git.oblomov.eu Git - linux-2.6/blob - net/ieee80211/ieee80211_crypt_tkip.c

   1 /*
   2  * Host AP crypt: host-based TKIP encryption implementation for Host AP driver
   3  *
   4  * Copyright (c) 2003-2004, Jouni Malinen <jkmaline@cc.hut.fi>
   5  *
   6  * This program is free software; you can redistribute it and/or modify
   7  * it under the terms of the GNU General Public License version 2 as
   8  * published by the Free Software Foundation. See README and COPYING for
   9  * more details.
  10  */
  11
  12 #include <linux/config.h>
  13 #include <linux/version.h>
  14 #include <linux/module.h>
  15 #include <linux/init.h>
  16 #include <linux/slab.h>
  17 #include <linux/random.h>
  18 #include <linux/skbuff.h>
  19 #include <linux/netdevice.h>
  20 #include <linux/if_ether.h>
  21 #include <linux/if_arp.h>
  22 #include <asm/string.h>
  23
  24 #include <net/ieee80211.h>
  25
  26 #include <linux/crypto.h>
  27 #include <asm/scatterlist.h>
  28 #include <linux/crc32.h>
  29
  30 MODULE_AUTHOR("Jouni Malinen");
  31 MODULE_DESCRIPTION("Host AP crypt: TKIP");
  32 MODULE_LICENSE("GPL");
  33
  34 struct ieee80211_tkip_data {
  35 #define TKIP_KEY_LEN 32
  36         u8 key[TKIP_KEY_LEN];
  37         int key_set;
  38
  39         u32 tx_iv32;
  40         u16 tx_iv16;
  41         u16 tx_ttak[5];
  42         int tx_phase1_done;
  43
  44         u32 rx_iv32;
  45         u16 rx_iv16;
  46         u16 rx_ttak[5];
  47         int rx_phase1_done;
  48         u32 rx_iv32_new;
  49         u16 rx_iv16_new;
  50
  51         u32 dot11RSNAStatsTKIPReplays;
  52         u32 dot11RSNAStatsTKIPICVErrors;
  53         u32 dot11RSNAStatsTKIPLocalMICFailures;
  54
  55         int key_idx;
  56
  57         struct crypto_tfm *tfm_arc4;
  58         struct crypto_tfm *tfm_michael;
  59
  60         /* scratch buffers for virt_to_page() (crypto API) */
  61         u8 rx_hdr[16], tx_hdr[16];
  62
  63         unsigned long flags;
  64 };
  65
  66 static unsigned long ieee80211_tkip_set_flags(unsigned long flags, void *priv)
  67 {
  68         struct ieee80211_tkip_data *_priv = priv;
  69         unsigned long old_flags = _priv->flags;
  70         _priv->flags = flags;
  71         return old_flags;
  72 }
  73
  74 static unsigned long ieee80211_tkip_get_flags(void *priv)
  75 {
  76         struct ieee80211_tkip_data *_priv = priv;
  77         return _priv->flags;
  78 }
  79
  80 static void *ieee80211_tkip_init(int key_idx)
  81 {
  82         struct ieee80211_tkip_data *priv;
  83
  84         priv = kmalloc(sizeof(*priv), GFP_ATOMIC);
  85         if (priv == NULL)
  86                 goto fail;
  87         memset(priv, 0, sizeof(*priv));
  88
  89         priv->key_idx = key_idx;
  90
  91         priv->tfm_arc4 = crypto_alloc_tfm("arc4", 0);
  92         if (priv->tfm_arc4 == NULL) {
  93                 printk(KERN_DEBUG "ieee80211_crypt_tkip: could not allocate "
  94                        "crypto API arc4\n");
  95                 goto fail;
  96         }
  97
  98         priv->tfm_michael = crypto_alloc_tfm("michael_mic", 0);
  99         if (priv->tfm_michael == NULL) {
 100                 printk(KERN_DEBUG "ieee80211_crypt_tkip: could not allocate "
 101                        "crypto API michael_mic\n");
 102                 goto fail;
 103         }
 104
 105         return priv;
 106
 107       fail:
 108         if (priv) {
 109                 if (priv->tfm_michael)
 110                         crypto_free_tfm(priv->tfm_michael);
