From: Eric Biggers <ebiggers@kernel.org>
To: linux-crypto@vger.kernel.org
Cc: linux-kernel@vger.kernel.org, Eric Biggers <ebiggers@kernel.org>
Subject: [PATCH 23/33] wifi: mac80211: Use AES-CTR library in fils_aead.c
Date: Mon, 6 Jul 2026 22:34:53 -0700 [thread overview]
Message-ID: <20260707053503.209874-24-ebiggers@kernel.org> (raw)
In-Reply-To: <20260707053503.209874-1-ebiggers@kernel.org>
Now that there's a library API for AES-CTR, use it instead of a
"ctr(aes)" crypto_skcipher in aes_siv_encrypt() and aes_siv_decrypt().
This significantly simplifies the code.
Further simplify both aes_siv_encrypt() and aes_siv_decrypt() by
memmove()ing the source data to the destination buffer (which is offset
by 16 bytes from the source), then doing AES-CTR in-place. This
eliminates the need for the temporary buffer in aes_siv_encrypt(), or to
rely on an unsupported overlapped operation in aes_siv_decrypt(). The
latter was technically a bug, though presumably it worked accidentally.
Finally, also fix the auth tag verification to use crypto_memneq().
Signed-off-by: Eric Biggers <ebiggers@kernel.org>
---
net/mac80211/Kconfig | 1 +
net/mac80211/fils_aead.c | 90 ++++++++++++----------------------------
2 files changed, 27 insertions(+), 64 deletions(-)
diff --git a/net/mac80211/Kconfig b/net/mac80211/Kconfig
index d6bc295e23a1..8fe97e63ff39 100644
--- a/net/mac80211/Kconfig
+++ b/net/mac80211/Kconfig
@@ -4,6 +4,7 @@ config MAC80211
depends on CFG80211
select CRYPTO
select CRYPTO_LIB_AES_CBC_MACS
+ select CRYPTO_LIB_AES_CTR
select CRYPTO_LIB_ARC4
select CRYPTO_AES
select CRYPTO_CCM
diff --git a/net/mac80211/fils_aead.c b/net/mac80211/fils_aead.c
index d2f4a17eab99..1084c3d0a0e7 100644
--- a/net/mac80211/fils_aead.c
+++ b/net/mac80211/fils_aead.c
@@ -5,7 +5,7 @@
*/
#include <crypto/aes-cbc-macs.h>
-#include <crypto/skcipher.h>
+#include <crypto/aes-ctr.h>
#include <crypto/utils.h>
#include "ieee80211_i.h"
@@ -73,11 +73,8 @@ static int aes_siv_encrypt(const u8 *key, size_t key_len,
size_t len[], u8 *out)
{
u8 v[AES_BLOCK_SIZE];
- struct crypto_skcipher *tfm2;
- struct skcipher_request *req;
+ struct aes_enckey aes_key;
int res;
- struct scatterlist src[1], dst[1];
- u8 *tmp;
key_len /= 2; /* S2V key || CTR key */
@@ -90,12 +87,12 @@ static int aes_siv_encrypt(const u8 *key, size_t key_len,
if (res)
return res;
- /* Use a temporary buffer of the plaintext to handle need for
- * overwriting this during AES-CTR.
+ /*
+ * Move the plaintext to prepare it for in-place encryption. This
+ * avoids needing to copy it into a temporary buffer to prevent it from
+ * being clobbered by the IV copy or AES-CTR itself when out == plain.
