2 * Host AP crypt: host-based TKIP encryption implementation for Host AP driver
4 * Copyright (c) 2003-2004, Jouni Malinen <j@w1.fi>
6 * This program is free software; you can redistribute it and/or modify
7 * it under the terms of the GNU General Public License version 2 as
8 * published by the Free Software Foundation. See README and COPYING for
12 #include <linux/err.h>
13 #include <linux/module.h>
14 #include <linux/init.h>
15 #include <linux/slab.h>
16 #include <linux/random.h>
17 #include <linux/scatterlist.h>
18 #include <linux/skbuff.h>
19 #include <linux/netdevice.h>
21 #include <linux/if_ether.h>
22 #include <linux/if_arp.h>
23 #include <asm/string.h>
25 #include <net/ieee80211.h>
27 #include <linux/crypto.h>
28 #include <asm/scatterlist.h>
29 #include <linux/crc32.h>
31 MODULE_AUTHOR("Jouni Malinen");
32 MODULE_DESCRIPTION("Host AP crypt: TKIP");
33 MODULE_LICENSE("GPL");
35 struct ieee80211_tkip_data {
36 #define TKIP_KEY_LEN 32
52 u32 dot11RSNAStatsTKIPReplays;
53 u32 dot11RSNAStatsTKIPICVErrors;
54 u32 dot11RSNAStatsTKIPLocalMICFailures;
58 struct crypto_blkcipher *rx_tfm_arc4;
59 struct crypto_hash *rx_tfm_michael;
60 struct crypto_blkcipher *tx_tfm_arc4;
61 struct crypto_hash *tx_tfm_michael;
63 /* scratch buffers for virt_to_page() (crypto API) */
64 u8 rx_hdr[16], tx_hdr[16];
69 static unsigned long ieee80211_tkip_set_flags(unsigned long flags, void *priv)
71 struct ieee80211_tkip_data *_priv = priv;
72 unsigned long old_flags = _priv->flags;
77 static unsigned long ieee80211_tkip_get_flags(void *priv)
79 struct ieee80211_tkip_data *_priv = priv;
83 static void *ieee80211_tkip_init(int key_idx)
85 struct ieee80211_tkip_data *priv;
87 priv = kzalloc(sizeof(*priv), GFP_ATOMIC);
91 priv->key_idx = key_idx;
93 priv->tx_tfm_arc4 = crypto_alloc_blkcipher("ecb(arc4)", 0,
95 if (IS_ERR(priv->tx_tfm_arc4)) {
96 printk(KERN_DEBUG "ieee80211_crypt_tkip: could not allocate "
98 priv->tx_tfm_arc4 = NULL;
102 priv->tx_tfm_michael = crypto_alloc_hash("michael_mic", 0,
104 if (IS_ERR(priv->tx_tfm_michael)) {
105 printk(KERN_DEBUG "ieee80211_crypt_tkip: could not allocate "
106 "crypto API michael_mic\n");
107 priv->tx_tfm_michael = NULL;
111 priv->rx_tfm_arc4 = crypto_alloc_blkcipher("ecb(arc4)", 0,
113 if (IS_ERR(priv->rx_tfm_arc4)) {
114 printk(KERN_DEBUG "ieee80211_crypt_tkip: could not allocate "
115 "crypto API arc4\n");
116 priv->rx_tfm_arc4 = NULL;
120 priv->rx_tfm_michael = crypto_alloc_hash("michael_mic", 0,
