This patch series converts arc4 into a block cipher and converts all its
users (except those in staging) to use it. The first two patches ensure
that two implementations can coexist, the following patches convert each
user so we remain bisectable.
- lib80211_crypt_tkip was tested with ipw2200
- mac80211 was tested with zd1211rw
Sebastian
The blk version of arc4 is comming. The rename ensures that the request
for arc4 loads both modules: this one and the new blk edition.
Cc: <[email protected]>
Signed-off-by: Sebastian Andrzej Siewior <[email protected]>
---
crypto/Makefile | 2 +-
crypto/{arc4.c => arc4cip.c} | 1 +
2 files changed, 2 insertions(+), 1 deletions(-)
rename crypto/{arc4.c => arc4cip.c} (98%)
diff --git a/crypto/Makefile b/crypto/Makefile
index 9e8f619..1f15112 100644
--- a/crypto/Makefile
+++ b/crypto/Makefile
@@ -67,7 +67,7 @@ obj-$(CONFIG_CRYPTO_AES) += aes_generic.o
obj-$(CONFIG_CRYPTO_CAMELLIA) += camellia.o
obj-$(CONFIG_CRYPTO_CAST5) += cast5.o
obj-$(CONFIG_CRYPTO_CAST6) += cast6.o
-obj-$(CONFIG_CRYPTO_ARC4) += arc4.o
+obj-$(CONFIG_CRYPTO_ARC4) += arc4cip.o
obj-$(CONFIG_CRYPTO_TEA) += tea.o
obj-$(CONFIG_CRYPTO_KHAZAD) += khazad.o
obj-$(CONFIG_CRYPTO_ANUBIS) += anubis.o
diff --git a/crypto/arc4.c b/crypto/arc4cip.c
similarity index 98%
rename from crypto/arc4.c
rename to crypto/arc4cip.c
index 8be47e1..bf04659 100644
--- a/crypto/arc4.c
+++ b/crypto/arc4cip.c
@@ -102,3 +102,4 @@ module_exit(arc4_exit);
MODULE_LICENSE("GPL");
MODULE_DESCRIPTION("ARC4 Cipher Algorithm");
MODULE_AUTHOR("Jon Oberheide <[email protected]>");
+MODULE_ALIAS("arc4");
--
1.6.6
ecb(arc4) is getting replaced by arc4 which is a blkcipher by itself. The
required selects are now pulled in by LIB80211_CRYPT_WEP instead of
selecting it by every driver. Since there is no dependency on ecb and arc4
therr are removed from the idividual driver.
Signed-off-by: Sebastian Andrzej Siewior <[email protected]>
---
drivers/net/wireless/hostap/Kconfig | 3 ---
drivers/net/wireless/ipw2x00/Kconfig | 3 ---
net/wireless/Kconfig | 2 ++
net/wireless/lib80211_crypt_wep.c | 11 +++++++----
4 files changed, 9 insertions(+), 10 deletions(-)
diff --git a/drivers/net/wireless/hostap/Kconfig b/drivers/net/wireless/hostap/Kconfig
index 287d827..dab2c6b 100644
--- a/drivers/net/wireless/hostap/Kconfig
+++ b/drivers/net/wireless/hostap/Kconfig
@@ -4,11 +4,8 @@ config HOSTAP
select WEXT_SPY
select WEXT_PRIV
select CRYPTO
- select CRYPTO_ARC4
- select CRYPTO_ECB
select CRYPTO_AES
select CRYPTO_MICHAEL_MIC
- select CRYPTO_ECB
select CRC32
select LIB80211
select LIB80211_CRYPT_WEP
diff --git a/drivers/net/wireless/ipw2x00/Kconfig b/drivers/net/wireless/ipw2x00/Kconfig
index 2715b10..6fe1995 100644
--- a/drivers/net/wireless/ipw2x00/Kconfig
+++ b/drivers/net/wireless/ipw2x00/Kconfig
@@ -158,11 +158,8 @@ config LIBIPW
select WIRELESS_EXT
select WEXT_SPY
select CRYPTO
- select CRYPTO_ARC4
- select CRYPTO_ECB
select CRYPTO_AES
select CRYPTO_MICHAEL_MIC
- select CRYPTO_ECB
select CRC32
select LIB80211
select LIB80211_CRYPT_WEP
diff --git a/net/wireless/Kconfig b/net/wireless/Kconfig
index 119f1eb..267eb42 100644
--- a/net/wireless/Kconfig
+++ b/net/wireless/Kconfig
@@ -141,6 +141,8 @@ config LIB80211
you want this built into your kernel.
