Pull Kconfig into release branch
[linux-2.6] / net / ieee80211 / ieee80211_crypt_tkip.c
1 /*
2  * Host AP crypt: host-based TKIP encryption implementation for Host AP driver
3  *
4  * Copyright (c) 2003-2004, Jouni Malinen <jkmaline@cc.hut.fi>
5  *
6  * This program is free software; you can redistribute it and/or modify
7  * it under the terms of the GNU General Public License version 2 as
8  * published by the Free Software Foundation. See README and COPYING for
9  * more details.
10  */
11
12 #include <linux/config.h>
13 #include <linux/module.h>
14 #include <linux/init.h>
15 #include <linux/slab.h>
16 #include <linux/random.h>
17 #include <linux/skbuff.h>
18 #include <linux/netdevice.h>
19 #include <linux/if_ether.h>
20 #include <linux/if_arp.h>
21 #include <asm/string.h>
22
23 #include <net/ieee80211.h>
24
25 #include <linux/crypto.h>
26 #include <asm/scatterlist.h>
27 #include <linux/crc32.h>
28
29 MODULE_AUTHOR("Jouni Malinen");
30 MODULE_DESCRIPTION("Host AP crypt: TKIP");
31 MODULE_LICENSE("GPL");
32
33 struct ieee80211_tkip_data {
34 #define TKIP_KEY_LEN 32
35         u8 key[TKIP_KEY_LEN];
36         int key_set;
37
38         u32 tx_iv32;
39         u16 tx_iv16;
40         u16 tx_ttak[5];
41         int tx_phase1_done;
42
43         u32 rx_iv32;
44         u16 rx_iv16;
45         u16 rx_ttak[5];
46         int rx_phase1_done;
47         u32 rx_iv32_new;
48         u16 rx_iv16_new;
49
50         u32 dot11RSNAStatsTKIPReplays;
51         u32 dot11RSNAStatsTKIPICVErrors;
52         u32 dot11RSNAStatsTKIPLocalMICFailures;
53
54         int key_idx;
55
56         struct crypto_tfm *tfm_arc4;
57         struct crypto_tfm *tfm_michael;
58
59         /* scratch buffers for virt_to_page() (crypto API) */
60         u8 rx_hdr[16], tx_hdr[16];
61
62         unsigned long flags;
63 };
64
65 static unsigned long ieee80211_tkip_set_flags(unsigned long flags, void *priv)
66 {
67         struct ieee80211_tkip_data *_priv = priv;
68         unsigned long old_flags = _priv->flags;
69         _priv->flags = flags;
70         return old_flags;
71 }
72
73 static unsigned long ieee80211_tkip_get_flags(void *priv)
74 {
75         struct ieee80211_tkip_data *_priv = priv;
76         return _priv->flags;
77 }
78
79 static void *ieee80211_tkip_init(int key_idx)
80 {
81         struct ieee80211_tkip_data *priv;
82
83         priv = kzalloc(sizeof(*priv), GFP_ATOMIC);
84         if (priv == NULL)
85                 goto fail;
86
87         priv->key_idx = key_idx;
88
89         priv->tfm_arc4 = crypto_alloc_tfm("arc4", 0);
90         if (priv->tfm_arc4 == NULL) {
91                 printk(KERN_DEBUG "ieee80211_crypt_tkip: could not allocate "
92                        "crypto API arc4\n");
93                 goto fail;
94         }
95
96         priv->tfm_michael = crypto_alloc_tfm("michael_mic", 0);
97         if (priv->tfm_michael == NULL) {
98                 printk(KERN_DEBUG "ieee80211_crypt_tkip: could not allocate "
99                        "crypto API michael_mic\n");
100                 goto fail;
101         }
102
103         return priv;
104
105       fail:
106         if (priv) {
107                 if (priv->tfm_michael)
108                         crypto_free_tfm(priv->tfm_michael);
109                 if (priv->tfm_arc4)
110                         crypto_free_tfm(priv->tfm_arc4);
111                 kfree(priv);
112         }
113
114         return NULL;
115 }
116
