{"id":2197957,"url":"http://patchwork.ozlabs.org/api/1.0/patches/2197957/?format=json","project":{"id":12,"url":"http://patchwork.ozlabs.org/api/1.0/projects/12/?format=json","name":"Linux CIFS Client","link_name":"linux-cifs-client","list_id":"linux-cifs.vger.kernel.org","list_email":"linux-cifs@vger.kernel.org","web_url":"","scm_url":"","webscm_url":""},"msgid":"<20260218213501.136844-15-ebiggers@kernel.org>","date":"2026-02-18T21:35:00","name":"[14/15] wifi: mac80211: Use AES-CMAC library in ieee80211_aes_cmac()","commit_ref":null,"pull_url":null,"state":"new","archived":false,"hash":"0925ac2dc29e4ccccddf48d9288227ae8a536324","submitter":{"id":74690,"url":"http://patchwork.ozlabs.org/api/1.0/people/74690/?format=json","name":"Eric Biggers","email":"ebiggers@kernel.org"},"delegate":null,"mbox":"http://patchwork.ozlabs.org/project/linux-cifs-client/patch/20260218213501.136844-15-ebiggers@kernel.org/mbox/","series":[{"id":492621,"url":"http://patchwork.ozlabs.org/api/1.0/series/492621/?format=json","date":"2026-02-18T21:34:46","name":"AES-CMAC library","version":1,"mbox":"http://patchwork.ozlabs.org/series/492621/mbox/"}],"check":"pending","checks":"http://patchwork.ozlabs.org/api/patches/2197957/checks/","tags":{},"headers":{"Return-Path":"\n ","X-Original-To":["incoming@patchwork.ozlabs.org","linux-cifs@vger.kernel.org"],"Delivered-To":"patchwork-incoming@legolas.ozlabs.org","Authentication-Results":["legolas.ozlabs.org;\n\tdkim=pass (2048-bit key;\n unprotected) header.d=kernel.org header.i=@kernel.org header.a=rsa-sha256\n header.s=k20201202 header.b=d9nC0y+8;\n\tdkim-atps=neutral","legolas.ozlabs.org;\n spf=pass (sender SPF authorized) smtp.mailfrom=vger.kernel.org\n (client-ip=172.232.135.74; helo=sto.lore.kernel.org;\n envelope-from=linux-cifs+bounces-9455-incoming=patchwork.ozlabs.org@vger.kernel.org;\n receiver=patchwork.ozlabs.org)","smtp.subspace.kernel.org;\n\tdkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org\n header.b=\"d9nC0y+8\"","smtp.subspace.kernel.org;\n arc=none smtp.client-ip=10.30.226.201"],"Received":["from sto.lore.kernel.org (sto.lore.kernel.org [172.232.135.74])\n\t(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)\n\t key-exchange x25519)\n\t(No client certificate requested)\n\tby legolas.ozlabs.org (Postfix) with ESMTPS id 4fGVJB24pSz1xxQ\n\tfor ; Thu, 19 Feb 2026 08:38:50 +1100 (AEDT)","from smtp.subspace.kernel.org (conduit.subspace.kernel.org\n [100.90.174.1])\n\tby sto.lore.kernel.org (Postfix) with ESMTP id 8DB973027044\n\tfor ; Wed, 18 Feb 2026 21:38:15 +0000 (UTC)","from localhost.localdomain (localhost.localdomain [127.0.0.1])\n\tby smtp.subspace.kernel.org (Postfix) with ESMTP id 19D2B33A9C1;\n\tWed, 18 Feb 2026 21:37:00 +0000 (UTC)","from