config LIB80211_CRYPT_WEP
+ select CRYPTO
+ select CRYPTO_ARC4BLK
tristate
config LIB80211_CRYPT_CCMP
diff --git a/net/wireless/lib80211_crypt_wep.c b/net/wireless/lib80211_crypt_wep.c
index 6d41e05..3759e46 100644
--- a/net/wireless/lib80211_crypt_wep.c
+++ b/net/wireless/lib80211_crypt_wep.c
@@ -23,6 +23,7 @@
#include <net/lib80211.h>
#include <linux/crypto.h>
+#include <crypto/arc4.h>
#include <linux/crc32.h>
MODULE_AUTHOR("Jouni Malinen");
@@ -48,7 +49,7 @@ static void *lib80211_wep_init(int keyidx)
goto fail;
priv->key_idx = keyidx;
- priv->tx_tfm = crypto_alloc_blkcipher("ecb(arc4)", 0, CRYPTO_ALG_ASYNC);
+ priv->tx_tfm = crypto_alloc_blkcipher("arc4", 0, CRYPTO_ALG_ASYNC);
if (IS_ERR(priv->tx_tfm)) {
printk(KERN_DEBUG "lib80211_crypt_wep: could not allocate "
"crypto API arc4\n");
@@ -56,7 +57,7 @@ static void *lib80211_wep_init(int keyidx)
goto fail;
}
- priv->rx_tfm = crypto_alloc_blkcipher("ecb(arc4)", 0, CRYPTO_ALG_ASYNC);
+ priv->rx_tfm = crypto_alloc_blkcipher("arc4", 0, CRYPTO_ALG_ASYNC);
if (IS_ERR(priv->rx_tfm)) {
printk(KERN_DEBUG "lib80211_crypt_wep: could not allocate "
"crypto API arc4\n");
@@ -139,6 +140,7 @@ static int lib80211_wep_encrypt(struct sk_buff *skb, int hdr_len, void *priv)
{
struct lib80211_wep_data *wep = priv;
struct blkcipher_desc desc = { .tfm = wep->tx_tfm };
+ struct arc4_iv *iv = crypto_blkcipher_crt(wep->tx_tfm)->iv;
u32 crc, klen, len;
u8 *pos, *icv;
struct scatterlist sg;
@@ -170,7 +172,7 @@ static int lib80211_wep_encrypt(struct sk_buff *skb, int hdr_len, void *priv)
icv[2] = crc >> 16;
icv[3] = crc >> 24;
- crypto_blkcipher_setkey(wep->tx_tfm, key, klen);
+ arc4_setup_iv(iv, key, klen);
sg_init_one(&sg, pos, len + 4);
return crypto_blkcipher_encrypt(&desc, &sg, &sg, len + 4);
}
@@ -186,6 +188,7 @@ static int lib80211_wep_decrypt(struct sk_buff *skb, int hdr_len, void *priv)
{
struct lib80211_wep_data *wep = priv;
struct blkcipher_desc desc = { .tfm = wep->rx_tfm };
+ struct arc4_iv *iv = crypto_blkcipher_crt(wep->rx_tfm)->iv;
u32 crc, klen, plen;
u8 key[WEP_KEY_LEN + 3];
u8 keyidx, *pos, icv[4];
@@ -210,7 +213,7 @@ static int lib80211_wep_decrypt(struct sk_buff *skb, int hdr_len, void *priv)
/* Apply RC4 to data and compute CRC32 over decrypted data */
plen = skb->len - hdr_len - 8;
- crypto_blkcipher_setkey(wep->rx_tfm, key, klen);
+ arc4_setup_iv(iv, key, klen);
sg_init_one(&sg, pos, plen + 4);
if (crypto_blkcipher_decrypt(&desc, &sg, &sg, plen + 4))
return -7;
--
1.6.6
ecb(arc4) is getting replaced by arc4 which is a blkcipher by itself
Cc: <[email protected]>
Signed-off-by: Sebastian Andrzej Siewior <[email protected]>
