2 * lib80211 crypt: host-based TKIP encryption implementation for lib80211
4 * Copyright (c) 2003-2004, Jouni Malinen <j@w1.fi>
5 * Copyright (c) 2008, John W. Linville <linville@tuxdriver.com>
7 * This program is free software; you can redistribute it and/or modify
8 * it under the terms of the GNU General Public License version 2 as
9 * published by the Free Software Foundation. See README and COPYING for
13 #include <linux/err.h>
14 #include <linux/module.h>
15 #include <linux/init.h>
16 #include <linux/slab.h>
17 #include <linux/random.h>
18 #include <linux/scatterlist.h>
19 #include <linux/skbuff.h>
20 #include <linux/netdevice.h>
22 #include <linux/if_ether.h>
23 #include <linux/if_arp.h>
24 #include <asm/string.h>
26 #include <linux/wireless.h>
27 #include <linux/ieee80211.h>
28 #include <net/iw_handler.h>
30 #include <linux/crypto.h>
31 #include <linux/crc32.h>
33 #include <net/lib80211.h>
35 MODULE_AUTHOR("Jouni Malinen");
36 MODULE_DESCRIPTION("lib80211 crypt: TKIP");
37 MODULE_LICENSE("GPL");
39 struct lib80211_tkip_data {
40 #define TKIP_KEY_LEN 32
56 u32 dot11RSNAStatsTKIPReplays;
57 u32 dot11RSNAStatsTKIPICVErrors;
58 u32 dot11RSNAStatsTKIPLocalMICFailures;
62 struct crypto_blkcipher *rx_tfm_arc4;
63 struct crypto_hash *rx_tfm_michael;
64 struct crypto_blkcipher *tx_tfm_arc4;
65 struct crypto_hash *tx_tfm_michael;
67 /* scratch buffers for virt_to_page() (crypto API) */
68 u8 rx_hdr[16], tx_hdr[16];
73 static unsigned long lib80211_tkip_set_flags(unsigned long flags, void *priv)
75 struct lib80211_tkip_data *_priv = priv;
76 unsigned long old_flags = _priv->flags;
81 static unsigned long lib80211_tkip_get_flags(void *priv)
83 struct lib80211_tkip_data *_priv = priv;
87 static void *lib80211_tkip_init(int key_idx)
89 struct lib80211_tkip_data *priv;
91 priv = kzalloc(sizeof(*priv), GFP_ATOMIC);
95 priv->key_idx = key_idx;
97 priv->tx_tfm_arc4 = crypto_alloc_blkcipher("ecb(arc4)", 0,
99 if (IS_ERR(priv->tx_tfm_arc4)) {
100 printk(KERN_DEBUG "lib80211_crypt_tkip: could not allocate "
101 "crypto API arc4\n");
102 priv->tx_tfm_arc4 = NULL;
106 priv->tx_tfm_michael = crypto_alloc_hash("michael_mic", 0,
108 if (IS_ERR(priv->tx_tfm_michael)) {
109 printk(KERN_DEBUG "lib80211_crypt_tkip: could not allocate "
110 "crypto API michael_mic\n");
111 priv->tx_tfm_michael = NULL;
115 priv->rx_tfm_arc4 = crypto_alloc_blkcipher("ecb(arc4)", 0,
117 if (IS_ERR(priv->rx_tfm_arc4)) {
118 printk(KERN_DEBUG "lib80211_crypt_tkip: could not allocate "
119 "crypto API arc4\n");
