From patchwork Wed Jun 12 16:19:53 2019 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Ard Biesheuvel X-Patchwork-Id: 166583 Delivered-To: patch@linaro.org Received: by 2002:a92:4782:0:0:0:0:0 with SMTP id e2csp3877478ilk; Wed, 12 Jun 2019 09:20:11 -0700 (PDT) X-Google-Smtp-Source: APXvYqyz7Oyerxrw2+PLgoUtKy6ubW1omU/dEz3dFro1vtySj2rMWVDJTyG3FoZAdWr++XrvVQiX X-Received: by 2002:a65:6383:: with SMTP id h3mr25895089pgv.452.1560356410796; Wed, 12 Jun 2019 09:20:10 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1560356410; cv=none; d=google.com; s=arc-20160816; b=OyTVpquaTBHwZCLAZd9Nq9KlzCilz33nDJCbl0ddMMjbMs2FglFa0/ZQ5wRIbVyNHT Ug6CUIGYnenDiKYH3IXIKgvnLuqsZWEy2lNsZgN7tGbFg42MFBPlurTsSwc8N1NlQGny TuE75sZn9JXESl3bqrluHkeQxP+0T8fthF4VO63ZPPlthfGIIRolRH/QC6TzwBXQAvLF cUVD2MZtP+OWjBvQUC1r+TvaLJQ7uoiiMvub/Q+wnsIcS6dkWu1z49IzBMmG1+D5lJPn G0wt9+KSwoZcJ9BoIpeq0lFxSuWGkOeiFEV/K9de5QOnG6VhBqlRNUWCrZZUYP86/ybM MEsQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:content-transfer-encoding:mime-version :references:in-reply-to:message-id:date:subject:cc:to:from :dkim-signature; bh=NsVVAoh4ycTfhIVgfTwtZHIgoe8z7I00wgM8parRZuE=; b=PQ9JVH8EBcrelHFvTBRIY/46f2q/bsbEB4U0a8DvVsH/seeOSA3t4YoUZ7UloEBnYH gFKivf07jsODrBKIif6yLlNFiKrgkf6INZ/oqQDzT7ymrg6f1Q7yBWEFNlulPMoSPeul x2/H4tgNdWaIdEMY0AzDS9DE3+EZae/5/GDwMChBPx0sBdyyVlx/H0yYoRS/I9lm7s1m /kQxRQUR8r/rpvHKRkgovSZ4ib8OHWkJ3XaNl9AqK4BxX7fWwdyJrU54J9TfNQZV2fld AR+pb3iTV3g3fFc/gvVxj3vhdv0nzXTI5wBhHO6vsjyjm6zV5mzmfACx1VNoFOy/zPuh rUlA== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@linaro.org header.s=google header.b=SjEjVx4Z; spf=pass (google.com: best guess record for domain of linux-crypto-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-crypto-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linaro.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id j1si109625pld.399.2019.06.12.09.20.10; Wed, 12 Jun 2019 09:20:10 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-crypto-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=pass header.i=@linaro.org header.s=google header.b=SjEjVx4Z; spf=pass (google.com: best guess record for domain of linux-crypto-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-crypto-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linaro.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1730837AbfFLQUK (ORCPT + 3 others); Wed, 12 Jun 2019 12:20:10 -0400 Received: from mail-wm1-f67.google.com ([209.85.128.67]:37098 "EHLO mail-wm1-f67.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1730289AbfFLQUI (ORCPT ); Wed, 12 Jun 2019 12:20:08 -0400 Received: by mail-wm1-f67.google.com with SMTP id 22so7182576wmg.2 for ; Wed, 12 Jun 2019 09:20:06 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linaro.org; s=google; h=from:to:cc:subject:date:message-id:in-reply-to:references :mime-version:content-transfer-encoding; bh=NsVVAoh4ycTfhIVgfTwtZHIgoe8z7I00wgM8parRZuE=; b=SjEjVx4Z0LrOq2S+1/alZudgs652C6+QkuK6c6QUb2MyQA1smUQZx4HJkkgdArXZyj +R00SzlJxWjK4dn2C2RdPWjZv2pN+BlZKQHTLRE2TUrRjrJUkUs5tHHdEEsGOmRZFUtG xa7miGbQZVDJJKlVYCOgSz/z0Y3obPpuppNh6PkQV1T5vrOxn3EF56/ktzopfdDPQZGK T1XXScdReyiMLPvKFUw525k9wQzwPHy2IQ73NmSDG+jqtgA5yMjyOwciFpUoazqCrYFy NwUMUaW6n/bSuz6E/Sw69uhSFlh3Rxk1hSrLC9LcOf//KunjIX4Bhfu5LcBQ42D9vg44 lyog== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references:mime-version:content-transfer-encoding; bh=NsVVAoh4ycTfhIVgfTwtZHIgoe8z7I00wgM8parRZuE=; b=RDcH8zvbs/e2d6DD8IylAfsRUAEgffNdX2xmPAKMlEfCheImG6uWrvbwNp4vNxLA2a bxEyvHaLHzmOAPsmnvJBWRPS78ptcJZJNmG+u/xisybB9LcGFvD8CYLzhb/zzM2UUFW0 B5uceaVk2oE137wBvmHyBOkmKoZEKRNggtEkEluySYYXh0cIBf/30AsqrCsEwW5gC5P6 Lbi024kWuhgHdIPCKAJ1ICLZxuFqw6lvjGnhKi8fhZmdvCTH6AZwP4oNmWYIDbylmvw3 rx+av9tOx8FBODs8syhIaztsenxcmL1dBf8skKL3CsPM7YQrzvN40GOumRibZKnlDtJi yOYg== X-Gm-Message-State: APjAAAWoGgh6i/mih3Zdpeg89ws+aHXt0GtyB2LTsDWAr66uZa5VVjno blXlnzsmvc18aZuguYciBs5z7UspPPhVEg== X-Received: by 2002:a1c:544d:: with SMTP id p13mr42072wmi.78.1560356405686; Wed, 12 Jun 2019 09:20:05 -0700 (PDT) Received: from sudo.home ([2a01:cb1d:112:6f00:353a:f33a:a393:3ada]) by smtp.gmail.com with ESMTPSA id c16sm70172wrr.53.2019.06.12.09.20.04 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Wed, 12 Jun 2019 09:20:05 -0700 (PDT) From: Ard Biesheuvel To: linux-crypto@vger.kernel.org Cc: Ard Biesheuvel , Herbert Xu , "David S. Miller" , Eric Biggers , Johannes Berg Subject: [PATCH v5 1/7] crypto: arc4 - refactor arc4 core code into separate library Date: Wed, 12 Jun 2019 18:19:53 +0200 Message-Id: <20190612161959.30478-2-ard.biesheuvel@linaro.org> X-Mailer: git-send-email 2.20.1 In-Reply-To: <20190612161959.30478-1-ard.biesheuvel@linaro.org> References: <20190612161959.30478-1-ard.biesheuvel@linaro.org> MIME-Version: 1.0 Sender: linux-crypto-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-crypto@vger.kernel.org Refactor the core rc4 handling so we can move most users to a library interface, permitting us to drop the cipher interface entirely in a future patch. This is part of an effort to simplify the crypto API and improve its robustness against incorrect use. Signed-off-by: Ard Biesheuvel --- MAINTAINERS | 1 + crypto/Kconfig | 4 ++ crypto/arc4.c | 60 +--------------- include/crypto/arc4.h | 10 +++ lib/Makefile | 2 +- lib/crypto/Makefile | 4 ++ lib/crypto/arc4.c | 74 ++++++++++++++++++++ 7 files changed, 95 insertions(+), 60 deletions(-) -- 2.20.1 diff --git a/MAINTAINERS b/MAINTAINERS index 57f496cff999..112f21066141 100644 --- a/MAINTAINERS +++ b/MAINTAINERS @@ -4241,6 +4241,7 @@ F: crypto/ F: drivers/crypto/ F: include/crypto/ F: include/linux/crypto* +F: lib/crypto/ CRYPTOGRAPHIC RANDOM NUMBER GENERATOR M: Neil Horman diff --git a/crypto/Kconfig b/crypto/Kconfig index 3d056e7da65f..5114b35ef3b4 100644 --- a/crypto/Kconfig +++ b/crypto/Kconfig @@ -1230,9 +1230,13 @@ config CRYPTO_ANUBIS +config CRYPTO_LIB_ARC4 + tristate + config CRYPTO_ARC4 tristate "ARC4 cipher algorithm" select CRYPTO_BLKCIPHER + select CRYPTO_LIB_ARC4 help ARC4 cipher algorithm. diff --git a/crypto/arc4.c b/crypto/arc4.c index a2120e06bf84..6974dba1b7b9 100644 --- a/crypto/arc4.c +++ b/crypto/arc4.c @@ -13,33 +13,12 @@ #include #include -struct arc4_ctx { - u32 S[256]; - u32 x, y; -}; - static int arc4_set_key(struct crypto_tfm *tfm, const u8 *in_key, unsigned int key_len) { struct arc4_ctx *ctx = crypto_tfm_ctx(tfm); - int i, j = 0, k = 0; - - ctx->x = 1; - ctx->y = 0; - for (i = 0; i < 256; i++) - ctx->S[i] = i; - - for (i = 0; i < 256; i++) { - u32 a = ctx->S[i]; - j = (j + in_key[k] + a) & 0xff; - ctx->S[i] = ctx->S[j]; - ctx->S[j] = a; - if (++k >= key_len) - k = 0; - } - - return 0; + return arc4_setkey(ctx, in_key, key_len); } static int arc4_set_key_skcipher(struct crypto_skcipher *tfm, const u8 *in_key, @@ -48,43 +27,6 @@ static int arc4_set_key_skcipher(struct crypto_skcipher *tfm, const u8 *in_key, return arc4_set_key(&tfm->base, in_key, key_len); } -static void arc4_crypt(struct arc4_ctx *ctx, u8 *out, const u8 *in, - unsigned int len) -{ - u32 *const S = ctx->S; - u32 x, y, a, b; - u32 ty, ta, tb; - - if (len == 0) - return; - - x = ctx->x; - y = ctx->y; - - a = S[x]; - y = (y + a) & 0xff; - b = S[y]; - - do { - S[y] = a; - a = (a + b) & 0xff; - S[x] = b; - x = (x + 1) & 0xff; - ta = S[x]; - ty = (y + ta) & 0xff; - tb = S[ty]; - *out++ = *in++ ^ S[a]; - if (--len == 0) - break; - y = ty; - a = ta; - b = tb; - } while (true); - - ctx->x = x; - ctx->y = y; -} - static void arc4_crypt_one(struct crypto_tfm *tfm, u8 *out, const u8 *in) { arc4_crypt(crypto_tfm_ctx(tfm), out, in, 1); diff --git a/include/crypto/arc4.h b/include/crypto/arc4.h index 5b2c24ab0139..f3c22fe01704 100644 --- a/include/crypto/arc4.h +++ b/include/crypto/arc4.h @@ -6,8 +6,18 @@ #ifndef _CRYPTO_ARC4_H #define _CRYPTO_ARC4_H +#include + #define ARC4_MIN_KEY_SIZE 1 #define ARC4_MAX_KEY_SIZE 256 #define ARC4_BLOCK_SIZE 1 +struct arc4_ctx { + u32 S[256]; + u32 x, y; +}; + +int arc4_setkey(struct arc4_ctx *ctx, const u8 *in_key, unsigned int key_len); +void arc4_crypt(struct arc4_ctx *ctx, u8 *out, const u8 *in, unsigned int len); + #endif /* _CRYPTO_ARC4_H */ diff --git a/lib/Makefile b/lib/Makefile index fb7697031a79..d3daedf93c5a 100644 --- a/lib/Makefile +++ b/lib/Makefile @@ -102,7 +102,7 @@ endif obj-$(CONFIG_DEBUG_INFO_REDUCED) += debug_info.o CFLAGS_debug_info.o += $(call cc-option, -femit-struct-debug-detailed=any) -obj-y += math/ +obj-y += math/ crypto/ obj-$(CONFIG_GENERIC_IOMAP) += iomap.o obj-$(CONFIG_GENERIC_PCI_IOMAP) += pci_iomap.o diff --git a/lib/crypto/Makefile b/lib/crypto/Makefile new file mode 100644 index 000000000000..88195c34932d --- /dev/null +++ b/lib/crypto/Makefile @@ -0,0 +1,4 @@ +# SPDX-License-Identifier: GPL-2.0 + +obj-$(CONFIG_CRYPTO_LIB_ARC4) += libarc4.o +libarc4-y := arc4.o diff --git a/lib/crypto/arc4.c b/lib/crypto/arc4.c new file mode 100644 index 000000000000..c2020f19c652 --- /dev/null +++ b/lib/crypto/arc4.c @@ -0,0 +1,74 @@ +// SPDX-License-Identifier: GPL-2.0-or-later +/* + * Cryptographic API + * + * ARC4 Cipher Algorithm + * + * Jon Oberheide + */ + +#include +#include + +int arc4_setkey(struct arc4_ctx *ctx, const u8 *in_key, unsigned int key_len) +{ + int i, j = 0, k = 0; + + ctx->x = 1; + ctx->y = 0; + + for (i = 0; i < 256; i++) + ctx->S[i] = i; + + for (i = 0; i < 256; i++) { + u32 a = ctx->S[i]; + + j = (j + in_key[k] + a) & 0xff; + ctx->S[i] = ctx->S[j]; + ctx->S[j] = a; + if (++k >= key_len) + k = 0; + } + + return 0; +} +EXPORT_SYMBOL(arc4_setkey); + +void arc4_crypt(struct arc4_ctx *ctx, u8 *out, const u8 *in, unsigned int len) +{ + u32 *const S = ctx->S; + u32 x, y, a, b; + u32 ty, ta, tb; + + if (len == 0) + return; + + x = ctx->x; + y = ctx->y; + + a = S[x]; + y = (y + a) & 0xff; + b = S[y]; + + do { + S[y] = a; + a = (a + b) & 0xff; + S[x] = b; + x = (x + 1) & 0xff; + ta = S[x]; + ty = (y + ta) & 0xff; + tb = S[ty]; + *out++ = *in++ ^ S[a]; + if (--len == 0) + break; + y = ty; + a = ta; + b = tb; + } while (true); + + ctx->x = x; + ctx->y = y; +} +EXPORT_SYMBOL(arc4_crypt); + +MODULE_LICENSE("GPL"); From patchwork Wed Jun 12 16:19:54 2019 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Ard Biesheuvel X-Patchwork-Id: 166584 Delivered-To: patch@linaro.org Received: by 2002:a92:4782:0:0:0:0:0 with SMTP id e2csp3877499ilk; Wed, 12 Jun 2019 09:20:11 -0700 (PDT) X-Google-Smtp-Source: APXvYqwNbwuAC0pF7KPaBo9HFB3WpPledNOKeshAIJC5DmFUHJKC/XB1wd7dQeFNV3qkKTKJjSav X-Received: by 2002:a63:79c8:: with SMTP id u191mr7137648pgc.366.1560356411773; Wed, 12 Jun 2019 09:20:11 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1560356411; cv=none; d=google.com; s=arc-20160816; b=MhoJTjQKhvEziHg6Krhs7l9QhZOkEMYkE7DtAixawETGf6gf9KIBuZVahbV5ILPF2o KkUCgDDNoFKITZSvN+9tmxhD1COTPNUAJ47A+FoDzWTstzxcuM7AXjMmMgItDK7f3M0h +c6Vz8XG+i60LBWStdBdJSp1v9J4a77XOyVz0NMaVOAe2d5GW7fkwZKwKWvb/b9Abxek 6UZUK6qbJjUZEf+NpNGK1QuAlmMiVAOneQ3UbG6crsN88PPblmKLjWyUeGuT9JnPCY33 9RDD8jDp5SKBGjSRYpDPNetwpEJEsg02zVh2DwzJ5wUxqmpagLp5lv1YKG0bYqfmmPRv 9qOQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:content-transfer-encoding:mime-version :references:in-reply-to:message-id:date:subject:cc:to:from :dkim-signature; bh=NaiILqgzAo1oM2kDQ2vG7b0YVf55acSEfY/Ju2B3Oi8=; b=hR41Uxb3LjaG4N86JSwmuZwKwFZ0K0QdMD1INojXn6WHu/DhclZle8qJnY/jS9aS1y VdHNwiUbUasrNLIaXsCIX2CMgV1+ifHnL/mOKRfFsxeiS3bQiNZVVWQxqnhtoar58da7 vK6hzsXTjpvjg7wHIcIXQ7HdOYjwH6K5/M71mbCDTtJkHfqo3OYeT4wSnNDAs03Rt/hq jbs3fE7jK0rUnSRzctryY91hCGwBaAgcwE6Ck7epltu4IRODsmVdR4ye7DBMvYcWFrVG SkB4vatDJwAg6RjyZ0X0VmKu1TbxnCxMdvMAdpKFxltwITgoL+B5Pd3cpodq9oGuZI6g BytQ== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@linaro.org header.s=google header.b=b0SDkSsV; spf=pass (google.com: best guess record for domain of linux-crypto-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-crypto-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linaro.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id j1si109625pld.399.2019.06.12.09.20.11; Wed, 12 Jun 2019 09:20:11 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-crypto-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=pass header.i=@linaro.org header.s=google header.b=b0SDkSsV; spf=pass (google.com: best guess record for domain of linux-crypto-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-crypto-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linaro.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1730824AbfFLQUL (ORCPT + 3 others); Wed, 12 Jun 2019 12:20:11 -0400 Received: from mail-wm1-f68.google.com ([209.85.128.68]:34506 "EHLO mail-wm1-f68.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1729732AbfFLQUK (ORCPT ); Wed, 12 Jun 2019 12:20:10 -0400 Received: by mail-wm1-f68.google.com with SMTP id w9so4644066wmd.1 for ; Wed, 12 Jun 2019 09:20:08 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linaro.org; s=google; h=from:to:cc:subject:date:message-id:in-reply-to:references :mime-version:content-transfer-encoding; bh=NaiILqgzAo1oM2kDQ2vG7b0YVf55acSEfY/Ju2B3Oi8=; b=b0SDkSsVuFiB8GpVveisfULi1UfWRV/pUHRTx/WUJrokGbXSXqirprYdhL5AON7f8k qp48NJnDwcaEsyfe5TIp3G0oL5F0k7JGBxwvtwbDtF5cmZMKQIZBCyUEzyN0NYjY4j2Z gNWrhZedip4UgMh7plhxV85IY9wFtCjKApj9TVbyb/1DlLVsOvcAKJGTMDIdDibIaBJ4 4Y8KCHtD5UUAth7h4mBii0jB5Cpm3dS4kp1apELN6B5AI2XI+b1xIqxMRb6jhAVSM1TH qJvZEqGeXsOpSbZfzz/2/E58keWjTWHdZCDzmTP88fwsPnFJ0gDWzQ13edLQiFEyQdt5 YPoQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references:mime-version:content-transfer-encoding; bh=NaiILqgzAo1oM2kDQ2vG7b0YVf55acSEfY/Ju2B3Oi8=; b=Wyv6f50egDxCnvPdztXV3P7wi3CETzDNYU/p8GNne/i1+oKK0xyJbJ0X4k+QTyC7Yn QVF+We/1n/zNDWRZZuGSQQzdukTUOwQq2tjXORCuiroHBHYKlpWvgr0EpEd03bZslWW/ TxYGiq4k7DNJrvuXJoXQUaQdjTk9Il+0qenoa+yMGGEjKn9cGtx2t+5tYZCCraF5PycV LgKSFWcgCSsyXAEg5c0PPnt2Y6zEpr8JkDugTBjD29on+YBpU8J4owSMzk0RMK9LSM+r GBL7A+159aX1yX/rCJfSvHKmBraWNhlJVk+IW1Cvf4/HlgsGKJOkD99zU+hk2VLXVjG6 Xp5A== X-Gm-Message-State: APjAAAVmZm6kG4NNpClgTXz+GVJMVATtOSTNpc7MzxkNBwTOtQ7ElO36 1R95yh/nwzFhztnHqSwHx/lAJ9lhkhaJhA== X-Received: by 2002:a1c:4b1a:: with SMTP id y26mr4873wma.105.1560356407330; Wed, 12 Jun 2019 09:20:07 -0700 (PDT) Received: from sudo.home ([2a01:cb1d:112:6f00:353a:f33a:a393:3ada]) by smtp.gmail.com with ESMTPSA id c16sm70172wrr.53.2019.06.12.09.20.05 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Wed, 12 Jun 2019 09:20:06 -0700 (PDT) From: Ard Biesheuvel To: linux-crypto@vger.kernel.org Cc: Ard Biesheuvel , Herbert Xu , "David S. Miller" , Eric Biggers , Johannes Berg Subject: [PATCH v5 2/7] net/mac80211: move WEP handling to ARC4 library interface Date: Wed, 12 Jun 2019 18:19:54 +0200 Message-Id: <20190612161959.30478-3-ard.biesheuvel@linaro.org> X-Mailer: git-send-email 2.20.1 In-Reply-To: <20190612161959.30478-1-ard.biesheuvel@linaro.org> References: <20190612161959.30478-1-ard.biesheuvel@linaro.org> MIME-Version: 1.0 Sender: linux-crypto-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-crypto@vger.kernel.org The WEP code in the mac80211 subsystem currently uses the crypto API to access the arc4 (RC4) cipher, which is overly complicated, and doesn't really have an upside in this particular case, since ciphers are always synchronous and therefore always implemented in software. Given that we have no accelerated software implementations either, it is much more straightforward to invoke a generic library interface directly. Signed-off-by: Ard Biesheuvel --- net/mac80211/Kconfig | 2 +- net/mac80211/cfg.c | 4 +- net/mac80211/ieee80211_i.h | 4 +- net/mac80211/key.h | 1 + net/mac80211/main.c | 6 +-- net/mac80211/mlme.c | 3 +- net/mac80211/tkip.c | 8 ++-- net/mac80211/tkip.h | 4 +- net/mac80211/wep.c | 49 ++++---------------- net/mac80211/wep.h | 5 +- net/mac80211/wpa.c | 4 +- 11 files changed, 30 insertions(+), 60 deletions(-) -- 2.20.1 diff --git a/net/mac80211/Kconfig b/net/mac80211/Kconfig index 0227cce9685e..0c93b1b7a826 100644 --- a/net/mac80211/Kconfig +++ b/net/mac80211/Kconfig @@ -3,7 +3,7 @@ config MAC80211 tristate "Generic IEEE 802.11 Networking Stack (mac80211)" depends on CFG80211 select CRYPTO - select CRYPTO_ARC4 + select CRYPTO_LIB_ARC4 select CRYPTO_AES select CRYPTO_CCM select CRYPTO_GCM diff --git a/net/mac80211/cfg.c b/net/mac80211/cfg.c index a1973a26c7fc..3fae902937fd 100644 --- a/net/mac80211/cfg.c +++ b/net/mac80211/cfg.c @@ -14,6 +14,7 @@ #include #include #include +#include #include #include #include "ieee80211_i.h" @@ -402,9 +403,8 @@ static int ieee80211_add_key(struct wiphy *wiphy, struct net_device *dev, case WLAN_CIPHER_SUITE_WEP40: case WLAN_CIPHER_SUITE_TKIP: case WLAN_CIPHER_SUITE_WEP104: - if (IS_ERR(local->wep_tx_tfm)) + if (WARN_ON_ONCE(fips_enabled)) return -EINVAL; - break; case WLAN_CIPHER_SUITE_CCMP: case WLAN_CIPHER_SUITE_CCMP_256: case WLAN_CIPHER_SUITE_AES_CMAC: diff --git a/net/mac80211/ieee80211_i.h b/net/mac80211/ieee80211_i.h index 073a8235ae1b..412da8cfbc36 100644 --- a/net/mac80211/ieee80211_i.h +++ b/net/mac80211/ieee80211_i.h @@ -1258,8 +1258,8 @@ struct ieee80211_local { struct rate_control_ref *rate_ctrl; - struct crypto_cipher *wep_tx_tfm; - struct crypto_cipher *wep_rx_tfm; + struct arc4_ctx wep_tx_ctx; + struct arc4_ctx wep_rx_ctx; u32 wep_iv; /* see iface.c */ diff --git a/net/mac80211/key.h b/net/mac80211/key.h index f06fbd03d235..6c5bbaebd02c 100644 --- a/net/mac80211/key.h +++ b/net/mac80211/key.h @@ -14,6 +14,7 @@ #include #include #include +#include #include #define NUM_DEFAULT_KEYS 4 diff --git a/net/mac80211/main.c b/net/mac80211/main.c index 2b608044ae23..93c4a2d0623e 100644 --- a/net/mac80211/main.c +++ b/net/mac80211/main.c @@ -13,6 +13,7 @@ #include #include +#include #include #include #include @@ -733,8 +734,7 @@ EXPORT_SYMBOL(ieee80211_alloc_hw_nm); static int ieee80211_init_cipher_suites(struct ieee80211_local *local) { - bool have_wep = !