net/mac80211/aes_gmac.c

   1 /*
   2  * AES-GMAC for IEEE 802.11 BIP-GMAC-128 and BIP-GMAC-256
   3  * Copyright 2015, Qualcomm Atheros, Inc.
   4  *
   5  * This program is free software; you can redistribute it and/or modify
   6  * it under the terms of the GNU General Public License version 2 as
   7  * published by the Free Software Foundation.
   8  */
   9
  10 #include <linux/kernel.h>
  11 #include <linux/types.h>
  12 #include <linux/err.h>
  13 #include <crypto/aead.h>
  14 #include <crypto/aes.h>
  15
  16 #include <net/mac80211.h>
  17 #include "key.h"
  18 #include "aes_gmac.h"
  19
  20 int ieee80211_aes_gmac(struct crypto_aead *tfm, const u8 *aad, u8 *nonce,
  21                        const u8 *data, size_t data_len, u8 *mic)
  22 {
  23         struct scatterlist sg[4];
  24         u8 *zero, *__aad, iv[AES_BLOCK_SIZE];
  25         struct aead_request *aead_req;
  26         int reqsize = sizeof(*aead_req) + crypto_aead_reqsize(tfm);
  27
  28         if (data_len < GMAC_MIC_LEN)
  29                 return -EINVAL;
  30
  31         aead_req = kzalloc(reqsize + GMAC_MIC_LEN + GMAC_AAD_LEN, GFP_ATOMIC);
  32         if (!aead_req)
  33                 return -ENOMEM;
  34
  35         zero = (u8 *)aead_req + reqsize;
  36         __aad = zero + GMAC_MIC_LEN;
  37         memcpy(__aad, aad, GMAC_AAD_LEN);
  38
  39         sg_init_table(sg, 4);
  40         sg_set_buf(&sg[0], __aad, GMAC_AAD_LEN);
  41         sg_set_buf(&sg[1], data, data_len - GMAC_MIC_LEN);
  42         sg_set_buf(&sg[2], zero, GMAC_MIC_LEN);
  43         sg_set_buf(&sg[3], mic, GMAC_MIC_LEN);
  44
  45         memcpy(iv, nonce, GMAC_NONCE_LEN);
  46         memset(iv + GMAC_NONCE_LEN, 0, sizeof(iv) - GMAC_NONCE_LEN);
  47         iv[AES_BLOCK_SIZE - 1] = 0x01;
  48
  49         aead_request_set_tfm(aead_req, tfm);
  50         aead_request_set_crypt(aead_req, sg, sg, 0, iv);
  51         aead_request_set_ad(aead_req, GMAC_AAD_LEN + data_len);
  52
  53         crypto_aead_encrypt(aead_req);
  54         kzfree(aead_req);
  55
  56         return 0;
  57 }
  58
  59 struct crypto_aead *ieee80211_aes_gmac_key_setup(const u8 key[],
  60                                                  size_t key_len)
  61 {
  62         struct crypto_aead *tfm;
  63         int err;
  64
  65         tfm = crypto_alloc_aead("gcm(aes)", 0, CRYPTO_ALG_ASYNC);
  66         if (IS_ERR(tfm))
  67                 return tfm;
  68
  69         err = crypto_aead_setkey(tfm, key, key_len);
  70         if (!err)
  71                 err = crypto_aead_setauthsize(tfm, GMAC_MIC_LEN);
  72         if (!err)
  73                 return tfm;
  74
  75         crypto_free_aead(tfm);
  76         return ERR_PTR(err);
  77 }
  78
  79 void ieee80211_aes_gmac_key_free(struct crypto_aead *tfm)
  80 {
  81         crypto_free_aead(tfm);
  82 }