162306a36Sopenharmony_ci// SPDX-License-Identifier: GPL-2.0-only 262306a36Sopenharmony_ci/* 362306a36Sopenharmony_ci * AES-GMAC for IEEE 802.11 BIP-GMAC-128 and BIP-GMAC-256 462306a36Sopenharmony_ci * Copyright 2015, Qualcomm Atheros, Inc. 562306a36Sopenharmony_ci */ 662306a36Sopenharmony_ci 762306a36Sopenharmony_ci#include <linux/kernel.h> 862306a36Sopenharmony_ci#include <linux/types.h> 962306a36Sopenharmony_ci#include <linux/err.h> 1062306a36Sopenharmony_ci#include <crypto/aead.h> 1162306a36Sopenharmony_ci#include <crypto/aes.h> 1262306a36Sopenharmony_ci 1362306a36Sopenharmony_ci#include <net/mac80211.h> 1462306a36Sopenharmony_ci#include "key.h" 1562306a36Sopenharmony_ci#include "aes_gmac.h" 1662306a36Sopenharmony_ci 1762306a36Sopenharmony_ciint ieee80211_aes_gmac(struct crypto_aead *tfm, const u8 *aad, u8 *nonce, 1862306a36Sopenharmony_ci const u8 *data, size_t data_len, u8 *mic) 1962306a36Sopenharmony_ci{ 2062306a36Sopenharmony_ci struct scatterlist sg[5]; 2162306a36Sopenharmony_ci u8 *zero, *__aad, iv[AES_BLOCK_SIZE]; 2262306a36Sopenharmony_ci struct aead_request *aead_req; 2362306a36Sopenharmony_ci int reqsize = sizeof(*aead_req) + crypto_aead_reqsize(tfm); 2462306a36Sopenharmony_ci const __le16 *fc; 2562306a36Sopenharmony_ci int ret; 2662306a36Sopenharmony_ci 2762306a36Sopenharmony_ci if (data_len < GMAC_MIC_LEN) 2862306a36Sopenharmony_ci return -EINVAL; 2962306a36Sopenharmony_ci 3062306a36Sopenharmony_ci aead_req = kzalloc(reqsize + GMAC_MIC_LEN + GMAC_AAD_LEN, GFP_ATOMIC); 3162306a36Sopenharmony_ci if (!aead_req) 3262306a36Sopenharmony_ci return -ENOMEM; 3362306a36Sopenharmony_ci 3462306a36Sopenharmony_ci zero = (u8 *)aead_req + reqsize; 3562306a36Sopenharmony_ci __aad = zero + GMAC_MIC_LEN; 3662306a36Sopenharmony_ci memcpy(__aad, aad, GMAC_AAD_LEN); 3762306a36Sopenharmony_ci 3862306a36Sopenharmony_ci fc = (const __le16 *)aad; 3962306a36Sopenharmony_ci if (ieee80211_is_beacon(*fc)) { 4062306a36Sopenharmony_ci /* mask Timestamp field to zero */ 4162306a36Sopenharmony_ci sg_init_table(sg, 5); 4262306a36Sopenharmony_ci sg_set_buf(&sg[0], __aad, GMAC_AAD_LEN); 4362306a36Sopenharmony_ci sg_set_buf(&sg[1], zero, 8); 4462306a36Sopenharmony_ci sg_set_buf(&sg[2], data + 8, data_len - 8 - GMAC_MIC_LEN); 4562306a36Sopenharmony_ci sg_set_buf(&sg[3], zero, GMAC_MIC_LEN); 4662306a36Sopenharmony_ci sg_set_buf(&sg[4], mic, GMAC_MIC_LEN); 4762306a36Sopenharmony_ci } else { 4862306a36Sopenharmony_ci sg_init_table(sg, 4); 4962306a36Sopenharmony_ci sg_set_buf(&sg[0], __aad, GMAC_AAD_LEN); 5062306a36Sopenharmony_ci sg_set_buf(&sg[1], data, data_len - GMAC_MIC_LEN); 5162306a36Sopenharmony_ci sg_set_buf(&sg[2], zero, GMAC_MIC_LEN); 5262306a36Sopenharmony_ci sg_set_buf(&sg[3], mic, GMAC_MIC_LEN); 5362306a36Sopenharmony_ci } 5462306a36Sopenharmony_ci 5562306a36Sopenharmony_ci memcpy(iv, nonce, GMAC_NONCE_LEN); 5662306a36Sopenharmony_ci memset(iv + GMAC_NONCE_LEN, 0, sizeof(iv) - GMAC_NONCE_LEN); 5762306a36Sopenharmony_ci iv[AES_BLOCK_SIZE - 1] = 0x01; 5862306a36Sopenharmony_ci 5962306a36Sopenharmony_ci aead_request_set_tfm(aead_req, tfm); 6062306a36Sopenharmony_ci aead_request_set_crypt(aead_req, sg, sg, 0, iv); 6162306a36Sopenharmony_ci aead_request_set_ad(aead_req, GMAC_AAD_LEN + data_len); 6262306a36Sopenharmony_ci 6362306a36Sopenharmony_ci ret = crypto_aead_encrypt(aead_req); 6462306a36Sopenharmony_ci kfree_sensitive(aead_req); 6562306a36Sopenharmony_ci 6662306a36Sopenharmony_ci return ret; 6762306a36Sopenharmony_ci} 6862306a36Sopenharmony_ci 6962306a36Sopenharmony_cistruct crypto_aead *ieee80211_aes_gmac_key_setup(const u8 key[], 7062306a36Sopenharmony_ci size_t key_len) 7162306a36Sopenharmony_ci{ 7262306a36Sopenharmony_ci struct crypto_aead *tfm; 7362306a36Sopenharmony_ci int err; 7462306a36Sopenharmony_ci 7562306a36Sopenharmony_ci tfm = crypto_alloc_aead("gcm(aes)", 0, CRYPTO_ALG_ASYNC); 7662306a36Sopenharmony_ci if (IS_ERR(tfm)) 7762306a36Sopenharmony_ci return tfm; 7862306a36Sopenharmony_ci 7962306a36Sopenharmony_ci err = crypto_aead_setkey(tfm, key, key_len); 8062306a36Sopenharmony_ci if (!err) 8162306a36Sopenharmony_ci err = crypto_aead_setauthsize(tfm, GMAC_MIC_LEN); 8262306a36Sopenharmony_ci if (!err) 8362306a36Sopenharmony_ci return tfm; 8462306a36Sopenharmony_ci 8562306a36Sopenharmony_ci crypto_free_aead(tfm); 8662306a36Sopenharmony_ci return ERR_PTR(err); 8762306a36Sopenharmony_ci} 8862306a36Sopenharmony_ci 8962306a36Sopenharmony_civoid ieee80211_aes_gmac_key_free(struct crypto_aead *tfm) 9062306a36Sopenharmony_ci{ 9162306a36Sopenharmony_ci crypto_free_aead(tfm); 9262306a36Sopenharmony_ci} 93