2 * Host AP crypt: host-based TKIP encryption implementation for Host AP driver
4 * Copyright (c) 2003-2004, Jouni Malinen <jkmaline@cc.hut.fi>
6 * This program is free software; you can redistribute it and/or modify
7 * it under the terms of the GNU General Public License version 2 as
8 * published by the Free Software Foundation. See README and COPYING for
12 #include <linux/module.h>
13 #include <linux/init.h>
14 #include <linux/slab.h>
15 #include <linux/random.h>
16 #include <linux/skbuff.h>
17 #include <linux/netdevice.h>
18 #include <linux/if_ether.h>
19 #include <linux/if_arp.h>
20 #include <linux/string.h>
21 #include <linux/crypto.h>
22 #include <linux/scatterlist.h>
23 #include <linux/crc32.h>
27 struct rtllib_tkip_data {
28 #define TKIP_KEY_LEN 32
45 u32 dot11RSNAStatsTKIPReplays;
46 u32 dot11RSNAStatsTKIPICVErrors;
47 u32 dot11RSNAStatsTKIPLocalMICFailures;
50 struct crypto_blkcipher *rx_tfm_arc4;
51 struct crypto_hash *rx_tfm_michael;
52 struct crypto_blkcipher *tx_tfm_arc4;
53 struct crypto_hash *tx_tfm_michael;
54 /* scratch buffers for virt_to_page() (crypto API) */
55 u8 rx_hdr[16], tx_hdr[16];
58 static void *rtllib_tkip_init(int key_idx)
60 struct rtllib_tkip_data *priv;
62 priv = kzalloc(sizeof(*priv), GFP_ATOMIC);
65 priv->key_idx = key_idx;
66 priv->tx_tfm_arc4 = crypto_alloc_blkcipher("ecb(arc4)", 0,
68 if (IS_ERR(priv->tx_tfm_arc4)) {
69 printk(KERN_DEBUG "rtllib_crypt_tkip: could not allocate "
71 priv->tx_tfm_arc4 = NULL;
75 priv->tx_tfm_michael = crypto_alloc_hash("michael_mic", 0,
77 if (IS_ERR(priv->tx_tfm_michael)) {
78 printk(KERN_DEBUG "rtllib_crypt_tkip: could not allocate "
79 "crypto API michael_mic\n");
80 priv->tx_tfm_michael = NULL;
84 priv->rx_tfm_arc4 = crypto_alloc_blkcipher("ecb(arc4)", 0,
86 if (IS_ERR(priv->rx_tfm_arc4)) {
87 printk(KERN_DEBUG "rtllib_crypt_tkip: could not allocate "
89 priv->rx_tfm_arc4 = NULL;
93 priv->rx_tfm_michael = crypto_alloc_hash("michael_mic", 0,
95 if (IS_ERR(priv->rx_tfm_michael)) {
96 printk(KERN_DEBUG "rtllib_crypt_tkip: could not allocate "
97 "crypto API michael_mic\n");
98 priv->rx_tfm_michael = NULL;
105 if (priv->tx_tfm_michael)
106 crypto_free_hash(priv->tx_tfm_michael);
107 if (priv->tx_tfm_arc4)
108 crypto_free_blkcipher(priv->tx_tfm_arc4);
109 if (priv->rx_tfm_michael)
110 crypto_free_hash(priv->rx_tfm_michael);
111 if (priv->rx_tfm_arc4)
112 crypto_free_blkcipher(priv->rx_tfm_arc4);
120 static void rtllib_tkip_deinit(void *priv)
122 struct rtllib_tkip_data *_priv = priv;
125 if (_priv->tx_tfm_michael)
126 crypto_free_hash(_priv->tx_tfm_michael);
127 if (_priv->tx_tfm_arc4)
128 crypto_free_blkcipher(_priv->tx_tfm_arc4);