120 priv->rx_tfm_arc4 = NULL;
124 priv->rx_tfm_michael = crypto_alloc_hash("michael_mic", 0,
126 if (IS_ERR(priv->rx_tfm_michael)) {
127 printk(KERN_DEBUG "lib80211_crypt_tkip: could not allocate "
128 "crypto API michael_mic\n");
129 priv->rx_tfm_michael = NULL;
137 if (priv->tx_tfm_michael)
138 crypto_free_hash(priv->tx_tfm_michael);
139 if (priv->tx_tfm_arc4)
140 crypto_free_blkcipher(priv->tx_tfm_arc4);
141 if (priv->rx_tfm_michael)
142 crypto_free_hash(priv->rx_tfm_michael);
143 if (priv->rx_tfm_arc4)
144 crypto_free_blkcipher(priv->rx_tfm_arc4);
151 static void lib80211_tkip_deinit(void *priv)
153 struct lib80211_tkip_data *_priv = priv;
155 if (_priv->tx_tfm_michael)
156 crypto_free_hash(_priv->tx_tfm_michael);
157 if (_priv->tx_tfm_arc4)
158 crypto_free_blkcipher(_priv->tx_tfm_arc4);
159 if (_priv->rx_tfm_michael)
160 crypto_free_hash(_priv->rx_tfm_michael);
161 if (_priv->rx_tfm_arc4)
162 crypto_free_blkcipher(_priv->rx_tfm_arc4);
167 static inline u16 RotR1(u16 val)
169 return (val >> 1) | (val << 15);
172 static inline u8 Lo8(u16 val)
177 static inline u8 Hi8(u16 val)
182 static inline u16 Lo16(u32 val)
187 static inline u16 Hi16(u32 val)
192 static inline u16 Mk16(u8 hi, u8 lo)
194 return lo | (((u16) hi) << 8);
197 static inline u16 Mk16_le(__le16 * v)
199 return le16_to_cpu(*v);
202 static const u16 Sbox[256] = {
203 0xC6A5, 0xF884, 0xEE99, 0xF68D, 0xFF0D, 0xD6BD, 0xDEB1, 0x9154,
204 0x6050, 0x0203, 0xCEA9, 0x567D, 0xE719, 0xB562, 0x4DE6, 0xEC9A,
205 0x8F45, 0x1F9D, 0x8940, 0xFA87, 0xEF15, 0xB2EB, 0x8EC9, 0xFB0B,
206 0x41EC, 0xB367, 0x5FFD, 0x45EA, 0x23BF, 0x53F7, 0xE496, 0x9B5B,
207 0x75C2, 0xE11C, 0x3DAE, 0x4C6A, 0x6C5A, 0x7E41, 0xF502, 0x834F,
208 0x685C, 0x51F4, 0xD134, 0xF908, 0xE293, 0xAB73, 0x6253, 0x2A3F,
209 0x080C, 0x9552, 0x4665, 0x9D5E, 0x3028, 0x37A1, 0x0A0F, 0x2FB5,
210 0x0E09, 0x2436, 0x1B9B, 0xDF3D, 0xCD26, 0x4E69, 0x7FCD, 0xEA9F,
211 0x121B, 0x1D9E, 0x5874, 0x342E, 0x362D, 0xDCB2, 0xB4EE, 0x5BFB,
212 0xA4F6, 0x764D, 0xB761, 0x7DCE, 0x527B, 0xDD3E, 0x5E71, 0x1397,
213 0xA6F5, 0xB968, 0x0000, 0xC12C, 0x4060, 0xE31F, 0x79C8, 0xB6ED,
214 0xD4BE, 0x8D46, 0x67D9, 0x724B, 0x94DE, 0x98D4, 0xB0E8, 0x854A,
215 0xBB6B, 0xC52A, 0x4FE5, 0xED16, 0x86C5, 0x9AD7, 0x6655, 0x1194,
216 0x8ACF, 0xE910, 0x0406, 0xFE81, 0xA0F0, 0x7844, 0x25BA, 0x4BE3,
217 0xA2F3, 0x5DFE, 0x80C0, 0x058A, 0x3FAD, 0x21BC, 0x7048, 0xF104,
218 0x63DF, 0x77C1, 0xAF75, 0x4263, 0x2030, 0xE51A, 0xFD0E, 0xBF6D,
219 0x814C, 0x1814, 0x2635, 0xC32F, 0xBEE1, 0x35A2, 0x88CC, 0x2E39,
