From: Felix Fietkau Date: Sat, 7 Oct 2017 09:37:28 +0200 Subject: [PATCH] Revert "mac80211: aes-cmac: switch to shash CMAC driver" This reverts commit 26717828b75dd5c46e97f7f4a9b937d038bb2852. Reduces mac80211 dependencies for LEDE Signed-off-by: Felix Fietkau --- --- a/net/mac80211/aes_cmac.c +++ b/net/mac80211/aes_cmac.c @@ -19,67 +19,151 @@ #define CMAC_TLEN_256 16 /* CMAC TLen = 128 bits (16 octets) */ #define AAD_LEN 20 -static const u8 zero[CMAC_TLEN_256]; -void ieee80211_aes_cmac(struct crypto_shash *tfm, const u8 *aad, +void gf_mulx(u8 *pad) +{ + int i, carry; + + carry = pad[0] & 0x80; + for (i = 0; i < AES_BLOCK_SIZE - 1; i++) + pad[i] = (pad[i] << 1) | (pad[i + 1] >> 7); + pad[AES_BLOCK_SIZE - 1] <<= 1; + if (carry) + pad[AES_BLOCK_SIZE - 1] ^= 0x87; +} + +void aes_cmac_vector(struct crypto_cipher *tfm, size_t num_elem, + const u8 *addr[], const size_t *len, u8 *mac, + size_t mac_len) +{ + u8 cbc[AES_BLOCK_SIZE], pad[AES_BLOCK_SIZE]; + const u8 *pos, *end; + size_t i, e, left, total_len; + + memset(cbc, 0, AES_BLOCK_SIZE); + + total_len = 0; + for (e = 0; e < num_elem; e++) + total_len += len[e]; + left = total_len; + + e = 0; + pos = addr[0]; + end = pos + len[0]; + + while (left >= AES_BLOCK_SIZE) { + for (i = 0; i < AES_BLOCK_SIZE; i++) { + cbc[i] ^= *pos++; + if (pos >= end) { + e++; + pos = addr[e]; + end = pos + len[e]; + } + } + if (left > AES_BLOCK_SIZE) + crypto_cipher_encrypt_one(tfm, cbc, cbc); + left -= AES_BLOCK_SIZE; + } + + memset(pad, 0, AES_BLOCK_SIZE); + crypto_cipher_encrypt_one(tfm, pad, pad); + gf_mulx(pad); + + if (left || total_len == 0) { + for (i = 0; i < left; i++) { + cbc[i] ^= *pos++; + if (pos >= end) { + e++; + pos = addr[e]; + end = pos + len[e]; + } + } + cbc[left] ^= 0x80; + gf_mulx(pad); + } + + for (i = 0; i < AES_BLOCK_SIZE; i++) + pad[i] ^= cbc[i]; + crypto_cipher_encrypt_one(tfm, pad, pad); + memcpy(mac, pad, mac_len); +} + + +void ieee80211_aes_cmac(struct crypto_cipher *tfm, const u8 *aad, const u8 *data, size_t data_len, u8 *mic) { - SHASH_DESC_ON_STACK(desc, tfm); - u8 out[AES_BLOCK_SIZE]; + const u8 *addr[4]; + size_t len[4]; + u8 zero[CMAC_TLEN]; const __le16 *fc; - desc->tfm = tfm; - - crypto_shash_init(desc); - crypto_shash_update(desc, aad, AAD_LEN); + memset(zero, 0, CMAC_TLEN); + addr[0] = aad; + len[0] = AAD_LEN; fc = (const __le16 *)aad; if (ieee80211_is_beacon(*fc)) { /* mask Timestamp field to zero */ - crypto_shash_update(desc, zero, 8); - crypto_shash_update(desc, data + 8, data_len - 8 - CMAC_TLEN); + addr[1] = zero; + len[1] = 8; + addr[2] = data + 8; + len[2] = data_len - 8 - CMAC_TLEN; + addr[3] = zero; + len[3] = CMAC_TLEN; + aes_cmac_vector(tfm, 4, addr, len, mic, CMAC_TLEN); } else { - crypto_shash_update(desc, data, data_len - CMAC_TLEN); + addr[1] = data; + len[1] = data_len - CMAC_TLEN; + addr[2] = zero; + len[2] = CMAC_TLEN; + aes_cmac_vector(tfm, 3, addr, len, mic, CMAC_TLEN); } - crypto_shash_finup(desc, zero, CMAC_TLEN, out); - - memcpy(mic, out, CMAC_TLEN); } -void