 111                 if (priv->tfm_arc4)
 112                         crypto_free_tfm(priv->tfm_arc4);
 113                 kfree(priv);
 114         }
 115
 116         return NULL;
 117 }
 118
 119 static void ieee80211_tkip_deinit(void *priv)
 120 {
 121         struct ieee80211_tkip_data *_priv = priv;
 122         if (_priv && _priv->tfm_michael)
 123                 crypto_free_tfm(_priv->tfm_michael);
 124         if (_priv && _priv->tfm_arc4)
 125                 crypto_free_tfm(_priv->tfm_arc4);
 126         kfree(priv);
 127 }
 128
 129 static inline u16 RotR1(u16 val)
 130 {
 131         return (val >> 1) | (val << 15);
 132 }
 133
 134 static inline u8 Lo8(u16 val)
 135 {
 136         return val & 0xff;
 137 }
 138
 139 static inline u8 Hi8(u16 val)
 140 {
 141         return val >> 8;
 142 }
 143
 144 static inline u16 Lo16(u32 val)
 145 {
 146         return val & 0xffff;
 147 }
 148
 149 static inline u16 Hi16(u32 val)
 150 {
 151         return val >> 16;
 152 }
 153
 154 static inline u16 Mk16(u8 hi, u8 lo)
 155 {
 156         return lo | (((u16) hi) << 8);
 157 }
 158
 159 static inline u16 Mk16_le(u16 * v)
 160 {
 161         return le16_to_cpu(*v);
 162 }
 163
 164 static const u16 Sbox[256] = {
 165         0xC6A5, 0xF884, 0xEE99, 0xF68D, 0xFF0D, 0xD6BD, 0xDEB1, 0x9154,
 166         0x6050, 0x0203, 0xCEA9, 0x567D, 0xE719, 0xB562, 0x4DE6, 0xEC9A,
 167         0x8F45, 0x1F9D, 0x8940, 0xFA87, 0xEF15, 0xB2EB, 0x8EC9, 0xFB0B,
 168         0x41EC, 0xB367, 0x5FFD, 0x45EA, 0x23BF, 0x53F7, 0xE496, 0x9B5B,
 169         0x75C2, 0xE11C, 0x3DAE, 0x4C6A, 0x6C5A, 0x7E41, 0xF502, 0x834F,
 170         0x685C, 0x51F4, 0xD134, 0xF908, 0xE293, 0xAB73, 0x6253, 0x2A3F,
 171         0x080C, 0x9552, 0x4665, 0x9D5E, 0x3028, 0x37A1, 0x0A0F, 0x2FB5,
 172         0x0E09, 0x2436, 0x1B9B, 0xDF3D, 0xCD26, 0x4E69, 0x7FCD, 0xEA9F,
 173         0x121B, 0x1D9E, 0x5874, 0x342E, 0x362D, 0xDCB2, 0xB4EE, 0x5BFB,
 174         0xA4F6, 0x764D, 0xB761, 0x7DCE, 0x527B, 0xDD3E, 0x5E71, 0x1397,
 175         0xA6F5, 0xB968, 0x0000, 0xC12C, 0x4060, 0xE31F, 0x79C8, 0xB6ED,
 176         0xD4BE, 0x8D46, 0x67D9, 0x724B, 0x94DE, 0x98D4, 0xB0E8, 0x854A,
 177         0xBB6B, 0xC52A, 0x4FE5, 0xED16, 0x86C5, 0x9AD7, 0x6655, 0x1194,
 178         0x8ACF, 0xE910, 0x0406, 0xFE81, 0xA0F0, 0x7844, 0x25BA, 0x4BE3,
 179         0xA2F3, 0x5DFE, 0x80C0, 0x058A, 0x3FAD, 0x21BC, 0x7048, 0xF104,
 180         0x63DF, 0x77C1, 0xAF75, 0x4263, 0x2030, 0xE51A, 0xFD0E, 0xBF6D,
 181         0x814C, 0x1814, 0x2635, 0xC32F, 0xBEE1, 0x35A2, 0x88CC, 0x2E39,
 182         0x9357, 0x55F2, 0xFC82, 0x7A47, 0xC8AC, 0xBAE7, 0x322B, 0xE695,
 183         0xC0A0, 0x1998, 0x9ED1, 0xA37F, 0x4466, 0x547E, 0x3BAB, 0x0B83,
 184         0x8CCA, 0xC729, 0x6BD3, 0x283C, 0xA779, 0xBCE2, 0x161D, 0xAD76,
 185         0xDB3B, 0x6456, 0x744E, 0x141E, 0x92DB, 0x0C0A, 0x486C, 0xB8E4,
 186         0x9F5D, 0xBD6E, 0x43EF, 0xC4A6, 0x39A8, 0x31A4, 0xD337, 0xF28B,
 187         0xD532, 0x8B43, 0x6E59, 0xDAB7, 0x018C, 0xB164, 0x9CD2, 0x49E0,
 188         0xD8B4, 0xACFA, 0xF307, 0xCF25, 0xCAAF, 0xF48E, 0x47E9, 0x1018,
 189         0x6FD5, 0xF088, 0x4A6F, 0x5C72, 0x3824, 0x57F1, 0x73C7, 0x9751,
 190         0xCB23, 0xA17C, 0xE89C, 0x3E21, 0x96DD, 0x61DC, 0x0D86, 0x0F85,
 191         0xE090, 0x7C42, 0x71C4, 0xCCAA, 0x90D8, 0x0605, 0xF701, 0x1C12,
 192         0xC2A3, 0x6A5F, 0xAEF9, 0x69D0, 0x1791, 0x9958, 0x3A27, 0x27B9,
 193         0xD938, 0xEB13, 0x2BB3, 0x2233, 0xD2BB, 0xA970, 0x0789, 0x33A7,
 194         0x2DB6, 0x3C22, 0x1592, 0xC920, 0x8749, 0xAAFF, 0x5078, 0xA57A,
