linux/net/wireless/lib80211_crypt_tkip.c
<<
>>
Prefs
   1// SPDX-License-Identifier: GPL-2.0-only
   2/*
   3 * lib80211 crypt: host-based TKIP encryption implementation for lib80211
   4 *
   5 * Copyright (c) 2003-2004, Jouni Malinen <j@w1.fi>
   6 * Copyright (c) 2008, John W. Linville <linville@tuxdriver.com>
   7 */
   8
   9#define pr_fmt(fmt) KBUILD_MODNAME ": " fmt
  10
  11#include <linux/err.h>
  12#include <linux/fips.h>
  13#include <linux/module.h>
  14#include <linux/init.h>
  15#include <linux/slab.h>
  16#include <linux/random.h>
  17#include <linux/scatterlist.h>
  18#include <linux/skbuff.h>
  19#include <linux/netdevice.h>
  20#include <linux/mm.h>
  21#include <linux/if_ether.h>
  22#include <linux/if_arp.h>
  23#include <asm/string.h>
  24
  25#include <linux/wireless.h>
  26#include <linux/ieee80211.h>
  27#include <net/iw_handler.h>
  28
  29#include <crypto/arc4.h>
  30#include <crypto/hash.h>
  31#include <linux/crypto.h>
  32#include <linux/crc32.h>
  33
  34#include <net/lib80211.h>
  35
  36MODULE_AUTHOR("Jouni Malinen");
  37MODULE_DESCRIPTION("lib80211 crypt: TKIP");
  38MODULE_LICENSE("GPL");
  39
  40#define TKIP_HDR_LEN 8
  41
  42struct lib80211_tkip_data {
  43#define TKIP_KEY_LEN 32
  44        u8 key[TKIP_KEY_LEN];
  45        int key_set;
  46
  47        u32 tx_iv32;
  48        u16 tx_iv16;
  49        u16 tx_ttak[5];
  50        int tx_phase1_done;
  51
  52        u32 rx_iv32;
  53        u16 rx_iv16;
  54        u16 rx_ttak[5];
  55        int rx_phase1_done;
  56        u32 rx_iv32_new;
  57        u16 rx_iv16_new;
  58
  59        u32 dot11RSNAStatsTKIPReplays;
  60        u32 dot11RSNAStatsTKIPICVErrors;
  61        u32 dot11RSNAStatsTKIPLocalMICFailures;
  62
  63        int key_idx;
  64
  65        struct arc4_ctx rx_ctx_arc4;
  66        struct arc4_ctx tx_ctx_arc4;
  67        struct crypto_shash *rx_tfm_michael;
  68        struct crypto_shash *tx_tfm_michael;
  69
  70        /* scratch buffers for virt_to_page() (crypto API) */
  71        u8 rx_hdr[16], tx_hdr[16];
  72
  73        unsigned long flags;
  74};
  75
  76static unsigned long lib80211_tkip_set_flags(unsigned long flags, void *priv)
  77{
  78        struct lib80211_tkip_data *_priv = priv;
  79        unsigned long old_flags = _priv->flags;
  80        _priv->flags = flags;
  81        return old_flags;
  82}
  83
  84static unsigned long lib80211_tkip_get_flags(void *priv)
  85{
  86        struct lib80211_tkip_data *_priv = priv;
  87        return _priv->flags;
  88}
  89
  90static void *lib80211_tkip_init(int key_idx)
  91{
  92        struct lib80211_tkip_data *priv;
  93
  94        if (fips_enabled)
  95                return NULL;
  96
  97        priv = kzalloc(sizeof(*priv), GFP_ATOMIC);
  98        if (priv == NULL)
  99                goto fail;
 100
 101        priv->key_idx = key_idx;
 102
 103        priv->tx_tfm_michael = crypto_alloc_shash("michael_mic", 0, 0);
 104        if (IS_ERR(priv->tx_tfm_michael)) {
 105                priv->tx_tfm_michael = NULL;
 106                goto fail;
 107        }
 108
 109        priv->rx_tfm_michael = crypto_alloc_shash("michael_mic", 0, 0);
 110        if (IS_ERR(priv->rx_tfm_michael)) {
