Merge master.kernel.org:/pub/scm/linux/kernel/git/acme/net-2.6
[linux-2.6] / net / ieee80211 / ieee80211_crypt_tkip.c
1 /*
2  * Host AP crypt: host-based TKIP encryption implementation for Host AP driver
3  *
4  * Copyright (c) 2003-2004, Jouni Malinen <jkmaline@cc.hut.fi>
5  *
6  * This program is free software; you can redistribute it and/or modify
7  * it under the terms of the GNU General Public License version 2 as
8  * published by the Free Software Foundation. See README and COPYING for
9  * more details.
10  */
11
12 #include <linux/err.h>
13 #include <linux/module.h>
14 #include <linux/init.h>
15 #include <linux/slab.h>
16 #include <linux/random.h>
17 #include <linux/skbuff.h>
18 #include <linux/netdevice.h>
19 #include <linux/if_ether.h>
20 #include <linux/if_arp.h>
21 #include <asm/string.h>
22
23 #include <net/ieee80211.h>
24
25 #include <linux/crypto.h>
26 #include <asm/scatterlist.h>
27 #include <linux/crc32.h>
28
29 MODULE_AUTHOR("Jouni Malinen");
30 MODULE_DESCRIPTION("Host AP crypt: TKIP");
31 MODULE_LICENSE("GPL");
32
33 struct ieee80211_tkip_data {
34 #define TKIP_KEY_LEN 32
35         u8 key[TKIP_KEY_LEN];
36         int key_set;
37
38         u32 tx_iv32;
39         u16 tx_iv16;
40         u16 tx_ttak[5];
41         int tx_phase1_done;
42
43         u32 rx_iv32;
44         u16 rx_iv16;
45         u16 rx_ttak[5];
46         int rx_phase1_done;
47         u32 rx_iv32_new;
48         u16 rx_iv16_new;
49
50         u32 dot11RSNAStatsTKIPReplays;
51         u32 dot11RSNAStatsTKIPICVErrors;
52         u32 dot11RSNAStatsTKIPLocalMICFailures;
53
54         int key_idx;
55
56         struct crypto_blkcipher *rx_tfm_arc4;
57         struct crypto_hash *rx_tfm_michael;
58         struct crypto_blkcipher *tx_tfm_arc4;
59         struct crypto_hash *tx_tfm_michael;
60
61         /* scratch buffers for virt_to_page() (crypto API) */
62         u8 rx_hdr[16], tx_hdr[16];
63
64         unsigned long flags;
65 };
66
67 static unsigned long ieee80211_tkip_set_flags(unsigned long flags, void *priv)
68 {
69         struct ieee80211_tkip_data *_priv = priv;
70         unsigned long old_flags = _priv->flags;
71         _priv->flags = flags;
72         return old_flags;
73 }
74
75 static unsigned long ieee80211_tkip_get_flags(void *priv)
76 {
77         struct ieee80211_tkip_data *_priv = priv;
78         return _priv->flags;
79 }
80
81 static void *ieee80211_tkip_init(int key_idx)
82 {
83         struct ieee80211_tkip_data *priv;
84
85         priv = kzalloc(sizeof(*priv), GFP_ATOMIC);
86         if (priv == NULL)
87                 goto fail;
88
89         priv->key_idx = key_idx;
90
91         priv->tx_tfm_arc4 = crypto_alloc_blkcipher("ecb(arc4)", 0,
92                                                 CRYPTO_ALG_ASYNC);
93         if (IS_ERR(priv->tx_tfm_arc4)) {
94                 printk(KERN_DEBUG "ieee80211_crypt_tkip: could not allocate "
95                        "crypto API arc4\n");
96                 priv->tx_tfm_arc4 = NULL;
97                 goto fail;
98         }
99
100         priv->tx_tfm_michael = crypto_alloc_hash("michael_mic", 0,
101                                                  CRYPTO_ALG_ASYNC);
102         if (IS_ERR(priv->tx_tfm_michael)) {
103                 printk(KERN_DEBUG "ieee80211_crypt_tkip: could not allocate "
104                        "crypto API michael_mic\n");
105                 priv->tx_tfm_michael = NULL;
106                 goto fail;
107         }
108
109         priv->rx_tfm_arc4 = crypto_alloc_blkcipher("ecb(arc4)", 0,
110                                                 CRYPTO_ALG_ASYNC);
111         if (IS_ERR(priv->rx_tfm_arc4)) {
112                 printk(KERN_DEBUG "ieee80211_crypt_tkip: could not allocate "