117 static void ieee80211_tkip_deinit(void *priv)
118 {
119         struct ieee80211_tkip_data *_priv = priv;
120         if (_priv && _priv->tfm_michael)
121                 crypto_free_tfm(_priv->tfm_michael);
122         if (_priv && _priv->tfm_arc4)
123                 crypto_free_tfm(_priv->tfm_arc4);
124         kfree(priv);
125 }
126
127 static inline u16 RotR1(u16 val)
128 {
129         return (val >> 1) | (val << 15);
130 }
131
132 static inline u8 Lo8(u16 val)
133 {
134         return val & 0xff;
135 }
136
137 static inline u8 Hi8(u16 val)
138 {
139         return val >> 8;
140 }
141
142 static inline u16 Lo16(u32 val)
143 {
144         return val & 0xffff;
145 }
146
147 static inline u16 Hi16(u32 val)
148 {
149         return val >> 16;
150 }
151
152 static inline u16 Mk16(u8 hi, u8 lo)
153 {
154         return lo | (((u16) hi) << 8);
155 }
156
157 static inline u16 Mk16_le(u16 * v)
158 {
159         return le16_to_cpu(*v);
160 }
161
162 static const u16 Sbox[256] = {
163         0xC6A5, 0xF884, 0xEE99, 0xF68D, 0xFF0D, 0xD6BD, 0xDEB1, 0x9154,
164         0x6050, 0x0203, 0xCEA9, 0x567D, 0xE719, 0xB562, 0x4DE6, 0xEC9A,
165         0x8F45, 0x1F9D, 0x8940, 0xFA87, 0xEF15, 0xB2EB, 0x8EC9, 0xFB0B,
166         0x41EC, 0xB367, 0x5FFD, 0x45EA, 0x23BF, 0x53F7, 0xE496, 0x9B5B,
167         0x75C2, 0xE11C, 0x3DAE, 0x4C6A, 0x6C5A, 0x7E41, 0xF502, 0x834F,
168         0x685C, 0x51F4, 0xD134, 0xF908, 0xE293, 0xAB73, 0x6253, 0x2A3F,
169         0x080C, 0x9552, 0x4665, 0x9D5E, 0x3028, 0x37A1, 0x0A0F, 0x2FB5,
170         0x0E09, 0x2436, 0x1B9B, 0xDF3D, 0xCD26, 0x4E69, 0x7FCD, 0xEA9F,
171         0x121B, 0x1D9E, 0x5874, 0x342E, 0x362D, 0xDCB2, 0xB4EE, 0x5BFB,
172         0xA4F6, 0x764D, 0xB761, 0x7DCE, 0x527B, 0xDD3E, 0x5E71, 0x1397,
173         0xA6F5, 0xB968, 0x0000, 0xC12C, 0x4060, 0xE31F, 0x79C8, 0xB6ED,
174         0xD4BE, 0x8D46, 0x67D9, 0x724B, 0x94DE, 0x98D4, 0xB0E8, 0x854A,
175         0xBB6B, 0xC52A, 0x4FE5, 0xED16, 0x86C5, 0x9AD7, 0x6655, 0x1194,
176         0x8ACF, 0xE910, 0x0406, 0xFE81, 0xA0F0, 0x7844, 0x25BA, 0x4BE3,
177         0xA2F3, 0x5DFE, 0x80C0, 0x058A, 0x3FAD, 0x21BC, 0x7048, 0xF104,
178         0x63DF, 0x77C1, 0xAF75, 0x4263, 0x2030, 0xE51A, 0xFD0E, 0xBF6D,
179         0x814C, 0x1814, 0x2635, 0xC32F, 0xBEE1, 0x35A2, 0x88CC, 0x2E39,
180         0x9357, 0x55F2, 0xFC82, 0x7A47, 0xC8AC, 0xBAE7, 0x322B, 0xE695,
181         0xC0A0, 0x1998, 0x9ED1, 0xA37F, 0x4466, 0x547E, 0x3BAB, 0x0B83,
182         0x8CCA, 0xC729, 0x6BD3, 0x283C, 0xA779, 0xBCE2, 0x161D, 0xAD76,
183         0xDB3B, 0x6456, 0x744E, 0x141E, 0x92DB, 0x0C0A, 0x486C, 0xB8E4,
184         0x9F5D, 0xBD6E, 0x43EF, 0xC4A6, 0x39A8, 0x31A4, 0xD337, 0xF28B,
185         0xD532, 0x8B43, 0x6E59, 0xDAB7, 0x018C, 0xB164, 0x9CD2, 0x49E0,
186         0xD8B4, 0xACFA, 0xF307, 0xCF25, 0xCAAF, 0xF48E, 0x47E9, 0x1018,
187         0x6FD5, 0xF088, 0x4A6F, 0x5C72, 0x3824, 0x57F1, 0x73C7, 0x9751,
188         0xCB23, 0xA17C, 0xE89C, 0x3E21, 0x96DD, 0x61DC, 0x0D86, 0x0F85,
189         0xE090, 0x7C42, 0x71C4, 0xCCAA, 0x90D8, 0x0605, 0xF701, 0x1C12,
190         0xC2A3, 0x6A5F, 0xAEF9, 0x69D0, 0x1791, 0x9958, 0x3A27, 0x27B9,
191         0xD938, 0xEB13, 0x2BB3, 0x2233, 0xD2BB, 0xA970, 0x0789, 0x33A7,
192         0x2DB6, 0x3C22, 0x1592, 0xC920, 0x8749, 0xAAFF, 0x5078, 0xA57A,
193         0x038F, 0x59F8, 0x0980, 0x1A17, 0x65DA, 0xD731, 0x84C6, 0xD0B8,
194         0x82C3, 0x29B0, 0x5A77, 0x1E11, 0x7BCB, 0xA8FC, 0x6DD6, 0x2C3A,
195 };
196
