2 * Host AP crypt: host-based TKIP encryption implementation for Host AP driver
4 * Copyright (c) 2003-2004, Jouni Malinen <jkmaline@cc.hut.fi>
6 * This program is free software; you can redistribute it and/or modify
7 * it under the terms of the GNU General Public License version 2 as
8 * published by the Free Software Foundation. See README and COPYING for
12 #include <linux/err.h>
13 #include <linux/module.h>
14 #include <linux/init.h>
15 #include <linux/slab.h>
16 #include <linux/random.h>
17 #include <linux/skbuff.h>
18 #include <linux/netdevice.h>
19 #include <linux/if_ether.h>
20 #include <linux/if_arp.h>
21 #include <asm/string.h>
23 #include <net/ieee80211.h>
25 #include <linux/crypto.h>
26 #include <asm/scatterlist.h>
27 #include <linux/crc32.h>
29 MODULE_AUTHOR("Jouni Malinen");
30 MODULE_DESCRIPTION("Host AP crypt: TKIP");
31 MODULE_LICENSE("GPL");
33 struct ieee80211_tkip_data
{
34 #define TKIP_KEY_LEN 32
50 u32 dot11RSNAStatsTKIPReplays
;
51 u32 dot11RSNAStatsTKIPICVErrors
;
52 u32 dot11RSNAStatsTKIPLocalMICFailures
;
56 struct crypto_blkcipher
*tfm_arc4
;
57 struct crypto_tfm
*tfm_michael
;
59 /* scratch buffers for virt_to_page() (crypto API) */
60 u8 rx_hdr
[16], tx_hdr
[16];
65 static unsigned long ieee80211_tkip_set_flags(unsigned long flags
, void *priv
)
67 struct ieee80211_tkip_data
*_priv
= priv
;
68 unsigned long old_flags
= _priv
->flags
;
73 static unsigned long ieee80211_tkip_get_flags(void *priv
)
75 struct ieee80211_tkip_data
*_priv
= priv
;
79 static void *ieee80211_tkip_init(int key_idx
)
81 struct ieee80211_tkip_data
*priv
;
83 priv
= kzalloc(sizeof(*priv
), GFP_ATOMIC
);
87 priv
->key_idx
= key_idx
;
89 priv
->tfm_arc4
= crypto_alloc_blkcipher("ecb(arc4)", 0,
91 if (IS_ERR(priv
->tfm_arc4
)) {
92 printk(KERN_DEBUG
"ieee80211_crypt_tkip: could not allocate "
94 priv
->tfm_arc4
= NULL
;
98 priv
->tfm_michael
= crypto_alloc_tfm("michael_mic", 0);
99 if (priv
->tfm_michael
== NULL
) {
100 printk(KERN_DEBUG
"ieee80211_crypt_tkip: could not allocate "
101 "crypto API michael_mic\n");
109 if (priv
->tfm_michael
)
110 crypto_free_tfm(priv
->tfm_michael
);
112 crypto_free_blkcipher(priv
->tfm_arc4
);
119 static void ieee80211_tkip_deinit(void *priv
)
121 struct ieee80211_tkip_data
*_priv
= priv
;
122 if (_priv
&& _priv
->tfm_michael
)
123 crypto_free_tfm(_priv
->tfm_michael
);
124 if (_priv
&& _priv
->tfm_arc4
)
125 crypto_free_blkcipher(_priv
