xref: /OK3568_Linux_fs/external/rkwifibt/drivers/rtl8822cs/core/crypto/aes-omac1.c (revision 4882a59341e53eb6f0b4789bf948001014eff981) 
1 /*
2  * One-key CBC MAC (OMAC1) hash with AES
3  *
4  * Copyright (c) 2003-2007, Jouni Malinen <j@w1.fi>
5  *
6  * This software may be distributed under the terms of the BSD license.
7  * See README for more details.
8  */
9 
10 #include "rtw_crypto_wrap.h"
11 
12 #include "aes.h"
13 #include "aes_wrap.h"
14 
gf_mulx(u8 * pad)15 static void gf_mulx(u8 *pad)
16 {
17 	int i, carry;
18 
19 	carry = pad[0] & 0x80;
20 	for (i = 0; i < AES_BLOCK_SIZE - 1; i++)
21 		pad[i] = (pad[i] << 1) | (pad[i + 1] >> 7);
22 	pad[AES_BLOCK_SIZE - 1] <<= 1;
23 	if (carry)
24 		pad[AES_BLOCK_SIZE - 1] ^= 0x87;
25 }
26 
27 
28 /**
29  * omac1_aes_vector - One-Key CBC MAC (OMAC1) hash with AES
30  * @key: Key for the hash operation
31  * @key_len: Key length in octets
32  * @num_elem: Number of elements in the data vector
33  * @addr: Pointers to the data areas
34  * @len: Lengths of the data blocks
35  * @mac: Buffer for MAC (128 bits, i.e., 16 bytes)
36  * Returns: 0 on success, -1 on failure
37  *
38  * This is a mode for using block cipher (AES in this case) for authentication.
39  * OMAC1 was standardized with the name CMAC by NIST in a Special Publication
40  * (SP) 800-38B.
41  */
omac1_aes_vector(const u8 * key,size_t key_len,size_t num_elem,const u8 * addr[],const size_t * len,u8 * mac)42 int omac1_aes_vector(const u8 *key, size_t key_len, size_t num_elem,
43 		     const u8 *addr[], const size_t *len, u8 *mac)
44 {
45 	void *ctx;
46 	u8 cbc[AES_BLOCK_SIZE], pad[AES_BLOCK_SIZE];
47 	const u8 *pos, *end;
48 	size_t i, e, left, total_len;
49 
50 	if (TEST_FAIL())
51 		return -1;
52 
53 	ctx = aes_encrypt_init(key, key_len);
54 	if (ctx == NULL)
55 		return -1;
56 	os_memset(cbc, 0, AES_BLOCK_SIZE);
57 
58 	total_len = 0;
59 	for (e = 0; e < num_elem; e++)
60 		total_len += len[e];
61 	left = total_len;
62 
63 	e = 0;
64 	pos = addr[0];
65 	end = pos + len[0];
66 
67 	while (left >= AES_BLOCK_SIZE) {
68 		for (i = 0; i < AES_BLOCK_SIZE; i++) {
69 			cbc[i] ^= *pos++;
70 			if (pos >= end) {
71 				/*
72 				 * Stop if there are no more bytes to process
73 				 * since there are no more entries in the array.
74 				 */
75 				if (i + 1 == AES_BLOCK_SIZE &&
76 				    left == AES_BLOCK_SIZE)
77 					break;
78 				e++;
79 				pos = addr[e];
80 				end = pos + len[e];
81 			}
82 		}
83 		if (left > AES_BLOCK_SIZE)
84 			aes_encrypt(ctx, cbc, cbc);
85 		left -= AES_BLOCK_SIZE;
86 	}
87 
88 	os_memset(pad, 0, AES_BLOCK_SIZE);
89 	aes_encrypt(ctx, pad, pad);
90 	gf_mulx(pad);
91 
92 	if (left || total_len == 0) {
93 		for (i = 0; i < left; i++) {
94 			cbc[i] ^= *pos++;
95 			if (pos >= end) {
96 				/*
97 				 * Stop if there are no more bytes to process
98 				 * since there are no more entries in the array.
99 				 */
100 				if (i + 1 == left)
101 					break;
102 				e++;
103 				pos = addr[e];
104 				end = pos + len[e];
105 			}
106 		}
107 		cbc[left] ^= 0x80;
108 		gf_mulx(pad);
109 	}
110 
111 	for (i = 0; i < AES_BLOCK_SIZE; i++)
112 		pad[i] ^= cbc[i];
113 	aes_encrypt(ctx, pad, mac);
114 	aes_encrypt_deinit(ctx);
115 	return 0;
116 }
117 
118 
119 /**
120  * omac1_aes_128_vector - One-Key CBC MAC (OMAC1) hash with AES-128
121  * @key: 128-bit key for the hash operation
122  * @num_elem: Number of elements in the data vector
123  * @addr: Pointers to the data areas
124  * @len: Lengths of the data blocks
125  * @mac: Buffer for MAC (128 bits, i.e., 16 bytes)
126  * Returns: 0 on success, -1 on failure
127  *
128  * This is a mode for using block cipher (AES in this case) for authentication.
129  * OMAC1 was standardized with the name CMAC by NIST in a Special Publication
130  * (SP) 800-38B.
131  */
omac1_aes_128_vector(const u8 * key,size_t num_elem,const u8 * addr[],const size_t * len,u8 * mac)132 int omac1_aes_128_vector(const u8 *key, size_t num_elem,
133 			 const u8 *addr[], const size_t *len, u8 *mac)
134 {
135 	return omac1_aes_vector(key, 16, num_elem, addr, len, mac);
136 }
137 
138 
139 /**
140  * omac1_aes_128 - One-Key CBC MAC (OMAC1) hash with AES-128 (aka AES-CMAC)
141  * @key: 128-bit key for the hash operation
142  * @data: Data buffer for which a MAC is determined
143  * @data_len: Length of data buffer in bytes
144  * @mac: Buffer for MAC (128 bits, i.e., 16 bytes)
145  * Returns: 0 on success, -1 on failure
146  *
147  * This is a mode for using block cipher (AES in this case) for authentication.
148  * OMAC1 was standardized with the name CMAC by NIST in a Special Publication
149  * (SP) 800-38B.
150  */
omac1_aes_128(const u8 * key,const u8 * data,size_t data_len,u8 * mac)151 int omac1_aes_128(const u8 *key, const u8 *data, size_t data_len, u8 *mac)
152 {
153 	return omac1_aes_128_vector(key, 1, &data, &data_len, mac);
154 }
155 
156 
157 /**
158  * omac1_aes_256 - One-Key CBC MAC (OMAC1) hash with AES-256 (aka AES-CMAC)
159  * @key: 256-bit key for the hash operation
160  * @data: Data buffer for which a MAC is determined
161  * @data_len: Length of data buffer in bytes
162  * @mac: Buffer for MAC (128 bits, i.e., 16 bytes)
163  * Returns: 0 on success, -1 on failure
164  *
165  * This is a mode for using block cipher (AES in this case) for authentication.
166  * OMAC1 was standardized with the name CMAC by NIST in a Special Publication
167  * (SP) 800-38B.
168  */
omac1_aes_256(const u8 * key,const u8 * data,size_t data_len,u8 * mac)169 int omac1_aes_256(const u8 *key, const u8 *data, size_t data_len, u8 *mac)
170 {
171 	return omac1_aes_vector(key, 32, 1, &data, &data_len, mac);
172 }
173