rtllib_crypt_tkip.c revision 929fa2a42e75e0c6ded89c450bd0f668e32190d7
1/* 2 * Host AP crypt: host-based TKIP encryption implementation for Host AP driver 3 * 4 * Copyright (c) 2003-2004, Jouni Malinen <jkmaline@cc.hut.fi> 5 * 6 * This program is free software; you can redistribute it and/or modify 7 * it under the terms of the GNU General Public License version 2 as 8 * published by the Free Software Foundation. See README and COPYING for 9 * more details. 10 */ 11 12#include <linux/version.h> 13#include <linux/module.h> 14#include <linux/init.h> 15#include <linux/slab.h> 16#include <linux/random.h> 17#include <linux/skbuff.h> 18#include <linux/netdevice.h> 19#include <linux/if_ether.h> 20#include <linux/if_arp.h> 21#include <linux/string.h> 22#include <linux/crypto.h> 23#include <linux/scatterlist.h> 24#include <linux/crc32.h> 25 26#include "rtllib.h" 27 28struct rtllib_tkip_data { 29#define TKIP_KEY_LEN 32 30 u8 key[TKIP_KEY_LEN]; 31 int key_set; 32 33 u32 tx_iv32; 34 u16 tx_iv16; 35 u16 tx_ttak[5]; 36 int tx_phase1_done; 37 38 u32 rx_iv32; 39 u16 rx_iv16; 40 bool initialized; 41 u16 rx_ttak[5]; 42 int rx_phase1_done; 43 u32 rx_iv32_new; 44 u16 rx_iv16_new; 45 46 u32 dot11RSNAStatsTKIPReplays; 47 u32 dot11RSNAStatsTKIPICVErrors; 48 u32 dot11RSNAStatsTKIPLocalMICFailures; 49 50 int key_idx; 51 struct crypto_blkcipher *rx_tfm_arc4; 52 struct crypto_hash *rx_tfm_michael; 53 struct crypto_blkcipher *tx_tfm_arc4; 54 struct crypto_hash *tx_tfm_michael; 55 /* scratch buffers for virt_to_page() (crypto API) */ 56 u8 rx_hdr[16], tx_hdr[16]; 57}; 58 59static void *rtllib_tkip_init(int key_idx) 60{ 61 struct rtllib_tkip_data *priv; 62 63 priv = kzalloc(sizeof(*priv), GFP_ATOMIC); 64 if (priv == NULL) 65 goto fail; 66 priv->key_idx = key_idx; 67 priv->tx_tfm_arc4 = crypto_alloc_blkcipher("ecb(arc4)", 0, 68 CRYPTO_ALG_ASYNC); 69 if (IS_ERR(priv->tx_tfm_arc4)) { 70 printk(KERN_DEBUG "rtllib_crypt_tkip: could not allocate " 71 "crypto API arc4\n"); 72 priv->tx_tfm_arc4 = NULL; 73 goto fail; 74 } 75 76 priv->tx_tfm_michael = crypto_alloc_hash("michael_mic", 0, 77 CRYPTO_ALG_ASYNC); 78 if (IS_ERR(priv->tx_tfm_michael)) { 79 printk(KERN_DEBUG "rtllib_crypt_tkip: could not allocate " 80 "crypto API michael_mic\n"); 81 priv->tx_tfm_michael = NULL; 82 goto fail; 83 } 84 85 priv->rx_tfm_arc4 = crypto_alloc_blkcipher("ecb(arc4)", 0, 86 CRYPTO_ALG_ASYNC); 87 if (IS_ERR(priv->rx_tfm_arc4)) { 88 printk(KERN_DEBUG "rtllib_crypt_tkip: could not allocate " 89 "crypto API arc4\n"); 90 priv->rx_tfm_arc4 = NULL; 91 goto fail; 92 } 93 94 priv->rx_tfm_michael = crypto_alloc_hash("michael_mic", 0, 95 CRYPTO_ALG_ASYNC); 96 if (IS_ERR(priv->rx_tfm_michael)) { 97 printk(KERN_DEBUG "rtllib_crypt_tkip: could not allocate " 98 "crypto API michael_mic\n"); 