staging/rtl8192u: switch to RC4 library interface

Linux kernel mirror (for testing) git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git

kernel os linux

Switch to the ARC4 library interface, to remove the pointless
dependency on the skcipher API, from which we will hopefully be
able to drop ecb(arc4) skcipher support.

Signed-off-by: Ard Biesheuvel <ardb@kernel.org>
Acked-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>

authored by

Ard Biesheuvel and committed by

Herbert Xu 5 years ago c5960778 054694a4

+27 -119

3 changed files

expand all

drivers

staging

rtl8192u

Kconfig

ieee80211

ieee80211_crypt_tkip.c

ieee80211_crypt_wep.c

drivers/staging/rtl8192u/Kconfig

··· 8 8 select CRYPTO 9 9 select CRYPTO_AES 10 10 select CRYPTO_CCM 11 + select CRYPTO_LIB_ARC4

+14 -67

drivers/staging/rtl8192u/ieee80211/ieee80211_crypt_tkip.c

··· 5 5 * Copyright (c) 2003-2004, Jouni Malinen <jkmaline@cc.hut.fi> 6 6 */ 7 7 8 + #include <linux/fips.h> 8 9 #include <linux/module.h> 9 10 #include <linux/init.h> 10 11 #include <linux/slab.h> ··· 18 17 19 18 #include "ieee80211.h" 20 19 20 + #include <crypto/arc4.h> 21 21 #include <crypto/hash.h> 22 - #include <crypto/skcipher.h> 23 - #include <linux/scatterlist.h> 24 22 #include <linux/crc32.h> 25 23 26 24 MODULE_AUTHOR("Jouni Malinen"); ··· 49 49 50 50 int key_idx; 51 51 52 - struct crypto_sync_skcipher *rx_tfm_arc4; 52 + struct arc4_ctx rx_ctx_arc4; 53 + struct arc4_ctx tx_ctx_arc4; 53 54 struct crypto_shash *rx_tfm_michael; 54 - struct crypto_sync_skcipher *tx_tfm_arc4; 55 55 struct crypto_shash *tx_tfm_michael; 56 56 57 57 /* scratch buffers for virt_to_page() (crypto API) */ ··· 62 62 { 63 63 struct ieee80211_tkip_data *priv; 64 64 65 + if (fips_enabled) 66 + return NULL; 67 + 65 68 priv = kzalloc(sizeof(*priv), GFP_KERNEL); 66 69 if (!priv) 67 70 goto fail; 68 71 priv->key_idx = key_idx; 69 - 70 - priv->tx_tfm_arc4 = crypto_alloc_sync_skcipher("ecb(arc4)", 0, 0); 71 - if (IS_ERR(priv->tx_tfm_arc4)) { 72 - printk(KERN_DEBUG "ieee80211_crypt_tkip: could not allocate " 73 - "crypto API arc4\n"); 74 - priv->tx_tfm_arc4 = NULL; 75 - goto fail; 76 - } 77 72 78 73 priv->tx_tfm_michael = crypto_alloc_shash("michael_mic", 