1
2
3
4
5
6
7
8
9
10
11
12
13#define pr_fmt(fmt) KBUILD_MODNAME ": " fmt
14
15#include <linux/err.h>
16#include <linux/module.h>
17#include <linux/init.h>
18#include <linux/slab.h>
19#include <linux/random.h>
20#include <linux/scatterlist.h>
21#include <linux/skbuff.h>
22#include <linux/netdevice.h>
23#include <linux/mm.h>
24#include <linux/if_ether.h>
25#include <linux/if_arp.h>
26#include <asm/string.h>
27
28#include <linux/wireless.h>
29#include <linux/ieee80211.h>
30#include <net/iw_handler.h>
31
32#include <linux/crypto.h>
33#include <linux/crc32.h>
34
35#include <net/lib80211.h>
36
37MODULE_AUTHOR("Jouni Malinen");
38MODULE_DESCRIPTION("lib80211 crypt: TKIP");
39MODULE_LICENSE("GPL");
40
41#define TKIP_HDR_LEN 8
42
43struct lib80211_tkip_data {
44#define TKIP_KEY_LEN 32
45 u8 key[TKIP_KEY_LEN];
46 int key_set;
47
48 u32 tx_iv32;
49 u16 tx_iv16;
50 u16 tx_ttak[5];
51 int tx_phase1_done;
52
53 u32 rx_iv32;
54 u16 rx_iv16;
55 u16 rx_ttak[5];
56 int rx_phase1_done;
57 u32 rx_iv32_new;
58 u16 rx_iv16_new;
59
60 u32 dot11RSNAStatsTKIPReplays;
61 u32 dot11RSNAStatsTKIPICVErrors;
62 u32 dot11RSNAStatsTKIPLocalMICFailures;
63
64 int key_idx;
65
66 struct crypto_blkcipher *rx_tfm_arc4;
67 struct crypto_hash *rx_tfm_michael;
68 struct crypto_blkcipher *tx_tfm_arc4;
69 struct crypto_hash *tx_tfm_michael;
70
71
72 u8 rx_hdr[16], tx_hdr[16];
73
74 unsigned long flags;
75};
76
77static unsigned long lib80211_tkip_set_flags(unsigned long flags, void *priv)
78{
79 struct lib80211_tkip_data *_priv = priv;
80 unsigned long old_flags = _priv->flags;
81 _priv->flags = flags;
82 return old_flags;
83}
84
85static unsigned long lib80211_tkip_get_flags(void *priv)
86{
87 struct lib80211_tkip_data *_priv = priv;
88 return _priv->flags;
89}
90
91static void *lib80211_tkip_init(int key_idx)
92{
93 struct lib80211_tkip_data *priv;
94
95 priv = kzalloc(sizeof(*priv), GFP_ATOMIC);
96 if (priv == NULL)
97 goto fail;
98
99 priv->key_idx = key_idx;
100
101 priv->tx_tfm_arc4 = crypto_alloc_blkcipher("ecb(arc4)", 0,
102 CRYPTO_ALG_ASYNC);
103 if (IS_ERR(priv->tx_tfm_arc4)) {
104 priv->tx_tfm_arc4 = NULL;
105 goto fail;
106 }
107
108 priv->tx_tfm_michael = crypto_alloc_hash("michael_mic", 0,
109 CRYPTO_ALG_ASYNC);
110 if (IS_ERR(priv->tx_tfm_michael)) {
111 priv->tx_tfm_michael = NULL;
112 goto fail;
113 }
114
115 priv->rx_tfm_arc4 = crypto_alloc_blkcipher("ecb(arc4)", 0,
116 CRYPTO_ALG_ASYNC);
117 if (IS_ERR(priv->rx_tfm_arc4)) {
118 priv->rx_tfm_arc4 = NULL;
119 goto fail;
120 }
121
122 priv->rx_tfm_michael = crypto_alloc_hash("michael_mic", 0,
123 CRYPTO_ALG_ASYNC);
124 if (IS_ERR(priv->rx_tfm_michael)) {
