2 * Host AP crypt: host-based TKIP encryption implementation for Host AP driver
4 * Copyright (c) 2003-2004, Jouni Malinen <jkmaline@cc.hut.fi>
6 * This program is free software; you can redistribute it and/or modify
7 * it under the terms of the GNU General Public License version 2 as
8 * published by the Free Software Foundation. See README and COPYING for
12 //#include <linux/config.h>
13 #include <linux/version.h>
14 #include <linux/module.h>
15 #include <linux/init.h>
16 #include <linux/slab.h>
17 #include <linux/random.h>
18 #include <linux/skbuff.h>
19 #include <linux/netdevice.h>
20 #include <linux/if_ether.h>
21 #include <linux/if_arp.h>
22 #include <asm/string.h>
24 #include "ieee80211.h"
27 #if (LINUX_VERSION_CODE < KERNEL_VERSION(2,5,0))
28 #include "rtl_crypto.h"
30 #include <linux/crypto.h>
32 //#include <asm/scatterlist.h>
33 #if LINUX_VERSION_CODE < KERNEL_VERSION(2,6,20)
34 #include <asm/scatterlist.h>
36 #include <linux/scatterlist.h>
39 #include <linux/crc32.h>
41 MODULE_AUTHOR("Jouni Malinen");
42 MODULE_DESCRIPTION("Host AP crypt: TKIP");
43 MODULE_LICENSE("GPL");
46 #define OPENSUSE_SLED 0
49 struct ieee80211_tkip_data {
50 #define TKIP_KEY_LEN 32
66 u32 dot11RSNAStatsTKIPReplays;
67 u32 dot11RSNAStatsTKIPICVErrors;
68 u32 dot11RSNAStatsTKIPLocalMICFailures;
71 #if((LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,21)) || (OPENSUSE_SLED))
72 struct crypto_blkcipher *rx_tfm_arc4;
73 struct crypto_hash *rx_tfm_michael;
74 struct crypto_blkcipher *tx_tfm_arc4;
75 struct crypto_hash *tx_tfm_michael;
77 struct crypto_tfm *tx_tfm_arc4;
78 struct crypto_tfm *tx_tfm_michael;
79 struct crypto_tfm *rx_tfm_arc4;
80 struct crypto_tfm *rx_tfm_michael;
82 /* scratch buffers for virt_to_page() (crypto API) */
83 u8 rx_hdr[16], tx_hdr[16];
86 static void * ieee80211_tkip_init(int key_idx)
88 struct ieee80211_tkip_data *priv;
90 priv = kzalloc(sizeof(*priv), GFP_ATOMIC);
93 priv->key_idx = key_idx;
94 #if((LINUX_VERSION_CODE < KERNEL_VERSION(2,6,21)) && (!OPENSUSE_SLED))
95 priv->tx_tfm_arc4 = crypto_alloc_tfm("arc4", 0);
96 if (priv->tx_tfm_arc4 == NULL) {
97 printk(KERN_DEBUG "ieee80211_crypt_tkip: could not allocate "
102 priv->tx_tfm_michael = crypto_alloc_tfm("michael_mic", 0);
103 if (priv->tx_tfm_michael == NULL) {
104 printk(KERN_DEBUG "ieee80211_crypt_tkip: could not allocate "
105 "crypto API michael_mic\n");
109 priv->rx_tfm_arc4 = crypto_alloc_tfm("arc4", 0);
110 if (priv->rx_tfm_arc4 == NULL) {
111 printk(KERN_DEBUG "ieee80211_crypt_tkip: could not allocate "
112 "crypto API arc4\n");
116 priv->rx_tfm_michael = crypto_alloc_tfm("michael_mic", 0);
117 if (priv->rx_tfm_michael == NULL) {
118 printk(KERN_DEBUG "ieee80211_crypt_tkip: could not allocate "
119 "crypto API michael_mic\n");
123 priv->tx_tfm_arc4 = crypto_alloc_blkcipher("ecb(arc4)", 0,
125 if (IS_ERR(priv->tx_tfm_arc4)) {
126 printk(KERN_DEBUG "ieee80211_crypt_tkip: could not allocate "
127 "crypto API arc4\n");
128 priv->tx_tfm_arc4 = NULL;
132 priv->tx_tfm_michael = crypto_alloc_hash("michael_mic", 0,
134 if (IS_ERR(priv->tx_tfm_michael)) {
