2 * Host AP crypt: host-based TKIP encryption implementation for Host AP driver
4 * Copyright (c) 2003-2004, Jouni Malinen <jkmaline@cc.hut.fi>
6 * This program is free software; you can redistribute it and/or modify
7 * it under the terms of the GNU General Public License version 2 as
8 * published by the Free Software Foundation. See README and COPYING for
12 //#include <linux/config.h>
13 #include <linux/module.h>
14 #include <linux/init.h>
15 #include <linux/slab.h>
16 #include <linux/random.h>
17 #include <linux/skbuff.h>
18 #include <linux/netdevice.h>
19 #include <linux/if_ether.h>
20 #include <linux/if_arp.h>
21 #include <asm/string.h>
23 #include "ieee80211.h"
25 #include <linux/crypto.h>
26 #include <linux/scatterlist.h>
27 #include <linux/crc32.h>
29 MODULE_AUTHOR("Jouni Malinen");
30 MODULE_DESCRIPTION("Host AP crypt: TKIP");
31 MODULE_LICENSE("GPL");
33 struct ieee80211_tkip_data {
34 #define TKIP_KEY_LEN 32
50 u32 dot11RSNAStatsTKIPReplays;
51 u32 dot11RSNAStatsTKIPICVErrors;
52 u32 dot11RSNAStatsTKIPLocalMICFailures;
56 struct crypto_blkcipher *rx_tfm_arc4;
57 struct crypto_hash *rx_tfm_michael;
58 struct crypto_blkcipher *tx_tfm_arc4;
59 struct crypto_hash *tx_tfm_michael;
61 /* scratch buffers for virt_to_page() (crypto API) */
62 u8 rx_hdr[16], tx_hdr[16];
65 static void * ieee80211_tkip_init(int key_idx)
67 struct ieee80211_tkip_data *priv;
69 priv = kzalloc(sizeof(*priv), GFP_ATOMIC);
72 priv->key_idx = key_idx;
74 priv->tx_tfm_arc4 = crypto_alloc_blkcipher("ecb(arc4)", 0,
76 if (IS_ERR(priv->tx_tfm_arc4)) {
77 printk(KERN_DEBUG "ieee80211_crypt_tkip: could not allocate "
79 priv->tx_tfm_arc4 = NULL;
83 priv->tx_tfm_michael = crypto_alloc_hash("michael_mic", 0,
85 if (IS_ERR(priv->tx_tfm_michael)) {
86 printk(KERN_DEBUG "ieee80211_crypt_tkip: could not allocate "
87 "crypto API michael_mic\n");
88 priv->tx_tfm_michael = NULL;
92 priv->rx_tfm_arc4 = crypto_alloc_blkcipher("ecb(arc4)", 0,
94 if (IS_ERR(priv->rx_tfm_arc4)) {
95 printk(KERN_DEBUG "ieee80211_crypt_tkip: could not allocate "
97 priv->rx_tfm_arc4 = NULL;
101 priv->rx_tfm_michael = crypto_alloc_hash("michael_mic", 0,
103 if (IS_ERR(priv->rx_tfm_michael)) {
104 printk(KERN_DEBUG "ieee80211_crypt_tkip: could not allocate "
105 "crypto API michael_mic\n");
106 priv->rx_tfm_michael = NULL;
114 if (priv->tx_tfm_michael)
115 crypto_free_hash(priv->tx_tfm_michael);
116 if (priv->tx_tfm_arc4)
117 crypto_free_blkcipher(priv->tx_tfm_arc4);
118 if (priv->rx_tfm_michael)
119 crypto_free_hash(priv->rx_tfm_michael);
120 if (priv->rx_tfm_arc4)
121 crypto_free_blkcipher(priv->rx_tfm_arc4);
129 static void ieee80211_tkip_deinit(void *priv)
131 struct ieee80211_tkip_data *_priv = priv;
134 if (_priv->tx_tfm_michael)
