blob: d4f9164be1a1848f75f49fd0ee631ce70aa6fdc6 [file] [log] [blame]
Jeff Garzikb4538722005-05-12 22:48:20 -04001/*
2 * Host AP crypt: host-based TKIP encryption implementation for Host AP driver
3 *
4 * Copyright (c) 2003-2004, Jouni Malinen <jkmaline@cc.hut.fi>
5 *
6 * This program is free software; you can redistribute it and/or modify
7 * it under the terms of the GNU General Public License version 2 as
8 * published by the Free Software Foundation. See README and COPYING for
9 * more details.
10 */
11
12#include <linux/config.h>
13#include <linux/version.h>
14#include <linux/module.h>
15#include <linux/init.h>
16#include <linux/slab.h>
17#include <linux/random.h>
18#include <linux/skbuff.h>
19#include <linux/netdevice.h>
20#include <linux/if_ether.h>
21#include <linux/if_arp.h>
22#include <asm/string.h>
23
24#include <net/ieee80211.h>
25
Jeff Garzikb4538722005-05-12 22:48:20 -040026#include <linux/crypto.h>
27#include <asm/scatterlist.h>
28#include <linux/crc32.h>
29
30MODULE_AUTHOR("Jouni Malinen");
31MODULE_DESCRIPTION("Host AP crypt: TKIP");
32MODULE_LICENSE("GPL");
33
34struct ieee80211_tkip_data {
35#define TKIP_KEY_LEN 32
36 u8 key[TKIP_KEY_LEN];
37 int key_set;
38
39 u32 tx_iv32;
40 u16 tx_iv16;
41 u16 tx_ttak[5];
42 int tx_phase1_done;
43
44 u32 rx_iv32;
45 u16 rx_iv16;
46 u16 rx_ttak[5];
47 int rx_phase1_done;
48 u32 rx_iv32_new;
49 u16 rx_iv16_new;
50
51 u32 dot11RSNAStatsTKIPReplays;
52 u32 dot11RSNAStatsTKIPICVErrors;
53 u32 dot11RSNAStatsTKIPLocalMICFailures;
54
55 int key_idx;
56
57 struct crypto_tfm *tfm_arc4;
58 struct crypto_tfm *tfm_michael;
59
60 /* scratch buffers for virt_to_page() (crypto API) */
61 u8 rx_hdr[16], tx_hdr[16];
62};
63
Jeff Garzik0edd5b42005-09-07 00:48:31 -040064static void *ieee80211_tkip_init(int key_idx)
Jeff Garzikb4538722005-05-12 22:48:20 -040065{
66 struct ieee80211_tkip_data *priv;
67
68 priv = kmalloc(sizeof(*priv), GFP_ATOMIC);
69 if (priv == NULL)
70 goto fail;
71 memset(priv, 0, sizeof(*priv));
72 priv->key_idx = key_idx;
73
74 priv->tfm_arc4 = crypto_alloc_tfm("arc4", 0);
75 if (priv->tfm_arc4 == NULL) {
76 printk(KERN_DEBUG "ieee80211_crypt_tkip: could not allocate "
77 "crypto API arc4\n");
78 goto fail;
79 }
80
81 priv->tfm_michael = crypto_alloc_tfm("michael_mic", 0);
82 if (priv->tfm_michael == NULL) {
83 printk(KERN_DEBUG "ieee80211_crypt_tkip: could not allocate "
84 "crypto API michael_mic\n");
85 goto fail;
86 }
87
88 return priv;
89
Jeff Garzik0edd5b42005-09-07 00:48:31 -040090 fail:
Jeff Garzikb4538722005-05-12 22:48:20 -040091 if (priv) {
92 if (priv->tfm_michael)
93 crypto_free_tfm(priv->tfm_michael);
94 if (priv->tfm_arc4)
95 crypto_free_tfm(priv->tfm_arc4);
96 kfree(priv);
97 }
98
99 return NULL;
100}
101
Jeff Garzikb4538722005-05-12 22:48:20 -0400102static void ieee80211_tkip_deinit(void *priv)
103{
104 struct ieee80211_tkip_data *_priv = priv;
105 if (_priv && _priv->tfm_michael)
106 crypto_free_tfm(_priv->tfm_michael);
107 if (_priv && _priv->tfm_arc4)
108 crypto_free_tfm(_priv->tfm_arc4);
109 kfree(priv);