125 priv->rx_tfm_michael = NULL;
126 goto fail;
127 }
128
129 return priv;
130
131 fail:
132 if (priv) {
133 if (priv->tx_tfm_michael)
134 crypto_free_hash(priv->tx_tfm_michael);
135 if (priv->tx_tfm_arc4)
136 crypto_free_blkcipher(priv->tx_tfm_arc4);
137 if (priv->rx_tfm_michael)
138 crypto_free_hash(priv->rx_tfm_michael);
139 if (priv->rx_tfm_arc4)
140 crypto_free_blkcipher(priv->rx_tfm_arc4);
141 kfree(priv);
142 }
143
144 return NULL;
145}
146
147static void lib80211_tkip_deinit(void *priv)
148{
149 struct lib80211_tkip_data *_priv = priv;
150 if (_priv) {
151 if (_priv->tx_tfm_michael)
152 crypto_free_hash(_priv->tx_tfm_michael);
153 if (_priv->tx_tfm_arc4)
154 crypto_free_blkcipher(_priv->tx_tfm_arc4);
155 if (_priv->rx_tfm_michael)
156 crypto_free_hash(_priv->rx_tfm_michael);
157 if (_priv->rx_tfm_arc4)
158 crypto_free_blkcipher(_priv->rx_tfm_arc4);
159 }
160 kfree(priv);
161}
162
163static inline u16 RotR1(u16 val)
164{
165 return (val >> 1) | (val << 15);
166}
167
168static inline u8 Lo8(u16 val)
169{
170 return val & 0xff;
171}
172
173static inline u8 Hi8(u16 val)
174{
175 return val >> 8;
176}
177
178static inline u16 Lo16(u32 val)
179{
180 return val & 0xffff;
181}
182
183static inline u16 Hi16(u32 val)
184{
185 return val >> 16;
186}
187
188static inline u16 Mk16(u8 hi, u8 lo)
189{
190 return lo | (((u16) hi) << 8);
191}
192
193static inline u16 Mk16_le(__le16 * v)
194{
195 return le16_to_cpu(*v);
196}
197
198static const u16 Sbox[256] = {
199 0xC6A5, 0xF884, 0xEE99, 0xF68D, 0xFF0D, 0xD6BD, 0xDEB1, 0x9154,
200 0x6050, 0x0203, 0xCEA9, 0x567D, 0xE719, 0xB562, 0x4DE6, 0xEC9A,
201 0x8F45, 0x1F9D, 0x8940, 0xFA87, 0xEF15, 0xB2EB, 0x8EC9, 0xFB0B,
202 0x41EC, 0xB367, 0x5FFD, 0x45EA, 0x23BF, 0x53F7, 0xE496, 0x9B5B,
203 0x75C2, 0xE11C, 0x3DAE, 0x4C6A, 0x6C5A, 0x7E41, 0xF502, 0x834F,
204 0x685C, 0x51F4, 0xD134, 0xF908, 0xE293, 0xAB73, 0x6253, 0x2A3F,
205 0x080C, 0x9552, 0x4665, 0x9D5E, 0x3028, 0x37A1, 0x0A0F, 0x2FB5,
206 0x0E09, 0x2436, 0x1B9B, 0xDF3D, 0xCD26, 0x4E69, 0x7FCD, 0xEA9F,
207 0x121B, 0x1D9E, 0x5874, 0x342E, 0x362D, 0xDCB2, 0xB4EE, 0x5BFB,
208 0xA4F6, 0x764D, 0xB761, 0x7DCE, 0x527B, 0xDD3E, 0x5E71, 0x1397,
209 0xA6F5, 0xB968, 0x0000, 0xC12C, 0x4060, 0xE31F, 0x79C8, 0xB6ED,
210 0xD4BE, 0x8D46, 0x67D9, 0x724B, 0x94DE, 0x98D4, 0xB0E8, 0x854A,
211 0xBB6B, 0xC52A, 0x4FE5, 0xED16, 0x86C5, 0x9AD7, 0x6655, 0x1194,
212 0x8ACF, 0xE910, 0x0406, 0xFE81, 0xA0F0, 0x7844, 0x25BA, 0x4BE3,
213 0xA2F3, 0x5DFE, 0x80C0, 0x058A, 0x3FAD, 0x21BC, 0x7048, 0xF104,
214 0x63DF, 0x77C1, 0xAF75, 0x4263, 0x2030, 0xE51A, 0xFD0E, 0xBF6D,
215 0x814C, 0x1814, 0x2635, 0xC32F, 0xBEE1, 0x35A2, 0x88CC, 0x2E39,