122 if (IS_ERR(priv->rx_tfm_michael)) {
123 printk(KERN_DEBUG "ieee80211_crypt_tkip: could not allocate "
124 "crypto API michael_mic\n");
125 priv->rx_tfm_michael = NULL;
133 if (priv->tx_tfm_michael)
134 crypto_free_hash(priv->tx_tfm_michael);
135 if (priv->tx_tfm_arc4)
136 crypto_free_blkcipher(priv->tx_tfm_arc4);
137 if (priv->rx_tfm_michael)
138 crypto_free_hash(priv->rx_tfm_michael);
139 if (priv->rx_tfm_arc4)
140 crypto_free_blkcipher(priv->rx_tfm_arc4);
147 static void ieee80211_tkip_deinit(void *priv)
149 struct ieee80211_tkip_data *_priv = priv;
151 if (_priv->tx_tfm_michael)
152 crypto_free_hash(_priv->tx_tfm_michael);
153 if (_priv->tx_tfm_arc4)
154 crypto_free_blkcipher(_priv->tx_tfm_arc4);
155 if (_priv->rx_tfm_michael)
156 crypto_free_hash(_priv->rx_tfm_michael);
157 if (_priv->rx_tfm_arc4)
158 crypto_free_blkcipher(_priv->rx_tfm_arc4);
163 static inline u16 RotR1(u16 val)
165 return (val >> 1) | (val << 15);
168 static inline u8 Lo8(u16 val)
173 static inline u8 Hi8(u16 val)
178 static inline u16 Lo16(u32 val)
183 static inline u16 Hi16(u32 val)
188 static inline u16 Mk16(u8 hi, u8 lo)
190 return lo | (((u16) hi) << 8);
193 static inline u16 Mk16_le(u16 * v)
195 return le16_to_cpu(*v);
198 static const u16 Sbox[256] = {
199 0xC6A5, 0xF884, 0xEE99, 0xF68D, 0xFF0D, 0xD6BD, 0xDEB1, 0x9154,
200 0x6050, 0x0203, 0xCEA9, 0x567D, 0xE719, 0xB562, 0x4DE6, 0xEC9A,
201 0x8F45, 0x1F9D, 0x8940, 0xFA87, 0xEF15, 0xB2EB, 0x8EC9, 0xFB0B,
202 0x41EC, 0xB367, 0x5FFD, 0x45EA, 0x23BF, 0x53F7, 0xE496, 0x9B5B,
203 0x75C2, 0xE11C, 0x3DAE, 0x4C6A, 0x6C5A, 0x7E41, 0xF502, 0x834F,
204 0x685C, 0x51F4, 0xD134, 0xF908, 0xE293, 0xAB73, 0x6253, 0x2A3F,
205 0x080C, 0x9552, 0x4665, 0x9D5E, 0x3028, 0x37A1, 0x0A0F, 0x2FB5,
206 0x0E09, 0x2436, 0x1B9B, 0xDF3D, 0xCD26, 0x4E69, 0x7FCD, 0xEA9F,
207 0x121B, 0x1D9E, 0x5874, 0x342E, 0x362D, 0xDCB2, 0xB4EE, 0x5BFB,
208 0xA4F6, 0x764D, 0xB761, 0x7DCE, 0x527B, 0xDD3E, 0x5E71, 0x1397,
209 0xA6F5, 0xB968, 0x0000, 0xC12C, 0x4060, 0xE31F, 0x79C8, 0xB6ED,
210 0xD4BE, 0x8D46, 0x67D9, 0x724B, 0x94DE, 0x98D4, 0xB0E8, 0x854A,
211 0xBB6B, 0xC52A, 0x4FE5, 0xED16, 0x86C5, 0x9AD7, 0x6655, 0x1194,
212 0x8ACF, 0xE910, 0x0406, 0xFE81, 0xA0F0, 0x7844, 0x25BA, 0x4BE3,
213 0xA2F3, 0x5DFE, 0x80C0, 0x058A, 0x3FAD, 0x21BC, 0x7048, 0xF104,
214 0x63DF, 0x77C1, 0xAF75, 0x4263, 0x2030, 0xE51A, 0xFD0E, 0xBF6D,
215 0x814C, 0x1814, 0x2635, 0xC32F, 0xBEE1, 0x35A2, 0x88CC, 0x2E39,
216 0x9357, 0x55F2, 0xFC82, 0x7A47, 0xC8AC, 0xBAE7, 0x322B, 0xE695,
