From patchwork Tue Jun 11 13:47:49 2019 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Ard Biesheuvel X-Patchwork-Id: 166456 Delivered-To: patch@linaro.org Received: by 2002:a92:4782:0:0:0:0:0 with SMTP id e2csp2387909ilk; Tue, 11 Jun 2019 06:48:06 -0700 (PDT) X-Google-Smtp-Source: APXvYqwgKPAiKPh4/oDucKoJE99py5tvjjmNh7xj3Ro36cyP8rcDSvDmKgGagEBCejxlXm/fB8I6 X-Received: by 2002:aa7:8e46:: with SMTP id d6mr79875346pfr.91.1560260886547; Tue, 11 Jun 2019 06:48:06 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1560260886; cv=none; d=google.com; s=arc-20160816; b=qGOndFWigri4oLHpc8jIWhIDG3VELVEKYn3Y/FOZU5V/yt2E8hww/R0W0ovNL3fc0D o7fLVRrZCy0Cmy6wC5qK1QGs2dO5GSkSeseUfjZ0VeeLMVhCVDPamzrtADDV5xQpz3Ji tnbNuZ/mIft6slfC5Q3/jImnRq2ruOmk1JlrNSDk/2JfhdBP9dFZxUwnhalI2ueS769J ywT+LB2y5g9cxX53LUm5e4imfr2NFXNM6ZMpaK9pVoEVZdc2HVe3pMQ4TLzwELPSd9Fz qiLQAefKgjBk4f1EON+pkIEBI0SYw6zs0N5WSc7n+4RxcBKtDMAX7RNWIUyguTVjdDPz nvTA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:content-transfer-encoding:mime-version :references:in-reply-to:message-id:date:subject:cc:to:from :dkim-signature; bh=kT6Xg5Xf2axXUbcSIqWmO5mOnGwail91z2JesUght8Y=; b=A0/ZCxTssy/MViuRlGz6DTnF6g4xWSSVEA/aoFl7ftyA9fotc9xbYVT8VK/6/HUjLL UvuuEM3Hor4Nn8wJbb8TFYkULiiSst3XTWRZrm6KOOMrKmfNcrL3huzGMgfTpnbUIDIN Z4usrodJLoW85lG++KWgMoAlgzzSoYbXKSAt/jYh7SYMQnyNF/G/JyqN7RdyhODGvbaN s4b8HT6jineFYfncTH+0IaxNQPwEBSXY+YTsW1ok9dUn39kV5DfVIy2Gh1pYGF4RaOQM EPzljAdkl6d61eHYNdySKzmm7eRmKgG6aMgZQgZP1VWiw3+JPVVv1k2L2M62biGd1aq4 hVEg== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@linaro.org header.s=google header.b=xImDbJc1; spf=pass (google.com: best guess record for domain of linux-crypto-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-crypto-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linaro.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id w127si14336788pfw.200.2019.06.11.06.48.06; Tue, 11 Jun 2019 06:48:06 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-crypto-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=pass header.i=@linaro.org header.s=google header.b=xImDbJc1; spf=pass (google.com: best guess record for domain of linux-crypto-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-crypto-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linaro.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S2388299AbfFKNsF (ORCPT + 3 others); Tue, 11 Jun 2019 09:48:05 -0400 Received: from mail-wm1-f66.google.com ([209.85.128.66]:52230 "EHLO mail-wm1-f66.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S2390248AbfFKNsF (ORCPT ); Tue, 11 Jun 2019 09:48:05 -0400 Received: by mail-wm1-f66.google.com with SMTP id s3so3056962wms.2 for ; Tue, 11 Jun 2019 06:48:03 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linaro.org; s=google; h=from:to:cc:subject:date:message-id:in-reply-to:references :mime-version:content-transfer-encoding; bh=kT6Xg5Xf2axXUbcSIqWmO5mOnGwail91z2JesUght8Y=; b=xImDbJc1mqM4oRFysaYy1zwvIVWJ8Dt2fwYw3tTQjzWrZk5zouvhoWhyFFBjBSTkFi Vsp4cv68m1jcIJJkstPP20meC4rBC/C+rmt0kIv+7rsnkeuJ+b0VBIdCOsr2sub1GWp1 4vrtLdMHVmVy49XDBv9DRdeLiUfYiAbll/1rpL3+/m3UM9nrGRwzMe9W0wwyoD3U7+nf