---
drivers/net/Kconfig | 3 +--
drivers/net/ppp_mppe.c | 12 ++++++------
2 files changed, 7 insertions(+), 8 deletions(-)
diff --git a/drivers/net/Kconfig b/drivers/net/Kconfig
index dd9a09c..4b5dd86 100644
--- a/drivers/net/Kconfig
+++ b/drivers/net/Kconfig
@@ -3075,8 +3075,7 @@ config PPP_MPPE
depends on PPP && EXPERIMENTAL
select CRYPTO
select CRYPTO_SHA1
- select CRYPTO_ARC4
- select CRYPTO_ECB
+ select CRYPTO_ARC4BLK
---help---
Support for the MPPE Encryption protocol, as employed by the
Microsoft Point-to-Point Tunneling Protocol.
diff --git a/drivers/net/ppp_mppe.c b/drivers/net/ppp_mppe.c
index 6d1a1b8..4deaf70 100644
--- a/drivers/net/ppp_mppe.c
+++ b/drivers/net/ppp_mppe.c
@@ -42,7 +42,6 @@
* MOD_DEC_USAGE_COUNT/MOD_INC_USAGE_COUNT which are
* deprecated in 2.6
*/
-
#include <linux/err.h>
#include <linux/module.h>
#include <linux/kernel.h>
@@ -55,6 +54,7 @@
#include <linux/ppp_defs.h>
#include <linux/ppp-comp.h>
#include <linux/scatterlist.h>
+#include <crypto/arc4.h>
#include "ppp_mppe.h"
@@ -162,11 +162,11 @@ static void mppe_rekey(struct ppp_mppe_state * state, int initial_key)
{
struct scatterlist sg_in[1], sg_out[1];
struct blkcipher_desc desc = { .tfm = state->arc4 };
+ struct arc4_iv *iv = crypto_blkcipher_crt(state->arc4)->iv;
get_new_key_from_sha(state);
if (!initial_key) {
- crypto_blkcipher_setkey(state->arc4, state->sha1_digest,
- state->keylen);
+ arc4_setup_iv(iv, state->sha1_digest, state->keylen);
sg_init_table(sg_in, 1);
sg_init_table(sg_out, 1);
setup_sg(sg_in, state->sha1_digest, state->keylen);
@@ -184,7 +184,7 @@ static void mppe_rekey(struct ppp_mppe_state * state, int initial_key)
state->session_key[1] = 0x26;
state->session_key[2] = 0x9e;
}
- crypto_blkcipher_setkey(state->arc4, state->session_key, state->keylen);
+ arc4_setup_iv(iv, state->session_key, state->keylen);
}
/*
@@ -204,7 +204,7 @@ static void *mppe_alloc(unsigned char *options, int optlen)
goto out;
- state->arc4 = crypto_alloc_blkcipher("ecb(arc4)", 0, CRYPTO_ALG_ASYNC);
+ state->arc4 = crypto_alloc_blkcipher("arc4", 0, CRYPTO_ALG_ASYNC);
if (IS_ERR(state->arc4)) {
state->arc4 = NULL;
goto out_free;
@@ -712,7 +712,7 @@ static struct compressor ppp_mppe = {
static int __init ppp_mppe_init(void)
{
int answer;
- if (!(crypto_has_blkcipher("ecb(arc4)", 0, CRYPTO_ALG_ASYNC) &&
+ if (!(crypto_has_blkcipher("arc4", 0, CRYPTO_ALG_ASYNC) &&
crypto_has_hash("sha1", 0, CRYPTO_ALG_ASYNC)))
return -ENODEV;
--
1.6.6
ecb(arc4) is getting replaced by arc4 which is a blkcipher by itself. The
required selects are now pulled in by LIB80211_CRYPT_TKIP instead of
selecting it by every driver.
