search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
[MTD] NAND: Alchemy board driver cleanup
[linux-2.6/x86.git] / net / ieee80211 / ieee80211_crypt_tkip.c
blob2e34f29b7956f46c4f81fef31953af4953fd2752
1 /*
2 * Host AP crypt: host-based TKIP encryption implementation for Host AP driver
3 *
4 * Copyright (c) 2003-2004, Jouni Malinen <jkmaline@cc.hut.fi>
5 *
6 * This program is free software; you can redistribute it and/or modify
7 * it under the terms of the GNU General Public License version 2 as
8 * published by the Free Software Foundation. See README and COPYING for
9 * more details.
10 */
11
12 #include <linux/config.h>
13 #include <linux/version.h>
14 #include <linux/module.h>
15 #include <linux/init.h>
16 #include <linux/slab.h>
17 #include <linux/random.h>
18 #include <linux/skbuff.h>
19 #include <linux/netdevice.h>
20 #include <linux/if_ether.h>
21 #include <linux/if_arp.h>
22 #include <asm/string.h>
23
24 #include <net/ieee80211.h>
25
26 #include <linux/crypto.h>
27 #include <asm/scatterlist.h>
28 #include <linux/crc32.h>
29
30 MODULE_AUTHOR("Jouni Malinen");
31 MODULE_DESCRIPTION("Host AP crypt: TKIP");
32 MODULE_LICENSE("GPL");
33
34 struct ieee80211_tkip_data {
35 #define TKIP_KEY_LEN 32
36 u8 key[TKIP_KEY_LEN];
37 int key_set;
38
39 u32 tx_iv32;
40 u16 tx_iv16;
41 u16 tx_ttak[5];
42 int tx_phase1_done;
43
44 u32 rx_iv32;
45 u16 rx_iv16;
46 u16 rx_ttak[5];
47 int rx_phase1_done;
48 u32 rx_iv32_new;
49 u16 rx_iv16_new;
50
51 u32 dot11RSNAStatsTKIPReplays;
52 u32 dot11RSNAStatsTKIPICVErrors;
53 u32 dot11RSNAStatsTKIPLocalMICFailures;
54
55 int key_idx;
56
57 struct crypto_tfm *tfm_arc4;
58 struct crypto_tfm *tfm_michael;
59
60 /* scratch buffers for virt_to_page() (crypto API) */
61 u8 rx_hdr[16], tx_hdr[16];
62
63 unsigned long flags;
64 };
65
66 static unsigned long ieee80211_tkip_set_flags(unsigned long flags, void *priv)
67 {
68 struct ieee80211_tkip_data *_priv = priv;
69 unsigned long old_flags = _priv->flags;
70 _priv->flags = flags;
71 return old_flags;
72 }
73
74 static unsigned long ieee80211_tkip_get_flags(void *priv)
75 {
76 struct ieee80211_tkip_data *_priv = priv;
77 return _priv->flags;
78 }
79
80 static void *ieee80211_tkip_init(int key_idx)
81 {
82 struct ieee80211_tkip_data *priv;
83
84 priv = kmalloc(sizeof(*priv), GFP_ATOMIC);
85 if (priv == NULL)
86 goto fail;
87 memset(priv, 0, sizeof(*priv));
88
89 priv->key_idx = key_idx;
90
91 priv->tfm_arc4 = crypto_alloc_tfm("arc4", 0);
92 if (priv->tfm_arc4 == NULL) {
93 printk(KERN_DEBUG "ieee80211_crypt_tkip: could not allocate "
94 "crypto API arc4\n");
95 goto fail;
96 }
97
98 priv->tfm_michael = crypto_alloc_tfm("michael_mic", 0);
99 if (priv->tfm_michael == NULL) {