ieee80211_aes_cmac_256(struct crypto_shash *tfm, const u8 *aad, +void ieee80211_aes_cmac_256(struct crypto_cipher *tfm, const u8 *aad, const u8 *data, size_t data_len, u8 *mic) { - SHASH_DESC_ON_STACK(desc, tfm); + const u8 *addr[4]; + size_t len[4]; + u8 zero[CMAC_TLEN_256]; const __le16 *fc; - desc->tfm = tfm; - - crypto_shash_init(desc); - crypto_shash_update(desc, aad, AAD_LEN); + memset(zero, 0, CMAC_TLEN_256); + addr[0] = aad; + len[0] = AAD_LEN; + addr[1] = data; fc = (const __le16 *)aad; if (ieee80211_is_beacon(*fc)) { /* mask Timestamp field to zero */ - crypto_shash_update(desc, zero, 8); - crypto_shash_update(desc, data + 8, - data_len - 8 - CMAC_TLEN_256); + addr[1] = zero; + len[1] = 8; + addr[2] = data + 8; + len[2] = data_len - 8 - CMAC_TLEN_256; + addr[3] = zero; + len[3] = CMAC_TLEN_256; + aes_cmac_vector(tfm, 4, addr, len, mic, CMAC_TLEN_256); } else { - crypto_shash_update(desc, data, data_len - CMAC_TLEN_256); + addr[1] = data; + len[1] = data_len - CMAC_TLEN_256; + addr[2] = zero; + len[2] = CMAC_TLEN_256; + aes_cmac_vector(tfm, 3, addr, len, mic, CMAC_TLEN_256); } - crypto_shash_finup(desc, zero, CMAC_TLEN_256, mic); } -struct crypto_shash *ieee80211_aes_cmac_key_setup(const u8 key[], - size_t key_len) +struct crypto_cipher *ieee80211_aes_cmac_key_setup(const u8 key[], + size_t key_len) { - struct crypto_shash *tfm; + struct crypto_cipher *tfm; - tfm = crypto_alloc_shash("cmac(aes)", 0, 0); + tfm = crypto_alloc_cipher("aes", 0, CRYPTO_ALG_ASYNC); if (!IS_ERR(tfm)) - crypto_shash_setkey(tfm, key, key_len); + crypto_cipher_setkey(tfm, key, key_len); return tfm; } -void ieee80211_aes_cmac_key_free(struct crypto_shash *tfm) + +void ieee80211_aes_cmac_key_free(struct crypto_cipher *tfm) { - crypto_free_shash(tfm); + crypto_free_cipher(tfm); } --- a/net/mac80211/aes_cmac.h +++ b/net/mac80211/aes_cmac.h @@ -7,14 +7,13 @@ #define AES_CMAC_H #include -#include -struct crypto_shash *ieee80211_aes_cmac_key_setup(const u8 key[], - size_t key_len); -void ieee80211_aes_cmac(struct crypto_shash *tfm, const u8 *aad, +struct crypto_cipher *ieee80211_aes_cmac_key_setup(const u8 key[], + size_t key_len); +void ieee80211_aes_cmac(struct crypto_cipher *tfm, const u8 *aad, const u8 *data, size_t data_len, u8 *mic); -void ieee80211_aes_cmac_256(struct crypto_shash *tfm, const u8 *aad, +void ieee80211_aes_cmac_256(struct crypto_cipher *tfm, const u8 *aad, const u8 *data, size_t data_len, u8 *mic); -void ieee80211_aes_cmac_key_free(struct crypto_shash *tfm); +void ieee80211_aes_cmac_key_free(struct crypto_cipher *tfm); #endif /* AES_CMAC_H */ --- a/net/mac80211/key.h +++ b/net/mac80211/key.h @@ -94,7 +94,7 @@ struct ieee80211_key { } ccmp; struct { u8 rx_pn[IEEE80211_CMAC_PN_LEN]; - struct crypto_shash *tfm; + struct crypto_cipher *tfm; u32 replays; /* dot11RSNAStatsCMACReplays */ u32 icverrors; /* dot11RSNAStatsCMACICVErrors */ } aes_cmac;