2 * lib80211 crypt: host-based TKIP encryption implementation for lib80211
4 * Copyright (c) 2003-2004, Jouni Malinen <j@w1.fi>
5 * Copyright (c) 2008, John W. Linville <linville@tuxdriver.com>
7 * This program is free software; you can redistribute it and/or modify
8 * it under the terms of the GNU General Public License version 2 as
9 * published by the Free Software Foundation. See README and COPYING for
13 #define pr_fmt(fmt) KBUILD_MODNAME ": " fmt
15 #include <linux/err.h>
16 #include <linux/module.h>
17 #include <linux/init.h>
18 #include <linux/slab.h>
19 #include <linux/random.h>
20 #include <linux/scatterlist.h>
21 #include <linux/skbuff.h>
22 #include <linux/netdevice.h>
24 #include <linux/if_ether.h>
25 #include <linux/if_arp.h>
26 #include <asm/string.h>
28 #include <linux/wireless.h>
29 #include <linux/ieee80211.h>
30 #include <net/iw_handler.h>
32 #include <linux/crypto.h>
33 #include <linux/crc32.h>
35 #include <net/lib80211.h>
37 MODULE_AUTHOR("Jouni Malinen");
38 MODULE_DESCRIPTION("lib80211 crypt: TKIP");
39 MODULE_LICENSE("GPL");
41 #define TKIP_HDR_LEN 8
43 struct lib80211_tkip_data {
44 #define TKIP_KEY_LEN 32
60 u32 dot11RSNAStatsTKIPReplays;
61 u32 dot11RSNAStatsTKIPICVErrors;
62 u32 dot11RSNAStatsTKIPLocalMICFailures;
66 struct crypto_blkcipher *rx_tfm_arc4;
67 struct crypto_hash *rx_tfm_michael;
68 struct crypto_blkcipher *tx_tfm_arc4;
69 struct crypto_hash *tx_tfm_michael;
71 /* scratch buffers for virt_to_page() (crypto API) */
72 u8 rx_hdr[16], tx_hdr[16];
77 static unsigned long lib80211_tkip_set_flags(unsigned long flags, void *priv)
79 struct lib80211_tkip_data *_priv = priv;
80 unsigned long old_flags = _priv->flags;
85 static unsigned long lib80211_tkip_get_flags(void *priv)
87 struct lib80211_tkip_data *_priv = priv;
91 static void *lib80211_tkip_init(int key_idx)
93 struct lib80211_tkip_data *priv;
95 priv = kzalloc(sizeof(*priv), GFP_ATOMIC);
99 priv->key_idx = key_idx;
101 priv->tx_tfm_arc4 = crypto_alloc_blkcipher("ecb(arc4)", 0,
103 if (IS_ERR(priv->tx_tfm_arc4)) {
104 priv->tx_tfm_arc4 = NULL;
108 priv->tx_tfm_michael = crypto_alloc_hash("michael_mic", 0,
110 if (IS_ERR(priv->tx_tfm_michael)) {
111 priv->tx_tfm_michael = NULL;
115 priv->rx_tfm_arc4 = crypto_alloc_blkcipher("ecb(arc4)", 0,
117 if (IS_ERR(priv->rx_tfm_arc4)) {
118 priv->rx_tfm_arc4 = NULL;
122 priv->rx_tfm_michael = crypto_alloc_hash("michael_mic", 0,
124 if (IS_ERR(priv->rx_tfm_michael)) {
