2 * Host AP crypt: host-based TKIP encryption implementation for Host AP driver
4 * Copyright (c) 2003-2004, Jouni Malinen <jkmaline@cc.hut.fi>
6 * This program is free software; you can redistribute it and/or modify
7 * it under the terms of the GNU General Public License version 2 as
8 * published by the Free Software Foundation. See README and COPYING for
12 //#include <linux/config.h>
13 #include <linux/module.h>
14 #include <linux/init.h>
15 #include <linux/slab.h>
16 #include <linux/random.h>
17 #include <linux/skbuff.h>
18 #include <linux/netdevice.h>
19 #include <linux/if_ether.h>
20 #include <linux/if_arp.h>
21 #include <asm/string.h>
23 #include "ieee80211.h"
25 #include <linux/crypto.h>
26 #include <linux/scatterlist.h>
27 #include <linux/crc32.h>
29 MODULE_AUTHOR("Jouni Malinen");
30 MODULE_DESCRIPTION("Host AP crypt: TKIP");
31 MODULE_LICENSE("GPL");
34 struct ieee80211_tkip_data {
35 #define TKIP_KEY_LEN 32
51 u32 dot11RSNAStatsTKIPReplays;
52 u32 dot11RSNAStatsTKIPICVErrors;
53 u32 dot11RSNAStatsTKIPLocalMICFailures;
57 struct crypto_blkcipher *rx_tfm_arc4;
58 struct crypto_hash *rx_tfm_michael;
59 struct crypto_blkcipher *tx_tfm_arc4;
60 struct crypto_hash *tx_tfm_michael;
61 struct crypto_tfm *tfm_arc4;
62 struct crypto_tfm *tfm_michael;
64 /* scratch buffers for virt_to_page() (crypto API) */
65 u8 rx_hdr[16], tx_hdr[16];
68 static void * ieee80211_tkip_init(int key_idx)
70 struct ieee80211_tkip_data *priv;
72 priv = kzalloc(sizeof(*priv), GFP_ATOMIC);
75 priv->key_idx = key_idx;
77 priv->tx_tfm_arc4 = crypto_alloc_blkcipher("ecb(arc4)", 0,
79 if (IS_ERR(priv->tx_tfm_arc4)) {
80 printk(KERN_DEBUG "ieee80211_crypt_tkip: could not allocate "
82 priv->tx_tfm_arc4 = NULL;
86 priv->tx_tfm_michael = crypto_alloc_hash("michael_mic", 0,
88 if (IS_ERR(priv->tx_tfm_michael)) {
89 printk(KERN_DEBUG "ieee80211_crypt_tkip: could not allocate "
90 "crypto API michael_mic\n");
91 priv->tx_tfm_michael = NULL;
95 priv->rx_tfm_arc4 = crypto_alloc_blkcipher("ecb(arc4)", 0,
97 if (IS_ERR(priv->rx_tfm_arc4)) {
98 printk(KERN_DEBUG "ieee80211_crypt_tkip: could not allocate "
100 priv->rx_tfm_arc4 = NULL;
104 priv->rx_tfm_michael = crypto_alloc_hash("michael_mic", 0,
106 if (IS_ERR(priv->rx_tfm_michael)) {
107 printk(KERN_DEBUG "ieee80211_crypt_tkip: could not allocate "
108 "crypto API michael_mic\n");
109 priv->rx_tfm_michael = NULL;
117 if (priv->tx_tfm_michael)
118 crypto_free_hash(priv->tx_tfm_michael);
119 if (priv->tx_tfm_arc4)
120 crypto_free_blkcipher(priv->tx_tfm_arc4);
121 if (priv->rx_tfm_michael)
122 crypto_free_hash(priv->rx_tfm_michael);
123 if (priv->rx_tfm_arc4)
124 crypto_free_blkcipher(priv->rx_tfm_arc4);
