aboutsummaryrefslogtreecommitdiffstats
path: root/net/ieee80211/ieee80211_crypt_tkip.c
diff options
context:
space:
mode:
Diffstat (limited to 'net/ieee80211/ieee80211_crypt_tkip.c')
-rw-r--r--net/ieee80211/ieee80211_crypt_tkip.c782
1 files changed, 0 insertions, 782 deletions
diff --git a/net/ieee80211/ieee80211_crypt_tkip.c b/net/ieee80211/ieee80211_crypt_tkip.c
deleted file mode 100644
index d12da1da6328..000000000000
--- a/net/ieee80211/ieee80211_crypt_tkip.c
+++ /dev/null
@@ -1,782 +0,0 @@
1/*
2 * Host AP crypt: host-based TKIP encryption implementation for Host AP driver
3 *
4 * Copyright (c) 2003-2004, Jouni Malinen <j@w1.fi>
5 *
6 * This program is free software; you can redistribute it and/or modify
7 * it under the terms of the GNU General Public License version 2 as
8 * published by the Free Software Foundation. See README and COPYING for
9 * more details.
10 */
11
12#include <linux/err.h>
13#include <linux/module.h>
14#include <linux/init.h>
15#include <linux/slab.h>
16#include <linux/random.h>
17#include <linux/scatterlist.h>
18#include <linux/skbuff.h>
19#include <linux/netdevice.h>
20#include <linux/mm.h>
21#include <linux/if_ether.h>
22#include <linux/if_arp.h>
23#include <asm/string.h>
24
25#include <net/ieee80211.h>
26
27#include <linux/crypto.h>
28#include <linux/crc32.h>
29
30MODULE_AUTHOR("Jouni Malinen");
31MODULE_DESCRIPTION("Host AP crypt: TKIP");
32MODULE_LICENSE("GPL");
33
34struct ieee80211_tkip_data {
35#define TKIP_KEY_LEN 32
36 u8 key[TKIP_KEY_LEN];
37 int key_set;
38
39 u32 tx_iv32;
40 u16 tx_iv16;
41 u16 tx_ttak[5];
42 int tx_phase1_done;
43
44 u32 rx_iv32;
45 u16 rx_iv16;
46 u16 rx_ttak[5];
47 int rx_phase1_done;
48 u32 rx_iv32_new;
49 u16 rx_iv16_new;
50
51 u32 dot11RSNAStatsTKIPReplays;
52 u32 dot11RSNAStatsTKIPICVErrors;
53 u32 dot11RSNAStatsTKIPLocalMICFailures;
54
55 int key_idx;
56
57 struct crypto_blkcipher *rx_tfm_arc4;
58 struct crypto_hash *rx_tfm_michael;
59 struct crypto_blkcipher *tx_tfm_arc4;
60 struct crypto_hash *tx_tfm_michael;
61
62 /* scratch buffers for virt_to_page() (crypto API) */
63 u8 rx_hdr[16], tx_hdr[16];
64
65 unsigned long flags;
66};
67
68static unsigned long ieee80211_tkip_set_flags(unsigned long flags, void *priv)
69{
70 struct ieee80211_tkip_data *_priv = priv;
71 unsigned long old_flags = _priv->flags;
72 _priv->flags = flags;
73 return old_flags;
74}
75
76static unsigned long ieee80211_tkip_get_flags(void *priv)
77{
78 struct ieee80211_tkip_data *_priv = priv;
79 return _priv->flags;
80}
81
82static void *ieee80211_tkip_init(int key_idx)
83{
84 struct ieee80211_tkip_data *priv;
85
86 priv = kzalloc(sizeof(*priv), GFP_ATOMIC);
87 if (priv == NULL)
88 goto fail;
89
90 priv->key_idx = key_idx;
91
92 priv->tx_tfm_arc4 = crypto_alloc_blkcipher("ecb(arc4)", 0,
93 CRYPTO_ALG_ASYNC);
94 if (IS_ERR(priv->tx_tfm_arc4)) {
95 printk(KERN_DEBUG "ieee80211_crypt_tkip: could not allocate "
96 "crypto API arc4\n");
97 priv->tx_tfm_arc4 = NULL;
98 goto fail;
99 }
100
101 priv->tx_tfm_michael = crypto_alloc_hash("michael_mic", 0,
102 CRYPTO_ALG_ASYNC);
