1
2
3
4
5
6
7
8
9
10
11
12#include <linux/module.h>
13#include <linux/init.h>
14#include <linux/slab.h>
15#include <linux/random.h>
16#include <linux/skbuff.h>
17#include <linux/netdevice.h>
18#include <linux/if_ether.h>
19#include <linux/if_arp.h>
20#include <linux/string.h>
21#include <linux/crypto.h>
22#include <linux/scatterlist.h>
23#include <linux/crc32.h>
24
25#include "rtllib.h"
26
27struct rtllib_tkip_data {
28#define TKIP_KEY_LEN 32
29 u8 key[TKIP_KEY_LEN];
30 int key_set;
31
32 u32 tx_iv32;
33 u16 tx_iv16;
34 u16 tx_ttak[5];
35 int tx_phase1_done;
36
37 u32 rx_iv32;
38 u16 rx_iv16;
39 bool initialized;
40 u16 rx_ttak[5];
41 int rx_phase1_done;
42 u32 rx_iv32_new;
43 u16 rx_iv16_new;
44
45 u32 dot11RSNAStatsTKIPReplays;
46 u32 dot11RSNAStatsTKIPICVErrors;
47 u32 dot11RSNAStatsTKIPLocalMICFailures;
48
49 int key_idx;
50 struct crypto_blkcipher *rx_tfm_arc4;
51 struct crypto_hash *rx_tfm_michael;
52 struct crypto_blkcipher *tx_tfm_arc4;
53 struct crypto_hash *tx_tfm_michael;
54
55 u8 rx_hdr[16], tx_hdr[16];
56};
57
58static void *rtllib_tkip_init(int key_idx)
59{
60 struct rtllib_tkip_data *priv;
61
62 priv = kzalloc(sizeof(*priv), GFP_ATOMIC);
63 if (priv == NULL)
64 goto fail;
65 priv->key_idx = key_idx;
66 priv->tx_tfm_arc4 = crypto_alloc_blkcipher("ecb(arc4)", 0,
67 CRYPTO_ALG_ASYNC);
68 if (IS_ERR(priv->tx_tfm_arc4)) {
69 printk(KERN_DEBUG
70 "rtllib_crypt_tkip: could not allocate crypto API arc4\n");
71 priv->tx_tfm_arc4 = NULL;
72 goto fail;
73 }
74
75 priv->tx_tfm_michael = crypto_alloc_hash("michael_mic", 0,
76 CRYPTO_ALG_ASYNC);
77 if (IS_ERR(priv->tx_tfm_michael)) {
78 printk(KERN_DEBUG
79 "rtllib_crypt_tkip: could not allocate crypto API michael_mic\n");
80 priv->tx_tfm_michael = NULL;
81 goto fail;
82 }
83
84 priv->rx_tfm_arc4 = crypto_alloc_blkcipher("ecb(arc4)", 0,
85 CRYPTO_ALG_ASYNC);
86 if (IS_ERR(priv->rx_tfm_arc4)) {
87 printk(KERN_DEBUG
88 "rtllib_crypt_tkip: could not allocate crypto API arc4\n");
89 priv->rx_tfm_arc4 = NULL;
90 goto fail;
91 }
92
93 priv->rx_tfm_michael = crypto_alloc_hash("michael_mic", 0,
94 CRYPTO_ALG_ASYNC);
95 if (IS_ERR(priv->rx_tfm_michael)) {
96 printk(KERN_DEBUG
97 "rtllib_crypt_tkip: could not allocate crypto API michael_mic\n");
98 priv->rx_tfm_michael = NULL;
99 goto fail;
100 }
101 return priv;
102
103fail:
104 if (priv) {
105 if (priv->tx_tfm_michael)
106 crypto_free_hash(priv->tx_tfm_michael);
107 if (priv->tx_tfm_arc4)
108 crypto_free_blkcipher(priv->tx_tfm_arc4);
109 if (priv->rx_tfm_michael)
110 crypto_free_hash(priv->rx_tfm_michael);
111 if (priv->rx_tfm_arc4)
