2 * Host AP crypt: host-based TKIP encryption implementation for Host AP driver
4 * Copyright (c) 2003-2004, Jouni Malinen <jkmaline@cc.hut.fi>
6 * This program is free software; you can redistribute it and/or modify
7 * it under the terms of the GNU General Public License version 2 as
8 * published by the Free Software Foundation. See README and COPYING for
12 #include <linux/module.h>
13 #include <linux/slab.h>
14 #include <linux/random.h>
15 #include <linux/skbuff.h>
16 #include <linux/netdevice.h>
17 #include <linux/if_ether.h>
18 #include <linux/if_arp.h>
19 #include <asm/string.h>
21 #include "ieee80211.h"
23 #include <linux/crypto.h>
24 #include <linux/scatterlist.h>
25 #include <linux/crc32.h>
27 MODULE_AUTHOR("Jouni Malinen");
28 MODULE_DESCRIPTION("Host AP crypt: TKIP");
29 MODULE_LICENSE("GPL");
32 struct ieee80211_tkip_data {
33 #define TKIP_KEY_LEN 32
49 u32 dot11RSNAStatsTKIPReplays;
50 u32 dot11RSNAStatsTKIPICVErrors;
51 u32 dot11RSNAStatsTKIPLocalMICFailures;
55 struct crypto_blkcipher *rx_tfm_arc4;
56 struct crypto_hash *rx_tfm_michael;
57 struct crypto_blkcipher *tx_tfm_arc4;
58 struct crypto_hash *tx_tfm_michael;
59 struct crypto_tfm *tfm_arc4;
60 struct crypto_tfm *tfm_michael;
62 /* scratch buffers for virt_to_page() (crypto API) */
63 u8 rx_hdr[16], tx_hdr[16];
66 static void *ieee80211_tkip_init(int key_idx)
68 struct ieee80211_tkip_data *priv;
70 priv = kzalloc(sizeof(*priv), GFP_ATOMIC);
73 priv->key_idx = key_idx;
75 priv->tx_tfm_arc4 = crypto_alloc_blkcipher("ecb(arc4)", 0,
77 if (IS_ERR(priv->tx_tfm_arc4)) {
78 printk(KERN_DEBUG "ieee80211_crypt_tkip: could not allocate "
80 priv->tx_tfm_arc4 = NULL;
84 priv->tx_tfm_michael = crypto_alloc_hash("michael_mic", 0,
86 if (IS_ERR(priv->tx_tfm_michael)) {
87 printk(KERN_DEBUG "ieee80211_crypt_tkip: could not allocate "
88 "crypto API michael_mic\n");
89 priv->tx_tfm_michael = NULL;
93 priv->rx_tfm_arc4 = crypto_alloc_blkcipher("ecb(arc4)", 0,
95 if (IS_ERR(priv->rx_tfm_arc4)) {
96 printk(KERN_DEBUG "ieee80211_crypt_tkip: could not allocate "
98 priv->rx_tfm_arc4 = NULL;
102 priv->rx_tfm_michael = crypto_alloc_hash("michael_mic", 0,
104 if (IS_ERR(priv->rx_tfm_michael)) {
105 printk(KERN_DEBUG "ieee80211_crypt_tkip: could not allocate "
106 "crypto API michael_mic\n");
107 priv->rx_tfm_michael = NULL;
115 if (priv->tx_tfm_michael)
116 crypto_free_hash(priv->tx_tfm_michael);
117 if (priv->tx_tfm_arc4)
118 crypto_free_blkcipher(priv->tx_tfm_arc4);
119 if (priv->rx_tfm_michael)
120 crypto_free_hash(priv->rx_tfm_michael);
121 if (priv->rx_tfm_arc4)
122 crypto_free_blkcipher(priv->rx_tfm_arc4);
