]> bbs.cooldavid.org Git - net-next-2.6.git/blame - net/wireless/lib80211_crypt_tkip.c
git://bbs.cooldavid.org / net-next-2.6.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
xps: Transmit Packet Steering
[net-next-2.6.git] / net / wireless / lib80211_crypt_tkip.c
CommitLineData
b453872c 1/*
274bfb8d 2 * lib80211 crypt: host-based TKIP encryption implementation for lib80211
b453872c 3 *
85d32e7b 4 * Copyright (c) 2003-2004, Jouni Malinen <j@w1.fi>
274bfb8d 5 * Copyright (c) 2008, John W. Linville <linville@tuxdriver.com>
b453872c
JG		 6 *
7 * This program is free software; you can redistribute it and/or modify
8 * it under the terms of the GNU General Public License version 2 as
9 * published by the Free Software Foundation. See README and COPYING for
10 * more details.
11 */
12
f12cc209 13#include <linux/err.h>
b453872c
JG		 14#include <linux/module.h>
15#include <linux/init.h>
16#include <linux/slab.h>
17#include <linux/random.h>
11763609 18#include <linux/scatterlist.h>
b453872c
JG		 19#include <linux/skbuff.h>
20#include <linux/netdevice.h>
d7fe0f24 21#include <linux/mm.h>
b453872c
JG		 22#include <linux/if_ether.h>
23#include <linux/if_arp.h>
24#include <asm/string.h>
25
274bfb8d
JL		 26#include <linux/wireless.h>
27#include <linux/ieee80211.h>
28#include <net/iw_handler.h>
b453872c 29
b453872c 30#include <linux/crypto.h>
b453872c
JG		 31#include <linux/crc32.h>
32
274bfb8d
JL		 33#include <net/lib80211.h>
34
b453872c 35MODULE_AUTHOR("Jouni Malinen");
274bfb8d 36MODULE_DESCRIPTION("lib80211 crypt: TKIP");
b453872c
JG		 37MODULE_LICENSE("GPL");
38
299af9d3
AT		 39#define TKIP_HDR_LEN 8
40
274bfb8d 41struct lib80211_tkip_data {
b453872c
JG		 42#define TKIP_KEY_LEN 32
43 u8 key[TKIP_KEY_LEN];
44 int key_set;
45
46 u32 tx_iv32;
47 u16 tx_iv16;
48 u16 tx_ttak[5];
49 int tx_phase1_done;
50
51 u32 rx_iv32;
52 u16 rx_iv16;
53 u16 rx_ttak[5];
54 int rx_phase1_done;
55 u32 rx_iv32_new;
56 u16 rx_iv16_new;
57
58 u32 dot11RSNAStatsTKIPReplays;
59 u32 dot11RSNAStatsTKIPICVErrors;
60 u32 dot11RSNAStatsTKIPLocalMICFailures;
61
62 int key_idx;
63
28eb177d
JG		 64 struct crypto_blkcipher *rx_tfm_arc4;
65 struct crypto_hash *rx_tfm_michael;
66 struct crypto_blkcipher *tx_tfm_arc4;
67 struct crypto_hash *tx_tfm_michael;
b453872c
JG		 68
69 /* scratch buffers for virt_to_page() (crypto API) */
70 u8 rx_hdr[16], tx_hdr[16];
20d64713 71
6eb6edf0 72 unsigned long flags;
b453872c
JG		 73};
74
274bfb8d 75static unsigned long lib80211_tkip_set_flags(unsigned long flags, void *priv)
6eb6edf0 76{
274bfb8d 77 struct lib80211_tkip_data *_priv = priv;
6eb6edf0
JK		 78 unsigned long old_flags = _priv->flags;
79 _priv->flags = flags;
80 return old_flags;
81}
82
274bfb8d 83static unsigned long lib80211_tkip_get_flags(void *priv)
6eb6edf0 84{
274bfb8d 85 struct lib80211_tkip_data *_priv = priv;
6eb6edf0
JK		 86 return _priv->flags;
87}
88
274bfb8d 89static void *lib80211_tkip_init(int key_idx)
b453872c 90{
274bfb8d 91 struct lib80211_tkip_data *priv;
b453872c 92
8aa914b7 93 priv = kzalloc(sizeof(*priv), GFP_ATOMIC);
b453872c
JG		 94 if (priv == NULL)
95 goto fail;
20d64713 96
b453872c
JG		 97 priv->key_idx = key_idx;
98
28eb177d 99 priv->tx_tfm_arc4 = crypto_alloc_blkcipher("ecb(arc4)", 0,
f12cc209 100 CRYPTO_ALG_ASYNC);
28eb177d 101 if (IS_ERR(priv->tx_tfm_arc4)) {
274bfb8d 102 printk(KERN_DEBUG "lib80211_crypt_tkip: could not allocate "
b453872c 103 "crypto API arc4\n");
18379879 104 priv->tx_tfm_arc4 = NULL;
b453872c