112 crypto_free_blkcipher(priv->rx_tfm_arc4);
113 kfree(priv);
114 }
115
116 return NULL;
117}
118
119
120static void rtllib_tkip_deinit(void *priv)
121{
122 struct rtllib_tkip_data *_priv = priv;
123
124 if (_priv) {
125 if (_priv->tx_tfm_michael)
126 crypto_free_hash(_priv->tx_tfm_michael);
127 if (_priv->tx_tfm_arc4)
128 crypto_free_blkcipher(_priv->tx_tfm_arc4);
129 if (_priv->rx_tfm_michael)
130 crypto_free_hash(_priv->rx_tfm_michael);
131 if (_priv->rx_tfm_arc4)
132 crypto_free_blkcipher(_priv->rx_tfm_arc4);
133 }
134 kfree(priv);
135}
136
137
138static inline u16 RotR1(u16 val)
139{
140 return (val >> 1) | (val << 15);
141}
142
143
144static inline u8 Lo8(u16 val)
145{
146 return val & 0xff;
147}
148
149
150static inline u8 Hi8(u16 val)
151{
152 return val >> 8;
153}
154
155
156static inline u16 Lo16(u32 val)
157{
158 return val & 0xffff;
159}
160
161
162static inline u16 Hi16(u32 val)
163{
164 return val >> 16;
165}
166
167
168static inline u16 Mk16(u8 hi, u8 lo)
169{
170 return lo | (((u16) hi) << 8);
171}
172
173
174static inline u16 Mk16_le(u16 *v)
175{
176 return *v;
177}
178
179
180static const u16 Sbox[256] = {
181 0xC6A5, 0xF884, 0xEE99, 0xF68D, 0xFF0D, 0xD6BD, 0xDEB1, 0x9154,
182 0x6050, 0x0203, 0xCEA9, 0x567D, 0xE719, 0xB562, 0x4DE6, 0xEC9A,
183 0x8F45, 0x1F9D, 0x8940, 0xFA87, 0xEF15, 0xB2EB, 0x8EC9, 0xFB0B,
184 0x41EC, 0xB367, 0x5FFD, 0x45EA, 0x23BF, 0x53F7, 0xE496, 0x9B5B,
185 0x75C2, 0xE11C, 0x3DAE, 0x4C6A, 0x6C5A, 0x7E41, 0xF502, 0x834F,
186 0x685C, 0x51F4, 0xD134, 0xF908, 0xE293, 0xAB73, 0x6253, 0x2A3F,
187 0x080C, 0x9552, 0x4665, 0x9D5E, 0x3028, 0x37A1, 0x0A0F, 0x2FB5,
188 0x0E09, 0x2436, 0x1B9B, 0xDF3D, 0xCD26, 0x4E69, 0x7FCD, 0xEA9F,
189 0x121B, 0x1D9E, 0x5874, 0x342E, 0x362D, 0xDCB2, 0xB4EE, 0x5BFB,
190 0xA4F6, 0x764D, 0xB761, 0x7DCE, 0x527B, 0xDD3E, 0x5E71, 0x1397,
191 0xA6F5, 0xB968, 0x0000, 0xC12C, 0x4060, 0xE31F, 0x79C8, 0xB6ED,
192 0xD4BE, 0x8D46, 0x67D9, 0x724B, 0x94DE, 0x98D4, 0xB0E8, 0x854A,
193 0xBB6B, 0xC52A, 0x4FE5, 0xED16, 0x86C5, 0x9AD7, 0x6655, 0x1194,
194 0x8ACF, 0xE910, 0x0406, 0xFE81, 0xA0F0, 0x7844, 0x25BA, 0x4BE3,
195 0xA2F3, 0x5DFE, 0x80C0, 0x058A, 0x3FAD, 0x21BC, 0x7048, 0xF104,
196 0x63DF, 0x77C1, 0xAF75, 0x4263, 0x2030, 0xE51A, 0xFD0E, 0xBF6D,
197 0x814C, 0x1814, 0x2635, 0xC32F, 0xBEE1, 0x35A2, 0x88CC, 0x2E39,
198 0x9357, 0x55F2, 0xFC82, 0x7A47, 0xC8AC, 0xBAE7, 0x322B, 0xE695,
199 0xC0A0, 0x1998, 0x9ED1, 0xA37F, 0x4466, 0x547E, 0x3BAB, 0x0B83,
200 0x8CCA, 0xC729, 0x6BD3, 0x283C, 0xA779, 0xBCE2, 0x161D, 0xAD76,
201 0xDB3B, 0x6456, 0x744E, 0x141E, 0x92DB, 0x0C0A, 0x486C, 0xB8E4,
