package/kernel/mac80211/patches/subsys/131-Revert-mac80211-aes-cmac-switch-to-shash-CMAC-driver.patch - T108 - Gitiles

 From: Felix Fietkau <nbd@nbd.name>
 Date: Sat, 7 Oct 2017 09:37:28 +0200
 Subject: [PATCH] Revert "mac80211: aes-cmac: switch to shash CMAC
  driver"

 This reverts commit 26717828b75dd5c46e97f7f4a9b937d038bb2852.
 Reduces mac80211 dependencies for LEDE

 Signed-off-by: Felix Fietkau <nbd@nbd.name>
 ---

 --- a/net/mac80211/aes_cmac.c
 +++ b/net/mac80211/aes_cmac.c
 @@ -19,67 +19,151 @@
  #define CMAC_TLEN_256 16 /* CMAC TLen = 128 bits (16 octets) */
  #define AAD_LEN 20

 -static const u8 zero[CMAC_TLEN_256];

 -void ieee80211_aes_cmac(struct crypto_shash *tfm, const u8 *aad,
 +void gf_mulx(u8 *pad)
 +{
 +	int i, carry;
 +
 +	carry = pad[0] & 0x80;
 +	for (i = 0; i < AES_BLOCK_SIZE - 1; i++)
 +		pad[i] = (pad[i] << 1) | (pad[i + 1] >> 7);
 +	pad[AES_BLOCK_SIZE - 1] <<= 1;
 +	if (carry)
 +		pad[AES_BLOCK_SIZE - 1] ^= 0x87;
 +}
 +
 +void aes_cmac_vector(struct crypto_cipher *tfm, size_t num_elem,
 +		     const u8 *addr[], const size_t *len, u8 *mac,
 +		     size_t mac_len)
 +{
 +	u8 cbc[AES_BLOCK_SIZE], pad[AES_BLOCK_SIZE];
 +	const u8 *pos, *end;
 +	size_t i, e, left, total_len;
 +
 +	memset(cbc, 0, AES_BLOCK_SIZE);
 +
 +	total_len = 0;
 +	for (e = 0; e < num_elem; e++)
 +		total_len += len[e];
 +	left = total_len;
 +
 +	e = 0;
 +	pos = addr[0];
 +	end = pos + len[0];
 +
 +	while (left >= AES_BLOCK_SIZE) {
 +		for (i = 0; i < AES_BLOCK_SIZE; i++) {
 +			cbc[i] ^= *pos++;
 +			if (pos >= end) {
 +				e++;
 +				pos = addr[e];
 +				end = pos + len[e];
 +			}
 +		}
 +		if (left > AES_BLOCK_SIZE)
 +			crypto_cipher_encrypt_one(tfm, cbc, cbc);
 +		left -= AES_BLOCK_SIZE;
 +	}
 +
 +	memset(pad, 0, AES_BLOCK_SIZE);
 +	crypto_cipher_encrypt_one(tfm, pad, pad);
 +	gf_mulx(pad);
 +
 +	if (left || total_len == 0) {
 +		for (i = 0; i < left; i++) {
 +			cbc[i] ^= *pos++;
 +			if (pos >= end) {
 +				e++;
 +				pos = addr[e];
 +				end = pos + len[e];
 +			}
 +		}
 +		cbc[left] ^= 0x80;
 +		gf_mulx(pad);
 +	}
 +
 +	for (i = 0; i < AES_BLOCK_SIZE; i++)
 +		pad[i] ^= cbc[i];
 +	crypto_cipher_encrypt_one(tfm, pad, pad);
 +	memcpy(mac, pad, mac_len);
 +}
 +
 +
 +void ieee80211_aes_cmac(struct crypto_cipher *tfm, const u8 *aad,
  			const u8 *data, size_t data_len, u8 *mic)
  {
 -	SHASH_DESC_ON_STACK(desc, tfm);
 -	u8 out[AES_BLOCK_SIZE];
 +	const u8 *addr[4];
 +	size_t len[4];
 +	u8 zero[CMAC_TLEN];
  	const __le16 *fc;