smtp.kernel.org (aws-us-west-2-korg-mail-1.web.codeaurora.org\n [10.30.226.201])\n\t(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))\n\t(No client certificate requested)\n\tby smtp.subspace.kernel.org (Postfix) with ESMTPS id E73A532E68D;\n\tWed, 18 Feb 2026 21:36:59 +0000 (UTC)","by smtp.kernel.org (Postfix) with ESMTPSA id 3C6DFC2BCB6;\n\tWed, 18 Feb 2026 21:36:59 +0000 (UTC)"],"ARC-Seal":"i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116;\n\tt=1771450620; cv=none;\n b=lVi20MsJQLwhQ9XMuWbd+/2ie0rm5QZM/ci3HnQOVeeMQ+ksqiiT9TDIpF+m0UmGjilZWR/NUnOBYBILn7Z+Jv+8zt9uyKbyvgUCtn50lO1bTgTenYjtOwFQ5hHe4YorWuMdFWyH7dfp2wNdWAWGv1EN559Y99Qgwx+cE9rs+7o=","ARC-Message-Signature":"i=1; a=rsa-sha256; d=subspace.kernel.org;\n\ts=arc-20240116; t=1771450620; c=relaxed/simple;\n\tbh=DnjzfD8UUtPv4slYL2pB1p87UHI2Kx6DNAW3W2bIPLI=;\n\th=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References:\n\t MIME-Version;\n b=ZkFoiHQb7Zg6FYx44rAQYi/02Vr7fqphBLSxwWSDXzFTF01AcxcfMM4HFnL0L3TfR1NLEVTxizhacIYI34UpawVj2Z8eom6108wv+PKX/IwT3rta6nlJQ68qCzziROSk4h9dL/+cHl/KbaFgqzNPBy6/75BG9tayuep+dhFillM=","ARC-Authentication-Results":"i=1; smtp.subspace.kernel.org;\n dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org\n header.b=d9nC0y+8; arc=none smtp.client-ip=10.30.226.201","DKIM-Signature":"v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org;\n\ts=k20201202; t=1771450619;\n\tbh=DnjzfD8UUtPv4slYL2pB1p87UHI2Kx6DNAW3W2bIPLI=;\n\th=From:To:Cc:Subject:Date:In-Reply-To:References:From;\n\tb=d9nC0y+8/G9755xCvbvHN7DAKjWuIifVrEaCp0dH8JCWSY/8/37cCz4/JnQuj7feq\n\t 7Y7XXMYb8fsKXNrT6/WTFWzZj2+yxF5NkANQMz+oVnWsBRlGJaurnowsom4L2nZ+Nm\n\t Ym4oX9qP9/zITYlEI9YfMoGTwcAAe8GLr92c44TfjXeZspAAtgr7UpZoviaX5VXx+l\n\t hTHXNg25Lu3VkKGAkTYbR2QA0UKgwMjm6/st6FQbn6gjOr0pWObiKLPnAoyjbmKBce\n\t PfD5qahcQ+51pdMH8lVmK6F/lPHgr1QIKjnd4hk3XKjR8ng+EBDqxyIH6+mRCOeBrG\n\t 8eVL99dt8et3Q==","From":"Eric Biggers ","To":"linux-crypto@vger.kernel.org","Cc":"linux-kernel@vger.kernel.org,\n\tArd Biesheuvel ,\n\t\"Jason A . Donenfeld\" ,\n\tHerbert Xu ,\n\tlinux-arm-kernel@lists.infradead.org,\n\tlinux-cifs@vger.kernel.org,\n\tlinux-wireless@vger.kernel.org,\n\tEric Biggers ","Subject":"[PATCH 14/15] wifi: mac80211: Use AES-CMAC library in\n ieee80211_aes_cmac()","Date":"Wed, 18 Feb 2026 13:35:00 -0800","Message-ID":"<20260218213501.136844-15-ebiggers@kernel.org>","X-Mailer":"git-send-email 2.53.0","In-Reply-To":"<20260218213501.136844-1-ebiggers@kernel.org>","References":"<20260218213501.136844-1-ebiggers@kernel.org>","Precedence":"bulk","X-Mailing-List":"linux-cifs@vger.kernel.org","List-Id":"","List-Subscribe":"","List-Unsubscribe":"","MIME-Version":"1.0","Content-Transfer-Encoding":"8bit"},"content":"Now that AES-CMAC has a library API, convert the mac80211 AES-CMAC\npacket authentication code to use it instead of a \"cmac(aes)\"\ncrypto_shash. This has multiple benefits, such as:\n\n- It's faster. The AES-CMAC code is now called directly, without\n unnecessary overhead such as indirect calls.