Patch Detail

HTTP 200 OK
Allow: GET, PUT, PATCH, HEAD, OPTIONS
Content-Type: application/json
Vary: Accept

{
    "id": 2197957,
    "url": "http://patchwork.ozlabs.org/api/1.0/patches/2197957/?format=api",
    "project": {
        "id": 12,
        "url": "http://patchwork.ozlabs.org/api/1.0/projects/12/?format=api",
        "name": "Linux CIFS Client",
        "link_name": "linux-cifs-client",
        "list_id": "linux-cifs.vger.kernel.org",
        "list_email": "linux-cifs@vger.kernel.org",
        "web_url": "",
        "scm_url": "",
        "webscm_url": ""
    },
    "msgid": "<20260218213501.136844-15-ebiggers@kernel.org>",
    "date": "2026-02-18T21:35:00",
    "name": "[14/15] wifi: mac80211: Use AES-CMAC library in ieee80211_aes_cmac()",
    "commit_ref": null,
    "pull_url": null,
    "state": "new",
    "archived": false,
    "hash": "0925ac2dc29e4ccccddf48d9288227ae8a536324",
    "submitter": {
        "id": 74690,
        "url": "http://patchwork.ozlabs.org/api/1.0/people/74690/?format=api",
        "name": "Eric Biggers",
        "email": "ebiggers@kernel.org"
    },
    "delegate": null,
    "mbox": "http://patchwork.ozlabs.org/project/linux-cifs-client/patch/20260218213501.136844-15-ebiggers@kernel.org/mbox/",
    "series": [
        {
            "id": 492621,
            "url": "http://patchwork.ozlabs.org/api/1.0/series/492621/?format=api",
            "date": "2026-02-18T21:34:46",
            "name": "AES-CMAC library",
            "version": 1,
            "mbox": "http://patchwork.ozlabs.org/series/492621/mbox/"
        }
    ],
    "check": "pending",
    "checks": "http://patchwork.ozlabs.org/api/patches/2197957/checks/",
    "tags": {},
    "headers": {
        "Return-Path": "\n <linux-cifs+bounces-9455-incoming=patchwork.ozlabs.org@vger.kernel.org>",
        "X-Original-To": [
            "incoming@patchwork.ozlabs.org",
            "linux-cifs@vger.kernel.org"
        ],
        "Delivered-To": "patchwork-incoming@legolas.ozlabs.org",
        "Authentication-Results": [
            "legolas.ozlabs.org;\n\tdkim=pass (2048-bit key;\n unprotected) header.d=kernel.org header.i=@kernel.org header.a=rsa-sha256\n header.s=k20201202 header.b=d9nC0y+8;\n\tdkim-atps=neutral",
            "legolas.ozlabs.org;\n spf=pass (sender SPF authorized) smtp.mailfrom=vger.kernel.org\n (client-ip=172.232.135.74; helo=sto.lore.kernel.org;\n envelope-from=linux-cifs+bounces-9455-incoming=patchwork.ozlabs.org@vger.kernel.org;\n receiver=patchwork.ozlabs.org)",
            "smtp.subspace.kernel.org;\n\tdkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org\n header.b=\"d9nC0y+8\"",
            "smtp.subspace.kernel.org;\n arc=none smtp.client-ip=10.30.226.201"
        ],
        "Received": [
            "from sto.lore.kernel.org (sto.lore.kernel.org [172.232.135.74])\n\t(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)\n\t key-exchange x25519)\n\t(No client certificate requested)\n\tby legolas.ozlabs.org (Postfix) with ESMTPS id 4fGVJB24pSz1xxQ\n\tfor <incoming@patchwork.ozlabs.org>; Thu, 19 Feb 2026 08:38:50 +1100 (AEDT)",
