1
2
3
4
5
6
7
8
9
10
11
12
13#define pr_fmt(fmt) KBUILD_MODNAME ": " fmt
14
15#include <linux/err.h>
16#include <linux/module.h>
17#include <linux/init.h>
18#include <linux/slab.h>
19#include <linux/random.h>
20#include <linux/scatterlist.h>
21#include <linux/skbuff.h>
22#include <linux/netdevice.h>
23#include <linux/mm.h>
24#include <linux/if_ether.h>
25#include <linux/if_arp.h>
26#include <asm/string.h>
27
28#include <linux/wireless.h>
29#include <linux/ieee80211.h>
30#include <net/iw_handler.h>
31
32#include <linux/crypto.h>
33#include <linux/crc32.h>
34
35#include <net/lib80211.h>
36
37MODULE_AUTHOR("Jouni Malinen");
38MODULE_DESCRIPTION("lib80211 crypt: TKIP");
39MODULE_LICENSE("GPL");
40
41#define TKIP_HDR_LEN 8
42
43struct lib80211_tkip_data {
44#define TKIP_KEY_LEN 32
45 u8 key[TKIP_KEY_LEN];
46 int key_set;
47
48 u32 tx_iv32;
49 u16 tx_iv16;
50 u16 tx_ttak[5];
51 int tx_phase1_done;
52
53 u32 rx_iv32;
54 u16 rx_iv16;
55 u16 rx_ttak[5];
56 int rx_phase1_done;
57 u32 rx_iv32_new;
58 u16 rx_iv16_new;
59
60 u32 dot11RSNAStatsTKIPReplays;
61 u32 dot11RSNAStatsTKIPICVErrors;
62 u32 dot11RSNAStatsTKIPLocalMICFailures;
63
64 int key_idx;
65
66 struct crypto_blkcipher *rx_tfm_arc4;
67 struct crypto_hash *rx_tfm_michael;
68 struct crypto_blkcipher *tx_tfm_arc4;
69 struct crypto_hash *tx_tfm_michael;
70
71
72 u8 rx_hdr[16], tx_hdr[16];
73
74 unsigned long flags;
75};
76
77static unsigned long lib80211_tkip_set_flags(unsigned long flags, void *priv)
78{
79 struct lib80211_tkip_data *_priv = priv;
80 unsigned long old_flags = _priv->flags;
81 _priv->flags = flags;
82 return old_flags;
83}
84
85static unsigned long lib80211_tkip_get_flags(void *priv)
86{
87 struct lib80211_tkip_data *_priv = priv;
88 return _priv->flags;
89}
90
91static void *lib80211_tkip_init(int key_idx)
92{
93 struct lib80211_tkip_data *priv;
94
95 priv = kzalloc(sizeof(*priv), GFP_ATOMIC);
96 if (priv == NULL)
97 goto fail;
98
99 priv->key_idx = key_idx;
100
101 priv->tx_tfm_arc4 = crypto_alloc_blkcipher("ecb(arc4)", 0,
102 CRYPTO_ALG_ASYNC);
103 if (IS_ERR(priv->tx_tfm_arc4)) {
104 priv->tx_tfm_arc4 = NULL;
105 goto fail;
106 }
107
108 priv->tx_tfm_michael = crypto_alloc_hash("michael_mic", 0,
109 CRYPTO_ALG_ASYNC);
110 if (IS_ERR(priv->tx_tfm_michael)) {
111 priv->tx_tfm_michael = NULL;
112 goto fail;
113 }
114
115 priv->rx_tfm_arc4 = crypto_alloc_blkcipher("ecb(arc4)", 0,
116 CRYPTO_ALG_ASYNC);
117 if (IS_ERR(priv->rx_tfm_arc4)) {
118 priv->rx_tfm_arc4 = NULL;
119 goto fail;
120 }
121
122 priv->rx_tfm_michael = crypto_alloc_hash("michael_mic", 0,
123 CRYPTO_ALG_ASYNC);
124 if (IS_ERR(priv->rx_tfm_michael)) {
125 priv->rx_tfm_michael = NULL;