113                        "crypto API arc4\n");
114                 priv->rx_tfm_arc4 = NULL;
115                 goto fail;
116         }
117
118         priv->rx_tfm_michael = crypto_alloc_hash("michael_mic", 0,
119                                                  CRYPTO_ALG_ASYNC);
120         if (IS_ERR(priv->rx_tfm_michael)) {
121                 printk(KERN_DEBUG "ieee80211_crypt_tkip: could not allocate "
122                        "crypto API michael_mic\n");
123                 priv->rx_tfm_michael = NULL;
124                 goto fail;
125         }
126
127         return priv;
128
129       fail:
130         if (priv) {
131                 if (priv->tx_tfm_michael)
132                         crypto_free_hash(priv->tx_tfm_michael);
133                 if (priv->tx_tfm_arc4)
134                         crypto_free_blkcipher(priv->tx_tfm_arc4);
135                 if (priv->rx_tfm_michael)
136                         crypto_free_hash(priv->rx_tfm_michael);
137                 if (priv->rx_tfm_arc4)
138                         crypto_free_blkcipher(priv->rx_tfm_arc4);
139                 kfree(priv);
140         }
141
142         return NULL;
143 }
144
145 static void ieee80211_tkip_deinit(void *priv)
146 {
147         struct ieee80211_tkip_data *_priv = priv;
148         if (_priv) {
149                 if (_priv->tx_tfm_michael)
150                         crypto_free_hash(_priv->tx_tfm_michael);
151                 if (_priv->tx_tfm_arc4)
152                         crypto_free_blkcipher(_priv->tx_tfm_arc4);
153                 if (_priv->rx_tfm_michael)
154                         crypto_free_hash(_priv->rx_tfm_michael);
155                 if (_priv->rx_tfm_arc4)
156                         crypto_free_blkcipher(_priv->rx_tfm_arc4);
157         }
158         kfree(priv);
159 }
160
161 static inline u16 RotR1(u16 val)
162 {
163         return (val >> 1) | (val << 15);
164 }
165
166 static inline u8 Lo8(u16 val)
167 {
168         return val & 0xff;
169 }
170
171 static inline u8 Hi8(u16 val)
172 {
173         return val >> 8;
174 }
175
176 static inline u16 Lo16(u32 val)
177 {
178         return val & 0xffff;
179 }
180
181 static inline u16 Hi16(u32 val)
182 {
183         return val >> 16;
184 }
185
186 static inline u16 Mk16(u8 hi, u8 lo)
187 {
188         return lo | (((u16) hi) << 8);
189 }
190
191 static inline u16 Mk16_le(u16 * v)
192 {
193         return le16_to_cpu(*v);
194 }
195
196 static const u16 Sbox[256] = {
197         0xC6A5, 0xF884, 0xEE99, 0xF68D, 0xFF0D, 0xD6BD, 0xDEB1, 0x9154,
198         0x6050, 0x0203, 0xCEA9, 0x567D, 0xE719, 0xB562, 0x4DE6, 0xEC9A,
199         0x8F45, 0x1F9D, 0x8940, 0xFA87, 0xEF15, 0xB2EB, 0x8EC9, 0xFB0B,
200         0x41EC, 0xB367, 0x5FFD, 0x45EA, 0x23BF, 0x53F7, 0xE496, 0x9B5B,
201         0x75C2, 0xE11C, 0x3DAE, 0x4C6A, 0x6C5A, 0x7E41, 0xF502, 0x834F,
202         0x685C, 0x51F4, 0xD134, 0xF908, 0xE293, 0xAB73, 0x6253, 0x2A3F,
203         0x080C, 0x9552, 0x4665, 0x9D5E, 0x3028, 0x37A1, 0x0A0F, 0x2FB5,
204         0x0E09, 0x2436, 0x1B9B, 0xDF3D, 0xCD26, 0x4E69, 0x7FCD, 0xEA9F,
205         0x121B, 0x1D9E, 0x5874, 0x342E, 0x362D, 0xDCB2, 0xB4EE, 0x5BFB,
206         0xA4F6, 0x764D, 0xB761, 0x7DCE, 0x527B, 0xDD3E, 0x5E71, 0x1397,
207         0xA6F5, 0xB968, 0x0000, 0xC12C, 0x4060, 0xE31F, 0x79C8, 0xB6ED,
208         0xD4BE, 0x8D46, 0x67D9, 0x724B, 0x94DE, 0x98D4, 0xB0E8, 0x854A,
209         0xBB6B, 0xC52A, 0x4FE5, 0xED16, 0x86C5, 0x9AD7, 0x6655, 0x1194,
210         0x8ACF, 0xE910, 0x0406, 0xFE81, 0xA0F0, 0x7844, 0x25BA, 0x4BE3,
211         0xA2F3, 0x5DFE, 0x80C0, 0x058A, 0x3FAD, 0x21BC, 0x7048, 0xF104,
212         0x63DF, 0x77C1, 0xAF75, 0x4263, 0x2030, 0xE51A, 0xFD0E, 0xBF6D,