 111                priv->rx_tfm_michael = NULL;
 112                goto fail;
 113        }
 114
 115        return priv;
 116
 117      fail:
 118        if (priv) {
 119                crypto_free_shash(priv->tx_tfm_michael);
 120                crypto_free_shash(priv->rx_tfm_michael);
 121                kfree(priv);
 122        }
 123
 124        return NULL;
 125}
 126
 127static void lib80211_tkip_deinit(void *priv)
 128{
 129        struct lib80211_tkip_data *_priv = priv;
 130        if (_priv) {
 131                crypto_free_shash(_priv->tx_tfm_michael);
 132                crypto_free_shash(_priv->rx_tfm_michael);
 133        }
 134        kfree_sensitive(priv);
 135}
 136
 137static inline u16 RotR1(u16 val)
 138{
 139        return (val >> 1) | (val << 15);
 140}
 141
 142static inline u8 Lo8(u16 val)
 143{
 144        return val & 0xff;
 145}
 146
 147static inline u8 Hi8(u16 val)
 148{
 149        return val >> 8;
 150}
 151
 152static inline u16 Lo16(u32 val)
 153{
 154        return val & 0xffff;
 155}
 156
 157static inline u16 Hi16(u32 val)
 158{
 159        return val >> 16;
 160}
 161
 162static inline u16 Mk16(u8 hi, u8 lo)
 163{
 164        return lo | (((u16) hi) << 8);
 165}
 166
 167static inline u16 Mk16_le(__le16 * v)
 168{
 169        return le16_to_cpu(*v);
 170}
 171
 172static const u16 Sbox[256] = {
 173        0xC6A5, 0xF884, 0xEE99, 0xF68D, 0xFF0D, 0xD6BD, 0xDEB1, 0x9154,
 174        0x6050, 0x0203, 0xCEA9, 0x567D, 0xE719, 0xB562, 0x4DE6, 0xEC9A,
 175        0x8F45, 0x1F9D, 0x8940, 0xFA87, 0xEF15, 0xB2EB, 0x8EC9, 0xFB0B,
 176        0x41EC, 0xB367, 0x5FFD, 0x45EA, 0x23BF, 0x53F7, 0xE496, 0x9B5B,
 177        0x75C2, 0xE11C, 0x3DAE, 0x4C6A, 0x6C5A, 0x7E41, 0xF502, 0x834F,
 178        0x685C, 0x51F4, 0xD134, 0xF908, 0xE293, 0xAB73, 0x6253, 0x2A3F,
 179        0x080C, 0x9552, 0x4665, 0x9D5E, 0x3028, 0x37A1, 0x0A0F, 0x2FB5,
 180        0x0E09, 0x2436, 0x1B9B, 0xDF3D, 0xCD26, 0x4E69, 0x7FCD, 0xEA9F,
 181        0x121B, 0x1D9E, 0x5874, 0x342E, 0x362D, 0xDCB2, 0xB4EE, 0x5BFB,
 182        0xA4F6, 0x764D, 0xB761, 0x7DCE, 0x527B, 0xDD3E, 0x5E71, 0x1397,
 183        0xA6F5, 0xB968, 0x0000, 0xC12C, 0x4060, 0xE31F, 0x79C8, 0xB6ED,
 184        0xD4BE, 0x8D46, 0x67D9, 0x724B, 0x94DE, 0x98D4, 0xB0E8, 0x854A,
 185        0xBB6B, 0xC52A, 0x4FE5, 0xED16, 0x86C5, 0x9AD7, 0x6655, 0x1194,
 186        0x8ACF, 0xE910, 0x0406, 0xFE81, 0xA0F0, 0x7844, 0x25BA, 0x4BE3,
 187        0xA2F3, 0x5DFE, 0x80C0, 0x058A, 0x3FAD, 0x21BC, 0x7048, 0xF104,
 188        0x63DF, 0x77C1, 0xAF75, 0x4263, 0x2030, 0xE51A, 0xFD0E, 0xBF6D,
 189        0x814C, 0x1814, 0x2635, 0xC32F, 0xBEE1, 0x35A2, 0x88CC, 0x2E39,
 190        0x9357, 0x55F2, 0xFC82, 0x7A47, 0xC8AC, 0xBAE7, 0x322B, 0xE695,
 191        0xC0A0, 0x1998, 0x9ED1, 0xA37F, 0x4466, 0x547E, 0x3BAB, 0x0B83,
 192        0x8CCA, 0xC729, 0x6BD3, 0x283C, 0xA779, 0xBCE2, 0x161D, 0xAD76,
 193        0xDB3B, 0x6456, 0x744E, 0x141E, 0x92DB, 0x0C0A, 0x486C, 0xB8E4,
 194        0x9F5D, 0xBD6E, 0x43EF, 0xC4A6, 0x39A8, 0x31A4, 0xD337, 0xF28B,
 195        0xD532, 0x8B43, 0x6E59, 0xDAB7, 0x018C, 0xB164, 0x9CD2, 0x49E0,
 196        0xD8B4, 0xACFA, 0xF307, 0xCF25, 0xCAAF, 0xF48E, 0x47E9, 0x1018,
