* it under the terms of the GNU General Public License version 2 as
* published by the Free Software Foundation.
*/
-
#include <linux/kernel.h>
+#include <linux/bitops.h>
#include <linux/types.h>
#include <linux/netdevice.h>
+#include <asm/unaligned.h>
#include <net/mac80211.h>
#include "key.h"
#include "tkip.h"
#include "wep.h"
-
-/* TKIP key mixing functions */
-
-
#define PHASE1_LOOP_COUNT 8
-
-/* 2-byte by 2-byte subset of the full AES S-box table; second part of this
- * table is identical to first part but byte-swapped */
+/*
+ * 2-byte by 2-byte subset of the full AES S-box table; second part of this
+ * table is identical to first part but byte-swapped
+ */
static const u16 tkip_sbox[256] =
{
0xC6A5, 0xF884, 0xEE99, 0xF68D, 0xFF0D, 0xD6BD, 0xDEB1, 0x9154,
0x82C3, 0x29B0, 0x5A77, 0x1E11, 0x7BCB, 0xA8FC, 0x6DD6, 0x2C3A,
};
-
-static inline u16 Mk16(u8 x, u8 y)
+static u16 tkipS(u16 val)
{
- return ((u16) x << 8) | (u16) y;
+ return tkip_sbox[val & 0xff] ^ swab16(tkip_sbox[val >> 8]);
}
-
-static inline u8 Hi8(u16 v)
-{
- return v >> 8;
-}
-
-
-static inline u8 Lo8(u16 v)
-{
- return v & 0xff;
-}
-
-
-static inline u16 Hi16(u32 v)
-{
- return v >> 16;
-}
-
-
-static inline u16 Lo16(u32 v)
-{
- return v & 0xffff;
-}
-
-
-static inline u16 RotR1(u16 v)
-{
- return (v >> 1) | ((v & 0x0001) << 15);
-}
-
-
-static inline u16 tkip_S(u16 val)
+static u8 *write_tkip_iv(u8 *pos, u16 iv16)
{
- u16 a = tkip_sbox[Hi8(val)];
-
- return tkip_sbox[Lo8(val)] ^ Hi8(a) ^ (Lo8(a) << 8);
+ *pos++ = iv16 >> 8;
+ *pos++ = ((iv16 >> 8) | 0x20) & 0x7f;
+ *pos++ = iv16 & 0xFF;
+ return pos;
}
-
-
-/* P1K := Phase1(TA, TK, TSC)
+/*
+ * P1K := Phase1(TA, TK, TSC)
* TA = transmitter address (48 bits)
* TK = dot11DefaultKeyValue or dot11KeyMappingValue (128 bits)
* TSC = TKIP sequence counter (48 bits, only 32 msb bits used)
* P1K: 80 bits
*/
-static void tkip_mixing_phase1(const u8 *ta, const u8 *tk, u32 tsc_IV32,
- u16 *p1k)
+static void tkip_mixing_phase1(const u8 *tk, struct tkip_ctx *ctx,
+ const u8 *ta, u32 tsc_IV32)
{
int i, j;
+ u16 *p1k = ctx->p1k;
- p1k[0] = Lo16(tsc_IV32);
- p1k[1] = Hi16(tsc_IV32);
- p1k[2] = Mk16(ta[1], ta[0]);
- p1k[3] = Mk16(ta[3], ta[2]);
- p1k[4] = Mk16(ta[5], ta[4]);
+ p1k[0] = tsc_IV32 & 0xFFFF;
+ p1k[1] = tsc_IV32 >> 16;
+ p1k[2] = get_unaligned_le16(ta + 0);
+ p1k[3] = get_unaligned_le16(ta + 2);
+ p1k[4] = get_unaligned_le16(ta + 4);
for (i = 0; i < PHASE1_LOOP_COUNT; i++) {
j = 2 * (i & 1);
- p1k[0] += tkip_S(p1k[4] ^ Mk16(tk[ 1 + j], tk[ 0 + j]));