213         0x814C, 0x1814, 0x2635, 0xC32F, 0xBEE1, 0x35A2, 0x88CC, 0x2E39,
214         0x9357, 0x55F2, 0xFC82, 0x7A47, 0xC8AC, 0xBAE7, 0x322B, 0xE695,
215         0xC0A0, 0x1998, 0x9ED1, 0xA37F, 0x4466, 0x547E, 0x3BAB, 0x0B83,
216         0x8CCA, 0xC729, 0x6BD3, 0x283C, 0xA779, 0xBCE2, 0x161D, 0xAD76,
217         0xDB3B, 0x6456, 0x744E, 0x141E, 0x92DB, 0x0C0A, 0x486C, 0xB8E4,
218         0x9F5D, 0xBD6E, 0x43EF, 0xC4A6, 0x39A8, 0x31A4, 0xD337, 0xF28B,
219         0xD532, 0x8B43, 0x6E59, 0xDAB7, 0x018C, 0xB164, 0x9CD2, 0x49E0,
220         0xD8B4, 0xACFA, 0xF307, 0xCF25, 0xCAAF, 0xF48E, 0x47E9, 0x1018,
221         0x6FD5, 0xF088, 0x4A6F, 0x5C72, 0x3824, 0x57F1, 0x73C7, 0x9751,
222         0xCB23, 0xA17C, 0xE89C, 0x3E21, 0x96DD, 0x61DC, 0x0D86, 0x0F85,
223         0xE090, 0x7C42, 0x71C4, 0xCCAA, 0x90D8, 0x0605, 0xF701, 0x1C12,
224         0xC2A3, 0x6A5F, 0xAEF9, 0x69D0, 0x1791, 0x9958, 0x3A27, 0x27B9,
225         0xD938, 0xEB13, 0x2BB3, 0x2233, 0xD2BB, 0xA970, 0x0789, 0x33A7,
226         0x2DB6, 0x3C22, 0x1592, 0xC920, 0x8749, 0xAAFF, 0x5078, 0xA57A,
227         0x038F, 0x59F8, 0x0980, 0x1A17, 0x65DA, 0xD731, 0x84C6, 0xD0B8,
228         0x82C3, 0x29B0, 0x5A77, 0x1E11, 0x7BCB, 0xA8FC, 0x6DD6, 0x2C3A,
229 };
230
231 static inline u16 _S_(u16 v)
232 {
233         u16 t = Sbox[Hi8(v)];
234         return Sbox[Lo8(v)] ^ ((t << 8) | (t >> 8));
235 }
236
237 #define PHASE1_LOOP_COUNT 8
238
239 static void tkip_mixing_phase1(u16 * TTAK, const u8 * TK, const u8 * TA,
240                                u32 IV32)
241 {
242         int i, j;
243
244         /* Initialize the 80-bit TTAK from TSC (IV32) and TA[0..5] */
245         TTAK[0] = Lo16(IV32);
246         TTAK[1] = Hi16(IV32);
247         TTAK[2] = Mk16(TA[1], TA[0]);
248         TTAK[3] = Mk16(TA[3], TA[2]);
249         TTAK[4] = Mk16(TA[5], TA[4]);
250
251         for (i = 0; i < PHASE1_LOOP_COUNT; i++) {
252                 j = 2 * (i & 1);
253                 TTAK[0] += _S_(TTAK[4] ^ Mk16(TK[1 + j], TK[0 + j]));
254                 TTAK[1] += _S_(TTAK[0] ^ Mk16(TK[5 + j], TK[4 + j]));
255                 TTAK[2] += _S_(TTAK[1] ^ Mk16(TK[9 + j], TK[8 + j]));
256                 TTAK[3] += _S_(TTAK[2] ^ Mk16(TK[13 + j], TK[12 + j]));
257                 TTAK[4] += _S_(TTAK[3] ^ Mk16(TK[1 + j], TK[0 + j])) + i;
258         }
259 }
260
261 static void tkip_mixing_phase2(u8 * WEPSeed, const u8 * TK, const u16 * TTAK,
262                                u16 IV16)
263 {
264         /* Make temporary area overlap WEP seed so that the final copy can be
265          * avoided on little endian hosts. */
266         u16 *PPK = (u16 *) & WEPSeed[4];
267
268         /* Step 1 - make copy of TTAK and bring in TSC */
269         PPK[0] = TTAK[0];
270         PPK[1] = TTAK[1];
271         PPK[2] = TTAK[2];
272         PPK[3] = TTAK[3];
273         PPK[4] = TTAK[4];
274         PPK[5] = TTAK[4] + IV16;
275
276         /* Step 2 - 96-bit bijective mixing using S-box */
277         PPK[0] += _S_(PPK[5] ^ Mk16_le((u16 *) & TK[0]));
278         PPK[1] += _S_(PPK[0] ^ Mk16_le((u16 *) & TK[2]));
279         PPK[2] += _S_(PPK[1] ^ Mk16_le((u16 *) & TK[4]));
280         PPK[3] += _S_(PPK[2] ^ Mk16_le((u16 *) & TK[6]));
281         PPK[4] += _S_(PPK[3] ^ Mk16_le((u16 *) & TK[8]));
282         PPK[5] += _S_(PPK[4] ^ Mk16_le((u16 *) & TK[10]));
283
284         PPK[0] += RotR1(PPK[5] ^ Mk16_le((u16 *) & TK[12]));
285         PPK[1] += RotR1(PPK[0] ^ Mk16_le((u16 *) & TK[14]));
286         PPK[2] += RotR1(PPK[1]);
287         PPK[3] += RotR1(PPK[2]);
288         PPK[4] += RotR1(PPK[3]);
289         PPK[5] += RotR1(PPK[4]);
290
291         /* Step 3 - bring in last of TK bits, assign 24-bit WEP IV value