 197        0x6FD5, 0xF088, 0x4A6F, 0x5C72, 0x3824, 0x57F1, 0x73C7, 0x9751,
 198        0xCB23, 0xA17C, 0xE89C, 0x3E21, 0x96DD, 0x61DC, 0x0D86, 0x0F85,
 199        0xE090, 0x7C42, 0x71C4, 0xCCAA, 0x90D8, 0x0605, 0xF701, 0x1C12,
 200        0xC2A3, 0x6A5F, 0xAEF9, 0x69D0, 0x1791, 0x9958, 0x3A27, 0x27B9,
 201        0xD938, 0xEB13, 0x2BB3, 0x2233, 0xD2BB, 0xA970, 0x0789, 0x33A7,
 202        0x2DB6, 0x3C22, 0x1592, 0xC920, 0x8749, 0xAAFF, 0x5078, 0xA57A,
 203        0x038F, 0x59F8, 0x0980, 0x1A17, 0x65DA, 0xD731, 0x84C6, 0xD0B8,
 204        0x82C3, 0x29B0, 0x5A77, 0x1E11, 0x7BCB, 0xA8FC, 0x6DD6, 0x2C3A,
 205};
 206
 207static inline u16 _S_(u16 v)
 208{
 209        u16 t = Sbox[Hi8(v)];
 210        return Sbox[Lo8(v)] ^ ((t << 8) | (t >> 8));
 211}
 212
 213#define PHASE1_LOOP_COUNT 8
 214
 215static void tkip_mixing_phase1(u16 * TTAK, const u8 * TK, const u8 * TA,
 216                               u32 IV32)
 217{
 218        int i, j;
 219
 220        /* Initialize the 80-bit TTAK from TSC (IV32) and TA[0..5] */
 221        TTAK[0] = Lo16(IV32);
 222        TTAK[1] = Hi16(IV32);
 223        TTAK[2] = Mk16(TA[1], TA[0]);
 224        TTAK[3] = Mk16(TA[3], TA[2]);
 225        TTAK[4] = Mk16(TA[5], TA[4]);
 226
 227        for (i = 0; i < PHASE1_LOOP_COUNT; i++) {
 228                j = 2 * (i & 1);
 229                TTAK[0] += _S_(TTAK[4] ^ Mk16(TK[1 + j], TK[0 + j]));
 230                TTAK[1] += _S_(TTAK[0] ^ Mk16(TK[5 + j], TK[4 + j]));
 231                TTAK[2] += _S_(TTAK[1] ^ Mk16(TK[9 + j], TK[8 + j]));
 232                TTAK[3] += _S_(TTAK[2] ^ Mk16(TK[13 + j], TK[12 + j]));
 233                TTAK[4] += _S_(TTAK[3] ^ Mk16(TK[1 + j], TK[0 + j])) + i;
 234        }
 235}
 236
 237static void tkip_mixing_phase2(u8 * WEPSeed, const u8 * TK, const u16 * TTAK,
 238                               u16 IV16)
 239{
 240        /* Make temporary area overlap WEP seed so that the final copy can be
 241         * avoided on little endian hosts. */
 242        u16 *PPK = (u16 *) & WEPSeed[4];
 243
 244        /* Step 1 - make copy of TTAK and bring in TSC */
 245        PPK[0] = TTAK[0];
 246        PPK[1] = TTAK[1];
 247        PPK[2] = TTAK[2];
 248        PPK[3] = TTAK[3];
 249        PPK[4] = TTAK[4];
 250        PPK[5] = TTAK[4] + IV16;
 251
 252        /* Step 2 - 96-bit bijective mixing using S-box */
 253        PPK[0] += _S_(PPK[5] ^ Mk16_le((__le16 *) & TK[0]));
 254        PPK[1] += _S_(PPK[0] ^ Mk16_le((__le16 *) & TK[2]));
 255        PPK[2] += _S_(PPK[1] ^ Mk16_le((__le16 *) & TK[4]));
 256        PPK[3] += _S_(PPK[2] ^ Mk16_le((__le16 *) & TK[6]));
 257        PPK[4] += _S_(PPK[3] ^ Mk16_le((__le16 *) & TK[8]));
 258        PPK[5] += _S_(PPK[4] ^ Mk16_le((__le16 *) & TK[10]));
 259
 260        PPK[0] += RotR1(PPK[5] ^ Mk16_le((__le16 *) & TK[12]));
 261        PPK[1] += RotR1(PPK[0] ^ Mk16_le((__le16 *) & TK[14]));
 262        PPK[2] += RotR1(PPK[1]);
 263        PPK[3] += RotR1(PPK[2]);
 264        PPK[4] += RotR1(PPK[3]);
 265        PPK[5] += RotR1(PPK[4]);
 266
 267        /* Step 3 - bring in last of TK bits, assign 24-bit WEP IV value
 268         * WEPSeed[0..2] is transmitted as WEP IV */
 269        WEPSeed[0] = Hi8(IV16);