100 printk(KERN_DEBUG "ieee80211_crypt_tkip: could not allocate "
101 "crypto API michael_mic\n");
102 goto fail;
103 }
104
105 return priv;
106
107 fail:
108 if (priv) {
109 if (priv->tfm_michael)
110 crypto_free_tfm(priv->tfm_michael);
111 if (priv->tfm_arc4)
112 crypto_free_tfm(priv->tfm_arc4);
113 kfree(priv);
114 }
115
116 return NULL;
117 }
118
119 static void ieee80211_tkip_deinit(void *priv)
120 {
121 struct ieee80211_tkip_data *_priv = priv;
122 if (_priv && _priv->tfm_michael)
123 crypto_free_tfm(_priv->tfm_michael);
124 if (_priv && _priv->tfm_arc4)
125 crypto_free_tfm(_priv->tfm_arc4);
126 kfree(priv);
127 }
128
129 static inline u16 RotR1(u16 val)
130 {
131 return (val >> 1) | (val << 15);
132 }
133
134 static inline u8 Lo8(u16 val)
135 {
136 return val & 0xff;
137 }
138
139 static inline u8 Hi8(u16 val)
140 {
141 return val >> 8;
142 }
143
144 static inline u16 Lo16(u32 val)
145 {
146 return val & 0xffff;
147 }
148
149 static inline u16 Hi16(u32 val)
150 {
151 return val >> 16;
152 }
153
154 static inline u16 Mk16(u8 hi, u8 lo)
155 {
156 return lo | (((u16) hi) << 8);
157 }
158
159 static inline u16 Mk16_le(u16 * v)
160 {
161 return le16_to_cpu(*v);
162 }
163
164 static const u16 Sbox[256] = {
165 0xC6A5, 0xF884, 0xEE99, 0xF68D, 0xFF0D, 0xD6BD, 0xDEB1, 0x9154,
166 0x6050, 0x0203, 0xCEA9, 0x567D, 0xE719, 0xB562, 0x4DE6, 0xEC9A,
167 0x8F45, 0x1F9D, 0x8940, 0xFA87, 0xEF15, 0xB2EB, 0x8EC9, 0xFB0B,
168 0x41EC, 0xB367, 0x5FFD, 0x45EA, 0x23BF, 0x53F7, 0xE496, 0x9B5B,
169 0x75C2, 0xE11C, 0x3DAE, 0x4C6A, 0x6C5A, 0x7E41, 0xF502, 0x834F,
170 0x685C, 0x51F4, 0xD134, 0xF908, 0xE293, 0xAB73, 0x6253, 0x2A3F,
171 0x080C, 0x9552, 0x4665, 0x9D5E, 0x3028, 0x37A1, 0x0A0F, 0x2FB5,
172 0x0E09, 0x2436, 0x1B9B, 0xDF3D, 0xCD26, 0x4E69, 0x7FCD, 0xEA9F,
173 0x121B, 0x1D9E, 0x5874, 0x342E, 0x362D, 0xDCB2, 0xB4EE, 0x5BFB,
174 0xA4F6, 0x764D, 0xB761, 0x7DCE, 0x527B, 0xDD3E, 0x5E71, 0x1397,
175 0xA6F5, 0xB968, 0x0000, 0xC12C, 0x4060, 0xE31F, 0x79C8, 0xB6ED,
176 0xD4BE, 0x8D46, 0x67D9, 0x724B, 0x94DE, 0x98D4, 0xB0E8, 0x854A,
177 0xBB6B, 0xC52A, 0x4FE5, 0xED16, 0x86C5, 0x9AD7, 0x6655, 0x1194,
178 0x8ACF, 0xE910, 0x0406, 0xFE81, 0xA0F0, 0x7844, 0x25BA, 0x4BE3,
179 0xA2F3, 0x5DFE, 0x80C0, 0x058A, 0x3FAD, 0x21BC, 0x7048, 0xF104,
180 0x63DF, 0x77C1, 0xAF75, 0x4263, 0x2030, 0xE51A, 0xFD0E, 0xBF6D,
181 0x814C, 0x1814, 0x2635, 0xC32F, 0xBEE1, 0x35A2, 0x88CC, 0x2E39,
182 0x9357, 0x55F2, 0xFC82, 0x7A47, 0xC8AC, 0xBAE7, 0x322B, 0xE695,
183 0xC0A0, 0x1998, 0x9ED1, 0xA37F, 0x4466, 0x547E, 0x3BAB, 0x0B83,
184 0x8CCA, 0xC729, 0x6BD3, 0x283C, 0xA779, 0xBCE2, 0x161D, 0xAD76,
185 0xDB3B, 0x6456, 0x744E, 0x141E, 0x92DB, 0x0C0A, 0x486C, 0xB8E4,
186 0x9F5D, 0xBD6E, 0x43EF, 0xC4A6, 0x39A8, 0x31A4, 0xD337, 0xF28B,