126 goto fail;
127 }
128
129 return priv;
130
131 fail:
132 if (priv) {
133 if (priv->tx_tfm_michael)
134 crypto_free_hash(priv->tx_tfm_michael);
135 if (priv->tx_tfm_arc4)
136 crypto_free_blkcipher(priv->tx_tfm_arc4);
137 if (priv->rx_tfm_michael)
138 crypto_free_hash(priv->rx_tfm_michael);
139 if (priv->rx_tfm_arc4)
140 crypto_free_blkcipher(priv->rx_tfm_arc4);
141 kfree(priv);
142 }
143
144 return NULL;
145}
146
147static void lib80211_tkip_deinit(void *priv)
148{
149 struct lib80211_tkip_data *_priv = priv;
150 if (_priv) {
151 if (_priv->tx_tfm_michael)
152 crypto_free_hash(_priv->tx_tfm_michael);
153 if (_priv->tx_tfm_arc4)
154 crypto_free_blkcipher(_priv->tx_tfm_arc4);
155 if (_priv->rx_tfm_michael)
156 crypto_free_hash(_priv->rx_tfm_michael);
157 if (_priv->rx_tfm_arc4)
158 crypto_free_blkcipher(_priv->rx_tfm_arc4);
159 }
160 kfree(priv);
161}
162
163static inline u16 RotR1(u16 val)
164{
165 return (val >> 1) | (val << 15);
166}
167
168static inline u8 Lo8(u16 val)
169{
170 return val & 0xff;
171}
172
173static inline u8 Hi8(u16 val)
174{
175 return val >> 8;
176}
177
178static inline u16 Lo16(u32 val)
179{
180 return val & 0xffff;
181}
182
183static inline u16 Hi16(u32 val)
184{
185 return val >> 16;
186}
187
188static inline u16 Mk16(u8 hi, u8 lo)
189{
190 return lo | (((u16) hi) << 8);
191}
192
193static inline u16 Mk16_le(__le16 * v)
194{
195 return le16_to_cpu(*v);
196}
197
198static const u16 Sbox[256] = {
199 0xC6A5, 0xF884, 0xEE99, 0xF68D, 0xFF0D, 0xD6BD, 0xDEB1, 0x9154,
200 0x6050, 0x0203, 0xCEA9, 0x567D, 0xE719, 0xB562, 0x4DE6, 0xEC9A,
201 0x8F45, 0x1F9D, 0x8940, 0xFA87, 0xEF15, 0xB2EB, 0x8EC9, 0xFB0B,
202 0x41EC, 0xB367, 0x5FFD, 0x45EA, 0x23BF, 0x53F7, 0xE496, 0x9B5B,
203 0x75C2, 0xE11C, 0x3DAE, 0x4C6A, 0x6C5A, 0x7E41, 0xF502, 0x834F,
204 0x685C, 0x51F4, 0xD134, 0xF908, 0xE293, 0xAB73, 0x6253, 0x2A3F,
205 0x080C, 0x9552, 0x4665, 0x9D5E, 0x3028, 0x37A1, 0x0A0F, 0x2FB5,
206 0x0E09, 0x2436, 0x1B9B, 0xDF3D, 0xCD26, 0x4E69, 0x7FCD, 0xEA9F,
207 0x121B, 0x1D9E, 0x5874, 0x342E, 0x362D, 0xDCB2, 0xB4EE, 0x5BFB,
208 0xA4F6, 0x764D, 0xB761, 0x7DCE, 0x527B, 0xDD3E, 0x5E71, 0x1397,
209 0xA6F5, 0xB968, 0x0000, 0xC12C, 0x4060, 0xE31F, 0x79C8, 0xB6ED,
210 0xD4BE, 0x8D46, 0x67D9, 0x724B, 0x94DE, 0x98D4, 0xB0E8, 0x854A,
211 0xBB6B, 0xC52A, 0x4FE5, 0xED16, 0x86C5, 0x9AD7, 0x6655, 0x1194,
212 0x8ACF, 0xE910, 0x0406, 0xFE81, 0xA0F0, 0x7844, 0x25BA, 0x4BE3,
213 0xA2F3, 0x5DFE, 0x80C0, 0x058A, 0x3FAD, 0x21BC, 0x7048, 0xF104,
214 0x63DF, 0x77C1, 0xAF75, 0x4263, 0x2030, 0xE51A, 0xFD0E, 0xBF6D,
215 0x814C, 0x1814, 0x2635, 0xC32F, 0xBEE1, 0x35A2, 0x88CC, 0x2E39,
216 0x9357, 0x55F2, 0xFC82, 0x7A47, 0xC8AC, 0xBAE7, 0x322B, 0xE695,
