Skip to content

Commit

Permalink
mac80111: Add BIP-GMAC-128 and BIP-GMAC-256 ciphers
Browse files Browse the repository at this point in the history
This allows mac80211 to configure BIP-GMAC-128 and BIP-GMAC-256 to the
driver and also use software-implementation within mac80211 when the
driver does not support this with hardware accelaration.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
  • Loading branch information
Jouni Malinen authored and Johannes Berg committed Jan 27, 2015
1 parent 56c52da commit 8ade538
Show file tree
Hide file tree
Showing 13 changed files with 344 additions and 3 deletions.
5 changes: 5 additions & 0 deletions include/net/mac80211.h
Original file line number Diff line number Diff line change
Expand Up @@ -4098,6 +4098,8 @@ void ieee80211_aes_cmac_calculate_k1_k2(struct ieee80211_key_conf *keyconf,
* reverse order than in packet)
* @aes_cmac: PN data, most significant byte first (big endian,
* reverse order than in packet)
* @aes_gmac: PN data, most significant byte first (big endian,
* reverse order than in packet)
* @gcmp: PN data, most significant byte first (big endian,
* reverse order than in packet)
*/
Expand All @@ -4113,6 +4115,9 @@ struct ieee80211_key_seq {
struct {
u8 pn[6];
} aes_cmac;
struct {
u8 pn[6];
} aes_gmac;
struct {
u8 pn[6];
} gcmp;
Expand Down
1 change: 1 addition & 0 deletions net/mac80211/Makefile
Original file line number Diff line number Diff line change
Expand Up @@ -17,6 +17,7 @@ mac80211-y := \
aes_ccm.o \
aes_gcm.o \
aes_cmac.o \
aes_gmac.o \
cfg.o \
ethtool.o \
rx.o \
Expand Down
84 changes: 84 additions & 0 deletions net/mac80211/aes_gmac.c
Original file line number Diff line number Diff line change
@@ -0,0 +1,84 @@
/*
* AES-GMAC for IEEE 802.11 BIP-GMAC-128 and BIP-GMAC-256
* Copyright 2015, Qualcomm Atheros, Inc.
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License version 2 as
* published by the Free Software Foundation.
*/

#include <linux/kernel.h>
#include <linux/types.h>
#include <linux/crypto.h>
#include <linux/err.h>
#include <crypto/aes.h>

#include <net/mac80211.h>
#include "key.h"
#include "aes_gmac.h"

#define GMAC_MIC_LEN 16
#define GMAC_NONCE_LEN 12
#define AAD_LEN 20

int ieee80211_aes_gmac(struct crypto_aead *tfm, const u8 *aad, u8 *nonce,
const u8 *data, size_t data_len, u8 *mic)
{
struct scatterlist sg[3], ct[1];
char aead_req_data[sizeof(struct aead_request) +
crypto_aead_reqsize(tfm)]
__aligned(__alignof__(struct aead_request));
struct aead_request *aead_req = (void *)aead_req_data;
u8 zero[GMAC_MIC_LEN], iv[AES_BLOCK_SIZE];

if (data_len < GMAC_MIC_LEN)
return -EINVAL;

memset(aead_req, 0, sizeof(aead_req_data));

memset(zero, 0, GMAC_MIC_LEN);
sg_init_table(sg, 3);
sg_set_buf(&sg[0], aad, AAD_LEN);
sg_set_buf(&sg[1], data, data_len - GMAC_MIC_LEN);
sg_set_buf(&sg[2], zero, GMAC_MIC_LEN);

memcpy(iv, nonce, GMAC_NONCE_LEN);
memset(iv + GMAC_NONCE_LEN, 0, sizeof(iv) - GMAC_NONCE_LEN);
iv[AES_BLOCK_SIZE - 1] = 0x01;

sg_init_table(ct, 1);
sg_set_buf(&ct[0], mic, GMAC_MIC_LEN);

aead_request_set_tfm(aead_req, tfm);
aead_request_set_assoc(aead_req, sg, AAD_LEN + data_len);
aead_request_set_crypt(aead_req, NULL, ct, 0, iv);

crypto_aead_encrypt(aead_req);

return 0;
}

struct crypto_aead *ieee80211_aes_gmac_key_setup(const u8 key[],
size_t key_len)
{
struct crypto_aead *tfm;
int err;

