[net-next-2.6.git] / net / mac80211 / aes_cmac.c

/*
 * AES-128-CMAC with TLen 16 for IEEE 802.11w BIP
 * Copyright 2008, Jouni Malinen <j@w1.fi>
 *
 * This program is free software; you can redistribute it and/or modify
 * it under the terms of the GNU General Public License version 2 as
 * published by the Free Software Foundation.
 */

#include <linux/kernel.h>
#include <linux/types.h>
#include <linux/crypto.h>
#include <linux/err.h>

#include <net/mac80211.h>
#include "key.h"
#include "aes_cmac.h"

#define AES_BLOCK_SIZE 16
#define AES_CMAC_KEY_LEN 16
#define CMAC_TLEN 8 /* CMAC TLen = 64 bits (8 octets) */
#define AAD_LEN 20


static void gf_mulx(u8 *pad)
{
	int i, carry;

	carry = pad[0] & 0x80;
	for (i = 0; i < AES_BLOCK_SIZE - 1; i++)
		pad[i] = (pad[i] << 1) | (pad[i + 1] >> 7);
	pad[AES_BLOCK_SIZE - 1] <<= 1;
	if (carry)
		pad[AES_BLOCK_SIZE - 1] ^= 0x87;
}


static void aes_128_cmac_vector(struct crypto_cipher *tfm, u8 *scratch,
				size_t num_elem,
				const u8 *addr[], const size_t *len, u8 *mac)
{
	u8 *cbc, *pad;
	const u8 *pos, *end;
	size_t i, e, left, total_len;

	cbc = scratch;
	pad = scratch + AES_BLOCK_SIZE;

	memset(cbc, 0, AES_BLOCK_SIZE);

	total_len = 0;
	for (e = 0; e < num_elem; e++)
		total_len += len[e];
	left = total_len;

	e = 0;
	pos = addr[0];
	end = pos + len[0];

	while (left >= AES_BLOCK_SIZE) {
		for (i = 0; i < AES_BLOCK_SIZE; i++) {
			cbc[i] ^= *pos++;
			if (pos >= end) {
				e++;
				pos = addr[e];
				end = pos + len[e];
			}
		}
		if (left > AES_BLOCK_SIZE)
			crypto_cipher_encrypt_one(tfm, cbc, cbc);
		left -= AES_BLOCK_SIZE;
	}

	memset(pad, 0, AES_BLOCK_SIZE);
	crypto_cipher_encrypt_one(tfm, pad, pad);
	gf_mulx(pad);

	if (left || total_len == 0) {
		for (i = 0; i < left; i++) {
			cbc[i] ^= *pos++;
			if (pos >= end) {
				e++;
				pos = addr[e];
				end = pos + len[e];
			}
		}
		cbc[left] ^= 0x80;
		gf_mulx(pad);
	}

	for (i = 0; i < AES_BLOCK_SIZE; i++)
		pad[i] ^= cbc[i];
	crypto_cipher_encrypt_one(tfm, pad, pad);
	memcpy(mac, pad, CMAC_TLEN);
}


void ieee80211_aes_cmac(struct crypto_cipher *tfm, u8 *scratch, const u8 *aad,
			const u8 *data, size_t data_len, u8 *mic)
{
	const u8 *addr[3];
	size_t len[3];
	u8 zero[CMAC_TLEN];

	memset(zero, 0, CMAC_TLEN);
	addr[0] = aad;
	len[0] = AAD_LEN;
	addr[1] = data;
	len[1] = data_len - CMAC_TLEN;
	addr[2] = zero;
	len[2] = CMAC_TLEN;

	aes_128_cmac_vector(tfm, scratch, 3, addr, len, mic);
}


struct crypto_cipher * ieee80211_aes_cmac_key_setup(const u8 key[])
{
	struct crypto_cipher *tfm;

	tfm = crypto_alloc_cipher("aes", 0, CRYPTO_ALG_ASYNC);
	if (!IS_ERR(tfm))
		crypto_cipher_setkey(tfm, key, AES_CMAC_KEY_LEN);