Signed-off-by: Sebastian Andrzej Siewior <[email protected]>
---
net/wireless/Kconfig | 2 ++
net/wireless/lib80211_crypt_tkip.c | 11 +++++++----
2 files changed, 9 insertions(+), 4 deletions(-)
diff --git a/net/wireless/Kconfig b/net/wireless/Kconfig
index 90e93a5..119f1eb 100644
--- a/net/wireless/Kconfig
+++ b/net/wireless/Kconfig
@@ -147,6 +147,8 @@ config LIB80211_CRYPT_CCMP
tristate
config LIB80211_CRYPT_TKIP
+ select CRYPTO
+ select CRYPTO_ARC4BLK
tristate
config LIB80211_DEBUG
diff --git a/net/wireless/lib80211_crypt_tkip.c b/net/wireless/lib80211_crypt_tkip.c
index c362873..089f84f 100644
--- a/net/wireless/lib80211_crypt_tkip.c
+++ b/net/wireless/lib80211_crypt_tkip.c
@@ -28,6 +28,7 @@
#include <net/iw_handler.h>
#include <linux/crypto.h>
+#include <crypto/arc4.h>
#include <linux/crc32.h>
#include <net/lib80211.h>
@@ -94,7 +95,7 @@ static void *lib80211_tkip_init(int key_idx)
priv->key_idx = key_idx;
- priv->tx_tfm_arc4 = crypto_alloc_blkcipher("ecb(arc4)", 0,
+ priv->tx_tfm_arc4 = crypto_alloc_blkcipher("arc4", 0,
CRYPTO_ALG_ASYNC);
if (IS_ERR(priv->tx_tfm_arc4)) {
printk(KERN_DEBUG "lib80211_crypt_tkip: could not allocate "
@@ -112,7 +113,7 @@ static void *lib80211_tkip_init(int key_idx)
goto fail;
}
- priv->rx_tfm_arc4 = crypto_alloc_blkcipher("ecb(arc4)", 0,
+ priv->rx_tfm_arc4 = crypto_alloc_blkcipher("arc4", 0,
CRYPTO_ALG_ASYNC);
if (IS_ERR(priv->rx_tfm_arc4)) {
printk(KERN_DEBUG "lib80211_crypt_tkip: could not allocate "
@@ -360,6 +361,7 @@ static int lib80211_tkip_encrypt(struct sk_buff *skb, int hdr_len, void *priv)
{
struct lib80211_tkip_data *tkey = priv;
struct blkcipher_desc desc = { .tfm = tkey->tx_tfm_arc4 };
+ struct arc4_iv *iv = crypto_blkcipher_crt(tkey->tx_tfm_arc4)->iv;
int len;
u8 rc4key[16], *pos, *icv;
u32 crc;
@@ -392,7 +394,7 @@ static int lib80211_tkip_encrypt(struct sk_buff *skb, int hdr_len, void *priv)
icv[2] = crc >> 16;
icv[3] = crc >> 24;
- crypto_blkcipher_setkey(tkey->tx_tfm_arc4, rc4key, 16);
+ arc4_setup_iv(iv, rc4key, 16);
sg_init_one(&sg, pos, len + 4);
return crypto_blkcipher_encrypt(&desc, &sg, &sg, len + 4);
}
@@ -414,6 +416,7 @@ static int lib80211_tkip_decrypt(struct sk_buff *skb, int hdr_len, void *priv)
{
struct lib80211_tkip_data *tkey = priv;
struct blkcipher_desc desc = { .tfm = tkey->rx_tfm_arc4 };
+ struct arc4_iv *iv = crypto_blkcipher_crt(tkey->rx_tfm_arc4)->iv;
u8 rc4key[16];
u8 keyidx, *pos;
u32 iv32;
@@ -485,7 +488,7 @@ static int lib80211_tkip_decrypt(struct sk_buff *skb, int hdr_len, void *priv)
plen = skb->len - hdr_len - 12;
- crypto_blkcipher_setkey(tkey->rx_tfm_arc4, rc4key, 16);
+ arc4_setup_iv(iv, rc4key, 16);
sg_init_one(&sg, pos, plen + 4);
if (crypto_blkcipher_decrypt(&desc, &sg, &sg, plen + 4)) {
if (net_ratelimit()) {
--
1.6.6
ecb(arc4) is getting replaced by arc4 which is a blkcipher by itself.