216 0x9357, 0x55F2, 0xFC82, 0x7A47, 0xC8AC, 0xBAE7, 0x322B, 0xE695,
217 0xC0A0, 0x1998, 0x9ED1, 0xA37F, 0x4466, 0x547E, 0x3BAB, 0x0B83,
218 0x8CCA, 0xC729, 0x6BD3, 0x283C, 0xA779, 0xBCE2, 0x161D, 0xAD76,
219 0xDB3B, 0x6456, 0x744E, 0x141E, 0x92DB, 0x0C0A, 0x486C, 0xB8E4,
220 0x9F5D, 0xBD6E, 0x43EF, 0xC4A6, 0x39A8, 0x31A4, 0xD337, 0xF28B,
221 0xD532, 0x8B43, 0x6E59, 0xDAB7, 0x018C, 0xB164, 0x9CD2, 0x49E0,
222 0xD8B4, 0xACFA, 0xF307, 0xCF25, 0xCAAF, 0xF48E, 0x47E9, 0x1018,
223 0x6FD5, 0xF088, 0x4A6F, 0x5C72, 0x3824, 0x57F1, 0x73C7, 0x9751,
224 0xCB23, 0xA17C, 0xE89C, 0x3E21, 0x96DD, 0x61DC, 0x0D86, 0x0F85,
225 0xE090, 0x7C42, 0x71C4, 0xCCAA, 0x90D8, 0x0605, 0xF701, 0x1C12,
226 0xC2A3, 0x6A5F, 0xAEF9, 0x69D0, 0x1791, 0x9958, 0x3A27, 0x27B9,
227 0xD938, 0xEB13, 0x2BB3, 0x2233, 0xD2BB, 0xA970, 0x0789, 0x33A7,
228 0x2DB6, 0x3C22, 0x1592, 0xC920, 0x8749, 0xAAFF, 0x5078, 0xA57A,
229 0x038F, 0x59F8, 0x0980, 0x1A17, 0x65DA, 0xD731, 0x84C6, 0xD0B8,
230 0x82C3, 0x29B0, 0x5A77, 0x1E11, 0x7BCB, 0xA8FC, 0x6DD6, 0x2C3A,
231};
232
233static inline u16 _S_(u16 v)
234{
235 u16 t = Sbox[Hi8(v)];
236 return Sbox[Lo8(v)] ^ ((t << 8) | (t >> 8));
237}
238
239#define PHASE1_LOOP_COUNT 8
240
241static void tkip_mixing_phase1(u16 * TTAK, const u8 * TK, const u8 * TA,
242 u32 IV32)
243{
244 int i, j;
245
246
247 TTAK[0] = Lo16(IV32);
248 TTAK[1] = Hi16(IV32);
249 TTAK[2] = Mk16(TA[1], TA[0]);
250 TTAK[3] = Mk16(TA[3], TA[2]);
251 TTAK[4] = Mk16(TA[5], TA[4]);
252
253 for (i = 0; i < PHASE1_LOOP_COUNT; i++) {
254 j = 2 * (i & 1);
255 TTAK[0] += _S_(TTAK[4] ^ Mk16(TK[1 + j], TK[0 + j]));
256 TTAK[1] += _S_(TTAK[0] ^ Mk16(TK[5 + j], TK[4 + j]));
257 TTAK[2] += _S_(TTAK[1] ^ Mk16(TK[9 + j], TK[8 + j]));
258 TTAK[3] += _S_(TTAK[2] ^ Mk16(TK[13 + j], TK[12 + j]));
259 TTAK[4] += _S_(TTAK[3] ^ Mk16(TK[1 + j], TK[0 + j])) + i;
260 }
261}
262
263static void tkip_mixing_phase2(u8 * WEPSeed, const u8 * TK, const u16 * TTAK,
264 u16 IV16)
265{
266
267
268 u16 *PPK = (u16 *) & WEPSeed[4];
269
270
271 PPK[0] = TTAK[0];
272 PPK[1] = TTAK[1];
273 PPK[2] = TTAK[2];
274 PPK[3] = TTAK[3];
275 PPK[4] = TTAK[4];
276 PPK[5] = TTAK[4] + IV16;
277
278
279 PPK[0] += _S_(PPK[5] ^ Mk16_le((__le16 *) & TK[0]));
280 PPK[1] += _S_(PPK[0] ^ Mk16_le((__le16 *) & TK[2]));
281 PPK[2] += _S_(PPK[1] ^ Mk16_le((__le16 *) & TK[4]));
282 PPK[3] += _S_(PPK[2] ^ Mk16_le((__le16 *) & TK[6]));
283 PPK[4] += _S_(PPK[3] ^ Mk16_le((__le16 *) & TK[8]));
284 PPK[5] += _S_(PPK[4] ^ Mk16_le((__le16 *) & TK[10]));
285
286 PPK[0] += RotR1(PPK[5] ^ Mk16_le((__le16 *) & TK[12]));
287 PPK[1] += RotR1(PPK[0] ^ Mk16_le((__le16 *) & TK[14]));
288 PPK[2] += RotR1(PPK[1]);