- p1k[1] += tkip_S(p1k[0] ^ Mk16(tk[ 5 + j], tk[ 4 + j]));
- p1k[2] += tkip_S(p1k[1] ^ Mk16(tk[ 9 + j], tk[ 8 + j]));
- p1k[3] += tkip_S(p1k[2] ^ Mk16(tk[13 + j], tk[12 + j]));
- p1k[4] += tkip_S(p1k[3] ^ Mk16(tk[ 1 + j], tk[ 0 + j])) + i;
+ p1k[0] += tkipS(p1k[4] ^ get_unaligned_le16(tk + 0 + j));
+ p1k[1] += tkipS(p1k[0] ^ get_unaligned_le16(tk + 4 + j));
+ p1k[2] += tkipS(p1k[1] ^ get_unaligned_le16(tk + 8 + j));
+ p1k[3] += tkipS(p1k[2] ^ get_unaligned_le16(tk + 12 + j));
+ p1k[4] += tkipS(p1k[3] ^ get_unaligned_le16(tk + 0 + j)) + i;
}
+ ctx->initialized = 1;
}
-
-static void tkip_mixing_phase2(const u16 *p1k, const u8 *tk, u16 tsc_IV16,
- u8 *rc4key)
+static void tkip_mixing_phase2(const u8 *tk, struct tkip_ctx *ctx,
+ u16 tsc_IV16, u8 *rc4key)
{
u16 ppk[6];
+ const u16 *p1k = ctx->p1k;
int i;
ppk[0] = p1k[0];
ppk[4] = p1k[4];
ppk[5] = p1k[4] + tsc_IV16;
- ppk[0] += tkip_S(ppk[5] ^ Mk16(tk[ 1], tk[ 0]));
- ppk[1] += tkip_S(ppk[0] ^ Mk16(tk[ 3], tk[ 2]));
- ppk[2] += tkip_S(ppk[1] ^ Mk16(tk[ 5], tk[ 4]));
- ppk[3] += tkip_S(ppk[2] ^ Mk16(tk[ 7], tk[ 6]));
- ppk[4] += tkip_S(ppk[3] ^ Mk16(tk[ 9], tk[ 8]));
- ppk[5] += tkip_S(ppk[4] ^ Mk16(tk[11], tk[10]));
- ppk[0] += RotR1(ppk[5] ^ Mk16(tk[13], tk[12]));
- ppk[1] += RotR1(ppk[0] ^ Mk16(tk[15], tk[14]));
- ppk[2] += RotR1(ppk[1]);
- ppk[3] += RotR1(ppk[2]);
- ppk[4] += RotR1(ppk[3]);
- ppk[5] += RotR1(ppk[4]);
-
- rc4key[0] = Hi8(tsc_IV16);
- rc4key[1] = (Hi8(tsc_IV16) | 0x20) & 0x7f;
- rc4key[2] = Lo8(tsc_IV16);
- rc4key[3] = Lo8((ppk[5] ^ Mk16(tk[1], tk[0])) >> 1);
-
- for (i = 0; i < 6; i++) {
- rc4key[4 + 2 * i] = Lo8(ppk[i]);
- rc4key[5 + 2 * i] = Hi8(ppk[i]);
- }
+ ppk[0] += tkipS(ppk[5] ^ get_unaligned_le16(tk + 0));
+ ppk[1] += tkipS(ppk[0] ^ get_unaligned_le16(tk + 2));
+ ppk[2] += tkipS(ppk[1] ^ get_unaligned_le16(tk + 4));
+ ppk[3] += tkipS(ppk[2] ^ get_unaligned_le16(tk + 6));
+ ppk[4] += tkipS(ppk[3] ^ get_unaligned_le16(tk + 8));
+ ppk[5] += tkipS(ppk[4] ^ get_unaligned_le16(tk + 10));
+ ppk[0] += ror16(ppk[5] ^ get_unaligned_le16(tk + 12), 1);
+ ppk[1] += ror16(ppk[0] ^ get_unaligned_le16(tk + 14), 1);
+ ppk[2] += ror16(ppk[1], 1);
+ ppk[3] += ror16(ppk[2], 1);
+ ppk[4] += ror16(ppk[3], 1);
+ ppk[5] += ror16(ppk[4], 1);
+
+ rc4key = write_tkip_iv(rc4key, tsc_IV16);
+ *rc4key++ = ((ppk[5] ^ get_unaligned_le16(tk)) >> 1) & 0xFF;
+
+ for (i = 0; i < 6; i++)
+ put_unaligned_le16(ppk[i], rc4key + 2 * i);
}
-
/* Add TKIP IV and Ext. IV at @pos. @iv0, @iv1, and @iv2 are the first octets
* of the IV. Returns pointer to the octet following IVs (i.e., beginning of