Signed-off-by: Sebastian Andrzej Siewior <[email protected]>
---
net/mac80211/Kconfig | 3 +--
net/mac80211/wep.c | 11 +++++++----
2 files changed, 8 insertions(+), 6 deletions(-)
diff --git a/net/mac80211/Kconfig b/net/mac80211/Kconfig
index a10d508..d14fe06 100644
--- a/net/mac80211/Kconfig
+++ b/net/mac80211/Kconfig
@@ -2,8 +2,7 @@ config MAC80211
tristate "Generic IEEE 802.11 Networking Stack (mac80211)"
depends on CFG80211
select CRYPTO
- select CRYPTO_ECB
- select CRYPTO_ARC4
+ select CRYPTO_ARC4BLK
select CRYPTO_AES
select CRC32
---help---
diff --git a/net/mac80211/wep.c b/net/mac80211/wep.c
index 247123f..4314b50 100644
--- a/net/mac80211/wep.c
+++ b/net/mac80211/wep.c
@@ -17,6 +17,7 @@
#include <linux/err.h>
#include <linux/mm.h>
#include <linux/scatterlist.h>
+#include <crypto/arc4.h>
#include <asm/unaligned.h>
#include <net/mac80211.h>
@@ -29,12 +30,12 @@ int ieee80211_wep_init(struct ieee80211_local *local)
/* start WEP IV from a random value */
get_random_bytes(&local->wep_iv, WEP_IV_LEN);
- local->wep_tx_tfm = crypto_alloc_blkcipher("ecb(arc4)", 0,
+ local->wep_tx_tfm = crypto_alloc_blkcipher("arc4", 0,
CRYPTO_ALG_ASYNC);
if (IS_ERR(local->wep_tx_tfm))
return PTR_ERR(local->wep_tx_tfm);
- local->wep_rx_tfm = crypto_alloc_blkcipher("ecb(arc4)", 0,
+ local->wep_rx_tfm = crypto_alloc_blkcipher("arc4", 0,
CRYPTO_ALG_ASYNC);
if (IS_ERR(local->wep_rx_tfm)) {
crypto_free_blkcipher(local->wep_tx_tfm);
@@ -125,13 +126,14 @@ void ieee80211_wep_encrypt_data(struct crypto_blkcipher *tfm, u8 *rc4key,
size_t klen, u8 *data, size_t data_len)
{
struct blkcipher_desc desc = { .tfm = tfm };
+ struct arc4_iv *iv = crypto_blkcipher_crt(tfm)->iv;
struct scatterlist sg;
__le32 icv;
icv = cpu_to_le32(~crc32_le(~0, data, data_len));
put_unaligned(icv, (__le32 *)(data + data_len));
- crypto_blkcipher_setkey(tfm, rc4key, klen);
+ arc4_setup_iv(iv, rc4key, klen);
sg_init_one(&sg, data, data_len + WEP_ICV_LEN);
crypto_blkcipher_encrypt(&desc, &sg, &sg, sg.length);
}
@@ -181,10 +183,11 @@ int ieee80211_wep_decrypt_data(struct crypto_blkcipher *tfm, u8 *rc4key,
size_t klen, u8 *data, size_t data_len)
{
struct blkcipher_desc desc = { .tfm = tfm };
+ struct arc4_iv *iv = crypto_blkcipher_crt(tfm)->iv;
struct scatterlist sg;
__le32 crc;
- crypto_blkcipher_setkey(tfm, rc4key, klen);
+ arc4_setup_iv(iv, rc4key, klen);
sg_init_one(&sg, data, data_len + WEP_ICV_LEN);
crypto_blkcipher_decrypt(&desc, &sg, &sg, sg.length);