197 static inline u16 _S_(u16 v)
198 {
199         u16 t = Sbox[Hi8(v)];
200         return Sbox[Lo8(v)] ^ ((t << 8) | (t >> 8));
201 }
202
203 #define PHASE1_LOOP_COUNT 8
204
205 static void tkip_mixing_phase1(u16 * TTAK, const u8 * TK, const u8 * TA,
206                                u32 IV32)
207 {
208         int i, j;
209
210         /* Initialize the 80-bit TTAK from TSC (IV32) and TA[0..5] */
211         TTAK[0] = Lo16(IV32);
212         TTAK[1] = Hi16(IV32);
213         TTAK[2] = Mk16(TA[1], TA[0]);
214         TTAK[3] = Mk16(TA[3], TA[2]);
215         TTAK[4] = Mk16(TA[5], TA[4]);
216
217         for (i = 0; i < PHASE1_LOOP_COUNT; i++) {
218                 j = 2 * (i & 1);
219                 TTAK[0] += _S_(TTAK[4] ^ Mk16(TK[1 + j], TK[0 + j]));
220                 TTAK[1] += _S_(TTAK[0] ^ Mk16(TK[5 + j], TK[4 + j]));
221                 TTAK[2] += _S_(TTAK[1] ^ Mk16(TK[9 + j], TK[8 + j]));
222                 TTAK[3] += _S_(TTAK[2] ^ Mk16(TK[13 + j], TK[12 + j]));
223                 TTAK[4] += _S_(TTAK[3] ^ Mk16(TK[1 + j], TK[0 + j])) + i;
224         }
225 }
226
227 static void tkip_mixing_phase2(u8 * WEPSeed, const u8 * TK, const u16 * TTAK,
228                                u16 IV16)
229 {
230         /* Make temporary area overlap WEP seed so that the final copy can be
231          * avoided on little endian hosts. */
232         u16 *PPK = (u16 *) & WEPSeed[4];
233
234         /* Step 1 - make copy of TTAK and bring in TSC */
235         PPK[0] = TTAK[0];
236         PPK[1] = TTAK[1];
237         PPK[2] = TTAK[2];
238         PPK[3] = TTAK[3];
239         PPK[4] = TTAK[4];
240         PPK[5] = TTAK[4] + IV16;
241
242         /* Step 2 - 96-bit bijective mixing using S-box */
243         PPK[0] += _S_(PPK[5] ^ Mk16_le((u16 *) & TK[0]));
244         PPK[1] += _S_(PPK[0] ^ Mk16_le((u16 *) & TK[2]));
245         PPK[2] += _S_(PPK[1] ^ Mk16_le((u16 *) & TK[4]));
246         PPK[3] += _S_(PPK[2] ^ Mk16_le((u16 *) & TK[6]));
247         PPK[4] += _S_(PPK[3] ^ Mk16_le((u16 *) & TK[8]));
248         PPK[5] += _S_(PPK[4] ^ Mk16_le((u16 *) & TK[10]));
249
250         PPK[0] += RotR1(PPK[5] ^ Mk16_le((u16 *) & TK[12]));
251         PPK[1] += RotR1(PPK[0] ^ Mk16_le((u16 *) & TK[14]));
252         PPK[2] += RotR1(PPK[1]);
253         PPK[3] += RotR1(PPK[2]);
254         PPK[4] += RotR1(PPK[3]);
255         PPK[5] += RotR1(PPK[4]);
256
257         /* Step 3 - bring in last of TK bits, assign 24-bit WEP IV value
258          * WEPSeed[0..2] is transmitted as WEP IV */
259         WEPSeed[0] = Hi8(IV16);
260         WEPSeed[1] = (Hi8(IV16) | 0x20) & 0x7F;
261         WEPSeed[2] = Lo8(IV16);
262         WEPSeed[3] = Lo8((PPK[5] ^ Mk16_le((u16 *) & TK[0])) >> 1);
263
264 #ifdef __BIG_ENDIAN
265         {
266                 int i;
267                 for (i = 0; i < 6; i++)
268                         PPK[i] = (PPK[i] << 8) | (PPK[i] >> 8);
269         }
270 #endif
271 }
272
273 static int ieee80211_tkip_hdr(struct sk_buff *skb, int hdr_len,
274                               u8 * rc4key, int keylen, void *priv)
275 {
276         struct ieee80211_tkip_data *tkey = priv;
277         int len;
278         u8 *pos;
279         struct ieee80211_hdr_4addr *hdr;
280
281         hdr = (struct ieee80211_hdr_4addr *)skb->data;
282
283         if (skb_headroom(skb) < 8 || skb->len < hdr_len)
284                 return -1;
285
286         if (rc4key == NULL || keylen < 16)