 270        WEPSeed[1] = (Hi8(IV16) | 0x20) & 0x7F;
 271        WEPSeed[2] = Lo8(IV16);
 272        WEPSeed[3] = Lo8((PPK[5] ^ Mk16_le((__le16 *) & TK[0])) >> 1);
 273
 274#ifdef __BIG_ENDIAN
 275        {
 276                int i;
 277                for (i = 0; i < 6; i++)
 278                        PPK[i] = (PPK[i] << 8) | (PPK[i] >> 8);
 279        }
 280#endif
 281}
 282
 283static int lib80211_tkip_hdr(struct sk_buff *skb, int hdr_len,
 284                              u8 * rc4key, int keylen, void *priv)
 285{
 286        struct lib80211_tkip_data *tkey = priv;
 287        u8 *pos;
 288        struct ieee80211_hdr *hdr;
 289
 290        hdr = (struct ieee80211_hdr *)skb->data;
 291
 292        if (skb_headroom(skb) < TKIP_HDR_LEN || skb->len < hdr_len)
 293                return -1;
 294
 295        if (rc4key == NULL || keylen < 16)
 296                return -1;
 297
 298        if (!tkey->tx_phase1_done) {
 299                tkip_mixing_phase1(tkey->tx_ttak, tkey->key, hdr->addr2,
 300                                   tkey->tx_iv32);
 301                tkey->tx_phase1_done = 1;
 302        }
 303        tkip_mixing_phase2(rc4key, tkey->key, tkey->tx_ttak, tkey->tx_iv16);
 304
 305        pos = skb_push(skb, TKIP_HDR_LEN);
 306        memmove(pos, pos + TKIP_HDR_LEN, hdr_len);
 307        pos += hdr_len;
 308
 309        *pos++ = *rc4key;
 310        *pos++ = *(rc4key + 1);
 311        *pos++ = *(rc4key + 2);
 312        *pos++ = (tkey->key_idx << 6) | (1 << 5) /* Ext IV included */ ;
 313        *pos++ = tkey->tx_iv32 & 0xff;
 314        *pos++ = (tkey->tx_iv32 >> 8) & 0xff;
 315        *pos++ = (tkey->tx_iv32 >> 16) & 0xff;
 316        *pos++ = (tkey->tx_iv32 >> 24) & 0xff;
 317
 318        tkey->tx_iv16++;
 319        if (tkey->tx_iv16 == 0) {
 320                tkey->tx_phase1_done = 0;
 321                tkey->tx_iv32++;
 322        }
 323
 324        return TKIP_HDR_LEN;
 325}
 326
 327static int lib80211_tkip_encrypt(struct sk_buff *skb, int hdr_len, void *priv)
 328{
 329        struct lib80211_tkip_data *tkey = priv;
 330        int len;
 331        u8 rc4key[16], *pos, *icv;
 332        u32 crc;
 333
 334        if (tkey->flags & IEEE80211_CRYPTO_TKIP_COUNTERMEASURES) {
 335                struct ieee80211_hdr *hdr = (struct ieee80211_hdr *)skb->data;
 336                net_dbg_ratelimited("TKIP countermeasures: dropped TX packet to %pM\n",
 337                                    hdr->addr1);
 338                return -1;
 339        }
 340
 341        if (skb_tailroom(skb) < 4 || skb->len < hdr_len)
 342                return -1;
 343
 344        len = skb->len - hdr_len;
 345        pos = skb->data + hdr_len;
 346
 347        if ((lib80211_tkip_hdr(skb, hdr_len, rc4key, 16, priv)) < 0)
 348                return -1;
 349
 350        crc = ~crc32_le(~0, pos, len);
 351        icv = skb_put(skb, 4);
 352        icv[0] = crc;
 353        icv[1] = crc >> 8;
 354        icv[2] = crc >> 16;
 355        icv[3] = crc >> 24;
 356
 357        arc4_setkey(&tkey->tx_ctx_arc4, rc4key, 16);
 358        arc4_crypt(&tkey->tx_ctx_arc4, pos, pos, len + 4);
 359
 360        return 0;
 361}
 362
 363/*
 364 * deal with seq counter wrapping correctly.
