staging/rtl8192e: switch to RC4 library interface

Linux kernel mirror (for testing) git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git

kernel os linux

Switch to the ARC4 library interface, to remove the pointless
dependency on the skcipher API, from which we will hopefully be
able to drop ecb(arc4) skcipher support.

Signed-off-by: Ard Biesheuvel <ardb@kernel.org>
Acked-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>

authored by

Ard Biesheuvel and committed by

Herbert Xu 5 years ago 054694a4 97696354

+27 -117

3 changed files

expand all

drivers

staging

rtl8192e

Kconfig

rtllib_crypt_tkip.c

rtllib_crypt_wep.c

+2 -2

drivers/staging/rtl8192e/Kconfig

··· 25 25 config RTLLIB_CRYPTO_TKIP 26 26 tristate "Support for rtllib TKIP crypto" 27 27 depends on RTLLIB 28 - select CRYPTO_ARC4 28 + select CRYPTO_LIB_ARC4 29 29 select CRYPTO_MICHAEL_MIC 30 30 default y 31 31 help ··· 35 35 36 36 config RTLLIB_CRYPTO_WEP 37 37 tristate "Support for rtllib WEP crypto" 38 - select CRYPTO_ARC4 38 + select CRYPTO_LIB_ARC4 39 39 depends on RTLLIB 40 40 default y 41 41 help

