2 * AES-128-CMAC with TLen 16 for IEEE 802.11w BIP
3 * Copyright 2008, Jouni Malinen <j@w1.fi>
5 * This program is free software; you can redistribute it and/or modify
6 * it under the terms of the GNU General Public License version 2 as
7 * published by the Free Software Foundation.
10 #include <linux/kernel.h>
11 #include <linux/types.h>
12 #include <linux/crypto.h>
13 #include <linux/export.h>
14 #include <linux/err.h>
15 #include <crypto/aes.h>
17 #include <net/mac80211.h>
21 #define CMAC_TLEN 8 /* CMAC TLen = 64 bits (8 octets) */
22 #define CMAC_TLEN_256 16 /* CMAC TLen = 128 bits (16 octets) */
26 static void gf_mulx(u8
*pad
)
30 carry
= pad
[0] & 0x80;
31 for (i
= 0; i
< AES_BLOCK_SIZE
- 1; i
++)
32 pad
[i
] = (pad
[i
] << 1) | (pad
[i
+ 1] >> 7);
33 pad
[AES_BLOCK_SIZE
- 1] <<= 1;
35 pad
[AES_BLOCK_SIZE
- 1] ^= 0x87;
38 static void aes_cmac_vector(struct crypto_cipher
*tfm
, size_t num_elem
,
39 const u8
*addr
[], const size_t *len
, u8
*mac
,
42 u8 cbc
[AES_BLOCK_SIZE
], pad
[AES_BLOCK_SIZE
];
44 size_t i
, e
, left
, total_len
;
46 memset(cbc
, 0, AES_BLOCK_SIZE
);
49 for (e
= 0; e
< num_elem
; e
++)
57 while (left
>= AES_BLOCK_SIZE
) {
58 for (i
= 0; i
< AES_BLOCK_SIZE
; i
++) {
66 if (left
> AES_BLOCK_SIZE
)
67 crypto_cipher_encrypt_one(tfm
, cbc
, cbc
);
68 left
-= AES_BLOCK_SIZE
;
71 memset(pad
, 0, AES_BLOCK_SIZE
);
72 crypto_cipher_encrypt_one(tfm
, pad
, pad
);
75 if (left
|| total_len
== 0) {
76 for (i
= 0; i
< left
; i
++) {
88 for (i
= 0; i
< AES_BLOCK_SIZE
; i
++)
90 crypto_cipher_encrypt_one(tfm
, pad
, pad
);
91 memcpy(mac
, pad
, mac_len
);
95 void ieee80211_aes_cmac(struct crypto_cipher
*tfm
, const u8
*aad
,
96 const u8
*data
, size_t data_len
, u8
*mic
)
102 memset(zero
, 0, CMAC_TLEN
);
106 len
[1] = data_len
- CMAC_TLEN
;
110 aes_cmac_vector(tfm
, 3, addr
, len
, mic
, CMAC_TLEN
);
113 void ieee80211_aes_cmac_256(struct crypto_cipher
*tfm
, const u8
*aad
,
114 const u8
*data
, size_t data_len
, u8
*mic
)
118 u8 zero
[CMAC_TLEN_256
];
120 memset(zero
, 0, CMAC_TLEN_256
);
124 len
[1] = data_len
- CMAC_TLEN_256
;
126 len
[2] = CMAC_TLEN_256
;
128 aes_cmac_vector(tfm
, 3, addr
, len
, mic
, CMAC_TLEN_256
);
131 struct crypto_cipher
*ieee80211_aes_cmac_key_setup(const u8 key
[],
134 struct crypto_cipher
*tfm
;
136 tfm
= crypto_alloc_cipher("aes", 0, CRYPTO_ALG_ASYNC
);
138 crypto_cipher_setkey(tfm
, key
, key_len
);
144 void ieee80211_aes_cmac_key_free(struct crypto_cipher
*tfm
)
146 crypto_free_cipher(tfm
);
149 void ieee80211_aes_cmac_calculate_k1_k2(struct ieee80211_key_conf
*keyconf
,
152 u8 l
[AES_BLOCK_SIZE
] = {};
153 struct ieee80211_key
*key
=
154 container_of(keyconf
, struct ieee80211_key
, conf
);
156 crypto_cipher_encrypt_one(key
->u
.aes_cmac
.tfm
, l
, l
);
158 memcpy(k1
, l
, AES_BLOCK_SIZE
);
161 memcpy(k2
, k1
, AES_BLOCK_SIZE
);
164 EXPORT_SYMBOL(ieee80211_aes_cmac_calculate_k1_k2
);