->tfm_arc4
);
129 static inline u16
RotR1(u16 val
)
131 return (val
>> 1) | (val
<< 15);
134 static inline u8
Lo8(u16 val
)
139 static inline u8
Hi8(u16 val
)
144 static inline u16
Lo16(u32 val
)
149 static inline u16
Hi16(u32 val
)
154 static inline u16
Mk16(u8 hi
, u8 lo
)
156 return lo
| (((u16
) hi
) << 8);
159 static inline u16
Mk16_le(u16
* v
)
161 return le16_to_cpu(*v
);
164 static const u16 Sbox
[256] = {
165 0xC6A5, 0xF884, 0xEE99, 0xF68D, 0xFF0D, 0xD6BD, 0xDEB1, 0x9154,
166 0x6050, 0x0203, 0xCEA9, 0x567D, 0xE719, 0xB562, 0x4DE6, 0xEC9A,
167 0x8F45, 0x1F9D, 0x8940, 0xFA87, 0xEF15, 0xB2EB, 0x8EC9, 0xFB0B,
168 0x41EC, 0xB367, 0x5FFD, 0x45EA, 0x23BF, 0x53F7, 0xE496, 0x9B5B,
169 0x75C2, 0xE11C, 0x3DAE, 0x4C6A, 0x6C5A, 0x7E41, 0xF502, 0x834F,
170 0x685C, 0x51F4, 0xD134, 0xF908, 0xE293, 0xAB73, 0x6253, 0x2A3F,
171 0x080C, 0x9552, 0x4665, 0x9D5E, 0x3028, 0x37A1, 0x0A0F, 0x2FB5,
172 0x0E09, 0x2436, 0x1B9B, 0xDF3D, 0xCD26, 0x4E69, 0x7FCD, 0xEA9F,
173 0x121B, 0x1D9E, 0x5874, 0x342E, 0x362D, 0xDCB2, 0xB4EE, 0x5BFB,
174 0xA4F6, 0x764D, 0xB761, 0x7DCE, 0x527B, 0xDD3E, 0x5E71, 0x1397,
175 0xA6F5, 0xB968, 0x0000, 0xC12C, 0x4060, 0xE31F, 0x79C8, 0xB6ED,
176 0xD4BE, 0x8D46, 0x67D9, 0x724B, 0x94DE, 0x98D4, 0xB0E8, 0x854A,
177 0xBB6B, 0xC52A, 0x4FE5, 0xED16, 0x86C5, 0x9AD7, 0x6655, 0x1194,
178 0x8ACF, 0xE910, 0x0406, 0xFE81, 0xA0F0, 0x7844, 0x25BA, 0x4BE3,
179 0xA2F3, 0x5DFE, 0x80C0, 0x058A, 0x3FAD, 0x21BC, 0x7048, 0xF104,
180 0x63DF, 0x77C1, 0xAF75, 0x4263, 0x2030, 0xE51A, 0xFD0E, 0xBF6D,
181 0x814C, 0x1814, 0x2635, 0xC32F, 0xBEE1, 0x35A2, 0x88CC, 0x2E39,
182 0x9357, 0x55F2, 0xFC82, 0x7A47, 0xC8AC, 0xBAE7, 0x322B, 0xE695,
183 0xC0A0, 0x1998, 0x9ED1, 0xA37F, 0x4466, 0x547E, 0x3BAB, 0x0B83,
184 0x8CCA, 0xC729, 0x6BD3, 0x283C, 0xA779, 0xBCE2, 0x161D, 0xAD76,
185 0xDB3B, 0x6456, 0x744E, 0x141E, 0x92DB, 0x0C0A, 0x486C, 0xB8E4,
186 0x9F5D, 0xBD6E, 0x43EF, 0xC4A6, 0x39A8, 0x31A4, 0xD337, 0xF28B,
187 0xD532, 0x8B43, 0x6E59, 0xDAB7, 0x018C, 0xB164, 0x9CD2, 0x49E0,
188 0xD8B4, 0xACFA, 0xF307, 0xCF25, 0xCAAF, 0xF48E, 0x47E9, 0x1018,
189 0x6FD5, 0xF088, 0x4A6F, 0x5C72, 0x3824, 0x57F1, 0x73C7, 0x9751,
190 0xCB23, 0xA17C, 0xE89C, 0x3E21, 0x96DD, 0x61DC, 0x0D86, 0x0F85,
191 0xE090, 0x7C42, 0x71C4, 0xCCAA, 0x90D8, 0x0605, 0xF701, 0x1C12,
192 0xC2A3, 0x6A5F, 0xAEF9, 0x69D0, 0x1791, 0x9958, 0x3A27, 0x27B9,
193 0xD938, 0xEB13, 0x2BB3, 0x2233, 0xD2BB, 0xA970, 0x0789, 0x33A7,
