rtllib_crypt_tkip.c revision cb76215448947ddcc133c4b1c2ff2d4a77e851e0
1/* 2 * Host AP crypt: host-based TKIP encryption implementation for Host AP driver 3 * 4 * Copyright (c) 2003-2004, Jouni Malinen <jkmaline@cc.hut.fi> 5 * 6 * This program is free software; you can redistribute it and/or modify 7 * it under the terms of the GNU General Public License version 2 as 8 * published by the Free Software Foundation. See README and COPYING for 9 * more details. 10 */ 11 12#include <linux/version.h> 13#include <linux/module.h> 14#include <linux/init.h> 15#include <linux/slab.h> 16#include <linux/random.h> 17#include <linux/skbuff.h> 18#include <linux/netdevice.h> 19#include <linux/if_ether.h> 20#include <linux/if_arp.h> 21#include <asm/string.h> 22#include "rtllib.h" 23 24 25#include <linux/crypto.h> 26#include <linux/scatterlist.h> 27 28#include <linux/crc32.h> 29 30struct rtllib_tkip_data { 31#define TKIP_KEY_LEN 32 32 u8 key[TKIP_KEY_LEN]; 33 int key_set; 34 35 u32 tx_iv32; 36 u16 tx_iv16; 37 u16 tx_ttak[5]; 38 int tx_phase1_done; 39 40 u32 rx_iv32; 41 u16 rx_iv16; 42 bool initialized; 43 u16 rx_ttak[5]; 44 int rx_phase1_done; 45 u32 rx_iv32_new; 46 u16 rx_iv16_new; 47 48 u32 dot11RSNAStatsTKIPReplays; 49 u32 dot11RSNAStatsTKIPICVErrors; 50 u32 dot11RSNAStatsTKIPLocalMICFailures; 51 52 int key_idx; 53 struct crypto_blkcipher *rx_tfm_arc4; 54 struct crypto_hash *rx_tfm_michael; 55 struct crypto_blkcipher *tx_tfm_arc4; 56 struct crypto_hash *tx_tfm_michael; 57 /* scratch buffers for virt_to_page() (crypto API) */ 58 u8 rx_hdr[16], tx_hdr[16]; 59}; 60 61static void * rtllib_tkip_init(int key_idx) 62{ 63 struct rtllib_tkip_data *priv; 64 65 priv = kmalloc(sizeof(*priv), GFP_ATOMIC); 66 if (priv == NULL) 67 goto fail; 68 memset(priv, 0, sizeof(*priv)); 69 priv->key_idx = key_idx; 70 priv->tx_tfm_arc4 = crypto_alloc_blkcipher("ecb(arc4)", 0, 71 CRYPTO_ALG_ASYNC); 72 if (IS_ERR(priv->tx_tfm_arc4)) { 73 printk(KERN_DEBUG "rtllib_crypt_tkip: could not allocate " 74 "crypto API arc4\n"); 75 priv->tx_tfm_arc4 = NULL; 76 goto fail; 77 } 78 79 priv->tx_tfm_michael = crypto_alloc_hash("michael_mic", 0, 80 CRYPTO_ALG_ASYNC); 81 if (IS_ERR(priv->tx_tfm_michael)) { 82 printk(KERN_DEBUG "rtllib_crypt_tkip: could not allocate " 83 "crypto API michael_mic\n"); 84 priv->tx_tfm_michael = NULL; 85 goto fail; 86 } 87 88 priv->rx_tfm_arc4 = crypto_alloc_blkcipher("ecb(arc4)", 0, 89 CRYPTO_ALG_ASYNC); 90 if (IS_ERR(priv->rx_tfm_arc4)) { 91 printk(KERN_DEBUG "rtllib_crypt_tkip: could not allocate " 92 "crypto API arc4\n"); 93 priv->rx_tfm_arc4 = NULL; 94 goto fail; 95 } 96 97 priv->rx_tfm_michael = crypto_alloc_hash("michael_mic", 0, 98 CRYPTO_ALG_ASYNC); 99 if (IS_ERR(priv->rx_tfm_michael)) { 100 printk(KERN_DEBUG "rtllib_crypt_tkip: could not allocate " 101 "crypto API michael_mic\n"); 102 priv->rx_tfm_michael = NULL; 103 goto fail; 104 } 105 return priv; 106 107fail: 108 if (priv) { 109 if (priv->tx_tfm_michael) 110 crypto_free_hash(priv->tx_tfm_michael); 111 if (priv->tx_tfm_arc4) 112 crypto_free_blkcipher(priv->tx_tfm_arc4); 113 if (priv->rx_tfm_michael) 114 crypto_free_hash(priv->rx_tfm_michael); 115 if (priv->rx_tfm_arc4) 116 crypto_free_blkcipher(priv->rx_tfm_arc4); 117 kfree(priv); 118 } 119 120 return NULL; 121} 122 123 124static void rtllib_tkip_deinit(void *priv) 125{ 126 struct rtllib_tkip_data *_priv = priv; 127 128 if (_priv) { 129 if (_priv->tx_tfm_michael) 130 crypto_free_hash(_priv->tx_tfm_michael); 131 if (_priv->tx_tfm_arc4) 132 crypto_free_blkcipher(_priv->tx_tfm_arc4); 133 if (_priv->rx_tfm_michael) 134 crypto_free_hash(_priv->rx_tfm_michael); 135 if (_priv->rx_tfm_arc4) 136 crypto_free_blkcipher(_priv->rx_tfm_arc4); 137 } 138 kfree(priv); 139} 140 141 142static inline u16 RotR1(u16 val) 143{ 144 return (val >> 1) | (val << 15); 145} 146 147 148static inline u8 Lo8(u16 val) 149{ 150 return val & 0xff; 151} 152 153 154static inline u8 Hi8(u16 val) 155{ 156 return val >> 8; 157} 158 159 160static inline u16 Lo16(u32 val) 161{ 162 return val & 0xffff; 163} 164 165 166static inline u16 Hi16(u32 val) 167{ 168 return val >> 16; 169} 170 171 172static inline u16 Mk16(u8 hi, u8 lo) 173{ 174 return lo | (((u16) hi) << 8); 175} 176 177 178static inline u16 Mk16_le(u16 *v) 179{ 180 return le16_to_cpu(*v); 181} 182 183 184static const u16 Sbox[256] = 185{ 186 0xC6A5, 0xF884, 0xEE99, 0xF68D, 0xFF0D, 0xD6BD, 0xDEB1, 0x9154, 187 0x6050, 0x0203, 0xCEA9, 0x567D, 0xE719, 0xB562, 0x4DE6, 0xEC9A, 188 0x8F45, 0x1F9D, 0x8940, 0xFA87, 0xEF15, 0xB2EB, 0x8EC9, 0xFB0B, 189 0x41EC, 0xB367, 0x5FFD, 0x45EA, 0x23BF, 0x53F7, 0xE496, 0x9B5B, 190 0x75C2, 0xE11C, 0x3DAE, 0x4C6A, 0x6C5A, 0x7E41, 0xF502, 0x834F, 191 0x685C, 0x51F4, 0xD134, 0xF908, 0xE293, 0xAB73, 0x6253, 0x2A3F, 192 0x080C, 0x9552, 0x4665, 0x9D5E, 0x3028, 0x37A1, 0x0A0F, 0x2FB5, 193 0x0E09, 0x2436, 0x1B9B, 0xDF3D, 0xCD26, 0x4E69, 0x7FCD, 0xEA9F, 194 0x121B, 0x1D9E, 0x5874, 0x342E, 0x362D, 0xDCB2, 0xB4EE, 0x5BFB, 195 0xA4F6, 0x764D, 0xB761, 0x7DCE, 0x527B, 0xDD3E, 0x5E71, 0x1397, 196 0xA6F5, 0xB968, 0x0000, 0xC12C, 0x4060, 0xE31F, 0x79C8, 0xB6ED, 197 0xD4BE, 0x8D46, 0x67D9, 0x724B, 0x94DE, 0x98D4, 0xB0E8, 0x854A, 198 0xBB6B, 0xC52A, 0x4FE5, 0xED16, 0x86C5, 0x9AD7, 0x6655, 0x1194, 199 0x8ACF, 0xE910, 0x0406, 0xFE81, 0xA0F0, 0x7844, 0x25BA, 0x4BE3, 200 0xA2F3, 0x5DFE, 0x80C0, 0x058A, 0x3FAD, 0x21BC, 0x7048, 0xF104, 201 0x63DF, 0x77C1, 0xAF75, 0x4263, 0x2030, 0xE51A, 0xFD0E, 0xBF6D, 202 0x814C, 0x1814, 0x2635, 0xC32F, 0xBEE1, 0x35A2, 0x88CC, 0x2E39, 203 0x9357, 0x55F2, 0xFC82, 0x7A47, 0xC8AC, 0xBAE7, 0x322B, 0xE695, 204 0xC0A0, 0x1998, 0x9ED1, 0xA37F, 0x4466, 0x547E, 0x3BAB, 0x0B83, 205 0x8CCA, 0xC729, 0x6BD3, 0x283C, 0xA779, 0xBCE2, 0x161D, 0xAD76, 206 0xDB3B, 0x6456, 0x744E, 0x141E, 0x92DB, 0x0C0A, 0x486C, 0xB8E4, 207 0x9F5D, 0xBD6E, 0x43EF, 0xC4A6, 0x39A8, 0x31A4, 0xD337, 0xF28B, 