103 if (IS_ERR(priv->tx_tfm_michael)) {
104 printk(KERN_DEBUG "ieee80211_crypt_tkip: could not allocate "
105 "crypto API michael_mic\n");
106 priv->tx_tfm_michael = NULL;
107 goto fail;
108 }
109
110 priv->rx_tfm_arc4 = crypto_alloc_blkcipher("ecb(arc4)", 0,
111 CRYPTO_ALG_ASYNC);
112 if (IS_ERR(priv->rx_tfm_arc4)) {
113 printk(KERN_DEBUG "ieee80211_crypt_tkip: could not allocate "
114 "crypto API arc4\n");
115 priv->rx_tfm_arc4 = NULL;
116 goto fail;
117 }
118
119 priv->rx_tfm_michael = crypto_alloc_hash("michael_mic", 0,
120 CRYPTO_ALG_ASYNC);
121 if (IS_ERR(priv->rx_tfm_michael)) {
122 printk(KERN_DEBUG "ieee80211_crypt_tkip: could not allocate "
123 "crypto API michael_mic\n");
124 priv->rx_tfm_michael = NULL;
125 goto fail;
126 }
127
128 return priv;
129
130 fail:
131 if (priv) {
132 if (priv->tx_tfm_michael)
133 crypto_free_hash(priv->tx_tfm_michael);
134 if (priv->tx_tfm_arc4)
135 crypto_free_blkcipher(priv->tx_tfm_arc4);
136 if (priv->rx_tfm_michael)
137 crypto_free_hash(priv->rx_tfm_michael);
138 if (priv->rx_tfm_arc4)
139 crypto_free_blkcipher(priv->rx_tfm_arc4);
140 kfree(priv);
141 }
142
143 return NULL;
144}
145
146static void ieee80211_tkip_deinit(void *priv)
147{
148 struct ieee80211_tkip_data *_priv = priv;
149 if (_priv) {
150 if (_priv->tx_tfm_michael)
151 crypto_free_hash(_priv->tx_tfm_michael);
152 if (_priv->tx_tfm_arc4)
153 crypto_free_blkcipher(_priv->tx_tfm_arc4);
154 if (_priv->rx_tfm_michael)
155 crypto_free_hash(_priv->rx_tfm_michael);
156 if (_priv->rx_tfm_arc4)
157 crypto_free_blkcipher(_priv->rx_tfm_arc4);
158 }
159 kfree(priv);
160}
161
162static inline u16 RotR1(u16 val)
163{
164 return (val >> 1) | (val << 15);
165}
166
167static inline u8 Lo8(u16 val)
168{
169 return val & 0xff;
170}
171
172static inline u8 Hi8(u16 val)
173{
174 return val >> 8;
175}
176
177static inline u16 Lo16(u32 val)
178{
179 return val & 0xffff;
180}
181
182static inline u16 Hi16(u32 val)
183{
184 return val >> 16;
185}
186
187static inline u16 Mk16(u8 hi, u8 lo)
188{
189 return lo | (((u16) hi) << 8);
190}
191
192static inline u16 Mk16_le(__le16 * v)
193{
194 return le16_to_cpu(*v);
195}
196
197static const u16 Sbox[256] = {
198 0xC6A5, 0xF884, 0xEE99, 0xF68D, 0xFF0D, 0xD6BD, 0xDEB1, 0x9154,
199 0x6050, 0x0203, 0xCEA9, 0x567D, 0xE719, 0xB562, 0x4DE6, 0xEC9A,
200 0x8F45, 0x1F9D, 0x8940, 0xFA87, 0xEF15, 0xB2EB, 0x8EC9, 0xFB0B,
201 0x41EC, 0xB367, 0x5FFD, 0x45EA, 0x23BF, 0x53F7, 0xE496, 0x9B5B,
202 0x75C2, 0xE11C, 0x3DAE, 0x4C6A, 0x6C5A, 0x7E41, 0xF502, 0x834F,
203 0x685C, 0x51F4, 0xD134, 0xF908, 0xE293, 0xAB73, 0x6253, 0x2A3F,
204 0x080C, 0x9552, 0x4665, 0x9D5E, 0x3028, 0x37A1, 0x0A0F, 0x2FB5,
205 0x0E09, 0x2436, 0x1B9B, 0xDF3D, 0xCD26, 0x4E69, 0x7FCD, 0xEA9F,
206 0x121B, 0x1D9E, 0x5874, 0x342E, 0x362D, 0xDCB2, 0xB4EE, 0x5BFB,
207 0xA4F6, 0x764D, 0xB761, 0x7DCE, 0x527B, 0xDD3E, 0x5E71, 0x1397,
208 0xA6F5, 0xB968, 0x0000, 0xC12C, 0x4060, 0xE31F, 0x79C8, 0xB6ED,
209 0xD4BE, 0x8D46, 0x67D9, 0x724B, 0x94DE, 0x98D4, 0xB0E8, 0x854A,
210 0xBB6B, 0xC52A, 0x4FE5, 0xED16, 0x86C5, 0x9AD7, 0x6655, 0x1194,