+12 -58

drivers/staging/rtl8192e/rtllib_crypt_tkip.c

··· 5 5 * Copyright (c) 2003-2004, Jouni Malinen <jkmaline@cc.hut.fi> 6 6 */ 7 7 8 + #include <crypto/arc4.h> 8 9 #include <crypto/hash.h> 9 - #include <crypto/skcipher.h> 10 + #include <linux/fips.h> 10 11 #include <linux/module.h> 11 12 #include <linux/init.h> 12 13 #include <linux/slab.h> ··· 17 16 #include <linux/if_ether.h> 18 17 #include <linux/if_arp.h> 19 18 #include <linux/string.h> 20 - #include <linux/scatterlist.h> 21 19 #include <linux/crc32.h> 22 20 #include <linux/etherdevice.h> 23 21 ··· 45 45 u32 dot11RSNAStatsTKIPLocalMICFailures; 46 46 47 47 int key_idx; 48 - struct crypto_sync_skcipher *rx_tfm_arc4; 48 + struct arc4_ctx rx_ctx_arc4; 49 + struct arc4_ctx tx_ctx_arc4; 49 50 struct crypto_shash *rx_tfm_michael; 50 - struct crypto_sync_skcipher *tx_tfm_arc4; 51 51 struct crypto_shash *tx_tfm_michael; 52 52 /* scratch buffers for virt_to_page() (crypto API) */ 53 53 u8 rx_hdr[16]; ··· 58 58 { 59 59 struct rtllib_tkip_data *priv; 60 60 61 + if (fips_enabled) 62 + return NULL; 63 + 61 64 priv = kzalloc(sizeof(*priv), GFP_ATOMIC); 62 65 if (priv == NULL) 63 66 goto fail; 64 67 priv->key_idx = key_idx; 65 - priv->tx_tfm_arc4 = crypto_alloc_sync_skcipher("ecb(arc4)", 0, 0); 66 - if (IS_ERR(priv->tx_tfm_arc4)) { 67 - pr_debug("Could not allocate crypto API arc4\n"); 68 - priv->tx_tfm_arc4 = NULL; 69 - goto fail; 70 - } 71 68 72 69 priv->tx_tfm_michael = crypto_alloc_shash("michael_mic", 0, 0); 73 70 if (IS_ERR(priv->tx_tfm_michael)) { 74 71 pr_debug("Could not allocate crypto API michael_mic\n"); 75 72 priv->tx_tfm_michael = NULL; 76 - goto fail; 77 - } 78 - 79 - priv->rx_tfm_arc4 = crypto_alloc_sync_skcipher("ecb(arc4)", 0, 0); 80 - if (IS_ERR(priv->rx_tfm_arc4)) { 81 - pr_debug("Could not allocate crypto API arc4\n"); 82 - priv->rx_tfm_arc4 = NULL; 83 73 goto fail; 84 74 } 85 75 ··· 84 94 fail: 85 95 if (priv) { 86 96 crypto_free_shash(priv->tx_tfm_michael); 87 - crypto_free_sync_skcipher(priv->tx_tfm_arc4); 88 97 crypto_free_shash(priv->rx_tfm_michael); 89 - crypto_free_sync_skcipher(priv->rx_tfm_arc4); 90 98 kfree(priv); 91 99 } 92 100 ··· 98 110 99 111 if (_priv) { 100 112 crypto_free_shash(_priv->tx_tfm_michael); 101 - crypto_free_sync_skcipher(_priv->tx_tfm_arc4); 102 113 crypto_free_shash(_priv->rx_tfm_michael); 103 - crypto_free_sync_skcipher(_priv->rx_tfm_arc4); 104 114 } 105 - kfree(priv); 115 + kzfree(priv); 106 116 } 107 117 108 118 ··· 275 289 int ret = 0; 276 290 u8 rc4key[16], *icv; 277 291 u32 crc; 278 - struct scatterlist sg; 279 292 280 293 if (skb_headroom(skb) < 8 || skb_tailroom(skb) < 4 || 281 294 skb->len < hdr_len) ··· 316 331 *pos++ = (tkey->tx_iv32 >> 24) & 