JG		 105 goto fail;
106 }
107
28eb177d
JG		 108 priv->tx_tfm_michael = crypto_alloc_hash("michael_mic", 0,
109 CRYPTO_ALG_ASYNC);
110 if (IS_ERR(priv->tx_tfm_michael)) {
274bfb8d 111 printk(KERN_DEBUG "lib80211_crypt_tkip: could not allocate "
5a656949 112 "crypto API michael_mic\n");
18379879 113 priv->tx_tfm_michael = NULL;
5a656949
ZY		 114 goto fail;
115 }
116
28eb177d
JG		 117 priv->rx_tfm_arc4 = crypto_alloc_blkcipher("ecb(arc4)", 0,
118 CRYPTO_ALG_ASYNC);
119 if (IS_ERR(priv->rx_tfm_arc4)) {
274bfb8d 120 printk(KERN_DEBUG "lib80211_crypt_tkip: could not allocate "
5a656949 121 "crypto API arc4\n");
18379879 122 priv->rx_tfm_arc4 = NULL;
5a656949
ZY		 123 goto fail;
124 }
125
28eb177d
JG		 126 priv->rx_tfm_michael = crypto_alloc_hash("michael_mic", 0,
127 CRYPTO_ALG_ASYNC);
128 if (IS_ERR(priv->rx_tfm_michael)) {
274bfb8d 129 printk(KERN_DEBUG "lib80211_crypt_tkip: could not allocate "
b453872c 130 "crypto API michael_mic\n");
18379879 131 priv->rx_tfm_michael = NULL;
b453872c
JG		 132 goto fail;
133 }
134
135 return priv;
136
0edd5b44 137 fail:
b453872c 138 if (priv) {
5a656949 139 if (priv->tx_tfm_michael)
28eb177d 140 crypto_free_hash(priv->tx_tfm_michael);
5a656949 141 if (priv->tx_tfm_arc4)
28eb177d 142 crypto_free_blkcipher(priv->tx_tfm_arc4);
5a656949 143 if (priv->rx_tfm_michael)
28eb177d 144 crypto_free_hash(priv->rx_tfm_michael);
5a656949 145 if (priv->rx_tfm_arc4)
28eb177d 146 crypto_free_blkcipher(priv->rx_tfm_arc4);
b453872c
JG		 147 kfree(priv);
148 }
149
150 return NULL;
151}
152
274bfb8d 153static void lib80211_tkip_deinit(void *priv)
b453872c 154{
274bfb8d 155 struct lib80211_tkip_data *_priv = priv;
5a656949
ZY		 156 if (_priv) {
157 if (_priv->tx_tfm_michael)
28eb177d 158 crypto_free_hash(_priv->tx_tfm_michael);
5a656949 159 if (_priv->tx_tfm_arc4)
28eb177d 160 crypto_free_blkcipher(_priv->tx_tfm_arc4);
5a656949 161 if (_priv->rx_tfm_michael)
28eb177d 162 crypto_free_hash(_priv->rx_tfm_michael);
5a656949 163 if (_priv->rx_tfm_arc4)
28eb177d 164 crypto_free_blkcipher(_priv->rx_tfm_arc4);
5a656949 165 }
b453872c
JG		 166 kfree(priv);
167}
168
b453872c
JG		 169static inline u16 RotR1(u16 val)
170{
171 return (val >> 1) | (val << 15);
172}
173
b453872c
JG		 174static inline u8 Lo8(u16 val)
175{
176 return val & 0xff;
177}
178
b453872c
JG		 179static inline u8 Hi8(u16 val)
180{
181 return val >> 8;
182}
183
b453872c
JG		 184static inline u16 Lo16(u32 val)
185{
186 return val & 0xffff;
187}
188
b453872c
JG		 189static inline u16 Hi16(u32 val)
190{
191 return val >> 16;
192}
193
b453872c
JG		 194static inline u16 Mk16(u8 hi, u8 lo)
195{
196 return lo | (((u16) hi) << 8);
197}
198
d9e94d56 199static inline u16 Mk16_le(__le16 * v)
b453872c
JG		 200{
201 return le16_to_cpu(*v);
202}
203
0edd5b44 204static const u16 Sbox[256] = {
b453872c
JG		 205 0xC6A5, 0xF884, 0xEE99, 0xF68D, 0xFF0D, 0xD6BD, 0xDEB1, 0x9154,
206 0x6050, 0x0203, 0xCEA9, 0x567D, 0xE719, 0xB562, 0x4DE6, 0xEC9A,
207 0x8F45, 0x1F9D, 0x8940, 0xFA87, 0xEF15, 0xB2EB, 0x8EC9, 0xFB0B,
208 0x41EC, 0xB367, 0x5FFD, 0x45EA, 0x23BF, 0x53F7, 0xE496, 0x9B5B,
209 0x75C2, 0xE11C, 0x3DAE, 0x4C6A, 0x6C5A, 0x7E41, 0xF502, 0x834F,
210 0x685C, 0x51F4, 0xD134, 0xF908, 0xE293, 0xAB73, 0x6253, 0x2A3F,
211 0x080C, 0x9552, 0x4665, 0x9D5E, 0x3028, 0x37A1, 0x0A0F, 0x2FB5,
212 0x0E09, 0x2436, 0x1B9B, 0xDF3D, 0xCD26, 0x4E69, 0x7FCD, 0xEA9F,
213 0x121B, 0x1D9E, 0x5874, 0x342E, 0x362D, 0xDCB2, 0xB4EE, 0x5BFB,
214 0xA4F6, 0x764D, 0xB761, 0x7DCE, 0x527B, 0xDD3E, 0x5E71, 0x1397,