\n\n- MAC calculation can no longer fail.\n\n- The AES-CMAC key struct is now a fixed size, allowing it to be\n embedded directly into 'struct ieee80211_key' rather than using a\n separate allocation. Note that although this increases the size of\n the 'u.cmac' field of 'struct ieee80211_key', it doesn't cause it to\n exceed the size of the largest variant of the union 'u'. Therefore,\n the size of 'struct ieee80211_key' itself is unchanged.\n\nSigned-off-by: Eric Biggers \n---\n net/mac80211/Kconfig | 1 +\n net/mac80211/aes_cmac.c | 65 ++++++++---------------------------------\n net/mac80211/aes_cmac.h | 12 +++-----\n net/mac80211/key.c | 11 ++-----\n net/mac80211/key.h | 3 +-\n net/mac80211/wpa.c | 13 +++------\n 6 files changed, 26 insertions(+), 79 deletions(-)","diff":"diff --git a/net/mac80211/Kconfig b/net/mac80211/Kconfig\nindex cf0f7780fb10..0afbe4f4f976 100644\n--- a/net/mac80211/Kconfig\n+++ b/net/mac80211/Kconfig\n@@ -1,10 +1,11 @@\n # SPDX-License-Identifier: GPL-2.0-only\n config MAC80211\n \ttristate \"Generic IEEE 802.11 Networking Stack (mac80211)\"\n \tdepends on CFG80211\n \tselect CRYPTO\n+\tselect CRYPTO_LIB_AES_CBC_MACS\n \tselect CRYPTO_LIB_ARC4\n \tselect CRYPTO_AES\n \tselect CRYPTO_CCM\n \tselect CRYPTO_GCM\n \tselect CRYPTO_CMAC\ndiff --git a/net/mac80211/aes_cmac.c b/net/mac80211/aes_cmac.c\nindex 0827965455dc..55b674ad7d7a 100644\n--- a/net/mac80211/aes_cmac.c\n+++ b/net/mac80211/aes_cmac.c\n@@ -5,80 +5,39 @@\n * Copyright (C) 2020 Intel Corporation\n */\n \n #include \n #include \n-#include \n #include \n #include \n-#include \n+#include \n \n #include \n #include \"key.h\"\n #include \"aes_cmac.h\"\n \n #define AAD_LEN 20\n \n static const u8 zero[IEEE80211_CMAC_256_MIC_LEN];\n \n-int ieee80211_aes_cmac(struct crypto_shash *tfm, const u8 *aad,\n-\t\t const u8 *data, size_t data_len, u8 *mic,\n-\t\t unsigned int mic_len)\n+void ieee80211_aes_cmac(const struct aes_cmac_key *key, const u8 *aad,\n+\t\t\tconst u8 *data, size_t data_len, u8 *mic,\n+\t\t\tunsigned int mic_len)\n {\n-\tint err;\n-\tSHASH_DESC_ON_STACK(desc, tfm);\n+\tstruct aes_cmac_ctx ctx;\n \tu8 out[AES_BLOCK_SIZE];\n \tconst __le16 *fc;\n \n-\tdesc->tfm = tfm;\n-\n-\terr = crypto_shash_init(desc);\n-\tif (err)\n-\t\treturn err;\n-\terr = crypto_shash_update(desc, aad, AAD_LEN);\n-\tif (err)\n-\t\treturn err;\n+\taes_cmac_init(&ctx, key);\n+\taes_cmac_update(&ctx, aad, AAD_LEN);\n \tfc = (const __le16 *)aad;\n \tif (ieee80211_is_beacon(*fc)) {\n \t\t/* mask