Commit c5960778 authored by Ard Biesheuvel's avatar Ard Biesheuvel Committed by Herbert Xu

staging/rtl8192u: switch to RC4 library interface

Switch to the ARC4 library interface, to remove the pointless
dependency on the skcipher API, from which we will hopefully be
able to drop ecb(arc4) skcipher support.
Signed-off-by: default avatarArd Biesheuvel <ardb@kernel.org>
Acked-by: default avatarGreg Kroah-Hartman <gregkh@linuxfoundation.org>
Signed-off-by: default avatarHerbert Xu <herbert@gondor.apana.org.au>
parent 054694a4
...@@ -8,3 +8,4 @@ config RTL8192U ...@@ -8,3 +8,4 @@ config RTL8192U
select CRYPTO select CRYPTO
select CRYPTO_AES select CRYPTO_AES
select CRYPTO_CCM select CRYPTO_CCM
select CRYPTO_LIB_ARC4
...@@ -5,6 +5,7 @@ ...@@ -5,6 +5,7 @@
* Copyright (c) 2003-2004, Jouni Malinen <jkmaline@cc.hut.fi> * Copyright (c) 2003-2004, Jouni Malinen <jkmaline@cc.hut.fi>
*/ */
#include <linux/fips.h>
#include <linux/module.h> #include <linux/module.h>
#include <linux/init.h> #include <linux/init.h>
#include <linux/slab.h> #include <linux/slab.h>
...@@ -17,9 +18,8 @@ ...@@ -17,9 +18,8 @@
#include "ieee80211.h" #include "ieee80211.h"
#include <crypto/arc4.h>
#include <crypto/hash.h> #include <crypto/hash.h>
#include <crypto/skcipher.h>
#include <linux/scatterlist.h>
#include <linux/crc32.h> #include <linux/crc32.h>
MODULE_AUTHOR("Jouni Malinen"); MODULE_AUTHOR("Jouni Malinen");
...@@ -49,9 +49,9 @@ struct ieee80211_tkip_data { ...@@ -49,9 +49,9 @@ struct ieee80211_tkip_data {
int key_idx; int key_idx;
struct crypto_sync_skcipher *rx_tfm_arc4; struct arc4_ctx rx_ctx_arc4;
struct arc4_ctx tx_ctx_arc4;
struct crypto_shash *rx_tfm_michael; struct crypto_shash *rx_tfm_michael;
struct crypto_sync_skcipher *tx_tfm_arc4;
struct crypto_shash *tx_tfm_michael; struct crypto_shash *tx_tfm_michael;
/* scratch buffers for virt_to_page() (crypto API) */ /* scratch buffers for virt_to_page() (crypto API) */
...@@ -62,19 +62,14 @@ static void *ieee80211_tkip_init(int key_idx) ...@@ -62,19 +62,14 @@ static void *ieee80211_tkip_init(int key_idx)
{ {
struct ieee80211_tkip_data *priv; struct ieee80211_tkip_data *priv;
if (fips_enabled)
return NULL;
priv = kzalloc(sizeof(*priv), GFP_KERNEL); priv = kzalloc(sizeof(*priv), GFP_KERNEL);
if (!priv) if (!priv)
goto fail; goto fail;
priv->key_idx = key_idx; priv->key_idx = key_idx;
priv->tx_tfm_arc4 = crypto_alloc_sync_skcipher("ecb(arc4)", 0, 0);
if (IS_ERR(priv->tx_tfm_arc4)) {
printk(KERN_DEBUG "ieee80211_crypt_tkip: could not allocate "
"crypto API arc4\n");
priv->tx_tfm_arc4 = NULL;
goto fail;
}
priv->tx_tfm_michael = crypto_alloc_shash("michael_mic", 0, 0); priv->tx_tfm_michael = crypto_alloc_shash("michael_mic", 0, 0);
if (IS_ERR(priv->tx_tfm_michael)) { if (IS_ERR(priv->tx_tfm_michael)) {
printk(KERN_DEBUG "ieee80211_crypt_tkip: could not allocate " printk(KERN_DEBUG "ieee80211_crypt_tkip: could not allocate "
...@@ -83,14 +78,6 @@ static void *ieee80211_tkip_init(int key_idx) ...@@ -83,14 +78,6 @@ static void *ieee80211_tkip_init(int key_idx)
goto fail; goto fail;
} }
priv->rx_tfm_arc4 = crypto_alloc_sync_skcipher("ecb(arc4)", 0, 0);
if (IS_ERR(priv->rx_tfm_arc4)) {
printk(KERN_DEBUG "ieee80211_crypt_tkip: could not allocate "
"crypto API arc4\n");