            "from smtp.subspace.kernel.org (conduit.subspace.kernel.org\n [100.90.174.1])\n\tby sto.lore.kernel.org (Postfix) with ESMTP id 8DB973027044\n\tfor <incoming@patchwork.ozlabs.org>; Wed, 18 Feb 2026 21:38:15 +0000 (UTC)",
            "from localhost.localdomain (localhost.localdomain [127.0.0.1])\n\tby smtp.subspace.kernel.org (Postfix) with ESMTP id 19D2B33A9C1;\n\tWed, 18 Feb 2026 21:37:00 +0000 (UTC)",
            "from smtp.kernel.org (aws-us-west-2-korg-mail-1.web.codeaurora.org\n [10.30.226.201])\n\t(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))\n\t(No client certificate requested)\n\tby smtp.subspace.kernel.org (Postfix) with ESMTPS id E73A532E68D;\n\tWed, 18 Feb 2026 21:36:59 +0000 (UTC)",
            "by smtp.kernel.org (Postfix) with ESMTPSA id 3C6DFC2BCB6;\n\tWed, 18 Feb 2026 21:36:59 +0000 (UTC)"
        ],
        "ARC-Seal": "i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116;\n\tt=1771450620; cv=none;\n b=lVi20MsJQLwhQ9XMuWbd+/2ie0rm5QZM/ci3HnQOVeeMQ+ksqiiT9TDIpF+m0UmGjilZWR/NUnOBYBILn7Z+Jv+8zt9uyKbyvgUCtn50lO1bTgTenYjtOwFQ5hHe4YorWuMdFWyH7dfp2wNdWAWGv1EN559Y99Qgwx+cE9rs+7o=",
        "ARC-Message-Signature": "i=1; a=rsa-sha256; d=subspace.kernel.org;\n\ts=arc-20240116; t=1771450620; c=relaxed/simple;\n\tbh=DnjzfD8UUtPv4slYL2pB1p87UHI2Kx6DNAW3W2bIPLI=;\n\th=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References:\n\t MIME-Version;\n b=ZkFoiHQb7Zg6FYx44rAQYi/02Vr7fqphBLSxwWSDXzFTF01AcxcfMM4HFnL0L3TfR1NLEVTxizhacIYI34UpawVj2Z8eom6108wv+PKX/IwT3rta6nlJQ68qCzziROSk4h9dL/+cHl/KbaFgqzNPBy6/75BG9tayuep+dhFillM=",
        "ARC-Authentication-Results": "i=1; smtp.subspace.kernel.org;\n dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org\n header.b=d9nC0y+8; arc=none smtp.client-ip=10.30.226.201",
        "DKIM-Signature": "v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org;\n\ts=k20201202; t=1771450619;\n\tbh=DnjzfD8UUtPv4slYL2pB1p87UHI2Kx6DNAW3W2bIPLI=;\n\th=From:To:Cc:Subject:Date:In-Reply-To:References:From;\n\tb=d9nC0y+8/G9755xCvbvHN7DAKjWuIifVrEaCp0dH8JCWSY/8/37cCz4/JnQuj7feq\n\t 7Y7XXMYb8fsKXNrT6/WTFWzZj2+yxF5NkANQMz+oVnWsBRlGJaurnowsom4L2nZ+Nm\n\t Ym4oX9qP9/zITYlEI9YfMoGTwcAAe8GLr92c44TfjXeZspAAtgr7UpZoviaX5VXx+l\n\t hTHXNg25Lu3VkKGAkTYbR2QA0UKgwMjm6/st6FQbn6gjOr0pWObiKLPnAoyjbmKBce\n\t PfD5qahcQ+51pdMH8lVmK6F/lPHgr1QIKjnd4hk3XKjR8ng+EBDqxyIH6+mRCOeBrG\n\t 8eVL99dt8et3Q==",
        "From": "Eric Biggers <ebiggers@kernel.org>",
        "To": "linux-crypto@vger.kernel.org",
        "Cc": "linux-kernel@vger.kernel.org,\n\tArd Biesheuvel <ardb@kernel.org>,\n\t\"Jason A . Donenfeld\" <Jason@zx2c4.com>,\n\tHerbert Xu <herbert@gondor.apana.org.au>,\n\tlinux-arm-kernel@lists.infradead.org,\n\tlinux-cifs@vger.kernel.org,\n\tlinux-wireless@vger.kernel.org,\n\tEric Biggers <ebiggers@kernel.org>",
        "Subject": "[PATCH 14/15] wifi: mac80211: Use AES-CMAC library in\n ieee80211_aes_cmac()",
        "Date": "Wed, 18 Feb 2026 13:35:00 -0800",
        "Message-ID": "<20260218213501.136844-15-ebiggers@kernel.org>",
        "X-Mailer": "git-send-email 2.53.0",