130 static void ieee80211_tkip_deinit(void *priv)
132 struct ieee80211_tkip_data *_priv = priv;
135 if (_priv->tx_tfm_michael)
136 crypto_free_hash(_priv->tx_tfm_michael);
137 if (_priv->tx_tfm_arc4)
138 crypto_free_blkcipher(_priv->tx_tfm_arc4);
139 if (_priv->rx_tfm_michael)
140 crypto_free_hash(_priv->rx_tfm_michael);
141 if (_priv->rx_tfm_arc4)
142 crypto_free_blkcipher(_priv->rx_tfm_arc4);
148 static inline u16 RotR1(u16 val)
150 return (val >> 1) | (val << 15);
154 static inline u8 Lo8(u16 val)
160 static inline u8 Hi8(u16 val)
166 static inline u16 Lo16(u32 val)
172 static inline u16 Hi16(u32 val)
178 static inline u16 Mk16(u8 hi, u8 lo)
180 return lo | (((u16) hi) << 8);
184 static inline u16 Mk16_le(u16 *v)
186 return le16_to_cpu(*v);
190 static const u16 Sbox[256] = {
191 0xC6A5, 0xF884, 0xEE99, 0xF68D, 0xFF0D, 0xD6BD, 0xDEB1, 0x9154,
192 0x6050, 0x0203, 0xCEA9, 0x567D, 0xE719, 0xB562, 0x4DE6, 0xEC9A,
193 0x8F45, 0x1F9D, 0x8940, 0xFA87, 0xEF15, 0xB2EB, 0x8EC9, 0xFB0B,
194 0x41EC, 0xB367, 0x5FFD, 0x45EA, 0x23BF, 0x53F7, 0xE496, 0x9B5B,
195 0x75C2, 0xE11C, 0x3DAE, 0x4C6A, 0x6C5A, 0x7E41, 0xF502, 0x834F,
196 0x685C, 0x51F4, 0xD134, 0xF908, 0xE293, 0xAB73, 0x6253, 0x2A3F,
197 0x080C, 0x9552, 0x4665, 0x9D5E, 0x3028, 0x37A1, 0x0A0F, 0x2FB5,
198 0x0E09, 0x2436, 0x1B9B, 0xDF3D, 0xCD26, 0x4E69, 0x7FCD, 0xEA9F,
199 0x121B, 0x1D9E, 0x5874, 0x342E, 0x362D, 0xDCB2, 0xB4EE, 0x5BFB,
200 0xA4F6, 0x764D, 0xB761, 0x7DCE, 0x527B, 0xDD3E, 0x5E71, 0x1397,
201 0xA6F5, 0xB968, 0x0000, 0xC12C, 0x4060, 0xE31F, 0x79C8, 0xB6ED,
202 0xD4BE, 0x8D46, 0x67D9, 0x724B, 0x94DE, 0x98D4, 0xB0E8, 0x854A,
203 0xBB6B, 0xC52A, 0x4FE5, 0xED16, 0x86C5, 0x9AD7, 0x6655, 0x1194,
204 0x8ACF, 0xE910, 0x0406, 0xFE81, 0xA0F0, 0x7844, 0x25BA, 0x4BE3,
205 0xA2F3, 0x5DFE, 0x80C0, 0x058A, 0x3FAD, 0x21BC, 0x7048, 0xF104,
206 0x63DF, 0x77C1, 0xAF75, 0x4263, 0x2030, 0xE51A, 0xFD0E, 0xBF6D,
207 0x814C, 0x1814, 0x2635, 0xC32F, 0xBEE1, 0x35A2, 0x88CC, 0x2E39,
208 0x9357, 0x55F2, 0xFC82, 0x7A47, 0xC8AC, 0xBAE7, 0x322B, 0xE695,
209 0xC0A0, 0x1998, 0x9ED1, 0xA37F, 0x4466, 0x547E, 0x3BAB, 0x0B83,
210 0x8CCA, 0xC729, 0x6BD3, 0x283C, 0xA779, 0xBCE2, 0x161D, 0xAD76,
211 0xDB3B, 0x6456, 0x744E, 0x141E, 0x92DB, 0x0C0A, 0x486C, 0xB8E4,
212 0x9F5D, 0xBD6E, 0x43EF, 0xC4A6, 0x39A8, 0x31A4, 0xD337, 0xF28B,
213 0xD532, 0x8B43, 0x6E59, 0xDAB7, 0x018C, 0xB164, 0x9CD2, 0x49E0,
214 0xD8B4, 0xACFA, 0xF307, 0xCF25, 0xCAAF, 0xF48E, 0x47E9, 0x1018,
215 0x6FD5, 0xF088, 0x4A6F, 0x5C72, 0x3824, 0x57F1, 0x73C7, 0x9751,
216 0xCB23, 0xA17C, 0xE89C, 0x3E21, 0x96DD, 0x61DC, 0x0D86, 0x0F85,
