[PATCH 14/15] wifi: mac80211: Use AES-CMAC library in ieee80211_aes_cmac()
Johannes Berg
johannes at sipsolutions.net
Thu Feb 19 03:00:03 PST 2026
On Wed, 2026-02-18 at 13:35 -0800, Eric Biggers wrote:
> Now that AES-CMAC has a library API, convert the mac80211 AES-CMAC
> packet authentication code to use it instead of a "cmac(aes)"
> crypto_shash. This has multiple benefits, such as:
>
> - It's faster. The AES-CMAC code is now called directly, without
> unnecessary overhead such as indirect calls.
>
> - MAC calculation can no longer fail.
>
> - The AES-CMAC key struct is now a fixed size, allowing it to be
> embedded directly into 'struct ieee80211_key' rather than using a
> separate allocation. Note that although this increases the size of
> the 'u.cmac' field of 'struct ieee80211_key', it doesn't cause it to
> exceed the size of the largest variant of the union 'u'. Therefore,
> the size of 'struct ieee80211_key' itself is unchanged.
>
Looks good to me in principle, I suppose we should test it? :)
> + err = aes_cmac_preparekey(&key->u.aes_cmac.key, key_data,
> + key_len);
> + if (err) {
> kfree(key);
> return ERR_PTR(err);
> }
Pretty sure that can't fail, per the documentation for
aes_prepareenckey() and then aes_cmac_preparekey(), but it doesn't
really matter. We can only get here with a key with size checked by
cfg80211_validate_key_settings() already.
Since you're probably going to send it through the crypto tree:
Acked-by: Johannes Berg <johannes at sipsolutions.net>
johannes
More information about the linux-arm-kernel
mailing list