 -	desc->tfm = tfm;
 -
 -	crypto_shash_init(desc);
 -	crypto_shash_update(desc, aad, AAD_LEN);
 +	memset(zero, 0, CMAC_TLEN);
 +	addr[0] = aad;
 +	len[0] = AAD_LEN;
  	fc = (const __le16 *)aad;
  	if (ieee80211_is_beacon(*fc)) {
  		/* mask Timestamp field to zero */
 -		crypto_shash_update(desc, zero, 8);
 -		crypto_shash_update(desc, data + 8, data_len - 8 - CMAC_TLEN);
 +		addr[1] = zero;
 +		len[1] = 8;
 +		addr[2] = data + 8;
 +		len[2] = data_len - 8 - CMAC_TLEN;
 +		addr[3] = zero;
 +		len[3] = CMAC_TLEN;
 +		aes_cmac_vector(tfm, 4, addr, len, mic, CMAC_TLEN);
  	} else {
 -		crypto_shash_update(desc, data, data_len - CMAC_TLEN);
 +		addr[1] = data;
 +		len[1] = data_len - CMAC_TLEN;
 +		addr[2] = zero;
 +		len[2] = CMAC_TLEN;
 +		aes_cmac_vector(tfm, 3, addr, len, mic, CMAC_TLEN);
  	}
 -	crypto_shash_finup(desc, zero, CMAC_TLEN, out);
 -
 -	memcpy(mic, out, CMAC_TLEN);
  }

 -void ieee80211_aes_cmac_256(struct crypto_shash *tfm, const u8 *aad,
 +void ieee80211_aes_cmac_256(struct crypto_cipher *tfm, const u8 *aad,
  			    const u8 *data, size_t data_len, u8 *mic)
  {
 -	SHASH_DESC_ON_STACK(desc, tfm);
 +	const u8 *addr[4];
 +	size_t len[4];
 +	u8 zero[CMAC_TLEN_256];
  	const __le16 *fc;

 -	desc->tfm = tfm;
 -
 -	crypto_shash_init(desc);
 -	crypto_shash_update(desc, aad, AAD_LEN);
 +	memset(zero, 0, CMAC_TLEN_256);
 +	addr[0] = aad;
 +	len[0] = AAD_LEN;
 +	addr[1] = data;
  	fc = (const __le16 *)aad;
  	if (ieee80211_is_beacon(*fc)) {
  		/* mask Timestamp field to zero */
 -		crypto_shash_update(desc, zero, 8);
 -		crypto_shash_update(desc, data + 8,
 -				    data_len - 8 - CMAC_TLEN_256);
 +		addr[1] = zero;
 +		len[1] = 8;
 +		addr[2] = data + 8;
 +		len[2] = data_len - 8 - CMAC_TLEN_256;
 +		addr[3] = zero;
 +		len[3] = CMAC_TLEN_256;
 +		aes_cmac_vector(tfm, 4, addr, len, mic, CMAC_TLEN_256);
  	} else {
 -		crypto_shash_update(desc, data, data_len - CMAC_TLEN_256);
 +		addr[1] = data;
 +		len[1] = data_len - CMAC_TLEN_256;
 +		addr[2] = zero;
 +		len[2] = CMAC_TLEN_256;
 +		aes_cmac_vector(tfm, 3, addr, len, mic, CMAC_TLEN_256);
  	}
 -	crypto_shash_finup(desc, zero, CMAC_TLEN_256, mic);
  }

 -struct crypto_shash *ieee80211_aes_cmac_key_setup(const u8 key[],
 -						  size_t key_len)
 +struct crypto_cipher *ieee80211_aes_cmac_key_setup(const u8 key[],
 +						   size_t key_len)
  {
 -	struct crypto_shash *tfm;
 +	struct crypto_cipher *tfm;

