Merge branches 'omap1-upstream' and 'omap2-upstream' into devel
[linux-2.6] / net / ieee80211 / ieee80211_crypt_tkip.c
1 /*
2  * Host AP crypt: host-based TKIP encryption implementation for Host AP driver
3  *
4  * Copyright (c) 2003-2004, Jouni Malinen <j@w1.fi>
5  *
6  * This program is free software; you can redistribute it and/or modify
7  * it under the terms of the GNU General Public License version 2 as
8  * published by the Free Software Foundation. See README and COPYING for
9  * more details.
10  */
11
12 #include <linux/err.h>
13 #include <linux/module.h>
14 #include <linux/init.h>
15 #include <linux/slab.h>
16 #include <linux/random.h>
17 #include <linux/skbuff.h>
18 #include <linux/netdevice.h>
19 #include <linux/mm.h>
20 #include <linux/if_ether.h>
21 #include <linux/if_arp.h>
22 #include <asm/string.h>
23
24 #include <net/ieee80211.h>
25
26 #include <linux/crypto.h>
27 #include <asm/scatterlist.h>
28 #include <linux/crc32.h>
29
30 MODULE_AUTHOR("Jouni Malinen");
31 MODULE_DESCRIPTION("Host AP crypt: TKIP");
32 MODULE_LICENSE("GPL");
33
34 struct ieee80211_tkip_data {
35 #define TKIP_KEY_LEN 32
36         u8 key[TKIP_KEY_LEN];
37         int key_set;
38
39         u32 tx_iv32;
40         u16 tx_iv16;
41         u16 tx_ttak[5];
42         int tx_phase1_done;
43
44         u32 rx_iv32;
45         u16 rx_iv16;
46         u16 rx_ttak[5];
47         int rx_phase1_done;
48         u32 rx_iv32_new;
49         u16 rx_iv16_new;
50
51         u32 dot11RSNAStatsTKIPReplays;
52         u32 dot11RSNAStatsTKIPICVErrors;
53         u32 dot11RSNAStatsTKIPLocalMICFailures;
54
55         int key_idx;
56
57         struct crypto_blkcipher *rx_tfm_arc4;
58         struct crypto_hash *rx_tfm_michael;
59         struct crypto_blkcipher *tx_tfm_arc4;
60         struct crypto_hash *tx_tfm_michael;
61
62         /* scratch buffers for virt_to_page() (crypto API) */
63         u8 rx_hdr[16], tx_hdr[16];
64
65         unsigned long flags;
66 };
67
68 static unsigned long ieee80211_tkip_set_flags(unsigned long flags, void *priv)
69 {
70         struct ieee80211_tkip_data *_priv = priv;
71         unsigned long old_flags = _priv->flags;
72         _priv->flags = flags;
73         return old_flags;
74 }
75
76 static unsigned long ieee80211_tkip_get_flags(void *priv)
77 {
78         struct ieee80211_tkip_data *_priv = priv;
79         return _priv->flags;
80 }
81
82 static void *ieee80211_tkip_init(int key_idx)
83 {
84         struct ieee80211_tkip_data *priv;
85
86         priv = kzalloc(sizeof(*priv), GFP_ATOMIC);
87         if (priv == NULL)
88                 goto fail;
89
90         priv->key_idx = key_idx;
91
92         priv->tx_tfm_arc4 = crypto_alloc_blkcipher("ecb(arc4)", 0,
93                                                 CRYPTO_ALG_ASYNC);
