2 * Host AP crypt: host-based TKIP encryption implementation for Host AP driver
4 * Copyright (c) 2003-2004, Jouni Malinen <jkmaline@cc.hut.fi>
6 * This program is free software; you can redistribute it and/or modify
7 * it under the terms of the GNU General Public License version 2 as
8 * published by the Free Software Foundation. See README and COPYING for
12 #include <linux/err.h>
13 #include <linux/module.h>
14 #include <linux/init.h>
15 #include <linux/slab.h>
16 #include <linux/random.h>
17 #include <linux/skbuff.h>
18 #include <linux/netdevice.h>
19 #include <linux/if_ether.h>
20 #include <linux/if_arp.h>
21 #include <asm/string.h>
23 #include <net/ieee80211.h>
25 #include <linux/crypto.h>
26 #include <asm/scatterlist.h>
27 #include <linux/crc32.h>
29 MODULE_AUTHOR("Jouni Malinen");
30 MODULE_DESCRIPTION("Host AP crypt: TKIP");
31 MODULE_LICENSE("GPL");
33 struct ieee80211_tkip_data {
34 #define TKIP_KEY_LEN 32
50 u32 dot11RSNAStatsTKIPReplays;
51 u32 dot11RSNAStatsTKIPICVErrors;
52 u32 dot11RSNAStatsTKIPLocalMICFailures;
56 struct crypto_blkcipher *rx_tfm_arc4;
57 struct crypto_hash *rx_tfm_michael;
58 struct crypto_blkcipher *tx_tfm_arc4;
59 struct crypto_hash *tx_tfm_michael;
61 /* scratch buffers for virt_to_page() (crypto API) */
62 u8 rx_hdr[16], tx_hdr[16];
67 static unsigned long ieee80211_tkip_set_flags(unsigned long flags, void *priv)
69 struct ieee80211_tkip_data *_priv = priv;
70 unsigned long old_flags = _priv->flags;
75 static unsigned long ieee80211_tkip_get_flags(void *priv)
77 struct ieee80211_tkip_data *_priv = priv;
81 static void *ieee80211_tkip_init(int key_idx)
83 struct ieee80211_tkip_data *priv;
85 priv = kzalloc(sizeof(*priv), GFP_ATOMIC);
89 priv->key_idx = key_idx;
91 priv->tx_tfm_arc4 = crypto_alloc_blkcipher("ecb(arc4)", 0,
93 if (IS_ERR(priv->tx_tfm_arc4)) {
94 printk(KERN_DEBUG "ieee80211_crypt_tkip: could not allocate "
96 priv->tx_tfm_arc4 = NULL;
100 priv->tx_tfm_michael = crypto_alloc_hash("michael_mic", 0,
102 if (IS_ERR(priv->tx_tfm_michael)) {
103 printk(KERN_DEBUG "ieee80211_crypt_tkip: could not allocate "
104 "crypto API michael_mic\n");
105 priv->tx_tfm_michael = NULL;
109 priv->rx_tfm_arc4 = crypto_alloc_blkcipher("ecb(arc4)", 0,
111 if (IS_ERR(priv->rx_tfm_arc4)) {
112 printk(KERN_DEBUG "ieee80211_crypt_tkip: could not allocate "
113 "crypto API arc4\n");
114 priv->rx_tfm_arc4 = NULL;
118 priv->rx_tfm_michael = crypto_alloc_hash("michael_mic", 0,
120 if (IS_ERR(priv->rx_tfm_michael)) {
