{"id":2183216,"url":"http://patchwork.ozlabs.org/api/patches/2183216/?format=json","web_url":"http://patchwork.ozlabs.org/project/linuxppc-dev/patch/20260112192035.10427-4-ebiggers@kernel.org/","project":{"id":2,"url":"http://patchwork.ozlabs.org/api/projects/2/?format=json","name":"Linux PPC development","link_name":"linuxppc-dev","list_id":"linuxppc-dev.lists.ozlabs.org","list_email":"linuxppc-dev@lists.ozlabs.org","web_url":"https://github.com/linuxppc/wiki/wiki","scm_url":"https://git.kernel.org/pub/scm/linux/kernel/git/powerpc/linux.git","webscm_url":"https://git.kernel.org/pub/scm/linux/kernel/git/powerpc/linux.git/","list_archive_url":"https://lore.kernel.org/linuxppc-dev/","list_archive_url_format":"https://lore.kernel.org/linuxppc-dev/{}/","commit_url_format":"https://git.kernel.org/pub/scm/linux/kernel/git/powerpc/linux.git/commit/?id={}"},"msgid":"<20260112192035.10427-4-ebiggers@kernel.org>","list_archive_url":"https://lore.kernel.org/linuxppc-dev/20260112192035.10427-4-ebiggers@kernel.org/","date":"2026-01-12T19:20:01","name":"[v2,03/35] crypto: arm/aes-neonbs - Use AES library for single blocks","commit_ref":null,"pull_url":null,"state":"handled-elsewhere","archived":false,"hash":"a8c0aa294ff9f6410879e532fae53549b29174c2","submitter":{"id":74690,"url":"http://patchwork.ozlabs.org/api/people/74690/?format=json","name":"Eric Biggers","email":"ebiggers@kernel.org"},"delegate":null,"mbox":"http://patchwork.ozlabs.org/project/linuxppc-dev/patch/20260112192035.10427-4-ebiggers@kernel.org/mbox/","series":[{"id":488089,"url":"http://patchwork.ozlabs.org/api/series/488089/?format=json","web_url":"http://patchwork.ozlabs.org/project/linuxppc-dev/list/?series=488089","date":"2026-01-12T19:19:58","name":"AES library improvements","version":2,"mbox":"http://patchwork.ozlabs.org/series/488089/mbox/"}],"comments":"http://patchwork.ozlabs.org/api/patches/2183216/comments/","check":"pending","checks":"http://patchwork.ozlabs.org/api/patches/2183216/checks/","tags":{},"related":[],"headers":{"Return-Path":"\n <linuxppc-dev+bounces-15576-incoming=patchwork.ozlabs.org@lists.ozlabs.org>","X-Original-To":["incoming@patchwork.ozlabs.org","linuxppc-dev@lists.ozlabs.org"],"Delivered-To":"patchwork-incoming@legolas.ozlabs.org","Authentication-Results":["legolas.ozlabs.org;\n\tdkim=pass (2048-bit key;\n unprotected) header.d=kernel.org header.i=@kernel.org header.a=rsa-sha256\n header.s=k20201202 header.b=M9YtHnsm;\n\tdkim-atps=neutral","legolas.ozlabs.org;\n spf=pass (sender SPF authorized) smtp.mailfrom=lists.ozlabs.org\n (client-ip=112.213.38.117; helo=lists.ozlabs.org;\n envelope-from=linuxppc-dev+bounces-15576-incoming=patchwork.ozlabs.org@lists.ozlabs.org;\n receiver=patchwork.ozlabs.org)","lists.ozlabs.org;\n arc=none