9830602ab05530496199669c14f259d56b31ae89
[openwrt/openwrt.git] /
1 From: Felix Fietkau <nbd@nbd.name>
2 Date: Sat, 7 Oct 2017 09:37:28 +0200
3 Subject: [PATCH] Revert "mac80211: aes-cmac: switch to shash CMAC
4 driver"
5
6 This reverts commit 26717828b75dd5c46e97f7f4a9b937d038bb2852.
7 Reduces mac80211 dependencies for LEDE
8
9 Signed-off-by: Felix Fietkau <nbd@nbd.name>
10 ---
11
12 --- a/net/mac80211/aes_cmac.c
13 +++ b/net/mac80211/aes_cmac.c
14 @@ -19,50 +19,126 @@
15 #define CMAC_TLEN_256 16 /* CMAC TLen = 128 bits (16 octets) */
16 #define AAD_LEN 20
17
18 -static const u8 zero[CMAC_TLEN_256];
19
20 -void ieee80211_aes_cmac(struct crypto_shash *tfm, const u8 *aad,
21 - const u8 *data, size_t data_len, u8 *mic)
22 +void gf_mulx(u8 *pad)
23 +{
24 + int i, carry;
25 +
26 + carry = pad[0] & 0x80;
27 + for (i = 0; i < AES_BLOCK_SIZE - 1; i++)
28 + pad[i] = (pad[i] << 1) | (pad[i + 1] >> 7);
29 + pad[AES_BLOCK_SIZE - 1] <<= 1;
30 + if (carry)
31 + pad[AES_BLOCK_SIZE - 1] ^= 0x87;
32 +}
33 +
34 +void aes_cmac_vector(struct crypto_cipher *tfm, size_t num_elem,
35 + const u8 *addr[], const size_t *len, u8 *mac,
36 + size_t mac_len)
37 {
38 - SHASH_DESC_ON_STACK(desc, tfm);
39 - u8 out[AES_BLOCK_SIZE];
40 + u8 cbc[AES_BLOCK_SIZE], pad[AES_BLOCK_SIZE];
41 + const u8 *pos, *end;
42 + size_t i, e, left, total_len;
43 +
44 + memset(cbc, 0, AES_BLOCK_SIZE);
45 +
46 + total_len = 0;
47 + for (e = 0; e < num_elem; e++)
48 + total_len += len[e];
49 + left = total_len;
50 +
51 + e = 0;
52 + pos = addr[0];
53 + end = pos + len[0];
54 +
55 + while (left >= AES_BLOCK_SIZE) {
56 + for (i = 0; i < AES_BLOCK_SIZE; i++) {
57 + cbc[i] ^= *pos++;
58 + if (pos >= end) {
59 + e++;
60 + pos = addr[e];
61 + end = pos + len[e];
62 + }
63 + }
64 + if (left > AES_BLOCK_SIZE)
65 + crypto_cipher_encrypt_one(tfm, cbc, cbc);
66 + left -= AES_BLOCK_SIZE;
67 + }
68 +
69 + memset(pad, 0, AES_BLOCK_SIZE);
70 + crypto_cipher_encrypt_one(tfm, pad, pad);
71 + gf_mulx(pad);
72 +
73 + if (left || total_len == 0) {
74 + for (i = 0; i < left; i++) {
75 + cbc[i] ^= *pos++;
76 + if (pos >= end) {
77 + e++;
78 + pos = addr[e];
79 + end = pos + len[e];
80 + }
81 + }
82 + cbc[left] ^= 0x80;
83 + gf_mulx(pad);
84 + }
85 +
86 + for (i = 0; i < AES_BLOCK_SIZE; i++)
87 + pad[i] ^= cbc[i];
88 + crypto_cipher_encrypt_one(tfm, pad, pad);
89 + memcpy(mac, pad, mac_len);
90 +}
91
92 - desc->tfm = tfm;
93
94 - crypto_shash_init(desc);
95 - crypto_shash_update(desc, aad, AAD_LEN);
96 - crypto_shash_update(desc, data, data_len - CMAC_TLEN);
97 - crypto_shash_finup(desc, zero, CMAC_TLEN, out);
98 +void ieee80211_aes_cmac(struct crypto_cipher *tfm, const u8 *aad,
99 + const u8 *data, size_t data_len, u8 *mic)
100 +{
101 + const u8 *addr[3];
102 + size_t len[3];
103 + u8 zero[CMAC_TLEN];
104 +
105 + memset(zero, 0, CMAC_TLEN);
106 + addr[0] = aad;
107 + len[0] = AAD_LEN;
108 + addr[1] = data;
109 + len[1] = data_len - CMAC_TLEN;
110 + addr[2] = zero;