202 0x9F5D, 0xBD6E, 0x43EF, 0xC4A6, 0x39A8, 0x31A4, 0xD337, 0xF28B,
203 0xD532, 0x8B43, 0x6E59, 0xDAB7, 0x018C, 0xB164, 0x9CD2, 0x49E0,
204 0xD8B4, 0xACFA, 0xF307, 0xCF25, 0xCAAF, 0xF48E, 0x47E9, 0x1018,
205 0x6FD5, 0xF088, 0x4A6F, 0x5C72, 0x3824, 0x57F1, 0x73C7, 0x9751,
206 0xCB23, 0xA17C, 0xE89C, 0x3E21, 0x96DD, 0x61DC, 0x0D86, 0x0F85,
207 0xE090, 0x7C42, 0x71C4, 0xCCAA, 0x90D8, 0x0605, 0xF701, 0x1C12,
208 0xC2A3, 0x6A5F, 0xAEF9, 0x69D0, 0x1791, 0x9958, 0x3A27, 0x27B9,
209 0xD938, 0xEB13, 0x2BB3, 0x2233, 0xD2BB, 0xA970, 0x0789, 0x33A7,
210 0x2DB6, 0x3C22, 0x1592, 0xC920, 0x8749, 0xAAFF, 0x5078, 0xA57A,
211 0x038F, 0x59F8, 0x0980, 0x1A17, 0x65DA, 0xD731, 0x84C6, 0xD0B8,
212 0x82C3, 0x29B0, 0x5A77, 0x1E11, 0x7BCB, 0xA8FC, 0x6DD6, 0x2C3A,
213};
214
215
216static inline u16 _S_(u16 v)
217{
218 u16 t = Sbox[Hi8(v)];
219 return Sbox[Lo8(v)] ^ ((t << 8) | (t >> 8));
220}
221
222
223#define PHASE1_LOOP_COUNT 8
224
225
226static void tkip_mixing_phase1(u16 *TTAK, const u8 *TK, const u8 *TA, u32 IV32)
227{
228 int i, j;
229
230
231 TTAK[0] = Lo16(IV32);
232 TTAK[1] = Hi16(IV32);
233 TTAK[2] = Mk16(TA[1], TA[0]);
234 TTAK[3] = Mk16(TA[3], TA[2]);
235 TTAK[4] = Mk16(TA[5], TA[4]);
236
237 for (i = 0; i < PHASE1_LOOP_COUNT; i++) {
238 j = 2 * (i & 1);
239 TTAK[0] += _S_(TTAK[4] ^ Mk16(TK[1 + j], TK[0 + j]));
240 TTAK[1] += _S_(TTAK[0] ^ Mk16(TK[5 + j], TK[4 + j]));
241 TTAK[2] += _S_(TTAK[1] ^ Mk16(TK[9 + j], TK[8 + j]));
242 TTAK[3] += _S_(TTAK[2] ^ Mk16(TK[13 + j], TK[12 + j]));
243 TTAK[4] += _S_(TTAK[3] ^ Mk16(TK[1 + j], TK[0 + j])) + i;
244 }
245}
246
247
248static void tkip_mixing_phase2(u8 *WEPSeed, const u8 *TK, const u16 *TTAK,
249 u16 IV16)
250{
251
252
253
254 u16 *PPK = (u16 *) &WEPSeed[4];
255
256
257 PPK[0] = TTAK[0];
258 PPK[1] = TTAK[1];
259 PPK[2] = TTAK[2];
260 PPK[3] = TTAK[3];
261 PPK[4] = TTAK[4];
262 PPK[5] = TTAK[4] + IV16;
263
264
265 PPK[0] += _S_(PPK[5] ^ Mk16_le((u16 *) &TK[0]));
266 PPK[1] += _S_(PPK[0] ^ Mk16_le((u16 *) &TK[2]));
267 PPK[2] += _S_(PPK[1] ^ Mk16_le((u16 *) &TK[4]));
268 PPK[3] += _S_(PPK[2] ^ Mk16_le((u16 *) &TK[6]));
269 PPK[4] += _S_(PPK[3] ^ Mk16_le((u16 *) &TK[8]));
270 PPK[5] += _S_(PPK[4] ^ Mk16_le((u16 *) &TK[10]));
271
272 PPK[0] += RotR1(PPK[5] ^ Mk16_le((u16 *) &TK[12]));
273 PPK[1] += RotR1(PPK[0] ^ Mk16_le((u16 *) &TK[14]));
274 PPK[2] += RotR1(PPK[1]);
275 PPK[3] += RotR1(PPK[2]);
276 PPK[4] += RotR1(PPK[3]);
277 PPK[5] += RotR1(PPK[4]);
278
279
280
281
282 WEPSeed[0] = Hi8(IV16);
283 WEPSeed[1] = (Hi8(IV16) | 0x20) & 0x7F;
284 WEPSeed[2] = Lo8(IV16);