 195         0x038F, 0x59F8, 0x0980, 0x1A17, 0x65DA, 0xD731, 0x84C6, 0xD0B8,
 196         0x82C3, 0x29B0, 0x5A77, 0x1E11, 0x7BCB, 0xA8FC, 0x6DD6, 0x2C3A,
 197 };
 198
 199 static inline u16 _S_(u16 v)
 200 {
 201         u16 t = Sbox[Hi8(v)];
 202         return Sbox[Lo8(v)] ^ ((t << 8) | (t >> 8));
 203 }
 204
 205 #define PHASE1_LOOP_COUNT 8
 206
 207 static void tkip_mixing_phase1(u16 * TTAK, const u8 * TK, const u8 * TA,
 208                                u32 IV32)
 209 {
 210         int i, j;
 211
 212         /* Initialize the 80-bit TTAK from TSC (IV32) and TA[0..5] */
 213         TTAK[0] = Lo16(IV32);
 214         TTAK[1] = Hi16(IV32);
 215         TTAK[2] = Mk16(TA[1], TA[0]);
 216         TTAK[3] = Mk16(TA[3], TA[2]);
 217         TTAK[4] = Mk16(TA[5], TA[4]);
 218
 219         for (i = 0; i < PHASE1_LOOP_COUNT; i++) {
 220                 j = 2 * (i & 1);
 221                 TTAK[0] += _S_(TTAK[4] ^ Mk16(TK[1 + j], TK[0 + j]));
 222                 TTAK[1] += _S_(TTAK[0] ^ Mk16(TK[5 + j], TK[4 + j]));
 223                 TTAK[2] += _S_(TTAK[1] ^ Mk16(TK[9 + j], TK[8 + j]));
 224                 TTAK[3] += _S_(TTAK[2] ^ Mk16(TK[13 + j], TK[12 + j]));
 225                 TTAK[4] += _S_(TTAK[3] ^ Mk16(TK[1 + j], TK[0 + j])) + i;
 226         }
 227 }
 228
 229 static void tkip_mixing_phase2(u8 * WEPSeed, const u8 * TK, const u16 * TTAK,
 230                                u16 IV16)
 231 {
 232         /* Make temporary area overlap WEP seed so that the final copy can be
 233          * avoided on little endian hosts. */
 234         u16 *PPK = (u16 *) & WEPSeed[4];
 235
 236         /* Step 1 - make copy of TTAK and bring in TSC */
 237         PPK[0] = TTAK[0];
 238         PPK[1] = TTAK[1];
 239         PPK[2] = TTAK[2];
 240         PPK[3] = TTAK[3];
 241         PPK[4] = TTAK[4];
 242         PPK[5] = TTAK[4] + IV16;
 243
 244         /* Step 2 - 96-bit bijective mixing using S-box */
 245         PPK[0] += _S_(PPK[5] ^ Mk16_le((u16 *) & TK[0]));
 246         PPK[1] += _S_(PPK[0] ^ Mk16_le((u16 *) & TK[2]));
 247         PPK[2] += _S_(PPK[1] ^ Mk16_le((u16 *) & TK[4]));
 248         PPK[3] += _S_(PPK[2] ^ Mk16_le((u16 *) & TK[6]));
 249         PPK[4] += _S_(PPK[3] ^ Mk16_le((u16 *) & TK[8]));
 250         PPK[5] += _S_(PPK[4] ^ Mk16_le((u16 *) & TK[10]));
 251
 252         PPK[0] += RotR1(PPK[5] ^ Mk16_le((u16 *) & TK[12]));
 253         PPK[1] += RotR1(PPK[0] ^ Mk16_le((u16 *) & TK[14]));
 254         PPK[2] += RotR1(PPK[1]);
 255         PPK[3] += RotR1(PPK[2]);
 256         PPK[4] += RotR1(PPK[3]);
 257         PPK[5] += RotR1(PPK[4]);
 258
 259         /* Step 3 - bring in last of TK bits, assign 24-bit WEP IV value
 260          * WEPSeed[0..2] is transmitted as WEP IV */
 261         WEPSeed[0] = Hi8(IV16);
 262         WEPSeed[1] = (Hi8(IV16) | 0x20) & 0x7F;
 263         WEPSeed[2] = Lo8(IV16);
 264         WEPSeed[3] = Lo8((PPK[5] ^ Mk16_le((u16 *) & TK[0])) >> 1);
 265
 266 #ifdef __BIG_ENDIAN
 267         {
 268                 int i;
 269                 for (i = 0; i < 6; i++)
 270                         PPK[i] = (PPK[i] << 8) | (PPK[i] >> 8);
 271         }
 272 #endif
 273 }
 274
 275 static u8 *ieee80211_tkip_hdr(struct sk_buff *skb, int hdr_len, void *priv)
 276 {
 277         struct ieee80211_tkip_data *tkey = priv;
 278         int len;
 279         u8 *rc4key, *pos, *icv;
 280         struct ieee80211_hdr_4addr *hdr;
 281         u32 crc;
 282
 283         hdr = (struct ieee80211_hdr_4addr *)skb->data;
 284
 285         if (skb_headroom(skb) < 8 || skb->len < hdr_len)