99 priv->rx_tfm_michael = NULL; 100 goto fail; 101 } 102 return priv; 103 104fail: 105 if (priv) { 106 if (priv->tx_tfm_michael) 107 crypto_free_hash(priv->tx_tfm_michael); 108 if (priv->tx_tfm_arc4) 109 crypto_free_blkcipher(priv->tx_tfm_arc4); 110 if (priv->rx_tfm_michael) 111 crypto_free_hash(priv->rx_tfm_michael); 112 if (priv->rx_tfm_arc4) 113 crypto_free_blkcipher(priv->rx_tfm_arc4); 114 kfree(priv); 115 } 116 117 return NULL; 118} 119 120 121static void rtllib_tkip_deinit(void *priv) 122{ 123 struct rtllib_tkip_data *_priv = priv; 124 125 if (_priv) { 126 if (_priv->tx_tfm_michael) 127 crypto_free_hash(_priv->tx_tfm_michael); 128 if (_priv->tx_tfm_arc4) 129 crypto_free_blkcipher(_priv->tx_tfm_arc4); 130 if (_priv->rx_tfm_michael) 131 crypto_free_hash(_priv->rx_tfm_michael); 132 if (_priv->rx_tfm_arc4) 133 crypto_free_blkcipher(_priv->rx_tfm_arc4); 134 } 135 kfree(priv); 136} 137 138 139static inline u16 RotR1(u16 val) 140{ 141 return (val >> 1) | (val << 15); 142} 143 144 145static inline u8 Lo8(u16 val) 146{ 147 return val & 0xff; 148} 149 150 151static inline u8 Hi8(u16 val) 152{ 153 return val >> 8; 154} 155 156 157static inline u16 Lo16(u32 val) 158{ 159 return val & 0xffff; 160} 161 162 163static inline u16 Hi16(u32 val) 164{ 165 return val >> 16; 166} 167 168 169static inline u16 Mk16(u8 hi, u8 lo) 170{ 171 return lo | (((u16) hi) << 8); 172} 173 174 175static inline u16 Mk16_le(u16 *v) 176{ 177 return le16_to_cpu(*v); 178} 179 180 181static const u16 Sbox[256] = { 182 0xC6A5, 0xF884, 0xEE99, 0xF68D, 0xFF0D, 0xD6BD, 0xDEB1, 0x9154, 183 0x6050, 0x0203, 0xCEA9, 0x567D, 0xE719, 0xB562, 0x4DE6, 0xEC9A, 184 0x8F45, 0x1F9D, 0x8940, 0xFA87, 0xEF15, 0xB2EB, 0x8EC9, 0xFB0B, 185 0x41EC, 0xB367, 0x5FFD, 0x45EA, 0x23BF, 0x53F7, 0xE496, 0x9B5B, 186 0x75C2, 0xE11C, 0x3DAE, 0x4C6A, 0x6C5A, 0x7E41, 0xF502, 0x834F, 187 0x685C, 0x51F4, 0xD134, 0xF908, 0xE293, 0xAB73, 0x6253, 0x2A3F, 188 0x080C, 0x9552, 0x4665, 0x9D5E, 0x3028, 0x37A1, 0x0A0F, 0x2FB5, 189 0x0E09, 0x2436, 0x1B9B, 0xDF3D, 0xCD26, 0x4E69, 0x7FCD, 0xEA9F, 190 0x121B, 0x1D9E, 0x5874, 0x342E, 0x362D, 0xDCB2, 0xB4EE, 0x5BFB, 191 0xA4F6, 0x764D, 0xB761, 0x7DCE, 0x527B, 0xDD3E, 0x5E71, 0x1397, 192 0xA6F5, 0xB968, 0x0000, 0xC12C, 0x4060, 0xE31F, 0x79C8, 0xB6ED, 193 0xD4BE, 0x8D46, 0x67D9, 0x724B, 0x94DE, 0x98D4, 0xB0E8, 0x854A, 194 0xBB6B, 0xC52A, 0x4FE5, 0xED16, 0x86C5, 0x9AD7, 0x6655, 0x1194, 195 0x8ACF, 0xE910, 0x0406, 0xFE81, 0xA0F0, 0x7844, 0x25BA, 0x4BE3, 196 0xA2F3, 0x5DFE, 0x80C0, 0x058A, 0x3FAD, 0x21BC, 0x7048, 0xF104, 197 0x63DF, 0x77C1, 0xAF75, 0x4263, 0x2030, 0xE51A, 0xFD0E, 0xBF6D, 198 0x814C, 0x1814, 0x2635, 0xC32F, 0xBEE1, 0x35A2, 0x88CC, 0x2E39, 199 0x9357, 0x55F2, 0xFC82, 0x7A47, 0xC8AC, 0xBAE7, 0x322B, 0xE695, 200 0xC0A0, 0x1998, 0x9ED1, 