217 0xC0A0, 0x1998, 0x9ED1, 0xA37F, 0x4466, 0x547E, 0x3BAB, 0x0B83,
218 0x8CCA, 0xC729, 0x6BD3, 0x283C, 0xA779, 0xBCE2, 0x161D, 0xAD76,
219 0xDB3B, 0x6456, 0x744E, 0x141E, 0x92DB, 0x0C0A, 0x486C, 0xB8E4,
220 0x9F5D, 0xBD6E, 0x43EF, 0xC4A6, 0x39A8, 0x31A4, 0xD337, 0xF28B,
221 0xD532, 0x8B43, 0x6E59, 0xDAB7, 0x018C, 0xB164, 0x9CD2, 0x49E0,
222 0xD8B4, 0xACFA, 0xF307, 0xCF25, 0xCAAF, 0xF48E, 0x47E9, 0x1018,
223 0x6FD5, 0xF088, 0x4A6F, 0x5C72, 0x3824, 0x57F1, 0x73C7, 0x9751,
224 0xCB23, 0xA17C, 0xE89C, 0x3E21, 0x96DD, 0x61DC, 0x0D86, 0x0F85,
225 0xE090, 0x7C42, 0x71C4, 0xCCAA, 0x90D8, 0x0605, 0xF701, 0x1C12,
226 0xC2A3, 0x6A5F, 0xAEF9, 0x69D0, 0x1791, 0x9958, 0x3A27, 0x27B9,
227 0xD938, 0xEB13, 0x2BB3, 0x2233, 0xD2BB, 0xA970, 0x0789, 0x33A7,
228 0x2DB6, 0x3C22, 0x1592, 0xC920, 0x8749, 0xAAFF, 0x5078, 0xA57A,
229 0x038F, 0x59F8, 0x0980, 0x1A17, 0x65DA, 0xD731, 0x84C6, 0xD0B8,
230 0x82C3, 0x29B0, 0x5A77, 0x1E11, 0x7BCB, 0xA8FC, 0x6DD6, 0x2C3A,
233 static inline u16 _S_(u16 v)
235 u16 t = Sbox[Hi8(v)];
236 return Sbox[Lo8(v)] ^ ((t << 8) | (t >> 8));
239 #define PHASE1_LOOP_COUNT 8
241 static void tkip_mixing_phase1(u16 * TTAK, const u8 * TK, const u8 * TA,
246 /* Initialize the 80-bit TTAK from TSC (IV32) and TA[0..5] */
247 TTAK[0] = Lo16(IV32);
248 TTAK[1] = Hi16(IV32);
249 TTAK[2] = Mk16(TA[1], TA[0]);
250 TTAK[3] = Mk16(TA[3], TA[2]);
251 TTAK[4] = Mk16(TA[5], TA[4]);
253 for (i = 0; i < PHASE1_LOOP_COUNT; i++) {
255 TTAK[0] += _S_(TTAK[4] ^ Mk16(TK[1 + j], TK[0 + j]));
256 TTAK[1] += _S_(TTAK[0] ^ Mk16(TK[5 + j], TK[4 + j]));
257 TTAK[2] += _S_(TTAK[1] ^ Mk16(TK[9 + j], TK[8 + j]));
258 TTAK[3] += _S_(TTAK[2] ^ Mk16(TK[13 + j], TK[12 + j]));
259 TTAK[4] += _S_(TTAK[3] ^ Mk16(TK[1 + j], TK[0 + j])) + i;
263 static void tkip_mixing_phase2(u8 * WEPSeed, const u8 * TK, const u16 * TTAK,
266 /* Make temporary area overlap WEP seed so that the final copy can be
267 * avoided on little endian hosts. */
268 u16 *PPK = (u16 *) & WEPSeed[4];
270 /* Step 1 - make copy of TTAK and bring in TSC */
276 PPK[5] = TTAK[4] + IV16;
278 /* Step 2 - 96-bit bijective mixing using S-box */
279 PPK[0] += _S_(PPK[5] ^ Mk16_le((u16 *) & TK[0]));
280 PPK[1] += _S_(PPK[0] ^ Mk16_le((u16 *) & TK[2]));
281 PPK[2] += _S_(PPK[1] ^ Mk16_le((u16 *) & TK[4]));
282 PPK[3] += _S_(PPK[2] ^ Mk16_le((u16 *) & TK[6]));
283 PPK[4] += _S_(PPK[3] ^ Mk16_le((u16 *) & TK[8]));
284 PPK[5] += _S_(PPK[4] ^ Mk16_le((u16 *) & TK[10]));
286 PPK[0] += RotR1(PPK[5] ^ Mk16_le((u16 *) & TK[12]));
