1
2
3
4
5
6
7
8#include <linux/fips.h>
9#include <linux/module.h>
10#include <linux/init.h>
11#include <linux/slab.h>
12#include <linux/random.h>
13#include <linux/skbuff.h>
14#include <linux/netdevice.h>
15#include <linux/if_ether.h>
16#include <linux/if_arp.h>
17#include <linux/string.h>
18
19#include "ieee80211.h"
20
21#include <crypto/arc4.h>
22#include <crypto/hash.h>
23#include <linux/crc32.h>
24
25MODULE_AUTHOR("Jouni Malinen");
26MODULE_DESCRIPTION("Host AP crypt: TKIP");
27MODULE_LICENSE("GPL");
28
29struct ieee80211_tkip_data {
30#define TKIP_KEY_LEN 32
31 u8 key[TKIP_KEY_LEN];
32 int key_set;
33
34 u32 tx_iv32;
35 u16 tx_iv16;
36 u16 tx_ttak[5];
37 int tx_phase1_done;
38
39 u32 rx_iv32;
40 u16 rx_iv16;
41 u16 rx_ttak[5];
42 int rx_phase1_done;
43 u32 rx_iv32_new;
44 u16 rx_iv16_new;
45
46 u32 dot11RSNAStatsTKIPReplays;
47 u32 dot11RSNAStatsTKIPICVErrors;
48 u32 dot11RSNAStatsTKIPLocalMICFailures;
49
50 int key_idx;
51
52 struct arc4_ctx rx_ctx_arc4;
53 struct arc4_ctx tx_ctx_arc4;
54 struct crypto_shash *rx_tfm_michael;
55 struct crypto_shash *tx_tfm_michael;
56
57
58 u8 rx_hdr[16], tx_hdr[16];
59};
60
61static void *ieee80211_tkip_init(int key_idx)
62{
63 struct ieee80211_tkip_data *priv;
64
65 if (fips_enabled)
66 return NULL;
67
68 priv = kzalloc(sizeof(*priv), GFP_KERNEL);
69 if (!priv)
70 goto fail;
71 priv->key_idx = key_idx;
72
73 priv->tx_tfm_michael = crypto_alloc_shash("michael_mic", 0, 0);
74 if (IS_ERR(priv->tx_tfm_michael)) {
75 printk(KERN_DEBUG "ieee80211_crypt_tkip: could not allocate "
76 "crypto API michael_mic\n");
77 priv->tx_tfm_michael = NULL;
78 goto fail;
79 }
80
81 priv->rx_tfm_michael = crypto_alloc_shash("michael_mic", 0, 0);
82 if (IS_ERR(priv->rx_tfm_michael)) {
83 printk(KERN_DEBUG "ieee80211_crypt_tkip: could not allocate "
84 "crypto API michael_mic\n");
85 priv->rx_tfm_michael = NULL;
86 goto fail;
87 }
88
89 return priv;
90
91fail:
92 if (priv) {
93 crypto_free_shash(priv->tx_tfm_michael);
94 crypto_free_shash(priv->rx_tfm_michael);
95 kfree(priv);
96 }
97
98 return NULL;
99}
100
101
102static void ieee80211_tkip_deinit(void *priv)
103{
104 struct ieee80211_tkip_data *_priv = priv;
105
106 if (_priv) {
107 crypto_free_shash(_priv->tx_tfm_michael);
108 crypto_free_shash(_priv->rx_tfm_michael);
109 }
110 kfree_sensitive(priv);
111}
112
113
114static inline u16 RotR1(u16 val)
115{