220 0x9357, 0x55F2, 0xFC82, 0x7A47, 0xC8AC, 0xBAE7, 0x322B, 0xE695,
221 0xC0A0, 0x1998, 0x9ED1, 0xA37F, 0x4466, 0x547E, 0x3BAB, 0x0B83,
222 0x8CCA, 0xC729, 0x6BD3, 0x283C, 0xA779, 0xBCE2, 0x161D, 0xAD76,
223 0xDB3B, 0x6456, 0x744E, 0x141E, 0x92DB, 0x0C0A, 0x486C, 0xB8E4,
224 0x9F5D, 0xBD6E, 0x43EF, 0xC4A6, 0x39A8, 0x31A4, 0xD337, 0xF28B,
225 0xD532, 0x8B43, 0x6E59, 0xDAB7, 0x018C, 0xB164, 0x9CD2, 0x49E0,
226 0xD8B4, 0xACFA, 0xF307, 0xCF25, 0xCAAF, 0xF48E, 0x47E9, 0x1018,
227 0x6FD5, 0xF088, 0x4A6F, 0x5C72, 0x3824, 0x57F1, 0x73C7, 0x9751,
228 0xCB23, 0xA17C, 0xE89C, 0x3E21, 0x96DD, 0x61DC, 0x0D86, 0x0F85,
229 0xE090, 0x7C42, 0x71C4, 0xCCAA, 0x90D8, 0x0605, 0xF701, 0x1C12,
230 0xC2A3, 0x6A5F, 0xAEF9, 0x69D0, 0x1791, 0x9958, 0x3A27, 0x27B9,
231 0xD938, 0xEB13, 0x2BB3, 0x2233, 0xD2BB, 0xA970, 0x0789, 0x33A7,
232 0x2DB6, 0x3C22, 0x1592, 0xC920, 0x8749, 0xAAFF, 0x5078, 0xA57A,
233 0x038F, 0x59F8, 0x0980, 0x1A17, 0x65DA, 0xD731, 0x84C6, 0xD0B8,
234 0x82C3, 0x29B0, 0x5A77, 0x1E11, 0x7BCB, 0xA8FC, 0x6DD6, 0x2C3A,
237 static inline u16 _S_(u16 v)
239 u16 t = Sbox[Hi8(v)];
240 return Sbox[Lo8(v)] ^ ((t << 8) | (t >> 8));
243 #define PHASE1_LOOP_COUNT 8
245 static void tkip_mixing_phase1(u16 * TTAK, const u8 * TK, const u8 * TA,
250 /* Initialize the 80-bit TTAK from TSC (IV32) and TA[0..5] */
251 TTAK[0] = Lo16(IV32);
252 TTAK[1] = Hi16(IV32);
253 TTAK[2] = Mk16(TA[1], TA[0]);
254 TTAK[3] = Mk16(TA[3], TA[2]);
255 TTAK[4] = Mk16(TA[5], TA[4]);
257 for (i = 0; i < PHASE1_LOOP_COUNT; i++) {
259 TTAK[0] += _S_(TTAK[4] ^ Mk16(TK[1 + j], TK[0 + j]));
260 TTAK[1] += _S_(TTAK[0] ^ Mk16(TK[5 + j], TK[4 + j]));
261 TTAK[2] += _S_(TTAK[1] ^ Mk16(TK[9 + j], TK[8 + j]));
262 TTAK[3] += _S_(TTAK[2] ^ Mk16(TK[13 + j], TK[12 + j]));
263 TTAK[4] += _S_(TTAK[3] ^ Mk16(TK[1 + j], TK[0 + j])) + i;
267 static void tkip_mixing_phase2(u8 * WEPSeed, const u8 * TK, const u16 * TTAK,
270 /* Make temporary area overlap WEP seed so that the final copy can be
271 * avoided on little endian hosts. */
272 u16 *PPK = (u16 *) & WEPSeed[4];
274 /* Step 1 - make copy of TTAK and bring in TSC */
280 PPK[5] = TTAK[4] + IV16;
282 /* Step 2 - 96-bit bijective mixing using S-box */
283 PPK[0] += _S_(PPK[5] ^ Mk16_le((__le16 *) & TK[0]));
284 PPK[1] += _S_(PPK[0] ^ Mk16_le((__le16 *) & TK[2]));
285 PPK[2] += _S_(PPK[1] ^ Mk16_le((__le16 *) & TK[4]));
286 PPK[3] += _S_(PPK[2] ^ Mk16_le((__le16 *) & TK[6]));
287 PPK[4] += _S_(PPK[3] ^ Mk16_le((__le16 *) & TK[8]));
288 PPK[5] += _S_(PPK[4] ^ Mk16_le((__le16 *) & TK[10]));