(IS_ERR(local->wep_tx_tfm) || - IS_ERR(local->wep_rx_tfm)); + bool have_wep = !fips_enabled; /* FIPS does not permit the use of RC4 */ bool have_mfp = ieee80211_hw_check(&local->hw, MFP_CAPABLE); int n_suites = 0, r = 0, w = 0; u32 *suites; @@ -1301,7 +1301,6 @@ int ieee80211_register_hw(struct ieee80211_hw *hw) fail_rate: rtnl_unlock(); ieee80211_led_exit(local); - ieee80211_wep_free(local); fail_flows: destroy_workqueue(local->workqueue); fail_workqueue: @@ -1358,7 +1357,6 @@ void ieee80211_unregister_hw(struct ieee80211_hw *hw) destroy_workqueue(local->workqueue); wiphy_unregister(local->hw.wiphy); - ieee80211_wep_free(local); ieee80211_led_exit(local); kfree(local->int_scan_req); } diff --git a/net/mac80211/mlme.c b/net/mac80211/mlme.c index b7a9fe3d5fcb..048a07b101b4 100644 --- a/net/mac80211/mlme.c +++ b/net/mac80211/mlme.c @@ -15,6 +15,7 @@ */ #include +#include #include #include #include @@ -5038,7 +5039,7 @@ int ieee80211_mgd_auth(struct ieee80211_sub_if_data *sdata, auth_alg = WLAN_AUTH_OPEN; break; case NL80211_AUTHTYPE_SHARED_KEY: - if (IS_ERR(local->wep_tx_tfm)) + if (fips_enabled) return -EOPNOTSUPP; auth_alg = WLAN_AUTH_SHARED_KEY; break; diff --git a/net/mac80211/tkip.c b/net/mac80211/tkip.c index b3622823bad2..96b87fc7122e 100644 --- a/net/mac80211/tkip.c +++ b/net/mac80211/tkip.c @@ -222,7 +222,7 @@ EXPORT_SYMBOL(ieee80211_get_tkip_p2k); * @payload_len is the length of payload (_not_ including IV/ICV length). * @ta is the transmitter addresses. */ -int ieee80211_tkip_encrypt_data(struct crypto_cipher *tfm, +int ieee80211_tkip_encrypt_data(struct arc4_ctx *ctx, struct ieee80211_key *key, struct sk_buff *skb, u8 *payload, size_t payload_len) @@ -231,7 +231,7 @@ int ieee80211_tkip_encrypt_data(struct crypto_cipher *tfm, ieee80211_get_tkip_p2k(&key->conf, skb, rc4key); - return ieee80211_wep_encrypt_data(tfm, rc4key, 16, + return ieee80211_wep_encrypt_data(ctx, rc4key, 16, payload, payload_len); } @@ -239,7 +239,7 @@ int ieee80211_tkip_encrypt_data(struct crypto_cipher *tfm, * beginning of the buffer containing IEEE 802.11 header payload, i.e., * including IV, Ext. IV, real data, Michael MIC, ICV. @payload_len is the * length of payload, including IV, Ext. IV, MIC, ICV. */ -int ieee80211_tkip_decrypt_data(struct crypto_cipher *tfm, +int ieee80211_tkip_decrypt_data(struct arc4_ctx *ctx, struct ieee80211_key *key, u8 *payload, size_t payload_len, u8 *ta, u8 *ra, int only_iv, int queue, @@ -297,7 +297,7 @@ int ieee80211_tkip_decrypt_data(struct crypto_cipher *tfm, tkip_mixing_phase2(tk, &rx_ctx->ctx, iv16, rc4key); - res = ieee80211_wep_decrypt_data(tfm, rc4key, 16, pos, payload_len - 12); + res = ieee80211_wep_decrypt_data(ctx, rc4key, 16, pos, payload_len - 12); done: if (res == TKIP_DECRYPT_OK) { /* diff --git a/net/mac80211/tkip.h b/net/mac80211/tkip.h index a1bcbfbefe7c..798583056201 100644 --- a/net/mac80211/tkip.h +++ b/net/mac80211/tkip.h @@ -13,7 +13,7 @@ #include #include "key.h" -int ieee80211_tkip_encrypt_data(struct crypto_cipher *tfm, +int ieee80211_tkip_encrypt_data(struct arc4_ctx *ctx, struct ieee80211_key *key, struct sk_buff *skb, u8 *payload, size_t payload_len); @@ -24,7 +24,7 @@ enum { TKIP_DECRYPT_INVALID_KEYIDX = -2, TKIP_DECRYPT_REPLAY = -3, }; -int ieee80211_tkip_decrypt_data(struct crypto_cipher *tfm, +int ieee80211_tkip_decrypt_data(struct arc4_ctx *ctx, struct ieee80211_key *key, u8 *payload, size_t payload_len, u8 *ta, u8 *ra, int only_iv, int queue, diff --git a/net/mac80211/wep.c b/net/mac80211/wep.c index bfe9ed9f4c48..9f5673736967 100644 --- a/net/mac80211/wep.c +++ b/net/mac80211/wep.c @@ -30,30 +30,9 @@ int ieee80211_wep_init(struct ieee80211_local *local) /* start WEP IV from a random value */ get_random_bytes(&local->wep_iv, IEEE80211_WEP_IV_LEN); - local->wep_tx_tfm = crypto_alloc_cipher("arc4", 0, 0); - if (IS_ERR(local->wep_tx_tfm)) { - local->wep_rx_tfm = ERR_PTR(-EINVAL); - return PTR_ERR(local->wep_tx_tfm); - } - - local->wep_rx_tfm = crypto_alloc_cipher("arc4", 0, 0); - if (IS_ERR(local->wep_rx_tfm)) { - crypto_free_cipher(local->wep_tx_tfm); - local->wep_tx_tfm = ERR_PTR(-EINVAL); - return PTR_ERR(local->wep_rx_tfm); - } - return 0; } -void ieee80211_wep_free(struct ieee80211_local *local) -{ - if (!IS_ERR(local->wep_tx_tfm)) - crypto_free_cipher(local->wep_tx_tfm); - if (!IS_ERR(local->wep_rx_tfm)) - crypto_free_cipher(local->wep_rx_tfm); -} - static inline bool ieee80211_wep_weak_iv(u32 iv, int keylen) { /* @@ -131,21 +110,17 @@ static void ieee80211_wep_remove_iv(struct ieee80211_local *local, /* Perform WEP encryption using given key. data buffer must have tailroom * for 4-byte ICV. data_len must not include this ICV. Note: this function * does _not_ add IV. data = RC4(data | CRC32(data)) */ -int ieee80211_wep_encrypt_data(struct crypto_cipher *tfm, u8 *rc4key, +int ieee80211_wep_encrypt_data(struct arc4_ctx *ctx, u8 *rc4key, size_t klen, u8 *data, size_t data_len) { __le32 icv; - int i; - - if (IS_ERR(tfm)) - return -1; icv = cpu_to_le32(~crc32_le(~0, data, data_len)); put_unaligned(icv, (__le32 *)(data + data_len)); - crypto_cipher_setkey(tfm, rc4key, klen); - for (i = 0; i < data_len + IEEE80211_WEP_ICV_LEN; i++) - crypto_cipher_encrypt_one(tfm, data + i, data + i); + arc4_setkey(ctx, rc4key, klen); + arc4_crypt(ctx, data, data, data_len + IEEE80211_WEP_ICV_LEN); + memzero_explicit(ctx, sizeof(*ctx)); return 0; } @@ -184,7 +159,7 @@ int ieee80211_wep_encrypt(struct ieee80211_local *local, /* Add room for ICV */ skb_put(skb, IEEE80211_WEP_ICV_LEN); - return ieee80211_wep_encrypt_data(local->wep_tx_tfm, rc4key, keylen + 3, + return ieee80211_wep_encrypt_data(&local->wep_tx_ctx, rc4key, keylen + 3, iv + IEEE80211_WEP_IV_LEN, len); } @@ -192,18 +167,14 @@ int ieee80211_wep_encrypt(struct ieee80211_local *local, /* Perform WEP decryption using given key. data buffer includes encrypted * payload, including 4-byte ICV, but _not_ IV. data_len must not include ICV. * Return 0 on success and -1 on ICV mismatch. */ -int ieee80211_wep_decrypt_data(struct crypto_cipher *tfm, u8 *rc4key, +int ieee80211_wep_decrypt_data(struct arc4_ctx *ctx, u8 *rc4key, size_t klen, u8 *data, size_t data_len) { __le32 crc; - int i; - - if (IS_ERR(tfm)) - return -1; - crypto_cipher_setkey(tfm, rc4key, klen); - for (i = 0; i < data_len + IEEE80211_WEP_ICV_LEN; i++) - crypto_cipher_decrypt_one(tfm, data + i, data + i); + arc4_setkey(ctx, rc4key, klen); + arc4_crypt(ctx, data, data, data_len + IEEE80211_WEP_ICV_LEN); + memzero_explicit(ctx, sizeof(*ctx)); crc = cpu_to_le32(~crc32_le(~0, data, data_len)); if (memcmp(&crc, data + data_len, IEEE80211_WEP_ICV_LEN) != 0) @@ -256,7 +227,7 @@ static int ieee80211_wep_decrypt(struct ieee80211_local *local, /* Copy rest of the WEP key (the secret part) */ memcpy(rc4key + 3, key->conf.key, key->conf.keylen); - if (ieee80211_wep_decrypt_data(local->wep_rx_tfm, rc4key, klen, + if (ieee80211_wep_decrypt_data(&local->wep_rx_ctx, rc4key, klen, skb->data + hdrlen + IEEE80211_WEP_IV_LEN, len)) ret = -1; diff --git a/net/mac80211/wep.h b/net/mac80211/wep.h index 9615749d1f65..3644f4a5bb87 100644 --- a/net/mac80211/wep.h +++ b/net/mac80211/wep.h @@ -17,13 +17,12 @@ #include "key.h" int ieee80211_wep_init(struct ieee80211_local *local); -void ieee80211_wep_free(struct ieee80211_local *local); -int ieee80211_wep_encrypt_data(struct crypto_cipher *tfm, u8 *rc4key, +int ieee80211_wep_encrypt_data(struct arc4_ctx *ctx, u8 *rc4key, size_t klen, u8 *data, size_t data_len); int ieee80211_wep_encrypt(struct ieee80211_local *local, struct sk_buff *skb, const u8 *key, int keylen, int keyidx); -int ieee80211_wep_decrypt_data(struct crypto_cipher *tfm, u8 *rc4key, +int ieee80211_wep_decrypt_data(struct arc4_ctx *ctx, u8 *rc4key, size_t klen, u8 *data, size_t data_len); ieee80211_rx_result diff --git a/net/mac80211/wpa.c b/net/mac80211/wpa.c index 58d0b258b684..02e8ab7b2b4c 100644 --- a/net/mac80211/wpa.c +++ b/net/mac80211/wpa.c @@ -242,7 +242,7 @@ static int tkip_encrypt_skb(struct ieee80211_tx_data *tx, struct sk_buff *skb) /* Add room for ICV */ skb_put(skb, IEEE80211_TKIP_ICV_LEN); - return ieee80211_tkip_encrypt_data(tx->local->wep_tx_tfm, + return ieee80211_tkip_encrypt_data(&tx->local->wep_tx_ctx, key, skb, pos, len); } @@ -293,7 +293,7 @@ ieee80211_crypto_tkip_decrypt(struct ieee80211_rx_data *rx) if (status->flag & RX_FLAG_DECRYPTED) hwaccel = 1; - res = ieee80211_tkip_decrypt_data(rx->local->wep_rx_tfm, + res = ieee80211_tkip_decrypt_data(&rx->local->wep_rx_ctx, key, skb->data + hdrlen, skb->len - hdrlen, rx->sta->sta.addr, hdr->addr1, hwaccel, rx->security_idx, From patchwork Wed Jun 12 16:19:55 2019 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Ard Biesheuvel X-Patchwork-Id: 166586 Delivered-To: patch@linaro.org Received: by 2002:a92:4782:0:0:0:0:0 with SMTP id e2csp3877509ilk; Wed, 12 Jun 2019 09:20:12 -0700 (PDT) X-Google-Smtp-Source: APXvYqxisxUyd2Os+yQ0wM7MNhs0gcu0Gzkcf6sDL/tEy0leYjNL0CSQPR3chn58Xh68zgiAF8i+ X-Received: by 2002:aa7:934f:: with SMTP id 15mr7865743pfn.238.1560356412234; Wed, 12 Jun 2019 09:20:12 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1560356412; cv=none; d=google.com; s=arc-20160816; b=JZ2bPJfiVJn0WNLff49qupfYXLTwDHw0qimcd6n3HduVWLZIynXu4j2Bs+9bERbRSn InV/7D7McOcIgk3s/BAdw2OM8BjqPhzesLZLaC7H2RyvPZiQ1HitwueP1icakuLkXWST Jp0gELp0dENxL9MhREehYv1KG4VLmF6l7nrqRDOD61DLeqMqTlVLQGI4ALBi+XdEEtFn ZDjAZsH29BgFG23mG8ua/74LmgFy6PykDecY5pgK7tnVyuIKprYBS+evALz8OV8AbVA7 YotlP2oLzljL1VmpapEeaswQjirtna9ahcXDtlcIBGASSoAW+bPiq58Rsa4etltOl7Ae EQ8Q== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:content-transfer-encoding:mime-version :references:in-reply-to:message-id:date:subject:cc:to:from :dkim-signature; bh=OwqgljQ1B81ow4cCya6JJaWKyb9eZkcUJZbKrShyt74=; b=SlElx6EWAf77W6QGRz5RmV7DfA8Tw6GAVFh/pVdLZJri7A7is6LPM5BsMFuMhKJzOE 0lHUSUClP6hTu1FOFHlt5hpngNo3ZQgun8d+EmlaJUX9lTcjcn5Ml6ES6GK9aZAWksdK gYafsCvbCSVVwBJbxM0DP1mU/nj6ILPJY5smhyv/+eNKJMD+hMAYqyhFWmZsskdPe2Ug LLAoMgfgLGCychm2Lqua4mW1YK4+0JvnRL1koLdFnPbrnavdEWkzzNmRcnAiM7KcKRuu /KFaLfW/wFI+ujRjX2gVO7xr+Di+5dRG2knqyp+VamN7B2uZDqD8vMsAzm2Wsir1IDaB Vk8A== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@linaro.org header.s=google header.b="ONmA4/xH"; spf=pass (google.com: best guess record for domain of linux-crypto-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-crypto-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linaro.