diff options
Diffstat (limited to 'package/kernel/mac80211/patches/100-revert_aes_ccm_port.patch')
-rw-r--r-- | package/kernel/mac80211/patches/100-revert_aes_ccm_port.patch | 347 |
1 files changed, 0 insertions, 347 deletions
diff --git a/package/kernel/mac80211/patches/100-revert_aes_ccm_port.patch b/package/kernel/mac80211/patches/100-revert_aes_ccm_port.patch deleted file mode 100644 index cb14c0bc38..0000000000 --- a/package/kernel/mac80211/patches/100-revert_aes_ccm_port.patch +++ /dev/null @@ -1,347 +0,0 @@ ---- a/net/mac80211/Kconfig -+++ b/net/mac80211/Kconfig -@@ -5,7 +5,6 @@ config MAC80211 - depends on CRYPTO - depends on CRYPTO_ARC4 - depends on CRYPTO_AES -- select BACKPORT_CRYPTO_CCM - depends on CRC32 - select BACKPORT_AVERAGE - ---help--- ---- a/net/mac80211/aes_ccm.c -+++ b/net/mac80211/aes_ccm.c -@@ -2,8 +2,6 @@ - * Copyright 2003-2004, Instant802 Networks, Inc. - * Copyright 2005-2006, Devicescape Software, Inc. - * -- * Rewrite: Copyright (C) 2013 Linaro Ltd <ard.biesheuvel@linaro.org> -- * - * This program is free software; you can redistribute it and/or modify - * it under the terms of the GNU General Public License version 2 as - * published by the Free Software Foundation. -@@ -19,76 +17,134 @@ - #include "key.h" - #include "aes_ccm.h" - --void ieee80211_aes_ccm_encrypt(struct crypto_aead *tfm, u8 *b_0, u8 *aad, -- u8 *data, size_t data_len, u8 *mic) -+static void aes_ccm_prepare(struct crypto_cipher *tfm, u8 *scratch, u8 *a) -+{ -+ int i; -+ u8 *b_0, *aad, *b, *s_0; -+ -+ b_0 = scratch + 3 * AES_BLOCK_SIZE; -+ aad = scratch + 4 * AES_BLOCK_SIZE; -+ b = scratch; -+ s_0 = scratch + AES_BLOCK_SIZE; -+ -+ crypto_cipher_encrypt_one(tfm, b, b_0); -+ -+ /* Extra Authenticate-only data (always two AES blocks) */ -+ for (i = 0; i < AES_BLOCK_SIZE; i++) -+ aad[i] ^= b[i]; -+ crypto_cipher_encrypt_one(tfm, b, aad); -+ -+ aad += AES_BLOCK_SIZE; -+ -+ for (i = 0; i < AES_BLOCK_SIZE; i++) -+ aad[i] ^= b[i]; -+ crypto_cipher_encrypt_one(tfm, a, aad); -+ -+ /* Mask out bits from auth-only-b_0 */ -+ b_0[0] &= 0x07; -+ -+ /* S_0 is used to encrypt T (= MIC) */ -+ b_0[14] = 0; -+ b_0[15] = 0; -+ crypto_cipher_encrypt_one(tfm, s_0, b_0); -+} -+ -+ -+void ieee80211_aes_ccm_encrypt(struct crypto_cipher *tfm, u8 *scratch, -+ u8 *data, size_t data_len, -+ u8 *cdata, u8 *mic) - { -- struct scatterlist assoc, pt, ct[2]; -+ int i, j, last_len, num_blocks; -+ u8 *pos, *cpos, *b, *s_0, *e, *b_0; - -- char aead_req_data[sizeof(struct aead_request) + -- crypto_aead_reqsize(tfm)] -- __aligned(__alignof__(struct aead_request)); -- struct aead_request *aead_req = (void *) aead_req_data; -- -- memset(aead_req, 0, sizeof(aead_req_data)); -- -- sg_init_one(&pt, data, data_len); -- sg_init_one(&assoc, &aad[2], be16_to_cpup((__be16 *)aad)); -- sg_init_table(ct, 