215 0xA6F5, 0xB968, 0x0000, 0xC12C, 0x4060, 0xE31F, 0x79C8, 0xB6ED,
216 0xD4BE, 0x8D46, 0x67D9, 0x724B, 0x94DE, 0x98D4, 0xB0E8, 0x854A,
217 0xBB6B, 0xC52A, 0x4FE5, 0xED16, 0x86C5, 0x9AD7, 0x6655, 0x1194,
218 0x8ACF, 0xE910, 0x0406, 0xFE81, 0xA0F0, 0x7844, 0x25BA, 0x4BE3,
219 0xA2F3, 0x5DFE, 0x80C0, 0x058A, 0x3FAD, 0x21BC, 0x7048, 0xF104,
220 0x63DF, 0x77C1, 0xAF75, 0x4263, 0x2030, 0xE51A, 0xFD0E, 0xBF6D,
221 0x814C, 0x1814, 0x2635, 0xC32F, 0xBEE1, 0x35A2, 0x88CC, 0x2E39,
222 0x9357, 0x55F2, 0xFC82, 0x7A47, 0xC8AC, 0xBAE7, 0x322B, 0xE695,
223 0xC0A0, 0x1998, 0x9ED1, 0xA37F, 0x4466, 0x547E, 0x3BAB, 0x0B83,
224 0x8CCA, 0xC729, 0x6BD3, 0x283C, 0xA779, 0xBCE2, 0x161D, 0xAD76,
225 0xDB3B, 0x6456, 0x744E, 0x141E, 0x92DB, 0x0C0A, 0x486C, 0xB8E4,
226 0x9F5D, 0xBD6E, 0x43EF, 0xC4A6, 0x39A8, 0x31A4, 0xD337, 0xF28B,
227 0xD532, 0x8B43, 0x6E59, 0xDAB7, 0x018C, 0xB164, 0x9CD2, 0x49E0,
228 0xD8B4, 0xACFA, 0xF307, 0xCF25, 0xCAAF, 0xF48E, 0x47E9, 0x1018,
229 0x6FD5, 0xF088, 0x4A6F, 0x5C72, 0x3824, 0x57F1, 0x73C7, 0x9751,
230 0xCB23, 0xA17C, 0xE89C, 0x3E21, 0x96DD, 0x61DC, 0x0D86, 0x0F85,
231 0xE090, 0x7C42, 0x71C4, 0xCCAA, 0x90D8, 0x0605, 0xF701, 0x1C12,
232 0xC2A3, 0x6A5F, 0xAEF9, 0x69D0, 0x1791, 0x9958, 0x3A27, 0x27B9,
233 0xD938, 0xEB13, 0x2BB3, 0x2233, 0xD2BB, 0xA970, 0x0789, 0x33A7,
234 0x2DB6, 0x3C22, 0x1592, 0xC920, 0x8749, 0xAAFF, 0x5078, 0xA57A,
235 0x038F, 0x59F8, 0x0980, 0x1A17, 0x65DA, 0xD731, 0x84C6, 0xD0B8,
236 0x82C3, 0x29B0, 0x5A77, 0x1E11, 0x7BCB, 0xA8FC, 0x6DD6, 0x2C3A,
237};
238
b453872c
JG		 239static inline u16 _S_(u16 v)
240{
241 u16 t = Sbox[Hi8(v)];
242 return Sbox[Lo8(v)] ^ ((t << 8) | (t >> 8));
243}
244
b453872c
JG		 245#define PHASE1_LOOP_COUNT 8
246
0edd5b44
JG		 247static void tkip_mixing_phase1(u16 * TTAK, const u8 * TK, const u8 * TA,
248 u32 IV32)
b453872c
JG		 249{
250 int i, j;
251
252 /* Initialize the 80-bit TTAK from TSC (IV32) and TA[0..5] */
253 TTAK[0] = Lo16(IV32);
254 TTAK[1] = Hi16(IV32);
255 TTAK[2] = Mk16(TA[1], TA[0]);
256 TTAK[3] = Mk16(TA[3], TA[2]);
257 TTAK[4] = Mk16(TA[5], TA[4]);
258
259 for (i = 0; i < PHASE1_LOOP_COUNT; i++) {
260 j = 2 * (i & 1);
261 TTAK[0] += _S_(TTAK[4] ^ Mk16(TK[1 + j], TK[0 + j]));
262 TTAK[1] += _S_(TTAK[0] ^ Mk16(TK[5 + j], TK[4 + j]));
263 TTAK[2] += _S_(TTAK[1] ^ Mk16(TK[9 + j], TK[8 + j]));
264 TTAK[3] += _S_(TTAK[2] ^ Mk16(TK[13 + j], TK[12 + j]));
265 TTAK[4] += _S_(TTAK[3] ^ Mk16(TK[1 + j], TK[0 + j])) + i;
266 }
267}
268
0edd5b44 269static void tkip_mixing_phase2(u8 * WEPSeed, const u8 * TK, const u16 * TTAK,
b453872c
JG		 270 u16 IV16)
271{
272 /* Make temporary area overlap WEP seed so that the final copy can be
273 * avoided on little endian hosts. */
0edd5b44 274 u16 *PPK = (u16 *) & WEPSeed[4];
b453872c
JG		 275
276 /* Step 1 - make copy of TTAK and bring in TSC */
277 PPK[0] = TTAK[0];
278 PPK[1] = TTAK[1];
279 PPK[2] = TTAK[2];
280 PPK[3] = TTAK[3];
281 PPK[4] = TTAK[4];
282 PPK[5] = TTAK[4] + IV16;
283
284 /* Step 2 - 96-bit bijective mixing using S-box */
d9e94d56
AV		 285 PPK[0] += _S_(PPK[5] ^ Mk16_le((__le16 *) & TK[0]));
286 PPK[1] += _S_(PPK[0] ^ Mk16_le((__le16 *) & TK[2]));
287 PPK[2] += _S_(PPK[1] ^ Mk16_le((__le16 *) & TK[4]));
288 PPK[3] += _S_(PPK[2] ^ Mk16_le((__le16 *) & TK[6]));
289 PPK[4] += _S_(PPK[3] ^ Mk16_le((__le16 *) & TK[8]));
290 PPK[5] += _S_(PPK[4] ^ Mk16_le((__le16 *) & TK[10]));
291
292 PPK[0] += RotR1(PPK[5] ^ Mk16_le((__le16 *) & TK[12]));