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id j1si109625pld.399.2019.06.12.09.20.12; Wed, 12 Jun 2019 09:20:12 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-crypto-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=pass header.i=@linaro.org header.s=google header.b="ONmA4/xH"; spf=pass (google.com: best guess record for domain of linux-crypto-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-crypto-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linaro.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1729732AbfFLQUL (ORCPT + 3 others); Wed, 12 Jun 2019 12:20:11 -0400 Received: from mail-wr1-f66.google.com ([209.85.221.66]:41565 "EHLO mail-wr1-f66.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1730745AbfFLQUL (ORCPT ); Wed, 12 Jun 2019 12:20:11 -0400 Received: by mail-wr1-f66.google.com with SMTP id c2so17581316wrm.8 for ; Wed, 12 Jun 2019 09:20:09 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linaro.org; s=google; h=from:to:cc:subject:date:message-id:in-reply-to:references :mime-version:content-transfer-encoding; bh=OwqgljQ1B81ow4cCya6JJaWKyb9eZkcUJZbKrShyt74=; b=ONmA4/xHrvoVReFKsiwvUfHsBHN5JyDg0JmWc2nEL9quKw7Yyyczth9BKmoLi/zoye inKuR1mTAwnPvmR/22cyyOdX8yvQejT9/AnZilxp7utbs54UquVGW5yVM+ArQZiBNh1i ybZw3SZkRW23zMf9lmmhKjg92ELoqfiONfuPFuBMAQ9+yoSE2D5gfPHOMKXMs9uxbax3 uoH9xfZfsaX5rcCFy29nhfFRin/cqEs82P4YrI5/pteKMaRxFPNiSYm64IHQvO7X85WJ u5JEs1VFDCo/s4U/D0Ais9UP8HLQOPBAL31u8GS35jP1usfj8O1ha1ojjcESRvkgDvs1 +6dw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references:mime-version:content-transfer-encoding; bh=OwqgljQ1B81ow4cCya6JJaWKyb9eZkcUJZbKrShyt74=; b=uW+fk4qeUnOBF1R1G32eVI3neH+BE+958MwzplMiLRpYMYN6501S/Ms3iTpc7NZ201 uz/8ipCWNH1Qi9n/JKbuZy8bnQfi2a0PjTQtrevN6UwWGtKx3Pm0qY+/bFaydve1tB4Z kaVNn2gbhqSYKF5SSBLDTYgFnDwDwAgRoocLnT97FlMCkdjb7P6oHLfYRZ5SCPGt6CfX LQ9pD6Ix4fmwK8aGxiCNA+yqb1umS2hrNYVgi2BcLtmQzyBcCbO82qR27S2/7QBpGWY5 wOguPMdr08nsyt5Lz+gN6jz2RFN31B6HYyxQNFjgQUyoDj4hXDkMt9v57Ti1YYwpQKiK k/Fg== X-Gm-Message-State: APjAAAV3IHAHH3Q3Dyr2ZOHVlXJ27WkhcoX7ZZTxvTGIg3YUMCIkMr/s sB49/z2zPXx6eYZ75ehlab8aMMz9bZsobA== X-Received: by 2002:adf:ea4a:: with SMTP id j10mr25483001wrn.114.1560356408575; Wed, 12 Jun 2019 09:20:08 -0700 (PDT) Received: from sudo.home ([2a01:cb1d:112:6f00:353a:f33a:a393:3ada]) by smtp.gmail.com with ESMTPSA id c16sm70172wrr.53.2019.06.12.09.20.07 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Wed, 12 Jun 2019 09:20:07 -0700 (PDT) From: Ard Biesheuvel To: linux-crypto@vger.kernel.org Cc: Ard Biesheuvel , Herbert Xu , "David S. Miller" , Eric Biggers , Johannes Berg Subject: [PATCH v5 3/7] net/lib80211: move WEP handling to ARC4 library code Date: Wed, 12 Jun 2019 18:19:55 +0200 Message-Id: <20190612161959.30478-4-ard.biesheuvel@linaro.org> X-Mailer: git-send-email 2.20.1 In-Reply-To: <20190612161959.30478-1-ard.biesheuvel@linaro.org> References: <20190612161959.30478-1-ard.biesheuvel@linaro.org> MIME-Version: 1.0 Sender: linux-crypto-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-crypto@vger.kernel.org The crypto API abstraction is not very useful for invoking ciphers directly, especially in the case of arc4, which only has a generic implementation in C. So let's invoke the library code directly. Signed-off-by: Ard Biesheuvel --- net/wireless/Kconfig | 1 + net/wireless/lib80211_crypt_wep.c | 51 +++++--------------- 2 files changed, 14 insertions(+), 38 deletions(-) -- 2.20.1 diff --git a/net/wireless/Kconfig b/net/wireless/Kconfig index 6310ddede220..6d9c48cea07e 100644 --- a/net/wireless/Kconfig +++ b/net/wireless/Kconfig @@ -213,6 +213,7 @@ config LIB80211 config LIB80211_CRYPT_WEP tristate + select CRYPTO_LIB_ARC4 config LIB80211_CRYPT_CCMP tristate diff --git a/net/wireless/lib80211_crypt_wep.c b/net/wireless/lib80211_crypt_wep.c index 20c1ad63ad44..04e4d66ea19d 100644 --- a/net/wireless/lib80211_crypt_wep.c +++ b/net/wireless/lib80211_crypt_wep.c @@ -11,6 +11,7 @@ */ #include +#include #include #include #include @@ -22,7 +23,7 @@ #include -#include +#include #include MODULE_AUTHOR("Jouni Malinen"); @@ -35,52 +36,31 @@ struct lib80211_wep_data { u8 key[WEP_KEY_LEN + 1]; u8 key_len; u8 key_idx; - struct crypto_cipher *tx_tfm; - struct crypto_cipher *rx_tfm; + struct arc4_ctx tx_ctx; + struct arc4_ctx rx_ctx; }; static void *lib80211_wep_init(int keyidx) { struct lib80211_wep_data *priv; + if (fips_enabled) + return NULL; + priv = kzalloc(sizeof(*priv), GFP_ATOMIC); if (priv == NULL) - goto fail; + return NULL; priv->key_idx = keyidx; - priv->tx_tfm = crypto_alloc_cipher("arc4", 0, 0); - if (IS_ERR(priv->tx_tfm)) { - priv->tx_tfm = NULL; - goto fail; - } - - priv->rx_tfm = crypto_alloc_cipher("arc4", 0, 0); - if (IS_ERR(priv->rx_tfm)) { - priv->rx_tfm = NULL; - goto fail; - } /* start WEP IV from a random value */ get_random_bytes(&priv->iv, 4); return priv; - - fail: - if (priv) { - crypto_free_cipher(priv->tx_tfm); - crypto_free_cipher(priv->rx_tfm); - kfree(priv); - } - return NULL; } static void lib80211_wep_deinit(void *priv) { - struct lib80211_wep_data *_priv = priv; - if (_priv) { - crypto_free_cipher(_priv->tx_tfm); - crypto_free_cipher(_priv->rx_tfm); - } - kfree(priv); + kzfree(priv); } /* Add WEP IV/key info to a frame that has at least 4 bytes of headroom */ @@ -132,7 +112,6 @@ static int lib80211_wep_encrypt(struct sk_buff *skb, int hdr_len, void *priv) u32 crc, klen, len; u8 *pos, *icv; u8 key[WEP_KEY_LEN + 3]; - int i; /* other checks are in lib80211_wep_build_iv */ if (skb_tailroom(skb) < 4) @@ -160,10 +139,8 @@ static int lib80211_wep_encrypt(struct sk_buff *skb, int hdr_len, void *priv) icv[2] = crc >> 16; icv[3] = crc >> 24; - crypto_cipher_setkey(wep->tx_tfm, key, klen); - - for (i = 0; i < len + 4; i++) - crypto_cipher_encrypt_one(wep->tx_tfm, pos + i, pos + i); + arc4_setkey(&wep->tx_ctx, key, klen); + arc4_crypt(&wep->tx_ctx, pos, pos, len + 4); return 0; } @@ -181,7 +158,6 @@ static int lib80211_wep_decrypt(struct sk_buff *skb, int hdr_len, void *priv) u32 crc, klen, plen; u8 key[WEP_KEY_LEN + 3]; u8 keyidx, *pos, icv[4]; - int i; if (skb->len < hdr_len + 8) return -1; @@ -202,9 +178,8 @@ static int lib80211_wep_decrypt(struct sk_buff *skb, int hdr_len, void *priv) /* Apply RC4 to data and compute CRC32 over decrypted data */ plen = skb->len - hdr_len - 8; - crypto_cipher_setkey(wep->rx_tfm, key, klen); - for (i = 0; i < plen + 4; i++) - crypto_cipher_decrypt_one(wep->rx_tfm, pos + i, pos + i); + arc4_setkey(&wep->rx_ctx, key, klen); + arc4_crypt(&wep->rx_ctx, pos, pos, plen + 4); crc = ~crc32_le(~0, pos, plen); icv[0] = crc; From patchwork Wed Jun 12 16:19:56 2019 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Ard Biesheuvel X-Patchwork-Id: 166587 Delivered-To: patch@linaro.org Received: by 2002:a92:4782:0:0:0:0:0 with SMTP id e2csp3877533ilk; Wed, 12 Jun 2019 09:20:13 -0700 (PDT) X-Google-Smtp-Source: APXvYqyKqpyD+QzBY2xhh8eO4SP++bXrHOYuu5Wi6l9ZA+Qh2WfUNIGI4ly+52I7Iq9/pzlUTxPa X-Received: by 2002:a63:b90d:: with SMTP id z13mr22593554pge.16.1560356413411; Wed, 12 Jun 2019 09:20:13 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1560356413; cv=none; d=google.com; s=arc-20160816; b=z7J6xM/pcL9iFBDK5YRfHzy3dBsOi7vXrqVIlazGSNMrYWerMdcZrPMlAdfMfUdt6l P1mUk7jpdUO0ak1YACdf5lW1uArnplRcUthFZPhXkxopmmi3S9bfPnsxtnJUFmZXq31Q HhT0XSbQWcNSRDe+X/evATk3aDkODOjGUwvPYwyxRGPpmBllrq1qJSfyY/bby5FQ2o12 O5z2RQ+YQ2eBfaxENQT+hOoBeqaz2A0E1gztucvjUP4q03kpR39jZuFLZd177fLlJM3V wDba8nxgF52hUtlSNaqopa8g2B92D217WChdzhlz6Bp4YxJA12GWfQmZuO99hq1YcO10 QH9w== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:content-transfer-encoding:mime-version :references:in-reply-to:message-id:date:subject:cc:to:from :dkim-signature; bh=MmcuGVcj7qdaEHQ7V9/r8J8Ae7Jh8V+6rn5yAhUKefg=; b=k7fu8uGqtvxwwWwUrZql4AELRlNVJGJd1faqaG4xoIo0WQNGIiW2qJycUVUrMA3ECf CWAbY6txW5fTPit4PwyJbua2S/2w9wYW3ukH26kik2JXfKZElCyzhvu+2P2AJvG/lDhO GDTiJx/OHmWQ+G2yaVyU8soQcdRXsDUBIuHrl+0C6Cg82V//5BF0Cq1+xULtNGKFt+sX wsWHgrYzk/Y1NCczCZqiEqdXz4X28DBHjXhGHuMcQJm35+zdK/wDPxj3Rbqyd3D0enm8 wAmYBcpe3MxjBxqLfy1zb2HjZZ6l4msT3syHYIfCqIXF2d02PE8ESJtf/IgBQq3SifQC Mkgg== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@linaro.org header.s=google header.b=Ros1mHbH; spf=pass (google.com: best guess record for domain of linux-crypto-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-crypto-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linaro.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id m62si210687pgm.392.2019.06.12.09.20.13; Wed, 12 Jun 2019 09:20:13 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-crypto-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=pass header.i=@linaro.org header.s=google header.b=Ros1mHbH; spf=pass (google.com: best guess record for domain of linux-crypto-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-crypto-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linaro.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1730289AbfFLQUM (ORCPT + 3 others); Wed, 12 Jun 2019 12:20:12 -0400 Received: from mail-wr1-f68.google.com ([209.85.221.68]:33342 "EHLO mail-wr1-f68.