smtp.remote-ip=172.234.252.31","lists.ozlabs.org;\n dmarc=pass (p=quarantine dis=none) header.from=kernel.org","lists.ozlabs.org;\n\tdkim=pass (2048-bit key;\n unprotected) header.d=kernel.org header.i=@kernel.org header.a=rsa-sha256\n header.s=k20201202 header.b=M9YtHnsm;\n\tdkim-atps=neutral","lists.ozlabs.org;\n spf=pass (sender SPF authorized) smtp.mailfrom=kernel.org\n (client-ip=172.234.252.31; helo=sea.source.kernel.org;\n envelope-from=ebiggers@kernel.org; receiver=lists.ozlabs.org)"],"Received":["from lists.ozlabs.org (lists.ozlabs.org [112.213.38.117])\n\t(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)\n\t key-exchange x25519)\n\t(No client certificate requested)\n\tby legolas.ozlabs.org (Postfix) with ESMTPS id 4dqj6T5p2Xz1xpY\n\tfor <incoming@patchwork.ozlabs.org>; Tue, 13 Jan 2026 06:26:25 +1100 (AEDT)","from boromir.ozlabs.org (localhost [127.0.0.1])\n\tby lists.ozlabs.org (Postfix) with ESMTP id 4dqj3X5YfNz3bn4;\n\tTue, 13 Jan 2026 06:23:52 +1100 (AEDT)","from sea.source.kernel.org (sea.source.kernel.org [172.234.252.31])\n\t(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)\n\t key-exchange x25519)\n\t(No client certificate requested)\n\tby lists.ozlabs.org (Postfix) with ESMTPS id 4dqj3W6by8z3bk1\n\tfor <linuxppc-dev@lists.ozlabs.org>; Tue, 13 Jan 2026 06:23:51 +1100 (AEDT)","from smtp.kernel.org (transwarp.subspace.kernel.org [100.75.92.58])\n\tby sea.source.kernel.org (Postfix) with ESMTP id 8B16D44329;\n\tMon, 12 Jan 2026 19:23:19 +0000 (UTC)","by smtp.kernel.org (Postfix) with ESMTPSA id 09E2AC16AAE;\n\tMon, 12 Jan 2026 19:23:19 +0000 (UTC)"],"ARC-Seal":"i=1; a=rsa-sha256; d=lists.ozlabs.org; s=201707; t=1768245832;\n\tcv=none;\n b=LWrPl0HilkEfEHaac80f0m3sION2YFEIDlk4Txew8MGJmymUdeLrGYH1Cno0AQ2wHYco2vR8F5V/sXjot/QRnp9SzfKD2HDICPSccU1z3mlCwr82XYhJWi3CDQ0N57tW4BNm0U4QDBBDbwn4wXo3WuhvL+gL5jSPz1DYfvMOxDGKoBAy/fvbJ48bJn3IfVQM8sfqKr5lmPvuq9Ho/iX95/q2fWeu1Wj4H3aVSfiyfwlDzdpsvWLoghAlrISO9ngBhGTCVTyi0InOO/o8Xaj5lrsfGMDKo0kz2cV+oOPbF0hGjMgibt6shuQG9kHtmm0GgzCjC3NVirV67qzxCP4L3w==","ARC-Message-Signature":"i=1; a=rsa-sha256; d=lists.ozlabs.org; s=201707;\n\tt=1768245832; c=relaxed/relaxed;\n\tbh=iMYU3wC220z6LEubQrDxOC5v0wDwchogTnHuD2Z5JHg=;\n\th=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References:\n\t MIME-Version;\n b=hFDc3kCRiewxlTXSpdILGqf8IT/CI75U7U/fGvHQ53R7FJA7TV6hz0K41VRtTqyDYU3TslhYfokez9cmLqIcB6/lU0vt/ocY45x8LAP8HAEUgyysMxosCGpLJc6LfAt6Np+qZMiXj3Dq0LJNXXADbQutp9L005NsfzUP2O+uKf5KNGz0V9/889ImgJ0yiNM6/v9wdXAaKMWafU17kVDQO4nzdpJg4ydqCklBEWRAQu5j/x1cybSz5DiJTWrftUWLjc6vlLa4OJawxmJR3AvE4PernqM14OH8J69zkRoHTDlTKpItVT0HLBWAbP07Od4faljXsNflcz+3M9F3Vik3sQ==","ARC-Authentication-Results":"i=1; lists.ozlabs.org;\n dmarc=pass (p=quarantine dis=none) header.from=kernel.org;\n dkim=pass (2048-bit key;\n