132 static void ieee80211_tkip_deinit(void *priv)
134 struct ieee80211_tkip_data *_priv = priv;
137 if (_priv->tx_tfm_michael)
138 crypto_free_hash(_priv->tx_tfm_michael);
139 if (_priv->tx_tfm_arc4)
140 crypto_free_blkcipher(_priv->tx_tfm_arc4);
141 if (_priv->rx_tfm_michael)
142 crypto_free_hash(_priv->rx_tfm_michael);
143 if (_priv->rx_tfm_arc4)
144 crypto_free_blkcipher(_priv->rx_tfm_arc4);
150 static inline u16 RotR1(u16 val)
152 return (val >> 1) | (val << 15);
156 static inline u8 Lo8(u16 val)
162 static inline u8 Hi8(u16 val)
168 static inline u16 Lo16(u32 val)
174 static inline u16 Hi16(u32 val)
180 static inline u16 Mk16(u8 hi, u8 lo)
182 return lo | (((u16) hi) << 8);
186 static inline u16 Mk16_le(u16 *v)
188 return le16_to_cpu(*v);
192 static const u16 Sbox[256] =
194 0xC6A5, 0xF884, 0xEE99, 0xF68D, 0xFF0D, 0xD6BD, 0xDEB1, 0x9154,
195 0x6050, 0x0203, 0xCEA9, 0x567D, 0xE719, 0xB562, 0x4DE6, 0xEC9A,
196 0x8F45, 0x1F9D, 0x8940, 0xFA87, 0xEF15, 0xB2EB, 0x8EC9, 0xFB0B,
197 0x41EC, 0xB367, 0x5FFD, 0x45EA, 0x23BF, 0x53F7, 0xE496, 0x9B5B,
198 0x75C2, 0xE11C, 0x3DAE, 0x4C6A, 0x6C5A, 0x7E41, 0xF502, 0x834F,
199 0x685C, 0x51F4, 0xD134, 0xF908, 0xE293, 0xAB73, 0x6253, 0x2A3F,
200 0x080C, 0x9552, 0x4665, 0x9D5E, 0x3028, 0x37A1, 0x0A0F, 0x2FB5,
201 0x0E09, 0x2436, 0x1B9B, 0xDF3D, 0xCD26, 0x4E69, 0x7FCD, 0xEA9F,
202 0x121B, 0x1D9E, 0x5874, 0x342E, 0x362D, 0xDCB2, 0xB4EE, 0x5BFB,
203 0xA4F6, 0x764D, 0xB761, 0x7DCE, 0x527B, 0xDD3E, 0x5E71, 0x1397,
204 0xA6F5, 0xB968, 0x0000, 0xC12C, 0x4060, 0xE31F, 0x79C8, 0xB6ED,
205 0xD4BE, 0x8D46, 0x67D9, 0x724B, 0x94DE, 0x98D4, 0xB0E8, 0x854A,
206 0xBB6B, 0xC52A, 0x4FE5, 0xED16, 0x86C5, 0x9AD7, 0x6655, 0x1194,
207 0x8ACF, 0xE910, 0x0406, 0xFE81, 0xA0F0, 0x7844, 0x25BA, 0x4BE3,
208 0xA2F3, 0x5DFE, 0x80C0, 0x058A, 0x3FAD, 0x21BC, 0x7048, 0xF104,
209 0x63DF, 0x77C1, 0xAF75, 0x4263, 0x2030, 0xE51A, 0xFD0E, 0xBF6D,
210 0x814C, 0x1814, 0x2635, 0xC32F, 0xBEE1, 0x35A2, 0x88CC, 0x2E39,
211 0x9357, 0x55F2, 0xFC82, 0x7A47, 0xC8AC, 0xBAE7, 0x322B, 0xE695,
212 0xC0A0, 0x1998, 0x9ED1, 0xA37F, 0x4466, 0x547E, 0x3BAB, 0x0B83,
213 0x8CCA, 0xC729, 0x6BD3, 0x283C, 0xA779, 0xBCE2, 0x161D, 0xAD76,
214 0xDB3B, 0x6456, 0x744E, 0x141E, 0x92DB, 0x0C0A, 0x486C, 0xB8E4,
215 0x9F5D, 0xBD6E, 0x43EF, 0xC4A6, 0x39A8, 0x31A4, 0xD337, 0xF28B,
216 0xD532, 0x8B43, 0x6E59, 0xDAB7, 0x018C, 0xB164, 0x9CD2, 0x49E0,
217 0xD8B4, 0xACFA, 0xF307, 0xCF25, 0xCAAF, 0xF48E, 0x47E9, 0x1018,
218 0x6FD5, 0xF088, 0x4A6F, 0x5C72, 0x3824, 0x57F1, 0x73C7, 0x9751,
219 0xCB23, 0xA17C, 0xE89C, 0x3E21, 0x96DD, 0x61DC, 0x0D86, 0x0F85,
220 0xE090, 0x7C42, 0x71C4, 0xCCAA, 0x90D8, 0x0605, 0xF701, 0x1C12,