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1730820AbfFLQUM (ORCPT ); Wed, 12 Jun 2019 12:20:12 -0400 Received: by mail-wr1-f68.google.com with SMTP id n9so17630293wru.0 for ; Wed, 12 Jun 2019 09:20:11 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linaro.org; s=google; h=from:to:cc:subject:date:message-id:in-reply-to:references :mime-version:content-transfer-encoding; bh=MmcuGVcj7qdaEHQ7V9/r8J8Ae7Jh8V+6rn5yAhUKefg=; b=Ros1mHbHJVGLo7nVmcNl+k9y/xp2TDmFLtnM0eRHKibDkR/OrP023lM9Ijelc3Rqdg todeh4aVoN+ZsNbTuS/g0uFqMlqQj0bP/aV4kmCxePn/ZbmbaeWYYFSGNQI/aLHqXhDE vQXSDv9mHG+FUQx0EHdJv6RAP0snbilRGvhbUwsnijzmLOcF2jdQaikmcjhUfdLlyf9i lHUohsAlxOloQ6i7n8UgrtK/xgWV7wk4xtrxtDv5V6qDQvfcW0pwJpLcYbSnhZNZ2/65 wkKRst/CCohhvgF9gNn3+gZTwooMuP7W2EdbpyJgD8aaWm6xq1aVwyhsStPQy99GJ1bl w2DQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references:mime-version:content-transfer-encoding; bh=MmcuGVcj7qdaEHQ7V9/r8J8Ae7Jh8V+6rn5yAhUKefg=; b=iaQ/qcZiJ3t9BBO7Uv3GHkHDcKAAl9mGJtYPyPoDhvtASlSHrLe27ASAIdYOtwUT04 Femu6eNjNY0Qnw1iXfwP6EJpYPmzrEPMpMCSadc3Q+cb78R+qJLOOTg/5/YuN2c6AN9e F9aigzieXe9M9L0tO+12yPtSM62MRflcEQZEL3rGHF3+B/XirfBiOuRIie7zGIrsC9+V vhs4YCGAyOm+QzKZ5gpOcOMeECN7M4z3hCs0X4iMcnEnX9qmY5k0R8HKzT3wRsHt+FyX dM+VHI7lrEwV7AiwUXM1kDVvZFNzRKxVJu0xe1AcxwGnL/OF289XSZLFNxMTjgR1lSBR 8hSg== X-Gm-Message-State: APjAAAWyCXizh69X2qggrncDODUh/7Hd63KrhniAz4ix5OjcoVVqPdD3 ZbLEStkbwp7KYwzf96aP9+0aIgC8NOaWww== X-Received: by 2002:a5d:4c8c:: with SMTP id z12mr8924471wrs.192.1560356410073; Wed, 12 Jun 2019 09:20:10 -0700 (PDT) Received: from sudo.home ([2a01:cb1d:112:6f00:353a:f33a:a393:3ada]) by smtp.gmail.com with ESMTPSA id c16sm70172wrr.53.2019.06.12.09.20.08 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Wed, 12 Jun 2019 09:20:09 -0700 (PDT) From: Ard Biesheuvel To: linux-crypto@vger.kernel.org Cc: Ard Biesheuvel , Herbert Xu , "David S. Miller" , Eric Biggers , Johannes Berg Subject: [PATCH v5 4/7] net/lib80211: move TKIP handling to ARC4 library code Date: Wed, 12 Jun 2019 18:19:56 +0200 Message-Id: <20190612161959.30478-5-ard.biesheuvel@linaro.org> X-Mailer: git-send-email 2.20.1 In-Reply-To: <20190612161959.30478-1-ard.biesheuvel@linaro.org> References: <20190612161959.30478-1-ard.biesheuvel@linaro.org> MIME-Version: 1.0 Sender: linux-crypto-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-crypto@vger.kernel.org The crypto API abstraction is not very useful for invoking ciphers directly, especially in the case of arc4, which only has a generic implementation in C. So let's invoke the library code directly. Signed-off-by: Ard Biesheuvel --- net/wireless/Kconfig | 1 + net/wireless/lib80211_crypt_tkip.c | 48 +++++++------------- 2 files changed, 18 insertions(+), 31 deletions(-) -- 2.20.1 diff --git a/net/wireless/Kconfig b/net/wireless/Kconfig index 6d9c48cea07e..578cce4fbe6c 100644 --- a/net/wireless/Kconfig +++ b/net/wireless/Kconfig @@ -220,6 +220,7 @@ config LIB80211_CRYPT_CCMP config LIB80211_CRYPT_TKIP tristate + select CRYPTO_LIB_ARC4 config LIB80211_DEBUG bool "lib80211 debugging messages" diff --git a/net/wireless/lib80211_crypt_tkip.c b/net/wireless/lib80211_crypt_tkip.c index 11eaa5956f00..0fd155c4e0a6 100644 --- a/net/wireless/lib80211_crypt_tkip.c +++ b/net/wireless/lib80211_crypt_tkip.c @@ -13,6 +13,7 @@ #define pr_fmt(fmt) KBUILD_MODNAME ": " fmt #include +#include #include #include #include @@ -29,6 +30,7 @@ #include #include +#include #include #include #include @@ -64,9 +66,9 @@ struct lib80211_tkip_data { int key_idx; - struct crypto_cipher *rx_tfm_arc4; + struct arc4_ctx rx_ctx_arc4; + struct arc4_ctx tx_ctx_arc4; struct crypto_shash *rx_tfm_michael; - struct crypto_cipher *tx_tfm_arc4; struct crypto_shash *tx_tfm_michael; /* scratch buffers for virt_to_page() (crypto API) */ @@ -93,30 +95,21 @@ static void *lib80211_tkip_init(int key_idx) { struct lib80211_tkip_data *priv; + if (fips_enabled) + return NULL; + priv = kzalloc(sizeof(*priv), GFP_ATOMIC); if (priv == NULL) goto fail; priv->key_idx = key_idx; - priv->tx_tfm_arc4 = crypto_alloc_cipher("arc4", 0, 0); - if (IS_ERR(priv->tx_tfm_arc4)) { - priv->tx_tfm_arc4 = NULL; - goto fail; - } - priv->tx_tfm_michael = crypto_alloc_shash("michael_mic", 0, 0); if (IS_ERR(priv->tx_tfm_michael)) { priv->tx_tfm_michael = NULL; goto fail; } - priv->rx_tfm_arc4 = crypto_alloc_cipher("arc4", 0, 0); - if (IS_ERR(priv->rx_tfm_arc4)) { - priv->rx_tfm_arc4 = NULL; - goto fail; - } - priv->rx_tfm_michael = crypto_alloc_shash("michael_mic", 0, 0); if (IS_ERR(priv->rx_tfm_michael)) { priv->rx_tfm_michael = NULL; @@ -128,9 +121,7 @@ static void *lib80211_tkip_init(int key_idx) fail: if (priv) { crypto_free_shash(priv->tx_tfm_michael); - crypto_free_cipher(priv->tx_tfm_arc4); crypto_free_shash(priv->rx_tfm_michael); - crypto_free_cipher(priv->rx_tfm_arc4); kfree(priv); } @@ -142,11 +133,9 @@ static void lib80211_tkip_deinit(void *priv) struct lib80211_tkip_data *_priv = priv; if (_priv) { crypto_free_shash(_priv->tx_tfm_michael); - crypto_free_cipher(_priv->tx_tfm_arc4); crypto_free_shash(_priv->rx_tfm_michael); - crypto_free_cipher(_priv->rx_tfm_arc4); } - kfree(priv); + kzfree(priv); } static inline u16 RotR1(u16 val) @@ -345,7 +334,6 @@ static int lib80211_tkip_encrypt(struct sk_buff *skb, int hdr_len, void *priv) int len; u8 rc4key[16], *pos, *icv; u32 crc; - int i; if (tkey->flags & IEEE80211_CRYPTO_TKIP_COUNTERMEASURES) { struct ieee80211_hdr *hdr = (struct ieee80211_hdr *)skb->data; @@ -370,9 +358,9 @@ static int lib80211_tkip_encrypt(struct sk_buff *skb, int hdr_len, void *priv) icv[2] = crc >> 16; icv[3] = crc >> 24; - crypto_cipher_setkey(tkey->tx_tfm_arc4, rc4key, 16); - for (i = 0; i < len + 4; i++) - crypto_cipher_encrypt_one(tkey->tx_tfm_arc4, pos + i, pos + i); + arc4_setkey(&tkey->tx_ctx_arc4, rc4key, 16); + arc4_crypt(&tkey->tx_ctx_arc4, pos, pos, len + 4); + return 0; } @@ -400,7 +388,6 @@ static int lib80211_tkip_decrypt(struct sk_buff *skb, int hdr_len, void *priv) u8 icv[4]; u32 crc; int plen; - int i; hdr = (struct ieee80211_hdr *)skb->data; @@ -453,9 +440,8 @@ static int lib80211_tkip_decrypt(struct sk_buff *skb, int hdr_len, void *priv) plen = skb->len - hdr_len - 12; - crypto_cipher_setkey(tkey->rx_tfm_arc4, rc4key, 16); - for (i = 0; i < plen + 4; i++) - crypto_cipher_decrypt_one(tkey->rx_tfm_arc4, pos + i, pos + i); + arc4_setkey(&tkey->rx_ctx_arc4, rc4key, 16); + arc4_crypt(&tkey->rx_ctx_arc4, pos, pos, plen + 4); crc = ~crc32_le(~0, pos, plen); icv[0] = crc; @@ -640,17 +626,17 @@ static int lib80211_tkip_set_key(void *key, int len, u8 * seq, void *priv) struct lib80211_tkip_data *tkey = priv; int keyidx; struct crypto_shash *tfm = tkey->tx_tfm_michael; - struct crypto_cipher *tfm2 = tkey->tx_tfm_arc4; + struct arc4_ctx *tfm2 = &tkey->tx_ctx_arc4; struct crypto_shash *tfm3 = tkey->rx_tfm_michael; - struct crypto_cipher *tfm4 = tkey->rx_tfm_arc4; + struct arc4_ctx *tfm4 = &tkey->rx_ctx_arc4; keyidx = tkey->key_idx; memset(tkey, 0, sizeof(*tkey)); tkey->key_idx = keyidx; tkey->tx_tfm_michael = tfm; - tkey->tx_tfm_arc4 = tfm2; + tkey->tx_ctx_arc4 = *tfm2; tkey->rx_tfm_michael = tfm3; - tkey->rx_tfm_arc4 = tfm4; + tkey->rx_ctx_arc4 = *tfm4; if (len == TKIP_KEY_LEN) { memcpy(tkey->key, key, TKIP_KEY_LEN); tkey->key_set = 1; From patchwork Wed Jun 12 16:19:57 2019 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Ard Biesheuvel X-Patchwork-Id: 166588 Delivered-To: patch@linaro.org Received: by 2002:a92:4782:0:0:0:0:0 with SMTP id e2csp3877563ilk; Wed, 12 Jun 2019 09:20:14 -0700 (PDT) X-Google-Smtp-Source: APXvYqwz4TYkV20CndAtEXB3bKrnOISxcmvLK/gM8OuZgQVF5pov5GB0S0tt1LscTj7GYKhtV6OA X-Received: by 2002:a62:65c7:: with SMTP id z190mr87792296pfb.73.1560356414925; Wed, 12 Jun 2019 09:20:14 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1560356414; cv=none; d=google.com; s=arc-20160816; b=J9qmmtKaJPFH6bSDS0OK3+Hi+ya1zP/zgFdadt1THkNbpsu1g1nbn2IBexO3z3qQK3 Z3tlsN3lNrjo6ZZQiMRStT0Kvzb9QVkC5uIgQ7V9tRJx8ceonEdgB8KpXJNgINbJu4L5 fLHGztYGGMBgnXeZ2HofVpmHrTql3EEMnsv8r2QzVQhTxCdwsN+kL8RVRWvbn2Dc2jN9 9duUCm5sOM748TusExTKywIa9LyEDqvhJRX6/bl7l6hqICp0H9qALWuXaTWx0IEqaeei ffjhVUDhFZwlq7VpF/LO5oH7pFvoS7u7daG5KB7o+USgab5IRROXfVHfAj1UJxsyv38C mNMw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:content-transfer-encoding:mime-version :references:in-reply-to:message-id:date:subject:cc:to:from :dkim-signature; bh=71XtsErnWwza7NpJOunpzUrf9mDsoTV+W1Ysg9p4k2o=; b=gomaxujxbbr3yNTC8+QcOFD7+ZGpxpPSgH8MtVzBrao93OGftLOZXeJ0/hDnPhLJkq NVEffF1wZJwKO7QFRiLPKuI/jXLgmAkSdqjhC8T1eFKKSf12PEBqlT1SRoAbcMNJBFGg pEQ9clQs5GmCGORagyVIA2srd2w/MyWEZDbNH3jYJV8Z9b57leUr4gjbz50GPXjhl8Bi pPfSGyfeWru8jVTz2+5pz3JuAFogM/rWP6camWSOybGCc7LV6q8bffo8YygaL1NIFOXT jkZvXcSKoM/efD3Yrbjwh6OBSc5SaWtoUpbyKPO/tTHF1eGC5Cc+Rd/7k+2VcthSES7Z GOew== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@linaro.org header.s=google header.b=yxACm3A5; spf=pass (google.com: best guess record for domain of linux-crypto-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-crypto-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linaro.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id m62si210687pgm.392.2019.06.12.09.20.14; Wed, 12 Jun 2019 09:20:14 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-crypto-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=pass header.i=@linaro.org header.s=google header.b=yxACm3A5; spf=pass (google.com: best guess record for domain of linux-crypto-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-crypto-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linaro.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S2405317AbfFLQUN (ORCPT + 3 others); Wed, 12 Jun 2019 12:20:13 -0400 Received: from mail-wm1-f66.google.com ([209.85.128.66]:35035 "EHLO mail-wm1-f66.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1730745AbfFLQUN (ORCPT ); Wed, 12 Jun 2019 12:20:13 -0400 Received: by mail-wm1-f66.google.com with SMTP id c6so7202177wml.0 for ; Wed, 12 Jun 2019 09:20:11 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linaro.org; s=google; h=from:to:cc:subject:date:message-id:in-reply-to:references :mime-version:content-transfer-encoding; bh=71XtsErnWwza7NpJOunpzUrf9mDsoTV+W1Ysg9p4k2o=; b=yxACm3A5BvBtD/oTZ10SCftJv/HJQwBaaE9YyNlHEmeMfgBGTXyDWEvOOlGi+qmqNF bdtxIUyQpBaQpf29p1VZZXpWpDg9z2sE4Gs96qAWDmifWDIffYuRa7+mU8dk3OoV+djJ t9sKC3MSbq/h5cLjPaEVdS5C+D9Q4os8PtAYBJ+NkcXAPrZWMzsddcS8reb5AFXLtV3j UJMgrC68lQa+Qhq5jPgvl9xS9XPlm0QOMCV71IAPevba1Hi3kw4+O75YW4BrUK12Bom4 GdT3j8xrq7bEA5lg4PVGhVoA+yX6wGBdPirlrpLaZ2EwpNVlAG78ryDyLr3iIMYnE/VM foag== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references:mime-version:content-transfer-encoding; bh=71XtsErnWwza7NpJOunpzUrf9mDsoTV+W1Ysg9p4k2o=; b=oF2T7FxQtB0ps1yOs++xQXQ+UkWUf4BZOS1oiO8Ie4Z5TI17nKXM8hpZZgMeoDEWZG taeukyb4JqDfA4FrYe1XomHzu5ly6wCR4Cpm790U9LUZwR9roka+VM+XYFyiISxQEVNX qVE8yYGTJ66zk9wE2mgXvVtbuu67Xt38bJkaEpfLznzBfzzxz6PsSKI9pAtzKalwtAp8 51yUU4rw0zab7jfhLDxO4ElGVbKEdqr0z6Bc0pbeeacDBOaWWpIjXAmy4C1a0TpiUXQn xvkrK4Cup0dwa4Epw5aZkXUiKocXA4mObOmBbW55LC4agnySVxro9zftGPHyHh4oIGk9 ONEg== X-Gm-Message-State: APjAAAUDMxe0/QMj/yjaeq9RTJRIPpOKw/5X6xRTRXeblzKMY4HhAecz SMHCHsTdYSWG26Htg0byJz33AeLUf4Bm5g== X-Received: by 2002:a1c:a7c6:: with SMTP id q189mr22019wme.146.1560356411078; Wed, 12 Jun 2019 09:20:11 -0700 (PDT) Received: from sudo.home ([2a01:cb1d:112:6f00:353a:f33a:a393:3ada]) by smtp.gmail.com with ESMTPSA id c16sm70172wrr.53.2019.06.12.09.20.10 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Wed, 12 Jun 2019 09:20:10 -0700 (PDT) From: Ard Biesheuvel To: linux-crypto@vger.kernel.org Cc: Ard Biesheuvel , Herbert Xu , "David S. Miller" , Eric Biggers , Johannes Berg Subject: [PATCH v5 5/7] crypto: arc4 - remove cipher implementation Date: Wed, 12 Jun 2019 18:19:57 +0200 Message-Id: <20190612161959.30478-6-ard.biesheuvel@linaro.org> X-Mailer: git-send-email 2.20.1 In-Reply-To: <20190612161959.30478-1-ard.biesheuvel@linaro.org> References: <20190612161959.30478-1-ard.biesheuvel@linaro.org> MIME-Version: 1.0 Sender: linux-crypto-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-crypto@vger.kernel.org There are no remaining users of the cipher implementation, and there are no meaningful ways in which the arc4 cipher can be combined with templates other than ECB (and the way we do provide that combination is highly dubious to begin with). So let's drop the arc4 cipher altogether, and only keep the ecb(arc4) skcipher, which is used in various places in the kernel. Signed-off-by: Ard Biesheuvel --- crypto/arc4.c | 64 +++++--------------- crypto/testmgr.c | 1 + 2 files changed, 16 insertions(+), 49 deletions(-) -- 2.20.1 diff --git a/crypto/arc4.c b/crypto/arc4.c index 6974dba1b7b9..dd82fb7ebc75 100644 --- a/crypto/arc4.c +++ b/crypto/arc4.c @@ -13,26 +13,15 @@ #include #include -static int arc4_set_key(struct crypto_tfm *tfm, const u8 *in_key, - unsigned int key_len) +static int crypto_arc4_setkey(struct crypto_skcipher *tfm, const u8 *in_key, + unsigned int key_len) { - struct arc4_ctx *ctx = crypto_tfm_ctx(tfm); + struct arc4_ctx *ctx = crypto_skcipher_ctx(tfm); return arc4_setkey(ctx, in_key, key_len); } -static int arc4_set_key_skcipher(struct crypto_skcipher *tfm, const u8 *in_key, - unsigned int key_len) -{ - return arc4_set_key(&tfm->base, in_key, key_len); -} - -static void arc4_crypt_one(struct crypto_tfm *tfm, u8 *out, const u8 *in) -{ - arc4_crypt(crypto_tfm_ctx(tfm), out, in, 1); -} - -static int ecb_arc4_crypt(struct skcipher_request *req) +static int crypto_arc4_crypt(struct skcipher_request *req) { struct crypto_skcipher *tfm = crypto_skcipher_reqtfm(req); struct arc4_ctx *ctx = crypto_skcipher_ctx(tfm); @@ -50,24 +39,11 @@ static int ecb_arc4_crypt(struct skcipher_request *req) return err; } -static struct crypto_alg arc4_cipher = { - .cra_name = "arc4", - .cra_flags = CRYPTO_ALG_TYPE_CIPHER, - .cra_blocksize = ARC4_BLOCK_SIZE, - .cra_ctxsize = sizeof(struct arc4_ctx), - .cra_module = THIS_MODULE, - .cra_u = { - .cipher = { - .cia_min_keysize = ARC4_MIN_KEY_SIZE, - .cia_max_keysize = ARC4_MAX_KEY_SIZE, - .cia_setkey = arc4_set_key, - .cia_encrypt = arc4_crypt_one, - .cia_decrypt = arc4_crypt_one, - }, - }, -}; - -static struct skcipher_alg arc4_skcipher = { +static struct skcipher_alg arc4_alg = { + /* + * For legacy reasons, this is named "ecb(arc4)", not "arc4". + * Nevertheless it's actually a stream cipher, not a block cipher. + */ .base.cra_name = "ecb(arc4)", .base.cra_priority = 100, .base.cra_blocksize = ARC4_BLOCK_SIZE, @@ -75,29 +51,19 @@ static struct skcipher_alg arc4_skcipher = { .base.cra_module = THIS_MODULE, .min_keysize = ARC4_MIN_KEY_SIZE, .max_keysize = ARC4_MAX_KEY_SIZE, - .setkey = arc4_set_key_skcipher, - .encrypt = ecb_arc4_crypt, - .decrypt = ecb_arc4_crypt, + .setkey = crypto_arc4_setkey, + .encrypt = crypto_arc4_crypt, + .decrypt = crypto_arc4_crypt, }; static int __init arc4_init(void) { - int err; - - err = crypto_register_alg(&arc4_cipher); - if (err) - return err; - - err = crypto_register_skcipher(&arc4_skcipher); - if (err) - crypto_unregister_alg(&arc4_cipher); - return err; + return crypto_register_skcipher(&arc4_alg); } static void __exit arc4_exit(void) { - crypto_unregister_alg(&arc4_cipher); - crypto_unregister_skcipher(&arc4_skcipher); + crypto_unregister_skcipher(&arc4_alg); } subsys_initcall(arc4_init); @@ -106,4 +72,4 @@ module_exit(arc4_exit); MODULE_LICENSE("GPL"); MODULE_DESCRIPTION("ARC4 Cipher Algorithm"); MODULE_AUTHOR("Jon Oberheide "); -MODULE_ALIAS_CRYPTO("arc4"); +MODULE_ALIAS_CRYPTO("ecb(arc4)"); diff --git a/crypto/testmgr.c b/crypto/testmgr.c index 658a7eeebab2..c7be4e3c22cc 100644 --- a/crypto/testmgr.c +++ b/crypto/testmgr.c @@ -4125,6 +4125,7 @@ static const struct alg_test_desc alg_test_descs[] = { } }, { .alg = "ecb(arc4)", + .generic_driver = "ecb(arc4)-generic", .test = alg_test_skcipher, .suite = { .cipher = __VECS(arc4_tv_template) From patchwork Wed Jun 12 16:19:58 2019 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Ard Biesheuvel X-Patchwork-Id: 166589 Delivered-To: patch@linaro.org Received: by 2002:a92:4782:0:0:0:0:0 with SMTP id e2csp3877596ilk; Wed, 12 Jun 2019 09:20:17 -0700 (PDT) X-Google-Smtp-Source: APXvYqymLsDFhzxcwRMAEKshZLHZqFwdqpxfl/AwZmFkdgT/YCpHUq9hv0C8pKgHOAximCkkd3Gn X-Received: by 2002:a17:90a:37ac:: with SMTP id v41mr60855pjb.6.1560356417058; Wed, 12 Jun 2019 09:20:17 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1560356417; cv=none; d=google.com; s=arc-20160816; b=yhe/+QhEv/ubhu/o4sfPpVW0AC/E7dOHZFk05k3NvVvW3TBRcsg4yAY+ZvfTBNP3AR 5SzdwNOM9HOdmCe553gnTUILvqjkPhWVR/Vh/wLrCqd7w/xuDqcbJS2wQOe0mOjiRuNo RS7nviQC9ySsJnK8VKH0LqJz6rC6SvviTP+2ocMjuKDH6P4er3WdTl8sytB39nVA5d13 Ln+aGkekyDMj+t5vAXeM0axC1v1mlxkMp5OGfI8WeL9zGmAlwX0+G5nl5YIHjYXAx5zS szOhkFvDbDSvV30lQ4tcZq0iVhHz3uNCiFXcBUJv9ACs1yVmP/i5E9BzhDbZeYNBAds3 B90Q== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:content-transfer-encoding:mime-version :references:in-reply-to:message-id:date:subject:cc:to:from :dkim-signature; bh=eTEZv0K1lF9tA5eNEQyGpuRSHV9usD2RVcNmVJMhy6c=; b=Br/m8w9ucmyIJamOh554GH0ENLC0oF+pcTendInVTxMr77VvxbEc+B6zAqN5EgfCVh i3HQEq7xdeRTq5Kk0pkbczE95mt9ijMasBA5hKrj0sOr6FONTq17ihieH3onJNdvCPRm +xFpJP2FRAXBJ2iNs9+tzlctrKcSMLsMSF+GMHUWiD3CJBDrApIK55jlMyI4ODFRneZ/ PSHsZ5ejeLPQ7pQiiUcCwaoFXiPRkS5IGFJg9axwH5ADQtFGh7bu+4brt0NQSw8jdSYj qAJxGKr9/56WYXb/HtdtGGoc1NZwEJFtrvzp/Y0BpacbO7cXI/gtQnS5vRXALbYhSXkX PIAQ== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@linaro.org header.s=google header.b=k2Z9PXtR; spf=pass (google.com: best guess record for domain of linux-crypto-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-crypto-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linaro.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id k17si204415pgg.426.2019.06.12.09.20.16; Wed, 12 Jun 2019 09:20:17 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-crypto-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=pass header.i=@linaro.org header.s=google header.b=k2Z9PXtR; spf=pass (google.com: best guess record for domain of linux-crypto-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-crypto-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linaro.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S2405740AbfFLQUQ (ORCPT + 3 others); Wed, 12 Jun 2019 12:20:16 -0400 Received: from mail-wm1-f65.google.com ([209.85.128.65]:37105 "EHLO mail-wm1-f65.