121 printk(KERN_DEBUG "ieee80211_crypt_tkip: could not allocate "
122 "crypto API michael_mic\n");
123 priv->rx_tfm_michael = NULL;
131 if (priv->tx_tfm_michael)
132 crypto_free_hash(priv->tx_tfm_michael);
133 if (priv->tx_tfm_arc4)
134 crypto_free_blkcipher(priv->tx_tfm_arc4);
135 if (priv->rx_tfm_michael)
136 crypto_free_hash(priv->rx_tfm_michael);
137 if (priv->rx_tfm_arc4)
138 crypto_free_blkcipher(priv->rx_tfm_arc4);
145 static void ieee80211_tkip_deinit(void *priv)
147 struct ieee80211_tkip_data *_priv = priv;
149 if (_priv->tx_tfm_michael)
150 crypto_free_hash(_priv->tx_tfm_michael);
151 if (_priv->tx_tfm_arc4)
152 crypto_free_blkcipher(_priv->tx_tfm_arc4);
153 if (_priv->rx_tfm_michael)
154 crypto_free_hash(_priv->rx_tfm_michael);
155 if (_priv->rx_tfm_arc4)
156 crypto_free_blkcipher(_priv->rx_tfm_arc4);
161 static inline u16 RotR1(u16 val)
163 return (val >> 1) | (val << 15);
166 static inline u8 Lo8(u16 val)
171 static inline u8 Hi8(u16 val)
176 static inline u16 Lo16(u32 val)
181 static inline u16 Hi16(u32 val)
186 static inline u16 Mk16(u8 hi, u8 lo)
188 return lo | (((u16) hi) << 8);
191 static inline u16 Mk16_le(u16 * v)
193 return le16_to_cpu(*v);
196 static const u16 Sbox[256] = {
197 0xC6A5, 0xF884, 0xEE99, 0xF68D, 0xFF0D, 0xD6BD, 0xDEB1, 0x9154,
198 0x6050, 0x0203, 0xCEA9, 0x567D, 0xE719, 0xB562, 0x4DE6, 0xEC9A,
199 0x8F45, 0x1F9D, 0x8940, 0xFA87, 0xEF15, 0xB2EB, 0x8EC9, 0xFB0B,
200 0x41EC, 0xB367, 0x5FFD, 0x45EA, 0x23BF, 0x53F7, 0xE496, 0x9B5B,
201 0x75C2, 0xE11C, 0x3DAE, 0x4C6A, 0x6C5A, 0x7E41, 0xF502, 0x834F,
202 0x685C, 0x51F4, 0xD134, 0xF908, 0xE293, 0xAB73, 0x6253, 0x2A3F,
203 0x080C, 0x9552, 0x4665, 0x9D5E, 0x3028, 0x37A1, 0x0A0F, 0x2FB5,
204 0x0E09, 0x2436, 0x1B9B, 0xDF3D, 0xCD26, 0x4E69, 0x7FCD, 0xEA9F,
205 0x121B, 0x1D9E, 0x5874, 0x342E, 0x362D, 0xDCB2, 0xB4EE, 0x5BFB,
206 0xA4F6, 0x764D, 0xB761, 0x7DCE, 0x527B, 0xDD3E, 0x5E71, 0x1397,
207 0xA6F5, 0xB968, 0x0000, 0xC12C, 0x4060, 0xE31F, 0x79C8, 0xB6ED,
208 0xD4BE, 0x8D46, 0x67D9, 0x724B, 0x94DE, 0x98D4, 0xB0E8, 0x854A,
209 0xBB6B, 0xC52A, 0x4FE5, 0xED16, 0x86C5, 0x9AD7, 0x6655, 0x1194,
210 0x8ACF, 0xE910, 0x0406, 0xFE81, 0xA0F0, 0x7844, 0x25BA, 0x4BE3,
211 0xA2F3, 0x5DFE, 0x80C0, 0x058A, 0x3FAD, 0x21BC, 0x7048, 0xF104,
212 0x63DF, 0x77C1, 0xAF75, 0x4263, 0x2030, 0xE51A, 0xFD0E, 0xBF6D,
213 0x814C, 0x1814, 0x2635, 0xC32F, 0xBEE1, 0x35A2, 0x88CC, 0x2E39,
214 0x9357, 0x55F2, 0xFC82, 0x7A47, 0xC8AC, 0xBAE7, 0x322B, 0xE695,
215 0xC0A0, 0x1998, 0x9ED1, 0xA37F, 0x4466, 0x547E, 0x3BAB, 0x0B83,