110}
111
Jeff Garzikb4538722005-05-12 22:48:20 -0400112static inline u16 RotR1(u16 val)
113{
114 return (val >> 1) | (val << 15);
115}
116
Jeff Garzikb4538722005-05-12 22:48:20 -0400117static inline u8 Lo8(u16 val)
118{
119 return val & 0xff;
120}
121
Jeff Garzikb4538722005-05-12 22:48:20 -0400122static inline u8 Hi8(u16 val)
123{
124 return val >> 8;
125}
126
Jeff Garzikb4538722005-05-12 22:48:20 -0400127static inline u16 Lo16(u32 val)
128{
129 return val & 0xffff;
130}
131
Jeff Garzikb4538722005-05-12 22:48:20 -0400132static inline u16 Hi16(u32 val)
133{
134 return val >> 16;
135}
136
Jeff Garzikb4538722005-05-12 22:48:20 -0400137static inline u16 Mk16(u8 hi, u8 lo)
138{
139 return lo | (((u16) hi) << 8);
140}
141
Jeff Garzik0edd5b42005-09-07 00:48:31 -0400142static inline u16 Mk16_le(u16 * v)
Jeff Garzikb4538722005-05-12 22:48:20 -0400143{
144 return le16_to_cpu(*v);
145}
146
Jeff Garzik0edd5b42005-09-07 00:48:31 -0400147static const u16 Sbox[256] = {
Jeff Garzikb4538722005-05-12 22:48:20 -0400148 0xC6A5, 0xF884, 0xEE99, 0xF68D, 0xFF0D, 0xD6BD, 0xDEB1, 0x9154,
149 0x6050, 0x0203, 0xCEA9, 0x567D, 0xE719, 0xB562, 0x4DE6, 0xEC9A,
150 0x8F45, 0x1F9D, 0x8940, 0xFA87, 0xEF15, 0xB2EB, 0x8EC9, 0xFB0B,
151 0x41EC, 0xB367, 0x5FFD, 0x45EA, 0x23BF, 0x53F7, 0xE496, 0x9B5B,
152 0x75C2, 0xE11C, 0x3DAE, 0x4C6A, 0x6C5A, 0x7E41, 0xF502, 0x834F,
153 0x685C, 0x51F4, 0xD134, 0xF908, 0xE293, 0xAB73, 0x6253, 0x2A3F,
154 0x080C, 0x9552, 0x4665, 0x9D5E, 0x3028, 0x37A1, 0x0A0F, 0x2FB5,
155 0x0E09, 0x2436, 0x1B9B, 0xDF3D, 0xCD26, 0x4E69, 0x7FCD, 0xEA9F,
156 0x121B, 0x1D9E, 0x5874, 0x342E, 0x362D, 0xDCB2, 0xB4EE, 0x5BFB,
157 0xA4F6, 0x764D, 0xB761, 0x7DCE, 0x527B, 0xDD3E, 0x5E71, 0x1397,
158 0xA6F5, 0xB968, 0x0000, 0xC12C, 0x4060, 0xE31F, 0x79C8, 0xB6ED,
159 0xD4BE, 0x8D46, 0x67D9, 0x724B, 0x94DE, 0x98D4, 0xB0E8, 0x854A,
160 0xBB6B, 0xC52A, 0x4FE5, 0xED16, 0x86C5, 0x9AD7, 0x6655, 0x1194,
161 0x8ACF, 0xE910, 0x0406, 0xFE81, 0xA0F0, 0x7844, 0x25BA, 0x4BE3,
162 0xA2F3, 0x5DFE, 0x80C0, 0x058A, 0x3FAD, 0x21BC, 0x7048, 0xF104,
163 0x63DF, 0x77C1, 0xAF75, 0x4263, 0x2030, 0xE51A, 0xFD0E, 0xBF6D,
164 0x814C, 0x1814, 0x2635, 0xC32F, 0xBEE1, 0x35A2, 0x88CC, 0x2E39,
165 0x9357, 0x55F2, 0xFC82, 0x7A47, 0xC8AC, 0xBAE7, 0x322B, 0xE695,
166 0xC0A0, 0x1998, 0x9ED1, 0xA37F, 0x4466, 0x547E, 0x3BAB, 0x0B83,
167 0x8CCA, 0xC729, 0x6BD3, 0x283C, 0xA779, 0xBCE2, 0x161D, 0xAD76,
168 0xDB3B, 0x6456, 0x744E, 0x141E, 0x92DB, 0x0C0A, 0x486C, 0xB8E4,
169 0x9F5D, 0xBD6E, 0x43EF, 0xC4A6, 0x39A8, 0x31A4, 0xD337, 0xF28B,
170 0xD532, 0x8B43, 0x6E59, 0xDAB7, 0x018C, 0xB164, 0x9CD2, 0x49E0,
171 0xD8B4, 0xACFA, 0xF307, 0xCF25, 0xCAAF, 0xF48E, 0x47E9, 0x1018,
172 0x6FD5, 0xF088, 0x4A6F, 0x5C72, 0x3824, 0x57F1, 0x73C7, 0x9751,
173 0xCB23, 0xA17C, 0xE89C, 0x3E21, 0x96DD, 0x61DC, 0x0D86, 0x0F85,
174 0xE090, 0x7C42, 0x71C4, 0xCCAA, 0x90D8, 0x0605, 0xF701, 0x1C12,
175 0xC2A3, 0x6A5F, 0xAEF9, 0x69D0, 0x1791, 0x9958, 0x3A27, 0x27B9,
176 0xD938, 0xEB13, 0x2BB3, 0x2233, 0xD2BB, 0xA970, 0x0789, 0x33A7,
177 0x2DB6, 0x3C22, 0x1592, 0xC920, 0x8749, 0xAAFF, 0x5078, 0xA57A,