125 priv->rx_tfm_michael = NULL;
133 if (priv->tx_tfm_michael)
134 crypto_free_hash(priv->tx_tfm_michael);
135 if (priv->tx_tfm_arc4)
136 crypto_free_blkcipher(priv->tx_tfm_arc4);
137 if (priv->rx_tfm_michael)
138 crypto_free_hash(priv->rx_tfm_michael);
139 if (priv->rx_tfm_arc4)
140 crypto_free_blkcipher(priv->rx_tfm_arc4);
147 static void lib80211_tkip_deinit(void *priv)
149 struct lib80211_tkip_data *_priv = priv;
151 if (_priv->tx_tfm_michael)
152 crypto_free_hash(_priv->tx_tfm_michael);
153 if (_priv->tx_tfm_arc4)
154 crypto_free_blkcipher(_priv->tx_tfm_arc4);
155 if (_priv->rx_tfm_michael)
156 crypto_free_hash(_priv->rx_tfm_michael);
157 if (_priv->rx_tfm_arc4)
158 crypto_free_blkcipher(_priv->rx_tfm_arc4);
163 static inline u16 RotR1(u16 val)
165 return (val >> 1) | (val << 15);
168 static inline u8 Lo8(u16 val)
173 static inline u8 Hi8(u16 val)
178 static inline u16 Lo16(u32 val)
183 static inline u16 Hi16(u32 val)
188 static inline u16 Mk16(u8 hi, u8 lo)
190 return lo | (((u16) hi) << 8);
193 static inline u16 Mk16_le(__le16 * v)
195 return le16_to_cpu(*v);
198 static const u16 Sbox[256] = {
199 0xC6A5, 0xF884, 0xEE99, 0xF68D, 0xFF0D, 0xD6BD, 0xDEB1, 0x9154,
200 0x6050, 0x0203, 0xCEA9, 0x567D, 0xE719, 0xB562, 0x4DE6, 0xEC9A,
201 0x8F45, 0x1F9D, 0x8940, 0xFA87, 0xEF15, 0xB2EB, 0x8EC9, 0xFB0B,
202 0x41EC, 0xB367, 0x5FFD, 0x45EA, 0x23BF, 0x53F7, 0xE496, 0x9B5B,
203 0x75C2, 0xE11C, 0x3DAE, 0x4C6A, 0x6C5A, 0x7E41, 0xF502, 0x834F,
204 0x685C, 0x51F4, 0xD134, 0xF908, 0xE293, 0xAB73, 0x6253, 0x2A3F,
205 0x080C, 0x9552, 0x4665, 0x9D5E, 0x3028, 0x37A1, 0x0A0F, 0x2FB5,
206 0x0E09, 0x2436, 0x1B9B, 0xDF3D, 0xCD26, 0x4E69, 0x7FCD, 0xEA9F,
207 0x121B, 0x1D9E, 0x5874, 0x342E, 0x362D, 0xDCB2, 0xB4EE, 0x5BFB,
208 0xA4F6, 0x764D, 0xB761, 0x7DCE, 0x527B, 0xDD3E, 0x5E71, 0x1397,
209 0xA6F5, 0xB968, 0x0000, 0xC12C, 0x4060, 0xE31F, 0x79C8, 0xB6ED,
210 0xD4BE, 0x8D46, 0x67D9, 0x724B, 0x94DE, 0x98D4, 0xB0E8, 0x854A,
211 0xBB6B, 0xC52A, 0x4FE5, 0xED16, 0x86C5, 0x9AD7, 0x6655, 0x1194,
212 0x8ACF, 0xE910, 0x0406, 0xFE81, 0xA0F0, 0x7844, 0x25BA, 0x4BE3,
213 0xA2F3, 0x5DFE, 0x80C0, 0x058A, 0x3FAD, 0x21BC, 0x7048, 0xF104,
214 0x63DF, 0x77C1, 0xAF75, 0x4263, 0x2030, 0xE51A, 0xFD0E, 0xBF6D,
215 0x814C, 0x1814, 0x2635, 0xC32F, 0xBEE1, 0x35A2, 0x88CC, 0x2E39,
216 0x9357, 0x55F2, 0xFC82, 0x7A47, 0xC8AC, 0xBAE7, 0x322B, 0xE695,
217 0xC0A0, 0x1998, 0x9ED1, 0xA37F, 0x4466, 0x547E, 0x3BAB, 0x0B83,