129 if (_priv->rx_tfm_michael)
130 crypto_free_hash(_priv->rx_tfm_michael);
131 if (_priv->rx_tfm_arc4)
132 crypto_free_blkcipher(_priv->rx_tfm_arc4);
138 static inline u16 RotR1(u16 val)
140 return (val >> 1) | (val << 15);
144 static inline u8 Lo8(u16 val)
150 static inline u8 Hi8(u16 val)
156 static inline u16 Lo16(u32 val)
162 static inline u16 Hi16(u32 val)
168 static inline u16 Mk16(u8 hi, u8 lo)
170 return lo | (((u16) hi) << 8);
174 static inline u16 Mk16_le(u16 *v)
180 static const u16 Sbox[256] = {
181 0xC6A5, 0xF884, 0xEE99, 0xF68D, 0xFF0D, 0xD6BD, 0xDEB1, 0x9154,
182 0x6050, 0x0203, 0xCEA9, 0x567D, 0xE719, 0xB562, 0x4DE6, 0xEC9A,
183 0x8F45, 0x1F9D, 0x8940, 0xFA87, 0xEF15, 0xB2EB, 0x8EC9, 0xFB0B,
184 0x41EC, 0xB367, 0x5FFD, 0x45EA, 0x23BF, 0x53F7, 0xE496, 0x9B5B,
185 0x75C2, 0xE11C, 0x3DAE, 0x4C6A, 0x6C5A, 0x7E41, 0xF502, 0x834F,
186 0x685C, 0x51F4, 0xD134, 0xF908, 0xE293, 0xAB73, 0x6253, 0x2A3F,
187 0x080C, 0x9552, 0x4665, 0x9D5E, 0x3028, 0x37A1, 0x0A0F, 0x2FB5,
188 0x0E09, 0x2436, 0x1B9B, 0xDF3D, 0xCD26, 0x4E69, 0x7FCD, 0xEA9F,
189 0x121B, 0x1D9E, 0x5874, 0x342E, 0x362D, 0xDCB2, 0xB4EE, 0x5BFB,
190 0xA4F6, 0x764D, 0xB761, 0x7DCE, 0x527B, 0xDD3E, 0x5E71, 0x1397,
191 0xA6F5, 0xB968, 0x0000, 0xC12C, 0x4060, 0xE31F, 0x79C8, 0xB6ED,
192 0xD4BE, 0x8D46, 0x67D9, 0x724B, 0x94DE, 0x98D4, 0xB0E8, 0x854A,
193 0xBB6B, 0xC52A, 0x4FE5, 0xED16, 0x86C5, 0x9AD7, 0x6655, 0x1194,
194 0x8ACF, 0xE910, 0x0406, 0xFE81, 0xA0F0, 0x7844, 0x25BA, 0x4BE3,
195 0xA2F3, 0x5DFE, 0x80C0, 0x058A, 0x3FAD, 0x21BC, 0x7048, 0xF104,
196 0x63DF, 0x77C1, 0xAF75, 0x4263, 0x2030, 0xE51A, 0xFD0E, 0xBF6D,
197 0x814C, 0x1814, 0x2635, 0xC32F, 0xBEE1, 0x35A2, 0x88CC, 0x2E39,
198 0x9357, 0x55F2, 0xFC82, 0x7A47, 0xC8AC, 0xBAE7, 0x322B, 0xE695,
199 0xC0A0, 0x1998, 0x9ED1, 0xA37F, 0x4466, 0x547E, 0x3BAB, 0x0B83,
200 0x8CCA, 0xC729, 0x6BD3, 0x283C, 0xA779, 0xBCE2, 0x161D, 0xAD76,
201 0xDB3B, 0x6456, 0x744E, 0x141E, 0x92DB, 0x0C0A, 0x486C, 0xB8E4,
202 0x9F5D, 0xBD6E, 0x43EF, 0xC4A6, 0x39A8, 0x31A4, 0xD337, 0xF28B,
203 0xD532, 0x8B43, 0x6E59, 0xDAB7, 0x018C, 0xB164, 0x9CD2, 0x49E0,
204 0xD8B4, 0xACFA, 0xF307, 0xCF25, 0xCAAF, 0xF48E, 0x47E9, 0x1018,
205 0x6FD5, 0xF088, 0x4A6F, 0x5C72, 0x3824, 0x57F1, 0x73C7, 0x9751,
206 0xCB23, 0xA17C, 0xE89C, 0x3E21, 0x96DD, 0x61DC, 0x0D86, 0x0F85,
207 0xE090, 0x7C42, 0x71C4, 0xCCAA, 0x90D8, 0x0605, 0xF701, 0x1C12,
208 0xC2A3, 0x6A5F, 0xAEF9, 0x69D0, 0x1791, 0x9958, 0x3A27, 0x27B9,
209 0xD938, 0xEB13, 0x2BB3, 0x2233, 0xD2BB, 0xA970, 0x0789, 0x33A7,
210 0x2DB6, 0x3C22, 0x1592, 0xC920, 0x8749, 0xAAFF, 0x5078, 0xA57A,
211 0x038F, 0x59F8, 0x0980, 0x1A17, 0x65DA, 0xD731, 0x84C6, 0xD0B8,