287 PPK[1] += RotR1(PPK[0] ^ Mk16_le((u16 *) & TK[14]));
288 PPK[2] += RotR1(PPK[1]);
289 PPK[3] += RotR1(PPK[2]);
290 PPK[4] += RotR1(PPK[3]);
291 PPK[5] += RotR1(PPK[4]);
293 /* Step 3 - bring in last of TK bits, assign 24-bit WEP IV value
294 * WEPSeed[0..2] is transmitted as WEP IV */
295 WEPSeed[0] = Hi8(IV16);
296 WEPSeed[1] = (Hi8(IV16) | 0x20) & 0x7F;
297 WEPSeed[2] = Lo8(IV16);
298 WEPSeed[3] = Lo8((PPK[5] ^ Mk16_le((u16 *) & TK[0])) >> 1);
303 for (i = 0; i < 6; i++)
304 PPK[i] = (PPK[i] << 8) | (PPK[i] >> 8);
309 static int ieee80211_tkip_hdr(struct sk_buff *skb, int hdr_len,
310 u8 * rc4key, int keylen, void *priv)
312 struct ieee80211_tkip_data *tkey = priv;
315 struct ieee80211_hdr_4addr *hdr;
317 hdr = (struct ieee80211_hdr_4addr *)skb->data;
319 if (skb_headroom(skb) < 8 || skb->len < hdr_len)
322 if (rc4key == NULL || keylen < 16)
325 if (!tkey->tx_phase1_done) {
326 tkip_mixing_phase1(tkey->tx_ttak, tkey->key, hdr->addr2,
328 tkey->tx_phase1_done = 1;
330 tkip_mixing_phase2(rc4key, tkey->key, tkey->tx_ttak, tkey->tx_iv16);
332 len = skb->len - hdr_len;
333 pos = skb_push(skb, 8);
334 memmove(pos, pos + 8, hdr_len);
338 *pos++ = *(rc4key + 1);
339 *pos++ = *(rc4key + 2);
340 *pos++ = (tkey->key_idx << 6) | (1 << 5) /* Ext IV included */ ;
341 *pos++ = tkey->tx_iv32 & 0xff;
342 *pos++ = (tkey->tx_iv32 >> 8) & 0xff;
343 *pos++ = (tkey->tx_iv32 >> 16) & 0xff;
344 *pos++ = (tkey->tx_iv32 >> 24) & 0xff;
347 if (tkey->tx_iv16 == 0) {
348 tkey->tx_phase1_done = 0;
355 static int ieee80211_tkip_encrypt(struct sk_buff *skb, int hdr_len, void *priv)
357 struct ieee80211_tkip_data *tkey = priv;
358 struct blkcipher_desc desc = { .tfm = tkey->tx_tfm_arc4 };
360 u8 rc4key[16], *pos, *icv;
362 struct scatterlist sg;
363 DECLARE_MAC_BUF(mac);
365 if (tkey->flags & IEEE80211_CRYPTO_TKIP_COUNTERMEASURES) {
366 if (net_ratelimit()) {
367 struct ieee80211_hdr_4addr *hdr =
368 (struct ieee80211_hdr_4addr *)skb->data;
369 printk(KERN_DEBUG ": TKIP countermeasures: dropped "
371 print_mac(mac, hdr->addr1));
376 if (skb_tailroom(skb) < 4 || skb->len < hdr_len)
379 len = skb->len - hdr_len;
380 pos = skb->data + hdr_len;
382 if ((ieee80211_tkip_hdr(skb, hdr_len, rc4key, 16, priv)) < 0)
385 icv = skb_put(skb, 4);
387 crc = ~crc32_le(~0, pos, len);
393 crypto_blkcipher_setkey(tkey->tx_tfm_arc4, rc4key, 16);
394 sg_init_one(&sg, pos, len + 4);
395 return crypto_blkcipher_encrypt(&desc, &sg, &sg, len + 4);
399 * deal with seq counter wrapping correctly.