135 crypto_free_hash(_priv->tx_tfm_michael);
136 if (_priv->tx_tfm_arc4)
137 crypto_free_blkcipher(_priv->tx_tfm_arc4);
138 if (_priv->rx_tfm_michael)
139 crypto_free_hash(_priv->rx_tfm_michael);
140 if (_priv->rx_tfm_arc4)
141 crypto_free_blkcipher(_priv->rx_tfm_arc4);
147 static inline u16 RotR1(u16 val)
149 return (val >> 1) | (val << 15);
153 static inline u8 Lo8(u16 val)
159 static inline u8 Hi8(u16 val)
165 static inline u16 Lo16(u32 val)
171 static inline u16 Hi16(u32 val)
177 static inline u16 Mk16(u8 hi, u8 lo)
179 return lo | (((u16) hi) << 8);
183 static inline u16 Mk16_le(u16 *v)
185 return le16_to_cpu(*v);
189 static const u16 Sbox[256] =
191 0xC6A5, 0xF884, 0xEE99, 0xF68D, 0xFF0D, 0xD6BD, 0xDEB1, 0x9154,
192 0x6050, 0x0203, 0xCEA9, 0x567D, 0xE719, 0xB562, 0x4DE6, 0xEC9A,
193 0x8F45, 0x1F9D, 0x8940, 0xFA87, 0xEF15, 0xB2EB, 0x8EC9, 0xFB0B,
194 0x41EC, 0xB367, 0x5FFD, 0x45EA, 0x23BF, 0x53F7, 0xE496, 0x9B5B,
195 0x75C2, 0xE11C, 0x3DAE, 0x4C6A, 0x6C5A, 0x7E41, 0xF502, 0x834F,
196 0x685C, 0x51F4, 0xD134, 0xF908, 0xE293, 0xAB73, 0x6253, 0x2A3F,
197 0x080C, 0x9552, 0x4665, 0x9D5E, 0x3028, 0x37A1, 0x0A0F, 0x2FB5,
198 0x0E09, 0x2436, 0x1B9B, 0xDF3D, 0xCD26, 0x4E69, 0x7FCD, 0xEA9F,
199 0x121B, 0x1D9E, 0x5874, 0x342E, 0x362D, 0xDCB2, 0xB4EE, 0x5BFB,
200 0xA4F6, 0x764D, 0xB761, 0x7DCE, 0x527B, 0xDD3E, 0x5E71, 0x1397,
201 0xA6F5, 0xB968, 0x0000, 0xC12C, 0x4060, 0xE31F, 0x79C8, 0xB6ED,
202 0xD4BE, 0x8D46, 0x67D9, 0x724B, 0x94DE, 0x98D4, 0xB0E8, 0x854A,
203 0xBB6B, 0xC52A, 0x4FE5, 0xED16, 0x86C5, 0x9AD7, 0x6655, 0x1194,
204 0x8ACF, 0xE910, 0x0406, 0xFE81, 0xA0F0, 0x7844, 0x25BA, 0x4BE3,
205 0xA2F3, 0x5DFE, 0x80C0, 0x058A, 0x3FAD, 0x21BC, 0x7048, 0xF104,
206 0x63DF, 0x77C1, 0xAF75, 0x4263, 0x2030, 0xE51A, 0xFD0E, 0xBF6D,
207 0x814C, 0x1814, 0x2635, 0xC32F, 0xBEE1, 0x35A2, 0x88CC, 0x2E39,
208 0x9357, 0x55F2, 0xFC82, 0x7A47, 0xC8AC, 0xBAE7, 0x322B, 0xE695,
209 0xC0A0, 0x1998, 0x9ED1, 0xA37F, 0x4466, 0x547E, 0x3BAB, 0x0B83,
210 0x8CCA, 0xC729, 0x6BD3, 0x283C, 0xA779, 0xBCE2, 0x161D, 0xAD76,
211 0xDB3B, 0x6456, 0x744E, 0x141E, 0x92DB, 0x0C0A, 0x486C, 0xB8E4,
212 0x9F5D, 0xBD6E, 0x43EF, 0xC4A6, 0x39A8, 0x31A4, 0xD337, 0xF28B,
213 0xD532, 0x8B43, 0x6E59, 0xDAB7, 0x018C, 0xB164, 0x9CD2, 0x49E0,
214 0xD8B4, 0xACFA, 0xF307, 0xCF25, 0xCAAF, 0xF48E, 0x47E9, 0x1018,
215 0x6FD5, 0xF088, 0x4A6F, 0x5C72, 0x3824, 0x57F1, 0x73C7, 0x9751,
216 0xCB23, 0xA17C, 0xE89C, 0x3E21, 0x96DD, 0x61DC, 0x0D86, 0x0F85,
217 0xE090, 0x7C42, 0x71C4, 0xCCAA, 0x90D8, 0x0605, 0xF701, 0x1C12,
218 0xC2A3, 0x6A5F, 0xAEF9, 0x69D0, 0x1791, 0x9958, 0x3A27, 0x27B9,
219 0xD938, 0xEB13, 0x2BB3, 0x2233, 0xD2BB, 0xA970, 0x0789, 0x33A7,
220 0x2DB6, 0x3C22, 0x1592, 0xC920, 0x8749, 0xAAFF, 0x5078, 0xA57A,