212 0x82C3, 0x29B0, 0x5A77, 0x1E11, 0x7BCB, 0xA8FC, 0x6DD6, 0x2C3A,
216 static inline u16 _S_(u16 v)
218 u16 t = Sbox[Hi8(v)];
219 return Sbox[Lo8(v)] ^ ((t << 8) | (t >> 8));
223 #define PHASE1_LOOP_COUNT 8
226 static void tkip_mixing_phase1(u16 *TTAK, const u8 *TK, const u8 *TA, u32 IV32)
230 /* Initialize the 80-bit TTAK from TSC (IV32) and TA[0..5] */
231 TTAK[0] = Lo16(IV32);
232 TTAK[1] = Hi16(IV32);
233 TTAK[2] = Mk16(TA[1], TA[0]);
234 TTAK[3] = Mk16(TA[3], TA[2]);
235 TTAK[4] = Mk16(TA[5], TA[4]);
237 for (i = 0; i < PHASE1_LOOP_COUNT; i++) {
239 TTAK[0] += _S_(TTAK[4] ^ Mk16(TK[1 + j], TK[0 + j]));
240 TTAK[1] += _S_(TTAK[0] ^ Mk16(TK[5 + j], TK[4 + j]));
241 TTAK[2] += _S_(TTAK[1] ^ Mk16(TK[9 + j], TK[8 + j]));
242 TTAK[3] += _S_(TTAK[2] ^ Mk16(TK[13 + j], TK[12 + j]));
243 TTAK[4] += _S_(TTAK[3] ^ Mk16(TK[1 + j], TK[0 + j])) + i;
248 static void tkip_mixing_phase2(u8 *WEPSeed, const u8 *TK, const u16 *TTAK,
251 /* Make temporary area overlap WEP seed so that the final copy can be
252 * avoided on little endian hosts. */
253 u16 *PPK = (u16 *) &WEPSeed[4];
255 /* Step 1 - make copy of TTAK and bring in TSC */
261 PPK[5] = TTAK[4] + IV16;
263 /* Step 2 - 96-bit bijective mixing using S-box */
264 PPK[0] += _S_(PPK[5] ^ Mk16_le((u16 *) &TK[0]));
265 PPK[1] += _S_(PPK[0] ^ Mk16_le((u16 *) &TK[2]));
266 PPK[2] += _S_(PPK[1] ^ Mk16_le((u16 *) &TK[4]));
267 PPK[3] += _S_(PPK[2] ^ Mk16_le((u16 *) &TK[6]));
268 PPK[4] += _S_(PPK[3] ^ Mk16_le((u16 *) &TK[8]));
269 PPK[5] += _S_(PPK[4] ^ Mk16_le((u16 *) &TK[10]));
271 PPK[0] += RotR1(PPK[5] ^ Mk16_le((u16 *) &TK[12]));
272 PPK[1] += RotR1(PPK[0] ^ Mk16_le((u16 *) &TK[14]));
273 PPK[2] += RotR1(PPK[1]);
274 PPK[3] += RotR1(PPK[2]);
275 PPK[4] += RotR1(PPK[3]);
276 PPK[5] += RotR1(PPK[4]);
278 /* Step 3 - bring in last of TK bits, assign 24-bit WEP IV value
279 * WEPSeed[0..2] is transmitted as WEP IV */
280 WEPSeed[0] = Hi8(IV16);
281 WEPSeed[1] = (Hi8(IV16) | 0x20) & 0x7F;
282 WEPSeed[2] = Lo8(IV16);
283 WEPSeed[3] = Lo8((PPK[5] ^ Mk16_le((u16 *) &TK[0])) >> 1);
289 for (i = 0; i < 6; i++)
290 PPK[i] = (PPK[i] << 8) | (PPK[i] >> 8);
296 static int rtllib_tkip_encrypt(struct sk_buff *skb, int hdr_len, void *priv)
298 struct rtllib_tkip_data *tkey = priv;
301 struct rtllib_hdr_4addr *hdr;
302 struct cb_desc *tcb_desc = (struct cb_desc *)(skb->cb +
304 struct blkcipher_desc desc = {.tfm = tkey->tx_tfm_arc4};
308 struct scatterlist sg;
310 if (skb_headroom(skb) < 8 || skb_tailroom(skb) < 4 ||
314 hdr = (struct rtllib_hdr_4addr *) skb->data;
316 if (!tcb_desc->bHwSec) {
317 if (!tkey->tx_phase1_done) {