217 0xE090, 0x7C42, 0x71C4, 0xCCAA, 0x90D8, 0x0605, 0xF701, 0x1C12,
218 0xC2A3, 0x6A5F, 0xAEF9, 0x69D0, 0x1791, 0x9958, 0x3A27, 0x27B9,
219 0xD938, 0xEB13, 0x2BB3, 0x2233, 0xD2BB, 0xA970, 0x0789, 0x33A7,
220 0x2DB6, 0x3C22, 0x1592, 0xC920, 0x8749, 0xAAFF, 0x5078, 0xA57A,
221 0x038F, 0x59F8, 0x0980, 0x1A17, 0x65DA, 0xD731, 0x84C6, 0xD0B8,
222 0x82C3, 0x29B0, 0x5A77, 0x1E11, 0x7BCB, 0xA8FC, 0x6DD6, 0x2C3A,
226 static inline u16 _S_(u16 v)
228 u16 t = Sbox[Hi8(v)];
229 return Sbox[Lo8(v)] ^ ((t << 8) | (t >> 8));
232 #define PHASE1_LOOP_COUNT 8
234 static void tkip_mixing_phase1(u16 *TTAK, const u8 *TK, const u8 *TA, u32 IV32)
238 /* Initialize the 80-bit TTAK from TSC (IV32) and TA[0..5] */
239 TTAK[0] = Lo16(IV32);
240 TTAK[1] = Hi16(IV32);
241 TTAK[2] = Mk16(TA[1], TA[0]);
242 TTAK[3] = Mk16(TA[3], TA[2]);
243 TTAK[4] = Mk16(TA[5], TA[4]);
245 for (i = 0; i < PHASE1_LOOP_COUNT; i++) {
247 TTAK[0] += _S_(TTAK[4] ^ Mk16(TK[1 + j], TK[0 + j]));
248 TTAK[1] += _S_(TTAK[0] ^ Mk16(TK[5 + j], TK[4 + j]));
249 TTAK[2] += _S_(TTAK[1] ^ Mk16(TK[9 + j], TK[8 + j]));
250 TTAK[3] += _S_(TTAK[2] ^ Mk16(TK[13 + j], TK[12 + j]));
251 TTAK[4] += _S_(TTAK[3] ^ Mk16(TK[1 + j], TK[0 + j])) + i;
256 static void tkip_mixing_phase2(u8 *WEPSeed, const u8 *TK, const u16 *TTAK,
259 /* Make temporary area overlap WEP seed so that the final copy can be
260 * avoided on little endian hosts. */
261 u16 *PPK = (u16 *) &WEPSeed[4];
263 /* Step 1 - make copy of TTAK and bring in TSC */
269 PPK[5] = TTAK[4] + IV16;
271 /* Step 2 - 96-bit bijective mixing using S-box */
272 PPK[0] += _S_(PPK[5] ^ Mk16_le((u16 *) &TK[0]));
273 PPK[1] += _S_(PPK[0] ^ Mk16_le((u16 *) &TK[2]));
274 PPK[2] += _S_(PPK[1] ^ Mk16_le((u16 *) &TK[4]));
275 PPK[3] += _S_(PPK[2] ^ Mk16_le((u16 *) &TK[6]));
276 PPK[4] += _S_(PPK[3] ^ Mk16_le((u16 *) &TK[8]));
277 PPK[5] += _S_(PPK[4] ^ Mk16_le((u16 *) &TK[10]));
279 PPK[0] += RotR1(PPK[5] ^ Mk16_le((u16 *) &TK[12]));
280 PPK[1] += RotR1(PPK[0] ^ Mk16_le((u16 *) &TK[14]));
281 PPK[2] += RotR1(PPK[1]);
282 PPK[3] += RotR1(PPK[2]);
283 PPK[4] += RotR1(PPK[3]);
284 PPK[5] += RotR1(PPK[4]);
286 /* Step 3 - bring in last of TK bits, assign 24-bit WEP IV value
287 * WEPSeed[0..2] is transmitted as WEP IV */
288 WEPSeed[0] = Hi8(IV16);
289 WEPSeed[1] = (Hi8(IV16) | 0x20) & 0x7F;
290 WEPSeed[2] = Lo8(IV16);
291 WEPSeed[3] = Lo8((PPK[5] ^ Mk16_le((u16 *) &TK[0])) >> 1);
296 for (i = 0; i < 6; i++)
297 PPK[i] = (PPK[i] << 8) | (PPK[i] >> 8);
302 static int ieee80211_tkip_encrypt(struct sk_buff *skb, int hdr_len, void *priv)
304 struct ieee80211_tkip_data *tkey = priv;