218 0x8CCA, 0xC729, 0x6BD3, 0x283C, 0xA779, 0xBCE2, 0x161D, 0xAD76,
219 0xDB3B, 0x6456, 0x744E, 0x141E, 0x92DB, 0x0C0A, 0x486C, 0xB8E4,
220 0x9F5D, 0xBD6E, 0x43EF, 0xC4A6, 0x39A8, 0x31A4, 0xD337, 0xF28B,
221 0xD532, 0x8B43, 0x6E59, 0xDAB7, 0x018C, 0xB164, 0x9CD2, 0x49E0,
222 0xD8B4, 0xACFA, 0xF307, 0xCF25, 0xCAAF, 0xF48E, 0x47E9, 0x1018,
223 0x6FD5, 0xF088, 0x4A6F, 0x5C72, 0x3824, 0x57F1, 0x73C7, 0x9751,
224 0xCB23, 0xA17C, 0xE89C, 0x3E21, 0x96DD, 0x61DC, 0x0D86, 0x0F85,
225 0xE090, 0x7C42, 0x71C4, 0xCCAA, 0x90D8, 0x0605, 0xF701, 0x1C12,
226 0xC2A3, 0x6A5F, 0xAEF9, 0x69D0, 0x1791, 0x9958, 0x3A27, 0x27B9,
227 0xD938, 0xEB13, 0x2BB3, 0x2233, 0xD2BB, 0xA970, 0x0789, 0x33A7,
228 0x2DB6, 0x3C22, 0x1592, 0xC920, 0x8749, 0xAAFF, 0x5078, 0xA57A,
229 0x038F, 0x59F8, 0x0980, 0x1A17, 0x65DA, 0xD731, 0x84C6, 0xD0B8,
230 0x82C3, 0x29B0, 0x5A77, 0x1E11, 0x7BCB, 0xA8FC, 0x6DD6, 0x2C3A,
233 static inline u16 _S_(u16 v)
235 u16 t = Sbox[Hi8(v)];
236 return Sbox[Lo8(v)] ^ ((t << 8) | (t >> 8));
239 #define PHASE1_LOOP_COUNT 8
241 static void tkip_mixing_phase1(u16 * TTAK, const u8 * TK, const u8 * TA,
246 /* Initialize the 80-bit TTAK from TSC (IV32) and TA[0..5] */
247 TTAK[0] = Lo16(IV32);
248 TTAK[1] = Hi16(IV32);
249 TTAK[2] = Mk16(TA[1], TA[0]);
250 TTAK[3] = Mk16(TA[3], TA[2]);
251 TTAK[4] = Mk16(TA[5], TA[4]);
253 for (i = 0; i < PHASE1_LOOP_COUNT; i++) {
255 TTAK[0] += _S_(TTAK[4] ^ Mk16(TK[1 + j], TK[0 + j]));
256 TTAK[1] += _S_(TTAK[0] ^ Mk16(TK[5 + j], TK[4 + j]));
257 TTAK[2] += _S_(TTAK[1] ^ Mk16(TK[9 + j], TK[8 + j]));
258 TTAK[3] += _S_(TTAK[2] ^ Mk16(TK[13 + j], TK[12 + j]));
259 TTAK[4] += _S_(TTAK[3] ^ Mk16(TK[1 + j], TK[0 + j])) + i;
263 static void tkip_mixing_phase2(u8 * WEPSeed, const u8 * TK, const u16 * TTAK,
266 /* Make temporary area overlap WEP seed so that the final copy can be
267 * avoided on little endian hosts. */
268 u16 *PPK = (u16 *) & WEPSeed[4];
270 /* Step 1 - make copy of TTAK and bring in TSC */
276 PPK[5] = TTAK[4] + IV16;
278 /* Step 2 - 96-bit bijective mixing using S-box */
279 PPK[0] += _S_(PPK[5] ^ Mk16_le((__le16 *) & TK[0]));
280 PPK[1] += _S_(PPK[0] ^ Mk16_le((__le16 *) & TK[2]));
281 PPK[2] += _S_(PPK[1] ^ Mk16_le((__le16 *) & TK[4]));
282 PPK[3] += _S_(PPK[2] ^ Mk16_le((__le16 *) & TK[6]));
283 PPK[4] += _S_(PPK[3] ^ Mk16_le((__le16 *) & TK[8]));
284 PPK[5] += _S_(PPK[4] ^ Mk16_le((__le16 *) & TK[10]));
286 PPK[0] += RotR1(PPK[5] ^ Mk16_le((__le16 *) & TK[12]));