tfm = crypto_alloc_aead("gcm(aes)", 0, CRYPTO_ALG_ASYNC);
if (IS_ERR(tfm))
return tfm;

err = crypto_aead_setkey(tfm, key, key_len);
if (!err)
return tfm;
if (!err)
err = crypto_aead_setauthsize(tfm, GMAC_MIC_LEN);

crypto_free_aead(tfm);
return ERR_PTR(err);
}

void ieee80211_aes_gmac_key_free(struct crypto_aead *tfm)
{
crypto_free_aead(tfm);
}
20 changes: 20 additions & 0 deletions net/mac80211/aes_gmac.h
Original file line number Diff line number Diff line change
@@ -0,0 +1,20 @@
/*
* Copyright 2015, Qualcomm Atheros, Inc.
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License version 2 as
* published by the Free Software Foundation.
*/

#ifndef AES_GMAC_H
#define AES_GMAC_H

#include <linux/crypto.h>

struct crypto_aead *ieee80211_aes_gmac_key_setup(const u8 key[],
size_t key_len);
int ieee80211_aes_gmac(struct crypto_aead *tfm, const u8 *aad, u8 *nonce,
const u8 *data, size_t data_len, u8 *mic);
void ieee80211_aes_gmac_key_free(struct crypto_aead *tfm);

#endif /* AES_GMAC_H */
14 changes: 14 additions & 0 deletions net/mac80211/cfg.c
Original file line number Diff line number Diff line change
Expand Up @@ -165,6 +165,8 @@ static int ieee80211_add_key(struct wiphy *wiphy, struct net_device *dev,
case WLAN_CIPHER_SUITE_CCMP_256:
case WLAN_CIPHER_SUITE_AES_CMAC:
case WLAN_CIPHER_SUITE_BIP_CMAC_256:
case WLAN_CIPHER_SUITE_BIP_GMAC_128:
case WLAN_CIPHER_SUITE_BIP_GMAC_256:
case WLAN_CIPHER_SUITE_GCMP:
case WLAN_CIPHER_SUITE_GCMP_256:
break;
Expand Down Expand Up @@ -374,6 +376,18 @@ static int ieee80211_get_key(struct wiphy *wiphy, struct net_device *dev,
params.seq = seq;
params.seq_len = 6;
break;
case WLAN_CIPHER_SUITE_BIP_GMAC_128:
case WLAN_CIPHER_SUITE_BIP_GMAC_256:
pn64 = atomic64_read(&key->u.aes_gmac.tx_pn);
seq[0] = pn64;
seq[1] = pn64 >> 8;
seq[2] = pn64 >> 16;
seq[3] = pn64 >> 24;
seq[4] = pn64 >> 32;
seq[5] = pn64 >> 40;
params.seq = seq;
params.seq_len = 6;
break;
case WLAN_CIPHER_SUITE_GCMP:
case WLAN_CIPHER_SUITE_GCMP_256:
pn64 = atomic64_read(&key->u.gcmp.tx_pn);
Expand Down
26 changes: 26 additions & 0 deletions net/mac80211/debugfs_key.c
Original file line number Diff line number Diff line change
Expand Up @@ -107,6 +107,13 @@ static ssize_t key_tx_spec_read(struct file *file, char __user *userbuf,
(u8)(pn >> 40), (u8)(pn >> 32), (u8)(pn >> 24),
(u8)(pn >> 16), (u8)(pn >> 8), (u8)pn);
break;
case WLAN_CIPHER_SUITE_BIP_GMAC_128:
case WLAN_CIPHER_SUITE_BIP_GMAC_256:
pn = atomic64_read(&key->u.aes_gmac.tx_pn);
len = scnprintf(buf, sizeof(buf), "%02x%02x%02x%02x%02x%02x\n",
(u8)(pn >> 40), (u8)(pn >> 32), (u8)(pn >> 24),
(u8)(pn >> 16), (u8)(pn >> 8), (u8)pn);
break;
case WLAN_CIPHER_SUITE_GCMP:
case WLAN_CIPHER_SUITE_GCMP_256:
pn = atomic64_read(&key->u.gcmp.tx_pn);
Expand Down Expand Up @@ -162,6 +169,15 @@ static ssize_t key_rx_spec_read(struct file *file, char __user *userbuf,
rpn[3], rpn[4], rpn[5]);
len = p - buf;
break;
case WLAN_CIPHER_SUITE_BIP_GMAC_128:
case WLAN_CIPHER_SUITE_BIP_GMAC_256:
rpn = key->u.aes_gmac.rx_pn;
p += scnprintf(p, sizeof(buf)+buf-p,
"%02x%02x%02x%02x%02x%02x\n",
rpn[0], rpn[1], rpn[2],
rpn[3], rpn[4], rpn[5]);
len = p - buf;
break;
case WLAN_CIPHER_SUITE_GCMP:
case WLAN_CIPHER_SUITE_GCMP_256:
for (i = 0; i < IEEE80211_NUM_TIDS + 1; i++) {
Expand Down Expand Up @@ -197,6 +213,11 @@ static ssize_t key_replays_read(struct file *file, char __user *userbuf,
len = scnprintf(buf, sizeof(buf), "%u\n",
key->u.aes_cmac.replays);
break;
case WLAN_CIPHER_SUITE_BIP_GMAC_128:
case WLAN_CIPHER_SUITE_BIP_GMAC_256:
len = scnprintf(buf, sizeof(buf), "%u\n",
key->u.aes_gmac.replays);
break;
case WLAN_CIPHER_SUITE_GCMP:
case WLAN_CIPHER_SUITE_GCMP_256:
len = scnprintf(buf, sizeof(buf), "%u\n", key->u.gcmp.replays);
Expand All @@ -221,6 +242,11 @@ static ssize_t key_icverrors_read(struct file *file, char __user *userbuf,
len = scnprintf(buf, sizeof(buf), "%u\n",
key->u.aes_cmac.icverrors);
break;
case WLAN_CIPHER_SUITE_BIP_GMAC_128:
case WLAN_CIPHER_SUITE_BIP_GMAC_256:
len = scnprintf(buf, sizeof(buf), "%u\n",
key->u.aes_gmac.icverrors);
break;
default:
return 0;
}
Expand Down
60 changes: 60 additions & 0 deletions net/mac80211/key.c
Original file line number Diff line number Diff line change
Expand Up @@ -24,6 +24,7 @@
#include "debugfs_key.h"
#include "aes_ccm.h"
#include "aes_cmac.h"
#include "aes_gmac.h"
#include "aes_gcm.h"


