mirror of
https://github.com/coolsnowwolf/lede.git
synced 2025-04-17 21:03:30 +00:00
mac80211: sync upstream (#7077)
* mac80211: remove patches stripping down crypto support Use of WPA3 and things like FILS is getting much more common, and platforms that can't affort the extra kilobytes for this code are fading away. Let's not hold back modern authentication methods any longer Signed-off-by: Felix Fietkau <nbd@nbd.name> * kernel: make cryptoapi support needed by mac80211 built-in This reduces the flash space impact, since built-in code is much smaller than a bunch of kernel modules on squashfs Signed-off-by: Felix Fietkau <nbd@nbd.name> * mac80211: remove extra patch accidentally added during rebase Signed-off-by: Felix Fietkau <nbd@nbd.name> Co-authored-by: Felix Fietkau <nbd@nbd.name>
This commit is contained in:
Beginner
GitHub
parent
5a80754f03
commit
9a2df98c56
@ -127,7 +127,7 @@ define KernelPackage/mac80211
|
||||
$(call KernelPackage/mac80211/Default)
|
||||
TITLE:=Linux 802.11 Wireless Networking Stack
|
||||
# +kmod-crypto-cmac is a runtime only dependency of net/mac80211/aes_cmac.c
|
||||
DEPENDS+= +kmod-cfg80211 +hostapd-common
|
||||
DEPENDS+= +kmod-cfg80211 +kmod-crypto-cmac +kmod-crypto-ccm +kmod-crypto-gcm +hostapd-common
|
||||
KCONFIG:=\
|
||||
CONFIG_AVERAGE=y
|
||||
FILES:= $(PKG_BUILD_DIR)/net/mac80211/mac80211.ko
|
||||
|
||||
@ -82,7 +82,7 @@
|
||||
help
|
||||
--- a/local-symbols
|
||||
+++ b/local-symbols
|
||||
@@ -85,6 +85,7 @@ ADM8211=
|
||||
@@ -86,6 +86,7 @@ ADM8211=
|
||||
ATH_COMMON=
|
||||
WLAN_VENDOR_ATH=
|
||||
ATH_DEBUG=
|
||||
|
||||
@ -37,7 +37,7 @@
|
||||
void ath10k_thermal_event_temperature(struct ath10k *ar, int temperature);
|
||||
--- a/local-symbols
|
||||
+++ b/local-symbols
|
||||
@@ -144,6 +144,7 @@ ATH10K_SNOC=
|
||||
@@ -145,6 +145,7 @@ ATH10K_SNOC=
|
||||
ATH10K_DEBUG=
|
||||
ATH10K_DEBUGFS=
|
||||
ATH10K_SPECTRAL=
|
||||
|
||||
@ -114,7 +114,7 @@ v13:
|
||||
ath10k_core-$(CONFIG_DEV_COREDUMP) += coredump.o
|
||||
--- a/local-symbols
|
||||
+++ b/local-symbols
|
||||
@@ -145,6 +145,7 @@ ATH10K_DEBUG=
|
||||
@@ -146,6 +146,7 @@ ATH10K_DEBUG=
|
||||
ATH10K_DEBUGFS=
|
||||
ATH10K_SPECTRAL=
|
||||
ATH10K_THERMAL=
|
||||
|
||||
@ -371,7 +371,7 @@
|
||||
|
||||
--- a/local-symbols
|
||||
+++ b/local-symbols
|
||||
@@ -112,6 +112,7 @@ ATH9K_WOW=
|
||||
@@ -113,6 +113,7 @@ ATH9K_WOW=
|
||||
ATH9K_RFKILL=
|
||||
ATH9K_CHANNEL_CONTEXT=
|
||||
ATH9K_PCOEM=
|
||||
|
||||
@ -1,6 +1,6 @@
|
||||
--- a/local-symbols
|
||||
+++ b/local-symbols
|
||||
@@ -332,6 +332,7 @@ RT2X00_LIB_FIRMWARE=
|
||||
@@ -333,6 +333,7 @@ RT2X00_LIB_FIRMWARE=
|
||||
RT2X00_LIB_CRYPTO=
|
||||
RT2X00_LIB_LEDS=
|
||||
RT2X00_LIB_DEBUGFS=
|
||||
|
||||
@ -1,699 +0,0 @@
|
||||
--- a/net/mac80211/Makefile
|
||||
+++ b/net/mac80211/Makefile
|
||||
@@ -7,7 +7,6 @@ mac80211-y := \
|
||||
driver-ops.o \
|
||||
sta_info.o \
|
||||
wep.o \
|
||||
- aead_api.o \
|
||||
wpa.o \
|
||||
scan.o offchannel.o \
|
||||
ht.o agg-tx.o agg-rx.o \
|
||||
@@ -19,8 +18,8 @@ mac80211-y := \
|
||||
rate.o \
|
||||
michael.o \
|
||||
tkip.o \
|
||||
+ aes_ccm.o \
|
||||
aes_cmac.o \
|
||||
- aes_gmac.o \
|
||||
fils_aead.o \
|
||||
cfg.o \
|
||||
ethtool.o \
|
||||
--- a/net/mac80211/aead_api.c
|
||||
+++ /dev/null
|
||||
@@ -1,113 +0,0 @@
|
||||
-// SPDX-License-Identifier: GPL-2.0-only
|
||||
-/*
|
||||
- * Copyright 2003-2004, Instant802 Networks, Inc.
|
||||
- * Copyright 2005-2006, Devicescape Software, Inc.
|
||||
- * Copyright 2014-2015, Qualcomm Atheros, Inc.