116 return (val >> 1) | (val << 15);
117}
118
119
120static inline u8 Lo8(u16 val)
121{
122 return val & 0xff;
123}
124
125
126static inline u8 Hi8(u16 val)
127{
128 return val >> 8;
129}
130
131
132static inline u16 Lo16(u32 val)
133{
134 return val & 0xffff;
135}
136
137
138static inline u16 Hi16(u32 val)
139{
140 return val >> 16;
141}
142
143
144static inline u16 Mk16(u8 hi, u8 lo)
145{
146 return lo | (((u16)hi) << 8);
147}
148
149static const u16 Sbox[256] = {
150 0xC6A5, 0xF884, 0xEE99, 0xF68D, 0xFF0D, 0xD6BD, 0xDEB1, 0x9154,
151 0x6050, 0x0203, 0xCEA9, 0x567D, 0xE719, 0xB562, 0x4DE6, 0xEC9A,
152 0x8F45, 0x1F9D, 0x8940, 0xFA87, 0xEF15, 0xB2EB, 0x8EC9, 0xFB0B,
153 0x41EC, 0xB367, 0x5FFD, 0x45EA, 0x23BF, 0x53F7, 0xE496, 0x9B5B,
154 0x75C2, 0xE11C, 0x3DAE, 0x4C6A, 0x6C5A, 0x7E41, 0xF502, 0x834F,
155 0x685C, 0x51F4, 0xD134, 0xF908, 0xE293, 0xAB73, 0x6253, 0x2A3F,
156 0x080C, 0x9552, 0x4665, 0x9D5E, 0x3028, 0x37A1, 0x0A0F, 0x2FB5,
157 0x0E09, 0x2436, 0x1B9B, 0xDF3D, 0xCD26, 0x4E69, 0x7FCD, 0xEA9F,
158 0x121B, 0x1D9E, 0x5874, 0x342E, 0x362D, 0xDCB2, 0xB4EE, 0x5BFB,
159 0xA4F6, 0x764D, 0xB761, 0x7DCE, 0x527B, 0xDD3E, 0x5E71, 0x1397,
160 0xA6F5, 0xB968, 0x0000, 0xC12C, 0x4060, 0xE31F, 0x79C8, 0xB6ED,
161 0xD4BE, 0x8D46, 0x67D9, 0x724B, 0x94DE, 0x98D4, 0xB0E8, 0x854A,
162 0xBB6B, 0xC52A, 0x4FE5, 0xED16, 0x86C5, 0x9AD7, 0x6655, 0x1194,
163 0x8ACF, 0xE910, 0x0406, 0xFE81, 0xA0F0, 0x7844, 0x25BA, 0x4BE3,
164 0xA2F3, 0x5DFE, 0x80C0, 0x058A, 0x3FAD, 0x21BC, 0x7048, 0xF104,
165 0x63DF, 0x77C1, 0xAF75, 0x4263, 0x2030, 0xE51A, 0xFD0E, 0xBF6D,
166 0x814C, 0x1814, 0x2635, 0xC32F, 0xBEE1, 0x35A2, 0x88CC, 0x2E39,
167 0x9357, 0x55F2, 0xFC82, 0x7A47, 0xC8AC, 0xBAE7, 0x322B, 0xE695,
168 0xC0A0, 0x1998, 0x9ED1, 0xA37F, 0x4466, 0x547E, 0x3BAB, 0x0B83,
169 0x8CCA, 0xC729, 0x6BD3, 0x283C, 0xA779, 0xBCE2, 0x161D, 0xAD76,
170 0xDB3B, 0x6456, 0x744E, 0x141E, 0x92DB, 0x0C0A, 0x486C, 0xB8E4,
171 0x9F5D, 0xBD6E, 0x43EF, 0xC4A6, 0x39A8, 0x31A4, 0xD337, 0xF28B,
172 0xD532, 0x8B43, 0x6E59, 0xDAB7, 0x018C, 0xB164, 0x9CD2, 0x49E0,
173 0xD8B4, 0xACFA, 0xF307, 0xCF25, 0xCAAF, 0xF48E, 0x47E9, 0x1018,
174 0x6FD5, 0xF088, 0x4A6F, 0x5C72, 0x3824, 0x57F1, 0x73C7, 0x9751,
175 0xCB23, 0xA17C, 0xE89C, 0x3E21, 0x96DD, 0x61DC, 0x0D86, 0x0F85,
176 0xE090, 0x7C42, 0x71C4, 0xCCAA, 0x90D8, 0x0605, 0xF701, 0x1C12,
177 0xC2A3, 0x6A5F, 0xAEF9, 0x69D0, 0x1791, 0x9958, 0x3A27, 0x27B9,