318 tkip_mixing_phase1(tkey->tx_ttak, tkey->key, hdr->addr2,
320 tkey->tx_phase1_done = 1;
322 tkip_mixing_phase2(rc4key, tkey->key, tkey->tx_ttak,
325 tkey->tx_phase1_done = 1;
328 len = skb->len - hdr_len;
329 pos = skb_push(skb, 8);
330 memmove(pos, pos + 8, hdr_len);
333 if (tcb_desc->bHwSec) {
334 *pos++ = Hi8(tkey->tx_iv16);
335 *pos++ = (Hi8(tkey->tx_iv16) | 0x20) & 0x7F;
336 *pos++ = Lo8(tkey->tx_iv16);
343 *pos++ = (tkey->key_idx << 6) | (1 << 5) /* Ext IV included */;
344 *pos++ = tkey->tx_iv32 & 0xff;
345 *pos++ = (tkey->tx_iv32 >> 8) & 0xff;
346 *pos++ = (tkey->tx_iv32 >> 16) & 0xff;
347 *pos++ = (tkey->tx_iv32 >> 24) & 0xff;
349 if (!tcb_desc->bHwSec) {
350 icv = skb_put(skb, 4);
351 crc = ~crc32_le(~0, pos, len);
357 sg_init_one(&sg, pos, len+4);
360 crypto_blkcipher_setkey(tkey->tx_tfm_arc4, rc4key, 16);
361 ret = crypto_blkcipher_encrypt(&desc, &sg, &sg, len + 4);
365 if (tkey->tx_iv16 == 0) {
366 tkey->tx_phase1_done = 0;
370 if (!tcb_desc->bHwSec)
378 static int rtllib_tkip_decrypt(struct sk_buff *skb, int hdr_len, void *priv)
380 struct rtllib_tkip_data *tkey = priv;
384 struct rtllib_hdr_4addr *hdr;
385 struct cb_desc *tcb_desc = (struct cb_desc *)(skb->cb +
387 struct blkcipher_desc desc = {.tfm = tkey->rx_tfm_arc4};
391 struct scatterlist sg;
394 if (skb->len < hdr_len + 8 + 4)
397 hdr = (struct rtllib_hdr_4addr *) skb->data;
398 pos = skb->data + hdr_len;
400 if (!(keyidx & (1 << 5))) {
401 if (net_ratelimit()) {
402 printk(KERN_DEBUG "TKIP: received packet without ExtIV"
403 " flag from %pM\n", hdr->addr2);
408 if (tkey->key_idx != keyidx) {
409 printk(KERN_DEBUG "TKIP: RX tkey->key_idx=%d frame "
410 "keyidx=%d priv=%p\n", tkey->key_idx, keyidx, priv);
413 if (!tkey->key_set) {
414 if (net_ratelimit()) {
415 printk(KERN_DEBUG "TKIP: received packet from %pM"
416 " with keyid=%d that does not have a configured"
417 " key\n", hdr->addr2, keyidx);
421 iv16 = (pos[0] << 8) | pos[2];
422 iv32 = pos[4] | (pos[5] << 8) | (pos[6] << 16) | (pos[7] << 24);
425 if (!tcb_desc->bHwSec || (skb->cb[0] == 1)) {
426 if ((iv32 < tkey->rx_iv32 ||
427 (iv32 == tkey->rx_iv32 && iv16 <= tkey->rx_iv16)) &&
429 if (net_ratelimit()) {
430 printk(KERN_DEBUG "TKIP: replay detected: STA="
431 " %pM previous TSC %08x%04x received "
432 "TSC %08x%04x\n", hdr->addr2,
433 tkey->rx_iv32, tkey->rx_iv16, iv32, iv16);
435 tkey->dot11RSNAStatsTKIPReplays++;
438 tkey->initialized = true;
440 if (iv32 != tkey->rx_iv32 || !tkey->rx_phase1_done) {
441 tkip_mixing_phase1(tkey->rx_ttak, tkey->key,
443 tkey->rx_phase1_done = 1;
445 tkip_mixing_phase2(rc4key, tkey->key, tkey->rx_ttak, iv16);
447 plen = skb->len - hdr_len - 12;