 365 * refer to timer_after() for jiffies wrapping handling
 366 */
 367static inline int tkip_replay_check(u32 iv32_n, u16 iv16_n,
 368                                    u32 iv32_o, u16 iv16_o)
 369{
 370        if ((s32)iv32_n - (s32)iv32_o < 0 ||
 371            (iv32_n == iv32_o && iv16_n <= iv16_o))
 372                return 1;
 373        return 0;
 374}
 375
 376static int lib80211_tkip_decrypt(struct sk_buff *skb, int hdr_len, void *priv)
 377{
 378        struct lib80211_tkip_data *tkey = priv;
 379        u8 rc4key[16];
 380        u8 keyidx, *pos;
 381        u32 iv32;
 382        u16 iv16;
 383        struct ieee80211_hdr *hdr;
 384        u8 icv[4];
 385        u32 crc;
 386        int plen;
 387
 388        hdr = (struct ieee80211_hdr *)skb->data;
 389
 390        if (tkey->flags & IEEE80211_CRYPTO_TKIP_COUNTERMEASURES) {
 391                net_dbg_ratelimited("TKIP countermeasures: dropped received packet from %pM\n",
 392                                    hdr->addr2);
 393                return -1;
 394        }
 395
 396        if (skb->len < hdr_len + TKIP_HDR_LEN + 4)
 397                return -1;
 398
 399        pos = skb->data + hdr_len;
 400        keyidx = pos[3];
 401        if (!(keyidx & (1 << 5))) {
 402                net_dbg_ratelimited("TKIP: received packet without ExtIV flag from %pM\n",
 403                                    hdr->addr2);
 404                return -2;
 405        }
 406        keyidx >>= 6;
 407        if (tkey->key_idx != keyidx) {
 408                net_dbg_ratelimited("TKIP: RX tkey->key_idx=%d frame keyidx=%d\n",
 409                                    tkey->key_idx, keyidx);
 410                return -6;
 411        }
 412        if (!tkey->key_set) {
 413                net_dbg_ratelimited("TKIP: received packet from %pM with keyid=%d that does not have a configured key\n",
 414                                    hdr->addr2, keyidx);
 415                return -3;
 416        }
 417        iv16 = (pos[0] << 8) | pos[2];
 418        iv32 = pos[4] | (pos[5] << 8) | (pos[6] << 16) | (pos[7] << 24);
 419        pos += TKIP_HDR_LEN;
 420
 421        if (tkip_replay_check(iv32, iv16, tkey->rx_iv32, tkey->rx_iv16)) {
 422#ifdef CONFIG_LIB80211_DEBUG
 423                net_dbg_ratelimited("TKIP: replay detected: STA=%pM previous TSC %08x%04x received TSC %08x%04x\n",
 424                                    hdr->addr2, tkey->rx_iv32, tkey->rx_iv16,
 425                                    iv32, iv16);
 426#endif
 427                tkey->dot11RSNAStatsTKIPReplays++;
 428                return -4;
 429        }
 430
 431        if (iv32 != tkey->rx_iv32 || !tkey->rx_phase1_done) {
 432                tkip_mixing_phase1(tkey->rx_ttak, tkey->key, hdr->addr2, iv32);
 433                tkey->rx_phase1_done = 1;
 434        }
 435        tkip_mixing_phase2(rc4key, tkey->key, tkey->rx_ttak, iv16);
 436
 437        plen = skb->len - hdr_len - 12;
 438
 439        arc4_setkey(&tkey->rx_ctx_arc4, rc4key, 16);
 440        arc4_crypt(&tkey->rx_ctx_arc4, pos, pos, plen + 4);
 441
 442        crc = ~crc32_le(~0, pos, plen);
 443        icv[0] = crc;
 444        icv[1] = crc >> 8;
 445        icv[2] = crc >> 16;
 446        icv[3] = crc >> 24;
 447        if (memcmp(icv, pos + plen, 4) != 0) {
 448                if (iv32 != tkey->rx_iv32) {
 449                        /* Previously cached Phase1 result was already lost, so
 450                         * it needs to be recalculated for the next packet. */
 451                        tkey->rx_phase1_done = 0;
 452                }
 453#ifdef CONFIG_LIB80211_DEBUG
 454                net_dbg_ratelimited("TKIP: ICV error detected: STA=%pM\n",