187 0xD532, 0x8B43, 0x6E59, 0xDAB7, 0x018C, 0xB164, 0x9CD2, 0x49E0,
188 0xD8B4, 0xACFA, 0xF307, 0xCF25, 0xCAAF, 0xF48E, 0x47E9, 0x1018,
189 0x6FD5, 0xF088, 0x4A6F, 0x5C72, 0x3824, 0x57F1, 0x73C7, 0x9751,
190 0xCB23, 0xA17C, 0xE89C, 0x3E21, 0x96DD, 0x61DC, 0x0D86, 0x0F85,
191 0xE090, 0x7C42, 0x71C4, 0xCCAA, 0x90D8, 0x0605, 0xF701, 0x1C12,
192 0xC2A3, 0x6A5F, 0xAEF9, 0x69D0, 0x1791, 0x9958, 0x3A27, 0x27B9,
193 0xD938, 0xEB13, 0x2BB3, 0x2233, 0xD2BB, 0xA970, 0x0789, 0x33A7,
194 0x2DB6, 0x3C22, 0x1592, 0xC920, 0x8749, 0xAAFF, 0x5078, 0xA57A,
195 0x038F, 0x59F8, 0x0980, 0x1A17, 0x65DA, 0xD731, 0x84C6, 0xD0B8,
196 0x82C3, 0x29B0, 0x5A77, 0x1E11, 0x7BCB, 0xA8FC, 0x6DD6, 0x2C3A,
197 };
198
199 static inline u16 _S_(u16 v)
200 {
201 u16 t = Sbox[Hi8(v)];
202 return Sbox[Lo8(v)] ^ ((t << 8) | (t >> 8));
203 }
204
205 #define PHASE1_LOOP_COUNT 8
206
207 static void tkip_mixing_phase1(u16 * TTAK, const u8 * TK, const u8 * TA,
208 u32 IV32)
209 {
210 int i, j;
211
212 /* Initialize the 80-bit TTAK from TSC (IV32) and TA[0..5] */
213 TTAK[0] = Lo16(IV32);
214 TTAK[1] = Hi16(IV32);
215 TTAK[2] = Mk16(TA[1], TA[0]);
216 TTAK[3] = Mk16(TA[3], TA[2]);
217 TTAK[4] = Mk16(TA[5], TA[4]);
218
219 for (i = 0; i < PHASE1_LOOP_COUNT; i++) {
220 j = 2 * (i & 1);
221 TTAK[0] += _S_(TTAK[4] ^ Mk16(TK[1 + j], TK[0 + j]));
222 TTAK[1] += _S_(TTAK[0] ^ Mk16(TK[5 + j], TK[4 + j]));
223 TTAK[2] += _S_(TTAK[1] ^ Mk16(TK[9 + j], TK[8 + j]));
224 TTAK[3] += _S_(TTAK[2] ^ Mk16(TK[13 + j], TK[12 + j]));
225 TTAK[4] += _S_(TTAK[3] ^ Mk16(TK[1 + j], TK[0 + j])) + i;
226 }
227 }
228
229 static void tkip_mixing_phase2(u8 * WEPSeed, const u8 * TK, const u16 * TTAK,
230 u16 IV16)
231 {
232 /* Make temporary area overlap WEP seed so that the final copy can be
233 * avoided on little endian hosts. */
234 u16 *PPK = (u16 *) & WEPSeed[4];
235
236 /* Step 1 - make copy of TTAK and bring in TSC */
237 PPK[0] = TTAK[0];
238 PPK[1] = TTAK[1];
239 PPK[2] = TTAK[2];
240 PPK[3] = TTAK[3];
241 PPK[4] = TTAK[4];
242 PPK[5] = TTAK[4] + IV16;
243
244 /* Step 2 - 96-bit bijective mixing using S-box */
245 PPK[0] += _S_(PPK[5] ^ Mk16_le((u16 *) & TK[0]));
246 PPK[1] += _S_(PPK[0] ^ Mk16_le((u16 *) & TK[2]));
247 PPK[2] += _S_(PPK[1] ^ Mk16_le((u16 *) & TK[4]));
248 PPK[3] += _S_(PPK[2] ^ Mk16_le((u16 *) & TK[6]));
249 PPK[4] += _S_(PPK[3] ^ Mk16_le((u16 *) & TK[8]));
250 PPK[5] += _S_(PPK[4] ^ Mk16_le((u16 *) & TK[10]));
251
252 PPK[0] += RotR1(PPK[5] ^ Mk16_le((u16 *) & TK[12]));
253 PPK[1] += RotR1(PPK[0] ^ Mk16_le((u16 *) & TK[14]));
254 PPK[2] += RotR1(PPK[1]);
255 PPK[3] += RotR1(PPK[2]);
256 PPK[4] += RotR1(PPK[3]);
257 PPK[5] += RotR1(PPK[4]);
258
259 /* Step 3 - bring in last of TK bits, assign 24-bit WEP IV value