unprotected) header.d=kernel.org header.i=@kernel.org header.a=rsa-sha256\n header.s=k20201202 header.b=M9YtHnsm; dkim-atps=neutral;\n spf=pass (client-ip=172.234.252.31; helo=sea.source.kernel.org;\n envelope-from=ebiggers@kernel.org;\n receiver=lists.ozlabs.org) smtp.mailfrom=kernel.org","DKIM-Signature":"v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org;\n\ts=k20201202; t=1768245799;\n\tbh=bpasNFXQc6Wz1acJi7F8zoXotEra0E6njU13yRy/Zpo=;\n\th=From:To:Cc:Subject:Date:In-Reply-To:References:From;\n\tb=M9YtHnsm+ldZf23bnl1+cxTAchjTl4Cd/yzclRF+f4Oj/et0RausQ5Oadm19mXLwg\n\t BLQELCVbt4AztqKG1kIDz6Bho14907cqL2oynonqpIr8CEPzPvUqcoXXNw0tRXK2kZ\n\t B11s2jXLqUowVR8nlVw1Gjb1kB+QyAmC//kgi7XVs6qrKBgV5041cobEvPE1Lcno4t\n\t jqsMu5edutyGGdux6+UrEsMtxmpdBNCNZrdk8kNkz9CJ0vjJcnow0U8B5LkRpIixkX\n\t zzsrod/0VLmFRXTNk183p/Umtn+c743dVF1MZu+ug045MuLxptHuyFrrkrgJo+BS65\n\t DXTthzlvmNv/Q==","From":"Eric Biggers <ebiggers@kernel.org>","To":"linux-crypto@vger.kernel.org","Cc":"linux-kernel@vger.kernel.org,\n\tArd Biesheuvel <ardb@kernel.org>,\n\t\"Jason A . Donenfeld\" <Jason@zx2c4.com>,\n\tHerbert Xu <herbert@gondor.apana.org.au>,\n\tlinux-arm-kernel@lists.infradead.org,\n\tlinuxppc-dev@lists.ozlabs.org,\n\tlinux-riscv@lists.infradead.org,\n\tlinux-s390@vger.kernel.org,\n\tsparclinux@vger.kernel.org,\n\tx86@kernel.org,\n\tHolger Dengler <dengler@linux.ibm.com>,\n\tHarald Freudenberger <freude@linux.ibm.com>,\n\tEric Biggers <ebiggers@kernel.org>","Subject":"[PATCH v2 03/35] crypto: arm/aes-neonbs - Use AES library for single\n blocks","Date":"Mon, 12 Jan 2026 11:20:01 -0800","Message-ID":"<20260112192035.10427-4-ebiggers@kernel.org>","X-Mailer":"git-send-email 2.52.0","In-Reply-To":"<20260112192035.10427-1-ebiggers@kernel.org>","References":"<20260112192035.10427-1-ebiggers@kernel.org>","X-Mailing-List":"linuxppc-dev@lists.ozlabs.org","List-Id":"<linuxppc-dev.lists.ozlabs.org>","List-Help":"<mailto:linuxppc-dev+help@lists.ozlabs.org>","List-Owner":"<mailto:linuxppc-dev+owner@lists.ozlabs.org>","List-Post":"<mailto:linuxppc-dev@lists.ozlabs.org>","List-Archive":"<https://lore.kernel.org/linuxppc-dev/>,\n  <https://lists.ozlabs.org/pipermail/linuxppc-dev/>","List-Subscribe":"<mailto:linuxppc-dev+subscribe@lists.ozlabs.org>,\n  <mailto:linuxppc-dev+subscribe-digest@lists.ozlabs.org>,\n  <mailto:linuxppc-dev+subscribe-nomail@lists.ozlabs.org>","List-Unsubscribe":"<mailto:linuxppc-dev+unsubscribe@lists.ozlabs.org>","Precedence":"list","MIME-Version":"1.0","Content-Transfer-Encoding":"8bit","X-Spam-Status":"No, score=-0.2 required=3.0 tests=DKIMWL_WL_HIGH,DKIM_SIGNED,\n\tDKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,SPF_HELO_NONE,SPF_PASS\n\tautolearn=disabled version=4.0.1 OzLabs 8","X-Spam-Checker-Version":"SpamAssassin 4.0.1 (2024-03-25) on lists.ozlabs.org"},"content":"aes-neonbs-glue.c calls __aes_arm_encrypt() and __aes_arm_decrypt() to\nen/decrypt single blocks for CBC encryption, XTS tweak encryption, and\nXTS ciphertext stealing.  