221 0x038F, 0x59F8, 0x0980, 0x1A17, 0x65DA, 0xD731, 0x84C6, 0xD0B8,
222 0x82C3, 0x29B0, 0x5A77, 0x1E11, 0x7BCB, 0xA8FC, 0x6DD6, 0x2C3A,
226 static inline u16 _S_(u16 v)
228 u16 t = Sbox[Hi8(v)];
229 return Sbox[Lo8(v)] ^ ((t << 8) | (t >> 8));
233 #define PHASE1_LOOP_COUNT 8
236 static void tkip_mixing_phase1(u16 *TTAK, const u8 *TK, const u8 *TA, u32 IV32)
240 /* Initialize the 80-bit TTAK from TSC (IV32) and TA[0..5] */
241 TTAK[0] = Lo16(IV32);
242 TTAK[1] = Hi16(IV32);
243 TTAK[2] = Mk16(TA[1], TA[0]);
244 TTAK[3] = Mk16(TA[3], TA[2]);
245 TTAK[4] = Mk16(TA[5], TA[4]);
247 for (i = 0; i < PHASE1_LOOP_COUNT; i++) {
249 TTAK[0] += _S_(TTAK[4] ^ Mk16(TK[1 + j], TK[0 + j]));
250 TTAK[1] += _S_(TTAK[0] ^ Mk16(TK[5 + j], TK[4 + j]));
251 TTAK[2] += _S_(TTAK[1] ^ Mk16(TK[9 + j], TK[8 + j]));
252 TTAK[3] += _S_(TTAK[2] ^ Mk16(TK[13 + j], TK[12 + j]));
253 TTAK[4] += _S_(TTAK[3] ^ Mk16(TK[1 + j], TK[0 + j])) + i;
258 static void tkip_mixing_phase2(u8 *WEPSeed, const u8 *TK, const u16 *TTAK,
261 /* Make temporary area overlap WEP seed so that the final copy can be
262 * avoided on little endian hosts. */
263 u16 *PPK = (u16 *) &WEPSeed[4];
265 /* Step 1 - make copy of TTAK and bring in TSC */
271 PPK[5] = TTAK[4] + IV16;
273 /* Step 2 - 96-bit bijective mixing using S-box */
274 PPK[0] += _S_(PPK[5] ^ Mk16_le((u16 *) &TK[0]));
275 PPK[1] += _S_(PPK[0] ^ Mk16_le((u16 *) &TK[2]));
276 PPK[2] += _S_(PPK[1] ^ Mk16_le((u16 *) &TK[4]));
277 PPK[3] += _S_(PPK[2] ^ Mk16_le((u16 *) &TK[6]));
278 PPK[4] += _S_(PPK[3] ^ Mk16_le((u16 *) &TK[8]));
279 PPK[5] += _S_(PPK[4] ^ Mk16_le((u16 *) &TK[10]));
281 PPK[0] += RotR1(PPK[5] ^ Mk16_le((u16 *) &TK[12]));
282 PPK[1] += RotR1(PPK[0] ^ Mk16_le((u16 *) &TK[14]));
283 PPK[2] += RotR1(PPK[1]);
284 PPK[3] += RotR1(PPK[2]);
285 PPK[4] += RotR1(PPK[3]);
286 PPK[5] += RotR1(PPK[4]);
288 /* Step 3 - bring in last of TK bits, assign 24-bit WEP IV value
289 * WEPSeed[0..2] is transmitted as WEP IV */
290 WEPSeed[0] = Hi8(IV16);
291 WEPSeed[1] = (Hi8(IV16) | 0x20) & 0x7F;
292 WEPSeed[2] = Lo8(IV16);
293 WEPSeed[3] = Lo8((PPK[5] ^ Mk16_le((u16 *) &TK[0])) >> 1);
298 for (i = 0; i < 6; i++)
299 PPK[i] = (PPK[i] << 8) | (PPK[i] >> 8);
305 static int ieee80211_tkip_encrypt(struct sk_buff *skb, int hdr_len, void *priv)
307 struct ieee80211_tkip_data *tkey = priv;
310 struct ieee80211_hdr_4addr *hdr;
311 cb_desc *tcb_desc = (cb_desc *)(skb->cb + MAX_DEV_ADDR_SIZE);
312 struct blkcipher_desc desc = {.tfm = tkey->tx_tfm_arc4};
316 struct scatterlist sg;
318 if (skb_headroom(skb) < 8 || skb_tailroom(skb) < 4 ||
322 hdr = (struct ieee80211_hdr_4addr *) skb->data;
324 if (!tcb_desc->bHwSec)
326 if (!tkey->tx_phase1_done) {
327 tkip_mixing_phase1(tkey->tx_ttak, tkey->key, hdr->addr2,