178 0x038F, 0x59F8, 0x0980, 0x1A17, 0x65DA, 0xD731, 0x84C6, 0xD0B8,
179 0x82C3, 0x29B0, 0x5A77, 0x1E11, 0x7BCB, 0xA8FC, 0x6DD6, 0x2C3A,
180};
181
Jeff Garzikb4538722005-05-12 22:48:20 -0400182static inline u16 _S_(u16 v)
183{
184 u16 t = Sbox[Hi8(v)];
185 return Sbox[Lo8(v)] ^ ((t << 8) | (t >> 8));
186}
187
Jeff Garzikb4538722005-05-12 22:48:20 -0400188#define PHASE1_LOOP_COUNT 8
189
Jeff Garzik0edd5b42005-09-07 00:48:31 -0400190static void tkip_mixing_phase1(u16 * TTAK, const u8 * TK, const u8 * TA,
191 u32 IV32)
Jeff Garzikb4538722005-05-12 22:48:20 -0400192{
193 int i, j;
194
195 /* Initialize the 80-bit TTAK from TSC (IV32) and TA[0..5] */
196 TTAK[0] = Lo16(IV32);
197 TTAK[1] = Hi16(IV32);
198 TTAK[2] = Mk16(TA[1], TA[0]);
199 TTAK[3] = Mk16(TA[3], TA[2]);
200 TTAK[4] = Mk16(TA[5], TA[4]);
201
202 for (i = 0; i < PHASE1_LOOP_COUNT; i++) {
203 j = 2 * (i & 1);
204 TTAK[0] += _S_(TTAK[4] ^ Mk16(TK[1 + j], TK[0 + j]));
205 TTAK[1] += _S_(TTAK[0] ^ Mk16(TK[5 + j], TK[4 + j]));
206 TTAK[2] += _S_(TTAK[1] ^ Mk16(TK[9 + j], TK[8 + j]));
207 TTAK[3] += _S_(TTAK[2] ^ Mk16(TK[13 + j], TK[12 + j]));
208 TTAK[4] += _S_(TTAK[3] ^ Mk16(TK[1 + j], TK[0 + j])) + i;
209 }
210}
211
Jeff Garzik0edd5b42005-09-07 00:48:31 -0400212static void tkip_mixing_phase2(u8 * WEPSeed, const u8 * TK, const u16 * TTAK,
Jeff Garzikb4538722005-05-12 22:48:20 -0400213 u16 IV16)
214{
215 /* Make temporary area overlap WEP seed so that the final copy can be
216 * avoided on little endian hosts. */
Jeff Garzik0edd5b42005-09-07 00:48:31 -0400217 u16 *PPK = (u16 *) & WEPSeed[4];
Jeff Garzikb4538722005-05-12 22:48:20 -0400218
219 /* Step 1 - make copy of TTAK and bring in TSC */
220 PPK[0] = TTAK[0];
221 PPK[1] = TTAK[1];
222 PPK[2] = TTAK[2];
223 PPK[3] = TTAK[3];
224 PPK[4] = TTAK[4];
225 PPK[5] = TTAK[4] + IV16;
226
227 /* Step 2 - 96-bit bijective mixing using S-box */
Jeff Garzik0edd5b42005-09-07 00:48:31 -0400228 PPK[0] += _S_(PPK[5] ^ Mk16_le((u16 *) & TK[0]));
229 PPK[1] += _S_(PPK[0] ^ Mk16_le((u16 *) & TK[2]));
230 PPK[2] += _S_(PPK[1] ^ Mk16_le((u16 *) & TK[4]));
231 PPK[3] += _S_(PPK[2] ^ Mk16_le((u16 *) & TK[6]));
232 PPK[4] += _S_(PPK[3] ^ Mk16_le((u16 *) & TK[8]));
233 PPK[5] += _S_(PPK[4] ^ Mk16_le((u16 *) & TK[10]));
Jeff Garzikb4538722005-05-12 22:48:20 -0400234
Jeff Garzik0edd5b42005-09-07 00:48:31 -0400235 PPK[0] += RotR1(PPK[5] ^ Mk16_le((u16 *) & TK[12]));
236 PPK[1] += RotR1(PPK[0] ^ Mk16_le((u16 *) & TK[14]));
Jeff Garzikb4538722005-05-12 22:48:20 -0400237 PPK[2] += RotR1(PPK[1]);
238 PPK[3] += RotR1(PPK[2]);
239 PPK[4] += RotR1(PPK[3]);
240 PPK[5] += RotR1(PPK[4]);
241
242 /* Step 3 - bring in last of TK bits, assign 24-bit WEP IV value
243 * WEPSeed[0..2] is transmitted as WEP IV */
244 WEPSeed[0] = Hi8(IV16);
245 WEPSeed[1] = (Hi8(IV16) | 0x20) & 0x7F;
246 WEPSeed[2] = Lo8(IV16);
Jeff Garzik0edd5b42005-09-07 00:48:31 -0400247 WEPSeed[3] = Lo8((PPK[5] ^ Mk16_le((u16 *) & TK[0])) >> 1);
Jeff Garzikb4538722005-05-12 22:48:20 -0400248
249#ifdef __BIG_ENDIAN
250 {