292          * WEPSeed[0..2] is transmitted as WEP IV */
293         WEPSeed[0] = Hi8(IV16);
294         WEPSeed[1] = (Hi8(IV16) | 0x20) & 0x7F;
295         WEPSeed[2] = Lo8(IV16);
296         WEPSeed[3] = Lo8((PPK[5] ^ Mk16_le((u16 *) & TK[0])) >> 1);
297
298 #ifdef __BIG_ENDIAN
299         {
300                 int i;
301                 for (i = 0; i < 6; i++)
302                         PPK[i] = (PPK[i] << 8) | (PPK[i] >> 8);
303         }
304 #endif
305 }
306
307 static int ieee80211_tkip_hdr(struct sk_buff *skb, int hdr_len,
308                               u8 * rc4key, int keylen, void *priv)
309 {
310         struct ieee80211_tkip_data *tkey = priv;
311         int len;
312         u8 *pos;
313         struct ieee80211_hdr_4addr *hdr;
314
315         hdr = (struct ieee80211_hdr_4addr *)skb->data;
316
317         if (skb_headroom(skb) < 8 || skb->len < hdr_len)
318                 return -1;
319
320         if (rc4key == NULL || keylen < 16)
321                 return -1;
322
323         if (!tkey->tx_phase1_done) {
324                 tkip_mixing_phase1(tkey->tx_ttak, tkey->key, hdr->addr2,
325                                    tkey->tx_iv32);
326                 tkey->tx_phase1_done = 1;
327         }
328         tkip_mixing_phase2(rc4key, tkey->key, tkey->tx_ttak, tkey->tx_iv16);
329
330         len = skb->len - hdr_len;
331         pos = skb_push(skb, 8);
332         memmove(pos, pos + 8, hdr_len);
333         pos += hdr_len;
334
335         *pos++ = *rc4key;
336         *pos++ = *(rc4key + 1);
337         *pos++ = *(rc4key + 2);
338         *pos++ = (tkey->key_idx << 6) | (1 << 5) /* Ext IV included */ ;
339         *pos++ = tkey->tx_iv32 & 0xff;
340         *pos++ = (tkey->tx_iv32 >> 8) & 0xff;
341         *pos++ = (tkey->tx_iv32 >> 16) & 0xff;
342         *pos++ = (tkey->tx_iv32 >> 24) & 0xff;
343
344         tkey->tx_iv16++;
345         if (tkey->tx_iv16 == 0) {
346                 tkey->tx_phase1_done = 0;
347                 tkey->tx_iv32++;
348         }
349
350         return 8;
351 }
352
353 static int ieee80211_tkip_encrypt(struct sk_buff *skb, int hdr_len, void *priv)
354 {
355         struct ieee80211_tkip_data *tkey = priv;
356         struct blkcipher_desc desc = { .tfm = tkey->tx_tfm_arc4 };
357         int len;
358         u8 rc4key[16], *pos, *icv;
359         u32 crc;
360         struct scatterlist sg;
361
362         if (tkey->flags & IEEE80211_CRYPTO_TKIP_COUNTERMEASURES) {
363                 if (net_ratelimit()) {
364                         struct ieee80211_hdr_4addr *hdr =
365                             (struct ieee80211_hdr_4addr *)skb->data;
366                         printk(KERN_DEBUG ": TKIP countermeasures: dropped "
367                                "TX packet to " MAC_FMT "\n",
368                                MAC_ARG(hdr->addr1));
369                 }
370                 return -1;
371         }
372
373         if (skb_tailroom(skb) < 4 || skb->len < hdr_len)
374                 return -1;
375
376         len = skb->len - hdr_len;
377         pos = skb->data + hdr_len;
378
379         if ((ieee80211_tkip_hdr(skb, hdr_len, rc4key, 16, priv)) < 0)
380                 return -1;
381
382         icv = skb_put(skb, 4);
383
384         crc = ~crc32_le(~0, pos, len);
385         icv[0] = crc;
386         icv[1] = crc >> 8;
387         icv[2] = crc >> 16;
388         icv[3] = crc >> 24;
389
390         crypto_blkcipher_setkey(tkey->tx_tfm_arc4, rc4key, 16);
391         sg.page = virt_to_page(pos);
392         sg.offset = offset_in_page(pos);
393         sg.length = len + 4;
394         return crypto_blkcipher_encrypt(&desc, &sg, &sg, len + 4);
395 }
396
397 /*
398  * deal with seq counter wrapping correctly.