216 0x8CCA, 0xC729, 0x6BD3, 0x283C, 0xA779, 0xBCE2, 0x161D, 0xAD76,
217 0xDB3B, 0x6456, 0x744E, 0x141E, 0x92DB, 0x0C0A, 0x486C, 0xB8E4,
218 0x9F5D, 0xBD6E, 0x43EF, 0xC4A6, 0x39A8, 0x31A4, 0xD337, 0xF28B,
219 0xD532, 0x8B43, 0x6E59, 0xDAB7, 0x018C, 0xB164, 0x9CD2, 0x49E0,
220 0xD8B4, 0xACFA, 0xF307, 0xCF25, 0xCAAF, 0xF48E, 0x47E9, 0x1018,
221 0x6FD5, 0xF088, 0x4A6F, 0x5C72, 0x3824, 0x57F1, 0x73C7, 0x9751,
222 0xCB23, 0xA17C, 0xE89C, 0x3E21, 0x96DD, 0x61DC, 0x0D86, 0x0F85,
223 0xE090, 0x7C42, 0x71C4, 0xCCAA, 0x90D8, 0x0605, 0xF701, 0x1C12,
224 0xC2A3, 0x6A5F, 0xAEF9, 0x69D0, 0x1791, 0x9958, 0x3A27, 0x27B9,
225 0xD938, 0xEB13, 0x2BB3, 0x2233, 0xD2BB, 0xA970, 0x0789, 0x33A7,
226 0x2DB6, 0x3C22, 0x1592, 0xC920, 0x8749, 0xAAFF, 0x5078, 0xA57A,
227 0x038F, 0x59F8, 0x0980, 0x1A17, 0x65DA, 0xD731, 0x84C6, 0xD0B8,
228 0x82C3, 0x29B0, 0x5A77, 0x1E11, 0x7BCB, 0xA8FC, 0x6DD6, 0x2C3A,
231 static inline u16 _S_(u16 v)
233 u16 t = Sbox[Hi8(v)];
234 return Sbox[Lo8(v)] ^ ((t << 8) | (t >> 8));
237 #define PHASE1_LOOP_COUNT 8
239 static void tkip_mixing_phase1(u16 * TTAK, const u8 * TK, const u8 * TA,
244 /* Initialize the 80-bit TTAK from TSC (IV32) and TA[0..5] */
245 TTAK[0] = Lo16(IV32);
246 TTAK[1] = Hi16(IV32);
247 TTAK[2] = Mk16(TA[1], TA[0]);
248 TTAK[3] = Mk16(TA[3], TA[2]);
249 TTAK[4] = Mk16(TA[5], TA[4]);
251 for (i = 0; i < PHASE1_LOOP_COUNT; i++) {
253 TTAK[0] += _S_(TTAK[4] ^ Mk16(TK[1 + j], TK[0 + j]));
254 TTAK[1] += _S_(TTAK[0] ^ Mk16(TK[5 + j], TK[4 + j]));
255 TTAK[2] += _S_(TTAK[1] ^ Mk16(TK[9 + j], TK[8 + j]));
256 TTAK[3] += _S_(TTAK[2] ^ Mk16(TK[13 + j], TK[12 + j]));
257 TTAK[4] += _S_(TTAK[3] ^ Mk16(TK[1 + j], TK[0 + j])) + i;
261 static void tkip_mixing_phase2(u8 * WEPSeed, const u8 * TK, const u16 * TTAK,
264 /* Make temporary area overlap WEP seed so that the final copy can be
265 * avoided on little endian hosts. */
266 u16 *PPK = (u16 *) & WEPSeed[4];
268 /* Step 1 - make copy of TTAK and bring in TSC */
274 PPK[5] = TTAK[4] + IV16;
276 /* Step 2 - 96-bit bijective mixing using S-box */
277 PPK[0] += _S_(PPK[5] ^ Mk16_le((u16 *) & TK[0]));
278 PPK[1] += _S_(PPK[0] ^ Mk16_le((u16 *) & TK[2]));
279 PPK[2] += _S_(PPK[1] ^ Mk16_le((u16 *) & TK[4]));
280 PPK[3] += _S_(PPK[2] ^ Mk16_le((u16 *) & TK[6]));
281 PPK[4] += _S_(PPK[3] ^ Mk16_le((u16 *) & TK[8]));
282 PPK[5] += _S_(PPK[4] ^ Mk16_le((u16 *) & TK[10]));
284 PPK[0] += RotR1(PPK[5] ^ Mk16_le((u16 *) & TK[12]));
285 PPK[1] += RotR1(PPK[0] ^ Mk16_le((u16 *) & TK[14]));