194 0x2DB6, 0x3C22, 0x1592, 0xC920, 0x8749, 0xAAFF, 0x5078, 0xA57A,
195 0x038F, 0x59F8, 0x0980, 0x1A17, 0x65DA, 0xD731, 0x84C6, 0xD0B8,
196 0x82C3, 0x29B0, 0x5A77, 0x1E11, 0x7BCB, 0xA8FC, 0x6DD6, 0x2C3A,
199 static inline u16
_S_(u16 v
)
201 u16 t
= Sbox
[Hi8(v
)];
202 return Sbox
[Lo8(v
)] ^ ((t
<< 8) | (t
>> 8));
205 #define PHASE1_LOOP_COUNT 8
207 static void tkip_mixing_phase1(u16
* TTAK
, const u8
* TK
, const u8
* TA
,
212 /* Initialize the 80-bit TTAK from TSC (IV32) and TA[0..5] */
213 TTAK
[0] = Lo16(IV32
);
214 TTAK
[1] = Hi16(IV32
);
215 TTAK
[2] = Mk16(TA
[1], TA
[0]);
216 TTAK
[3] = Mk16(TA
[3], TA
[2]);
217 TTAK
[4] = Mk16(TA
[5], TA
[4]);
219 for (i
= 0; i
< PHASE1_LOOP_COUNT
; i
++) {
221 TTAK
[0] += _S_(TTAK
[4] ^ Mk16(TK
[1 + j
], TK
[0 + j
]));
222 TTAK
[1] += _S_(TTAK
[0] ^ Mk16(TK
[5 + j
], TK
[4 + j
]));
223 TTAK
[2] += _S_(TTAK
[1] ^ Mk16(TK
[9 + j
], TK
[8 + j
]));
224 TTAK
[3] += _S_(TTAK
[2] ^ Mk16(TK
[13 + j
], TK
[12 + j
]));
225 TTAK
[4] += _S_(TTAK
[3] ^ Mk16(TK
[1 + j
], TK
[0 + j
])) + i
;
229 static void tkip_mixing_phase2(u8
* WEPSeed
, const u8
* TK
, const u16
* TTAK
,
232 /* Make temporary area overlap WEP seed so that the final copy can be
233 * avoided on little endian hosts. */
234 u16
*PPK
= (u16
*) & WEPSeed
[4];
236 /* Step 1 - make copy of TTAK and bring in TSC */
242 PPK
[5] = TTAK
[4] + IV16
;
244 /* Step 2 - 96-bit bijective mixing using S-box */
245 PPK
[0] += _S_(PPK
[5] ^ Mk16_le((u16
*) & TK
[0]));
246 PPK
[1] += _S_(PPK
[0] ^ Mk16_le((u16
*) & TK
[2]));
247 PPK
[2] += _S_(PPK
[1] ^ Mk16_le((u16
*) & TK
[4]));
248 PPK
[3] += _S_(PPK
[2] ^ Mk16_le((u16
*) & TK
[6]));
249 PPK
[4] += _S_(PPK
[3] ^ Mk16_le((u16
*) & TK
[8]));
250 PPK
[5] += _S_(PPK
[4] ^ Mk16_le((u16
*) & TK
[10]));
252 PPK
[0] += RotR1(PPK
[5] ^ Mk16_le((u16
*) & TK
[12]));
253 PPK
[1] += RotR1(PPK
[0] ^ Mk16_le((u16
*) & TK
[14]));
254 PPK
[2] += RotR1(PPK
[1]);
255 PPK
[3] += RotR1(PPK
[2]);
256 PPK
[4] += RotR1(PPK
[3]);
257 PPK
[5] += RotR1(PPK
[4]);
259 /* Step 3 - bring in last of TK bits, assign 24-bit WEP IV value
260 * WEPSeed[0..2] is transmitted as WEP IV */
261 WEPSeed
[0] = Hi8(IV16
);
262 WEPSeed
[1] = (Hi8(IV16
) | 0x20) & 0x7F;
263 WEPSeed
[2] = Lo8(IV16
);
264 WEPSeed
[3] = Lo8((PPK
[5] ^ Mk16_le((u16
*) & TK
[0])) >> 1);
269 for (i
= 0; i
< 6; i
++)
270 PPK
[i
] = (PPK
[i
] << 8) | (PPK
[i
] >> 8);
275 static int ieee80211_tkip_hdr(struct sk_buff
*skb
, int hdr_len