*/
- tmp = kmemdup(plain, plain_len, GFP_KERNEL);
- if (!tmp)
- return -ENOMEM;
+ memmove(out + AES_BLOCK_SIZE, plain, plain_len);
/* IV for CTR before encrypted data */
memcpy(out, v, AES_BLOCK_SIZE);
@@ -106,33 +103,14 @@ static int aes_siv_encrypt(const u8 *key, size_t key_len,
v[8] &= 0x7f;
v[12] &= 0x7f;
- /* CTR */
-
- tfm2 = crypto_alloc_skcipher("ctr(aes)", 0, CRYPTO_ALG_ASYNC);
- if (IS_ERR(tfm2)) {
- kfree(tmp);
- return PTR_ERR(tfm2);
- }
- /* K2 for CTR */
- res = crypto_skcipher_setkey(tfm2, key + key_len, key_len);
+ /* CTR with K2 */
+ res = aes_prepareenckey(&aes_key, key + key_len, key_len);
if (res)
- goto fail;
-
- req = skcipher_request_alloc(tfm2, GFP_KERNEL);
- if (!req) {
- res = -ENOMEM;
- goto fail;
- }
-
- sg_init_one(src, tmp, plain_len);
- sg_init_one(dst, out + AES_BLOCK_SIZE, plain_len);
- skcipher_request_set_crypt(req, src, dst, plain_len, v);
- res = crypto_skcipher_encrypt(req);
- skcipher_request_free(req);
-fail:
- kfree(tmp);
- crypto_free_skcipher(tfm2);
- return res;
+ return res;
+ aes_ctr(out + AES_BLOCK_SIZE, out + AES_BLOCK_SIZE, plain_len, v,
+ &aes_key);
+ memzero_explicit(&aes_key, sizeof(aes_key));
+ return 0;
}
/* Note: addr[] and len[] needs to have one extra slot at the end. */
@@ -141,9 +119,7 @@ static int aes_siv_decrypt(const u8 *key, size_t key_len,
size_t num_elem, const u8 *addr[], size_t len[],
u8 *out)
{
- struct crypto_skcipher *tfm2;
- struct skcipher_request *req;
- struct scatterlist src[1], dst[1];
+ struct aes_enckey aes_key;
size_t crypt_len;
int res;
u8 frame_iv[AES_BLOCK_SIZE], iv[AES_BLOCK_SIZE];
@@ -164,38 +140,24 @@ static int aes_siv_decrypt(const u8 *key, size_t key_len,
iv[8] &= 0x7f;
iv[12] &= 0x7f;
- /* CTR */
-
- tfm2 = crypto_alloc_skcipher("ctr(aes)", 0, CRYPTO_ALG_ASYNC);
- if (IS_ERR(tfm2))
- return PTR_ERR(tfm2);
- /* K2 for CTR */
- res = crypto_skcipher_setkey(tfm2, key + key_len, key_len);
- if (res) {
- crypto_free_skcipher(tfm2);
- return res;
- }
-
- req = skcipher_request_alloc(tfm2, GFP_KERNEL);
- if (!req) {
- crypto_free_skcipher(tfm2);
- return -ENOMEM;
- }
-
- sg_init_one(src, iv_crypt + AES_BLOCK_SIZE, crypt_len);
- sg_init_one(dst, out, crypt_len);
- skcipher_request_set_crypt(req, src, dst, crypt_len, iv);
- res = crypto_skcipher_decrypt(req);
- skcipher_request_free(req);
- crypto_free_skcipher(tfm2);
+ /* CTR with K2 */
+ res = aes_prepareenckey(&aes_key, key + key_len, key_len);
if (res)
return res;
+ /*
+ * aes_ctr(out, iv_crypt + AES_BLOCK_SIZE, ...) is an unsupported
+ * overlapped operation when out == iv_crypt, so memmove() the data to
+ * 'out' first to enable standard in-place operation.
+ */
+ memmove(out, iv_crypt + AES_BLOCK_SIZE, crypt_len);
+ aes_ctr(out, out, crypt_len, iv, &aes_key);
+ memzero_explicit(&aes_key, sizeof(aes_key));
/* S2V */
res = aes_s2v(key /* K1 */, key_len, num_elem, addr, len, check);
if (res)
return res;
- if (memcmp(check, frame_iv, AES_BLOCK_SIZE) != 0)
+ if (crypto_memneq(check, frame_iv, AES_BLOCK_SIZE))
return -EINVAL;
return 0;
}
--
2.54.0
next prev parent reply other threads:[~2026-07-07 5:37 UTC|newest]
Thread overview: 54+ messages / expand[flat|nested] mbox.gz Atom feed top
2026-07-07 5:34 [PATCH 00/33] Library APIs for AES encryption modes Eric Biggers
2026-07-07 5:34 ` [PATCH 01/33] crypto: xts - Split out __xts_verify_key() helper Eric Biggers
2026-07-07 13:20 ` Thomas Huth
2026-07-07 5:34 ` [PATCH 02/33] lib/crypto: aes: Add ECB support Eric Biggers