135 printk(KERN_DEBUG "ieee80211_crypt_tkip: could not allocate "
136 "crypto API michael_mic\n");
137 priv->tx_tfm_michael = NULL;
141 priv->rx_tfm_arc4 = crypto_alloc_blkcipher("ecb(arc4)", 0,
143 if (IS_ERR(priv->rx_tfm_arc4)) {
144 printk(KERN_DEBUG "ieee80211_crypt_tkip: could not allocate "
145 "crypto API arc4\n");
146 priv->rx_tfm_arc4 = NULL;
150 priv->rx_tfm_michael = crypto_alloc_hash("michael_mic", 0,
152 if (IS_ERR(priv->rx_tfm_michael)) {
153 printk(KERN_DEBUG "ieee80211_crypt_tkip: could not allocate "
154 "crypto API michael_mic\n");
155 priv->rx_tfm_michael = NULL;
163 #if((LINUX_VERSION_CODE < KERNEL_VERSION(2,6,21)) && (!OPENSUSE_SLED))
164 if (priv->tx_tfm_michael)
165 crypto_free_tfm(priv->tx_tfm_michael);
166 if (priv->tx_tfm_arc4)
167 crypto_free_tfm(priv->tx_tfm_arc4);
168 if (priv->rx_tfm_michael)
169 crypto_free_tfm(priv->rx_tfm_michael);
170 if (priv->rx_tfm_arc4)
171 crypto_free_tfm(priv->rx_tfm_arc4);
174 if (priv->tx_tfm_michael)
175 crypto_free_hash(priv->tx_tfm_michael);
176 if (priv->tx_tfm_arc4)
177 crypto_free_blkcipher(priv->tx_tfm_arc4);
178 if (priv->rx_tfm_michael)
179 crypto_free_hash(priv->rx_tfm_michael);
180 if (priv->rx_tfm_arc4)
181 crypto_free_blkcipher(priv->rx_tfm_arc4);
190 static void ieee80211_tkip_deinit(void *priv)
192 struct ieee80211_tkip_data *_priv = priv;
193 #if((LINUX_VERSION_CODE < KERNEL_VERSION(2,6,21)) && (!OPENSUSE_SLED))
194 if (_priv->tx_tfm_michael)
195 crypto_free_tfm(_priv->tx_tfm_michael);
196 if (_priv->tx_tfm_arc4)
197 crypto_free_tfm(_priv->tx_tfm_arc4);
198 if (_priv->rx_tfm_michael)
199 crypto_free_tfm(_priv->rx_tfm_michael);
200 if (_priv->rx_tfm_arc4)
201 crypto_free_tfm(_priv->rx_tfm_arc4);
204 if (_priv->tx_tfm_michael)
205 crypto_free_hash(_priv->tx_tfm_michael);
206 if (_priv->tx_tfm_arc4)
207 crypto_free_blkcipher(_priv->tx_tfm_arc4);
208 if (_priv->rx_tfm_michael)
209 crypto_free_hash(_priv->rx_tfm_michael);
210 if (_priv->rx_tfm_arc4)
211 crypto_free_blkcipher(_priv->rx_tfm_arc4);
218 static inline u16 RotR1(u16 val)
220 return (val >> 1) | (val << 15);
224 static inline u8 Lo8(u16 val)
230 static inline u8 Hi8(u16 val)
236 static inline u16 Lo16(u32 val)
242 static inline u16 Hi16(u32 val)
248 static inline u16 Mk16(u8 hi, u8 lo)
250 return lo | (((u16) hi) << 8);
254 static inline u16 Mk16_le(u16 *v)
256 return le16_to_cpu(*v);
260 static const u16 Sbox[256] =
262 0xC6A5, 0xF884, 0xEE99, 0xF68D, 0xFF0D, 0xD6BD, 0xDEB1, 0x9154,
263 0x6050, 0x0203, 0xCEA9, 0x567D, 0xE719, 0xB562, 0x4DE6, 0xEC9A,
264 0x8F45, 0x1F9D, 0x8940, 0xFA87, 0xEF15, 0xB2EB, 0x8EC9, 0xFB0B,
265 0x41EC, 0xB367, 0x5FFD, 0x45EA, 0x23BF, 0x53F7, 0xE496, 0x9B5B,
266 0x75C2, 0xE11C, 0x3DAE, 0x4C6A, 0x6C5A, 0x7E41, 0xF502, 0x834F,
267 0x685C, 0x51F4, 0xD134, 0xF908, 0xE293, 0xAB73, 0x6253, 0x2A3F,
268 0x080C, 0x9552, 0x4665, 0x9D5E, 0x3028, 0x37A1, 0x0A0F, 0x2FB5,
269 0x0E09, 0x2436, 0x1B9B, 0xDF3D, 0xCD26, 0x4E69, 0x7FCD, 0xEA9F,
270 0x121B, 0x1D9E, 0x5874, 0x342E, 0x362D, 0xDCB2, 0xB4EE, 0x5BFB,
271 0xA4F6, 0x764D, 0xB761, 0x7DCE, 0x527B, 0xDD3E, 0x5E71, 0x1397,
272 0xA6F5, 0xB968, 0x0000, 0xC12C, 0x4060, 0xE31F, 0x79C8, 0xB6ED,