221 0xC2A3, 0x6A5F, 0xAEF9, 0x69D0, 0x1791, 0x9958, 0x3A27, 0x27B9,
222 0xD938, 0xEB13, 0x2BB3, 0x2233, 0xD2BB, 0xA970, 0x0789, 0x33A7,
223 0x2DB6, 0x3C22, 0x1592, 0xC920, 0x8749, 0xAAFF, 0x5078, 0xA57A,
224 0x038F, 0x59F8, 0x0980, 0x1A17, 0x65DA, 0xD731, 0x84C6, 0xD0B8,
225 0x82C3, 0x29B0, 0x5A77, 0x1E11, 0x7BCB, 0xA8FC, 0x6DD6, 0x2C3A,
229 static inline u16 _S_(u16 v)
231 u16 t = Sbox[Hi8(v)];
232 return Sbox[Lo8(v)] ^ ((t << 8) | (t >> 8));
235 #define PHASE1_LOOP_COUNT 8
237 static void tkip_mixing_phase1(u16 *TTAK, const u8 *TK, const u8 *TA, u32 IV32)
241 /* Initialize the 80-bit TTAK from TSC (IV32) and TA[0..5] */
242 TTAK[0] = Lo16(IV32);
243 TTAK[1] = Hi16(IV32);
244 TTAK[2] = Mk16(TA[1], TA[0]);
245 TTAK[3] = Mk16(TA[3], TA[2]);
246 TTAK[4] = Mk16(TA[5], TA[4]);
248 for (i = 0; i < PHASE1_LOOP_COUNT; i++) {
250 TTAK[0] += _S_(TTAK[4] ^ Mk16(TK[1 + j], TK[0 + j]));
251 TTAK[1] += _S_(TTAK[0] ^ Mk16(TK[5 + j], TK[4 + j]));
252 TTAK[2] += _S_(TTAK[1] ^ Mk16(TK[9 + j], TK[8 + j]));
253 TTAK[3] += _S_(TTAK[2] ^ Mk16(TK[13 + j], TK[12 + j]));
254 TTAK[4] += _S_(TTAK[3] ^ Mk16(TK[1 + j], TK[0 + j])) + i;
259 static void tkip_mixing_phase2(u8 *WEPSeed, const u8 *TK, const u16 *TTAK,
262 /* Make temporary area overlap WEP seed so that the final copy can be
263 * avoided on little endian hosts. */
264 u16 *PPK = (u16 *) &WEPSeed[4];
266 /* Step 1 - make copy of TTAK and bring in TSC */
272 PPK[5] = TTAK[4] + IV16;
274 /* Step 2 - 96-bit bijective mixing using S-box */
275 PPK[0] += _S_(PPK[5] ^ Mk16_le((u16 *) &TK[0]));
276 PPK[1] += _S_(PPK[0] ^ Mk16_le((u16 *) &TK[2]));
277 PPK[2] += _S_(PPK[1] ^ Mk16_le((u16 *) &TK[4]));
278 PPK[3] += _S_(PPK[2] ^ Mk16_le((u16 *) &TK[6]));
279 PPK[4] += _S_(PPK[3] ^ Mk16_le((u16 *) &TK[8]));
280 PPK[5] += _S_(PPK[4] ^ Mk16_le((u16 *) &TK[10]));
282 PPK[0] += RotR1(PPK[5] ^ Mk16_le((u16 *) &TK[12]));
283 PPK[1] += RotR1(PPK[0] ^ Mk16_le((u16 *) &TK[14]));
284 PPK[2] += RotR1(PPK[1]);
285 PPK[3] += RotR1(PPK[2]);
286 PPK[4] += RotR1(PPK[3]);
287 PPK[5] += RotR1(PPK[4]);
289 /* Step 3 - bring in last of TK bits, assign 24-bit WEP IV value
290 * WEPSeed[0..2] is transmitted as WEP IV */
291 WEPSeed[0] = Hi8(IV16);
292 WEPSeed[1] = (Hi8(IV16) | 0x20) & 0x7F;
293 WEPSeed[2] = Lo8(IV16);
294 WEPSeed[3] = Lo8((PPK[5] ^ Mk16_le((u16 *) &TK[0])) >> 1);
299 for (i = 0; i < 6; i++)
300 PPK[i] = (PPK[i] << 8) | (PPK[i] >> 8);
305 static int ieee80211_tkip_encrypt(struct sk_buff *skb, int hdr_len, void *priv)
307 struct ieee80211_tkip_data *tkey = priv;
308 struct blkcipher_desc desc = {.tfm = tkey->tx_tfm_arc4};
311 struct ieee80211_hdr_4addr *hdr;
314 struct scatterlist sg;