217 0xC0A0, 0x1998, 0x9ED1, 0xA37F, 0x4466, 0x547E, 0x3BAB, 0x0B83,
218 0x8CCA, 0xC729, 0x6BD3, 0x283C, 0xA779, 0xBCE2, 0x161D, 0xAD76,
219 0xDB3B, 0x6456, 0x744E, 0x141E, 0x92DB, 0x0C0A, 0x486C, 0xB8E4,
220 0x9F5D, 0xBD6E, 0x43EF, 0xC4A6, 0x39A8, 0x31A4, 0xD337, 0xF28B,
221 0xD532, 0x8B43, 0x6E59, 0xDAB7, 0x018C, 0xB164, 0x9CD2, 0x49E0,
222 0xD8B4, 0xACFA, 0xF307, 0xCF25, 0xCAAF, 0xF48E, 0x47E9, 0x1018,
223 0x6FD5, 0xF088, 0x4A6F, 0x5C72, 0x3824, 0x57F1, 0x73C7, 0x9751,
224 0xCB23, 0xA17C, 0xE89C, 0x3E21, 0x96DD, 0x61DC, 0x0D86, 0x0F85,
225 0xE090, 0x7C42, 0x71C4, 0xCCAA, 0x90D8, 0x0605, 0xF701, 0x1C12,
226 0xC2A3, 0x6A5F, 0xAEF9, 0x69D0, 0x1791, 0x9958, 0x3A27, 0x27B9,
227 0xD938, 0xEB13, 0x2BB3, 0x2233, 0xD2BB, 0xA970, 0x0789, 0x33A7,
228 0x2DB6, 0x3C22, 0x1592, 0xC920, 0x8749, 0xAAFF, 0x5078, 0xA57A,
229 0x038F, 0x59F8, 0x0980, 0x1A17, 0x65DA, 0xD731, 0x84C6, 0xD0B8,
230 0x82C3, 0x29B0, 0x5A77, 0x1E11, 0x7BCB, 0xA8FC, 0x6DD6, 0x2C3A,
231};
232
233static inline u16 _S_(u16 v)
234{
235 u16 t = Sbox[Hi8(v)];
236 return Sbox[Lo8(v)] ^ ((t << 8) | (t >> 8));
237}
238
239#define PHASE1_LOOP_COUNT 8
240
241static void tkip_mixing_phase1(u16 * TTAK, const u8 * TK, const u8 * TA,
242 u32 IV32)
243{
244 int i, j;
245
246
247 TTAK[0] = Lo16(IV32);
248 TTAK[1] = Hi16(IV32);
249 TTAK[2] = Mk16(TA[1], TA[0]);
250 TTAK[3] = Mk16(TA[3], TA[2]);
251 TTAK[4] = Mk16(TA[5], TA[4]);
252
253 for (i = 0; i < PHASE1_LOOP_COUNT; i++) {
254 j = 2 * (i & 1);
255 TTAK[0] += _S_(TTAK[4] ^ Mk16(TK[1 + j], TK[0 + j]));
256 TTAK[1] += _S_(TTAK[0] ^ Mk16(TK[5 + j], TK[4 + j]));
257 TTAK[2] += _S_(TTAK[1] ^ Mk16(TK[9 + j], TK[8 + j]));
258 TTAK[3] += _S_(TTAK[2] ^ Mk16(TK[13 + j], TK[12 + j]));
259 TTAK[4] += _S_(TTAK[3] ^ Mk16(TK[1 + j], TK[0 + j])) + i;
260 }
261}
262
263static void tkip_mixing_phase2(u8 * WEPSeed, const u8 * TK, const u16 * TTAK,
264 u16 IV16)
265{
266
267
268 u16 *PPK = (u16 *) & WEPSeed[4];
269
270
271 PPK[0] = TTAK[0];
272 PPK[1] = TTAK[1];
273 PPK[2] = TTAK[2];
274 PPK[3] = TTAK[3];
275 PPK[4] = TTAK[4];
276 PPK[5] = TTAK[4] + IV16;
277
278
279 PPK[0] += _S_(PPK[5] ^ Mk16_le((__le16 *) & TK[0]));
280 PPK[1] += _S_(PPK[0] ^ Mk16_le((__le16 *) & TK[2]));
281 PPK[2] += _S_(PPK[1] ^ Mk16_le((__le16 *) & TK[4]));
282 PPK[3] += _S_(PPK[2] ^ Mk16_le((__le16 *) & TK[6]));
283 PPK[4] += _S_(PPK[3] ^ Mk16_le((__le16 *) & TK[8]));
284 PPK[5] += _S_(PPK[4] ^ Mk16_le((__le16 *) & TK[10]));
285
286 PPK[0] += RotR1(PPK[5] ^ Mk16_le((__le16 *) & TK[12]));
287 PPK[1] += RotR1(PPK[0] ^ Mk16_le((__le16 *) & TK[14]));
288 PPK[2] += RotR1(PPK[1]);
289 PPK[3] += RotR1(PPK[2]);
290 PPK[4] += RotR1(PPK[3]);
291 PPK[5] += RotR1(PPK[4]);
