100-remove-cryptoapi-dependencies.patch 11 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348349350351352353354355356357358359360361362363364365366367368369370371372373374375376
  1. --- a/net/mac80211/Kconfig
  2. +++ b/net/mac80211/Kconfig
  3. @@ -5,8 +5,6 @@ config MAC80211
  4. depends on CRYPTO
  5. depends on CRYPTO_ARC4
  6. depends on CRYPTO_AES
  7. - select BPAUTO_CRYPTO_CCM
  8. - depends on CRYPTO_GCM
  9. depends on CRC32
  10. ---help---
  11. This option enables the hardware independent IEEE 802.11
  12. --- a/net/mac80211/Makefile
  13. +++ b/net/mac80211/Makefile
  14. @@ -16,9 +16,7 @@ mac80211-y := \
  15. michael.o \
  16. tkip.o \
  17. aes_ccm.o \
  18. - aes_gcm.o \
  19. aes_cmac.o \
  20. - aes_gmac.o \
  21. cfg.o \
  22. ethtool.o \
  23. rx.o \
  24. --- a/net/mac80211/aes_ccm.c
  25. +++ b/net/mac80211/aes_ccm.c
  26. @@ -13,89 +13,132 @@
  27. #include <linux/types.h>
  28. #include <linux/err.h>
  29. #include <crypto/aead.h>
  30. +#include <crypto/aes.h>
  31. #include <net/mac80211.h>
  32. #include "key.h"
  33. #include "aes_ccm.h"
  34. -void ieee80211_aes_ccm_encrypt(struct crypto_aead *tfm, u8 *b_0, u8 *aad,
  35. - u8 *data, size_t data_len, u8 *mic,
  36. - size_t mic_len)
  37. +static void aes_ccm_prepare(struct crypto_cipher *tfm, u8 *b_0, u8 *aad, u8 *s_0,
  38. + u8 *a, u8 *b)
  39. {
  40. - struct scatterlist sg[3];
  41. + int i;
  42. +
  43. + crypto_cipher_encrypt_one(tfm, b, b_0);
  44. +
  45. + /* Extra Authenticate-only data (always two AES blocks) */
  46. + for (i = 0; i < AES_BLOCK_SIZE; i++)
  47. + aad[i] ^= b[i];
  48. + crypto_cipher_encrypt_one(tfm, b, aad);
  49. +
  50. + aad += AES_BLOCK_SIZE;
  51. +
  52. + for (i = 0; i < AES_BLOCK_SIZE; i++)
  53. + aad[i] ^= b[i];
  54. + crypto_cipher_encrypt_one(tfm, a, aad);
  55. - char aead_req_data[sizeof(struct aead_request) +
  56. - crypto_aead_reqsize(tfm)]
  57. - __aligned(__alignof__(struct aead_request));
  58. - struct aead_request *aead_req = (void *) aead_req_data;
  59. + /* Mask out bits from auth-only-b_0 */
  60. + b_0[0] &= 0x07;
  61. - memset(aead_req, 0, sizeof(aead_req_data));
  62. + /* S_0 is used to encrypt T (= MIC) */
  63. + b_0[14] = 0;
  64. + b_0[15] = 0;
  65. + crypto_cipher_encrypt_one(tfm, s_0, b_0);
  66. +}
  67. - sg_init_table(sg, 3);
  68. - sg_set_buf(&sg[0], &aad[2], be16_to_cpup((__be16 *)aad));
  69. - sg_set_buf(&sg[1], data, data_len);
  70. - sg_set_buf(&sg[2], mic, mic_len);
  71. - aead_request_set_tfm(aead_req, tfm);
  72. - aead_request_set_crypt(aead_req, sg, sg, data_len, b_0);
  73. - aead_request_set_ad(aead_req, sg[0].length);
  74. +void ieee80211_aes_ccm_encrypt(struct crypto_cipher *tfm, u8 *b_0, u8 *aad,
  75. + u8 *data, size_t data_len, u8 *mic,
  76. + size_t mic_len)
  77. +{
  78. + int i, j, last_len, num_blocks;
  79. + u8 b[AES_BLOCK_SIZE];
  80. + u8 s_0[AES_BLOCK_SIZE];
  81. + u8 e[AES_BLOCK_SIZE];
  82. + u8 *pos, *cpos;
  83. +
  84. + num_blocks = DIV_ROUND_UP(data_len, AES_BLOCK_SIZE);
  85. + last_len = data_len % AES_BLOCK_SIZE;
  86. + aes_ccm_prepare(tfm, b_0, aad, s_0, b, b);
  87. +
  88. + /* Process payload blocks */
  89. + pos = data;
  90. + cpos = data;
  91. + for (j = 1; j <= num_blocks; j++) {
  92. + int blen = (j == num_blocks && last_len) ?
