1
2
3
4
5
6
7
8
9
10
11
12
13#include <linux/module.h>
14#include <linux/init.h>
15#include <linux/slab.h>
16#include <linux/random.h>
17#include <linux/skbuff.h>
18#include <linux/netdevice.h>
19#include <linux/if_ether.h>
20#include <linux/if_arp.h>
21#include <asm/string.h>
22
23#include "ieee80211.h"
24
25
26#include <linux/crypto.h>
27#include <linux/scatterlist.h>
28
29#include <linux/crc32.h>
30
31MODULE_AUTHOR("Jouni Malinen");
32MODULE_DESCRIPTION("Host AP crypt: TKIP");
33MODULE_LICENSE("GPL");
34
35#ifndef OPENSUSE_SLED
36#define OPENSUSE_SLED 0
37#endif
38
39struct ieee80211_tkip_data {
40#define TKIP_KEY_LEN 32
41 u8 key[TKIP_KEY_LEN];
42 int key_set;
43
44 u32 tx_iv32;
45 u16 tx_iv16;
46 u16 tx_ttak[5];
47 int tx_phase1_done;
48
49 u32 rx_iv32;
50 u16 rx_iv16;
51 u16 rx_ttak[5];
52 int rx_phase1_done;
53 u32 rx_iv32_new;
54 u16 rx_iv16_new;
55
56 u32 dot11RSNAStatsTKIPReplays;
57 u32 dot11RSNAStatsTKIPICVErrors;
58 u32 dot11RSNAStatsTKIPLocalMICFailures;
59
60 int key_idx;
61 struct crypto_blkcipher *rx_tfm_arc4;
62 struct crypto_hash *rx_tfm_michael;
63 struct crypto_blkcipher *tx_tfm_arc4;
64 struct crypto_hash *tx_tfm_michael;
65
66 u8 rx_hdr[16], tx_hdr[16];
67};
68
69static void * ieee80211_tkip_init(int key_idx)
70{
71 struct ieee80211_tkip_data *priv;
72
73 priv = kzalloc(sizeof(*priv), GFP_ATOMIC);
74 if (priv == NULL)
75 goto fail;
76 priv->key_idx = key_idx;
77 priv->tx_tfm_arc4 = crypto_alloc_blkcipher("ecb(arc4)", 0,
78 CRYPTO_ALG_ASYNC);
79 if (IS_ERR(priv->tx_tfm_arc4)) {
80 printk(KERN_DEBUG "ieee80211_crypt_tkip: could not allocate "
81 "crypto API arc4\n");
82 priv->tx_tfm_arc4 = NULL;
83 goto fail;
84 }
85
86 priv->tx_tfm_michael = crypto_alloc_hash("michael_mic", 0,
87 CRYPTO_ALG_ASYNC);
88 if (IS_ERR(priv->tx_tfm_michael)) {
89 printk(KERN_DEBUG "ieee80211_crypt_tkip: could not allocate "
90 "crypto API michael_mic\n");
91 priv->tx_tfm_michael = NULL;
92 goto fail;
93 }
94
95 priv->rx_tfm_arc4 = crypto_alloc_blkcipher("ecb(arc4)", 0,
96 CRYPTO_ALG_ASYNC);
97 if (IS_ERR(priv->rx_tfm_arc4)) {
98 printk(KERN_DEBUG "ieee80211_crypt_tkip: could not allocate "
99 "crypto API arc4\n");
100 priv->rx_tfm_arc4 = NULL;
101 goto fail;
102 }
103
104 priv->rx_tfm_michael = crypto_alloc_hash("michael_mic", 0,
105 CRYPTO_ALG_ASYNC);
106 if (IS_ERR(priv->rx_tfm_michael)) {
107 printk(KERN_DEBUG "ieee80211_crypt_tkip: could not allocate "
108 "crypto API michael_mic\n");
109 priv->rx_tfm_michael = NULL;
110 goto fail;
111 }
112 return priv;
113
114fail:
115 if (priv) {
116 if (priv->tx_tfm_michael)
117 crypto_free_hash(priv->tx_tfm_michael);
118 if (priv->tx_tfm_arc4)
119 crypto_free_blkcipher(priv->tx_tfm_arc4);