* the packet payload). */
-u8 * ieee80211_tkip_add_iv(u8 *pos, struct ieee80211_key *key,
- u8 iv0, u8 iv1, u8 iv2)
+u8 *ieee80211_tkip_add_iv(u8 *pos, struct ieee80211_key *key, u16 iv16)
{
- *pos++ = iv0;
- *pos++ = iv1;
- *pos++ = iv2;
+ pos = write_tkip_iv(pos, iv16);
*pos++ = (key->conf.keyidx << 6) | (1 << 5) /* Ext IV */;
- *pos++ = key->u.tkip.iv32 & 0xff;
- *pos++ = (key->u.tkip.iv32 >> 8) & 0xff;
- *pos++ = (key->u.tkip.iv32 >> 16) & 0xff;
- *pos++ = (key->u.tkip.iv32 >> 24) & 0xff;
- return pos;
-}
-
-
-void ieee80211_tkip_gen_phase1key(struct ieee80211_key *key, u8 *ta,
- u16 *phase1key)
-{
- tkip_mixing_phase1(ta, &key->conf.key[ALG_TKIP_TEMP_ENCR_KEY],
- key->u.tkip.iv32, phase1key);
-}
-
-void ieee80211_tkip_gen_rc4key(struct ieee80211_key *key, u8 *ta,
- u8 *rc4key)
-{
- /* Calculate per-packet key */
- if (key->u.tkip.iv16 == 0 || !key->u.tkip.tx_initialized) {
- /* IV16 wrapped around - perform TKIP phase 1 */
- tkip_mixing_phase1(ta, &key->conf.key[ALG_TKIP_TEMP_ENCR_KEY],
- key->u.tkip.iv32, key->u.tkip.p1k);
- key->u.tkip.tx_initialized = 1;
- }
-
- tkip_mixing_phase2(key->u.tkip.p1k,
- &key->conf.key[ALG_TKIP_TEMP_ENCR_KEY],
- key->u.tkip.iv16, rc4key);
+ put_unaligned_le32(key->u.tkip.tx.iv32, pos);
+ return pos + 4;
}
void ieee80211_get_tkip_key(struct ieee80211_key_conf *keyconf,
{
struct ieee80211_key *key = (struct ieee80211_key *)
container_of(keyconf, struct ieee80211_key, conf);
- struct ieee80211_hdr *hdr = (struct ieee80211_hdr *) skb->data;
- u8 *data = (u8 *) hdr;
- u16 fc = le16_to_cpu(hdr->frame_control);
- int hdr_len = ieee80211_get_hdrlen(fc);
- u8 *ta = hdr->addr2;
+ struct ieee80211_hdr *hdr = (struct ieee80211_hdr *)skb->data;
+ u8 *data;
+ const u8 *tk;
+ struct tkip_ctx *ctx;
u16 iv16;
u32 iv32;
- iv16 = data[hdr_len] << 8;
- iv16 += data[hdr_len + 2];
- iv32 = data[hdr_len + 4] +
- (data[hdr_len + 5] >> 8) +
- (data[hdr_len + 6] >> 16) +
- (data[hdr_len + 7] >> 24);
+ data = (u8 *)hdr + ieee80211_hdrlen(hdr->frame_control);
+ iv16 = data[2] | (data[0] << 8);
+ iv32 = get_unaligned_le32(&data[4]);
+
+ tk = &key->conf.key[NL80211_TKIP_DATA_OFFSET_ENCR_KEY];
+ ctx = &key->u.tkip.tx;
-#ifdef CONFIG_TKIP_DEBUG
+#ifdef CONFIG_MAC80211_TKIP_DEBUG
printk(KERN_DEBUG "TKIP encrypt: iv16 = 0x%04x, iv32 = 0x%08x\n",
iv16, iv32);
- if (iv32 != key->u.tkip.iv32) {
+ if (iv32 != ctx->iv32) {
printk(KERN_DEBUG "skb: iv32 = 0x%08x key: iv32 = 0x%08x\n",
- iv32, key->u.tkip.iv32);
+ iv32, ctx->iv32);
printk(KERN_DEBUG "Wrap around of iv16 in the middle of a "