178 0xD938, 0xEB13, 0x2BB3, 0x2233, 0xD2BB, 0xA970, 0x0789, 0x33A7,
179 0x2DB6, 0x3C22, 0x1592, 0xC920, 0x8749, 0xAAFF, 0x5078, 0xA57A,
180 0x038F, 0x59F8, 0x0980, 0x1A17, 0x65DA, 0xD731, 0x84C6, 0xD0B8,
181 0x82C3, 0x29B0, 0x5A77, 0x1E11, 0x7BCB, 0xA8FC, 0x6DD6, 0x2C3A,
182};
183
184
185static inline u16 _S_(u16 v)
186{
187 u16 t = Sbox[Hi8(v)];
188 return Sbox[Lo8(v)] ^ ((t << 8) | (t >> 8));
189}
190
191
192#define PHASE1_LOOP_COUNT 8
193
194
195static void tkip_mixing_phase1(u16 *TTAK, const u8 *TK, const u8 *TA, u32 IV32)
196{
197 int i, j;
198
199
200 TTAK[0] = Lo16(IV32);
201 TTAK[1] = Hi16(IV32);
202 TTAK[2] = Mk16(TA[1], TA[0]);
203 TTAK[3] = Mk16(TA[3], TA[2]);
204 TTAK[4] = Mk16(TA[5], TA[4]);
205
206 for (i = 0; i < PHASE1_LOOP_COUNT; i++) {
207 j = 2 * (i & 1);
208 TTAK[0] += _S_(TTAK[4] ^ Mk16(TK[1 + j], TK[0 + j]));
209 TTAK[1] += _S_(TTAK[0] ^ Mk16(TK[5 + j], TK[4 + j]));
210 TTAK[2] += _S_(TTAK[1] ^ Mk16(TK[9 + j], TK[8 + j]));
211 TTAK[3] += _S_(TTAK[2] ^ Mk16(TK[13 + j], TK[12 + j]));
212 TTAK[4] += _S_(TTAK[3] ^ Mk16(TK[1 + j], TK[0 + j])) + i;
213 }
214}
215
216
217static void tkip_mixing_phase2(u8 *WEPSeed, const u8 *TK, const u16 *TTAK,
218 u16 IV16)
219{
220
221
222
223
224 u16 *PPK = (u16 *)&WEPSeed[4];
225
226
227 PPK[0] = TTAK[0];
228 PPK[1] = TTAK[1];
229 PPK[2] = TTAK[2];
230 PPK[3] = TTAK[3];
231 PPK[4] = TTAK[4];
232 PPK[5] = TTAK[4] + IV16;
233
234
235 PPK[0] += _S_(PPK[5] ^ le16_to_cpu(*(__le16 *)(&TK[0])));
236 PPK[1] += _S_(PPK[0] ^ le16_to_cpu(*(__le16 *)(&TK[2])));
237 PPK[2] += _S_(PPK[1] ^ le16_to_cpu(*(__le16 *)(&TK[4])));
238 PPK[3] += _S_(PPK[2] ^ le16_to_cpu(*(__le16 *)(&TK[6])));
239 PPK[4] += _S_(PPK[3] ^ le16_to_cpu(*(__le16 *)(&TK[8])));
240 PPK[5] += _S_(PPK[4] ^ le16_to_cpu(*(__le16 *)(&TK[10])));
241
242 PPK[0] += RotR1(PPK[5] ^ le16_to_cpu(*(__le16 *)(&TK[12])));
243 PPK[1] += RotR1(PPK[0] ^ le16_to_cpu(*(__le16 *)(&TK[14])));
244 PPK[2] += RotR1(PPK[1]);
245 PPK[3] += RotR1(PPK[2]);
246 PPK[4] += RotR1(PPK[3]);
247 PPK[5] += RotR1(PPK[4]);
248
249
250
251
252
253 WEPSeed[0] = Hi8(IV16);
254 WEPSeed[1] = (Hi8(IV16) | 0x20) & 0x7F;
255 WEPSeed[2] = Lo8(IV16);
256 WEPSeed[3] = Lo8((PPK[5] ^ le16_to_cpu(*(__le16 *)(&TK[0]))) >> 1);
257
258#ifdef __BIG_ENDIAN
259 {
260 int i;
261
262 for (i = 0; i < 6; i++)
263 PPK[i] = (PPK[i] << 8) | (PPK[i] >> 8);
264 }
265#endif