 286                 return NULL;
 287
 288         if (!tkey->tx_phase1_done) {
 289                 tkip_mixing_phase1(tkey->tx_ttak, tkey->key, hdr->addr2,
 290                                    tkey->tx_iv32);
 291                 tkey->tx_phase1_done = 1;
 292         }
 293         rc4key = kmalloc(16, GFP_ATOMIC);
 294         if (!rc4key)
 295                 return NULL;
 296         tkip_mixing_phase2(rc4key, tkey->key, tkey->tx_ttak, tkey->tx_iv16);
 297
 298         len = skb->len - hdr_len;
 299         pos = skb_push(skb, 8);
 300         memmove(pos, pos + 8, hdr_len);
 301         pos += hdr_len;
 302         icv = skb_put(skb, 4);
 303
 304         *pos++ = *rc4key;
 305         *pos++ = *(rc4key + 1);
 306         *pos++ = *(rc4key + 2);
 307         *pos++ = (tkey->key_idx << 6) | (1 << 5) /* Ext IV included */ ;
 308         *pos++ = tkey->tx_iv32 & 0xff;
 309         *pos++ = (tkey->tx_iv32 >> 8) & 0xff;
 310         *pos++ = (tkey->tx_iv32 >> 16) & 0xff;
 311         *pos++ = (tkey->tx_iv32 >> 24) & 0xff;
 312
 313         crc = ~crc32_le(~0, pos, len);
 314         icv[0] = crc;
 315         icv[1] = crc >> 8;
 316         icv[2] = crc >> 16;
 317         icv[3] = crc >> 24;
 318
 319         return rc4key;
 320 }
 321
 322 static int ieee80211_tkip_encrypt(struct sk_buff *skb, int hdr_len, void *priv)
 323 {
 324         struct ieee80211_tkip_data *tkey = priv;
 325         int len;
 326         const u8 *rc4key;
 327         u8 *pos;
 328         struct scatterlist sg;
 329
 330         if (tkey->flags & IEEE80211_CRYPTO_TKIP_COUNTERMEASURES) {
 331                 if (net_ratelimit()) {
 332                         struct ieee80211_hdr_4addr *hdr =
 333                             (struct ieee80211_hdr_4addr *)skb->data;
 334                         printk(KERN_DEBUG "TKIP countermeasures: dropped "
 335                                "TX packet to " MAC_FMT "\n",
 336                                MAC_ARG(hdr->addr1));
 337                 }
 338                 return -1;
 339         }
 340
 341         if (skb_tailroom(skb) < 4 || skb->len < hdr_len)
 342                 return -1;
 343
 344         len = skb->len - hdr_len;
 345         pos = skb->data + hdr_len;
 346
 347         rc4key = ieee80211_tkip_hdr(skb, hdr_len, priv);
 348         if (!rc4key)
 349                 return -1;
 350
 351         crypto_cipher_setkey(tkey->tfm_arc4, rc4key, 16);
 352         sg.page = virt_to_page(pos);
 353         sg.offset = offset_in_page(pos);
 354         sg.length = len + 4;
 355         crypto_cipher_encrypt(tkey->tfm_arc4, &sg, &sg, len + 4);
 356
 357         tkey->tx_iv16++;
 358         if (tkey->tx_iv16 == 0) {
 359                 tkey->tx_phase1_done = 0;
 360                 tkey->tx_iv32++;
 361         }
 362
 363         return 0;
 364 }
 365
 366 static int ieee80211_tkip_decrypt(struct sk_buff *skb, int hdr_len, void *priv)
 367 {
 368         struct ieee80211_tkip_data *tkey = priv;
 369         u8 rc4key[16];
 370         u8 keyidx, *pos;
 371         u32 iv32;
 372         u16 iv16;
 373         struct ieee80211_hdr_4addr *hdr;
 374         u8 icv[4];
 375         u32 crc;
 376         struct scatterlist sg;
 377         int plen;
 378
 379         hdr = (struct ieee80211_hdr_4addr *)skb->data;
 380
 381         if (tkey->flags & IEEE80211_CRYPTO_TKIP_COUNTERMEASURES) {
 382                 if (net_ratelimit()) {
 383                         printk(KERN_DEBUG "TKIP countermeasures: dropped "
