From 370960c153db82fbdd55539be4d4eb41ef3a7e40 Mon Sep 17 00:00:00 2001 From: Eric Biggers Date: Mon, 12 Jan 2026 11:20:22 -0800 Subject: [PATCH] crypto: arm64/ghash - Use new AES library API Switch from the old AES library functions (which use struct crypto_aes_ctx) to the new ones (which use struct aes_enckey). This eliminates the unnecessary computation and caching of the decryption round keys. The new AES en/decryption functions are also much faster and use AES instructions when supported by the CPU. Note that in addition to the change in the key preparation function and the key struct type itself, the change in the type of the key struct results in aes_encrypt() (which is temporarily a type-generic macro) calling the new encryption function rather than the old one. Acked-by: Ard Biesheuvel Link: https://lore.kernel.org/r/20260112192035.10427-25-ebiggers@kernel.org Signed-off-by: Eric Biggers --- arch/arm64/crypto/ghash-ce-glue.c | 27 +++++++-------------------- 1 file changed, 7 insertions(+), 20 deletions(-) diff --git a/arch/arm64/crypto/ghash-ce-glue.c b/arch/arm64/crypto/ghash-ce-glue.c index ef249d06c92cc..63bb9e0622511 100644 --- a/arch/arm64/crypto/ghash-ce-glue.c +++ b/arch/arm64/crypto/ghash-ce-glue.c @@ -40,7 +40,7 @@ struct arm_ghash_desc_ctx { }; struct gcm_aes_ctx { - struct crypto_aes_ctx aes_key; + struct aes_enckey aes_key; u8 nonce[RFC4106_NONCE_SIZE]; struct ghash_key ghash_key; }; @@ -186,18 +186,6 @@ static struct shash_alg ghash_alg = { .statesize = sizeof(struct ghash_desc_ctx), }; -static int num_rounds(struct crypto_aes_ctx *ctx) -{ - /* - * # of rounds specified by AES: - * 128 bit key 10 rounds - * 192 bit key 12 rounds - * 256 bit key 14 rounds - * => n byte key => 6 + (n/4) rounds - */ - return 6 + ctx->key_length / 4; -} - static int gcm_aes_setkey(struct crypto_aead *tfm, const u8 *inkey, unsigned int keylen) { @@ -206,7 +194,7 @@ static int gcm_aes_setkey(struct crypto_aead *tfm, const u8 *inkey, be128 h; int ret; - ret = aes_expandkey(&ctx->aes_key, inkey, keylen); + ret = aes_prepareenckey(&ctx->aes_key, inkey, keylen); if (ret) return -EINVAL; @@ -296,7 +284,6 @@ static int gcm_encrypt(struct aead_request *req, char *iv, int assoclen) { struct crypto_aead *aead = crypto_aead_reqtfm(req); struct gcm_aes_ctx *ctx = crypto_aead_ctx(aead); - int nrounds = num_rounds(&ctx->aes_key); struct skcipher_walk walk; u8 buf[AES_BLOCK_SIZE]; u64 dg[2] = {}; @@ -331,8 +318,8 @@ static int gcm_encrypt(struct aead_request *req, char *iv, int assoclen) scoped_ksimd() pmull_gcm_encrypt(nbytes, dst, src, ctx->ghash_key.h, - dg, iv, ctx->aes_key.key_enc, nrounds, - tag); + dg, iv, ctx->aes_key.k.rndkeys, + ctx->aes_key.nrounds, tag); if (unlikely(!nbytes)) break; @@ -359,7 +346,6 @@ static int gcm_decrypt(struct aead_request *req, char *iv, int assoclen) struct crypto_aead *aead = crypto_aead_reqtfm(req); struct gcm_aes_ctx *ctx = crypto_aead_ctx(aead); unsigned int authsize = crypto_aead_authsize(aead); - int nrounds = num_rounds(&ctx->aes_key); struct skcipher_walk walk; u8 otag[AES_BLOCK_SIZE]; u8 buf[AES_BLOCK_SIZE]; @@ -401,8 +387,9 @@ static int gcm_decrypt(struct aead_request *req, char *iv, int assoclen) scoped_ksimd() ret = pmull_gcm_decrypt(nbytes, dst, src, ctx->ghash_key.h, - dg, iv, ctx->aes_key.key_enc, - nrounds, tag, otag, authsize); + dg, iv, ctx->aes_key.k.rndkeys, + ctx->aes_key.nrounds, tag, otag, + authsize); if (unlikely(!nbytes)) break; -- 2.47.3