289 PPK[3] += RotR1(PPK[2]);
290 PPK[4] += RotR1(PPK[3]);
291 PPK[5] += RotR1(PPK[4]);
292
293
294
295 WEPSeed[0] = Hi8(IV16);
296 WEPSeed[1] = (Hi8(IV16) | 0x20) & 0x7F;
297 WEPSeed[2] = Lo8(IV16);
298 WEPSeed[3] = Lo8((PPK[5] ^ Mk16_le((__le16 *) & TK[0])) >> 1);
299
300#ifdef __BIG_ENDIAN
301 {
302 int i;
303 for (i = 0; i < 6; i++)
304 PPK[i] = (PPK[i] << 8) | (PPK[i] >> 8);
305 }
306#endif
307}
308
309static int lib80211_tkip_hdr(struct sk_buff *skb, int hdr_len,
310 u8 * rc4key, int keylen, void *priv)
311{
312 struct lib80211_tkip_data *tkey = priv;
313 u8 *pos;
314 struct ieee80211_hdr *hdr;
315
316 hdr = (struct ieee80211_hdr *)skb->data;
317
318 if (skb_headroom(skb) < TKIP_HDR_LEN || skb->len < hdr_len)
319 return -1;
320
321 if (rc4key == NULL || keylen < 16)
322 return -1;
323
324 if (!tkey->tx_phase1_done) {
325 tkip_mixing_phase1(tkey->tx_ttak, tkey->key, hdr->addr2,
326 tkey->tx_iv32);
327 tkey->tx_phase1_done = 1;
328 }
329 tkip_mixing_phase2(rc4key, tkey->key, tkey->tx_ttak, tkey->tx_iv16);
330
331 pos = skb_push(skb, TKIP_HDR_LEN);
332 memmove(pos, pos + TKIP_HDR_LEN, hdr_len);
333 pos += hdr_len;
334
335 *pos++ = *rc4key;
336 *pos++ = *(rc4key + 1);
337 *pos++ = *(rc4key + 2);
338 *pos++ = (tkey->key_idx << 6) | (1 << 5) ;
339 *pos++ = tkey->tx_iv32 & 0xff;
340 *pos++ = (tkey->tx_iv32 >> 8) & 0xff;
341 *pos++ = (tkey->tx_iv32 >> 16) & 0xff;
342 *pos++ = (tkey->tx_iv32 >> 24) & 0xff;
343
344 tkey->tx_iv16++;
345 if (tkey->tx_iv16 == 0) {
346 tkey->tx_phase1_done = 0;
347 tkey->tx_iv32++;
348 }
349
350 return TKIP_HDR_LEN;
351}
352
353static int lib80211_tkip_encrypt(struct sk_buff *skb, int hdr_len, void *priv)
354{
355 struct lib80211_tkip_data *tkey = priv;
356 struct blkcipher_desc desc = { .tfm = tkey->tx_tfm_arc4 };
357 int len;
358 u8 rc4key[16], *pos, *icv;
359 u32 crc;
360 struct scatterlist sg;
361
362 if (tkey->flags & IEEE80211_CRYPTO_TKIP_COUNTERMEASURES) {
363 struct ieee80211_hdr *hdr = (struct ieee80211_hdr *)skb->data;
364 net_dbg_ratelimited("TKIP countermeasures: dropped TX packet to %pM\n",
365 hdr->addr1);
366 return -1;
367 }
368
369 if (skb_tailroom(skb) < 4 || skb->len < hdr_len)
370 return -1;
371
372 len = skb->len - hdr_len;
373 pos = skb->data + hdr_len;
374
375 if ((lib80211_tkip_hdr(skb, hdr_len, rc4key, 16, priv)) < 0)
376 return -1;
377
378 crc = ~crc32_le(~0, pos, len);
379 icv = skb_put(skb, 4);
380 icv[0] = crc;
381 icv[1] = crc >> 8;
382 icv[2] = crc >> 16;
383 icv[3] = crc >> 24;
384
385 crypto_blkcipher_setkey(tkey->tx_tfm_arc4, rc4key, 16);
386 sg_init_one(&sg, pos, len + 4);
387 return crypto_blkcipher_encrypt(&desc, &sg, &sg, len + 4);