251 int i;
252 for (i = 0; i < 6; i++)
253 PPK[i] = (PPK[i] << 8) | (PPK[i] >> 8);
254 }
255#endif
256}
257
258static int ieee80211_tkip_encrypt(struct sk_buff *skb, int hdr_len, void *priv)
259{
260 struct ieee80211_tkip_data *tkey = priv;
261 int len;
262 u8 rc4key[16], *pos, *icv;
263 struct ieee80211_hdr *hdr;
264 u32 crc;
265 struct scatterlist sg;
266
267 if (skb_headroom(skb) < 8 || skb_tailroom(skb) < 4 ||
268 skb->len < hdr_len)
269 return -1;
270
Jeff Garzik0edd5b42005-09-07 00:48:31 -0400271 hdr = (struct ieee80211_hdr *)skb->data;
Jeff Garzikb4538722005-05-12 22:48:20 -0400272 if (!tkey->tx_phase1_done) {
273 tkip_mixing_phase1(tkey->tx_ttak, tkey->key, hdr->addr2,
274 tkey->tx_iv32);
275 tkey->tx_phase1_done = 1;
276 }
277 tkip_mixing_phase2(rc4key, tkey->key, tkey->tx_ttak, tkey->tx_iv16);
278
279 len = skb->len - hdr_len;
280 pos = skb_push(skb, 8);
281 memmove(pos, pos + 8, hdr_len);
282 pos += hdr_len;
283 icv = skb_put(skb, 4);
284
285 *pos++ = rc4key[0];
286 *pos++ = rc4key[1];
287 *pos++ = rc4key[2];
Jeff Garzik0edd5b42005-09-07 00:48:31 -0400288 *pos++ = (tkey->key_idx << 6) | (1 << 5) /* Ext IV included */ ;
Jeff Garzikb4538722005-05-12 22:48:20 -0400289 *pos++ = tkey->tx_iv32 & 0xff;
290 *pos++ = (tkey->tx_iv32 >> 8) & 0xff;
291 *pos++ = (tkey->tx_iv32 >> 16) & 0xff;
292 *pos++ = (tkey->tx_iv32 >> 24) & 0xff;
293
294 crc = ~crc32_le(~0, pos, len);
295 icv[0] = crc;
296 icv[1] = crc >> 8;
297 icv[2] = crc >> 16;
298 icv[3] = crc >> 24;
299
300 crypto_cipher_setkey(tkey->tfm_arc4, rc4key, 16);
301 sg.page = virt_to_page(pos);
302 sg.offset = offset_in_page(pos);
303 sg.length = len + 4;
304 crypto_cipher_encrypt(tkey->tfm_arc4, &sg, &sg, len + 4);
305
306 tkey->tx_iv16++;
307 if (tkey->tx_iv16 == 0) {
308 tkey->tx_phase1_done = 0;
309 tkey->tx_iv32++;
310 }
311
312 return 0;
313}
314
315static int ieee80211_tkip_decrypt(struct sk_buff *skb, int hdr_len, void *priv)
316{
317 struct ieee80211_tkip_data *tkey = priv;
318 u8 rc4key[16];
319 u8 keyidx, *pos;
320 u32 iv32;
321 u16 iv16;
322 struct ieee80211_hdr *hdr;
323 u8 icv[4];
324 u32 crc;
325 struct scatterlist sg;
326 int plen;
327
328 if (skb->len < hdr_len + 8 + 4)
329 return -1;
330
Jeff Garzik0edd5b42005-09-07 00:48:31 -0400331 hdr = (struct ieee80211_hdr *)skb->data;
Jeff Garzikb4538722005-05-12 22:48:20 -0400332 pos = skb->data + hdr_len;
333 keyidx = pos[3];
334 if (!(keyidx & (1 << 5))) {
335 if (net_ratelimit()) {
336 printk(KERN_DEBUG "TKIP: received packet without ExtIV"
337 " flag from " MAC_FMT "\n", MAC_ARG(hdr->addr2));
338 }
339 return -2;
340 }
341 keyidx >>= 6;
342 if (tkey->key_idx != keyidx) {
343 printk(KERN_DEBUG "TKIP: RX tkey->key_idx=%d frame "
344 "keyidx=%d priv=%p\n", tkey->key_idx, keyidx, priv);
345 return -6;
346 }
347 if (!tkey->key_set) {
348 if (net_ratelimit()) {
349 printk(KERN_DEBUG "TKIP: received packet from " MAC_FMT
350 " with keyid=%d that does not have a configured"
351 " key\n", MAC_ARG(hdr->addr2), keyidx);
352 }
353 return -3;
354 }
355 iv16 = (pos[0] << 8) | pos[2];