|
||||
- *
|
||||
- * Rewrite: Copyright (C) 2013 Linaro Ltd <ard.biesheuvel@linaro.org>
|
||||
- */
|
||||
-
|
||||
-#include <linux/kernel.h>
|
||||
-#include <linux/types.h>
|
||||
-#include <linux/err.h>
|
||||
-#include <linux/scatterlist.h>
|
||||
-#include <crypto/aead.h>
|
||||
-
|
||||
-#include "aead_api.h"
|
||||
-
|
||||
-int aead_encrypt(struct crypto_aead *tfm, u8 *b_0, u8 *aad, size_t aad_len,
|
||||
- u8 *data, size_t data_len, u8 *mic)
|
||||
-{
|
||||
- size_t mic_len = crypto_aead_authsize(tfm);
|
||||
- struct scatterlist sg[3];
|
||||
- struct aead_request *aead_req;
|
||||
- int reqsize = sizeof(*aead_req) + crypto_aead_reqsize(tfm);
|
||||
- u8 *__aad;
|
||||
- int ret;
|
||||
-
|
||||
- aead_req = kzalloc(reqsize + aad_len, GFP_ATOMIC);
|
||||
- if (!aead_req)
|
||||
- return -ENOMEM;
|
||||
-
|
||||
- __aad = (u8 *)aead_req + reqsize;
|
||||
- memcpy(__aad, aad, aad_len);
|
||||
-
|
||||
- sg_init_table(sg, 3);
|
||||
- sg_set_buf(&sg[0], __aad, aad_len);
|
||||
- sg_set_buf(&sg[1], data, data_len);
|
||||
- sg_set_buf(&sg[2], mic, mic_len);
|
||||
-
|
||||
- aead_request_set_tfm(aead_req, tfm);
|
||||
- aead_request_set_crypt(aead_req, sg, sg, data_len, b_0);
|
||||
- aead_request_set_ad(aead_req, sg[0].length);
|
||||
-
|
||||
- ret = crypto_aead_encrypt(aead_req);
|
||||
- kfree_sensitive(aead_req);
|
||||
-
|
||||
- return ret;
|
||||
-}
|
||||
-
|
||||
-int aead_decrypt(struct crypto_aead *tfm, u8 *b_0, u8 *aad, size_t aad_len,
|
||||
- u8 *data, size_t data_len, u8 *mic)
|
||||
-{
|
||||
- size_t mic_len = crypto_aead_authsize(tfm);
|
||||
- struct scatterlist sg[3];
|
||||
- struct aead_request *aead_req;
|
||||
- int reqsize = sizeof(*aead_req) + crypto_aead_reqsize(tfm);
|
||||
- u8 *__aad;
|
||||
- int err;
|
||||
-
|
||||
- if (data_len == 0)
|
||||
- return -EINVAL;
|
||||
-
|
||||
- aead_req = kzalloc(reqsize + aad_len, GFP_ATOMIC);
|
||||
- if (!aead_req)
|
||||
- return -ENOMEM;
|
||||
-
|
||||
- __aad = (u8 *)aead_req + reqsize;
|
||||
- memcpy(__aad, aad, aad_len);
|
||||
-
|
||||
- sg_init_table(sg, 3);
|
||||
- sg_set_buf(&sg[0], __aad, aad_len);
|
||||
- sg_set_buf(&sg[1], data, data_len);
|
||||
- sg_set_buf(&sg[2], mic, mic_len);
|
||||
-
|
||||
- aead_request_set_tfm(aead_req, tfm);
|
||||
- aead_request_set_crypt(aead_req, sg, sg, data_len + mic_len, b_0);
|
||||
- aead_request_set_ad(aead_req, sg[0].length);
|
||||
-
|
||||
- err = crypto_aead_decrypt(aead_req);
|
||||
- kfree_sensitive(aead_req);
|
||||
-
|
||||
- return err;
|
||||
-}
|
||||
-
|
||||
-struct crypto_aead *
|
||||
-aead_key_setup_encrypt(const char *alg, const u8 key[],
|
||||
- size_t key_len, size_t mic_len)
|
||||
-{
|
||||
- struct crypto_aead *tfm;
|
||||
- int err;
|
||||
-
|
||||
- tfm = crypto_alloc_aead(alg, 0, CRYPTO_ALG_ASYNC);
|
||||
- if (IS_ERR(tfm))
|
||||
- return tfm;
|
||||
-
|
||||
- err = crypto_aead_setkey(tfm, key, key_len);
|
||||
- if (err)
|
||||
- goto free_aead;
|
||||
- err = crypto_aead_setauthsize(tfm, mic_len);
|
||||
- if (err)
|
||||
- goto free_aead;
|
||||
-
|
||||
- return tfm;
|
||||
-
|
||||
-free_aead:
|
||||
- crypto_free_aead(tfm);
|
||||
- return ERR_PTR(err);
|
||||
-}
|
||||
-
|
||||
-void aead_key_free(struct crypto_aead *tfm)
|
||||
-{
|
||||
- crypto_free_aead(tfm);
|
||||
-}
|
||||
--- a/net/mac80211/aead_api.h
|
||||
+++ /dev/null
|
||||
@@ -1,23 +0,0 @@
|
||||
-/* SPDX-License-Identifier: GPL-2.0-only */
|
||||
-
|
||||
-#ifndef _AEAD_API_H
|
||||
-#define _AEAD_API_H
|
||||
-
|
||||
-#include <crypto/aead.h>
|
||||
-#include <linux/crypto.h>
|
||||
-
|
||||
-struct crypto_aead *
|
||||
-aead_key_setup_encrypt(const char *alg, const u8 key[],
|
||||
- size_t key_len, size_t mic_len);
|
||||
-
|
||||
-int aead_encrypt(struct crypto_aead *tfm, u8 *b_0, u8 *aad,
|
||||
- size_t aad_len, u8 *data,
|
||||
- size_t data_len, u8 *mic);
|
||||
-
|
||||
-int aead_decrypt(struct crypto_aead *tfm, u8 *b_0, u8 *aad,
|
||||
- size_t aad_len, u8 *data,
|
||||
- size_t data_len, u8 *mic);
|
||||
-
|
||||
-void aead_key_free(struct crypto_aead *tfm);
|
||||
-
|
||||
-#endif /* _AEAD_API_H */
|
||||
--- a/net/mac80211/aes_ccm.h
|
||||
+++ b/net/mac80211/aes_ccm.h
|
||||
@@ -7,39 +7,17 @@
|
||||
#ifndef AES_CCM_H
|
||||
#define AES_CCM_H
|
||||
|
||||
-#include "aead_api.h"
|
||||
+#include <linux/crypto.h>
|
||||
|
||||
-#define CCM_AAD_LEN 32
|
||||
-
|
||||
-static inline struct crypto_aead *
|
||||
-ieee80211_aes_key_setup_encrypt(const u8 key[], size_t key_len, size_t mic_len)
|
||||
-{
|
||||
- return aead_key_setup_encrypt("ccm(aes)", key, key_len, mic_len);
|
||||
-}
|
||||
-
|
||||
-static inline int
|
||||
-ieee80211_aes_ccm_encrypt(struct crypto_aead *tfm,
|
||||
- u8 *b_0, u8 *aad, u8 *data,
|
||||
- size_t data_len, u8 *mic)
|
||||
-{
|
||||
- return aead_encrypt(tfm, b_0, aad + 2,
|
||||
- be16_to_cpup((__be16 *)aad),
|
||||
- data, data_len, mic);
|
||||
-}
|
||||
-
|
||||
-static inline int
|
||||
-ieee80211_aes_ccm_decrypt(struct crypto_aead *tfm,
|
||||
- u8 *b_0, u8 *aad, u8 *data,
|
||||
- size_t data_len, u8 *mic)
|
||||
-{
|
||||
- return aead_decrypt(tfm, b_0, aad + 2,
|
||||
- be16_to_cpup((__be16 *)aad),
|
||||
- data, data_len, mic);
|
||||
-}
|
||||
-
|
||||
-static inline void ieee80211_aes_key_free(struct crypto_aead *tfm)
|
||||
-{
|
||||
- return aead_key_free(tfm);
|
||||
-}
|
||||
+struct crypto_cipher *ieee80211_aes_key_setup_encrypt(const u8 key[],
|
||||
+ size_t key_len,
|
||||
+ size_t mic_len);
|
||||
+void ieee80211_aes_ccm_encrypt(struct crypto_cipher *tfm, u8 *b_0, u8 *aad,
|
||||
+ u8 *data, size_t data_len, u8 *mic,
|
||||
+ size_t mic_len);
|
||||
+int ieee80211_aes_ccm_decrypt(struct crypto_cipher *tfm, u8 *b_0, u8 *aad,
|
||||
+ u8 *data, size_t data_len, u8 *mic,
|
||||
+ size_t mic_len);
|
||||
+void ieee80211_aes_key_free(struct crypto_cipher *tfm);
|
||||
|
||||
#endif /* AES_CCM_H */
|
||||
--- /dev/null
|
||||
+++ b/net/mac80211/aes_gcm.c
|
||||
@@ -0,0 +1,109 @@
|
||||
+/*
|
||||
+ * Copyright 2014-2015, Qualcomm Atheros, Inc.
|
||||
+ *
|
||||
+ * This program is free software; you can redistribute it and/or modify
|
||||
+ * it under the terms of the GNU General Public License version 2 as
|
||||
+ * published by the Free Software Foundation.