"fragmented packet\n");
}
-#endif /* CONFIG_TKIP_DEBUG */
+#endif
/* Update the p1k only when the iv16 in the packet wraps around, this
* might occur after the wrap around of iv16 in the key in case of
* fragmented packets. */
- if (iv16 == 0 || !key->u.tkip.tx_initialized) {
- /* IV16 wrapped around - perform TKIP phase 1 */
- tkip_mixing_phase1(ta, &key->conf.key[ALG_TKIP_TEMP_ENCR_KEY],
- iv32, key->u.tkip.p1k);
- key->u.tkip.tx_initialized = 1;
- }
+ if (iv16 == 0 || !ctx->initialized)
+ tkip_mixing_phase1(tk, ctx, hdr->addr2, iv32);
if (type == IEEE80211_TKIP_P1_KEY) {
- memcpy(outkey, key->u.tkip.p1k, sizeof(u16) * 5);
+ memcpy(outkey, ctx->p1k, sizeof(u16) * 5);
return;
}
- tkip_mixing_phase2(key->u.tkip.p1k,
- &key->conf.key[ALG_TKIP_TEMP_ENCR_KEY], iv16, outkey);
+ tkip_mixing_phase2(tk, ctx, iv16, outkey);
}
EXPORT_SYMBOL(ieee80211_get_tkip_key);
u8 *pos, size_t payload_len, u8 *ta)
{
u8 rc4key[16];
+ struct tkip_ctx *ctx = &key->u.tkip.tx;
+ const u8 *tk = &key->conf.key[NL80211_TKIP_DATA_OFFSET_ENCR_KEY];
+
+ /* Calculate per-packet key */
+ if (ctx->iv16 == 0 || !ctx->initialized)
+ tkip_mixing_phase1(tk, ctx, ta, ctx->iv32);
+
+ tkip_mixing_phase2(tk, ctx, ctx->iv16, rc4key);
- ieee80211_tkip_gen_rc4key(key, ta, rc4key);
- pos = ieee80211_tkip_add_iv(pos, key, rc4key[0], rc4key[1], rc4key[2]);
+ pos = ieee80211_tkip_add_iv(pos, key, key->u.tkip.tx.iv16);
ieee80211_wep_encrypt_data(tfm, rc4key, 16, pos, payload_len);
}
-
/* Decrypt packet payload with TKIP using @key. @pos is a pointer to the
* beginning of the buffer containing IEEE 802.11 header payload, i.e.,
* including IV, Ext. IV, real data, Michael MIC, ICV. @payload_len is the
u32 iv16;
u8 rc4key[16], keyid, *pos = payload;
int res;
+ const u8 *tk = &key->conf.key[NL80211_TKIP_DATA_OFFSET_ENCR_KEY];
if (payload_len < 12)
return -1;
iv16 = (pos[0] << 8) | pos[2];
keyid = pos[3];
- iv32 = pos[4] | (pos[5] << 8) | (pos[6] << 16) | (pos[7] << 24);
+ iv32 = get_unaligned_le32(pos + 4);
pos += 8;
-#ifdef CONFIG_TKIP_DEBUG
+#ifdef CONFIG_MAC80211_TKIP_DEBUG
{
int i;
printk(KERN_DEBUG "TKIP decrypt: data(len=%zd)", payload_len);
printk(KERN_DEBUG "TKIP decrypt: iv16=%04x iv32=%08x\n",
iv16, iv32);
}
-#endif /* CONFIG_TKIP_DEBUG */
+#endif
if (!(keyid & (1 << 5)))
return TKIP_DECRYPT_NO_EXT_IV;
if ((keyid >> 6) != key->conf.keyidx)
return TKIP_DECRYPT_INVALID_KEYIDX;
- if (key->u.tkip.rx_initialized[queue] &&
- (iv32 < key->u.tkip.iv32_rx[queue] ||
- (iv32 == key->u.tkip.iv32_rx[queue] &&
- iv16 <= key->u.tkip.iv16_rx[queue]))) {