266}
267
268
269static int ieee80211_tkip_encrypt(struct sk_buff *skb, int hdr_len, void *priv)
270{
271 struct ieee80211_tkip_data *tkey = priv;
272 int len;
273 u8 *pos;
274 struct rtl_80211_hdr_4addr *hdr;
275 struct cb_desc *tcb_desc = (struct cb_desc *)(skb->cb + MAX_DEV_ADDR_SIZE);
276 u8 rc4key[16], *icv;
277 u32 crc;
278
279 if (skb_headroom(skb) < 8 || skb_tailroom(skb) < 4 ||
280 skb->len < hdr_len)
281 return -1;
282
283 hdr = (struct rtl_80211_hdr_4addr *)skb->data;
284
285 if (!tcb_desc->bHwSec) {
286 if (!tkey->tx_phase1_done) {
287 tkip_mixing_phase1(tkey->tx_ttak, tkey->key, hdr->addr2,
288 tkey->tx_iv32);
289 tkey->tx_phase1_done = 1;
290 }
291 tkip_mixing_phase2(rc4key, tkey->key, tkey->tx_ttak, tkey->tx_iv16);
292 } else
293 tkey->tx_phase1_done = 1;
294
295
296 len = skb->len - hdr_len;
297 pos = skb_push(skb, 8);
298 memmove(pos, pos + 8, hdr_len);
299 pos += hdr_len;
300
301 if (tcb_desc->bHwSec) {
302 *pos++ = Hi8(tkey->tx_iv16);
303 *pos++ = (Hi8(tkey->tx_iv16) | 0x20) & 0x7F;
304 *pos++ = Lo8(tkey->tx_iv16);
305 } else {
306 *pos++ = rc4key[0];
307 *pos++ = rc4key[1];
308 *pos++ = rc4key[2];
309 }
310
311 *pos++ = (tkey->key_idx << 6) | BIT(5) ;
312 *pos++ = tkey->tx_iv32 & 0xff;
313 *pos++ = (tkey->tx_iv32 >> 8) & 0xff;
314 *pos++ = (tkey->tx_iv32 >> 16) & 0xff;
315 *pos++ = (tkey->tx_iv32 >> 24) & 0xff;
316
317 if (!tcb_desc->bHwSec) {
318 icv = skb_put(skb, 4);
319 crc = ~crc32_le(~0, pos, len);
320 icv[0] = crc;
321 icv[1] = crc >> 8;
322 icv[2] = crc >> 16;
323 icv[3] = crc >> 24;
324
325 arc4_setkey(&tkey->tx_ctx_arc4, rc4key, 16);
326 arc4_crypt(&tkey->tx_ctx_arc4, pos, pos, len + 4);
327 }
328
329 tkey->tx_iv16++;
330 if (tkey->tx_iv16 == 0) {
331 tkey->tx_phase1_done = 0;
332 tkey->tx_iv32++;
333 }
334
335 return 0;
336}
337
338static int ieee80211_tkip_decrypt(struct sk_buff *skb, int hdr_len, void *priv)
339{
340 struct ieee80211_tkip_data *tkey = priv;
341 u8 keyidx, *pos;
342 u32 iv32;
343 u16 iv16;
344 struct rtl_80211_hdr_4addr *hdr;
345 struct cb_desc *tcb_desc = (struct cb_desc *)(skb->cb + MAX_DEV_ADDR_SIZE);
346 u8 rc4key[16];
347 u8 icv[4];
348 u32 crc;
349 int plen;
350
351 if (skb->len < hdr_len + 8 + 4)
352 return -1;
353
354 hdr = (struct rtl_80211_hdr_4addr *)skb->data;
355 pos = skb->data + hdr_len;
356 keyidx = pos[3];
357 if (!(keyidx & BIT(5))) {
358 if (net_ratelimit()) {