400 * refer to timer_after() for jiffies wrapping handling
402 static inline int tkip_replay_check(u32 iv32_n, u16 iv16_n,
403 u32 iv32_o, u16 iv16_o)
405 if ((s32)iv32_n - (s32)iv32_o < 0 ||
406 (iv32_n == iv32_o && iv16_n <= iv16_o))
411 static int ieee80211_tkip_decrypt(struct sk_buff *skb, int hdr_len, void *priv)
413 struct ieee80211_tkip_data *tkey = priv;
414 struct blkcipher_desc desc = { .tfm = tkey->rx_tfm_arc4 };
419 struct ieee80211_hdr_4addr *hdr;
422 struct scatterlist sg;
424 DECLARE_MAC_BUF(mac);
426 hdr = (struct ieee80211_hdr_4addr *)skb->data;
428 if (tkey->flags & IEEE80211_CRYPTO_TKIP_COUNTERMEASURES) {
429 if (net_ratelimit()) {
430 printk(KERN_DEBUG ": TKIP countermeasures: dropped "
431 "received packet from %s\n",
432 print_mac(mac, hdr->addr2));
437 if (skb->len < hdr_len + 8 + 4)
440 pos = skb->data + hdr_len;
442 if (!(keyidx & (1 << 5))) {
443 if (net_ratelimit()) {
444 printk(KERN_DEBUG "TKIP: received packet without ExtIV"
445 " flag from %s\n", print_mac(mac, hdr->addr2));
450 if (tkey->key_idx != keyidx) {
451 printk(KERN_DEBUG "TKIP: RX tkey->key_idx=%d frame "
452 "keyidx=%d priv=%p\n", tkey->key_idx, keyidx, priv);
455 if (!tkey->key_set) {
456 if (net_ratelimit()) {
457 printk(KERN_DEBUG "TKIP: received packet from %s"
458 " with keyid=%d that does not have a configured"
459 " key\n", print_mac(mac, hdr->addr2), keyidx);
463 iv16 = (pos[0] << 8) | pos[2];
464 iv32 = pos[4] | (pos[5] << 8) | (pos[6] << 16) | (pos[7] << 24);
467 if (tkip_replay_check(iv32, iv16, tkey->rx_iv32, tkey->rx_iv16)) {
468 if (net_ratelimit()) {
469 IEEE80211_DEBUG_DROP("TKIP: replay detected: STA=%s"
470 " previous TSC %08x%04x received TSC "
471 "%08x%04x\n", print_mac(mac, hdr->addr2),
472 tkey->rx_iv32, tkey->rx_iv16, iv32, iv16);
474 tkey->dot11RSNAStatsTKIPReplays++;
478 if (iv32 != tkey->rx_iv32 || !tkey->rx_phase1_done) {
479 tkip_mixing_phase1(tkey->rx_ttak, tkey->key, hdr->addr2, iv32);
480 tkey->rx_phase1_done = 1;
482 tkip_mixing_phase2(rc4key, tkey->key, tkey->rx_ttak, iv16);
484 plen = skb->len - hdr_len - 12;
486 crypto_blkcipher_setkey(tkey->rx_tfm_arc4, rc4key, 16);
487 sg_init_one(&sg, pos, plen + 4);
488 if (crypto_blkcipher_decrypt(&desc, &sg, &sg, plen + 4)) {
489 if (net_ratelimit()) {
490 printk(KERN_DEBUG ": TKIP: failed to decrypt "
491 "received packet from %s\n",
492 print_mac(mac, hdr->addr2));
497 crc = ~crc32_le(~0, pos, plen);
502 if (memcmp(icv, pos + plen, 4) != 0) {
503 if (iv32 != tkey->rx_iv32) {
504 /* Previously cached Phase1 result was already lost, so