292
293
294
295 WEPSeed[0] = Hi8(IV16);
296 WEPSeed[1] = (Hi8(IV16) | 0x20) & 0x7F;
297 WEPSeed[2] = Lo8(IV16);
298 WEPSeed[3] = Lo8((PPK[5] ^ Mk16_le((__le16 *) & TK[0])) >> 1);
299
300#ifdef __BIG_ENDIAN
301 {
302 int i;
303 for (i = 0; i < 6; i++)
304 PPK[i] = (PPK[i] << 8) | (PPK[i] >> 8);
305 }
306#endif
307}
308
309static int lib80211_tkip_hdr(struct sk_buff *skb, int hdr_len,
310 u8 * rc4key, int keylen, void *priv)
311{
312 struct lib80211_tkip_data *tkey = priv;
313 u8 *pos;
314 struct ieee80211_hdr *hdr;
315
316 hdr = (struct ieee80211_hdr *)skb->data;
317
318 if (skb_headroom(skb) < TKIP_HDR_LEN || skb->len < hdr_len)
319 return -1;
320
321 if (rc4key == NULL || keylen < 16)
322 return -1;
323
324 if (!tkey->tx_phase1_done) {
325 tkip_mixing_phase1(tkey->tx_ttak, tkey->key, hdr->addr2,
326 tkey->tx_iv32);
327 tkey->tx_phase1_done = 1;
328 }
329 tkip_mixing_phase2(rc4key, tkey->key, tkey->tx_ttak, tkey->tx_iv16);
330
331 pos = skb_push(skb, TKIP_HDR_LEN);
332 memmove(pos, pos + TKIP_HDR_LEN, hdr_len);
333 pos += hdr_len;
334
335 *pos++ = *rc4key;
336 *pos++ = *(rc4key + 1);
337 *pos++ = *(rc4key + 2);
338 *pos++ = (tkey->key_idx << 6) | (1 << 5) ;
339 *pos++ = tkey->tx_iv32 & 0xff;
340 *pos++ = (tkey->tx_iv32 >> 8) & 0xff;
341 *pos++ = (tkey->tx_iv32 >> 16) & 0xff;
342 *pos++ = (tkey->tx_iv32 >> 24) & 0xff;
343
344 tkey->tx_iv16++;
345 if (tkey->tx_iv16 == 0) {
346 tkey->tx_phase1_done = 0;
347 tkey->tx_iv32++;
348 }
349
350 return TKIP_HDR_LEN;
351}
352
353static int lib80211_tkip_encrypt(struct sk_buff *skb, int hdr_len, void *priv)
354{
355 struct lib80211_tkip_data *tkey = priv;
356 struct blkcipher_desc desc = { .tfm = tkey->tx_tfm_arc4 };
357 int len;
358 u8 rc4key[16], *pos, *icv;
359 u32 crc;
360 struct scatterlist sg;
361
362 if (tkey->flags & IEEE80211_CRYPTO_TKIP_COUNTERMEASURES) {
363 if (net_ratelimit()) {
364 struct ieee80211_hdr *hdr =
365 (struct ieee80211_hdr *)skb->data;
366 printk(KERN_DEBUG ": TKIP countermeasures: dropped "
367 "TX packet to %pM\n", hdr->addr1);
368 }
369 return -1;
370 }
371
372 if (skb_tailroom(skb) < 4 || skb->len < hdr_len)
373 return -1;
374
375 len = skb->len - hdr_len;
376 pos = skb->data + hdr_len;
377
378 if ((lib80211_tkip_hdr(skb, hdr_len, rc4key, 16, priv)) < 0)
379 return -1;
380
381 crc = ~crc32_le(~0, pos, len);
382 icv = skb_put(skb, 4);
383 icv[0] = crc;
384 icv[1] = crc >> 8;
385 icv[2] = crc >> 16;
386 icv[3] = crc >> 24;
387
388 crypto_blkcipher_setkey(tkey->tx_tfm_arc4, rc4key, 16);
389 sg_init_one(&sg, pos, len + 4);
390 return crypto_blkcipher_encrypt(&desc, &sg, &sg, len + 4);
391}
392
393
394
395
396
397static inline int tkip_replay_check(u32 iv32_n, u16 iv16_n,