0xff; 317 332 318 333 if (!tcb_desc->bHwSec) { 319 - SYNC_SKCIPHER_REQUEST_ON_STACK(req, tkey->tx_tfm_arc4); 320 - 321 334 icv = skb_put(skb, 4); 322 335 crc = ~crc32_le(~0, pos, len); 323 336 icv[0] = crc; ··· 323 340 icv[2] = crc >> 16; 324 341 icv[3] = crc >> 24; 325 342 326 - sg_init_one(&sg, pos, len+4); 327 - 328 - 329 - crypto_sync_skcipher_setkey(tkey->tx_tfm_arc4, rc4key, 16); 330 - skcipher_request_set_sync_tfm(req, tkey->tx_tfm_arc4); 331 - skcipher_request_set_callback(req, 0, NULL, NULL); 332 - skcipher_request_set_crypt(req, &sg, &sg, len + 4, NULL); 333 - ret = crypto_skcipher_encrypt(req); 334 - skcipher_request_zero(req); 343 + arc4_setkey(&tkey->tx_ctx_arc4, rc4key, 16); 344 + arc4_crypt(&tkey->tx_ctx_arc4, pos, pos, len + 4); 335 345 } 336 346 337 347 tkey->tx_iv16++; ··· 352 376 u8 rc4key[16]; 353 377 u8 icv[4]; 354 378 u32 crc; 355 - struct scatterlist sg; 356 379 int plen; 357 - int err; 358 380 359 381 if (skb->len < hdr_len + 8 + 4) 360 382 return -1; ··· 388 414 pos += 8; 389 415 390 416 if (!tcb_desc->bHwSec || (skb->cb[0] == 1)) { 391 - SYNC_SKCIPHER_REQUEST_ON_STACK(req, tkey->rx_tfm_arc4); 392 - 393 417 if ((iv32 < tkey->rx_iv32 || 394 418 (iv32 == tkey->rx_iv32 && iv16 <= tkey->rx_iv16)) && 395 419 tkey->initialized) { ··· 411 439 412 440 plen = skb->len - hdr_len - 12; 413 441 414 - sg_init_one(&sg, pos, plen+4); 415 - 416 - crypto_sync_skcipher_setkey(tkey->rx_tfm_arc4, rc4key, 16); 417 - skcipher_request_set_sync_tfm(req, tkey->rx_tfm_arc4); 418 - skcipher_request_set_callback(req, 0, NULL, NULL); 419 - skcipher_request_set_crypt(req, &sg, &sg, plen + 4, NULL); 420 - err = crypto_skcipher_decrypt(req); 421 - skcipher_request_zero(req); 422 - if (err) { 423 - if (net_ratelimit()) { 424 - netdev_dbg(skb->dev, 425 - "Failed to decrypt received packet from %pM\n", 426 - hdr->addr2); 427 - } 428 - return -7; 429 - } 442 + arc4_setkey(&tkey->rx_ctx_arc4, rc4key, 16); 443 + arc4_crypt(&tkey->rx_ctx_arc4, pos, pos, plen + 4); 430 444 431 445 crc = ~crc32_le(~0, pos, plen); 432 446 icv[0] = crc; ··· 615 657 struct rtllib_tkip_data *tkey = priv; 616 658 int keyidx; 617 659 struct crypto_shash *tfm = tkey->tx_tfm_michael; 618 - struct crypto_sync_skcipher *tfm2 = tkey->tx_tfm_arc4; 619 660 struct crypto_shash *tfm3 = tkey->rx_tfm_michael; 620 - struct crypto_sync_skcipher *tfm4 = tkey->rx_tfm_arc4; 621 661 622 662 keyidx = tkey->key_idx; 623 663 memset(tkey, 0, sizeof(*tkey)); 624 664 tkey->key_idx = keyidx; 625 665 tkey->tx_tfm_michael = tfm; 626 - tkey->tx_tfm_arc4 = tfm2; 627 666 tkey->rx_tfm_michael = tfm3; 628 - tkey->rx_tfm_arc4 = tfm4; 629 667 630 668 if (len == TKIP_KEY_LEN) { 631 669 memcpy(tkey->key, key, TKIP_KEY_LEN);