318 if (skb_headroom(skb) < 8 || skb_tailroom(skb) < 4 ||
322 hdr = (struct ieee80211_hdr_4addr *)skb->data;
324 if (!tkey->tx_phase1_done) {
325 tkip_mixing_phase1(tkey->tx_ttak, tkey->key, hdr->addr2,
327 tkey->tx_phase1_done = 1;
329 tkip_mixing_phase2(rc4key, tkey->key, tkey->tx_ttak, tkey->tx_iv16);
331 len = skb->len - hdr_len;
332 pos = skb_push(skb, 8);
333 memmove(pos, pos + 8, hdr_len);
339 *pos++ = (tkey->key_idx << 6) | (1 << 5) /* Ext IV included */;
340 *pos++ = tkey->tx_iv32 & 0xff;
341 *pos++ = (tkey->tx_iv32 >> 8) & 0xff;
342 *pos++ = (tkey->tx_iv32 >> 16) & 0xff;
343 *pos++ = (tkey->tx_iv32 >> 24) & 0xff;
345 icv = skb_put(skb, 4);
346 crc = ~crc32_le(~0, pos, len);
351 crypto_blkcipher_setkey(tkey->tx_tfm_arc4, rc4key, 16);
352 sg_init_one(&sg, pos, len + 4);
353 ret= crypto_blkcipher_encrypt(&desc, &sg, &sg, len + 4);
356 if (tkey->tx_iv16 == 0) {
357 tkey->tx_phase1_done = 0;
363 static int ieee80211_tkip_decrypt(struct sk_buff *skb, int hdr_len, void *priv)
365 struct ieee80211_tkip_data *tkey = priv;
366 struct blkcipher_desc desc = { .tfm = tkey->rx_tfm_arc4 };
370 struct ieee80211_hdr_4addr *hdr;
373 struct scatterlist sg;
377 if (skb->len < hdr_len + 8 + 4)
380 hdr = (struct ieee80211_hdr_4addr *)skb->data;
381 pos = skb->data + hdr_len;
383 if (!(keyidx & (1 << 5))) {
384 if (net_ratelimit()) {
385 printk(KERN_DEBUG "TKIP: received packet without ExtIV"
386 " flag from %pM\n", hdr->addr2);
391 if (tkey->key_idx != keyidx) {
392 printk(KERN_DEBUG "TKIP: RX tkey->key_idx=%d frame "
393 "keyidx=%d priv=%p\n", tkey->key_idx, keyidx, priv);
396 if (!tkey->key_set) {
397 if (net_ratelimit()) {
398 printk(KERN_DEBUG "TKIP: received packet from %pM"
399 " with keyid=%d that does not have a configured"
400 " key\n", hdr->addr2, keyidx);
404 iv16 = (pos[0] << 8) | pos[2];
405 iv32 = pos[4] | (pos[5] << 8) | (pos[6] << 16) | (pos[7] << 24);
408 if (iv32 < tkey->rx_iv32 ||
409 (iv32 == tkey->rx_iv32 && iv16 <= tkey->rx_iv16)) {
410 if (net_ratelimit()) {
411 printk(KERN_DEBUG "TKIP: replay detected: STA=%pM"
412 " previous TSC %08x%04x received TSC "
413 "%08x%04x\n", hdr->addr2,
414 tkey->rx_iv32, tkey->rx_iv16, iv32, iv16);
416 tkey->dot11RSNAStatsTKIPReplays++;
420 if (iv32 != tkey->rx_iv32 || !tkey->rx_phase1_done) {
421 tkip_mixing_phase1(tkey->rx_ttak, tkey->key, hdr->addr2, iv32);
422 tkey->rx_phase1_done = 1;
424 tkip_mixing_phase2(rc4key, tkey->key, tkey->rx_ttak, iv16);
426 plen = skb->len - hdr_len - 12;
427 crypto_blkcipher_setkey(tkey->rx_tfm_arc4, rc4key, 16);
428 sg_init_one(&sg, pos, plen + 4);
429 if (crypto_blkcipher_decrypt(&desc, &sg, &sg, plen + 4)) {
430 if (net_ratelimit()) {
