---- a/net/mac80211/wpa.c
-+++ b/net/mac80211/wpa.c
-@@ -301,15 +301,22 @@ ieee80211_crypto_tkip_decrypt(struct iee
- }
-
-
--static void ccmp_special_blocks(struct sk_buff *skb, u8 *pn, u8 *b_0, u8 *aad)
-+static void ccmp_special_blocks(struct sk_buff *skb, u8 *pn, u8 *scratch,
-+ int encrypted)
- {
- __le16 mask_fc;
- int a4_included, mgmt;
- u8 qos_tid;
-- u16 len_a;
-+ u8 *b_0, *aad;
-+ u16 data_len, len_a;
- unsigned int hdrlen;
- struct ieee80211_hdr *hdr = (struct ieee80211_hdr *)skb->data;
-
-+ memset(scratch, 0, 6 * AES_BLOCK_SIZE);
-+
-+ b_0 = scratch + 3 * AES_BLOCK_SIZE;
-+ aad = scratch + 4 * AES_BLOCK_SIZE;
-+
- /*
- * Mask FC: zero subtype b4 b5 b6 (if not mgmt)
- * Retry, PwrMgt, MoreData; set Protected
-@@ -331,21 +338,20 @@ static void ccmp_special_blocks(struct s
- else
- qos_tid = 0;
-
-- /* In CCM, the initial vectors (IV) used for CTR mode encryption and CBC
-- * mode authentication are not allowed to collide, yet both are derived
-- * from this vector b_0. We only set L := 1 here to indicate that the
-- * data size can be represented in (L+1) bytes. The CCM layer will take
-- * care of storing the data length in the top (L+1) bytes and setting
-- * and clearing the other bits as is required to derive the two IVs.
-- */
-- b_0[0] = 0x1;
-+ data_len = skb->len - hdrlen - IEEE80211_CCMP_HDR_LEN;
-+ if (encrypted)
-+ data_len -= IEEE80211_CCMP_MIC_LEN;
-
-+ /* First block, b_0 */
-+ b_0[0] = 0x59; /* flags: Adata: 1, M: 011, L: 001 */
- /* Nonce: Nonce Flags | A2 | PN
- * Nonce Flags: Priority (b0..b3) | Management (b4) | Reserved (b5..b7)
- */
- b_0[1] = qos_tid | (mgmt << 4);
- memcpy(&b_0[2], hdr->addr2, ETH_ALEN);
- memcpy(&b_0[8], pn, IEEE80211_CCMP_PN_LEN);
-+ /* l(m) */
-+ put_unaligned_be16(data_len, &b_0[14]);
-
- /* AAD (extra authenticate-only data) / masked 802.11 header
- * FC | A1 | A2 | A3 | SC | [A4] | [QC] */
-@@ -401,8 +407,7 @@ static int ccmp_encrypt_skb(struct ieee8
- u8 *pos;
- u8 pn[6];
- u64 pn64;
-- u8 aad[2 * AES_BLOCK_SIZE];
-- u8 b_0[AES_BLOCK_SIZE];
-+ u8 scratch[6 * AES_BLOCK_SIZE];
-
- if (info->control.hw_key &&
- !(info->control.hw_key->flags & IEEE80211_KEY_FLAG_GENERATE_IV) &&
-@@ -455,9 +460,9 @@ static int ccmp_encrypt_skb(struct ieee8
- return 0;
-
- pos += IEEE80211_CCMP_HDR_LEN;
-- ccmp_special_blocks(skb, pn, b_0, aad);
-- ieee80211_aes_ccm_encrypt(key->u.ccmp.tfm, b_0, aad, pos, len,
-- skb_put(skb, IEEE80211_CCMP_MIC_LEN));
-+ ccmp_special_blocks(skb, pn, scratch, 0);
-+ ieee80211_aes_ccm_encrypt(key->u.ccmp.tfm, scratch, pos, len,
-+ pos, skb_put(skb, IEEE80211_CCMP_MIC_LEN));
-
- return 0;
- }
-@@ -520,16 +525,16 @@ ieee80211_crypto_ccmp_decrypt(struct iee
- }
-
- if (!(status->flag & RX_FLAG_DECRYPTED)) {
-- u8 aad[2 * AES_BLOCK_SIZE];
-- u8 b_0[AES_BLOCK_SIZE];
-+ u8 scratch[6 * AES_BLOCK_SIZE];
- /* hardware didn't decrypt/verify MIC */
-- ccmp_special_blocks(skb, pn, b_0, aad);
-+ ccmp_special_blocks(skb, pn, scratch, 1);
-
- if (ieee80211_aes_ccm_decrypt(
-- key->u.ccmp.tfm, b_0, aad,
-+ key->u.ccmp.tfm, scratch,
- skb->data + hdrlen + IEEE80211_CCMP_HDR_LEN,
- data_len,
-- skb->data + skb->len - IEEE80211_CCMP_MIC_LEN))
-+ skb->data + skb->len - IEEE80211_CCMP_MIC_LEN,
-+ skb->data + hdrlen + IEEE80211_CCMP_HDR_LEN))
- return RX_DROP_UNUSABLE;
- }
-
--- a/net/mac80211/Kconfig
+++ b/net/mac80211/Kconfig
@@ -5,7 +5,6 @@ config MAC80211
depends on CRYPTO
depends on CRYPTO_ARC4
depends on CRYPTO_AES
-- depends on CRYPTO_CCM
+- select BACKPORT_CRYPTO_CCM
depends on CRC32
select BACKPORT_AVERAGE
---help---
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License version 2 as
* published by the Free Software Foundation.