111 + len[2] = CMAC_TLEN;
112
113 - memcpy(mic, out, CMAC_TLEN);
114 + aes_cmac_vector(tfm, 3, addr, len, mic, CMAC_TLEN);
115 }
116
117 -void ieee80211_aes_cmac_256(struct crypto_shash *tfm, const u8 *aad,
118 +void ieee80211_aes_cmac_256(struct crypto_cipher *tfm, const u8 *aad,
119 const u8 *data, size_t data_len, u8 *mic)
120 {
121 - SHASH_DESC_ON_STACK(desc, tfm);
122 + const u8 *addr[3];
123 + size_t len[3];
124 + u8 zero[CMAC_TLEN_256];
125 +
126 + memset(zero, 0, CMAC_TLEN_256);
127 + addr[0] = aad;
128 + len[0] = AAD_LEN;
129 + addr[1] = data;
130 + len[1] = data_len - CMAC_TLEN_256;
131 + addr[2] = zero;
132 + len[2] = CMAC_TLEN_256;
133
134 - desc->tfm = tfm;
135 -
136 - crypto_shash_init(desc);
137 - crypto_shash_update(desc, aad, AAD_LEN);
138 - crypto_shash_update(desc, data, data_len - CMAC_TLEN_256);
139 - crypto_shash_finup(desc, zero, CMAC_TLEN_256, mic);
140 + aes_cmac_vector(tfm, 3, addr, len, mic, CMAC_TLEN_256);
141 }
142
143 -struct crypto_shash *ieee80211_aes_cmac_key_setup(const u8 key[],
144 - size_t key_len)
145 +struct crypto_cipher *ieee80211_aes_cmac_key_setup(const u8 key[],
146 + size_t key_len)
147 {
148 - struct crypto_shash *tfm;
149 + struct crypto_cipher *tfm;
150
151 - tfm = crypto_alloc_shash("cmac(aes)", 0, 0);
152 + tfm = crypto_alloc_cipher("aes", 0, CRYPTO_ALG_ASYNC);
153 if (!IS_ERR(tfm))
154 - crypto_shash_setkey(tfm, key, key_len);
155 + crypto_cipher_setkey(tfm, key, key_len);
156
157 return tfm;
158 }
159
160 -void ieee80211_aes_cmac_key_free(struct crypto_shash *tfm)
161 +
162 +void ieee80211_aes_cmac_key_free(struct crypto_cipher *tfm)
163 {
164 - crypto_free_shash(tfm);
165 + crypto_free_cipher(tfm);
166 }
167 --- a/net/mac80211/aes_cmac.h
168 +++ b/net/mac80211/aes_cmac.h
169 @@ -7,14 +7,13 @@
170 #define AES_CMAC_H
171
172 #include <linux/crypto.h>
173 -#include <crypto/hash.h>
174
175 -struct crypto_shash *ieee80211_aes_cmac_key_setup(const u8 key[],
176 - size_t key_len);
177 -void ieee80211_aes_cmac(struct crypto_shash *tfm, const u8 *aad,
178 +struct crypto_cipher *ieee80211_aes_cmac_key_setup(const u8 key[],
179 + size_t key_len);
180 +void ieee80211_aes_cmac(struct crypto_cipher *tfm, const u8 *aad,
181 const u8 *data, size_t data_len, u8 *mic);
182 -void ieee80211_aes_cmac_256(struct crypto_shash *tfm, const u8 *aad,
183 +void ieee80211_aes_cmac_256(struct crypto_cipher *tfm, const u8 *aad,
184 const u8 *data, size_t data_len, u8 *mic);
185 -void ieee80211_aes_cmac_key_free(struct crypto_shash *tfm);
186 +void ieee80211_aes_cmac_key_free(struct crypto_cipher *tfm);
187
188 #endif /* AES_CMAC_H */
189 --- a/net/mac80211/key.h
190 +++ b/net/mac80211/key.h
191 @@ -92,7 +92,7 @@ struct ieee80211_key {
192 } ccmp;
193 struct {
194 u8 rx_pn[IEEE80211_CMAC_PN_LEN];
195 - struct crypto_shash *tfm;
196 + struct crypto_cipher *tfm;
197 u32 replays; /* dot11RSNAStatsCMACReplays */
198 u32 icverrors; /* dot11RSNAStatsCMACICVErrors */
199 } aes_cmac;