329 tkey->tx_phase1_done = 1;
331 tkip_mixing_phase2(rc4key, tkey->key, tkey->tx_ttak, tkey->tx_iv16);
334 tkey->tx_phase1_done = 1;
337 len = skb->len - hdr_len;
338 pos = skb_push(skb, 8);
339 memmove(pos, pos + 8, hdr_len);
342 if (tcb_desc->bHwSec)
344 *pos++ = Hi8(tkey->tx_iv16);
345 *pos++ = (Hi8(tkey->tx_iv16) | 0x20) & 0x7F;
346 *pos++ = Lo8(tkey->tx_iv16);
355 *pos++ = (tkey->key_idx << 6) | (1 << 5) /* Ext IV included */;
356 *pos++ = tkey->tx_iv32 & 0xff;
357 *pos++ = (tkey->tx_iv32 >> 8) & 0xff;
358 *pos++ = (tkey->tx_iv32 >> 16) & 0xff;
359 *pos++ = (tkey->tx_iv32 >> 24) & 0xff;
361 if (!tcb_desc->bHwSec)
363 icv = skb_put(skb, 4);
364 crc = ~crc32_le(~0, pos, len);
369 crypto_blkcipher_setkey(tkey->tx_tfm_arc4, rc4key, 16);
370 sg_init_one(&sg, pos, len+4);
371 ret= crypto_blkcipher_encrypt(&desc, &sg, &sg, len + 4);
375 if (tkey->tx_iv16 == 0) {
376 tkey->tx_phase1_done = 0;
380 if (!tcb_desc->bHwSec)
388 static int ieee80211_tkip_decrypt(struct sk_buff *skb, int hdr_len, void *priv)
390 struct ieee80211_tkip_data *tkey = priv;
394 struct ieee80211_hdr_4addr *hdr;
395 cb_desc *tcb_desc = (cb_desc *)(skb->cb + MAX_DEV_ADDR_SIZE);
396 struct blkcipher_desc desc = {.tfm = tkey->rx_tfm_arc4};
400 struct scatterlist sg;
402 if (skb->len < hdr_len + 8 + 4)
405 hdr = (struct ieee80211_hdr_4addr *) skb->data;
406 pos = skb->data + hdr_len;
408 if (!(keyidx & (1 << 5))) {
409 if (net_ratelimit()) {
410 printk(KERN_DEBUG "TKIP: received packet without ExtIV"
411 " flag from %pM\n", hdr->addr2);
416 if (tkey->key_idx != keyidx) {
417 printk(KERN_DEBUG "TKIP: RX tkey->key_idx=%d frame "
418 "keyidx=%d priv=%p\n", tkey->key_idx, keyidx, priv);
421 if (!tkey->key_set) {
422 if (net_ratelimit()) {
423 printk(KERN_DEBUG "TKIP: received packet from %pM"
424 " with keyid=%d that does not have a configured"
425 " key\n", hdr->addr2, keyidx);
429 iv16 = (pos[0] << 8) | pos[2];
430 iv32 = pos[4] | (pos[5] << 8) | (pos[6] << 16) | (pos[7] << 24);
433 if (!tcb_desc->bHwSec)
435 if (iv32 < tkey->rx_iv32 ||
436 (iv32 == tkey->rx_iv32 && iv16 <= tkey->rx_iv16)) {
437 if (net_ratelimit()) {
438 printk(KERN_DEBUG "TKIP: replay detected: STA=%pM"
439 " previous TSC %08x%04x received TSC "
440 "%08x%04x\n", hdr->addr2,
441 tkey->rx_iv32, tkey->rx_iv16, iv32, iv16);
443 tkey->dot11RSNAStatsTKIPReplays++;
447 if (iv32 != tkey->rx_iv32 || !tkey->rx_phase1_done) {
448 tkip_mixing_phase1(tkey->rx_ttak, tkey->key, hdr->addr2, iv32);
449 tkey->rx_phase1_done = 1;
451 tkip_mixing_phase2(rc4key, tkey->key, tkey->rx_ttak, iv16);
453 plen = skb->len - hdr_len - 12;
455 crypto_blkcipher_setkey(tkey->rx_tfm_arc4, rc4key, 16);
456 sg_init_one(&sg, pos, plen+4);