359 netdev_dbg(skb->dev, "TKIP: received packet without ExtIV"
360 " flag from %pM\n", hdr->addr2);
361 }
362 return -2;
363 }
364 keyidx >>= 6;
365 if (tkey->key_idx != keyidx) {
366 netdev_dbg(skb->dev, "TKIP: RX tkey->key_idx=%d frame "
367 "keyidx=%d priv=%p\n", tkey->key_idx, keyidx, priv);
368 return -6;
369 }
370 if (!tkey->key_set) {
371 if (net_ratelimit()) {
372 netdev_dbg(skb->dev, "TKIP: received packet from %pM"
373 " with keyid=%d that does not have a configured"
374 " key\n", hdr->addr2, keyidx);
375 }
376 return -3;
377 }
378 iv16 = (pos[0] << 8) | pos[2];
379 iv32 = pos[4] | (pos[5] << 8) | (pos[6] << 16) | (pos[7] << 24);
380 pos += 8;
381
382 if (!tcb_desc->bHwSec) {
383 if (iv32 < tkey->rx_iv32 ||
384 (iv32 == tkey->rx_iv32 && iv16 <= tkey->rx_iv16)) {
385 if (net_ratelimit()) {
386 netdev_dbg(skb->dev, "TKIP: replay detected: STA=%pM"
387 " previous TSC %08x%04x received TSC "
388 "%08x%04x\n", hdr->addr2,
389 tkey->rx_iv32, tkey->rx_iv16, iv32, iv16);
390 }
391 tkey->dot11RSNAStatsTKIPReplays++;
392 return -4;
393 }
394
395 if (iv32 != tkey->rx_iv32 || !tkey->rx_phase1_done) {
396 tkip_mixing_phase1(tkey->rx_ttak, tkey->key, hdr->addr2, iv32);
397 tkey->rx_phase1_done = 1;
398 }
399 tkip_mixing_phase2(rc4key, tkey->key, tkey->rx_ttak, iv16);
400
401 plen = skb->len - hdr_len - 12;
402
403 arc4_setkey(&tkey->rx_ctx_arc4, rc4key, 16);
404 arc4_crypt(&tkey->rx_ctx_arc4, pos, pos, plen + 4);
405
406 crc = ~crc32_le(~0, pos, plen);
407 icv[0] = crc;
408 icv[1] = crc >> 8;
409 icv[2] = crc >> 16;
410 icv[3] = crc >> 24;
411
412 if (memcmp(icv, pos + plen, 4) != 0) {
413 if (iv32 != tkey->rx_iv32) {
414
415
416
417
418
419 tkey->rx_phase1_done = 0;
420 }
421 if (net_ratelimit()) {
422 netdev_dbg(skb->dev, "TKIP: ICV error detected: STA="
423 "%pM\n", hdr->addr2);
424 }
425 tkey->dot11RSNAStatsTKIPICVErrors++;
426 return -5;
427 }
428
429 }
430
431
432
433
434
435 tkey->rx_iv32_new = iv32;
436 tkey->rx_iv16_new = iv16;
437
438
439 memmove(skb->data + 8, skb->data, hdr_len);
440 skb_pull(skb, 8);
441 skb_trim(skb, skb->len - 4);
442
443 return keyidx;
444}
445
446static int michael_mic(struct crypto_shash *tfm_michael, u8 *key, u8 *hdr,
447 u8 *data, size_t data_len, u8 *mic)
448{
449 SHASH_DESC_ON_STACK(desc, tfm_michael);
450 int err;
451
452 desc->tfm = tfm_michael;
453
454 if (crypto_shash_setkey(tfm_michael, key, 8))
