net/mac80211/aes_gmac.c

   1 // SPDX-License-Identifier: GPL-2.0-only
   2 /*
   3  * AES-GMAC for IEEE 802.11 BIP-GMAC-128 and BIP-GMAC-256
   4  * Copyright 2015, Qualcomm Atheros, Inc.
   5  */
   6
   7 #include <linux/kernel.h>
   8 #include <linux/types.h>
   9 #include <linux/err.h>
  10 #include <crypto/aead.h>
  11 #include <crypto/aes.h>
  12
  13 #include <net/mac80211.h>
  14 #include "key.h"
  15 #include "aes_gmac.h"
  16
  17 int ieee80211_aes_gmac(struct crypto_aead *tfm, const u8 *aad, u8 *nonce,
  18                        const u8 *data, size_t data_len, u8 *mic)
  19 {
  20         struct scatterlist sg[4];
  21         u8 *zero, *__aad, iv[AES_BLOCK_SIZE];
  22         struct aead_request *aead_req;
  23         int reqsize = sizeof(*aead_req) + crypto_aead_reqsize(tfm);
  24
  25         if (data_len < GMAC_MIC_LEN)
  26                 return -EINVAL;
  27
  28         aead_req = kzalloc(reqsize + GMAC_MIC_LEN + GMAC_AAD_LEN, GFP_ATOMIC);
  29         if (!aead_req)
  30                 return -ENOMEM;
  31
  32         zero = (u8 *)aead_req + reqsize;
  33         __aad = zero + GMAC_MIC_LEN;
  34         memcpy(__aad, aad, GMAC_AAD_LEN);
  35
  36         sg_init_table(sg, 4);
  37         sg_set_buf(&sg[0], __aad, GMAC_AAD_LEN);
  38         sg_set_buf(&sg[1], data, data_len - GMAC_MIC_LEN);
  39         sg_set_buf(&sg[2], zero, GMAC_MIC_LEN);
  40         sg_set_buf(&sg[3], mic, GMAC_MIC_LEN);
  41
  42         memcpy(iv, nonce, GMAC_NONCE_LEN);
  43         memset(iv + GMAC_NONCE_LEN, 0, sizeof(iv) - GMAC_NONCE_LEN);
  44         iv[AES_BLOCK_SIZE - 1] = 0x01;
  45
  46         aead_request_set_tfm(aead_req, tfm);
  47         aead_request_set_crypt(aead_req, sg, sg, 0, iv);
  48         aead_request_set_ad(aead_req, GMAC_AAD_LEN + data_len);
  49
  50         crypto_aead_encrypt(aead_req);
  51         kzfree(aead_req);
  52
  53         return 0;
  54 }
  55
  56 struct crypto_aead *ieee80211_aes_gmac_key_setup(const u8 key[],
  57                                                  size_t key_len)
  58 {
  59         struct crypto_aead *tfm;
  60         int err;
  61
  62         tfm = crypto_alloc_aead("gcm(aes)", 0, CRYPTO_ALG_ASYNC);
  63         if (IS_ERR(tfm))
  64                 return tfm;
  65
  66         err = crypto_aead_setkey(tfm, key, key_len);
  67         if (!err)
  68                 err = crypto_aead_setauthsize(tfm, GMAC_MIC_LEN);
  69         if (!err)
  70                 return tfm;
  71
  72         crypto_free_aead(tfm);
  73         return ERR_PTR(err);
  74 }
  75
  76 void ieee80211_aes_gmac_key_free(struct crypto_aead *tfm)
  77 {
  78         crypto_free_aead(tfm);
  79 }