285 WEPSeed[3] = Lo8((PPK[5] ^ Mk16_le((u16 *) &TK[0])) >> 1);
286
287#ifdef __BIG_ENDIAN
288 {
289 int i;
290
291 for (i = 0; i < 6; i++)
292 PPK[i] = (PPK[i] << 8) | (PPK[i] >> 8);
293 }
294#endif
295}
296
297
298static int rtllib_tkip_encrypt(struct sk_buff *skb, int hdr_len, void *priv)
299{
300 struct rtllib_tkip_data *tkey = priv;
301 int len;
302 u8 *pos;
303 struct rtllib_hdr_4addr *hdr;
304 struct cb_desc *tcb_desc = (struct cb_desc *)(skb->cb +
305 MAX_DEV_ADDR_SIZE);
306 struct blkcipher_desc desc = {.tfm = tkey->tx_tfm_arc4};
307 int ret = 0;
308 u8 rc4key[16], *icv;
309 u32 crc;
310 struct scatterlist sg;
311
312 if (skb_headroom(skb) < 8 || skb_tailroom(skb) < 4 ||
313 skb->len < hdr_len)
314 return -1;
315
316 hdr = (struct rtllib_hdr_4addr *) skb->data;
317
318 if (!tcb_desc->bHwSec) {
319 if (!tkey->tx_phase1_done) {
320 tkip_mixing_phase1(tkey->tx_ttak, tkey->key, hdr->addr2,
321 tkey->tx_iv32);
322 tkey->tx_phase1_done = 1;
323 }
324 tkip_mixing_phase2(rc4key, tkey->key, tkey->tx_ttak,
325 tkey->tx_iv16);
326 } else
327 tkey->tx_phase1_done = 1;
328
329
330 len = skb->len - hdr_len;
331 pos = skb_push(skb, 8);
332 memmove(pos, pos + 8, hdr_len);
333 pos += hdr_len;
334
335 if (tcb_desc->bHwSec) {
336 *pos++ = Hi8(tkey->tx_iv16);
337 *pos++ = (Hi8(tkey->tx_iv16) | 0x20) & 0x7F;
338 *pos++ = Lo8(tkey->tx_iv16);
339 } else {
340 *pos++ = rc4key[0];
341 *pos++ = rc4key[1];
342 *pos++ = rc4key[2];
343 }
344
345 *pos++ = (tkey->key_idx << 6) | (1 << 5) ;
346 *pos++ = tkey->tx_iv32 & 0xff;
347 *pos++ = (tkey->tx_iv32 >> 8) & 0xff;
348 *pos++ = (tkey->tx_iv32 >> 16) & 0xff;
349 *pos++ = (tkey->tx_iv32 >> 24) & 0xff;
350
351 if (!tcb_desc->bHwSec) {
352 icv = skb_put(skb, 4);
353 crc = ~crc32_le(~0, pos, len);
354 icv[0] = crc;
355 icv[1] = crc >> 8;
356 icv[2] = crc >> 16;
357 icv[3] = crc >> 24;
358
359 sg_init_one(&sg, pos, len+4);
360
361
362 crypto_blkcipher_setkey(tkey->tx_tfm_arc4, rc4key, 16);
363 ret = crypto_blkcipher_encrypt(&desc, &sg, &sg, len + 4);
364 }
365
366 tkey->tx_iv16++;
367 if (tkey->tx_iv16 == 0) {
368 tkey->tx_phase1_done = 0;
369 tkey->tx_iv32++;
370 }
371
372 if (!tcb_desc->bHwSec)
373 return ret;
374 else
375 return 0;
376
377
378}
379
380static int rtllib_tkip_decrypt(struct sk_buff *skb, int hdr_len, void *priv)
381{
382 struct rtllib_tkip_data *tkey = priv;
383 u8 keyidx, *pos;
384 u32 iv32;
385 u16 iv16;
386 struct rtllib_hdr_4addr *hdr;
387 struct cb_desc *tcb_desc = (struct cb_desc *)(skb->cb +
388 MAX_DEV_ADDR_SIZE);
389 struct blkcipher_desc desc = {.tfm = tkey->rx_tfm_arc4};