449 sg_init_one(&sg, pos, plen+4);
451 crypto_blkcipher_setkey(tkey->rx_tfm_arc4, rc4key, 16);
452 if (crypto_blkcipher_decrypt(&desc, &sg, &sg, plen + 4)) {
453 if (net_ratelimit()) {
454 printk(KERN_DEBUG ": TKIP: failed to decrypt "
455 "received packet from %pM\n",
461 crc = ~crc32_le(~0, pos, plen);
467 if (memcmp(icv, pos + plen, 4) != 0) {
468 if (iv32 != tkey->rx_iv32) {
469 /* Previously cached Phase1 result was already
470 * lost, so it needs to be recalculated for the
472 tkey->rx_phase1_done = 0;
474 if (net_ratelimit()) {
475 printk(KERN_DEBUG "TKIP: ICV error detected: STA="
476 " %pM\n", hdr->addr2);
478 tkey->dot11RSNAStatsTKIPICVErrors++;
484 /* Update real counters only after Michael MIC verification has
486 tkey->rx_iv32_new = iv32;
487 tkey->rx_iv16_new = iv16;
489 /* Remove IV and ICV */
490 memmove(skb->data + 8, skb->data, hdr_len);
492 skb_trim(skb, skb->len - 4);
498 static int michael_mic(struct crypto_hash *tfm_michael, u8 *key, u8 *hdr,
499 u8 *data, size_t data_len, u8 *mic)
501 struct hash_desc desc;
502 struct scatterlist sg[2];
504 if (tfm_michael == NULL) {
505 printk(KERN_WARNING "michael_mic: tfm_michael == NULL\n");
508 sg_init_table(sg, 2);
509 sg_set_buf(&sg[0], hdr, 16);
510 sg_set_buf(&sg[1], data, data_len);
512 if (crypto_hash_setkey(tfm_michael, key, 8))
515 desc.tfm = tfm_michael;
517 return crypto_hash_digest(&desc, sg, data_len + 16, mic);
520 static void michael_mic_hdr(struct sk_buff *skb, u8 *hdr)
522 struct rtllib_hdr_4addr *hdr11;
524 hdr11 = (struct rtllib_hdr_4addr *) skb->data;
525 switch (le16_to_cpu(hdr11->frame_ctl) &
526 (RTLLIB_FCTL_FROMDS | RTLLIB_FCTL_TODS)) {
527 case RTLLIB_FCTL_TODS:
528 memcpy(hdr, hdr11->addr3, ETH_ALEN); /* DA */
529 memcpy(hdr + ETH_ALEN, hdr11->addr2, ETH_ALEN); /* SA */
531 case RTLLIB_FCTL_FROMDS:
532 memcpy(hdr, hdr11->addr1, ETH_ALEN); /* DA */
533 memcpy(hdr + ETH_ALEN, hdr11->addr3, ETH_ALEN); /* SA */
535 case RTLLIB_FCTL_FROMDS | RTLLIB_FCTL_TODS:
536 memcpy(hdr, hdr11->addr3, ETH_ALEN); /* DA */
537 memcpy(hdr + ETH_ALEN, hdr11->addr4, ETH_ALEN); /* SA */
540 memcpy(hdr, hdr11->addr1, ETH_ALEN); /* DA */
541 memcpy(hdr + ETH_ALEN, hdr11->addr2, ETH_ALEN); /* SA */
545 hdr[12] = 0; /* priority */
547 hdr[13] = hdr[14] = hdr[15] = 0; /* reserved */
551 static int rtllib_michael_mic_add(struct sk_buff *skb, int hdr_len, void *priv)
553 struct rtllib_tkip_data *tkey = priv;
555 struct rtllib_hdr_4addr *hdr;
557 hdr = (struct rtllib_hdr_4addr *) skb->data;
559 if (skb_tailroom(skb) < 8 || skb->len < hdr_len) {
560 printk(KERN_DEBUG "Invalid packet for Michael MIC add "
561 "(tailroom=%d hdr_len=%d skb->len=%d)\n",