0, 0); 79 74 if (IS_ERR(priv->tx_tfm_michael)) { 80 75 printk(KERN_DEBUG "ieee80211_crypt_tkip: could not allocate " 81 76 "crypto API michael_mic\n"); 82 77 priv->tx_tfm_michael = NULL; 83 - goto fail; 84 - } 85 - 86 - priv->rx_tfm_arc4 = crypto_alloc_sync_skcipher("ecb(arc4)", 0, 0); 87 - if (IS_ERR(priv->rx_tfm_arc4)) { 88 - printk(KERN_DEBUG "ieee80211_crypt_tkip: could not allocate " 89 - "crypto API arc4\n"); 90 - priv->rx_tfm_arc4 = NULL; 91 78 goto fail; 92 79 } 93 80 ··· 91 104 fail: 92 105 if (priv) { 93 106 crypto_free_shash(priv->tx_tfm_michael); 94 - crypto_free_sync_skcipher(priv->tx_tfm_arc4); 95 107 crypto_free_shash(priv->rx_tfm_michael); 96 - crypto_free_sync_skcipher(priv->rx_tfm_arc4); 97 108 kfree(priv); 98 109 } 99 110 ··· 105 120 106 121 if (_priv) { 107 122 crypto_free_shash(_priv->tx_tfm_michael); 108 - crypto_free_sync_skcipher(_priv->tx_tfm_arc4); 109 123 crypto_free_shash(_priv->rx_tfm_michael); 110 - crypto_free_sync_skcipher(_priv->rx_tfm_arc4); 111 124 } 112 - kfree(priv); 125 + kzfree(priv); 113 126 } 114 127 115 128 ··· 273 290 u8 *pos; 274 291 struct rtl_80211_hdr_4addr *hdr; 275 292 struct cb_desc *tcb_desc = (struct cb_desc *)(skb->cb + MAX_DEV_ADDR_SIZE); 276 - int ret = 0; 277 293 u8 rc4key[16], *icv; 278 294 u32 crc; 279 - struct scatterlist sg; 280 295 281 296 if (skb_headroom(skb) < 8 || skb_tailroom(skb) < 4 || 282 297 skb->len < hdr_len) ··· 315 334 *pos++ = (tkey->tx_iv32 >> 24) & 0xff; 316 335 317 336 if (!tcb_desc->bHwSec) { 318 - SYNC_SKCIPHER_REQUEST_ON_STACK(req, tkey->tx_tfm_arc4); 319 - 320 337 icv = skb_put(skb, 4); 321 338 crc = ~crc32_le(~0, pos, len); 322 339 icv[0] = crc; 323 340 icv[1] = crc >> 8; 324 341 icv[2] = crc >> 16; 325 342 icv[3] = crc >> 24; 326 - crypto_sync_skcipher_setkey(tkey->tx_tfm_arc4, rc4key, 16); 327 - sg_init_one(&sg, pos, len + 4); 328 - skcipher_request_set_sync_tfm(req, tkey->tx_tfm_arc4); 329 - skcipher_request_set_callback(req, 0, NULL, NULL); 330 - skcipher_request_set_crypt(req, &sg, &sg, len + 4, NULL); 331 - ret = crypto_skcipher_encrypt(req); 332 - skcipher_request_zero(req); 343 + 344 + arc4_setkey(&tkey->tx_ctx_arc4, rc4key, 16); 345 + arc4_crypt(&tkey->tx_ctx_arc4, pos, pos, len + 4); 333 346 } 334 347 335 348 tkey->tx_iv16++; ··· 332 357 tkey->tx_iv32++; 333 358 } 334 359 335 - if (!tcb_desc->bHwSec) 336 - return ret; 337 - else 338 - return 0; 339 - 340 - 360 + return 0; 341 361 } 342 362 343 363 static int ieee80211_tkip_decrypt(struct sk_buff *skb, int hdr_len, void *priv) ··· 346 376 u8 rc4key[16]; 347 377 u8 icv[4]; 348 378 u32 crc; 349 - struct scatterlist sg; 350 379 int plen; 351 - int err; 352 380 353 381 if (skb->len < hdr_len + 8 + 4) 354 382 return -1; ··· 380 412 pos += 8; 381 413 382 414 if (!tcb_desc->bHwSec) { 383 - SYNC_SKCIPHER_REQUEST_ON_STACK(req, tkey->rx_tfm_arc4); 384 - 385 415 if (iv32 < tkey->rx_iv32 || 386 416 (iv32 == tkey->rx_iv32 && iv16 <= tkey->rx_iv16)) { 387 417 if (net_ratelimit()) { ··· 400 434 401 435 plen = skb->len - hdr_len - 12; 402 436 403 - crypto_sync_skcipher_setkey(tkey->rx_tfm_arc4, rc4key, 16); 404 - sg_init_one(&sg, pos, plen + 4); 405 - 406 - skcipher_request_set_sync_tfm(req, tkey->rx_tfm_arc4); 407 - skcipher_request_set_callback(req, 0, NULL, NULL); 408 - skcipher_request_set_crypt(req, &sg, &sg, plen + 4, NULL); 409 - 410 - err = crypto_skcipher_decrypt(req); 411 - skcipher_request_zero(req); 412 - if (err) { 413 - if (net_ratelimit()) { 414 - netdev_dbg(skb->dev, "TKIP: failed to decrypt " 415 - "received packet from %pM\n", 416 - hdr->addr2); 417 - } 418 - return -7; 419 - } 437 + arc4_setkey(&tkey->rx_ctx_arc4, rc4key, 16); 438 + arc4_crypt(&tkey->rx_ctx_arc4, pos, pos, plen + 4); 420 439 421 440 crc = ~crc32_le(~0, pos, plen); 422 441 icv[0] = crc; ··· 606 655 struct ieee80211_tkip_data *tkey = priv; 607 656 int keyidx; 608 657 struct crypto_shash *tfm = tkey->tx_tfm_michael; 609 - struct crypto_sync_skcipher *tfm2 = tkey->tx_tfm_arc4; 610 658 struct crypto_shash *tfm3 = tkey->rx_tfm_michael; 611 - struct crypto_sync_skcipher *tfm4 = tkey->rx_tfm_arc4; 612 659 613 660 keyidx = tkey->key_idx; 614 661 memset(tkey, 0, sizeof(*tkey)); 615 662 tkey->key_idx = keyidx; 616 663 tkey->tx_tfm_michael = tfm; 617 - tkey->tx_tfm_arc4 = tfm2; 618 664 tkey->rx_tfm_michael = tfm3; 619 - tkey->rx_tfm_arc4 = tfm4; 620 665 621 666 if (len == TKIP_KEY_LEN) { 622 667 memcpy(tkey->key, key, TKIP_KEY_LEN);