305 struct blkcipher_desc desc = {.tfm = tkey->tx_tfm_arc4};
308 struct ieee80211_hdr_4addr *hdr;
311 struct scatterlist sg;
315 if (skb_headroom(skb) < 8 || skb_tailroom(skb) < 4 ||
319 hdr = (struct ieee80211_hdr_4addr *)skb->data;
321 if (!tkey->tx_phase1_done) {
322 tkip_mixing_phase1(tkey->tx_ttak, tkey->key, hdr->addr2,
324 tkey->tx_phase1_done = 1;
326 tkip_mixing_phase2(rc4key, tkey->key, tkey->tx_ttak, tkey->tx_iv16);
328 len = skb->len - hdr_len;
329 pos = skb_push(skb, 8);
330 memmove(pos, pos + 8, hdr_len);
336 *pos++ = (tkey->key_idx << 6) | (1 << 5) /* Ext IV included */;
337 *pos++ = tkey->tx_iv32 & 0xff;
338 *pos++ = (tkey->tx_iv32 >> 8) & 0xff;
339 *pos++ = (tkey->tx_iv32 >> 16) & 0xff;
340 *pos++ = (tkey->tx_iv32 >> 24) & 0xff;
342 icv = skb_put(skb, 4);
343 crc = ~crc32_le(~0, pos, len);
348 crypto_blkcipher_setkey(tkey->tx_tfm_arc4, rc4key, 16);
349 sg_init_one(&sg, pos, len + 4);
350 ret = crypto_blkcipher_encrypt(&desc, &sg, &sg, len + 4);
353 if (tkey->tx_iv16 == 0) {
354 tkey->tx_phase1_done = 0;
360 static int ieee80211_tkip_decrypt(struct sk_buff *skb, int hdr_len, void *priv)
362 struct ieee80211_tkip_data *tkey = priv;
363 struct blkcipher_desc desc = { .tfm = tkey->rx_tfm_arc4 };
367 struct ieee80211_hdr_4addr *hdr;
370 struct scatterlist sg;
374 if (skb->len < hdr_len + 8 + 4)
377 hdr = (struct ieee80211_hdr_4addr *)skb->data;
378 pos = skb->data + hdr_len;
380 if (!(keyidx & (1 << 5))) {
381 if (net_ratelimit()) {
382 printk(KERN_DEBUG "TKIP: received packet without ExtIV"
383 " flag from %pM\n", hdr->addr2);
388 if (tkey->key_idx != keyidx) {
389 printk(KERN_DEBUG "TKIP: RX tkey->key_idx=%d frame "
390 "keyidx=%d priv=%p\n", tkey->key_idx, keyidx, priv);
393 if (!tkey->key_set) {
394 if (net_ratelimit()) {
395 printk(KERN_DEBUG "TKIP: received packet from %pM"
396 " with keyid=%d that does not have a configured"
397 " key\n", hdr->addr2, keyidx);
401 iv16 = (pos[0] << 8) | pos[2];
402 iv32 = pos[4] | (pos[5] << 8) | (pos[6] << 16) | (pos[7] << 24);
405 if (iv32 < tkey->rx_iv32 ||
406 (iv32 == tkey->rx_iv32 && iv16 <= tkey->rx_iv16)) {
407 if (net_ratelimit()) {
408 printk(KERN_DEBUG "TKIP: replay detected: STA=%pM"
409 " previous TSC %08x%04x received TSC "
410 "%08x%04x\n", hdr->addr2,
411 tkey->rx_iv32, tkey->rx_iv16, iv32, iv16);
413 tkey->dot11RSNAStatsTKIPReplays++;
417 if (iv32 != tkey->rx_iv32 || !tkey->rx_phase1_done) {
418 tkip_mixing_phase1(tkey->rx_ttak, tkey->key, hdr->addr2, iv32);
419 tkey->rx_phase1_done = 1;
421 tkip_mixing_phase2(rc4key, tkey->key, tkey->rx_ttak, iv16);
423 plen = skb->len - hdr_len - 12;