Expand Down Expand Up @@ -166,6 +167,8 @@ static int ieee80211_key_enable_hw_accel(struct ieee80211_key *key)
case WLAN_CIPHER_SUITE_CCMP_256:
case WLAN_CIPHER_SUITE_AES_CMAC:
case WLAN_CIPHER_SUITE_BIP_CMAC_256:
case WLAN_CIPHER_SUITE_BIP_GMAC_128:
case WLAN_CIPHER_SUITE_BIP_GMAC_256:
case WLAN_CIPHER_SUITE_GCMP:
case WLAN_CIPHER_SUITE_GCMP_256:
/* all of these we can do in software - if driver can */
Expand Down Expand Up @@ -440,6 +443,25 @@ ieee80211_key_alloc(u32 cipher, int idx, size_t key_len,
return ERR_PTR(err);
}
break;
case WLAN_CIPHER_SUITE_BIP_GMAC_128:
case WLAN_CIPHER_SUITE_BIP_GMAC_256:
key->conf.iv_len = 0;
key->conf.icv_len = sizeof(struct ieee80211_mmie_16);
if (seq)
for (j = 0; j < IEEE80211_GMAC_PN_LEN; j++)
key->u.aes_gmac.rx_pn[j] =
seq[IEEE80211_GMAC_PN_LEN - j - 1];
/* Initialize AES key state here as an optimization so that
* it does not need to be initialized for every packet.
*/
key->u.aes_gmac.tfm =
ieee80211_aes_gmac_key_setup(key_data, key_len);
if (IS_ERR(key->u.aes_gmac.tfm)) {
err = PTR_ERR(key->u.aes_gmac.tfm);
kfree(key);
return ERR_PTR(err);
}
break;
case WLAN_CIPHER_SUITE_GCMP:
case WLAN_CIPHER_SUITE_GCMP_256:
key->conf.iv_len = IEEE80211_GCMP_HDR_LEN;
Expand Down Expand Up @@ -489,6 +511,10 @@ static void ieee80211_key_free_common(struct ieee80211_key *key)
case WLAN_CIPHER_SUITE_BIP_CMAC_256:
ieee80211_aes_cmac_key_free(key->u.aes_cmac.tfm);
break;
case WLAN_CIPHER_SUITE_BIP_GMAC_128:
case WLAN_CIPHER_SUITE_BIP_GMAC_256:
ieee80211_aes_gmac_key_free(key->u.aes_gmac.tfm);
break;
case WLAN_CIPHER_SUITE_GCMP:
case WLAN_CIPHER_SUITE_GCMP_256:
ieee80211_aes_gcm_key_free(key->u.gcmp.tfm);
Expand Down Expand Up @@ -819,6 +845,16 @@ void ieee80211_get_key_tx_seq(struct ieee80211_key_conf *keyconf,
seq->ccmp.pn[1] = pn64 >> 32;
seq->ccmp.pn[0] = pn64 >> 40;
break;
case WLAN_CIPHER_SUITE_BIP_GMAC_128:
case WLAN_CIPHER_SUITE_BIP_GMAC_256:
pn64 = atomic64_read(&key->u.aes_gmac.tx_pn);
seq->ccmp.pn[5] = pn64;
seq->ccmp.pn[4] = pn64 >> 8;
seq->ccmp.pn[3] = pn64 >> 16;
seq->ccmp.pn[2] = pn64 >> 24;
seq->ccmp.pn[1] = pn64 >> 32;
seq->ccmp.pn[0] = pn64 >> 40;
break;
case WLAN_CIPHER_SUITE_GCMP:
case WLAN_CIPHER_SUITE_GCMP_256:
pn64 = atomic64_read(&key->u.gcmp.tx_pn);
Expand Down Expand Up @@ -867,6 +903,13 @@ void ieee80211_get_key_rx_seq(struct ieee80211_key_conf *keyconf,
pn = key->u.aes_cmac.rx_pn;
memcpy(seq->aes_cmac.pn, pn, IEEE80211_CMAC_PN_LEN);