290 PPK[0] += RotR1(PPK[5] ^ Mk16_le((__le16 *) & TK[12]));
291 PPK[1] += RotR1(PPK[0] ^ Mk16_le((__le16 *) & TK[14]));
292 PPK[2] += RotR1(PPK[1]);
293 PPK[3] += RotR1(PPK[2]);
294 PPK[4] += RotR1(PPK[3]);
295 PPK[5] += RotR1(PPK[4]);
297 /* Step 3 - bring in last of TK bits, assign 24-bit WEP IV value
298 * WEPSeed[0..2] is transmitted as WEP IV */
299 WEPSeed[0] = Hi8(IV16);
300 WEPSeed[1] = (Hi8(IV16) | 0x20) & 0x7F;
301 WEPSeed[2] = Lo8(IV16);
302 WEPSeed[3] = Lo8((PPK[5] ^ Mk16_le((__le16 *) & TK[0])) >> 1);
307 for (i = 0; i < 6; i++)
308 PPK[i] = (PPK[i] << 8) | (PPK[i] >> 8);
313 static int lib80211_tkip_hdr(struct sk_buff *skb, int hdr_len,
314 u8 * rc4key, int keylen, void *priv)
316 struct lib80211_tkip_data *tkey = priv;
319 struct ieee80211_hdr *hdr;
321 hdr = (struct ieee80211_hdr *)skb->data;
323 if (skb_headroom(skb) < 8 || skb->len < hdr_len)
326 if (rc4key == NULL || keylen < 16)
329 if (!tkey->tx_phase1_done) {
330 tkip_mixing_phase1(tkey->tx_ttak, tkey->key, hdr->addr2,
332 tkey->tx_phase1_done = 1;
334 tkip_mixing_phase2(rc4key, tkey->key, tkey->tx_ttak, tkey->tx_iv16);
336 len = skb->len - hdr_len;
337 pos = skb_push(skb, 8);
338 memmove(pos, pos + 8, hdr_len);
342 *pos++ = *(rc4key + 1);
343 *pos++ = *(rc4key + 2);
344 *pos++ = (tkey->key_idx << 6) | (1 << 5) /* Ext IV included */ ;
345 *pos++ = tkey->tx_iv32 & 0xff;
346 *pos++ = (tkey->tx_iv32 >> 8) & 0xff;
347 *pos++ = (tkey->tx_iv32 >> 16) & 0xff;
348 *pos++ = (tkey->tx_iv32 >> 24) & 0xff;
351 if (tkey->tx_iv16 == 0) {
352 tkey->tx_phase1_done = 0;
359 static int lib80211_tkip_encrypt(struct sk_buff *skb, int hdr_len, void *priv)
361 struct lib80211_tkip_data *tkey = priv;
362 struct blkcipher_desc desc = { .tfm = tkey->tx_tfm_arc4 };
364 u8 rc4key[16], *pos, *icv;
366 struct scatterlist sg;
368 if (tkey->flags & IEEE80211_CRYPTO_TKIP_COUNTERMEASURES) {
369 if (net_ratelimit()) {
370 struct ieee80211_hdr *hdr =
371 (struct ieee80211_hdr *)skb->data;
372 printk(KERN_DEBUG ": TKIP countermeasures: dropped "
373 "TX packet to %pM\n", hdr->addr1);
378 if (skb_tailroom(skb) < 4 || skb->len < hdr_len)
381 len = skb->len - hdr_len;
382 pos = skb->data + hdr_len;
384 if ((lib80211_tkip_hdr(skb, hdr_len, rc4key, 16, priv)) < 0)
387 icv = skb_put(skb, 4);
389 crc = ~crc32_le(~0, pos, len);
395 crypto_blkcipher_setkey(tkey->tx_tfm_arc4, rc4key, 16);
396 sg_init_one(&sg, pos, len + 4);
397 return crypto_blkcipher_encrypt(&desc, &sg, &sg, len + 4);
401 * deal with seq counter wrapping correctly.
