2007-05-05 11:45:53 -07:00
/*
* Copyright 2003 - 2004 , Instant802 Networks , Inc .
* Copyright 2005 - 2006 , Devicescape Software , Inc .
*
* This program is free software ; you can redistribute it and / or modify
* it under the terms of the GNU General Public License version 2 as
* published by the Free Software Foundation .
*/
2007-08-28 15:50:33 -07:00
# include <linux/kernel.h>
2007-05-05 11:45:53 -07:00
# include <linux/types.h>
# include <linux/crypto.h>
# include <linux/err.h>
2011-07-06 22:02:14 +02:00
# include <crypto/aes.h>
2007-05-05 11:45:53 -07:00
# include <net/mac80211.h>
2008-04-08 15:14:40 -04:00
# include "key.h"
2007-05-05 11:45:53 -07:00
# include "aes_ccm.h"
2008-07-02 16:30:53 -07:00
static void aes_ccm_prepare ( struct crypto_cipher * tfm , u8 * scratch , u8 * a )
2007-05-05 11:45:53 -07:00
{
int i ;
2008-07-02 16:30:53 -07:00
u8 * b_0 , * aad , * b , * s_0 ;
2007-05-05 11:45:53 -07:00
2011-07-06 22:02:14 +02:00
b_0 = scratch + 3 * AES_BLOCK_SIZE ;
aad = scratch + 4 * AES_BLOCK_SIZE ;
2008-07-02 16:30:53 -07:00
b = scratch ;
2011-07-06 22:02:14 +02:00
s_0 = scratch + AES_BLOCK_SIZE ;
2008-07-02 16:30:53 -07:00
crypto_cipher_encrypt_one ( tfm , b , b_0 ) ;
2007-05-05 11:45:53 -07:00
/* Extra Authenticate-only data (always two AES blocks) */
2011-07-06 22:02:14 +02:00
for ( i = 0 ; i < AES_BLOCK_SIZE ; i + + )
2007-05-05 11:45:53 -07:00
aad [ i ] ^ = b [ i ] ;
2008-07-02 16:30:53 -07:00
crypto_cipher_encrypt_one ( tfm , b , aad ) ;
2007-05-05 11:45:53 -07:00
2011-07-06 22:02:14 +02:00
aad + = AES_BLOCK_SIZE ;
2007-05-05 11:45:53 -07:00
2011-07-06 22:02:14 +02:00
for ( i = 0 ; i < AES_BLOCK_SIZE ; i + + )
2007-05-05 11:45:53 -07:00
aad [ i ] ^ = b [ i ] ;
2008-07-02 16:30:53 -07:00
crypto_cipher_encrypt_one ( tfm , a , aad ) ;
2007-05-05 11:45:53 -07:00
/* Mask out bits from auth-only-b_0 */
b_0 [ 0 ] & = 0x07 ;
/* S_0 is used to encrypt T (= MIC) */
b_0 [ 14 ] = 0 ;
b_0 [ 15 ] = 0 ;
2008-07-02 16:30:53 -07:00
crypto_cipher_encrypt_one ( tfm , s_0 , b_0 ) ;
2007-05-05 11:45:53 -07:00
}
void ieee80211_aes_ccm_encrypt ( struct crypto_cipher * tfm , u8 * scratch ,
2008-07-02 16:30:52 -07:00
u8 * data , size_t data_len ,
2007-05-05 11:45:53 -07:00
u8 * cdata , u8 * mic )
{
int i , j , last_len , num_blocks ;
2011-04-25 15:56:17 +05:30
u8 * pos , * cpos , * b , * s_0 , * e , * b_0 ;
2007-05-05 11:45:53 -07:00
b = scratch ;
2011-07-06 22:02:14 +02:00
s_0 = scratch + AES_BLOCK_SIZE ;
e = scratch + 2 * AES_BLOCK_SIZE ;
b_0 = scratch + 3 * AES_BLOCK_SIZE ;
2007-05-05 11:45:53 -07:00
2011-07-06 22:02:14 +02:00
num_blocks = DIV_ROUND_UP ( data_len , AES_BLOCK_SIZE ) ;
last_len = data_len % AES_BLOCK_SIZE ;
2008-07-02 16:30:53 -07:00
aes_ccm_prepare ( tfm , scratch , b ) ;
2007-05-05 11:45:53 -07:00
/* Process payload blocks */
pos = data ;
cpos = cdata ;
for ( j = 1 ; j < = num_blocks ; j + + ) {
int blen = ( j = = num_blocks & & last_len ) ?