|
||||
+ */
|
||||
+
|
||||
+#include <linux/kernel.h>
|
||||
+#include <linux/types.h>
|
||||
+#include <linux/err.h>
|
||||
+#include <crypto/aead.h>
|
||||
+
|
||||
+#include <net/mac80211.h>
|
||||
+#include "key.h"
|
||||
+#include "aes_gcm.h"
|
||||
+
|
||||
+int ieee80211_aes_gcm_encrypt(struct crypto_aead *tfm, u8 *j_0, u8 *aad,
|
||||
+ u8 *data, size_t data_len, u8 *mic)
|
||||
+{
|
||||
+ struct scatterlist sg[3];
|
||||
+ struct aead_request *aead_req;
|
||||
+ int reqsize = sizeof(*aead_req) + crypto_aead_reqsize(tfm);
|
||||
+ u8 *__aad;
|
||||
+
|
||||
+ aead_req = kzalloc(reqsize + GCM_AAD_LEN, GFP_ATOMIC);
|
||||
+ if (!aead_req)
|
||||
+ return -ENOMEM;
|
||||
+
|
||||
+ __aad = (u8 *)aead_req + reqsize;
|
||||
+ memcpy(__aad, aad, GCM_AAD_LEN);
|
||||
+
|
||||
+ sg_init_table(sg, 3);
|
||||
+ sg_set_buf(&sg[0], &__aad[2], be16_to_cpup((__be16 *)__aad));
|
||||
+ sg_set_buf(&sg[1], data, data_len);
|
||||
+ sg_set_buf(&sg[2], mic, IEEE80211_GCMP_MIC_LEN);
|
||||
+
|
||||
+ aead_request_set_tfm(aead_req, tfm);
|
||||
+ aead_request_set_crypt(aead_req, sg, sg, data_len, j_0);
|
||||
+ aead_request_set_ad(aead_req, sg[0].length);
|
||||
+
|
||||
+ crypto_aead_encrypt(aead_req);
|
||||
+ kzfree(aead_req);
|
||||
+ return 0;
|
||||
+}
|
||||
+
|
||||
+int ieee80211_aes_gcm_decrypt(struct crypto_aead *tfm, u8 *j_0, u8 *aad,
|
||||
+ u8 *data, size_t data_len, u8 *mic)
|
||||
+{
|
||||
+ struct scatterlist sg[3];
|
||||
+ struct aead_request *aead_req;
|
||||
+ int reqsize = sizeof(*aead_req) + crypto_aead_reqsize(tfm);
|
||||
+ u8 *__aad;
|
||||
+ int err;
|
||||
+
|
||||
+ if (data_len == 0)
|
||||
+ return -EINVAL;
|
||||
+
|
||||
+ aead_req = kzalloc(reqsize + GCM_AAD_LEN, GFP_ATOMIC);
|
||||
+ if (!aead_req)
|
||||
+ return -ENOMEM;
|
||||
+
|
||||
+ __aad = (u8 *)aead_req + reqsize;
|
||||
+ memcpy(__aad, aad, GCM_AAD_LEN);
|
||||
+
|
||||
+ sg_init_table(sg, 3);
|
||||
+ sg_set_buf(&sg[0], &__aad[2], be16_to_cpup((__be16 *)__aad));
|
||||
+ sg_set_buf(&sg[1], data, data_len);
|
||||
+ sg_set_buf(&sg[2], mic, IEEE80211_GCMP_MIC_LEN);
|
||||
+
|
||||
+ aead_request_set_tfm(aead_req, tfm);
|
||||
+ aead_request_set_crypt(aead_req, sg, sg,
|
||||
+ data_len + IEEE80211_GCMP_MIC_LEN, j_0);
|
||||
+ aead_request_set_ad(aead_req, sg[0].length);
|
||||
+
|
||||
+ err = crypto_aead_decrypt(aead_req);
|
||||
+ kzfree(aead_req);
|
||||
+
|
||||
+ return err;
|
||||
+}
|
||||
+
|
||||
+struct crypto_aead *ieee80211_aes_gcm_key_setup_encrypt(const u8 key[],
|
||||
+ size_t key_len)
|
||||
+{
|
||||
+ struct crypto_aead *tfm;
|
||||
+ int err;
|
||||
+
|
||||
+ tfm = crypto_alloc_aead("gcm(aes)", 0, CRYPTO_ALG_ASYNC);
|
||||
+ if (IS_ERR(tfm))
|
||||
+ return tfm;
|
||||
+
|
||||
+ err = crypto_aead_setkey(tfm, key, key_len);
|
||||
+ if (err)
|
||||
+ goto free_aead;
|
||||
+ err = crypto_aead_setauthsize(tfm, IEEE80211_GCMP_MIC_LEN);
|
||||
+ if (err)
|
||||
+ goto free_aead;
|
||||
+
|
||||
+ return tfm;
|
||||
+
|
||||
+free_aead:
|
||||
+ crypto_free_aead(tfm);
|
||||
+ return ERR_PTR(err);
|
||||
+}
|
||||
+
|
||||
+void ieee80211_aes_gcm_key_free(struct crypto_aead *tfm)
|
||||
+{
|
||||
+ crypto_free_aead(tfm);
|
||||
+}
|
||||
--- a/net/mac80211/aes_gcm.h
|
||||
+++ b/net/mac80211/aes_gcm.h
|
||||
@@ -6,38 +6,30 @@
|
||||
#ifndef AES_GCM_H
|
||||
#define AES_GCM_H
|
||||
|
||||
-#include "aead_api.h"
|
||||
+#include <linux/crypto.h>
|
||||
|
||||
-#define GCM_AAD_LEN 32
|
||||
-
|
||||
-static inline int ieee80211_aes_gcm_encrypt(struct crypto_aead *tfm,
|
||||
- u8 *j_0, u8 *aad, u8 *data,
|
||||
- size_t data_len, u8 *mic)
|
||||
+static inline void
|
||||
+ieee80211_aes_gcm_encrypt(struct crypto_aead *tfm, u8 *j_0, u8 *aad,
|
||||
+ u8 *data, size_t data_len, u8 *mic)
|
||||
{
|
||||
- return aead_encrypt(tfm, j_0, aad + 2,
|
||||
- be16_to_cpup((__be16 *)aad),
|
||||
- data, data_len, mic);
|
||||
}
|
||||
|
||||
-static inline int ieee80211_aes_gcm_decrypt(struct crypto_aead *tfm,
|
||||
- u8 *j_0, u8 *aad, u8 *data,
|
||||
- size_t data_len, u8 *mic)
|
||||
+static inline int
|
||||
+ieee80211_aes_gcm_decrypt(struct crypto_aead *tfm, u8 *j_0, u8 *aad,
|
||||
+ u8 *data, size_t data_len, u8 *mic)
|
||||
{
|
||||
- return aead_decrypt(tfm, j_0, aad + 2,
|
||||
- be16_to_cpup((__be16 *)aad),
|
||||
- data, data_len, mic);
|
||||
+ return -EOPNOTSUPP;
|
||||
}
|
||||
|
||||
static inline struct crypto_aead *
|
||||
ieee80211_aes_gcm_key_setup_encrypt(const u8 key[], size_t key_len)
|
||||
{
|
||||
- return aead_key_setup_encrypt("gcm(aes)", key,
|
||||
- key_len, IEEE80211_GCMP_MIC_LEN);
|
||||
+ return NULL;
|
||||
}
|
||||
|
||||
-static inline void ieee80211_aes_gcm_key_free(struct crypto_aead *tfm)
|
||||
+static inline void
|
||||
+ieee80211_aes_gcm_key_free(struct crypto_aead *tfm)
|
||||
{
|
||||
- return aead_key_free(tfm);
|
||||
}
|
||||
|
||||
#endif /* AES_GCM_H */
|
||||
--- a/net/mac80211/wpa.c
|
||||
+++ b/net/mac80211/wpa.c
|
||||
@@ -312,7 +312,8 @@ ieee80211_crypto_tkip_decrypt(struct iee
|
||||
}
|
||||
|
||||
|
||||
-static void ccmp_special_blocks(struct sk_buff *skb, u8 *pn, u8 *b_0, u8 *aad)
|
||||
+static void ccmp_special_blocks(struct sk_buff *skb, u8 *pn, u8 *b_0, u8 *aad,
|
||||
+ u16 data_len)
|
||||
{
|
||||
__le16 mask_fc;
|
||||
int a4_included, mgmt;
|
||||
@@ -342,14 +343,8 @@ static void ccmp_special_blocks(struct s
|
||||
else
|
||||
qos_tid = 0;
|
||||
|
||||
- /* In CCM, the initial vectors (IV) used for CTR mode encryption and CBC
|
||||
- * mode authentication are not allowed to collide, yet both are derived
|
||||
- * from this vector b_0. We only set L := 1 here to indicate that the
|
||||
- * data size can be represented in (L+1) bytes. The CCM layer will take
|
||||
- * care of storing the data length in the top (L+1) bytes and setting
|
||||
- * and clearing the other bits as is required to derive the two IVs.