398 u32 iv32_o, u16 iv16_o)
399{
400 if ((s32)iv32_n - (s32)iv32_o < 0 ||
401 (iv32_n == iv32_o && iv16_n <= iv16_o))
402 return 1;
403 return 0;
404}
405
406static int lib80211_tkip_decrypt(struct sk_buff *skb, int hdr_len, void *priv)
407{
408 struct lib80211_tkip_data *tkey = priv;
409 struct blkcipher_desc desc = { .tfm = tkey->rx_tfm_arc4 };
410 u8 rc4key[16];
411 u8 keyidx, *pos;
412 u32 iv32;
413 u16 iv16;
414 struct ieee80211_hdr *hdr;
415 u8 icv[4];
416 u32 crc;
417 struct scatterlist sg;
418 int plen;
419
420 hdr = (struct ieee80211_hdr *)skb->data;
421
422 if (tkey->flags & IEEE80211_CRYPTO_TKIP_COUNTERMEASURES) {
423 if (net_ratelimit()) {
424 printk(KERN_DEBUG ": TKIP countermeasures: dropped "
425 "received packet from %pM\n", hdr->addr2);
426 }
427 return -1;
428 }
429
430 if (skb->len < hdr_len + TKIP_HDR_LEN + 4)
431 return -1;
432
433 pos = skb->data + hdr_len;
434 keyidx = pos[3];
435 if (!(keyidx & (1 << 5))) {
436 if (net_ratelimit()) {
437 printk(KERN_DEBUG "TKIP: received packet without ExtIV"
438 " flag from %pM\n", hdr->addr2);
439 }
440 return -2;
441 }
442 keyidx >>= 6;
443 if (tkey->key_idx != keyidx) {
444 printk(KERN_DEBUG "TKIP: RX tkey->key_idx=%d frame "
445 "keyidx=%d priv=%p\n", tkey->key_idx, keyidx, priv);
446 return -6;
447 }
448 if (!tkey->key_set) {
449 if (net_ratelimit()) {
450 printk(KERN_DEBUG "TKIP: received packet from %pM"
451 " with keyid=%d that does not have a configured"
452 " key\n", hdr->addr2, keyidx);
453 }
454 return -3;
455 }
456 iv16 = (pos[0] << 8) | pos[2];
457 iv32 = pos[4] | (pos[5] << 8) | (pos[6] << 16) | (pos[7] << 24);
458 pos += TKIP_HDR_LEN;
459
460 if (tkip_replay_check(iv32, iv16, tkey->rx_iv32, tkey->rx_iv16)) {
461#ifdef CONFIG_LIB80211_DEBUG
462 if (net_ratelimit()) {
463 printk(KERN_DEBUG "TKIP: replay detected: STA=%pM"
464 " previous TSC %08x%04x received TSC "
465 "%08x%04x\n", hdr->addr2,
466 tkey->rx_iv32, tkey->rx_iv16, iv32, iv16);
467 }
468#endif
469 tkey->dot11RSNAStatsTKIPReplays++;
470 return -4;
471 }
472
473 if (iv32 != tkey->rx_iv32 || !tkey->rx_phase1_done) {
474 tkip_mixing_phase1(tkey->rx_ttak, tkey->key, hdr->addr2, iv32);
475 tkey->rx_phase1_done = 1;
476 }
477 tkip_mixing_phase2(rc4key, tkey->key, tkey->rx_ttak, iv16);
478
479 plen = skb->len - hdr_len - 12;
480
481 crypto_blkcipher_setkey(tkey->rx_tfm_arc4, rc4key, 16);
482 sg_init_one(&sg, pos, plen + 4);
483 if (crypto_blkcipher_decrypt(&desc, &sg, &sg, plen + 4)) {
484 if (net_ratelimit()) {
485 printk(KERN_DEBUG ": TKIP: failed to decrypt "
486 "received packet from %pM\n",
487 hdr->addr2);
488 }
489 return -7;
490 }
491
492 crc = ~crc32_le(~0, pos, plen);