458 if (crypto_blkcipher_decrypt(&desc, &sg, &sg, plen + 4)) {
459 if (net_ratelimit()) {
460 printk(KERN_DEBUG ": TKIP: failed to decrypt "
461 "received packet from %pM\n",
467 crc = ~crc32_le(~0, pos, plen);
473 if (memcmp(icv, pos + plen, 4) != 0) {
474 if (iv32 != tkey->rx_iv32) {
475 /* Previously cached Phase1 result was already lost, so
476 * it needs to be recalculated for the next packet. */
477 tkey->rx_phase1_done = 0;
479 if (net_ratelimit()) {
480 printk(KERN_DEBUG "TKIP: ICV error detected: STA="
481 "%pM\n", hdr->addr2);
483 tkey->dot11RSNAStatsTKIPICVErrors++;
489 /* Update real counters only after Michael MIC verification has
491 tkey->rx_iv32_new = iv32;
492 tkey->rx_iv16_new = iv16;
494 /* Remove IV and ICV */
495 memmove(skb->data + 8, skb->data, hdr_len);
497 skb_trim(skb, skb->len - 4);
502 static int michael_mic(struct crypto_hash *tfm_michael, u8 * key, u8 * hdr,
503 u8 * data, size_t data_len, u8 * mic)
505 struct hash_desc desc;
506 struct scatterlist sg[2];
508 if (tfm_michael == NULL) {
509 printk(KERN_WARNING "michael_mic: tfm_michael == NULL\n");
513 sg_init_table(sg, 2);
514 sg_set_buf(&sg[0], hdr, 16);
515 sg_set_buf(&sg[1], data, data_len);
517 if (crypto_hash_setkey(tfm_michael, key, 8))
520 desc.tfm = tfm_michael;
522 return crypto_hash_digest(&desc, sg, data_len + 16, mic);
525 static void michael_mic_hdr(struct sk_buff *skb, u8 *hdr)
527 struct ieee80211_hdr_4addr *hdr11;
529 hdr11 = (struct ieee80211_hdr_4addr *) skb->data;
530 switch (le16_to_cpu(hdr11->frame_ctl) &
531 (IEEE80211_FCTL_FROMDS | IEEE80211_FCTL_TODS)) {
532 case IEEE80211_FCTL_TODS:
533 memcpy(hdr, hdr11->addr3, ETH_ALEN); /* DA */
534 memcpy(hdr + ETH_ALEN, hdr11->addr2, ETH_ALEN); /* SA */
536 case IEEE80211_FCTL_FROMDS:
537 memcpy(hdr, hdr11->addr1, ETH_ALEN); /* DA */
538 memcpy(hdr + ETH_ALEN, hdr11->addr3, ETH_ALEN); /* SA */
540 case IEEE80211_FCTL_FROMDS | IEEE80211_FCTL_TODS:
541 memcpy(hdr, hdr11->addr3, ETH_ALEN); /* DA */
542 memcpy(hdr + ETH_ALEN, hdr11->addr4, ETH_ALEN); /* SA */
545 memcpy(hdr, hdr11->addr1, ETH_ALEN); /* DA */
546 memcpy(hdr + ETH_ALEN, hdr11->addr2, ETH_ALEN); /* SA */
550 hdr[12] = 0; /* priority */
552 hdr[13] = hdr[14] = hdr[15] = 0; /* reserved */
556 static int ieee80211_michael_mic_add(struct sk_buff *skb, int hdr_len, void *priv)
558 struct ieee80211_tkip_data *tkey = priv;
560 struct ieee80211_hdr_4addr *hdr;
562 hdr = (struct ieee80211_hdr_4addr *) skb->data;
564 if (skb_tailroom(skb) < 8 || skb->len < hdr_len) {
565 printk(KERN_DEBUG "Invalid packet for Michael MIC add "
566 "(tailroom=%d hdr_len=%d skb->len=%d)\n",
567 skb_tailroom(skb), hdr_len, skb->len);
571 michael_mic_hdr(skb, tkey->tx_hdr);
574 // fix the wpa process with wmm enabled.