505 * it needs to be recalculated for the next packet. */
506 tkey->rx_phase1_done = 0;
508 if (net_ratelimit()) {
509 IEEE80211_DEBUG_DROP("TKIP: ICV error detected: STA="
510 "%s\n", print_mac(mac, hdr->addr2));
512 tkey->dot11RSNAStatsTKIPICVErrors++;
516 /* Update real counters only after Michael MIC verification has
518 tkey->rx_iv32_new = iv32;
519 tkey->rx_iv16_new = iv16;
521 /* Remove IV and ICV */
522 memmove(skb->data + 8, skb->data, hdr_len);
524 skb_trim(skb, skb->len - 4);
529 static int michael_mic(struct crypto_hash *tfm_michael, u8 * key, u8 * hdr,
530 u8 * data, size_t data_len, u8 * mic)
532 struct hash_desc desc;
533 struct scatterlist sg[2];
535 if (tfm_michael == NULL) {
536 printk(KERN_WARNING "michael_mic: tfm_michael == NULL\n");
539 sg_init_table(sg, 2);
540 sg_set_page(&sg[0], virt_to_page(hdr));
541 sg[0].offset = offset_in_page(hdr);
544 sg_set_page(&sg[1], virt_to_page(data));
545 sg[1].offset = offset_in_page(data);
546 sg[1].length = data_len;
548 if (crypto_hash_setkey(tfm_michael, key, 8))
551 desc.tfm = tfm_michael;
553 return crypto_hash_digest(&desc, sg, data_len + 16, mic);
556 static void michael_mic_hdr(struct sk_buff *skb, u8 * hdr)
558 struct ieee80211_hdr_4addr *hdr11;
561 hdr11 = (struct ieee80211_hdr_4addr *)skb->data;
562 stype = WLAN_FC_GET_STYPE(le16_to_cpu(hdr11->frame_ctl));
564 switch (le16_to_cpu(hdr11->frame_ctl) &
565 (IEEE80211_FCTL_FROMDS | IEEE80211_FCTL_TODS)) {
566 case IEEE80211_FCTL_TODS:
567 memcpy(hdr, hdr11->addr3, ETH_ALEN); /* DA */
568 memcpy(hdr + ETH_ALEN, hdr11->addr2, ETH_ALEN); /* SA */
570 case IEEE80211_FCTL_FROMDS:
571 memcpy(hdr, hdr11->addr1, ETH_ALEN); /* DA */
572 memcpy(hdr + ETH_ALEN, hdr11->addr3, ETH_ALEN); /* SA */
574 case IEEE80211_FCTL_FROMDS | IEEE80211_FCTL_TODS:
575 memcpy(hdr, hdr11->addr3, ETH_ALEN); /* DA */
576 memcpy(hdr + ETH_ALEN, hdr11->addr4, ETH_ALEN); /* SA */
579 memcpy(hdr, hdr11->addr1, ETH_ALEN); /* DA */
580 memcpy(hdr + ETH_ALEN, hdr11->addr2, ETH_ALEN); /* SA */
584 if (stype & IEEE80211_STYPE_QOS_DATA) {
585 const struct ieee80211_hdr_3addrqos *qoshdr =
586 (struct ieee80211_hdr_3addrqos *)skb->data;
587 hdr[12] = le16_to_cpu(qoshdr->qos_ctl) & IEEE80211_QCTL_TID;
589 hdr[12] = 0; /* priority */
591 hdr[13] = hdr[14] = hdr[15] = 0; /* reserved */
594 static int ieee80211_michael_mic_add(struct sk_buff *skb, int hdr_len,
597 struct ieee80211_tkip_data *tkey = priv;
600 if (skb_tailroom(skb) < 8 || skb->len < hdr_len) {
601 printk(KERN_DEBUG "Invalid packet for Michael MIC add "