260 * WEPSeed[0..2] is transmitted as WEP IV */
261 WEPSeed[0] = Hi8(IV16);
262 WEPSeed[1] = (Hi8(IV16) | 0x20) & 0x7F;
263 WEPSeed[2] = Lo8(IV16);
264 WEPSeed[3] = Lo8((PPK[5] ^ Mk16_le((u16 *) & TK[0])) >> 1);
265
266 #ifdef __BIG_ENDIAN
267 {
268 int i;
269 for (i = 0; i < 6; i++)
270 PPK[i] = (PPK[i] << 8) | (PPK[i] >> 8);
271 }
272 #endif
273 }
274
275 static u8 *ieee80211_tkip_hdr(struct sk_buff *skb, int hdr_len, void *priv)
276 {
277 struct ieee80211_tkip_data *tkey = priv;
278 int len;
279 u8 *rc4key, *pos, *icv;
280 struct ieee80211_hdr_4addr *hdr;
281 u32 crc;
282
283 hdr = (struct ieee80211_hdr_4addr *)skb->data;
284
285 if (skb_headroom(skb) < 8 || skb->len < hdr_len)
286 return NULL;
287
288 if (!tkey->tx_phase1_done) {
289 tkip_mixing_phase1(tkey->tx_ttak, tkey->key, hdr->addr2,
290 tkey->tx_iv32);
291 tkey->tx_phase1_done = 1;
292 }
293 rc4key = kmalloc(16, GFP_ATOMIC);
294 if (!rc4key)
295 return NULL;
296 tkip_mixing_phase2(rc4key, tkey->key, tkey->tx_ttak, tkey->tx_iv16);
297
298 len = skb->len - hdr_len;
299 pos = skb_push(skb, 8);
300 memmove(pos, pos + 8, hdr_len);
301 pos += hdr_len;
302 icv = skb_put(skb, 4);
303
304 *pos++ = *rc4key;
305 *pos++ = *(rc4key + 1);
306 *pos++ = *(rc4key + 2);
307 *pos++ = (tkey->key_idx << 6) | (1 << 5) /* Ext IV included */ ;
308 *pos++ = tkey->tx_iv32 & 0xff;
309 *pos++ = (tkey->tx_iv32 >> 8) & 0xff;
310 *pos++ = (tkey->tx_iv32 >> 16) & 0xff;
311 *pos++ = (tkey->tx_iv32 >> 24) & 0xff;
312
313 crc = ~crc32_le(~0, pos, len);
314 icv[0] = crc;
315 icv[1] = crc >> 8;
316 icv[2] = crc >> 16;
317 icv[3] = crc >> 24;
318
319 return rc4key;
320 }
321
322 static int ieee80211_tkip_encrypt(struct sk_buff *skb, int hdr_len, void *priv)
323 {
324 struct ieee80211_tkip_data *tkey = priv;
325 int len;
326 const u8 *rc4key;
327 u8 *pos;
328 struct scatterlist sg;
329
330 if (tkey->flags & IEEE80211_CRYPTO_TKIP_COUNTERMEASURES) {
331 if (net_ratelimit()) {
332 struct ieee80211_hdr_4addr *hdr =
333 (struct ieee80211_hdr_4addr *)skb->data;
334 printk(KERN_DEBUG "TKIP countermeasures: dropped "
335 "TX packet to " MAC_FMT "\n",
336 MAC_ARG(hdr->addr1));
337 }
338 return -1;
339 }
340
341 if (skb_tailroom(skb) < 4 || skb->len < hdr_len)
342 return -1;
343
344 len = skb->len - hdr_len;
345 pos = skb->data + hdr_len;
346
347 rc4key = ieee80211_tkip_hdr(skb, hdr_len, priv);
348 if (!rc4key)
349 return -1;
350
351 crypto_cipher_setkey(tkey->tfm_arc4, rc4key, 16);
352 sg.page = virt_to_page(pos);
353 sg.offset = offset_in_page(pos);
354 sg.length = len + 4;
355 crypto_cipher_encrypt(tkey->tfm_arc4, &sg, &sg, len + 4);
356
357 tkey->tx_iv16++;
358 if (tkey->tx_iv16 == 0) {
359 tkey->tx_phase1_done = 0;