|
||||
- */
|
||||
- b_0[0] = 0x1;
|
||||
+ /* First block, b_0 */
|
||||
+ b_0[0] = 0x59; /* flags: Adata: 1, M: 011, L: 001 */
|
||||
|
||||
/* Nonce: Nonce Flags | A2 | PN
|
||||
* Nonce Flags: Priority (b0..b3) | Management (b4) | Reserved (b5..b7)
|
||||
@@ -357,6 +352,8 @@ static void ccmp_special_blocks(struct s
|
||||
b_0[1] = qos_tid | (mgmt << 4);
|
||||
memcpy(&b_0[2], hdr->addr2, ETH_ALEN);
|
||||
memcpy(&b_0[8], pn, IEEE80211_CCMP_PN_LEN);
|
||||
+ /* l(m) */
|
||||
+ put_unaligned_be16(data_len, &b_0[14]);
|
||||
|
||||
/* AAD (extra authenticate-only data) / masked 802.11 header
|
||||
* FC | A1 | A2 | A3 | SC | [A4] | [QC] */
|
||||
@@ -413,7 +410,7 @@ static int ccmp_encrypt_skb(struct ieee8
|
||||
u8 *pos;
|
||||
u8 pn[6];
|
||||
u64 pn64;
|
||||
- u8 aad[CCM_AAD_LEN];
|
||||
+ u8 aad[2 * AES_BLOCK_SIZE];
|
||||
u8 b_0[AES_BLOCK_SIZE];
|
||||
|
||||
if (info->control.hw_key &&
|
||||
@@ -468,9 +465,11 @@ static int ccmp_encrypt_skb(struct ieee8
|
||||
return 0;
|
||||
|
||||
pos += IEEE80211_CCMP_HDR_LEN;
|
||||
- ccmp_special_blocks(skb, pn, b_0, aad);
|
||||
- return ieee80211_aes_ccm_encrypt(key->u.ccmp.tfm, b_0, aad, pos, len,
|
||||
- skb_put(skb, mic_len));
|
||||
+ ccmp_special_blocks(skb, pn, b_0, aad, len);
|
||||
+ ieee80211_aes_ccm_encrypt(key->u.ccmp.tfm, b_0, aad, pos, len,
|
||||
+ skb_put(skb, mic_len), mic_len);
|
||||
+
|
||||
+ return 0;
|
||||
}
|
||||
|
||||
|
||||
@@ -543,13 +542,13 @@ ieee80211_crypto_ccmp_decrypt(struct iee
|
||||
u8 aad[2 * AES_BLOCK_SIZE];
|
||||
u8 b_0[AES_BLOCK_SIZE];
|
||||
/* hardware didn't decrypt/verify MIC */
|
||||
- ccmp_special_blocks(skb, pn, b_0, aad);
|
||||
+ ccmp_special_blocks(skb, pn, b_0, aad, data_len);
|
||||
|
||||
if (ieee80211_aes_ccm_decrypt(
|
||||
key->u.ccmp.tfm, b_0, aad,
|
||||
skb->data + hdrlen + IEEE80211_CCMP_HDR_LEN,
|
||||
data_len,
|
||||
- skb->data + skb->len - mic_len))
|
||||
+ skb->data + skb->len - mic_len, mic_len))
|
||||
return RX_DROP_UNUSABLE;
|
||||
}
|
||||
|
||||
@@ -646,7 +645,7 @@ static int gcmp_encrypt_skb(struct ieee8
|
||||
u8 *pos;
|
||||
u8 pn[6];
|
||||
u64 pn64;
|
||||
- u8 aad[GCM_AAD_LEN];
|
||||
+ u8 aad[2 * AES_BLOCK_SIZE];
|
||||
u8 j_0[AES_BLOCK_SIZE];
|
||||
|
||||
if (info->control.hw_key &&
|
||||
@@ -703,8 +702,10 @@ static int gcmp_encrypt_skb(struct ieee8
|
||||
|
||||
pos += IEEE80211_GCMP_HDR_LEN;
|
||||
gcmp_special_blocks(skb, pn, j_0, aad);
|
||||
- return ieee80211_aes_gcm_encrypt(key->u.gcmp.tfm, j_0, aad, pos, len,
|
||||
- skb_put(skb, IEEE80211_GCMP_MIC_LEN));
|
||||
+ ieee80211_aes_gcm_encrypt(key->u.gcmp.tfm, j_0, aad, pos, len,
|
||||
+ skb_put(skb, IEEE80211_GCMP_MIC_LEN));
|
||||
+
|
||||
+ return 0;
|
||||
}
|
||||
|
||||
ieee80211_tx_result
|
||||
@@ -1133,9 +1134,9 @@ ieee80211_crypto_aes_gmac_encrypt(struct
|
||||
struct ieee80211_key *key = tx->key;
|
||||
struct ieee80211_mmie_16 *mmie;
|
||||
struct ieee80211_hdr *hdr;
|
||||
- u8 aad[GMAC_AAD_LEN];
|
||||
+ u8 aad[20];
|
||||
u64 pn64;
|
||||
- u8 nonce[GMAC_NONCE_LEN];
|
||||
+ u8 nonce[12];
|
||||
|
||||
if (WARN_ON(skb_queue_len(&tx->skbs) != 1))
|
||||
return TX_DROP;
|
||||
@@ -1181,7 +1182,7 @@ ieee80211_crypto_aes_gmac_decrypt(struct
|
||||
struct ieee80211_rx_status *status = IEEE80211_SKB_RXCB(skb);
|
||||
struct ieee80211_key *key = rx->key;
|
||||
struct ieee80211_mmie_16 *mmie;
|
||||
- u8 aad[GMAC_AAD_LEN], *mic, ipn[6], nonce[GMAC_NONCE_LEN];
|
||||
+ u8 aad[20], *mic, ipn[6], nonce[12];
|
||||
struct ieee80211_hdr *hdr = (struct ieee80211_hdr *)skb->data;
|
||||
|
||||
if (!ieee80211_is_mgmt(hdr->frame_control))
|
||||
--- /dev/null
|
||||
+++ b/net/mac80211/aes_ccm.c
|
||||
@@ -0,0 +1,144 @@
|
||||
+/*
|
||||
+ * Copyright 2003-2004, Instant802 Networks, Inc.
|
||||
+ * Copyright 2005-2006, Devicescape Software, Inc.
|
||||
+ *
|
||||
+ * Rewrite: Copyright (C) 2013 Linaro Ltd <ard.biesheuvel@linaro.org>
|
||||
+ *
|
||||
+ * This program is free software; you can redistribute it and/or modify
|
||||
+ * it under the terms of the GNU General Public License version 2 as
|
||||
+ * published by the Free Software Foundation.