562 skb_tailroom(skb), hdr_len, skb->len);
566 michael_mic_hdr(skb, tkey->tx_hdr);
568 if (RTLLIB_QOS_HAS_SEQ(le16_to_cpu(hdr->frame_ctl)))
569 tkey->tx_hdr[12] = *(skb->data + hdr_len - 2) & 0x07;
570 pos = skb_put(skb, 8);
571 if (michael_mic(tkey->tx_tfm_michael, &tkey->key[16], tkey->tx_hdr,
572 skb->data + hdr_len, skb->len - 8 - hdr_len, pos))
579 static void rtllib_michael_mic_failure(struct net_device *dev,
580 struct rtllib_hdr_4addr *hdr,
583 union iwreq_data wrqu;
584 struct iw_michaelmicfailure ev;
586 /* TODO: needed parameters: count, keyid, key type, TSC */
587 memset(&ev, 0, sizeof(ev));
588 ev.flags = keyidx & IW_MICFAILURE_KEY_ID;
589 if (hdr->addr1[0] & 0x01)
590 ev.flags |= IW_MICFAILURE_GROUP;
592 ev.flags |= IW_MICFAILURE_PAIRWISE;
593 ev.src_addr.sa_family = ARPHRD_ETHER;
594 memcpy(ev.src_addr.sa_data, hdr->addr2, ETH_ALEN);
595 memset(&wrqu, 0, sizeof(wrqu));
596 wrqu.data.length = sizeof(ev);
597 wireless_send_event(dev, IWEVMICHAELMICFAILURE, &wrqu, (char *) &ev);
600 static int rtllib_michael_mic_verify(struct sk_buff *skb, int keyidx,
601 int hdr_len, void *priv)
603 struct rtllib_tkip_data *tkey = priv;
605 struct rtllib_hdr_4addr *hdr;
607 hdr = (struct rtllib_hdr_4addr *) skb->data;
612 michael_mic_hdr(skb, tkey->rx_hdr);
613 if (RTLLIB_QOS_HAS_SEQ(le16_to_cpu(hdr->frame_ctl)))
614 tkey->rx_hdr[12] = *(skb->data + hdr_len - 2) & 0x07;
616 if (michael_mic(tkey->rx_tfm_michael, &tkey->key[24], tkey->rx_hdr,
617 skb->data + hdr_len, skb->len - 8 - hdr_len, mic))
620 if (memcmp(mic, skb->data + skb->len - 8, 8) != 0) {
621 struct rtllib_hdr_4addr *hdr;
623 hdr = (struct rtllib_hdr_4addr *) skb->data;
624 printk(KERN_DEBUG "%s: Michael MIC verification failed for "
625 "MSDU from %pM keyidx=%d\n",
626 skb->dev ? skb->dev->name : "N/A", hdr->addr2,
628 printk(KERN_DEBUG "%d\n",
629 memcmp(mic, skb->data + skb->len - 8, 8) != 0);
631 printk(KERN_INFO "skb->dev != NULL\n");
632 rtllib_michael_mic_failure(skb->dev, hdr, keyidx);
634 tkey->dot11RSNAStatsTKIPLocalMICFailures++;
638 /* Update TSC counters for RX now that the packet verification has
640 tkey->rx_iv32 = tkey->rx_iv32_new;
641 tkey->rx_iv16 = tkey->rx_iv16_new;
643 skb_trim(skb, skb->len - 8);
649 static int rtllib_tkip_set_key(void *key, int len, u8 *seq, void *priv)
651 struct rtllib_tkip_data *tkey = priv;
653 struct crypto_hash *tfm = tkey->tx_tfm_michael;
654 struct crypto_blkcipher *tfm2 = tkey->tx_tfm_arc4;
655 struct crypto_hash *tfm3 = tkey->rx_tfm_michael;
656 struct crypto_blkcipher *tfm4 = tkey->rx_tfm_arc4;
658 keyidx = tkey->key_idx;
659 memset(tkey, 0, sizeof(*tkey));