360 tkey->tx_iv32++;
361 }
362
363 return 0;
364 }
365
366 static int ieee80211_tkip_decrypt(struct sk_buff *skb, int hdr_len, void *priv)
367 {
368 struct ieee80211_tkip_data *tkey = priv;
369 u8 rc4key[16];
370 u8 keyidx, *pos;
371 u32 iv32;
372 u16 iv16;
373 struct ieee80211_hdr_4addr *hdr;
374 u8 icv[4];
375 u32 crc;
376 struct scatterlist sg;
377 int plen;
378
379 hdr = (struct ieee80211_hdr_4addr *)skb->data;
380
381 if (tkey->flags & IEEE80211_CRYPTO_TKIP_COUNTERMEASURES) {
382 if (net_ratelimit()) {
383 printk(KERN_DEBUG "TKIP countermeasures: dropped "
384 "received packet from " MAC_FMT "\n",
385 MAC_ARG(hdr->addr2));
386 }
387 return -1;
388 }
389
390 if (skb->len < hdr_len + 8 + 4)
391 return -1;
392
393 pos = skb->data + hdr_len;
394 keyidx = pos[3];
395 if (!(keyidx & (1 << 5))) {
396 if (net_ratelimit()) {
397 printk(KERN_DEBUG "TKIP: received packet without ExtIV"
398 " flag from " MAC_FMT "\n", MAC_ARG(hdr->addr2));
399 }
400 return -2;
401 }
402 keyidx >>= 6;
403 if (tkey->key_idx != keyidx) {
404 printk(KERN_DEBUG "TKIP: RX tkey->key_idx=%d frame "
405 "keyidx=%d priv=%p\n", tkey->key_idx, keyidx, priv);
406 return -6;
407 }
408 if (!tkey->key_set) {
409 if (net_ratelimit()) {
410 printk(KERN_DEBUG "TKIP: received packet from " MAC_FMT
411 " with keyid=%d that does not have a configured"
412 " key\n", MAC_ARG(hdr->addr2), keyidx);
413 }
414 return -3;
415 }
416 iv16 = (pos[0] << 8) | pos[2];
417 iv32 = pos[4] | (pos[5] << 8) | (pos[6] << 16) | (pos[7] << 24);
418 pos += 8;
419
420 if (iv32 < tkey->rx_iv32 ||
421 (iv32 == tkey->rx_iv32 && iv16 <= tkey->rx_iv16)) {
422 if (net_ratelimit()) {
423 printk(KERN_DEBUG "TKIP: replay detected: STA=" MAC_FMT
424 " previous TSC %08x%04x received TSC "
425 "%08x%04x\n", MAC_ARG(hdr->addr2),
426 tkey->rx_iv32, tkey->rx_iv16, iv32, iv16);
427 }
428 tkey->dot11RSNAStatsTKIPReplays++;
429 return -4;
430 }
431
432 if (iv32 != tkey->rx_iv32 || !tkey->rx_phase1_done) {
433 tkip_mixing_phase1(tkey->rx_ttak, tkey->key, hdr->addr2, iv32);
434 tkey->rx_phase1_done = 1;
435 }
436 tkip_mixing_phase2(rc4key, tkey->key, tkey->rx_ttak, iv16);
437
438 plen = skb->len - hdr_len - 12;
439
440 crypto_cipher_setkey(tkey->tfm_arc4, rc4key, 16);
441 sg.page = virt_to_page(pos);
442 sg.offset = offset_in_page(pos);
443 sg.length = plen + 4;
444 crypto_cipher_decrypt(tkey->tfm_arc4, &sg, &sg, plen + 4);
445
446 crc = ~crc32_le(~0, pos, plen);
447 icv[0] = crc;
448 icv[1] = crc >> 8;
449 icv[2] = crc >> 16;
450 icv[3] = crc >> 24;
451 if (memcmp(icv, pos + plen, 4) != 0) {
452 if (iv32 != tkey->rx_iv32) {
453 /* Previously cached Phase1 result was already lost, so
454 * it needs to be recalculated for the next packet. */