356 iv32 = pos[4] | (pos[5] << 8) | (pos[6] << 16) | (pos[7] << 24);
357 pos += 8;
358
359 if (iv32 < tkey->rx_iv32 ||
360 (iv32 == tkey->rx_iv32 && iv16 <= tkey->rx_iv16)) {
361 if (net_ratelimit()) {
362 printk(KERN_DEBUG "TKIP: replay detected: STA=" MAC_FMT
363 " previous TSC %08x%04x received TSC "
364 "%08x%04x\n", MAC_ARG(hdr->addr2),
365 tkey->rx_iv32, tkey->rx_iv16, iv32, iv16);
366 }
367 tkey->dot11RSNAStatsTKIPReplays++;
368 return -4;
369 }
370
371 if (iv32 != tkey->rx_iv32 || !tkey->rx_phase1_done) {
372 tkip_mixing_phase1(tkey->rx_ttak, tkey->key, hdr->addr2, iv32);
373 tkey->rx_phase1_done = 1;
374 }
375 tkip_mixing_phase2(rc4key, tkey->key, tkey->rx_ttak, iv16);
376
377 plen = skb->len - hdr_len - 12;
378
379 crypto_cipher_setkey(tkey->tfm_arc4, rc4key, 16);
380 sg.page = virt_to_page(pos);
381 sg.offset = offset_in_page(pos);
382 sg.length = plen + 4;
383 crypto_cipher_decrypt(tkey->tfm_arc4, &sg, &sg, plen + 4);
384
385 crc = ~crc32_le(~0, pos, plen);
386 icv[0] = crc;
387 icv[1] = crc >> 8;
388 icv[2] = crc >> 16;
389 icv[3] = crc >> 24;
390 if (memcmp(icv, pos + plen, 4) != 0) {
391 if (iv32 != tkey->rx_iv32) {
392 /* Previously cached Phase1 result was already lost, so
393 * it needs to be recalculated for the next packet. */
394 tkey->rx_phase1_done = 0;
395 }
396 if (net_ratelimit()) {
397 printk(KERN_DEBUG "TKIP: ICV error detected: STA="
398 MAC_FMT "\n", MAC_ARG(hdr->addr2));
399 }
400 tkey->dot11RSNAStatsTKIPICVErrors++;
401 return -5;
402 }
403
404 /* Update real counters only after Michael MIC verification has
405 * completed */
406 tkey->rx_iv32_new = iv32;
407 tkey->rx_iv16_new = iv16;
408
409 /* Remove IV and ICV */
410 memmove(skb->data + 8, skb->data, hdr_len);
411 skb_pull(skb, 8);
412 skb_trim(skb, skb->len - 4);
413
414 return keyidx;
415}
416
Jeff Garzik0edd5b42005-09-07 00:48:31 -0400417static int michael_mic(struct ieee80211_tkip_data *tkey, u8 * key, u8 * hdr,
418 u8 * data, size_t data_len, u8 * mic)
Jeff Garzikb4538722005-05-12 22:48:20 -0400419{
420 struct scatterlist sg[2];
421
422 if (tkey->tfm_michael == NULL) {
423 printk(KERN_WARNING "michael_mic: tfm_michael == NULL\n");
424 return -1;
425 }
426 sg[0].page = virt_to_page(hdr);
427 sg[0].offset = offset_in_page(hdr);
428 sg[0].length = 16;
429
430 sg[1].page = virt_to_page(data);
431 sg[1].offset = offset_in_page(data);
432 sg[1].length = data_len;
433
434 crypto_digest_init(tkey->tfm_michael);
435 crypto_digest_setkey(tkey->tfm_michael, key, 8);
436 crypto_digest_update(tkey->tfm_michael, sg, 2);
437 crypto_digest_final(tkey->tfm_michael, mic);
438
439 return 0;
440}
441
Jeff Garzik0edd5b42005-09-07 00:48:31 -0400442static void michael_mic_hdr(struct sk_buff *skb, u8 * hdr)
Jeff Garzikb4538722005-05-12 22:48:20 -0400443{
444 struct ieee80211_hdr *hdr11;
445
Jeff Garzik0edd5b42005-09-07 00:48:31 -0400446 hdr11 = (struct ieee80211_hdr *)skb->data;
Jeff Garzikb4538722005-05-12 22:48:20 -0400447 switch (le16_to_cpu(hdr11->frame_ctl) &
448 (IEEE80211_FCTL_FROMDS | IEEE80211_FCTL_TODS)) {