120 if (priv->rx_tfm_michael)
121 crypto_free_hash(priv->rx_tfm_michael);
122 if (priv->rx_tfm_arc4)
123 crypto_free_blkcipher(priv->rx_tfm_arc4);
124 kfree(priv);
125 }
126
127 return NULL;
128}
129
130
131static void ieee80211_tkip_deinit(void *priv)
132{
133 struct ieee80211_tkip_data *_priv = priv;
134 if (_priv) {
135 if (_priv->tx_tfm_michael)
136 crypto_free_hash(_priv->tx_tfm_michael);
137 if (_priv->tx_tfm_arc4)
138 crypto_free_blkcipher(_priv->tx_tfm_arc4);
139 if (_priv->rx_tfm_michael)
140 crypto_free_hash(_priv->rx_tfm_michael);
141 if (_priv->rx_tfm_arc4)
142 crypto_free_blkcipher(_priv->rx_tfm_arc4);
143 }
144 kfree(priv);
145}
146
147
148static inline u16 RotR1(u16 val)
149{
150 return (val >> 1) | (val << 15);
151}
152
153
154static inline u8 Lo8(u16 val)
155{
156 return val & 0xff;
157}
158
159
160static inline u8 Hi8(u16 val)
161{
162 return val >> 8;
163}
164
165
166static inline u16 Lo16(u32 val)
167{
168 return val & 0xffff;
169}
170
171
172static inline u16 Hi16(u32 val)
173{
174 return val >> 16;
175}
176
177
178static inline u16 Mk16(u8 hi, u8 lo)
179{
180 return lo | (((u16) hi) << 8);
181}
182
183
184static inline u16 Mk16_le(u16 *v)
185{
186 return le16_to_cpu(*v);
187}
188
189
190static const u16 Sbox[256] =
191{
192 0xC6A5, 0xF884, 0xEE99, 0xF68D, 0xFF0D, 0xD6BD, 0xDEB1, 0x9154,
193 0x6050, 0x0203, 0xCEA9, 0x567D, 0xE719, 0xB562, 0x4DE6, 0xEC9A,
194 0x8F45, 0x1F9D, 0x8940, 0xFA87, 0xEF15, 0xB2EB, 0x8EC9, 0xFB0B,
195 0x41EC, 0xB367, 0x5FFD, 0x45EA, 0x23BF, 0x53F7, 0xE496, 0x9B5B,
196 0x75C2, 0xE11C, 0x3DAE, 0x4C6A, 0x6C5A, 0x7E41, 0xF502, 0x834F,
197 0x685C, 0x51F4, 0xD134, 0xF908, 0xE293, 0xAB73, 0x6253, 0x2A3F,
198 0x080C, 0x9552, 0x4665, 0x9D5E, 0x3028, 0x37A1, 0x0A0F, 0x2FB5,
199 0x0E09, 0x2436, 0x1B9B, 0xDF3D, 0xCD26, 0x4E69, 0x7FCD, 0xEA9F,
200 0x121B, 0x1D9E, 0x5874, 0x342E, 0x362D, 0xDCB2, 0xB4EE, 0x5BFB,
201 0xA4F6, 0x764D, 0xB761, 0x7DCE, 0x527B, 0xDD3E, 0x5E71, 0x1397,
202 0xA6F5, 0xB968, 0x0000, 0xC12C, 0x4060, 0xE31F, 0x79C8, 0xB6ED,
203 0xD4BE, 0x8D46, 0x67D9, 0x724B, 0x94DE, 0x98D4, 0xB0E8, 0x854A,
204 0xBB6B, 0xC52A, 0x4FE5, 0xED16, 0x86C5, 0x9AD7, 0x6655, 0x1194,
205 0x8ACF, 0xE910, 0x0406, 0xFE81, 0xA0F0, 0x7844, 0x25BA, 0x4BE3,
206 0xA2F3, 0x5DFE, 0x80C0, 0x058A, 0x3FAD, 0x21BC, 0x7048, 0xF104,
207 0x63DF, 0x77C1, 0xAF75, 0x4263, 0x2030, 0xE51A, 0xFD0E, 0xBF6D,
208 0x814C, 0x1814, 0x2635, 0xC32F, 0xBEE1, 0x35A2, 0x88CC, 0x2E39,
209 0x9357, 0x55F2, 0xFC82, 0x7A47, 0xC8AC, 0xBAE7, 0x322B, 0xE695,
210 0xC0A0, 0x1998, 0x9ED1, 0xA37F, 0x4466, 0x547E, 0x3BAB, 0x0B83,
211 0x8CCA, 0xC729, 0x6BD3, 0x283C, 0xA779, 0xBCE2, 0x161D, 0xAD76,