273 0xD4BE, 0x8D46, 0x67D9, 0x724B, 0x94DE, 0x98D4, 0xB0E8, 0x854A,
274 0xBB6B, 0xC52A, 0x4FE5, 0xED16, 0x86C5, 0x9AD7, 0x6655, 0x1194,
275 0x8ACF, 0xE910, 0x0406, 0xFE81, 0xA0F0, 0x7844, 0x25BA, 0x4BE3,
276 0xA2F3, 0x5DFE, 0x80C0, 0x058A, 0x3FAD, 0x21BC, 0x7048, 0xF104,
277 0x63DF, 0x77C1, 0xAF75, 0x4263, 0x2030, 0xE51A, 0xFD0E, 0xBF6D,
278 0x814C, 0x1814, 0x2635, 0xC32F, 0xBEE1, 0x35A2, 0x88CC, 0x2E39,
279 0x9357, 0x55F2, 0xFC82, 0x7A47, 0xC8AC, 0xBAE7, 0x322B, 0xE695,
280 0xC0A0, 0x1998, 0x9ED1, 0xA37F, 0x4466, 0x547E, 0x3BAB, 0x0B83,
281 0x8CCA, 0xC729, 0x6BD3, 0x283C, 0xA779, 0xBCE2, 0x161D, 0xAD76,
282 0xDB3B, 0x6456, 0x744E, 0x141E, 0x92DB, 0x0C0A, 0x486C, 0xB8E4,
283 0x9F5D, 0xBD6E, 0x43EF, 0xC4A6, 0x39A8, 0x31A4, 0xD337, 0xF28B,
284 0xD532, 0x8B43, 0x6E59, 0xDAB7, 0x018C, 0xB164, 0x9CD2, 0x49E0,
285 0xD8B4, 0xACFA, 0xF307, 0xCF25, 0xCAAF, 0xF48E, 0x47E9, 0x1018,
286 0x6FD5, 0xF088, 0x4A6F, 0x5C72, 0x3824, 0x57F1, 0x73C7, 0x9751,
287 0xCB23, 0xA17C, 0xE89C, 0x3E21, 0x96DD, 0x61DC, 0x0D86, 0x0F85,
288 0xE090, 0x7C42, 0x71C4, 0xCCAA, 0x90D8, 0x0605, 0xF701, 0x1C12,
289 0xC2A3, 0x6A5F, 0xAEF9, 0x69D0, 0x1791, 0x9958, 0x3A27, 0x27B9,
290 0xD938, 0xEB13, 0x2BB3, 0x2233, 0xD2BB, 0xA970, 0x0789, 0x33A7,
291 0x2DB6, 0x3C22, 0x1592, 0xC920, 0x8749, 0xAAFF, 0x5078, 0xA57A,
292 0x038F, 0x59F8, 0x0980, 0x1A17, 0x65DA, 0xD731, 0x84C6, 0xD0B8,
293 0x82C3, 0x29B0, 0x5A77, 0x1E11, 0x7BCB, 0xA8FC, 0x6DD6, 0x2C3A,
297 static inline u16 _S_(u16 v)
299 u16 t = Sbox[Hi8(v)];
300 return Sbox[Lo8(v)] ^ ((t << 8) | (t >> 8));
304 #define PHASE1_LOOP_COUNT 8
307 static void tkip_mixing_phase1(u16 *TTAK, const u8 *TK, const u8 *TA, u32 IV32)
311 /* Initialize the 80-bit TTAK from TSC (IV32) and TA[0..5] */
312 TTAK[0] = Lo16(IV32);
313 TTAK[1] = Hi16(IV32);
314 TTAK[2] = Mk16(TA[1], TA[0]);
315 TTAK[3] = Mk16(TA[3], TA[2]);
316 TTAK[4] = Mk16(TA[5], TA[4]);
318 for (i = 0; i < PHASE1_LOOP_COUNT; i++) {
320 TTAK[0] += _S_(TTAK[4] ^ Mk16(TK[1 + j], TK[0 + j]));
321 TTAK[1] += _S_(TTAK[0] ^ Mk16(TK[5 + j], TK[4 + j]));
322 TTAK[2] += _S_(TTAK[1] ^ Mk16(TK[9 + j], TK[8 + j]));
323 TTAK[3] += _S_(TTAK[2] ^ Mk16(TK[13 + j], TK[12 + j]));
324 TTAK[4] += _S_(TTAK[3] ^ Mk16(TK[1 + j], TK[0 + j])) + i;
329 static void tkip_mixing_phase2(u8 *WEPSeed, const u8 *TK, const u16 *TTAK,
332 /* Make temporary area overlap WEP seed so that the final copy can be
333 * avoided on little endian hosts. */
334 u16 *PPK = (u16 *) &WEPSeed[4];
336 /* Step 1 - make copy of TTAK and bring in TSC */
342 PPK[5] = TTAK[4] + IV16;
344 /* Step 2 - 96-bit bijective mixing using S-box */
345 PPK[0] += _S_(PPK[5] ^ Mk16_le((u16 *) &TK[0]));
346 PPK[1] += _S_(PPK[0] ^ Mk16_le((u16 *) &TK[2]));
347 PPK[2] += _S_(PPK[1] ^ Mk16_le((u16 *) &TK[4]));
348 PPK[3] += _S_(PPK[2] ^ Mk16_le((u16 *) &TK[6]));
349 PPK[4] += _S_(PPK[3] ^ Mk16_le((u16 *) &TK[8]));
350 PPK[5] += _S_(PPK[4] ^ Mk16_le((u16 *) &TK[10]));
352 PPK[0] += RotR1(PPK[5] ^ Mk16_le((u16 *) &TK[12]));
353 PPK[1] += RotR1(PPK[0] ^ Mk16_le((u16 *) &TK[14]));
354 PPK[2] += RotR1(PPK[1]);
355 PPK[3] += RotR1(PPK[2]);
356 PPK[4] += RotR1(PPK[3]);