402 * refer to timer_after() for jiffies wrapping handling
404 static inline int tkip_replay_check(u32 iv32_n, u16 iv16_n,
405 u32 iv32_o, u16 iv16_o)
407 if ((s32)iv32_n - (s32)iv32_o < 0 ||
408 (iv32_n == iv32_o && iv16_n <= iv16_o))
413 static int lib80211_tkip_decrypt(struct sk_buff *skb, int hdr_len, void *priv)
415 struct lib80211_tkip_data *tkey = priv;
416 struct blkcipher_desc desc = { .tfm = tkey->rx_tfm_arc4 };
421 struct ieee80211_hdr *hdr;
424 struct scatterlist sg;
427 hdr = (struct ieee80211_hdr *)skb->data;
429 if (tkey->flags & IEEE80211_CRYPTO_TKIP_COUNTERMEASURES) {
430 if (net_ratelimit()) {
431 printk(KERN_DEBUG ": TKIP countermeasures: dropped "
432 "received packet from %pM\n", hdr->addr2);
437 if (skb->len < hdr_len + 8 + 4)
440 pos = skb->data + hdr_len;
442 if (!(keyidx & (1 << 5))) {
443 if (net_ratelimit()) {
444 printk(KERN_DEBUG "TKIP: received packet without ExtIV"
445 " flag from %pM\n", hdr->addr2);
450 if (tkey->key_idx != keyidx) {
451 printk(KERN_DEBUG "TKIP: RX tkey->key_idx=%d frame "
452 "keyidx=%d priv=%p\n", tkey->key_idx, keyidx, priv);
455 if (!tkey->key_set) {
456 if (net_ratelimit()) {
457 printk(KERN_DEBUG "TKIP: received packet from %pM"
458 " with keyid=%d that does not have a configured"
459 " key\n", hdr->addr2, keyidx);
463 iv16 = (pos[0] << 8) | pos[2];
464 iv32 = pos[4] | (pos[5] << 8) | (pos[6] << 16) | (pos[7] << 24);
467 if (tkip_replay_check(iv32, iv16, tkey->rx_iv32, tkey->rx_iv16)) {
468 #ifdef CONFIG_LIB80211_DEBUG
469 if (net_ratelimit()) {
470 printk(KERN_DEBUG "TKIP: replay detected: STA=%pM"
471 " previous TSC %08x%04x received TSC "
472 "%08x%04x\n", hdr->addr2,
473 tkey->rx_iv32, tkey->rx_iv16, iv32, iv16);
476 tkey->dot11RSNAStatsTKIPReplays++;
480 if (iv32 != tkey->rx_iv32 || !tkey->rx_phase1_done) {
481 tkip_mixing_phase1(tkey->rx_ttak, tkey->key, hdr->addr2, iv32);
482 tkey->rx_phase1_done = 1;
484 tkip_mixing_phase2(rc4key, tkey->key, tkey->rx_ttak, iv16);
486 plen = skb->len - hdr_len - 12;
488 crypto_blkcipher_setkey(tkey->rx_tfm_arc4, rc4key, 16);
489 sg_init_one(&sg, pos, plen + 4);
490 if (crypto_blkcipher_decrypt(&desc, &sg, &sg, plen + 4)) {
491 if (net_ratelimit()) {
492 printk(KERN_DEBUG ": TKIP: failed to decrypt "
493 "received packet from %pM\n",
499 crc = ~crc32_le(~0, pos, plen);
504 if (memcmp(icv, pos + plen, 4) != 0) {
505 if (iv32 != tkey->rx_iv32) {
506 /* Previously cached Phase1 result was already lost, so