  93. + last_len : AES_BLOCK_SIZE;
  94. +
  95. + /* Authentication followed by encryption */
  96. + for (i = 0; i < blen; i++)
  97. + b[i] ^= pos[i];
  98. + crypto_cipher_encrypt_one(tfm, b, b);
  99. +
  100. + b_0[14] = (j >> 8) & 0xff;
  101. + b_0[15] = j & 0xff;
  102. + crypto_cipher_encrypt_one(tfm, e, b_0);
  103. + for (i = 0; i < blen; i++)
  104. + *cpos++ = *pos++ ^ e[i];
  105. + }
  106. - crypto_aead_encrypt(aead_req);
  107. + for (i = 0; i < mic_len; i++)
  108. + mic[i] = b[i] ^ s_0[i];
  109. }
  110. -int ieee80211_aes_ccm_decrypt(struct crypto_aead *tfm, u8 *b_0, u8 *aad,
  111. +int ieee80211_aes_ccm_decrypt(struct crypto_cipher *tfm, u8 *b_0, u8 *aad,
  112. u8 *data, size_t data_len, u8 *mic,
  113. size_t mic_len)
  114. {
  115. - struct scatterlist sg[3];
  116. - char aead_req_data[sizeof(struct aead_request) +
  117. - crypto_aead_reqsize(tfm)]
  118. - __aligned(__alignof__(struct aead_request));
  119. - struct aead_request *aead_req = (void *) aead_req_data;
  120. -
  121. - if (data_len == 0)
  122. - return -EINVAL;
  123. -
  124. - memset(aead_req, 0, sizeof(aead_req_data));
  125. -
  126. - sg_init_table(sg, 3);
  127. - sg_set_buf(&sg[0], &aad[2], be16_to_cpup((__be16 *)aad));
  128. - sg_set_buf(&sg[1], data, data_len);
  129. - sg_set_buf(&sg[2], mic, mic_len);
  130. -
  131. - aead_request_set_tfm(aead_req, tfm);
  132. - aead_request_set_crypt(aead_req, sg, sg, data_len + mic_len, b_0);
  133. - aead_request_set_ad(aead_req, sg[0].length);
  134. + int i, j, last_len, num_blocks;
  135. + u8 *pos, *cpos;
  136. + u8 a[AES_BLOCK_SIZE];
  137. + u8 b[AES_BLOCK_SIZE];
  138. + u8 s_0[AES_BLOCK_SIZE];
  139. +
  140. + num_blocks = DIV_ROUND_UP(data_len, AES_BLOCK_SIZE);
  141. + last_len = data_len % AES_BLOCK_SIZE;
  142. + aes_ccm_prepare(tfm, b_0, aad, s_0, a, b);
  143. +
  144. + /* Process payload blocks */
  145. + cpos = data;
  146. + pos = data;
  147. + for (j = 1; j <= num_blocks; j++) {
  148. + int blen = (j == num_blocks && last_len) ?
  149. + last_len : AES_BLOCK_SIZE;
  150. +
  151. + /* Decryption followed by authentication */
  152. + b_0[14] = (j >> 8) & 0xff;
  153. + b_0[15] = j & 0xff;
  154. + crypto_cipher_encrypt_one(tfm, b, b_0);
  155. + for (i = 0; i < blen; i++) {
  156. + *pos = *cpos++ ^ b[i];
  157. + a[i] ^= *pos++;
  158. + }
  159. + crypto_cipher_encrypt_one(tfm, a, a);
  160. + }
  161. +
  162. + for (i = 0; i < mic_len; i++) {
  163. + if ((mic[i] ^ s_0[i]) != a[i])
  164. + return -1;
  165. + }
  166. - return crypto_aead_decrypt(aead_req);
  167. + return 0;
  168. }
  169. -struct crypto_aead *ieee80211_aes_key_setup_encrypt(const u8 key[],
  170. - size_t key_len,
  171. - size_t mic_len)
  172. +struct crypto_cipher *ieee80211_aes_key_setup_encrypt(const u8 key[],
  173. + size_t key_len,
  174. + size_t mic_len)
  175. {
  176. - struct crypto_aead *tfm;
  177. - int err;
  178. + struct crypto_cipher *tfm;
  179. - tfm = crypto_alloc_aead("ccm(aes)", 0, CRYPTO_ALG_ASYNC);
  180. - if (IS_ERR(tfm))
  181. - return tfm;
  182. -
  183. - err = crypto_aead_setkey(tfm, key, key_len);
  184. - if (err)
  185. - goto free_aead;
  186. - err = crypto_aead_setauthsize(tfm, mic_len);
  187. - if (err)
  188. - goto free_aead;
  189. + tfm = crypto_alloc_cipher("aes", 0, CRYPTO_ALG_ASYNC);
  190. + if (!IS_ERR(tfm))
  191. + crypto_cipher_setkey(tfm, key, key_len);
  192. return tfm;
  193. -
  194. -free_aead:
  195. - crypto_free_aead(tfm);
  196. - return ERR_PTR(err);
  197. }
