diff options
| author | Chien Wong <m@xv97.com> | 2025-11-13 22:05:10 +0800 |
|---|---|---|
| committer | Johannes Berg <johannes.berg@intel.com> | 2025-11-20 11:56:19 +0100 |
| commit | a22fb19244cb2425b075106541bd5b3eee42730c (patch) | |
| tree | af66d2664b55e0ed5c5d6944c6c4a6bc1f58532f /net/mac80211 | |
| parent | edf62602fcbbc0440565ed18372a01e4c7bc9a9d (diff) | |
wifi: mac80211: refactor CMAC crypt functions
ieee80211_aes_cmac() and ieee80211_aes_cmac_256() are almost the same.
Merge them. This removes duplication.
Signed-off-by: Chien Wong <m@xv97.com>
Link: https://patch.msgid.link/20251113140511.48658-5-m@xv97.com
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
Diffstat (limited to 'net/mac80211')
| -rw-r--r-- | net/mac80211/aes_cmac.c | 48 | ||||
| -rw-r--r-- | net/mac80211/aes_cmac.h | 5 | ||||
| -rw-r--r-- | net/mac80211/wpa.c | 16 |
3 files changed, 19 insertions, 50 deletions
diff --git a/net/mac80211/aes_cmac.c b/net/mac80211/aes_cmac.c index 672ed80ee4ff..0827965455dc 100644 --- a/net/mac80211/aes_cmac.c +++ b/net/mac80211/aes_cmac.c @@ -21,7 +21,8 @@ static const u8 zero[IEEE80211_CMAC_256_MIC_LEN]; int ieee80211_aes_cmac(struct crypto_shash *tfm, const u8 *aad, - const u8 *data, size_t data_len, u8 *mic) + const u8 *data, size_t data_len, u8 *mic, + unsigned int mic_len) { int err; SHASH_DESC_ON_STACK(desc, tfm); @@ -42,58 +43,23 @@ int ieee80211_aes_cmac(struct crypto_shash *tfm, const u8 *aad, err = crypto_shash_update(desc, zero, 8); if (err) return err; - err = crypto_shash_update(desc, data + 8, data_len - 8 - - IEEE80211_CMAC_128_MIC_LEN); + err = crypto_shash_update(desc, data + 8, + data_len - 8 - mic_len); if (err) return err; } else { - err = crypto_shash_update(desc, data, data_len - - IEEE80211_CMAC_128_MIC_LEN); + err = crypto_shash_update(desc, data, data_len - mic_len); if (err) return err; } - err = crypto_shash_finup(desc, zero, IEEE80211_CMAC_128_MIC_LEN, out); + err = crypto_shash_finup(desc, zero, mic_len, out); if (err) return err; - memcpy(mic, out, IEEE80211_CMAC_128_MIC_LEN); + memcpy(mic, out, mic_len); return 0; } -int ieee80211_aes_cmac_256(struct crypto_shash *tfm, const u8 *aad, - const u8 *data, size_t data_len, u8 *mic) -{ - int err; - SHASH_DESC_ON_STACK(desc, tfm); - const __le16 *fc; - - desc->tfm = tfm; - - err = crypto_shash_init(desc); - if (err) - return err; - err = crypto_shash_update(desc, aad, AAD_LEN); - if (err) - return err; - fc = (const __le16 *)aad; - if (ieee80211_is_beacon(*fc)) { - /* mask Timestamp field to zero */ - err = crypto_shash_update(desc, zero, 8); - if (err) - return err; - err = crypto_shash_update(desc, data + 8, data_len - 8 - - IEEE80211_CMAC_256_MIC_LEN); - if (err) - return err; - } else { - err = crypto_shash_update(desc, data, data_len - - IEEE80211_CMAC_256_MIC_LEN); - if (err) - return err; - } - return crypto_shash_finup(desc, zero, IEEE80211_CMAC_256_MIC_LEN, mic); -} - struct crypto_shash *ieee80211_aes_cmac_key_setup(const u8 key[], size_t key_len) { diff --git a/net/mac80211/aes_cmac.h b/net/mac80211/aes_cmac.h index f74150542142..5f971a8298cb 100644 --- a/net/mac80211/aes_cmac.h +++ b/net/mac80211/aes_cmac.h @@ -12,9 +12,8 @@ struct crypto_shash *ieee80211_aes_cmac_key_setup(const u8 key[], size_t key_len); int ieee80211_aes_cmac(struct crypto_shash *tfm, const u8 *aad, - const u8 *data, size_t data_len, u8 *mic); -int ieee80211_aes_cmac_256(struct crypto_shash *tfm, const u8 *aad, - const u8 *data, size_t data_len, u8 *mic); + const u8 *data, size_t data_len, u8 *mic, + unsigned int mic_len); void ieee80211_aes_cmac_key_free(struct crypto_shash *tfm); #endif /* AES_CMAC_H */ diff --git a/net/mac80211/wpa.c b/net/mac80211/wpa.c index 3d5efd8c6e2d..7431ccecd17f 100644 --- a/net/mac80211/wpa.c +++ b/net/mac80211/wpa.c @@ -870,7 +870,8 @@ ieee80211_crypto_aes_cmac_encrypt(struct ieee80211_tx_data *tx) * MIC = AES-128-CMAC(IGTK, AAD || Management Frame Body || MMIE, 64) */ if (ieee80211_aes_cmac(key->u.aes_cmac.tfm, aad, - skb->data + 24, skb->len - 24, mmie->mic)) + skb->data + 24, skb->len - 24, mmie->mic, + IEEE80211_CMAC_128_MIC_LEN)) return TX_DROP; return TX_CONTINUE; @@ -917,8 +918,9 @@ ieee80211_crypto_aes_cmac_256_encrypt(struct ieee80211_tx_data *tx) /* MIC = AES-256-CMAC(IGTK, AAD || Management Frame Body || MMIE, 128) */ - if (ieee80211_aes_cmac_256(key->u.aes_cmac.tfm, aad, - skb->data + 24, skb->len - 24, mmie->mic)) + if (ieee80211_aes_cmac(key->u.aes_cmac.tfm, aad, + skb->data + 24, skb->len - 24, mmie->mic, + IEEE80211_CMAC_256_MIC_LEN)) return TX_DROP; return TX_CONTINUE; @@ -959,7 +961,8 @@ ieee80211_crypto_aes_cmac_decrypt(struct ieee80211_rx_data *rx) /* hardware didn't decrypt/verify MIC */ bip_aad(skb, aad); if (ieee80211_aes_cmac(key->u.aes_cmac.tfm, aad, - skb->data + 24, skb->len - 24, mic)) + skb->data + 24, skb->len - 24, mic, + IEEE80211_CMAC_128_MIC_LEN)) return RX_DROP_U_DECRYPT_FAIL; if (crypto_memneq(mic, mmie->mic, sizeof(mmie->mic))) { key->u.aes_cmac.icverrors++; @@ -1009,8 +1012,9 @@ ieee80211_crypto_aes_cmac_256_decrypt(struct ieee80211_rx_data *rx) if (!(status->flag & RX_FLAG_DECRYPTED)) { /* hardware didn't decrypt/verify MIC */ bip_aad(skb, aad); - if (ieee80211_aes_cmac_256(key->u.aes_cmac.tfm, aad, - skb->data + 24, skb->len - 24, mic)) + if (ieee80211_aes_cmac(key->u.aes_cmac.tfm, aad, + skb->data + 24, skb->len - 24, mic, + IEEE80211_CMAC_256_MIC_LEN)) return RX_DROP_U_DECRYPT_FAIL; if (crypto_memneq(mic, mmie->mic, sizeof(mmie->mic))) { key->u.aes_cmac.icverrors++; |