aes_cmac.c 3.1 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148
  1. /*
  2. * AES-128-CMAC with TLen 16 for IEEE 802.11w BIP
  3. * Copyright 2008, Jouni Malinen <j@w1.fi>
  4. *
  5. * This program is free software; you can redistribute it and/or modify
  6. * it under the terms of the GNU General Public License version 2 as
  7. * published by the Free Software Foundation.
  8. */
  9. #include <linux/kernel.h>
  10. #include <linux/types.h>
  11. #include <linux/crypto.h>
  12. #include <linux/export.h>
  13. #include <linux/err.h>
  14. #include <crypto/aes.h>
  15. #include <net/mac80211.h>
  16. #include "key.h"
  17. #include "aes_cmac.h"
  18. #define CMAC_TLEN 8 /* CMAC TLen = 64 bits (8 octets) */
  19. #define CMAC_TLEN_256 16 /* CMAC TLen = 128 bits (16 octets) */
  20. #define AAD_LEN 20
  21. static void gf_mulx(u8 *pad)
  22. {
  23. int i, carry;
  24. carry = pad[0] & 0x80;
  25. for (i = 0; i < AES_BLOCK_SIZE - 1; i++)
  26. pad[i] = (pad[i] << 1) | (pad[i + 1] >> 7);
  27. pad[AES_BLOCK_SIZE - 1] <<= 1;
  28. if (carry)
  29. pad[AES_BLOCK_SIZE - 1] ^= 0x87;
  30. }
  31. static void aes_cmac_vector(struct crypto_cipher *tfm, size_t num_elem,
  32. const u8 *addr[], const size_t *len, u8 *mac,
  33. size_t mac_len)
  34. {
  35. u8 cbc[AES_BLOCK_SIZE], pad[AES_BLOCK_SIZE];
  36. const u8 *pos, *end;
  37. size_t i, e, left, total_len;
  38. memset(cbc, 0, AES_BLOCK_SIZE);
  39. total_len = 0;
  40. for (e = 0; e < num_elem; e++)
  41. total_len += len[e];
  42. left = total_len;
  43. e = 0;
  44. pos = addr[0];
  45. end = pos + len[0];
  46. while (left >= AES_BLOCK_SIZE) {
  47. for (i = 0; i < AES_BLOCK_SIZE; i++) {
  48. cbc[i] ^= *pos++;
  49. if (pos >= end) {
  50. e++;
  51. pos = addr[e];
  52. end = pos + len[e];
  53. }
  54. }
  55. if (left > AES_BLOCK_SIZE)
  56. crypto_cipher_encrypt_one(tfm, cbc, cbc);
  57. left -= AES_BLOCK_SIZE;
  58. }
  59. memset(pad, 0, AES_BLOCK_SIZE);
  60. crypto_cipher_encrypt_one(tfm, pad, pad);
  61. gf_mulx(pad);
  62. if (left || total_len == 0) {
  63. for (i = 0; i < left; i++) {
  64. cbc[i] ^= *pos++;
  65. if (pos >= end) {
  66. e++;
  67. pos = addr[e];
  68. end = pos + len[e];
  69. }
  70. }
  71. cbc[left] ^= 0x80;
  72. gf_mulx(pad);
  73. }
  74. for (i = 0; i < AES_BLOCK_SIZE; i++)
  75. pad[i] ^= cbc[i];
  76. crypto_cipher_encrypt_one(tfm, pad, pad);
  77. memcpy(mac, pad, mac_len);
  78. }
  79. void ieee80211_aes_cmac(struct crypto_cipher *tfm, const u8 *aad,
  80. const u8 *data, size_t data_len, u8 *mic)
  81. {
  82. const u8 *addr[3];
  83. size_t len[3];
  84. u8 zero[CMAC_TLEN];
  85. memset(zero, 0, CMAC_TLEN);
  86. addr[0] = aad;
  87. len[0] = AAD_LEN;
  88. addr[1] = data;
  89. len[1] = data_len - CMAC_TLEN;
  90. addr[2] = zero;
  91. len[2] = CMAC_TLEN;
  92. aes_cmac_vector(tfm, 3, addr, len, mic, CMAC_TLEN);
  93. }
  94. void ieee80211_aes_cmac_256(struct crypto_cipher *tfm, const u8 *aad,
  95. const u8 *data, size_t data_len, u8 *mic)
  96. {
  97. const u8 *addr[3];
  98. size_t len[3];
  99. u8 zero[CMAC_TLEN_256];
  100. memset(zero, 0, CMAC_TLEN_256);
  101. addr[0] = aad;
  102. len[0] = AAD_LEN;
  103. addr[1] = data;
  104. len[1] = data_len - CMAC_TLEN_256;
  105. addr[2] = zero;
  106. len[2] = CMAC_TLEN_256;
  107. aes_cmac_vector(tfm, 3, addr, len, mic, CMAC_TLEN_256);
  108. }
  109. struct crypto_cipher *ieee80211_aes_cmac_key_setup(const u8 key[],
  110. size_t key_len)
  111. {
  112. struct crypto_cipher *tfm;
  113. tfm = crypto_alloc_cipher("aes", 0, CRYPTO_ALG_ASYNC);
  114. if (!IS_ERR(tfm))
  115. crypto_cipher_setkey(tfm, key, key_len);
  116. return tfm;
  117. }
  118. void ieee80211_aes_cmac_key_free(struct crypto_cipher *tfm)
  119. {
  120. crypto_free_cipher(tfm);
  121. }