507 * it needs to be recalculated for the next packet. */
508 tkey->rx_phase1_done = 0;
510 #ifdef CONFIG_LIB80211_DEBUG
511 if (net_ratelimit()) {
512 printk(KERN_DEBUG "TKIP: ICV error detected: STA="
513 "%pM\n", hdr->addr2);
516 tkey->dot11RSNAStatsTKIPICVErrors++;
520 /* Update real counters only after Michael MIC verification has
522 tkey->rx_iv32_new = iv32;
523 tkey->rx_iv16_new = iv16;
525 /* Remove IV and ICV */
526 memmove(skb->data + 8, skb->data, hdr_len);
528 skb_trim(skb, skb->len - 4);
533 static int michael_mic(struct crypto_hash *tfm_michael, u8 * key, u8 * hdr,
534 u8 * data, size_t data_len, u8 * mic)
536 struct hash_desc desc;
537 struct scatterlist sg[2];
539 if (tfm_michael == NULL) {
540 printk(KERN_WARNING "michael_mic: tfm_michael == NULL\n");
543 sg_init_table(sg, 2);
544 sg_set_buf(&sg[0], hdr, 16);
545 sg_set_buf(&sg[1], data, data_len);
547 if (crypto_hash_setkey(tfm_michael, key, 8))
550 desc.tfm = tfm_michael;
552 return crypto_hash_digest(&desc, sg, data_len + 16, mic);
555 static void michael_mic_hdr(struct sk_buff *skb, u8 * hdr)
557 struct ieee80211_hdr *hdr11;
559 hdr11 = (struct ieee80211_hdr *)skb->data;
561 switch (le16_to_cpu(hdr11->frame_control) &
562 (IEEE80211_FCTL_FROMDS | IEEE80211_FCTL_TODS)) {
563 case IEEE80211_FCTL_TODS:
564 memcpy(hdr, hdr11->addr3, ETH_ALEN); /* DA */
565 memcpy(hdr + ETH_ALEN, hdr11->addr2, ETH_ALEN); /* SA */
567 case IEEE80211_FCTL_FROMDS:
568 memcpy(hdr, hdr11->addr1, ETH_ALEN); /* DA */
569 memcpy(hdr + ETH_ALEN, hdr11->addr3, ETH_ALEN); /* SA */
571 case IEEE80211_FCTL_FROMDS | IEEE80211_FCTL_TODS:
572 memcpy(hdr, hdr11->addr3, ETH_ALEN); /* DA */
573 memcpy(hdr + ETH_ALEN, hdr11->addr4, ETH_ALEN); /* SA */
576 memcpy(hdr, hdr11->addr1, ETH_ALEN); /* DA */
577 memcpy(hdr + ETH_ALEN, hdr11->addr2, ETH_ALEN); /* SA */
581 if (ieee80211_is_data_qos(hdr11->frame_control)) {
582 hdr[12] = le16_to_cpu(*ieee80211_get_qos_ctl(hdr11))
583 & IEEE80211_QOS_CTL_TID_MASK;
585 hdr[12] = 0; /* priority */
587 hdr[13] = hdr[14] = hdr[15] = 0; /* reserved */
590 static int lib80211_michael_mic_add(struct sk_buff *skb, int hdr_len,
593 struct lib80211_tkip_data *tkey = priv;
596 if (skb_tailroom(skb) < 8 || skb->len < hdr_len) {
597 printk(KERN_DEBUG "Invalid packet for Michael MIC add "
598 "(tailroom=%d hdr_len=%d skb->len=%d)\n",
599 skb_tailroom(skb), hdr_len, skb->len);
603 michael_mic_hdr(skb, tkey->tx_hdr);