,
276 u8
* rc4key
, int keylen
, void *priv
)
278 struct ieee80211_tkip_data
*tkey
= priv
;
281 struct ieee80211_hdr_4addr
*hdr
;
283 hdr
= (struct ieee80211_hdr_4addr
*)skb
->data
;
285 if (skb_headroom(skb
) < 8 || skb
->len
< hdr_len
)
288 if (rc4key
== NULL
|| keylen
< 16)
291 if (!tkey
->tx_phase1_done
) {
292 tkip_mixing_phase1(tkey
->tx_ttak
, tkey
->key
, hdr
->addr2
,
294 tkey
->tx_phase1_done
= 1;
296 tkip_mixing_phase2(rc4key
, tkey
->key
, tkey
->tx_ttak
, tkey
->tx_iv16
);
298 len
= skb
->len
- hdr_len
;
299 pos
= skb_push(skb
, 8);
300 memmove(pos
, pos
+ 8, hdr_len
);
304 *pos
++ = *(rc4key
+ 1);
305 *pos
++ = *(rc4key
+ 2);
306 *pos
++ = (tkey
->key_idx
<< 6) | (1 << 5) /* Ext IV included */ ;
307 *pos
++ = tkey
->tx_iv32
& 0xff;
308 *pos
++ = (tkey
->tx_iv32
>> 8) & 0xff;
309 *pos
++ = (tkey
->tx_iv32
>> 16) & 0xff;
310 *pos
++ = (tkey
->tx_iv32
>> 24) & 0xff;
313 if (tkey
->tx_iv16
== 0) {
314 tkey
->tx_phase1_done
= 0;
321 static int ieee80211_tkip_encrypt(struct sk_buff
*skb
, int hdr_len
, void *priv
)
323 struct ieee80211_tkip_data
*tkey
= priv
;
324 struct blkcipher_desc desc
= { .tfm
= tkey
->tfm_arc4
};
326 u8 rc4key
[16], *pos
, *icv
;
328 struct scatterlist sg
;
330 if (tkey
->flags
& IEEE80211_CRYPTO_TKIP_COUNTERMEASURES
) {
331 if (net_ratelimit()) {
332 struct ieee80211_hdr_4addr
*hdr
=
333 (struct ieee80211_hdr_4addr
*)skb
->data
;
334 printk(KERN_DEBUG
": TKIP countermeasures: dropped "
335 "TX packet to " MAC_FMT
"\n",
336 MAC_ARG(hdr
->addr1
));
341 if (skb_tailroom(skb
) < 4 || skb
->len
< hdr_len
)
344 len
= skb
->len
- hdr_len
;
345 pos
= skb
->data
+ hdr_len
;
347 if ((ieee80211_tkip_hdr(skb
, hdr_len
, rc4key
, 16, priv
)) < 0)
350 icv
= skb_put(skb
, 4);
352 crc
= ~crc32_le(~0, pos
, len
);
358 crypto_blkcipher_setkey(tkey
->tfm_arc4
, rc4key
, 16);
359 sg
.page
= virt_to_page(pos
);
360 sg
.offset
= offset_in_page(pos
);
362 return crypto_blkcipher_encrypt(&desc
, &sg
, &sg
, len
+ 4);
365 static int ieee80211_tkip_decrypt(struct sk_buff
*skb
, int hdr_len
, void *priv
)
367 struct ieee80211_tkip_data
*tkey
= priv
;
368 struct blkcipher_desc desc
= { .tfm
= tkey
->tfm_arc4
};
373 struct ieee80211_hdr_4addr
*hdr
;
376 struct scatterlist sg
;
379 hdr
= (struct ieee80211_hdr_4addr
*)skb
->data
;
381 if (tkey
->flags
& IEEE80211_CRYPTO_TKIP_COUNTERMEASURES
) {
382 if (net_ratelimit()) {
383 printk(KERN_DEBUG
": TKIP countermeasures: dropped "