287                 return -1;
288
289         if (!tkey->tx_phase1_done) {
290                 tkip_mixing_phase1(tkey->tx_ttak, tkey->key, hdr->addr2,
291                                    tkey->tx_iv32);
292                 tkey->tx_phase1_done = 1;
293         }
294         tkip_mixing_phase2(rc4key, tkey->key, tkey->tx_ttak, tkey->tx_iv16);
295
296         len = skb->len - hdr_len;
297         pos = skb_push(skb, 8);
298         memmove(pos, pos + 8, hdr_len);
299         pos += hdr_len;
300
301         *pos++ = *rc4key;
302         *pos++ = *(rc4key + 1);
303         *pos++ = *(rc4key + 2);
304         *pos++ = (tkey->key_idx << 6) | (1 << 5) /* Ext IV included */ ;
305         *pos++ = tkey->tx_iv32 & 0xff;
306         *pos++ = (tkey->tx_iv32 >> 8) & 0xff;
307         *pos++ = (tkey->tx_iv32 >> 16) & 0xff;
308         *pos++ = (tkey->tx_iv32 >> 24) & 0xff;
309
310         tkey->tx_iv16++;
311         if (tkey->tx_iv16 == 0) {
312                 tkey->tx_phase1_done = 0;
313                 tkey->tx_iv32++;
314         }
315
316         return 8;
317 }
318
319 static int ieee80211_tkip_encrypt(struct sk_buff *skb, int hdr_len, void *priv)
320 {
321         struct ieee80211_tkip_data *tkey = priv;
322         int len;
323         u8 rc4key[16], *pos, *icv;
324         u32 crc;
325         struct scatterlist sg;
326
327         if (tkey->flags & IEEE80211_CRYPTO_TKIP_COUNTERMEASURES) {
328                 if (net_ratelimit()) {
329                         struct ieee80211_hdr_4addr *hdr =
330                             (struct ieee80211_hdr_4addr *)skb->data;
331                         printk(KERN_DEBUG ": TKIP countermeasures: dropped "
332                                "TX packet to " MAC_FMT "\n",
333                                MAC_ARG(hdr->addr1));
334                 }
335                 return -1;
336         }
337
338         if (skb_tailroom(skb) < 4 || skb->len < hdr_len)
339                 return -1;
340
341         len = skb->len - hdr_len;
342         pos = skb->data + hdr_len;
343
344         if ((ieee80211_tkip_hdr(skb, hdr_len, rc4key, 16, priv)) < 0)
345                 return -1;
346
347         icv = skb_put(skb, 4);
348
349         crc = ~crc32_le(~0, pos, len);
350         icv[0] = crc;
351         icv[1] = crc >> 8;
352         icv[2] = crc >> 16;
353         icv[3] = crc >> 24;
354
355         crypto_cipher_setkey(tkey->tfm_arc4, rc4key, 16);
356         sg.page = virt_to_page(pos);
357         sg.offset = offset_in_page(pos);
358         sg.length = len + 4;
359         crypto_cipher_encrypt(tkey->tfm_arc4, &sg, &sg, len + 4);
360
361         return 0;
362 }
363
364 static int ieee80211_tkip_decrypt(struct sk_buff *skb, int hdr_len, void *priv)
365 {
366         struct ieee80211_tkip_data *tkey = priv;
367         u8 rc4key[16];
368         u8 keyidx, *pos;
369         u32 iv32;
370         u16 iv16;
371         struct ieee80211_hdr_4addr *hdr;
372         u8 icv[4];
373         u32 crc;
374         struct scatterlist sg;
375         int plen;
376
377         hdr = (struct ieee80211_hdr_4addr *)skb->data;
378
379         if (tkey->flags & IEEE80211_CRYPTO_TKIP_COUNTERMEASURES) {
380                 if (net_ratelimit()) {
381                         printk(KERN_DEBUG ": TKIP countermeasures: dropped "
382                                "received packet from " MAC_FMT "\n",
383                                MAC_ARG(hdr->addr2));
384                 }