455 tkey->rx_phase1_done = 0;
456 }
457 if (net_ratelimit()) {
458 printk(KERN_DEBUG "TKIP: ICV error detected: STA="
459 MAC_FMT "\n", MAC_ARG(hdr->addr2));
460 }
461 tkey->dot11RSNAStatsTKIPICVErrors++;
462 return -5;
463 }
464
465 /* Update real counters only after Michael MIC verification has
466 * completed */
467 tkey->rx_iv32_new = iv32;
468 tkey->rx_iv16_new = iv16;
469
470 /* Remove IV and ICV */
471 memmove(skb->data + 8, skb->data, hdr_len);
472 skb_pull(skb, 8);
473 skb_trim(skb, skb->len - 4);
474
475 return keyidx;
476 }
477
478 static int michael_mic(struct ieee80211_tkip_data *tkey, u8 * key, u8 * hdr,
479 u8 * data, size_t data_len, u8 * mic)
480 {
481 struct scatterlist sg[2];
482
483 if (tkey->tfm_michael == NULL) {
484 printk(KERN_WARNING "michael_mic: tfm_michael == NULL\n");
485 return -1;
486 }
487 sg[0].page = virt_to_page(hdr);
488 sg[0].offset = offset_in_page(hdr);
489 sg[0].length = 16;
490
491 sg[1].page = virt_to_page(data);
492 sg[1].offset = offset_in_page(data);
493 sg[1].length = data_len;
494
495 crypto_digest_init(tkey->tfm_michael);
496 crypto_digest_setkey(tkey->tfm_michael, key, 8);
497 crypto_digest_update(tkey->tfm_michael, sg, 2);
498 crypto_digest_final(tkey->tfm_michael, mic);
499
500 return 0;
501 }
502
503 static void michael_mic_hdr(struct sk_buff *skb, u8 * hdr)
504 {
505 struct ieee80211_hdr_4addr *hdr11;
506
507 hdr11 = (struct ieee80211_hdr_4addr *)skb->data;
508 switch (le16_to_cpu(hdr11->frame_ctl) &
509 (IEEE80211_FCTL_FROMDS | IEEE80211_FCTL_TODS)) {
510 case IEEE80211_FCTL_TODS:
511 memcpy(hdr, hdr11->addr3, ETH_ALEN); /* DA */
512 memcpy(hdr + ETH_ALEN, hdr11->addr2, ETH_ALEN); /* SA */
513 break;
514 case IEEE80211_FCTL_FROMDS:
515 memcpy(hdr, hdr11->addr1, ETH_ALEN); /* DA */
516 memcpy(hdr + ETH_ALEN, hdr11->addr3, ETH_ALEN); /* SA */
517 break;
518 case IEEE80211_FCTL_FROMDS | IEEE80211_FCTL_TODS:
519 memcpy(hdr, hdr11->addr3, ETH_ALEN); /* DA */
520 memcpy(hdr + ETH_ALEN, hdr11->addr4, ETH_ALEN); /* SA */
521 break;
522 case 0:
523 memcpy(hdr, hdr11->addr1, ETH_ALEN); /* DA */
524 memcpy(hdr + ETH_ALEN, hdr11->addr2, ETH_ALEN); /* SA */
525 break;
526 }
527
528 hdr[12] = 0; /* priority */
529 hdr[13] = hdr[14] = hdr[15] = 0; /* reserved */
530 }
531
532 static int ieee80211_michael_mic_add(struct sk_buff *skb, int hdr_len,
533 void *priv)
534 {
535 struct ieee80211_tkip_data *tkey = priv;
536 u8 *pos;
537
538 if (skb_tailroom(skb) < 8 || skb->len < hdr_len) {
539 printk(KERN_DEBUG "Invalid packet for Michael MIC add "
540 "(tailroom=%d hdr_len=%d skb->len=%d)\n",
541 skb_tailroom(skb), hdr_len, skb->len);
542 return -1;
543 }
544
545 michael_mic_hdr(skb, tkey->tx_hdr);