|
||||
+ */
|
||||
+
|
||||
+#include <linux/kernel.h>
|
||||
+#include <linux/types.h>
|
||||
+#include <linux/err.h>
|
||||
+#include <crypto/aead.h>
|
||||
+#include <crypto/aes.h>
|
||||
+
|
||||
+#include <net/mac80211.h>
|
||||
+#include "key.h"
|
||||
+#include "aes_ccm.h"
|
||||
+
|
||||
+static void aes_ccm_prepare(struct crypto_cipher *tfm, u8 *b_0, u8 *aad, u8 *s_0,
|
||||
+ u8 *a, u8 *b)
|
||||
+{
|
||||
+ int i;
|
||||
+
|
||||
+ crypto_cipher_encrypt_one(tfm, b, b_0);
|
||||
+
|
||||
+ /* Extra Authenticate-only data (always two AES blocks) */
|
||||
+ for (i = 0; i < AES_BLOCK_SIZE; i++)
|
||||
+ aad[i] ^= b[i];
|
||||
+ crypto_cipher_encrypt_one(tfm, b, aad);
|
||||
+
|
||||
+ aad += AES_BLOCK_SIZE;
|
||||
+
|
||||
+ for (i = 0; i < AES_BLOCK_SIZE; i++)
|
||||
+ aad[i] ^= b[i];
|
||||
+ crypto_cipher_encrypt_one(tfm, a, aad);
|
||||
+
|
||||
+ /* Mask out bits from auth-only-b_0 */
|
||||
+ b_0[0] &= 0x07;
|
||||
+
|
||||
+ /* S_0 is used to encrypt T (= MIC) */
|
||||
+ b_0[14] = 0;
|
||||
+ b_0[15] = 0;
|
||||
+ crypto_cipher_encrypt_one(tfm, s_0, b_0);
|
||||
+}
|
||||
+
|
||||
+
|
||||
+void ieee80211_aes_ccm_encrypt(struct crypto_cipher *tfm, u8 *b_0, u8 *aad,
|
||||
+ u8 *data, size_t data_len, u8 *mic,
|
||||
+ size_t mic_len)
|
||||
+{
|
||||
+ int i, j, last_len, num_blocks;
|
||||
+ u8 b[AES_BLOCK_SIZE];
|
||||
+ u8 s_0[AES_BLOCK_SIZE];
|
||||
+ u8 e[AES_BLOCK_SIZE];
|
||||
+ u8 *pos, *cpos;
|
||||
+
|
||||
+ num_blocks = DIV_ROUND_UP(data_len, AES_BLOCK_SIZE);
|
||||
+ last_len = data_len % AES_BLOCK_SIZE;
|
||||
+ aes_ccm_prepare(tfm, b_0, aad, s_0, b, b);
|
||||
+
|
||||
+ /* Process payload blocks */
|
||||
+ pos = data;
|
||||
+ cpos = data;
|
||||
+ for (j = 1; j <= num_blocks; j++) {
|
||||
+ int blen = (j == num_blocks && last_len) ?
|
||||
+ last_len : AES_BLOCK_SIZE;
|
||||
+
|
||||
+ /* Authentication followed by encryption */
|
||||
+ for (i = 0; i < blen; i++)
|
||||
+ b[i] ^= pos[i];
|
||||
+ crypto_cipher_encrypt_one(tfm, b, b);
|
||||
+
|
||||
+ b_0[14] = (j >> 8) & 0xff;
|
||||
+ b_0[15] = j & 0xff;
|
||||
+ crypto_cipher_encrypt_one(tfm, e, b_0);
|
||||
+ for (i = 0; i < blen; i++)
|
||||
+ *cpos++ = *pos++ ^ e[i];
|
||||
+ }
|
||||
+
|
||||
+ for (i = 0; i < mic_len; i++)
|
||||
+ mic[i] = b[i] ^ s_0[i];
|
||||
+}
|
||||
+
|
||||
+int ieee80211_aes_ccm_decrypt(struct crypto_cipher *tfm, u8 *b_0, u8 *aad,
|
||||
+ u8 *data, size_t data_len, u8 *mic,
|
||||
+ size_t mic_len)
|
||||
+{
|
||||
+ int i, j, last_len, num_blocks;
|
||||
+ u8 *pos, *cpos;
|
||||
+ u8 a[AES_BLOCK_SIZE];
|
||||
+ u8 b[AES_BLOCK_SIZE];
|
||||
+ u8 s_0[AES_BLOCK_SIZE];
|
||||
+
|
||||
+ num_blocks = DIV_ROUND_UP(data_len, AES_BLOCK_SIZE);
|
||||
+ last_len = data_len % AES_BLOCK_SIZE;
|
||||
+ aes_ccm_prepare(tfm, b_0, aad, s_0, a, b);
|
||||
+
|
||||
+ /* Process payload blocks */
|
||||
+ cpos = data;
|
||||
+ pos = data;
|
||||
+ for (j = 1; j <= num_blocks; j++) {
|
||||
+ int blen = (j == num_blocks && last_len) ?
|
||||
+ last_len : AES_BLOCK_SIZE;
|
||||
+
|
||||
+ /* Decryption followed by authentication */
|
||||
+ b_0[14] = (j >> 8) & 0xff;
|
||||
+ b_0[15] = j & 0xff;
|
||||
+ crypto_cipher_encrypt_one(tfm, b, b_0);
|
||||
+ for (i = 0; i < blen; i++) {
|
||||
+ *pos = *cpos++ ^ b[i];
|
||||
+ a[i] ^= *pos++;
|
||||
+ }
|
||||
+ crypto_cipher_encrypt_one(tfm, a, a);
|
||||
+ }
|
||||
+
|
||||
+ for (i = 0; i < mic_len; i++) {
|
||||
+ if ((mic[i] ^ s_0[i]) != a[i])
|
||||
+ return -1;
|
||||
+ }
|
||||
+
|
||||
+ return 0;
|
||||
+}
|
||||
+
|
||||
+struct crypto_cipher *ieee80211_aes_key_setup_encrypt(const u8 key[],
|
||||
+ size_t key_len,
|
||||
+ size_t mic_len)
|
||||
+{
|
||||
+ struct crypto_cipher *tfm;
|
||||
+
|
||||
+ tfm = crypto_alloc_cipher("aes", 0, CRYPTO_ALG_ASYNC);
|
||||
+ if (!IS_ERR(tfm))
|
||||
+ crypto_cipher_setkey(tfm, key, key_len);
|
||||
+
|
||||
+ return tfm;
|
||||
+}
|
||||
+
|
||||
+
|
||||
+void ieee80211_aes_key_free(struct crypto_cipher *tfm)
|
||||
+{
|
||||
+ crypto_free_cipher(tfm);
|
||||
+}
|
||||
--- a/net/mac80211/Kconfig
|
||||
+++ b/net/mac80211/Kconfig
|
||||
@@ -6,8 +6,6 @@ config MAC80211
|
||||
depends on CRYPTO
|
||||
select BPAUTO_CRYPTO_LIB_ARC4
|
||||
depends on CRYPTO_AES
|
||||
- depends on CRYPTO_CCM
|
||||
- depends on CRYPTO_GCM
|
||||
depends on CRYPTO_CMAC
|
||||
depends on CRC32
|
||||
help
|
||||
--- a/net/mac80211/aes_gmac.h
|
||||
+++ b/net/mac80211/aes_gmac.h
|
||||
@@ -12,10 +12,22 @@
|
||||
#define GMAC_MIC_LEN 16
|
||||
#define GMAC_NONCE_LEN 12
|
||||
|
||||
-struct crypto_aead *ieee80211_aes_gmac_key_setup(const u8 key[],
|
||||
- size_t key_len);
|
||||
-int ieee80211_aes_gmac(struct crypto_aead *tfm, const u8 *aad, u8 *nonce,
|
||||
- const u8 *data, size_t data_len, u8 *mic);
|
||||
-void ieee80211_aes_gmac_key_free(struct crypto_aead *tfm);
|
||||
+static inline struct crypto_aead *
|
||||
+ieee80211_aes_gmac_key_setup(const u8 key[], size_t key_len)
|
||||
+{
|
||||
+ return NULL;
|
||||
+}
|
||||
+
|
||||
+static inline int
|
||||
+ieee80211_aes_gmac(struct crypto_aead *tfm, const u8 *aad, u8 *nonce,
|
||||
+ const u8 *data, size_t data_len, u8 *mic)
|
||||
+{
|
||||
+ return -EOPNOTSUPP;
|
||||
+}
|
||||
+
|
||||
+static inline void
|
||||
+ieee80211_aes_gmac_key_free(struct crypto_aead *tfm)
|
||||
+{
|
||||
+}
|
||||
|
||||
#endif /* AES_GMAC_H */
|
||||
--- a/net/mac80211/key.h
|
||||
+++ b/net/mac80211/key.h
|
||||
@@ -89,7 +89,7 @@ struct ieee80211_key {
|
||||
* Management frames.