286 PPK[2] += RotR1(PPK[1]);
287 PPK[3] += RotR1(PPK[2]);
288 PPK[4] += RotR1(PPK[3]);
289 PPK[5] += RotR1(PPK[4]);
291 /* Step 3 - bring in last of TK bits, assign 24-bit WEP IV value
292 * WEPSeed[0..2] is transmitted as WEP IV */
293 WEPSeed[0] = Hi8(IV16);
294 WEPSeed[1] = (Hi8(IV16) | 0x20) & 0x7F;
295 WEPSeed[2] = Lo8(IV16);
296 WEPSeed[3] = Lo8((PPK[5] ^ Mk16_le((u16 *) & TK[0])) >> 1);
301 for (i = 0; i < 6; i++)
302 PPK[i] = (PPK[i] << 8) | (PPK[i] >> 8);
307 static int ieee80211_tkip_hdr(struct sk_buff *skb, int hdr_len,
308 u8 * rc4key, int keylen, void *priv)
310 struct ieee80211_tkip_data *tkey = priv;
313 struct ieee80211_hdr_4addr *hdr;
315 hdr = (struct ieee80211_hdr_4addr *)skb->data;
317 if (skb_headroom(skb) < 8 || skb->len < hdr_len)
320 if (rc4key == NULL || keylen < 16)
323 if (!tkey->tx_phase1_done) {
324 tkip_mixing_phase1(tkey->tx_ttak, tkey->key, hdr->addr2,
326 tkey->tx_phase1_done = 1;
328 tkip_mixing_phase2(rc4key, tkey->key, tkey->tx_ttak, tkey->tx_iv16);
330 len = skb->len - hdr_len;
331 pos = skb_push(skb, 8);
332 memmove(pos, pos + 8, hdr_len);
336 *pos++ = *(rc4key + 1);
337 *pos++ = *(rc4key + 2);
338 *pos++ = (tkey->key_idx << 6) | (1 << 5) /* Ext IV included */ ;
339 *pos++ = tkey->tx_iv32 & 0xff;
340 *pos++ = (tkey->tx_iv32 >> 8) & 0xff;
341 *pos++ = (tkey->tx_iv32 >> 16) & 0xff;
342 *pos++ = (tkey->tx_iv32 >> 24) & 0xff;
345 if (tkey->tx_iv16 == 0) {
346 tkey->tx_phase1_done = 0;
353 static int ieee80211_tkip_encrypt(struct sk_buff *skb, int hdr_len, void *priv)
355 struct ieee80211_tkip_data *tkey = priv;
356 struct blkcipher_desc desc = { .tfm = tkey->tx_tfm_arc4 };
358 u8 rc4key[16], *pos, *icv;
360 struct scatterlist sg;
362 if (tkey->flags & IEEE80211_CRYPTO_TKIP_COUNTERMEASURES) {
363 if (net_ratelimit()) {
364 struct ieee80211_hdr_4addr *hdr =
365 (struct ieee80211_hdr_4addr *)skb->data;
366 printk(KERN_DEBUG ": TKIP countermeasures: dropped "
367 "TX packet to " MAC_FMT "\n",
368 MAC_ARG(hdr->addr1));
373 if (skb_tailroom(skb) < 4 || skb->len < hdr_len)
376 len = skb->len - hdr_len;
377 pos = skb->data + hdr_len;
379 if ((ieee80211_tkip_hdr(skb, hdr_len, rc4key, 16, priv)) < 0)
382 icv = skb_put(skb, 4);
384 crc = ~crc32_le(~0, pos, len);
390 crypto_blkcipher_setkey(tkey->tx_tfm_arc4, rc4key, 16);
391 sg.page = virt_to_page(pos);
392 sg.offset = offset_in_page(pos);
394 return crypto_blkcipher_encrypt(&desc, &sg, &sg, len + 4);
398 * deal with seq counter wrapping correctly.