399  * refer to timer_after() for jiffies wrapping handling
400  */
401 static inline int tkip_replay_check(u32 iv32_n, u16 iv16_n,
402                                     u32 iv32_o, u16 iv16_o)
403 {
404         if ((s32)iv32_n - (s32)iv32_o < 0 ||
405             (iv32_n == iv32_o && iv16_n <= iv16_o))
406                 return 1;
407         return 0;
408 }
409
410 static int ieee80211_tkip_decrypt(struct sk_buff *skb, int hdr_len, void *priv)
411 {
412         struct ieee80211_tkip_data *tkey = priv;
413         struct blkcipher_desc desc = { .tfm = tkey->rx_tfm_arc4 };
414         u8 rc4key[16];
415         u8 keyidx, *pos;
416         u32 iv32;
417         u16 iv16;
418         struct ieee80211_hdr_4addr *hdr;
419         u8 icv[4];
420         u32 crc;
421         struct scatterlist sg;
422         int plen;
423
424         hdr = (struct ieee80211_hdr_4addr *)skb->data;
425
426         if (tkey->flags & IEEE80211_CRYPTO_TKIP_COUNTERMEASURES) {
427                 if (net_ratelimit()) {
428                         printk(KERN_DEBUG ": TKIP countermeasures: dropped "
429                                "received packet from " MAC_FMT "\n",
430                                MAC_ARG(hdr->addr2));
431                 }
432                 return -1;
433         }
434
435         if (skb->len < hdr_len + 8 + 4)
436                 return -1;
437
438         pos = skb->data + hdr_len;
439         keyidx = pos[3];
440         if (!(keyidx & (1 << 5))) {
441                 if (net_ratelimit()) {
442                         printk(KERN_DEBUG "TKIP: received packet without ExtIV"
443                                " flag from " MAC_FMT "\n", MAC_ARG(hdr->addr2));
444                 }
445                 return -2;
446         }
447         keyidx >>= 6;
448         if (tkey->key_idx != keyidx) {
449                 printk(KERN_DEBUG "TKIP: RX tkey->key_idx=%d frame "
450                        "keyidx=%d priv=%p\n", tkey->key_idx, keyidx, priv);
451                 return -6;
452         }
453         if (!tkey->key_set) {
454                 if (net_ratelimit()) {
455                         printk(KERN_DEBUG "TKIP: received packet from " MAC_FMT
456                                " with keyid=%d that does not have a configured"
457                                " key\n", MAC_ARG(hdr->addr2), keyidx);
458                 }
459                 return -3;
460         }
461         iv16 = (pos[0] << 8) | pos[2];
462         iv32 = pos[4] | (pos[5] << 8) | (pos[6] << 16) | (pos[7] << 24);
463         pos += 8;
464
465         if (tkip_replay_check(iv32, iv16, tkey->rx_iv32, tkey->rx_iv16)) {
466                 if (net_ratelimit()) {
467                         printk(KERN_DEBUG "TKIP: replay detected: STA=" MAC_FMT
468                                " previous TSC %08x%04x received TSC "
469                                "%08x%04x\n", MAC_ARG(hdr->addr2),
470                                tkey->rx_iv32, tkey->rx_iv16, iv32, iv16);
471                 }
472                 tkey->dot11RSNAStatsTKIPReplays++;
473                 return -4;
474         }
475
476         if (iv32 != tkey->rx_iv32 || !tkey->rx_phase1_done) {
477                 tkip_mixing_phase1(tkey->rx_ttak, tkey->key, hdr->addr2, iv32);
478                 tkey->rx_phase1_done = 1;
479         }
480         tkip_mixing_phase2(rc4key, tkey->key, tkey->rx_ttak, iv16);
481
482         plen = skb->len - hdr_len - 12;
483
484         crypto_blkcipher_setkey(tkey->rx_tfm_arc4, rc4key, 16);
485         sg.page = virt_to_page(pos);
486         sg.offset = offset_in_page(pos);
487         sg.length = plen + 4;
488         if (crypto_blkcipher_decrypt(&desc, &sg, &sg, plen + 4)) {
489                 if (net_ratelimit()) {
490                         printk(KERN_DEBUG ": TKIP: failed to decrypt "
491                                "received packet from " MAC_FMT "\n",
492                                MAC_ARG(hdr->addr2));
493                 }