293 PPK[1] += RotR1(PPK[0] ^ Mk16_le((__le16 *) & TK[14]));
b453872c
JG		 294 PPK[2] += RotR1(PPK[1]);
295 PPK[3] += RotR1(PPK[2]);
296 PPK[4] += RotR1(PPK[3]);
297 PPK[5] += RotR1(PPK[4]);
298
299 /* Step 3 - bring in last of TK bits, assign 24-bit WEP IV value
300 * WEPSeed[0..2] is transmitted as WEP IV */
301 WEPSeed[0] = Hi8(IV16);
302 WEPSeed[1] = (Hi8(IV16) | 0x20) & 0x7F;
303 WEPSeed[2] = Lo8(IV16);
d9e94d56 304 WEPSeed[3] = Lo8((PPK[5] ^ Mk16_le((__le16 *) & TK[0])) >> 1);
b453872c
JG		 305
306#ifdef __BIG_ENDIAN
307 {
308 int i;
309 for (i = 0; i < 6; i++)
310 PPK[i] = (PPK[i] << 8) | (PPK[i] >> 8);
311 }
312#endif
313}
314
274bfb8d 315static int lib80211_tkip_hdr(struct sk_buff *skb, int hdr_len,
9184d934 316 u8 * rc4key, int keylen, void *priv)
b453872c 317{
274bfb8d 318 struct lib80211_tkip_data *tkey = priv;
9184d934 319 u8 *pos;
274bfb8d 320 struct ieee80211_hdr *hdr;
b453872c 321
274bfb8d 322 hdr = (struct ieee80211_hdr *)skb->data;
20d64713 323
299af9d3 324 if (skb_headroom(skb) < TKIP_HDR_LEN || skb->len < hdr_len)
9184d934
ZY		 325 return -1;
326
327 if (rc4key == NULL || keylen < 16)
328 return -1;
b453872c 329
b453872c
JG		 330 if (!tkey->tx_phase1_done) {
331 tkip_mixing_phase1(tkey->tx_ttak, tkey->key, hdr->addr2,
332 tkey->tx_iv32);
333 tkey->tx_phase1_done = 1;
334 }
335 tkip_mixing_phase2(rc4key, tkey->key, tkey->tx_ttak, tkey->tx_iv16);
336
299af9d3
AT		 337 pos = skb_push(skb, TKIP_HDR_LEN);
338 memmove(pos, pos + TKIP_HDR_LEN, hdr_len);
b453872c 339 pos += hdr_len;
b453872c 340
31b59eae
JK		 341 *pos++ = *rc4key;
342 *pos++ = *(rc4key + 1);
343 *pos++ = *(rc4key + 2);
0edd5b44 344 *pos++ = (tkey->key_idx << 6) | (1 << 5) /* Ext IV included */ ;
b453872c
JG		 345 *pos++ = tkey->tx_iv32 & 0xff;
346 *pos++ = (tkey->tx_iv32 >> 8) & 0xff;
347 *pos++ = (tkey->tx_iv32 >> 16) & 0xff;
348 *pos++ = (tkey->tx_iv32 >> 24) & 0xff;
349
9184d934
ZY		 350 tkey->tx_iv16++;
351 if (tkey->tx_iv16 == 0) {
352 tkey->tx_phase1_done = 0;
353 tkey->tx_iv32++;
354 }
b453872c 355
299af9d3 356 return TKIP_HDR_LEN;
31b59eae
JK		 357}
358
274bfb8d 359static int lib80211_tkip_encrypt(struct sk_buff *skb, int hdr_len, void *priv)
31b59eae 360{
274bfb8d 361 struct lib80211_tkip_data *tkey = priv;
28eb177d 362 struct blkcipher_desc desc = { .tfm = tkey->tx_tfm_arc4 };
31b59eae 363 int len;
9184d934
ZY		 364 u8 rc4key[16], *pos, *icv;
365 u32 crc;
31b59eae
JK		 366 struct scatterlist sg;
367
6eb6edf0 368 if (tkey->flags & IEEE80211_CRYPTO_TKIP_COUNTERMEASURES) {
31b59eae 369 if (net_ratelimit()) {
274bfb8d
JL		 370 struct ieee80211_hdr *hdr =
371 (struct ieee80211_hdr *)skb->data;
9184d934 372 printk(KERN_DEBUG ": TKIP countermeasures: dropped "
e174961c 373 "TX packet to %pM\n", hdr->addr1);
31b59eae
JK		 374 }
375 return -1;
376 }
377
378 if (skb_tailroom(skb) < 4 || skb->len < hdr_len)
379 return -1;
380
381 len = skb->len - hdr_len;
382 pos = skb->data + hdr_len;
383
274bfb8d 384 if ((lib80211_tkip_hdr(skb, hdr_len, rc4key, 16, priv)) < 0)
31b59eae
JK		 385 return -1;
386
9184d934 387 crc = ~crc32_le(~0, pos, len);
d0833a6a 388 icv = skb_put(skb, 4);
9184d934
ZY		 389 icv[0] = crc;
390 icv[1] = crc >> 8;
391 icv[2] = crc >> 16;
392 icv[3] = crc >> 24;
393
28eb177d 394 crypto_blkcipher_setkey(tkey->tx_tfm_arc4, rc4key, 16);
fa05f128 395 sg_init_one(&sg, pos, len + 4);
f12cc209 396 return crypto_blkcipher_encrypt(&desc, &sg, &sg, len + 4);
b4328d87
ZY		 397}
398
18379879
JG		 399/*
400 * deal with seq counter wrapping correctly.
