From patchwork Wed Jun 12 16:19:58 2019 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Ard Biesheuvel X-Patchwork-Id: 166589 Delivered-To: patch@linaro.org Received: by 2002:a92:4782:0:0:0:0:0 with SMTP id e2csp3877596ilk; Wed, 12 Jun 2019 09:20:17 -0700 (PDT) X-Google-Smtp-Source: APXvYqymLsDFhzxcwRMAEKshZLHZqFwdqpxfl/AwZmFkdgT/YCpHUq9hv0C8pKgHOAximCkkd3Gn X-Received: by 2002:a17:90a:37ac:: with SMTP id v41mr60855pjb.6.1560356417058; Wed, 12 Jun 2019 09:20:17 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1560356417; cv=none; d=google.com; s=arc-20160816; b=yhe/+QhEv/ubhu/o4sfPpVW0AC/E7dOHZFk05k3NvVvW3TBRcsg4yAY+ZvfTBNP3AR 5SzdwNOM9HOdmCe553gnTUILvqjkPhWVR/Vh/wLrCqd7w/xuDqcbJS2wQOe0mOjiRuNo RS7nviQC9ySsJnK8VKH0LqJz6rC6SvviTP+2ocMjuKDH6P4er3WdTl8sytB39nVA5d13 Ln+aGkekyDMj+t5vAXeM0axC1v1mlxkMp5OGfI8WeL9zGmAlwX0+G5nl5YIHjYXAx5zS szOhkFvDbDSvV30lQ4tcZq0iVhHz3uNCiFXcBUJv9ACs1yVmP/i5E9BzhDbZeYNBAds3 B90Q== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:content-transfer-encoding:mime-version :references:in-reply-to:message-id:date:subject:cc:to:from :dkim-signature; bh=eTEZv0K1lF9tA5eNEQyGpuRSHV9usD2RVcNmVJMhy6c=; b=Br/m8w9ucmyIJamOh554GH0ENLC0oF+pcTendInVTxMr77VvxbEc+B6zAqN5EgfCVh i3HQEq7xdeRTq5Kk0pkbczE95mt9ijMasBA5hKrj0sOr6FONTq17ihieH3onJNdvCPRm +xFpJP2FRAXBJ2iNs9+tzlctrKcSMLsMSF+GMHUWiD3CJBDrApIK55jlMyI4ODFRneZ/ PSHsZ5ejeLPQ7pQiiUcCwaoFXiPRkS5IGFJg9axwH5ADQtFGh7bu+4brt0NQSw8jdSYj qAJxGKr9/56WYXb/HtdtGGoc1NZwEJFtrvzp/Y0BpacbO7cXI/gtQnS5vRXALbYhSXkX PIAQ== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@linaro.org header.s=google header.b=k2Z9PXtR; spf=pass (google.com: best guess record for domain of linux-crypto-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-crypto-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linaro.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id k17si204415pgg.426.2019.06.12.09.20.16; Wed, 12 Jun 2019 09:20:17 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-crypto-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=pass header.i=@linaro.org header.s=google header.b=k2Z9PXtR; spf=pass (google.com: best guess record for domain of linux-crypto-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-crypto-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linaro.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S2405740AbfFLQUQ (ORCPT + 3 others); Wed, 12 Jun 2019 12:20:16 -0400 Received: from mail-wm1-f65.google.com ([209.85.128.65]:37105 "EHLO mail-wm1-f65.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S2404608AbfFLQUP (ORCPT ); Wed, 12 Jun 2019 12:20:15 -0400 Received: by mail-wm1-f65.google.com with SMTP id 22so7182901wmg.2 for ; Wed, 12 Jun 2019 09:20:13 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linaro.org; s=google; h=from:to:cc:subject:date:message-id:in-reply-to:references :mime-version:content-transfer-encoding; bh=eTEZv0K1lF9tA5eNEQyGpuRSHV9usD2RVcNmVJMhy6c=; b=k2Z9PXtRCp5/EFjkPxjuHvX0JxJU9JsUqcI8Sqcp6cf0UBX2jcer1CsZLoKOOiu8VI klwgPrh103lXSI2C6IWbFTUMH2hImi0vRgTzFUY2LN3p4+jBtSawgJto9LddRoodXAW5 JP2BGIMsC2I0L1HnBh0LMEzmdyJHDPntvzT97E4e0FK6lZnboCnuef4cOt5LGw6VumbS