494                 return -7;
495         }
496
497         crc = ~crc32_le(~0, pos, plen);
498         icv[0] = crc;
499         icv[1] = crc >> 8;
500         icv[2] = crc >> 16;
501         icv[3] = crc >> 24;
502         if (memcmp(icv, pos + plen, 4) != 0) {
503                 if (iv32 != tkey->rx_iv32) {
504                         /* Previously cached Phase1 result was already lost, so
505                          * it needs to be recalculated for the next packet. */
506                         tkey->rx_phase1_done = 0;
507                 }
508                 if (net_ratelimit()) {
509                         printk(KERN_DEBUG "TKIP: ICV error detected: STA="
510                                MAC_FMT "\n", MAC_ARG(hdr->addr2));
511                 }
512                 tkey->dot11RSNAStatsTKIPICVErrors++;
513                 return -5;
514         }
515
516         /* Update real counters only after Michael MIC verification has
517          * completed */
518         tkey->rx_iv32_new = iv32;
519         tkey->rx_iv16_new = iv16;
520
521         /* Remove IV and ICV */
522         memmove(skb->data + 8, skb->data, hdr_len);
523         skb_pull(skb, 8);
524         skb_trim(skb, skb->len - 4);
525
526         return keyidx;
527 }
528
529 static int michael_mic(struct crypto_hash *tfm_michael, u8 * key, u8 * hdr,
530                        u8 * data, size_t data_len, u8 * mic)
531 {
532         struct hash_desc desc;
533         struct scatterlist sg[2];
534
535         if (tfm_michael == NULL) {
536                 printk(KERN_WARNING "michael_mic: tfm_michael == NULL\n");
537                 return -1;
538         }
539         sg[0].page = virt_to_page(hdr);
540         sg[0].offset = offset_in_page(hdr);
541         sg[0].length = 16;
542
543         sg[1].page = virt_to_page(data);
544         sg[1].offset = offset_in_page(data);
545         sg[1].length = data_len;
546
547         if (crypto_hash_setkey(tfm_michael, key, 8))
548                 return -1;
549
550         desc.tfm = tfm_michael;
551         desc.flags = 0;
552         return crypto_hash_digest(&desc, sg, data_len + 16, mic);
553 }
554
555 static void michael_mic_hdr(struct sk_buff *skb, u8 * hdr)
556 {
557         struct ieee80211_hdr_4addr *hdr11;
558         u16 stype;
559
560         hdr11 = (struct ieee80211_hdr_4addr *)skb->data;
561         stype  = WLAN_FC_GET_STYPE(le16_to_cpu(hdr11->frame_ctl));
562
563         switch (le16_to_cpu(hdr11->frame_ctl) &
564                 (IEEE80211_FCTL_FROMDS | IEEE80211_FCTL_TODS)) {
565         case IEEE80211_FCTL_TODS:
566                 memcpy(hdr, hdr11->addr3, ETH_ALEN);    /* DA */
567                 memcpy(hdr + ETH_ALEN, hdr11->addr2, ETH_ALEN); /* SA */
568                 break;
569         case IEEE80211_FCTL_FROMDS:
570                 memcpy(hdr, hdr11->addr1, ETH_ALEN);    /* DA */
571                 memcpy(hdr + ETH_ALEN, hdr11->addr3, ETH_ALEN); /* SA */
572                 break;
573         case IEEE80211_FCTL_FROMDS | IEEE80211_FCTL_TODS:
574                 memcpy(hdr, hdr11->addr3, ETH_ALEN);    /* DA */
575                 memcpy(hdr + ETH_ALEN, hdr11->addr4, ETH_ALEN); /* SA */
576                 break;
577         case 0:
578                 memcpy(hdr, hdr11->addr1, ETH_ALEN);    /* DA */
579                 memcpy(hdr + ETH_ALEN, hdr11->addr2, ETH_ALEN); /* SA */
580                 break;
581         }
582
583         if (stype & IEEE80211_STYPE_QOS_DATA) {
584                 const struct ieee80211_hdr_3addrqos *qoshdr =
585                         (struct ieee80211_hdr_3addrqos *)skb->data;
586                 hdr[12] = qoshdr->qos_ctl & cpu_to_le16(IEEE80211_QCTL_TID);
587         } else
588                 hdr[12] = 0;            /* priority */
589
590         hdr[13] = hdr[14] = hdr[15] = 0;        /* reserved */
591 }
592
593 static int ieee80211_michael_mic_add(struct sk_buff *skb, int hdr_len,
594                                      void *priv)
595 {