0xA37F, 0x4466, 0x547E, 0x3BAB, 0x0B83, 201 0x8CCA, 0xC729, 0x6BD3, 0x283C, 0xA779, 0xBCE2, 0x161D, 0xAD76, 202 0xDB3B, 0x6456, 0x744E, 0x141E, 0x92DB, 0x0C0A, 0x486C, 0xB8E4, 203 0x9F5D, 0xBD6E, 0x43EF, 0xC4A6, 0x39A8, 0x31A4, 0xD337, 0xF28B, 204 0xD532, 0x8B43, 0x6E59, 0xDAB7, 0x018C, 0xB164, 0x9CD2, 0x49E0, 205 0xD8B4, 0xACFA, 0xF307, 0xCF25, 0xCAAF, 0xF48E, 0x47E9, 0x1018, 206 0x6FD5, 0xF088, 0x4A6F, 0x5C72, 0x3824, 0x57F1, 0x73C7, 0x9751, 207 0xCB23, 0xA17C, 0xE89C, 0x3E21, 0x96DD, 0x61DC, 0x0D86, 0x0F85, 208 0xE090, 0x7C42, 0x71C4, 0xCCAA, 0x90D8, 0x0605, 0xF701, 0x1C12, 209 0xC2A3, 0x6A5F, 0xAEF9, 0x69D0, 0x1791, 0x9958, 0x3A27, 0x27B9, 210 0xD938, 0xEB13, 0x2BB3, 0x2233, 0xD2BB, 0xA970, 0x0789, 0x33A7, 211 0x2DB6, 0x3C22, 0x1592, 0xC920, 0x8749, 0xAAFF, 0x5078, 0xA57A, 212 0x038F, 0x59F8, 0x0980, 0x1A17, 0x65DA, 0xD731, 0x84C6, 0xD0B8, 213 0x82C3, 0x29B0, 0x5A77, 0x1E11, 0x7BCB, 0xA8FC, 0x6DD6, 0x2C3A, 214}; 215 216 217static inline u16 _S_(u16 v) 218{ 219 u16 t = Sbox[Hi8(v)]; 220 return Sbox[Lo8(v)] ^ ((t << 8) | (t >> 8)); 221} 222 223 224#define PHASE1_LOOP_COUNT 8 225 226 227static void tkip_mixing_phase1(u16 *TTAK, const u8 *TK, const u8 *TA, u32 IV32) 228{ 229 int i, j; 230 231 /* Initialize the 80-bit TTAK from TSC (IV32) and TA[0..5] */ 232 TTAK[0] = Lo16(IV32); 233 TTAK[1] = Hi16(IV32); 234 TTAK[2] = Mk16(TA[1], TA[0]); 235 TTAK[3] = Mk16(TA[3], TA[2]); 236 TTAK[4] = Mk16(TA[5], TA[4]); 237 238 for (i = 0; i < PHASE1_LOOP_COUNT; i++) { 239 j = 2 * (i & 1); 240 TTAK[0] += _S_(TTAK[4] ^ Mk16(TK[1 + j], TK[0 + j])); 241 TTAK[1] += _S_(TTAK[0] ^ Mk16(TK[5 + j], TK[4 + j])); 242 TTAK[2] += _S_(TTAK[1] ^ Mk16(TK[9 + j], TK[8 + j])); 243 TTAK[3] += _S_(TTAK[2] ^ Mk16(TK[13 + j], TK[12 + j])); 244 TTAK[4] += _S_(TTAK[3] ^ Mk16(TK[1 + j], TK[0 + j])) + i; 245 } 246} 247 248 249static void tkip_mixing_phase2(u8 *WEPSeed, const u8 *TK, const u16 *TTAK, 250 u16 IV16) 251{ 252 /* Make temporary area overlap WEP seed so that the final copy can be 253 * avoided on little endian hosts. */ 254 u16 *PPK = (u16 *) &WEPSeed[4]; 255 256 /* Step 1 - make copy of TTAK and bring in TSC */ 257 PPK[0] = TTAK[0]; 258 PPK[1] = TTAK[1]; 259 PPK[2] = TTAK[2]; 260 PPK[3] = TTAK[3]; 261 PPK[4] = TTAK[4]; 262 PPK[5] = TTAK[4] + IV16; 263 264 /* Step 2 - 96-bit bijective mixing using S-box */ 265 PPK[0] += _S_(PPK[5] ^ Mk16_le((u16 *) &TK[0])); 266 PPK[1] += _S_(PPK[0] ^ Mk16_le((u16 *) &TK[2])); 267 PPK[2] += _S_(PPK[1] ^ Mk16_le((u16 *) &TK[4])); 268 PPK[3] += _S_(PPK[2] ^ Mk16_le((u16 *) &TK[6])); 269 PPK[4] += _S_(PPK[3] ^ Mk16_le((u16 *) &TK[8])); 270 PPK[5] += _S_(PPK[4] ^ Mk16_le((u16 *) &TK[10])); 271 272 PPK[0] += RotR1(PPK[5] ^ Mk16_le((u16 *) &TK[12])); 273 PPK[1] += RotR1(PPK[0] ^ Mk16_le((u16 *) &TK[14])); 274 