388}
389
390
391
392
393
394static inline int tkip_replay_check(u32 iv32_n, u16 iv16_n,
395 u32 iv32_o, u16 iv16_o)
396{
397 if ((s32)iv32_n - (s32)iv32_o < 0 ||
398 (iv32_n == iv32_o && iv16_n <= iv16_o))
399 return 1;
400 return 0;
401}
402
403static int lib80211_tkip_decrypt(struct sk_buff *skb, int hdr_len, void *priv)
404{
405 struct lib80211_tkip_data *tkey = priv;
406 struct blkcipher_desc desc = { .tfm = tkey->rx_tfm_arc4 };
407 u8 rc4key[16];
408 u8 keyidx, *pos;
409 u32 iv32;
410 u16 iv16;
411 struct ieee80211_hdr *hdr;
412 u8 icv[4];
413 u32 crc;
414 struct scatterlist sg;
415 int plen;
416
417 hdr = (struct ieee80211_hdr *)skb->data;
418
419 if (tkey->flags & IEEE80211_CRYPTO_TKIP_COUNTERMEASURES) {
420 net_dbg_ratelimited("TKIP countermeasures: dropped received packet from %pM\n",
421 hdr->addr2);
422 return -1;
423 }
424
425 if (skb->len < hdr_len + TKIP_HDR_LEN + 4)
426 return -1;
427
428 pos = skb->data + hdr_len;
429 keyidx = pos[3];
430 if (!(keyidx & (1 << 5))) {
431 net_dbg_ratelimited("TKIP: received packet without ExtIV flag from %pM\n",
432 hdr->addr2);
433 return -2;
434 }
435 keyidx >>= 6;
436 if (tkey->key_idx != keyidx) {
437 printk(KERN_DEBUG "TKIP: RX tkey->key_idx=%d frame "
438 "keyidx=%d priv=%p\n", tkey->key_idx, keyidx, priv);
439 return -6;
440 }
441 if (!tkey->key_set) {
442 net_dbg_ratelimited("TKIP: received packet from %pM with keyid=%d that does not have a configured key\n",
443 hdr->addr2, keyidx);
444 return -3;
445 }
446 iv16 = (pos[0] << 8) | pos[2];
447 iv32 = pos[4] | (pos[5] << 8) | (pos[6] << 16) | (pos[7] << 24);
448 pos += TKIP_HDR_LEN;
449
450 if (tkip_replay_check(iv32, iv16, tkey->rx_iv32, tkey->rx_iv16)) {
451#ifdef CONFIG_LIB80211_DEBUG
452 net_dbg_ratelimited("TKIP: replay detected: STA=%pM previous TSC %08x%04x received TSC %08x%04x\n",
453 hdr->addr2, tkey->rx_iv32, tkey->rx_iv16,
454 iv32, iv16);
455#endif
456 tkey->dot11RSNAStatsTKIPReplays++;
457 return -4;
458 }
459
460 if (iv32 != tkey->rx_iv32 || !tkey->rx_phase1_done) {
461 tkip_mixing_phase1(tkey->rx_ttak, tkey->key, hdr->addr2, iv32);
462 tkey->rx_phase1_done = 1;
463 }
464 tkip_mixing_phase2(rc4key, tkey->key, tkey->rx_ttak, iv16);
465
466 plen = skb->len - hdr_len - 12;
467
468 crypto_blkcipher_setkey(tkey->rx_tfm_arc4, rc4key, 16);
469 sg_init_one(&sg, pos, plen + 4);
470 if (crypto_blkcipher_decrypt(&desc, &sg, &sg, plen + 4)) {
471 net_dbg_ratelimited("TKIP: failed to decrypt received packet from %pM\n",
472 hdr->addr2);
473 return -7;
474 }
475
476 crc = ~crc32_le(~0, pos, plen);
477 icv[0] = crc;
478 icv[1] = crc >> 8;