604 pos = skb_put(skb, 8);
605 if (michael_mic(tkey->tx_tfm_michael, &tkey->key[16], tkey->tx_hdr,
606 skb->data + hdr_len, skb->len - 8 - hdr_len, pos))
612 static void lib80211_michael_mic_failure(struct net_device *dev,
613 struct ieee80211_hdr *hdr,
616 union iwreq_data wrqu;
617 struct iw_michaelmicfailure ev;
619 /* TODO: needed parameters: count, keyid, key type, TSC */
620 memset(&ev, 0, sizeof(ev));
621 ev.flags = keyidx & IW_MICFAILURE_KEY_ID;
622 if (hdr->addr1[0] & 0x01)
623 ev.flags |= IW_MICFAILURE_GROUP;
625 ev.flags |= IW_MICFAILURE_PAIRWISE;
626 ev.src_addr.sa_family = ARPHRD_ETHER;
627 memcpy(ev.src_addr.sa_data, hdr->addr2, ETH_ALEN);
628 memset(&wrqu, 0, sizeof(wrqu));
629 wrqu.data.length = sizeof(ev);
630 wireless_send_event(dev, IWEVMICHAELMICFAILURE, &wrqu, (char *)&ev);
633 static int lib80211_michael_mic_verify(struct sk_buff *skb, int keyidx,
634 int hdr_len, void *priv)
636 struct lib80211_tkip_data *tkey = priv;
642 michael_mic_hdr(skb, tkey->rx_hdr);
643 if (michael_mic(tkey->rx_tfm_michael, &tkey->key[24], tkey->rx_hdr,
644 skb->data + hdr_len, skb->len - 8 - hdr_len, mic))
646 if (memcmp(mic, skb->data + skb->len - 8, 8) != 0) {
647 struct ieee80211_hdr *hdr;
648 hdr = (struct ieee80211_hdr *)skb->data;
649 printk(KERN_DEBUG "%s: Michael MIC verification failed for "
650 "MSDU from %pM keyidx=%d\n",
651 skb->dev ? skb->dev->name : "N/A", hdr->addr2,
654 lib80211_michael_mic_failure(skb->dev, hdr, keyidx);
655 tkey->dot11RSNAStatsTKIPLocalMICFailures++;
659 /* Update TSC counters for RX now that the packet verification has
661 tkey->rx_iv32 = tkey->rx_iv32_new;
662 tkey->rx_iv16 = tkey->rx_iv16_new;
664 skb_trim(skb, skb->len - 8);
669 static int lib80211_tkip_set_key(void *key, int len, u8 * seq, void *priv)
671 struct lib80211_tkip_data *tkey = priv;
673 struct crypto_hash *tfm = tkey->tx_tfm_michael;
674 struct crypto_blkcipher *tfm2 = tkey->tx_tfm_arc4;
675 struct crypto_hash *tfm3 = tkey->rx_tfm_michael;
676 struct crypto_blkcipher *tfm4 = tkey->rx_tfm_arc4;
678 keyidx = tkey->key_idx;
679 memset(tkey, 0, sizeof(*tkey));
680 tkey->key_idx = keyidx;
681 tkey->tx_tfm_michael = tfm;
682 tkey->tx_tfm_arc4 = tfm2;
683 tkey->rx_tfm_michael = tfm3;
684 tkey->rx_tfm_arc4 = tfm4;
685 if (len == TKIP_KEY_LEN) {
686 memcpy(tkey->key, key, TKIP_KEY_LEN);
688 tkey->tx_iv16 = 1; /* TSC is initialized to 1 */
690 tkey->rx_iv32 = (seq[5] << 24) | (seq[4] << 16) |