384 "received packet from " MAC_FMT
"\n",
385 MAC_ARG(hdr
->addr2
));
390 if (skb
->len
< hdr_len
+ 8 + 4)
393 pos
= skb
->data
+ hdr_len
;
395 if (!(keyidx
& (1 << 5))) {
396 if (net_ratelimit()) {
397 printk(KERN_DEBUG
"TKIP: received packet without ExtIV"
398 " flag from " MAC_FMT
"\n", MAC_ARG(hdr
->addr2
));
403 if (tkey
->key_idx
!= keyidx
) {
404 printk(KERN_DEBUG
"TKIP: RX tkey->key_idx=%d frame "
405 "keyidx=%d priv=%p\n", tkey
->key_idx
, keyidx
, priv
);
408 if (!tkey
->key_set
) {
409 if (net_ratelimit()) {
410 printk(KERN_DEBUG
"TKIP: received packet from " MAC_FMT
411 " with keyid=%d that does not have a configured"
412 " key\n", MAC_ARG(hdr
->addr2
), keyidx
);
416 iv16
= (pos
[0] << 8) | pos
[2];
417 iv32
= pos
[4] | (pos
[5] << 8) | (pos
[6] << 16) | (pos
[7] << 24);
420 if (iv32
< tkey
->rx_iv32
||
421 (iv32
== tkey
->rx_iv32
&& iv16
<= tkey
->rx_iv16
)) {
422 if (net_ratelimit()) {
423 printk(KERN_DEBUG
"TKIP: replay detected: STA=" MAC_FMT
424 " previous TSC %08x%04x received TSC "
425 "%08x%04x\n", MAC_ARG(hdr
->addr2
),
426 tkey
->rx_iv32
, tkey
->rx_iv16
, iv32
, iv16
);
428 tkey
->dot11RSNAStatsTKIPReplays
++;
432 if (iv32
!= tkey
->rx_iv32
|| !tkey
->rx_phase1_done
) {
433 tkip_mixing_phase1(tkey
->rx_ttak
, tkey
->key
, hdr
->addr2
, iv32
);
434 tkey
->rx_phase1_done
= 1;
436 tkip_mixing_phase2(rc4key
, tkey
->key
, tkey
->rx_ttak
, iv16
);
438 plen
= skb
->len
- hdr_len
- 12;
440 crypto_blkcipher_setkey(tkey
->tfm_arc4
, rc4key
, 16);
441 sg
.page
= virt_to_page(pos
);
442 sg
.offset
= offset_in_page(pos
);
443 sg
.length
= plen
+ 4;
444 if (crypto_blkcipher_decrypt(&desc
, &sg
, &sg
, plen
+ 4)) {
445 if (net_ratelimit()) {
446 printk(KERN_DEBUG
": TKIP: failed to decrypt "
447 "received packet from " MAC_FMT
"\n",
448 MAC_ARG(hdr
->addr2
));
453 crc
= ~crc32_le(~0, pos
, plen
);
458 if (memcmp(icv
, pos
+ plen
, 4) != 0) {
459 if (iv32
!= tkey
->rx_iv32
) {
460 /* Previously cached Phase1 result was already lost, so
461 * it needs to be recalculated for the next packet. */
462 tkey
->rx_phase1_done
= 0;
464 if (net_ratelimit()) {
465 printk(KERN_DEBUG
"TKIP: ICV error detected: STA="
466 MAC_FMT
"\n", MAC_ARG(hdr
->addr2
));
468 tkey
->dot11RSNAStatsTKIPICVErrors
++;
472 /* Update real counters only after Michael MIC verification has
474 tkey
->rx_iv32_new
= iv32
;
475 tkey
->rx_iv16_new
= iv16
;
477 /* Remove IV and ICV */
478 memmove(skb