priv->rx_tfm_arc4 = NULL;
goto fail;
}
priv->rx_tfm_michael = crypto_alloc_shash("michael_mic", 0, 0); priv->rx_tfm_michael = crypto_alloc_shash("michael_mic", 0, 0);
if (IS_ERR(priv->rx_tfm_michael)) { if (IS_ERR(priv->rx_tfm_michael)) {
printk(KERN_DEBUG "ieee80211_crypt_tkip: could not allocate " printk(KERN_DEBUG "ieee80211_crypt_tkip: could not allocate "
...@@ -104,9 +91,7 @@ static void *ieee80211_tkip_init(int key_idx) ...@@ -104,9 +91,7 @@ static void *ieee80211_tkip_init(int key_idx)
fail: fail:
if (priv) { if (priv) {
crypto_free_shash(priv->tx_tfm_michael); crypto_free_shash(priv->tx_tfm_michael);
crypto_free_sync_skcipher(priv->tx_tfm_arc4);
crypto_free_shash(priv->rx_tfm_michael); crypto_free_shash(priv->rx_tfm_michael);
crypto_free_sync_skcipher(priv->rx_tfm_arc4);
kfree(priv); kfree(priv);
} }
...@@ -120,11 +105,9 @@ static void ieee80211_tkip_deinit(void *priv) ...@@ -120,11 +105,9 @@ static void ieee80211_tkip_deinit(void *priv)
if (_priv) { if (_priv) {
crypto_free_shash(_priv->tx_tfm_michael); crypto_free_shash(_priv->tx_tfm_michael);
crypto_free_sync_skcipher(_priv->tx_tfm_arc4);
crypto_free_shash(_priv->rx_tfm_michael); crypto_free_shash(_priv->rx_tfm_michael);
crypto_free_sync_skcipher(_priv->rx_tfm_arc4);
} }
kfree(priv); kzfree(priv);
} }
...@@ -290,10 +273,8 @@ static int ieee80211_tkip_encrypt(struct sk_buff *skb, int hdr_len, void *priv) ...@@ -290,10 +273,8 @@ static int ieee80211_tkip_encrypt(struct sk_buff *skb, int hdr_len, void *priv)
u8 *pos; u8 *pos;
struct rtl_80211_hdr_4addr *hdr; struct rtl_80211_hdr_4addr *hdr;
struct cb_desc *tcb_desc = (struct cb_desc *)(skb->cb + MAX_DEV_ADDR_SIZE); struct cb_desc *tcb_desc = (struct cb_desc *)(skb->cb + MAX_DEV_ADDR_SIZE);
int ret = 0;
u8 rc4key[16], *icv; u8 rc4key[16], *icv;
u32 crc; u32 crc;
struct scatterlist sg;
if (skb_headroom(skb) < 8 || skb_tailroom(skb) < 4 || if (skb_headroom(skb) < 8 || skb_tailroom(skb) < 4 ||
skb->len < hdr_len) skb->len < hdr_len)
...@@ -334,21 +315,15 @@ static int ieee80211_tkip_encrypt(struct sk_buff *skb, int hdr_len, void *priv) ...@@ -334,21 +315,15 @@ static int ieee80211_tkip_encrypt(struct sk_buff *skb, int hdr_len, void *priv)
*pos++ = (tkey->tx_iv32 >> 24) & 0xff; *pos++ = (tkey->tx_iv32 >> 24) & 0xff;
if (!tcb_desc->bHwSec) { if (!tcb_desc->bHwSec) {
SYNC_SKCIPHER_REQUEST_ON_STACK(req, tkey->tx_tfm_arc4);
icv = skb_put(skb, 4); icv = skb_put(skb, 4);
crc = ~crc32_le(~0, pos, len); crc = ~crc32_le(~0, pos, len);
icv[0] = crc; icv[0] = crc;
icv[1] = crc >> 8; icv[1] = crc >> 8;
icv[2] = crc >> 16; icv[2] = crc >> 16;
icv[3] = crc >> 24; icv[3] = crc >> 24;
crypto_sync_skcipher_setkey(tkey->tx_tfm_arc4, rc4key, 16);
sg_init_one(&sg, pos, len + 4); arc4_setkey(&tkey->tx_ctx_arc4, rc4key, 16);
skcipher_request_set_sync_tfm(req, tkey->tx_tfm_arc4); arc4_crypt(&tkey->tx_ctx_arc4, pos, pos, len + 4);
skcipher_request_set_callback(req, 0, NULL, NULL);
skcipher_request_set_crypt(req, &sg, &sg, len + 4, NULL);
ret = crypto_skcipher_encrypt(req);
skcipher_request_zero(req);
} }
tkey->tx_iv16++; tkey->tx_iv16++;
...@@ -357,12 +332,7 @@ static int ieee80211_tkip_encrypt(struct sk_buff *skb, int hdr_len, void *priv) ...@@ -357,12 +332,7 @@ static int ieee80211_tkip_encrypt(struct sk_buff *skb, int hdr_len, void *priv)