479 icv[2] = crc >> 16;
480 icv[3] = crc >> 24;
481 if (memcmp(icv, pos + plen, 4) != 0) {
482 if (iv32 != tkey->rx_iv32) {
483
484
485 tkey->rx_phase1_done = 0;
486 }
487#ifdef CONFIG_LIB80211_DEBUG
488 net_dbg_ratelimited("TKIP: ICV error detected: STA=%pM\n",
489 hdr->addr2);
490#endif
491 tkey->dot11RSNAStatsTKIPICVErrors++;
492 return -5;
493 }
494
495
496
497 tkey->rx_iv32_new = iv32;
498 tkey->rx_iv16_new = iv16;
499
500
501 memmove(skb->data + TKIP_HDR_LEN, skb->data, hdr_len);
502 skb_pull(skb, TKIP_HDR_LEN);
503 skb_trim(skb, skb->len - 4);
504
505 return keyidx;
506}
507
508static int michael_mic(struct crypto_hash *tfm_michael, u8 * key, u8 * hdr,
509 u8 * data, size_t data_len, u8 * mic)
510{
511 struct hash_desc desc;
512 struct scatterlist sg[2];
513
514 if (tfm_michael == NULL) {
515 pr_warn("%s(): tfm_michael == NULL\n", __func__);
516 return -1;
517 }
518 sg_init_table(sg, 2);
519 sg_set_buf(&sg[0], hdr, 16);
520 sg_set_buf(&sg[1], data, data_len);
521
522 if (crypto_hash_setkey(tfm_michael, key, 8))
523 return -1;
524
525 desc.tfm = tfm_michael;
526 desc.flags = 0;
527 return crypto_hash_digest(&desc, sg, data_len + 16, mic);
528}
529
530static void michael_mic_hdr(struct sk_buff *skb, u8 * hdr)
531{
532 struct ieee80211_hdr *hdr11;
533
534 hdr11 = (struct ieee80211_hdr *)skb->data;
535
536 switch (le16_to_cpu(hdr11->frame_control) &
537 (IEEE80211_FCTL_FROMDS | IEEE80211_FCTL_TODS)) {
538 case IEEE80211_FCTL_TODS:
539 memcpy(hdr, hdr11->addr3, ETH_ALEN);
540 memcpy(hdr + ETH_ALEN, hdr11->addr2, ETH_ALEN);
541 break;
542 case IEEE80211_FCTL_FROMDS:
543 memcpy(hdr, hdr11->addr1, ETH_ALEN);
544 memcpy(hdr + ETH_ALEN, hdr11->addr3, ETH_ALEN);
545 break;
546 case IEEE80211_FCTL_FROMDS | IEEE80211_FCTL_TODS:
547 memcpy(hdr, hdr11->addr3, ETH_ALEN);
548 memcpy(hdr + ETH_ALEN, hdr11->addr4, ETH_ALEN);
549 break;
550 case 0:
551 memcpy(hdr, hdr11->addr1, ETH_ALEN);
552 memcpy(hdr + ETH_ALEN, hdr11->addr2, ETH_ALEN);
553 break;
554 }
555
556 if (ieee80211_is_data_qos(hdr11->frame_control)) {
557 hdr[12] = le16_to_cpu(*((__le16 *)ieee80211_get_qos_ctl(hdr11)))
558 & IEEE80211_QOS_CTL_TID_MASK;
559 } else
560 hdr[12] = 0;
561
562 hdr[13] = hdr[14] = hdr[15] = 0;
563}
564
565static int lib80211_michael_mic_add(struct sk_buff *skb, int hdr_len,
566 void *priv)
567{
568 struct lib80211_tkip_data *tkey = priv;
569 u8 *pos;
570
571 if (skb_tailroom(skb) < 8 || skb->len < hdr_len) {
572 printk(KERN_DEBUG "Invalid packet for Michael MIC add "
573 "(tailroom=%d hdr_len=%d skb->len=%d)\n",
574 skb_tailroom(skb), hdr_len, skb->len);
575 return -1;
576 }
577
578 michael_mic_hdr(skb, tkey->tx_hdr);