->data
+ 8, skb
->data
, hdr_len
);
480 skb_trim(skb
, skb
->len
- 4);
485 static int michael_mic(struct ieee80211_tkip_data
*tkey
, u8
* key
, u8
* hdr
,
486 u8
* data
, size_t data_len
, u8
* mic
)
488 struct scatterlist sg
[2];
490 if (tkey
->tfm_michael
== NULL
) {
491 printk(KERN_WARNING
"michael_mic: tfm_michael == NULL\n");
494 sg
[0].page
= virt_to_page(hdr
);
495 sg
[0].offset
= offset_in_page(hdr
);
498 sg
[1].page
= virt_to_page(data
);
499 sg
[1].offset
= offset_in_page(data
);
500 sg
[1].length
= data_len
;
502 crypto_digest_init(tkey
->tfm_michael
);
503 crypto_digest_setkey(tkey
->tfm_michael
, key
, 8);
504 crypto_digest_update(tkey
->tfm_michael
, sg
, 2);
505 crypto_digest_final(tkey
->tfm_michael
, mic
);
510 static void michael_mic_hdr(struct sk_buff
*skb
, u8
* hdr
)
512 struct ieee80211_hdr_4addr
*hdr11
;
515 hdr11
= (struct ieee80211_hdr_4addr
*)skb
->data
;
516 stype
= WLAN_FC_GET_STYPE(le16_to_cpu(hdr11
->frame_ctl
));
518 switch (le16_to_cpu(hdr11
->frame_ctl
) &
519 (IEEE80211_FCTL_FROMDS
| IEEE80211_FCTL_TODS
)) {
520 case IEEE80211_FCTL_TODS
:
521 memcpy(hdr
, hdr11
->addr3
, ETH_ALEN
); /* DA */
522 memcpy(hdr
+ ETH_ALEN
, hdr11
->addr2
, ETH_ALEN
); /* SA */
524 case IEEE80211_FCTL_FROMDS
:
525 memcpy(hdr
, hdr11
->addr1
, ETH_ALEN
); /* DA */
526 memcpy(hdr
+ ETH_ALEN
, hdr11
->addr3
, ETH_ALEN
); /* SA */
528 case IEEE80211_FCTL_FROMDS
| IEEE80211_FCTL_TODS
:
529 memcpy(hdr
, hdr11
->addr3
, ETH_ALEN
); /* DA */
530 memcpy(hdr
+ ETH_ALEN
, hdr11
->addr4
, ETH_ALEN
); /* SA */
533 memcpy(hdr
, hdr11
->addr1
, ETH_ALEN
); /* DA */
534 memcpy(hdr
+ ETH_ALEN
, hdr11
->addr2
, ETH_ALEN
); /* SA */
538 if (stype
& IEEE80211_STYPE_QOS_DATA
) {
539 const struct ieee80211_hdr_3addrqos
*qoshdr
=
540 (struct ieee80211_hdr_3addrqos
*)skb
->data
;
541 hdr
[12] = le16_to_cpu(qoshdr
->qos_ctl
) & IEEE80211_QCTL_TID
;
543 hdr
[12] = 0; /* priority */
545 hdr
[13] = hdr
[14] = hdr
[15] = 0; /* reserved */
548 static int ieee80211_michael_mic_add(struct sk_buff
*skb
, int hdr_len
,
551 struct ieee80211_tkip_data
*tkey
= priv
;
554 if (skb_tailroom(skb
) < 8 || skb
->len
< hdr_len
) {
555 printk(KERN_DEBUG
"Invalid packet for Michael MIC add "
556 "(tailroom=%d hdr_len=%d skb->len=%d)\n",
557 skb_tailroom(skb
), hdr_len
, skb
->len
);
561 michael_mic_hdr(skb
, tkey
->tx_hdr
);
562 pos
= skb_put(skb
, 8);
563 if (michael_mic(tkey
, &tkey
->key
[16], tkey