455 return -1;
456
457 err = crypto_shash_init(desc);
458 if (err)
459 goto out;
460 err = crypto_shash_update(desc, hdr, 16);
461 if (err)
462 goto out;
463 err = crypto_shash_update(desc, data, data_len);
464 if (err)
465 goto out;
466 err = crypto_shash_final(desc, mic);
467
468out:
469 shash_desc_zero(desc);
470 return err;
471}
472
473static void michael_mic_hdr(struct sk_buff *skb, u8 *hdr)
474{
475 struct rtl_80211_hdr_4addr *hdr11;
476
477 hdr11 = (struct rtl_80211_hdr_4addr *)skb->data;
478 switch (le16_to_cpu(hdr11->frame_ctl) &
479 (IEEE80211_FCTL_FROMDS | IEEE80211_FCTL_TODS)) {
480 case IEEE80211_FCTL_TODS:
481 memcpy(hdr, hdr11->addr3, ETH_ALEN);
482 memcpy(hdr + ETH_ALEN, hdr11->addr2, ETH_ALEN);
483 break;
484 case IEEE80211_FCTL_FROMDS:
485 memcpy(hdr, hdr11->addr1, ETH_ALEN);
486 memcpy(hdr + ETH_ALEN, hdr11->addr3, ETH_ALEN);
487 break;
488 case IEEE80211_FCTL_FROMDS | IEEE80211_FCTL_TODS:
489 memcpy(hdr, hdr11->addr3, ETH_ALEN);
490 memcpy(hdr + ETH_ALEN, hdr11->addr4, ETH_ALEN);
491 break;
492 default:
493 memcpy(hdr, hdr11->addr1, ETH_ALEN);
494 memcpy(hdr + ETH_ALEN, hdr11->addr2, ETH_ALEN);
495 break;
496 }
497
498 hdr[12] = 0;
499
500 hdr[13] = hdr[14] = hdr[15] = 0;
501}
502
503
504static int ieee80211_michael_mic_add(struct sk_buff *skb, int hdr_len, void *priv)
505{
506 struct ieee80211_tkip_data *tkey = priv;
507 u8 *pos;
508 struct rtl_80211_hdr_4addr *hdr;
509
510 hdr = (struct rtl_80211_hdr_4addr *)skb->data;
511
512 if (skb_tailroom(skb) < 8 || skb->len < hdr_len) {
513 netdev_dbg(skb->dev, "Invalid packet for Michael MIC add "
514 "(tailroom=%d hdr_len=%d skb->len=%d)\n",
515 skb_tailroom(skb), hdr_len, skb->len);
516 return -1;
517 }
518
519 michael_mic_hdr(skb, tkey->tx_hdr);
520
521
522
523 if (IEEE80211_QOS_HAS_SEQ(le16_to_cpu(hdr->frame_ctl)))
524 tkey->tx_hdr[12] = *(skb->data + hdr_len - 2) & 0x07;
525
526 pos = skb_put(skb, 8);
527
528 if (michael_mic(tkey->tx_tfm_michael, &tkey->key[16], tkey->tx_hdr,
529 skb->data + hdr_len, skb->len - 8 - hdr_len, pos))
530 return -1;
531
532 return 0;
533}
534
535static void ieee80211_michael_mic_failure(struct net_device *dev,
536 struct rtl_80211_hdr_4addr *hdr,
537 int keyidx)
538{
539 union iwreq_data wrqu;
540 struct iw_michaelmicfailure ev;
541
542
543 memset(&ev, 0, sizeof(ev));
544 ev.flags = keyidx & IW_MICFAILURE_KEY_ID;