Timestamp field to zero */\n-\t\terr = crypto_shash_update(desc, zero, 8);\n-\t\tif (err)\n-\t\t\treturn err;\n-\t\terr = crypto_shash_update(desc, data + 8,\n-\t\t\t\t\t data_len - 8 - mic_len);\n-\t\tif (err)\n-\t\t\treturn err;\n+\t\taes_cmac_update(&ctx, zero, 8);\n+\t\taes_cmac_update(&ctx, data + 8, data_len - 8 - mic_len);\n \t} else {\n-\t\terr = crypto_shash_update(desc, data, data_len - mic_len);\n-\t\tif (err)\n-\t\t\treturn err;\n+\t\taes_cmac_update(&ctx, data, data_len - mic_len);\n \t}\n-\terr = crypto_shash_finup(desc, zero, mic_len, out);\n-\tif (err)\n-\t\treturn err;\n+\taes_cmac_update(&ctx, zero, mic_len);\n+\taes_cmac_final(&ctx, out);\n \tmemcpy(mic, out, mic_len);\n-\n-\treturn 0;\n-}\n-\n-struct crypto_shash *ieee80211_aes_cmac_key_setup(const u8 key[],\n-\t\t\t\t\t\t size_t key_len)\n-{\n-\tstruct crypto_shash *tfm;\n-\n-\ttfm = crypto_alloc_shash(\"cmac(aes)\", 0, 0);\n-\tif (!IS_ERR(tfm)) {\n-\t\tint err = crypto_shash_setkey(tfm, key, key_len);\n-\n-\t\tif (err) {\n-\t\t\tcrypto_free_shash(tfm);\n-\t\t\treturn ERR_PTR(err);\n-\t\t}\n-\t}\n-\n-\treturn tfm;\n-}\n-\n-void ieee80211_aes_cmac_key_free(struct crypto_shash *tfm)\n-{\n-\tcrypto_free_shash(tfm);\n }\ndiff --git a/net/mac80211/aes_cmac.h b/net/mac80211/aes_cmac.h\nindex 5f971a8298cb..c7a6df47b327 100644\n--- a/net/mac80211/aes_cmac.h\n+++ b/net/mac80211/aes_cmac.h\n@@ -4,16 +4,12 @@\n */\n \n #ifndef AES_CMAC_H\n #define AES_CMAC_H\n \n-#include \n-#include \n+#include \n \n-struct crypto_shash *ieee80211_aes_cmac_key_setup(const u8 key[],\n-\t\t\t\t\t\t size_t key_len);\n-int ieee80211_aes_cmac(struct crypto_shash *tfm, const u8 *aad,\n-\t\t const u8 *data, size_t data_len, u8 *mic,\n-\t\t unsigned int mic_len);\n-void ieee80211_aes_cmac_key_free(struct crypto_shash *tfm);\n+void ieee80211_aes_cmac(const struct aes_cmac_key *key, const u8 *aad,\n+\t\t\tconst u8 *data, size_t data_len, u8 *mic,\n+\t\t\tunsigned int mic_len);\n \n #endif /* AES_CMAC_H */\ndiff --git a/net/mac80211/key.c b/net/mac80211/key.c\nindex 04c8809173d7..4b8965633df3 100644\n--- a/net/mac80211/key.c\n+++ b/net/mac80211/key.c\n@@ -688,14 +688,13 @@ ieee80211_key_alloc(u32 cipher, int idx, size_t key_len,\n \t\t\t\t\tseq[IEEE80211_CMAC_PN_LEN - j - 1];\n \t\t/*\n \t\t * Initialize AES key state here as an optimization so that\n \t\t * it does not need to be initialized for every packet.