--
1.6.6
Signed-off-by: Sebastian Andrzej Siewior <[email protected]>
---
crypto/testmgr.c | 60 +++++++++++++++++++++++++++++++++++++++++++++---------
1 files changed, 50 insertions(+), 10 deletions(-)
diff --git a/crypto/testmgr.c b/crypto/testmgr.c
index 7620bfc..c471e04 100644
--- a/crypto/testmgr.c
+++ b/crypto/testmgr.c
@@ -20,6 +20,7 @@
#include <linux/slab.h>
#include <linux/string.h>
#include <crypto/rng.h>
+#include <crypto/arc4.h>
#include "internal.h"
#include "testmgr.h"
@@ -44,6 +45,7 @@
/*
* Used by test_cipher()
*/
+#define CRYPT_ARC4 2
#define ENCRYPT 1
#define DECRYPT 0
@@ -717,7 +719,7 @@ out_nobuf:
return ret;
}
-static int test_skcipher(struct crypto_ablkcipher *tfm, int enc,
+static int test_skcipher(struct crypto_ablkcipher *tfm, int mode,
struct cipher_testvec *template, unsigned int tcount)
{
const char *algo =
@@ -736,7 +738,7 @@ static int test_skcipher(struct crypto_ablkcipher *tfm, int enc,
if (testmgr_alloc_buf(xbuf))
goto out_nobuf;
- if (enc == ENCRYPT)
+ if (mode == ENCRYPT)
e = "encryption";
else
e = "decryption";
@@ -775,7 +777,11 @@ static int test_skcipher(struct crypto_ablkcipher *tfm, int enc,
crypto_ablkcipher_set_flags(
tfm, CRYPTO_TFM_REQ_WEAK_KEY);
- ret = crypto_ablkcipher_setkey(tfm, template[i].key,
+ if (mode == CRYPT_ARC4)
+ arc4_setup_iv((struct arc4_iv *)iv,
+ template[i].key, template[i].klen);
+ else
+ ret = crypto_ablkcipher_setkey(tfm, template[i].key,
template[i].klen);
if (!ret == template[i].fail) {
printk(KERN_ERR "alg: skcipher: setkey failed "
@@ -789,7 +795,7 @@ static int test_skcipher(struct crypto_ablkcipher *tfm, int enc,
ablkcipher_request_set_crypt(req, sg, sg,
template[i].ilen, iv);
- ret = enc ?
+ ret = mode ?
crypto_ablkcipher_encrypt(req) :
crypto_ablkcipher_decrypt(req);
@@ -839,7 +845,11 @@ static int test_skcipher(struct crypto_ablkcipher *tfm, int enc,
crypto_ablkcipher_set_flags(
tfm, CRYPTO_TFM_REQ_WEAK_KEY);
- ret = crypto_ablkcipher_setkey(tfm, template[i].key,
+ if (mode == CRYPT_ARC4)
+ arc4_setup_iv((struct arc4_iv *)iv,
+ template[i].key, template[i].klen);
+ else
+ ret = crypto_ablkcipher_setkey(tfm, template[i].key,
template[i].klen);
if (!ret == template[i].fail) {
printk(KERN_ERR "alg: skcipher: setkey failed "
@@ -876,7 +886,7 @@ static int test_skcipher(struct crypto_ablkcipher *tfm, int enc,
ablkcipher_request_set_crypt(req, sg, sg,
template[i].ilen, iv);
- ret = enc ?