208 0xD532, 0x8B43, 0x6E59, 0xDAB7, 0x018C, 0xB164, 0x9CD2, 0x49E0, 209 0xD8B4, 0xACFA, 0xF307, 0xCF25, 0xCAAF, 0xF48E, 0x47E9, 0x1018, 210 0x6FD5, 0xF088, 0x4A6F, 0x5C72, 0x3824, 0x57F1, 0x73C7, 0x9751, 211 0xCB23, 0xA17C, 0xE89C, 0x3E21, 0x96DD, 0x61DC, 0x0D86, 0x0F85, 212 0xE090, 0x7C42, 0x71C4, 0xCCAA, 0x90D8, 0x0605, 0xF701, 0x1C12, 213 0xC2A3, 0x6A5F, 0xAEF9, 0x69D0, 0x1791, 0x9958, 0x3A27, 0x27B9, 214 0xD938, 0xEB13, 0x2BB3, 0x2233, 0xD2BB, 0xA970, 0x0789, 0x33A7, 215 0x2DB6, 0x3C22, 0x1592, 0xC920, 0x8749, 0xAAFF, 0x5078, 0xA57A, 216 0x038F, 0x59F8, 0x0980, 0x1A17, 0x65DA, 0xD731, 0x84C6, 0xD0B8, 217 0x82C3, 0x29B0, 0x5A77, 0x1E11, 0x7BCB, 0xA8FC, 0x6DD6, 0x2C3A, 218}; 219 220 221static inline u16 _S_(u16 v) 222{ 223 u16 t = Sbox[Hi8(v)]; 224 return Sbox[Lo8(v)] ^ ((t << 8) | (t >> 8)); 225} 226 227 228#define PHASE1_LOOP_COUNT 8 229 230 231static void tkip_mixing_phase1(u16 *TTAK, const u8 *TK, const u8 *TA, u32 IV32) 232{ 233 int i, j; 234 235 /* Initialize the 80-bit TTAK from TSC (IV32) and TA[0..5] */ 236 TTAK[0] = Lo16(IV32); 237 TTAK[1] = Hi16(IV32); 238 TTAK[2] = Mk16(TA[1], TA[0]); 239 TTAK[3] = Mk16(TA[3], TA[2]); 240 TTAK[4] = Mk16(TA[5], TA[4]); 241 242 for (i = 0; i < PHASE1_LOOP_COUNT; i++) { 243 j = 2 * (i & 1); 244 TTAK[0] += _S_(TTAK[4] ^ Mk16(TK[1 + j], TK[0 + j])); 245 TTAK[1] += _S_(TTAK[0] ^ Mk16(TK[5 + j], TK[4 + j])); 246 TTAK[2] += _S_(TTAK[1] ^ Mk16(TK[9 + j], TK[8 + j])); 247 TTAK[3] += _S_(TTAK[2] ^ Mk16(TK[13 + j], TK[12 + j])); 248 TTAK[4] += _S_(TTAK[3] ^ Mk16(TK[1 + j], TK[0 + j])) + i; 249 } 250} 251 252 253static void tkip_mixing_phase2(u8 *WEPSeed, const u8 *TK, const u16 *TTAK, 254 u16 IV16) 255{ 256 /* Make temporary area overlap WEP seed so that the final copy can be 257 * avoided on little endian hosts. */ 258 u16 *PPK = (u16 *) &WEPSeed[4]; 259 260 /* Step 1 - make copy of TTAK and bring in TSC */ 261 PPK[0] = TTAK[0]; 262 PPK[1] = TTAK[1]; 263 PPK[2] = TTAK[2]; 264 PPK[3] = TTAK[3]; 265 PPK[4] = TTAK[4]; 266 PPK[5] = TTAK[4] + IV16; 267 268 /* Step 2 - 96-bit bijective mixing using S-box */ 269 PPK[0] += _S_(PPK[5] ^ Mk16_le((u16 *) &TK[0])); 270 PPK[1] += _S_(PPK[0] ^ Mk16_le((u16 *) &TK[2])); 271 PPK[2] += _S_(PPK[1] ^ Mk16_le((u16 *) &TK[4])); 272 PPK[3] += _S_(PPK[2] ^ Mk16_le((u16 *) &TK[6])); 273 PPK[4] += _S_(PPK[3] ^ Mk16_le((u16 *) &TK[8])); 274 PPK[5] += _S_(PPK[4] ^ Mk16_le((u16 *) &TK[10])); 275 276 PPK[0] += RotR1(PPK[5] ^ Mk16_le((u16 *) &TK[12])); 277 PPK[1] += RotR1(PPK[0] ^ Mk16_le((u16 *) &TK[14])); 278 PPK[2] += RotR1(PPK[1]); 279 PPK[3] += RotR1(PPK[2]); 280 PPK[4] += RotR1(PPK[3]); 281 PPK[5] += RotR1(PPK[4]); 282 283 /* Step 3 - bring in last of TK bits, assign 24-bit WEP IV value 284 * WEPSeed[0..2] is transmitted as WEP IV */ 285 WEPSeed[0] = Hi8(IV16); 286 WEPSeed[1] = (Hi8(IV16) | 0x20) & 0x7F; 287 WEPSeed[2] = Lo8(IV16); 288 WEPSeed[3] = Lo8((PPK[5] ^ Mk16_le((u16 *) &TK[0])) >> 