94         if (IS_ERR(priv->tx_tfm_arc4)) {
95                 printk(KERN_DEBUG "ieee80211_crypt_tkip: could not allocate "
96                        "crypto API arc4\n");
97                 priv->tx_tfm_arc4 = NULL;
98                 goto fail;
99         }
100
101         priv->tx_tfm_michael = crypto_alloc_hash("michael_mic", 0,
102                                                  CRYPTO_ALG_ASYNC);
103         if (IS_ERR(priv->tx_tfm_michael)) {
104                 printk(KERN_DEBUG "ieee80211_crypt_tkip: could not allocate "
105                        "crypto API michael_mic\n");
106                 priv->tx_tfm_michael = NULL;
107                 goto fail;
108         }
109
110         priv->rx_tfm_arc4 = crypto_alloc_blkcipher("ecb(arc4)", 0,
111                                                 CRYPTO_ALG_ASYNC);
112         if (IS_ERR(priv->rx_tfm_arc4)) {
113                 printk(KERN_DEBUG "ieee80211_crypt_tkip: could not allocate "
114                        "crypto API arc4\n");
115                 priv->rx_tfm_arc4 = NULL;
116                 goto fail;
117         }
118
119         priv->rx_tfm_michael = crypto_alloc_hash("michael_mic", 0,
120                                                  CRYPTO_ALG_ASYNC);
121         if (IS_ERR(priv->rx_tfm_michael)) {
122                 printk(KERN_DEBUG "ieee80211_crypt_tkip: could not allocate "
123                        "crypto API michael_mic\n");
124                 priv->rx_tfm_michael = NULL;
125                 goto fail;
126         }
127
128         return priv;
129
130       fail:
131         if (priv) {
132                 if (priv->tx_tfm_michael)
133                         crypto_free_hash(priv->tx_tfm_michael);
134                 if (priv->tx_tfm_arc4)
135                         crypto_free_blkcipher(priv->tx_tfm_arc4);
136                 if (priv->rx_tfm_michael)
137                         crypto_free_hash(priv->rx_tfm_michael);
138                 if (priv->rx_tfm_arc4)
139                         crypto_free_blkcipher(priv->rx_tfm_arc4);
140                 kfree(priv);
141         }
142
143         return NULL;
144 }
145
146 static void ieee80211_tkip_deinit(void *priv)
147 {
148         struct ieee80211_tkip_data *_priv = priv;
149         if (_priv) {
150                 if (_priv->tx_tfm_michael)
151                         crypto_free_hash(_priv->tx_tfm_michael);
152                 if (_priv->tx_tfm_arc4)
153                         crypto_free_blkcipher(_priv->tx_tfm_arc4);
154                 if (_priv->rx_tfm_michael)
155                         crypto_free_hash(_priv->rx_tfm_michael);
156                 if (_priv->rx_tfm_arc4)
157                         crypto_free_blkcipher(_priv->rx_tfm_arc4);
158         }
159         kfree(priv);
160 }
161
162 static inline u16 RotR1(u16 val)