  198. -void ieee80211_aes_key_free(struct crypto_aead *tfm)
  199. +
  200. +void ieee80211_aes_key_free(struct crypto_cipher *tfm)
  201. {
  202. - crypto_free_aead(tfm);
  203. + crypto_free_cipher(tfm);
  204. }
  205. --- a/net/mac80211/aes_ccm.h
  206. +++ b/net/mac80211/aes_ccm.h
  207. @@ -12,15 +12,15 @@
  208. #include <linux/crypto.h>
  209. -struct crypto_aead *ieee80211_aes_key_setup_encrypt(const u8 key[],
  210. - size_t key_len,
  211. - size_t mic_len);
  212. -void ieee80211_aes_ccm_encrypt(struct crypto_aead *tfm, u8 *b_0, u8 *aad,
  213. +struct crypto_cipher *ieee80211_aes_key_setup_encrypt(const u8 key[],
  214. + size_t key_len,
  215. + size_t mic_len);
  216. +void ieee80211_aes_ccm_encrypt(struct crypto_cipher *tfm, u8 *b_0, u8 *aad,
  217. u8 *data, size_t data_len, u8 *mic,
  218. size_t mic_len);
  219. -int ieee80211_aes_ccm_decrypt(struct crypto_aead *tfm, u8 *b_0, u8 *aad,
  220. +int ieee80211_aes_ccm_decrypt(struct crypto_cipher *tfm, u8 *b_0, u8 *aad,
  221. u8 *data, size_t data_len, u8 *mic,
  222. size_t mic_len);
  223. -void ieee80211_aes_key_free(struct crypto_aead *tfm);
  224. +void ieee80211_aes_key_free(struct crypto_cipher *tfm);
  225. #endif /* AES_CCM_H */
  226. --- a/net/mac80211/aes_gcm.h
  227. +++ b/net/mac80211/aes_gcm.h
  228. @@ -11,12 +11,28 @@
  229. #include <linux/crypto.h>
  230. -void ieee80211_aes_gcm_encrypt(struct crypto_aead *tfm, u8 *j_0, u8 *aad,
  231. - u8 *data, size_t data_len, u8 *mic);
  232. -int ieee80211_aes_gcm_decrypt(struct crypto_aead *tfm, u8 *j_0, u8 *aad,
  233. - u8 *data, size_t data_len, u8 *mic);
  234. -struct crypto_aead *ieee80211_aes_gcm_key_setup_encrypt(const u8 key[],
  235. - size_t key_len);
  236. -void ieee80211_aes_gcm_key_free(struct crypto_aead *tfm);
  237. +static inline void
  238. +ieee80211_aes_gcm_encrypt(struct crypto_aead *tfm, u8 *j_0, u8 *aad,
  239. + u8 *data, size_t data_len, u8 *mic)
  240. +{
  241. +}
  242. +
  243. +static inline int
  244. +ieee80211_aes_gcm_decrypt(struct crypto_aead *tfm, u8 *j_0, u8 *aad,
  245. + u8 *data, size_t data_len, u8 *mic)
  246. +{
  247. + return -EOPNOTSUPP;
  248. +}
  249. +
  250. +static inline struct crypto_aead *
  251. +ieee80211_aes_gcm_key_setup_encrypt(const u8 key[], size_t key_len)
  252. +{
  253. + return NULL;
  254. +}
  255. +
  256. +static inline void
  257. +ieee80211_aes_gcm_key_free(struct crypto_aead *tfm)
  258. +{
  259. +}
  260. #endif /* AES_GCM_H */
  261. --- a/net/mac80211/aes_gmac.h
  262. +++ b/net/mac80211/aes_gmac.h
  263. @@ -11,10 +11,22 @@
  264. #include <linux/crypto.h>
  265. -struct crypto_aead *ieee80211_aes_gmac_key_setup(const u8 key[],
  266. - size_t key_len);
  267. -int ieee80211_aes_gmac(struct crypto_aead *tfm, const u8 *aad, u8 *nonce,
  268. - const u8 *data, size_t data_len, u8 *mic);
  269. -void ieee80211_aes_gmac_key_free(struct crypto_aead *tfm);
  270. +static inline struct crypto_aead *
  271. +ieee80211_aes_gmac_key_setup(const u8 key[], size_t key_len)
  272. +{
  273. + return NULL;
  274. +}
  275. +
  276. +static inline int
  277. +ieee80211_aes_gmac(struct crypto_aead *tfm, const u8 *aad, u8 *nonce,
  278. + const u8 *data, size_t data_len, u8 *mic)
  279. +{
  280. + return -EOPNOTSUPP;
  281. +}
  282. +
  283. +static inline void
  284. +ieee80211_aes_gmac_key_free(struct crypto_aead *tfm)
  285. +{
  286. +}
  287. #endif /* AES_GMAC_H */
  288. --- a/net/mac80211/key.h
  289. +++ b/net/mac80211/key.h
  290. @@ -84,7 +84,7 @@ struct ieee80211_key {
  291. * Management frames.