401 * refer to timer_after() for jiffies wrapping handling
402 */
403static inline int tkip_replay_check(u32 iv32_n, u16 iv16_n,
404 u32 iv32_o, u16 iv16_o)
405{
406 if ((s32)iv32_n - (s32)iv32_o < 0 ||
407 (iv32_n == iv32_o && iv16_n <= iv16_o))
408 return 1;
409 return 0;
410}
411
274bfb8d 412static int lib80211_tkip_decrypt(struct sk_buff *skb, int hdr_len, void *priv)
b453872c 413{
274bfb8d 414 struct lib80211_tkip_data *tkey = priv;
28eb177d 415 struct blkcipher_desc desc = { .tfm = tkey->rx_tfm_arc4 };
b453872c
JG		 416 u8 rc4key[16];
417 u8 keyidx, *pos;
418 u32 iv32;
419 u16 iv16;
274bfb8d 420 struct ieee80211_hdr *hdr;
b453872c
JG		 421 u8 icv[4];
422 u32 crc;
423 struct scatterlist sg;
424 int plen;
425
274bfb8d 426 hdr = (struct ieee80211_hdr *)skb->data;
20d64713 427
6eb6edf0 428 if (tkey->flags & IEEE80211_CRYPTO_TKIP_COUNTERMEASURES) {
20d64713 429 if (net_ratelimit()) {
9184d934 430 printk(KERN_DEBUG ": TKIP countermeasures: dropped "
e174961c 431 "received packet from %pM\n", hdr->addr2);
20d64713
JK		 432 }
433 return -1;
434 }
435
299af9d3 436 if (skb->len < hdr_len + TKIP_HDR_LEN + 4)
b453872c
JG		 437 return -1;
438
b453872c
JG		 439 pos = skb->data + hdr_len;
440 keyidx = pos[3];
441 if (!(keyidx & (1 << 5))) {
442 if (net_ratelimit()) {
443 printk(KERN_DEBUG "TKIP: received packet without ExtIV"
e174961c 444 " flag from %pM\n", hdr->addr2);
b453872c
JG		 445 }
446 return -2;
447 }
448 keyidx >>= 6;
449 if (tkey->key_idx != keyidx) {
450 printk(KERN_DEBUG "TKIP: RX tkey->key_idx=%d frame "
451 "keyidx=%d priv=%p\n", tkey->key_idx, keyidx, priv);
452 return -6;
453 }
454 if (!tkey->key_set) {
455 if (net_ratelimit()) {
e174961c 456 printk(KERN_DEBUG "TKIP: received packet from %pM"
b453872c 457 " with keyid=%d that does not have a configured"
e174961c 458 " key\n", hdr->addr2, keyidx);
b453872c
JG		 459 }
460 return -3;
461 }
462 iv16 = (pos[0] << 8) | pos[2];
463 iv32 = pos[4] | (pos[5] << 8) | (pos[6] << 16) | (pos[7] << 24);
299af9d3 464 pos += TKIP_HDR_LEN;
b453872c 465
b4328d87 466 if (tkip_replay_check(iv32, iv16, tkey->rx_iv32, tkey->rx_iv16)) {
6f16bf3b 467#ifdef CONFIG_LIB80211_DEBUG
274bfb8d
JL		 468 if (net_ratelimit()) {
469 printk(KERN_DEBUG "TKIP: replay detected: STA=%pM"
b453872c 470 " previous TSC %08x%04x received TSC "
e174961c 471 "%08x%04x\n", hdr->addr2,
b453872c
JG		 472 tkey->rx_iv32, tkey->rx_iv16, iv32, iv16);
473 }
6f16bf3b 474#endif
b453872c
JG		 475 tkey->dot11RSNAStatsTKIPReplays++;
476 return -4;
477 }
478
479 if (iv32 != tkey->rx_iv32 || !tkey->rx_phase1_done) {
480 tkip_mixing_phase1(tkey->rx_ttak, tkey->key, hdr->addr2, iv32);
481 tkey->rx_phase1_done = 1;
482 }
483 tkip_mixing_phase2(rc4key, tkey->key, tkey->rx_ttak, iv16);
484
485 plen = skb->len - hdr_len - 12;
486
28eb177d 487 crypto_blkcipher_setkey(tkey->rx_tfm_arc4, rc4key, 16);
fa05f128 488 sg_init_one(&sg, pos, plen + 4);
f12cc209
HX		 489 if (crypto_blkcipher_decrypt(&desc, &sg, &sg, plen + 4)) {
490 if (net_ratelimit()) {
491 printk(KERN_DEBUG ": TKIP: failed to decrypt "
e174961c
JB		 492 "received packet from %pM\n",
493 hdr->addr2);
f12cc209
HX		 494 }
495 return -7;
496 }
b453872c
JG		 497
498 crc = ~crc32_le(~0, pos, plen);
499 icv[0] = crc;
500 icv[1] = crc >> 8;