1); 289 290#ifdef __BIG_ENDIAN 291 { 292 int i; 293 for (i = 0; i < 6; i++) 294 PPK[i] = (PPK[i] << 8) | (PPK[i] >> 8); 295 } 296#endif 297} 298 299 300static int rtllib_tkip_encrypt(struct sk_buff *skb, int hdr_len, void *priv) 301{ 302 struct rtllib_tkip_data *tkey = priv; 303 int len; 304 u8 *pos; 305 struct rtllib_hdr_4addr *hdr; 306 cb_desc *tcb_desc = (cb_desc *)(skb->cb + MAX_DEV_ADDR_SIZE); 307 struct blkcipher_desc desc = {.tfm = tkey->tx_tfm_arc4}; 308 int ret = 0; 309 u8 rc4key[16], *icv; 310 u32 crc; 311 struct scatterlist sg; 312 313 if (skb_headroom(skb) < 8 || skb_tailroom(skb) < 4 || 314 skb->len < hdr_len) 315 return -1; 316 317 hdr = (struct rtllib_hdr_4addr *) skb->data; 318 319 if (!tcb_desc->bHwSec) { 320 if (!tkey->tx_phase1_done) { 321 tkip_mixing_phase1(tkey->tx_ttak, tkey->key, hdr->addr2, 322 tkey->tx_iv32); 323 tkey->tx_phase1_done = 1; 324 } 325 tkip_mixing_phase2(rc4key, tkey->key, tkey->tx_ttak, tkey->tx_iv16); 326 } else 327 tkey->tx_phase1_done = 1; 328 329 330 len = skb->len - hdr_len; 331 pos = skb_push(skb, 8); 332 memmove(pos, pos + 8, hdr_len); 333 pos += hdr_len; 334 335 if (tcb_desc->bHwSec) { 336 *pos++ = Hi8(tkey->tx_iv16); 337 *pos++ = (Hi8(tkey->tx_iv16) | 0x20) & 0x7F; 338 *pos++ = Lo8(tkey->tx_iv16); 339 } else { 340 *pos++ = rc4key[0]; 341 *pos++ = rc4key[1]; 342 *pos++ = rc4key[2]; 343 } 344 345 *pos++ = (tkey->key_idx << 6) | (1 << 5) /* Ext IV included */; 346 *pos++ = tkey->tx_iv32 & 0xff; 347 *pos++ = (tkey->tx_iv32 >> 8) & 0xff; 348 *pos++ = (tkey->tx_iv32 >> 16) & 0xff; 349 *pos++ = (tkey->tx_iv32 >> 24) & 0xff; 350 351 if (!tcb_desc->bHwSec) { 352 icv = skb_put(skb, 4); 353 crc = ~crc32_le(~0, pos, len); 354 icv[0] = crc; 355 icv[1] = crc >> 8; 356 icv[2] = crc >> 16; 357 icv[3] = crc >> 24; 358 359 sg_init_one(&sg, pos, len+4); 360 361 362 crypto_blkcipher_setkey(tkey->tx_tfm_arc4, rc4key, 16); 363 ret= crypto_blkcipher_encrypt(&desc, &sg, &sg, len + 4); 364 } 365 366 tkey->tx_iv16++; 367 if (tkey->tx_iv16 == 0) { 368 tkey->tx_phase1_done = 0; 369 tkey->tx_iv32++; 370 } 371 372 if (!tcb_desc->bHwSec) 373 return ret; 374 else 375 return 0; 376 377 378} 379 380static int rtllib_tkip_decrypt(struct sk_buff *skb, int hdr_len, void *priv) 381{ 382 struct rtllib_tkip_data *tkey = priv; 383 u8 keyidx, *pos; 384 u32 iv32; 385 u16 iv16; 386 struct rtllib_hdr_4addr *hdr; 387 cb_desc *tcb_desc = (cb_desc *)(skb->cb + MAX_DEV_ADDR_SIZE); 388 struct blkcipher_desc desc = {.tfm = tkey->rx_tfm_arc4}; 389 u8 rc4key[16]; 390 u8 icv[4]; 391 u32 crc; 392 struct scatterlist sg; 393 int plen; 394 if (skb->len < hdr_len + 8 + 4) 395 return -1; 396 397 hdr = (struct rtllib_hdr_4addr *) skb->data; 398 pos = skb->data + hdr_len; 399 keyidx = pos[3]; 400 if (!