2026-07-07 13:59 ` Thomas Huth
2026-07-07 19:22 ` Eric Biggers
2026-07-08 5:29 ` Thomas Huth
2026-07-07 5:34 ` [PATCH 03/33] lib/crypto: aes: Add CBC and CBC-CTS support Eric Biggers
2026-07-09 13:06 ` Thomas Huth
2026-07-13 23:37 ` Eric Biggers
2026-07-07 5:34 ` [PATCH 04/33] lib/crypto: aes: Add CTR and XCTR support Eric Biggers
2026-07-13 8:39 ` Thomas Huth
2026-07-13 23:54 ` Eric Biggers
2026-07-14 4:53 ` Thomas Huth
2026-07-07 5:34 ` [PATCH 05/33] lib/crypto: aes: Add XTS support Eric Biggers
2026-07-13 12:15 ` Thomas Huth
2026-07-14 0:23 ` Eric Biggers
2026-07-07 5:34 ` [PATCH 06/33] lib/crypto: aes: Add GCM support Eric Biggers
2026-07-07 5:34 ` [PATCH 07/33] lib/crypto: aes: Add CCM support Eric Biggers
2026-07-07 5:34 ` [PATCH 08/33] crypto: aes - Add ECB support using library Eric Biggers
2026-07-07 5:34 ` [PATCH 09/33] crypto: aes - Add CBC and CBC-CTS " Eric Biggers
2026-07-07 5:34 ` [PATCH 10/33] crypto: aes - Add CTR and XCTR " Eric Biggers
2026-07-07 5:34 ` [PATCH 11/33] crypto: aes - Add XTS " Eric Biggers
2026-07-07 5:34 ` [PATCH 12/33] crypto: aes - Add GCM " Eric Biggers
2026-07-07 5:34 ` [PATCH 13/33] crypto: aes - Add CCM " Eric Biggers
2026-07-07 5:34 ` [PATCH 14/33] x86/sev: Use new AES-GCM library Eric Biggers
2026-07-07 5:34 ` [PATCH 15/33] lib/crypto: aesgcm: Remove old " Eric Biggers
2026-07-07 5:34 ` [PATCH 16/33] crypto: aes - Remove AES-CBC-MAC support Eric Biggers
2026-07-07 5:34 ` [PATCH 17/33] lib/crypto: aes: Remove aes_cbcmac_* functions Eric Biggers
2026-07-07 5:34 ` [PATCH 18/33] fscrypt: Use aes_ecb_encrypt() for v1 key derivation Eric Biggers
2026-07-07 5:34 ` [PATCH 19/33] KEYS: encrypted: Use AES-CBC library instead of crypto_skcipher Eric Biggers
2026-07-07 5:34 ` [PATCH 20/33] KEYS: trusted: dcp: Use AES-GCM library instead of crypto_aead Eric Biggers
2026-07-07 5:34 ` [PATCH 21/33] libceph: Use AES-CBC library in ceph_aes_crypt() Eric Biggers
2026-07-07 5:34 ` [PATCH 22/33] libceph: Reimplement messenger v2 encryption using AES-GCM library Eric Biggers
2026-07-07 5:34 ` Eric Biggers [this message]
2026-07-07 5:34 ` [PATCH 24/33] wifi: mac80211: Use AES-GCM library for GMAC suite Eric Biggers
2026-07-07 5:34 ` [PATCH 25/33] wifi: mac80211: Use crypto libraries for GCMP and CCMP suites Eric Biggers
2026-07-07 5:34 ` [PATCH 26/33] macsec: Use AES-GCM library instead of crypto_aead Eric Biggers
2026-07-07 5:34 ` [PATCH 27/33] wifi: ipw2x00: Use AES-CCM library Eric Biggers
2026-07-07 5:34 ` [PATCH 28/33] mac802154: Use AES-CCM and AES-CTR libraries Eric Biggers
2026-07-07 5:34 ` [PATCH 29/33] bpf: crypto: Use AES-CBC and AES-ECB libraries Eric Biggers
2026-07-07 15:01 ` Vadim Fedorenko
2026-07-07 18:20 ` Eric Biggers
2026-07-07 22:50 ` Vadim Fedorenko
2026-07-07 23:16 ` Eric Biggers
2026-07-08 11:47 ` Vadim Fedorenko
2026-07-09 15:47 ` Eric Biggers
2026-07-09 16:46 ` Vadim Fedorenko
2026-07-07 5:35 ` [PATCH 30/33] bpf: crypto: Add AES-GCM support Eric Biggers
2026-07-07 15:02 ` Vadim Fedorenko
2026-07-07 5:35 ` [PATCH 31/33] smb: client: Use AES-GCM and AES-CCM libraries Eric Biggers
2026-07-07 5:35 ` [PATCH 32/33] ksmbd: " Eric Biggers
2026-07-07 10:51 ` Namjae Jeon
2026-07-07 5:35 ` [PATCH 33/33] net: tipc: Use AES-GCM library instead of crypto_aead Eric Biggers
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20260707053503.209874-24-ebiggers@kernel.org \
--to=ebiggers@kernel.org \
--cc=linux-crypto@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.