PPK[2] += RotR1(PPK[1]); 275 PPK[3] += RotR1(PPK[2]); 276 PPK[4] += RotR1(PPK[3]); 277 PPK[5] += RotR1(PPK[4]); 278 279 /* Step 3 - bring in last of TK bits, assign 24-bit WEP IV value 280 * WEPSeed[0..2] is transmitted as WEP IV */ 281 WEPSeed[0] = Hi8(IV16); 282 WEPSeed[1] = (Hi8(IV16) | 0x20) & 0x7F; 283 WEPSeed[2] = Lo8(IV16); 284 WEPSeed[3] = Lo8((PPK[5] ^ Mk16_le((u16 *) &TK[0])) >> 1); 285 286#ifdef __BIG_ENDIAN 287 { 288 int i; 289 for (i = 0; i < 6; i++) 290 PPK[i] = (PPK[i] << 8) | (PPK[i] >> 8); 291 } 292#endif 293} 294 295 296static int rtllib_tkip_encrypt(struct sk_buff *skb, int hdr_len, void *priv) 297{ 298 struct rtllib_tkip_data *tkey = priv; 299 int len; 300 u8 *pos; 301 struct rtllib_hdr_4addr *hdr; 302 struct cb_desc *tcb_desc = (struct cb_desc *)(skb->cb + 303 MAX_DEV_ADDR_SIZE); 304 struct blkcipher_desc desc = {.tfm = tkey->tx_tfm_arc4}; 305 int ret = 0; 306 u8 rc4key[16], *icv; 307 u32 crc; 308 struct scatterlist sg; 309 310 if (skb_headroom(skb) < 8 || skb_tailroom(skb) < 4 || 311 skb->len < hdr_len) 312 return -1; 313 314 hdr = (struct rtllib_hdr_4addr *) skb->data; 315 316 if (!tcb_desc->bHwSec) { 317 if (!tkey->tx_phase1_done) { 318 tkip_mixing_phase1(tkey->tx_ttak, tkey->key, hdr->addr2, 319 tkey->tx_iv32); 320 tkey->tx_phase1_done = 1; 321 } 322 tkip_mixing_phase2(rc4key, tkey->key, tkey->tx_ttak, 323 tkey->tx_iv16); 324 } else 325 tkey->tx_phase1_done = 1; 326 327 328 len = skb->len - hdr_len; 329 pos = skb_push(skb, 8); 330 memmove(pos, pos + 8, hdr_len); 331 pos += hdr_len; 332 333 if (tcb_desc->bHwSec) { 334 *pos++ = Hi8(tkey->tx_iv16); 335 *pos++ = (Hi8(tkey->tx_iv16) | 0x20) & 0x7F; 336 *pos++ = Lo8(tkey->tx_iv16); 337 } else { 338 *pos++ = rc4key[0]; 339 *pos++ = rc4key[1]; 340 *pos++ = rc4key[2]; 341 } 342 343 *pos++ = (tkey->key_idx << 6) | (1 << 5) /* Ext IV included */; 344 *pos++ = tkey->tx_iv32 & 0xff; 345 *pos++ = (tkey->tx_iv32 >> 8) & 0xff; 346 *pos++ = (tkey->tx_iv32 >> 16) & 0xff; 347 *pos++ = (tkey->tx_iv32 >> 24) & 0xff; 348 349 if (!tcb_desc->bHwSec) { 350 icv = skb_put(skb, 4); 351 crc = ~crc32_le(~0, pos, len); 352 icv[0] = crc; 353 icv[1] = crc >> 8; 354 icv[2] = crc >> 16; 355 icv[3] = crc >> 24; 356 357 sg_init_one(&sg, pos, len+4); 358 359 360 crypto_blkcipher_setkey(tkey->tx_tfm_arc4, rc4key, 16); 361 ret = crypto_blkcipher_encrypt(&desc, &sg, &sg, len + 4); 362 } 363 364 tkey->tx_iv16++; 365 if (tkey->tx_iv16 == 0) { 366 tkey->tx_phase1_done = 0; 367 tkey->tx_iv32++; 368 } 369 370 if (!tcb_desc->bHwSec) 371 return ret; 372 else 373 return 0; 374 375 376} 377 378static int rtllib_tkip_decrypt(struct sk_buff *skb, int hdr_len, void *priv) 379{ 380 struct rtllib_tkip_data *tkey = priv; 381 u8 keyidx, *pos; 382 u32 iv32; 383 u16 iv16; 384 struct rtllib_hdr_4addr *hdr; 385 struct cb_desc *tcb_desc = (struct cb_desc *)(skb->cb + 386 MAX_DEV_ADDR_SIZE); 387 struct blkcipher_desc desc = {.tfm = tkey->rx_tfm_arc4}; 388 u8 rc4key[16]; 389 u8 icv[4]; 390 u32 crc; 391 struct scatterlist sg; 392 int plen; 393 if (skb->len < hdr_len + 8 + 4) 394 return -1; 395 396 hdr = (struct rtllib_hdr_4addr *) skb->data; 397 pos = skb->data + hdr_len; 398 keyidx = pos[3]; 399 if (!