660 tkey->key_idx = keyidx;
661 tkey->tx_tfm_michael = tfm;
662 tkey->tx_tfm_arc4 = tfm2;
663 tkey->rx_tfm_michael = tfm3;
664 tkey->rx_tfm_arc4 = tfm4;
666 if (len == TKIP_KEY_LEN) {
667 memcpy(tkey->key, key, TKIP_KEY_LEN);
669 tkey->tx_iv16 = 1; /* TSC is initialized to 1 */
671 tkey->rx_iv32 = (seq[5] << 24) | (seq[4] << 16) |
672 (seq[3] << 8) | seq[2];
673 tkey->rx_iv16 = (seq[1] << 8) | seq[0];
684 static int rtllib_tkip_get_key(void *key, int len, u8 *seq, void *priv)
686 struct rtllib_tkip_data *tkey = priv;
688 if (len < TKIP_KEY_LEN)
693 memcpy(key, tkey->key, TKIP_KEY_LEN);
696 /* Return the sequence number of the last transmitted frame. */
697 u16 iv16 = tkey->tx_iv16;
698 u32 iv32 = tkey->tx_iv32;
703 seq[0] = tkey->tx_iv16;
704 seq[1] = tkey->tx_iv16 >> 8;
705 seq[2] = tkey->tx_iv32;
706 seq[3] = tkey->tx_iv32 >> 8;
707 seq[4] = tkey->tx_iv32 >> 16;
708 seq[5] = tkey->tx_iv32 >> 24;
715 static void rtllib_tkip_print_stats(struct seq_file *m, void *priv)
717 struct rtllib_tkip_data *tkip = priv;
720 "key[%d] alg=TKIP key_set=%d "
721 "tx_pn=%02x%02x%02x%02x%02x%02x "
722 "rx_pn=%02x%02x%02x%02x%02x%02x "
723 "replays=%d icv_errors=%d local_mic_failures=%d\n",
724 tkip->key_idx, tkip->key_set,
725 (tkip->tx_iv32 >> 24) & 0xff,
726 (tkip->tx_iv32 >> 16) & 0xff,
727 (tkip->tx_iv32 >> 8) & 0xff,
728 tkip->tx_iv32 & 0xff,
729 (tkip->tx_iv16 >> 8) & 0xff,
730 tkip->tx_iv16 & 0xff,
731 (tkip->rx_iv32 >> 24) & 0xff,
732 (tkip->rx_iv32 >> 16) & 0xff,
733 (tkip->rx_iv32 >> 8) & 0xff,
734 tkip->rx_iv32 & 0xff,
735 (tkip->rx_iv16 >> 8) & 0xff,
736 tkip->rx_iv16 & 0xff,
737 tkip->dot11RSNAStatsTKIPReplays,
738 tkip->dot11RSNAStatsTKIPICVErrors,
739 tkip->dot11RSNAStatsTKIPLocalMICFailures);
742 static struct lib80211_crypto_ops rtllib_crypt_tkip = {
744 .init = rtllib_tkip_init,
745 .deinit = rtllib_tkip_deinit,
746 .encrypt_mpdu = rtllib_tkip_encrypt,
747 .decrypt_mpdu = rtllib_tkip_decrypt,
748 .encrypt_msdu = rtllib_michael_mic_add,
749 .decrypt_msdu = rtllib_michael_mic_verify,
750 .set_key = rtllib_tkip_set_key,
751 .get_key = rtllib_tkip_get_key,
752 .print_stats = rtllib_tkip_print_stats,
753 .extra_mpdu_prefix_len = 4 + 4, /* IV + ExtIV */
754 .extra_mpdu_postfix_len = 4, /* ICV */
755 .extra_msdu_postfix_len = 8, /* MIC */
756 .owner = THIS_MODULE,
760 static int __init rtllib_crypto_tkip_init(void)
762 return lib80211_register_crypto_ops(&rtllib_crypt_tkip);
766 static void __exit rtllib_crypto_tkip_exit(void)
768 lib80211_unregister_crypto_ops(&rtllib_crypt_tkip);
771 module_init(rtllib_crypto_tkip_init);
772 module_exit(rtllib_crypto_tkip_exit);
774 MODULE_LICENSE("GPL");