+13 -57

drivers/staging/rtl8192e/rtllib_crypt_wep.c

··· 5 5 * Copyright (c) 2002-2004, Jouni Malinen <jkmaline@cc.hut.fi> 6 6 */ 7 7 8 - #include <crypto/skcipher.h> 8 + #include <crypto/arc4.h> 9 + #include <linux/fips.h> 9 10 #include <linux/module.h> 10 11 #include <linux/init.h> 11 12 #include <linux/slab.h> ··· 15 14 #include <linux/string.h> 16 15 #include "rtllib.h" 17 16 18 - #include <linux/scatterlist.h> 19 17 #include <linux/crc32.h> 20 18 21 19 struct prism2_wep_data { ··· 23 23 u8 key[WEP_KEY_LEN + 1]; 24 24 u8 key_len; 25 25 u8 key_idx; 26 - struct crypto_sync_skcipher *tx_tfm; 27 - struct crypto_sync_skcipher *rx_tfm; 26 + struct arc4_ctx rx_ctx_arc4; 27 + struct arc4_ctx tx_ctx_arc4; 28 28 }; 29 29 30 30 ··· 32 32 { 33 33 struct prism2_wep_data *priv; 34 34 35 + if (fips_enabled) 36 + return NULL; 37 + 35 38 priv = kzalloc(sizeof(*priv), GFP_ATOMIC); 36 39 if (priv == NULL) 37 - goto fail; 40 + return NULL; 38 41 priv->key_idx = keyidx; 39 - 40 - priv->tx_tfm = crypto_alloc_sync_skcipher("ecb(arc4)", 0, 0); 41 - if (IS_ERR(priv->tx_tfm)) { 42 - pr_debug("rtllib_crypt_wep: could not allocate crypto API arc4\n"); 43 - priv->tx_tfm = NULL; 44 - goto fail; 45 - } 46 - priv->rx_tfm = crypto_alloc_sync_skcipher("ecb(arc4)", 0, 0); 47 - if (IS_ERR(priv->rx_tfm)) { 48 - pr_debug("rtllib_crypt_wep: could not allocate crypto API arc4\n"); 49 - priv->rx_tfm = NULL; 50 - goto fail; 51 - } 52 42 53 43 /* start WEP IV from a random value */ 54 44 get_random_bytes(&priv->iv, 4); 55 45 56 46 return priv; 57 - 58 - fail: 59 - if (priv) { 60 - crypto_free_sync_skcipher(priv->tx_tfm); 61 - crypto_free_sync_skcipher(priv->rx_tfm); 62 - kfree(priv); 63 - } 64 - return NULL; 65 47 } 66 48 67 49 68 50 static void prism2_wep_deinit(void *priv) 69 51 { 70 - struct prism2_wep_data *_priv = priv; 71 - 72 - if (_priv) { 73 - crypto_free_sync_skcipher(_priv->tx_tfm); 74 - crypto_free_sync_skcipher(_priv->rx_tfm); 75 - } 76 - kfree(priv); 52 + kzfree(priv); 77 53 } 78 54 79 55 /* Perform WEP encryption on given skb that has at least 4 bytes of headroom ··· 68 92 MAX_DEV_ADDR_SIZE); 69 93 u32 crc; 70 94 u8 *icv; 71 - struct scatterlist sg; 72 - int err; 73 95 74 96 if (skb_headroom(skb) < 4 || skb_tailroom(skb) < 4 || 75 97 skb->len < hdr_len){ ··· 105 131 memcpy(key + 3, wep->key, wep->key_len); 106 132 107 133 if (!tcb_desc->bHwSec) { 108 - SYNC_SKCIPHER_REQUEST_ON_STACK(req, wep->tx_tfm); 109 - 110 134 /* Append little-endian CRC32 and encrypt it to produce ICV */ 111 135 crc = ~crc32_le(~0, pos, len); 112 136 icv = skb_put(skb, 4); ··· 113 141 icv[2] = crc >> 16; 114 142 icv[3] = crc >> 24; 115 143 116 - sg_init_one(&sg, pos, len+4); 117 - crypto_sync_skcipher_setkey(wep->tx_tfm, key, klen); 118 - skcipher_request_set_sync_tfm(req, wep->tx_tfm); 119 - skcipher_request_set_callback(req, 0, NULL, NULL); 120 - skcipher_request_set_crypt(req, &sg, &sg, len + 4, NULL); 121 - err = crypto_skcipher_encrypt(req); 122 - skcipher_request_zero(req); 123 - return err; 144 + arc4_setkey(&wep->tx_ctx_arc4, key, klen); 145 + arc4_crypt(&wep->tx_ctx_arc4, pos, pos, len + 4); 124 146 } 125 147 126 148 return 0; ··· 138 172 MAX_DEV_ADDR_SIZE); 139 173 u32 crc; 140 174 u8 icv[4]; 141 - struct scatterlist sg; 142 - int err; 143 175 144 176 if (skb->len < hdr_len + 8) 145 177 return -1; ··· 159 195 plen = skb->len - hdr_len - 8; 160 196 161 197 if (!tcb_desc->bHwSec) { 162 - SYNC_SKCIPHER_REQUEST_ON_STACK(req, wep->rx_tfm); 198 + arc4_setkey(&wep->rx_ctx_arc4, key, klen); 199 + arc4_crypt(&wep->rx_ctx_arc4, pos, pos, plen + 4); 163 200 164 - sg_init_one(&sg, pos, plen+4); 165 - crypto_sync_skcipher_setkey(wep->rx_tfm, key, klen); 166 - skcipher_request_set_sync_tfm(req, wep->rx_tfm); 167 - skcipher_request_set_callback(req, 0, NULL, NULL); 168 - skcipher_request_set_crypt(req, &sg, &sg, plen + 4, NULL); 169 - err = crypto_skcipher_decrypt(req); 170 - skcipher_request_zero(req); 171 - if (err) 172 - return -7; 173 201 crc = ~crc32_le(~0, pos, plen); 174 202 icv[0] = crc; 175 203 icv[1] = crc >> 8;