211 0x8ACF, 0xE910, 0x0406, 0xFE81, 0xA0F0, 0x7844, 0x25BA, 0x4BE3,
212 0xA2F3, 0x5DFE, 0x80C0, 0x058A, 0x3FAD, 0x21BC, 0x7048, 0xF104,
213 0x63DF, 0x77C1, 0xAF75, 0x4263, 0x2030, 0xE51A, 0xFD0E, 0xBF6D,
214 0x814C, 0x1814, 0x2635, 0xC32F, 0xBEE1, 0x35A2, 0x88CC, 0x2E39,
215 0x9357, 0x55F2, 0xFC82, 0x7A47, 0xC8AC, 0xBAE7, 0x322B, 0xE695,
216 0xC0A0, 0x1998, 0x9ED1, 0xA37F, 0x4466, 0x547E, 0x3BAB, 0x0B83,
217 0x8CCA, 0xC729, 0x6BD3, 0x283C, 0xA779, 0xBCE2, 0x161D, 0xAD76,
218 0xDB3B, 0x6456, 0x744E, 0x141E, 0x92DB, 0x0C0A, 0x486C, 0xB8E4,
219 0x9F5D, 0xBD6E, 0x43EF, 0xC4A6, 0x39A8, 0x31A4, 0xD337, 0xF28B,
220 0xD532, 0x8B43, 0x6E59, 0xDAB7, 0x018C, 0xB164, 0x9CD2, 0x49E0,
221 0xD8B4, 0xACFA, 0xF307, 0xCF25, 0xCAAF, 0xF48E, 0x47E9, 0x1018,
222 0x6FD5, 0xF088, 0x4A6F, 0x5C72, 0x3824, 0x57F1, 0x73C7, 0x9751,
223 0xCB23, 0xA17C, 0xE89C, 0x3E21, 0x96DD, 0x61DC, 0x0D86, 0x0F85,
224 0xE090, 0x7C42, 0x71C4, 0xCCAA, 0x90D8, 0x0605, 0xF701, 0x1C12,
225 0xC2A3, 0x6A5F, 0xAEF9, 0x69D0, 0x1791, 0x9958, 0x3A27, 0x27B9,
226 0xD938, 0xEB13, 0x2BB3, 0x2233, 0xD2BB, 0xA970, 0x0789, 0x33A7,
227 0x2DB6, 0x3C22, 0x1592, 0xC920, 0x8749, 0xAAFF, 0x5078, 0xA57A,
228 0x038F, 0x59F8, 0x0980, 0x1A17, 0x65DA, 0xD731, 0x84C6, 0xD0B8,
229 0x82C3, 0x29B0, 0x5A77, 0x1E11, 0x7BCB, 0xA8FC, 0x6DD6, 0x2C3A,
230};
231
232static inline u16 _S_(u16 v)
233{
234 u16 t = Sbox[Hi8(v)];
235 return Sbox[Lo8(v)] ^ ((t << 8) | (t >> 8));
236}
237
238#define PHASE1_LOOP_COUNT 8
239
240static void tkip_mixing_phase1(u16 * TTAK, const u8 * TK, const u8 * TA,
241 u32 IV32)
242{
243 int i, j;
244
245 /* Initialize the 80-bit TTAK from TSC (IV32) and TA[0..5] */
246 TTAK[0] = Lo16(IV32);
247 TTAK[1] = Hi16(IV32);
248 TTAK[2] = Mk16(TA[1], TA[0]);
249 TTAK[3] = Mk16(TA[3], TA[2]);
250 TTAK[4] = Mk16(TA[5], TA[4]);
251
252 for (i = 0; i < PHASE1_LOOP_COUNT; i++) {
253 j = 2 * (i & 1);
254 TTAK[0] += _S_(TTAK[4] ^ Mk16(TK[1 + j], TK[0 + j]));
255 TTAK[1] += _S_(TTAK[0] ^ Mk16(TK[5 + j], TK[4 + j]));
256 TTAK[2] += _S_(TTAK[1] ^ Mk16(TK[9 + j], TK[8 + j]));
257 TTAK[3] += _S_(TTAK[2] ^ Mk16(TK[13 + j], TK[12 + j]));
258 TTAK[4] += _S_(TTAK[3] ^ Mk16(TK[1 + j], TK[0 + j])) + i;
259 }
260}
261
262static void tkip_mixing_phase2(u8 * WEPSeed, const u8 * TK, const u16 * TTAK,
263 u16 IV16)
264{
265 /* Make temporary area overlap WEP seed so that the final copy can be
266 * avoided on little endian hosts. */
267 u16 *PPK = (u16 *) & WEPSeed[4];
268
269 /* Step 1 - make copy of TTAK and bring in TSC */
270 PPK[0] = TTAK[0];
271 PPK[1] = TTAK[1];
272 PPK[2] = TTAK[2];
273 PPK[3] = TTAK[3];
274 PPK[4] = TTAK[4];
275 PPK[5] = TTAK[4] + IV16;
276
277 /* Step 2 - 96-bit bijective mixing using S-box */
278 PPK[0] += _S_(PPK[5] ^ Mk16_le((__le16 *) & TK[0]));
279 PPK[1] += _S_(PPK[0] ^ Mk16_le((__le16 *) & TK[2]));
280 PPK[2] += _S_(PPK[1] ^ Mk16_le((__le16 *) & TK[4]));
281 PPK[3] += _S_(PPK[2] ^ Mk16_le((__le16 *) & TK[6]));
282 PPK[4] += _S_(PPK[3] ^ Mk16_le((__le16 *) & TK[8]));
283 PPK[5] += _S_(PPK[4] ^ Mk16_le((__le16 *) & TK[10]));
284
