[PATCH 1/2] wifi: mac80211: use aesgcm library

[Johannes Berg <johannes@sipsolutions.net>]

From: Johannes Berg <johannes.berg@intel.com>

Instead of dynamically allocating the gcm(aes) algorithm, use
the library. This is faster and avoids the extra allocation.

Signed-off-by: Johannes Berg <johannes.berg@intel.com>
---
 net/mac80211/Kconfig   |  2 +-
 net/mac80211/aes_gcm.h | 39 +++++++++++++++++----------------------
 net/mac80211/key.c     | 11 +++--------
 net/mac80211/key.h     |  3 ++-
 net/mac80211/wpa.c     |  9 +++++----
 5 files changed, 28 insertions(+), 36 deletions(-)

diff --git a/net/mac80211/Kconfig b/net/mac80211/Kconfig
index d6bc295e23a1..b51050257c01 100644
--- a/net/mac80211/Kconfig
+++ b/net/mac80211/Kconfig
@@ -5,9 +5,9 @@ config MAC80211
 	select CRYPTO
 	select CRYPTO_LIB_AES_CBC_MACS
 	select CRYPTO_LIB_ARC4
+	select CRYPTO_LIB_AESGCM
 	select CRYPTO_AES
 	select CRYPTO_CCM
-	select CRYPTO_GCM
 	select CRC32
 	help
 	  This option enables the hardware independent IEEE 802.11
diff --git a/net/mac80211/aes_gcm.h b/net/mac80211/aes_gcm.h
index b14093b2f7a9..8124b81412c8 100644
--- a/net/mac80211/aes_gcm.h
+++ b/net/mac80211/aes_gcm.h
@@ -6,38 +6,33 @@
 #ifndef AES_GCM_H
 #define AES_GCM_H
 
-#include "aead_api.h"
+#include <crypto/gcm.h>
 
 #define GCM_AAD_LEN	32
 
-static inline int ieee80211_aes_gcm_encrypt(struct crypto_aead *tfm,
-					    u8 *j_0, u8 *aad,  u8 *data,
-					    size_t data_len, u8 *mic)
+static inline void ieee80211_aes_gcm_encrypt(struct aesgcm_ctx *ctx,
+					     u8 *j_0, u8 *aad,  u8 *data,
+					     size_t data_len, u8 *mic)
 {
-	return aead_encrypt(tfm, j_0, aad + 2,
-			    be16_to_cpup((__be16 *)aad),
-			    data, data_len, mic);
+	aesgcm_encrypt(ctx, data, data, data_len,
+		       aad + 2, be16_to_cpup((__be16 *)aad),
+		       j_0, mic);
 }
 
-static inline int ieee80211_aes_gcm_decrypt(struct crypto_aead *tfm,
-					    u8 *j_0, u8 *aad, u8 *data,
-					    size_t data_len, u8 *mic)
+static inline bool ieee80211_aes_gcm_decrypt(struct aesgcm_ctx *ctx,
+					     u8 *j_0, u8 *aad, u8 *data,
+					     size_t data_len, u8 *mic)
 {
-	return aead_decrypt(tfm, j_0, aad + 2,
-			    be16_to_cpup((__be16 *)aad),
-			    data, data_len, mic);
+	return aesgcm_decrypt(ctx, data, data, data_len,
+			      aad + 2, be16_to_cpup((__be16 *)aad),
+			      j_0, mic);
 }
 
-static inline struct crypto_aead *
-ieee80211_aes_gcm_key_setup_encrypt(const u8 key[], size_t key_len)
+static inline int
+ieee80211_aes_gcm_key_setup_encrypt(struct aesgcm_ctx *ctx,
+				    const u8 key[], size_t key_len)
 {
-	return aead_key_setup_encrypt("gcm(aes)", key,
-				      key_len, IEEE80211_GCMP_MIC_LEN);
-}
-
-static inline void ieee80211_aes_gcm_key_free(struct crypto_aead *tfm)
-{
-	return aead_key_free(tfm);
+	return aesgcm_expandkey(ctx, key, key_len, IEEE80211_GCMP_MIC_LEN);
 }
 