385                 return -1;
386         }
387
388         if (skb->len < hdr_len + 8 + 4)
389                 return -1;
390
391         pos = skb->data + hdr_len;
392         keyidx = pos[3];
393         if (!(keyidx & (1 << 5))) {
394                 if (net_ratelimit()) {
395                         printk(KERN_DEBUG "TKIP: received packet without ExtIV"
396                                " flag from " MAC_FMT "\n", MAC_ARG(hdr->addr2));
397                 }
398                 return -2;
399         }
400         keyidx >>= 6;
401         if (tkey->key_idx != keyidx) {
402                 printk(KERN_DEBUG "TKIP: RX tkey->key_idx=%d frame "
403                        "keyidx=%d priv=%p\n", tkey->key_idx, keyidx, priv);
404                 return -6;
405         }
406         if (!tkey->key_set) {
407                 if (net_ratelimit()) {
408                         printk(KERN_DEBUG "TKIP: received packet from " MAC_FMT
409                                " with keyid=%d that does not have a configured"
410                                " key\n", MAC_ARG(hdr->addr2), keyidx);
411                 }
412                 return -3;
413         }
414         iv16 = (pos[0] << 8) | pos[2];
415         iv32 = pos[4] | (pos[5] << 8) | (pos[6] << 16) | (pos[7] << 24);
416         pos += 8;
417
418         if (iv32 < tkey->rx_iv32 ||
419             (iv32 == tkey->rx_iv32 && iv16 <= tkey->rx_iv16)) {
420                 if (net_ratelimit()) {
421                         printk(KERN_DEBUG "TKIP: replay detected: STA=" MAC_FMT
422                                " previous TSC %08x%04x received TSC "
423                                "%08x%04x\n", MAC_ARG(hdr->addr2),
424                                tkey->rx_iv32, tkey->rx_iv16, iv32, iv16);
425                 }
426                 tkey->dot11RSNAStatsTKIPReplays++;
427                 return -4;
428         }
429
430         if (iv32 != tkey->rx_iv32 || !tkey->rx_phase1_done) {
431                 tkip_mixing_phase1(tkey->rx_ttak, tkey->key, hdr->addr2, iv32);
432                 tkey->rx_phase1_done = 1;
433         }
434         tkip_mixing_phase2(rc4key, tkey->key, tkey->rx_ttak, iv16);
435
436         plen = skb->len - hdr_len - 12;
437
438         crypto_cipher_setkey(tkey->tfm_arc4, rc4key, 16);
439         sg.page = virt_to_page(pos);
440         sg.offset = offset_in_page(pos);
441         sg.length = plen + 4;
442         crypto_cipher_decrypt(tkey->tfm_arc4, &sg, &sg, plen + 4);
443
444         crc = ~crc32_le(~0, pos, plen);
445         icv[0] = crc;
446         icv[1] = crc >> 8;
447         icv[2] = crc >> 16;
448         icv[3] = crc >> 24;
449         if (memcmp(icv, pos + plen, 4) != 0) {
450                 if (iv32 != tkey->rx_iv32) {
451                         /* Previously cached Phase1 result was already lost, so
452                          * it needs to be recalculated for the next packet. */
453                         tkey->rx_phase1_done = 0;
454                 }
455                 if (net_ratelimit()) {
456                         printk(KERN_DEBUG "TKIP: ICV error detected: STA="
457                                MAC_FMT "\n", MAC_ARG(hdr->addr2));
458                 }
459                 tkey->dot11RSNAStatsTKIPICVErrors++;
460                 return -5;
461         }
462
463         /* Update real counters only after Michael MIC verification has
464          * completed */