493 icv[0] = crc;
494 icv[1] = crc >> 8;
495 icv[2] = crc >> 16;
496 icv[3] = crc >> 24;
497 if (memcmp(icv, pos + plen, 4) != 0) {
498 if (iv32 != tkey->rx_iv32) {
499
500
501 tkey->rx_phase1_done = 0;
502 }
503#ifdef CONFIG_LIB80211_DEBUG
504 if (net_ratelimit()) {
505 printk(KERN_DEBUG "TKIP: ICV error detected: STA="
506 "%pM\n", hdr->addr2);
507 }
508#endif
509 tkey->dot11RSNAStatsTKIPICVErrors++;
510 return -5;
511 }
512
513
514
515 tkey->rx_iv32_new = iv32;
516 tkey->rx_iv16_new = iv16;
517
518
519 memmove(skb->data + TKIP_HDR_LEN, skb->data, hdr_len);
520 skb_pull(skb, TKIP_HDR_LEN);
521 skb_trim(skb, skb->len - 4);
522
523 return keyidx;
524}
525
526static int michael_mic(struct crypto_hash *tfm_michael, u8 * key, u8 * hdr,
527 u8 * data, size_t data_len, u8 * mic)
528{
529 struct hash_desc desc;
530 struct scatterlist sg[2];
531
532 if (tfm_michael == NULL) {
533 pr_warn("%s(): tfm_michael == NULL\n", __func__);
534 return -1;
535 }
536 sg_init_table(sg, 2);
537 sg_set_buf(&sg[0], hdr, 16);
538 sg_set_buf(&sg[1], data, data_len);
539
540 if (crypto_hash_setkey(tfm_michael, key, 8))
541 return -1;
542
543 desc.tfm = tfm_michael;
544 desc.flags = 0;
545 return crypto_hash_digest(&desc, sg, data_len + 16, mic);
546}
547
548static void michael_mic_hdr(struct sk_buff *skb, u8 * hdr)
549{
550 struct ieee80211_hdr *hdr11;
551
552 hdr11 = (struct ieee80211_hdr *)skb->data;
553
554 switch (le16_to_cpu(hdr11->frame_control) &
555 (IEEE80211_FCTL_FROMDS | IEEE80211_FCTL_TODS)) {
556 case IEEE80211_FCTL_TODS:
557 memcpy(hdr, hdr11->addr3, ETH_ALEN);
558 memcpy(hdr + ETH_ALEN, hdr11->addr2, ETH_ALEN);
559 break;
560 case IEEE80211_FCTL_FROMDS:
561 memcpy(hdr, hdr11->addr1, ETH_ALEN);
562 memcpy(hdr + ETH_ALEN, hdr11->addr3, ETH_ALEN);
563 break;
564 case IEEE80211_FCTL_FROMDS | IEEE80211_FCTL_TODS:
565 memcpy(hdr, hdr11->addr3, ETH_ALEN);
566 memcpy(hdr + ETH_ALEN, hdr11->addr4, ETH_ALEN);
567 break;
568 case 0:
569 memcpy(hdr, hdr11->addr1, ETH_ALEN);
570 memcpy(hdr + ETH_ALEN, hdr11->addr2, ETH_ALEN);
571 break;
572 }
573
574 if (ieee80211_is_data_qos(hdr11->frame_control)) {
575 hdr[12] = le16_to_cpu(*((__le16 *)ieee80211_get_qos_ctl(hdr11)))
576 & IEEE80211_QOS_CTL_TID_MASK;
577 } else
578 hdr[12] = 0;
579
580 hdr[13] = hdr[14] = hdr[15] = 0;
581}
582
583static int lib80211_michael_mic_add(struct sk_buff *skb, int hdr_len,
584 void *priv)
585{
586 struct lib80211_tkip_data *tkey = priv;
587 u8 *pos;
588
589 if (skb_tailroom(skb) < 8 || skb->len < hdr_len) {
590 printk(KERN_DEBUG "Invalid packet for Michael MIC add "
591 "(tailroom=%d hdr_len=%d skb->len=%d)\n",
592 skb_tailroom(skb), hdr_len, skb->len);