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S2404608AbfFLQUP (ORCPT ); Wed, 12 Jun 2019 12:20:15 -0400 Received: by mail-wm1-f65.google.com with SMTP id 22so7182901wmg.2 for ; Wed, 12 Jun 2019 09:20:13 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linaro.org; s=google; h=from:to:cc:subject:date:message-id:in-reply-to:references :mime-version:content-transfer-encoding; bh=eTEZv0K1lF9tA5eNEQyGpuRSHV9usD2RVcNmVJMhy6c=; b=k2Z9PXtRCp5/EFjkPxjuHvX0JxJU9JsUqcI8Sqcp6cf0UBX2jcer1CsZLoKOOiu8VI klwgPrh103lXSI2C6IWbFTUMH2hImi0vRgTzFUY2LN3p4+jBtSawgJto9LddRoodXAW5 JP2BGIMsC2I0L1HnBh0LMEzmdyJHDPntvzT97E4e0FK6lZnboCnuef4cOt5LGw6VumbS uL0dL7APF429XK66uUK217X3IxvnNRuMV2EG6+Ny0QVoBFi6M9Idz/wWZH7i+e+et4iu QKwk3AaVT1jnyfX1/JExYjdF4MTNmPyIJceZaGQiOwmR+qsb/1ST5Q3X3KUoFpN/jjNu 65qA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references:mime-version:content-transfer-encoding; bh=eTEZv0K1lF9tA5eNEQyGpuRSHV9usD2RVcNmVJMhy6c=; b=FO8TMnqu/lmlqtH62Q0yVhxsfOfk69cK3XgEBmIxNPTfVP5lmGAOzg/jErrEqX3Jae SEplzf8hVhJ8bsnMxnz5iqgJ6QUR+gZnbCYSBKT01qsfHjLJJSgV+GNO6Hp8g5x5ZzJ8 bk9DBm3vM1ERDv0B5R0Kg6JfMLmQaA1Z5oYBtDkExlgSMZsuhE9s7pFDhFNBcwMVUPHY wVITZlL1PdpBM213qrQNDLV6wpakx9d7yg5JHVc76PDampDG33/mdSrYhiPG50l6Qefz tipZ8leNFOIVYCgdiRDM0z3zfY8NVC/7Tbs70ABKihpCITlOU/jCDX1H86YMWG5x0BNR moGw== X-Gm-Message-State: APjAAAU3MqrnCn+zx//Tr4OPxZMu+nmAT/jKItS2b11+NOmpViaoMOgt vZf9io7gAk489VJ4v4xCg9MJinoLAwBdMA== X-Received: by 2002:a7b:c450:: with SMTP id l16mr61834wmi.0.1560356412257; Wed, 12 Jun 2019 09:20:12 -0700 (PDT) Received: from sudo.home ([2a01:cb1d:112:6f00:353a:f33a:a393:3ada]) by smtp.gmail.com with ESMTPSA id c16sm70172wrr.53.2019.06.12.09.20.11 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Wed, 12 Jun 2019 09:20:11 -0700 (PDT) From: Ard Biesheuvel To: linux-crypto@vger.kernel.org Cc: Ard Biesheuvel , Herbert Xu , "David S. Miller" , Eric Biggers , Johannes Berg , linux-ppp@vger.kernel.org, Paul Mackerras Subject: [PATCH v5 6/7] ppp: mppe: switch to RC4 library interface Date: Wed, 12 Jun 2019 18:19:58 +0200 Message-Id: <20190612161959.30478-7-ard.biesheuvel@linaro.org> X-Mailer: git-send-email 2.20.1 In-Reply-To: <20190612161959.30478-1-ard.biesheuvel@linaro.org> References: <20190612161959.30478-1-ard.biesheuvel@linaro.org> MIME-Version: 1.0 Sender: linux-crypto-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-crypto@vger.kernel.org The MPPE code uses the sync skcipher to invoke the ecb(arc4) skcipher, of which only a single generic C code implementation exists. This means that going through all the trouble of using scatterlists etc buys us very little, and we're better off just invoking the arc4 library directly. Note that the SHA1 shash used by this driver has several accelerated implementations for various architectures, so retaining that part does make sense. Cc: linux-ppp@vger.kernel.org Cc: Paul Mackerras Signed-off-by: Ard Biesheuvel --- drivers/net/ppp/Kconfig | 3 +- drivers/net/ppp/ppp_mppe.c | 97 +++----------------- 2 files changed, 15 insertions(+), 85 deletions(-) -- 2.20.1 diff --git a/drivers/net/ppp/Kconfig b/drivers/net/ppp/Kconfig index bf395df3bb37..1a2e2f7629f3 100644 --- a/drivers/net/ppp/Kconfig +++ b/drivers/net/ppp/Kconfig @@ -87,8 +87,7 @@ config PPP_MPPE depends on PPP select CRYPTO select CRYPTO_SHA1 - select CRYPTO_ARC4 - select CRYPTO_ECB + select CRYPTO_LIB_ARC4 ---help--- Support for the MPPE Encryption protocol, as employed by the Microsoft Point-to-Point Tunneling Protocol. diff --git a/drivers/net/ppp/ppp_mppe.c b/drivers/net/ppp/ppp_mppe.c index ff61dd8748de..de3b57d09d0c 100644 --- a/drivers/net/ppp/ppp_mppe.c +++ b/drivers/net/ppp/ppp_mppe.c @@ -42,9 +42,10 @@ * deprecated in 2.6 */ +#include #include -#include #include +#include #include #include #include @@ -65,13 +66,6 @@ MODULE_LICENSE("Dual BSD/GPL"); MODULE_ALIAS("ppp-compress-" __stringify(CI_MPPE)); MODULE_VERSION("1.0.2"); -static unsigned int -setup_sg(struct scatterlist *sg, const void *address, unsigned int length) -{ - sg_set_buf(sg, address, length); - return length; -} - #define SHA1_PAD_SIZE 40 /* @@ -95,7 +89,7 @@ static inline void sha_pad_init(struct sha_pad *shapad) * State for an MPPE (de)compressor. */ struct ppp_mppe_state { - struct crypto_sync_skcipher *arc4; + struct arc4_ctx arc4; struct shash_desc *sha1; unsigned char *sha1_digest; unsigned char master_key[MPPE_MAX_KEY_LEN]; @@ -154,24 +148,11 @@ static void get_new_key_from_sha(struct ppp_mppe_state * state) */ static void mppe_rekey(struct ppp_mppe_state * state, int initial_key) { - struct scatterlist sg_in[1], sg_out[1]; - SYNC_SKCIPHER_REQUEST_ON_STACK(req, state->arc4); - - skcipher_request_set_sync_tfm(req, state->arc4); - skcipher_request_set_callback(req, 0, NULL, NULL); - get_new_key_from_sha(state); if (!initial_key) { - crypto_sync_skcipher_setkey(state->arc4, state->sha1_digest, - state->keylen); - sg_init_table(sg_in, 1); - sg_init_table(sg_out, 1); - setup_sg(sg_in, state->sha1_digest, state->keylen); - setup_sg(sg_out, state->session_key, state->keylen); - skcipher_request_set_crypt(req, sg_in, sg_out, state->keylen, - NULL); - if (crypto_skcipher_encrypt(req)) - printk(KERN_WARNING "mppe_rekey: cipher_encrypt failed\n"); + arc4_setkey(&state->arc4, state->sha1_digest, state->keylen); + arc4_crypt(&state->arc4, state->session_key, state->sha1_digest, + state->keylen); } else { memcpy(state->session_key, state->sha1_digest, state->keylen); } @@ -181,9 +162,7 @@ static void mppe_rekey(struct ppp_mppe_state * state, int initial_key) state->session_key[1] = 0x26; state->session_key[2] = 0x9e; } - crypto_sync_skcipher_setkey(state->arc4, state->session_key, - state->keylen); - skcipher_request_zero(req); + arc4_setkey(&state->arc4, state->session_key, state->keylen); } /* @@ -196,7 +175,8 @@ static void *mppe_alloc(unsigned char *options, int optlen) unsigned int digestsize; if (optlen != CILEN_MPPE + sizeof(state->master_key) || - options[0] != CI_MPPE || options[1] != CILEN_MPPE) + options[0] != CI_MPPE || options[1] != CILEN_MPPE || + fips_enabled) goto out; state = kzalloc(sizeof(*state), GFP_KERNEL); @@ -204,12 +184,6 @@ static void *mppe_alloc(unsigned char *options, int optlen) goto out; - state->arc4 = crypto_alloc_sync_skcipher("ecb(arc4)", 0, 0); - if (IS_ERR(state->arc4)) { - state->arc4 = NULL; - goto out_free; - } - shash = crypto_alloc_shash("sha1", 0, 0); if (IS_ERR(shash)) goto out_free; @@ -250,7 +224,6 @@ static void *mppe_alloc(unsigned char *options, int optlen) crypto_free_shash(state->sha1->tfm); kzfree(state->sha1); } - crypto_free_sync_skcipher(state->arc4); kfree(state); out: return NULL; @@ -266,8 +239,7 @@ static void mppe_free(void *arg) kfree(state->sha1_digest); crypto_free_shash(state->sha1->tfm); kzfree(state->sha1); - crypto_free_sync_skcipher(state->arc4); - kfree(state); + kzfree(state); } } @@ -366,10 +338,7 @@ mppe_compress(void *arg, unsigned char *ibuf, unsigned char *obuf, int isize, int osize) { struct ppp_mppe_state *state = (struct ppp_mppe_state *) arg; - SYNC_SKCIPHER_REQUEST_ON_STACK(req, state->arc4); int proto; - int err; - struct scatterlist sg_in[1], sg_out[1]; /* * Check that the protocol is in the range we handle. @@ -420,21 +389,7 @@ mppe_compress(void *arg, unsigned char *ibuf, unsigned char *obuf, ibuf += 2; /* skip to proto field */ isize -= 2; - /* Encrypt packet */ - sg_init_table(sg_in, 1); - sg_init_table(sg_out, 1); - setup_sg(sg_in, ibuf, isize); - setup_sg(sg_out, obuf, osize); - - skcipher_request_set_sync_tfm(req, state->arc4); - skcipher_request_set_callback(req, 0, NULL, NULL); - skcipher_request_set_crypt(req, sg_in, sg_out, isize, NULL); - err = crypto_skcipher_encrypt(req); - skcipher_request_zero(req); - if (err) { - printk(KERN_DEBUG "crypto_cypher_encrypt failed\n"); - return -1; - } + arc4_crypt(&state->arc4, obuf, ibuf, isize); state->stats.unc_bytes += isize; state->stats.unc_packets++; @@ -480,10 +435,8 @@ mppe_decompress(void *arg, unsigned char *ibuf, int isize, unsigned char *obuf, int osize) { struct ppp_mppe_state *state = (struct ppp_mppe_state *) arg; - SYNC_SKCIPHER_REQUEST_ON_STACK(req, state->arc4); unsigned ccount; int flushed = MPPE_BITS(ibuf) & MPPE_BIT_FLUSHED; - struct scatterlist sg_in[1], sg_out[1]; if (isize <= PPP_HDRLEN + MPPE_OVHD) { if (state->debug) @@ -610,19 +563,7 @@ mppe_decompress(void *arg, unsigned char *ibuf, int isize, unsigned char *obuf, * Decrypt the first byte in order to check if it is * a compressed or uncompressed protocol field. */ - sg_init_table(sg_in, 1); - sg_init_table(sg_out, 1); - setup_sg(sg_in, ibuf, 1); - setup_sg(sg_out, obuf, 1); - - skcipher_request_set_sync_tfm(req, state->arc4); - skcipher_request_set_callback(req, 0, NULL, NULL); - skcipher_request_set_crypt(req, sg_in, sg_out, 1, NULL); - if (crypto_skcipher_decrypt(req)) { - printk(KERN_DEBUG "crypto_cypher_decrypt failed\n"); - osize = DECOMP_ERROR; - goto out_zap_req; - } + arc4_crypt(&state->arc4, obuf, ibuf, 1); /* * Do PFC decompression. @@ -637,14 +578,7 @@ mppe_decompress(void *arg, unsigned char *ibuf, int isize, unsigned char *obuf, } /* And finally, decrypt the rest of the packet. */ - setup_sg(sg_in, ibuf + 1, isize - 1); - setup_sg(sg_out, obuf + 1, osize - 1); - skcipher_request_set_crypt(req, sg_in, sg_out, isize - 1, NULL); - if (crypto_skcipher_decrypt(req)) { - printk(KERN_DEBUG "crypto_cypher_decrypt failed\n"); - osize = DECOMP_ERROR; - goto out_zap_req; - } + arc4_crypt(&state->arc4, obuf + 1, ibuf + 1, isize - 1); state->stats.unc_bytes += osize; state->stats.unc_packets++; @@ -654,8 +588,6 @@ mppe_decompress(void *arg, unsigned char *ibuf, int isize, unsigned char *obuf, /* good packet credit */ state->sanity_errors >>= 1; -out_zap_req: - skcipher_request_zero(req); return osize; sanity_error: @@ -728,8 +660,7 @@ static struct compressor ppp_mppe = { static int __init ppp_mppe_init(void) { int answer; - if (!