|
||||
*/
|
||||
u8 rx_pn[IEEE80211_NUM_TIDS + 1][IEEE80211_CCMP_PN_LEN];
|
||||
- struct crypto_aead *tfm;
|
||||
+ struct crypto_cipher *tfm;
|
||||
u32 replays; /* dot11RSNAStatsCCMPReplays */
|
||||
} ccmp;
|
||||
struct {
|
||||
@ -1,32 +0,0 @@
|
||||
Disable FILS support, since it pulls in crypto hash support
|
||||
|
||||
--- a/net/mac80211/fils_aead.h
|
||||
+++ b/net/mac80211/fils_aead.h
|
||||
@@ -7,7 +7,7 @@
|
||||
#ifndef FILS_AEAD_H
|
||||
#define FILS_AEAD_H
|
||||
|
||||
-#if LINUX_VERSION_IS_GEQ(4,3,0)
|
||||
+#if 0 /* LINUX_VERSION_IS_GEQ(4,3,0) */
|
||||
int fils_encrypt_assoc_req(struct sk_buff *skb,
|
||||
struct ieee80211_mgd_assoc_data *assoc_data);
|
||||
int fils_decrypt_assoc_resp(struct ieee80211_sub_if_data *sdata,
|
||||
--- a/net/mac80211/fils_aead.c
|
||||
+++ b/net/mac80211/fils_aead.c
|
||||
@@ -1,4 +1,4 @@
|
||||
-#if LINUX_VERSION_IS_GEQ(4,3,0)
|
||||
+#if 0 /* LINUX_VERSION_IS_GEQ(4,3,0) */
|
||||
// SPDX-License-Identifier: GPL-2.0-only
|
||||
/*
|
||||
* FILS AEAD for (Re)Association Request/Response frames
|
||||
--- a/net/mac80211/main.c
|
||||
+++ b/net/mac80211/main.c
|
||||
@@ -591,7 +591,7 @@ struct ieee80211_hw *ieee80211_alloc_hw_
|
||||
NL80211_FEATURE_MAC_ON_CREATE |
|
||||
NL80211_FEATURE_USERSPACE_MPM |
|
||||
NL80211_FEATURE_FULL_AP_CLIENT_STATE;
|
||||
-#if LINUX_VERSION_IS_GEQ(4,3,0)
|
||||
+#if 0 /* LINUX_VERSION_IS_GEQ(4,3,0) */
|
||||
wiphy_ext_feature_set(wiphy, NL80211_EXT_FEATURE_FILS_STA);
|
||||
#endif
|
||||
wiphy_ext_feature_set(wiphy,
|
||||
@ -1,230 +0,0 @@
|
||||
From: Felix Fietkau <nbd@nbd.name>
|
||||
Date: Sat, 7 Oct 2017 09:37:28 +0200
|
||||
Subject: [PATCH] Revert "mac80211: aes-cmac: switch to shash CMAC
|
||||
driver"
|
||||
|
||||
This reverts commit 26717828b75dd5c46e97f7f4a9b937d038bb2852.
|
||||
Reduces mac80211 dependencies for LEDE
|
||||
|
||||
Signed-off-by: Felix Fietkau <nbd@nbd.name>
|
||||
---
|
||||
|
||||
--- a/net/mac80211/aes_cmac.c
|
||||
+++ b/net/mac80211/aes_cmac.c
|
||||
@@ -19,67 +19,151 @@
|
||||
#define CMAC_TLEN_256 16 /* CMAC TLen = 128 bits (16 octets) */
|
||||
#define AAD_LEN 20
|
||||
|
||||
-static const u8 zero[CMAC_TLEN_256];
|
||||
|
||||
-void ieee80211_aes_cmac(struct crypto_shash *tfm, const u8 *aad,
|
||||
+void gf_mulx(u8 *pad)
|
||||
+{
|
||||
+ int i, carry;
|
||||
+
|
||||
+ carry = pad[0] & 0x80;
|
||||
+ for (i = 0; i < AES_BLOCK_SIZE - 1; i++)
|
||||
+ pad[i] = (pad[i] << 1) | (pad[i + 1] >> 7);
|
||||
+ pad[AES_BLOCK_SIZE - 1] <<= 1;
|
||||
+ if (carry)
|
||||
+ pad[AES_BLOCK_SIZE - 1] ^= 0x87;
|
||||
+}
|
||||
+
|
||||
+void aes_cmac_vector(struct crypto_cipher *tfm, size_t num_elem,
|
||||
+ const u8 *addr[], const size_t *len, u8 *mac,
|
||||
+ size_t mac_len)
|
||||
+{
|
||||
+ u8 cbc[AES_BLOCK_SIZE], pad[AES_BLOCK_SIZE];
|
||||
+ const u8 *pos, *end;
|
||||
+ size_t i, e, left, total_len;
|
||||
+
|
||||
+ memset(cbc, 0, AES_BLOCK_SIZE);
|
||||
+
|
||||
+ total_len = 0;
|
||||
+ for (e = 0; e < num_elem; e++)
|
||||
+ total_len += len[e];
|
||||
+ left = total_len;
|
||||
+
|
||||
+ e = 0;
|
||||
+ pos = addr[0];
|
||||
+ end = pos + len[0];
|
||||
+
|
||||
+ while (left >= AES_BLOCK_SIZE) {
|
||||
+ for (i = 0; i < AES_BLOCK_SIZE; i++) {
|
||||
+ cbc[i] ^= *pos++;
|
||||
+ if (pos >= end) {
|
||||
+ e++;
|
||||
+ pos = addr[e];
|
||||
+ end = pos + len[e];
|
||||
+ }
|
||||
+ }
|
||||
+ if (left > AES_BLOCK_SIZE)
|
||||
+ crypto_cipher_encrypt_one(tfm, cbc, cbc);
|
||||
+ left -= AES_BLOCK_SIZE;
|
||||
+ }
|
||||
+
|
||||
+ memset(pad, 0, AES_BLOCK_SIZE);
|
||||
+ crypto_cipher_encrypt_one(tfm, pad, pad);
|
||||
+ gf_mulx(pad);
|
||||
+
|
||||
+ if (left || total_len == 0) {
|
||||
+ for (i = 0; i < left; i++) {
|
||||
+ cbc[i] ^= *pos++;
|
||||
+ if (pos >= end) {
|
||||
+ e++;
|
||||
+ pos = addr[e];
|
||||
+ end = pos + len[e];
|
||||
+ }
|
||||
+ }
|
||||
+ cbc[left] ^= 0x80;
|
||||
+ gf_mulx(pad);
|
||||
+ }
|
||||
+
|
||||
+ for (i = 0; i < AES_BLOCK_SIZE; i++)
|
||||
+ pad[i] ^= cbc[i];
|
||||
+ crypto_cipher_encrypt_one(tfm, pad, pad);
|
||||
+ memcpy(mac, pad, mac_len);
|
||||
+}
|
||||
+
|
||||
+
|
||||
+void ieee80211_aes_cmac(struct crypto_cipher *tfm, const u8 *aad,
|
||||
const u8 *data, size_t data_len, u8 *mic)
|
||||
{
|
||||
- SHASH_DESC_ON_STACK(desc, tfm);
|
||||
- u8 out[AES_BLOCK_SIZE];
|
||||
+ const u8 *addr[4];
|
||||
+ size_t len[4];
|
||||
+ u8 zero[CMAC_TLEN];