 -	tfm = crypto_alloc_shash("cmac(aes)", 0, 0);
 +	tfm = crypto_alloc_cipher("aes", 0, CRYPTO_ALG_ASYNC);
  	if (!IS_ERR(tfm))
 -		crypto_shash_setkey(tfm, key, key_len);
 +		crypto_cipher_setkey(tfm, key, key_len);

  	return tfm;
  }

 -void ieee80211_aes_cmac_key_free(struct crypto_shash *tfm)
 +
 +void ieee80211_aes_cmac_key_free(struct crypto_cipher *tfm)
  {
 -	crypto_free_shash(tfm);
 +	crypto_free_cipher(tfm);
  }
 --- a/net/mac80211/aes_cmac.h
 +++ b/net/mac80211/aes_cmac.h
 @@ -7,14 +7,13 @@
  #define AES_CMAC_H

  #include <linux/crypto.h>
 -#include <crypto/hash.h>

 -struct crypto_shash *ieee80211_aes_cmac_key_setup(const u8 key[],
 -						  size_t key_len);
 -void ieee80211_aes_cmac(struct crypto_shash *tfm, const u8 *aad,
 +struct crypto_cipher *ieee80211_aes_cmac_key_setup(const u8 key[],
 +						   size_t key_len);
 +void ieee80211_aes_cmac(struct crypto_cipher *tfm, const u8 *aad,
  			const u8 *data, size_t data_len, u8 *mic);
 -void ieee80211_aes_cmac_256(struct crypto_shash *tfm, const u8 *aad,
 +void ieee80211_aes_cmac_256(struct crypto_cipher *tfm, const u8 *aad,
  			    const u8 *data, size_t data_len, u8 *mic);
 -void ieee80211_aes_cmac_key_free(struct crypto_shash *tfm);
 +void ieee80211_aes_cmac_key_free(struct crypto_cipher *tfm);

  #endif /* AES_CMAC_H */
 --- a/net/mac80211/key.h
 +++ b/net/mac80211/key.h
 @@ -94,7 +94,7 @@ struct ieee80211_key {
  		} ccmp;
  		struct {
  			u8 rx_pn[IEEE80211_CMAC_PN_LEN];
 -			struct crypto_shash *tfm;
 +			struct crypto_cipher *tfm;
  			u32 replays; /* dot11RSNAStatsCMACReplays */
  			u32 icverrors; /* dot11RSNAStatsCMACICVErrors */
  		} aes_cmac;
	From: Felix Fietkau <nbd@nbd.name>
	Date: Sat, 7 Oct 2017 09:37:28 +0200
	Subject: [PATCH] Revert "mac80211: aes-cmac: switch to shash CMAC
	driver"

	This reverts commit 26717828b75dd5c46e97f7f4a9b937d038bb2852.
	Reduces mac80211 dependencies for LEDE

	Signed-off-by: Felix Fietkau <nbd@nbd.name>
	---

	--- a/net/mac80211/aes_cmac.c
	+++ b/net/mac80211/aes_cmac.c
	@@ -19,67 +19,151 @@
	#define CMAC_TLEN_256 16 /* CMAC TLen = 128 bits (16 octets) */
	#define AAD_LEN 20

	-static const u8 zero[CMAC_TLEN_256];