593 return -1;
594 }
595
596 michael_mic_hdr(skb, tkey->tx_hdr);
597 pos = skb_put(skb, 8);
598 if (michael_mic(tkey->tx_tfm_michael, &tkey->key[16], tkey->tx_hdr,
599 skb->data + hdr_len, skb->len - 8 - hdr_len, pos))
600 return -1;
601
602 return 0;
603}
604
605static void lib80211_michael_mic_failure(struct net_device *dev,
606 struct ieee80211_hdr *hdr,
607 int keyidx)
608{
609 union iwreq_data wrqu;
610 struct iw_michaelmicfailure ev;
611
612
613 memset(&ev, 0, sizeof(ev));
614 ev.flags = keyidx & IW_MICFAILURE_KEY_ID;
615 if (hdr->addr1[0] & 0x01)
616 ev.flags |= IW_MICFAILURE_GROUP;
617 else
618 ev.flags |= IW_MICFAILURE_PAIRWISE;
619 ev.src_addr.sa_family = ARPHRD_ETHER;
620 memcpy(ev.src_addr.sa_data, hdr->addr2, ETH_ALEN);
621 memset(&wrqu, 0, sizeof(wrqu));
622 wrqu.data.length = sizeof(ev);
623 wireless_send_event(dev, IWEVMICHAELMICFAILURE, &wrqu, (char *)&ev);
624}
625
626static int lib80211_michael_mic_verify(struct sk_buff *skb, int keyidx,
627 int hdr_len, void *priv)
628{
629 struct lib80211_tkip_data *tkey = priv;
630 u8 mic[8];
631
632 if (!tkey->key_set)
633 return -1;
634
635 michael_mic_hdr(skb, tkey->rx_hdr);
636 if (michael_mic(tkey->rx_tfm_michael, &tkey->key[24], tkey->rx_hdr,
637 skb->data + hdr_len, skb->len - 8 - hdr_len, mic))
638 return -1;
639 if (memcmp(mic, skb->data + skb->len - 8, 8) != 0) {
640 struct ieee80211_hdr *hdr;
641 hdr = (struct ieee80211_hdr *)skb->data;
642 printk(KERN_DEBUG "%s: Michael MIC verification failed for "
643 "MSDU from %pM keyidx=%d\n",
644 skb->dev ? skb->dev->name : "N/A", hdr->addr2,
645 keyidx);
646 if (skb->dev)
647 lib80211_michael_mic_failure(skb->dev, hdr, keyidx);
648 tkey->dot11RSNAStatsTKIPLocalMICFailures++;
649 return -1;
650 }
651
652
653
654 tkey->rx_iv32 = tkey->rx_iv32_new;
655 tkey->rx_iv16 = tkey->rx_iv16_new;
656
657 skb_trim(skb, skb->len - 8);
658
659 return 0;
660}
661
662static int lib80211_tkip_set_key(void *key, int len, u8 * seq, void *priv)
663{
664 struct lib80211_tkip_data *tkey = priv;
665 int keyidx;
666 struct crypto_hash *tfm = tkey->tx_tfm_michael;
667 struct crypto_blkcipher *tfm2 = tkey->tx_tfm_arc4;
668 struct crypto_hash *tfm3 = tkey->rx_tfm_michael;
669 struct crypto_blkcipher *tfm4 = tkey->rx_tfm_arc4;
670
671 keyidx = tkey->key_idx;
672 memset(tkey, 0, sizeof(*tkey));
673 tkey->key_idx = keyidx;
674 tkey->tx_tfm_michael = tfm;
675 tkey->tx_tfm_arc4 = tfm2;
676 tkey->rx_tfm_michael = tfm3;
677 tkey->rx_tfm_arc4 = tfm4;
678 if (len == TKIP_KEY_LEN) {
679 memcpy(tkey->key, key, TKIP_KEY_LEN);
680 tkey->key_set = 1;
681 tkey->tx_iv16 = 1;
682 if (seq) {
683 tkey->rx_iv32 = (seq[5] << 24) | (seq[4] << 16) |