(keyidx & (1 << 5))) { 401 if (net_ratelimit()) { 402 printk(KERN_DEBUG "TKIP: received packet without ExtIV" 403 " flag from " MAC_FMT "\n", MAC_ARG(hdr->addr2)); 404 } 405 return -2; 406 } 407 keyidx >>= 6; 408 if (tkey->key_idx != keyidx) { 409 printk(KERN_DEBUG "TKIP: RX tkey->key_idx=%d frame " 410 "keyidx=%d priv=%p\n", tkey->key_idx, keyidx, priv); 411 return -6; 412 } 413 if (!tkey->key_set) { 414 if (net_ratelimit()) { 415 printk(KERN_DEBUG "TKIP: received packet from " MAC_FMT 416 " with keyid=%d that does not have a configured" 417 " key\n", MAC_ARG(hdr->addr2), keyidx); 418 } 419 return -3; 420 } 421 iv16 = (pos[0] << 8) | pos[2]; 422 iv32 = pos[4] | (pos[5] << 8) | (pos[6] << 16) | (pos[7] << 24); 423 pos += 8; 424 425 if (!tcb_desc->bHwSec || (skb->cb[0] == 1)) 426 { 427 if ((iv32 < tkey->rx_iv32 || 428 (iv32 == tkey->rx_iv32 && iv16 <= tkey->rx_iv16))&&tkey->initialized) { 429 if (net_ratelimit()) { 430 printk(KERN_DEBUG "TKIP: replay detected: STA=" MAC_FMT 431 " previous TSC %08x%04x received TSC " 432 "%08x%04x\n", MAC_ARG(hdr->addr2), 433 tkey->rx_iv32, tkey->rx_iv16, iv32, iv16); 434 } 435 tkey->dot11RSNAStatsTKIPReplays++; 436 return -4; 437 } 438 tkey->initialized = true; 439 440 if (iv32 != tkey->rx_iv32 || !tkey->rx_phase1_done) { 441 tkip_mixing_phase1(tkey->rx_ttak, tkey->key, hdr->addr2, iv32); 442 tkey->rx_phase1_done = 1; 443 } 444 tkip_mixing_phase2(rc4key, tkey->key, tkey->rx_ttak, iv16); 445 446 plen = skb->len - hdr_len - 12; 447 448 sg_init_one(&sg, pos, plen+4); 449 450 crypto_blkcipher_setkey(tkey->rx_tfm_arc4, rc4key, 16); 451 if (crypto_blkcipher_decrypt(&desc, &sg, &sg, plen + 4)) { 452 if (net_ratelimit()) { 453 printk(KERN_DEBUG ": TKIP: failed to decrypt " 454 "received packet from " MAC_FMT "\n", 455 MAC_ARG(hdr->addr2)); 456 } 457 return -7; 458 } 459 460 crc = ~crc32_le(~0, pos, plen); 461 icv[0] = crc; 462 icv[1] = crc >> 8; 463 icv[2] = crc >> 16; 464 icv[3] = crc >> 24; 465 466 if (memcmp(icv, pos + plen, 4) != 0) { 467 if (iv32 != tkey->rx_iv32) { 468 /* Previously cached Phase1 result was already lost, so 469 * it needs to be recalculated for the next packet. */ 470 tkey->rx_phase1_done = 0; 471 } 472 if (net_ratelimit()) { 473 printk(KERN_DEBUG "TKIP: ICV error detected: STA=" 474 MAC_FMT "\n", MAC_ARG(hdr->addr2)); 475 } 476 tkey->dot11RSNAStatsTKIPICVErrors++; 477 return -5; 478 } 479 480 } 481 482 /* Update real counters only after Michael MIC verification has 483 * completed */ 484 tkey->rx_iv32_new = iv32; 485 tkey->rx_iv16_new = iv16; 486 487 /* Remove IV and ICV */ 488 memmove(skb->data + 8, skb->data, hdr_len); 489 skb_pull(skb, 8); 490 skb_trim(skb, skb->len - 4); 491 492#ifdef JOHN_DUMP 493if ( ((u16*)skb->data)[0] & 0x4000){ 494 printk("@@ rx decrypted skb->data"); 495 int i; 496 for (i = 0; i < skb->len; i++) { 497 if ( (i%24)==0 ) printk("\n"); 498 printk("%2x ", ((u8*)skb->data)[i]); 499 } 500 printk("\n"); 501} 502#endif /*JOHN_DUMP*/ 503 return keyidx; 504} 505 506 507static int michael_mic(struct crypto_hash *tfm_michael, u8 * key, u8 * hdr, 508 