wifi: mac80211: refactor CMAC crypt functions

Linux kernel mirror (for testing) git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git

kernel os linux

ieee80211_aes_cmac() and ieee80211_aes_cmac_256() are almost the same.
Merge them. This removes duplication.

Signed-off-by: Chien Wong <m@xv97.com>
Link: https://patch.msgid.link/20251113140511.48658-5-m@xv97.com
Signed-off-by: Johannes Berg <johannes.berg@intel.com>

authored by

Chien Wong and committed by

Johannes Berg 4 months ago a22fb192 edf62602

+19 -50

3 changed files

expand all

net

mac80211

aes_cmac.c

aes_cmac.h

wpa.c

+7 -41

net/mac80211/aes_cmac.c

··· 21 21 static const u8 zero[IEEE80211_CMAC_256_MIC_LEN]; 22 22 23 23 int ieee80211_aes_cmac(struct crypto_shash *tfm, const u8 *aad, 24 - const u8 *data, size_t data_len, u8 *mic) 24 + const u8 *data, size_t data_len, u8 *mic, 25 + unsigned int mic_len) 25 26 { 26 27 int err; 27 28 SHASH_DESC_ON_STACK(desc, tfm); ··· 43 42 err = crypto_shash_update(desc, zero, 8); 44 43 if (err) 45 44 return err; 46 - err = crypto_shash_update(desc, data + 8, data_len - 8 - 47 - IEEE80211_CMAC_128_MIC_LEN); 45 + err = crypto_shash_update(desc, data + 8, 46 + data_len - 8 - mic_len); 48 47 if (err) 49 48 return err; 50 49 } else { 51 - err = crypto_shash_update(desc, data, data_len - 52 - IEEE80211_CMAC_128_MIC_LEN); 50 + err = crypto_shash_update(desc, data, data_len - mic_len); 53 51 if (err) 54 52 return err; 55 53 } 56 - err = crypto_shash_finup(desc, zero, IEEE80211_CMAC_128_MIC_LEN, out); 54 + err = crypto_shash_finup(desc, zero, mic_len, out); 57 55 if (err) 58 56 return err; 59 - memcpy(mic, out, IEEE80211_CMAC_128_MIC_LEN); 57 + memcpy(mic, out, mic_len); 60 58 61 59 return 0; 62 - } 63 - 64 - int ieee80211_aes_cmac_256(struct crypto_shash *tfm, const u8 *aad, 65 - const u8 *data, size_t data_len, u8 *mic) 66 - { 67 - int err; 68 - SHASH_DESC_ON_STACK(desc, tfm); 69 - const __le16 *fc; 70 - 71 - desc->tfm = tfm; 72 - 73 - err = crypto_shash_init(desc); 74 - if (err) 75 - return err; 76 - err = crypto_shash_update(desc, aad, AAD_LEN); 77 - if (err) 78 - return err; 79 - fc = (const __le16 *)aad; 80 - if (ieee80211_is_beacon(*fc)) { 81 - /* mask Timestamp field to zero */ 82 - err = crypto_shash_update(desc, zero, 8); 83 - if (err) 84 - return err; 85 - err = crypto_shash_update(desc, data + 8, data_len - 8 - 86 - IEEE80211_CMAC_256_MIC_LEN); 87 - if (err) 88 - return err; 89 - } else { 90 - err = crypto_shash_update(desc, data, data_len - 91 - IEEE80211_CMAC_256_MIC_LEN); 92 - if (err) 93 - return err; 94 - } 95 - return crypto_shash_finup(desc, zero, IEEE80211_CMAC_256_MIC_LEN, mic); 96 60 } 97 61 98 62 struct crypto_shash *ieee80211_aes_cmac_key_setup(const u8 key[],

+2 -3

net/mac80211/aes_cmac.h

··· 12 12 struct crypto_shash *ieee80211_aes_cmac_key_setup(const u8 key[], 13 13 size_t key_len); 14 14 int ieee80211_aes_cmac(struct crypto_shash *tfm, const u8 *aad, 15 - const u8 *data, size_t data_len, u8 *mic); 16 - int ieee80211_aes_cmac_256(struct crypto_shash *tfm, const u8 *aad, 17 - const u8 *data, size_t data_len, u8 *mic); 15 + const u8 *data, size_t data_len, u8 *mic, 16 + unsigned int mic_len); 18 17 void ieee80211_aes_cmac_key_free(struct crypto_shash *tfm); 19 18 20 19 #endif /* AES_CMAC_H */

+10 -6

net/mac80211/wpa.c

··· 870 870 * MIC = AES-128-CMAC(IGTK, AAD || Management Frame Body || MMIE, 64) 871 871 */ 872 872 if (ieee80211_aes_cmac(key->u.aes_cmac.tfm, aad, 873 - skb->data + 24, skb->len - 24, mmie->mic)) 873 + skb->data + 24, skb->len - 24, mmie->mic, 874 + IEEE80211_CMAC_128_MIC_LEN)) 874 875 return TX_DROP; 875 876 876 877 return TX_CONTINUE; ··· 918 917 919 918 /* MIC = AES-256-CMAC(IGTK, AAD || Management Frame Body || MMIE, 128) 920 919 */ 921 - if (ieee80211_aes_cmac_256(key->u.aes_cmac.tfm, aad, 922 - skb->data + 24, skb->len - 24, mmie->mic)) 920 + if (ieee80211_aes_cmac(key->u.aes_cmac.tfm, aad, 921 + skb->data + 24, skb->len - 24, mmie->mic, 922 + IEEE80211_CMAC_256_MIC_LEN)) 923 923 return TX_DROP; 924 924 925 925 return TX_CONTINUE; ··· 961 959 /* hardware didn't decrypt/verify MIC */ 962 960 bip_aad(skb, aad); 963 961 if (ieee80211_aes_cmac(key->u.aes_cmac.tfm, aad, 964 - skb->data + 24, skb->len - 24, mic)) 962 + skb->data + 24, skb->len - 24, mic, 963 + IEEE80211_CMAC_128_MIC_LEN)) 965 964 return RX_DROP_U_DECRYPT_FAIL; 966 965 if (crypto_memneq(mic, mmie->mic, sizeof(mmie->mic))) { 967 966 key->u.aes_cmac.icverrors++; ··· 1012 1009 if (!(status->flag & RX_FLAG_DECRYPTED)) { 1013 1010 /* hardware didn't decrypt/verify MIC */ 1014 1011 bip_aad(skb, aad); 1015 - if (ieee80211_aes_cmac_256(key->u.aes_cmac.tfm, aad, 1016 - skb->data + 24, skb->len - 24, mic)) 1012 + if (ieee80211_aes_cmac(key->u.aes_cmac.tfm, aad, 1013 + skb->data + 24, skb->len - 24, mic, 1014 + IEEE80211_CMAC_256_MIC_LEN)) 1017 1015 return RX_DROP_U_DECRYPT_FAIL; 1018 1016 if (crypto_memneq(mic, mmie->mic, sizeof(mmie->mic))) { 1019 1017 key->u.aes_cmac.icverrors++;