2); -- sg_set_buf(&ct[0], data, data_len); -- sg_set_buf(&ct[1], mic, IEEE80211_CCMP_MIC_LEN); -- -- aead_request_set_tfm(aead_req, tfm); -- aead_request_set_assoc(aead_req, &assoc, assoc.length); -- aead_request_set_crypt(aead_req, &pt, ct, data_len, b_0); -+ b = scratch; -+ s_0 = scratch + AES_BLOCK_SIZE; -+ e = scratch + 2 * AES_BLOCK_SIZE; -+ b_0 = scratch + 3 * AES_BLOCK_SIZE; -+ -+ num_blocks = DIV_ROUND_UP(data_len, AES_BLOCK_SIZE); -+ last_len = data_len % AES_BLOCK_SIZE; -+ aes_ccm_prepare(tfm, scratch, b); -+ -+ /* Process payload blocks */ -+ pos = data; -+ cpos = cdata; -+ for (j = 1; j <= num_blocks; j++) { -+ int blen = (j == num_blocks && last_len) ? -+ last_len : AES_BLOCK_SIZE; -+ -+ /* Authentication followed by encryption */ -+ for (i = 0; i < blen; i++) -+ b[i] ^= pos[i]; -+ crypto_cipher_encrypt_one(tfm, b, b); -+ -+ b_0[14] = (j >> 8) & 0xff; -+ b_0[15] = j & 0xff; -+ crypto_cipher_encrypt_one(tfm, e, b_0); -+ for (i = 0; i < blen; i++) -+ *cpos++ = *pos++ ^ e[i]; -+ } - -- crypto_aead_encrypt(aead_req); -+ for (i = 0; i < IEEE80211_CCMP_MIC_LEN; i++) -+ mic[i] = b[i] ^ s_0[i]; - } - --int ieee80211_aes_ccm_decrypt(struct crypto_aead *tfm, u8 *b_0, u8 *aad, -- u8 *data, size_t data_len, u8 *mic) -+ -+int ieee80211_aes_ccm_decrypt(struct crypto_cipher *tfm, u8 *scratch, -+ u8 *cdata, size_t data_len, u8 *mic, u8 *data) - { -- struct scatterlist assoc, pt, ct[2]; -- char aead_req_data[sizeof(struct aead_request) + -- crypto_aead_reqsize(tfm)] -- __aligned(__alignof__(struct aead_request)); -- struct aead_request *aead_req = (void *) aead_req_data; -- -- memset(aead_req, 0, sizeof(aead_req_data)); -- -- sg_init_one(&pt, data, data_len); -- sg_init_one(&assoc, &aad[2], be16_to_cpup((__be16 *)aad)); -- sg_init_table(ct, 2); -- sg_set_buf(&ct[0], data, data_len); -- sg_set_buf(&ct[1], mic, IEEE80211_CCMP_MIC_LEN); -- -- aead_request_set_tfm(aead_req, tfm); -- aead_request_set_assoc(aead_req, &assoc, assoc.length); -- aead_request_set_crypt(aead_req, ct, &pt, -- data_len + IEEE80211_CCMP_MIC_LEN, b_0); -+ int i, j, last_len, num_blocks; -+ u8 *pos, *cpos, *b, *s_0, *a, *b_0; -+ -+ b = scratch; -+ s_0 = scratch + AES_BLOCK_SIZE; -+ a = scratch + 2 * AES_BLOCK_SIZE; -+ b_0 = scratch + 3 * AES_BLOCK_SIZE; -+ -+ num_blocks = DIV_ROUND_UP(data_len, AES_BLOCK_SIZE); -+ last_len = data_len % AES_BLOCK_SIZE; -+ aes_ccm_prepare(tfm, scratch, a); -+ -+ /* Process payload blocks */ -+ cpos = cdata; -+ pos = data; -+ for (j = 1; j <= num_blocks; j++) { -+ int blen = (j == num_blocks && last_len) ? -+ last_len : AES_BLOCK_SIZE; -+ -+ /* Decryption followed by authentication */ -+ b_0[14] = (j >> 8) & 0xff; -+ b_0[15] = j & 0xff; -+ crypto_cipher_encrypt_one(tfm, b, b_0); -+ for (i = 0; i < blen; i++) { -+ *pos = *cpos++ ^ b[i]; -+ a[i] ^= *pos++; -+ } -+ crypto_cipher_encrypt_one(tfm, a, a); -+ } -+ -+ for (i = 0; i < IEEE80211_CCMP_MIC_LEN; i++) { -+ if ((mic[i] ^ s_0[i]) != a[i]) -+ return -1; -+ } - -- return crypto_aead_decrypt(aead_req); -+ return 0; - } - --struct crypto_aead *ieee80211_aes_key_setup_encrypt(const u8 key[]) -+ -+struct crypto_cipher *ieee80211_aes_key_setup_encrypt(const u8 key[]) - { -- struct crypto_aead *tfm; -- int err; -+ struct crypto_cipher *tfm; - -- tfm = crypto_alloc_aead("ccm(aes)", 0, CRYPTO_ALG_ASYNC); -- if (IS_ERR(tfm)) -- return tfm; -- -- err = crypto_aead_setkey(tfm, key, WLAN_KEY_LEN_CCMP); -- if (!err) -- err = crypto_aead_setauthsize(tfm, IEEE80211_CCMP_MIC_LEN); -- if (!err) -- return tfm; -+ tfm = crypto_alloc_cipher("aes", 0, CRYPTO_ALG_ASYNC); -+ if (!IS_ERR(tfm)) -+ crypto_cipher_setkey(tfm, key, WLAN_KEY_LEN_CCMP); - -- crypto_free_aead(tfm); -- return ERR_PTR(err); -+ return tfm; - } - --void ieee80211_aes_key_free(struct crypto_aead *tfm) -+ -+void ieee80211_aes_key_free(struct crypto_cipher *tfm) - { -- crypto_free_aead(tfm); -+ crypto_free_cipher(tfm); - } ---- a/net/mac80211/aes_ccm.h -+++ b/net/mac80211/aes_ccm.h -@@ -12,11 +12,13 @@ - - #include <linux/crypto.h> - --struct crypto_aead *ieee80211_aes_key_setup_encrypt(const u8 key[]); --void ieee80211_aes_ccm_encrypt(struct crypto_aead *tfm, u8 *b_0, u8 *aad, -- u8 *data, size_t data_len, u8 *mic); --int ieee80211_aes_ccm_decrypt(struct crypto_aead *tfm, u8 *b_0, u8 *aad, -- u8 *data, size_t data_len, u8 *mic); --void ieee80211_aes_key_free(struct crypto_aead *tfm); -+struct crypto_cipher *ieee80211_aes_key_setup_encrypt(const u8 key[]); -+void ieee80211_aes_ccm_encrypt(struct crypto_cipher *tfm, u8 *scratch, -+ u8 *data, size_t data_len, -+ u8 *cdata, u8 *mic); -+int ieee80211_aes_ccm_decrypt(struct crypto_cipher *tfm, u8 *scratch, -+ u8 *cdata, size_t data_len, -+ u8 *mic, u8 *data); -+void ieee80211_aes_key_free(struct crypto_cipher *tfm); - - #endif /* AES_CCM_H */ ---- a/net/mac80211/key.h -+++ b/net/mac80211/key.h -@@ -84,7 +84,7 @@ struct ieee80211_key { - * Management frames. - */ - u8 rx_pn[IEEE80211_NUM_TIDS + 1][IEEE80211_CCMP_PN_LEN]; -- struct crypto_aead *tfm; -+ struct crypto_cipher *tfm; - u32 replays; /* dot11RSNAStatsCCMPReplays */ - } ccmp; - struct { ---- a/net/mac80211/wpa.c -+++ b/net/mac80211/wpa.c -@@ -302,15 +302,22 @@ ieee80211_crypto_tkip_decrypt(struct iee - } - - --static void ccmp_special_blocks(struct sk_buff *skb, u8 *pn, u8 *b_0, u8 *aad) -+static void ccmp_special_blocks(struct sk_buff *skb, u8 *pn, u8 *scratch, -+ int encrypted) - { - __le16 mask_fc; - int a4_included, mgmt; - u8 qos_tid; -- u16 len_a; -+ u8 *b_0, *aad; -+ u16 data_len, len_a; - unsigned int hdrlen; - struct ieee80211_hdr *hdr = (struct ieee80211_hdr *)skb->data; - -+ memset(scratch, 0, 6 * AES_BLOCK_SIZE); -+ -+ b_0 = scratch + 3 * AES_BLOCK_SIZE; -+ aad = scratch + 4 * AES_BLOCK_SIZE; -+ - /* - * Mask FC: zero subtype b4 b5 b6 (if not mgmt) - * Retry, PwrMgt, MoreData; set Protected -@@ -332,21 +339,20 @@ static void ccmp_special_blocks(struct s - else - qos_tid = 0; - -- /* In CCM, the initial vectors (IV) used for CTR mode encryption and CBC -- * mode authentication are not allowed to collide, yet both are derived -- * from this vector b_0. We only set L := 1 here to indicate that the -- * data size can be represented in (L+1) bytes. The CCM layer will take -- * care of storing the data length in the top (L+1) bytes and setting -- * and clearing the other bits as is required to derive the two IVs. -- */ -- b_0[0] = 0x1; -+ data_len = skb->len - hdrlen - IEEE80211_CCMP_HDR_LEN; -+ if (encrypted) -+ data_len -= IEEE80211_CCMP_MIC_LEN; - -+ /* First block, b_0 */ -+ b_0[0] = 0x59; /* flags: Adata: 1, M: 011, L: 001 */ - /* Nonce: Nonce Flags | A2 | PN - * Nonce Flags: Priority (b0..b3) | Management (b4) | Reserved (b5..b7) - */ - b_0[1] = qos_tid | (mgmt << 4); - memcpy(&b_0[2], hdr->addr2, ETH_ALEN); - memcpy(&b_0[8], pn, IEEE80211_CCMP_PN_LEN); -+ /* l(m) */ -+ put_unaligned_be16(data_len, &b_0[14]); - - /* AAD (extra authenticate-only data) / masked 802.11 header - * FC | A1 | A2 | A3 | SC | [A4] | [QC] */ -@@ -402,8 +408,7 @@ static int ccmp_encrypt_skb(struct ieee8 - u8 *pos; - u8 pn[6]; - u64 pn64; -- u8 aad[2 * AES_BLOCK_SIZE]; -- u8 b_0[AES_BLOCK_SIZE]; -+ u8 scratch[6 * AES_BLOCK_SIZE]; - - if (info->control.hw_key && - !(info->control.hw_key->flags & IEEE80211_KEY_FLAG_GENERATE_IV) && -@@ -457,9 +462,9 @@ static int ccmp_encrypt_skb(struct ieee8 - return 0; - - pos += IEEE80211_CCMP_HDR_LEN; -- ccmp_special_blocks(skb, pn, b_0, aad); -- ieee80211_aes_ccm_encrypt(key->u.ccmp.tfm, b_0, aad, pos, len, -- skb_put(skb, IEEE80211_CCMP_MIC_LEN)); -+ ccmp_special_blocks(skb, pn, scratch, 0); -+ ieee80211_aes_ccm_encrypt(key->u.ccmp.tfm, scratch, pos, len, -+ pos, skb_put(skb, IEEE80211_CCMP_MIC_LEN)); - - return 0; - } -@@ -522,16 +527,16 @@ ieee80211_crypto_ccmp_decrypt(struct iee - } - - if (!(status->flag & RX_FLAG_DECRYPTED)) { -- u8 aad[2 * AES_BLOCK_SIZE]; -- u8 b_0[AES_BLOCK_SIZE]; -+ u8 scratch[6 * AES_BLOCK_SIZE]; - /* hardware didn't decrypt/verify MIC */ -- ccmp_special_blocks(skb, pn, b_0, aad); -+ ccmp_special_blocks(skb, pn, scratch, 1); - - if (ieee80211_aes_ccm_decrypt( -- key->u.ccmp.tfm, b_0, aad, -+ key->u.ccmp.tfm, scratch, - skb->data + hdrlen + IEEE80211_CCMP_HDR_LEN, - data_len, -- skb->data + skb->len - IEEE80211_CCMP_MIC_LEN)) -+ skb->data + skb->len - IEEE80211_CCMP_MIC_LEN, -+ skb->data + hdrlen + IEEE80211_CCMP_HDR_LEN)) - return RX_DROP_UNUSABLE; - } - |