Ay3DdT44sZNbUbWBoEOUsVuZfVS7E8Se7CLWtqtPWJkFt8Ui5uFeyTgxV2/lF+hi3Ybq Ur+SZvlokIvokzSm5ZmT8+Q79WV+7g9oFWz1y0lFN7hzYHXG7+kCa4AVzV3FJw3X2n4c 7EvQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references:mime-version:content-transfer-encoding; bh=kT6Xg5Xf2axXUbcSIqWmO5mOnGwail91z2JesUght8Y=; b=TBgLo140J34doxphtwX9qdY8EOtcAHBZFo0wZzv4u2um4nn1J+zcvH6Lol2juYa5Sw 6bUL1RZrjD8HmmyUb1S5H9gUrhCSVX1SMned9zj9FecRKhSAaXR2pphlAOD4tBDmzTtt W1ezOBLA0+e0Wy/IK5hNx9yYQkAI25/7kY7WtVL5DQRVKwecMqSdabrcGldwGHOQjvTa Oie1X01keY9n77TROXIWmJ2UUAdd1L4wAoU8nvwk4Wk4FJSrsRlh2UCjdwIhoSPXzYH1 pDgD5shYfkjCwSwEBoa8HK1PzetwphUy4x7Egx7CbyTcYfG9DrufW/fsqgcE+uw4fKeF NCAA== X-Gm-Message-State: APjAAAXvnkE6Wnwm1hsuQGofrMQiBsDIjegJsQOIOXzo3SubeyGCEVjg BFNcoNiY8KEn9KBfv0n43OuMLOqgeulgX2YN X-Received: by 2002:a7b:c313:: with SMTP id k19mr7092704wmj.2.1560260882190; Tue, 11 Jun 2019 06:48:02 -0700 (PDT) Received: from sudo.home ([2a01:cb1d:112:6f00:24bb:7f31:25fe:43a7]) by smtp.gmail.com with ESMTPSA id o126sm3964305wmo.31.2019.06.11.06.48.00 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Tue, 11 Jun 2019 06:48:01 -0700 (PDT) From: Ard Biesheuvel To: linux-crypto@vger.kernel.org Cc: Ard Biesheuvel , Herbert Xu , "David S. Miller" , Eric Biggers , Johannes Berg , linux-ppp@vger.kernel.org, Paul Mackerras Subject: [PATCH v3 6/7] ppp: mppe: switch to RC4 library interface Date: Tue, 11 Jun 2019 15:47:49 +0200 Message-Id: <20190611134750.2974-7-ard.biesheuvel@linaro.org> X-Mailer: git-send-email 2.20.1 In-Reply-To: <20190611134750.2974-1-ard.biesheuvel@linaro.org> References: <20190611134750.2974-1-ard.biesheuvel@linaro.org> MIME-Version: 1.0 Sender: linux-crypto-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-crypto@vger.kernel.org The MPPE code uses the sync skcipher to invoke the ecb(arc4) skcipher, of which only a single generic C code implementation exists. This means that going through all the trouble of using scatterlists etc buys us very little, and we're better off just invoking the arc4 library directly. Note that the SHA1 shash used by this driver has several accelerated implementations for various architectures, so retaining that part does make sense. Cc: linux-ppp@vger.kernel.org Cc: Paul Mackerras Signed-off-by: Ard Biesheuvel --- drivers/net/ppp/Kconfig | 3 +- drivers/net/ppp/ppp_mppe.c | 95 +++----------------- 2 files changed, 14 insertions(+), 84 deletions(-) -- 2.20.1 diff --git a/drivers/net/ppp/Kconfig b/drivers/net/ppp/Kconfig index bf395df3bb37..1a2e2f7629f3 100644 --- a/drivers/net/ppp/Kconfig +++ b/drivers/net/ppp/Kconfig @@ -87,8 +87,7 @@ config PPP_MPPE depends on PPP select CRYPTO select CRYPTO_SHA1 - select CRYPTO_ARC4 - select CRYPTO_ECB + select CRYPTO_LIB_ARC4 ---help--- Support for the MPPE Encryption protocol, as employed by the Microsoft Point-to-Point Tunneling Protocol. diff --git a/drivers/net/ppp/ppp_mppe.c b/drivers/net/ppp/ppp_mppe.c index ff61dd8748de..a2040a156f40 100644 --- a/drivers/net/ppp/ppp_mppe.c +++ b/drivers/net/ppp/ppp_mppe.c @@ -42,9 +42,10 @@ * deprecated in 2.6 */ +#include #include -#include #include +#include #include #include #include @@ -65,13 +66,6 @@ MODULE_LICENSE("Dual