399 * refer to timer_after() for jiffies wrapping handling
401 static inline int tkip_replay_check(u32 iv32_n, u16 iv16_n,
402 u32 iv32_o, u16 iv16_o)
404 if ((s32)iv32_n - (s32)iv32_o < 0 ||
405 (iv32_n == iv32_o && iv16_n <= iv16_o))
410 static int ieee80211_tkip_decrypt(struct sk_buff *skb, int hdr_len, void *priv)
412 struct ieee80211_tkip_data *tkey = priv;
413 struct blkcipher_desc desc = { .tfm = tkey->rx_tfm_arc4 };
418 struct ieee80211_hdr_4addr *hdr;
421 struct scatterlist sg;
424 hdr = (struct ieee80211_hdr_4addr *)skb->data;
426 if (tkey->flags & IEEE80211_CRYPTO_TKIP_COUNTERMEASURES) {
427 if (net_ratelimit()) {
428 printk(KERN_DEBUG ": TKIP countermeasures: dropped "
429 "received packet from " MAC_FMT "\n",
430 MAC_ARG(hdr->addr2));
435 if (skb->len < hdr_len + 8 + 4)
438 pos = skb->data + hdr_len;
440 if (!(keyidx & (1 << 5))) {
441 if (net_ratelimit()) {
442 printk(KERN_DEBUG "TKIP: received packet without ExtIV"
443 " flag from " MAC_FMT "\n", MAC_ARG(hdr->addr2));
448 if (tkey->key_idx != keyidx) {
449 printk(KERN_DEBUG "TKIP: RX tkey->key_idx=%d frame "
450 "keyidx=%d priv=%p\n", tkey->key_idx, keyidx, priv);
453 if (!tkey->key_set) {
454 if (net_ratelimit()) {
455 printk(KERN_DEBUG "TKIP: received packet from " MAC_FMT
456 " with keyid=%d that does not have a configured"
457 " key\n", MAC_ARG(hdr->addr2), keyidx);
461 iv16 = (pos[0] << 8) | pos[2];
462 iv32 = pos[4] | (pos[5] << 8) | (pos[6] << 16) | (pos[7] << 24);
465 if (tkip_replay_check(iv32, iv16, tkey->rx_iv32, tkey->rx_iv16)) {
466 if (net_ratelimit()) {
467 printk(KERN_DEBUG "TKIP: replay detected: STA=" MAC_FMT
468 " previous TSC %08x%04x received TSC "
469 "%08x%04x\n", MAC_ARG(hdr->addr2),
470 tkey->rx_iv32, tkey->rx_iv16, iv32, iv16);
472 tkey->dot11RSNAStatsTKIPReplays++;
476 if (iv32 != tkey->rx_iv32 || !tkey->rx_phase1_done) {
477 tkip_mixing_phase1(tkey->rx_ttak, tkey->key, hdr->addr2, iv32);
478 tkey->rx_phase1_done = 1;
480 tkip_mixing_phase2(rc4key, tkey->key, tkey->rx_ttak, iv16);
482 plen = skb->len - hdr_len - 12;
484 crypto_blkcipher_setkey(tkey->rx_tfm_arc4, rc4key, 16);
485 sg.page = virt_to_page(pos);
486 sg.offset = offset_in_page(pos);
487 sg.length = plen + 4;
488 if (crypto_blkcipher_decrypt(&desc, &sg, &sg, plen + 4)) {
489 if (net_ratelimit()) {
490 printk(KERN_DEBUG ": TKIP: failed to decrypt "
491 "received packet from " MAC_FMT "\n",
492 MAC_ARG(hdr->addr2));
497 crc = ~crc32_le(~0, pos, plen);
502 if (memcmp(icv, pos + plen, 4) != 0) {
503 if (iv32 != tkey->rx_iv32) {