        "In-Reply-To": "<20260218213501.136844-1-ebiggers@kernel.org>",
        "References": "<20260218213501.136844-1-ebiggers@kernel.org>",
        "Precedence": "bulk",
        "X-Mailing-List": "linux-cifs@vger.kernel.org",
        "List-Id": "<linux-cifs.vger.kernel.org>",
        "List-Subscribe": "<mailto:linux-cifs+subscribe@vger.kernel.org>",
        "List-Unsubscribe": "<mailto:linux-cifs+unsubscribe@vger.kernel.org>",
        "MIME-Version": "1.0",
        "Content-Transfer-Encoding": "8bit"
    },
    "content": "Now that AES-CMAC has a library API, convert the mac80211 AES-CMAC\npacket authentication code to use it instead of a \"cmac(aes)\"\ncrypto_shash.  This has multiple benefits, such as:\n\n- It's faster.  The AES-CMAC code is now called directly, without\n  unnecessary overhead such as indirect calls.\n\n- MAC calculation can no longer fail.\n\n- The AES-CMAC key struct is now a fixed size, allowing it to be\n  embedded directly into 'struct ieee80211_key' rather than using a\n  separate allocation.  Note that although this increases the size of\n  the 'u.cmac' field of 'struct ieee80211_key', it doesn't cause it to\n  exceed the size of the largest variant of the union 'u'.  Therefore,\n  the size of 'struct ieee80211_key' itself is unchanged.\n\nSigned-off-by: Eric Biggers <ebiggers@kernel.org>\n---\n net/mac80211/Kconfig    |  1 +\n net/mac80211/aes_cmac.c | 65 ++++++++---------------------------------\n net/mac80211/aes_cmac.h | 12 +++-----\n net/mac80211/key.c      | 11 ++-----\n net/mac80211/key.h      |  3 +-\n net/mac80211/wpa.c      | 13 +++------\n 6 files changed, 26 insertions(+), 79 deletions(-)",
    "diff": "diff --git a/net/mac80211/Kconfig b/net/mac80211/Kconfig\nindex cf0f7780fb10..0afbe4f4f976 100644\n--- a/net/mac80211/Kconfig\n+++ b/net/mac80211/Kconfig\n@@ -1,10 +1,11 @@\n # SPDX-License-Identifier: GPL-2.0-only\n config MAC80211\n \ttristate \"Generic IEEE 802.11 Networking Stack (mac80211)\"\n \tdepends on CFG80211\n \tselect CRYPTO\n+\tselect CRYPTO_LIB_AES_CBC_MACS\n \tselect CRYPTO_LIB_ARC4\n \tselect CRYPTO_AES\n \tselect CRYPTO_CCM\n \tselect CRYPTO_GCM\n \tselect CRYPTO_CMAC\ndiff --git a/net/mac80211/aes_cmac.c b/net/mac80211/aes_cmac.c\nindex 0827965455dc..55b674ad7d7a 100644\n--- a/net/mac80211/aes_cmac.c\n+++ b/net/mac80211/aes_cmac.c\n@@ -5,80 +5,39 @@\n  * Copyright (C) 2020 Intel Corporation\n  */\n \n #include <linux/kernel.h>\n #include <linux/types.h>\n-#include <linux/crypto.h>\n #include <linux/export.h>\n #include <linux/err.h>\n-#include <crypto/aes.h>\n+#include <crypto/aes-cbc-macs.h>\n \n #include <net/mac80211.h>\n #include \"key.h\"\n #include \"aes_cmac.h\"\n \n #define AAD_LEN 20\n \n static const u8 zero[IEEE80211_CMAC_256_MIC_LEN];\n \n-int ieee80211_aes_cmac(struct crypto_shash *tfm, const u8 *aad,\n-\t\t       const u8 *data, size_t data_len, u8 *mic,\n-\t\t       unsigned int mic_len)\n+void ieee80211_aes_cmac(const struct aes_cmac_key *key, const u8 *aad,\n+\t\t\tconst u8 *data, size_t data_len, u8 *mic,\n+\t\t\tunsigned int mic_len)\n {\n-\tint