579 pos = skb_put(skb, 8);
580 if (michael_mic(tkey->tx_tfm_michael, &tkey->key[16], tkey->tx_hdr,
581 skb->data + hdr_len, skb->len - 8 - hdr_len, pos))
582 return -1;
583
584 return 0;
585}
586
587static void lib80211_michael_mic_failure(struct net_device *dev,
588 struct ieee80211_hdr *hdr,
589 int keyidx)
590{
591 union iwreq_data wrqu;
592 struct iw_michaelmicfailure ev;
593
594
595 memset(&ev, 0, sizeof(ev));
596 ev.flags = keyidx & IW_MICFAILURE_KEY_ID;
597 if (hdr->addr1[0] & 0x01)
598 ev.flags |= IW_MICFAILURE_GROUP;
599 else
600 ev.flags |= IW_MICFAILURE_PAIRWISE;
601 ev.src_addr.sa_family = ARPHRD_ETHER;
602 memcpy(ev.src_addr.sa_data, hdr->addr2, ETH_ALEN);
603 memset(&wrqu, 0, sizeof(wrqu));
604 wrqu.data.length = sizeof(ev);
605 wireless_send_event(dev, IWEVMICHAELMICFAILURE, &wrqu, (char *)&ev);
606}
607
608static int lib80211_michael_mic_verify(struct sk_buff *skb, int keyidx,
609 int hdr_len, void *priv)
610{
611 struct lib80211_tkip_data *tkey = priv;
612 u8 mic[8];
613
614 if (!tkey->key_set)
615 return -1;
616
617 michael_mic_hdr(skb, tkey->rx_hdr);
618 if (michael_mic(tkey->rx_tfm_michael, &tkey->key[24], tkey->rx_hdr,
619 skb->data + hdr_len, skb->len - 8 - hdr_len, mic))
620 return -1;
621 if (memcmp(mic, skb->data + skb->len - 8, 8) != 0) {
622 struct ieee80211_hdr *hdr;
623 hdr = (struct ieee80211_hdr *)skb->data;
624 printk(KERN_DEBUG "%s: Michael MIC verification failed for "
625 "MSDU from %pM keyidx=%d\n",
626 skb->dev ? skb->dev->name : "N/A", hdr->addr2,
627 keyidx);
628 if (skb->dev)
629 lib80211_michael_mic_failure(skb->dev, hdr, keyidx);
630 tkey->dot11RSNAStatsTKIPLocalMICFailures++;
631 return -1;
632 }
633
634
635
636 tkey->rx_iv32 = tkey->rx_iv32_new;
637 tkey->rx_iv16 = tkey->rx_iv16_new;
638
639 skb_trim(skb, skb->len - 8);
640
641 return 0;
642}
643
644static int lib80211_tkip_set_key(void *key, int len, u8 * seq, void *priv)
645{
646 struct lib80211_tkip_data *tkey = priv;
647 int keyidx;
648 struct crypto_hash *tfm = tkey->tx_tfm_michael;
649 struct crypto_blkcipher *tfm2 = tkey->tx_tfm_arc4;
650 struct crypto_hash *tfm3 = tkey->rx_tfm_michael;
651 struct crypto_blkcipher *tfm4 = tkey->rx_tfm_arc4;
652
653 keyidx = tkey->key_idx;
654 memset(tkey, 0, sizeof(*tkey));
655 tkey->key_idx = keyidx;
656 tkey->tx_tfm_michael = tfm;
657 tkey->tx_tfm_arc4 = tfm2;
658 tkey->rx_tfm_michael = tfm3;
659 tkey->rx_tfm_arc4 = tfm4;
660 if (len == TKIP_KEY_LEN) {
661 memcpy(tkey->key, key, TKIP_KEY_LEN);
662 tkey->key_set = 1;
663 tkey->tx_iv16 = 1;
664 if (seq) {
665 tkey->rx_iv32 = (seq[5] << 24) | (seq[4] << 16) |
666 (seq[3] << 8) | seq[2];