u8 * data, size_t data_len, u8 * mic) 509{ 510 struct hash_desc desc; 511 struct scatterlist sg[2]; 512 513 if (tfm_michael == NULL) { 514 printk(KERN_WARNING "michael_mic: tfm_michael == NULL\n"); 515 return -1; 516 } 517 sg_init_table(sg, 2); 518 sg_set_buf(&sg[0], hdr, 16); 519 sg_set_buf(&sg[1], data, data_len); 520 521 if (crypto_hash_setkey(tfm_michael, key, 8)) 522 return -1; 523 524 desc.tfm = tfm_michael; 525 desc.flags = 0; 526 return crypto_hash_digest(&desc, sg, data_len + 16, mic); 527} 528 529static void michael_mic_hdr(struct sk_buff *skb, u8 *hdr) 530{ 531 struct rtllib_hdr_4addr *hdr11; 532 533 hdr11 = (struct rtllib_hdr_4addr *) skb->data; 534 switch (le16_to_cpu(hdr11->frame_ctl) & 535 (RTLLIB_FCTL_FROMDS | RTLLIB_FCTL_TODS)) { 536 case RTLLIB_FCTL_TODS: 537 memcpy(hdr, hdr11->addr3, ETH_ALEN); /* DA */ 538 memcpy(hdr + ETH_ALEN, hdr11->addr2, ETH_ALEN); /* SA */ 539 break; 540 case RTLLIB_FCTL_FROMDS: 541 memcpy(hdr, hdr11->addr1, ETH_ALEN); /* DA */ 542 memcpy(hdr + ETH_ALEN, hdr11->addr3, ETH_ALEN); /* SA */ 543 break; 544 case RTLLIB_FCTL_FROMDS | RTLLIB_FCTL_TODS: 545 memcpy(hdr, hdr11->addr3, ETH_ALEN); /* DA */ 546 memcpy(hdr + ETH_ALEN, hdr11->addr4, ETH_ALEN); /* SA */ 547 break; 548 case 0: 549 memcpy(hdr, hdr11->addr1, ETH_ALEN); /* DA */ 550 memcpy(hdr + ETH_ALEN, hdr11->addr2, ETH_ALEN); /* SA */ 551 break; 552 } 553 554 hdr[12] = 0; /* priority */ 555 556 hdr[13] = hdr[14] = hdr[15] = 0; /* reserved */ 557} 558 559 560static int rtllib_michael_mic_add(struct sk_buff *skb, int hdr_len, void *priv) 561{ 562 struct rtllib_tkip_data *tkey = priv; 563 u8 *pos; 564 struct rtllib_hdr_4addr *hdr; 565 566 hdr = (struct rtllib_hdr_4addr *) skb->data; 567 568 if (skb_tailroom(skb) < 8 || skb->len < hdr_len) { 569 printk(KERN_DEBUG "Invalid packet for Michael MIC add " 570 "(tailroom=%d hdr_len=%d skb->len=%d)\n", 571 skb_tailroom(skb), hdr_len, skb->len); 572 return -1; 573 } 574 575 michael_mic_hdr(skb, tkey->tx_hdr); 576 577 if (RTLLIB_QOS_HAS_SEQ(le16_to_cpu(hdr->frame_ctl))) { 578 tkey->tx_hdr[12] = *(skb->data + hdr_len - 2) & 0x07; 579 } 580 pos = skb_put(skb, 8); 581 if (michael_mic(tkey->tx_tfm_michael, &tkey->key[16], tkey->tx_hdr, 582 skb->data + hdr_len, skb->len - 8 - hdr_len, pos)) 583 return -1; 584 585 return 0; 586} 587 588 589#if WIRELESS_EXT >= 18 590static void rtllib_michael_mic_failure(struct net_device *dev, 591 struct rtllib_hdr_4addr *hdr, 592 int keyidx) 593{ 594 union iwreq_data wrqu; 595 struct iw_michaelmicfailure ev; 596 597 /* TODO: needed parameters: count, keyid, key type, TSC */ 598 memset(&ev, 0, sizeof(ev)); 599 ev.flags = keyidx & IW_MICFAILURE_KEY_ID; 600 if (hdr->addr1[0] & 0x01) 601 ev.flags |= IW_MICFAILURE_GROUP; 602 else 603 ev.flags |= IW_MICFAILURE_PAIRWISE; 604 ev.src_addr.sa_family = ARPHRD_ETHER; 605 memcpy(ev.src_addr.sa_data, hdr->addr2, ETH_ALEN); 606 memset(&wrqu, 0, sizeof(wrqu)); 