545 if (hdr->addr1[0] & 0x01)
546 ev.flags |= IW_MICFAILURE_GROUP;
547 else
548 ev.flags |= IW_MICFAILURE_PAIRWISE;
549 ev.src_addr.sa_family = ARPHRD_ETHER;
550 memcpy(ev.src_addr.sa_data, hdr->addr2, ETH_ALEN);
551 memset(&wrqu, 0, sizeof(wrqu));
552 wrqu.data.length = sizeof(ev);
553 wireless_send_event(dev, IWEVMICHAELMICFAILURE, &wrqu, (char *)&ev);
554}
555
556static int ieee80211_michael_mic_verify(struct sk_buff *skb, int keyidx,
557 int hdr_len, void *priv)
558{
559 struct ieee80211_tkip_data *tkey = priv;
560 u8 mic[8];
561 struct rtl_80211_hdr_4addr *hdr;
562
563 hdr = (struct rtl_80211_hdr_4addr *)skb->data;
564
565 if (!tkey->key_set)
566 return -1;
567
568 michael_mic_hdr(skb, tkey->rx_hdr);
569
570
571 if (IEEE80211_QOS_HAS_SEQ(le16_to_cpu(hdr->frame_ctl)))
572 tkey->rx_hdr[12] = *(skb->data + hdr_len - 2) & 0x07;
573
574
575 if (michael_mic(tkey->rx_tfm_michael, &tkey->key[24], tkey->rx_hdr,
576 skb->data + hdr_len, skb->len - 8 - hdr_len, mic))
577 return -1;
578 if (memcmp(mic, skb->data + skb->len - 8, 8) != 0) {
579 struct rtl_80211_hdr_4addr *hdr;
580 hdr = (struct rtl_80211_hdr_4addr *)skb->data;
581
582 netdev_dbg(skb->dev, "Michael MIC verification failed for "
583 "MSDU from %pM keyidx=%d\n",
584 hdr->addr2, keyidx);
585 if (skb->dev)
586 ieee80211_michael_mic_failure(skb->dev, hdr, keyidx);
587 tkey->dot11RSNAStatsTKIPLocalMICFailures++;
588 return -1;
589 }
590
591
592
593
594
595 tkey->rx_iv32 = tkey->rx_iv32_new;
596 tkey->rx_iv16 = tkey->rx_iv16_new;
597
598 skb_trim(skb, skb->len - 8);
599
600 return 0;
601}
602
603
604static int ieee80211_tkip_set_key(void *key, int len, u8 *seq, void *priv)
605{
606 struct ieee80211_tkip_data *tkey = priv;
607 int keyidx;
608 struct crypto_shash *tfm = tkey->tx_tfm_michael;
609 struct crypto_shash *tfm3 = tkey->rx_tfm_michael;
610
611 keyidx = tkey->key_idx;
612 memset(tkey, 0, sizeof(*tkey));
613 tkey->key_idx = keyidx;
614 tkey->tx_tfm_michael = tfm;
615 tkey->rx_tfm_michael = tfm3;
616
617 if (len == TKIP_KEY_LEN) {
618 memcpy(tkey->key, key, TKIP_KEY_LEN);
619 tkey->key_set = 1;
620 tkey->tx_iv16 = 1;
621 if (seq) {
622 tkey->rx_iv32 = (seq[5] << 24) | (seq[4] << 16) |
623 (seq[3] << 8) | seq[2];
624 tkey->rx_iv16 = (seq[1] << 8) | seq[0];
625 }
626 } else if (len == 0)
627 tkey->key_set = 0;
628 else
629 return -1;
630
631 return 0;
632}