431 printk(KERN_DEBUG ": TKIP: failed to decrypt "
432 "received packet from %pM\n",
438 crc = ~crc32_le(~0, pos, plen);
443 if (memcmp(icv, pos + plen, 4) != 0) {
444 if (iv32 != tkey->rx_iv32) {
445 /* Previously cached Phase1 result was already lost, so
446 * it needs to be recalculated for the next packet. */
447 tkey->rx_phase1_done = 0;
449 if (net_ratelimit()) {
450 printk(KERN_DEBUG "TKIP: ICV error detected: STA="
451 "%pM\n", hdr->addr2);
453 tkey->dot11RSNAStatsTKIPICVErrors++;
457 /* Update real counters only after Michael MIC verification has
459 tkey->rx_iv32_new = iv32;
460 tkey->rx_iv16_new = iv16;
462 /* Remove IV and ICV */
463 memmove(skb->data + 8, skb->data, hdr_len);
465 skb_trim(skb, skb->len - 4);
470 static int michael_mic(struct crypto_hash *tfm_michael, u8 * key, u8 * hdr,
471 u8 * data, size_t data_len, u8 * mic)
473 struct hash_desc desc;
474 struct scatterlist sg[2];
476 if (tfm_michael == NULL) {
477 printk(KERN_WARNING "michael_mic: tfm_michael == NULL\n");
481 sg_init_table(sg, 2);
482 sg_set_buf(&sg[0], hdr, 16);
483 sg_set_buf(&sg[1], data, data_len);
485 if (crypto_hash_setkey(tfm_michael, key, 8))
488 desc.tfm = tfm_michael;
490 return crypto_hash_digest(&desc, sg, data_len + 16, mic);
493 static void michael_mic_hdr(struct sk_buff *skb, u8 *hdr)
495 struct ieee80211_hdr_4addr *hdr11;
497 hdr11 = (struct ieee80211_hdr_4addr *)skb->data;
498 switch (le16_to_cpu(hdr11->frame_ctl) &
499 (IEEE80211_FCTL_FROMDS | IEEE80211_FCTL_TODS)) {
500 case IEEE80211_FCTL_TODS:
501 memcpy(hdr, hdr11->addr3, ETH_ALEN); /* DA */
502 memcpy(hdr + ETH_ALEN, hdr11->addr2, ETH_ALEN); /* SA */
504 case IEEE80211_FCTL_FROMDS:
505 memcpy(hdr, hdr11->addr1, ETH_ALEN); /* DA */
506 memcpy(hdr + ETH_ALEN, hdr11->addr3, ETH_ALEN); /* SA */
508 case IEEE80211_FCTL_FROMDS | IEEE80211_FCTL_TODS:
509 memcpy(hdr, hdr11->addr3, ETH_ALEN); /* DA */
510 memcpy(hdr + ETH_ALEN, hdr11->addr4, ETH_ALEN); /* SA */
513 memcpy(hdr, hdr11->addr1, ETH_ALEN); /* DA */
514 memcpy(hdr + ETH_ALEN, hdr11->addr2, ETH_ALEN); /* SA */
518 hdr[12] = 0; /* priority */
520 hdr[13] = hdr[14] = hdr[15] = 0; /* reserved */
524 static int ieee80211_michael_mic_add(struct sk_buff *skb, int hdr_len, void *priv)
526 struct ieee80211_tkip_data *tkey = priv;
528 struct ieee80211_hdr_4addr *hdr;
530 hdr = (struct ieee80211_hdr_4addr *)skb->data;
532 if (skb_tailroom(skb) < 8 || skb->len < hdr_len) {
533 printk(KERN_DEBUG "Invalid packet for Michael MIC add "
534 "(tailroom=%d hdr_len=%d skb->len=%d)\n",
535 skb_tailroom(skb), hdr_len, skb->len);
539 michael_mic_hdr(skb, tkey->tx_hdr);
542 // fix the wpa process with wmm enabled.
