diff mbox series

[v3,3/7] net/lib80211: move WEP handling to ARC4 library code

Message ID 20190611134750.2974-4-ard.biesheuvel@linaro.org
State Superseded
Headers show
Series crypto: rc4 cleanup | expand

Commit Message

Ard Biesheuvel June 11, 2019, 1:47 p.m. UTC 
The crypto API abstraction is not very useful for invoking ciphers
directly, especially in the case of arc4, which only has a generic
implementation in C. So let's invoke the library code directly.

Signed-off-by: Ard Biesheuvel <ard.biesheuvel@linaro.org>

---
 net/wireless/Kconfig              |  1 +
 net/wireless/lib80211_crypt_wep.c | 49 +++++---------------
 2 files changed, 13 insertions(+), 37 deletions(-)

-- 
2.20.1

Comments

Eric Biggers June 11, 2019, 5:59 p.m. UTC | #1 
On Tue, Jun 11, 2019 at 03:47:46PM +0200, Ard Biesheuvel wrote:
> The crypto API abstraction is not very useful for invoking ciphers

> directly, especially in the case of arc4, which only has a generic

> implementation in C. So let's invoke the library code directly.

> 

> Signed-off-by: Ard Biesheuvel <ard.biesheuvel@linaro.org>

> ---

>  net/wireless/Kconfig              |  1 +

>  net/wireless/lib80211_crypt_wep.c | 49 +++++---------------

>  2 files changed, 13 insertions(+), 37 deletions(-)

> 

> diff --git a/net/wireless/Kconfig b/net/wireless/Kconfig

> index 6310ddede220..6d9c48cea07e 100644

> --- a/net/wireless/Kconfig

> +++ b/net/wireless/Kconfig

> @@ -213,6 +213,7 @@ config LIB80211

>  

>  config LIB80211_CRYPT_WEP

>  	tristate

> +	select CRYPTO_LIB_ARC4

>  

>  config LIB80211_CRYPT_CCMP

>  	tristate

> diff --git a/net/wireless/lib80211_crypt_wep.c b/net/wireless/lib80211_crypt_wep.c

> index 20c1ad63ad44..9a4e4653fe64 100644

> --- a/net/wireless/lib80211_crypt_wep.c

> +++ b/net/wireless/lib80211_crypt_wep.c

> @@ -11,6 +11,7 @@

>   */

>  

>  #include <linux/err.h>

> +#include <linux/fips.h>

>  #include <linux/module.h>

>  #include <linux/init.h>

>  #include <linux/slab.h>

> @@ -22,7 +23,7 @@

>  

>  #include <net/lib80211.h>

>  

> -#include <linux/crypto.h>

> +#include <crypto/arc4.h>

>  #include <linux/crc32.h>

>  

>  MODULE_AUTHOR("Jouni Malinen");

> @@ -35,51 +36,30 @@ struct lib80211_wep_data {

>  	u8 key[WEP_KEY_LEN + 1];

>  	u8 key_len;

>  	u8 key_idx;

> -	struct crypto_cipher *tx_tfm;

> -	struct crypto_cipher *rx_tfm;

> +	struct arc4_ctx tx_ctx;

> +	struct arc4_ctx rx_ctx;

>  };

>  

>  static void *lib80211_wep_init(int keyidx)

>  {

>  	struct lib80211_wep_data *priv;

>  

> +	if (fips_enabled)

> +		return NULL;

> +

>  	priv = kzalloc(sizeof(*priv), GFP_ATOMIC);

>  	if (priv == NULL)

> -		goto fail;

> +		return NULL;

>  	priv->key_idx = keyidx;

>  

> -	priv->tx_tfm = crypto_alloc_cipher("arc4", 0, 0);

> -	if (IS_ERR(priv->tx_tfm)) {

> -		priv->tx_tfm = NULL;

> -		goto fail;

> -	}

> -

> -	priv->rx_tfm = crypto_alloc_cipher("arc4", 0, 0);

> -	if (IS_ERR(priv->rx_tfm)) {

> -		priv->rx_tfm = NULL;

> -		goto fail;

> -	}

>  	/* start WEP IV from a random value */

>  	get_random_bytes(&priv->iv, 4);

>  

>  	return priv;

> -

> -      fail:

> -	if (priv) {

> -		crypto_free_cipher(priv->tx_tfm);

> -		crypto_free_cipher(priv->rx_tfm);

> -		kfree(priv);

> -	}

> -	return NULL;

>  }

>  

>  static void lib80211_wep_deinit(void *priv)

>  {

> -	struct lib80211_wep_data *_priv = priv;

> -	if (_priv) {

> -		crypto_free_cipher(_priv->tx_tfm);

> -		crypto_free_cipher(_priv->rx_tfm);

> -	}

>  	kfree(priv);

>  }


How about changing lib80211_wep_deinit() to use kzfree()?  As a result of
changing to the ARC4 library, the arc4_ctx is no longer zeroed.  Of course it's
not any worse than it was before since the raw key is already in
lib80211_wep_data too, but it really ought to be kzfree()...