424 crypto_blkcipher_setkey(tkey->rx_tfm_arc4, rc4key, 16);
425 sg_init_one(&sg, pos, plen + 4);
426 if (crypto_blkcipher_decrypt(&desc, &sg, &sg, plen + 4)) {
427 if (net_ratelimit()) {
428 printk(KERN_DEBUG ": TKIP: failed to decrypt "
429 "received packet from %pM\n",
435 crc = ~crc32_le(~0, pos, plen);
440 if (memcmp(icv, pos + plen, 4) != 0) {
441 if (iv32 != tkey->rx_iv32) {
442 /* Previously cached Phase1 result was already lost, so
443 * it needs to be recalculated for the next packet. */
444 tkey->rx_phase1_done = 0;
446 if (net_ratelimit()) {
447 printk(KERN_DEBUG "TKIP: ICV error detected: STA="
448 "%pM\n", hdr->addr2);
450 tkey->dot11RSNAStatsTKIPICVErrors++;
454 /* Update real counters only after Michael MIC verification has
456 tkey->rx_iv32_new = iv32;
457 tkey->rx_iv16_new = iv16;
459 /* Remove IV and ICV */
460 memmove(skb->data + 8, skb->data, hdr_len);
462 skb_trim(skb, skb->len - 4);
467 static int michael_mic(struct crypto_hash *tfm_michael, u8 *key, u8 *hdr,
468 u8 *data, size_t data_len, u8 *mic)
470 struct hash_desc desc;
471 struct scatterlist sg[2];
473 if (tfm_michael == NULL) {
474 printk(KERN_WARNING "michael_mic: tfm_michael == NULL\n");
478 sg_init_table(sg, 2);
479 sg_set_buf(&sg[0], hdr, 16);
480 sg_set_buf(&sg[1], data, data_len);
482 if (crypto_hash_setkey(tfm_michael, key, 8))
485 desc.tfm = tfm_michael;
487 return crypto_hash_digest(&desc, sg, data_len + 16, mic);
490 static void michael_mic_hdr(struct sk_buff *skb, u8 *hdr)
492 struct ieee80211_hdr_4addr *hdr11;
494 hdr11 = (struct ieee80211_hdr_4addr *)skb->data;
495 switch (le16_to_cpu(hdr11->frame_ctl) &
496 (IEEE80211_FCTL_FROMDS | IEEE80211_FCTL_TODS)) {
497 case IEEE80211_FCTL_TODS:
498 memcpy(hdr, hdr11->addr3, ETH_ALEN); /* DA */
499 memcpy(hdr + ETH_ALEN, hdr11->addr2, ETH_ALEN); /* SA */
501 case IEEE80211_FCTL_FROMDS:
502 memcpy(hdr, hdr11->addr1, ETH_ALEN); /* DA */
503 memcpy(hdr + ETH_ALEN, hdr11->addr3, ETH_ALEN); /* SA */
505 case IEEE80211_FCTL_FROMDS | IEEE80211_FCTL_TODS:
506 memcpy(hdr, hdr11->addr3, ETH_ALEN); /* DA */
507 memcpy(hdr + ETH_ALEN, hdr11->addr4, ETH_ALEN); /* SA */
510 memcpy(hdr, hdr11->addr1, ETH_ALEN); /* DA */
511 memcpy(hdr + ETH_ALEN, hdr11->addr2, ETH_ALEN); /* SA */
515 hdr[12] = 0; /* priority */
517 hdr[13] = hdr[14] = hdr[15] = 0; /* reserved */
521 static int ieee80211_michael_mic_add(struct sk_buff *skb, int hdr_len,
524 struct ieee80211_tkip_data *tkey = priv;
526 struct ieee80211_hdr_4addr *hdr;
528 hdr = (struct ieee80211_hdr_4addr *)skb->data;
530 if (skb_tailroom(skb) < 8 || skb->len < hdr_len) {