449 case IEEE80211_FCTL_TODS:
Jeff Garzik0edd5b42005-09-07 00:48:31 -0400450 memcpy(hdr, hdr11->addr3, ETH_ALEN); /* DA */
451 memcpy(hdr + ETH_ALEN, hdr11->addr2, ETH_ALEN); /* SA */
Jeff Garzikb4538722005-05-12 22:48:20 -0400452 break;
453 case IEEE80211_FCTL_FROMDS:
Jeff Garzik0edd5b42005-09-07 00:48:31 -0400454 memcpy(hdr, hdr11->addr1, ETH_ALEN); /* DA */
455 memcpy(hdr + ETH_ALEN, hdr11->addr3, ETH_ALEN); /* SA */
Jeff Garzikb4538722005-05-12 22:48:20 -0400456 break;
457 case IEEE80211_FCTL_FROMDS | IEEE80211_FCTL_TODS:
Jeff Garzik0edd5b42005-09-07 00:48:31 -0400458 memcpy(hdr, hdr11->addr3, ETH_ALEN); /* DA */
459 memcpy(hdr + ETH_ALEN, hdr11->addr4, ETH_ALEN); /* SA */
Jeff Garzikb4538722005-05-12 22:48:20 -0400460 break;
461 case 0:
Jeff Garzik0edd5b42005-09-07 00:48:31 -0400462 memcpy(hdr, hdr11->addr1, ETH_ALEN); /* DA */
463 memcpy(hdr + ETH_ALEN, hdr11->addr2, ETH_ALEN); /* SA */
Jeff Garzikb4538722005-05-12 22:48:20 -0400464 break;
465 }
466
Jeff Garzik0edd5b42005-09-07 00:48:31 -0400467 hdr[12] = 0; /* priority */
468 hdr[13] = hdr[14] = hdr[15] = 0; /* reserved */
Jeff Garzikb4538722005-05-12 22:48:20 -0400469}
470
Jeff Garzik0edd5b42005-09-07 00:48:31 -0400471static int ieee80211_michael_mic_add(struct sk_buff *skb, int hdr_len,
472 void *priv)
Jeff Garzikb4538722005-05-12 22:48:20 -0400473{
474 struct ieee80211_tkip_data *tkey = priv;
475 u8 *pos;
476
477 if (skb_tailroom(skb) < 8 || skb->len < hdr_len) {
478 printk(KERN_DEBUG "Invalid packet for Michael MIC add "
479 "(tailroom=%d hdr_len=%d skb->len=%d)\n",
480 skb_tailroom(skb), hdr_len, skb->len);
481 return -1;
482 }
483
484 michael_mic_hdr(skb, tkey->tx_hdr);
485 pos = skb_put(skb, 8);
486 if (michael_mic(tkey, &tkey->key[16], tkey->tx_hdr,
487 skb->data + hdr_len, skb->len - 8 - hdr_len, pos))
488 return -1;
489
490 return 0;
491}
492
Jeff Garzikb4538722005-05-12 22:48:20 -0400493#if WIRELESS_EXT >= 18
494static void ieee80211_michael_mic_failure(struct net_device *dev,
Jeff Garzik0edd5b42005-09-07 00:48:31 -0400495 struct ieee80211_hdr *hdr, int keyidx)
Jeff Garzikb4538722005-05-12 22:48:20 -0400496{
497 union iwreq_data wrqu;
498 struct iw_michaelmicfailure ev;
499
500 /* TODO: needed parameters: count, keyid, key type, TSC */
501 memset(&ev, 0, sizeof(ev));
502 ev.flags = keyidx & IW_MICFAILURE_KEY_ID;
503 if (hdr->addr1[0] & 0x01)
504 ev.flags |= IW_MICFAILURE_GROUP;
505 else
506 ev.flags |= IW_MICFAILURE_PAIRWISE;
507 ev.src_addr.sa_family = ARPHRD_ETHER;
508 memcpy(ev.src_addr.sa_data, hdr->addr2, ETH_ALEN);
509 memset(&wrqu, 0, sizeof(wrqu));
510 wrqu.data.length = sizeof(ev);
Jeff Garzik0edd5b42005-09-07 00:48:31 -0400511 wireless_send_event(dev, IWEVMICHAELMICFAILURE, &wrqu, (char *)&ev);
Jeff Garzikb4538722005-05-12 22:48:20 -0400512}
513#elif WIRELESS_EXT >= 15
514static void ieee80211_michael_mic_failure(struct net_device *dev,
Jeff Garzik0edd5b42005-09-07 00:48:31 -0400515 struct ieee80211_hdr *hdr, int keyidx)
Jeff Garzikb4538722005-05-12 22:48:20 -0400516{
517 union iwreq_data wrqu;