287 PPK[1] += RotR1(PPK[0] ^ Mk16_le((__le16 *) & TK[14]));
288 PPK[2] += RotR1(PPK[1]);
289 PPK[3] += RotR1(PPK[2]);
290 PPK[4] += RotR1(PPK[3]);
291 PPK[5] += RotR1(PPK[4]);
293 /* Step 3 - bring in last of TK bits, assign 24-bit WEP IV value
294 * WEPSeed[0..2] is transmitted as WEP IV */
295 WEPSeed[0] = Hi8(IV16);
296 WEPSeed[1] = (Hi8(IV16) | 0x20) & 0x7F;
297 WEPSeed[2] = Lo8(IV16);
298 WEPSeed[3] = Lo8((PPK[5] ^ Mk16_le((__le16 *) & TK[0])) >> 1);
303 for (i = 0; i < 6; i++)
304 PPK[i] = (PPK[i] << 8) | (PPK[i] >> 8);
309 static int lib80211_tkip_hdr(struct sk_buff *skb, int hdr_len,
310 u8 * rc4key, int keylen, void *priv)
312 struct lib80211_tkip_data *tkey = priv;
314 struct ieee80211_hdr *hdr;
316 hdr = (struct ieee80211_hdr *)skb->data;
318 if (skb_headroom(skb) < TKIP_HDR_LEN || skb->len < hdr_len)
321 if (rc4key == NULL || keylen < 16)
324 if (!tkey->tx_phase1_done) {
325 tkip_mixing_phase1(tkey->tx_ttak, tkey->key, hdr->addr2,
327 tkey->tx_phase1_done = 1;
329 tkip_mixing_phase2(rc4key, tkey->key, tkey->tx_ttak, tkey->tx_iv16);
331 pos = skb_push(skb, TKIP_HDR_LEN);
332 memmove(pos, pos + TKIP_HDR_LEN, hdr_len);
336 *pos++ = *(rc4key + 1);
337 *pos++ = *(rc4key + 2);
338 *pos++ = (tkey->key_idx << 6) | (1 << 5) /* Ext IV included */ ;
339 *pos++ = tkey->tx_iv32 & 0xff;
340 *pos++ = (tkey->tx_iv32 >> 8) & 0xff;
341 *pos++ = (tkey->tx_iv32 >> 16) & 0xff;
342 *pos++ = (tkey->tx_iv32 >> 24) & 0xff;
345 if (tkey->tx_iv16 == 0) {
346 tkey->tx_phase1_done = 0;
353 static int lib80211_tkip_encrypt(struct sk_buff *skb, int hdr_len, void *priv)
355 struct lib80211_tkip_data *tkey = priv;
356 struct blkcipher_desc desc = { .tfm = tkey->tx_tfm_arc4 };
358 u8 rc4key[16], *pos, *icv;
360 struct scatterlist sg;
362 if (tkey->flags & IEEE80211_CRYPTO_TKIP_COUNTERMEASURES) {
363 if (net_ratelimit()) {
364 struct ieee80211_hdr *hdr =
365 (struct ieee80211_hdr *)skb->data;
366 printk(KERN_DEBUG ": TKIP countermeasures: dropped "
367 "TX packet to %pM\n", hdr->addr1);
372 if (skb_tailroom(skb) < 4 || skb->len < hdr_len)
375 len = skb->len - hdr_len;
376 pos = skb->data + hdr_len;
378 if ((lib80211_tkip_hdr(skb, hdr_len, rc4key, 16, priv)) < 0)
381 crc = ~crc32_le(~0, pos, len);
382 icv = skb_put(skb, 4);
388 crypto_blkcipher_setkey(tkey->tx_tfm_arc4, rc4key, 16);
389 sg_init_one(&sg, pos, len + 4);
390 return crypto_blkcipher_encrypt(&desc, &sg, &sg, len + 4);
394 * deal with seq counter wrapping correctly.