531 printk(KERN_DEBUG "Invalid packet for Michael MIC add "
532 "(tailroom=%d hdr_len=%d skb->len=%d)\n",
533 skb_tailroom(skb), hdr_len, skb->len);
537 michael_mic_hdr(skb, tkey->tx_hdr);
539 if (IEEE80211_QOS_HAS_SEQ(le16_to_cpu(hdr->frame_ctl)))
540 tkey->tx_hdr[12] = *(skb->data + hdr_len - 2) & 0x07;
542 pos = skb_put(skb, 8);
544 if (michael_mic(tkey->tx_tfm_michael, &tkey->key[16], tkey->tx_hdr,
545 skb->data + hdr_len, skb->len - 8 - hdr_len, pos))
551 static void ieee80211_michael_mic_failure(struct net_device *dev,
552 struct ieee80211_hdr_4addr *hdr,
555 union iwreq_data wrqu;
556 struct iw_michaelmicfailure ev;
558 /* TODO: needed parameters: count, keyid, key type, TSC */
559 memset(&ev, 0, sizeof(ev));
560 ev.flags = keyidx & IW_MICFAILURE_KEY_ID;
561 if (hdr->addr1[0] & 0x01)
562 ev.flags |= IW_MICFAILURE_GROUP;
564 ev.flags |= IW_MICFAILURE_PAIRWISE;
565 ev.src_addr.sa_family = ARPHRD_ETHER;
566 memcpy(ev.src_addr.sa_data, hdr->addr2, ETH_ALEN);
567 memset(&wrqu, 0, sizeof(wrqu));
568 wrqu.data.length = sizeof(ev);
569 wireless_send_event(dev, IWEVMICHAELMICFAILURE, &wrqu, (char *) &ev);
572 static int ieee80211_michael_mic_verify(struct sk_buff *skb, int keyidx,
573 int hdr_len, void *priv)
575 struct ieee80211_tkip_data *tkey = priv;
577 struct ieee80211_hdr_4addr *hdr;
579 hdr = (struct ieee80211_hdr_4addr *)skb->data;
584 michael_mic_hdr(skb, tkey->rx_hdr);
585 if (IEEE80211_QOS_HAS_SEQ(le16_to_cpu(hdr->frame_ctl)))
586 tkey->rx_hdr[12] = *(skb->data + hdr_len - 2) & 0x07;
588 if (michael_mic(tkey->rx_tfm_michael, &tkey->key[24], tkey->rx_hdr,
589 skb->data + hdr_len, skb->len - 8 - hdr_len, mic))
592 if (memcmp(mic, skb->data + skb->len - 8, 8) != 0) {
593 struct ieee80211_hdr_4addr *hdr;
594 hdr = (struct ieee80211_hdr_4addr *)skb->data;
595 printk(KERN_DEBUG "%s: Michael MIC verification failed for "
596 "MSDU from %pM keyidx=%d\n",
597 skb->dev ? skb->dev->name : "N/A", hdr->addr2,
600 ieee80211_michael_mic_failure(skb->dev, hdr, keyidx);
601 tkey->dot11RSNAStatsTKIPLocalMICFailures++;
605 /* Update TSC counters for RX now that the packet verification has
607 tkey->rx_iv32 = tkey->rx_iv32_new;
608 tkey->rx_iv16 = tkey->rx_iv16_new;
610 skb_trim(skb, skb->len - 8);
616 static int ieee80211_tkip_set_key(void *key, int len, u8 *seq, void *priv)
618 struct ieee80211_tkip_data *tkey = priv;
620 struct crypto_hash *tfm = tkey->tx_tfm_michael;
621 struct crypto_blkcipher *tfm2 = tkey->tx_tfm_arc4;
622 struct crypto_hash *tfm3 = tkey->rx_tfm_michael;
623 struct crypto_blkcipher *tfm4 = tkey->rx_tfm_arc4;
625 keyidx = tkey->key_idx;