212 0xDB3B, 0x6456, 0x744E, 0x141E, 0x92DB, 0x0C0A, 0x486C, 0xB8E4,
213 0x9F5D, 0xBD6E, 0x43EF, 0xC4A6, 0x39A8, 0x31A4, 0xD337, 0xF28B,
214 0xD532, 0x8B43, 0x6E59, 0xDAB7, 0x018C, 0xB164, 0x9CD2, 0x49E0,
215 0xD8B4, 0xACFA, 0xF307, 0xCF25, 0xCAAF, 0xF48E, 0x47E9, 0x1018,
216 0x6FD5, 0xF088, 0x4A6F, 0x5C72, 0x3824, 0x57F1, 0x73C7, 0x9751,
217 0xCB23, 0xA17C, 0xE89C, 0x3E21, 0x96DD, 0x61DC, 0x0D86, 0x0F85,
218 0xE090, 0x7C42, 0x71C4, 0xCCAA, 0x90D8, 0x0605, 0xF701, 0x1C12,
219 0xC2A3, 0x6A5F, 0xAEF9, 0x69D0, 0x1791, 0x9958, 0x3A27, 0x27B9,
220 0xD938, 0xEB13, 0x2BB3, 0x2233, 0xD2BB, 0xA970, 0x0789, 0x33A7,
221 0x2DB6, 0x3C22, 0x1592, 0xC920, 0x8749, 0xAAFF, 0x5078, 0xA57A,
222 0x038F, 0x59F8, 0x0980, 0x1A17, 0x65DA, 0xD731, 0x84C6, 0xD0B8,
223 0x82C3, 0x29B0, 0x5A77, 0x1E11, 0x7BCB, 0xA8FC, 0x6DD6, 0x2C3A,
224};
225
226
227static inline u16 _S_(u16 v)
228{
229 u16 t = Sbox[Hi8(v)];
230 return Sbox[Lo8(v)] ^ ((t << 8) | (t >> 8));
231}
232
233
234#define PHASE1_LOOP_COUNT 8
235
236
237static void tkip_mixing_phase1(u16 *TTAK, const u8 *TK, const u8 *TA, u32 IV32)
238{
239 int i, j;
240
241
242 TTAK[0] = Lo16(IV32);
243 TTAK[1] = Hi16(IV32);
244 TTAK[2] = Mk16(TA[1], TA[0]);
245 TTAK[3] = Mk16(TA[3], TA[2]);
246 TTAK[4] = Mk16(TA[5], TA[4]);
247
248 for (i = 0; i < PHASE1_LOOP_COUNT; i++) {
249 j = 2 * (i & 1);
250 TTAK[0] += _S_(TTAK[4] ^ Mk16(TK[1 + j], TK[0 + j]));
251 TTAK[1] += _S_(TTAK[0] ^ Mk16(TK[5 + j], TK[4 + j]));
252 TTAK[2] += _S_(TTAK[1] ^ Mk16(TK[9 + j], TK[8 + j]));
253 TTAK[3] += _S_(TTAK[2] ^ Mk16(TK[13 + j], TK[12 + j]));
254 TTAK[4] += _S_(TTAK[3] ^ Mk16(TK[1 + j], TK[0 + j])) + i;
255 }
256}
257
258
259static void tkip_mixing_phase2(u8 *WEPSeed, const u8 *TK, const u16 *TTAK,
260 u16 IV16)
261{
262
263
264 u16 *PPK = (u16 *) &WEPSeed[4];
265
266
267 PPK[0] = TTAK[0];
268 PPK[1] = TTAK[1];
269 PPK[2] = TTAK[2];
270 PPK[3] = TTAK[3];
271 PPK[4] = TTAK[4];
272 PPK[5] = TTAK[4] + IV16;
273
274
275 PPK[0] += _S_(PPK[5] ^ Mk16_le((u16 *) &TK[0]));
276 PPK[1] += _S_(PPK[0] ^ Mk16_le((u16 *) &TK[2]));
277 PPK[2] += _S_(PPK[1] ^ Mk16_le((u16 *) &TK[4]));
278 PPK[3] += _S_(PPK[2] ^ Mk16_le((u16 *) &TK[6]));
279 PPK[4] += _S_(PPK[3] ^ Mk16_le((u16 *) &TK[8]));
280 PPK[5] += _S_(PPK[4] ^ Mk16_le((u16 *) &TK[10]));
281
282 PPK[0] += RotR1(PPK[5] ^ Mk16_le((u16 *) &TK[12]));
283 PPK[1] += RotR1(PPK[0] ^ Mk16_le((u16 *) &TK[14]));
284 PPK[2] += RotR1(PPK[1]);
285 PPK[3] += RotR1(PPK[2]);
286 PPK[4] += RotR1(PPK[3]);
287 PPK[5] += RotR1(PPK[4]);
288
289
290
291 WEPSeed[0] = Hi8(IV16);
292 WEPSeed[1] = (Hi8(IV16) | 0x20) & 0x7F;
293 WEPSeed[2] = Lo8(IV16);
294 WEPSeed[3] = Lo8((PPK[5] ^ Mk16_le((u16 *) &TK[0])) >> 1);
295