err;\n-\tSHASH_DESC_ON_STACK(desc, tfm);\n+\tstruct aes_cmac_ctx ctx;\n \tu8 out[AES_BLOCK_SIZE];\n \tconst __le16 *fc;\n \n-\tdesc->tfm = tfm;\n-\n-\terr = crypto_shash_init(desc);\n-\tif (err)\n-\t\treturn err;\n-\terr = crypto_shash_update(desc, aad, AAD_LEN);\n-\tif (err)\n-\t\treturn err;\n+\taes_cmac_init(&ctx, key);\n+\taes_cmac_update(&ctx, aad, AAD_LEN);\n \tfc = (const __le16 *)aad;\n \tif (ieee80211_is_beacon(*fc)) {\n \t\t/* mask Timestamp field to zero */\n-\t\terr = crypto_shash_update(desc, zero, 8);\n-\t\tif (err)\n-\t\t\treturn err;\n-\t\terr = crypto_shash_update(desc, data + 8,\n-\t\t\t\t\t  data_len - 8 - mic_len);\n-\t\tif (err)\n-\t\t\treturn err;\n+\t\taes_cmac_update(&ctx, zero, 8);\n+\t\taes_cmac_update(&ctx, data + 8, data_len - 8 - mic_len);\n \t} else {\n-\t\terr = crypto_shash_update(desc, data, data_len - mic_len);\n-\t\tif (err)\n-\t\t\treturn err;\n+\t\taes_cmac_update(&ctx, data, data_len - mic_len);\n \t}\n-\terr = crypto_shash_finup(desc, zero, mic_len, out);\n-\tif (err)\n-\t\treturn err;\n+\taes_cmac_update(&ctx, zero, mic_len);\n+\taes_cmac_final(&ctx, out);\n \tmemcpy(mic, out, mic_len);\n-\n-\treturn 0;\n-}\n-\n-struct crypto_shash *ieee80211_aes_cmac_key_setup(const u8 key[],\n-\t\t\t\t\t\t  size_t key_len)\n-{\n-\tstruct crypto_shash *tfm;\n-\n-\ttfm = crypto_alloc_shash(\"cmac(aes)\", 0, 0);\n-\tif (!IS_ERR(tfm)) {\n-\t\tint err = crypto_shash_setkey(tfm, key, key_len);\n-\n-\t\tif (err) {\n-\t\t\tcrypto_free_shash(tfm);\n-\t\t\treturn ERR_PTR(err);\n-\t\t}\n-\t}\n-\n-\treturn tfm;\n-}\n-\n-void ieee80211_aes_cmac_key_free(struct crypto_shash *tfm)\n-{\n-\tcrypto_free_shash(tfm);\n }\ndiff --git a/net/mac80211/aes_cmac.h b/net/mac80211/aes_cmac.h\nindex 5f971a8298cb..c7a6df47b327 100644\n--- a/net/mac80211/aes_cmac.h\n+++ b/net/mac80211/aes_cmac.h\n@@ -4,16 +4,12 @@\n  */\n \n #ifndef AES_CMAC_H\n #define AES_CMAC_H\n \n-#include <linux/crypto.h>\n-#include <crypto/hash.h>\n+#include <crypto/aes-cbc-macs.h>\n \n-struct crypto_shash *ieee80211_aes_cmac_key_setup(const u8 key[],\n-\t\t\t\t\t\t  size_t key_len);\n-int ieee80211_aes_cmac(struct crypto_shash *tfm, const u8 *aad,\n-\t\t       const u8 *data, size_t data_len, u8 *mic,\n-\t\t       unsigned int mic_len);\n-void ieee80211_aes_cmac_key_free(struct crypto_shash *tfm);\n+void ieee80211_aes_cmac(const struct aes_cmac_key *key, const u8 *aad,\n+\t\t\tconst u8 *data, size_t data_len, u8 *mic,\n+\t\t\tunsigned int mic_len);\n \n #endif /* AES_CMAC_H */\ndiff --git a/net/mac80211/key.c b/net/mac80211/key.c\nindex 04c8809173d7..4b8965633df3 100644\n--- a/net/mac80211/key.c\n+++ b/net/mac80211/key.c\n@@ -688,14 +688,13 @@ ieee80211_key_alloc(u32 cipher, int idx, size_t key_len,\n \t\t\t\t\tseq[IEEE80211_CMAC_PN_LEN - j - 1];\n \t\t/*\n \t\t * Initialize AES key state here as an optimization so that\n \t\t * it does not need to be initialized for every packet.