285 PPK[0] += RotR1(PPK[5] ^ Mk16_le((__le16 *) & TK[12]));
286 PPK[1] += RotR1(PPK[0] ^ Mk16_le((__le16 *) & TK[14]));
287 PPK[2] += RotR1(PPK[1]);
288 PPK[3] += RotR1(PPK[2]);
289 PPK[4] += RotR1(PPK[3]);
290 PPK[5] += RotR1(PPK[4]);
291
292 /* Step 3 - bring in last of TK bits, assign 24-bit WEP IV value
293 * WEPSeed[0..2] is transmitted as WEP IV */
294 WEPSeed[0] = Hi8(IV16);
295 WEPSeed[1] = (Hi8(IV16) | 0x20) & 0x7F;
296 WEPSeed[2] = Lo8(IV16);
297 WEPSeed[3] = Lo8((PPK[5] ^ Mk16_le((__le16 *) & TK[0])) >> 1);
298
299#ifdef __BIG_ENDIAN
300 {
301 int i;
302 for (i = 0; i < 6; i++)
303 PPK[i] = (PPK[i] << 8) | (PPK[i] >> 8);
304 }
305#endif
306}
307
308static int ieee80211_tkip_hdr(struct sk_buff *skb, int hdr_len,
309 u8 * rc4key, int keylen, void *priv)
310{
311 struct ieee80211_tkip_data *tkey = priv;
312 int len;
313 u8 *pos;
314 struct ieee80211_hdr_4addr *hdr;
315
316 hdr = (struct ieee80211_hdr_4addr *)skb->data;
317
318 if (skb_headroom(skb) < 8 || skb->len < hdr_len)
319 return -1;
320
321 if (rc4key == NULL || keylen < 16)
322 return -1;
323
324 if (!tkey->tx_phase1_done) {
325 tkip_mixing_phase1(tkey->tx_ttak, tkey->key, hdr->addr2,
326 tkey->tx_iv32);
327 tkey->tx_phase1_done = 1;
328 }
329 tkip_mixing_phase2(rc4key, tkey->key, tkey->tx_ttak, tkey->tx_iv16);
330
331 len = skb->len - hdr_len;
332 pos = skb_push(skb, 8);
333 memmove(pos, pos + 8, hdr_len);
334 pos += hdr_len;
335
336 *pos++ = *rc4key;
337 *pos++ = *(rc4key + 1);
338 *pos++ = *(rc4key + 2);
339 *pos++ = (tkey->key_idx << 6) | (1 << 5) /* Ext IV included */ ;
340 *pos++ = tkey->tx_iv32 & 0xff;
341 *pos++ = (tkey->tx_iv32 >> 8) & 0xff;
342 *pos++ = (tkey->tx_iv32 >> 16) & 0xff;
343 *pos++ = (tkey->tx_iv32 >> 24) & 0xff;
344
345 tkey->tx_iv16++;
346 if (tkey->tx_iv16 == 0) {
347 tkey->tx_phase1_done = 0;
348 tkey->tx_iv32++;
349 }
350
351 return 8;
352}
353
354static int ieee80211_tkip_encrypt(struct sk_buff *skb, int hdr_len, void *priv)
355{
356 struct ieee80211_tkip_data *tkey = priv;
357 struct blkcipher_desc desc = { .tfm = tkey->tx_tfm_arc4 };
358 int len;
359 u8 rc4key[16], *pos, *icv;
360 u32 crc;
361 struct scatterlist sg;
362
363 if (tkey->flags & IEEE80211_CRYPTO_TKIP_COUNTERMEASURES) {
364 if (net_ratelimit()) {
365 struct ieee80211_hdr_4addr *hdr =
366 (struct ieee80211_hdr_4addr *)skb->data;
367 printk(KERN_DEBUG ": TKIP countermeasures: dropped "
368 "TX packet to %pM\n", hdr->addr1);
369 }
370 return -1;
371 }
372
373 if (skb_tailroom(skb) < 4 || skb->len < hdr_len)
374 return -1;
375
376 len = skb->len - hdr_len;
377 pos = skb->data + hdr_len;
378
379 if ((ieee80211_tkip_hdr(skb, hdr_len, rc4key, 16, priv)) < 0)
380 return -1;
381
382 icv = skb_put(skb, 4);
383
384 crc = ~crc32_le(~0, pos, len);
385 icv[0] = crc;
386 icv[1] = crc >> 8;
387 icv[2] = crc >> 16;
388 icv[3] = crc >> 24;
389
390 crypto_blkcipher_setkey(tkey->tx_tfm_arc4, rc4key, 16);
391 sg_init_one(&sg, pos, len + 4);
392 return crypto_blkcipher_encrypt(&desc, &sg, &sg, len + 4);
393}
394
395/*
396 * deal with seq counter wrapping correctly.