395 * refer to timer_after() for jiffies wrapping handling
397 static inline int tkip_replay_check(u32 iv32_n, u16 iv16_n,
398 u32 iv32_o, u16 iv16_o)
400 if ((s32)iv32_n - (s32)iv32_o < 0 ||
401 (iv32_n == iv32_o && iv16_n <= iv16_o))
406 static int lib80211_tkip_decrypt(struct sk_buff *skb, int hdr_len, void *priv)
408 struct lib80211_tkip_data *tkey = priv;
409 struct blkcipher_desc desc = { .tfm = tkey->rx_tfm_arc4 };
414 struct ieee80211_hdr *hdr;
417 struct scatterlist sg;
420 hdr = (struct ieee80211_hdr *)skb->data;
422 if (tkey->flags & IEEE80211_CRYPTO_TKIP_COUNTERMEASURES) {
423 if (net_ratelimit()) {
424 printk(KERN_DEBUG ": TKIP countermeasures: dropped "
425 "received packet from %pM\n", hdr->addr2);
430 if (skb->len < hdr_len + TKIP_HDR_LEN + 4)
433 pos = skb->data + hdr_len;
435 if (!(keyidx & (1 << 5))) {
436 if (net_ratelimit()) {
437 printk(KERN_DEBUG "TKIP: received packet without ExtIV"
438 " flag from %pM\n", hdr->addr2);
443 if (tkey->key_idx != keyidx) {
444 printk(KERN_DEBUG "TKIP: RX tkey->key_idx=%d frame "
445 "keyidx=%d priv=%p\n", tkey->key_idx, keyidx, priv);
448 if (!tkey->key_set) {
449 if (net_ratelimit()) {
450 printk(KERN_DEBUG "TKIP: received packet from %pM"
451 " with keyid=%d that does not have a configured"
452 " key\n", hdr->addr2, keyidx);
456 iv16 = (pos[0] << 8) | pos[2];
457 iv32 = pos[4] | (pos[5] << 8) | (pos[6] << 16) | (pos[7] << 24);
460 if (tkip_replay_check(iv32, iv16, tkey->rx_iv32, tkey->rx_iv16)) {
461 #ifdef CONFIG_LIB80211_DEBUG
462 if (net_ratelimit()) {
463 printk(KERN_DEBUG "TKIP: replay detected: STA=%pM"
464 " previous TSC %08x%04x received TSC "
465 "%08x%04x\n", hdr->addr2,
466 tkey->rx_iv32, tkey->rx_iv16, iv32, iv16);
469 tkey->dot11RSNAStatsTKIPReplays++;
473 if (iv32 != tkey->rx_iv32 || !tkey->rx_phase1_done) {
474 tkip_mixing_phase1(tkey->rx_ttak, tkey->key, hdr->addr2, iv32);
475 tkey->rx_phase1_done = 1;
477 tkip_mixing_phase2(rc4key, tkey->key, tkey->rx_ttak, iv16);
479 plen = skb->len - hdr_len - 12;
481 crypto_blkcipher_setkey(tkey->rx_tfm_arc4, rc4key, 16);
482 sg_init_one(&sg, pos, plen + 4);
483 if (crypto_blkcipher_decrypt(&desc, &sg, &sg, plen + 4)) {
484 if (net_ratelimit()) {
485 printk(KERN_DEBUG ": TKIP: failed to decrypt "
486 "received packet from %pM\n",
492 crc = ~crc32_le(~0, pos, plen);
497 if (memcmp(icv, pos + plen, 4) != 0) {
498 if (iv32 != tkey->rx_iv32) {
499 /* Previously cached Phase1 result was already lost, so