633
634
635static int ieee80211_tkip_get_key(void *key, int len, u8 *seq, void *priv)
636{
637 struct ieee80211_tkip_data *tkey = priv;
638
639 if (len < TKIP_KEY_LEN)
640 return -1;
641
642 if (!tkey->key_set)
643 return 0;
644 memcpy(key, tkey->key, TKIP_KEY_LEN);
645
646 if (seq) {
647
648 u16 iv16 = tkey->tx_iv16;
649 u32 iv32 = tkey->tx_iv32;
650
651 if (iv16 == 0)
652 iv32--;
653 iv16--;
654 seq[0] = tkey->tx_iv16;
655 seq[1] = tkey->tx_iv16 >> 8;
656 seq[2] = tkey->tx_iv32;
657 seq[3] = tkey->tx_iv32 >> 8;
658 seq[4] = tkey->tx_iv32 >> 16;
659 seq[5] = tkey->tx_iv32 >> 24;
660 }
661
662 return TKIP_KEY_LEN;
663}
664
665
666static char *ieee80211_tkip_print_stats(char *p, void *priv)
667{
668 struct ieee80211_tkip_data *tkip = priv;
669
670 p += sprintf(p, "key[%d] alg=TKIP key_set=%d "
671 "tx_pn=%02x%02x%02x%02x%02x%02x "
672 "rx_pn=%02x%02x%02x%02x%02x%02x "
673 "replays=%d icv_errors=%d local_mic_failures=%d\n",
674 tkip->key_idx, tkip->key_set,
675 (tkip->tx_iv32 >> 24) & 0xff,
676 (tkip->tx_iv32 >> 16) & 0xff,
677 (tkip->tx_iv32 >> 8) & 0xff,
678 tkip->tx_iv32 & 0xff,
679 (tkip->tx_iv16 >> 8) & 0xff,
680 tkip->tx_iv16 & 0xff,
681 (tkip->rx_iv32 >> 24) & 0xff,
682 (tkip->rx_iv32 >> 16) & 0xff,
683 (tkip->rx_iv32 >> 8) & 0xff,
684 tkip->rx_iv32 & 0xff,
685 (tkip->rx_iv16 >> 8) & 0xff,
686 tkip->rx_iv16 & 0xff,
687 tkip->dot11RSNAStatsTKIPReplays,
688 tkip->dot11RSNAStatsTKIPICVErrors,
689 tkip->dot11RSNAStatsTKIPLocalMICFailures);
690 return p;
691}
692
693
694static struct ieee80211_crypto_ops ieee80211_crypt_tkip = {
695 .name = "TKIP",
696 .init = ieee80211_tkip_init,
697 .deinit = ieee80211_tkip_deinit,
698 .encrypt_mpdu = ieee80211_tkip_encrypt,
699 .decrypt_mpdu = ieee80211_tkip_decrypt,
700 .encrypt_msdu = ieee80211_michael_mic_add,
701 .decrypt_msdu = ieee80211_michael_mic_verify,
702 .set_key = ieee80211_tkip_set_key,
703 .get_key = ieee80211_tkip_get_key,
704 .print_stats = ieee80211_tkip_print_stats,
705 .extra_prefix_len = 4 + 4,
706 .extra_postfix_len = 8 + 4,
707 .owner = THIS_MODULE,
708};
709
710int __init ieee80211_crypto_tkip_init(void)
711{
712 return ieee80211_register_crypto_ops(&ieee80211_crypt_tkip);
713}
714
715void __exit ieee80211_crypto_tkip_exit(void)
716{
717 ieee80211_unregister_crypto_ops(&ieee80211_crypt_tkip);
718}
719
720void ieee80211_tkip_null(void)
721{
722
723 return;
724}
725