uL0dL7APF429XK66uUK217X3IxvnNRuMV2EG6+Ny0QVoBFi6M9Idz/wWZH7i+e+et4iu QKwk3AaVT1jnyfX1/JExYjdF4MTNmPyIJceZaGQiOwmR+qsb/1ST5Q3X3KUoFpN/jjNu 65qA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references:mime-version:content-transfer-encoding; bh=eTEZv0K1lF9tA5eNEQyGpuRSHV9usD2RVcNmVJMhy6c=; b=FO8TMnqu/lmlqtH62Q0yVhxsfOfk69cK3XgEBmIxNPTfVP5lmGAOzg/jErrEqX3Jae SEplzf8hVhJ8bsnMxnz5iqgJ6QUR+gZnbCYSBKT01qsfHjLJJSgV+GNO6Hp8g5x5ZzJ8 bk9DBm3vM1ERDv0B5R0Kg6JfMLmQaA1Z5oYBtDkExlgSMZsuhE9s7pFDhFNBcwMVUPHY wVITZlL1PdpBM213qrQNDLV6wpakx9d7yg5JHVc76PDampDG33/mdSrYhiPG50l6Qefz tipZ8leNFOIVYCgdiRDM0z3zfY8NVC/7Tbs70ABKihpCITlOU/jCDX1H86YMWG5x0BNR moGw== X-Gm-Message-State: APjAAAU3MqrnCn+zx//Tr4OPxZMu+nmAT/jKItS2b11+NOmpViaoMOgt vZf9io7gAk489VJ4v4xCg9MJinoLAwBdMA== X-Received: by 2002:a7b:c450:: with SMTP id l16mr61834wmi.0.1560356412257; Wed, 12 Jun 2019 09:20:12 -0700 (PDT) Received: from sudo.home ([2a01:cb1d:112:6f00:353a:f33a:a393:3ada]) by smtp.gmail.com with ESMTPSA id c16sm70172wrr.53.2019.06.12.09.20.11 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Wed, 12 Jun 2019 09:20:11 -0700 (PDT) From: Ard Biesheuvel To: linux-crypto@vger.kernel.org Cc: Ard Biesheuvel , Herbert Xu , "David S. Miller" , Eric Biggers , Johannes Berg , linux-ppp@vger.kernel.org, Paul Mackerras Subject: [PATCH v5 6/7] ppp: mppe: switch to RC4 library interface Date: Wed, 12 Jun 2019 18:19:58 +0200 Message-Id: <20190612161959.30478-7-ard.biesheuvel@linaro.org> X-Mailer: git-send-email 2.20.1 In-Reply-To: <20190612161959.30478-1-ard.biesheuvel@linaro.org> References: <20190612161959.30478-1-ard.biesheuvel@linaro.org> MIME-Version: 1.0 Sender: linux-crypto-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-crypto@vger.kernel.org The MPPE code uses the sync skcipher to invoke the ecb(arc4) skcipher, of which only a single generic C code implementation exists. This means that going through all the trouble of using scatterlists etc buys us very little, and we're better off just invoking the arc4 library directly. Note that the SHA1 shash used by this driver has several accelerated implementations for various architectures, so retaining that part does make sense. Cc: linux-ppp@vger.kernel.org Cc: Paul Mackerras Signed-off-by: Ard Biesheuvel --- drivers/net/ppp/Kconfig | 3 +- drivers/net/ppp/ppp_mppe.c | 97 +++----------------- 2 files changed, 15 insertions(+), 85 deletions(-) -- 2.20.1 diff --git a/drivers/net/ppp/Kconfig b/drivers/net/ppp/Kconfig index bf395df3bb37..1a2e2f7629f3 100644 --- a/drivers/net/ppp/Kconfig +++ b/drivers/net/ppp/Kconfig @@ -87,8 +87,7 @@ config PPP_MPPE depends on PPP select CRYPTO select CRYPTO_SHA1 - select CRYPTO_ARC4 - select CRYPTO_ECB + select CRYPTO_LIB_ARC4 ---help--- Support for the MPPE Encryption protocol, as employed by the Microsoft Point-to-Point Tunneling Protocol. diff --git a/drivers/net/ppp/ppp_mppe.c b/drivers/net/ppp/ppp_mppe.c index ff61dd8748de..de3b57d09d0c 100644 --- a/drivers/net/ppp/ppp_mppe.c +++ b/drivers/net/ppp/ppp_mppe.c @@ -42,9 +42,10 @@ * deprecated in 2.6 */ +#include #include -#include #include +#include #include #include #include @@ -65,13 +66,6 @@ MODULE_LICENSE("Dual