2017-10-07 10:52:56 +00:00
|
|
|
From: Felix Fietkau <nbd@nbd.name>
|
|
|
|
|
Date: Sat, 7 Oct 2017 09:37:28 +0200
|
|
|
|
|
Subject: [PATCH] Revert "mac80211: aes-cmac: switch to shash CMAC
|
|
|
|
|
driver"
|
|
|
|
|
|
|
|
|
|
This reverts commit 26717828b75dd5c46e97f7f4a9b937d038bb2852.
|
|
|
|
|
Reduces mac80211 dependencies for LEDE
|
|
|
|
|
|
|
|
|
|
Signed-off-by: Felix Fietkau <nbd@nbd.name>
|
|
|
|
|
---
|
|
|
|
|
|
|
|
|
|
--- a/net/mac80211/aes_cmac.c
|
|
|
|
|
+++ b/net/mac80211/aes_cmac.c
|
|
|
|
|
@@ -22,50 +22,126 @@
|
|
|
|
|
#define CMAC_TLEN_256 16 /* CMAC TLen = 128 bits (16 octets) */
|
|
|
|
|
#define AAD_LEN 20
|
|
|
|
|
|
|
|
|
|
-static const u8 zero[CMAC_TLEN_256];
|
|
|
|
|
|
|
|
|
|
-void ieee80211_aes_cmac(struct crypto_shash *tfm, const u8 *aad,
|
|
|
|
|
- const u8 *data, size_t data_len, u8 *mic)
|
|
|
|
|
+void gf_mulx(u8 *pad)
|
2018-06-22 07:43:56 +00:00
|
|
|
+{
|
2017-10-07 10:52:56 +00:00
|
|
|
+ int i, carry;
|
2018-06-22 07:43:56 +00:00
|
|
|
+
|
2017-10-07 10:52:56 +00:00
|
|
|
+ carry = pad[0] & 0x80;
|
|
|
|
|
+ for (i = 0; i < AES_BLOCK_SIZE - 1; i++)
|
|
|
|
|
+ pad[i] = (pad[i] << 1) | (pad[i + 1] >> 7);
|
|
|
|
|
+ pad[AES_BLOCK_SIZE - 1] <<= 1;
|
|
|
|
|
+ if (carry)
|
|
|
|
|
+ pad[AES_BLOCK_SIZE - 1] ^= 0x87;
|
|
|
|
|
+}
|
2018-06-22 07:43:56 +00:00
|
|
|
+
|
2017-10-07 10:52:56 +00:00
|
|
|
+void aes_cmac_vector(struct crypto_cipher *tfm, size_t num_elem,
|
|
|
|
|
+ const u8 *addr[], const size_t *len, u8 *mac,
|
|
|
|
|
+ size_t mac_len)
|
2018-06-22 07:43:56 +00:00
|
|
|
{
|
|
|
|
|
- SHASH_DESC_ON_STACK(desc, tfm);
|
|
|
|
|
- u8 out[AES_BLOCK_SIZE];
|
2017-10-07 10:52:56 +00:00
|
|
|
+ u8 cbc[AES_BLOCK_SIZE], pad[AES_BLOCK_SIZE];
|
|
|
|
|
+ const u8 *pos, *end;
|
|
|
|
|
+ size_t i, e, left, total_len;
|
2018-06-22 07:43:56 +00:00
|
|
|
+
|
2017-10-07 10:52:56 +00:00
|
|
|
+ memset(cbc, 0, AES_BLOCK_SIZE);
|
|
|
|
|
+
|
|
|
|
|
+ total_len = 0;
|
|
|
|
|
+ for (e = 0; e < num_elem; e++)
|
|
|
|
|
+ total_len += len[e];
|
|
|
|
|
+ left = total_len;
|
|
|
|
|
+
|
|
|
|
|
+ e = 0;
|
|
|
|
|
+ pos = addr[0];
|
|
|
|
|
+ end = pos + len[0];
|
|
|
|
|
+
|
|
|
|
|
+ while (left >= AES_BLOCK_SIZE) {
|
|
|
|
|
+ for (i = 0; i < AES_BLOCK_SIZE; i++) {
|
|
|
|
|
+ cbc[i] ^= *pos++;
|
|
|
|
|
+ if (pos >= end) {
|
|
|
|
|
+ e++;
|
|
|
|
|
+ pos = addr[e];
|
|
|
|
|
+ end = pos + len[e];
|
|
|
|
|
+ }
|
|
|
|
|
+ }
|
|
|
|
|
+ if (left > AES_BLOCK_SIZE)
|
|
|
|
|
+ crypto_cipher_encrypt_one(tfm, cbc, cbc);
|
|
|
|
|
+ left -= AES_BLOCK_SIZE;
|
|
|
|
|
+ }
|
|
|
|
|
+
|
|
|
|
|
+ memset(pad, 0, AES_BLOCK_SIZE);
|
|
|
|
|
+ crypto_cipher_encrypt_one(tfm, pad, pad);
|
|
|
|
|
+ gf_mulx(pad);
|
|
|
|
|
+
|
|
|
|
|
+ if (left || total_len == 0) {
|
|
|
|
|
+ for (i = 0; i < left; i++) {
|
|
|
|
|
+ cbc[i] ^= *pos++;
|
|
|
|
|
+ if (pos >= end) {
|
|
|
|
|
+ e++;
|
|
|
|
|
+ pos = addr[e];
|
|
|
|
|
+ end = pos + len[e];
|
|
|
|
|
+ }
|
|
|
|
|
+ }
|
|
|
|
|
+ cbc[left] ^= 0x80;
|
|
|
|
|
+ gf_mulx(pad);
|
|
|
|
|
+ }
|
|
|
|
|
+
|
|
|
|
|
+ for (i = 0; i < AES_BLOCK_SIZE; i++)
|
|
|
|
|
+ pad[i] ^= cbc[i];
|
|
|
|
|
+ crypto_cipher_encrypt_one(tfm, pad, pad);
|
|
|
|
|
+ memcpy(mac, pad, mac_len);
|
2018-06-22 07:43:56 +00:00
|
|
|
+}
|
2017-10-07 10:52:56 +00:00
|
|
|
|
2018-06-22 07:43:56 +00:00
|
|
|
- desc->tfm = tfm;
|
|
|
|
|
|
|
|
|
|
- crypto_shash_init(desc);
|
|
|
|
|
- crypto_shash_update(desc, aad, AAD_LEN);
|
|
|
|
|
- crypto_shash_update(desc, data, data_len - CMAC_TLEN);
|
|
|
|
|
- crypto_shash_finup(desc, zero, CMAC_TLEN, out);
|
2017-10-07 10:52:56 +00:00
|
|
|
+void ieee80211_aes_cmac(struct crypto_cipher *tfm, const u8 *aad,
|
|
|
|
|
+ const u8 *data, size_t data_len, u8 *mic)
|
|
|
|
|
+{
|
|
|
|
|
+ const u8 *addr[3];
|
|
|
|
|
+ size_t len[3];
|
|
|
|
|
+ u8 zero[CMAC_TLEN];
|
|
|
|
|
+
|
|
|
|
|
+ memset(zero, 0, CMAC_TLEN);
|
|
|
|
|
+ addr[0] = aad;
|
|
|
|
|
+ len[0] = AAD_LEN;
|
|
|
|
|
+ addr[1] = data;
|
|
|
|
|
+ len[1] = data_len - CMAC_TLEN;
|
|
|
|
|
+ addr[2] = zero;
|
|
|
|
|
+ len[2] = CMAC_TLEN;
|
2018-06-22 07:43:56 +00:00
|
|
|
|
|
|
|
|
- memcpy(mic, out, CMAC_TLEN);
|
2017-10-07 10:52:56 +00:00
|
|
|
+ aes_cmac_vector(tfm, 3, addr, len, mic, CMAC_TLEN);
|
2018-06-22 07:43:56 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
-void ieee80211_aes_cmac_256(struct crypto_shash *tfm, const u8 *aad,
|
2017-10-07 10:52:56 +00:00
|
|
|
+void ieee80211_aes_cmac_256(struct crypto_cipher *tfm, const u8 *aad,
|
|
|
|
|
const u8 *data, size_t data_len, u8 *mic)
|
|
|
|
|
{
|
|
|
|
|
- SHASH_DESC_ON_STACK(desc, tfm);
|
|
|
|
|
+ const u8 *addr[3];
|
|
|
|
|
+ size_t len[3];
|
|
|
|
|
+ u8 zero[CMAC_TLEN_256];
|
2018-06-22 07:43:56 +00:00
|
|
|
+
|
2017-10-07 10:52:56 +00:00
|
|
|
+ memset(zero, 0, CMAC_TLEN_256);
|
|
|
|
|
+ addr[0] = aad;
|
|
|
|
|
+ len[0] = AAD_LEN;
|
|
|
|
|
+ addr[1] = data;
|
|
|
|
|
+ len[1] = data_len - CMAC_TLEN_256;
|
|
|
|
|
+ addr[2] = zero;
|
|
|
|
|
+ len[2] = CMAC_TLEN_256;
|
|
|
|
|
|
2018-06-22 07:43:56 +00:00
|
|
|
- desc->tfm = tfm;
|
|
|
|
|
-
|
2017-10-07 10:52:56 +00:00
|
|
|
- crypto_shash_init(desc);
|
|
|
|
|
- crypto_shash_update(desc, aad, AAD_LEN);
|
|
|
|
|