357 PPK[5] += RotR1(PPK[4]);
359 /* Step 3 - bring in last of TK bits, assign 24-bit WEP IV value
360 * WEPSeed[0..2] is transmitted as WEP IV */
361 WEPSeed[0] = Hi8(IV16);
362 WEPSeed[1] = (Hi8(IV16) | 0x20) & 0x7F;
363 WEPSeed[2] = Lo8(IV16);
364 WEPSeed[3] = Lo8((PPK[5] ^ Mk16_le((u16 *) &TK[0])) >> 1);
369 for (i = 0; i < 6; i++)
370 PPK[i] = (PPK[i] << 8) | (PPK[i] >> 8);
376 static int ieee80211_tkip_encrypt(struct sk_buff *skb, int hdr_len, void *priv)
378 struct ieee80211_tkip_data *tkey = priv;
381 struct ieee80211_hdr_4addr *hdr;
382 cb_desc *tcb_desc = (cb_desc *)(skb->cb + MAX_DEV_ADDR_SIZE);
384 #if((LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,21)) || (OPENSUSE_SLED))
385 struct blkcipher_desc desc = {.tfm = tkey->tx_tfm_arc4};
390 struct scatterlist sg;
392 if (skb_headroom(skb) < 8 || skb_tailroom(skb) < 4 ||
396 hdr = (struct ieee80211_hdr_4addr *) skb->data;
400 printk("%x|", ((u32*)tkey->key)[0]);
401 printk("%x|", ((u32*)tkey->key)[1]);
402 printk("%x|", ((u32*)tkey->key)[2]);
403 printk("%x|", ((u32*)tkey->key)[3]);
404 printk("%x|", ((u32*)tkey->key)[4]);
405 printk("%x|", ((u32*)tkey->key)[5]);
406 printk("%x|", ((u32*)tkey->key)[6]);
407 printk("%x\n", ((u32*)tkey->key)[7]);
410 if (!tcb_desc->bHwSec)
412 if (!tkey->tx_phase1_done) {
413 tkip_mixing_phase1(tkey->tx_ttak, tkey->key, hdr->addr2,
415 tkey->tx_phase1_done = 1;
417 tkip_mixing_phase2(rc4key, tkey->key, tkey->tx_ttak, tkey->tx_iv16);
420 tkey->tx_phase1_done = 1;
423 len = skb->len - hdr_len;
424 pos = skb_push(skb, 8);
425 memmove(pos, pos + 8, hdr_len);
428 if (tcb_desc->bHwSec)
430 *pos++ = Hi8(tkey->tx_iv16);
431 *pos++ = (Hi8(tkey->tx_iv16) | 0x20) & 0x7F;
432 *pos++ = Lo8(tkey->tx_iv16);
441 *pos++ = (tkey->key_idx << 6) | (1 << 5) /* Ext IV included */;
442 *pos++ = tkey->tx_iv32 & 0xff;
443 *pos++ = (tkey->tx_iv32 >> 8) & 0xff;
444 *pos++ = (tkey->tx_iv32 >> 16) & 0xff;
445 *pos++ = (tkey->tx_iv32 >> 24) & 0xff;
447 if (!tcb_desc->bHwSec)
449 icv = skb_put(skb, 4);
450 #if (LINUX_VERSION_CODE > KERNEL_VERSION(2,5,0))
451 crc = ~crc32_le(~0, pos, len);
453 crc = ~ether_crc_le(len, pos);
459 #if((LINUX_VERSION_CODE < KERNEL_VERSION(2,6,21)) && (!OPENSUSE_SLED))
460 crypto_cipher_setkey(tkey->tx_tfm_arc4, rc4key, 16);
461 sg.page = virt_to_page(pos);
462 sg.offset = offset_in_page(pos);
464 crypto_cipher_encrypt(tkey->tx_tfm_arc4, &sg, &sg, len + 4);
466 crypto_blkcipher_setkey(tkey->tx_tfm_arc4, rc4key, 16);
467 #if(LINUX_VERSION_CODE < KERNEL_VERSION(2,6,24))
468 sg.page = virt_to_page(pos);
469 sg.offset = offset_in_page(pos);
472 sg_init_one(&sg, pos, len+4);
474 ret= crypto_blkcipher_encrypt(&desc, &sg, &sg, len + 4);
480 if (tkey->tx_iv16 == 0) {
481 tkey->tx_phase1_done = 0;
485 if (!tcb_desc->bHwSec)
486 #if((LINUX_VERSION_CODE < KERNEL_VERSION(2,6,21)) && (!OPENSUSE_SLED))
497 static int ieee80211_tkip_decrypt(struct sk_buff *skb, int hdr_len, void *priv)
499 struct ieee80211_tkip_data *tkey = priv;
503 struct ieee80211_hdr_4addr *hdr;
504 cb_desc *tcb_desc = (cb_desc *)(skb->cb + MAX_DEV_ADDR_SIZE);
