diff options
| author | Ard Biesheuvel <ard.biesheuvel@linaro.org> | 2017-02-06 10:49:27 +0000 |
|---|---|---|
| committer | Johannes Berg <johannes.berg@intel.com> | 2017-02-08 09:19:17 +0100 |
| commit | fe8de3da13bdbcbe8b583a3bbadf677da0f04f83 (patch) | |
| tree | b57055b47f24bf61bab71eed776f258974d6b6f4 /net/mac80211/Kconfig | |
| parent | b699b71d82e77203be43bda5ff1b72516f129581 (diff) | |
| download | linux-fe8de3da13bdbcbe8b583a3bbadf677da0f04f83.tar.bz2 | |
mac80211: fils_aead: Use crypto api CMAC shash rather than bare cipher
Switch the FILS AEAD code to use a cmac(aes) shash instantiated by the
crypto API rather than reusing the open coded implementation in
aes_cmac_vector(). This makes the code more understandable, and allows
platforms to implement cmac(aes) in a more secure (*) and efficient way
than is typically possible when using the AES cipher directly.
So replace the crypto_cipher by a crypto_shash, and update the aes_s2v()
routine to call the shash interface directly.
* In particular, the generic table based AES implementation is sensitive
to known-plaintext timing attacks on the key, to which AES based MAC
algorithms are especially vulnerable, given that their plaintext is not
usually secret. Time invariant alternatives are available (e.g., based
on SIMD algorithms), but may incur a setup cost that is prohibitive when
operating on a single block at a time, which is why they don't usually
expose the cipher API.
Signed-off-by: Ard Biesheuvel <ard.biesheuvel@linaro.org>
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
Diffstat (limited to 'net/mac80211/Kconfig')
| -rw-r--r-- | net/mac80211/Kconfig | 1 |
1 files changed, 1 insertions, 0 deletions
diff --git a/net/mac80211/Kconfig b/net/mac80211/Kconfig index 3891cbd2adea..76e30f4797fb 100644 --- a/net/mac80211/Kconfig +++ b/net/mac80211/Kconfig @@ -6,6 +6,7 @@ config MAC80211 select CRYPTO_AES select CRYPTO_CCM select CRYPTO_GCM + select CRYPTO_CMAC select CRC32 ---help--- This option enables the hardware independent IEEE 802.11 |