tkey->tx_iv32++; tkey->tx_iv32++;
} }
if (!tcb_desc->bHwSec)
return ret;
else
return 0; return 0;
} }
static int ieee80211_tkip_decrypt(struct sk_buff *skb, int hdr_len, void *priv) static int ieee80211_tkip_decrypt(struct sk_buff *skb, int hdr_len, void *priv)
...@@ -376,9 +346,7 @@ static int ieee80211_tkip_decrypt(struct sk_buff *skb, int hdr_len, void *priv) ...@@ -376,9 +346,7 @@ static int ieee80211_tkip_decrypt(struct sk_buff *skb, int hdr_len, void *priv)
u8 rc4key[16]; u8 rc4key[16];
u8 icv[4]; u8 icv[4];
u32 crc; u32 crc;
struct scatterlist sg;
int plen; int plen;
int err;
if (skb->len < hdr_len + 8 + 4) if (skb->len < hdr_len + 8 + 4)
return -1; return -1;
...@@ -412,8 +380,6 @@ static int ieee80211_tkip_decrypt(struct sk_buff *skb, int hdr_len, void *priv) ...@@ -412,8 +380,6 @@ static int ieee80211_tkip_decrypt(struct sk_buff *skb, int hdr_len, void *priv)
pos += 8; pos += 8;
if (!tcb_desc->bHwSec) { if (!tcb_desc->bHwSec) {
SYNC_SKCIPHER_REQUEST_ON_STACK(req, tkey->rx_tfm_arc4);
if (iv32 < tkey->rx_iv32 || if (iv32 < tkey->rx_iv32 ||
(iv32 == tkey->rx_iv32 && iv16 <= tkey->rx_iv16)) { (iv32 == tkey->rx_iv32 && iv16 <= tkey->rx_iv16)) {
if (net_ratelimit()) { if (net_ratelimit()) {
...@@ -434,23 +400,8 @@ static int ieee80211_tkip_decrypt(struct sk_buff *skb, int hdr_len, void *priv) ...@@ -434,23 +400,8 @@ static int ieee80211_tkip_decrypt(struct sk_buff *skb, int hdr_len, void *priv)
plen = skb->len - hdr_len - 12; plen = skb->len - hdr_len - 12;
crypto_sync_skcipher_setkey(tkey->rx_tfm_arc4, rc4key, 16); arc4_setkey(&tkey->rx_ctx_arc4, rc4key, 16);
sg_init_one(&sg, pos, plen + 4); arc4_crypt(&tkey->rx_ctx_arc4, pos, pos, plen + 4);
skcipher_request_set_sync_tfm(req, tkey->rx_tfm_arc4);
skcipher_request_set_callback(req, 0, NULL, NULL);
skcipher_request_set_crypt(req, &sg, &sg, plen + 4, NULL);
err = crypto_skcipher_decrypt(req);
skcipher_request_zero(req);
if (err) {
if (net_ratelimit()) {
netdev_dbg(skb->dev, "TKIP: failed to decrypt "
"received packet from %pM\n",
hdr->addr2);
}
return -7;
}
crc = ~crc32_le(~0, pos, plen); crc = ~crc32_le(~0, pos, plen);
icv[0] = crc; icv[0] = crc;
...@@ -655,17 +606,13 @@ static int ieee80211_tkip_set_key(void *key, int len, u8 *seq, void *priv) ...@@ -655,17 +606,13 @@ static int ieee80211_tkip_set_key(void *key, int len, u8 *seq, void *priv)
struct ieee80211_tkip_data *tkey = priv; struct ieee80211_tkip_data *tkey = priv;
int keyidx; int keyidx;
struct crypto_shash *tfm = tkey->tx_tfm_michael; struct crypto_shash *tfm = tkey->tx_tfm_michael;
struct crypto_sync_skcipher *tfm2 = tkey->tx_tfm_arc4;
struct crypto_shash *tfm3 = tkey->rx_tfm_michael; struct crypto_shash *tfm3 = tkey->rx_tfm_michael;
struct crypto_sync_skcipher *tfm4 = tkey->rx_tfm_arc4;
keyidx = tkey->key_idx; keyidx = tkey->key_idx;
memset(tkey, 0, sizeof(*tkey)); memset(tkey, 0, sizeof(*tkey));
tkey->key_idx = keyidx; tkey->key_idx = keyidx;
tkey->tx_tfm_michael = tfm; tkey->tx_tfm_michael = tfm;
tkey->tx_tfm_arc4 = tfm2;
tkey->rx_tfm_michael = tfm3; tkey->rx_tfm_michael = tfm3;
tkey->rx_tfm_arc4 = tfm4;
if (len == TKIP_KEY_LEN) { if (len == TKIP_KEY_LEN) {
memcpy(tkey->key, key, TKIP_KEY_LEN); memcpy(tkey->key, key, TKIP_KEY_LEN);
......