505 #if((LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,21)) || (OPENSUSE_SLED))
506 struct blkcipher_desc desc = {.tfm = tkey->rx_tfm_arc4};
511 struct scatterlist sg;
513 if (skb->len < hdr_len + 8 + 4)
516 hdr = (struct ieee80211_hdr_4addr *) skb->data;
517 pos = skb->data + hdr_len;
519 if (!(keyidx & (1 << 5))) {
520 if (net_ratelimit()) {
521 printk(KERN_DEBUG "TKIP: received packet without ExtIV"
522 " flag from %pM\n", hdr->addr2);
527 if (tkey->key_idx != keyidx) {
528 printk(KERN_DEBUG "TKIP: RX tkey->key_idx=%d frame "
529 "keyidx=%d priv=%p\n", tkey->key_idx, keyidx, priv);
532 if (!tkey->key_set) {
533 if (net_ratelimit()) {
534 printk(KERN_DEBUG "TKIP: received packet from %pM"
535 " with keyid=%d that does not have a configured"
536 " key\n", hdr->addr2, keyidx);
540 iv16 = (pos[0] << 8) | pos[2];
541 iv32 = pos[4] | (pos[5] << 8) | (pos[6] << 16) | (pos[7] << 24);
544 if (!tcb_desc->bHwSec)
546 if (iv32 < tkey->rx_iv32 ||
547 (iv32 == tkey->rx_iv32 && iv16 <= tkey->rx_iv16)) {
548 if (net_ratelimit()) {
549 printk(KERN_DEBUG "TKIP: replay detected: STA=%pM"
550 " previous TSC %08x%04x received TSC "
551 "%08x%04x\n", hdr->addr2,
552 tkey->rx_iv32, tkey->rx_iv16, iv32, iv16);
554 tkey->dot11RSNAStatsTKIPReplays++;
558 if (iv32 != tkey->rx_iv32 || !tkey->rx_phase1_done) {
559 tkip_mixing_phase1(tkey->rx_ttak, tkey->key, hdr->addr2, iv32);
560 tkey->rx_phase1_done = 1;
562 tkip_mixing_phase2(rc4key, tkey->key, tkey->rx_ttak, iv16);
564 plen = skb->len - hdr_len - 12;
566 #if((LINUX_VERSION_CODE < KERNEL_VERSION(2,6,21)) && (!OPENSUSE_SLED))
567 crypto_cipher_setkey(tkey->rx_tfm_arc4, rc4key, 16);
568 sg.page = virt_to_page(pos);
569 sg.offset = offset_in_page(pos);
570 sg.length = plen + 4;
571 crypto_cipher_decrypt(tkey->rx_tfm_arc4, &sg, &sg, plen + 4);
573 crypto_blkcipher_setkey(tkey->rx_tfm_arc4, rc4key, 16);
574 #if(LINUX_VERSION_CODE < KERNEL_VERSION(2,6,24))
575 sg.page = virt_to_page(pos);
576 sg.offset = offset_in_page(pos);
577 sg.length = plen + 4;
579 sg_init_one(&sg, pos, plen+4);
581 if (crypto_blkcipher_decrypt(&desc, &sg, &sg, plen + 4)) {
582 if (net_ratelimit()) {
583 printk(KERN_DEBUG ": TKIP: failed to decrypt "
584 "received packet from %pM\n",
591 #if (LINUX_VERSION_CODE > KERNEL_VERSION(2,5,0))
592 crc = ~crc32_le(~0, pos, plen);
594 crc = ~ether_crc_le(plen, pos);
601 if (memcmp(icv, pos + plen, 4) != 0) {
602 if (iv32 != tkey->rx_iv32) {
603 /* Previously cached Phase1 result was already lost, so
604 * it needs to be recalculated for the next packet. */
605 tkey->rx_phase1_done = 0;
607 if (net_ratelimit()) {
609 "TKIP: ICV error detected: STA=%pM\n",
612 tkey->dot11RSNAStatsTKIPICVErrors++;
618 /* Update real counters only after Michael MIC verification has
620 tkey->rx_iv32_new = iv32;
621 tkey->rx_iv16_new = iv16;
623 /* Remove IV and ICV */
624 memmove(skb->data + 8, skb->data, hdr_len);
626 skb_trim(skb, skb->len - 4);
630 if( ((u16*)skb->data)[0] & 0x4000){
631 printk("@@ rx decrypted skb->data");
633 for(i=0;i<skb->len;i++){
634 if( (i%24)==0 ) printk("\n");
635 printk("%2x ", ((u8*)skb->data)[i]);
