero_explicit(&aes_ctx, sizeof(aes_ctx));
+       aes_encrypt(&aes, ghash_h, ghash_h);
+       memzero_explicit(&aes, sizeof(aes));
 
        /* fill the Key context */
        if (direction == TLS_OFFLOAD_CTX_DIR_TX) {

diff --git a/drivers/net/ethernet/chelsio/inline_crypto/chtls/chtls_hw.c b/drivers/net/ethernet/chelsio/inline_crypto/chtls/chtls_hw.c
index fab6df21f01c98af4b1d65bba2e4fd51bc6eb518..d84473ca844d119cca54237ecefbf7e802426543 100644 (file)
--- a/drivers/net/ethernet/chelsio/inline_crypto/chtls/chtls_hw.c
+++ b/drivers/net/ethernet/chelsio/inline_crypto/chtls/chtls_hw.c
@@ -247,7 +247,7 @@ static int chtls_key_info(struct chtls_sock *csk,
        unsigned char *key_p, *salt;
        unsigned char ghash_h[AEAD_H_SIZE];
        int ck_size, key_ctx_size, kctx_mackey_size, salt_size;
-       struct crypto_aes_ctx aes;
+       struct aes_enckey aes;
        int ret;
 
        key_ctx_size = sizeof(struct _key_ctx) +
@@ -291,7 +291,7 @@ static int chtls_key_info(struct chtls_sock *csk,
        /* Calculate the H = CIPH(K, 0 repeated 16 times).
         * It will go in key context
         */
-       ret = aes_expandkey(&aes, key, keylen);
+       ret = aes_prepareenckey(&aes, key, keylen);
        if (ret)
                return ret;