aes_cmac.c 2.2 KB

1234567891011121314151617181920212223242526272829303132333435363738394041424344454647484950515253545556575859606162636465666768697071727374757677787980818283848586878889909192
  1. // SPDX-License-Identifier: GPL-2.0-only
  2. /*
  3. * AES-128-CMAC with TLen 16 for IEEE 802.11w BIP
  4. * Copyright 2008, Jouni Malinen <[email protected]>
  5. * Copyright (C) 2020 Intel Corporation
  6. */
  7. #include <linux/kernel.h>
  8. #include <linux/types.h>
  9. #include <linux/crypto.h>
  10. #include <linux/export.h>
  11. #include <linux/err.h>
  12. #include <crypto/aes.h>
  13. #include <net/mac80211.h>
  14. #include "key.h"
  15. #include "aes_cmac.h"
  16. #define CMAC_TLEN 8 /* CMAC TLen = 64 bits (8 octets) */
  17. #define CMAC_TLEN_256 16 /* CMAC TLen = 128 bits (16 octets) */
  18. #define AAD_LEN 20
  19. static const u8 zero[CMAC_TLEN_256];
  20. void ieee80211_aes_cmac(struct crypto_shash *tfm, const u8 *aad,
  21. const u8 *data, size_t data_len, u8 *mic)
  22. {
  23. SHASH_DESC_ON_STACK(desc, tfm);
  24. u8 out[AES_BLOCK_SIZE];
  25. const __le16 *fc;
  26. desc->tfm = tfm;
  27. crypto_shash_init(desc);
  28. crypto_shash_update(desc, aad, AAD_LEN);
  29. fc = (const __le16 *)aad;
  30. if (ieee80211_is_beacon(*fc)) {
  31. /* mask Timestamp field to zero */
  32. crypto_shash_update(desc, zero, 8);
  33. crypto_shash_update(desc, data + 8, data_len - 8 - CMAC_TLEN);
  34. } else {
  35. crypto_shash_update(desc, data, data_len - CMAC_TLEN);
  36. }
  37. crypto_shash_finup(desc, zero, CMAC_TLEN, out);
  38. memcpy(mic, out, CMAC_TLEN);
  39. }
  40. void ieee80211_aes_cmac_256(struct crypto_shash *tfm, const u8 *aad,
  41. const u8 *data, size_t data_len, u8 *mic)
  42. {
  43. SHASH_DESC_ON_STACK(desc, tfm);
  44. const __le16 *fc;
  45. desc->tfm = tfm;
  46. crypto_shash_init(desc);
  47. crypto_shash_update(desc, aad, AAD_LEN);
  48. fc = (const __le16 *)aad;
  49. if (ieee80211_is_beacon(*fc)) {
  50. /* mask Timestamp field to zero */
  51. crypto_shash_update(desc, zero, 8);
  52. crypto_shash_update(desc, data + 8,
  53. data_len - 8 - CMAC_TLEN_256);
  54. } else {
  55. crypto_shash_update(desc, data, data_len - CMAC_TLEN_256);
  56. }
  57. crypto_shash_finup(desc, zero, CMAC_TLEN_256, mic);
  58. }
  59. struct crypto_shash *ieee80211_aes_cmac_key_setup(const u8 key[],
  60. size_t key_len)
  61. {
  62. struct crypto_shash *tfm;
  63. tfm = crypto_alloc_shash("cmac(aes)", 0, 0);
  64. if (!IS_ERR(tfm)) {
  65. int err = crypto_shash_setkey(tfm, key, key_len);
  66. if (err) {
  67. crypto_free_shash(tfm);
  68. return ERR_PTR(err);
  69. }
  70. }
  71. return tfm;
  72. }
  73. void ieee80211_aes_cmac_key_free(struct crypto_shash *tfm)
  74. {
  75. crypto_free_shash(tfm);
  76. }