|
||||
const __le16 *fc;
|
||||
|
||||
- desc->tfm = tfm;
|
||||
-
|
||||
- crypto_shash_init(desc);
|
||||
- crypto_shash_update(desc, aad, AAD_LEN);
|
||||
+ memset(zero, 0, CMAC_TLEN);
|
||||
+ addr[0] = aad;
|
||||
+ len[0] = AAD_LEN;
|
||||
fc = (const __le16 *)aad;
|
||||
if (ieee80211_is_beacon(*fc)) {
|
||||
/* mask Timestamp field to zero */
|
||||
- crypto_shash_update(desc, zero, 8);
|
||||
- crypto_shash_update(desc, data + 8, data_len - 8 - CMAC_TLEN);
|
||||
+ addr[1] = zero;
|
||||
+ len[1] = 8;
|
||||
+ addr[2] = data + 8;
|
||||
+ len[2] = data_len - 8 - CMAC_TLEN;
|
||||
+ addr[3] = zero;
|
||||
+ len[3] = CMAC_TLEN;
|
||||
+ aes_cmac_vector(tfm, 4, addr, len, mic, CMAC_TLEN);
|
||||
} else {
|
||||
- crypto_shash_update(desc, data, data_len - CMAC_TLEN);
|
||||
+ addr[1] = data;
|
||||
+ len[1] = data_len - CMAC_TLEN;
|
||||
+ addr[2] = zero;
|
||||
+ len[2] = CMAC_TLEN;
|
||||
+ aes_cmac_vector(tfm, 3, addr, len, mic, CMAC_TLEN);
|
||||
}
|
||||
- crypto_shash_finup(desc, zero, CMAC_TLEN, out);
|
||||
-
|
||||
- memcpy(mic, out, CMAC_TLEN);
|
||||
}
|
||||
|
||||
-void ieee80211_aes_cmac_256(struct crypto_shash *tfm, const u8 *aad,
|
||||
+void ieee80211_aes_cmac_256(struct crypto_cipher *tfm, const u8 *aad,
|
||||
const u8 *data, size_t data_len, u8 *mic)
|
||||
{
|
||||
- SHASH_DESC_ON_STACK(desc, tfm);
|
||||
+ const u8 *addr[4];
|
||||
+ size_t len[4];
|
||||
+ u8 zero[CMAC_TLEN_256];
|
||||
const __le16 *fc;
|
||||
|
||||
- desc->tfm = tfm;
|
||||
-
|
||||
- crypto_shash_init(desc);
|
||||
- crypto_shash_update(desc, aad, AAD_LEN);
|
||||
+ memset(zero, 0, CMAC_TLEN_256);
|
||||
+ addr[0] = aad;
|
||||
+ len[0] = AAD_LEN;
|
||||
+ addr[1] = data;
|
||||
fc = (const __le16 *)aad;
|
||||
if (ieee80211_is_beacon(*fc)) {
|
||||
/* mask Timestamp field to zero */
|
||||
- crypto_shash_update(desc, zero, 8);
|
||||
- crypto_shash_update(desc, data + 8,
|
||||
- data_len - 8 - CMAC_TLEN_256);
|
||||
+ addr[1] = zero;
|
||||
+ len[1] = 8;
|
||||
+ addr[2] = data + 8;
|
||||
+ len[2] = data_len - 8 - CMAC_TLEN_256;
|
||||
+ addr[3] = zero;
|
||||
+ len[3] = CMAC_TLEN_256;
|
||||
+ aes_cmac_vector(tfm, 4, addr, len, mic, CMAC_TLEN_256);
|
||||
} else {
|
||||
- crypto_shash_update(desc, data, data_len - CMAC_TLEN_256);
|
||||
+ addr[1] = data;
|
||||
+ len[1] = data_len - CMAC_TLEN_256;
|
||||
+ addr[2] = zero;
|
||||
+ len[2] = CMAC_TLEN_256;
|
||||
+ aes_cmac_vector(tfm, 3, addr, len, mic, CMAC_TLEN_256);
|
||||
}
|
||||
- crypto_shash_finup(desc, zero, CMAC_TLEN_256, mic);
|
||||
}
|
||||
|
||||
-struct crypto_shash *ieee80211_aes_cmac_key_setup(const u8 key[],
|
||||
- size_t key_len)
|
||||
+struct crypto_cipher *ieee80211_aes_cmac_key_setup(const u8 key[],
|
||||
+ size_t key_len)
|
||||
{
|
||||
- struct crypto_shash *tfm;
|
||||
+ struct crypto_cipher *tfm;
|
||||
|
||||
- tfm = crypto_alloc_shash("cmac(aes)", 0, 0);
|
||||
+ tfm = crypto_alloc_cipher("aes", 0, CRYPTO_ALG_ASYNC);
|
||||
if (!IS_ERR(tfm))
|
||||
- crypto_shash_setkey(tfm, key, key_len);
|
||||
+ crypto_cipher_setkey(tfm, key, key_len);
|
||||
|
||||
return tfm;
|
||||
}
|
||||
|
||||
-void ieee80211_aes_cmac_key_free(struct crypto_shash *tfm)
|
||||
+
|
||||
+void ieee80211_aes_cmac_key_free(struct crypto_cipher *tfm)
|
||||
{
|
||||
- crypto_free_shash(tfm);
|
||||
+ crypto_free_cipher(tfm);
|
||||
}
|
||||
--- a/net/mac80211/aes_cmac.h
|
||||
+++ b/net/mac80211/aes_cmac.h
|
||||
@@ -7,14 +7,13 @@
|
||||
#define AES_CMAC_H
|
||||
|
||||
#include <linux/crypto.h>
|
||||
-#include <crypto/hash.h>
|
||||
|
||||
-struct crypto_shash *ieee80211_aes_cmac_key_setup(const u8 key[],
|
||||
- size_t key_len);
|
||||
-void ieee80211_aes_cmac(struct crypto_shash *tfm, const u8 *aad,
|
||||
+struct crypto_cipher *ieee80211_aes_cmac_key_setup(const u8 key[],
|
||||
+ size_t key_len);
|
||||
+void ieee80211_aes_cmac(struct crypto_cipher *tfm, const u8 *aad,
|
||||
const u8 *data, size_t data_len, u8 *mic);
|
||||
-void ieee80211_aes_cmac_256(struct crypto_shash *tfm, const u8 *aad,
|
||||
+void ieee80211_aes_cmac_256(struct crypto_cipher *tfm, const u8 *aad,
|
||||
const u8 *data, size_t data_len, u8 *mic);
|
||||
-void ieee80211_aes_cmac_key_free(struct crypto_shash *tfm);
|
||||
+void ieee80211_aes_cmac_key_free(struct crypto_cipher *tfm);
|
||||
|
||||
#endif /* AES_CMAC_H */
|
||||
--- a/net/mac80211/key.h
|
||||