465         tkey->rx_iv32_new = iv32;
466         tkey->rx_iv16_new = iv16;
467
468         /* Remove IV and ICV */
469         memmove(skb->data + 8, skb->data, hdr_len);
470         skb_pull(skb, 8);
471         skb_trim(skb, skb->len - 4);
472
473         return keyidx;
474 }
475
476 static int michael_mic(struct ieee80211_tkip_data *tkey, u8 * key, u8 * hdr,
477                        u8 * data, size_t data_len, u8 * mic)
478 {
479         struct scatterlist sg[2];
480
481         if (tkey->tfm_michael == NULL) {
482                 printk(KERN_WARNING "michael_mic: tfm_michael == NULL\n");
483                 return -1;
484         }
485         sg[0].page = virt_to_page(hdr);
486         sg[0].offset = offset_in_page(hdr);
487         sg[0].length = 16;
488
489         sg[1].page = virt_to_page(data);
490         sg[1].offset = offset_in_page(data);
491         sg[1].length = data_len;
492
493         crypto_digest_init(tkey->tfm_michael);
494         crypto_digest_setkey(tkey->tfm_michael, key, 8);
495         crypto_digest_update(tkey->tfm_michael, sg, 2);
496         crypto_digest_final(tkey->tfm_michael, mic);
497
498         return 0;
499 }
500
501 static void michael_mic_hdr(struct sk_buff *skb, u8 * hdr)
502 {
503         struct ieee80211_hdr_4addr *hdr11;
504
505         hdr11 = (struct ieee80211_hdr_4addr *)skb->data;
506         switch (le16_to_cpu(hdr11->frame_ctl) &
507                 (IEEE80211_FCTL_FROMDS | IEEE80211_FCTL_TODS)) {
508         case IEEE80211_FCTL_TODS:
509                 memcpy(hdr, hdr11->addr3, ETH_ALEN);    /* DA */
510                 memcpy(hdr + ETH_ALEN, hdr11->addr2, ETH_ALEN); /* SA */
511                 break;
512         case IEEE80211_FCTL_FROMDS:
513                 memcpy(hdr, hdr11->addr1, ETH_ALEN);    /* DA */
514                 memcpy(hdr + ETH_ALEN, hdr11->addr3, ETH_ALEN); /* SA */
515                 break;
516         case IEEE80211_FCTL_FROMDS | IEEE80211_FCTL_TODS:
517                 memcpy(hdr, hdr11->addr3, ETH_ALEN);    /* DA */
518                 memcpy(hdr + ETH_ALEN, hdr11->addr4, ETH_ALEN); /* SA */
519                 break;
520         case 0:
521                 memcpy(hdr, hdr11->addr1, ETH_ALEN);    /* DA */
522                 memcpy(hdr + ETH_ALEN, hdr11->addr2, ETH_ALEN); /* SA */
523                 break;
524         }
525
526         hdr[12] = 0;            /* priority */
527         hdr[13] = hdr[14] = hdr[15] = 0;        /* reserved */
528 }
529
530 static int ieee80211_michael_mic_add(struct sk_buff *skb, int hdr_len,
531                                      void *priv)
532 {
533         struct ieee80211_tkip_data *tkey = priv;
534         u8 *pos;
535
536         if (skb_tailroom(skb) < 8 || skb->len < hdr_len) {
537                 printk(KERN_DEBUG "Invalid packet for Michael MIC add "
538                        "(tailroom=%d hdr_len=%d skb->len=%d)\n",
539                        skb_tailroom(skb), hdr_len, skb->len);
540                 return -1;
541         }
542
543         michael_mic_hdr(skb, tkey->tx_hdr);
544         pos = skb_put(skb, 8);
545         if (michael_mic(tkey, &tkey->key[16], tkey->tx_hdr,
546                         skb->data + hdr_len, skb->len - 8 - hdr_len, pos))
547                 return -1;
548
549         return 0;
550 }
551
552 static void ieee80211_michael_mic_failure(struct net_device *dev,
553                                           struct ieee80211_hdr_4addr *hdr,