-@@ -19,75 +17,134 @@
+@@ -19,76 +17,134 @@
#include "key.h"
#include "aes_ccm.h"
-void ieee80211_aes_ccm_encrypt(struct crypto_aead *tfm, u8 *b_0, u8 *aad,
- u8 *data, size_t data_len, u8 *mic)
+static void aes_ccm_prepare(struct crypto_cipher *tfm, u8 *scratch, u8 *a)
- {
-- struct scatterlist assoc, pt, ct[2];
-- struct {
-- struct aead_request req;
-- u8 priv[crypto_aead_reqsize(tfm)];
-- } aead_req;
--
-- memset(&aead_req, 0, sizeof(aead_req));
--
-- sg_init_one(&pt, data, data_len);
-- sg_init_one(&assoc, &aad[2], be16_to_cpup((__be16 *)aad));
-- sg_init_table(ct, 2);
-- sg_set_buf(&ct[0], data, data_len);
-- sg_set_buf(&ct[1], mic, IEEE80211_CCMP_MIC_LEN);
--
-- aead_request_set_tfm(&aead_req.req, tfm);
-- aead_request_set_assoc(&aead_req.req, &assoc, assoc.length);
-- aead_request_set_crypt(&aead_req.req, &pt, ct, data_len, b_0);
++{
+ int i;
+ u8 *b_0, *aad, *b, *s_0;
-
-- crypto_aead_encrypt(&aead_req.req);
++
+ b_0 = scratch + 3 * AES_BLOCK_SIZE;
+ aad = scratch + 4 * AES_BLOCK_SIZE;
+ b = scratch;
+ b_0[14] = 0;
+ b_0[15] = 0;
+ crypto_cipher_encrypt_one(tfm, s_0, b_0);
- }
-
--int ieee80211_aes_ccm_decrypt(struct crypto_aead *tfm, u8 *b_0, u8 *aad,
-- u8 *data, size_t data_len, u8 *mic)
++}
++
+
+void ieee80211_aes_ccm_encrypt(struct crypto_cipher *tfm, u8 *scratch,
+ u8 *data, size_t data_len,
+ u8 *cdata, u8 *mic)
{
- struct scatterlist assoc, pt, ct[2];
-- struct {
-- struct aead_request req;
-- u8 priv[crypto_aead_reqsize(tfm)];
-- } aead_req;
++ int i, j, last_len, num_blocks;
++ u8 *pos, *cpos, *b, *s_0, *e, *b_0;
+
+- char aead_req_data[sizeof(struct aead_request) +
+- crypto_aead_reqsize(tfm)]
+- __aligned(__alignof__(struct aead_request));
+- struct aead_request *aead_req = (void *) aead_req_data;
-
-- memset(&aead_req, 0, sizeof(aead_req));
+- memset(aead_req, 0, sizeof(aead_req_data));
-
- sg_init_one(&pt, data, data_len);
- sg_init_one(&assoc, &aad[2], be16_to_cpup((__be16 *)aad));
- sg_set_buf(&ct[0], data, data_len);
- sg_set_buf(&ct[1], mic, IEEE80211_CCMP_MIC_LEN);
-
-- aead_request_set_tfm(&aead_req.req, tfm);
-- aead_request_set_assoc(&aead_req.req, &assoc, assoc.length);
-- aead_request_set_crypt(&aead_req.req, ct, &pt,
-- data_len + IEEE80211_CCMP_MIC_LEN, b_0);
-+ int i, j, last_len, num_blocks;
-+ u8 *pos, *cpos, *b, *s_0, *e, *b_0;
-+
+- aead_request_set_tfm(aead_req, tfm);
+- aead_request_set_assoc(aead_req, &assoc, assoc.length);
+- aead_request_set_crypt(aead_req, &pt, ct, data_len, b_0);
+ b = scratch;
+ s_0 = scratch + AES_BLOCK_SIZE;
+ e = scratch + 2 * AES_BLOCK_SIZE;
+ *cpos++ = *pos++ ^ e[i];
+ }
-- return crypto_aead_decrypt(&aead_req.req);
+- crypto_aead_encrypt(aead_req);
+ for (i = 0; i < IEEE80211_CCMP_MIC_LEN; i++)
+ mic[i] = b[i] ^ s_0[i];
}
--struct crypto_aead *ieee80211_aes_key_setup_encrypt(const u8 key[])
+-int ieee80211_aes_ccm_decrypt(struct crypto_aead *tfm, u8 *b_0, u8 *aad,
+- u8 *data, size_t data_len, u8 *mic)
+
+int ieee80211_aes_ccm_decrypt(struct crypto_cipher *tfm, u8 *scratch,
+ u8 *cdata, size_t data_len, u8 *mic, u8 *data)
{
-- struct crypto_aead *tfm;
-- int err;
+- struct scatterlist assoc, pt, ct[2];
+- char aead_req_data[sizeof(struct aead_request) +
+- crypto_aead_reqsize(tfm)]
+- __aligned(__alignof__(struct aead_request));