296#ifdef __BIG_ENDIAN
297 {
298 int i;
299 for (i = 0; i < 6; i++)
300 PPK[i] = (PPK[i] << 8) | (PPK[i] >> 8);
301 }
302#endif
303}
304
305
306static int ieee80211_tkip_encrypt(struct sk_buff *skb, int hdr_len, void *priv)
307{
308 struct ieee80211_tkip_data *tkey = priv;
309 int len;
310 u8 *pos;
311 struct ieee80211_hdr_4addr *hdr;
312 cb_desc *tcb_desc = (cb_desc *)(skb->cb + MAX_DEV_ADDR_SIZE);
313
314 struct blkcipher_desc desc = {.tfm = tkey->tx_tfm_arc4};
315 int ret = 0;
316 u8 rc4key[16], *icv;
317 u32 crc;
318 struct scatterlist sg;
319
320 if (skb_headroom(skb) < 8 || skb_tailroom(skb) < 4 ||
321 skb->len < hdr_len)
322 return -1;
323
324 hdr = (struct ieee80211_hdr_4addr *) skb->data;
325
326 if (!tcb_desc->bHwSec)
327 {
328 if (!tkey->tx_phase1_done) {
329 tkip_mixing_phase1(tkey->tx_ttak, tkey->key, hdr->addr2,
330 tkey->tx_iv32);
331 tkey->tx_phase1_done = 1;
332 }
333 tkip_mixing_phase2(rc4key, tkey->key, tkey->tx_ttak, tkey->tx_iv16);
334 }
335 else
336 tkey->tx_phase1_done = 1;
337
338
339 len = skb->len - hdr_len;
340 pos = skb_push(skb, 8);
341 memmove(pos, pos + 8, hdr_len);
342 pos += hdr_len;
343
344 if (tcb_desc->bHwSec)
345 {
346 *pos++ = Hi8(tkey->tx_iv16);
347 *pos++ = (Hi8(tkey->tx_iv16) | 0x20) & 0x7F;
348 *pos++ = Lo8(tkey->tx_iv16);
349 }
350 else
351 {
352 *pos++ = rc4key[0];
353 *pos++ = rc4key[1];
354 *pos++ = rc4key[2];
355 }
356
357 *pos++ = (tkey->key_idx << 6) | (1 << 5) ;
358 *pos++ = tkey->tx_iv32 & 0xff;
359 *pos++ = (tkey->tx_iv32 >> 8) & 0xff;
360 *pos++ = (tkey->tx_iv32 >> 16) & 0xff;
361 *pos++ = (tkey->tx_iv32 >> 24) & 0xff;
362
363 if (!tcb_desc->bHwSec)
364 {
365 icv = skb_put(skb, 4);
366 crc = ~crc32_le(~0, pos, len);
367 icv[0] = crc;
368 icv[1] = crc >> 8;
369 icv[2] = crc >> 16;
370 icv[3] = crc >> 24;
371 crypto_blkcipher_setkey(tkey->tx_tfm_arc4, rc4key, 16);
372 sg_init_one(&sg, pos, len+4);
373 ret= crypto_blkcipher_encrypt(&desc, &sg, &sg, len + 4);
374
375 }
376
377 tkey->tx_iv16++;
378 if (tkey->tx_iv16 == 0) {
379 tkey->tx_phase1_done = 0;
380 tkey->tx_iv32++;
381 }
382
383 if (!tcb_desc->bHwSec)
384 return ret;
385 else
386 return 0;
387
388
389}
390
391static int ieee80211_tkip_decrypt(struct sk_buff *skb, int hdr_len, void *priv)
392{
393 struct ieee80211_tkip_data *tkey = priv;
394 u8 keyidx, *pos;
395 u32 iv32;
396 u16 iv16;
397 struct ieee80211_hdr_4addr *hdr;
398 cb_desc *tcb_desc = (cb_desc *)(skb->cb + MAX_DEV_ADDR_SIZE);
399 struct blkcipher_desc desc = {.tfm = tkey->rx_tfm_arc4};
400 u8 rc4key[16];
401 u8 icv[4];
402 u32 crc;
403 struct scatterlist sg;
404 int plen;
405 if (skb->len < hdr_len + 8 + 4)
406 return -1;
407
408 hdr = (struct ieee80211_hdr_4addr *) skb->data;