- Eric
diff mbox series

Patch

diff --git a/net/wireless/Kconfig b/net/wireless/Kconfig
index 6310ddede220..6d9c48cea07e 100644
--- a/net/wireless/Kconfig
+++ b/net/wireless/Kconfig
@@ -213,6 +213,7 @@  config LIB80211
 
 config LIB80211_CRYPT_WEP
 	tristate
+	select CRYPTO_LIB_ARC4
 
 config LIB80211_CRYPT_CCMP
 	tristate
diff --git a/net/wireless/lib80211_crypt_wep.c b/net/wireless/lib80211_crypt_wep.c
index 20c1ad63ad44..9a4e4653fe64 100644
--- a/net/wireless/lib80211_crypt_wep.c
+++ b/net/wireless/lib80211_crypt_wep.c
@@ -11,6 +11,7 @@ 
  */
 
 #include <linux/err.h>
+#include <linux/fips.h>
 #include <linux/module.h>
 #include <linux/init.h>
 #include <linux/slab.h>
@@ -22,7 +23,7 @@ 
 
 #include <net/lib80211.h>
 
-#include <linux/crypto.h>
+#include <crypto/arc4.h>
 #include <linux/crc32.h>
 
 MODULE_AUTHOR("Jouni Malinen");
@@ -35,51 +36,30 @@  struct lib80211_wep_data {
 	u8 key[WEP_KEY_LEN + 1];
 	u8 key_len;
 	u8 key_idx;
-	struct crypto_cipher *tx_tfm;
-	struct crypto_cipher *rx_tfm;
+	struct arc4_ctx tx_ctx;
+	struct arc4_ctx rx_ctx;
 };
 
 static void *lib80211_wep_init(int keyidx)
 {
 	struct lib80211_wep_data *priv;
 
+	if (fips_enabled)
+		return NULL;
+
 	priv = kzalloc(sizeof(*priv), GFP_ATOMIC);
 	if (priv == NULL)
-		goto fail;
+		return NULL;
 	priv->key_idx = keyidx;
 
-	priv->tx_tfm = crypto_alloc_cipher("arc4", 0, 0);
-	if (IS_ERR(priv->tx_tfm)) {
-		priv->tx_tfm = NULL;
-		goto fail;
-	}
-
-	priv->rx_tfm = crypto_alloc_cipher("arc4", 0, 0);
-	if (IS_ERR(priv->rx_tfm)) {
-		priv->rx_tfm = NULL;
-		goto fail;
-	}
 	/* start WEP IV from a random value */
 	get_random_bytes(&priv->iv, 4);
 
 	return priv;
-
-      fail:
-	if (priv) {
-		crypto_free_cipher(priv->tx_tfm);
-		crypto_free_cipher(priv->rx_tfm);
-		kfree(priv);
-	}
-	return NULL;
 }
 
 static void lib80211_wep_deinit(void *priv)
 {
-	struct lib80211_wep_data *_priv = priv;
-	if (_priv) {
-		crypto_free_cipher(_priv->tx_tfm);
-		crypto_free_cipher(_priv->rx_tfm);
-	}
 	kfree(priv);
 }
 
@@ -132,7 +112,6 @@  static int lib80211_wep_encrypt(struct sk_buff *skb, int hdr_len, void *priv)
 	u32 crc, klen, len;
 	u8 *pos, *icv;
 	u8 key[WEP_KEY_LEN + 3];
-	int i;
 
 	/* other checks are in lib80211_wep_build_iv */
 	if (skb_tailroom(skb) < 4)
@@ -160,10 +139,8 @@  static int lib80211_wep_encrypt(struct sk_buff *skb, int hdr_len, void *priv)
 	icv[2] = crc >> 16;
 	icv[3] = crc >> 24;
 
-	crypto_cipher_setkey(wep->tx_tfm, key, klen);
-
-	for (i = 0; i < len + 4; i++)
-		crypto_cipher_encrypt_one(wep->tx_tfm, pos + i, pos + i);
+	arc4_setkey(&wep->tx_ctx, key, klen);
+	arc4_crypt(&wep->tx_ctx, pos, pos, len + 4);
 
 	return 0;
 }
@@ -181,7 +158,6 @@  static int lib80211_wep_decrypt(struct sk_buff *skb, int hdr_len, void *priv)
 	u32 crc, klen, plen;
 	u8 key[WEP_KEY_LEN + 3];
 	u8 keyidx, *pos, icv[4];
-	int i;
 
 	if (skb->len < hdr_len + 8)
 		return -1;
@@ -202,9 +178,8 @@  static int lib80211_wep_decrypt(struct sk_buff *skb, int hdr_len, void *priv)
 	/* Apply RC4 to data and compute CRC32 over decrypted data */
 	plen = skb->len - hdr_len - 8;
 
-	crypto_cipher_setkey(wep->rx_tfm, key, klen);
-	for (i = 0; i < plen + 4; i++)
-		crypto_cipher_decrypt_one(wep->rx_tfm, pos + i, pos + i);
+	arc4_setkey(&wep->rx_ctx, key, klen);
+	arc4_crypt(&wep->rx_ctx, pos, pos, plen + 4);
 
 	crc = ~crc32_le(~0, pos, plen);
 	icv[0] = crc;