\n \t\t */\n-\t\tkey->u.aes_cmac.tfm =\n-\t\t\tieee80211_aes_cmac_key_setup(key_data, key_len);\n-\t\tif (IS_ERR(key->u.aes_cmac.tfm)) {\n-\t\t\terr = PTR_ERR(key->u.aes_cmac.tfm);\n+\t\terr = aes_cmac_preparekey(&key->u.aes_cmac.key, key_data,\n+\t\t\t\t\t key_len);\n+\t\tif (err) {\n \t\t\tkfree(key);\n \t\t\treturn ERR_PTR(err);\n \t\t}\n \t\tbreak;\n \tcase WLAN_CIPHER_SUITE_BIP_GMAC_128:\n@@ -748,14 +747,10 @@ static void ieee80211_key_free_common(struct ieee80211_key *key)\n \tswitch (key->conf.cipher) {\n \tcase WLAN_CIPHER_SUITE_CCMP:\n \tcase WLAN_CIPHER_SUITE_CCMP_256:\n \t\tieee80211_aes_key_free(key->u.ccmp.tfm);\n \t\tbreak;\n-\tcase WLAN_CIPHER_SUITE_AES_CMAC:\n-\tcase WLAN_CIPHER_SUITE_BIP_CMAC_256:\n-\t\tieee80211_aes_cmac_key_free(key->u.aes_cmac.tfm);\n-\t\tbreak;\n \tcase WLAN_CIPHER_SUITE_BIP_GMAC_128:\n \tcase WLAN_CIPHER_SUITE_BIP_GMAC_256:\n \t\tieee80211_aes_gmac_key_free(key->u.aes_gmac.tfm);\n \t\tbreak;\n \tcase WLAN_CIPHER_SUITE_GCMP:\ndiff --git a/net/mac80211/key.h b/net/mac80211/key.h\nindex 1fa0f4f78962..826e4e9387c5 100644\n--- a/net/mac80211/key.h\n+++ b/net/mac80211/key.h\n@@ -10,10 +10,11 @@\n \n #include \n #include \n #include \n #include \n+#include \n #include \n #include \n \n #define NUM_DEFAULT_KEYS 4\n #define NUM_DEFAULT_MGMT_KEYS 2\n@@ -91,11 +92,11 @@ struct ieee80211_key {\n \t\t\tstruct crypto_aead *tfm;\n \t\t\tu32 replays; /* dot11RSNAStatsCCMPReplays */\n \t\t} ccmp;\n \t\tstruct {\n \t\t\tu8 rx_pn[IEEE80211_CMAC_PN_LEN];\n-\t\t\tstruct crypto_shash *tfm;\n+\t\t\tstruct aes_cmac_key key;\n \t\t\tu32 replays; /* dot11RSNAStatsCMACReplays */\n \t\t\tu32 icverrors; /* dot11RSNAStatsCMACICVErrors */\n \t\t} aes_cmac;\n \t\tstruct {\n \t\t\tu8 rx_pn[IEEE80211_GMAC_PN_LEN];\ndiff --git a/net/mac80211/wpa.c b/net/mac80211/wpa.c\nindex fdf98c21d32c..59324b367bdd 100644\n--- a/net/mac80211/wpa.c\n+++ b/net/mac80211/wpa.c\n@@ -870,15 +870,12 @@ ieee80211_crypto_aes_cmac_encrypt(struct ieee80211_tx_data *tx,\n \tif (info->control.hw_key)\n \t\treturn TX_CONTINUE;\n \n \tbip_aad(skb, aad);\n \n-\tif (ieee80211_aes_cmac(key->u.aes_cmac.tfm, aad,\n-\t\t\t skb->data + 24, skb->len - 24,\n-\t\t\t mmie->mic, mic_len))\n-\t\treturn TX_DROP;\n-\n+\tieee80211_aes_cmac(&key->u.aes_cmac.key, aad, skb->data + 24,\n+\t\t\t skb->len - 24, mmie->mic, mic_len);\n \treturn TX_CONTINUE;\n }\n \n ieee80211_rx_result\n ieee80211_crypto_aes_cmac_decrypt(struct ieee80211_rx_data *rx,\n@@ -916,14 +913,12 @@ ieee80211_crypto_aes_cmac_decrypt(struct ieee80211_rx_data *rx,\n \t}\n \n \tif (!(status->flag & RX_FLAG_DECRYPTED)) {\n \t\t/* hardware didn't decrypt/verify MIC */\n \t\tbip_aad(skb, aad);\n-\t\tif (ieee80211_aes_cmac(key->u.aes_cmac.tfm, aad,\n-\t\t\t\t skb->data + 24, skb->len - 24,\n-\t\t\t\t mic, mic_len))\n-\t\t\treturn RX_DROP_U_DECRYPT_FAIL;\n+\t\tieee80211_aes_cmac(&key->u.aes_cmac.key, aad, skb->data + 24,\n+\t\t\t\t skb->len - 24, mic, mic_len);\n \t\tif (crypto_memneq(mic, mmie->mic, mic_len)) {\n \t\t\tkey->u.aes_cmac.icverrors++;\n \t\t\treturn RX_DROP_U_MIC_FAIL;\n \t\t}\n \t}\n","prefixes":["14/15"]}