c3bf7ccc7abda2a6f48a8dcc75208ce8e08938a6
[openwrt/staging/nbd.git] /
1 From: Felix Fietkau <nbd@nbd.name>
2 Date: Sat, 7 Oct 2017 09:37:28 +0200
3 Subject: [PATCH] Revert "mac80211: aes-cmac: switch to shash CMAC
4 driver"
5
6 This reverts commit 26717828b75dd5c46e97f7f4a9b937d038bb2852.
7 Reduces mac80211 dependencies for LEDE
8
9 Signed-off-by: Felix Fietkau <nbd@nbd.name>
10 ---
11
12 --- a/net/mac80211/aes_cmac.c
13 +++ b/net/mac80211/aes_cmac.c
14 @@ -19,67 +19,151 @@
15 #define CMAC_TLEN_256 16 /* CMAC TLen = 128 bits (16 octets) */
16 #define AAD_LEN 20
17
18 -static const u8 zero[CMAC_TLEN_256];
19
20 -void ieee80211_aes_cmac(struct crypto_shash *tfm, const u8 *aad,
21 +void gf_mulx(u8 *pad)
22 +{
23 + int i, carry;
24 +
25 + carry = pad[0] & 0x80;
26 + for (i = 0; i < AES_BLOCK_SIZE - 1; i++)
27 + pad[i] = (pad[i] << 1) | (pad[i + 1] >> 7);
28 + pad[AES_BLOCK_SIZE - 1] <<= 1;
29 + if (carry)
30 + pad[AES_BLOCK_SIZE - 1] ^= 0x87;
31 +}
32 +
33 +void aes_cmac_vector(struct crypto_cipher *tfm, size_t num_elem,
34 + const u8 *addr[], const size_t *len, u8 *mac,
35 + size_t mac_len)
36 +{
37 + u8 cbc[AES_BLOCK_SIZE], pad[AES_BLOCK_SIZE];
38 + const u8 *pos, *end;
39 + size_t i, e, left, total_len;
40 +
41 + memset(cbc, 0, AES_BLOCK_SIZE);
42 +
43 + total_len = 0;
44 + for (e = 0; e < num_elem; e++)
45 + total_len += len[e];
46 + left = total_len;
47 +
48 + e = 0;
49 + pos = addr[0];
50 + end = pos + len[0];
51 +
52 + while (left >= AES_BLOCK_SIZE) {
53 + for (i = 0; i < AES_BLOCK_SIZE; i++) {
54 + cbc[i] ^= *pos++;
55 + if (pos >= end) {
56 + e++;
57 + pos = addr[e];
58 + end = pos + len[e];
59 + }
60 + }
61 + if (left > AES_BLOCK_SIZE)
62 + crypto_cipher_encrypt_one(tfm, cbc, cbc);
63 + left -= AES_BLOCK_SIZE;
64 + }
65 +
66 + memset(pad, 0, AES_BLOCK_SIZE);
67 + crypto_cipher_encrypt_one(tfm, pad, pad);
68 + gf_mulx(pad);
69 +
70 + if (left || total_len == 0) {
71 + for (i = 0; i < left; i++) {
72 + cbc[i] ^= *pos++;
73 + if (pos >= end) {
74 + e++;
75 + pos = addr[e];
76 + end = pos + len[e];
77 + }
78 + }
79 + cbc[left] ^= 0x80;
80 + gf_mulx(pad);
81 + }
82 +
83 + for (i = 0; i < AES_BLOCK_SIZE; i++)
84 + pad[i] ^= cbc[i];
85 + crypto_cipher_encrypt_one(tfm, pad, pad);
86 + memcpy(mac, pad, mac_len);
87 +}
88 +
89 +
90 +void ieee80211_aes_cmac(struct crypto_cipher *tfm, const u8 *aad,
91 const u8 *data, size_t data_len, u8 *mic)
92 {
93 - SHASH_DESC_ON_STACK(desc, tfm);
94 - u8 out[AES_BLOCK_SIZE];
95 + const u8 *addr[4];
96 + size_t len[4];
97 + u8 zero[CMAC_TLEN];
98 const __le16 *fc;
99
100 - desc->tfm = tfm;
101 -
102 - crypto_shash_init(desc);
103 - crypto_shash_update(desc, aad, AAD_LEN);
104 + memset(zero, 0, CMAC_TLEN);
105 + addr[0] = aad;
106 + len[0] = AAD_LEN;
107 fc = (const __le16 *)aad;
108 if (ieee80211_is_beacon(*fc)) {
109 /* mask Timestamp field to zero */
110 - crypto_shash_update(desc, zero, 8);
111 - crypto_shash_update(desc, data + 8, data_len - 8 - CMAC_TLEN);
112 + addr[1] = zero;
113 + len[1] = 8;
114 + addr[2] = data + 8;
115 + len[2] = data_len - 8 - CMAC_TLEN;
116 + addr[3] = zero;
117 + len[3] = CMAC_TLEN;
118 + aes_cmac_vector(tfm, 4, addr, len, mic, CMAC_TLEN);
119 } else {
120 - crypto_shash_update(desc, data, data_len - CMAC_TLEN);
121 + addr[1] = data;
122 + len[1] = data_len - CMAC_TLEN;
123 + addr[2] = zero;
124 + len[2] = CMAC_TLEN;
125 + aes_cmac_vector(tfm, 3, addr, len, mic, CMAC_TLEN);
126 }