554                                           int keyidx)
555 {
556         union iwreq_data wrqu;
557         struct iw_michaelmicfailure ev;
558
559         /* TODO: needed parameters: count, keyid, key type, TSC */
560         memset(&ev, 0, sizeof(ev));
561         ev.flags = keyidx & IW_MICFAILURE_KEY_ID;
562         if (hdr->addr1[0] & 0x01)
563                 ev.flags |= IW_MICFAILURE_GROUP;
564         else
565                 ev.flags |= IW_MICFAILURE_PAIRWISE;
566         ev.src_addr.sa_family = ARPHRD_ETHER;
567         memcpy(ev.src_addr.sa_data, hdr->addr2, ETH_ALEN);
568         memset(&wrqu, 0, sizeof(wrqu));
569         wrqu.data.length = sizeof(ev);
570         wireless_send_event(dev, IWEVMICHAELMICFAILURE, &wrqu, (char *)&ev);
571 }
572
573 static int ieee80211_michael_mic_verify(struct sk_buff *skb, int keyidx,
574                                         int hdr_len, void *priv)
575 {
576         struct ieee80211_tkip_data *tkey = priv;
577         u8 mic[8];
578
579         if (!tkey->key_set)
580                 return -1;
581
582         michael_mic_hdr(skb, tkey->rx_hdr);
583         if (michael_mic(tkey, &tkey->key[24], tkey->rx_hdr,
584                         skb->data + hdr_len, skb->len - 8 - hdr_len, mic))
585                 return -1;
586         if (memcmp(mic, skb->data + skb->len - 8, 8) != 0) {
587                 struct ieee80211_hdr_4addr *hdr;
588                 hdr = (struct ieee80211_hdr_4addr *)skb->data;
589                 printk(KERN_DEBUG "%s: Michael MIC verification failed for "
590                        "MSDU from " MAC_FMT " keyidx=%d\n",
591                        skb->dev ? skb->dev->name : "N/A", MAC_ARG(hdr->addr2),
592                        keyidx);
593                 if (skb->dev)
594                         ieee80211_michael_mic_failure(skb->dev, hdr, keyidx);
595                 tkey->dot11RSNAStatsTKIPLocalMICFailures++;
596                 return -1;
597         }
598
599         /* Update TSC counters for RX now that the packet verification has
600          * completed. */
601         tkey->rx_iv32 = tkey->rx_iv32_new;
602         tkey->rx_iv16 = tkey->rx_iv16_new;
603
604         skb_trim(skb, skb->len - 8);
605
606         return 0;
607 }
608
609 static int ieee80211_tkip_set_key(void *key, int len, u8 * seq, void *priv)
610 {
611         struct ieee80211_tkip_data *tkey = priv;
612         int keyidx;
613         struct crypto_tfm *tfm = tkey->tfm_michael;
614         struct crypto_tfm *tfm2 = tkey->tfm_arc4;
615
616         keyidx = tkey->key_idx;
617         memset(tkey, 0, sizeof(*tkey));
618         tkey->key_idx = keyidx;
619         tkey->tfm_michael = tfm;
620         tkey->tfm_arc4 = tfm2;
621         if (len == TKIP_KEY_LEN) {
622                 memcpy(tkey->key, key, TKIP_KEY_LEN);
623                 tkey->key_set = 1;
624                 tkey->tx_iv16 = 1;      /* TSC is initialized to 1 */
625                 if (seq) {
626                         tkey->rx_iv32 = (seq[5] << 24) | (seq[4] << 16) |
627                             (seq[3] << 8) | seq[2];
628                         tkey->rx_iv16 = (seq[1] << 8) | seq[0];
629                 }
630         } else if (len == 0)
631                 tkey->key_set = 0;
632         else
633                 return -1;
634
635         return 0;
636 }
637
638 static int ieee80211_tkip_get_key(void *key, int len, u8 * seq, void *priv)
639 {