602 "(tailroom=%d hdr_len=%d skb->len=%d)\n",
603 skb_tailroom(skb), hdr_len, skb->len);
607 michael_mic_hdr(skb, tkey->tx_hdr);
608 pos = skb_put(skb, 8);
609 if (michael_mic(tkey->tx_tfm_michael, &tkey->key[16], tkey->tx_hdr,
610 skb->data + hdr_len, skb->len - 8 - hdr_len, pos))
616 static void ieee80211_michael_mic_failure(struct net_device *dev,
617 struct ieee80211_hdr_4addr *hdr,
620 union iwreq_data wrqu;
621 struct iw_michaelmicfailure ev;
623 /* TODO: needed parameters: count, keyid, key type, TSC */
624 memset(&ev, 0, sizeof(ev));
625 ev.flags = keyidx & IW_MICFAILURE_KEY_ID;
626 if (hdr->addr1[0] & 0x01)
627 ev.flags |= IW_MICFAILURE_GROUP;
629 ev.flags |= IW_MICFAILURE_PAIRWISE;
630 ev.src_addr.sa_family = ARPHRD_ETHER;
631 memcpy(ev.src_addr.sa_data, hdr->addr2, ETH_ALEN);
632 memset(&wrqu, 0, sizeof(wrqu));
633 wrqu.data.length = sizeof(ev);
634 wireless_send_event(dev, IWEVMICHAELMICFAILURE, &wrqu, (char *)&ev);
637 static int ieee80211_michael_mic_verify(struct sk_buff *skb, int keyidx,
638 int hdr_len, void *priv)
640 struct ieee80211_tkip_data *tkey = priv;
642 DECLARE_MAC_BUF(mac);
647 michael_mic_hdr(skb, tkey->rx_hdr);
648 if (michael_mic(tkey->rx_tfm_michael, &tkey->key[24], tkey->rx_hdr,
649 skb->data + hdr_len, skb->len - 8 - hdr_len, mic))
651 if (memcmp(mic, skb->data + skb->len - 8, 8) != 0) {
652 struct ieee80211_hdr_4addr *hdr;
653 hdr = (struct ieee80211_hdr_4addr *)skb->data;
654 printk(KERN_DEBUG "%s: Michael MIC verification failed for "
655 "MSDU from %s keyidx=%d\n",
656 skb->dev ? skb->dev->name : "N/A", print_mac(mac, hdr->addr2),
659 ieee80211_michael_mic_failure(skb->dev, hdr, keyidx);
660 tkey->dot11RSNAStatsTKIPLocalMICFailures++;
664 /* Update TSC counters for RX now that the packet verification has
666 tkey->rx_iv32 = tkey->rx_iv32_new;
667 tkey->rx_iv16 = tkey->rx_iv16_new;
669 skb_trim(skb, skb->len - 8);
674 static int ieee80211_tkip_set_key(void *key, int len, u8 * seq, void *priv)
676 struct ieee80211_tkip_data *tkey = priv;
678 struct crypto_hash *tfm = tkey->tx_tfm_michael;
679 struct crypto_blkcipher *tfm2 = tkey->tx_tfm_arc4;
680 struct crypto_hash *tfm3 = tkey->rx_tfm_michael;
681 struct crypto_blkcipher *tfm4 = tkey->rx_tfm_arc4;
683 keyidx = tkey->key_idx;
684 memset(tkey, 0, sizeof(*tkey));
685 tkey->key_idx = keyidx;
686 tkey->tx_tfm_michael = tfm;
687 tkey->tx_tfm_arc4 = tfm2;
688 tkey->rx_tfm_michael = tfm3;
689 tkey->rx_tfm_arc4 = tfm4;
690 if (len == TKIP_KEY_LEN) {
691 memcpy(tkey->key, key, TKIP_KEY_LEN);
693 tkey->tx_iv16 = 1; /* TSC is initialized to 1 */
