1 // SPDX-License-Identifier: GPL-2.0-only
7 #include <crypto/aes.h>
32 	desc->tfm = tfm;  in aes_s2v()
34 	/* D = AES-CMAC(K, <zero>) */  in aes_s2v()
37 	for (i = 0; i < num_elem - 1; i++) {  in aes_s2v()
49 		crypto_shash_update(desc, addr[i], len[i] - AES_BLOCK_SIZE);  in aes_s2v()
50 		crypto_xor(d, addr[i] + len[i] - AES_BLOCK_SIZE,  in aes_s2v()
59 	/* V = AES-CMAC(K, T) */  in aes_s2v()
87 	tfm = crypto_alloc_shash("cmac(aes)", 0, 0);  in aes_siv_encrypt()
99 	 * overwriting this during AES-CTR.  in aes_siv_encrypt()
103 		return -ENOMEM;  in aes_siv_encrypt()
116 	tfm2 = crypto_alloc_skcipher("ctr(aes)", 0, CRYPTO_ALG_ASYNC);  in aes_siv_encrypt()
128 		res = -ENOMEM;  in aes_siv_encrypt()
158 	crypt_len = iv_c_len - AES_BLOCK_SIZE;  in aes_siv_decrypt()
175 	tfm2 = crypto_alloc_skcipher("ctr(aes)", 0, CRYPTO_ALG_ASYNC);  in aes_siv_decrypt()
188 		return -ENOMEM;  in aes_siv_decrypt()
202 	tfm = crypto_alloc_shash("cmac(aes)", 0, 0);  in aes_siv_decrypt()
213 		return -EINVAL;  in aes_siv_decrypt()
220 	struct ieee80211_mgmt *mgmt = (void *)skb->data;  in fils_encrypt_assoc_req()
227 	if (ieee80211_is_reassoc_req(mgmt->frame_control)) {  in fils_encrypt_assoc_req()
228 		capab = (u8 *)&mgmt->u.reassoc_req.capab_info;  in fils_encrypt_assoc_req()
229 		ies = mgmt->u.reassoc_req.variable;  in fils_encrypt_assoc_req()
231 		capab = (u8 *)&mgmt->u.assoc_req.capab_info;  in fils_encrypt_assoc_req()
232 		ies = mgmt->u.assoc_req.variable;  in fils_encrypt_assoc_req()
236 					 ies, skb->data + skb->len - ies);  in fils_encrypt_assoc_req()
237 	if (!session || session->datalen != 1 + 8)  in fils_encrypt_assoc_req()
238 		return -EINVAL;  in fils_encrypt_assoc_req()
240 	encr = (u8 *)session->data + 1 + 8;  in fils_encrypt_assoc_req()
242 	/* AES-SIV AAD vectors */  in fils_encrypt_assoc_req()
245 	addr[0] = mgmt->sa;  in fils_encrypt_assoc_req()
248 	addr[1] = mgmt->da;  in fils_encrypt_assoc_req()
251 	addr[2] = assoc_data->fils_nonces;  in fils_encrypt_assoc_req()
254 	addr[3] = &assoc_data->fils_nonces[FILS_NONCE_LEN];  in fils_encrypt_assoc_req()
260 	len[4] = encr - capab;  in fils_encrypt_assoc_req()
262 	crypt_len = skb->data + skb->len - encr;  in fils_encrypt_assoc_req()
264 	return aes_siv_encrypt(assoc_data->fils_kek, assoc_data->fils_kek_len,  in fils_encrypt_assoc_req()
281 		return -EINVAL;  in fils_decrypt_assoc_resp()
283 	capab = (u8 *)&mgmt->u.assoc_resp.capab_info;  in fils_decrypt_assoc_resp()
284 	ies = mgmt->u.assoc_resp.variable;  in fils_decrypt_assoc_resp()
286 					 ies, frame + *frame_len - ies);  in fils_decrypt_assoc_resp()
287 	if (!session || session->datalen != 1 + 8) {  in fils_decrypt_assoc_resp()
290 			 mgmt->sa);  in fils_decrypt_assoc_resp()
291 		return -EINVAL;  in fils_decrypt_assoc_resp()
294 	encr = (u8 *)session->data + 1 + 8;  in fils_decrypt_assoc_resp()
296 	/* AES-SIV AAD vectors */  in fils_decrypt_assoc_resp()
299 	addr[0] = mgmt->sa;  in fils_decrypt_assoc_resp()
302 	addr[1] = mgmt->da;  in fils_decrypt_assoc_resp()
305 	addr[2] = &assoc_data->fils_nonces[FILS_NONCE_LEN];  in fils_decrypt_assoc_resp()
308 	addr[3] = assoc_data->fils_nonces;  in fils_decrypt_assoc_resp()
314 	len[4] = encr - capab;  in fils_decrypt_assoc_resp()
316 	crypt_len = frame + *frame_len - encr;  in fils_decrypt_assoc_resp()
319 …"Not enough room for AES-SIV data after FILS Session element in (Re)Association Response frame fro…  in fils_decrypt_assoc_resp()
320 			 mgmt->sa);  in fils_decrypt_assoc_resp()
321 		return -EINVAL;  in fils_decrypt_assoc_resp()
323 	res = aes_siv_decrypt(assoc_data->fils_kek, assoc_data->fils_kek_len,  in fils_decrypt_assoc_resp()
327 			 "AES-SIV decryption of (Re)Association Response frame from %pM failed",  in fils_decrypt_assoc_resp()
328 			 mgmt->sa);  in fils_decrypt_assoc_resp()
331 	*frame_len -= AES_BLOCK_SIZE;  in fils_decrypt_assoc_resp()