518 char buf[128];
519
520 /* TODO: needed parameters: count, keyid, key type, TSC */
521 sprintf(buf, "MLME-MICHAELMICFAILURE.indication(keyid=%d %scast addr="
522 MAC_FMT ")", keyidx, hdr->addr1[0] & 0x01 ? "broad" : "uni",
523 MAC_ARG(hdr->addr2));
524 memset(&wrqu, 0, sizeof(wrqu));
525 wrqu.data.length = strlen(buf);
526 wireless_send_event(dev, IWEVCUSTOM, &wrqu, buf);
527}
Jeff Garzik0edd5b42005-09-07 00:48:31 -0400528#else /* WIRELESS_EXT >= 15 */
Jeff Garzikb4538722005-05-12 22:48:20 -0400529static inline void ieee80211_michael_mic_failure(struct net_device *dev,
Jeff Garzik0edd5b42005-09-07 00:48:31 -0400530 struct ieee80211_hdr *hdr,
531 int keyidx)
Jeff Garzikb4538722005-05-12 22:48:20 -0400532{
533}
Jeff Garzik0edd5b42005-09-07 00:48:31 -0400534#endif /* WIRELESS_EXT >= 15 */
Jeff Garzikb4538722005-05-12 22:48:20 -0400535
536static int ieee80211_michael_mic_verify(struct sk_buff *skb, int keyidx,
Jeff Garzik0edd5b42005-09-07 00:48:31 -0400537 int hdr_len, void *priv)
Jeff Garzikb4538722005-05-12 22:48:20 -0400538{
539 struct ieee80211_tkip_data *tkey = priv;
540 u8 mic[8];
541
542 if (!tkey->key_set)
543 return -1;
544
545 michael_mic_hdr(skb, tkey->rx_hdr);
546 if (michael_mic(tkey, &tkey->key[24], tkey->rx_hdr,
547 skb->data + hdr_len, skb->len - 8 - hdr_len, mic))
548 return -1;
549 if (memcmp(mic, skb->data + skb->len - 8, 8) != 0) {
550 struct ieee80211_hdr *hdr;
Jeff Garzik0edd5b42005-09-07 00:48:31 -0400551 hdr = (struct ieee80211_hdr *)skb->data;
Jeff Garzikb4538722005-05-12 22:48:20 -0400552 printk(KERN_DEBUG "%s: Michael MIC verification failed for "
553 "MSDU from " MAC_FMT " keyidx=%d\n",
554 skb->dev ? skb->dev->name : "N/A", MAC_ARG(hdr->addr2),
555 keyidx);
556 if (skb->dev)
557 ieee80211_michael_mic_failure(skb->dev, hdr, keyidx);
558 tkey->dot11RSNAStatsTKIPLocalMICFailures++;
559 return -1;
560 }
561
562 /* Update TSC counters for RX now that the packet verification has
563 * completed. */
564 tkey->rx_iv32 = tkey->rx_iv32_new;
565 tkey->rx_iv16 = tkey->rx_iv16_new;
566
567 skb_trim(skb, skb->len - 8);
568
569 return 0;
570}
571
Jeff Garzik0edd5b42005-09-07 00:48:31 -0400572static int ieee80211_tkip_set_key(void *key, int len, u8 * seq, void *priv)
Jeff Garzikb4538722005-05-12 22:48:20 -0400573{
574 struct ieee80211_tkip_data *tkey = priv;
575 int keyidx;
576 struct crypto_tfm *tfm = tkey->tfm_michael;
577 struct crypto_tfm *tfm2 = tkey->tfm_arc4;
578
579 keyidx = tkey->key_idx;
580 memset(tkey, 0, sizeof(*tkey));
581 tkey->key_idx = keyidx;
582 tkey->tfm_michael = tfm;
583 tkey->tfm_arc4 = tfm2;
584 if (len == TKIP_KEY_LEN) {
585 memcpy(tkey->key, key, TKIP_KEY_LEN);
586 tkey->key_set = 1;
Jeff Garzik0edd5b42005-09-07 00:48:31 -0400587 tkey->tx_iv16 = 1; /* TSC is initialized to 1 */
Jeff Garzikb4538722005-05-12 22:48:20 -0400588 if (seq) {
589 tkey->rx_iv32 = (seq[5] << 24) | (seq[4] << 16) |
Jeff Garzik0edd5b42005-09-07 00:48:31 -0400590 (seq[3] << 8) | seq[2];
Jeff Garzikb4538722005-05-12 22:48:20 -0400591 tkey->rx_iv16 = (seq[1] << 8) | seq[0];