504 /* Previously cached Phase1 result was already lost, so
505 * it needs to be recalculated for the next packet. */
506 tkey->rx_phase1_done = 0;
508 if (net_ratelimit()) {
509 printk(KERN_DEBUG "TKIP: ICV error detected: STA="
510 MAC_FMT "\n", MAC_ARG(hdr->addr2));
512 tkey->dot11RSNAStatsTKIPICVErrors++;
516 /* Update real counters only after Michael MIC verification has
518 tkey->rx_iv32_new = iv32;
519 tkey->rx_iv16_new = iv16;
521 /* Remove IV and ICV */
522 memmove(skb->data + 8, skb->data, hdr_len);
524 skb_trim(skb, skb->len - 4);
529 static int michael_mic(struct crypto_hash *tfm_michael, u8 * key, u8 * hdr,
530 u8 * data, size_t data_len, u8 * mic)
532 struct hash_desc desc;
533 struct scatterlist sg[2];
535 if (tfm_michael == NULL) {
536 printk(KERN_WARNING "michael_mic: tfm_michael == NULL\n");
539 sg[0].page = virt_to_page(hdr);
540 sg[0].offset = offset_in_page(hdr);
543 sg[1].page = virt_to_page(data);
544 sg[1].offset = offset_in_page(data);
545 sg[1].length = data_len;
547 if (crypto_hash_setkey(tfm_michael, key, 8))
550 desc.tfm = tfm_michael;
552 return crypto_hash_digest(&desc, sg, data_len + 16, mic);
555 static void michael_mic_hdr(struct sk_buff *skb, u8 * hdr)
557 struct ieee80211_hdr_4addr *hdr11;
560 hdr11 = (struct ieee80211_hdr_4addr *)skb->data;
561 stype = WLAN_FC_GET_STYPE(le16_to_cpu(hdr11->frame_ctl));
563 switch (le16_to_cpu(hdr11->frame_ctl) &
564 (IEEE80211_FCTL_FROMDS | IEEE80211_FCTL_TODS)) {
565 case IEEE80211_FCTL_TODS:
566 memcpy(hdr, hdr11->addr3, ETH_ALEN); /* DA */
567 memcpy(hdr + ETH_ALEN, hdr11->addr2, ETH_ALEN); /* SA */
569 case IEEE80211_FCTL_FROMDS:
570 memcpy(hdr, hdr11->addr1, ETH_ALEN); /* DA */
571 memcpy(hdr + ETH_ALEN, hdr11->addr3, ETH_ALEN); /* SA */
573 case IEEE80211_FCTL_FROMDS | IEEE80211_FCTL_TODS:
574 memcpy(hdr, hdr11->addr3, ETH_ALEN); /* DA */
575 memcpy(hdr + ETH_ALEN, hdr11->addr4, ETH_ALEN); /* SA */
578 memcpy(hdr, hdr11->addr1, ETH_ALEN); /* DA */
579 memcpy(hdr + ETH_ALEN, hdr11->addr2, ETH_ALEN); /* SA */
583 if (stype & IEEE80211_STYPE_QOS_DATA) {
584 const struct ieee80211_hdr_3addrqos *qoshdr =
585 (struct ieee80211_hdr_3addrqos *)skb->data;
586 hdr[12] = qoshdr->qos_ctl & cpu_to_le16(IEEE80211_QCTL_TID);
588 hdr[12] = 0; /* priority */
590 hdr[13] = hdr[14] = hdr[15] = 0; /* reserved */
593 static int ieee80211_michael_mic_add(struct sk_buff *skb, int hdr_len,
596 struct ieee80211_tkip_data *tkey = priv;
599 if (skb_tailroom(skb) < 8 || skb->len < hdr_len) {
600 printk(KERN_DEBUG "Invalid packet for Michael MIC add "
