2 * AES-GMAC for IEEE 802.11 BIP-GMAC-128 and BIP-GMAC-256
3 * Copyright 2015, Qualcomm Atheros, Inc.
5 * This program is free software; you can redistribute it and/or modify
6 * it under the terms of the GNU General Public License version 2 as
7 * published by the Free Software Foundation.
10 #include <linux/kernel.h>
11 #include <linux/types.h>
12 #include <linux/crypto.h>
13 #include <linux/err.h>
14 #include <crypto/aes.h>
16 #include <net/mac80211.h>
20 #define GMAC_MIC_LEN 16
21 #define GMAC_NONCE_LEN 12
24 int ieee80211_aes_gmac(struct crypto_aead
*tfm
, const u8
*aad
, u8
*nonce
,
25 const u8
*data
, size_t data_len
, u8
*mic
)
27 struct scatterlist sg
[3], ct
[1];
28 char aead_req_data
[sizeof(struct aead_request
) +
29 crypto_aead_reqsize(tfm
)]
30 __aligned(__alignof__(struct aead_request
));
31 struct aead_request
*aead_req
= (void *)aead_req_data
;
32 u8 zero
[GMAC_MIC_LEN
], iv
[AES_BLOCK_SIZE
];
34 if (data_len
< GMAC_MIC_LEN
)
37 memset(aead_req
, 0, sizeof(aead_req_data
));
39 memset(zero
, 0, GMAC_MIC_LEN
);
41 sg_set_buf(&sg
[0], aad
, AAD_LEN
);
42 sg_set_buf(&sg
[1], data
, data_len
- GMAC_MIC_LEN
);
43 sg_set_buf(&sg
[2], zero
, GMAC_MIC_LEN
);
45 memcpy(iv
, nonce
, GMAC_NONCE_LEN
);
46 memset(iv
+ GMAC_NONCE_LEN
, 0, sizeof(iv
) - GMAC_NONCE_LEN
);
47 iv
[AES_BLOCK_SIZE
- 1] = 0x01;
50 sg_set_buf(&ct
[0], mic
, GMAC_MIC_LEN
);
52 aead_request_set_tfm(aead_req
, tfm
);
53 aead_request_set_assoc(aead_req
, sg
, AAD_LEN
+ data_len
);
54 aead_request_set_crypt(aead_req
, NULL
, ct
, 0, iv
);
56 crypto_aead_encrypt(aead_req
);
61 struct crypto_aead
*ieee80211_aes_gmac_key_setup(const u8 key
[],
64 struct crypto_aead
*tfm
;
67 tfm
= crypto_alloc_aead("gcm(aes)", 0, CRYPTO_ALG_ASYNC
);
71 err
= crypto_aead_setkey(tfm
, key
, key_len
);
73 err
= crypto_aead_setauthsize(tfm
, GMAC_MIC_LEN
);
77 crypto_free_aead(tfm
);
81 void ieee80211_aes_gmac_key_free(struct crypto_aead
*tfm
)
83 crypto_free_aead(tfm
);