->tx_hdr
,
564 skb
->data
+ hdr_len
, skb
->len
- 8 - hdr_len
, pos
))
570 static void ieee80211_michael_mic_failure(struct net_device
*dev
,
571 struct ieee80211_hdr_4addr
*hdr
,
574 union iwreq_data wrqu
;
575 struct iw_michaelmicfailure ev
;
577 /* TODO: needed parameters: count, keyid, key type, TSC */
578 memset(&ev
, 0, sizeof(ev
));
579 ev
.flags
= keyidx
& IW_MICFAILURE_KEY_ID
;
580 if (hdr
->addr1
[0] & 0x01)
581 ev
.flags
|= IW_MICFAILURE_GROUP
;
583 ev
.flags
|= IW_MICFAILURE_PAIRWISE
;
584 ev
.src_addr
.sa_family
= ARPHRD_ETHER
;
585 memcpy(ev
.src_addr
.sa_data
, hdr
->addr2
, ETH_ALEN
);
586 memset(&wrqu
, 0, sizeof(wrqu
));
587 wrqu
.data
.length
= sizeof(ev
);
588 wireless_send_event(dev
, IWEVMICHAELMICFAILURE
, &wrqu
, (char *)&ev
);
591 static int ieee80211_michael_mic_verify(struct sk_buff
*skb
, int keyidx
,
592 int hdr_len
, void *priv
)
594 struct ieee80211_tkip_data
*tkey
= priv
;
600 michael_mic_hdr(skb
, tkey
->rx_hdr
);
601 if (michael_mic(tkey
, &tkey
->key
[24], tkey
->rx_hdr
,
602 skb
->data
+ hdr_len
, skb
->len
- 8 - hdr_len
, mic
))
604 if (memcmp(mic
, skb
->data
+ skb
->len
- 8, 8) != 0) {
605 struct ieee80211_hdr_4addr
*hdr
;
606 hdr
= (struct ieee80211_hdr_4addr
*)skb
->data
;
607 printk(KERN_DEBUG
"%s: Michael MIC verification failed for "
608 "MSDU from " MAC_FMT
" keyidx=%d\n",
609 skb
->dev
? skb
->dev
->name
: "N/A", MAC_ARG(hdr
->addr2
),
612 ieee80211_michael_mic_failure(skb
->dev
, hdr
, keyidx
);
613 tkey
->dot11RSNAStatsTKIPLocalMICFailures
++;
617 /* Update TSC counters for RX now that the packet verification has
619 tkey
->rx_iv32
= tkey
->rx_iv32_new
;
620 tkey
->rx_iv16
= tkey
->rx_iv16_new
;
622 skb_trim(skb
, skb
->len
- 8);
627 static int ieee80211_tkip_set_key(void *key
, int len
, u8
* seq
, void *priv
)
629 struct ieee80211_tkip_data
*tkey
= priv
;
631 struct crypto_tfm
*tfm
= tkey
->tfm_michael
;
632 struct crypto_blkcipher
*tfm2
= tkey
->tfm_arc4
;
634 keyidx
= tkey
->key_idx
;
635 memset(tkey
, 0, sizeof(*tkey
));
636 tkey
->key_idx
= keyidx
;
637 tkey
->tfm_michael
= tfm
;
638 tkey
->tfm_arc4
= tfm2
;
639 if (len
== TKIP_KEY_LEN
) {
640 memcpy(tkey
->key
, key
, TKIP_KEY_LEN
);
642 tkey
->tx_iv16
= 1; /* TSC is initialized to 1 */
644 tkey
->rx_iv32
= (seq
[5] << 24) | (seq
[4] << 16) |
645 (seq
[3] << 8) | seq
[2];
646 tkey
->rx_iv16
= (seq
[1] << 8) | seq
[0];
656 static int ieee80211_tkip_get_key(void *key