  292. */
  293. u8 rx_pn[IEEE80211_NUM_TIDS + 1][IEEE80211_CCMP_PN_LEN];
  294. - struct crypto_aead *tfm;
  295. + struct crypto_cipher *tfm;
  296. u32 replays; /* dot11RSNAStatsCCMPReplays */
  297. } ccmp;
  298. struct {
  299. --- a/net/mac80211/wpa.c
  300. +++ b/net/mac80211/wpa.c
  301. @@ -307,7 +307,8 @@ ieee80211_crypto_tkip_decrypt(struct iee
  302. }
  303. -static void ccmp_special_blocks(struct sk_buff *skb, u8 *pn, u8 *b_0, u8 *aad)
  304. +static void ccmp_special_blocks(struct sk_buff *skb, u8 *pn, u8 *b_0, u8 *aad,
  305. + u16 data_len)
  306. {
  307. __le16 mask_fc;
  308. int a4_included, mgmt;
  309. @@ -337,14 +338,8 @@ static void ccmp_special_blocks(struct s
  310. else
  311. qos_tid = 0;
  312. - /* In CCM, the initial vectors (IV) used for CTR mode encryption and CBC
  313. - * mode authentication are not allowed to collide, yet both are derived
  314. - * from this vector b_0. We only set L := 1 here to indicate that the
  315. - * data size can be represented in (L+1) bytes. The CCM layer will take
  316. - * care of storing the data length in the top (L+1) bytes and setting
  317. - * and clearing the other bits as is required to derive the two IVs.
  318. - */
  319. - b_0[0] = 0x1;
  320. + /* First block, b_0 */
  321. + b_0[0] = 0x59; /* flags: Adata: 1, M: 011, L: 001 */
  322. /* Nonce: Nonce Flags | A2 | PN
  323. * Nonce Flags: Priority (b0..b3) | Management (b4) | Reserved (b5..b7)
  324. @@ -352,6 +347,8 @@ static void ccmp_special_blocks(struct s
  325. b_0[1] = qos_tid | (mgmt << 4);
  326. memcpy(&b_0[2], hdr->addr2, ETH_ALEN);
  327. memcpy(&b_0[8], pn, IEEE80211_CCMP_PN_LEN);
  328. + /* l(m) */
  329. + put_unaligned_be16(data_len, &b_0[14]);
  330. /* AAD (extra authenticate-only data) / masked 802.11 header
  331. * FC | A1 | A2 | A3 | SC | [A4] | [QC] */
  332. @@ -463,7 +460,7 @@ static int ccmp_encrypt_skb(struct ieee8
  333. return 0;
  334. pos += IEEE80211_CCMP_HDR_LEN;
  335. - ccmp_special_blocks(skb, pn, b_0, aad);
  336. + ccmp_special_blocks(skb, pn, b_0, aad, len);
  337. ieee80211_aes_ccm_encrypt(key->u.ccmp.tfm, b_0, aad, pos, len,
  338. skb_put(skb, mic_len), mic_len);
  339. @@ -534,7 +531,7 @@ ieee80211_crypto_ccmp_decrypt(struct iee
  340. u8 aad[2 * AES_BLOCK_SIZE];
  341. u8 b_0[AES_BLOCK_SIZE];
  342. /* hardware didn't decrypt/verify MIC */
  343. - ccmp_special_blocks(skb, pn, b_0, aad);
  344. + ccmp_special_blocks(skb, pn, b_0, aad, data_len);
  345. if (ieee80211_aes_ccm_decrypt(
  346. key->u.ccmp.tfm, b_0, aad,