From patchwork Sun Feb 5 15:23:26 2017 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Ard Biesheuvel X-Patchwork-Id: 93370 Delivered-To: patch@linaro.org Received: by 10.140.20.99 with SMTP id 90csp1370683qgi; Sun, 5 Feb 2017 07:25:24 -0800 (PST) X-Received: by 10.98.42.151 with SMTP id q145mr8191640pfq.175.1486308324005; Sun, 05 Feb 2017 07:25:24 -0800 (PST) Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id p17si31103838pfi.66.2017.02.05.07.25.23; Sun, 05 Feb 2017 07:25:23 -0800 (PST) Received-SPF: pass (google.com: best guess record for domain of linux-wireless-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=pass header.i=@linaro.org; spf=pass (google.com: best guess record for domain of linux-wireless-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-wireless-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linaro.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1751939AbdBEPZW (ORCPT + 1 other); Sun, 5 Feb 2017 10:25:22 -0500 Received: from mail-wr0-f173.google.com ([209.85.128.173]:34029 "EHLO mail-wr0-f173.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1751453AbdBEPZV (ORCPT ); Sun, 5 Feb 2017 10:25:21 -0500 Received: by mail-wr0-f173.google.com with SMTP id o16so11269419wra.1 for ; Sun, 05 Feb 2017 07:25:20 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linaro.org; s=google; h=from:to:cc:subject:date:message-id; bh=WUv79hxFUjtpOd7toXu/Zk9wE54ueP7r8MbL10+NCfs=; b=fL1C3EFZTktJ0b7x3wyTTESbYxvLlOVFH5WDMLwzwLDPwWDswsKPHS6XFbugfd9KMQ dJYPvHMo1L+8iYPWXVQeZxWEbJ8gtxgYoTpB3Wh1Rw8weawu2RLqi9hWSbk3VPbqz5k8 /A6qlGAJ1YoKtaoVUXoV2714n3kPG6gvx9adg= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id; bh=WUv79hxFUjtpOd7toXu/Zk9wE54ueP7r8MbL10+NCfs=; b=NLKZpZGcgDD/PVfEoICcPy9PMAAsnvFdqFdwsPIvoUGlHhmSAgscBytZYn0b9hD2Re BxlXTfdPCYklEKAIOerkwrLvyPHyCiQQmXRegS3cZ6XmgrAEs9I/B7LX2NoQYmn5vM/8 +E0nrewPr6y0A0iICf8PlC7pVPog3vbaeryj0/rpeLCBOZj7Li3IixWZdSzUobhx9bN5 PjP/W5cBa8ezj+KLTPYbHULS7DLy/3YemE3i2esd8hsMu53WsZ63Uj7/5nmHRzs4q/BN TZvLcK2SQZg3NZ0hIe/KcaUto4a8Gh2WtaXtdpMU9+grEzJ81njOfwMipLBnqju9Db5X hRLQ== X-Gm-Message-State: AIkVDXLmQg4ma40lRziM9RL/Pv/S8OcMsJbJh1h55oe06j8qNsHmwURfRTqmO/35xkQnM5LX X-Received: by 10.223.129.163 with SMTP id 32mr5458193wra.140.1486308319950; Sun, 05 Feb 2017 07:25:19 -0800 (PST) Received: from localhost.localdomain ([197.130.95.80]) by smtp.gmail.com with ESMTPSA id o2sm55285779wra.42.2017.02.05.07.25.07 (version=TLS1_2 cipher=ECDHE-RSA-AES128-SHA bits=128/128); Sun, 05 Feb 2017 07:25:18 -0800 (PST) From: Ard Biesheuvel To: johannes@sipsolutions.net, jouni@qca.qualcomm.com, linux-wireless@vger.kernel.org Cc: netdev@vger.kernel.org, davem@davemloft.net, Ard Biesheuvel Subject: [PATCH v2 0/2] mac80211: use crypto shash for AES cmac Date: Sun, 5 Feb 2017 15:23:26 +0000 Message-Id: <1486308208-3252-1-git-send-email-ard.biesheuvel@linaro.org> X-Mailer: git-send-email 2.7.4 Sender: linux-wireless-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-wireless@vger.kernel.org This is something I spotted while working on AES in various modes for ARM and arm64. The mac80211 aes_cmac code reimplements the CMAC algorithm based on the core AES cipher, which is rather restrictive in how platforms can satisfy the dependency on this algorithm. For instance, SIMD implementations may have a considerable setup time, which cannot be amortized over the entire input when calling into the crypto API one block at a time. Also, it prevents the use of more secure fixed time implementations, since not all AES drivers expose the cipher interface. So switch aes_cmac to use a cmac(aes) shash. Before updating the aes_cmac code in patch #2, the FILS AEAD code is moved to using a cmac(aes) shash supplied by the crypto API so that we can remove the open coded version entirely in the second patch. NOTE: Jouni has been so kind to test patch #2, and confirmed that it is working. I have not tested patch #1 myself, mainly because the test methodology requires downloading Ubuntu installer images, and I am currently on a metered 3G connection (and will be for another couple of weeks) Ard Biesheuvel (2): mac80211: fils_aead: Use crypto api CMAC shash rather than bare cipher mac80211: aes-cmac: switch to shash CMAC driver net/mac80211/Kconfig | 1 + net/mac80211/aes_cmac.c | 130 +++++--------------- net/mac80211/aes_cmac.h | 15 +-- net/mac80211/fils_aead.c | 74 +++++------ net/mac80211/key.h | 2 +- 5 files changed, 70 insertions(+), 152 deletions(-) -- 2.7.4