 384                                "received packet from " MAC_FMT "\n",
 385                                MAC_ARG(hdr->addr2));
 386                 }
 387                 return -1;
 388         }
 389
 390         if (skb->len < hdr_len + 8 + 4)
 391                 return -1;
 392
 393         pos = skb->data + hdr_len;
 394         keyidx = pos[3];
 395         if (!(keyidx & (1 << 5))) {
 396                 if (net_ratelimit()) {
 397                         printk(KERN_DEBUG "TKIP: received packet without ExtIV"
 398                                " flag from " MAC_FMT "\n", MAC_ARG(hdr->addr2));
 399                 }
 400                 return -2;
 401         }
 402         keyidx >>= 6;
 403         if (tkey->key_idx != keyidx) {
 404                 printk(KERN_DEBUG "TKIP: RX tkey->key_idx=%d frame "
 405                        "keyidx=%d priv=%p\n", tkey->key_idx, keyidx, priv);
 406                 return -6;
 407         }
 408         if (!tkey->key_set) {
 409                 if (net_ratelimit()) {
 410                         printk(KERN_DEBUG "TKIP: received packet from " MAC_FMT
 411                                " with keyid=%d that does not have a configured"
 412                                " key\n", MAC_ARG(hdr->addr2), keyidx);
 413                 }
 414                 return -3;
 415         }
 416         iv16 = (pos[0] << 8) | pos[2];
 417         iv32 = pos[4] | (pos[5] << 8) | (pos[6] << 16) | (pos[7] << 24);
 418         pos += 8;
 419
 420         if (iv32 < tkey->rx_iv32 ||
 421             (iv32 == tkey->rx_iv32 && iv16 <= tkey->rx_iv16)) {
 422                 if (net_ratelimit()) {
 423                         printk(KERN_DEBUG "TKIP: replay detected: STA=" MAC_FMT
 424                                " previous TSC %08x%04x received TSC "
 425                                "%08x%04x\n", MAC_ARG(hdr->addr2),
 426                                tkey->rx_iv32, tkey->rx_iv16, iv32, iv16);
 427                 }
 428                 tkey->dot11RSNAStatsTKIPReplays++;
 429                 return -4;
 430         }
 431
 432         if (iv32 != tkey->rx_iv32 || !tkey->rx_phase1_done) {
 433                 tkip_mixing_phase1(tkey->rx_ttak, tkey->key, hdr->addr2, iv32);
 434                 tkey->rx_phase1_done = 1;
 435         }
 436         tkip_mixing_phase2(rc4key, tkey->key, tkey->rx_ttak, iv16);
 437
 438         plen = skb->len - hdr_len - 12;
 439
 440         crypto_cipher_setkey(tkey->tfm_arc4, rc4key, 16);
 441         sg.page = virt_to_page(pos);
 442         sg.offset = offset_in_page(pos);
 443         sg.length = plen + 4;
 444         crypto_cipher_decrypt(tkey->tfm_arc4, &sg, &sg, plen + 4);
 445
 446         crc = ~crc32_le(~0, pos, plen);
 447         icv[0] = crc;
 448         icv[1] = crc >> 8;
 449         icv[2] = crc >> 16;
 450         icv[3] = crc >> 24;
 451         if (memcmp(icv, pos + plen, 4) != 0) {
 452                 if (iv32 != tkey->rx_iv32) {
 453                         /* Previously cached Phase1 result was already lost, so
 454                          * it needs to be recalculated for the next packet. */
 455                         tkey->rx_phase1_done = 0;
 456                 }
 457                 if (net_ratelimit()) {
 458                         printk(KERN_DEBUG "TKIP: ICV error detected: STA="
 459                                MAC_FMT "\n", MAC_ARG(hdr->addr2));
 460                 }
 461                 tkey->dot11RSNAStatsTKIPICVErrors++;
 462                 return -5;
 463         }
 464
