mac80211: fix offchannel TX cookie matching
[linux/fpc-iii.git] / net / mac80211 / aes_ccm.c
blobb9b595c081123d518ff19416f9f6cb705b8d3fb1
1 /*
2 * Copyright 2003-2004, Instant802 Networks, Inc.
3 * Copyright 2005-2006, Devicescape Software, Inc.
5 * This program is free software; you can redistribute it and/or modify
6 * it under the terms of the GNU General Public License version 2 as
7 * published by the Free Software Foundation.
8 */
10 #include <linux/kernel.h>
11 #include <linux/types.h>
12 #include <linux/crypto.h>
13 #include <linux/err.h>
15 #include <net/mac80211.h>
16 #include "key.h"
17 #include "aes_ccm.h"
19 static void aes_ccm_prepare(struct crypto_cipher *tfm, u8 *scratch, u8 *a)
21 int i;
22 u8 *b_0, *aad, *b, *s_0;
24 b_0 = scratch + 3 * AES_BLOCK_LEN;
25 aad = scratch + 4 * AES_BLOCK_LEN;
26 b = scratch;
27 s_0 = scratch + AES_BLOCK_LEN;
29 crypto_cipher_encrypt_one(tfm, b, b_0);
31 /* Extra Authenticate-only data (always two AES blocks) */
32 for (i = 0; i < AES_BLOCK_LEN; i++)
33 aad[i] ^= b[i];
34 crypto_cipher_encrypt_one(tfm, b, aad);
36 aad += AES_BLOCK_LEN;
38 for (i = 0; i < AES_BLOCK_LEN; i++)
39 aad[i] ^= b[i];
40 crypto_cipher_encrypt_one(tfm, a, aad);
42 /* Mask out bits from auth-only-b_0 */
43 b_0[0] &= 0x07;
45 /* S_0 is used to encrypt T (= MIC) */
46 b_0[14] = 0;
47 b_0[15] = 0;
48 crypto_cipher_encrypt_one(tfm, s_0, b_0);
52 void ieee80211_aes_ccm_encrypt(struct crypto_cipher *tfm, u8 *scratch,
53 u8 *data, size_t data_len,
54 u8 *cdata, u8 *mic)
56 int i, j, last_len, num_blocks;
57 u8 *pos, *cpos, *b, *s_0, *e, *b_0;
59 b = scratch;
60 s_0 = scratch + AES_BLOCK_LEN;
61 e = scratch + 2 * AES_BLOCK_LEN;
62 b_0 = scratch + 3 * AES_BLOCK_LEN;
64 num_blocks = DIV_ROUND_UP(data_len, AES_BLOCK_LEN);
65 last_len = data_len % AES_BLOCK_LEN;
66 aes_ccm_prepare(tfm, scratch, b);
68 /* Process payload blocks */
69 pos = data;
70 cpos = cdata;
71 for (j = 1; j <= num_blocks; j++) {
72 int blen = (j == num_blocks && last_len) ?
73 last_len : AES_BLOCK_LEN;
75 /* Authentication followed by encryption */
76 for (i = 0; i < blen; i++)
77 b[i] ^= pos[i];
78 crypto_cipher_encrypt_one(tfm, b, b);
80 b_0[14] = (j >> 8) & 0xff;
81 b_0[15] = j & 0xff;
82 crypto_cipher_encrypt_one(tfm, e, b_0);
83 for (i = 0; i < blen; i++)
84 *cpos++ = *pos++ ^ e[i];
87 for (i = 0; i < CCMP_MIC_LEN; i++)
88 mic[i] = b[i] ^ s_0[i];
92 int ieee80211_aes_ccm_decrypt(struct crypto_cipher *tfm, u8 *scratch,
93 u8 *cdata, size_t data_len, u8 *mic, u8 *data)
95 int i, j, last_len, num_blocks;
96 u8 *pos, *cpos, *b, *s_0, *a, *b_0;
98 b = scratch;
99 s_0 = scratch + AES_BLOCK_LEN;
100 a = scratch + 2 * AES_BLOCK_LEN;
101 b_0 = scratch + 3 * AES_BLOCK_LEN;
103 num_blocks = DIV_ROUND_UP(data_len, AES_BLOCK_LEN);
104 last_len = data_len % AES_BLOCK_LEN;
105 aes_ccm_prepare(tfm, scratch, a);
107 /* Process payload blocks */
108 cpos = cdata;
109 pos = data;
110 for (j = 1; j <= num_blocks; j++) {
111 int blen = (j == num_blocks && last_len) ?
112 last_len : AES_BLOCK_LEN;
114 /* Decryption followed by authentication */
115 b_0[14] = (j >> 8) & 0xff;
116 b_0[15] = j & 0xff;
117 crypto_cipher_encrypt_one(tfm, b, b_0);
118 for (i = 0; i < blen; i++) {
119 *pos = *cpos++ ^ b[i];
120 a[i] ^= *pos++;
122 crypto_cipher_encrypt_one(tfm, a, a);
125 for (i = 0; i < CCMP_MIC_LEN; i++) {
126 if ((mic[i] ^ s_0[i]) != a[i])
127 return -1;
130 return 0;
134 struct crypto_cipher *ieee80211_aes_key_setup_encrypt(const u8 key[])
136 struct crypto_cipher *tfm;
138 tfm = crypto_alloc_cipher("aes", 0, CRYPTO_ALG_ASYNC);
139 if (!IS_ERR(tfm))
140 crypto_cipher_setkey(tfm, key, ALG_CCMP_KEY_LEN);
142 return tfm;
146 void ieee80211_aes_key_free(struct crypto_cipher *tfm)
148 crypto_free_cipher(tfm);