	return tfm;
}


void ieee80211_aes_cmac_key_free(struct crypto_cipher *tfm)
{
	crypto_free_cipher(tfm);
}
Commit	Line	Data
765cb46a JM	1	/*
	2	* AES-128-CMAC with TLen 16 for IEEE 802.11w BIP
	3	* Copyright 2008, Jouni Malinen <j@w1.fi>
	4	*
	5	* This program is free software; you can redistribute it and/or modify
	6	* it under the terms of the GNU General Public License version 2 as
	7	* published by the Free Software Foundation.
	8	*/
	9
	10	#include <linux/kernel.h>
	11	#include <linux/types.h>
	12	#include <linux/crypto.h>
	13	#include <linux/err.h>
	14
	15	#include <net/mac80211.h>
	16	#include "key.h"
	17	#include "aes_cmac.h"
	18
	19	#define AES_BLOCK_SIZE 16
	20	#define AES_CMAC_KEY_LEN 16
	21	#define CMAC_TLEN 8 /* CMAC TLen = 64 bits (8 octets) */
	22	#define AAD_LEN 20
	23
	24
	25	static void gf_mulx(u8 *pad)
	26	{
	27	int i, carry;
	28
	29	carry = pad[0] & 0x80;
	30	for (i = 0; i < AES_BLOCK_SIZE - 1; i++)
	31	pad[i] = (pad[i] << 1) \| (pad[i + 1] >> 7);
	32	pad[AES_BLOCK_SIZE - 1] <<= 1;
	33	if (carry)
	34	pad[AES_BLOCK_SIZE - 1] ^= 0x87;
	35	}
	36
	37
	38	static void aes_128_cmac_vector(struct crypto_cipher tfm, u8 scratch,
	39	size_t num_elem,
	40	const u8 addr[], const size_t len, u8 *mac)
	41	{
	42	u8 cbc, pad;
	43	const u8 pos, end;
	44	size_t i, e, left, total_len;
	45
	46	cbc = scratch;
	47	pad = scratch + AES_BLOCK_SIZE;
	48
	49	memset(cbc, 0, AES_BLOCK_SIZE);
	50
	51	total_len = 0;
	52	for (e = 0; e < num_elem; e++)
	53	total_len += len[e];
	54	left = total_len;
	55
	56	e = 0;
	57	pos = addr[0];
	58	end = pos + len[0];
	59
	60	while (left >= AES_BLOCK_SIZE) {
	61	for (i = 0; i < AES_BLOCK_SIZE; i++) {
	62	cbc[i] ^= *pos++;
	63	if (pos >= end) {
	64	e++;
65	pos = addr[e];
66	end = pos + len[e];
67	}
68	}
69	if (left > AES_BLOCK_SIZE)
70	crypto_cipher_encrypt_one(tfm, cbc, cbc);
71	left -= AES_BLOCK_SIZE;
72	}
73
74	memset(pad, 0, AES_BLOCK_SIZE);
75	crypto_cipher_encrypt_one(tfm, pad, pad);
76	gf_mulx(pad);
77
78	if (left \|\| total_len == 0) {
79	for (i = 0; i < left; i++) {
80	cbc[i] ^= *pos++;
81	if (pos >= end) {
82	e++;
83	pos = addr[e];
84	end = pos + len[e];
85	}
86	}
87	cbc[left] ^= 0x80;
88	gf_mulx(pad);
89	}
90
91	for (i = 0; i < AES_BLOCK_SIZE; i++)
92	pad[i] ^= cbc[i];
93	crypto_cipher_encrypt_one(tfm, pad, pad);
94	memcpy(mac, pad, CMAC_TLEN);
95	}
96
97
98	void ieee80211_aes_cmac(struct crypto_cipher tfm, u8 scratch, const u8 *aad,
99	const u8 data, size_t data_len, u8 mic)
100	{
101	const u8 *addr[3];
102	size_t len[3];
103	u8 zero[CMAC_TLEN];
104
105	memset(zero, 0, CMAC_TLEN);
106	addr[0] = aad;
107	len[0] = AAD_LEN;
108	addr[1] = data;
109	len[1] = data_len - CMAC_TLEN;
110	addr[2] = zero;
111	len[2] = CMAC_TLEN;
112
113	aes_128_cmac_vector(tfm, scratch, 3, addr, len, mic);
114	}
115
116
117	struct crypto_cipher * ieee80211_aes_cmac_key_setup(const u8 key[])
118	{
119	struct crypto_cipher *tfm;
120
121	tfm = crypto_alloc_cipher("aes", 0, CRYPTO_ALG_ASYNC);
1ac62ba7 BH	122	if (!IS_ERR(tfm))
1ac62ba7 BH	123	crypto_cipher_setkey(tfm, key, AES_CMAC_KEY_LEN);
765cb46a JM	124
	125	return tfm;
	126	}
	127
	128
	129	void ieee80211_aes_cmac_key_free(struct crypto_cipher *tfm)
	130	{
ffa56e54	131	crypto_free_cipher(tfm);
765cb46a	132	}