(keyidx & (1 << 5))) { 400 if (net_ratelimit()) { 401 printk(KERN_DEBUG "TKIP: received packet without ExtIV" 402 " flag from %pM\n", hdr->addr2); 403 } 404 return -2; 405 } 406 keyidx >>= 6; 407 if (tkey->key_idx != keyidx) { 408 printk(KERN_DEBUG "TKIP: RX tkey->key_idx=%d frame " 409 "keyidx=%d priv=%p\n", tkey->key_idx, keyidx, priv); 410 return -6; 411 } 412 if (!tkey->key_set) { 413 if (net_ratelimit()) { 414 printk(KERN_DEBUG "TKIP: received packet from %pM" 415 " with keyid=%d that does not have a configured" 416 " key\n", hdr->addr2, keyidx); 417 } 418 return -3; 419 } 420 iv16 = (pos[0] << 8) | pos[2]; 421 iv32 = pos[4] | (pos[5] << 8) | (pos[6] << 16) | (pos[7] << 24); 422 pos += 8; 423 424 if (!tcb_desc->bHwSec || (skb->cb[0] == 1)) { 425 if ((iv32 < tkey->rx_iv32 || 426 (iv32 == tkey->rx_iv32 && iv16 <= tkey->rx_iv16)) && 427 tkey->initialized) { 428 if (net_ratelimit()) { 429 printk(KERN_DEBUG "TKIP: replay detected: STA=" 430 " %pM previous TSC %08x%04x received " 431 "TSC %08x%04x\n",hdr->addr2, 432 tkey->rx_iv32, tkey->rx_iv16, iv32, iv16); 433 } 434 tkey->dot11RSNAStatsTKIPReplays++; 435 return -4; 436 } 437 tkey->initialized = true; 438 439 if (iv32 != tkey->rx_iv32 || !tkey->rx_phase1_done) { 440 tkip_mixing_phase1(tkey->rx_ttak, tkey->key, 441 hdr->addr2, iv32); 442 tkey->rx_phase1_done = 1; 443 } 444 tkip_mixing_phase2(rc4key, tkey->key, tkey->rx_ttak, iv16); 445 446 plen = skb->len - hdr_len - 12; 447 448 sg_init_one(&sg, pos, plen+4); 449 450 crypto_blkcipher_setkey(tkey->rx_tfm_arc4, rc4key, 16); 451 if (crypto_blkcipher_decrypt(&desc, &sg, &sg, plen + 4)) { 452 if (net_ratelimit()) { 453 printk(KERN_DEBUG ": TKIP: failed to decrypt " 454 "received packet from %pM\n", 455 hdr->addr2); 456 } 457 return -7; 458 } 459 460 crc = ~crc32_le(~0, pos, plen); 461 icv[0] = crc; 462 icv[1] = crc >> 8; 463 icv[2] = crc >> 16; 464 icv[3] = crc >> 24; 465 466 if (memcmp(icv, pos + plen, 4) != 0) { 467 if (iv32 != tkey->rx_iv32) { 468 /* Previously cached Phase1 result was already 469 * lost, so it needs to be recalculated for the 470 * next packet. */ 471 tkey->rx_phase1_done = 0; 472 } 473 if (net_ratelimit()) { 474 printk(KERN_DEBUG "TKIP: ICV error detected: STA=" 475 " %pM\n", hdr->addr2); 476 } 477 tkey->dot11RSNAStatsTKIPICVErrors++; 478 return -5; 479 } 480 481 } 482 483 /* Update real counters only