644 #if((LINUX_VERSION_CODE < KERNEL_VERSION(2,6,21)) && (!OPENSUSE_SLED))
645 static int michael_mic(struct crypto_tfm * tfm_michael, u8 *key, u8 *hdr,
646 u8 *data, size_t data_len, u8 *mic)
648 struct scatterlist sg[2];
649 #if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,20)
650 struct hash_desc desc;
654 if (tfm_michael == NULL){
655 printk(KERN_WARNING "michael_mic: tfm_michael == NULL\n");
658 sg[0].page = virt_to_page(hdr);
659 sg[0].offset = offset_in_page(hdr);
662 sg[1].page = virt_to_page(data);
663 sg[1].offset = offset_in_page(data);
664 sg[1].length = data_len;
667 #if LINUX_VERSION_CODE < KERNEL_VERSION(2,6,20)
668 crypto_digest_init(tfm_michael);
669 crypto_digest_setkey(tfm_michael, key, 8);
670 crypto_digest_update(tfm_michael, sg, 2);
671 crypto_digest_final(tfm_michael, mic);
674 if (crypto_hash_setkey(tkey->tfm_michael, key, 8))
678 desc.tfm = tkey->tfm_michael;
680 ret = crypto_hash_digest(&desc, sg, data_len + 16, mic);
685 static int michael_mic(struct crypto_hash *tfm_michael, u8 * key, u8 * hdr,
686 u8 * data, size_t data_len, u8 * mic)
688 struct hash_desc desc;
689 struct scatterlist sg[2];
691 if (tfm_michael == NULL) {
692 printk(KERN_WARNING "michael_mic: tfm_michael == NULL\n");
695 #if LINUX_VERSION_CODE < KERNEL_VERSION(2,6,24)
696 sg[0].page = virt_to_page(hdr);
697 sg[0].offset = offset_in_page(hdr);
700 sg[1].page = virt_to_page(data);
701 sg[1].offset = offset_in_page(data);
702 sg[1].length = data_len;
704 sg_init_table(sg, 2);
705 sg_set_buf(&sg[0], hdr, 16);
706 sg_set_buf(&sg[1], data, data_len);
709 if (crypto_hash_setkey(tfm_michael, key, 8))
712 desc.tfm = tfm_michael;
714 return crypto_hash_digest(&desc, sg, data_len + 16, mic);
720 static void michael_mic_hdr(struct sk_buff *skb, u8 *hdr)
722 struct ieee80211_hdr_4addr *hdr11;
724 hdr11 = (struct ieee80211_hdr_4addr *) skb->data;
725 switch (le16_to_cpu(hdr11->frame_ctl) &
726 (IEEE80211_FCTL_FROMDS | IEEE80211_FCTL_TODS)) {
727 case IEEE80211_FCTL_TODS:
728 memcpy(hdr, hdr11->addr3, ETH_ALEN); /* DA */
729 memcpy(hdr + ETH_ALEN, hdr11->addr2, ETH_ALEN); /* SA */
731 case IEEE80211_FCTL_FROMDS:
732 memcpy(hdr, hdr11->addr1, ETH_ALEN); /* DA */
733 memcpy(hdr + ETH_ALEN, hdr11->addr3, ETH_ALEN); /* SA */
735 case IEEE80211_FCTL_FROMDS | IEEE80211_FCTL_TODS:
736 memcpy(hdr, hdr11->addr3, ETH_ALEN); /* DA */
737 memcpy(hdr + ETH_ALEN, hdr11->addr4, ETH_ALEN); /* SA */
740 memcpy(hdr, hdr11->addr1, ETH_ALEN); /* DA */
741 memcpy(hdr + ETH_ALEN, hdr11->addr2, ETH_ALEN); /* SA */
745 hdr[12] = 0; /* priority */
747 hdr[13] = hdr[14] = hdr[15] = 0; /* reserved */
751 static int ieee80211_michael_mic_add(struct sk_buff *skb, int hdr_len, void *priv)
753 struct ieee80211_tkip_data *tkey = priv;
755 struct ieee80211_hdr_4addr *hdr;
757 hdr = (struct ieee80211_hdr_4addr *) skb->data;
759 if (skb_tailroom(skb) < 8 || skb->len < hdr_len) {
760 printk(KERN_DEBUG "Invalid packet for Michael MIC add "
761 "(tailroom=%d hdr_len=%d skb->len=%d)\n",
762 skb_tailroom(skb), hdr_len, skb->len);
766 michael_mic_hdr(skb, tkey->tx_hdr);
769 // fix the wpa process with wmm enabled.