163 {
164         return (val >> 1) | (val << 15);
165 }
166
167 static inline u8 Lo8(u16 val)
168 {
169         return val & 0xff;
170 }
171
172 static inline u8 Hi8(u16 val)
173 {
174         return val >> 8;
175 }
176
177 static inline u16 Lo16(u32 val)
178 {
179         return val & 0xffff;
180 }
181
182 static inline u16 Hi16(u32 val)
183 {
184         return val >> 16;
185 }
186
187 static inline u16 Mk16(u8 hi, u8 lo)
188 {
189         return lo | (((u16) hi) << 8);
190 }
191
192 static inline u16 Mk16_le(u16 * v)
193 {
194         return le16_to_cpu(*v);
195 }
196
197 static const u16 Sbox[256] = {
198         0xC6A5, 0xF884, 0xEE99, 0xF68D, 0xFF0D, 0xD6BD, 0xDEB1, 0x9154,
199         0x6050, 0x0203, 0xCEA9, 0x567D, 0xE719, 0xB562, 0x4DE6, 0xEC9A,
200         0x8F45, 0x1F9D, 0x8940, 0xFA87, 0xEF15, 0xB2EB, 0x8EC9, 0xFB0B,
201         0x41EC, 0xB367, 0x5FFD, 0x45EA, 0x23BF, 0x53F7, 0xE496, 0x9B5B,
202         0x75C2, 0xE11C, 0x3DAE, 0x4C6A, 0x6C5A, 0x7E41, 0xF502, 0x834F,
203         0x685C, 0x51F4, 0xD134, 0xF908, 0xE293, 0xAB73, 0x6253, 0x2A3F,
204         0x080C, 0x9552, 0x4665, 0x9D5E, 0x3028, 0x37A1, 0x0A0F, 0x2FB5,
205         0x0E09, 0x2436, 0x1B9B, 0xDF3D, 0xCD26, 0x4E69, 0x7FCD, 0xEA9F,
206         0x121B, 0x1D9E, 0x5874, 0x342E, 0x362D, 0xDCB2, 0xB4EE, 0x5BFB,
207         0xA4F6, 0x764D, 0xB761, 0x7DCE, 0x527B, 0xDD3E, 0x5E71, 0x1397,
208         0xA6F5, 0xB968, 0x0000, 0xC12C, 0x4060, 0xE31F, 0x79C8, 0xB6ED,
209         0xD4BE, 0x8D46, 0x67D9, 0x724B, 0x94DE, 0x98D4, 0xB0E8, 0x854A,
210         0xBB6B, 0xC52A, 0x4FE5, 0xED16, 0x86C5, 0x9AD7, 0x6655, 0x1194,
211         0x8ACF, 0xE910, 0x0406, 0xFE81, 0xA0F0, 0x7844, 0x25BA, 0x4BE3,
212         0xA2F3, 0x5DFE, 0x80C0, 0x058A, 0x3FAD, 0x21BC, 0x7048, 0xF104,
213         0x63DF, 0x77C1, 0xAF75, 0x4263, 0x2030, 0xE51A, 0xFD0E, 0xBF6D,
214         0x814C, 0x1814, 0x2635, 0xC32F, 0xBEE1, 0x35A2, 0x88CC, 0x2E39,
215         0x9357, 0x55F2, 0xFC82, 0x7A47, 0xC8AC, 0xBAE7, 0x322B, 0xE695,
216         0xC0A0, 0x1998, 0x9ED1, 0xA37F, 0x4466, 0x547E, 0x3BAB, 0x0B83,
217         0x8CCA, 0xC729, 0x6BD3, 0x283C, 0xA779, 0xBCE2, 0x161D, 0xAD76,
218         0xDB3B, 0x6456, 0x744E, 0x141E, 0x92DB, 0x0C0A, 0x486C, 0xB8E4,
219         0x9F5D, 0xBD6E, 0x43EF, 0xC4A6, 0x39A8, 0x31A4, 0xD337, 0xF28B,
220         0xD532, 0x8B43, 0x6E59, 0xDAB7, 0x018C, 0xB164, 0x9CD2, 0x49E0,
221         0xD8B4, 0xACFA, 0xF307, 0xCF25, 0xCAAF, 0xF48E, 0x47E9, 0x1018,
222         0x6FD5, 0xF088, 0x4A6F, 0x5C72, 0x3824, 0x57F1, 0x73C7, 0x9751,
223         0xCB23, 0xA17C, 0xE89C, 0x3E21, 0x96DD, 0x61DC, 0x0D86, 0x0F85,
224         0xE090, 0x7C42, 0x71C4, 0xCCAA, 0x90D8, 0x0605, 0xF701, 0x1C12,
225         0xC2A3, 0x6A5F, 0xAEF9, 0x69D0, 0x1791, 0x9958, 0x3A27, 0x27B9,
226         0xD938, 0xEB13, 0x2BB3, 0x2233, 0xD2BB, 0xA970, 0x0789, 0x33A7,