 465         /* Update real counters only after Michael MIC verification has
 466          * completed */
 467         tkey->rx_iv32_new = iv32;
 468         tkey->rx_iv16_new = iv16;
 469
 470         /* Remove IV and ICV */
 471         memmove(skb->data + 8, skb->data, hdr_len);
 472         skb_pull(skb, 8);
 473         skb_trim(skb, skb->len - 4);
 474
 475         return keyidx;
 476 }
 477
 478 static int michael_mic(struct ieee80211_tkip_data *tkey, u8 * key, u8 * hdr,
 479                        u8 * data, size_t data_len, u8 * mic)
 480 {
 481         struct scatterlist sg[2];
 482
 483         if (tkey->tfm_michael == NULL) {
 484                 printk(KERN_WARNING "michael_mic: tfm_michael == NULL\n");
 485                 return -1;
 486         }
 487         sg[0].page = virt_to_page(hdr);
 488         sg[0].offset = offset_in_page(hdr);
 489         sg[0].length = 16;
 490
 491         sg[1].page = virt_to_page(data);
 492         sg[1].offset = offset_in_page(data);
 493         sg[1].length = data_len;
 494
 495         crypto_digest_init(tkey->tfm_michael);
 496         crypto_digest_setkey(tkey->tfm_michael, key, 8);
 497         crypto_digest_update(tkey->tfm_michael, sg, 2);
 498         crypto_digest_final(tkey->tfm_michael, mic);
 499
 500         return 0;
 501 }
 502
 503 static void michael_mic_hdr(struct sk_buff *skb, u8 * hdr)
 504 {
 505         struct ieee80211_hdr_4addr *hdr11;
 506
 507         hdr11 = (struct ieee80211_hdr_4addr *)skb->data;
 508         switch (le16_to_cpu(hdr11->frame_ctl) &
 509                 (IEEE80211_FCTL_FROMDS | IEEE80211_FCTL_TODS)) {
 510         case IEEE80211_FCTL_TODS:
 511                 memcpy(hdr, hdr11->addr3, ETH_ALEN);    /* DA */
 512                 memcpy(hdr + ETH_ALEN, hdr11->addr2, ETH_ALEN); /* SA */
 513                 break;
 514         case IEEE80211_FCTL_FROMDS:
 515                 memcpy(hdr, hdr11->addr1, ETH_ALEN);    /* DA */
 516                 memcpy(hdr + ETH_ALEN, hdr11->addr3, ETH_ALEN); /* SA */
 517                 break;
 518         case IEEE80211_FCTL_FROMDS | IEEE80211_FCTL_TODS:
 519                 memcpy(hdr, hdr11->addr3, ETH_ALEN);    /* DA */
 520                 memcpy(hdr + ETH_ALEN, hdr11->addr4, ETH_ALEN); /* SA */
 521                 break;
 522         case 0:
 523                 memcpy(hdr, hdr11->addr1, ETH_ALEN);    /* DA */
 524                 memcpy(hdr + ETH_ALEN, hdr11->addr2, ETH_ALEN); /* SA */
 525                 break;
 526         }
 527
 528         hdr[12] = 0;            /* priority */
 529         hdr[13] = hdr[14] = hdr[15] = 0;        /* reserved */
 530 }
 531
 532 static int ieee80211_michael_mic_add(struct sk_buff *skb, int hdr_len,
 533                                      void *priv)
 534 {
 535         struct ieee80211_tkip_data *tkey = priv;
 536         u8 *pos;
 537
 538         if (skb_tailroom(skb) < 8 || skb->len < hdr_len) {
 539                 printk(KERN_DEBUG "Invalid packet for Michael MIC add "
 540                        "(tailroom=%d hdr_len=%d skb->len=%d)\n",
 541                        skb_tailroom(skb), hdr_len, skb->len);
 542                 return -1;
 543         }
 544
 545         michael_mic_hdr(skb, tkey->tx_hdr);
 546         pos = skb_put(skb, 8);
 547         if (michael_mic(tkey, &tkey->key[16], tkey->tx_hdr,
 548                         skb->data + hdr_len, skb->len - 8 - hdr_len, pos))
 549                 return -1;
 550
 551         return 0;
 552 }
 553
 554 static void ieee80211_michael_mic_failure(struct net_device *dev,