543 if(IEEE80211_QOS_HAS_SEQ(le16_to_cpu(hdr->frame_ctl))) {
544 tkey->tx_hdr[12] = *(skb->data + hdr_len - 2) & 0x07;
547 pos = skb_put(skb, 8);
549 if (michael_mic(tkey->tx_tfm_michael, &tkey->key[16], tkey->tx_hdr,
550 skb->data + hdr_len, skb->len - 8 - hdr_len, pos))
556 static void ieee80211_michael_mic_failure(struct net_device *dev,
557 struct ieee80211_hdr_4addr *hdr,
560 union iwreq_data wrqu;
561 struct iw_michaelmicfailure ev;
563 /* TODO: needed parameters: count, keyid, key type, TSC */
564 memset(&ev, 0, sizeof(ev));
565 ev.flags = keyidx & IW_MICFAILURE_KEY_ID;
566 if (hdr->addr1[0] & 0x01)
567 ev.flags |= IW_MICFAILURE_GROUP;
569 ev.flags |= IW_MICFAILURE_PAIRWISE;
570 ev.src_addr.sa_family = ARPHRD_ETHER;
571 memcpy(ev.src_addr.sa_data, hdr->addr2, ETH_ALEN);
572 memset(&wrqu, 0, sizeof(wrqu));
573 wrqu.data.length = sizeof(ev);
574 wireless_send_event(dev, IWEVMICHAELMICFAILURE, &wrqu, (char *) &ev);
577 static int ieee80211_michael_mic_verify(struct sk_buff *skb, int keyidx,
578 int hdr_len, void *priv)
580 struct ieee80211_tkip_data *tkey = priv;
582 struct ieee80211_hdr_4addr *hdr;
584 hdr = (struct ieee80211_hdr_4addr *)skb->data;
589 michael_mic_hdr(skb, tkey->rx_hdr);
591 // fix the wpa process with wmm enabled.
592 if(IEEE80211_QOS_HAS_SEQ(le16_to_cpu(hdr->frame_ctl))) {
593 tkey->rx_hdr[12] = *(skb->data + hdr_len - 2) & 0x07;
597 if (michael_mic(tkey->rx_tfm_michael, &tkey->key[24], tkey->rx_hdr,
598 skb->data + hdr_len, skb->len - 8 - hdr_len, mic))
601 if (memcmp(mic, skb->data + skb->len - 8, 8) != 0) {
602 struct ieee80211_hdr_4addr *hdr;
603 hdr = (struct ieee80211_hdr_4addr *)skb->data;
604 printk(KERN_DEBUG "%s: Michael MIC verification failed for "
605 "MSDU from %pM keyidx=%d\n",
606 skb->dev ? skb->dev->name : "N/A", hdr->addr2,
609 ieee80211_michael_mic_failure(skb->dev, hdr, keyidx);
610 tkey->dot11RSNAStatsTKIPLocalMICFailures++;
614 /* Update TSC counters for RX now that the packet verification has
616 tkey->rx_iv32 = tkey->rx_iv32_new;
617 tkey->rx_iv16 = tkey->rx_iv16_new;
619 skb_trim(skb, skb->len - 8);
625 static int ieee80211_tkip_set_key(void *key, int len, u8 *seq, void *priv)
627 struct ieee80211_tkip_data *tkey = priv;
629 struct crypto_hash *tfm = tkey->tx_tfm_michael;
630 struct crypto_blkcipher *tfm2 = tkey->tx_tfm_arc4;
631 struct crypto_hash *tfm3 = tkey->rx_tfm_michael;
632 struct crypto_blkcipher *tfm4 = tkey->rx_tfm_arc4;
634 keyidx = tkey->key_idx;
635 memset(tkey, 0, sizeof(*tkey));
636 tkey->key_idx = keyidx;
638 tkey->tx_tfm_michael = tfm;