390 u8 rc4key[16];
391 u8 icv[4];
392 u32 crc;
393 struct scatterlist sg;
394 int plen;
395
396 if (skb->len < hdr_len + 8 + 4)
397 return -1;
398
399 hdr = (struct rtllib_hdr_4addr *) skb->data;
400 pos = skb->data + hdr_len;
401 keyidx = pos[3];
402 if (!(keyidx & (1 << 5))) {
403 if (net_ratelimit()) {
404 printk(KERN_DEBUG
405 "TKIP: received packet without ExtIV flag from %pM\n",
406 hdr->addr2);
407 }
408 return -2;
409 }
410 keyidx >>= 6;
411 if (tkey->key_idx != keyidx) {
412 printk(KERN_DEBUG
413 "TKIP: RX tkey->key_idx=%d frame keyidx=%d priv=%p\n",
414 tkey->key_idx, keyidx, priv);
415 return -6;
416 }
417 if (!tkey->key_set) {
418 if (net_ratelimit()) {
419 printk(KERN_DEBUG
420 "TKIP: received packet from %pM with keyid=%d that does not have a configured key\n",
421 hdr->addr2, keyidx);
422 }
423 return -3;
424 }
425 iv16 = (pos[0] << 8) | pos[2];
426 iv32 = pos[4] | (pos[5] << 8) | (pos[6] << 16) | (pos[7] << 24);
427 pos += 8;
428
429 if (!tcb_desc->bHwSec || (skb->cb[0] == 1)) {
430 if ((iv32 < tkey->rx_iv32 ||
431 (iv32 == tkey->rx_iv32 && iv16 <= tkey->rx_iv16)) &&
432 tkey->initialized) {
433 if (net_ratelimit()) {
434 printk(KERN_DEBUG
435 "TKIP: replay detected: STA= %pM previous TSC %08x%04x received TSC %08x%04x\n",
436 hdr->addr2, tkey->rx_iv32, tkey->rx_iv16,
437 iv32, iv16);
438 }
439 tkey->dot11RSNAStatsTKIPReplays++;
440 return -4;
441 }
442 tkey->initialized = true;
443
444 if (iv32 != tkey->rx_iv32 || !tkey->rx_phase1_done) {
445 tkip_mixing_phase1(tkey->rx_ttak, tkey->key,
446 hdr->addr2, iv32);
447 tkey->rx_phase1_done = 1;
448 }
449 tkip_mixing_phase2(rc4key, tkey->key, tkey->rx_ttak, iv16);
450
451 plen = skb->len - hdr_len - 12;
452
453 sg_init_one(&sg, pos, plen+4);
454
455 crypto_blkcipher_setkey(tkey->rx_tfm_arc4, rc4key, 16);
456 if (crypto_blkcipher_decrypt(&desc, &sg, &sg, plen + 4)) {
457 if (net_ratelimit()) {
458 printk(KERN_DEBUG
459 ": TKIP: failed to decrypt received packet from %pM\n",
460 hdr->addr2);
461 }
462 return -7;
463 }
464
465 crc = ~crc32_le(~0, pos, plen);
466 icv[0] = crc;
467 icv[1] = crc >> 8;
468 icv[2] = crc >> 16;
469 icv[3] = crc >> 24;
470
471 if (memcmp(icv, pos + plen, 4) != 0) {
472 if (iv32 != tkey->rx_iv32) {
473
474
475
476
477 tkey->rx_phase1_done = 0;
478 }
479 if (net_ratelimit()) {
480 printk(KERN_DEBUG
481 "TKIP: ICV error detected: STA= %pM\n",
482 hdr->addr2);
483 }
484 tkey->dot11RSNAStatsTKIPICVErrors++;
485 return -5;
486 }
487
488 }
489
490
491
492
493 tkey->rx_iv32_new = iv32;
494 tkey->rx_iv16_new = iv16;
495
496