 455                                    hdr->addr2);
 456#endif
 457                tkey->dot11RSNAStatsTKIPICVErrors++;
 458                return -5;
 459        }
 460
 461        /* Update real counters only after Michael MIC verification has
 462         * completed */
 463        tkey->rx_iv32_new = iv32;
 464        tkey->rx_iv16_new = iv16;
 465
 466        /* Remove IV and ICV */
 467        memmove(skb->data + TKIP_HDR_LEN, skb->data, hdr_len);
 468        skb_pull(skb, TKIP_HDR_LEN);
 469        skb_trim(skb, skb->len - 4);
 470
 471        return keyidx;
 472}
 473
 474static int michael_mic(struct crypto_shash *tfm_michael, u8 *key, u8 *hdr,
 475                       u8 *data, size_t data_len, u8 *mic)
 476{
 477        SHASH_DESC_ON_STACK(desc, tfm_michael);
 478        int err;
 479
 480        if (tfm_michael == NULL) {
 481                pr_warn("%s(): tfm_michael == NULL\n", __func__);
 482                return -1;
 483        }
 484
 485        desc->tfm = tfm_michael;
 486
 487        if (crypto_shash_setkey(tfm_michael, key, 8))
 488                return -1;
 489
 490        err = crypto_shash_init(desc);
 491        if (err)
 492                goto out;
 493        err = crypto_shash_update(desc, hdr, 16);
 494        if (err)
 495                goto out;
 496        err = crypto_shash_update(desc, data, data_len);
 497        if (err)
 498                goto out;
 499        err = crypto_shash_final(desc, mic);
 500
 501out:
 502        shash_desc_zero(desc);
 503        return err;
 504}
 505
 506static void michael_mic_hdr(struct sk_buff *skb, u8 * hdr)
 507{
 508        struct ieee80211_hdr *hdr11;
 509
 510        hdr11 = (struct ieee80211_hdr *)skb->data;
 511
 512        switch (le16_to_cpu(hdr11->frame_control) &
 513                (IEEE80211_FCTL_FROMDS | IEEE80211_FCTL_TODS)) {
 514        case IEEE80211_FCTL_TODS:
 515                memcpy(hdr, hdr11->addr3, ETH_ALEN);    /* DA */
 516                memcpy(hdr + ETH_ALEN, hdr11->addr2, ETH_ALEN); /* SA */
 517                break;
 518        case IEEE80211_FCTL_FROMDS:
 519                memcpy(hdr, hdr11->addr1, ETH_ALEN);    /* DA */
 520                memcpy(hdr + ETH_ALEN, hdr11->addr3, ETH_ALEN); /* SA */
 521                break;
 522        case IEEE80211_FCTL_FROMDS | IEEE80211_FCTL_TODS:
 523                memcpy(hdr, hdr11->addr3, ETH_ALEN);    /* DA */
 524                memcpy(hdr + ETH_ALEN, hdr11->addr4, ETH_ALEN); /* SA */
 525                break;
 526        default:
 527                memcpy(hdr, hdr11->addr1, ETH_ALEN);    /* DA */
 528                memcpy(hdr + ETH_ALEN, hdr11->addr2, ETH_ALEN); /* SA */
 529                break;
 530        }
 531
 532        if (ieee80211_is_data_qos(hdr11->frame_control)) {
 533                hdr[12] = le16_to_cpu(*((__le16 *)ieee80211_get_qos_ctl(hdr11)))
 534                        & IEEE80211_QOS_CTL_TID_MASK;
 535        } else
 536                hdr[12] = 0;            /* priority */
 537
 538        hdr[13] = hdr[14] = hdr[15] = 0;        /* reserved */
 539}
 540
 541static int lib80211_michael_mic_add(struct sk_buff *skb, int hdr_len,
 542                                     void *priv)
 543{
 544        struct lib80211_tkip_data *tkey = priv;
 545        u8 *pos;
 546
 547        if (skb_tailroom(skb) < 8 || skb->len < hdr_len) {
 548                printk(KERN_DEBUG "Invalid packet for Michael MIC add "
 549                       "(tailroom=%d hdr_len=%d skb->len=%d)\n",
 550                       skb_tailroom(skb), hdr_len, skb->len);
 551                return -1;
 552        }
 553
 554        michael_mic_hdr(skb, tkey->tx_hdr);