127 - crypto_shash_finup(desc, zero, CMAC_TLEN, out);
128 -
129 - memcpy(mic, out, CMAC_TLEN);
130 }
131
132 -void ieee80211_aes_cmac_256(struct crypto_shash *tfm, const u8 *aad,
133 +void ieee80211_aes_cmac_256(struct crypto_cipher *tfm, const u8 *aad,
134 const u8 *data, size_t data_len, u8 *mic)
135 {
136 - SHASH_DESC_ON_STACK(desc, tfm);
137 + const u8 *addr[4];
138 + size_t len[4];
139 + u8 zero[CMAC_TLEN_256];
140 const __le16 *fc;
141
142 - desc->tfm = tfm;
143 -
144 - crypto_shash_init(desc);
145 - crypto_shash_update(desc, aad, AAD_LEN);
146 + memset(zero, 0, CMAC_TLEN_256);
147 + addr[0] = aad;
148 + len[0] = AAD_LEN;
149 + addr[1] = data;
150 fc = (const __le16 *)aad;
151 if (ieee80211_is_beacon(*fc)) {
152 /* mask Timestamp field to zero */
153 - crypto_shash_update(desc, zero, 8);
154 - crypto_shash_update(desc, data + 8,
155 - data_len - 8 - CMAC_TLEN_256);
156 + addr[1] = zero;
157 + len[1] = 8;
158 + addr[2] = data + 8;
159 + len[2] = data_len - 8 - CMAC_TLEN_256;
160 + addr[3] = zero;
161 + len[3] = CMAC_TLEN_256;
162 + aes_cmac_vector(tfm, 4, addr, len, mic, CMAC_TLEN_256);
163 } else {
164 - crypto_shash_update(desc, data, data_len - CMAC_TLEN_256);
165 + addr[1] = data;
166 + len[1] = data_len - CMAC_TLEN_256;
167 + addr[2] = zero;
168 + len[2] = CMAC_TLEN_256;
169 + aes_cmac_vector(tfm, 3, addr, len, mic, CMAC_TLEN_256);
170 }
171 - crypto_shash_finup(desc, zero, CMAC_TLEN_256, mic);
172 }
173
174 -struct crypto_shash *ieee80211_aes_cmac_key_setup(const u8 key[],
175 - size_t key_len)
176 +struct crypto_cipher *ieee80211_aes_cmac_key_setup(const u8 key[],
177 + size_t key_len)
178 {
179 - struct crypto_shash *tfm;
180 + struct crypto_cipher *tfm;
181
182 - tfm = crypto_alloc_shash("cmac(aes)", 0, 0);
183 + tfm = crypto_alloc_cipher("aes", 0, CRYPTO_ALG_ASYNC);
184 if (!IS_ERR(tfm))
185 - crypto_shash_setkey(tfm, key, key_len);
186 + crypto_cipher_setkey(tfm, key, key_len);
187
188 return tfm;
189 }
190
191 -void ieee80211_aes_cmac_key_free(struct crypto_shash *tfm)
192 +
193 +void ieee80211_aes_cmac_key_free(struct crypto_cipher *tfm)
194 {
195 - crypto_free_shash(tfm);
196 + crypto_free_cipher(tfm);
197 }
198 --- a/net/mac80211/aes_cmac.h
199 +++ b/net/mac80211/aes_cmac.h
200 @@ -7,14 +7,13 @@
201 #define AES_CMAC_H
202
203 #include <linux/crypto.h>
204 -#include <crypto/hash.h>
205
206 -struct crypto_shash *ieee80211_aes_cmac_key_setup(const u8 key[],
207 - size_t key_len);
208 -void ieee80211_aes_cmac(struct crypto_shash *tfm, const u8 *aad,
209 +struct crypto_cipher *ieee80211_aes_cmac_key_setup(const u8 key[],
210 + size_t key_len);
211 +void ieee80211_aes_cmac(struct crypto_cipher *tfm, const u8 *aad,
212 const u8 *data, size_t data_len, u8 *mic);
213 -void ieee80211_aes_cmac_256(struct crypto_shash *tfm, const u8 *aad,
214 +void ieee80211_aes_cmac_256(struct crypto_cipher *tfm, const u8 *aad,
215 const u8 *data, size_t data_len, u8 *mic);
216 -void ieee80211_aes_cmac_key_free(struct crypto_shash *tfm);
217 +void ieee80211_aes_cmac_key_free(struct crypto_cipher *tfm);
218
219 #endif /* AES_CMAC_H */
220 --- a/net/mac80211/key.h
221 +++ b/net/mac80211/key.h
222 @@ -94,7 +94,7 @@ struct ieee80211_key {
223 } ccmp;
224 struct {
225 u8 rx_pn[IEEE80211_CMAC_PN_LEN];
226 - struct crypto_shash *tfm;
227 + struct crypto_cipher *tfm;
228 u32 replays; /* dot11RSNAStatsCMACReplays */
229 u32 icverrors; /* dot11RSNAStatsCMACICVErrors */
230 } aes_cmac;