596         struct ieee80211_tkip_data *tkey = priv;
597         u8 *pos;
598
599         if (skb_tailroom(skb) < 8 || skb->len < hdr_len) {
600                 printk(KERN_DEBUG "Invalid packet for Michael MIC add "
601                        "(tailroom=%d hdr_len=%d skb->len=%d)\n",
602                        skb_tailroom(skb), hdr_len, skb->len);
603                 return -1;
604         }
605
606         michael_mic_hdr(skb, tkey->tx_hdr);
607         pos = skb_put(skb, 8);
608         if (michael_mic(tkey->tx_tfm_michael, &tkey->key[16], tkey->tx_hdr,
609                         skb->data + hdr_len, skb->len - 8 - hdr_len, pos))
610                 return -1;
611
612         return 0;
613 }
614
615 static void ieee80211_michael_mic_failure(struct net_device *dev,
616                                           struct ieee80211_hdr_4addr *hdr,
617                                           int keyidx)
618 {
619         union iwreq_data wrqu;
620         struct iw_michaelmicfailure ev;
621
622         /* TODO: needed parameters: count, keyid, key type, TSC */
623         memset(&ev, 0, sizeof(ev));
624         ev.flags = keyidx & IW_MICFAILURE_KEY_ID;
625         if (hdr->addr1[0] & 0x01)
626                 ev.flags |= IW_MICFAILURE_GROUP;
627         else
628                 ev.flags |= IW_MICFAILURE_PAIRWISE;
629         ev.src_addr.sa_family = ARPHRD_ETHER;
630         memcpy(ev.src_addr.sa_data, hdr->addr2, ETH_ALEN);
631         memset(&wrqu, 0, sizeof(wrqu));
632         wrqu.data.length = sizeof(ev);
633         wireless_send_event(dev, IWEVMICHAELMICFAILURE, &wrqu, (char *)&ev);
634 }
635
636 static int ieee80211_michael_mic_verify(struct sk_buff *skb, int keyidx,
637                                         int hdr_len, void *priv)
638 {
639         struct ieee80211_tkip_data *tkey = priv;
640         u8 mic[8];
641
642         if (!tkey->key_set)
643                 return -1;
644
645         michael_mic_hdr(skb, tkey->rx_hdr);
646         if (michael_mic(tkey->rx_tfm_michael, &tkey->key[24], tkey->rx_hdr,
647                         skb->data + hdr_len, skb->len - 8 - hdr_len, mic))
648                 return -1;
649         if (memcmp(mic, skb->data + skb->len - 8, 8) != 0) {
650                 struct ieee80211_hdr_4addr *hdr;
651                 hdr = (struct ieee80211_hdr_4addr *)skb->data;
652                 printk(KERN_DEBUG "%s: Michael MIC verification failed for "
653                        "MSDU from " MAC_FMT " keyidx=%d\n",
654                        skb->dev ? skb->dev->name : "N/A", MAC_ARG(hdr->addr2),
655                        keyidx);
656                 if (skb->dev)
657                         ieee80211_michael_mic_failure(skb->dev, hdr, keyidx);
658                 tkey->dot11RSNAStatsTKIPLocalMICFailures++;
659                 return -1;
660         }
661
662         /* Update TSC counters for RX now that the packet verification has
663          * completed. */
664         tkey->rx_iv32 = tkey->rx_iv32_new;
665         tkey->rx_iv16 = tkey->rx_iv16_new;
666
667         skb_trim(skb, skb->len - 8);
668
669         return 0;
670 }
671
672 static int ieee80211_tkip_set_key(void *key, int len, u8 * seq, void *priv)
673 {
674         struct ieee80211_tkip_data *tkey = priv;
675         int keyidx;
676         struct crypto_hash *tfm = tkey->tx_tfm_michael;
677         struct crypto_blkcipher *tfm2 = tkey->tx_tfm_arc4;
678         struct crypto_hash *tfm3 = tkey->rx_tfm_michael;
679         struct crypto_blkcipher *tfm4 = tkey->rx_tfm_arc4;
680
681         keyidx = tkey->key_idx;
682         memset(tkey, 0, sizeof(*tkey));
683         tkey->key_idx = keyidx;
684         tkey->tx_tfm_michael = tfm;
685         tkey->tx_tfm_arc4 = tfm2;
686         tkey->rx_tfm_michael = tfm3;
687         tkey->rx_tfm_arc4 = tfm4;
688         if (len == TKIP_KEY_LEN) {
689                 memcpy(tkey->key, key, TKIP_KEY_LEN);
690                 tkey->key_set = 1;