770 if(IEEE80211_QOS_HAS_SEQ(le16_to_cpu(hdr->frame_ctl))) {
771 tkey->tx_hdr[12] = *(skb->data + hdr_len - 2) & 0x07;
774 pos = skb_put(skb, 8);
775 #if((LINUX_VERSION_CODE < KERNEL_VERSION(2,6,21)) && (!OPENSUSE_SLED))
776 if (michael_mic(tkey->tx_tfm_michael, &tkey->key[16], tkey->tx_hdr,
777 skb->data + hdr_len, skb->len - 8 - hdr_len, pos))
779 if (michael_mic(tkey->tx_tfm_michael, &tkey->key[16], tkey->tx_hdr,
780 skb->data + hdr_len, skb->len - 8 - hdr_len, pos))
788 #if WIRELESS_EXT >= 18
789 static void ieee80211_michael_mic_failure(struct net_device *dev,
790 struct ieee80211_hdr_4addr *hdr,
793 union iwreq_data wrqu;
794 struct iw_michaelmicfailure ev;
796 /* TODO: needed parameters: count, keyid, key type, TSC */
797 memset(&ev, 0, sizeof(ev));
798 ev.flags = keyidx & IW_MICFAILURE_KEY_ID;
799 if (hdr->addr1[0] & 0x01)
800 ev.flags |= IW_MICFAILURE_GROUP;
802 ev.flags |= IW_MICFAILURE_PAIRWISE;
803 ev.src_addr.sa_family = ARPHRD_ETHER;
804 memcpy(ev.src_addr.sa_data, hdr->addr2, ETH_ALEN);
805 memset(&wrqu, 0, sizeof(wrqu));
806 wrqu.data.length = sizeof(ev);
807 wireless_send_event(dev, IWEVMICHAELMICFAILURE, &wrqu, (char *) &ev);
809 #elif WIRELESS_EXT >= 15
810 static void ieee80211_michael_mic_failure(struct net_device *dev,
811 struct ieee80211_hdr_4addr *hdr,
814 union iwreq_data wrqu;
817 /* TODO: needed parameters: count, keyid, key type, TSC */
818 sprintf(buf, "MLME-MICHAELMICFAILURE.indication(keyid=%d %scast addr="
819 "%pM)", keyidx, hdr->addr1[0] & 0x01 ? "broad" : "uni",
821 memset(&wrqu, 0, sizeof(wrqu));
822 wrqu.data.length = strlen(buf);
823 wireless_send_event(dev, IWEVCUSTOM, &wrqu, buf);
825 #else /* WIRELESS_EXT >= 15 */
826 static inline void ieee80211_michael_mic_failure(struct net_device *dev,
827 struct ieee80211_hdr_4addr *hdr,
831 #endif /* WIRELESS_EXT >= 15 */
833 static int ieee80211_michael_mic_verify(struct sk_buff *skb, int keyidx,
834 int hdr_len, void *priv)
836 struct ieee80211_tkip_data *tkey = priv;
838 struct ieee80211_hdr_4addr *hdr;
840 hdr = (struct ieee80211_hdr_4addr *) skb->data;
845 michael_mic_hdr(skb, tkey->rx_hdr);
847 // fix the wpa process with wmm enabled.
848 if(IEEE80211_QOS_HAS_SEQ(le16_to_cpu(hdr->frame_ctl))) {
849 tkey->rx_hdr[12] = *(skb->data + hdr_len - 2) & 0x07;
853 #if((LINUX_VERSION_CODE < KERNEL_VERSION(2,6,21)) && (!OPENSUSE_SLED))
854 if (michael_mic(tkey->rx_tfm_michael, &tkey->key[24], tkey->rx_hdr,
855 skb->data + hdr_len, skb->len - 8 - hdr_len, mic))
857 if (michael_mic(tkey->rx_tfm_michael, &tkey->key[24], tkey->rx_hdr,
858 skb->data + hdr_len, skb->len - 8 - hdr_len, mic))
861 if (memcmp(mic, skb->data + skb->len - 8, 8) != 0) {
862 struct ieee80211_hdr_4addr *hdr;
863 hdr = (struct ieee80211_hdr_4addr *) skb->data;
864 printk(KERN_DEBUG "%s: Michael MIC verification failed for "
865 "MSDU from %pM keyidx=%d\n",
866 skb->dev ? skb->dev->name : "N/A", hdr->addr2,
869 ieee80211_michael_mic_failure(skb->dev, hdr, keyidx);
870 tkey->dot11RSNAStatsTKIPLocalMICFailures++;
874 /* Update TSC counters for RX now that the packet verification has
876 tkey->rx_iv32 = tkey->rx_iv32_new;
877 tkey->rx_iv16 = tkey->rx_iv16_new;
879 skb_trim(skb, skb->len - 8);
885 static int ieee80211_tkip_set_key(void *key, int len, u8 *seq, void *priv)
887 struct ieee80211_tkip_data *tkey = priv;
889 #if((LINUX_VERSION_CODE < KERNEL_VERSION(2,6,21)) && (!OPENSUSE_SLED))
890 struct crypto_tfm *tfm = tkey->tx_tfm_michael;
