add wifi6 8852be driver

hc

2024-12-19 9370bb92b2d16684ee45cf24e879c93c509162da

 kernel/drivers/net/wireguard/noise.c
..
..
@@ -111,7 +111,7 @@
111
111
 
112
112
 static void keypair_free_rcu(struct rcu_head *rcu)
113
113
 {
114
-	kzfree(container_of(rcu, struct noise_keypair, rcu));
114
+	kfree_sensitive(container_of(rcu, struct noise_keypair, rcu));
115
115
 }
116
116
 
117
117
 static void keypair_free_kref(struct kref *kref)
..
..
@@ -302,6 +302,41 @@
302
302
 		static_identity->static_public, private_key);
303
303
 }
304
304
 
305
+static void hmac(u8 *out, const u8 *in, const u8 *key, const size_t inlen, const size_t keylen)
306
+{
307
+	struct blake2s_state state;
308
+	u8 x_key[BLAKE2S_BLOCK_SIZE] __aligned(__alignof__(u32)) = { 0 };
309
+	u8 i_hash[BLAKE2S_HASH_SIZE] __aligned(__alignof__(u32));
310
+	int i;
311
+
312
+	if (keylen > BLAKE2S_BLOCK_SIZE) {
313
+		blake2s_init(&state, BLAKE2S_HASH_SIZE);
314
+		blake2s_update(&state, key, keylen);
315
+		blake2s_final(&state, x_key);
316
+	} else
317
+		memcpy(x_key, key, keylen);
318
+
319
+	for (i = 0; i < BLAKE2S_BLOCK_SIZE; ++i)
320
+		x_key[i] ^= 0x36;
321
+
322
+	blake2s_init(&state, BLAKE2S_HASH_SIZE);
323
+	blake2s_update(&state, x_key, BLAKE2S_BLOCK_SIZE);
324
+	blake2s_update(&state, in, inlen);
325
+	blake2s_final(&state, i_hash);
326
+
327
+	for (i = 0; i < BLAKE2S_BLOCK_SIZE; ++i)
328
+		x_key[i] ^= 0x5c ^ 0x36;
329
+
330
+	blake2s_init(&state, BLAKE2S_HASH_SIZE);
331
+	blake2s_update(&state, x_key, BLAKE2S_BLOCK_SIZE);
332
+	blake2s_update(&state, i_hash, BLAKE2S_HASH_SIZE);
333
+	blake2s_final(&state, i_hash);
334
+
335
+	memcpy(out, i_hash, BLAKE2S_HASH_SIZE);
336
+	memzero_explicit(x_key, BLAKE2S_BLOCK_SIZE);
337
+	memzero_explicit(i_hash, BLAKE2S_HASH_SIZE);
338
+}
339
+
305
340
 /* This is Hugo Krawczyk's HKDF:
306
341
  *  - https://eprint.iacr.org/2010/264.pdf
307
342
  *  - https://tools.ietf.org/html/rfc5869
..
..
@@ -322,14 +357,14 @@
322
357
 		 ((third_len || third_dst) && (!second_len || !second_dst))));
323
358
 
324
359
 	/* Extract entropy from data into secret */
325
-	blake2s256_hmac(secret, data, chaining_key, data_len, NOISE_HASH_LEN);
360
+	hmac(secret, data, chaining_key, data_len, NOISE_HASH_LEN);
326
361
 
327
362
 	if (!first_dst || !first_len)
328
363
 		goto out;
329
364
 
330
365
 	/* Expand first key: key = secret, data = 0x1 */
331
366
 	output[0] = 1;
332
-	blake2s256_hmac(output, output, secret, 1, BLAKE2S_HASH_SIZE);
367
+	hmac(output, output, secret, 1, BLAKE2S_HASH_SIZE);
333
368
 	memcpy(first_dst, output, first_len);
334
369
 
335
370
 	if (!second_dst || !second_len)
..
..
@@ -337,8 +372,7 @@
337
372
 
338
373
 	/* Expand second key: key = secret, data = first-key || 0x2 */
339
374
 	output[BLAKE2S_HASH_SIZE] = 2;
340
-	blake2s256_hmac(output, output, secret, BLAKE2S_HASH_SIZE + 1,
341
-			BLAKE2S_HASH_SIZE);
375
+	hmac(output, output, secret, BLAKE2S_HASH_SIZE + 1, BLAKE2S_HASH_SIZE);
342
376
 	memcpy(second_dst, output, second_len);
343
377
 
344
378
 	if (!third_dst || !third_len)
..
..
@@ -346,8 +380,7 @@
346
380
 
347
381
 	/* Expand third key: key = secret, data = second-key || 0x3 */
348
382
 	output[BLAKE2S_HASH_SIZE] = 3;
349
-	blake2s256_hmac(output, output, secret, BLAKE2S_HASH_SIZE + 1,
350
-			BLAKE2S_HASH_SIZE);
383
+	hmac(output, output, secret, BLAKE2S_HASH_SIZE + 1, BLAKE2S_HASH_SIZE);
351
384
 	memcpy(third_dst, output, third_len);
352
385
 
353
386
 out:
..
..
@@ -818,7 +851,7 @@
818
851
 			handshake->entry.peer->device->index_hashtable,
819
852
 			&handshake->entry, &new_keypair->entry);
820
853
 	} else {
821
-		kzfree(new_keypair);
854
+		kfree_sensitive(new_keypair);
822
855
 	}
823
856
 	rcu_read_unlock_bh();
824
857