break;
case WLAN_CIPHER_SUITE_BIP_GMAC_128:
case WLAN_CIPHER_SUITE_BIP_GMAC_256:
if (WARN_ON(tid != 0))
return;
pn = key->u.aes_gmac.rx_pn;
memcpy(seq->aes_gmac.pn, pn, IEEE80211_GMAC_PN_LEN);
break;
case WLAN_CIPHER_SUITE_GCMP:
case WLAN_CIPHER_SUITE_GCMP_256:
if (WARN_ON(tid < -1 || tid >= IEEE80211_NUM_TIDS))
Expand Down Expand Up @@ -914,6 +957,16 @@ void ieee80211_set_key_tx_seq(struct ieee80211_key_conf *keyconf,
((u64)seq->aes_cmac.pn[0] << 40);
atomic64_set(&key->u.aes_cmac.tx_pn, pn64);
break;
case WLAN_CIPHER_SUITE_BIP_GMAC_128:
case WLAN_CIPHER_SUITE_BIP_GMAC_256:
pn64 = (u64)seq->aes_gmac.pn[5] |
((u64)seq->aes_gmac.pn[4] << 8) |
((u64)seq->aes_gmac.pn[3] << 16) |
((u64)seq->aes_gmac.pn[2] << 24) |
((u64)seq->aes_gmac.pn[1] << 32) |
((u64)seq->aes_gmac.pn[0] << 40);
atomic64_set(&key->u.aes_gmac.tx_pn, pn64);
break;
case WLAN_CIPHER_SUITE_GCMP:
case WLAN_CIPHER_SUITE_GCMP_256:
pn64 = (u64)seq->gcmp.pn[5] |
Expand Down Expand Up @@ -963,6 +1016,13 @@ void ieee80211_set_key_rx_seq(struct ieee80211_key_conf *keyconf,
pn = key->u.aes_cmac.rx_pn;
memcpy(pn, seq->aes_cmac.pn, IEEE80211_CMAC_PN_LEN);
break;
case WLAN_CIPHER_SUITE_BIP_GMAC_128:
case WLAN_CIPHER_SUITE_BIP_GMAC_256:
if (WARN_ON(tid != 0))
return;
pn = key->u.aes_gmac.rx_pn;
memcpy(pn, seq->aes_gmac.pn, IEEE80211_GMAC_PN_LEN);
break;
case WLAN_CIPHER_SUITE_GCMP:
case WLAN_CIPHER_SUITE_GCMP_256:
if (WARN_ON(tid < -1 || tid >= IEEE80211_NUM_TIDS))
Expand Down
7 changes: 7 additions & 0 deletions net/mac80211/key.h
Original file line number Diff line number Diff line change
Expand Up @@ -94,6 +94,13 @@ struct ieee80211_key {
u32 replays; /* dot11RSNAStatsCMACReplays */
u32 icverrors; /* dot11RSNAStatsCMACICVErrors */
} aes_cmac;
struct {
atomic64_t tx_pn;
u8 rx_pn[IEEE80211_GMAC_PN_LEN];
struct crypto_aead *tfm;
u32 replays; /* dot11RSNAStatsCMACReplays */
u32 icverrors; /* dot11RSNAStatsCMACICVErrors */
} aes_gmac;
struct {
atomic64_t tx_pn;
/* Last received packet number. The first
Expand Down
12 changes: 9 additions & 3 deletions net/mac80211/main.c
Original file line number Diff line number Diff line change
Expand Up @@ -673,6 +673,8 @@ static int ieee80211_init_cipher_suites(struct ieee80211_local *local)
/* keep last -- depends on hw flags! */
WLAN_CIPHER_SUITE_AES_CMAC,
WLAN_CIPHER_SUITE_BIP_CMAC_256,
WLAN_CIPHER_SUITE_BIP_GMAC_128,
WLAN_CIPHER_SUITE_BIP_GMAC_256,
};