409 pos = skb->data + hdr_len;
410 keyidx = pos[3];
411 if (!(keyidx & (1 << 5))) {
412 if (net_ratelimit()) {
413 printk(KERN_DEBUG "TKIP: received packet without ExtIV"
414 " flag from %pM\n", hdr->addr2);
415 }
416 return -2;
417 }
418 keyidx >>= 6;
419 if (tkey->key_idx != keyidx) {
420 printk(KERN_DEBUG "TKIP: RX tkey->key_idx=%d frame "
421 "keyidx=%d priv=%p\n", tkey->key_idx, keyidx, priv);
422 return -6;
423 }
424 if (!tkey->key_set) {
425 if (net_ratelimit()) {
426 printk(KERN_DEBUG "TKIP: received packet from %pM"
427 " with keyid=%d that does not have a configured"
428 " key\n", hdr->addr2, keyidx);
429 }
430 return -3;
431 }
432 iv16 = (pos[0] << 8) | pos[2];
433 iv32 = pos[4] | (pos[5] << 8) | (pos[6] << 16) | (pos[7] << 24);
434 pos += 8;
435
436 if (!tcb_desc->bHwSec)
437 {
438 if (iv32 < tkey->rx_iv32 ||
439 (iv32 == tkey->rx_iv32 && iv16 <= tkey->rx_iv16)) {
440 if (net_ratelimit()) {
441 printk(KERN_DEBUG "TKIP: replay detected: STA=%pM"
442 " previous TSC %08x%04x received TSC "
443 "%08x%04x\n", hdr->addr2,
444 tkey->rx_iv32, tkey->rx_iv16, iv32, iv16);
445 }
446 tkey->dot11RSNAStatsTKIPReplays++;
447 return -4;
448 }
449
450 if (iv32 != tkey->rx_iv32 || !tkey->rx_phase1_done) {
451 tkip_mixing_phase1(tkey->rx_ttak, tkey->key, hdr->addr2, iv32);
452 tkey->rx_phase1_done = 1;
453 }
454 tkip_mixing_phase2(rc4key, tkey->key, tkey->rx_ttak, iv16);
455
456 plen = skb->len - hdr_len - 12;
457
458 crypto_blkcipher_setkey(tkey->rx_tfm_arc4, rc4key, 16);
459 sg_init_one(&sg, pos, plen+4);
460 if (crypto_blkcipher_decrypt(&desc, &sg, &sg, plen + 4)) {
461 if (net_ratelimit()) {
462 printk(KERN_DEBUG ": TKIP: failed to decrypt "
463 "received packet from %pM\n",
464 hdr->addr2);
465 }
466 return -7;
467 }
468
469 crc = ~crc32_le(~0, pos, plen);
470 icv[0] = crc;
471 icv[1] = crc >> 8;
472 icv[2] = crc >> 16;
473 icv[3] = crc >> 24;
474
475 if (memcmp(icv, pos + plen, 4) != 0) {
476 if (iv32 != tkey->rx_iv32) {
477
478
479 tkey->rx_phase1_done = 0;
480 }
481 if (net_ratelimit()) {
482 printk(KERN_DEBUG
483 "TKIP: ICV error detected: STA=%pM\n",
484 hdr->addr2);
485 }
486 tkey->dot11RSNAStatsTKIPICVErrors++;
487 return -5;
488 }
489
490 }
491
492
493
494 tkey->rx_iv32_new = iv32;
495 tkey->rx_iv16_new = iv16;
496
497
498 memmove(skb->data + 8, skb->data, hdr_len);
499 skb_pull(skb, 8);
500 skb_trim(skb, skb->len - 4);
501
502 return keyidx;
503}
504
505
506static int michael_mic(struct crypto_hash *tfm_michael, u8 * key, u8 * hdr,
507 u8 * data, size_t data_len, u8 * mic)
508{
509 struct hash_desc desc;
510 struct scatterlist sg[2];
511
512 if (tfm_michael == NULL) {