695 tkey->rx_iv32 = (seq[5] << 24) | (seq[4] << 16) |
696 (seq[3] << 8) | seq[2];
697 tkey->rx_iv16 = (seq[1] << 8) | seq[0];
707 static int ieee80211_tkip_get_key(void *key, int len, u8 * seq, void *priv)
709 struct ieee80211_tkip_data *tkey = priv;
711 if (len < TKIP_KEY_LEN)
716 memcpy(key, tkey->key, TKIP_KEY_LEN);
719 /* Return the sequence number of the last transmitted frame. */
720 u16 iv16 = tkey->tx_iv16;
721 u32 iv32 = tkey->tx_iv32;
725 seq[0] = tkey->tx_iv16;
726 seq[1] = tkey->tx_iv16 >> 8;
727 seq[2] = tkey->tx_iv32;
728 seq[3] = tkey->tx_iv32 >> 8;
729 seq[4] = tkey->tx_iv32 >> 16;
730 seq[5] = tkey->tx_iv32 >> 24;
736 static char *ieee80211_tkip_print_stats(char *p, void *priv)
738 struct ieee80211_tkip_data *tkip = priv;
739 p += sprintf(p, "key[%d] alg=TKIP key_set=%d "
740 "tx_pn=%02x%02x%02x%02x%02x%02x "
741 "rx_pn=%02x%02x%02x%02x%02x%02x "
742 "replays=%d icv_errors=%d local_mic_failures=%d\n",
743 tkip->key_idx, tkip->key_set,
744 (tkip->tx_iv32 >> 24) & 0xff,
745 (tkip->tx_iv32 >> 16) & 0xff,
746 (tkip->tx_iv32 >> 8) & 0xff,
747 tkip->tx_iv32 & 0xff,
748 (tkip->tx_iv16 >> 8) & 0xff,
749 tkip->tx_iv16 & 0xff,
750 (tkip->rx_iv32 >> 24) & 0xff,
751 (tkip->rx_iv32 >> 16) & 0xff,
752 (tkip->rx_iv32 >> 8) & 0xff,
753 tkip->rx_iv32 & 0xff,
754 (tkip->rx_iv16 >> 8) & 0xff,
755 tkip->rx_iv16 & 0xff,
756 tkip->dot11RSNAStatsTKIPReplays,
757 tkip->dot11RSNAStatsTKIPICVErrors,
758 tkip->dot11RSNAStatsTKIPLocalMICFailures);
762 static struct ieee80211_crypto_ops ieee80211_crypt_tkip = {
764 .init = ieee80211_tkip_init,
765 .deinit = ieee80211_tkip_deinit,
766 .build_iv = ieee80211_tkip_hdr,
767 .encrypt_mpdu = ieee80211_tkip_encrypt,
768 .decrypt_mpdu = ieee80211_tkip_decrypt,
769 .encrypt_msdu = ieee80211_michael_mic_add,
770 .decrypt_msdu = ieee80211_michael_mic_verify,
771 .set_key = ieee80211_tkip_set_key,
772 .get_key = ieee80211_tkip_get_key,
773 .print_stats = ieee80211_tkip_print_stats,
774 .extra_mpdu_prefix_len = 4 + 4, /* IV + ExtIV */
775 .extra_mpdu_postfix_len = 4, /* ICV */
776 .extra_msdu_postfix_len = 8, /* MIC */
777 .get_flags = ieee80211_tkip_get_flags,
778 .set_flags = ieee80211_tkip_set_flags,
779 .owner = THIS_MODULE,
782 static int __init ieee80211_crypto_tkip_init(void)
784 return ieee80211_register_crypto_ops(&ieee80211_crypt_tkip);
787 static void __exit ieee80211_crypto_tkip_exit(void)
789 ieee80211_unregister_crypto_ops(&ieee80211_crypt_tkip);
792 module_init(ieee80211_crypto_tkip_init);
793 module_exit(ieee80211_crypto_tkip_exit);