BSD/GPL"); MODULE_ALIAS("ppp-compress-" __stringify(CI_MPPE)); MODULE_VERSION("1.0.2"); -static unsigned int -setup_sg(struct scatterlist *sg, const void *address, unsigned int length) -{ - sg_set_buf(sg, address, length); - return length; -} - #define SHA1_PAD_SIZE 40 /* @@ -95,7 +89,7 @@ static inline void sha_pad_init(struct sha_pad *shapad) * State for an MPPE (de)compressor. */ struct ppp_mppe_state { - struct crypto_sync_skcipher *arc4; + struct arc4_ctx arc4; struct shash_desc *sha1; unsigned char *sha1_digest; unsigned char master_key[MPPE_MAX_KEY_LEN]; @@ -154,24 +148,11 @@ static void get_new_key_from_sha(struct ppp_mppe_state * state) */ static void mppe_rekey(struct ppp_mppe_state * state, int initial_key) { - struct scatterlist sg_in[1], sg_out[1]; - SYNC_SKCIPHER_REQUEST_ON_STACK(req, state->arc4); - - skcipher_request_set_sync_tfm(req, state->arc4); - skcipher_request_set_callback(req, 0, NULL, NULL); - get_new_key_from_sha(state); if (!initial_key) { - crypto_sync_skcipher_setkey(state->arc4, state->sha1_digest, - state->keylen); - sg_init_table(sg_in, 1); - sg_init_table(sg_out, 1); - setup_sg(sg_in, state->sha1_digest, state->keylen); - setup_sg(sg_out, state->session_key, state->keylen); - skcipher_request_set_crypt(req, sg_in, sg_out, state->keylen, - NULL); - if (crypto_skcipher_encrypt(req)) - printk(KERN_WARNING "mppe_rekey: cipher_encrypt failed\n"); + arc4_setkey(&state->arc4, state->sha1_digest, state->keylen); + arc4_crypt(&state->arc4, state->session_key, state->sha1_digest, + state->keylen); } else { memcpy(state->session_key, state->sha1_digest, state->keylen); } @@ -181,9 +162,7 @@ static void mppe_rekey(struct ppp_mppe_state * state, int initial_key) state->session_key[1] = 0x26; state->session_key[2] = 0x9e; } - crypto_sync_skcipher_setkey(state->arc4, state->session_key, - state->keylen); - skcipher_request_zero(req); + arc4_setkey(&state->arc4, state->session_key, state->keylen); } /* @@ -196,7 +175,8 @@ static void *mppe_alloc(unsigned char *options, int optlen) unsigned int digestsize; if (optlen != CILEN_MPPE + sizeof(state->master_key) || - options[0] != CI_MPPE || options[1] != CILEN_MPPE) + options[0] != CI_MPPE || options[1] != CILEN_MPPE || + fips_enabled) goto out; state = kzalloc(sizeof(*state), GFP_KERNEL); @@ -204,12 +184,6 @@ static void *mppe_alloc(unsigned char *options, int optlen) goto out; - state->arc4 = crypto_alloc_sync_skcipher("ecb(arc4)", 0, 0); - if (IS_ERR(state->arc4)) { - state->arc4 = NULL; - goto out_free; - } - shash = crypto_alloc_shash("sha1", 0, 0); if (IS_ERR(shash)) goto out_free; @@ -250,7 +224,6 @@ static void *mppe_alloc(unsigned char *options, int optlen) crypto_free_shash(state->sha1->tfm); kzfree(state->sha1); } - crypto_free_sync_skcipher(state->arc4); kfree(state); out: return NULL; @@ -266,7 +239,6 @@ static void mppe_free(void *arg) kfree(state->sha1_digest); crypto_free_shash(state->sha1->tfm); kzfree(state->sha1); - crypto_free_sync_skcipher(state->arc4); kfree(state); } } @@ -366,10 +338,7 @@ mppe_compress(void *arg, unsigned char *ibuf, unsigned char *obuf, int isize, int osize) { struct ppp_mppe_state *state = (struct ppp_mppe_state *) arg; - SYNC_SKCIPHER_REQUEST_ON_STACK(req, state->arc4); int proto; - int err; - struct scatterlist sg_in[1], sg_out[1]; /* * Check that the protocol is in the range we handle. @@ -420,21 +389,7 @@ mppe_compress(void *arg, unsigned char *ibuf, unsigned char *obuf, ibuf += 2; /* skip to proto field */ isize -= 2; - /* Encrypt packet */ - sg_init_table(sg_in, 1); - sg_init_table(sg_out, 1); - setup_sg(sg_in, ibuf, isize); - setup_sg(sg_out, obuf, osize); - - skcipher_request_set_sync_tfm(req, state->arc4); - skcipher_request_set_callback(req, 0, NULL, NULL); - skcipher_request_set_crypt(req, sg_in, sg_out, isize, NULL); - err = crypto_skcipher_encrypt(req); - skcipher_request_zero(req); - if (err) { - printk(KERN_DEBUG "crypto_cypher_encrypt failed\n"); - return -1; - } + arc4_crypt(&state->arc4, obuf, ibuf, isize); state->stats.unc_bytes += isize; state->stats.unc_packets++; @@ -480,10 +435,8 @@ mppe_decompress(void *arg, unsigned char *ibuf, int isize, unsigned char *obuf, int osize) { struct ppp_mppe_state *state = (struct ppp_mppe_state *) arg; - SYNC_SKCIPHER_REQUEST_ON_STACK(req, state->arc4); unsigned ccount; int flushed = MPPE_BITS(ibuf) & MPPE_BIT_FLUSHED; - struct scatterlist sg_in[1], sg_out[1]; if (isize <= PPP_HDRLEN + MPPE_OVHD) { if (state->debug) @@ -610,19 +563,7 @@ mppe_decompress(void *arg, unsigned char *ibuf, int isize, unsigned char *obuf, * Decrypt the first byte in order to check if it is * a compressed or uncompressed protocol field. */ - sg_init_table(sg_in, 1); - sg_init_table(sg_out, 1); - setup_sg(sg_in, ibuf, 1); - setup_sg(sg_out, obuf, 1); - - skcipher_request_set_sync_tfm(req, state->arc4); - skcipher_request_set_callback(req, 0, NULL, NULL); - skcipher_request_set_crypt(req, sg_in, sg_out, 1, NULL); - if (crypto_skcipher_decrypt(req)) { - printk(KERN_DEBUG "crypto_cypher_decrypt failed\n"); - osize = DECOMP_ERROR; - goto out_zap_req; - } + arc4_crypt(&state->arc4, obuf, ibuf, 1); /* * Do PFC decompression. @@ -637,14 +578,7 @@ mppe_decompress(void *arg, unsigned char *ibuf, int isize, unsigned char *obuf, } /* And finally, decrypt the rest of the packet. */ - setup_sg(sg_in, ibuf + 1, isize - 1); - setup_sg(sg_out, obuf + 1, osize - 1); - skcipher_request_set_crypt(req, sg_in, sg_out, isize - 1, NULL); - if (crypto_skcipher_decrypt(req)) { - printk(KERN_DEBUG "crypto_cypher_decrypt failed\n"); - osize = DECOMP_ERROR; - goto out_zap_req; - } + arc4_crypt(&state->arc4, obuf + 1, ibuf + 1, isize - 1); state->stats.unc_bytes += osize; state->stats.unc_packets++; @@ -654,8 +588,6 @@ mppe_decompress(void *arg, unsigned char *ibuf, int isize, unsigned char *obuf, /* good packet credit */ state->sanity_errors >>= 1; -out_zap_req: - skcipher_request_zero(req); return osize; sanity_error: @@ -728,8 +660,7 @@ static struct compressor ppp_mppe = { static int __init ppp_mppe_init(void) { int answer; - if (!(crypto_has_skcipher("ecb(arc4)", 0, CRYPTO_ALG_ASYNC) && - crypto_has_ahash("sha1", 0, CRYPTO_ALG_ASYNC))) + if (!crypto_has_ahash("sha1", 0, CRYPTO_ALG_ASYNC)) return -ENODEV; sha_pad = kmalloc(sizeof(struct sha_pad), GFP_KERNEL);