667 tkey->rx_iv16 = (seq[1] << 8) | seq[0];
668 }
669 } else if (len == 0)
670 tkey->key_set = 0;
671 else
672 return -1;
673
674 return 0;
675}
676
677static int lib80211_tkip_get_key(void *key, int len, u8 * seq, void *priv)
678{
679 struct lib80211_tkip_data *tkey = priv;
680
681 if (len < TKIP_KEY_LEN)
682 return -1;
683
684 if (!tkey->key_set)
685 return 0;
686 memcpy(key, tkey->key, TKIP_KEY_LEN);
687
688 if (seq) {
689
690 u16 iv16 = tkey->tx_iv16;
691 u32 iv32 = tkey->tx_iv32;
692 if (iv16 == 0)
693 iv32--;
694 iv16--;
695 seq[0] = tkey->tx_iv16;
696 seq[1] = tkey->tx_iv16 >> 8;
697 seq[2] = tkey->tx_iv32;
698 seq[3] = tkey->tx_iv32 >> 8;
699 seq[4] = tkey->tx_iv32 >> 16;
700 seq[5] = tkey->tx_iv32 >> 24;
701 }
702
703 return TKIP_KEY_LEN;
704}
705
706static void lib80211_tkip_print_stats(struct seq_file *m, void *priv)
707{
708 struct lib80211_tkip_data *tkip = priv;
709 seq_printf(m,
710 "key[%d] alg=TKIP key_set=%d "
711 "tx_pn=%02x%02x%02x%02x%02x%02x "
712 "rx_pn=%02x%02x%02x%02x%02x%02x "
713 "replays=%d icv_errors=%d local_mic_failures=%d\n",
714 tkip->key_idx, tkip->key_set,
715 (tkip->tx_iv32 >> 24) & 0xff,
716 (tkip->tx_iv32 >> 16) & 0xff,
717 (tkip->tx_iv32 >> 8) & 0xff,
718 tkip->tx_iv32 & 0xff,
719 (tkip->tx_iv16 >> 8) & 0xff,
720 tkip->tx_iv16 & 0xff,
721 (tkip->rx_iv32 >> 24) & 0xff,
722 (tkip->rx_iv32 >> 16) & 0xff,
723 (tkip->rx_iv32 >> 8) & 0xff,
724 tkip->rx_iv32 & 0xff,
725 (tkip->rx_iv16 >> 8) & 0xff,
726 tkip->rx_iv16 & 0xff,
727 tkip->dot11RSNAStatsTKIPReplays,
728 tkip->dot11RSNAStatsTKIPICVErrors,
729 tkip->dot11RSNAStatsTKIPLocalMICFailures);
730}
731
732static struct lib80211_crypto_ops lib80211_crypt_tkip = {
733 .name = "TKIP",
734 .init = lib80211_tkip_init,
735 .deinit = lib80211_tkip_deinit,
736 .encrypt_mpdu = lib80211_tkip_encrypt,
737 .decrypt_mpdu = lib80211_tkip_decrypt,
738 .encrypt_msdu = lib80211_michael_mic_add,
739 .decrypt_msdu = lib80211_michael_mic_verify,
740 .set_key = lib80211_tkip_set_key,
741 .get_key = lib80211_tkip_get_key,
742 .print_stats = lib80211_tkip_print_stats,
743 .extra_mpdu_prefix_len = 4 + 4,
744 .extra_mpdu_postfix_len = 4,
745 .extra_msdu_postfix_len = 8,
746 .get_flags = lib80211_tkip_get_flags,
747 .set_flags = lib80211_tkip_set_flags,
748 .owner = THIS_MODULE,
749};
750
751static int __init lib80211_crypto_tkip_init(void)
752{
753 return lib80211_register_crypto_ops(&lib80211_crypt_tkip);
754}
755
756static void __exit lib80211_crypto_tkip_exit(void)
757{
758 lib80211_unregister_crypto_ops(&lib80211_crypt_tkip);
759}
760
761module_init(lib80211_crypto_tkip_init);
762module_exit(lib80211_crypto_tkip_exit);
763