546 pos = skb_put(skb, 8);
547 if (michael_mic(tkey, &tkey->key[16], tkey->tx_hdr,
548 skb->data + hdr_len, skb->len - 8 - hdr_len, pos))
549 return -1;
550
551 return 0;
552 }
553
554 static void ieee80211_michael_mic_failure(struct net_device *dev,
555 struct ieee80211_hdr_4addr *hdr,
556 int keyidx)
557 {
558 union iwreq_data wrqu;
559 struct iw_michaelmicfailure ev;
560
561 /* TODO: needed parameters: count, keyid, key type, TSC */
562 memset(&ev, 0, sizeof(ev));
563 ev.flags = keyidx & IW_MICFAILURE_KEY_ID;
564 if (hdr->addr1[0] & 0x01)
565 ev.flags |= IW_MICFAILURE_GROUP;
566 else
567 ev.flags |= IW_MICFAILURE_PAIRWISE;
568 ev.src_addr.sa_family = ARPHRD_ETHER;
569 memcpy(ev.src_addr.sa_data, hdr->addr2, ETH_ALEN);
570 memset(&wrqu, 0, sizeof(wrqu));
571 wrqu.data.length = sizeof(ev);
572 wireless_send_event(dev, IWEVMICHAELMICFAILURE, &wrqu, (char *)&ev);
573 }
574
575 static int ieee80211_michael_mic_verify(struct sk_buff *skb, int keyidx,
576 int hdr_len, void *priv)
577 {
578 struct ieee80211_tkip_data *tkey = priv;
579 u8 mic[8];
580
581 if (!tkey->key_set)
582 return -1;
583
584 michael_mic_hdr(skb, tkey->rx_hdr);
585 if (michael_mic(tkey, &tkey->key[24], tkey->rx_hdr,
586 skb->data + hdr_len, skb->len - 8 - hdr_len, mic))
587 return -1;
588 if (memcmp(mic, skb->data + skb->len - 8, 8) != 0) {
589 struct ieee80211_hdr_4addr *hdr;
590 hdr = (struct ieee80211_hdr_4addr *)skb->data;
591 printk(KERN_DEBUG "%s: Michael MIC verification failed for "
592 "MSDU from " MAC_FMT " keyidx=%d\n",
593 skb->dev ? skb->dev->name : "N/A", MAC_ARG(hdr->addr2),
594 keyidx);
595 if (skb->dev)
596 ieee80211_michael_mic_failure(skb->dev, hdr, keyidx);
597 tkey->dot11RSNAStatsTKIPLocalMICFailures++;
598 return -1;
599 }
600
601 /* Update TSC counters for RX now that the packet verification has
602 * completed. */
603 tkey->rx_iv32 = tkey->rx_iv32_new;
604 tkey->rx_iv16 = tkey->rx_iv16_new;
605
606 skb_trim(skb, skb->len - 8);
607
608 return 0;
609 }
610
611 static int ieee80211_tkip_set_key(void *key, int len, u8 * seq, void *priv)
612 {
613 struct ieee80211_tkip_data *tkey = priv;
614 int keyidx;
615 struct crypto_tfm *tfm = tkey->tfm_michael;
616 struct crypto_tfm *tfm2 = tkey->tfm_arc4;
617
618 keyidx = tkey->key_idx;
619 memset(tkey, 0, sizeof(*tkey));
620 tkey->key_idx = keyidx;
621 tkey->tfm_michael = tfm;
622 tkey->tfm_arc4 = tfm2;
623 if (len == TKIP_KEY_LEN) {
624 memcpy(tkey->key, key, TKIP_KEY_LEN);
625 tkey->key_set = 1;
626 tkey->tx_iv16 = 1; /* TSC is initialized to 1 */
627 if (seq) {
628 tkey->rx_iv32 = (seq[5] << 24) | (seq[4] << 16) |
629 (seq[3] << 8) | seq[2];
630 tkey->rx_iv16 = (seq[1] << 8) | seq[0];
631 }
632 } else if (len == 0)
633 tkey->key_set = 0;