after Michael MIC verification has 484 * completed */ 485 tkey->rx_iv32_new = iv32; 486 tkey->rx_iv16_new = iv16; 487 488 /* Remove IV and ICV */ 489 memmove(skb->data + 8, skb->data, hdr_len); 490 skb_pull(skb, 8); 491 skb_trim(skb, skb->len - 4); 492 493 return keyidx; 494} 495 496 497static int michael_mic(struct crypto_hash *tfm_michael, u8 *key, u8 *hdr, 498 u8 *data, size_t data_len, u8 *mic) 499{ 500 struct hash_desc desc; 501 struct scatterlist sg[2]; 502 503 if (tfm_michael == NULL) { 504 printk(KERN_WARNING "michael_mic: tfm_michael == NULL\n"); 505 return -1; 506 } 507 sg_init_table(sg, 2); 508 sg_set_buf(&sg[0], hdr, 16); 509 sg_set_buf(&sg[1], data, data_len); 510 511 if (crypto_hash_setkey(tfm_michael, key, 8)) 512 return -1; 513 514 desc.tfm = tfm_michael; 515 desc.flags = 0; 516 return crypto_hash_digest(&desc, sg, data_len + 16, mic); 517} 518 519static void michael_mic_hdr(struct sk_buff *skb, u8 *hdr) 520{ 521 struct rtllib_hdr_4addr *hdr11; 522 523 hdr11 = (struct rtllib_hdr_4addr *) skb->data; 524 switch (le16_to_cpu(hdr11->frame_ctl) & 525 (RTLLIB_FCTL_FROMDS | RTLLIB_FCTL_TODS)) { 526 case RTLLIB_FCTL_TODS: 527 memcpy(hdr, hdr11->addr3, ETH_ALEN); /* DA */ 528 memcpy(hdr + ETH_ALEN, hdr11->addr2, ETH_ALEN); /* SA */ 529 break; 530 case RTLLIB_FCTL_FROMDS: 531 memcpy(hdr, hdr11->addr1, ETH_ALEN); /* DA */ 532 memcpy(hdr + ETH_ALEN, hdr11->addr3, ETH_ALEN); /* SA */ 533 break; 534 case RTLLIB_FCTL_FROMDS | RTLLIB_FCTL_TODS: 535 memcpy(hdr, hdr11->addr3, ETH_ALEN); /* DA */ 536 memcpy(hdr + ETH_ALEN, hdr11->addr4, ETH_ALEN); /* SA */ 537 break; 538 case 0: 539 memcpy(hdr, hdr11->addr1, ETH_ALEN); /* DA */ 540 memcpy(hdr + ETH_ALEN, hdr11->addr2, ETH_ALEN); /* SA */ 541 break; 542 } 543 544 hdr[12] = 0; /* priority */ 545 546 hdr[13] = hdr[14] = hdr[15] = 0; /* reserved */ 547} 548 549 550static int rtllib_michael_mic_add(struct sk_buff *skb, int hdr_len, void *priv) 551{ 552 struct rtllib_tkip_data *tkey = priv; 553 u8 *pos; 554 struct rtllib_hdr_4addr *hdr; 555 556 hdr = (struct rtllib_hdr_4addr *) skb->data; 557 558 if (skb_tailroom(skb) < 8 || skb->len < hdr_len) { 559 printk(KERN_DEBUG "Invalid packet for Michael MIC add " 560 "(tailroom=%d hdr_len=%d skb->len=%d)\n", 561 skb_tailroom(skb), hdr_len, skb->len); 562 return -1; 563 } 564 565 michael_mic_hdr(skb, tkey->tx_hdr); 566 567 if (RTLLIB_QOS_HAS_SEQ(le16_to_cpu(hdr->frame_ctl))) 568 tkey->tx_hdr[12] = *(skb->data + hdr_len - 2) & 0x07; 569 pos = skb_put(skb, 8); 570 if (michael_mic(tkey->tx_tfm_michael, &tkey->key[16], tkey->tx_hdr, 571 skb->data + hdr_len, skb->len - 8 - hdr_len, pos)) 572 return -1; 573 574 return 0; 575} 576 577 578static void rtllib_michael_mic_failure(struct net_device *dev, 579 struct rtllib_hdr_4addr *hdr, 580 int