+- struct aead_request *aead_req = (void *) aead_req_data;
+-
+- memset(aead_req, 0, sizeof(aead_req_data));
+-
+- sg_init_one(&pt, data, data_len);
+- sg_init_one(&assoc, &aad[2], be16_to_cpup((__be16 *)aad));
+- sg_init_table(ct, 2);
+- sg_set_buf(&ct[0], data, data_len);
+- sg_set_buf(&ct[1], mic, IEEE80211_CCMP_MIC_LEN);
+-
+- aead_request_set_tfm(aead_req, tfm);
+- aead_request_set_assoc(aead_req, &assoc, assoc.length);
+- aead_request_set_crypt(aead_req, ct, &pt,
+- data_len + IEEE80211_CCMP_MIC_LEN, b_0);
+ int i, j, last_len, num_blocks;
+ u8 *pos, *cpos, *b, *s_0, *a, *b_0;
-
-- tfm = crypto_alloc_aead("ccm(aes)", 0, CRYPTO_ALG_ASYNC);
-- if (IS_ERR(tfm))
-- return tfm;
--
-- err = crypto_aead_setkey(tfm, key, WLAN_KEY_LEN_CCMP);
-- if (!err)
-- err = crypto_aead_setauthsize(tfm, IEEE80211_CCMP_MIC_LEN);
-- if (!err)
-- return tfm;
++
+ b = scratch;
+ s_0 = scratch + AES_BLOCK_SIZE;
+ a = scratch + 2 * AES_BLOCK_SIZE;
+ return -1;
+ }
-- crypto_free_aead(tfm);
-- return ERR_PTR(err);
+- return crypto_aead_decrypt(aead_req);
+ return 0;
}
--void ieee80211_aes_key_free(struct crypto_aead *tfm)
+-struct crypto_aead *ieee80211_aes_key_setup_encrypt(const u8 key[])
+
+struct crypto_cipher *ieee80211_aes_key_setup_encrypt(const u8 key[])
-+{
+ {
+- struct crypto_aead *tfm;
+- int err;
+ struct crypto_cipher *tfm;
-+
+
+- tfm = crypto_alloc_aead("ccm(aes)", 0, CRYPTO_ALG_ASYNC);
+- if (IS_ERR(tfm))
+- return tfm;
+-
+- err = crypto_aead_setkey(tfm, key, WLAN_KEY_LEN_CCMP);
+- if (!err)
+- err = crypto_aead_setauthsize(tfm, IEEE80211_CCMP_MIC_LEN);
+- if (!err)
+- return tfm;
+ tfm = crypto_alloc_cipher("aes", 0, CRYPTO_ALG_ASYNC);
+ if (!IS_ERR(tfm))
+ crypto_cipher_setkey(tfm, key, WLAN_KEY_LEN_CCMP);
-+
+
+- crypto_free_aead(tfm);
+- return ERR_PTR(err);
+ return tfm;
-+}
-+
+ }
+
+-void ieee80211_aes_key_free(struct crypto_aead *tfm)
+
+void ieee80211_aes_key_free(struct crypto_cipher *tfm)
{
u32 replays; /* dot11RSNAStatsCCMPReplays */
} ccmp;
struct {
+--- a/net/mac80211/wpa.c
++++ b/net/mac80211/wpa.c
+@@ -301,15 +301,22 @@ ieee80211_crypto_tkip_decrypt(struct iee
+ }
+
+
+-static void ccmp_special_blocks(struct sk_buff *skb, u8 *pn, u8 *b_0, u8 *aad)
++static void ccmp_special_blocks(struct sk_buff *skb, u8 *pn, u8 *scratch,
++ int encrypted)
+ {
+ __le16 mask_fc;
+ int a4_included, mgmt;
+ u8 qos_tid;
+- u16 len_a;
++ u8 *b_0, *aad;
++ u16 data_len, len_a;
+ unsigned int hdrlen;
+ struct ieee80211_hdr *hdr = (struct ieee80211_hdr *)skb->data;
+
++ memset(scratch, 0, 6 * AES_BLOCK_SIZE);
++
++ b_0 = scratch + 3 * AES_BLOCK_SIZE;
++ aad = scratch + 4 * AES_BLOCK_SIZE;
++
+ /*
+ * Mask FC: zero subtype b4 b5 b6 (if not mgmt)
+ * Retry, PwrMgt, MoreData; set Protected
+@@ -331,21 +338,20 @@ static void ccmp_special_blocks(struct s
+ else
+ qos_tid = 0;
+
+- /* In CCM, the initial vectors (IV) used for CTR mode encryption and CBC
+- * mode authentication are not allowed to collide, yet both are derived
+- * from this vector b_0. We only set L := 1 here to indicate that the
+- * data size can be represented in (L+1) bytes. The CCM layer will take
+- * care of storing the data length in the top (L+1) bytes and setting
+- * and clearing the other bits as is required to derive the two IVs.