684 (seq[3] << 8) | seq[2];
685 tkey->rx_iv16 = (seq[1] << 8) | seq[0];
686 }
687 } else if (len == 0)
688 tkey->key_set = 0;
689 else
690 return -1;
691
692 return 0;
693}
694
695static int lib80211_tkip_get_key(void *key, int len, u8 * seq, void *priv)
696{
697 struct lib80211_tkip_data *tkey = priv;
698
699 if (len < TKIP_KEY_LEN)
700 return -1;
701
702 if (!tkey->key_set)
703 return 0;
704 memcpy(key, tkey->key, TKIP_KEY_LEN);
705
706 if (seq) {
707
708 u16 iv16 = tkey->tx_iv16;
709 u32 iv32 = tkey->tx_iv32;
710 if (iv16 == 0)
711 iv32--;
712 iv16--;
713 seq[0] = tkey->tx_iv16;
714 seq[1] = tkey->tx_iv16 >> 8;
715 seq[2] = tkey->tx_iv32;
716 seq[3] = tkey->tx_iv32 >> 8;
717 seq[4] = tkey->tx_iv32 >> 16;
718 seq[5] = tkey->tx_iv32 >> 24;
719 }
720
721 return TKIP_KEY_LEN;
722}
723
724static char *lib80211_tkip_print_stats(char *p, void *priv)
725{
726 struct lib80211_tkip_data *tkip = priv;
727 p += sprintf(p, "key[%d] alg=TKIP key_set=%d "
728 "tx_pn=%02x%02x%02x%02x%02x%02x "
729 "rx_pn=%02x%02x%02x%02x%02x%02x "
730 "replays=%d icv_errors=%d local_mic_failures=%d\n",
731 tkip->key_idx, tkip->key_set,
732 (tkip->tx_iv32 >> 24) & 0xff,
733 (tkip->tx_iv32 >> 16) & 0xff,
734 (tkip->tx_iv32 >> 8) & 0xff,
735 tkip->tx_iv32 & 0xff,
736 (tkip->tx_iv16 >> 8) & 0xff,
737 tkip->tx_iv16 & 0xff,
738 (tkip->rx_iv32 >> 24) & 0xff,
739 (tkip->rx_iv32 >> 16) & 0xff,
740 (tkip->rx_iv32 >> 8) & 0xff,
741 tkip->rx_iv32 & 0xff,
742 (tkip->rx_iv16 >> 8) & 0xff,
743 tkip->rx_iv16 & 0xff,
744 tkip->dot11RSNAStatsTKIPReplays,
745 tkip->dot11RSNAStatsTKIPICVErrors,
746 tkip->dot11RSNAStatsTKIPLocalMICFailures);
747 return p;
748}
749
750static struct lib80211_crypto_ops lib80211_crypt_tkip = {
751 .name = "TKIP",
752 .init = lib80211_tkip_init,
753 .deinit = lib80211_tkip_deinit,
754 .encrypt_mpdu = lib80211_tkip_encrypt,
755 .decrypt_mpdu = lib80211_tkip_decrypt,
756 .encrypt_msdu = lib80211_michael_mic_add,
757 .decrypt_msdu = lib80211_michael_mic_verify,
758 .set_key = lib80211_tkip_set_key,
759 .get_key = lib80211_tkip_get_key,
760 .print_stats = lib80211_tkip_print_stats,
761 .extra_mpdu_prefix_len = 4 + 4,
762 .extra_mpdu_postfix_len = 4,
763 .extra_msdu_postfix_len = 8,
764 .get_flags = lib80211_tkip_get_flags,
765 .set_flags = lib80211_tkip_set_flags,
766 .owner = THIS_MODULE,
767};
768
769static int __init lib80211_crypto_tkip_init(void)
770{
771 return lib80211_register_crypto_ops(&lib80211_crypt_tkip);
772}
773
774static void __exit lib80211_crypto_tkip_exit(void)
775{
776 lib80211_unregister_crypto_ops(&lib80211_crypt_tkip);
777}
778
779module_init(lib80211_crypto_tkip_init);
780module_exit(lib80211_crypto_tkip_exit);
781