blob: 3ddd927aaf306acf98a82651a39392a50930e339 [file] [log] [blame]
Kyle Swenson8d8f6542021-03-15 11:02:55 -06001/*
2 * AES-GMAC for IEEE 802.11 BIP-GMAC-128 and BIP-GMAC-256
3 * Copyright 2015, Qualcomm Atheros, Inc.
4 *
5 * This program is free software; you can redistribute it and/or modify
6 * it under the terms of the GNU General Public License version 2 as
7 * published by the Free Software Foundation.
8 */
9
10#include <linux/kernel.h>
11#include <linux/types.h>
12#include <linux/err.h>
13#include <crypto/aead.h>
14#include <crypto/aes.h>
15
16#include <net/mac80211.h>
17#include "key.h"
18#include "aes_gmac.h"
19
20#define GMAC_MIC_LEN 16
21#define GMAC_NONCE_LEN 12
22#define AAD_LEN 20
23
24int ieee80211_aes_gmac(struct crypto_aead *tfm, const u8 *aad, u8 *nonce,
25 const u8 *data, size_t data_len, u8 *mic)
26{
27 struct scatterlist sg[4];
28 char aead_req_data[sizeof(struct aead_request) +
29 crypto_aead_reqsize(tfm)]
30 __aligned(__alignof__(struct aead_request));
31 struct aead_request *aead_req = (void *)aead_req_data;
32 u8 zero[GMAC_MIC_LEN], iv[AES_BLOCK_SIZE];
33
34 if (data_len < GMAC_MIC_LEN)
35 return -EINVAL;
36
37 memset(aead_req, 0, sizeof(aead_req_data));
38
39 memset(zero, 0, GMAC_MIC_LEN);
40 sg_init_table(sg, 4);
41 sg_set_buf(&sg[0], aad, AAD_LEN);
42 sg_set_buf(&sg[1], data, data_len - GMAC_MIC_LEN);
43 sg_set_buf(&sg[2], zero, GMAC_MIC_LEN);
44 sg_set_buf(&sg[3], mic, GMAC_MIC_LEN);
45
46 memcpy(iv, nonce, GMAC_NONCE_LEN);
47 memset(iv + GMAC_NONCE_LEN, 0, sizeof(iv) - GMAC_NONCE_LEN);
48 iv[AES_BLOCK_SIZE - 1] = 0x01;
49
50 aead_request_set_tfm(aead_req, tfm);
51 aead_request_set_crypt(aead_req, sg, sg, 0, iv);
52 aead_request_set_ad(aead_req, AAD_LEN + data_len);
53
54 crypto_aead_encrypt(aead_req);
55
56 return 0;
57}
58
59struct crypto_aead *ieee80211_aes_gmac_key_setup(const u8 key[],
60 size_t key_len)
61{
62 struct crypto_aead *tfm;
63 int err;
64
65 tfm = crypto_alloc_aead("gcm(aes)", 0, CRYPTO_ALG_ASYNC);
66 if (IS_ERR(tfm))
67 return tfm;
68
69 err = crypto_aead_setkey(tfm, key, key_len);
70 if (!err)
71 err = crypto_aead_setauthsize(tfm, GMAC_MIC_LEN);
72 if (!err)
73 return tfm;
74
75 crypto_free_aead(tfm);
76 return ERR_PTR(err);
77}
78
79void ieee80211_aes_gmac_key_free(struct crypto_aead *tfm)
80{
81 crypto_free_aead(tfm);
82}