...@@ -5,6 +5,7 @@ ...@@ -5,6 +5,7 @@
* Copyright (c) 2002-2004, Jouni Malinen <jkmaline@cc.hut.fi> * Copyright (c) 2002-2004, Jouni Malinen <jkmaline@cc.hut.fi>
*/ */
#include <linux/fips.h>
#include <linux/module.h> #include <linux/module.h>
#include <linux/init.h> #include <linux/init.h>
#include <linux/slab.h> #include <linux/slab.h>
...@@ -14,8 +15,7 @@ ...@@ -14,8 +15,7 @@
#include "ieee80211.h" #include "ieee80211.h"
#include <crypto/skcipher.h> #include <crypto/arc4.h>
#include <linux/scatterlist.h>
#include <linux/crc32.h> #include <linux/crc32.h>
MODULE_AUTHOR("Jouni Malinen"); MODULE_AUTHOR("Jouni Malinen");
...@@ -28,8 +28,8 @@ struct prism2_wep_data { ...@@ -28,8 +28,8 @@ struct prism2_wep_data {
u8 key[WEP_KEY_LEN + 1]; u8 key[WEP_KEY_LEN + 1];
u8 key_len; u8 key_len;
u8 key_idx; u8 key_idx;
struct crypto_sync_skcipher *tx_tfm; struct arc4_ctx rx_ctx_arc4;
struct crypto_sync_skcipher *rx_tfm; struct arc4_ctx tx_ctx_arc4;
}; };
...@@ -37,39 +37,24 @@ static void *prism2_wep_init(int keyidx) ...@@ -37,39 +37,24 @@ static void *prism2_wep_init(int keyidx)
{ {
struct prism2_wep_data *priv; struct prism2_wep_data *priv;
if (fips_enabled)
return NULL;
priv = kzalloc(sizeof(*priv), GFP_KERNEL); priv = kzalloc(sizeof(*priv), GFP_KERNEL);
if (!priv) if (!priv)
return NULL; return NULL;
priv->key_idx = keyidx; priv->key_idx = keyidx;
priv->tx_tfm = crypto_alloc_sync_skcipher("ecb(arc4)", 0, 0);
if (IS_ERR(priv->tx_tfm))
goto free_priv;
priv->rx_tfm = crypto_alloc_sync_skcipher("ecb(arc4)", 0, 0);
if (IS_ERR(priv->rx_tfm))
goto free_tx;
/* start WEP IV from a random value */ /* start WEP IV from a random value */
get_random_bytes(&priv->iv, 4); get_random_bytes(&priv->iv, 4);
return priv; return priv;
free_tx:
crypto_free_sync_skcipher(priv->tx_tfm);
free_priv:
kfree(priv);
return NULL;
} }
static void prism2_wep_deinit(void *priv) static void prism2_wep_deinit(void *priv)
{ {
struct prism2_wep_data *_priv = priv; kzfree(priv);
if (_priv) {
crypto_free_sync_skcipher(_priv->tx_tfm);
crypto_free_sync_skcipher(_priv->rx_tfm);
}
kfree(priv);
} }
/* Perform WEP encryption on given skb that has at least 4 bytes of headroom /* Perform WEP encryption on given skb that has at least 4 bytes of headroom
...@@ -87,8 +72,6 @@ static int prism2_wep_encrypt(struct sk_buff *skb, int hdr_len, void *priv) ...@@ -87,8 +72,6 @@ static int prism2_wep_encrypt(struct sk_buff *skb, int hdr_len, void *priv)
struct cb_desc *tcb_desc = (struct cb_desc *)(skb->cb + MAX_DEV_ADDR_SIZE); struct cb_desc *tcb_desc = (struct cb_desc *)(skb->cb + MAX_DEV_ADDR_SIZE);
u32 crc; u32 crc;
u8 *icv; u8 *icv;
struct scatterlist sg;
int err;
if (skb_headroom(skb) < 4 || skb_tailroom(skb) < 4 || if (skb_headroom(skb) < 4 || skb_tailroom(skb) < 4 ||
skb->len < hdr_len) skb->len < hdr_len)