- crypto_shash_update(desc, data, data_len - CMAC_TLEN_256);
|
|
|
|
|
- crypto_shash_finup(desc, zero, CMAC_TLEN_256, mic);
|
|
|
|
|
+ aes_cmac_vector(tfm, 3, addr, len, mic, CMAC_TLEN_256);
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
-struct crypto_shash *ieee80211_aes_cmac_key_setup(const u8 key[],
|
|
|
|
|
- size_t key_len)
|
|
|
|
|
+struct crypto_cipher *ieee80211_aes_cmac_key_setup(const u8 key[],
|
|
|
|
|
+ size_t key_len)
|
|
|
|
|
{
|
|
|
|
|
- struct crypto_shash *tfm;
|
|
|
|
|
+ struct crypto_cipher *tfm;
|
|
|
|
|
|
|
|
|
|
- tfm = crypto_alloc_shash("cmac(aes)", 0, 0);
|
|
|
|
|
+ tfm = crypto_alloc_cipher("aes", 0, CRYPTO_ALG_ASYNC);
|
|
|
|
|
if (!IS_ERR(tfm))
|
|
|
|
|
- crypto_shash_setkey(tfm, key, key_len);
|
|
|
|
|
+ crypto_cipher_setkey(tfm, key, key_len);
|
|
|
|
|
|
|
|
|
|
return tfm;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
-void ieee80211_aes_cmac_key_free(struct crypto_shash *tfm)
|
|
|
|
|
+
|
|
|
|
|
+void ieee80211_aes_cmac_key_free(struct crypto_cipher *tfm)
|
|
|
|
|
{
|
|
|
|
|
- crypto_free_shash(tfm);
|
|
|
|
|
+ crypto_free_cipher(tfm);
|
|
|
|
|
}
|
|
|
|
|
--- a/net/mac80211/aes_cmac.h
|
|
|
|
|
+++ b/net/mac80211/aes_cmac.h
|
|
|
|
|
@@ -10,14 +10,13 @@
|
|
|
|
|
#define AES_CMAC_H
|
|
|
|
|
|
|
|
|
|
#include <linux/crypto.h>
|
|
|
|
|
-#include <crypto/hash.h>
|
|
|
|
|
|
|
|
|
|
-struct crypto_shash *ieee80211_aes_cmac_key_setup(const u8 key[],
|
|
|
|
|
- size_t key_len);
|
|
|
|
|
-void ieee80211_aes_cmac(struct crypto_shash *tfm, const u8 *aad,
|
|
|
|
|
+struct crypto_cipher *ieee80211_aes_cmac_key_setup(const u8 key[],
|
|
|
|
|
+ size_t key_len);
|
|
|
|
|
+void ieee80211_aes_cmac(struct crypto_cipher *tfm, const u8 *aad,
|
|
|
|
|
const u8 *data, size_t data_len, u8 *mic);
|
|
|
|
|
-void ieee80211_aes_cmac_256(struct crypto_shash *tfm, const u8 *aad,
|
|
|
|
|
+void ieee80211_aes_cmac_256(struct crypto_cipher *tfm, const u8 *aad,
|
|
|
|
|
const u8 *data, size_t data_len, u8 *mic);
|
|
|
|
|
-void ieee80211_aes_cmac_key_free(struct crypto_shash *tfm);
|
|
|
|
|
+void ieee80211_aes_cmac_key_free(struct crypto_cipher *tfm);
|
|
|
|
|
|
|
|
|
|
#endif /* AES_CMAC_H */
|
|
|
|
|
--- a/net/mac80211/key.h
|
|
|
|
|
+++ b/net/mac80211/key.h
|
|
|
|
|
@@ -93,7 +93,7 @@ struct ieee80211_key {
|
|
|
|
|
} ccmp;
|
|
|
|
|
struct {
|
|
|
|
|
u8 rx_pn[IEEE80211_CMAC_PN_LEN];
|
|
|
|
|
- struct crypto_shash *tfm;
|
|
|
|
|
+ struct crypto_cipher *tfm;
|
|
|
|
|
u32 replays; /* dot11RSNAStatsCMACReplays */
|
|
|
|
|
u32 icverrors; /* dot11RSNAStatsCMACICVErrors */
|
|
|
|
|
} aes_cmac;
|