601 "(tailroom=%d hdr_len=%d skb->len=%d)\n",
602 skb_tailroom(skb), hdr_len, skb->len);
606 michael_mic_hdr(skb, tkey->tx_hdr);
607 pos = skb_put(skb, 8);
608 if (michael_mic(tkey->tx_tfm_michael, &tkey->key[16], tkey->tx_hdr,
609 skb->data + hdr_len, skb->len - 8 - hdr_len, pos))
615 static void ieee80211_michael_mic_failure(struct net_device *dev,
616 struct ieee80211_hdr_4addr *hdr,
619 union iwreq_data wrqu;
620 struct iw_michaelmicfailure ev;
622 /* TODO: needed parameters: count, keyid, key type, TSC */
623 memset(&ev, 0, sizeof(ev));
624 ev.flags = keyidx & IW_MICFAILURE_KEY_ID;
625 if (hdr->addr1[0] & 0x01)
626 ev.flags |= IW_MICFAILURE_GROUP;
628 ev.flags |= IW_MICFAILURE_PAIRWISE;
629 ev.src_addr.sa_family = ARPHRD_ETHER;
630 memcpy(ev.src_addr.sa_data, hdr->addr2, ETH_ALEN);
631 memset(&wrqu, 0, sizeof(wrqu));
632 wrqu.data.length = sizeof(ev);
633 wireless_send_event(dev, IWEVMICHAELMICFAILURE, &wrqu, (char *)&ev);
636 static int ieee80211_michael_mic_verify(struct sk_buff *skb, int keyidx,
637 int hdr_len, void *priv)
639 struct ieee80211_tkip_data *tkey = priv;
645 michael_mic_hdr(skb, tkey->rx_hdr);
646 if (michael_mic(tkey->rx_tfm_michael, &tkey->key[24], tkey->rx_hdr,
647 skb->data + hdr_len, skb->len - 8 - hdr_len, mic))
649 if (memcmp(mic, skb->data + skb->len - 8, 8) != 0) {
650 struct ieee80211_hdr_4addr *hdr;
651 hdr = (struct ieee80211_hdr_4addr *)skb->data;
652 printk(KERN_DEBUG "%s: Michael MIC verification failed for "
653 "MSDU from " MAC_FMT " keyidx=%d\n",
654 skb->dev ? skb->dev->name : "N/A", MAC_ARG(hdr->addr2),
657 ieee80211_michael_mic_failure(skb->dev, hdr, keyidx);
658 tkey->dot11RSNAStatsTKIPLocalMICFailures++;
662 /* Update TSC counters for RX now that the packet verification has
664 tkey->rx_iv32 = tkey->rx_iv32_new;
665 tkey->rx_iv16 = tkey->rx_iv16_new;
667 skb_trim(skb, skb->len - 8);
672 static int ieee80211_tkip_set_key(void *key, int len, u8 * seq, void *priv)
674 struct ieee80211_tkip_data *tkey = priv;
676 struct crypto_hash *tfm = tkey->tx_tfm_michael;
677 struct crypto_blkcipher *tfm2 = tkey->tx_tfm_arc4;
678 struct crypto_hash *tfm3 = tkey->rx_tfm_michael;
679 struct crypto_blkcipher *tfm4 = tkey->rx_tfm_arc4;
681 keyidx = tkey->key_idx;
682 memset(tkey, 0, sizeof(*tkey));
683 tkey->key_idx = keyidx;
684 tkey->tx_tfm_michael = tfm;
685 tkey->tx_tfm_arc4 = tfm2;
686 tkey->rx_tfm_michael = tfm3;
687 tkey->rx_tfm_arc4 = tfm4;
688 if (len == TKIP_KEY_LEN) {
689 memcpy(tkey->key, key, TKIP_KEY_LEN);
691 tkey->tx_iv16 = 1; /* TSC is initialized to 1 */
