net/mac80211/aes_gmac.c

   1 // SPDX-License-Identifier: GPL-2.0-only
   2 /*
   3  * AES-GMAC for IEEE 802.11 BIP-GMAC-128 and BIP-GMAC-256
   4  * Copyright 2015, Qualcomm Atheros, Inc.
   5  */
   6
   7 #include <linux/kernel.h>
   8 #include <linux/types.h>
   9 #include <linux/err.h>
  10 #include <crypto/aead.h>
  11 #include <crypto/aes.h>
  12
  13 #include <net/mac80211.h>
  14 #include "key.h"
  15 #include "aes_gmac.h"
  16
  17 int ieee80211_aes_gmac(struct crypto_aead *tfm, const u8 *aad, u8 *nonce,
  18                        const u8 *data, size_t data_len, u8 *mic)
  19 {
  20         struct scatterlist sg[5];
  21         u8 *zero, *__aad, iv[AES_BLOCK_SIZE];
  22         struct aead_request *aead_req;
  23         int reqsize = sizeof(*aead_req) + crypto_aead_reqsize(tfm);
  24         const __le16 *fc;
  25
  26         if (data_len < GMAC_MIC_LEN)
  27                 return -EINVAL;
  28
  29         aead_req = kzalloc(reqsize + GMAC_MIC_LEN + GMAC_AAD_LEN, GFP_ATOMIC);
  30         if (!aead_req)
  31                 return -ENOMEM;
  32
  33         zero = (u8 *)aead_req + reqsize;
  34         __aad = zero + GMAC_MIC_LEN;
  35         memcpy(__aad, aad, GMAC_AAD_LEN);
  36
  37         fc = (const __le16 *)aad;
  38         if (ieee80211_is_beacon(*fc)) {
  39                 /* mask Timestamp field to zero */
  40                 sg_init_table(sg, 5);
  41                 sg_set_buf(&sg[0], __aad, GMAC_AAD_LEN);
  42                 sg_set_buf(&sg[1], zero, 8);
  43                 sg_set_buf(&sg[2], data + 8, data_len - 8 - GMAC_MIC_LEN);
  44                 sg_set_buf(&sg[3], zero, GMAC_MIC_LEN);
  45                 sg_set_buf(&sg[4], mic, GMAC_MIC_LEN);
  46         } else {
  47                 sg_init_table(sg, 4);
  48                 sg_set_buf(&sg[0], __aad, GMAC_AAD_LEN);
  49                 sg_set_buf(&sg[1], data, data_len - GMAC_MIC_LEN);
  50                 sg_set_buf(&sg[2], zero, GMAC_MIC_LEN);
  51                 sg_set_buf(&sg[3], mic, GMAC_MIC_LEN);
  52         }
  53
  54         memcpy(iv, nonce, GMAC_NONCE_LEN);
  55         memset(iv + GMAC_NONCE_LEN, 0, sizeof(iv) - GMAC_NONCE_LEN);
  56         iv[AES_BLOCK_SIZE - 1] = 0x01;
  57
  58         aead_request_set_tfm(aead_req, tfm);
  59         aead_request_set_crypt(aead_req, sg, sg, 0, iv);
  60         aead_request_set_ad(aead_req, GMAC_AAD_LEN + data_len);
  61
  62         crypto_aead_encrypt(aead_req);
  63         kzfree(aead_req);
  64
  65         return 0;
  66 }
  67
  68 struct crypto_aead *ieee80211_aes_gmac_key_setup(const u8 key[],
  69                                                  size_t key_len)
  70 {
  71         struct crypto_aead *tfm;
  72         int err;
  73
  74         tfm = crypto_alloc_aead("gcm(aes)", 0, CRYPTO_ALG_ASYNC);
  75         if (IS_ERR(tfm))
  76                 return tfm;
  77
  78         err = crypto_aead_setkey(tfm, key, key_len);
  79         if (!err)
  80                 err = crypto_aead_setauthsize(tfm, GMAC_MIC_LEN);
  81         if (!err)
  82                 return tfm;
  83
  84         crypto_free_aead(tfm);
  85         return ERR_PTR(err);
  86 }
  87
  88 void ieee80211_aes_gmac_key_free(struct crypto_aead *tfm)
  89 {
  90         crypto_free_aead(tfm);
  91 }