2011-07-06 22:02:14 +02:00
last_len : AES_BLOCK_SIZE ;
2007-05-05 11:45:53 -07:00
/* Authentication followed by encryption */
for ( i = 0 ; i < blen ; i + + )
b [ i ] ^ = pos [ i ] ;
2008-07-02 16:30:53 -07:00
crypto_cipher_encrypt_one ( tfm , b , b ) ;
2007-05-05 11:45:53 -07:00
b_0 [ 14 ] = ( j > > 8 ) & 0xff ;
b_0 [ 15 ] = j & 0xff ;
2008-07-02 16:30:53 -07:00
crypto_cipher_encrypt_one ( tfm , e , b_0 ) ;
2007-05-05 11:45:53 -07:00
for ( i = 0 ; i < blen ; i + + )
* cpos + + = * pos + + ^ e [ i ] ;
}
2013-05-08 13:09:08 +02:00
for ( i = 0 ; i < IEEE80211_CCMP_MIC_LEN ; i + + )
2007-05-05 11:45:53 -07:00
mic [ i ] = b [ i ] ^ s_0 [ i ] ;
}
int ieee80211_aes_ccm_decrypt ( struct crypto_cipher * tfm , u8 * scratch ,
2008-07-02 16:30:52 -07:00
u8 * cdata , size_t data_len , u8 * mic , u8 * data )
2007-05-05 11:45:53 -07:00
{
int i , j , last_len , num_blocks ;
2011-04-25 15:56:17 +05:30
u8 * pos , * cpos , * b , * s_0 , * a , * b_0 ;
2007-05-05 11:45:53 -07:00
b = scratch ;
2011-07-06 22:02:14 +02:00
s_0 = scratch + AES_BLOCK_SIZE ;
a = scratch + 2 * AES_BLOCK_SIZE ;
b_0 = scratch + 3 * AES_BLOCK_SIZE ;
2007-05-05 11:45:53 -07:00
2011-07-06 22:02:14 +02:00
num_blocks = DIV_ROUND_UP ( data_len , AES_BLOCK_SIZE ) ;
last_len = data_len % AES_BLOCK_SIZE ;
2008-07-02 16:30:53 -07:00
aes_ccm_prepare ( tfm , scratch , a ) ;
2007-05-05 11:45:53 -07:00
/* Process payload blocks */
cpos = cdata ;
pos = data ;
for ( j = 1 ; j < = num_blocks ; j + + ) {
int blen = ( j = = num_blocks & & last_len ) ?
2011-07-06 22:02:14 +02:00
last_len : AES_BLOCK_SIZE ;
2007-05-05 11:45:53 -07:00
/* Decryption followed by authentication */
b_0 [ 14 ] = ( j > > 8 ) & 0xff ;
b_0 [ 15 ] = j & 0xff ;
2008-07-02 16:30:53 -07:00
crypto_cipher_encrypt_one ( tfm , b , b_0 ) ;
2007-05-05 11:45:53 -07:00
for ( i = 0 ; i < blen ; i + + ) {
* pos = * cpos + + ^ b [ i ] ;
a [ i ] ^ = * pos + + ;
}
2008-07-02 16:30:53 -07:00
crypto_cipher_encrypt_one ( tfm , a , a ) ;
2007-05-05 11:45:53 -07:00
}
2013-05-08 13:09:08 +02:00
for ( i = 0 ; i < IEEE80211_CCMP_MIC_LEN ; i + + ) {
2007-05-05 11:45:53 -07:00
if ( ( mic [ i ] ^ s_0 [ i ] ) ! = a [ i ] )
return - 1 ;
}
return 0 ;
}
2008-04-17 19:21:22 +02:00
struct crypto_cipher * ieee80211_aes_key_setup_encrypt ( const u8 key [ ] )
2007-05-05 11:45:53 -07:00
{
struct crypto_cipher * tfm ;
tfm = crypto_alloc_cipher ( " aes " , 0 , CRYPTO_ALG_ASYNC ) ;
2010-08-01 17:37:03 +01:00
if ( ! IS_ERR ( tfm ) )
2013-05-08 13:09:08 +02:00
crypto_cipher_setkey ( tfm , key , WLAN_KEY_LEN_CCMP ) ;
2007-05-05 11:45:53 -07:00
return tfm ;
}
void ieee80211_aes_key_free ( struct crypto_cipher * tfm )
{
2010-11-04 22:59:56 +01:00
crypto_free_cipher ( tfm ) ;
2007-05-05 11:45:53 -07:00
}