693 tkey->rx_iv32 = (seq[5] << 24) | (seq[4] << 16) |
694 (seq[3] << 8) | seq[2];
695 tkey->rx_iv16 = (seq[1] << 8) | seq[0];
705 static int ieee80211_tkip_get_key(void *key, int len, u8 * seq, void *priv)
707 struct ieee80211_tkip_data *tkey = priv;
709 if (len < TKIP_KEY_LEN)
714 memcpy(key, tkey->key, TKIP_KEY_LEN);
717 /* Return the sequence number of the last transmitted frame. */
718 u16 iv16 = tkey->tx_iv16;
719 u32 iv32 = tkey->tx_iv32;
723 seq[0] = tkey->tx_iv16;
724 seq[1] = tkey->tx_iv16 >> 8;
725 seq[2] = tkey->tx_iv32;
726 seq[3] = tkey->tx_iv32 >> 8;
727 seq[4] = tkey->tx_iv32 >> 16;
728 seq[5] = tkey->tx_iv32 >> 24;
734 static char *ieee80211_tkip_print_stats(char *p, void *priv)
736 struct ieee80211_tkip_data *tkip = priv;
737 p += sprintf(p, "key[%d] alg=TKIP key_set=%d "
738 "tx_pn=%02x%02x%02x%02x%02x%02x "
739 "rx_pn=%02x%02x%02x%02x%02x%02x "
740 "replays=%d icv_errors=%d local_mic_failures=%d\n",
741 tkip->key_idx, tkip->key_set,
742 (tkip->tx_iv32 >> 24) & 0xff,
743 (tkip->tx_iv32 >> 16) & 0xff,
744 (tkip->tx_iv32 >> 8) & 0xff,
745 tkip->tx_iv32 & 0xff,
746 (tkip->tx_iv16 >> 8) & 0xff,
747 tkip->tx_iv16 & 0xff,
748 (tkip->rx_iv32 >> 24) & 0xff,
749 (tkip->rx_iv32 >> 16) & 0xff,
750 (tkip->rx_iv32 >> 8) & 0xff,
751 tkip->rx_iv32 & 0xff,
752 (tkip->rx_iv16 >> 8) & 0xff,
753 tkip->rx_iv16 & 0xff,
754 tkip->dot11RSNAStatsTKIPReplays,
755 tkip->dot11RSNAStatsTKIPICVErrors,
756 tkip->dot11RSNAStatsTKIPLocalMICFailures);
760 static struct ieee80211_crypto_ops ieee80211_crypt_tkip = {
762 .init = ieee80211_tkip_init,
763 .deinit = ieee80211_tkip_deinit,
764 .build_iv = ieee80211_tkip_hdr,
765 .encrypt_mpdu = ieee80211_tkip_encrypt,
766 .decrypt_mpdu = ieee80211_tkip_decrypt,
767 .encrypt_msdu = ieee80211_michael_mic_add,
768 .decrypt_msdu = ieee80211_michael_mic_verify,
769 .set_key = ieee80211_tkip_set_key,
770 .get_key = ieee80211_tkip_get_key,
771 .print_stats = ieee80211_tkip_print_stats,
772 .extra_mpdu_prefix_len = 4 + 4, /* IV + ExtIV */
773 .extra_mpdu_postfix_len = 4, /* ICV */
774 .extra_msdu_postfix_len = 8, /* MIC */
775 .get_flags = ieee80211_tkip_get_flags,
776 .set_flags = ieee80211_tkip_set_flags,
777 .owner = THIS_MODULE,
780 static int __init ieee80211_crypto_tkip_init(void)
782 return ieee80211_register_crypto_ops(&ieee80211_crypt_tkip);
785 static void __exit ieee80211_crypto_tkip_exit(void)
787 ieee80211_unregister_crypto_ops(&ieee80211_crypt_tkip);
790 module_init(ieee80211_crypto_tkip_init);
791 module_exit(ieee80211_crypto_tkip_exit);