 555                                           struct ieee80211_hdr_4addr *hdr,
 556                                           int keyidx)
 557 {
 558         union iwreq_data wrqu;
 559         struct iw_michaelmicfailure ev;
 560
 561         /* TODO: needed parameters: count, keyid, key type, TSC */
 562         memset(&ev, 0, sizeof(ev));
 563         ev.flags = keyidx & IW_MICFAILURE_KEY_ID;
 564         if (hdr->addr1[0] & 0x01)
 565                 ev.flags |= IW_MICFAILURE_GROUP;
 566         else
 567                 ev.flags |= IW_MICFAILURE_PAIRWISE;
 568         ev.src_addr.sa_family = ARPHRD_ETHER;
 569         memcpy(ev.src_addr.sa_data, hdr->addr2, ETH_ALEN);
 570         memset(&wrqu, 0, sizeof(wrqu));
 571         wrqu.data.length = sizeof(ev);
 572         wireless_send_event(dev, IWEVMICHAELMICFAILURE, &wrqu, (char *)&ev);
 573 }
 574
 575 static int ieee80211_michael_mic_verify(struct sk_buff *skb, int keyidx,
 576                                         int hdr_len, void *priv)
 577 {
 578         struct ieee80211_tkip_data *tkey = priv;
 579         u8 mic[8];
 580
 581         if (!tkey->key_set)
 582                 return -1;
 583
 584         michael_mic_hdr(skb, tkey->rx_hdr);
 585         if (michael_mic(tkey, &tkey->key[24], tkey->rx_hdr,
 586                         skb->data + hdr_len, skb->len - 8 - hdr_len, mic))
 587                 return -1;
 588         if (memcmp(mic, skb->data + skb->len - 8, 8) != 0) {
 589                 struct ieee80211_hdr_4addr *hdr;
 590                 hdr = (struct ieee80211_hdr_4addr *)skb->data;
 591                 printk(KERN_DEBUG "%s: Michael MIC verification failed for "
 592                        "MSDU from " MAC_FMT " keyidx=%d\n",
 593                        skb->dev ? skb->dev->name : "N/A", MAC_ARG(hdr->addr2),
 594                        keyidx);
 595                 if (skb->dev)
 596                         ieee80211_michael_mic_failure(skb->dev, hdr, keyidx);
 597                 tkey->dot11RSNAStatsTKIPLocalMICFailures++;
 598                 return -1;
 599         }
 600
 601         /* Update TSC counters for RX now that the packet verification has
 602          * completed. */
 603         tkey->rx_iv32 = tkey->rx_iv32_new;
 604         tkey->rx_iv16 = tkey->rx_iv16_new;
 605
 606         skb_trim(skb, skb->len - 8);
 607
 608         return 0;
 609 }
 610
 611 static int ieee80211_tkip_set_key(void *key, int len, u8 * seq, void *priv)
 612 {
 613         struct ieee80211_tkip_data *tkey = priv;
 614         int keyidx;
 615         struct crypto_tfm *tfm = tkey->tfm_michael;
 616         struct crypto_tfm *tfm2 = tkey->tfm_arc4;
 617
 618         keyidx = tkey->key_idx;
 619         memset(tkey, 0, sizeof(*tkey));
 620         tkey->key_idx = keyidx;
 621         tkey->tfm_michael = tfm;
 622         tkey->tfm_arc4 = tfm2;
 623         if (len == TKIP_KEY_LEN) {
 624                 memcpy(tkey->key, key, TKIP_KEY_LEN);
 625                 tkey->key_set = 1;
 626                 tkey->tx_iv16 = 1;      /* TSC is initialized to 1 */
 627                 if (seq) {
 628                         tkey->rx_iv32 = (seq[5] << 24) | (seq[4] << 16) |
 629                             (seq[3] << 8) | seq[2];
 630                         tkey->rx_iv16 = (seq[1] << 8) | seq[0];
 631                 }
 632         } else if (len == 0)
 633                 tkey->key_set = 0;
 634         else
 635                 return -1;
 636
 637         return 0;
 638 }
 639