575 if(IEEE80211_QOS_HAS_SEQ(le16_to_cpu(hdr->frame_ctl))) {
576 tkey->tx_hdr[12] = *(skb->data + hdr_len - 2) & 0x07;
579 pos = skb_put(skb, 8);
581 if (michael_mic(tkey->tx_tfm_michael, &tkey->key[16], tkey->tx_hdr,
582 skb->data + hdr_len, skb->len - 8 - hdr_len, pos))
588 static void ieee80211_michael_mic_failure(struct net_device *dev,
589 struct ieee80211_hdr_4addr *hdr,
592 union iwreq_data wrqu;
593 struct iw_michaelmicfailure ev;
595 /* TODO: needed parameters: count, keyid, key type, TSC */
596 memset(&ev, 0, sizeof(ev));
597 ev.flags = keyidx & IW_MICFAILURE_KEY_ID;
598 if (hdr->addr1[0] & 0x01)
599 ev.flags |= IW_MICFAILURE_GROUP;
601 ev.flags |= IW_MICFAILURE_PAIRWISE;
602 ev.src_addr.sa_family = ARPHRD_ETHER;
603 memcpy(ev.src_addr.sa_data, hdr->addr2, ETH_ALEN);
604 memset(&wrqu, 0, sizeof(wrqu));
605 wrqu.data.length = sizeof(ev);
606 wireless_send_event(dev, IWEVMICHAELMICFAILURE, &wrqu, (char *) &ev);
609 static int ieee80211_michael_mic_verify(struct sk_buff *skb, int keyidx,
610 int hdr_len, void *priv)
612 struct ieee80211_tkip_data *tkey = priv;
614 struct ieee80211_hdr_4addr *hdr;
616 hdr = (struct ieee80211_hdr_4addr *) skb->data;
621 michael_mic_hdr(skb, tkey->rx_hdr);
623 // fix the wpa process with wmm enabled.
624 if(IEEE80211_QOS_HAS_SEQ(le16_to_cpu(hdr->frame_ctl))) {
625 tkey->rx_hdr[12] = *(skb->data + hdr_len - 2) & 0x07;
629 if (michael_mic(tkey->rx_tfm_michael, &tkey->key[24], tkey->rx_hdr,
630 skb->data + hdr_len, skb->len - 8 - hdr_len, mic))
632 if (memcmp(mic, skb->data + skb->len - 8, 8) != 0) {
633 struct ieee80211_hdr_4addr *hdr;
634 hdr = (struct ieee80211_hdr_4addr *) skb->data;
635 printk(KERN_DEBUG "%s: Michael MIC verification failed for "
636 "MSDU from %pM keyidx=%d\n",
637 skb->dev ? skb->dev->name : "N/A", hdr->addr2,
640 ieee80211_michael_mic_failure(skb->dev, hdr, keyidx);
641 tkey->dot11RSNAStatsTKIPLocalMICFailures++;
645 /* Update TSC counters for RX now that the packet verification has
647 tkey->rx_iv32 = tkey->rx_iv32_new;
648 tkey->rx_iv16 = tkey->rx_iv16_new;
650 skb_trim(skb, skb->len - 8);
656 static int ieee80211_tkip_set_key(void *key, int len, u8 *seq, void *priv)
658 struct ieee80211_tkip_data *tkey = priv;
660 struct crypto_hash *tfm = tkey->tx_tfm_michael;
661 struct crypto_blkcipher *tfm2 = tkey->tx_tfm_arc4;
662 struct crypto_hash *tfm3 = tkey->rx_tfm_michael;
663 struct crypto_blkcipher *tfm4 = tkey->rx_tfm_arc4;
665 keyidx = tkey->key_idx;
666 memset(tkey, 0, sizeof(*tkey));
667 tkey->key_idx = keyidx;
668 tkey->tx_tfm_michael = tfm;