keyidx) 581{ 582 union iwreq_data wrqu; 583 struct iw_michaelmicfailure ev; 584 585 /* TODO: needed parameters: count, keyid, key type, TSC */ 586 memset(&ev, 0, sizeof(ev)); 587 ev.flags = keyidx & IW_MICFAILURE_KEY_ID; 588 if (hdr->addr1[0] & 0x01) 589 ev.flags |= IW_MICFAILURE_GROUP; 590 else 591 ev.flags |= IW_MICFAILURE_PAIRWISE; 592 ev.src_addr.sa_family = ARPHRD_ETHER; 593 memcpy(ev.src_addr.sa_data, hdr->addr2, ETH_ALEN); 594 memset(&wrqu, 0, sizeof(wrqu)); 595 wrqu.data.length = sizeof(ev); 596 wireless_send_event(dev, IWEVMICHAELMICFAILURE, &wrqu, (char *) &ev); 597} 598 599static int rtllib_michael_mic_verify(struct sk_buff *skb, int keyidx, 600 int hdr_len, void *priv, 601 struct rtllib_device *ieee) 602{ 603 struct rtllib_tkip_data *tkey = priv; 604 u8 mic[8]; 605 struct rtllib_hdr_4addr *hdr; 606 607 hdr = (struct rtllib_hdr_4addr *) skb->data; 608 609 if (!tkey->key_set) 610 return -1; 611 612 michael_mic_hdr(skb, tkey->rx_hdr); 613 if (RTLLIB_QOS_HAS_SEQ(le16_to_cpu(hdr->frame_ctl))) 614 tkey->rx_hdr[12] = *(skb->data + hdr_len - 2) & 0x07; 615 616 if (michael_mic(tkey->rx_tfm_michael, &tkey->key[24], tkey->rx_hdr, 617 skb->data + hdr_len, skb->len - 8 - hdr_len, mic)) 618 return -1; 619 620 if ((memcmp(mic, skb->data + skb->len - 8, 8) != 0) || 621 (ieee->force_mic_error)) { 622 struct rtllib_hdr_4addr *hdr; 623 hdr = (struct rtllib_hdr_4addr *) skb->data; 624 printk(KERN_DEBUG "%s: Michael MIC verification failed for " 625 "MSDU from %pM keyidx=%d\n", 626 skb->dev ? skb->dev->name : "N/A", hdr->addr2, 627 keyidx); 628 printk(KERN_DEBUG "%d, force_mic_error = %d\n", 629 (memcmp(mic, skb->data + skb->len - 8, 8) != 0),\ 630 ieee->force_mic_error); 631 if (skb->dev) { 632 printk(KERN_INFO "skb->dev != NULL\n"); 633 rtllib_michael_mic_failure(skb->dev, hdr, keyidx); 634 } 635 tkey->dot11RSNAStatsTKIPLocalMICFailures++; 636 ieee->force_mic_error = false; 637 return -1; 638 } 639 640 /* Update TSC counters for RX now that the packet verification has 641 * completed. */ 642 tkey->rx_iv32 = tkey->rx_iv32_new; 643 tkey->rx_iv16 = tkey->rx_iv16_new; 644 645 skb_trim(skb, skb->len - 8); 646 647 return 0; 648} 649 650 651static int rtllib_tkip_set_key(void *key, int len, u8 *seq, void *priv) 652{ 653 struct rtllib_tkip_data *tkey = priv; 654 int keyidx; 655 struct crypto_hash *tfm = tkey->tx_tfm_michael; 656 struct crypto_blkcipher *tfm2 = tkey->tx_tfm_arc4; 657 struct crypto_hash *tfm3 = tkey->rx_tfm_michael; 658 struct crypto_blkcipher *tfm4 = tkey->rx_tfm_arc4; 659 660 keyidx = tkey->key_idx; 661 memset(tkey, 0, sizeof(*tkey)); 662 tkey->key_idx = keyidx; 663 tkey->tx_tfm_michael = tfm; 664 tkey->tx_tfm_arc4 = tfm2; 665 tkey->rx_tfm_michael = tfm3; 666 tkey->rx_tfm_arc4 = tfm4; 667 668 if (len == TKIP_KEY_LEN) { 669 memcpy(tkey->key, key, TKIP_KEY_LEN); 670 tkey->key_set = 1; 671 tkey->tx_iv16 = 1; /* TSC is initialized to 1 */ 672 if (seq) { 673 tkey->rx_iv32 = (seq[5] << 24) | (seq[4] << 16) | 674 (seq[3] << 8) | seq[2]; 675 tkey->rx_iv16 = (seq[1] << 8) | seq[0]; 676 } 677 } else if (len == 0) 678 tkey->key_set = 0; 679 else 680 return -1; 681 682 return 0; 683} 684 685 686static int rtllib_tkip_get_key(void *key, int len, u8 *seq, void *priv) 687{ 688 struct rtllib_tkip_data *tkey = priv; 689 690 if (len < TKIP_KEY_LEN) 691 return -1; 692 693 if (!tkey->key_set) 694 return 0; 695 memcpy(key, tkey->key, TKIP_KEY_LEN); 696 697 if (seq) { 698 /* Return the sequence number of the last transmitted frame. */ 699 u16 iv16 = tkey->tx_iv16; 700 u32 iv32 = tkey->tx_iv32; 701 if (iv16 == 0) 702 iv32--; 703 iv16--; 704 seq[0] = tkey->tx_iv16; 705 seq[1] = tkey->tx_iv16 >> 8; 706 seq[2] = tkey->tx_iv32; 707 seq[3] = tkey->tx_iv32 >> 8; 708 seq[4] = tkey->tx_iv32 >> 16; 709 seq[5] = tkey->tx_iv32 >> 24; 710 } 711 712 return TKIP_KEY_LEN; 713} 714 715 716static char *rtllib_tkip_print_stats(char *p, void *priv) 717{ 718 struct rtllib_tkip_data *tkip = priv; 719 p += sprintf(p, "key[%d] alg=TKIP key_set=%d " 720 "tx_pn=%02x%02x%02x%02x%02x%02x " 721 "rx_pn=%02x%02x%02x%02x%02x%02x " 722 "replays=%d icv_errors=%d local_mic_failures=%d\n", 723 tkip->key_idx, tkip->key_set, 724 (tkip->tx_iv32 >> 24) & 0xff, 725 (tkip->tx_iv32 >> 16) & 0xff, 726 (tkip->tx_iv32 >> 8) & 0xff, 727 tkip->tx_iv32 & 0xff, 728 (tkip->tx_iv16 >> 8) & 0xff, 729 tkip->tx_iv16 & 0xff, 730 (tkip->rx_iv32 >> 24) & 0xff, 731 (tkip->rx_iv32 >> 16) & 0xff, 732 (tkip->rx_iv32 >> 8) & 0xff, 733 tkip->rx_iv32 & 0xff, 734 (tkip->rx_iv16 >> 8) & 0xff, 735 tkip->rx_iv16 & 0xff, 736 tkip->dot11RSNAStatsTKIPReplays, 737 tkip->dot11RSNAStatsTKIPICVErrors, 738 tkip->dot11RSNAStatsTKIPLocalMICFailures); 739 return p; 740} 741 742 743static struct rtllib_crypto_ops rtllib_crypt_tkip = { 744 .name = "TKIP", 745 .init = rtllib_tkip_init, 746 .deinit = rtllib_tkip_deinit, 747 .encrypt_mpdu = rtllib_tkip_encrypt, 748 .decrypt_mpdu = rtllib_tkip_decrypt, 749 .encrypt_msdu = rtllib_michael_mic_add, 750 .decrypt_msdu = rtllib_michael_mic_verify, 751 .set_key = rtllib_tkip_set_key, 752 .get_key = rtllib_tkip_get_key, 753 .print_stats = rtllib_tkip_print_stats, 754 .extra_prefix_len = 4 + 4, /* IV + ExtIV */ 755 .extra_postfix_len = 8 + 4, /* MIC + ICV */ 756 .owner = THIS_MODULE, 757}; 758 759 760int __init rtllib_crypto_tkip_init(void) 761{ 762 return rtllib_register_crypto_ops(&rtllib_crypt_tkip); 763} 764 765 766void __exit rtllib_crypto_tkip_exit(void) 767{ 768 rtllib_unregister_crypto_ops(&rtllib_crypt_tkip); 769} 770 771void rtllib_tkip_null(void) 772{ 773 return; 774} 775