691 (seq[3] << 8) | seq[2];
692 tkey->rx_iv16 = (seq[1] << 8) | seq[0];
702 static int lib80211_tkip_get_key(void *key, int len, u8 * seq, void *priv)
704 struct lib80211_tkip_data *tkey = priv;
706 if (len < TKIP_KEY_LEN)
711 memcpy(key, tkey->key, TKIP_KEY_LEN);
714 /* Return the sequence number of the last transmitted frame. */
715 u16 iv16 = tkey->tx_iv16;
716 u32 iv32 = tkey->tx_iv32;
720 seq[0] = tkey->tx_iv16;
721 seq[1] = tkey->tx_iv16 >> 8;
722 seq[2] = tkey->tx_iv32;
723 seq[3] = tkey->tx_iv32 >> 8;
724 seq[4] = tkey->tx_iv32 >> 16;
725 seq[5] = tkey->tx_iv32 >> 24;
731 static char *lib80211_tkip_print_stats(char *p, void *priv)
733 struct lib80211_tkip_data *tkip = priv;
734 p += sprintf(p, "key[%d] alg=TKIP key_set=%d "
735 "tx_pn=%02x%02x%02x%02x%02x%02x "
736 "rx_pn=%02x%02x%02x%02x%02x%02x "
737 "replays=%d icv_errors=%d local_mic_failures=%d\n",
738 tkip->key_idx, tkip->key_set,
739 (tkip->tx_iv32 >> 24) & 0xff,
740 (tkip->tx_iv32 >> 16) & 0xff,
741 (tkip->tx_iv32 >> 8) & 0xff,
742 tkip->tx_iv32 & 0xff,
743 (tkip->tx_iv16 >> 8) & 0xff,
744 tkip->tx_iv16 & 0xff,
745 (tkip->rx_iv32 >> 24) & 0xff,
746 (tkip->rx_iv32 >> 16) & 0xff,
747 (tkip->rx_iv32 >> 8) & 0xff,
748 tkip->rx_iv32 & 0xff,
749 (tkip->rx_iv16 >> 8) & 0xff,
750 tkip->rx_iv16 & 0xff,
751 tkip->dot11RSNAStatsTKIPReplays,
752 tkip->dot11RSNAStatsTKIPICVErrors,
753 tkip->dot11RSNAStatsTKIPLocalMICFailures);
757 static struct lib80211_crypto_ops lib80211_crypt_tkip = {
759 .init = lib80211_tkip_init,
760 .deinit = lib80211_tkip_deinit,
761 .build_iv = lib80211_tkip_hdr,
762 .encrypt_mpdu = lib80211_tkip_encrypt,
763 .decrypt_mpdu = lib80211_tkip_decrypt,
764 .encrypt_msdu = lib80211_michael_mic_add,
765 .decrypt_msdu = lib80211_michael_mic_verify,
766 .set_key = lib80211_tkip_set_key,
767 .get_key = lib80211_tkip_get_key,
768 .print_stats = lib80211_tkip_print_stats,
769 .extra_mpdu_prefix_len = 4 + 4, /* IV + ExtIV */
770 .extra_mpdu_postfix_len = 4, /* ICV */
771 .extra_msdu_postfix_len = 8, /* MIC */
772 .get_flags = lib80211_tkip_get_flags,
773 .set_flags = lib80211_tkip_set_flags,
774 .owner = THIS_MODULE,
777 static int __init lib80211_crypto_tkip_init(void)
779 return lib80211_register_crypto_ops(&lib80211_crypt_tkip);
782 static void __exit lib80211_crypto_tkip_exit(void)
784 lib80211_unregister_crypto_ops(&lib80211_crypt_tkip);
787 module_init(lib80211_crypto_tkip_init);
788 module_exit(lib80211_crypto_tkip_exit);