	-void ieee80211_aes_cmac(struct crypto_shash tfm, const u8 aad,
	+void gf_mulx(u8 *pad)
	+{
	+ int i, carry;
	+
	+ carry = pad[0] & 0x80;
	+ for (i = 0; i < AES_BLOCK_SIZE - 1; i++)
	+ pad[i] = (pad[i] << 1) \| (pad[i + 1] >> 7);
	+ pad[AES_BLOCK_SIZE - 1] <<= 1;
	+ if (carry)
	+ pad[AES_BLOCK_SIZE - 1] ^= 0x87;
	+}
	+
	+void aes_cmac_vector(struct crypto_cipher *tfm, size_t num_elem,
	+ const u8 addr[], const size_t len, u8 *mac,
	+ size_t mac_len)
	+{
	+ u8 cbc[AES_BLOCK_SIZE], pad[AES_BLOCK_SIZE];
	+ const u8 pos, end;
	+ size_t i, e, left, total_len;
	+
	+ memset(cbc, 0, AES_BLOCK_SIZE);
	+
	+ total_len = 0;
	+ for (e = 0; e < num_elem; e++)
	+ total_len += len[e];
	+ left = total_len;
	+
	+ e = 0;
	+ pos = addr[0];
	+ end = pos + len[0];
	+
	+ while (left >= AES_BLOCK_SIZE) {
	+ for (i = 0; i < AES_BLOCK_SIZE; i++) {
	+ cbc[i] ^= *pos++;
	+ if (pos >= end) {
	+ e++;
	+ pos = addr[e];
	+ end = pos + len[e];
	+ }
	+ }
	+ if (left > AES_BLOCK_SIZE)
	+ crypto_cipher_encrypt_one(tfm, cbc, cbc);
	+ left -= AES_BLOCK_SIZE;
	+ }
	+
	+ memset(pad, 0, AES_BLOCK_SIZE);
	+ crypto_cipher_encrypt_one(tfm, pad, pad);
	+ gf_mulx(pad);
	+
	+ if (left \|\| total_len == 0) {
	+ for (i = 0; i < left; i++) {
	+ cbc[i] ^= *pos++;
	+ if (pos >= end) {
	+ e++;
	+ pos = addr[e];
	+ end = pos + len[e];
	+ }
	+ }
	+ cbc[left] ^= 0x80;
	+ gf_mulx(pad);
	+ }
	+
	+ for (i = 0; i < AES_BLOCK_SIZE; i++)
	+ pad[i] ^= cbc[i];
	+ crypto_cipher_encrypt_one(tfm, pad, pad);
	+ memcpy(mac, pad, mac_len);
	+}
	+
	+
	+void ieee80211_aes_cmac(struct crypto_cipher tfm, const u8 aad,
	const u8 data, size_t data_len, u8 mic)
	{
	- SHASH_DESC_ON_STACK(desc, tfm);
	- u8 out[AES_BLOCK_SIZE];
	+ const u8 *addr[4];
	+ size_t len[4];
	+ u8 zero[CMAC_TLEN];
	const __le16 *fc;

	- desc->tfm = tfm;
	-
	- crypto_shash_init(desc);
	- crypto_shash_update(desc, aad, AAD_LEN);
	+ memset(zero, 0, CMAC_TLEN);
	+ addr[0] = aad;
	+ len[0] = AAD_LEN;
	fc = (const __le16 *)aad;
	if (ieee80211_is_beacon(*fc)) {
	/* mask Timestamp field to zero */
	- crypto_shash_update(desc, zero, 8);
	- crypto_shash_update(desc, data + 8, data_len - 8 - CMAC_TLEN);
	+ addr[1] = zero;
	+ len[1] = 8;
	+ addr[2] = data + 8;
	+ len[2] = data_len - 8 - CMAC_TLEN;
	+ addr[3] = zero;
	+ len[3] = CMAC_TLEN;
	+ aes_cmac_vector(tfm, 4, addr, len, mic, CMAC_TLEN);
	} else {
	- crypto_shash_update(desc, data, data_len - CMAC_TLEN);
	+ addr[1] = data;
	+ len[1] = data_len - CMAC_TLEN;
	+ addr[2] = zero;
	+ len[2] = CMAC_TLEN;
	+ aes_cmac_vector(tfm, 3, addr, len, mic, CMAC_TLEN);
	}
	- crypto_shash_finup(desc, zero, CMAC_TLEN, out);
	-
	- memcpy(mic, out, CMAC_TLEN);
	}

	-void ieee80211_aes_cmac_256(struct crypto_shash tfm, const u8 aad,
	+void ieee80211_aes_cmac_256(struct crypto_cipher tfm, const u8 aad,
	const u8 data, size_t data_len, u8 mic)
	{
	- SHASH_DESC_ON_STACK(desc, tfm);
	+ const u8 *addr[4];
	+ size_t len[4];
	+ u8 zero[CMAC_TLEN_256];
	const __le16 *fc;