669 tkey->tx_tfm_arc4 = tfm2;
670 tkey->rx_tfm_michael = tfm3;
671 tkey->rx_tfm_arc4 = tfm4;
673 if (len == TKIP_KEY_LEN) {
674 memcpy(tkey->key, key, TKIP_KEY_LEN);
676 tkey->tx_iv16 = 1; /* TSC is initialized to 1 */
678 tkey->rx_iv32 = (seq[5] << 24) | (seq[4] << 16) |
679 (seq[3] << 8) | seq[2];
680 tkey->rx_iv16 = (seq[1] << 8) | seq[0];
691 static int ieee80211_tkip_get_key(void *key, int len, u8 *seq, void *priv)
693 struct ieee80211_tkip_data *tkey = priv;
695 if (len < TKIP_KEY_LEN)
700 memcpy(key, tkey->key, TKIP_KEY_LEN);
703 /* Return the sequence number of the last transmitted frame. */
704 u16 iv16 = tkey->tx_iv16;
705 u32 iv32 = tkey->tx_iv32;
709 seq[0] = tkey->tx_iv16;
710 seq[1] = tkey->tx_iv16 >> 8;
711 seq[2] = tkey->tx_iv32;
712 seq[3] = tkey->tx_iv32 >> 8;
713 seq[4] = tkey->tx_iv32 >> 16;
714 seq[5] = tkey->tx_iv32 >> 24;
721 static char * ieee80211_tkip_print_stats(char *p, void *priv)
723 struct ieee80211_tkip_data *tkip = priv;
724 p += sprintf(p, "key[%d] alg=TKIP key_set=%d "
725 "tx_pn=%02x%02x%02x%02x%02x%02x "
726 "rx_pn=%02x%02x%02x%02x%02x%02x "
727 "replays=%d icv_errors=%d local_mic_failures=%d\n",
728 tkip->key_idx, tkip->key_set,
729 (tkip->tx_iv32 >> 24) & 0xff,
730 (tkip->tx_iv32 >> 16) & 0xff,
731 (tkip->tx_iv32 >> 8) & 0xff,
732 tkip->tx_iv32 & 0xff,
733 (tkip->tx_iv16 >> 8) & 0xff,
734 tkip->tx_iv16 & 0xff,
735 (tkip->rx_iv32 >> 24) & 0xff,
736 (tkip->rx_iv32 >> 16) & 0xff,
737 (tkip->rx_iv32 >> 8) & 0xff,
738 tkip->rx_iv32 & 0xff,
739 (tkip->rx_iv16 >> 8) & 0xff,
740 tkip->rx_iv16 & 0xff,
741 tkip->dot11RSNAStatsTKIPReplays,
742 tkip->dot11RSNAStatsTKIPICVErrors,
743 tkip->dot11RSNAStatsTKIPLocalMICFailures);
748 static struct ieee80211_crypto_ops ieee80211_crypt_tkip = {
750 .init = ieee80211_tkip_init,
751 .deinit = ieee80211_tkip_deinit,
752 .encrypt_mpdu = ieee80211_tkip_encrypt,
753 .decrypt_mpdu = ieee80211_tkip_decrypt,
754 .encrypt_msdu = ieee80211_michael_mic_add,
755 .decrypt_msdu = ieee80211_michael_mic_verify,
756 .set_key = ieee80211_tkip_set_key,
757 .get_key = ieee80211_tkip_get_key,
758 .print_stats = ieee80211_tkip_print_stats,
759 .extra_prefix_len = 4 + 4, /* IV + ExtIV */
760 .extra_postfix_len = 8 + 4, /* MIC + ICV */
761 .owner = THIS_MODULE,
764 int __init ieee80211_crypto_tkip_init(void)
766 return ieee80211_register_crypto_ops(&ieee80211_crypt_tkip);
769 void __exit ieee80211_crypto_tkip_exit(void)
771 ieee80211_unregister_crypto_ops(&ieee80211_crypt_tkip);
774 void ieee80211_tkip_null(void)
776 // printk("============>%s()\n", __FUNCTION__);