639 tkey->tx_tfm_arc4 = tfm2;
640 tkey->rx_tfm_michael = tfm3;
641 tkey->rx_tfm_arc4 = tfm4;
643 if (len == TKIP_KEY_LEN) {
644 memcpy(tkey->key, key, TKIP_KEY_LEN);
646 tkey->tx_iv16 = 1; /* TSC is initialized to 1 */
648 tkey->rx_iv32 = (seq[5] << 24) | (seq[4] << 16) |
649 (seq[3] << 8) | seq[2];
650 tkey->rx_iv16 = (seq[1] << 8) | seq[0];
661 static int ieee80211_tkip_get_key(void *key, int len, u8 *seq, void *priv)
663 struct ieee80211_tkip_data *tkey = priv;
665 if (len < TKIP_KEY_LEN)
670 memcpy(key, tkey->key, TKIP_KEY_LEN);
673 /* Return the sequence number of the last transmitted frame. */
674 u16 iv16 = tkey->tx_iv16;
675 u32 iv32 = tkey->tx_iv32;
679 seq[0] = tkey->tx_iv16;
680 seq[1] = tkey->tx_iv16 >> 8;
681 seq[2] = tkey->tx_iv32;
682 seq[3] = tkey->tx_iv32 >> 8;
683 seq[4] = tkey->tx_iv32 >> 16;
684 seq[5] = tkey->tx_iv32 >> 24;
691 static char * ieee80211_tkip_print_stats(char *p, void *priv)
693 struct ieee80211_tkip_data *tkip = priv;
694 p += sprintf(p, "key[%d] alg=TKIP key_set=%d "
695 "tx_pn=%02x%02x%02x%02x%02x%02x "
696 "rx_pn=%02x%02x%02x%02x%02x%02x "
697 "replays=%d icv_errors=%d local_mic_failures=%d\n",
698 tkip->key_idx, tkip->key_set,
699 (tkip->tx_iv32 >> 24) & 0xff,
700 (tkip->tx_iv32 >> 16) & 0xff,
701 (tkip->tx_iv32 >> 8) & 0xff,
702 tkip->tx_iv32 & 0xff,
703 (tkip->tx_iv16 >> 8) & 0xff,
704 tkip->tx_iv16 & 0xff,
705 (tkip->rx_iv32 >> 24) & 0xff,
706 (tkip->rx_iv32 >> 16) & 0xff,
707 (tkip->rx_iv32 >> 8) & 0xff,
708 tkip->rx_iv32 & 0xff,
709 (tkip->rx_iv16 >> 8) & 0xff,
710 tkip->rx_iv16 & 0xff,
711 tkip->dot11RSNAStatsTKIPReplays,
712 tkip->dot11RSNAStatsTKIPICVErrors,
713 tkip->dot11RSNAStatsTKIPLocalMICFailures);
718 static struct ieee80211_crypto_ops ieee80211_crypt_tkip = {
720 .init = ieee80211_tkip_init,
721 .deinit = ieee80211_tkip_deinit,
722 .encrypt_mpdu = ieee80211_tkip_encrypt,
723 .decrypt_mpdu = ieee80211_tkip_decrypt,
724 .encrypt_msdu = ieee80211_michael_mic_add,
725 .decrypt_msdu = ieee80211_michael_mic_verify,
726 .set_key = ieee80211_tkip_set_key,
727 .get_key = ieee80211_tkip_get_key,
728 .print_stats = ieee80211_tkip_print_stats,
729 .extra_prefix_len = 4 + 4, /* IV + ExtIV */
730 .extra_postfix_len = 8 + 4, /* MIC + ICV */
731 .owner = THIS_MODULE,
735 int ieee80211_crypto_tkip_init(void)
737 return ieee80211_register_crypto_ops(&ieee80211_crypt_tkip);
741 void ieee80211_crypto_tkip_exit(void)
743 ieee80211_unregister_crypto_ops(&ieee80211_crypt_tkip);
747 void ieee80211_tkip_null(void)
749 // printk("============>%s()\n", __func__);