 #endif /* AES_GCM_H */
diff --git a/net/mac80211/key.c b/net/mac80211/key.c
index 4b8965633df3..1a2092aebaf6 100644
--- a/net/mac80211/key.c
+++ b/net/mac80211/key.c
@@ -727,10 +727,9 @@ ieee80211_key_alloc(u32 cipher, int idx, size_t key_len,
 		/* Initialize AES key state here as an optimization so that
 		 * it does not need to be initialized for every packet.
 		 */
-		key->u.gcmp.tfm = ieee80211_aes_gcm_key_setup_encrypt(key_data,
-								      key_len);
-		if (IS_ERR(key->u.gcmp.tfm)) {
-			err = PTR_ERR(key->u.gcmp.tfm);
+		err = ieee80211_aes_gcm_key_setup_encrypt(&key->u.gcmp.ctx,
+							  key_data, key_len);
+		if (err) {
 			kfree(key);
 			return ERR_PTR(err);
 		}
@@ -753,10 +752,6 @@ static void ieee80211_key_free_common(struct ieee80211_key *key)
 	case WLAN_CIPHER_SUITE_BIP_GMAC_256:
 		ieee80211_aes_gmac_key_free(key->u.aes_gmac.tfm);
 		break;
-	case WLAN_CIPHER_SUITE_GCMP:
-	case WLAN_CIPHER_SUITE_GCMP_256:
-		ieee80211_aes_gcm_key_free(key->u.gcmp.tfm);
-		break;
 	}
 	kfree_sensitive(key);
 }
diff --git a/net/mac80211/key.h b/net/mac80211/key.h
index 826e4e9387c5..65450d3474bb 100644
--- a/net/mac80211/key.h
+++ b/net/mac80211/key.h
@@ -13,6 +13,7 @@
 #include <linux/crypto.h>
 #include <linux/rcupdate.h>
 #include <crypto/aes-cbc-macs.h>
+#include <crypto/gcm.h>
 #include <crypto/arc4.h>
 #include <net/mac80211.h>
 
@@ -111,7 +112,7 @@ struct ieee80211_key {
 			 * Management frames.
 			 */
 			u8 rx_pn[IEEE80211_NUM_TIDS + 1][IEEE80211_GCMP_PN_LEN];
-			struct crypto_aead *tfm;
+			struct aesgcm_ctx ctx;
 			u32 replays; /* dot11RSNAStatsGCMPReplays */
 		} gcmp;
 		struct {
diff --git a/net/mac80211/wpa.c b/net/mac80211/wpa.c
index be3a2e95303c..4440e09c5f80 100644
--- a/net/mac80211/wpa.c
+++ b/net/mac80211/wpa.c
@@ -709,8 +709,9 @@ static int gcmp_encrypt_skb(struct ieee80211_tx_data *tx, struct sk_buff *skb)
 	gcmp_special_blocks(skb, pn, j_0, aad,
 			    key->conf.flags & IEEE80211_KEY_FLAG_SPP_AMSDU,
 			    false);
-	return ieee80211_aes_gcm_encrypt(key->u.gcmp.tfm, j_0, aad, pos, len,
-					 skb_put(skb, IEEE80211_GCMP_MIC_LEN));
+	ieee80211_aes_gcm_encrypt(&key->u.gcmp.ctx, j_0, aad, pos, len,
+				  skb_put(skb, IEEE80211_GCMP_MIC_LEN));
+	return 0;
 }
 
 ieee80211_tx_result
@@ -797,8 +798,8 @@ ieee80211_crypto_gcmp_decrypt(struct ieee80211_rx_data *rx)
 					    key->conf.flags & IEEE80211_KEY_FLAG_SPP_AMSDU,
 					    aad_nonce_computed);
 
-			if (ieee80211_aes_gcm_decrypt(
-				    key->u.gcmp.tfm, j_0, aad,
+			if (!ieee80211_aes_gcm_decrypt(
+				    &key->u.gcmp.ctx, j_0, aad,
 				    skb->data + hdrlen + IEEE80211_GCMP_HDR_LEN,
 				    data_len,
 				    skb->data + skb->len -
-- 
2.53.0