607 wrqu.data.length = sizeof(ev); 608 wireless_send_event(dev, IWEVMICHAELMICFAILURE, &wrqu, (char *) &ev); 609} 610#elif WIRELESS_EXT >= 15 611static void rtllib_michael_mic_failure(struct net_device *dev, 612 struct rtllib_hdr_4addr *hdr, 613 int keyidx) 614{ 615 union iwreq_data wrqu; 616 char buf[128]; 617 618 /* TODO: needed parameters: count, keyid, key type, TSC */ 619 sprintf(buf, "MLME-MICHAELMICFAILURE.indication(keyid=%d %scast addr=" 620 MAC_FMT ")", keyidx, hdr->addr1[0] & 0x01 ? "broad" : "uni", 621 MAC_ARG(hdr->addr2)); 622 memset(&wrqu, 0, sizeof(wrqu)); 623 wrqu.data.length = strlen(buf); 624 wireless_send_event(dev, IWEVCUSTOM, &wrqu, buf); 625} 626#else /* WIRELESS_EXT >= 15 */ 627static inline void rtllib_michael_mic_failure(struct net_device *dev, 628 struct rtllib_hdr_4addr *hdr, 629 int keyidx) 630{ 631} 632#endif /* WIRELESS_EXT >= 15 */ 633 634static int rtllib_michael_mic_verify(struct sk_buff *skb, int keyidx, 635 int hdr_len, void *priv, struct rtllib_device* ieee) 636{ 637 struct rtllib_tkip_data *tkey = priv; 638 u8 mic[8]; 639 struct rtllib_hdr_4addr *hdr; 640 641 hdr = (struct rtllib_hdr_4addr *) skb->data; 642 643 if (!tkey->key_set) 644 return -1; 645 646 michael_mic_hdr(skb, tkey->rx_hdr); 647 if (RTLLIB_QOS_HAS_SEQ(le16_to_cpu(hdr->frame_ctl))) { 648 tkey->rx_hdr[12] = *(skb->data + hdr_len - 2) & 0x07; 649 } 650 651 if (michael_mic(tkey->rx_tfm_michael, &tkey->key[24], tkey->rx_hdr, 652 skb->data + hdr_len, skb->len - 8 - hdr_len, mic)) 653 return -1; 654 655 if ((memcmp(mic, skb->data + skb->len - 8, 8) != 0)||(ieee->force_mic_error)) { 656 struct rtllib_hdr_4addr *hdr; 657 hdr = (struct rtllib_hdr_4addr *) skb->data; 658 printk(KERN_DEBUG "%s: Michael MIC verification failed for " 659 "MSDU from " MAC_FMT " keyidx=%d\n", 660 skb->dev ? skb->dev->name : "N/A", MAC_ARG(hdr->addr2), 661 keyidx); 662 printk("%d, force_mic_error = %d\n", (memcmp(mic, skb->data + skb->len - 8, 8) != 0),\ 663 ieee->force_mic_error); 664 if (skb->dev) { 665 printk("skb->dev != NULL\n"); 666 rtllib_michael_mic_failure(skb->dev, hdr, keyidx); 667 } 668 tkey->dot11RSNAStatsTKIPLocalMICFailures++; 669 ieee->force_mic_error = false; 670 return -1; 671 } 672 673 /* Update TSC counters for RX now that the packet verification has 674 * completed. */ 675 tkey->rx_iv32 = tkey->rx_iv32_new; 676 tkey->rx_iv16 = tkey->rx_iv16_new; 677 678 skb_trim(skb, skb->len - 8); 679 680 return 0; 681} 682 683 684static int rtllib_tkip_set_key(void *key, int len, u8 *seq, void *priv) 685{ 686 struct rtllib_tkip_data *tkey = priv; 687 int keyidx; 688 struct crypto_hash *tfm = tkey->tx_tfm_michael; 689 struct crypto_blkcipher *tfm2 = tkey->tx_tfm_arc4; 690 struct crypto_hash *tfm3 = tkey->rx_tfm_michael; 691 struct crypto_blkcipher *tfm4 = tkey->rx_tfm_arc4; 692 693 keyidx = tkey->key_idx; 694 memset(tkey, 0, sizeof(*tkey)); 695 tkey->key_idx = keyidx; 696 