1
2
3
4
5
6
7
8
9
10#include <linux/kernel.h>
11#include <linux/types.h>
12#include <linux/err.h>
13#include <crypto/aead.h>
14#include <crypto/aes.h>
15
16#include <net/mac80211.h>
17#include "key.h"
18#include "aes_gmac.h"
19
20int ieee80211_aes_gmac(struct crypto_aead *tfm, const u8 *aad, u8 *nonce,
21 const u8 *data, size_t data_len, u8 *mic)
22{
23 struct scatterlist sg[4];
24 u8 *zero, *__aad, iv[AES_BLOCK_SIZE];
25 struct aead_request *aead_req;
26 int reqsize = sizeof(*aead_req) + crypto_aead_reqsize(tfm);
27
28 if (data_len < GMAC_MIC_LEN)
29 return -EINVAL;
30
31 aead_req = kzalloc(reqsize + GMAC_MIC_LEN + GMAC_AAD_LEN, GFP_ATOMIC);
32 if (!aead_req)
33 return -ENOMEM;
34
35 zero = (u8 *)aead_req + reqsize;
36 __aad = zero + GMAC_MIC_LEN;
37 memcpy(__aad, aad, GMAC_AAD_LEN);
38
39 sg_init_table(sg, 4);
40 sg_set_buf(&sg[0], __aad, GMAC_AAD_LEN);
41 sg_set_buf(&sg[1], data, data_len - GMAC_MIC_LEN);
42 sg_set_buf(&sg[2], zero, GMAC_MIC_LEN);
43 sg_set_buf(&sg[3], mic, GMAC_MIC_LEN);
44
45 memcpy(iv, nonce, GMAC_NONCE_LEN);
46 memset(iv + GMAC_NONCE_LEN, 0, sizeof(iv) - GMAC_NONCE_LEN);
47 iv[AES_BLOCK_SIZE - 1] = 0x01;
48
49 aead_request_set_tfm(aead_req, tfm);
50 aead_request_set_crypt(aead_req, sg, sg, 0, iv);
51 aead_request_set_ad(aead_req, GMAC_AAD_LEN + data_len);
52
53 crypto_aead_encrypt(aead_req);
54 kzfree(aead_req);
55
56 return 0;
57}
58
59struct crypto_aead *ieee80211_aes_gmac_key_setup(const u8 key[],
60 size_t key_len)
61{
62 struct crypto_aead *tfm;
63 int err;
64
65 tfm = crypto_alloc_aead("gcm(aes)", 0, CRYPTO_ALG_ASYNC);
66 if (IS_ERR(tfm))
67 return tfm;
68
69 err = crypto_aead_setkey(tfm, key, key_len);
70 if (!err)
71 err = crypto_aead_setauthsize(tfm, GMAC_MIC_LEN);
72 if (!err)
73 return tfm;
74
75 crypto_free_aead(tfm);
76 return ERR_PTR(err);
77}
78
79void ieee80211_aes_gmac_key_free(struct crypto_aead *tfm)
80{
81 crypto_free_aead(tfm);
82}
83