+12 -52

drivers/staging/rtl8192u/ieee80211/ieee80211_crypt_wep.c

··· 5 5 * Copyright (c) 2002-2004, Jouni Malinen <jkmaline@cc.hut.fi> 6 6 */ 7 7 8 + #include <linux/fips.h> 8 9 #include <linux/module.h> 9 10 #include <linux/init.h> 10 11 #include <linux/slab.h> ··· 15 14 16 15 #include "ieee80211.h" 17 16 18 - #include <crypto/skcipher.h> 19 - #include <linux/scatterlist.h> 17 + #include <crypto/arc4.h> 20 18 #include <linux/crc32.h> 21 19 22 20 MODULE_AUTHOR("Jouni Malinen"); ··· 28 28 u8 key[WEP_KEY_LEN + 1]; 29 29 u8 key_len; 30 30 u8 key_idx; 31 - struct crypto_sync_skcipher *tx_tfm; 32 - struct crypto_sync_skcipher *rx_tfm; 31 + struct arc4_ctx rx_ctx_arc4; 32 + struct arc4_ctx tx_ctx_arc4; 33 33 }; 34 34 35 35 ··· 37 37 { 38 38 struct prism2_wep_data *priv; 39 39 40 + if (fips_enabled) 41 + return NULL; 42 + 40 43 priv = kzalloc(sizeof(*priv), GFP_KERNEL); 41 44 if (!priv) 42 45 return NULL; 43 46 priv->key_idx = keyidx; 44 47 45 - priv->tx_tfm = crypto_alloc_sync_skcipher("ecb(arc4)", 0, 0); 46 - if (IS_ERR(priv->tx_tfm)) 47 - goto free_priv; 48 - priv->rx_tfm = crypto_alloc_sync_skcipher("ecb(arc4)", 0, 0); 49 - if (IS_ERR(priv->rx_tfm)) 50 - goto free_tx; 51 - 52 48 /* start WEP IV from a random value */ 53 49 get_random_bytes(&priv->iv, 4); 54 50 55 51 return priv; 56 - free_tx: 57 - crypto_free_sync_skcipher(priv->tx_tfm); 58 - free_priv: 59 - kfree(priv); 60 - return NULL; 61 52 } 62 53 63 54 64 55 static void prism2_wep_deinit(void *priv) 65 56 { 66 - struct prism2_wep_data *_priv = priv; 67 - 68 - if (_priv) { 69 - crypto_free_sync_skcipher(_priv->tx_tfm); 70 - crypto_free_sync_skcipher(_priv->rx_tfm); 71 - } 72 - kfree(priv); 57 + kzfree(priv); 73 58 } 74 59 75 60 /* Perform WEP encryption on given skb that has at least 4 bytes of headroom ··· 72 87 struct cb_desc *tcb_desc = (struct cb_desc *)(skb->cb + MAX_DEV_ADDR_SIZE); 73 88 u32 crc; 74 89 u8 *icv; 75 - struct scatterlist sg; 76 - int err; 77 90 78 91 if (skb_headroom(skb) < 4 || skb_tailroom(skb) < 4 || 79 92 skb->len < hdr_len) ··· 107 124 memcpy(key + 3, wep->key, wep->key_len); 108 125 109 126 if (!tcb_desc->bHwSec) { 110 - SYNC_SKCIPHER_REQUEST_ON_STACK(req, wep->tx_tfm); 111 - 112 127 /* Append little-endian CRC32 and encrypt it to produce ICV */ 113 128 crc = ~crc32_le(~0, pos, len); 114 129 icv = skb_put(skb, 4); ··· 115 134 icv[2] = crc >> 16; 116 135 icv[3] = crc >> 24; 117 136 118 - crypto_sync_skcipher_setkey(wep->tx_tfm, key, klen); 119 - sg_init_one(&sg, pos, len + 4); 120 - 121 - skcipher_request_set_sync_tfm(req, wep->tx_tfm); 122 - skcipher_request_set_callback(req, 0, NULL, NULL); 123 - skcipher_request_set_crypt(req, &sg, &sg, len + 4, NULL); 124 - 125 - err = crypto_skcipher_encrypt(req); 126 - skcipher_request_zero(req); 127 - return err; 137 + arc4_setkey(&wep->tx_ctx_arc4, key, klen); 138 + arc4_crypt(&wep->tx_ctx_arc4, pos, pos, len + 4); 128 139 } 129 140 130 141 return 0; ··· 139 166 struct cb_desc *tcb_desc = (struct cb_desc *)(skb->cb + MAX_DEV_ADDR_SIZE); 140 167 u32 crc; 141 168 u8 icv[4]; 142 - struct scatterlist sg; 143 - int err; 144 169 145 170 if (skb->len < hdr_len + 8) 146 171 return -1; ··· 160 189 plen = skb->len - hdr_len - 8; 161 190 162 191 if (!tcb_desc->bHwSec) { 163 - SYNC_SKCIPHER_REQUEST_ON_STACK(req, wep->rx_tfm); 164 - 165 - crypto_sync_skcipher_setkey(wep->rx_tfm, key, klen); 166 - sg_init_one(&sg, pos, plen + 4); 167 - 168 - skcipher_request_set_sync_tfm(req, wep->rx_tfm); 169 - skcipher_request_set_callback(req, 0, NULL, NULL); 170 - skcipher_request_set_crypt(req, &sg, &sg, plen + 4, NULL); 171 - 172 - err = crypto_skcipher_decrypt(req); 173 - skcipher_request_zero(req); 174 - if (err) 175 - return -7; 192 + arc4_setkey(&wep->rx_ctx_arc4, key, klen); 193 + arc4_crypt(&wep->rx_ctx_arc4, pos, pos, plen + 4); 176 194 177 195 crc = ~crc32_le(~0, pos, plen); 178 196 icv[0] = crc;