if (local->hw.flags & IEEE80211_HW_SW_CRYPTO_CONTROL ||
Expand Down Expand Up @@ -711,7 +713,7 @@ static int ieee80211_init_cipher_suites(struct ieee80211_local *local)
local->hw.wiphy->n_cipher_suites = ARRAY_SIZE(cipher_suites);

if (!have_mfp)
local->hw.wiphy->n_cipher_suites -= 2;
local->hw.wiphy->n_cipher_suites -= 4;

if (!have_wep) {
local->hw.wiphy->cipher_suites += 2;
Expand All @@ -737,9 +739,11 @@ static int ieee80211_init_cipher_suites(struct ieee80211_local *local)
if (have_wep)
n_suites += 2;

/* check if we have AES_CMAC, BIP-CMAC-256 */
/* check if we have AES_CMAC, BIP-CMAC-256, BIP-GMAC-128,
* BIP-GMAC-256
*/
if (have_mfp)
n_suites += 2;
n_suites += 4;

suites = kmalloc(sizeof(u32) * n_suites, GFP_KERNEL);
if (!suites)
Expand All @@ -759,6 +763,8 @@ static int ieee80211_init_cipher_suites(struct ieee80211_local *local)
if (have_mfp) {
suites[w++] = WLAN_CIPHER_SUITE_AES_CMAC;
suites[w++] = WLAN_CIPHER_SUITE_BIP_CMAC_256;
suites[w++] = WLAN_CIPHER_SUITE_BIP_GMAC_128;
suites[w++] = WLAN_CIPHER_SUITE_BIP_GMAC_256;
}

for (r = 0; r < local->hw.n_cipher_schemes; r++)
Expand Down
4 changes: 4 additions & 0 deletions net/mac80211/rx.c
Original file line number Diff line number Diff line change
Expand Up @@ -1671,6 +1671,10 @@ ieee80211_rx_h_decrypt(struct ieee80211_rx_data *rx)
case WLAN_CIPHER_SUITE_BIP_CMAC_256:
result = ieee80211_crypto_aes_cmac_256_decrypt(rx);
break;
case WLAN_CIPHER_SUITE_BIP_GMAC_128:
case WLAN_CIPHER_SUITE_BIP_GMAC_256:
result = ieee80211_crypto_aes_gmac_decrypt(rx);
break;
case WLAN_CIPHER_SUITE_GCMP:
case WLAN_CIPHER_SUITE_GCMP_256:
result = ieee80211_crypto_gcmp_decrypt(rx);
Expand Down
Loading

0 comments on commit 8ade538

Please sign in to comment.