691                 tkey->tx_iv16 = 1;      /* TSC is initialized to 1 */
692                 if (seq) {
693                         tkey->rx_iv32 = (seq[5] << 24) | (seq[4] << 16) |
694                             (seq[3] << 8) | seq[2];
695                         tkey->rx_iv16 = (seq[1] << 8) | seq[0];
696                 }
697         } else if (len == 0)
698                 tkey->key_set = 0;
699         else
700                 return -1;
701
702         return 0;
703 }
704
705 static int ieee80211_tkip_get_key(void *key, int len, u8 * seq, void *priv)
706 {
707         struct ieee80211_tkip_data *tkey = priv;
708
709         if (len < TKIP_KEY_LEN)
710                 return -1;
711
712         if (!tkey->key_set)
713                 return 0;
714         memcpy(key, tkey->key, TKIP_KEY_LEN);
715
716         if (seq) {
717                 /* Return the sequence number of the last transmitted frame. */
718                 u16 iv16 = tkey->tx_iv16;
719                 u32 iv32 = tkey->tx_iv32;
720                 if (iv16 == 0)
721                         iv32--;
722                 iv16--;
723                 seq[0] = tkey->tx_iv16;
724                 seq[1] = tkey->tx_iv16 >> 8;
725                 seq[2] = tkey->tx_iv32;
726                 seq[3] = tkey->tx_iv32 >> 8;
727                 seq[4] = tkey->tx_iv32 >> 16;
728                 seq[5] = tkey->tx_iv32 >> 24;
729         }
730
731         return TKIP_KEY_LEN;
732 }
733
734 static char *ieee80211_tkip_print_stats(char *p, void *priv)
735 {
736         struct ieee80211_tkip_data *tkip = priv;
737         p += sprintf(p, "key[%d] alg=TKIP key_set=%d "
738                      "tx_pn=%02x%02x%02x%02x%02x%02x "
739                      "rx_pn=%02x%02x%02x%02x%02x%02x "
740                      "replays=%d icv_errors=%d local_mic_failures=%d\n",
741                      tkip->key_idx, tkip->key_set,
742                      (tkip->tx_iv32 >> 24) & 0xff,
743                      (tkip->tx_iv32 >> 16) & 0xff,
744                      (tkip->tx_iv32 >> 8) & 0xff,
745                      tkip->tx_iv32 & 0xff,
746                      (tkip->tx_iv16 >> 8) & 0xff,
747                      tkip->tx_iv16 & 0xff,
748                      (tkip->rx_iv32 >> 24) & 0xff,
749                      (tkip->rx_iv32 >> 16) & 0xff,
750                      (tkip->rx_iv32 >> 8) & 0xff,
751                      tkip->rx_iv32 & 0xff,
752                      (tkip->rx_iv16 >> 8) & 0xff,
753                      tkip->rx_iv16 & 0xff,
754                      tkip->dot11RSNAStatsTKIPReplays,
755                      tkip->dot11RSNAStatsTKIPICVErrors,
756                      tkip->dot11RSNAStatsTKIPLocalMICFailures);
757         return p;
758 }
759
760 static struct ieee80211_crypto_ops ieee80211_crypt_tkip = {
761         .name = "TKIP",
762         .init = ieee80211_tkip_init,
763         .deinit = ieee80211_tkip_deinit,
764         .build_iv = ieee80211_tkip_hdr,
765         .encrypt_mpdu = ieee80211_tkip_encrypt,
766         .decrypt_mpdu = ieee80211_tkip_decrypt,
767         .encrypt_msdu = ieee80211_michael_mic_add,
768         .decrypt_msdu = ieee80211_michael_mic_verify,
769         .set_key = ieee80211_tkip_set_key,
770         .get_key = ieee80211_tkip_get_key,
771         .print_stats = ieee80211_tkip_print_stats,
772         .extra_mpdu_prefix_len = 4 + 4, /* IV + ExtIV */
773         .extra_mpdu_postfix_len = 4,    /* ICV */
774         .extra_msdu_postfix_len = 8,    /* MIC */
775         .get_flags = ieee80211_tkip_get_flags,
776         .set_flags = ieee80211_tkip_set_flags,
777         .owner = THIS_MODULE,
778 };
779
780 static int __init ieee80211_crypto_tkip_init(void)
781 {
782         return ieee80211_register_crypto_ops(&ieee80211_crypt_tkip);
783 }
784
785 static void __exit ieee80211_crypto_tkip_exit(void)
786 {
787         ieee80211_unregister_crypto_ops(&ieee80211_crypt_tkip);
788 }
789
790 module_init(ieee80211_crypto_tkip_init);
791 module_exit(ieee80211_crypto_tkip_exit);