Re: [PATCH v3 1/2] mac80211: fils_aead: Use crypto api CMAC shash rather than bare cipher

On Wed, 2017-02-08 at 07:45 +, Ard Biesheuvel wrote: > On 8 February 2017 at 07:00, Johannes Berg > wrote: > > This looks strange to me: > > > > > +static int aes_s2v(struct crypto_shash *tfm, > > >  size_t num_elem, const u8 *addr[], size_t len[],

Re: [PATCH v3 1/2] mac80211: fils_aead: Use crypto api CMAC shash rather than bare cipher

On 8 February 2017 at 07:00, Johannes Berg wrote: > This looks strange to me: > >> +static int aes_s2v(struct crypto_shash *tfm, >> size_t num_elem, const u8 *addr[], size_t len[], >> u8 *v) >> { >> - u8 d[AES_BLOCK_SIZE], tmp[AES_BLOCK_SIZE]; >> +

Re: [PATCH v3 1/2] mac80211: fils_aead: Use crypto api CMAC shash rather than bare cipher

This looks strange to me: > +static int aes_s2v(struct crypto_shash *tfm, >      size_t num_elem, const u8 *addr[], size_t len[], > u8 *v) >  { > - u8 d[AES_BLOCK_SIZE], tmp[AES_BLOCK_SIZE]; > + u8 d[AES_BLOCK_SIZE], tmp[AES_BLOCK_SIZE] = {}; > + SHASH_DESC_ON_STACK(desc,

[PATCH v3 1/2] mac80211: fils_aead: Use crypto api CMAC shash rather than bare cipher

Switch the FILS AEAD code to use a cmac(aes) shash instantiated by the crypto API rather than reusing the open coded implementation in aes_cmac_vector(). This makes the code more understandable, and allows platforms to implement cmac(aes) in a more secure (*) and efficient way than is typically