1// SPDX-License-Identifier: GPL-2.0-only
 2/*
 3 * AES-GMAC for IEEE 802.11 BIP-GMAC-128 and BIP-GMAC-256
 4 * Copyright 2015, Qualcomm Atheros, Inc.
 
 
 
 
 5 */
 6
 7#include <linux/kernel.h>
 8#include <linux/types.h>
 9#include <linux/err.h>
10#include <crypto/aead.h>
11#include <crypto/aes.h>
12
13#include <net/mac80211.h>
14#include "key.h"
15#include "aes_gmac.h"
16
 
 
 
 
17int ieee80211_aes_gmac(struct crypto_aead *tfm, const u8 *aad, u8 *nonce,
18		       const u8 *data, size_t data_len, u8 *mic)
19{
20	struct scatterlist sg[5];
21	u8 *zero, *__aad, iv[AES_BLOCK_SIZE];
22	struct aead_request *aead_req;
23	int reqsize = sizeof(*aead_req) + crypto_aead_reqsize(tfm);
24	const __le16 *fc;
25	int ret;
26
27	if (data_len < GMAC_MIC_LEN)
28		return -EINVAL;
29
30	aead_req = kzalloc(reqsize + GMAC_MIC_LEN + GMAC_AAD_LEN, GFP_ATOMIC);
31	if (!aead_req)
32		return -ENOMEM;
33
34	zero = (u8 *)aead_req + reqsize;
35	__aad = zero + GMAC_MIC_LEN;
36	memcpy(__aad, aad, GMAC_AAD_LEN);
37
38	fc = (const __le16 *)aad;
39	if (ieee80211_is_beacon(*fc)) {
40		/* mask Timestamp field to zero */
41		sg_init_table(sg, 5);
42		sg_set_buf(&sg[0], __aad, GMAC_AAD_LEN);
43		sg_set_buf(&sg[1], zero, 8);
44		sg_set_buf(&sg[2], data + 8, data_len - 8 - GMAC_MIC_LEN);
45		sg_set_buf(&sg[3], zero, GMAC_MIC_LEN);
46		sg_set_buf(&sg[4], mic, GMAC_MIC_LEN);
47	} else {
48		sg_init_table(sg, 4);
49		sg_set_buf(&sg[0], __aad, GMAC_AAD_LEN);
50		sg_set_buf(&sg[1], data, data_len - GMAC_MIC_LEN);
51		sg_set_buf(&sg[2], zero, GMAC_MIC_LEN);
52		sg_set_buf(&sg[3], mic, GMAC_MIC_LEN);
53	}
54
55	memcpy(iv, nonce, GMAC_NONCE_LEN);
56	memset(iv + GMAC_NONCE_LEN, 0, sizeof(iv) - GMAC_NONCE_LEN);
57	iv[AES_BLOCK_SIZE - 1] = 0x01;
58
59	aead_request_set_tfm(aead_req, tfm);
60	aead_request_set_crypt(aead_req, sg, sg, 0, iv);
61	aead_request_set_ad(aead_req, GMAC_AAD_LEN + data_len);
62
63	ret = crypto_aead_encrypt(aead_req);
64	kfree_sensitive(aead_req);
65
66	return ret;
67}
68
69struct crypto_aead *ieee80211_aes_gmac_key_setup(const u8 key[],
70						 size_t key_len)
71{
72	struct crypto_aead *tfm;
73	int err;
74
75	tfm = crypto_alloc_aead("gcm(aes)", 0, CRYPTO_ALG_ASYNC);
76	if (IS_ERR(tfm))
77		return tfm;
78
79	err = crypto_aead_setkey(tfm, key, key_len);
80	if (!err)
81		err = crypto_aead_setauthsize(tfm, GMAC_MIC_LEN);
82	if (!err)
83		return tfm;
84
85	crypto_free_aead(tfm);
86	return ERR_PTR(err);
87}
88
89void ieee80211_aes_gmac_key_free(struct crypto_aead *tfm)
90{
91	crypto_free_aead(tfm);
92}

 
 1/*
 2 * AES-GMAC for IEEE 802.11 BIP-GMAC-128 and BIP-GMAC-256
 3 * Copyright 2015, Qualcomm Atheros, Inc.
 4 *
 5 * This program is free software; you can redistribute it and/or modify
 6 * it under the terms of the GNU General Public License version 2 as
 7 * published by the Free Software Foundation.
 8 */
 9
10#include <linux/kernel.h>
11#include <linux/types.h>
12#include <linux/err.h>
13#include <crypto/aead.h>
14#include <crypto/aes.h>
15
16#include <net/mac80211.h>
17#include "key.h"
18#include "aes_gmac.h"
19
20#define GMAC_MIC_LEN 16
21#define GMAC_NONCE_LEN 12
22#define AAD_LEN 20
23
24int ieee80211_aes_gmac(struct crypto_aead *tfm, const u8 *aad, u8 *nonce,
25		       const u8 *data, size_t data_len, u8 *mic)
26{
27	struct scatterlist sg[4];
28	char aead_req_data[sizeof(struct aead_request) +
29			   crypto_aead_reqsize(tfm)]
30		__aligned(__alignof__(struct aead_request));
31	struct aead_request *aead_req = (void *)aead_req_data;
32	u8 zero[GMAC_MIC_LEN], iv[AES_BLOCK_SIZE];
33
34	if (data_len < GMAC_MIC_LEN)
35		return -EINVAL;
36
37	memset(aead_req, 0, sizeof(aead_req_data));
38
39	memset(zero, 0, GMAC_MIC_LEN);
40	sg_init_table(sg, 4);
41	sg_set_buf(&sg[0], aad, AAD_LEN);
42	sg_set_buf(&sg[1], data, data_len - GMAC_MIC_LEN);
43	sg_set_buf(&sg[2], zero, GMAC_MIC_LEN);
44	sg_set_buf(&sg[3], mic, GMAC_MIC_LEN);
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
45
46	memcpy(iv, nonce, GMAC_NONCE_LEN);
47	memset(iv + GMAC_NONCE_LEN, 0, sizeof(iv) - GMAC_NONCE_LEN);
48	iv[AES_BLOCK_SIZE - 1] = 0x01;
49
50	aead_request_set_tfm(aead_req, tfm);
51	aead_request_set_crypt(aead_req, sg, sg, 0, iv);
52	aead_request_set_ad(aead_req, AAD_LEN + data_len);
53
54	crypto_aead_encrypt(aead_req);
 
55
56	return 0;
57}
58
59struct crypto_aead *ieee80211_aes_gmac_key_setup(const u8 key[],
60						 size_t key_len)
61{
62	struct crypto_aead *tfm;
63	int err;
64
65	tfm = crypto_alloc_aead("gcm(aes)", 0, CRYPTO_ALG_ASYNC);
66	if (IS_ERR(tfm))
67		return tfm;
68
69	err = crypto_aead_setkey(tfm, key, key_len);
70	if (!err)
71		err = crypto_aead_setauthsize(tfm, GMAC_MIC_LEN);
72	if (!err)
73		return tfm;
74
75	crypto_free_aead(tfm);
76	return ERR_PTR(err);
77}
78
79void ieee80211_aes_gmac_key_free(struct crypto_aead *tfm)
80{
81	crypto_free_aead(tfm);
82}