BSD/GPL"); MODULE_ALIAS("ppp-compress-" __stringify(CI_MPPE)); MODULE_VERSION("1.0.2"); -static unsigned int -setup_sg(struct scatterlist *sg, const void *address, unsigned int length) -{ - sg_set_buf(sg, address, length); - return length; -} - #define SHA1_PAD_SIZE 40 /* @@ -95,7 +89,7 @@ static inline void sha_pad_init(struct sha_pad *shapad) * State for an MPPE (de)compressor. */ struct ppp_mppe_state { - struct crypto_sync_skcipher *arc4; + struct arc4_ctx arc4; struct shash_desc *sha1; unsigned char *sha1_digest; unsigned char master_key[MPPE_MAX_KEY_LEN]; @@ -154,24 +148,11 @@ static void get_new_key_from_sha(struct ppp_mppe_state * state) */ static void mppe_rekey(struct ppp_mppe_state * state, int initial_key) { - struct scatterlist sg_in[1], sg_out[1]; - SYNC_SKCIPHER_REQUEST_ON_STACK(req, state->arc4); - - skcipher_request_set_sync_tfm(req, state->arc4); - skcipher_request_set_callback(req, 0, NULL, NULL); - get_new_key_from_sha(state); if (!initial_key) { - crypto_sync_skcipher_setkey(state->arc4, state->sha1_digest, - state->keylen); - sg_init_table(sg_in, 1); - sg_init_table(sg_out, 1); - setup_sg(sg_in, state->sha1_digest, state->keylen); - setup_sg(sg_out, state->session_key, state->keylen); - skcipher_request_set_crypt(req, sg_in, sg_out, state->keylen, - NULL); - if (crypto_skcipher_encrypt(req)) - printk(KERN_WARNING "mppe_rekey: cipher_encrypt failed\n"); + arc4_setkey(&state->arc4, state->sha1_digest, state->keylen); + arc4_crypt(&state->arc4, state->session_key, state->sha1_digest, + state->keylen); } else { memcpy(state->session_key, state->sha1_digest, state->keylen); } @@ -181,9 +162,7 @@ static void mppe_rekey(struct ppp_mppe_state * state, int initial_key) state->session_key[1] = 0x26; state->session_key[2] = 0x9e; } - crypto_sync_skcipher_setkey(state->arc4, state->session_key, - state->keylen); - skcipher_request_zero(req); + arc4_setkey(&state->arc4, state->session_key, state->keylen); } /* @@ -196,7 +175,8 @@ static void *mppe_alloc(unsigned char *options, int optlen) unsigned int digestsize; if (optlen != CILEN_MPPE + sizeof(state->master_key) || - options[0] != CI_MPPE || options[1] != CILEN_MPPE) + options[0] != CI_MPPE || options[1] != CILEN_MPPE || + fips_enabled) goto out; state = kzalloc(sizeof(*state), GFP_KERNEL); @@ -204,12 +184,6 @@ static void *mppe_alloc(unsigned char *options, int optlen) goto out; - state->arc4 = crypto_alloc_sync_skcipher("ecb(arc4)", 0, 0); - if (IS_ERR(state->arc4)) { - state->arc4 = NULL; - goto out_free; - } - shash = crypto_alloc_shash("sha1", 0, 0); if (IS_ERR(shash)) goto out_free; @@ -250,7 +224,6 @@ static void *mppe_alloc(unsigned char *options, int optlen) crypto_free_shash(state->sha1->tfm); kzfree(state->sha1); } - crypto_free_sync_skcipher(state->arc4); kfree(state); out: return NULL; @@ -266,8 +239,7 @@ static void mppe_free(void *arg) kfree(state->sha1_digest); crypto_free_shash(state->sha1->tfm); kzfree(state->sha1); - crypto_free_sync_skcipher(state->arc4); - kfree(state); + kzfree(state); } } @@ -366,10 +338,7 @@ mppe_compress(void *arg, unsigned char *ibuf, unsigned char *obuf, int isize, int osize) { struct ppp_mppe_state *state = (struct ppp_mppe_state *) arg; - SYNC_SKCIPHER_REQUEST_ON_STACK(req, state->arc4); int proto; - int err; - struct scatterlist sg_in[1], sg_out[1]; /* * Check that the protocol is in the range we handle. @@ -420,21 +389,7 @@ mppe_compress(void *arg, unsigned char *ibuf, unsigned char *obuf, ibuf += 2; /* skip to proto field */ isize -= 2; - /* Encrypt packet */ - sg_init_table(sg_in, 1); - sg_init_table(sg_out, 1); - setup_sg(sg_in, ibuf, isize); - setup_sg(sg_out, obuf, osize); - - skcipher_request_set_sync_tfm(req, state->arc4); - skcipher_request_set_callback(req, 0, NULL, NULL); - skcipher_request_set_crypt(req, sg_in, sg_out, isize, NULL); - err = crypto_skcipher_encrypt(req); - skcipher_request_zero(req); - if (err) { - printk(KERN_DEBUG "crypto_cypher_encrypt failed\n"); - return -1; - } + arc4_crypt(&state->arc4, obuf, ibuf, isize); state->stats.unc_bytes += isize; state->stats.unc_packets++; @@ -480,10 +435,8 @@ mppe_decompress(void *arg, unsigned char *ibuf, int isize, unsigned char *obuf, int osize) { struct ppp_mppe_state *state = (struct ppp_mppe_state *) arg; - SYNC_SKCIPHER_REQUEST_ON_STACK(req, state->arc4); unsigned ccount; int flushed = MPPE_BITS(ibuf) & MPPE_BIT_FLUSHED; - struct scatterlist sg_in[1], sg_out[1]; if (isize <= PPP_HDRLEN + MPPE_OVHD) { if (state->debug) @@ -610,19 +563,7 @@ mppe_decompress(void *arg, unsigned char *ibuf, int isize, unsigned char *obuf, * Decrypt the first byte in order to check if it is * a compressed or uncompressed protocol field. */ - sg_init_table(sg_in, 1); - sg_init_table(sg_out, 1); - setup_sg(sg_in, ibuf, 1); - setup_sg(sg_out, obuf, 1); - - skcipher_request_set_sync_tfm(req, state->arc4); - skcipher_request_set_callback(req, 0, NULL, NULL); - skcipher_request_set_crypt(req, sg_in, sg_out, 1, NULL); - if (crypto_skcipher_decrypt(req)) { - printk(KERN_DEBUG "crypto_cypher_decrypt failed\n"); - osize = DECOMP_ERROR; - goto out_zap_req; - } + arc4_crypt(&state->arc4, obuf, ibuf, 1); /* * Do PFC decompression. @@ -637,14 +578,7 @@ mppe_decompress(void *arg, unsigned char *ibuf, int isize, unsigned char *obuf, } /* And finally, decrypt the rest of the packet. */ - setup_sg(sg_in, ibuf + 1, isize - 1); - setup_sg(sg_out, obuf + 1, osize - 1); - skcipher_request_set_crypt(req, sg_in, sg_out, isize - 1, NULL); - if (crypto_skcipher_decrypt(req)) { - printk(KERN_DEBUG "crypto_cypher_decrypt failed\n"); - osize = DECOMP_ERROR; - goto out_zap_req; - } + arc4_crypt(&state->arc4, obuf + 1, ibuf + 1, isize - 1); state->stats.unc_bytes += osize; state->stats.unc_packets++; @@ -654,8 +588,6 @@ mppe_decompress(void *arg, unsigned char *ibuf, int isize, unsigned char *obuf, /* good packet credit */ state->sanity_errors >>= 1; -out_zap_req: - skcipher_request_zero(req); return osize; sanity_error: @@ -728,8 +660,7 @@ static struct compressor ppp_mppe = { static int __init ppp_mppe_init(void) { int answer; - if (!(crypto_has_skcipher("ecb(arc4)", 0, CRYPTO_ALG_ASYNC) && - crypto_has_ahash("sha1", 0, CRYPTO_ALG_ASYNC))) + if (fips_enabled || !crypto_has_ahash("sha1", 0, CRYPTO_ALG_ASYNC)) return -ENODEV; sha_pad = kmalloc(sizeof(struct sha_pad), GFP_KERNEL);