+ ret = mode ?
crypto_ablkcipher_encrypt(req) :
crypto_ablkcipher_decrypt(req);
@@ -1316,11 +1326,12 @@ out:
return err;
}
-static int alg_test_skcipher(const struct alg_test_desc *desc,
- const char *driver, u32 type, u32 mask)
+static int _alg_test_skcipher(const struct alg_test_desc *desc,
+ const char *driver, u32 type, u32 mask, u32 arc4)
{
struct crypto_ablkcipher *tfm;
int err = 0;
+ int mode;
tfm = crypto_alloc_ablkcipher(driver, type, mask);
if (IS_ERR(tfm)) {
@@ -1329,15 +1340,17 @@ static int alg_test_skcipher(const struct alg_test_desc *desc,
return PTR_ERR(tfm);
}
+ mode = arc4 ? CRYPT_ARC4 : ENCRYPT;
if (desc->suite.cipher.enc.vecs) {
- err = test_skcipher(tfm, ENCRYPT, desc->suite.cipher.enc.vecs,
+ err = test_skcipher(tfm, mode , desc->suite.cipher.enc.vecs,
desc->suite.cipher.enc.count);
if (err)
goto out;
}
+ mode = arc4 ? CRYPT_ARC4 : DECRYPT;
if (desc->suite.cipher.dec.vecs)
- err = test_skcipher(tfm, DECRYPT, desc->suite.cipher.dec.vecs,
+ err = test_skcipher(tfm, mode, desc->suite.cipher.dec.vecs,
desc->suite.cipher.dec.count);
out:
@@ -1345,6 +1358,18 @@ out:
return err;
}
+static int alg_test_skcipher(const struct alg_test_desc *desc,
+ const char *driver, u32 type, u32 mask)
+{
+ return _alg_test_skcipher(desc, driver, type, mask, 0);
+}
+
+static int alg_test_arc4_skcipher(const struct alg_test_desc *desc,
+ const char *driver, u32 type, u32 mask)
+{
+ return _alg_test_skcipher(desc, driver, type, mask, 1);
+}
+
static int alg_test_comp(const struct alg_test_desc *desc, const char *driver,
u32 type, u32 mask)
{
@@ -1490,6 +1515,21 @@ static const struct alg_test_desc alg_test_descs[] = {
}
}
}, {
+ .alg = "arc4",
+ .test = alg_test_arc4_skcipher,
+ .suite = {
+ .cipher = {
+ .enc = {
+ .vecs = arc4_enc_tv_template,
+ .count = ARC4_ENC_TEST_VECTORS
+ },
+ .dec = {
+ .vecs = arc4_dec_tv_template,
+ .count = ARC4_DEC_TEST_VECTORS
+ }
+ }
+ }
+ }, {
.alg = "cbc(aes)",
.test = alg_test_skcipher,
.fips_allowed = 1,
--
1.6.6
On Sat, Apr 03, 2010 at 09:49:26AM +0200, Sebastian Andrzej Siewior wrote:
> ecb(arc4) is getting replaced by arc4 which is a blkcipher by itself. The
> required selects are now pulled in by LIB80211_CRYPT_TKIP instead of
> selecting it by every driver.
>
> Signed-off-by: Sebastian Andrzej Siewior <[email protected]>
Fine by me...
John
--
John W. Linville Someday the world will need a hero, and you
[email protected] might be all we have. Be ready.
On Sat, Apr 03, 2010 at 09:49:27AM +0200, Sebastian Andrzej Siewior wrote:
> ecb(arc4) is getting replaced by arc4 which is a blkcipher by itself. The
> required selects are now pulled in by LIB80211_CRYPT_WEP instead of
> selecting it by every driver. Since there is no dependency on ecb and arc4
> therr are removed from the idividual driver.