513 printk(KERN_WARNING "michael_mic: tfm_michael == NULL\n");
514 return -1;
515 }
516 sg_init_table(sg, 2);
517 sg_set_buf(&sg[0], hdr, 16);
518 sg_set_buf(&sg[1], data, data_len);
519
520 if (crypto_hash_setkey(tfm_michael, key, 8))
521 return -1;
522
523 desc.tfm = tfm_michael;
524 desc.flags = 0;
525 return crypto_hash_digest(&desc, sg, data_len + 16, mic);
526}
527
528
529
530static void michael_mic_hdr(struct sk_buff *skb, u8 *hdr)
531{
532 struct ieee80211_hdr_4addr *hdr11;
533
534 hdr11 = (struct ieee80211_hdr_4addr *) skb->data;
535 switch (le16_to_cpu(hdr11->frame_ctl) &
536 (IEEE80211_FCTL_FROMDS | IEEE80211_FCTL_TODS)) {
537 case IEEE80211_FCTL_TODS:
538 memcpy(hdr, hdr11->addr3, ETH_ALEN);
539 memcpy(hdr + ETH_ALEN, hdr11->addr2, ETH_ALEN);
540 break;
541 case IEEE80211_FCTL_FROMDS:
542 memcpy(hdr, hdr11->addr1, ETH_ALEN);
543 memcpy(hdr + ETH_ALEN, hdr11->addr3, ETH_ALEN);
544 break;
545 case IEEE80211_FCTL_FROMDS | IEEE80211_FCTL_TODS:
546 memcpy(hdr, hdr11->addr3, ETH_ALEN);
547 memcpy(hdr + ETH_ALEN, hdr11->addr4, ETH_ALEN);
548 break;
549 case 0:
550 memcpy(hdr, hdr11->addr1, ETH_ALEN);
551 memcpy(hdr + ETH_ALEN, hdr11->addr2, ETH_ALEN);
552 break;
553 }
554
555 hdr[12] = 0;
556
557 hdr[13] = hdr[14] = hdr[15] = 0;
558}
559
560
561static int ieee80211_michael_mic_add(struct sk_buff *skb, int hdr_len, void *priv)
562{
563 struct ieee80211_tkip_data *tkey = priv;
564 u8 *pos;
565 struct ieee80211_hdr_4addr *hdr;
566
567 hdr = (struct ieee80211_hdr_4addr *) skb->data;
568
569 if (skb_tailroom(skb) < 8 || skb->len < hdr_len) {
570 printk(KERN_DEBUG "Invalid packet for Michael MIC add "
571 "(tailroom=%d hdr_len=%d skb->len=%d)\n",
572 skb_tailroom(skb), hdr_len, skb->len);
573 return -1;
574 }
575
576 michael_mic_hdr(skb, tkey->tx_hdr);
577
578
579
580 if(IEEE80211_QOS_HAS_SEQ(le16_to_cpu(hdr->frame_ctl))) {
581 tkey->tx_hdr[12] = *(skb->data + hdr_len - 2) & 0x07;
582 }
583
584 pos = skb_put(skb, 8);
585 if (michael_mic(tkey->tx_tfm_michael, &tkey->key[16], tkey->tx_hdr,
586 skb->data + hdr_len, skb->len - 8 - hdr_len, pos))
587 return -1;
588
589 return 0;
590}
591
592
593#if WIRELESS_EXT >= 18
594static void ieee80211_michael_mic_failure(struct net_device *dev,
595 struct ieee80211_hdr_4addr *hdr,
596 int keyidx)
597{
598 union iwreq_data wrqu;
599 struct iw_michaelmicfailure ev;
600
601
602 memset(&ev, 0, sizeof(ev));
603 ev.flags = keyidx & IW_MICFAILURE_KEY_ID;
604 if (hdr->addr1[0] & 0x01)
605 ev.flags |= IW_MICFAILURE_GROUP;
606 else
607 ev.flags |= IW_MICFAILURE_PAIRWISE;
608 ev.src_addr.sa_family = ARPHRD_ETHER;
609 memcpy(ev.src_addr.sa_data, hdr->addr2, ETH_ALEN);
610 memset(&wrqu, 0, sizeof(wrqu));