497 memmove(skb->data + 8, skb->data, hdr_len);
498 skb_pull(skb, 8);
499 skb_trim(skb, skb->len - 4);
500
501 return keyidx;
502}
503
504
505static int michael_mic(struct crypto_hash *tfm_michael, u8 *key, u8 *hdr,
506 u8 *data, size_t data_len, u8 *mic)
507{
508 struct hash_desc desc;
509 struct scatterlist sg[2];
510
511 if (tfm_michael == NULL) {
512 pr_warn("michael_mic: tfm_michael == NULL\n");
513 return -1;
514 }
515 sg_init_table(sg, 2);
516 sg_set_buf(&sg[0], hdr, 16);
517 sg_set_buf(&sg[1], data, data_len);
518
519 if (crypto_hash_setkey(tfm_michael, key, 8))
520 return -1;
521
522 desc.tfm = tfm_michael;
523 desc.flags = 0;
524 return crypto_hash_digest(&desc, sg, data_len + 16, mic);
525}
526
527static void michael_mic_hdr(struct sk_buff *skb, u8 *hdr)
528{
529 struct rtllib_hdr_4addr *hdr11;
530
531 hdr11 = (struct rtllib_hdr_4addr *) skb->data;
532 switch (le16_to_cpu(hdr11->frame_ctl) &
533 (RTLLIB_FCTL_FROMDS | RTLLIB_FCTL_TODS)) {
534 case RTLLIB_FCTL_TODS:
535 memcpy(hdr, hdr11->addr3, ETH_ALEN);
536 memcpy(hdr + ETH_ALEN, hdr11->addr2, ETH_ALEN);
537 break;
538 case RTLLIB_FCTL_FROMDS:
539 memcpy(hdr, hdr11->addr1, ETH_ALEN);
540 memcpy(hdr + ETH_ALEN, hdr11->addr3, ETH_ALEN);
541 break;
542 case RTLLIB_FCTL_FROMDS | RTLLIB_FCTL_TODS:
543 memcpy(hdr, hdr11->addr3, ETH_ALEN);
544 memcpy(hdr + ETH_ALEN, hdr11->addr4, ETH_ALEN);
545 break;
546 case 0:
547 memcpy(hdr, hdr11->addr1, ETH_ALEN);
548 memcpy(hdr + ETH_ALEN, hdr11->addr2, ETH_ALEN);
549 break;
550 }
551
552 hdr[12] = 0;
553
554 hdr[13] = hdr[14] = hdr[15] = 0;
555}
556
557
558static int rtllib_michael_mic_add(struct sk_buff *skb, int hdr_len, void *priv)
559{
560 struct rtllib_tkip_data *tkey = priv;
561 u8 *pos;
562 struct rtllib_hdr_4addr *hdr;
563
564 hdr = (struct rtllib_hdr_4addr *) skb->data;
565
566 if (skb_tailroom(skb) < 8 || skb->len < hdr_len) {
567 printk(KERN_DEBUG
568 "Invalid packet for Michael MIC add (tailroom=%d hdr_len=%d skb->len=%d)\n",
569 skb_tailroom(skb), hdr_len, skb->len);
570 return -1;
571 }
572
573 michael_mic_hdr(skb, tkey->tx_hdr);
574
575 if (RTLLIB_QOS_HAS_SEQ(le16_to_cpu(hdr->frame_ctl)))
576 tkey->tx_hdr[12] = *(skb->data + hdr_len - 2) & 0x07;
577 pos = skb_put(skb, 8);
578 if (michael_mic(tkey->tx_tfm_michael, &tkey->key[16], tkey->tx_hdr,
579 skb->data + hdr_len, skb->len - 8 - hdr_len, pos))
580 return -1;
581
582 return 0;
583}
584
585
586static void rtllib_michael_mic_failure(struct net_device *dev,
587 struct rtllib_hdr_4addr *hdr,
588 int keyidx)
589{
590 union iwreq_data wrqu;
591 struct iw_michaelmicfailure ev;