500 * it needs to be recalculated for the next packet. */
501 tkey->rx_phase1_done = 0;
503 #ifdef CONFIG_LIB80211_DEBUG
504 if (net_ratelimit()) {
505 printk(KERN_DEBUG "TKIP: ICV error detected: STA="
506 "%pM\n", hdr->addr2);
509 tkey->dot11RSNAStatsTKIPICVErrors++;
513 /* Update real counters only after Michael MIC verification has
515 tkey->rx_iv32_new = iv32;
516 tkey->rx_iv16_new = iv16;
518 /* Remove IV and ICV */
519 memmove(skb->data + TKIP_HDR_LEN, skb->data, hdr_len);
520 skb_pull(skb, TKIP_HDR_LEN);
521 skb_trim(skb, skb->len - 4);
526 static int michael_mic(struct crypto_hash *tfm_michael, u8 * key, u8 * hdr,
527 u8 * data, size_t data_len, u8 * mic)
529 struct hash_desc desc;
530 struct scatterlist sg[2];
532 if (tfm_michael == NULL) {
533 pr_warn("%s(): tfm_michael == NULL\n", __func__);
536 sg_init_table(sg, 2);
537 sg_set_buf(&sg[0], hdr, 16);
538 sg_set_buf(&sg[1], data, data_len);
540 if (crypto_hash_setkey(tfm_michael, key, 8))
543 desc.tfm = tfm_michael;
545 return crypto_hash_digest(&desc, sg, data_len + 16, mic);
548 static void michael_mic_hdr(struct sk_buff *skb, u8 * hdr)
550 struct ieee80211_hdr *hdr11;
552 hdr11 = (struct ieee80211_hdr *)skb->data;
554 switch (le16_to_cpu(hdr11->frame_control) &
555 (IEEE80211_FCTL_FROMDS | IEEE80211_FCTL_TODS)) {
556 case IEEE80211_FCTL_TODS:
557 memcpy(hdr, hdr11->addr3, ETH_ALEN); /* DA */
558 memcpy(hdr + ETH_ALEN, hdr11->addr2, ETH_ALEN); /* SA */
560 case IEEE80211_FCTL_FROMDS:
561 memcpy(hdr, hdr11->addr1, ETH_ALEN); /* DA */
562 memcpy(hdr + ETH_ALEN, hdr11->addr3, ETH_ALEN); /* SA */
564 case IEEE80211_FCTL_FROMDS | IEEE80211_FCTL_TODS:
565 memcpy(hdr, hdr11->addr3, ETH_ALEN); /* DA */
566 memcpy(hdr + ETH_ALEN, hdr11->addr4, ETH_ALEN); /* SA */
569 memcpy(hdr, hdr11->addr1, ETH_ALEN); /* DA */
570 memcpy(hdr + ETH_ALEN, hdr11->addr2, ETH_ALEN); /* SA */
574 if (ieee80211_is_data_qos(hdr11->frame_control)) {
575 hdr[12] = le16_to_cpu(*((__le16 *)ieee80211_get_qos_ctl(hdr11)))
576 & IEEE80211_QOS_CTL_TID_MASK;
578 hdr[12] = 0; /* priority */
580 hdr[13] = hdr[14] = hdr[15] = 0; /* reserved */
583 static int lib80211_michael_mic_add(struct sk_buff *skb, int hdr_len,
586 struct lib80211_tkip_data *tkey = priv;
589 if (skb_tailroom(skb) < 8 || skb->len < hdr_len) {
590 printk(KERN_DEBUG "Invalid packet for Michael MIC add "
591 "(tailroom=%d hdr_len=%d skb->len=%d)\n",
592 skb_tailroom(skb), hdr_len, skb->len);
596 michael_mic_hdr(skb, tkey->tx_hdr);