(crypto_has_skcipher("ecb(arc4)", 0, CRYPTO_ALG_ASYNC) && - crypto_has_ahash("sha1", 0, CRYPTO_ALG_ASYNC))) + if (fips_enabled || !crypto_has_ahash("sha1", 0, CRYPTO_ALG_ASYNC)) return -ENODEV; sha_pad = kmalloc(sizeof(struct sha_pad), GFP_KERNEL); From patchwork Wed Jun 12 16:19:59 2019 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Ard Biesheuvel X-Patchwork-Id: 166585 Delivered-To: patch@linaro.org Received: by 2002:a92:4782:0:0:0:0:0 with SMTP id e2csp3877620ilk; Wed, 12 Jun 2019 09:20:18 -0700 (PDT) X-Google-Smtp-Source: APXvYqzvxTpdxWZldMGOiowdudqBKJNw2w7aMSoBcjt7OVpT4Fx6vbO21VyP8dGmKSYF93tk3Dbk X-Received: by 2002:a17:90a:258b:: with SMTP id k11mr32864pje.110.1560356418140; Wed, 12 Jun 2019 09:20:18 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1560356418; cv=none; d=google.com; s=arc-20160816; b=UEDLJ8l/MR7kO0Gj+S0RNC60rM1MpC9+uBHuVfBhzzzTRS1rw7tTONyo1unfiVoPye WWqxyEHfQ6x2etAuQxr8T2pn2TMDHTlF5asgHZxrjgg95mYiuKKDljMdOtJK+CzjvGoR x6+YJeDtwCdUbK5zzF4P9YWGujaz6Z0i1BP7fdOwCvQSZ8hdtjUjFwHY/5GQ2VDcKGg+ r0JqA9ZfUKU/7oscgOaSwwokgLPxhe/pEwbsZftgw7Cqo4zp4Qp/QlRi+dcitCwcD+t7 /eM9wHmEfw3jLmHbDfOtA6gh8l55ymTZJBQvyGjhyH39yk6SqCvZ8dBPBAiRxUzcuTW7 +Z0w== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:content-transfer-encoding:mime-version :references:in-reply-to:message-id:date:subject:cc:to:from :dkim-signature; bh=pcVl9rz8wdPQIbvWbTWkIx9A5zksK1bSEdXxVyTfU04=; b=FvlInhhIs6jlxpRdUT8DUe92ulsrqV3HJUYszokG5ofg6fd1vLn8y+2aXSukyNLRF+ Y02C2fqwYSeIZjXUJgZPUZ8SyV3rzJkT72b5WnVuJk7Y4V7DXnI9o3SSpWBjqjXdFVUp 22NMikQzw8vSzPJbhMyXyxnunFooGBpUPElFBDsr8v8BU/CEn3fl88T4efMipF/Xrnva PATVqM1Ykb8ShYauldpK9Wab58eLA/v/Wv9ZCz8POaKIkXAExmL+yG2JyQ+bvRqkztb4 ensktGHggP5TndzrCPPgVZ67ZXc3I7HGKpXN2sHSfbJUjE7RXH2cg93HAoB6ruMSb162 FIIQ== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@linaro.org header.s=google header.b=s5cC4TI0; spf=pass (google.com: best guess record for domain of linux-crypto-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-crypto-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linaro.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id k17si204415pgg.426.2019.06.12.09.20.17; Wed, 12 Jun 2019 09:20:18 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-crypto-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=pass header.i=@linaro.org header.s=google header.b=s5cC4TI0; spf=pass (google.com: best guess record for domain of linux-crypto-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-crypto-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linaro.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S2405946AbfFLQUR (ORCPT + 3 others); Wed, 12 Jun 2019 12:20:17 -0400 Received: from mail-wr1-f65.google.com ([209.85.221.65]:39661 "EHLO mail-wr1-f65.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1730855AbfFLQUQ (ORCPT ); Wed, 12 Jun 2019 12:20:16 -0400 Received: by mail-wr1-f65.google.com with SMTP id x4so14935498wrt.6 for ; Wed, 12 Jun 2019 09:20:14 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linaro.org; s=google; h=from:to:cc:subject:date:message-id:in-reply-to:references :mime-version:content-transfer-encoding; bh=pcVl9rz8wdPQIbvWbTWkIx9A5zksK1bSEdXxVyTfU04=; b=s5cC4TI0lnWPK+GDgtrqTDlet2i0OPiORYXE+/Ic638xklkCAjsb0spBQVUHFdfzWj unvV4+WlGu6/AcBM6M1We7Yok27ESfVZnoYBYkfSrreFoVn8wWC+I4ZDQP2tXRMBO0U+ qy/drraE5GCMBp9DiNE9ST9DBfh5h2QVwRcLu2UIMzFcI70qqiywL7jR/jNd0aDF2DNQ su/xTA9KGcirsoaFVrbDj3XhmQnIrSImK8LIBLH26S7E2XQwa0RldV9q1FhIWEuOrHBT +07mqQnQ+m0NpPloOXJeNxhBzXJAHrTlTJRbkH8VHUthdxMJUXi2AXgxyFBTzkfKfqpR z47Q== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references:mime-version:content-transfer-encoding; bh=pcVl9rz8wdPQIbvWbTWkIx9A5zksK1bSEdXxVyTfU04=; b=nO3tU6ZmeS07rRpxlTdbiDzYX6eI2EIHJEAMNd4q/wntqiMkwcEGywopgC5loRb2gK FedU/uOCMFwzdR0NpXKQ8TC5vVzzz3hzKy+kcJ0N5jWDIPHZ8VSdHLwm57FWAr7dIwXg d2M/853Ft4ESSWS2HKBOeZhvAxOHvVaJ9x5/owk8UnHqGmXBW+N+KD5wbFFkSt5umtFk jvaBJMFo85guj66Xgbsx2NGBw2A5dRXEiBqBl9mx843wESiGX8eO8UvDSAN0Jj6sOx98 C93LGKjxuZpVLYLq/sm4FR7DUedgqdGVSjOxUTbZHIksjfN1NnlMZY/xrkK0W0k+Pd8n O1nA== X-Gm-Message-State: APjAAAU4B6hmM4uDZ6+qazh+/c1lfqRZMjWT2l9u+lesHl0rQ0P6sSBW enmyHAGYnPHeSdv7uZ0TNsJqivzIC+mLsg== X-Received: by 2002:a5d:43c9:: with SMTP id v9mr54497358wrr.70.1560356413425; Wed, 12 Jun 2019 09:20:13 -0700 (PDT) Received: from sudo.home ([2a01:cb1d:112:6f00:353a:f33a:a393:3ada]) by smtp.gmail.com with ESMTPSA id c16sm70172wrr.53.2019.06.12.09.20.12 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Wed, 12 Jun 2019 09:20:12 -0700 (PDT) From: Ard Biesheuvel To: linux-crypto@vger.kernel.org Cc: Ard Biesheuvel , Herbert Xu , "David S. Miller" , Eric Biggers , Johannes Berg , linux-cifs@vger.kernel.org, Steve French Subject: [PATCH v5 7/7] fs: cifs: switch to RC4 library interface Date: Wed, 12 Jun 2019 18:19:59 +0200 Message-Id: <20190612161959.30478-8-ard.biesheuvel@linaro.org> X-Mailer: git-send-email 2.20.1 In-Reply-To: <20190612161959.30478-1-ard.biesheuvel@linaro.org> References: <20190612161959.30478-1-ard.biesheuvel@linaro.org> MIME-Version: 1.0 Sender: linux-crypto-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-crypto@vger.kernel.org The CIFS code uses the sync skcipher API to invoke the ecb(arc4) skcipher, of which only a single generic C code implementation exists. This means that going through all the trouble of using scatterlists etc buys us very little, and we're better off just invoking the arc4 library directly. This also reverts commit 5f4b55699aaf ("CIFS: Fix BUG() in calc_seckey()"), since it is no longer necessary to allocate sec_key on the heap. Cc: linux-cifs@vger.kernel.org Cc: Steve French Signed-off-by: Ard Biesheuvel --- fs/cifs/Kconfig | 2 +- fs/cifs/cifsencrypt.c | 62 +++++--------------- fs/cifs/cifsfs.c | 1 - 3 files changed, 17 insertions(+), 48 deletions(-) -- 2.20.1 Acked-by: Steve French diff --git a/fs/cifs/Kconfig b/fs/cifs/Kconfig index aae2b8b2adf5..523e9ea78a28 100644 --- a/fs/cifs/Kconfig +++ b/fs/cifs/Kconfig @@ -10,7 +10,7 @@ config CIFS select CRYPTO_SHA512 select CRYPTO_CMAC select CRYPTO_HMAC - select CRYPTO_ARC4 + select CRYPTO_LIB_ARC4 select CRYPTO_AEAD2 select CRYPTO_CCM select CRYPTO_ECB diff --git a/fs/cifs/cifsencrypt.c b/fs/cifs/cifsencrypt.c index d2a05e46d6f5..97b7497c13ef 100644 --- a/fs/cifs/cifsencrypt.c +++ b/fs/cifs/cifsencrypt.c @@ -33,7 +33,8 @@ #include #include #include -#include +#include +#include #include int __cifs_calc_signature(struct smb_rqst *rqst, @@ -772,63 +773,32 @@ setup_ntlmv2_rsp(struct cifs_ses *ses, const struct nls_table *nls_cp) int calc_seckey(struct cifs_ses *ses) { - int rc; - struct crypto_skcipher *tfm_arc4; - struct scatterlist sgin, sgout; - struct skcipher_request *req; - unsigned char *sec_key; + unsigned char sec_key[CIFS_SESS_KEY_SIZE]; /* a nonce */ + struct arc4_ctx *ctx_arc4; - sec_key = kmalloc(CIFS_SESS_KEY_SIZE, GFP_KERNEL); - if (sec_key == NULL) - return -ENOMEM; + if (fips_enabled) + return -ENODEV; get_random_bytes(sec_key, CIFS_SESS_KEY_SIZE); - tfm_arc4 = crypto_alloc_skcipher("ecb(arc4)", 0, CRYPTO_ALG_ASYNC); - if (IS_ERR(tfm_arc4)) { - rc = PTR_ERR(tfm_arc4); - cifs_dbg(VFS, "could not allocate crypto API arc4\n"); - goto out; - } - - rc = crypto_skcipher_setkey(tfm_arc4, ses->auth_key.response, - CIFS_SESS_KEY_SIZE); - if (rc) { - cifs_dbg(VFS, "%s: Could not set response as a key\n", - __func__); - goto out_free_cipher; - } - - req = skcipher_request_alloc(tfm_arc4, GFP_KERNEL); - if (!req) { - rc = -ENOMEM; - cifs_dbg(VFS, "could not allocate crypto API arc4 request\n"); - goto out_free_cipher; + ctx_arc4 = kmalloc(sizeof(*ctx_arc4), GFP_KERNEL); + if (!ctx_arc4) { + cifs_dbg(VFS, "could not allocate arc4 context\n"); + return -ENOMEM; } - sg_init_one(&sgin, sec_key, CIFS_SESS_KEY_SIZE); - sg_init_one(&sgout, ses->ntlmssp->ciphertext, CIFS_CPHTXT_SIZE); - - skcipher_request_set_callback(req, 0, NULL, NULL); - skcipher_request_set_crypt(req, &sgin, &sgout, CIFS_CPHTXT_SIZE, NULL); - - rc = crypto_skcipher_encrypt(req); - skcipher_request_free(req); - if (rc) { - cifs_dbg(VFS, "could not encrypt session key rc: %d\n", rc); - goto out_free_cipher; - } + arc4_setkey(ctx_arc4, ses->auth_key.response, CIFS_SESS_KEY_SIZE); + arc4_crypt(ctx_arc4, ses->ntlmssp->ciphertext, sec_key, + CIFS_CPHTXT_SIZE); /* make secondary_key/nonce as session key */ memcpy(ses->auth_key.response, sec_key, CIFS_SESS_KEY_SIZE); /* and make len as that of session key only */ ses->auth_key.len = CIFS_SESS_KEY_SIZE; -out_free_cipher: - crypto_free_skcipher(tfm_arc4); -out: - kfree(sec_key); - return rc; + memzero_explicit(sec_key, CIFS_SESS_KEY_SIZE); + kzfree(ctx_arc4); + return 0; } void diff --git a/fs/cifs/cifsfs.c b/fs/cifs/cifsfs.c index f5fcd6360056..e55afaf9e5a3 100644 --- a/fs/cifs/cifsfs.c +++ b/fs/cifs/cifsfs.c @@ -1590,7 +1590,6 @@ MODULE_DESCRIPTION ("VFS to access SMB3 servers e.g. Samba, Macs, Azure and Windows (and " "also older servers complying with the SNIA CIFS Specification)"); MODULE_VERSION(CIFS_VERSION); -MODULE_SOFTDEP("pre: arc4"); MODULE_SOFTDEP("pre: des"); MODULE_SOFTDEP("pre: ecb"); MODULE_SOFTDEP("pre: hmac");