611 wrqu.data.length = sizeof(ev);
612 wireless_send_event(dev, IWEVMICHAELMICFAILURE, &wrqu, (char *) &ev);
613}
614#elif WIRELESS_EXT >= 15
615static void ieee80211_michael_mic_failure(struct net_device *dev,
616 struct ieee80211_hdr_4addr *hdr,
617 int keyidx)
618{
619 union iwreq_data wrqu;
620 char buf[128];
621
622
623 sprintf(buf, "MLME-MICHAELMICFAILURE.indication(keyid=%d %scast addr="
624 "%pM)", keyidx, hdr->addr1[0] & 0x01 ? "broad" : "uni",
625 hdr->addr2);
626 memset(&wrqu, 0, sizeof(wrqu));
627 wrqu.data.length = strlen(buf);
628 wireless_send_event(dev, IWEVCUSTOM, &wrqu, buf);
629}
630#else
631static inline void ieee80211_michael_mic_failure(struct net_device *dev,
632 struct ieee80211_hdr_4addr *hdr,
633 int keyidx)
634{
635}
636#endif
637
638static int ieee80211_michael_mic_verify(struct sk_buff *skb, int keyidx,
639 int hdr_len, void *priv)
640{
641 struct ieee80211_tkip_data *tkey = priv;
642 u8 mic[8];
643 struct ieee80211_hdr_4addr *hdr;
644
645 hdr = (struct ieee80211_hdr_4addr *) skb->data;
646
647 if (!tkey->key_set)
648 return -1;
649
650 michael_mic_hdr(skb, tkey->rx_hdr);
651
652
653 if(IEEE80211_QOS_HAS_SEQ(le16_to_cpu(hdr->frame_ctl))) {
654 tkey->rx_hdr[12] = *(skb->data + hdr_len - 2) & 0x07;
655 }
656
657
658 if (michael_mic(tkey->rx_tfm_michael, &tkey->key[24], tkey->rx_hdr,
659 skb->data + hdr_len, skb->len - 8 - hdr_len, mic))
660 return -1;
661 if (memcmp(mic, skb->data + skb->len - 8, 8) != 0) {
662 struct ieee80211_hdr_4addr *hdr;
663 hdr = (struct ieee80211_hdr_4addr *) skb->data;
664 printk(KERN_DEBUG "%s: Michael MIC verification failed for "
665 "MSDU from %pM keyidx=%d\n",
666 skb->dev ? skb->dev->name : "N/A", hdr->addr2,
667 keyidx);
668 if (skb->dev)
669 ieee80211_michael_mic_failure(skb->dev, hdr, keyidx);
670 tkey->dot11RSNAStatsTKIPLocalMICFailures++;
671 return -1;
672 }
673
674
675
676 tkey->rx_iv32 = tkey->rx_iv32_new;
677 tkey->rx_iv16 = tkey->rx_iv16_new;
678
679 skb_trim(skb, skb->len - 8);
680
681 return 0;
682}
683
684
685static int ieee80211_tkip_set_key(void *key, int len, u8 *seq, void *priv)
686{
687 struct ieee80211_tkip_data *tkey = priv;
688 int keyidx;
689 struct crypto_hash *tfm = tkey->tx_tfm_michael;
690 struct crypto_blkcipher *tfm2 = tkey->tx_tfm_arc4;
691 struct crypto_hash *tfm3 = tkey->rx_tfm_michael;
692 struct crypto_blkcipher *tfm4 = tkey->rx_tfm_arc4;
693
694 keyidx = tkey->key_idx;
695 memset(tkey, 0, sizeof(*tkey));
696 tkey->key_idx = keyidx;
697 tkey->tx_tfm_michael = tfm;
698 tkey->tx_tfm_arc4 = tfm2;
699 tkey->rx_tfm_michael = tfm3;
700 tkey->rx_tfm_arc4 = tfm4;
701
702 if (len == TKIP_KEY_LEN) {
703 memcpy(tkey->key, key, TKIP_KEY_LEN);