640         struct ieee80211_tkip_data *tkey = priv;
641
642         if (len < TKIP_KEY_LEN)
643                 return -1;
644
645         if (!tkey->key_set)
646                 return 0;
647         memcpy(key, tkey->key, TKIP_KEY_LEN);
648
649         if (seq) {
650                 /* Return the sequence number of the last transmitted frame. */
651                 u16 iv16 = tkey->tx_iv16;
652                 u32 iv32 = tkey->tx_iv32;
653                 if (iv16 == 0)
654                         iv32--;
655                 iv16--;
656                 seq[0] = tkey->tx_iv16;
657                 seq[1] = tkey->tx_iv16 >> 8;
658                 seq[2] = tkey->tx_iv32;
659                 seq[3] = tkey->tx_iv32 >> 8;
660                 seq[4] = tkey->tx_iv32 >> 16;
661                 seq[5] = tkey->tx_iv32 >> 24;
662         }
663
664         return TKIP_KEY_LEN;
665 }
666
667 static char *ieee80211_tkip_print_stats(char *p, void *priv)
668 {
669         struct ieee80211_tkip_data *tkip = priv;
670         p += sprintf(p, "key[%d] alg=TKIP key_set=%d "
671                      "tx_pn=%02x%02x%02x%02x%02x%02x "
672                      "rx_pn=%02x%02x%02x%02x%02x%02x "
673                      "replays=%d icv_errors=%d local_mic_failures=%d\n",
674                      tkip->key_idx, tkip->key_set,
675                      (tkip->tx_iv32 >> 24) & 0xff,
676                      (tkip->tx_iv32 >> 16) & 0xff,
677                      (tkip->tx_iv32 >> 8) & 0xff,
678                      tkip->tx_iv32 & 0xff,
679                      (tkip->tx_iv16 >> 8) & 0xff,
680                      tkip->tx_iv16 & 0xff,
681                      (tkip->rx_iv32 >> 24) & 0xff,
682                      (tkip->rx_iv32 >> 16) & 0xff,
683                      (tkip->rx_iv32 >> 8) & 0xff,
684                      tkip->rx_iv32 & 0xff,
685                      (tkip->rx_iv16 >> 8) & 0xff,
686                      tkip->rx_iv16 & 0xff,
687                      tkip->dot11RSNAStatsTKIPReplays,
688                      tkip->dot11RSNAStatsTKIPICVErrors,
689                      tkip->dot11RSNAStatsTKIPLocalMICFailures);
690         return p;
691 }
692
693 static struct ieee80211_crypto_ops ieee80211_crypt_tkip = {
694         .name = "TKIP",
695         .init = ieee80211_tkip_init,
696         .deinit = ieee80211_tkip_deinit,
697         .build_iv = ieee80211_tkip_hdr,
698         .encrypt_mpdu = ieee80211_tkip_encrypt,
699         .decrypt_mpdu = ieee80211_tkip_decrypt,
700         .encrypt_msdu = ieee80211_michael_mic_add,
701         .decrypt_msdu = ieee80211_michael_mic_verify,
702         .set_key = ieee80211_tkip_set_key,
703         .get_key = ieee80211_tkip_get_key,
704         .print_stats = ieee80211_tkip_print_stats,
705         .extra_mpdu_prefix_len = 4 + 4, /* IV + ExtIV */
706         .extra_mpdu_postfix_len = 4,    /* ICV */
707         .extra_msdu_postfix_len = 8,    /* MIC */
708         .get_flags = ieee80211_tkip_get_flags,
709         .set_flags = ieee80211_tkip_set_flags,
710         .owner = THIS_MODULE,
711 };
712
713 static int __init ieee80211_crypto_tkip_init(void)
714 {
715         return ieee80211_register_crypto_ops(&ieee80211_crypt_tkip);
716 }
717
718 static void __exit ieee80211_crypto_tkip_exit(void)
719 {
720         ieee80211_unregister_crypto_ops(&ieee80211_crypt_tkip);
721 }
722
723 module_init(ieee80211_crypto_tkip_init);
724 module_exit(ieee80211_crypto_tkip_exit);