+++ b/net/mac80211/key.h
|
||||
@@ -94,7 +94,7 @@ struct ieee80211_key {
|
||||
} ccmp;
|
||||
struct {
|
||||
u8 rx_pn[IEEE80211_CMAC_PN_LEN];
|
||||
- struct crypto_shash *tfm;
|
||||
+ struct crypto_cipher *tfm;
|
||||
u32 replays; /* dot11RSNAStatsCMACReplays */
|
||||
u32 icverrors; /* dot11RSNAStatsCMACICVErrors */
|
||||
} aes_cmac;
|
||||
@ -1,10 +0,0 @@
|
||||
--- a/net/mac80211/Kconfig
|
||||
+++ b/net/mac80211/Kconfig
|
||||
@@ -6,7 +6,6 @@ config MAC80211
|
||||
depends on CRYPTO
|
||||
select BPAUTO_CRYPTO_LIB_ARC4
|
||||
depends on CRYPTO_AES
|
||||
- depends on CRYPTO_CMAC
|
||||
depends on CRC32
|
||||
help
|
||||
This option enables the hardware independent IEEE 802.11
|
||||
@ -12,7 +12,7 @@ Signed-off-by: Felix Fietkau <nbd@nbd.name>
|
||||
|
||||
--- a/net/mac80211/Makefile
|
||||
+++ b/net/mac80211/Makefile
|
||||
@@ -55,11 +55,9 @@ mac80211-$(CONFIG_PM) += pm.o
|
||||
@@ -56,11 +56,9 @@ mac80211-$(CONFIG_PM) += pm.o
|
||||
CFLAGS_trace.o := -I$(src)
|
||||
|
||||
rc80211_minstrel-y := \
|
||||
|
||||
@ -1005,7 +1005,9 @@ CONFIG_CROSS_COMPILE=""
|
||||
CONFIG_CRYPTO=y
|
||||
# CONFIG_CRYPTO_842 is not set
|
||||
# CONFIG_CRYPTO_ADIANTUM is not set
|
||||
# CONFIG_CRYPTO_AEAD is not set
|
||||
CONFIG_CRYPTO_ACOMP2=y
|
||||
CONFIG_CRYPTO_AEAD=y
|
||||
CONFIG_CRYPTO_AEAD2=y
|
||||
# CONFIG_CRYPTO_AEGIS128 is not set
|
||||
# CONFIG_CRYPTO_AEGIS128L is not set
|
||||
# CONFIG_CRYPTO_AEGIS128L_AESNI_SSE2 is not set
|
||||
@ -1025,6 +1027,8 @@ CONFIG_CRYPTO_AES=y
|
||||
# CONFIG_CRYPTO_AES_ARM_CE is not set
|
||||
# CONFIG_CRYPTO_AES_NI_INTEL is not set
|
||||
# CONFIG_CRYPTO_AES_TI is not set
|
||||
CONFIG_CRYPTO_AKCIPHER=y
|
||||
CONFIG_CRYPTO_AKCIPHER2=y
|
||||
CONFIG_CRYPTO_ALGAPI=y
|
||||
CONFIG_CRYPTO_ALGAPI2=y
|
||||
# CONFIG_CRYPTO_ANSI_CPRNG is not set
|
||||
@ -1039,7 +1043,7 @@ CONFIG_CRYPTO_ALGAPI2=y
|
||||
# CONFIG_CRYPTO_CAST5 is not set
|
||||
# CONFIG_CRYPTO_CAST6 is not set
|
||||
# CONFIG_CRYPTO_CBC is not set
|
||||
# CONFIG_CRYPTO_CCM is not set
|
||||
CONFIG_CRYPTO_CCM=y
|
||||
# CONFIG_CRYPTO_CFB is not set
|
||||
# CONFIG_CRYPTO_CHACHA20 is not set
|
||||
# CONFIG_CRYPTO_CHACHA20POLY1305 is not set
|
||||
@ -1054,7 +1058,7 @@ CONFIG_CRYPTO_ALGAPI2=y
|
||||
# CONFIG_CRYPTO_CRCT10DIF is not set
|
||||
# CONFIG_CRYPTO_CRCT10DIF_ARM64_CE is not set
|
||||
# CONFIG_CRYPTO_CRYPTD is not set
|
||||
# CONFIG_CRYPTO_CTR is not set
|
||||
CONFIG_CRYPTO_CTR=y
|
||||
# CONFIG_CRYPTO_CTS is not set
|
||||
# CONFIG_CRYPTO_CURVE25519 is not set
|
||||
# CONFIG_CRYPTO_CURVE25519_NEON is not set
|
||||
@ -1107,17 +1111,20 @@ CONFIG_CRYPTO_ALGAPI2=y
|
||||
# CONFIG_CRYPTO_ESSIV is not set
|
||||
# CONFIG_CRYPTO_FCRYPT is not set
|
||||
# CONFIG_CRYPTO_FIPS is not set
|
||||
# CONFIG_CRYPTO_GCM is not set
|
||||
CONFIG_CRYPTO_GCM=y
|
||||
# CONFIG_CRYPTO_GF128MUL is not set
|
||||
# CONFIG_CRYPTO_GHASH is not set
|
||||
CONFIG_CRYPTO_GHASH=y
|
||||
# CONFIG_CRYPTO_GHASH_ARM64_CE is not set
|
||||
# CONFIG_CRYPTO_GHASH_ARM_CE is not set
|
||||
# CONFIG_CRYPTO_GHASH_CLMUL_NI_INTEL is not set
|
||||
# CONFIG_CRYPTO_HASH is not set
|
||||
CONFIG_CRYPTO_HASH=y
|
||||
CONFIG_CRYPTO_HASH2=y
|
||||
# CONFIG_CRYPTO_HMAC is not set
|
||||
# CONFIG_CRYPTO_HW is not set
|
||||
# CONFIG_CRYPTO_JITTERENTROPY is not set
|
||||
# CONFIG_CRYPTO_KEYWRAP is not set
|
||||
CONFIG_CRYPTO_KPP=y
|
||||
CONFIG_CRYPTO_KPP2=y
|
||||
# CONFIG_CRYPTO_KHAZAD is not set
|
||||
CONFIG_CRYPTO_LIB_AES=y
|
||||
CONFIG_CRYPTO_LIB_ARC4=y
|
||||
@ -1131,8 +1138,8 @@ CONFIG_CRYPTO_LIB_POLY1305_RSIZE=9
|
||||
# CONFIG_CRYPTO_LZ4 is not set
|
||||
# CONFIG_CRYPTO_LZ4HC is not set
|
||||
# CONFIG_CRYPTO_LZO is not set
|
||||
# CONFIG_CRYPTO_MANAGER is not set
|
||||
# CONFIG_CRYPTO_MANAGER2 is not set
|
||||
CONFIG_CRYPTO_MANAGER=y
|
||||
CONFIG_CRYPTO_MANAGER2=y
|
||||
CONFIG_CRYPTO_MANAGER_DISABLE_TESTS=y
|
||||
# CONFIG_CRYPTO_MCRYPTD is not set
|
||||
# CONFIG_CRYPTO_MD4 is not set
|
||||
@ -1144,7 +1151,7 @@ CONFIG_CRYPTO_MANAGER_DISABLE_TESTS=y
|
||||
# CONFIG_CRYPTO_MORUS640 is not set
|
||||
# CONFIG_CRYPTO_MORUS640_SSE2 is not set
|
||||
# CONFIG_CRYPTO_NHPOLY1305_NEON is not set
|
||||
# CONFIG_CRYPTO_NULL is not set
|
||||
CONFIG_CRYPTO_NULL=y
|
||||
# CONFIG_CRYPTO_OFB is not set
|
||||
# CONFIG_CRYPTO_PCBC is not set
|
||||
# CONFIG_CRYPTO_PCOMP is not set
|
||||
|
||||
Loading…
Reference in New Issue
Block a user