704 tkey->key_set = 1;
705 tkey->tx_iv16 = 1;
706 if (seq) {
707 tkey->rx_iv32 = (seq[5] << 24) | (seq[4] << 16) |
708 (seq[3] << 8) | seq[2];
709 tkey->rx_iv16 = (seq[1] << 8) | seq[0];
710 }
711 } else if (len == 0)
712 tkey->key_set = 0;
713 else
714 return -1;
715
716 return 0;
717}
718
719
720static int ieee80211_tkip_get_key(void *key, int len, u8 *seq, void *priv)
721{
722 struct ieee80211_tkip_data *tkey = priv;
723
724 if (len < TKIP_KEY_LEN)
725 return -1;
726
727 if (!tkey->key_set)
728 return 0;
729 memcpy(key, tkey->key, TKIP_KEY_LEN);
730
731 if (seq) {
732
733 u16 iv16 = tkey->tx_iv16;
734 u32 iv32 = tkey->tx_iv32;
735 if (iv16 == 0)
736 iv32--;
737 iv16--;
738 seq[0] = tkey->tx_iv16;
739 seq[1] = tkey->tx_iv16 >> 8;
740 seq[2] = tkey->tx_iv32;
741 seq[3] = tkey->tx_iv32 >> 8;
742 seq[4] = tkey->tx_iv32 >> 16;
743 seq[5] = tkey->tx_iv32 >> 24;
744 }
745
746 return TKIP_KEY_LEN;
747}
748
749
750static char * ieee80211_tkip_print_stats(char *p, void *priv)
751{
752 struct ieee80211_tkip_data *tkip = priv;
753 p += sprintf(p, "key[%d] alg=TKIP key_set=%d "
754 "tx_pn=%02x%02x%02x%02x%02x%02x "
755 "rx_pn=%02x%02x%02x%02x%02x%02x "
756 "replays=%d icv_errors=%d local_mic_failures=%d\n",
757 tkip->key_idx, tkip->key_set,
758 (tkip->tx_iv32 >> 24) & 0xff,
759 (tkip->tx_iv32 >> 16) & 0xff,
760 (tkip->tx_iv32 >> 8) & 0xff,
761 tkip->tx_iv32 & 0xff,
762 (tkip->tx_iv16 >> 8) & 0xff,
763 tkip->tx_iv16 & 0xff,
764 (tkip->rx_iv32 >> 24) & 0xff,
765 (tkip->rx_iv32 >> 16) & 0xff,
766 (tkip->rx_iv32 >> 8) & 0xff,
767 tkip->rx_iv32 & 0xff,
768 (tkip->rx_iv16 >> 8) & 0xff,
769 tkip->rx_iv16 & 0xff,
770 tkip->dot11RSNAStatsTKIPReplays,
771 tkip->dot11RSNAStatsTKIPICVErrors,
772 tkip->dot11RSNAStatsTKIPLocalMICFailures);
773 return p;
774}
775
776
777static struct ieee80211_crypto_ops ieee80211_crypt_tkip = {
778 .name = "TKIP",
779 .init = ieee80211_tkip_init,
780 .deinit = ieee80211_tkip_deinit,
781 .encrypt_mpdu = ieee80211_tkip_encrypt,
782 .decrypt_mpdu = ieee80211_tkip_decrypt,
783 .encrypt_msdu = ieee80211_michael_mic_add,
784 .decrypt_msdu = ieee80211_michael_mic_verify,
785 .set_key = ieee80211_tkip_set_key,
786 .get_key = ieee80211_tkip_get_key,
787 .print_stats = ieee80211_tkip_print_stats,
788 .extra_prefix_len = 4 + 4,
789 .extra_postfix_len = 8 + 4,
790 .owner = THIS_MODULE,
791};
792
793
794int __init ieee80211_crypto_tkip_init(void)
795{
796 return ieee80211_register_crypto_ops(&ieee80211_crypt_tkip);
797}
798
799
800void ieee80211_crypto_tkip_exit(void)
801{
802 ieee80211_unregister_crypto_ops(&ieee80211_crypt_tkip);
803}
804
805void ieee80211_tkip_null(void)
806{
807 return;
808}
809
810