-#ifdef CONFIG_TKIP_DEBUG
+ if (key->u.tkip.rx[queue].initialized &&
+ (iv32 < key->u.tkip.rx[queue].iv32 ||
+ (iv32 == key->u.tkip.rx[queue].iv32 &&
+ iv16 <= key->u.tkip.rx[queue].iv16))) {
+#ifdef CONFIG_MAC80211_TKIP_DEBUG
DECLARE_MAC_BUF(mac);
printk(KERN_DEBUG "TKIP replay detected for RX frame from "
"%s (RX IV (%04x,%02x) <= prev. IV (%04x,%02x)\n",
print_mac(mac, ta),
- iv32, iv16, key->u.tkip.iv32_rx[queue],
- key->u.tkip.iv16_rx[queue]);
-#endif /* CONFIG_TKIP_DEBUG */
+ iv32, iv16, key->u.tkip.rx[queue].iv32,
+ key->u.tkip.rx[queue].iv16);
+#endif
return TKIP_DECRYPT_REPLAY;
}
if (only_iv) {
res = TKIP_DECRYPT_OK;
- key->u.tkip.rx_initialized[queue] = 1;
+ key->u.tkip.rx[queue].initialized = 1;
goto done;
}
- if (!key->u.tkip.rx_initialized[queue] ||
- key->u.tkip.iv32_rx[queue] != iv32) {
- key->u.tkip.rx_initialized[queue] = 1;
+ if (!key->u.tkip.rx[queue].initialized ||
+ key->u.tkip.rx[queue].iv32 != iv32) {
/* IV16 wrapped around - perform TKIP phase 1 */
- tkip_mixing_phase1(ta, &key->conf.key[ALG_TKIP_TEMP_ENCR_KEY],
- iv32, key->u.tkip.p1k_rx[queue]);
-#ifdef CONFIG_TKIP_DEBUG
+ tkip_mixing_phase1(tk, &key->u.tkip.rx[queue], ta, iv32);
+#ifdef CONFIG_MAC80211_TKIP_DEBUG
{
int i;
+ u8 key_offset = NL80211_TKIP_DATA_OFFSET_ENCR_KEY;
DECLARE_MAC_BUF(mac);
printk(KERN_DEBUG "TKIP decrypt: Phase1 TA=%s"
" TK=", print_mac(mac, ta));
for (i = 0; i < 16; i++)
printk("%02x ",
- key->conf.key[
- ALG_TKIP_TEMP_ENCR_KEY + i]);
+ key->conf.key[key_offset + i]);
printk("\n");
printk(KERN_DEBUG "TKIP decrypt: P1K=");
for (i = 0; i < 5; i++)
- printk("%04x ", key->u.tkip.p1k_rx[queue][i]);
+ printk("%04x ", key->u.tkip.rx[queue].p1k[i]);
printk("\n");
}
-#endif /* CONFIG_TKIP_DEBUG */
+#endif
if (key->local->ops->update_tkip_key &&
key->flags & KEY_FLAG_UPLOADED_TO_HARDWARE) {
u8 bcast[ETH_ALEN] =
key->local->ops->update_tkip_key(
local_to_hw(key->local), &key->conf,
- sta_addr, iv32, key->u.tkip.p1k_rx[queue]);
+ sta_addr, iv32, key->u.tkip.rx[queue].p1k);
}
}
- tkip_mixing_phase2(key->u.tkip.p1k_rx[queue],
- &key->conf.key[ALG_TKIP_TEMP_ENCR_KEY],
- iv16, rc4key);
-#ifdef CONFIG_TKIP_DEBUG
+ tkip_mixing_phase2(tk, &key->u.tkip.rx[queue], iv16, rc4key);
+#ifdef CONFIG_MAC80211_TKIP_DEBUG
{
int i;
printk(KERN_DEBUG "TKIP decrypt: Phase2 rc4key=");
printk("%02x ", rc4key[i]);
printk("\n");
}
-#endif /* CONFIG_TKIP_DEBUG */
+#endif
res = ieee80211_wep_decrypt_data(tfm, rc4key, 16, pos, payload_len - 12);
done:
return res;
}
-
-
git.openpandora.org / pandora-kernel.git / blobdiff