597 pos = skb_put(skb, 8);
598 if (michael_mic(tkey->tx_tfm_michael, &tkey->key[16], tkey->tx_hdr,
599 skb->data + hdr_len, skb->len - 8 - hdr_len, pos))
605 static void lib80211_michael_mic_failure(struct net_device *dev,
606 struct ieee80211_hdr *hdr,
609 union iwreq_data wrqu;
610 struct iw_michaelmicfailure ev;
612 /* TODO: needed parameters: count, keyid, key type, TSC */
613 memset(&ev, 0, sizeof(ev));
614 ev.flags = keyidx & IW_MICFAILURE_KEY_ID;
615 if (hdr->addr1[0] & 0x01)
616 ev.flags |= IW_MICFAILURE_GROUP;
618 ev.flags |= IW_MICFAILURE_PAIRWISE;
619 ev.src_addr.sa_family = ARPHRD_ETHER;
620 memcpy(ev.src_addr.sa_data, hdr->addr2, ETH_ALEN);
621 memset(&wrqu, 0, sizeof(wrqu));
622 wrqu.data.length = sizeof(ev);
623 wireless_send_event(dev, IWEVMICHAELMICFAILURE, &wrqu, (char *)&ev);
626 static int lib80211_michael_mic_verify(struct sk_buff *skb, int keyidx,
627 int hdr_len, void *priv)
629 struct lib80211_tkip_data *tkey = priv;
635 michael_mic_hdr(skb, tkey->rx_hdr);
636 if (michael_mic(tkey->rx_tfm_michael, &tkey->key[24], tkey->rx_hdr,
637 skb->data + hdr_len, skb->len - 8 - hdr_len, mic))
639 if (memcmp(mic, skb->data + skb->len - 8, 8) != 0) {
640 struct ieee80211_hdr *hdr;
641 hdr = (struct ieee80211_hdr *)skb->data;
642 printk(KERN_DEBUG "%s: Michael MIC verification failed for "
643 "MSDU from %pM keyidx=%d\n",
644 skb->dev ? skb->dev->name : "N/A", hdr->addr2,
647 lib80211_michael_mic_failure(skb->dev, hdr, keyidx);
648 tkey->dot11RSNAStatsTKIPLocalMICFailures++;
652 /* Update TSC counters for RX now that the packet verification has
654 tkey->rx_iv32 = tkey->rx_iv32_new;
655 tkey->rx_iv16 = tkey->rx_iv16_new;
657 skb_trim(skb, skb->len - 8);
662 static int lib80211_tkip_set_key(void *key, int len, u8 * seq, void *priv)
664 struct lib80211_tkip_data *tkey = priv;
666 struct crypto_hash *tfm = tkey->tx_tfm_michael;
667 struct crypto_blkcipher *tfm2 = tkey->tx_tfm_arc4;
668 struct crypto_hash *tfm3 = tkey->rx_tfm_michael;
669 struct crypto_blkcipher *tfm4 = tkey->rx_tfm_arc4;
671 keyidx = tkey->key_idx;
672 memset(tkey, 0, sizeof(*tkey));
673 tkey->key_idx = keyidx;
674 tkey->tx_tfm_michael = tfm;
675 tkey->tx_tfm_arc4 = tfm2;
676 tkey->rx_tfm_michael = tfm3;
677 tkey->rx_tfm_arc4 = tfm4;
678 if (len == TKIP_KEY_LEN) {
679 memcpy(tkey->key, key, TKIP_KEY_LEN);
681 tkey->tx_iv16 = 1; /* TSC is initialized to 1 */
683 tkey->rx_iv32 = (seq[5] << 24) | (seq[4] << 16) |