tkey->tx_tfm_michael = tfm; 697 tkey->tx_tfm_arc4 = tfm2; 698 tkey->rx_tfm_michael = tfm3; 699 tkey->rx_tfm_arc4 = tfm4; 700 701 if (len == TKIP_KEY_LEN) { 702 memcpy(tkey->key, key, TKIP_KEY_LEN); 703 tkey->key_set = 1; 704 tkey->tx_iv16 = 1; /* TSC is initialized to 1 */ 705 if (seq) { 706 tkey->rx_iv32 = (seq[5] << 24) | (seq[4] << 16) | 707 (seq[3] << 8) | seq[2]; 708 tkey->rx_iv16 = (seq[1] << 8) | seq[0]; 709 } 710 } else if (len == 0) 711 tkey->key_set = 0; 712 else 713 return -1; 714 715 return 0; 716} 717 718 719static int rtllib_tkip_get_key(void *key, int len, u8 *seq, void *priv) 720{ 721 struct rtllib_tkip_data *tkey = priv; 722 723 if (len < TKIP_KEY_LEN) 724 return -1; 725 726 if (!tkey->key_set) 727 return 0; 728 memcpy(key, tkey->key, TKIP_KEY_LEN); 729 730 if (seq) { 731 /* Return the sequence number of the last transmitted frame. */ 732 u16 iv16 = tkey->tx_iv16; 733 u32 iv32 = tkey->tx_iv32; 734 if (iv16 == 0) 735 iv32--; 736 iv16--; 737 seq[0] = tkey->tx_iv16; 738 seq[1] = tkey->tx_iv16 >> 8; 739 seq[2] = tkey->tx_iv32; 740 seq[3] = tkey->tx_iv32 >> 8; 741 seq[4] = tkey->tx_iv32 >> 16; 742 seq[5] = tkey->tx_iv32 >> 24; 743 } 744 745 return TKIP_KEY_LEN; 746} 747 748 749static char * rtllib_tkip_print_stats(char *p, void *priv) 750{ 751 struct rtllib_tkip_data *tkip = priv; 752 p += sprintf(p, "key[%d] alg=TKIP key_set=%d " 753 "tx_pn=%02x%02x%02x%02x%02x%02x " 754 "rx_pn=%02x%02x%02x%02x%02x%02x " 755 "replays=%d icv_errors=%d local_mic_failures=%d\n", 756 tkip->key_idx, tkip->key_set, 757 (tkip->tx_iv32 >> 24) & 0xff, 758 (tkip->tx_iv32 >> 16) & 0xff, 759 (tkip->tx_iv32 >> 8) & 0xff, 760 tkip->tx_iv32 & 0xff, 761 (tkip->tx_iv16 >> 8) & 0xff, 762 tkip->tx_iv16 & 0xff, 763 (tkip->rx_iv32 >> 24) & 0xff, 764 (tkip->rx_iv32 >> 16) & 0xff, 765 (tkip->rx_iv32 >> 8) & 0xff, 766 tkip->rx_iv32 & 0xff, 767 (tkip->rx_iv16 >> 8) & 0xff, 768 tkip->rx_iv16 & 0xff, 769 tkip->dot11RSNAStatsTKIPReplays, 770 tkip->dot11RSNAStatsTKIPICVErrors, 771 tkip->dot11RSNAStatsTKIPLocalMICFailures); 772 return p; 773} 774 775 776static struct rtllib_crypto_ops rtllib_crypt_tkip = { 777 .name = "TKIP", 778 .init = rtllib_tkip_init, 779 .deinit = rtllib_tkip_deinit, 780 .encrypt_mpdu = rtllib_tkip_encrypt, 781 .decrypt_mpdu = rtllib_tkip_decrypt, 782 .encrypt_msdu = rtllib_michael_mic_add, 783 .decrypt_msdu = rtllib_michael_mic_verify, 784 .set_key = rtllib_tkip_set_key, 785 .get_key = rtllib_tkip_get_key, 786 .print_stats = rtllib_tkip_print_stats, 787 .extra_prefix_len = 4 + 4, /* IV + ExtIV */ 788 .extra_postfix_len = 8 + 4, /* MIC + ICV */ 789 .owner = THIS_MODULE, 790}; 791 792 793int __init rtllib_crypto_tkip_init(void) 794{ 795 return rtllib_register_crypto_ops(&rtllib_crypt_tkip); 796} 797 798 799void __exit rtllib_crypto_tkip_exit(void) 800{ 801 rtllib_unregister_crypto_ops(&rtllib_crypt_tkip); 802} 803 804void rtllib_tkip_null(void) 805{ 806 return; 807} 808