>
> Signed-off-by: Sebastian Andrzej Siewior <[email protected]>
Fine by me...
John
--
John W. Linville Someday the world will need a hero, and you
[email protected] might be all we have. Be ready.
On Sat, Apr 03, 2010 at 09:49:28AM +0200, Sebastian Andrzej Siewior wrote:
> ecb(arc4) is getting replaced by arc4 which is a blkcipher by itself.
>
> Signed-off-by: Sebastian Andrzej Siewior <[email protected]>
Seems ok to me...
John
--
John W. Linville Someday the world will need a hero, and you
[email protected] might be all we have. Be ready.
On Sat, 2010-04-03 at 09:49 +0200, Sebastian Andrzej Siewior wrote:
> This patch series converts arc4 into a block cipher and converts all its
> users (except those in staging) to use it. The first two patches ensure
> that two implementations can coexist, the following patches convert each
> user so we remain bisectable.
> - lib80211_crypt_tkip was tested with ipw2200
> - mac80211 was tested with zd1211rw
Are you trying to speed up arc4? Or you want to simplify the code? Or
maybe you are trying to make arc4 unsuitable for anything other than WEP
and TKIP? The later should be fine, actually, considering the known
security issues.
--
Regards,
Pavel Roskin
On Mon, Apr 05, 2010 at 04:33:45PM -0400, Pavel Roskin wrote:
>
> Are you trying to speed up arc4? Or you want to simplify the code? Or
> maybe you are trying to make arc4 unsuitable for anything other than WEP
> and TKIP? The later should be fine, actually, considering the known
> security issues.
No the point is to make arc4 compliant with the crypto API by
being reentrant.
Functionality-wise there is no difference.
Cheers,
--
Visit Openswan at http://www.openswan.org/
Email: Herbert Xu ~{PmV>HI~} <[email protected]>
Home Page: http://gondor.apana.org.au/~herbert/
PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt
On Sat, 2010-04-03 at 09:49 +0200, Sebastian Andrzej Siewior wrote:
> + if (mode == CRYPT_ARC4)
> + arc4_setup_iv((struct arc4_iv *)iv,
> + template[i].key, template[i].klen);
> + else
> + ret = crypto_ablkcipher_setkey(tfm, template[i].key,
> template[i].klen);
Can we avoid those special cases? If the goal is "to make arc4
compliant with the crypto API", this looks like a step in a wrong
direction.
The same applies to many other changes in the series.
I do realize that the original arc4 is not a block cipher at all.
--
Regards,
Pavel Roskin
On Wed, Apr 07, 2010 at 02:29:53AM -0400, Pavel Roskin wrote:
>
> Can we avoid those special cases? If the goal is "to make arc4
> compliant with the crypto API", this looks like a step in a wrong
> direction.
>
> The same applies to many other changes in the series.
>
> I do realize that the original arc4 is not a block cipher at all.
I don't like this bit either.
Sebastian, how about precomputing the IV and provide them directly
as a hex array?
To test arc4_setup_iv itself, you can add an alg_test_arc4 function
(like alg_test_crc32) that tests IV generation specifically.
Alternatively, just add an alg_test_arc4 that computes the IV
before calling alg_test_skcipher.
Cheers,
--
Visit Openswan at http://www.openswan.org/
Email: Herbert Xu ~{PmV>HI~} <[email protected]>
Home Page: http://gondor.apana.org.au/~herbert/
PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt
* Herbert Xu | 2010-04-07 17:29:07 [+0800]:
>Sebastian, how about precomputing the IV and provide them directly
>as a hex array?
>
>To test arc4_setup_iv itself, you can add an alg_test_arc4 function
>(like alg_test_crc32) that tests IV generation specifically.
>
>Alternatively, just add an alg_test_arc4 that computes the IV
>before calling alg_test_skcipher.
I take a look at this.
>Cheers,
Sebastian