626 memset(tkey, 0, sizeof(*tkey));
627 tkey->key_idx = keyidx;
629 tkey->tx_tfm_michael = tfm;
630 tkey->tx_tfm_arc4 = tfm2;
631 tkey->rx_tfm_michael = tfm3;
632 tkey->rx_tfm_arc4 = tfm4;
634 if (len == TKIP_KEY_LEN) {
635 memcpy(tkey->key, key, TKIP_KEY_LEN);
637 tkey->tx_iv16 = 1; /* TSC is initialized to 1 */
639 tkey->rx_iv32 = (seq[5] << 24) | (seq[4] << 16) |
640 (seq[3] << 8) | seq[2];
641 tkey->rx_iv16 = (seq[1] << 8) | seq[0];
652 static int ieee80211_tkip_get_key(void *key, int len, u8 *seq, void *priv)
654 struct ieee80211_tkip_data *tkey = priv;
656 if (len < TKIP_KEY_LEN)
661 memcpy(key, tkey->key, TKIP_KEY_LEN);
664 /* Return the sequence number of the last transmitted frame. */
665 u16 iv16 = tkey->tx_iv16;
666 u32 iv32 = tkey->tx_iv32;
670 seq[0] = tkey->tx_iv16;
671 seq[1] = tkey->tx_iv16 >> 8;
672 seq[2] = tkey->tx_iv32;
673 seq[3] = tkey->tx_iv32 >> 8;
674 seq[4] = tkey->tx_iv32 >> 16;
675 seq[5] = tkey->tx_iv32 >> 24;
682 static char *ieee80211_tkip_print_stats(char *p, void *priv)
684 struct ieee80211_tkip_data *tkip = priv;
685 p += sprintf(p, "key[%d] alg=TKIP key_set=%d "
686 "tx_pn=%02x%02x%02x%02x%02x%02x "
687 "rx_pn=%02x%02x%02x%02x%02x%02x "
688 "replays=%d icv_errors=%d local_mic_failures=%d\n",
689 tkip->key_idx, tkip->key_set,
690 (tkip->tx_iv32 >> 24) & 0xff,
691 (tkip->tx_iv32 >> 16) & 0xff,
692 (tkip->tx_iv32 >> 8) & 0xff,
693 tkip->tx_iv32 & 0xff,
694 (tkip->tx_iv16 >> 8) & 0xff,
695 tkip->tx_iv16 & 0xff,
696 (tkip->rx_iv32 >> 24) & 0xff,
697 (tkip->rx_iv32 >> 16) & 0xff,
698 (tkip->rx_iv32 >> 8) & 0xff,
699 tkip->rx_iv32 & 0xff,
700 (tkip->rx_iv16 >> 8) & 0xff,
701 tkip->rx_iv16 & 0xff,
702 tkip->dot11RSNAStatsTKIPReplays,
703 tkip->dot11RSNAStatsTKIPICVErrors,
704 tkip->dot11RSNAStatsTKIPLocalMICFailures);
709 static struct ieee80211_crypto_ops ieee80211_crypt_tkip = {
711 .init = ieee80211_tkip_init,
712 .deinit = ieee80211_tkip_deinit,
713 .encrypt_mpdu = ieee80211_tkip_encrypt,
714 .decrypt_mpdu = ieee80211_tkip_decrypt,
715 .encrypt_msdu = ieee80211_michael_mic_add,
716 .decrypt_msdu = ieee80211_michael_mic_verify,
717 .set_key = ieee80211_tkip_set_key,
718 .get_key = ieee80211_tkip_get_key,
719 .print_stats = ieee80211_tkip_print_stats,
720 .extra_prefix_len = 4 + 4, /* IV + ExtIV */
721 .extra_postfix_len = 8 + 4, /* MIC + ICV */
722 .owner = THIS_MODULE,
726 int ieee80211_crypto_tkip_init(void)
728 return ieee80211_register_crypto_ops(&ieee80211_crypt_tkip);
732 void ieee80211_crypto_tkip_exit(void)
734 ieee80211_unregister_crypto_ops(&ieee80211_crypt_tkip);
738 void ieee80211_tkip_null(void)