...@@ -124,8 +107,6 @@ static int prism2_wep_encrypt(struct sk_buff *skb, int hdr_len, void *priv) ...@@ -124,8 +107,6 @@ static int prism2_wep_encrypt(struct sk_buff *skb, int hdr_len, void *priv)
memcpy(key + 3, wep->key, wep->key_len); memcpy(key + 3, wep->key, wep->key_len);
if (!tcb_desc->bHwSec) { if (!tcb_desc->bHwSec) {
SYNC_SKCIPHER_REQUEST_ON_STACK(req, wep->tx_tfm);
/* Append little-endian CRC32 and encrypt it to produce ICV */ /* Append little-endian CRC32 and encrypt it to produce ICV */
crc = ~crc32_le(~0, pos, len); crc = ~crc32_le(~0, pos, len);
icv = skb_put(skb, 4); icv = skb_put(skb, 4);
...@@ -134,16 +115,8 @@ static int prism2_wep_encrypt(struct sk_buff *skb, int hdr_len, void *priv) ...@@ -134,16 +115,8 @@ static int prism2_wep_encrypt(struct sk_buff *skb, int hdr_len, void *priv)
icv[2] = crc >> 16; icv[2] = crc >> 16;
icv[3] = crc >> 24; icv[3] = crc >> 24;
crypto_sync_skcipher_setkey(wep->tx_tfm, key, klen); arc4_setkey(&wep->tx_ctx_arc4, key, klen);
sg_init_one(&sg, pos, len + 4); arc4_crypt(&wep->tx_ctx_arc4, pos, pos, len + 4);
skcipher_request_set_sync_tfm(req, wep->tx_tfm);
skcipher_request_set_callback(req, 0, NULL, NULL);
skcipher_request_set_crypt(req, &sg, &sg, len + 4, NULL);
err = crypto_skcipher_encrypt(req);
skcipher_request_zero(req);
return err;
} }
return 0; return 0;
...@@ -166,8 +139,6 @@ static int prism2_wep_decrypt(struct sk_buff *skb, int hdr_len, void *priv) ...@@ -166,8 +139,6 @@ static int prism2_wep_decrypt(struct sk_buff *skb, int hdr_len, void *priv)
struct cb_desc *tcb_desc = (struct cb_desc *)(skb->cb + MAX_DEV_ADDR_SIZE); struct cb_desc *tcb_desc = (struct cb_desc *)(skb->cb + MAX_DEV_ADDR_SIZE);
u32 crc; u32 crc;
u8 icv[4]; u8 icv[4];
struct scatterlist sg;
int err;
if (skb->len < hdr_len + 8) if (skb->len < hdr_len + 8)
return -1; return -1;
...@@ -189,19 +160,8 @@ static int prism2_wep_decrypt(struct sk_buff *skb, int hdr_len, void *priv) ...@@ -189,19 +160,8 @@ static int prism2_wep_decrypt(struct sk_buff *skb, int hdr_len, void *priv)
plen = skb->len - hdr_len - 8; plen = skb->len - hdr_len - 8;
if (!tcb_desc->bHwSec) { if (!tcb_desc->bHwSec) {
SYNC_SKCIPHER_REQUEST_ON_STACK(req, wep->rx_tfm); arc4_setkey(&wep->rx_ctx_arc4, key, klen);
arc4_crypt(&wep->rx_ctx_arc4, pos, pos, plen + 4);
crypto_sync_skcipher_setkey(wep->rx_tfm, key, klen);
sg_init_one(&sg, pos, plen + 4);
skcipher_request_set_sync_tfm(req, wep->rx_tfm);
skcipher_request_set_callback(req, 0, NULL, NULL);
skcipher_request_set_crypt(req, &sg, &sg, plen + 4, NULL);
err = crypto_skcipher_decrypt(req);
skcipher_request_zero(req);
if (err)
return -7;
crc = ~crc32_le(~0, pos, plen); crc = ~crc32_le(~0, pos, plen);
icv[0] = crc; icv[0] = crc;
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment