wifi: ath11k: Use michael_mic() from cfg80211

Just use the michael_mic() function from cfg80211 instead of a local
implementation of it using the crypto_shash API.

Note: when the kernel is booted with fips=1,
crypto_alloc_shash("michael_mic", 0, 0) always returned
ERR_PTR(-ENOENT), because Michael MIC is not a "FIPS allowed" algorithm.
For now, just preserve that behavior exactly, to ensure that TKIP is not
allowed to be used in FIPS mode.  This logic actually seems to disable
the entire driver in FIPS mode and not just TKIP, but that was the
existing behavior.  Supporting this driver in FIPS mode, if anyone
actually needs it there, should be a separate commit.

Signed-off-by: Eric Biggers <ebiggers@kernel.org>
Link: https://patch.msgid.link/20260408030651.80336-4-ebiggers@kernel.org
Signed-off-by: Johannes Berg <johannes.berg@intel.com>

diff --git a/drivers/net/wireless/ath/ath11k/Kconfig b/drivers/net/wireless/ath/ath11k/Kconfig
index 47dfd39caa89abfeb9d4441d80447dedeec146d6..385513cfdc30eeb42bbe31ba53ec525fef86d908 100644 (file)
--- a/drivers/net/wireless/ath/ath11k/Kconfig
+++ b/drivers/net/wireless/ath/ath11k/Kconfig
@@ -2,7 +2,6 @@
 config ATH11K
        tristate "Qualcomm Technologies 802.11ax chipset support"
        depends on MAC80211 && HAS_DMA
-       select CRYPTO_MICHAEL_MIC
        select ATH_COMMON
        select QCOM_QMI_HELPERS
        help

diff --git a/drivers/net/wireless/ath/ath11k/dp.c b/drivers/net/wireless/ath/ath11k/dp.c
index c940de285276d0b240917804017386ecfaf261eb..bbb86f1651419939a8d9352d594e0c339a9738b1 100644 (file)
--- a/drivers/net/wireless/ath/ath11k/dp.c
+++ b/drivers/net/wireless/ath/ath11k/dp.c
@@ -5,7 +5,6 @@
  * Copyright (c) Qualcomm Technologies, Inc. and/or its subsidiaries.
  */
 
-#include <crypto/hash.h>
 #include <linux/export.h>
 #include "core.h"
 #include "dp_tx.h"
@@ -39,7 +38,6 @@ void ath11k_dp_peer_cleanup(struct ath11k *ar, int vdev_id, const u8 *addr)
 
        ath11k_peer_rx_tid_cleanup(ar, peer);
        peer->dp_setup_done = false;
-       crypto_free_shash(peer->tfm_mmic);
        spin_unlock_bh(&ab->base_lock);
 }
 

diff --git a/drivers/net/wireless/ath/ath11k/dp_rx.c b/drivers/net/wireless/ath/ath11k/dp_rx.c
index 85defe11750d591fc53ab003824d0e976c86ab3e..fe79109adc705d33ae306c4fe3a03b9abcede3a0 100644 (file)
--- a/drivers/net/wireless/ath/ath11k/dp_rx.c
+++ b/drivers/net/wireless/ath/ath11k/dp_rx.c
@@ -4,10 +4,10 @@
  * Copyright (c) Qualcomm Technologies, Inc. and/or its subsidiaries.
  */
 
+#include <linux/fips.h>
 #include <linux/ieee80211.h>
 #include <linux/kernel.h>
 #include <linux/skbuff.h>
-#include <crypto/hash.h>
 #include "core.h"
 #include "debug.h"
 #include "debugfs_htt_stats.h"
@@ -3182,16 +3182,13 @@ static void ath11k_dp_rx_frag_timer(struct timer_list *timer)
 int ath11k_peer_rx_frag_setup(struct ath11k *ar, const u8 *peer_mac, int vdev_id)
 {
        struct ath11k_base *ab = ar->ab;
-       struct crypto_shash *tfm;
        struct ath11k_peer *peer;
        struct dp_rx_tid *rx_tid;
        int i;
 
-       tfm = crypto_alloc_shash("michael_mic", 0, 0);
-       if (IS_ERR(tfm)) {
-               ath11k_warn(ab, "failed to allocate michael_mic shash: %ld\n",
-                           PTR_ERR(tfm));
-               return PTR_ERR(tfm);
+       if (fips_enabled) {
+               ath11k_warn(ab, "This driver is disabled due to FIPS\n");
+               return -ENOENT;
        }
 
        spin_lock_bh(&ab->base_lock);
@@ -3200,7 +3197,6 @@ int ath11k_peer_rx_frag_setup(struct ath11k *ar, const u8 *peer_mac, int vdev_id
        if (!peer) {
                ath11k_warn(ab, "failed to find the peer to set up fragment info\n");
                spin_unlock_bh(&ab->base_lock);
-               crypto_free_shash(tfm);
                return -ENOENT;
        }
 
@@ -3211,54 +3207,12 @@ int ath11k_peer_rx_frag_setup(struct ath11k *ar, const u8 *peer_mac, int vdev_id
                skb_queue_head_init(&rx_tid->rx_frags);
        }
 
-       peer->tfm_mmic = tfm;
        peer->dp_setup_done = true;
        spin_unlock_bh(&ab->base_lock);
 
        return 0;
 }
 
-static int ath11k_dp_rx_h_michael_mic(struct crypto_shash *tfm, u8 *key,
-                                     struct ieee80211_hdr *hdr, u8 *data,
-                                     size_t data_len, u8 *mic)
-{
-       SHASH_DESC_ON_STACK(desc, tfm);
-       u8 mic_hdr[16] = {};
-       u8 tid = 0;
-       int ret;
-
-       if (!tfm)
-               return -EINVAL;
-
-       desc->tfm = tfm;
-
-       ret = crypto_shash_setkey(tfm, key, 8);
-       if (ret)
-               goto out;
-
-       ret = crypto_shash_init(desc);
-       if (ret)
-               goto out;
-
-       /* TKIP MIC header */
-       memcpy(mic_hdr, ieee80211_get_DA(hdr), ETH_ALEN);
-       memcpy(mic_hdr + ETH_ALEN, ieee80211_get_SA(hdr), ETH_ALEN);
-       if (ieee80211_is_data_qos(hdr->frame_control))
-               tid = ieee80211_get_tid(hdr);
-       mic_hdr[12] = tid;
-
-       ret = crypto_shash_update(desc, mic_hdr, 16);
-       if (ret)
-               goto out;
-       ret = crypto_shash_update(desc, data, data_len);
-       if (ret)
-               goto out;
-       ret = crypto_shash_final(desc, mic);
-out:
-       shash_desc_zero(desc);
-       return ret;
-}
-
 static int ath11k_dp_rx_h_verify_tkip_mic(struct ath11k *ar, struct ath11k_peer *peer,
                                          struct sk_buff *msdu)
 {
@@ -3267,7 +3221,7 @@ static int ath11k_dp_rx_h_verify_tkip_mic(struct ath11k *ar, struct ath11k_peer
        struct ieee80211_key_conf *key_conf;
        struct ieee80211_hdr *hdr;
        u8 mic[IEEE80211_CCMP_MIC_LEN];
-       int head_len, tail_len, ret;
+       int head_len, tail_len;
        size_t data_len;
        u32 hdr_len, hal_rx_desc_sz = ar->ab->hw_params.hal_desc_sz;
        u8 *key, *data;
@@ -3293,8 +3247,8 @@ static int ath11k_dp_rx_h_verify_tkip_mic(struct ath11k *ar, struct ath11k_peer
        data_len = msdu->len - head_len - tail_len;
        key = &key_conf->key[NL80211_TKIP_DATA_OFFSET_RX_MIC_KEY];
 
-       ret = ath11k_dp_rx_h_michael_mic(peer->tfm_mmic, key, hdr, data, data_len, mic);
-       if (ret || memcmp(mic, data + data_len, IEEE80211_CCMP_MIC_LEN))
+       michael_mic(key, hdr, data, data_len, mic);
+       if (memcmp(mic, data + data_len, IEEE80211_CCMP_MIC_LEN))
                goto mic_fail;
 
        return 0;

diff --git a/drivers/net/wireless/ath/ath11k/peer.h b/drivers/net/wireless/ath/ath11k/peer.h
index 3ad2f3355b14fd9c69c84e611080f272025c952e..f5ef1a27f8f254f89c80ec2491b63c9a3ce58a08 100644 (file)
--- a/drivers/net/wireless/ath/ath11k/peer.h
+++ b/drivers/net/wireless/ath/ath11k/peer.h
@@ -29,7 +29,6 @@ struct ath11k_peer {
        /* Info used in MMIC verification of
         * RX fragments
         */
-       struct crypto_shash *tfm_mmic;
        u8 mcast_keyidx;
        u8 ucast_keyidx;
        u16 sec_type;