592 }
593 } else if (len == 0)
594 tkey->key_set = 0;
595 else
596 return -1;
597
598 return 0;
599}
600
Jeff Garzik0edd5b42005-09-07 00:48:31 -0400601static int ieee80211_tkip_get_key(void *key, int len, u8 * seq, void *priv)
Jeff Garzikb4538722005-05-12 22:48:20 -0400602{
603 struct ieee80211_tkip_data *tkey = priv;
604
605 if (len < TKIP_KEY_LEN)
606 return -1;
607
608 if (!tkey->key_set)
609 return 0;
610 memcpy(key, tkey->key, TKIP_KEY_LEN);
611
612 if (seq) {
613 /* Return the sequence number of the last transmitted frame. */
614 u16 iv16 = tkey->tx_iv16;
615 u32 iv32 = tkey->tx_iv32;
616 if (iv16 == 0)
617 iv32--;
618 iv16--;
619 seq[0] = tkey->tx_iv16;
620 seq[1] = tkey->tx_iv16 >> 8;
621 seq[2] = tkey->tx_iv32;
622 seq[3] = tkey->tx_iv32 >> 8;
623 seq[4] = tkey->tx_iv32 >> 16;
624 seq[5] = tkey->tx_iv32 >> 24;
625 }
626
627 return TKIP_KEY_LEN;
628}
629
Jeff Garzik0edd5b42005-09-07 00:48:31 -0400630static char *ieee80211_tkip_print_stats(char *p, void *priv)
Jeff Garzikb4538722005-05-12 22:48:20 -0400631{
632 struct ieee80211_tkip_data *tkip = priv;
633 p += sprintf(p, "key[%d] alg=TKIP key_set=%d "
634 "tx_pn=%02x%02x%02x%02x%02x%02x "
635 "rx_pn=%02x%02x%02x%02x%02x%02x "
636 "replays=%d icv_errors=%d local_mic_failures=%d\n",
637 tkip->key_idx, tkip->key_set,
638 (tkip->tx_iv32 >> 24) & 0xff,
639 (tkip->tx_iv32 >> 16) & 0xff,
640 (tkip->tx_iv32 >> 8) & 0xff,
641 tkip->tx_iv32 & 0xff,
642 (tkip->tx_iv16 >> 8) & 0xff,
643 tkip->tx_iv16 & 0xff,
644 (tkip->rx_iv32 >> 24) & 0xff,
645 (tkip->rx_iv32 >> 16) & 0xff,
646 (tkip->rx_iv32 >> 8) & 0xff,
647 tkip->rx_iv32 & 0xff,
648 (tkip->rx_iv16 >> 8) & 0xff,
649 tkip->rx_iv16 & 0xff,
650 tkip->dot11RSNAStatsTKIPReplays,
651 tkip->dot11RSNAStatsTKIPICVErrors,
652 tkip->dot11RSNAStatsTKIPLocalMICFailures);
653 return p;
654}
655
Jeff Garzikb4538722005-05-12 22:48:20 -0400656static struct ieee80211_crypto_ops ieee80211_crypt_tkip = {
657 .name = "TKIP",
658 .init = ieee80211_tkip_init,
659 .deinit = ieee80211_tkip_deinit,
660 .encrypt_mpdu = ieee80211_tkip_encrypt,
661 .decrypt_mpdu = ieee80211_tkip_decrypt,
662 .encrypt_msdu = ieee80211_michael_mic_add,
663 .decrypt_msdu = ieee80211_michael_mic_verify,
664 .set_key = ieee80211_tkip_set_key,
665 .get_key = ieee80211_tkip_get_key,
666 .print_stats = ieee80211_tkip_print_stats,
Jeff Garzik0edd5b42005-09-07 00:48:31 -0400667 .extra_prefix_len = 4 + 4, /* IV + ExtIV */
668 .extra_postfix_len = 8 + 4, /* MIC + ICV */
669 .owner = THIS_MODULE,
Jeff Garzikb4538722005-05-12 22:48:20 -0400670};
671
Jeff Garzikb4538722005-05-12 22:48:20 -0400672static int __init ieee80211_crypto_tkip_init(void)
673{
674 return ieee80211_register_crypto_ops(&ieee80211_crypt_tkip);
675}
676
Jeff Garzikb4538722005-05-12 22:48:20 -0400677static void __exit ieee80211_crypto_tkip_exit(void)
678{
679 ieee80211_unregister_crypto_ops(&ieee80211_crypt_tkip);
680}
681
Jeff Garzikb4538722005-05-12 22:48:20 -0400682module_init(ieee80211_crypto_tkip_init);
683module_exit(ieee80211_crypto_tkip_exit);