397 * refer to timer_after() for jiffies wrapping handling
398 */
399static inline int tkip_replay_check(u32 iv32_n, u16 iv16_n,
400 u32 iv32_o, u16 iv16_o)
401{
402 if ((s32)iv32_n - (s32)iv32_o < 0 ||
403 (iv32_n == iv32_o && iv16_n <= iv16_o))
404 return 1;
405 return 0;
406}
407
408static int ieee80211_tkip_decrypt(struct sk_buff *skb, int hdr_len, void *priv)
409{
410 struct ieee80211_tkip_data *tkey = priv;
411 struct blkcipher_desc desc = { .tfm = tkey->rx_tfm_arc4 };
412 u8 rc4key[16];
413 u8 keyidx, *pos;
414 u32 iv32;
415 u16 iv16;
416 struct ieee80211_hdr_4addr *hdr;
417 u8 icv[4];
418 u32 crc;
419 struct scatterlist sg;
420 int plen;
421
422 hdr = (struct ieee80211_hdr_4addr *)skb->data;
423
424 if (tkey->flags & IEEE80211_CRYPTO_TKIP_COUNTERMEASURES) {
425 if (net_ratelimit()) {
426 printk(KERN_DEBUG ": TKIP countermeasures: dropped "
427 "received packet from %pM\n", hdr->addr2);
428 }
429 return -1;
430 }
431
432 if (skb->len < hdr_len + 8 + 4)
433 return -1;
434
435 pos = skb->data + hdr_len;
436 keyidx = pos[3];
437 if (!(keyidx & (1 << 5))) {
438 if (net_ratelimit()) {
439 printk(KERN_DEBUG "TKIP: received packet without ExtIV"
440 " flag from %pM\n", hdr->addr2);
441 }
442 return -2;
443 }
444 keyidx >>= 6;
445 if (tkey->key_idx != keyidx) {
446 printk(KERN_DEBUG "TKIP: RX tkey->key_idx=%d frame "
447 "keyidx=%d priv=%p\n", tkey->key_idx, keyidx, priv);
448 return -6;
449 }
450 if (!tkey->key_set) {
451 if (net_ratelimit()) {
452 printk(KERN_DEBUG "TKIP: received packet from %pM"
453 " with keyid=%d that does not have a configured"
454 " key\n", hdr->addr2, keyidx);
455 }
456 return -3;
457 }
458 iv16 = (pos[0] << 8) | pos[2];
459 iv32 = pos[4] | (pos[5] << 8) | (pos[6] << 16) | (pos[7] << 24);
460 pos += 8;
461
462 if (tkip_replay_check(iv32, iv16, tkey->rx_iv32, tkey->rx_iv16)) {
463 if (ieee80211_ratelimit_debug(IEEE80211_DL_DROP)) {
464 IEEE80211_DEBUG_DROP("TKIP: replay detected: STA=%pM"
465 " previous TSC %08x%04x received TSC "
466 "%08x%04x\n", hdr->addr2,
467 tkey->rx_iv32, tkey->rx_iv16, iv32, iv16);
468 }
469 tkey->dot11RSNAStatsTKIPReplays++;
470 return -4;
471 }
472
473 if (iv32 != tkey->rx_iv32 || !tkey->rx_phase1_done) {
474 tkip_mixing_phase1(tkey->rx_ttak, tkey->key, hdr->addr2, iv32);
475 tkey->rx_phase1_done = 1;
476 }
477 tkip_mixing_phase2(rc4key, tkey->key, tkey->rx_ttak, iv16);
478
479 plen = skb->len - hdr_len - 12;
480
481 crypto_blkcipher_setkey(tkey->rx_tfm_arc4, rc4key, 16);
482 sg_init_one(&sg, pos, plen + 4);
483 if (crypto_blkcipher_decrypt(&desc, &sg, &sg, plen + 4)) {
484 if (net_ratelimit()) {
485 printk(KERN_DEBUG ": TKIP: failed to decrypt "
486 "received packet from %pM\n",
487 hdr->addr2);
488 }
489 return -7;
490 }
491
492 crc = ~crc32_le(~0, pos, plen);
493 icv[0] = crc;
494 icv[1] = crc >> 8;
495 icv[2] = crc >> 16;
496 icv[3] = crc >> 24;
497 if (memcmp(icv, pos + plen, 4) != 0) {