501 icv[2] = crc >> 16;
502 icv[3] = crc >> 24;
503 if (memcmp(icv, pos + plen, 4) != 0) {
504 if (iv32 != tkey->rx_iv32) {
505 /* Previously cached Phase1 result was already lost, so
506 * it needs to be recalculated for the next packet. */
507 tkey->rx_phase1_done = 0;
508 }
6f16bf3b 509#ifdef CONFIG_LIB80211_DEBUG
274bfb8d
JL		 510 if (net_ratelimit()) {
511 printk(KERN_DEBUG "TKIP: ICV error detected: STA="
e174961c 512 "%pM\n", hdr->addr2);
b453872c 513 }
6f16bf3b 514#endif
b453872c
JG		 515 tkey->dot11RSNAStatsTKIPICVErrors++;
516 return -5;
517 }
518
519 /* Update real counters only after Michael MIC verification has
520 * completed */
521 tkey->rx_iv32_new = iv32;
522 tkey->rx_iv16_new = iv16;
523
524 /* Remove IV and ICV */
299af9d3
AT		 525 memmove(skb->data + TKIP_HDR_LEN, skb->data, hdr_len);
526 skb_pull(skb, TKIP_HDR_LEN);
b453872c
JG		 527 skb_trim(skb, skb->len - 4);
528
529 return keyidx;
530}
531
28eb177d 532static int michael_mic(struct crypto_hash *tfm_michael, u8 * key, u8 * hdr,
0edd5b44 533 u8 * data, size_t data_len, u8 * mic)
b453872c 534{
35058687 535 struct hash_desc desc;
b453872c
JG		 536 struct scatterlist sg[2];
537
5a656949 538 if (tfm_michael == NULL) {
b453872c
JG		 539 printk(KERN_WARNING "michael_mic: tfm_michael == NULL\n");
540 return -1;
541 }
fa05f128 542 sg_init_table(sg, 2);
642f1490
JA		 543 sg_set_buf(&sg[0], hdr, 16);
544 sg_set_buf(&sg[1], data, data_len);
b453872c 545
28eb177d 546 if (crypto_hash_setkey(tfm_michael, key, 8))
35058687 547 return -1;
b453872c 548
28eb177d 549 desc.tfm = tfm_michael;
35058687
HX		 550 desc.flags = 0;
551 return crypto_hash_digest(&desc, sg, data_len + 16, mic);
b453872c
JG		 552}
553
0edd5b44 554static void michael_mic_hdr(struct sk_buff *skb, u8 * hdr)
b453872c 555{
274bfb8d 556 struct ieee80211_hdr *hdr11;
b453872c 557
274bfb8d 558 hdr11 = (struct ieee80211_hdr *)skb->data;
ea284152 559
274bfb8d 560 switch (le16_to_cpu(hdr11->frame_control) &
b453872c
JG		 561 (IEEE80211_FCTL_FROMDS | IEEE80211_FCTL_TODS)) {
562 case IEEE80211_FCTL_TODS:
0edd5b44
JG		 563 memcpy(hdr, hdr11->addr3, ETH_ALEN); /* DA */
564 memcpy(hdr + ETH_ALEN, hdr11->addr2, ETH_ALEN); /* SA */
b453872c
JG		 565 break;
566 case IEEE80211_FCTL_FROMDS:
0edd5b44
JG		 567 memcpy(hdr, hdr11->addr1, ETH_ALEN); /* DA */
568 memcpy(hdr + ETH_ALEN, hdr11->addr3, ETH_ALEN); /* SA */
b453872c
JG		 569 break;
570 case IEEE80211_FCTL_FROMDS | IEEE80211_FCTL_TODS:
0edd5b44
JG		 571 memcpy(hdr, hdr11->addr3, ETH_ALEN); /* DA */
572 memcpy(hdr + ETH_ALEN, hdr11->addr4, ETH_ALEN); /* SA */
b453872c
JG		 573 break;
574 case 0:
0edd5b44
JG		 575 memcpy(hdr, hdr11->addr1, ETH_ALEN); /* DA */
576 memcpy(hdr + ETH_ALEN, hdr11->addr2, ETH_ALEN); /* SA */
b453872c
JG		 577 break;
578 }
579
274bfb8d 580 if (ieee80211_is_data_qos(hdr11->frame_control)) {
3f6ff6ba 581 hdr[12] = le16_to_cpu(*((__le16 *)ieee80211_get_qos_ctl(hdr11)))
274bfb8d 582 & IEEE80211_QOS_CTL_TID_MASK;
ea284152
ZY		 583 } else
584 hdr[12] = 0; /* priority */
585
0edd5b44 586 hdr[13] = hdr[14] = hdr[15] = 0; /* reserved */
b453872c
JG		 587}
588
274bfb8d 589static int lib80211_michael_mic_add(struct sk_buff *skb, int hdr_len,
0edd5b44 590 void *priv)
b453872c 591{
274bfb8d 592 struct lib80211_tkip_data *tkey = priv;
