package/kernel/mac80211/patches/subsys/131-Revert-mac80211-aes-cmac-switch-to-shash-CMAC-driver.patch

   1 From: Felix Fietkau <nbd@nbd.name>
   2 Date: Sat, 7 Oct 2017 09:37:28 +0200
   3 Subject: [PATCH] Revert "mac80211: aes-cmac: switch to shash CMAC
   4  driver"
   5
   6 This reverts commit 26717828b75dd5c46e97f7f4a9b937d038bb2852.
   7 Reduces mac80211 dependencies for LEDE
   8
   9 Signed-off-by: Felix Fietkau <nbd@nbd.name>
  10 ---
  11
  12 --- a/net/mac80211/aes_cmac.c
  13 +++ b/net/mac80211/aes_cmac.c
  14 @@ -19,67 +19,151 @@
  15  #define CMAC_TLEN_256 16 /* CMAC TLen = 128 bits (16 octets) */
  16  #define AAD_LEN 20
  17
  18 -static const u8 zero[CMAC_TLEN_256];
  19
  20 -void ieee80211_aes_cmac(struct crypto_shash *tfm, const u8 *aad,
  21 +void gf_mulx(u8 *pad)
  22 +{
  23 +       int i, carry;
  24 +
  25 +       carry = pad[0] & 0x80;
  26 +       for (i = 0; i < AES_BLOCK_SIZE - 1; i++)
  27 +               pad[i] = (pad[i] << 1) | (pad[i + 1] >> 7);
  28 +       pad[AES_BLOCK_SIZE - 1] <<= 1;
  29 +       if (carry)
  30 +               pad[AES_BLOCK_SIZE - 1] ^= 0x87;
  31 +}
  32 +
  33 +void aes_cmac_vector(struct crypto_cipher *tfm, size_t num_elem,
  34 +                    const u8 *addr[], const size_t *len, u8 *mac,
  35 +                    size_t mac_len)
  36 +{
  37 +       u8 cbc[AES_BLOCK_SIZE], pad[AES_BLOCK_SIZE];
  38 +       const u8 *pos, *end;
  39 +       size_t i, e, left, total_len;
  40 +
  41 +       memset(cbc, 0, AES_BLOCK_SIZE);
  42 +
  43 +       total_len = 0;
  44 +       for (e = 0; e < num_elem; e++)
  45 +               total_len += len[e];
  46 +       left = total_len;
  47 +
  48 +       e = 0;
  49 +       pos = addr[0];
  50 +       end = pos + len[0];
  51 +
  52 +       while (left >= AES_BLOCK_SIZE) {
  53 +               for (i = 0; i < AES_BLOCK_SIZE; i++) {
  54 +                       cbc[i] ^= *pos++;
  55 +                       if (pos >= end) {
  56 +                               e++;
  57 +                               pos = addr[e];
  58 +                               end = pos + len[e];
  59 +                       }
  60 +               }
  61 +               if (left > AES_BLOCK_SIZE)
  62 +                       crypto_cipher_encrypt_one(tfm, cbc, cbc);
  63 +               left -= AES_BLOCK_SIZE;
  64 +       }
  65 +
  66 +       memset(pad, 0, AES_BLOCK_SIZE);
  67 +       crypto_cipher_encrypt_one(tfm, pad, pad);
  68 +       gf_mulx(pad);
  69 +
  70 +       if (left || total_len == 0) {
  71 +               for (i = 0; i < left; i++) {
  72 +                       cbc[i] ^= *pos++;
  73 +                       if (pos >= end) {
  74 +                               e++;
  75 +                               pos = addr[e];
  76 +                               end = pos + len[e];
  77 +                       }
  78 +               }
  79 +               cbc[left] ^= 0x80;
  80 +               gf_mulx(pad);
  81 +       }
  82 +
  83 +       for (i = 0; i < AES_BLOCK_SIZE; i++)
  84 +               pad[i] ^= cbc[i];
  85 +       crypto_cipher_encrypt_one(tfm, pad, pad);
  86 +       memcpy(mac, pad, mac_len);
  87 +}
  88 +
  89 +
  90 +void ieee80211_aes_cmac(struct crypto_cipher *tfm, const u8 *aad,
  91                         const u8 *data, size_t data_len, u8 *mic)
  92  {
  93 -       SHASH_DESC_ON_STACK(desc, tfm);
  94 -       u8 out[AES_BLOCK_SIZE];
  95 +       const u8 *addr[4];
  96 +       size_t len[4];
  97 +       u8 zero[CMAC_TLEN];
  98         const __le16 *fc;
  99
 100 -       desc->tfm = tfm;
 101 -
 102 -       crypto_shash_init(desc);
 103 -       crypto_shash_update(desc, aad, AAD_LEN);
 104 +       memset(zero, 0, CMAC_TLEN);
 105 +       addr[0] = aad;
 106 +       len[0] = AAD_LEN;
 107         fc = (const __le16 *)aad;
 108         if (ieee80211_is_beacon(*fc)) {
 109                 /* mask Timestamp field to zero */
 110 -               crypto_shash_update(desc, zero, 8);
 111 -               crypto_shash_update(desc, data + 8, data_len - 8 - CMAC_TLEN);
 112 +               addr[1] = zero;
 113 +               len[1] = 8;
 114 +               addr[2] = data + 8;
 115 +               len[2] = data_len - 8 - CMAC_TLEN;
 116 +               addr[3] = zero;
 117 +               len[3] = CMAC_TLEN;
 118 +               aes_cmac_vector(tfm, 4, addr, len, mic, CMAC_TLEN);
 119         } else {
 120 -               crypto_shash_update(desc, data, data_len - CMAC_TLEN);
 121 +               addr[1] = data;
 122 +               len[1] = data_len - CMAC_TLEN;
 123 +               addr[2] = zero;