634 else
635 return -1;
636
637 return 0;
638 }
639
640 static int ieee80211_tkip_get_key(void *key, int len, u8 * seq, void *priv)
641 {
642 struct ieee80211_tkip_data *tkey = priv;
643
644 if (len < TKIP_KEY_LEN)
645 return -1;
646
647 if (!tkey->key_set)
648 return 0;
649 memcpy(key, tkey->key, TKIP_KEY_LEN);
650
651 if (seq) {
652 /* Return the sequence number of the last transmitted frame. */
653 u16 iv16 = tkey->tx_iv16;
654 u32 iv32 = tkey->tx_iv32;
655 if (iv16 == 0)
656 iv32--;
657 iv16--;
658 seq[0] = tkey->tx_iv16;
659 seq[1] = tkey->tx_iv16 >> 8;
660 seq[2] = tkey->tx_iv32;
661 seq[3] = tkey->tx_iv32 >> 8;
662 seq[4] = tkey->tx_iv32 >> 16;
663 seq[5] = tkey->tx_iv32 >> 24;
664 }
665
666 return TKIP_KEY_LEN;
667 }
668
669 static char *ieee80211_tkip_print_stats(char *p, void *priv)
670 {
671 struct ieee80211_tkip_data *tkip = priv;
672 p += sprintf(p, "key[%d] alg=TKIP key_set=%d "
673 "tx_pn=%02x%02x%02x%02x%02x%02x "
674 "rx_pn=%02x%02x%02x%02x%02x%02x "
675 "replays=%d icv_errors=%d local_mic_failures=%d\n",
676 tkip->key_idx, tkip->key_set,
677 (tkip->tx_iv32 >> 24) & 0xff,
678 (tkip->tx_iv32 >> 16) & 0xff,
679 (tkip->tx_iv32 >> 8) & 0xff,
680 tkip->tx_iv32 & 0xff,
681 (tkip->tx_iv16 >> 8) & 0xff,
682 tkip->tx_iv16 & 0xff,
683 (tkip->rx_iv32 >> 24) & 0xff,
684 (tkip->rx_iv32 >> 16) & 0xff,
685 (tkip->rx_iv32 >> 8) & 0xff,
686 tkip->rx_iv32 & 0xff,
687 (tkip->rx_iv16 >> 8) & 0xff,
688 tkip->rx_iv16 & 0xff,
689 tkip->dot11RSNAStatsTKIPReplays,
690 tkip->dot11RSNAStatsTKIPICVErrors,
691 tkip->dot11RSNAStatsTKIPLocalMICFailures);
692 return p;
693 }
694
695 static struct ieee80211_crypto_ops ieee80211_crypt_tkip = {
696 .name = "TKIP",
697 .init = ieee80211_tkip_init,
698 .deinit = ieee80211_tkip_deinit,
699 .encrypt_mpdu = ieee80211_tkip_encrypt,
700 .decrypt_mpdu = ieee80211_tkip_decrypt,
701 .encrypt_msdu = ieee80211_michael_mic_add,
702 .decrypt_msdu = ieee80211_michael_mic_verify,
703 .set_key = ieee80211_tkip_set_key,
704 .get_key = ieee80211_tkip_get_key,
705 .print_stats = ieee80211_tkip_print_stats,
706 .extra_mpdu_prefix_len = 4 + 4, /* IV + ExtIV */
707 .extra_mpdu_postfix_len = 4, /* ICV */
708 .extra_msdu_postfix_len = 8, /* MIC */
709 .get_flags = ieee80211_tkip_get_flags,
710 .set_flags = ieee80211_tkip_set_flags,
711 .owner = THIS_MODULE,
712 };
713
714 static int __init ieee80211_crypto_tkip_init(void)
715 {
716 return ieee80211_register_crypto_ops(&ieee80211_crypt_tkip);
717 }
718
719 static void __exit ieee80211_crypto_tkip_exit(void)
720 {
721 ieee80211_unregister_crypto_ops(&ieee80211_crypt_tkip);
722 }
723
724 module_init(ieee80211_crypto_tkip_init);
725 module_exit(ieee80211_crypto_tkip_exit);
x86 "subsystem" repository