b453872c
JG		 593 u8 *pos;
594
595 if (skb_tailroom(skb) < 8 || skb->len < hdr_len) {
596 printk(KERN_DEBUG "Invalid packet for Michael MIC add "
597 "(tailroom=%d hdr_len=%d skb->len=%d)\n",
598 skb_tailroom(skb), hdr_len, skb->len);
599 return -1;
600 }
601
602 michael_mic_hdr(skb, tkey->tx_hdr);
603 pos = skb_put(skb, 8);
5a656949 604 if (michael_mic(tkey->tx_tfm_michael, &tkey->key[16], tkey->tx_hdr,
b453872c
JG		 605 skb->data + hdr_len, skb->len - 8 - hdr_len, pos))
606 return -1;
607
608 return 0;
609}
610
274bfb8d
JL		 611static void lib80211_michael_mic_failure(struct net_device *dev,
612 struct ieee80211_hdr *hdr,
ee34af37 613 int keyidx)
b453872c
JG		 614{
615 union iwreq_data wrqu;
616 struct iw_michaelmicfailure ev;
617
618 /* TODO: needed parameters: count, keyid, key type, TSC */
619 memset(&ev, 0, sizeof(ev));
620 ev.flags = keyidx & IW_MICFAILURE_KEY_ID;
621 if (hdr->addr1[0] & 0x01)
622 ev.flags |= IW_MICFAILURE_GROUP;
623 else
624 ev.flags |= IW_MICFAILURE_PAIRWISE;
625 ev.src_addr.sa_family = ARPHRD_ETHER;
626 memcpy(ev.src_addr.sa_data, hdr->addr2, ETH_ALEN);
627 memset(&wrqu, 0, sizeof(wrqu));
628 wrqu.data.length = sizeof(ev);
0edd5b44 629 wireless_send_event(dev, IWEVMICHAELMICFAILURE, &wrqu, (char *)&ev);
b453872c 630}
b453872c 631
274bfb8d 632static int lib80211_michael_mic_verify(struct sk_buff *skb, int keyidx,
0edd5b44 633 int hdr_len, void *priv)
b453872c 634{
274bfb8d 635 struct lib80211_tkip_data *tkey = priv;
b453872c
JG		 636 u8 mic[8];
637
638 if (!tkey->key_set)
639 return -1;
640
641 michael_mic_hdr(skb, tkey->rx_hdr);
5a656949 642 if (michael_mic(tkey->rx_tfm_michael, &tkey->key[24], tkey->rx_hdr,
b453872c
JG		 643 skb->data + hdr_len, skb->len - 8 - hdr_len, mic))
644 return -1;
645 if (memcmp(mic, skb->data + skb->len - 8, 8) != 0) {
274bfb8d
JL		 646 struct ieee80211_hdr *hdr;
647 hdr = (struct ieee80211_hdr *)skb->data;
b453872c 648 printk(KERN_DEBUG "%s: Michael MIC verification failed for "
e174961c
JB		 649 "MSDU from %pM keyidx=%d\n",
650 skb->dev ? skb->dev->name : "N/A", hdr->addr2,
b453872c
JG		 651 keyidx);
652 if (skb->dev)
274bfb8d 653 lib80211_michael_mic_failure(skb->dev, hdr, keyidx);
b453872c
JG		 654 tkey->dot11RSNAStatsTKIPLocalMICFailures++;
655 return -1;
656 }
657
658 /* Update TSC counters for RX now that the packet verification has
659 * completed. */
660 tkey->rx_iv32 = tkey->rx_iv32_new;
661 tkey->rx_iv16 = tkey->rx_iv16_new;
662
663 skb_trim(skb, skb->len - 8);
664
665 return 0;
666}
667
274bfb8d 668static int lib80211_tkip_set_key(void *key, int len, u8 * seq, void *priv)
b453872c 669{
274bfb8d 670 struct lib80211_tkip_data *tkey = priv;
b453872c 671 int keyidx;
28eb177d
JG		 672 struct crypto_hash *tfm = tkey->tx_tfm_michael;
673 struct crypto_blkcipher *tfm2 = tkey->tx_tfm_arc4;
674 struct crypto_hash *tfm3 = tkey->rx_tfm_michael;
675 struct crypto_blkcipher *tfm4 = tkey->rx_tfm_arc4;
b453872c
JG		 676
677 keyidx = tkey->key_idx;
678 memset(tkey, 0, sizeof(*tkey));
679 tkey->key_idx = keyidx;
5a656949
ZY		 680 tkey->tx_tfm_michael = tfm;
681 tkey->tx_tfm_arc4 = tfm2;
682 tkey->rx_tfm_michael = tfm3;
683 tkey->rx_tfm_arc4 = tfm4;
b453872c
JG		 684 if (len == TKIP_KEY_LEN) {
685 memcpy(tkey->key, key, TKIP_KEY_LEN);