 640 static int ieee80211_tkip_get_key(void *key, int len, u8 * seq, void *priv)
 641 {
 642         struct ieee80211_tkip_data *tkey = priv;
 643
 644         if (len < TKIP_KEY_LEN)
 645                 return -1;
 646
 647         if (!tkey->key_set)
 648                 return 0;
 649         memcpy(key, tkey->key, TKIP_KEY_LEN);
 650
 651         if (seq) {
 652                 /* Return the sequence number of the last transmitted frame. */
 653                 u16 iv16 = tkey->tx_iv16;
 654                 u32 iv32 = tkey->tx_iv32;
 655                 if (iv16 == 0)
 656                         iv32--;
 657                 iv16--;
 658                 seq[0] = tkey->tx_iv16;
 659                 seq[1] = tkey->tx_iv16 >> 8;
 660                 seq[2] = tkey->tx_iv32;
 661                 seq[3] = tkey->tx_iv32 >> 8;
 662                 seq[4] = tkey->tx_iv32 >> 16;
 663                 seq[5] = tkey->tx_iv32 >> 24;
 664         }
 665
 666         return TKIP_KEY_LEN;
 667 }
 668
 669 static char *ieee80211_tkip_print_stats(char *p, void *priv)
 670 {
 671         struct ieee80211_tkip_data *tkip = priv;
 672         p += sprintf(p, "key[%d] alg=TKIP key_set=%d "
 673                      "tx_pn=%02x%02x%02x%02x%02x%02x "
 674                      "rx_pn=%02x%02x%02x%02x%02x%02x "
 675                      "replays=%d icv_errors=%d local_mic_failures=%d\n",
 676                      tkip->key_idx, tkip->key_set,
 677                      (tkip->tx_iv32 >> 24) & 0xff,
 678                      (tkip->tx_iv32 >> 16) & 0xff,
 679                      (tkip->tx_iv32 >> 8) & 0xff,
 680                      tkip->tx_iv32 & 0xff,
 681                      (tkip->tx_iv16 >> 8) & 0xff,
 682                      tkip->tx_iv16 & 0xff,
 683                      (tkip->rx_iv32 >> 24) & 0xff,
 684                      (tkip->rx_iv32 >> 16) & 0xff,
 685                      (tkip->rx_iv32 >> 8) & 0xff,
 686                      tkip->rx_iv32 & 0xff,
 687                      (tkip->rx_iv16 >> 8) & 0xff,
 688                      tkip->rx_iv16 & 0xff,
 689                      tkip->dot11RSNAStatsTKIPReplays,
 690                      tkip->dot11RSNAStatsTKIPICVErrors,
 691                      tkip->dot11RSNAStatsTKIPLocalMICFailures);
 692         return p;
 693 }
 694
 695 static struct ieee80211_crypto_ops ieee80211_crypt_tkip = {
 696         .name = "TKIP",
 697         .init = ieee80211_tkip_init,
 698         .deinit = ieee80211_tkip_deinit,
 699         .encrypt_mpdu = ieee80211_tkip_encrypt,
 700         .decrypt_mpdu = ieee80211_tkip_decrypt,
 701         .encrypt_msdu = ieee80211_michael_mic_add,
 702         .decrypt_msdu = ieee80211_michael_mic_verify,
 703         .set_key = ieee80211_tkip_set_key,
 704         .get_key = ieee80211_tkip_get_key,
 705         .print_stats = ieee80211_tkip_print_stats,
 706         .extra_mpdu_prefix_len = 4 + 4, /* IV + ExtIV */
 707         .extra_mpdu_postfix_len = 4,    /* ICV */
 708         .extra_msdu_postfix_len = 8,    /* MIC */
 709         .get_flags = ieee80211_tkip_get_flags,
 710         .set_flags = ieee80211_tkip_set_flags,
 711         .owner = THIS_MODULE,
 712 };
 713
 714 static int __init ieee80211_crypto_tkip_init(void)
 715 {
 716         return ieee80211_register_crypto_ops(&ieee80211_crypt_tkip);
 717 }
 718
 719 static void __exit ieee80211_crypto_tkip_exit(void)
 720 {
 721         ieee80211_unregister_crypto_ops(&ieee80211_crypt_tkip);
 722 }
 723
 724 module_init(ieee80211_crypto_tkip_init);
 725 module_exit(ieee80211_crypto_tkip_exit);