592
593
594 memset(&ev, 0, sizeof(ev));
595 ev.flags = keyidx & IW_MICFAILURE_KEY_ID;
596 if (hdr->addr1[0] & 0x01)
597 ev.flags |= IW_MICFAILURE_GROUP;
598 else
599 ev.flags |= IW_MICFAILURE_PAIRWISE;
600 ev.src_addr.sa_family = ARPHRD_ETHER;
601 memcpy(ev.src_addr.sa_data, hdr->addr2, ETH_ALEN);
602 memset(&wrqu, 0, sizeof(wrqu));
603 wrqu.data.length = sizeof(ev);
604 wireless_send_event(dev, IWEVMICHAELMICFAILURE, &wrqu, (char *) &ev);
605}
606
607static int rtllib_michael_mic_verify(struct sk_buff *skb, int keyidx,
608 int hdr_len, void *priv)
609{
610 struct rtllib_tkip_data *tkey = priv;
611 u8 mic[8];
612 struct rtllib_hdr_4addr *hdr;
613
614 hdr = (struct rtllib_hdr_4addr *) skb->data;
615
616 if (!tkey->key_set)
617 return -1;
618
619 michael_mic_hdr(skb, tkey->rx_hdr);
620 if (RTLLIB_QOS_HAS_SEQ(le16_to_cpu(hdr->frame_ctl)))
621 tkey->rx_hdr[12] = *(skb->data + hdr_len - 2) & 0x07;
622
623 if (michael_mic(tkey->rx_tfm_michael, &tkey->key[24], tkey->rx_hdr,
624 skb->data + hdr_len, skb->len - 8 - hdr_len, mic))
625 return -1;
626
627 if (memcmp(mic, skb->data + skb->len - 8, 8) != 0) {
628 struct rtllib_hdr_4addr *hdr;
629
630 hdr = (struct rtllib_hdr_4addr *) skb->data;
631 printk(KERN_DEBUG
632 "%s: Michael MIC verification failed for MSDU from %pM keyidx=%d\n",
633 skb->dev ? skb->dev->name : "N/A", hdr->addr2,
634 keyidx);
635 printk(KERN_DEBUG "%d\n",
636 memcmp(mic, skb->data + skb->len - 8, 8) != 0);
637 if (skb->dev) {
638 pr_info("skb->dev != NULL\n");
639 rtllib_michael_mic_failure(skb->dev, hdr, keyidx);
640 }
641 tkey->dot11RSNAStatsTKIPLocalMICFailures++;
642 return -1;
643 }
644
645
646
647
648 tkey->rx_iv32 = tkey->rx_iv32_new;
649 tkey->rx_iv16 = tkey->rx_iv16_new;
650
651 skb_trim(skb, skb->len - 8);
652
653 return 0;
654}
655
656
657static int rtllib_tkip_set_key(void *key, int len, u8 *seq, void *priv)
658{
659 struct rtllib_tkip_data *tkey = priv;
660 int keyidx;
661 struct crypto_hash *tfm = tkey->tx_tfm_michael;
662 struct crypto_blkcipher *tfm2 = tkey->tx_tfm_arc4;
663 struct crypto_hash *tfm3 = tkey->rx_tfm_michael;
664 struct crypto_blkcipher *tfm4 = tkey->rx_tfm_arc4;
665
666 keyidx = tkey->key_idx;
667 memset(tkey, 0, sizeof(*tkey));
668 tkey->key_idx = keyidx;
669 tkey->tx_tfm_michael = tfm;
670 tkey->tx_tfm_arc4 = tfm2;
671 tkey->rx_tfm_michael = tfm3;
672 tkey->rx_tfm_arc4 = tfm4;
673
674 if (len == TKIP_KEY_LEN) {
675 memcpy(tkey->key, key, TKIP_KEY_LEN);
676 tkey->key_set = 1;
677 tkey->tx_iv16 = 1;
678 if (seq) {
679 tkey->rx_iv32 = (seq[5] << 24) | (seq[4] << 16) |