891 struct crypto_tfm *tfm2 = tkey->tx_tfm_arc4;
892 struct crypto_tfm *tfm3 = tkey->rx_tfm_michael;
893 struct crypto_tfm *tfm4 = tkey->rx_tfm_arc4;
895 struct crypto_hash *tfm = tkey->tx_tfm_michael;
896 struct crypto_blkcipher *tfm2 = tkey->tx_tfm_arc4;
897 struct crypto_hash *tfm3 = tkey->rx_tfm_michael;
898 struct crypto_blkcipher *tfm4 = tkey->rx_tfm_arc4;
901 keyidx = tkey->key_idx;
902 memset(tkey, 0, sizeof(*tkey));
903 tkey->key_idx = keyidx;
904 #if((LINUX_VERSION_CODE < KERNEL_VERSION(2,6,21)) && (!OPENSUSE_SLED))
905 tkey->tx_tfm_michael = tfm;
906 tkey->tx_tfm_arc4 = tfm2;
907 tkey->rx_tfm_michael = tfm3;
908 tkey->rx_tfm_arc4 = tfm4;
910 tkey->tx_tfm_michael = tfm;
911 tkey->tx_tfm_arc4 = tfm2;
912 tkey->rx_tfm_michael = tfm3;
913 tkey->rx_tfm_arc4 = tfm4;
916 if (len == TKIP_KEY_LEN) {
917 memcpy(tkey->key, key, TKIP_KEY_LEN);
919 tkey->tx_iv16 = 1; /* TSC is initialized to 1 */
921 tkey->rx_iv32 = (seq[5] << 24) | (seq[4] << 16) |
922 (seq[3] << 8) | seq[2];
923 tkey->rx_iv16 = (seq[1] << 8) | seq[0];
934 static int ieee80211_tkip_get_key(void *key, int len, u8 *seq, void *priv)
936 struct ieee80211_tkip_data *tkey = priv;
938 if (len < TKIP_KEY_LEN)
943 memcpy(key, tkey->key, TKIP_KEY_LEN);
946 /* Return the sequence number of the last transmitted frame. */
947 u16 iv16 = tkey->tx_iv16;
948 u32 iv32 = tkey->tx_iv32;
952 seq[0] = tkey->tx_iv16;
953 seq[1] = tkey->tx_iv16 >> 8;
954 seq[2] = tkey->tx_iv32;
955 seq[3] = tkey->tx_iv32 >> 8;
956 seq[4] = tkey->tx_iv32 >> 16;
957 seq[5] = tkey->tx_iv32 >> 24;
964 static char * ieee80211_tkip_print_stats(char *p, void *priv)
966 struct ieee80211_tkip_data *tkip = priv;
967 p += sprintf(p, "key[%d] alg=TKIP key_set=%d "
968 "tx_pn=%02x%02x%02x%02x%02x%02x "
969 "rx_pn=%02x%02x%02x%02x%02x%02x "
970 "replays=%d icv_errors=%d local_mic_failures=%d\n",
971 tkip->key_idx, tkip->key_set,
972 (tkip->tx_iv32 >> 24) & 0xff,
973 (tkip->tx_iv32 >> 16) & 0xff,
974 (tkip->tx_iv32 >> 8) & 0xff,
975 tkip->tx_iv32 & 0xff,
976 (tkip->tx_iv16 >> 8) & 0xff,
977 tkip->tx_iv16 & 0xff,
978 (tkip->rx_iv32 >> 24) & 0xff,
979 (tkip->rx_iv32 >> 16) & 0xff,
980 (tkip->rx_iv32 >> 8) & 0xff,
981 tkip->rx_iv32 & 0xff,
982 (tkip->rx_iv16 >> 8) & 0xff,
983 tkip->rx_iv16 & 0xff,
984 tkip->dot11RSNAStatsTKIPReplays,
985 tkip->dot11RSNAStatsTKIPICVErrors,
986 tkip->dot11RSNAStatsTKIPLocalMICFailures);
991 static struct ieee80211_crypto_ops ieee80211_crypt_tkip = {
993 .init = ieee80211_tkip_init,
994 .deinit = ieee80211_tkip_deinit,
995 .encrypt_mpdu = ieee80211_tkip_encrypt,
996 .decrypt_mpdu = ieee80211_tkip_decrypt,
997 .encrypt_msdu = ieee80211_michael_mic_add,
998 .decrypt_msdu = ieee80211_michael_mic_verify,
999 .set_key = ieee80211_tkip_set_key,
1000 .get_key = ieee80211_tkip_get_key,
1001 .print_stats = ieee80211_tkip_print_stats,
1002 .extra_prefix_len = 4 + 4, /* IV + ExtIV */
1003 .extra_postfix_len = 8 + 4, /* MIC + ICV */
1004 .owner = THIS_MODULE,
1008 int __init ieee80211_crypto_tkip_init(void)
1010 return ieee80211_register_crypto_ops(&ieee80211_crypt_tkip);
1014 void ieee80211_crypto_tkip_exit(void)
1016 ieee80211_unregister_crypto_ops(&ieee80211_crypt_tkip);
1019 void ieee80211_tkip_null(void)
1021 // printk("============>%s()\n", __FUNCTION__);
1024 #if (LINUX_VERSION_CODE > KERNEL_VERSION(2,5,0))
1025 //EXPORT_SYMBOL(ieee80211_tkip_null);
1027 EXPORT_SYMBOL_NOVERS(ieee80211_tkip_null);
1030 //module_init(ieee80211_crypto_tkip_init);
1031 //module_exit(ieee80211_crypto_tkip_exit);