498 if (iv32 != tkey->rx_iv32) {
499 /* Previously cached Phase1 result was already lost, so
500 * it needs to be recalculated for the next packet. */
501 tkey->rx_phase1_done = 0;
502 }
503 if (ieee80211_ratelimit_debug(IEEE80211_DL_DROP)) {
504 IEEE80211_DEBUG_DROP("TKIP: ICV error detected: STA="
505 "%pM\n", hdr->addr2);
506 }
507 tkey->dot11RSNAStatsTKIPICVErrors++;
508 return -5;
509 }
510
511 /* Update real counters only after Michael MIC verification has
512 * completed */
513 tkey->rx_iv32_new = iv32;
514 tkey->rx_iv16_new = iv16;
515
516 /* Remove IV and ICV */
517 memmove(skb->data + 8, skb->data, hdr_len);
518 skb_pull(skb, 8);
519 skb_trim(skb, skb->len - 4);
520
521 return keyidx;
522}
523
524static int michael_mic(struct crypto_hash *tfm_michael, u8 * key, u8 * hdr,
525 u8 * data, size_t data_len, u8 * mic)
526{
527 struct hash_desc desc;
528 struct scatterlist sg[2];
529
530 if (tfm_michael == NULL) {
531 printk(KERN_WARNING "michael_mic: tfm_michael == NULL\n");
532 return -1;
533 }
534 sg_init_table(sg, 2);
535 sg_set_buf(&sg[0], hdr, 16);
536 sg_set_buf(&sg[1], data, data_len);
537
538 if (crypto_hash_setkey(tfm_michael, key, 8))
539 return -1;
540
541 desc.tfm = tfm_michael;
542 desc.flags = 0;
543 return crypto_hash_digest(&desc, sg, data_len + 16, mic);
544}
545
546static void michael_mic_hdr(struct sk_buff *skb, u8 * hdr)
547{
548 struct ieee80211_hdr_4addr *hdr11;
549 u16 stype;
550
551 hdr11 = (struct ieee80211_hdr_4addr *)skb->data;
552 stype = WLAN_FC_GET_STYPE(le16_to_cpu(hdr11->frame_ctl));
553
554 switch (le16_to_cpu(hdr11->frame_ctl) &
555 (IEEE80211_FCTL_FROMDS | IEEE80211_FCTL_TODS)) {
556 case IEEE80211_FCTL_TODS:
557 memcpy(hdr, hdr11->addr3, ETH_ALEN); /* DA */
558 memcpy(hdr + ETH_ALEN, hdr11->addr2, ETH_ALEN); /* SA */
559 break;
560 case IEEE80211_FCTL_FROMDS:
561 memcpy(hdr, hdr11->addr1, ETH_ALEN); /* DA */
562 memcpy(hdr + ETH_ALEN, hdr11->addr3, ETH_ALEN); /* SA */
563 break;
564 case IEEE80211_FCTL_FROMDS | IEEE80211_FCTL_TODS:
565 memcpy(hdr, hdr11->addr3, ETH_ALEN); /* DA */
566 memcpy(hdr + ETH_ALEN, hdr11->addr4, ETH_ALEN); /* SA */
567 break;
568 case 0:
569 memcpy(hdr, hdr11->addr1, ETH_ALEN); /* DA */
570 memcpy(hdr + ETH_ALEN, hdr11->addr2, ETH_ALEN); /* SA */
571 break;
572 }
573
574 if (stype & IEEE80211_STYPE_QOS_DATA) {
575 const struct ieee80211_hdr_3addrqos *qoshdr =
576 (struct ieee80211_hdr_3addrqos *)skb->data;
577 hdr[12] = le16_to_cpu(qoshdr->qos_ctl) & IEEE80211_QCTL_TID;
578 } else
579 hdr[12] = 0; /* priority */
580
581 hdr[13] = hdr[14] = hdr[15] = 0; /* reserved */
582}
583
584static int ieee80211_michael_mic_add(struct sk_buff *skb, int hdr_len,
585 void *priv)
586{
587 struct ieee80211_tkip_data *tkey = priv;
588 u8 *pos;
589
590 if (skb_tailroom(skb) < 8 || skb->len < hdr_len) {
591 printk(KERN_DEBUG "Invalid packet for Michael MIC add "
592 "(tailroom=%d hdr_len=%d skb->len=%d)\n",