In preparation for making the AES library use\nthis same ARM-optimized single-block AES en/decryption code and making\nit an internal implementation detail of the AES library, replace the\ncalls to these functions with calls to the AES library.\n\nNote that this reduces the size of the aesbs_cbc_ctx and aesbs_xts_ctx\nstructs, since unnecessary decryption round keys are no longer included.\n\nAcked-by: Ard Biesheuvel <ardb@kernel.org>\nSigned-off-by: Eric Biggers <ebiggers@kernel.org>\n---\n arch/arm/crypto/Kconfig           |  1 -\n arch/arm/crypto/aes-neonbs-glue.c | 29 ++++++++++++++++-------------\n 2 files changed, 16 insertions(+), 14 deletions(-)","diff":"diff --git a/arch/arm/crypto/Kconfig b/arch/arm/crypto/Kconfig\nindex 3eb5071bea14..167a648a9def 100644\n--- a/arch/arm/crypto/Kconfig\n+++ b/arch/arm/crypto/Kconfig\n@@ -42,11 +42,10 @@ config CRYPTO_AES_ARM\n \t  such attacks very difficult.\n \n config CRYPTO_AES_ARM_BS\n \ttristate \"Ciphers: AES, modes: ECB/CBC/CTR/XTS (bit-sliced NEON)\"\n \tdepends on KERNEL_MODE_NEON\n-\tselect CRYPTO_AES_ARM\n \tselect CRYPTO_SKCIPHER\n \tselect CRYPTO_LIB_AES\n \thelp\n \t  Length-preserving ciphers: AES cipher algorithms (FIPS-197)\n \t  with block cipher modes:\ndiff --git a/arch/arm/crypto/aes-neonbs-glue.c b/arch/arm/crypto/aes-neonbs-glue.c\nindex df5afe601e4a..c49ddafc54f3 100644\n--- a/arch/arm/crypto/aes-neonbs-glue.c\n+++ b/arch/arm/crypto/aes-neonbs-glue.c\n@@ -10,11 +10,10 @@\n #include <crypto/aes.h>\n #include <crypto/internal/skcipher.h>\n #include <crypto/scatterwalk.h>\n #include <crypto/xts.h>\n #include <linux/module.h>\n-#include \"aes-cipher.h\"\n \n MODULE_AUTHOR(\"Ard Biesheuvel <ard.biesheuvel@linaro.org>\");\n MODULE_DESCRIPTION(\"Bit sliced AES using NEON instructions\");\n MODULE_LICENSE(\"GPL v2\");\n \n@@ -46,17 +45,17 @@ struct aesbs_ctx {\n \tu8\trk[13 * (8 * AES_BLOCK_SIZE) + 32] __aligned(AES_BLOCK_SIZE);\n };\n \n struct aesbs_cbc_ctx {\n \tstruct aesbs_ctx\tkey;\n-\tstruct crypto_aes_ctx\tfallback;\n+\tstruct aes_enckey\tfallback;\n };\n \n struct aesbs_xts_ctx {\n \tstruct aesbs_ctx\tkey;\n-\tstruct crypto_aes_ctx\tfallback;\n-\tstruct crypto_aes_ctx\ttweak_key;\n+\tstruct aes_key\t\tfallback;\n+\tstruct aes_enckey\ttweak_key;\n };\n \n static int aesbs_setkey(struct crypto_skcipher *tfm, const u8 *in_key,\n \t\t\tunsigned int key_len)\n {\n@@ -120,18 +119,23 @@ static int aesbs_cbc_setkey(struct crypto_skcipher *tfm, const u8 *in_key,\n \t\t\t    unsigned int key_len)\n {\n \tstruct aesbs_cbc_ctx *ctx = crypto_skcipher_ctx(tfm);\n \tint err;\n \n-\terr = aes_expandkey(&ctx->fallback, in_key, key_len);\n+\terr = aes_prepareenckey(&ctx->fallback, in_key, key_len);\n \tif (err)\n \t\treturn err;\n \n \tctx->key.rounds = 6 + key_len / 4;\n \n+\t/*\n+\t * Note: this assumes that the arm implementation of the AES library\n+\t * stores the standard round keys in k.rndkeys.