, int len
, u8
* seq
, void *priv
)
658 struct ieee80211_tkip_data
*tkey
= priv
;
660 if (len
< TKIP_KEY_LEN
)
665 memcpy(key
, tkey
->key
, TKIP_KEY_LEN
);
668 /* Return the sequence number of the last transmitted frame. */
669 u16 iv16
= tkey
->tx_iv16
;
670 u32 iv32
= tkey
->tx_iv32
;
674 seq
[0] = tkey
->tx_iv16
;
675 seq
[1] = tkey
->tx_iv16
>> 8;
676 seq
[2] = tkey
->tx_iv32
;
677 seq
[3] = tkey
->tx_iv32
>> 8;
678 seq
[4] = tkey
->tx_iv32
>> 16;
679 seq
[5] = tkey
->tx_iv32
>> 24;
685 static char *ieee80211_tkip_print_stats(char *p
, void *priv
)
687 struct ieee80211_tkip_data
*tkip
= priv
;
688 p
+= sprintf(p
, "key[%d] alg=TKIP key_set=%d "
689 "tx_pn=%02x%02x%02x%02x%02x%02x "
690 "rx_pn=%02x%02x%02x%02x%02x%02x "
691 "replays=%d icv_errors=%d local_mic_failures=%d\n",
692 tkip
->key_idx
, tkip
->key_set
,
693 (tkip
->tx_iv32
>> 24) & 0xff,
694 (tkip
->tx_iv32
>> 16) & 0xff,
695 (tkip
->tx_iv32
>> 8) & 0xff,
696 tkip
->tx_iv32
& 0xff,
697 (tkip
->tx_iv16
>> 8) & 0xff,
698 tkip
->tx_iv16
& 0xff,
699 (tkip
->rx_iv32
>> 24) & 0xff,
700 (tkip
->rx_iv32
>> 16) & 0xff,
701 (tkip
->rx_iv32
>> 8) & 0xff,
702 tkip
->rx_iv32
& 0xff,
703 (tkip
->rx_iv16
>> 8) & 0xff,
704 tkip
->rx_iv16
& 0xff,
705 tkip
->dot11RSNAStatsTKIPReplays
,
706 tkip
->dot11RSNAStatsTKIPICVErrors
,
707 tkip
->dot11RSNAStatsTKIPLocalMICFailures
);
711 static struct ieee80211_crypto_ops ieee80211_crypt_tkip
= {
713 .init
= ieee80211_tkip_init
,
714 .deinit
= ieee80211_tkip_deinit
,
715 .build_iv
= ieee80211_tkip_hdr
,
716 .encrypt_mpdu
= ieee80211_tkip_encrypt
,
717 .decrypt_mpdu
= ieee80211_tkip_decrypt
,
718 .encrypt_msdu
= ieee80211_michael_mic_add
,
719 .decrypt_msdu
= ieee80211_michael_mic_verify
,
720 .set_key
= ieee80211_tkip_set_key
,
721 .get_key
= ieee80211_tkip_get_key
,
722 .print_stats
= ieee80211_tkip_print_stats
,
723 .extra_mpdu_prefix_len
= 4 + 4, /* IV + ExtIV */
724 .extra_mpdu_postfix_len
= 4, /* ICV */
725 .extra_msdu_postfix_len
= 8, /* MIC */
726 .get_flags
= ieee80211_tkip_get_flags
,
727 .set_flags
= ieee80211_tkip_set_flags
,
728 .owner
= THIS_MODULE
,
731 static int __init
ieee80211_crypto_tkip_init(void)
733 return ieee80211_register_crypto_ops(&ieee80211_crypt_tkip
);
736 static void __exit
ieee80211_crypto_tkip_exit(void)
738 ieee80211_unregister_crypto_ops(&ieee80211_crypt_tkip
);
741 module_init(ieee80211_crypto_tkip_init
);
742 module_exit(ieee80211_crypto_tkip_exit
);