593 skb_tailroom(skb), hdr_len, skb->len);
594 return -1;
595 }
596
597 michael_mic_hdr(skb, tkey->tx_hdr);
598 pos = skb_put(skb, 8);
599 if (michael_mic(tkey->tx_tfm_michael, &tkey->key[16], tkey->tx_hdr,
600 skb->data + hdr_len, skb->len - 8 - hdr_len, pos))
601 return -1;
602
603 return 0;
604}
605
606static void ieee80211_michael_mic_failure(struct net_device *dev,
607 struct ieee80211_hdr_4addr *hdr,
608 int keyidx)
609{
610 union iwreq_data wrqu;
611 struct iw_michaelmicfailure ev;
612
613 /* TODO: needed parameters: count, keyid, key type, TSC */
614 memset(&ev, 0, sizeof(ev));
615 ev.flags = keyidx & IW_MICFAILURE_KEY_ID;
616 if (hdr->addr1[0] & 0x01)
617 ev.flags |= IW_MICFAILURE_GROUP;
618 else
619 ev.flags |= IW_MICFAILURE_PAIRWISE;
620 ev.src_addr.sa_family = ARPHRD_ETHER;
621 memcpy(ev.src_addr.sa_data, hdr->addr2, ETH_ALEN);
622 memset(&wrqu, 0, sizeof(wrqu));
623 wrqu.data.length = sizeof(ev);
624 wireless_send_event(dev, IWEVMICHAELMICFAILURE, &wrqu, (char *)&ev);
625}
626
627static int ieee80211_michael_mic_verify(struct sk_buff *skb, int keyidx,
628 int hdr_len, void *priv)
629{
630 struct ieee80211_tkip_data *tkey = priv;
631 u8 mic[8];
632
633 if (!tkey->key_set)
634 return -1;
635
636 michael_mic_hdr(skb, tkey->rx_hdr);
637 if (michael_mic(tkey->rx_tfm_michael, &tkey->key[24], tkey->rx_hdr,
638 skb->data + hdr_len, skb->len - 8 - hdr_len, mic))
639 return -1;
640 if (memcmp(mic, skb->data + skb->len - 8, 8) != 0) {
641 struct ieee80211_hdr_4addr *hdr;
642 hdr = (struct ieee80211_hdr_4addr *)skb->data;
643 printk(KERN_DEBUG "%s: Michael MIC verification failed for "
644 "MSDU from %pM keyidx=%d\n",
645 skb->dev ? skb->dev->name : "N/A", hdr->addr2,
646 keyidx);
647 if (skb->dev)
648 ieee80211_michael_mic_failure(skb->dev, hdr, keyidx);
649 tkey->dot11RSNAStatsTKIPLocalMICFailures++;
650 return -1;
651 }
652
653 /* Update TSC counters for RX now that the packet verification has
654 * completed. */
655 tkey->rx_iv32 = tkey->rx_iv32_new;
656 tkey->rx_iv16 = tkey->rx_iv16_new;
657
658 skb_trim(skb, skb->len - 8);
659
660 return 0;
661}
662
663static int ieee80211_tkip_set_key(void *key, int len, u8 * seq, void *priv)
664{
665 struct ieee80211_tkip_data *tkey = priv;
666 int keyidx;
667 struct crypto_hash *tfm = tkey->tx_tfm_michael;
668 struct crypto_blkcipher *tfm2 = tkey->tx_tfm_arc4;
669 struct crypto_hash *tfm3 = tkey->rx_tfm_michael;
670 struct crypto_blkcipher *tfm4 = tkey->rx_tfm_arc4;
671
672 keyidx = tkey->key_idx;
673 memset(tkey, 0, sizeof(*tkey));
674 tkey->key_idx = keyidx;
675 tkey->tx_tfm_michael = tfm;
676 tkey->tx_tfm_arc4 = tfm2;
677 tkey->rx_tfm_michael = tfm3;
678 tkey->rx_tfm_arc4 = tfm4;
679 if (len == TKIP_KEY_LEN) {
680 memcpy(tkey->key, key, TKIP_KEY_LEN);
681 tkey->key_set = 1;
682 tkey->tx_iv16 = 1; /* TSC is initialized to 1 */
683 if (seq) {
684 tkey->rx_iv32 = (seq[5] << 24) | (seq[4] << 16) |