 555        pos = skb_put(skb, 8);
 556        if (michael_mic(tkey->tx_tfm_michael, &tkey->key[16], tkey->tx_hdr,
 557                        skb->data + hdr_len, skb->len - 8 - hdr_len, pos))
 558                return -1;
 559
 560        return 0;
 561}
 562
 563static void lib80211_michael_mic_failure(struct net_device *dev,
 564                                          struct ieee80211_hdr *hdr,
 565                                          int keyidx)
 566{
 567        union iwreq_data wrqu;
 568        struct iw_michaelmicfailure ev;
 569
 570        /* TODO: needed parameters: count, keyid, key type, TSC */
 571        memset(&ev, 0, sizeof(ev));
 572        ev.flags = keyidx & IW_MICFAILURE_KEY_ID;
 573        if (hdr->addr1[0] & 0x01)
 574                ev.flags |= IW_MICFAILURE_GROUP;
 575        else
 576                ev.flags |= IW_MICFAILURE_PAIRWISE;
 577        ev.src_addr.sa_family = ARPHRD_ETHER;
 578        memcpy(ev.src_addr.sa_data, hdr->addr2, ETH_ALEN);
 579        memset(&wrqu, 0, sizeof(wrqu));
 580        wrqu.data.length = sizeof(ev);
 581        wireless_send_event(dev, IWEVMICHAELMICFAILURE, &wrqu, (char *)&ev);
 582}
 583
 584static int lib80211_michael_mic_verify(struct sk_buff *skb, int keyidx,
 585                                        int hdr_len, void *priv)
 586{
 587        struct lib80211_tkip_data *tkey = priv;
 588        u8 mic[8];
 589
 590        if (!tkey->key_set)
 591                return -1;
 592
 593        michael_mic_hdr(skb, tkey->rx_hdr);
 594        if (michael_mic(tkey->rx_tfm_michael, &tkey->key[24], tkey->rx_hdr,
 595                        skb->data + hdr_len, skb->len - 8 - hdr_len, mic))
 596                return -1;
 597        if (memcmp(mic, skb->data + skb->len - 8, 8) != 0) {
 598                struct ieee80211_hdr *hdr;
 599                hdr = (struct ieee80211_hdr *)skb->data;
 600                printk(KERN_DEBUG "%s: Michael MIC verification failed for "
 601                       "MSDU from %pM keyidx=%d\n",
 602                       skb->dev ? skb->dev->name : "N/A", hdr->addr2,
 603                       keyidx);
 604                if (skb->dev)
 605                        lib80211_michael_mic_failure(skb->dev, hdr, keyidx);
 606                tkey->dot11RSNAStatsTKIPLocalMICFailures++;
 607                return -1;
 608        }
 609
 610        /* Update TSC counters for RX now that the packet verification has
 611         * completed. */
 612        tkey->rx_iv32 = tkey->rx_iv32_new;
 613        tkey->rx_iv16 = tkey->rx_iv16_new;
 614
 615        skb_trim(skb, skb->len - 8);
 616
 617        return 0;
 618}
 619
 620static int lib80211_tkip_set_key(void *key, int len, u8 * seq, void *priv)
 621{
 622        struct lib80211_tkip_data *tkey = priv;
 623        int keyidx;
 624        struct crypto_shash *tfm = tkey->tx_tfm_michael;
 625        struct arc4_ctx *tfm2 = &tkey->tx_ctx_arc4;
 626        struct crypto_shash *tfm3 = tkey->rx_tfm_michael;
 627        struct arc4_ctx *tfm4 = &tkey->rx_ctx_arc4;
 628
 629        keyidx = tkey->key_idx;
 630        memset(tkey, 0, sizeof(*tkey));
 631        tkey->key_idx = keyidx;
 632        tkey->tx_tfm_michael = tfm;
 633        tkey->tx_ctx_arc4 = *tfm2;
 634        tkey->rx_tfm_michael = tfm3;
 635        tkey->rx_ctx_arc4 = *tfm4;
 636        if (len == TKIP_KEY_LEN) {
 637                memcpy(tkey->key, key, TKIP_KEY_LEN);
 638                tkey->key_set = 1;
 639                tkey->tx_iv16 = 1;      /* TSC is initialized to 1 */
 640                if (seq) {
 641                        tkey->rx_iv32 = (seq[5] << 24) | (seq[4] << 16) |
 642                            (seq[3] << 8) | seq[2];
