Commit 5a3235e5 authored by Ard Biesheuvel's avatar Ard Biesheuvel Committed by David S. Miller

net: phy: mscc: avoid skcipher API for single block AES encryption

The skcipher API dynamically instantiates the transformation object
on request that implements the requested algorithm optimally on the
given platform. This notion of optimality only matters for cases like
bulk network or disk encryption, where performance can be a bottleneck,
or in cases where the algorithm itself is not known at compile time.

In the mscc case, we are dealing with AES encryption of a single
block, and so neither concern applies, and we are better off using
the AES library interface, which is lightweight and safe for this
kind of use.

Note that the scatterlist API does not permit references to buffers
that are located on the stack, so the existing code is incorrect in
any case, but avoiding the skcipher and scatterlist APIs entirely is
the most straight-forward approach to fixing this.

Cc: Antoine Tenart <antoine.tenart@bootlin.com>
Cc: Andrew Lunn <andrew@lunn.ch>
Cc: Florian Fainelli <f.fainelli@gmail.com>
Cc: Heiner Kallweit <hkallweit1@gmail.com>
Cc: "David S. Miller" <davem@davemloft.net>
Cc: Jakub Kicinski <kuba@kernel.org>
Fixes: 28c5107a ("net: phy: mscc: macsec support")
Reviewed-by: default avatarEric Biggers <ebiggers@google.com>
Signed-off-by: default avatarArd Biesheuvel <ardb@kernel.org>
Tested-by: default avatarAntoine Tenart <antoine.tenart@bootlin.com>
Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
parent eb2932b0
...@@ -480,8 +480,7 @@ config MICROCHIP_T1_PHY ...@@ -480,8 +480,7 @@ config MICROCHIP_T1_PHY
config MICROSEMI_PHY config MICROSEMI_PHY
tristate "Microsemi PHYs" tristate "Microsemi PHYs"
depends on MACSEC || MACSEC=n depends on MACSEC || MACSEC=n
select CRYPTO_AES select CRYPTO_LIB_AES if MACSEC
select CRYPTO_ECB
help help
Currently supports VSC8514, VSC8530, VSC8531, VSC8540 and VSC8541 PHYs Currently supports VSC8514, VSC8530, VSC8531, VSC8540 and VSC8541 PHYs
......
...@@ -10,7 +10,7 @@ ...@@ -10,7 +10,7 @@
#include <linux/phy.h> #include <linux/phy.h>
#include <dt-bindings/net/mscc-phy-vsc8531.h> #include <dt-bindings/net/mscc-phy-vsc8531.h>
#include <crypto/skcipher.h> #include <crypto/aes.h>
#include <net/macsec.h> #include <net/macsec.h>
...@@ -500,39 +500,17 @@ static u32 vsc8584_macsec_flow_context_id(struct macsec_flow *flow) ...@@ -500,39 +500,17 @@ static u32 vsc8584_macsec_flow_context_id(struct macsec_flow *flow)
static int vsc8584_macsec_derive_key(const u8 key[MACSEC_KEYID_LEN], static int vsc8584_macsec_derive_key(const u8 key[MACSEC_KEYID_LEN],
u16 key_len, u8 hkey[16]) u16 key_len, u8 hkey[16])
{ {
struct crypto_skcipher *tfm = crypto_alloc_skcipher("ecb(aes)", 0, 0); const u8 input[AES_BLOCK_SIZE] = {0};
struct skcipher_request *req = NULL; struct crypto_aes_ctx ctx;
struct scatterlist src, dst;
DECLARE_CRYPTO_WAIT(wait);
u32 input[4] = {0};
int ret; int ret;
if (IS_ERR(tfm)) ret = aes_expandkey(&ctx, key, key_len);
return PTR_ERR(tfm); if (ret)
return ret;
req = skcipher_request_alloc(tfm, GFP_KERNEL);
if (!req) {
ret = -ENOMEM;
goto out;
}
skcipher_request_set_callback(req, CRYPTO_TFM_REQ_MAY_BACKLOG |
CRYPTO_TFM_REQ_MAY_SLEEP, crypto_req_done,
&wait);
ret = crypto_skcipher_setkey(tfm, key, key_len);
if (ret < 0)
goto out;
sg_init_one(&src, input, 16);
sg_init_one(&dst, hkey, 16);
skcipher_request_set_crypt(req, &src, &dst, 16, NULL);
ret = crypto_wait_req(crypto_skcipher_encrypt(req), &wait);
out: aes_encrypt(&ctx, hkey, input);
skcipher_request_free(req); memzero_explicit(&ctx, sizeof(ctx));
crypto_free_skcipher(tfm); return 0;
return ret;
} }
static int vsc8584_macsec_transformation(struct phy_device *phydev, static int vsc8584_macsec_transformation(struct phy_device *phydev,
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment