Commit 5f9f1812b68a2979bc97399cd4954f1c191986af
Committed by
John W. Linville
1 parent
203afecaa3
Exists in
master
and in
4 other branches
mac80211: remove the dependency on crypto_blkcipher
The only thing that using crypto_blkcipher with ecb does over just using arc4 directly is wrapping the encrypt/decrypt function into a for loop, looping over each individual character. To be able to do this, it pulls in around 40 kb worth of unnecessary kernel modules (at least on a MIPS embedded device). Using arc4 directly not only eliminates those dependencies, it also makes the code smaller. Signed-off-by: Felix Fietkau <nbd@openwrt.org> Signed-off-by: John W. Linville <linville@tuxdriver.com>
Showing 6 changed files with 23 additions and 28 deletions Side-by-side Diff
net/mac80211/Kconfig
net/mac80211/ieee80211_i.h
... | ... | @@ -809,8 +809,8 @@ |
809 | 809 | |
810 | 810 | struct rate_control_ref *rate_ctrl; |
811 | 811 | |
812 | - struct crypto_blkcipher *wep_tx_tfm; | |
813 | - struct crypto_blkcipher *wep_rx_tfm; | |
812 | + struct crypto_cipher *wep_tx_tfm; | |
813 | + struct crypto_cipher *wep_rx_tfm; | |
814 | 814 | u32 wep_iv; |
815 | 815 | |
816 | 816 | /* see iface.c */ |
net/mac80211/tkip.c
... | ... | @@ -202,7 +202,7 @@ |
202 | 202 | * @payload_len is the length of payload (_not_ including IV/ICV length). |
203 | 203 | * @ta is the transmitter addresses. |
204 | 204 | */ |
205 | -int ieee80211_tkip_encrypt_data(struct crypto_blkcipher *tfm, | |
205 | +int ieee80211_tkip_encrypt_data(struct crypto_cipher *tfm, | |
206 | 206 | struct ieee80211_key *key, |
207 | 207 | u8 *pos, size_t payload_len, u8 *ta) |
208 | 208 | { |
... | ... | @@ -223,7 +223,7 @@ |
223 | 223 | * beginning of the buffer containing IEEE 802.11 header payload, i.e., |
224 | 224 | * including IV, Ext. IV, real data, Michael MIC, ICV. @payload_len is the |
225 | 225 | * length of payload, including IV, Ext. IV, MIC, ICV. */ |
226 | -int ieee80211_tkip_decrypt_data(struct crypto_blkcipher *tfm, | |
226 | +int ieee80211_tkip_decrypt_data(struct crypto_cipher *tfm, | |
227 | 227 | struct ieee80211_key *key, |
228 | 228 | u8 *payload, size_t payload_len, u8 *ta, |
229 | 229 | u8 *ra, int only_iv, int queue, |
net/mac80211/tkip.h
... | ... | @@ -15,7 +15,7 @@ |
15 | 15 | |
16 | 16 | u8 *ieee80211_tkip_add_iv(u8 *pos, struct ieee80211_key *key, u16 iv16); |
17 | 17 | |
18 | -int ieee80211_tkip_encrypt_data(struct crypto_blkcipher *tfm, | |
18 | +int ieee80211_tkip_encrypt_data(struct crypto_cipher *tfm, | |
19 | 19 | struct ieee80211_key *key, |
20 | 20 | u8 *pos, size_t payload_len, u8 *ta); |
21 | 21 | enum { |
... | ... | @@ -24,7 +24,7 @@ |
24 | 24 | TKIP_DECRYPT_INVALID_KEYIDX = -2, |
25 | 25 | TKIP_DECRYPT_REPLAY = -3, |
26 | 26 | }; |
27 | -int ieee80211_tkip_decrypt_data(struct crypto_blkcipher *tfm, | |
27 | +int ieee80211_tkip_decrypt_data(struct crypto_cipher *tfm, | |
28 | 28 | struct ieee80211_key *key, |
29 | 29 | u8 *payload, size_t payload_len, u8 *ta, |
30 | 30 | u8 *ra, int only_iv, int queue, |
net/mac80211/wep.c
... | ... | @@ -30,17 +30,15 @@ |
30 | 30 | /* start WEP IV from a random value */ |
31 | 31 | get_random_bytes(&local->wep_iv, WEP_IV_LEN); |
32 | 32 | |
33 | - local->wep_tx_tfm = crypto_alloc_blkcipher("ecb(arc4)", 0, | |
34 | - CRYPTO_ALG_ASYNC); | |
33 | + local->wep_tx_tfm = crypto_alloc_cipher("arc4", 0, CRYPTO_ALG_ASYNC); | |
35 | 34 | if (IS_ERR(local->wep_tx_tfm)) { |
36 | 35 | local->wep_rx_tfm = ERR_PTR(-EINVAL); |
37 | 36 | return PTR_ERR(local->wep_tx_tfm); |
38 | 37 | } |
39 | 38 | |
40 | - local->wep_rx_tfm = crypto_alloc_blkcipher("ecb(arc4)", 0, | |
41 | - CRYPTO_ALG_ASYNC); | |
39 | + local->wep_rx_tfm = crypto_alloc_cipher("arc4", 0, CRYPTO_ALG_ASYNC); | |
42 | 40 | if (IS_ERR(local->wep_rx_tfm)) { |
43 | - crypto_free_blkcipher(local->wep_tx_tfm); | |
41 | + crypto_free_cipher(local->wep_tx_tfm); | |
44 | 42 | local->wep_tx_tfm = ERR_PTR(-EINVAL); |
45 | 43 | return PTR_ERR(local->wep_rx_tfm); |
46 | 44 | } |
47 | 45 | |