 643                        tkey->rx_iv16 = (seq[1] << 8) | seq[0];
 644                }
 645        } else if (len == 0)
 646                tkey->key_set = 0;
 647        else
 648                return -1;
 649
 650        return 0;
 651}
 652
 653static int lib80211_tkip_get_key(void *key, int len, u8 * seq, void *priv)
 654{
 655        struct lib80211_tkip_data *tkey = priv;
 656
 657        if (len < TKIP_KEY_LEN)
 658                return -1;
 659
 660        if (!tkey->key_set)
 661                return 0;
 662        memcpy(key, tkey->key, TKIP_KEY_LEN);
 663
 664        if (seq) {
 665                /* Return the sequence number of the last transmitted frame. */
 666                u16 iv16 = tkey->tx_iv16;
 667                u32 iv32 = tkey->tx_iv32;
 668                if (iv16 == 0)
 669                        iv32--;
 670                iv16--;
 671                seq[0] = tkey->tx_iv16;
 672                seq[1] = tkey->tx_iv16 >> 8;
 673                seq[2] = tkey->tx_iv32;
 674                seq[3] = tkey->tx_iv32 >> 8;
 675                seq[4] = tkey->tx_iv32 >> 16;
 676                seq[5] = tkey->tx_iv32 >> 24;
 677        }
 678
 679        return TKIP_KEY_LEN;
 680}
 681
 682static void lib80211_tkip_print_stats(struct seq_file *m, void *priv)
 683{
 684        struct lib80211_tkip_data *tkip = priv;
 685        seq_printf(m,
 686                   "key[%d] alg=TKIP key_set=%d "
 687                   "tx_pn=%02x%02x%02x%02x%02x%02x "
 688                   "rx_pn=%02x%02x%02x%02x%02x%02x "
 689                   "replays=%d icv_errors=%d local_mic_failures=%d\n",
 690                   tkip->key_idx, tkip->key_set,
 691                   (tkip->tx_iv32 >> 24) & 0xff,
 692                   (tkip->tx_iv32 >> 16) & 0xff,
 693                   (tkip->tx_iv32 >> 8) & 0xff,
 694                   tkip->tx_iv32 & 0xff,
 695                   (tkip->tx_iv16 >> 8) & 0xff,
 696                   tkip->tx_iv16 & 0xff,
 697                   (tkip->rx_iv32 >> 24) & 0xff,
 698                   (tkip->rx_iv32 >> 16) & 0xff,
 699                   (tkip->rx_iv32 >> 8) & 0xff,
 700                   tkip->rx_iv32 & 0xff,
 701                   (tkip->rx_iv16 >> 8) & 0xff,
 702                   tkip->rx_iv16 & 0xff,
 703                   tkip->dot11RSNAStatsTKIPReplays,
 704                   tkip->dot11RSNAStatsTKIPICVErrors,
 705                   tkip->dot11RSNAStatsTKIPLocalMICFailures);
 706}
 707
 708static struct lib80211_crypto_ops lib80211_crypt_tkip = {
 709        .name = "TKIP",
 710        .init = lib80211_tkip_init,
 711        .deinit = lib80211_tkip_deinit,
 712        .encrypt_mpdu = lib80211_tkip_encrypt,
 713        .decrypt_mpdu = lib80211_tkip_decrypt,
 714        .encrypt_msdu = lib80211_michael_mic_add,
 715        .decrypt_msdu = lib80211_michael_mic_verify,
 716        .set_key = lib80211_tkip_set_key,
 717        .get_key = lib80211_tkip_get_key,
 718        .print_stats = lib80211_tkip_print_stats,
 719        .extra_mpdu_prefix_len = 4 + 4, /* IV + ExtIV */
 720        .extra_mpdu_postfix_len = 4,    /* ICV */
 721        .extra_msdu_postfix_len = 8,    /* MIC */
 722        .get_flags = lib80211_tkip_get_flags,
 723        .set_flags = lib80211_tkip_set_flags,
 724        .owner = THIS_MODULE,
 725};
 726
 727static int __init lib80211_crypto_tkip_init(void)
 728{
 729        return lib80211_register_crypto_ops(&lib80211_crypt_tkip);
 730}
 731
 732static void __exit lib80211_crypto_tkip_exit(void)
 733{
 734        lib80211_unregister_crypto_ops(&lib80211_crypt_tkip);
 735}
 736
 737module_init(lib80211_crypto_tkip_init);
 738module_exit(lib80211_crypto_tkip_exit);
 739