686 tkey->key_set = 1;
0edd5b44 687 tkey->tx_iv16 = 1; /* TSC is initialized to 1 */
b453872c
JG		 688 if (seq) {
689 tkey->rx_iv32 = (seq[5] << 24) | (seq[4] << 16) |
0edd5b44 690 (seq[3] << 8) | seq[2];
b453872c
JG		 691 tkey->rx_iv16 = (seq[1] << 8) | seq[0];
692 }
693 } else if (len == 0)
694 tkey->key_set = 0;
695 else
696 return -1;
697
698 return 0;
699}
700
274bfb8d 701static int lib80211_tkip_get_key(void *key, int len, u8 * seq, void *priv)
b453872c 702{
274bfb8d 703 struct lib80211_tkip_data *tkey = priv;
b453872c
JG		 704
705 if (len < TKIP_KEY_LEN)
706 return -1;
707
708 if (!tkey->key_set)
709 return 0;
710 memcpy(key, tkey->key, TKIP_KEY_LEN);
711
712 if (seq) {
713 /* Return the sequence number of the last transmitted frame. */
714 u16 iv16 = tkey->tx_iv16;
715 u32 iv32 = tkey->tx_iv32;
716 if (iv16 == 0)
717 iv32--;
718 iv16--;
719 seq[0] = tkey->tx_iv16;
720 seq[1] = tkey->tx_iv16 >> 8;
721 seq[2] = tkey->tx_iv32;
722 seq[3] = tkey->tx_iv32 >> 8;
723 seq[4] = tkey->tx_iv32 >> 16;
724 seq[5] = tkey->tx_iv32 >> 24;
725 }
726
727 return TKIP_KEY_LEN;
728}
729
274bfb8d 730static char *lib80211_tkip_print_stats(char *p, void *priv)
b453872c 731{
274bfb8d 732 struct lib80211_tkip_data *tkip = priv;
b453872c
JG		 733 p += sprintf(p, "key[%d] alg=TKIP key_set=%d "
734 "tx_pn=%02x%02x%02x%02x%02x%02x "
735 "rx_pn=%02x%02x%02x%02x%02x%02x "
736 "replays=%d icv_errors=%d local_mic_failures=%d\n",
737 tkip->key_idx, tkip->key_set,
738 (tkip->tx_iv32 >> 24) & 0xff,
739 (tkip->tx_iv32 >> 16) & 0xff,
740 (tkip->tx_iv32 >> 8) & 0xff,
741 tkip->tx_iv32 & 0xff,
742 (tkip->tx_iv16 >> 8) & 0xff,
743 tkip->tx_iv16 & 0xff,
744 (tkip->rx_iv32 >> 24) & 0xff,
745 (tkip->rx_iv32 >> 16) & 0xff,
746 (tkip->rx_iv32 >> 8) & 0xff,
747 tkip->rx_iv32 & 0xff,
748 (tkip->rx_iv16 >> 8) & 0xff,
749 tkip->rx_iv16 & 0xff,
750 tkip->dot11RSNAStatsTKIPReplays,
751 tkip->dot11RSNAStatsTKIPICVErrors,
752 tkip->dot11RSNAStatsTKIPLocalMICFailures);
753 return p;
754}
755
274bfb8d 756static struct lib80211_crypto_ops lib80211_crypt_tkip = {
74079fdc 757 .name = "TKIP",
274bfb8d
JL		 758 .init = lib80211_tkip_init,
759 .deinit = lib80211_tkip_deinit,
274bfb8d
JL		 760 .encrypt_mpdu = lib80211_tkip_encrypt,
761 .decrypt_mpdu = lib80211_tkip_decrypt,
762 .encrypt_msdu = lib80211_michael_mic_add,
763 .decrypt_msdu = lib80211_michael_mic_verify,
764 .set_key = lib80211_tkip_set_key,
765 .get_key = lib80211_tkip_get_key,
766 .print_stats = lib80211_tkip_print_stats,
1264fc04
JK		 767 .extra_mpdu_prefix_len = 4 + 4, /* IV + ExtIV */
768 .extra_mpdu_postfix_len = 4, /* ICV */
769 .extra_msdu_postfix_len = 8, /* MIC */
274bfb8d
JL		 770 .get_flags = lib80211_tkip_get_flags,
771 .set_flags = lib80211_tkip_set_flags,
74079fdc 772 .owner = THIS_MODULE,
b453872c
JG		 773};
774
274bfb8d 775static int __init lib80211_crypto_tkip_init(void)
b453872c 776{
274bfb8d 777 return lib80211_register_crypto_ops(&lib80211_crypt_tkip);
b453872c
JG		 778}
779
274bfb8d 780static void __exit lib80211_crypto_tkip_exit(void)
b453872c 781{
274bfb8d 782 lib80211_unregister_crypto_ops(&lib80211_crypt_tkip);
b453872c
JG		 783}
784
274bfb8d
JL		 785module_init(lib80211_crypto_tkip_init);
786module_exit(lib80211_crypto_tkip_exit);
Clone of davem's net-next-2.6 tree