+- */
+- b_0[0] = 0x1;
++ data_len = skb->len - hdrlen - IEEE80211_CCMP_HDR_LEN;
++ if (encrypted)
++ data_len -= IEEE80211_CCMP_MIC_LEN;
+
++ /* First block, b_0 */
++ b_0[0] = 0x59; /* flags: Adata: 1, M: 011, L: 001 */
+ /* Nonce: Nonce Flags | A2 | PN
+ * Nonce Flags: Priority (b0..b3) | Management (b4) | Reserved (b5..b7)
+ */
+ b_0[1] = qos_tid | (mgmt << 4);
+ memcpy(&b_0[2], hdr->addr2, ETH_ALEN);
+ memcpy(&b_0[8], pn, IEEE80211_CCMP_PN_LEN);
++ /* l(m) */
++ put_unaligned_be16(data_len, &b_0[14]);
+
+ /* AAD (extra authenticate-only data) / masked 802.11 header
+ * FC | A1 | A2 | A3 | SC | [A4] | [QC] */
+@@ -401,8 +407,7 @@ static int ccmp_encrypt_skb(struct ieee8
+ u8 *pos;
+ u8 pn[6];
+ u64 pn64;
+- u8 aad[2 * AES_BLOCK_SIZE];
+- u8 b_0[AES_BLOCK_SIZE];
++ u8 scratch[6 * AES_BLOCK_SIZE];
+
+ if (info->control.hw_key &&
+ !(info->control.hw_key->flags & IEEE80211_KEY_FLAG_GENERATE_IV) &&
+@@ -458,9 +463,9 @@ static int ccmp_encrypt_skb(struct ieee8
+ return 0;
+
+ pos += IEEE80211_CCMP_HDR_LEN;
+- ccmp_special_blocks(skb, pn, b_0, aad);
+- ieee80211_aes_ccm_encrypt(key->u.ccmp.tfm, b_0, aad, pos, len,
+- skb_put(skb, IEEE80211_CCMP_MIC_LEN));
++ ccmp_special_blocks(skb, pn, scratch, 0);
++ ieee80211_aes_ccm_encrypt(key->u.ccmp.tfm, scratch, pos, len,
++ pos, skb_put(skb, IEEE80211_CCMP_MIC_LEN));
+
+ return 0;
+ }
+@@ -523,16 +528,16 @@ ieee80211_crypto_ccmp_decrypt(struct iee
+ }
+
+ if (!(status->flag & RX_FLAG_DECRYPTED)) {
+- u8 aad[2 * AES_BLOCK_SIZE];
+- u8 b_0[AES_BLOCK_SIZE];
++ u8 scratch[6 * AES_BLOCK_SIZE];
+ /* hardware didn't decrypt/verify MIC */
+- ccmp_special_blocks(skb, pn, b_0, aad);
++ ccmp_special_blocks(skb, pn, scratch, 1);
+
+ if (ieee80211_aes_ccm_decrypt(
+- key->u.ccmp.tfm, b_0, aad,
++ key->u.ccmp.tfm, scratch,
+ skb->data + hdrlen + IEEE80211_CCMP_HDR_LEN,
+ data_len,
+- skb->data + skb->len - IEEE80211_CCMP_MIC_LEN))
++ skb->data + skb->len - IEEE80211_CCMP_MIC_LEN,
++ skb->data + hdrlen + IEEE80211_CCMP_HDR_LEN))
+ return RX_DROP_UNUSABLE;
+ }
+
projects / openwrt / openwrt.git / blobdiff