	- desc->tfm = tfm;
	-
	- crypto_shash_init(desc);
	- crypto_shash_update(desc, aad, AAD_LEN);
	+ memset(zero, 0, CMAC_TLEN_256);
	+ addr[0] = aad;
	+ len[0] = AAD_LEN;
	+ addr[1] = data;
	fc = (const __le16 *)aad;
	if (ieee80211_is_beacon(*fc)) {
	/* mask Timestamp field to zero */
	- crypto_shash_update(desc, zero, 8);
	- crypto_shash_update(desc, data + 8,
	- data_len - 8 - CMAC_TLEN_256);
	+ addr[1] = zero;
	+ len[1] = 8;
	+ addr[2] = data + 8;
	+ len[2] = data_len - 8 - CMAC_TLEN_256;
	+ addr[3] = zero;
	+ len[3] = CMAC_TLEN_256;
	+ aes_cmac_vector(tfm, 4, addr, len, mic, CMAC_TLEN_256);
	} else {
	- crypto_shash_update(desc, data, data_len - CMAC_TLEN_256);
	+ addr[1] = data;
	+ len[1] = data_len - CMAC_TLEN_256;
	+ addr[2] = zero;
	+ len[2] = CMAC_TLEN_256;
	+ aes_cmac_vector(tfm, 3, addr, len, mic, CMAC_TLEN_256);
	}
	- crypto_shash_finup(desc, zero, CMAC_TLEN_256, mic);
	}

	-struct crypto_shash *ieee80211_aes_cmac_key_setup(const u8 key[],
	- size_t key_len)
	+struct crypto_cipher *ieee80211_aes_cmac_key_setup(const u8 key[],
	+ size_t key_len)
	{
	- struct crypto_shash *tfm;
	+ struct crypto_cipher *tfm;

	- tfm = crypto_alloc_shash("cmac(aes)", 0, 0);
	+ tfm = crypto_alloc_cipher("aes", 0, CRYPTO_ALG_ASYNC);
	if (!IS_ERR(tfm))
	- crypto_shash_setkey(tfm, key, key_len);
	+ crypto_cipher_setkey(tfm, key, key_len);

	return tfm;
	}

	-void ieee80211_aes_cmac_key_free(struct crypto_shash *tfm)
	+
	+void ieee80211_aes_cmac_key_free(struct crypto_cipher *tfm)
	{
	- crypto_free_shash(tfm);
	+ crypto_free_cipher(tfm);
	}
	--- a/net/mac80211/aes_cmac.h
	+++ b/net/mac80211/aes_cmac.h
	@@ -7,14 +7,13 @@
	#define AES_CMAC_H

	#include <linux/crypto.h>
	-#include <crypto/hash.h>

	-struct crypto_shash *ieee80211_aes_cmac_key_setup(const u8 key[],
	- size_t key_len);
	-void ieee80211_aes_cmac(struct crypto_shash tfm, const u8 aad,
	+struct crypto_cipher *ieee80211_aes_cmac_key_setup(const u8 key[],
	+ size_t key_len);
	+void ieee80211_aes_cmac(struct crypto_cipher tfm, const u8 aad,
	const u8 data, size_t data_len, u8 mic);
	-void ieee80211_aes_cmac_256(struct crypto_shash tfm, const u8 aad,
	+void ieee80211_aes_cmac_256(struct crypto_cipher tfm, const u8 aad,
	const u8 data, size_t data_len, u8 mic);
	-void ieee80211_aes_cmac_key_free(struct crypto_shash *tfm);
	+void ieee80211_aes_cmac_key_free(struct crypto_cipher *tfm);

	#endif /* AES_CMAC_H */
	--- a/net/mac80211/key.h
	+++ b/net/mac80211/key.h
	@@ -94,7 +94,7 @@ struct ieee80211_key {
	} ccmp;
	struct {
	u8 rx_pn[IEEE80211_CMAC_PN_LEN];
	- struct crypto_shash *tfm;
	+ struct crypto_cipher *tfm;
	u32 replays; /* dot11RSNAStatsCMACReplays */
	u32 icverrors; /* dot11RSNAStatsCMACICVErrors */
	} aes_cmac;