1*4882a593Smuzhiyun // SPDX-License-Identifier: GPL-2.0-only
2*4882a593Smuzhiyun /*
3*4882a593Smuzhiyun * AES-128-CMAC with TLen 16 for IEEE 802.11w BIP
4*4882a593Smuzhiyun * Copyright 2008, Jouni Malinen <j@w1.fi>
5*4882a593Smuzhiyun */
6*4882a593Smuzhiyun
7*4882a593Smuzhiyun #include <linux/kernel.h>
8*4882a593Smuzhiyun #include <linux/types.h>
9*4882a593Smuzhiyun #include <linux/crypto.h>
10*4882a593Smuzhiyun #include <linux/export.h>
11*4882a593Smuzhiyun #include <linux/err.h>
12*4882a593Smuzhiyun #include <crypto/aes.h>
13*4882a593Smuzhiyun
14*4882a593Smuzhiyun #include <net/mac80211.h>
15*4882a593Smuzhiyun #include "key.h"
16*4882a593Smuzhiyun #include "aes_cmac.h"
17*4882a593Smuzhiyun
18*4882a593Smuzhiyun #define CMAC_TLEN 8 /* CMAC TLen = 64 bits (8 octets) */
19*4882a593Smuzhiyun #define CMAC_TLEN_256 16 /* CMAC TLen = 128 bits (16 octets) */
20*4882a593Smuzhiyun #define AAD_LEN 20
21*4882a593Smuzhiyun
22*4882a593Smuzhiyun static const u8 zero[CMAC_TLEN_256];
23*4882a593Smuzhiyun
ieee80211_aes_cmac(struct crypto_shash * tfm,const u8 * aad,const u8 * data,size_t data_len,u8 * mic)24*4882a593Smuzhiyun void ieee80211_aes_cmac(struct crypto_shash *tfm, const u8 *aad,
25*4882a593Smuzhiyun const u8 *data, size_t data_len, u8 *mic)
26*4882a593Smuzhiyun {
27*4882a593Smuzhiyun SHASH_DESC_ON_STACK(desc, tfm);
28*4882a593Smuzhiyun u8 out[AES_BLOCK_SIZE];
29*4882a593Smuzhiyun const __le16 *fc;
30*4882a593Smuzhiyun
31*4882a593Smuzhiyun desc->tfm = tfm;
32*4882a593Smuzhiyun
33*4882a593Smuzhiyun crypto_shash_init(desc);
34*4882a593Smuzhiyun crypto_shash_update(desc, aad, AAD_LEN);
35*4882a593Smuzhiyun fc = (const __le16 *)aad;
36*4882a593Smuzhiyun if (ieee80211_is_beacon(*fc)) {
37*4882a593Smuzhiyun /* mask Timestamp field to zero */
38*4882a593Smuzhiyun crypto_shash_update(desc, zero, 8);
39*4882a593Smuzhiyun crypto_shash_update(desc, data + 8, data_len - 8 - CMAC_TLEN);
40*4882a593Smuzhiyun } else {
41*4882a593Smuzhiyun crypto_shash_update(desc, data, data_len - CMAC_TLEN);
42*4882a593Smuzhiyun }
43*4882a593Smuzhiyun crypto_shash_finup(desc, zero, CMAC_TLEN, out);
44*4882a593Smuzhiyun
45*4882a593Smuzhiyun memcpy(mic, out, CMAC_TLEN);
46*4882a593Smuzhiyun }
47*4882a593Smuzhiyun
ieee80211_aes_cmac_256(struct crypto_shash * tfm,const u8 * aad,const u8 * data,size_t data_len,u8 * mic)48*4882a593Smuzhiyun void ieee80211_aes_cmac_256(struct crypto_shash *tfm, const u8 *aad,
49*4882a593Smuzhiyun const u8 *data, size_t data_len, u8 *mic)
50*4882a593Smuzhiyun {
51*4882a593Smuzhiyun SHASH_DESC_ON_STACK(desc, tfm);
52*4882a593Smuzhiyun const __le16 *fc;
53*4882a593Smuzhiyun
54*4882a593Smuzhiyun desc->tfm = tfm;
55*4882a593Smuzhiyun
56*4882a593Smuzhiyun crypto_shash_init(desc);
57*4882a593Smuzhiyun crypto_shash_update(desc, aad, AAD_LEN);
58*4882a593Smuzhiyun fc = (const __le16 *)aad;
59*4882a593Smuzhiyun if (ieee80211_is_beacon(*fc)) {
60*4882a593Smuzhiyun /* mask Timestamp field to zero */
61*4882a593Smuzhiyun crypto_shash_update(desc, zero, 8);
62*4882a593Smuzhiyun crypto_shash_update(desc, data + 8,
63*4882a593Smuzhiyun data_len - 8 - CMAC_TLEN_256);
64*4882a593Smuzhiyun } else {
65*4882a593Smuzhiyun crypto_shash_update(desc, data, data_len - CMAC_TLEN_256);
66*4882a593Smuzhiyun }
67*4882a593Smuzhiyun crypto_shash_finup(desc, zero, CMAC_TLEN_256, mic);
68*4882a593Smuzhiyun }
69*4882a593Smuzhiyun
ieee80211_aes_cmac_key_setup(const u8 key[],size_t key_len)70*4882a593Smuzhiyun struct crypto_shash *ieee80211_aes_cmac_key_setup(const u8 key[],
71*4882a593Smuzhiyun size_t key_len)
72*4882a593Smuzhiyun {
73*4882a593Smuzhiyun struct crypto_shash *tfm;
74*4882a593Smuzhiyun
75*4882a593Smuzhiyun tfm = crypto_alloc_shash("cmac(aes)", 0, 0);
76*4882a593Smuzhiyun if (!IS_ERR(tfm))
77*4882a593Smuzhiyun crypto_shash_setkey(tfm, key, key_len);
78*4882a593Smuzhiyun
79*4882a593Smuzhiyun return tfm;
80*4882a593Smuzhiyun }
81*4882a593Smuzhiyun
ieee80211_aes_cmac_key_free(struct crypto_shash * tfm)82*4882a593Smuzhiyun void ieee80211_aes_cmac_key_free(struct crypto_shash *tfm)
83*4882a593Smuzhiyun {
84*4882a593Smuzhiyun crypto_free_shash(tfm);
85*4882a593Smuzhiyun }
86