... | ... | @@ -51,9 +49,9 @@ |
51 | 49 | void ieee80211_wep_free(struct ieee80211_local *local) |
52 | 50 | { |
53 | 51 | if (!IS_ERR(local->wep_tx_tfm)) |
54 | - crypto_free_blkcipher(local->wep_tx_tfm); | |
52 | + crypto_free_cipher(local->wep_tx_tfm); | |
55 | 53 | if (!IS_ERR(local->wep_rx_tfm)) |
56 | - crypto_free_blkcipher(local->wep_rx_tfm); | |
54 | + crypto_free_cipher(local->wep_rx_tfm); | |
57 | 55 | } |
58 | 56 | |
59 | 57 | static inline bool ieee80211_wep_weak_iv(u32 iv, int keylen) |
60 | 58 | |
61 | 59 | |
... | ... | @@ -127,12 +125,11 @@ |
127 | 125 | /* Perform WEP encryption using given key. data buffer must have tailroom |
128 | 126 | * for 4-byte ICV. data_len must not include this ICV. Note: this function |
129 | 127 | * does _not_ add IV. data = RC4(data | CRC32(data)) */ |
130 | -int ieee80211_wep_encrypt_data(struct crypto_blkcipher *tfm, u8 *rc4key, | |
128 | +int ieee80211_wep_encrypt_data(struct crypto_cipher *tfm, u8 *rc4key, | |
131 | 129 | size_t klen, u8 *data, size_t data_len) |
132 | 130 | { |
133 | - struct blkcipher_desc desc = { .tfm = tfm }; | |
134 | - struct scatterlist sg; | |
135 | 131 | __le32 icv; |
132 | + int i; | |
136 | 133 | |
137 | 134 | if (IS_ERR(tfm)) |
138 | 135 | return -1; |
... | ... | @@ -140,9 +137,9 @@ |
140 | 137 | icv = cpu_to_le32(~crc32_le(~0, data, data_len)); |
141 | 138 | put_unaligned(icv, (__le32 *)(data + data_len)); |
142 | 139 | |
143 | - crypto_blkcipher_setkey(tfm, rc4key, klen); | |
144 | - sg_init_one(&sg, data, data_len + WEP_ICV_LEN); | |
145 | - crypto_blkcipher_encrypt(&desc, &sg, &sg, sg.length); | |
140 | + crypto_cipher_setkey(tfm, rc4key, klen); | |
141 | + for (i = 0; i < data_len + WEP_ICV_LEN; i++) | |
142 | + crypto_cipher_encrypt_one(tfm, data + i, data + i); | |
146 | 143 | |
147 | 144 | return 0; |
148 | 145 | } |
149 | 146 | |
150 | 147 | |
151 | 148 | |
... | ... | @@ -186,19 +183,18 @@ |
186 | 183 | /* Perform WEP decryption using given key. data buffer includes encrypted |
187 | 184 | * payload, including 4-byte ICV, but _not_ IV. data_len must not include ICV. |
188 | 185 | * Return 0 on success and -1 on ICV mismatch. */ |
189 | -int ieee80211_wep_decrypt_data(struct crypto_blkcipher *tfm, u8 *rc4key, | |
186 | +int ieee80211_wep_decrypt_data(struct crypto_cipher *tfm, u8 *rc4key, | |
190 | 187 | size_t klen, u8 *data, size_t data_len) |
191 | 188 | { |
192 | - struct blkcipher_desc desc = { .tfm = tfm }; | |
193 | - struct scatterlist sg; | |
194 | 189 | __le32 crc; |
190 | + int i; | |
195 | 191 | |
196 | 192 | if (IS_ERR(tfm)) |
197 | 193 | return -1; |
198 | 194 | |
199 | - crypto_blkcipher_setkey(tfm, rc4key, klen); | |
200 | - sg_init_one(&sg, data, data_len + WEP_ICV_LEN); | |
201 | - crypto_blkcipher_decrypt(&desc, &sg, &sg, sg.length); | |
195 | + crypto_cipher_setkey(tfm, rc4key, klen); | |
196 | + for (i = 0; i < data_len + WEP_ICV_LEN; i++) | |
197 | + crypto_cipher_decrypt_one(tfm, data + i, data + i); | |
202 | 198 | |
203 | 199 | crc = cpu_to_le32(~crc32_le(~0, data, data_len)); |
204 | 200 | if (memcmp(&crc, data + data_len, WEP_ICV_LEN) != 0) |
net/mac80211/wep.h
... | ... | @@ -18,12 +18,12 @@ |
18 | 18 | |
19 | 19 | int ieee80211_wep_init(struct ieee80211_local *local); |
20 | 20 | void ieee80211_wep_free(struct ieee80211_local *local); |
21 | -int ieee80211_wep_encrypt_data(struct crypto_blkcipher *tfm, u8 *rc4key, | |
21 | +int ieee80211_wep_encrypt_data(struct crypto_cipher *tfm, u8 *rc4key, | |
22 | 22 | size_t klen, u8 *data, size_t data_len); |
23 | 23 | int ieee80211_wep_encrypt(struct ieee80211_local *local, |
24 | 24 | struct sk_buff *skb, |
25 | 25 | const u8 *key, int keylen, int keyidx); |
26 | -int ieee80211_wep_decrypt_data(struct crypto_blkcipher *tfm, u8 *rc4key, | |
26 | +int ieee80211_wep_decrypt_data(struct crypto_cipher *tfm, u8 *rc4key, | |
27 | 27 | size_t klen, u8 *data, size_t data_len); |
28 | 28 | bool ieee80211_wep_is_weak_iv(struct sk_buff *skb, struct ieee80211_key *key); |
29 | 29 |