2 * AES-128-CMAC with TLen 16 for IEEE 802.11w BIP
3 * Copyright 2008, Jouni Malinen <j@w1.fi>
5 * This program is free software; you can redistribute it and/or modify
6 * it under the terms of the GNU General Public License version 2 as
7 * published by the Free Software Foundation.
10 #include <linux/kernel.h>
11 #include <linux/types.h>
12 #include <linux/crypto.h>
13 #include <linux/err.h>
14 #include <crypto/aes.h>
16 #include <net/mac80211.h>
20 #define AES_CMAC_KEY_LEN 16
21 #define CMAC_TLEN 8 /* CMAC TLen = 64 bits (8 octets) */
25 static void gf_mulx(u8
*pad
)
29 carry
= pad
[0] & 0x80;
30 for (i
= 0; i
< AES_BLOCK_SIZE
- 1; i
++)
31 pad
[i
] = (pad
[i
] << 1) | (pad
[i
+ 1] >> 7);
32 pad
[AES_BLOCK_SIZE
- 1] <<= 1;
34 pad
[AES_BLOCK_SIZE
- 1] ^= 0x87;
38 static void aes_128_cmac_vector(struct crypto_cipher
*tfm
, size_t num_elem
,
39 const u8
*addr
[], const size_t *len
, u8
*mac
)
41 u8 scratch
[2 * AES_BLOCK_SIZE
];
44 size_t i
, e
, left
, total_len
;
47 pad
= scratch
+ AES_BLOCK_SIZE
;
49 memset(cbc
, 0, AES_BLOCK_SIZE
);
52 for (e
= 0; e
< num_elem
; e
++)
60 while (left
>= AES_BLOCK_SIZE
) {
61 for (i
= 0; i
< AES_BLOCK_SIZE
; i
++) {
69 if (left
> AES_BLOCK_SIZE
)
70 crypto_cipher_encrypt_one(tfm
, cbc
, cbc
);
71 left
-= AES_BLOCK_SIZE
;
74 memset(pad
, 0, AES_BLOCK_SIZE
);
75 crypto_cipher_encrypt_one(tfm
, pad
, pad
);
78 if (left
|| total_len
== 0) {
79 for (i
= 0; i
< left
; i
++) {
91 for (i
= 0; i
< AES_BLOCK_SIZE
; i
++)
93 crypto_cipher_encrypt_one(tfm
, pad
, pad
);
94 memcpy(mac
, pad
, CMAC_TLEN
);
98 void ieee80211_aes_cmac(struct crypto_cipher
*tfm
, const u8
*aad
,
99 const u8
*data
, size_t data_len
, u8
*mic
)
105 memset(zero
, 0, CMAC_TLEN
);
109 len
[1] = data_len
- CMAC_TLEN
;
113 aes_128_cmac_vector(tfm
, 3, addr
, len
, mic
);
117 struct crypto_cipher
* ieee80211_aes_cmac_key_setup(const u8 key
[])
119 struct crypto_cipher
*tfm
;
121 tfm
= crypto_alloc_cipher("aes", 0, CRYPTO_ALG_ASYNC
);
123 crypto_cipher_setkey(tfm
, key
, AES_CMAC_KEY_LEN
);
129 void ieee80211_aes_cmac_key_free(struct crypto_cipher
*tfm
)
131 crypto_free_cipher(tfm
);