\n+\t */\n \tkernel_neon_begin();\n-\taesbs_convert_key(ctx->key.rk, ctx->fallback.key_enc, ctx->key.rounds);\n+\taesbs_convert_key(ctx->key.rk, ctx->fallback.k.rndkeys,\n+\t\t\t  ctx->key.rounds);\n \tkernel_neon_end();\n \n \treturn 0;\n }\n \n@@ -150,12 +154,11 @@ static int cbc_encrypt(struct skcipher_request *req)\n \t\tu8 *dst = walk.dst.virt.addr;\n \t\tu8 *prev = walk.iv;\n \n \t\tdo {\n \t\t\tcrypto_xor_cpy(dst, src, prev, AES_BLOCK_SIZE);\n-\t\t\t__aes_arm_encrypt(ctx->fallback.key_enc,\n-\t\t\t\t\t  ctx->key.rounds, dst, dst);\n+\t\t\taes_encrypt(&ctx->fallback, dst, dst);\n \t\t\tprev = dst;\n \t\t\tsrc += AES_BLOCK_SIZE;\n \t\t\tdst += AES_BLOCK_SIZE;\n \t\t\tnbytes -= AES_BLOCK_SIZE;\n \t\t} while (nbytes >= AES_BLOCK_SIZE);\n@@ -237,14 +240,14 @@ static int aesbs_xts_setkey(struct crypto_skcipher *tfm, const u8 *in_key,\n \terr = xts_verify_key(tfm, in_key, key_len);\n \tif (err)\n \t\treturn err;\n \n \tkey_len /= 2;\n-\terr = aes_expandkey(&ctx->fallback, in_key, key_len);\n+\terr = aes_preparekey(&ctx->fallback, in_key, key_len);\n \tif (err)\n \t\treturn err;\n-\terr = aes_expandkey(&ctx->tweak_key, in_key + key_len, key_len);\n+\terr = aes_prepareenckey(&ctx->tweak_key, in_key + key_len, key_len);\n \tif (err)\n \t\treturn err;\n \n \treturn aesbs_setkey(tfm, in_key, key_len);\n }\n@@ -277,11 +280,11 @@ static int __xts_crypt(struct skcipher_request *req, bool encrypt,\n \n \terr = skcipher_walk_virt(&walk, req, true);\n \tif (err)\n \t\treturn err;\n \n-\t__aes_arm_encrypt(ctx->tweak_key.key_enc, rounds, walk.iv, walk.iv);\n+\taes_encrypt(&ctx->tweak_key, walk.iv, walk.iv);\n \n \twhile (walk.nbytes >= AES_BLOCK_SIZE) {\n \t\tunsigned int blocks = walk.nbytes / AES_BLOCK_SIZE;\n \t\tint reorder_last_tweak = !encrypt && tail > 0;\n \n@@ -309,13 +312,13 @@ static int __xts_crypt(struct skcipher_request *req, bool encrypt,\n \tscatterwalk_map_and_copy(buf, req->src, req->cryptlen, tail, 0);\n \n \tcrypto_xor(buf, req->iv, AES_BLOCK_SIZE);\n \n \tif (encrypt)\n-\t\t__aes_arm_encrypt(ctx->fallback.key_enc, rounds, buf, buf);\n+\t\taes_encrypt(&ctx->fallback, buf, buf);\n \telse\n-\t\t__aes_arm_decrypt(ctx->fallback.key_dec, rounds, buf, buf);\n+\t\taes_decrypt(&ctx->fallback, buf, buf);\n \n \tcrypto_xor(buf, req->iv, AES_BLOCK_SIZE);\n \n \tscatterwalk_map_and_copy(buf, req->dst, req->cryptlen - AES_BLOCK_SIZE,\n \t\t\t\t AES_BLOCK_SIZE + tail, 1);\n","prefixes":["v2","03/35"]}