mirror of
https://github.com/torvalds/linux.git
synced 2024-11-18 18:11:56 +00:00
453431a549
As said by Linus: A symmetric naming is only helpful if it implies symmetries in use. Otherwise it's actively misleading. In "kzalloc()", the z is meaningful and an important part of what the caller wants. In "kzfree()", the z is actively detrimental, because maybe in the future we really _might_ want to use that "memfill(0xdeadbeef)" or something. The "zero" part of the interface isn't even _relevant_. The main reason that kzfree() exists is to clear sensitive information that should not be leaked to other future users of the same memory objects. Rename kzfree() to kfree_sensitive() to follow the example of the recently added kvfree_sensitive() and make the intention of the API more explicit. In addition, memzero_explicit() is used to clear the memory to make sure that it won't get optimized away by the compiler. The renaming is done by using the command sequence: git grep -w --name-only kzfree |\ xargs sed -i 's/kzfree/kfree_sensitive/' followed by some editing of the kfree_sensitive() kerneldoc and adding a kzfree backward compatibility macro in slab.h. [akpm@linux-foundation.org: fs/crypto/inline_crypt.c needs linux/slab.h] [akpm@linux-foundation.org: fix fs/crypto/inline_crypt.c some more] Suggested-by: Joe Perches <joe@perches.com> Signed-off-by: Waiman Long <longman@redhat.com> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Acked-by: David Howells <dhowells@redhat.com> Acked-by: Michal Hocko <mhocko@suse.com> Acked-by: Johannes Weiner <hannes@cmpxchg.org> Cc: Jarkko Sakkinen <jarkko.sakkinen@linux.intel.com> Cc: James Morris <jmorris@namei.org> Cc: "Serge E. Hallyn" <serge@hallyn.com> Cc: Joe Perches <joe@perches.com> Cc: Matthew Wilcox <willy@infradead.org> Cc: David Rientjes <rientjes@google.com> Cc: Dan Carpenter <dan.carpenter@oracle.com> Cc: "Jason A . Donenfeld" <Jason@zx2c4.com> Link: http://lkml.kernel.org/r/20200616154311.12314-3-longman@redhat.com Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
92 lines
2.2 KiB
C
92 lines
2.2 KiB
C
// SPDX-License-Identifier: GPL-2.0-only
|
|
/*
|
|
* AES-GMAC for IEEE 802.11 BIP-GMAC-128 and BIP-GMAC-256
|
|
* Copyright 2015, Qualcomm Atheros, Inc.
|
|
*/
|
|
|
|
#include <linux/kernel.h>
|
|
#include <linux/types.h>
|
|
#include <linux/err.h>
|
|
#include <crypto/aead.h>
|
|
#include <crypto/aes.h>
|
|
|
|
#include <net/mac80211.h>
|
|
#include "key.h"
|
|
#include "aes_gmac.h"
|
|
|
|
int ieee80211_aes_gmac(struct crypto_aead *tfm, const u8 *aad, u8 *nonce,
|
|
const u8 *data, size_t data_len, u8 *mic)
|
|
{
|
|
struct scatterlist sg[5];
|
|
u8 *zero, *__aad, iv[AES_BLOCK_SIZE];
|
|
struct aead_request *aead_req;
|
|
int reqsize = sizeof(*aead_req) + crypto_aead_reqsize(tfm);
|
|
const __le16 *fc;
|
|
|
|
if (data_len < GMAC_MIC_LEN)
|
|
return -EINVAL;
|
|
|
|
aead_req = kzalloc(reqsize + GMAC_MIC_LEN + GMAC_AAD_LEN, GFP_ATOMIC);
|
|
if (!aead_req)
|
|
return -ENOMEM;
|
|
|
|
zero = (u8 *)aead_req + reqsize;
|
|
__aad = zero + GMAC_MIC_LEN;
|
|
memcpy(__aad, aad, GMAC_AAD_LEN);
|
|
|
|
fc = (const __le16 *)aad;
|
|
if (ieee80211_is_beacon(*fc)) {
|
|
/* mask Timestamp field to zero */
|
|
sg_init_table(sg, 5);
|
|
sg_set_buf(&sg[0], __aad, GMAC_AAD_LEN);
|
|
sg_set_buf(&sg[1], zero, 8);
|
|
sg_set_buf(&sg[2], data + 8, data_len - 8 - GMAC_MIC_LEN);
|
|
sg_set_buf(&sg[3], zero, GMAC_MIC_LEN);
|
|
sg_set_buf(&sg[4], mic, GMAC_MIC_LEN);
|
|
} else {
|
|
sg_init_table(sg, 4);
|
|
sg_set_buf(&sg[0], __aad, GMAC_AAD_LEN);
|
|
sg_set_buf(&sg[1], data, data_len - GMAC_MIC_LEN);
|
|
sg_set_buf(&sg[2], zero, GMAC_MIC_LEN);
|
|
sg_set_buf(&sg[3], mic, GMAC_MIC_LEN);
|
|
}
|
|
|
|
memcpy(iv, nonce, GMAC_NONCE_LEN);
|
|
memset(iv + GMAC_NONCE_LEN, 0, sizeof(iv) - GMAC_NONCE_LEN);
|
|
iv[AES_BLOCK_SIZE - 1] = 0x01;
|
|
|
|
aead_request_set_tfm(aead_req, tfm);
|
|
aead_request_set_crypt(aead_req, sg, sg, 0, iv);
|
|
aead_request_set_ad(aead_req, GMAC_AAD_LEN + data_len);
|
|
|
|
crypto_aead_encrypt(aead_req);
|
|
kfree_sensitive(aead_req);
|
|
|
|
return 0;
|
|
}
|
|
|
|
struct crypto_aead *ieee80211_aes_gmac_key_setup(const u8 key[],
|
|
size_t key_len)
|
|
{
|
|
struct crypto_aead *tfm;
|
|
int err;
|
|
|
|
tfm = crypto_alloc_aead("gcm(aes)", 0, CRYPTO_ALG_ASYNC);
|
|
if (IS_ERR(tfm))
|
|
return tfm;
|
|
|
|
err = crypto_aead_setkey(tfm, key, key_len);
|
|
if (!err)
|
|
err = crypto_aead_setauthsize(tfm, GMAC_MIC_LEN);
|
|
if (!err)
|
|
return tfm;
|
|
|
|
crypto_free_aead(tfm);
|
|
return ERR_PTR(err);
|
|
}
|
|
|
|
void ieee80211_aes_gmac_key_free(struct crypto_aead *tfm)
|
|
{
|
|
crypto_free_aead(tfm);
|
|
}
|