685 (seq[3] << 8) | seq[2];
686 tkey->rx_iv16 = (seq[1] << 8) | seq[0];
687 }
688 } else if (len == 0)
689 tkey->key_set = 0;
690 else
691 return -1;
692
693 return 0;
694}
695
696static int ieee80211_tkip_get_key(void *key, int len, u8 * seq, void *priv)
697{
698 struct ieee80211_tkip_data *tkey = priv;
699
700 if (len < TKIP_KEY_LEN)
701 return -1;
702
703 if (!tkey->key_set)
704 return 0;
705 memcpy(key, tkey->key, TKIP_KEY_LEN);
706
707 if (seq) {
708 /* Return the sequence number of the last transmitted frame. */
709 u16 iv16 = tkey->tx_iv16;
710 u32 iv32 = tkey->tx_iv32;
711 if (iv16 == 0)
712 iv32--;
713 iv16--;
714 seq[0] = tkey->tx_iv16;
715 seq[1] = tkey->tx_iv16 >> 8;
716 seq[2] = tkey->tx_iv32;
717 seq[3] = tkey->tx_iv32 >> 8;
718 seq[4] = tkey->tx_iv32 >> 16;
719 seq[5] = tkey->tx_iv32 >> 24;
720 }
721
722 return TKIP_KEY_LEN;
723}
724
725static char *ieee80211_tkip_print_stats(char *p, void *priv)
726{
727 struct ieee80211_tkip_data *tkip = priv;
728 p += sprintf(p, "key[%d] alg=TKIP key_set=%d "
729 "tx_pn=%02x%02x%02x%02x%02x%02x "
730 "rx_pn=%02x%02x%02x%02x%02x%02x "
731 "replays=%d icv_errors=%d local_mic_failures=%d\n",
732 tkip->key_idx, tkip->key_set,
733 (tkip->tx_iv32 >> 24) & 0xff,
734 (tkip->tx_iv32 >> 16) & 0xff,
735 (tkip->tx_iv32 >> 8) & 0xff,
736 tkip->tx_iv32 & 0xff,
737 (tkip->tx_iv16 >> 8) & 0xff,
738 tkip->tx_iv16 & 0xff,
739 (tkip->rx_iv32 >> 24) & 0xff,
740 (tkip->rx_iv32 >> 16) & 0xff,
741 (tkip->rx_iv32 >> 8) & 0xff,
742 tkip->rx_iv32 & 0xff,
743 (tkip->rx_iv16 >> 8) & 0xff,
744 tkip->rx_iv16 & 0xff,
745 tkip->dot11RSNAStatsTKIPReplays,
746 tkip->dot11RSNAStatsTKIPICVErrors,
747 tkip->dot11RSNAStatsTKIPLocalMICFailures);
748 return p;
749}
750
751static struct ieee80211_crypto_ops ieee80211_crypt_tkip = {
752 .name = "TKIP",
753 .init = ieee80211_tkip_init,
754 .deinit = ieee80211_tkip_deinit,
755 .build_iv = ieee80211_tkip_hdr,
756 .encrypt_mpdu = ieee80211_tkip_encrypt,
757 .decrypt_mpdu = ieee80211_tkip_decrypt,
758 .encrypt_msdu = ieee80211_michael_mic_add,
759 .decrypt_msdu = ieee80211_michael_mic_verify,
760 .set_key = ieee80211_tkip_set_key,
761 .get_key = ieee80211_tkip_get_key,
762 .print_stats = ieee80211_tkip_print_stats,
763 .extra_mpdu_prefix_len = 4 + 4, /* IV + ExtIV */
764 .extra_mpdu_postfix_len = 4, /* ICV */
765 .extra_msdu_postfix_len = 8, /* MIC */
766 .get_flags = ieee80211_tkip_get_flags,
767 .set_flags = ieee80211_tkip_set_flags,
768 .owner = THIS_MODULE,
769};
770
771static int __init ieee80211_crypto_tkip_init(void)
772{
773 return ieee80211_register_crypto_ops(&ieee80211_crypt_tkip);
774}
775
776static void __exit ieee80211_crypto_tkip_exit(void)
777{
778 ieee80211_unregister_crypto_ops(&ieee80211_crypt_tkip);
779}
780
781module_init(ieee80211_crypto_tkip_init);
782module_exit(ieee80211_crypto_tkip_exit);
generated by cgit v1.2.2 (git 2.25.0) at 2025-02-22 01:36:13 -0500