684 (seq[3] << 8) | seq[2];
685 tkey->rx_iv16 = (seq[1] << 8) | seq[0];
695 static int lib80211_tkip_get_key(void *key, int len, u8 * seq, void *priv)
697 struct lib80211_tkip_data *tkey = priv;
699 if (len < TKIP_KEY_LEN)
704 memcpy(key, tkey->key, TKIP_KEY_LEN);
707 /* Return the sequence number of the last transmitted frame. */
708 u16 iv16 = tkey->tx_iv16;
709 u32 iv32 = tkey->tx_iv32;
713 seq[0] = tkey->tx_iv16;
714 seq[1] = tkey->tx_iv16 >> 8;
715 seq[2] = tkey->tx_iv32;
716 seq[3] = tkey->tx_iv32 >> 8;
717 seq[4] = tkey->tx_iv32 >> 16;
718 seq[5] = tkey->tx_iv32 >> 24;
724 static char *lib80211_tkip_print_stats(char *p, void *priv)
726 struct lib80211_tkip_data *tkip = priv;
727 p += sprintf(p, "key[%d] alg=TKIP key_set=%d "
728 "tx_pn=%02x%02x%02x%02x%02x%02x "
729 "rx_pn=%02x%02x%02x%02x%02x%02x "
730 "replays=%d icv_errors=%d local_mic_failures=%d\n",
731 tkip->key_idx, tkip->key_set,
732 (tkip->tx_iv32 >> 24) & 0xff,
733 (tkip->tx_iv32 >> 16) & 0xff,
734 (tkip->tx_iv32 >> 8) & 0xff,
735 tkip->tx_iv32 & 0xff,
736 (tkip->tx_iv16 >> 8) & 0xff,
737 tkip->tx_iv16 & 0xff,
738 (tkip->rx_iv32 >> 24) & 0xff,
739 (tkip->rx_iv32 >> 16) & 0xff,
740 (tkip->rx_iv32 >> 8) & 0xff,
741 tkip->rx_iv32 & 0xff,
742 (tkip->rx_iv16 >> 8) & 0xff,
743 tkip->rx_iv16 & 0xff,
744 tkip->dot11RSNAStatsTKIPReplays,
745 tkip->dot11RSNAStatsTKIPICVErrors,
746 tkip->dot11RSNAStatsTKIPLocalMICFailures);
750 static struct lib80211_crypto_ops lib80211_crypt_tkip = {
752 .init = lib80211_tkip_init,
753 .deinit = lib80211_tkip_deinit,
754 .encrypt_mpdu = lib80211_tkip_encrypt,
755 .decrypt_mpdu = lib80211_tkip_decrypt,
756 .encrypt_msdu = lib80211_michael_mic_add,
757 .decrypt_msdu = lib80211_michael_mic_verify,
758 .set_key = lib80211_tkip_set_key,
759 .get_key = lib80211_tkip_get_key,
760 .print_stats = lib80211_tkip_print_stats,
761 .extra_mpdu_prefix_len = 4 + 4, /* IV + ExtIV */
762 .extra_mpdu_postfix_len = 4, /* ICV */
763 .extra_msdu_postfix_len = 8, /* MIC */
764 .get_flags = lib80211_tkip_get_flags,
765 .set_flags = lib80211_tkip_set_flags,
766 .owner = THIS_MODULE,
769 static int __init lib80211_crypto_tkip_init(void)
771 return lib80211_register_crypto_ops(&lib80211_crypt_tkip);
774 static void __exit lib80211_crypto_tkip_exit(void)
776 lib80211_unregister_crypto_ops(&lib80211_crypt_tkip);
779 module_init(lib80211_crypto_tkip_init);
780 module_exit(lib80211_crypto_tkip_exit);
git.openpandora.org / pandora-kernel.git / blob