680 (seq[3] << 8) | seq[2];
681 tkey->rx_iv16 = (seq[1] << 8) | seq[0];
682 }
683 } else if (len == 0)
684 tkey->key_set = 0;
685 else
686 return -1;
687
688 return 0;
689}
690
691
692static int rtllib_tkip_get_key(void *key, int len, u8 *seq, void *priv)
693{
694 struct rtllib_tkip_data *tkey = priv;
695
696 if (len < TKIP_KEY_LEN)
697 return -1;
698
699 if (!tkey->key_set)
700 return 0;
701 memcpy(key, tkey->key, TKIP_KEY_LEN);
702
703 if (seq) {
704
705 u16 iv16 = tkey->tx_iv16;
706 u32 iv32 = tkey->tx_iv32;
707
708 if (iv16 == 0)
709 iv32--;
710 iv16--;
711 seq[0] = tkey->tx_iv16;
712 seq[1] = tkey->tx_iv16 >> 8;
713 seq[2] = tkey->tx_iv32;
714 seq[3] = tkey->tx_iv32 >> 8;
715 seq[4] = tkey->tx_iv32 >> 16;
716 seq[5] = tkey->tx_iv32 >> 24;
717 }
718
719 return TKIP_KEY_LEN;
720}
721
722
723static void rtllib_tkip_print_stats(struct seq_file *m, void *priv)
724{
725 struct rtllib_tkip_data *tkip = priv;
726
727 seq_printf(m,
728 "key[%d] alg=TKIP key_set=%d tx_pn=%02x%02x%02x%02x%02x%02x rx_pn=%02x%02x%02x%02x%02x%02x replays=%d icv_errors=%d local_mic_failures=%d\n",
729 tkip->key_idx, tkip->key_set,
730 (tkip->tx_iv32 >> 24) & 0xff,
731 (tkip->tx_iv32 >> 16) & 0xff,
732 (tkip->tx_iv32 >> 8) & 0xff,
733 tkip->tx_iv32 & 0xff,
734 (tkip->tx_iv16 >> 8) & 0xff,
735 tkip->tx_iv16 & 0xff,
736 (tkip->rx_iv32 >> 24) & 0xff,
737 (tkip->rx_iv32 >> 16) & 0xff,
738 (tkip->rx_iv32 >> 8) & 0xff,
739 tkip->rx_iv32 & 0xff,
740 (tkip->rx_iv16 >> 8) & 0xff,
741 tkip->rx_iv16 & 0xff,
742 tkip->dot11RSNAStatsTKIPReplays,
743 tkip->dot11RSNAStatsTKIPICVErrors,
744 tkip->dot11RSNAStatsTKIPLocalMICFailures);
745}
746
747static struct lib80211_crypto_ops rtllib_crypt_tkip = {
748 .name = "R-TKIP",
749 .init = rtllib_tkip_init,
750 .deinit = rtllib_tkip_deinit,
751 .encrypt_mpdu = rtllib_tkip_encrypt,
752 .decrypt_mpdu = rtllib_tkip_decrypt,
753 .encrypt_msdu = rtllib_michael_mic_add,
754 .decrypt_msdu = rtllib_michael_mic_verify,
755 .set_key = rtllib_tkip_set_key,
756 .get_key = rtllib_tkip_get_key,
757 .print_stats = rtllib_tkip_print_stats,
758 .extra_mpdu_prefix_len = 4 + 4,
759 .extra_mpdu_postfix_len = 4,
760 .extra_msdu_postfix_len = 8,
761 .owner = THIS_MODULE,
762};
763
764
765static int __init rtllib_crypto_tkip_init(void)
766{
767 return lib80211_register_crypto_ops(&rtllib_crypt_tkip);
768}
769
770
771static void __exit rtllib_crypto_tkip_exit(void)
772{
773 lib80211_unregister_crypto_ops(&rtllib_crypt_tkip);
774}
775
776module_init(rtllib_crypto_tkip_init);
777module_exit(rtllib_crypto_tkip_exit);
778
779MODULE_LICENSE("GPL");
780