\n \t\t */\n-\t\tkey->u.aes_cmac.tfm =\n-\t\t\tieee80211_aes_cmac_key_setup(key_data, key_len);\n-\t\tif (IS_ERR(key->u.aes_cmac.tfm)) {\n-\t\t\terr = PTR_ERR(key->u.aes_cmac.tfm);\n+\t\terr = aes_cmac_preparekey(&key->u.aes_cmac.key, key_data,\n+\t\t\t\t\t  key_len);\n+\t\tif (err) {\n \t\t\tkfree(key);\n \t\t\treturn ERR_PTR(err);\n \t\t}\n \t\tbreak;\n \tcase WLAN_CIPHER_SUITE_BIP_GMAC_128:\n@@ -748,14 +747,10 @@ static void ieee80211_key_free_common(struct ieee80211_key *key)\n \tswitch (key->conf.cipher) {\n \tcase WLAN_CIPHER_SUITE_CCMP:\n \tcase WLAN_CIPHER_SUITE_CCMP_256:\n \t\tieee80211_aes_key_free(key->u.ccmp.tfm);\n \t\tbreak;\n-\tcase WLAN_CIPHER_SUITE_AES_CMAC:\n-\tcase WLAN_CIPHER_SUITE_BIP_CMAC_256:\n-\t\tieee80211_aes_cmac_key_free(key->u.aes_cmac.tfm);\n-\t\tbreak;\n \tcase WLAN_CIPHER_SUITE_BIP_GMAC_128:\n \tcase WLAN_CIPHER_SUITE_BIP_GMAC_256:\n \t\tieee80211_aes_gmac_key_free(key->u.aes_gmac.tfm);\n \t\tbreak;\n \tcase WLAN_CIPHER_SUITE_GCMP:\ndiff --git a/net/mac80211/key.h b/net/mac80211/key.h\nindex 1fa0f4f78962..826e4e9387c5 100644\n--- a/net/mac80211/key.h\n+++ b/net/mac80211/key.h\n@@ -10,10 +10,11 @@\n \n #include <linux/types.h>\n #include <linux/list.h>\n #include <linux/crypto.h>\n #include <linux/rcupdate.h>\n+#include <crypto/aes-cbc-macs.h>\n #include <crypto/arc4.h>\n #include <net/mac80211.h>\n \n #define NUM_DEFAULT_KEYS 4\n #define NUM_DEFAULT_MGMT_KEYS 2\n@@ -91,11 +92,11 @@ struct ieee80211_key {\n \t\t\tstruct crypto_aead *tfm;\n \t\t\tu32 replays; /* dot11RSNAStatsCCMPReplays */\n \t\t} ccmp;\n \t\tstruct {\n \t\t\tu8 rx_pn[IEEE80211_CMAC_PN_LEN];\n-\t\t\tstruct crypto_shash *tfm;\n+\t\t\tstruct aes_cmac_key key;\n \t\t\tu32 replays; /* dot11RSNAStatsCMACReplays */\n \t\t\tu32 icverrors; /* dot11RSNAStatsCMACICVErrors */\n \t\t} aes_cmac;\n \t\tstruct {\n \t\t\tu8 rx_pn[IEEE80211_GMAC_PN_LEN];\ndiff --git a/net/mac80211/wpa.c b/net/mac80211/wpa.c\nindex fdf98c21d32c..59324b367bdd 100644\n--- a/net/mac80211/wpa.c\n+++ b/net/mac80211/wpa.c\n@@ -870,15 +870,12 @@ ieee80211_crypto_aes_cmac_encrypt(struct ieee80211_tx_data *tx,\n \tif (info->control.hw_key)\n \t\treturn TX_CONTINUE;\n \n \tbip_aad(skb, aad);\n \n-\tif (ieee80211_aes_cmac(key->u.aes_cmac.tfm, aad,\n-\t\t\t       skb->data + 24, skb->len - 24,\n-\t\t\t       mmie->mic, mic_len))\n-\t\treturn TX_DROP;\n-\n+\tieee80211_aes_cmac(&key->u.aes_cmac.key, aad, skb->data + 24,\n+\t\t\t   skb->len - 24, mmie->mic, mic_len);\n \treturn TX_CONTINUE;\n }\n \n ieee80211_rx_result\n ieee80211_crypto_aes_cmac_decrypt(struct ieee80211_rx_data *rx,\n@@ -916,14 +913,12 @@ ieee80211_crypto_aes_cmac_decrypt(struct ieee80211_rx_data *rx,\n \t}\n \n \tif (!(status->flag & RX_FLAG_DECRYPTED)) {\n \t\t/* hardware didn't decrypt/verify MIC */\n \t\tbip_aad(skb, aad);\n-\t\tif (ieee80211_aes_cmac(key->u.aes_cmac.tfm, aad,\n-\t\t\t\t       skb->data + 24, skb->len - 24,\n-\t\t\t\t       mic, mic_len))\n-\t\t\treturn RX_DROP_U_DECRYPT_FAIL;\n+\t\tieee80211_aes_cmac(&key->u.aes_cmac.key, aad, skb->data + 24,\n+\t\t\t\t   skb->len - 24, mic, mic_len);\n \t\tif (crypto_memneq(mic, mmie->mic, mic_len)) {\n \t\t\tkey->u.aes_cmac.icverrors++;\n \t\t\treturn RX_DROP_U_MIC_FAIL;\n \t\t}\n \t}\n",
    "prefixes": [
        "14/15"
    ]
}