 124 +               len[2] = CMAC_TLEN;
 125 +               aes_cmac_vector(tfm, 3, addr, len, mic, CMAC_TLEN);
 126         }
 127 -       crypto_shash_finup(desc, zero, CMAC_TLEN, out);
 128 -
 129 -       memcpy(mic, out, CMAC_TLEN);
 130  }
 131
 132 -void ieee80211_aes_cmac_256(struct crypto_shash *tfm, const u8 *aad,
 133 +void ieee80211_aes_cmac_256(struct crypto_cipher *tfm, const u8 *aad,
 134                             const u8 *data, size_t data_len, u8 *mic)
 135  {
 136 -       SHASH_DESC_ON_STACK(desc, tfm);
 137 +       const u8 *addr[4];
 138 +       size_t len[4];
 139 +       u8 zero[CMAC_TLEN_256];
 140         const __le16 *fc;
 141
 142 -       desc->tfm = tfm;
 143 -
 144 -       crypto_shash_init(desc);
 145 -       crypto_shash_update(desc, aad, AAD_LEN);
 146 +       memset(zero, 0, CMAC_TLEN_256);
 147 +       addr[0] = aad;
 148 +       len[0] = AAD_LEN;
 149 +       addr[1] = data;
 150         fc = (const __le16 *)aad;
 151         if (ieee80211_is_beacon(*fc)) {
 152                 /* mask Timestamp field to zero */
 153 -               crypto_shash_update(desc, zero, 8);
 154 -               crypto_shash_update(desc, data + 8,
 155 -                                   data_len - 8 - CMAC_TLEN_256);
 156 +               addr[1] = zero;
 157 +               len[1] = 8;
 158 +               addr[2] = data + 8;
 159 +               len[2] = data_len - 8 - CMAC_TLEN_256;
 160 +               addr[3] = zero;
 161 +               len[3] = CMAC_TLEN_256;
 162 +               aes_cmac_vector(tfm, 4, addr, len, mic, CMAC_TLEN_256);
 163         } else {
 164 -               crypto_shash_update(desc, data, data_len - CMAC_TLEN_256);
 165 +               addr[1] = data;
 166 +               len[1] = data_len - CMAC_TLEN_256;
 167 +               addr[2] = zero;
 168 +               len[2] = CMAC_TLEN_256;
 169 +               aes_cmac_vector(tfm, 3, addr, len, mic, CMAC_TLEN_256);
 170         }
 171 -       crypto_shash_finup(desc, zero, CMAC_TLEN_256, mic);
 172  }
 173
 174 -struct crypto_shash *ieee80211_aes_cmac_key_setup(const u8 key[],
 175 -                                                 size_t key_len)
 176 +struct crypto_cipher *ieee80211_aes_cmac_key_setup(const u8 key[],
 177 +                                                  size_t key_len)
 178  {
 179 -       struct crypto_shash *tfm;
 180 +       struct crypto_cipher *tfm;
 181
 182 -       tfm = crypto_alloc_shash("cmac(aes)", 0, 0);
 183 +       tfm = crypto_alloc_cipher("aes", 0, CRYPTO_ALG_ASYNC);
 184         if (!IS_ERR(tfm))
 185 -               crypto_shash_setkey(tfm, key, key_len);
 186 +               crypto_cipher_setkey(tfm, key, key_len);
 187
 188         return tfm;
 189  }
 190
 191 -void ieee80211_aes_cmac_key_free(struct crypto_shash *tfm)
 192 +
 193 +void ieee80211_aes_cmac_key_free(struct crypto_cipher *tfm)
 194  {
 195 -       crypto_free_shash(tfm);
 196 +       crypto_free_cipher(tfm);
 197  }
 198 --- a/net/mac80211/aes_cmac.h
 199 +++ b/net/mac80211/aes_cmac.h
 200 @@ -7,14 +7,13 @@
 201  #define AES_CMAC_H
 202
 203  #include <linux/crypto.h>
 204 -#include <crypto/hash.h>
 205
 206 -struct crypto_shash *ieee80211_aes_cmac_key_setup(const u8 key[],
 207 -                                                 size_t key_len);
 208 -void ieee80211_aes_cmac(struct crypto_shash *tfm, const u8 *aad,
 209 +struct crypto_cipher *ieee80211_aes_cmac_key_setup(const u8 key[],
 210 +                                                  size_t key_len);
 211 +void ieee80211_aes_cmac(struct crypto_cipher *tfm, const u8 *aad,
 212                         const u8 *data, size_t data_len, u8 *mic);
 213 -void ieee80211_aes_cmac_256(struct crypto_shash *tfm, const u8 *aad,
 214 +void ieee80211_aes_cmac_256(struct crypto_cipher *tfm, const u8 *aad,
 215                             const u8 *data, size_t data_len, u8 *mic);
 216 -void ieee80211_aes_cmac_key_free(struct crypto_shash *tfm);
 217 +void ieee80211_aes_cmac_key_free(struct crypto_cipher *tfm);
 218
 219  #endif /* AES_CMAC_H */
 220 --- a/net/mac80211/key.h
 221 +++ b/net/mac80211/key.h
 222 @@ -94,7 +94,7 @@ struct ieee80211_key {
 223                 } ccmp;
 224                 struct {
 225                         u8 rx_pn[IEEE80211_CMAC_PN_LEN];
 226 -                       struct crypto_shash *tfm;
 227 +                       struct crypto_cipher *tfm;
 228                         u32 replays; /* dot11RSNAStatsCMACReplays */
 229                         u32 icverrors; /* dot11RSNAStatsCMACICVErrors */
 230                 } aes_cmac;