227         0x2DB6, 0x3C22, 0x1592, 0xC920, 0x8749, 0xAAFF, 0x5078, 0xA57A,
228         0x038F, 0x59F8, 0x0980, 0x1A17, 0x65DA, 0xD731, 0x84C6, 0xD0B8,
229         0x82C3, 0x29B0, 0x5A77, 0x1E11, 0x7BCB, 0xA8FC, 0x6DD6, 0x2C3A,
230 };
231
232 static inline u16 _S_(u16 v)
233 {
234         u16 t = Sbox[Hi8(v)];
235         return Sbox[Lo8(v)] ^ ((t << 8) | (t >> 8));
236 }
237
238 #define PHASE1_LOOP_COUNT 8
239
240 static void tkip_mixing_phase1(u16 * TTAK, const u8 * TK, const u8 * TA,
241                                u32 IV32)
242 {
243         int i, j;
244
245         /* Initialize the 80-bit TTAK from TSC (IV32) and TA[0..5] */
246         TTAK[0] = Lo16(IV32);
247         TTAK[1] = Hi16(IV32);
248         TTAK[2] = Mk16(TA[1], TA[0]);
249         TTAK[3] = Mk16(TA[3], TA[2]);
250         TTAK[4] = Mk16(TA[5], TA[4]);
251
252         for (i = 0; i < PHASE1_LOOP_COUNT; i++) {
253                 j = 2 * (i & 1);
254                 TTAK[0] += _S_(TTAK[4] ^ Mk16(TK[1 + j], TK[0 + j]));
255                 TTAK[1] += _S_(TTAK[0] ^ Mk16(TK[5 + j], TK[4 + j]));
256                 TTAK[2] += _S_(TTAK[1] ^ Mk16(TK[9 + j], TK[8 + j]));
257                 TTAK[3] += _S_(TTAK[2] ^ Mk16(TK[13 + j], TK[12 + j]));
258                 TTAK[4] += _S_(TTAK[3] ^ Mk16(TK[1 + j], TK[0 + j])) + i;
259         }
260 }
261
262 static void tkip_mixing_phase2(u8 * WEPSeed, const u8 * TK, const u16 * TTAK,
263                                u16 IV16)
264 {
265         /* Make temporary area overlap WEP seed so that the final copy can be
266          * avoided on little endian hosts. */
267         u16 *PPK = (u16 *) & WEPSeed[4];
268
269         /* Step 1 - make copy of TTAK and bring in TSC */
270         PPK[0] = TTAK[0];
271         PPK[1] = TTAK[1];
272         PPK[2] = TTAK[2];
273         PPK[3] = TTAK[3];
274         PPK[4] = TTAK[4];
275         PPK[5] = TTAK[4] + IV16;
276
277         /* Step 2 - 96-bit bijective mixing using S-box */
278         PPK[0] += _S_(PPK[5] ^ Mk16_le((u16 *) & TK[0]));
279         PPK[1] += _S_(PPK[0] ^ Mk16_le((u16 *) & TK[2]));
280         PPK[2] += _S_(PPK[1] ^ Mk16_le((u16 *) & TK[4]));
281         PPK[3] += _S_(PPK[2] ^ Mk16_le((u16 *) & TK[6]));
282         PPK[4] += _S_(PPK[3] ^ Mk16_le((u16 *) & TK[8]));
283         PPK[5] += _S_(PPK[4] ^ Mk16_le((u16 *) & TK[10]));
284
285         PPK[0] += RotR1(PPK[5] ^ Mk16_le((u16 *) & TK[12]));
286         PPK[1] += RotR1(PPK[0] ^ Mk16_le((u16 *) & TK[14]));
287         PPK[2] += RotR1(PPK[1]);
288         PPK[3] += RotR1(PPK[2]);
289         PPK[4] += RotR1(PPK[3]);
290         PPK[5] += RotR1(PPK[4]);
291
292         /* Step 3 - bring in last of TK bits, assign 24-bit WEP IV value
293          * WEPSeed[0..2] is transmitted as WEP IV */
294         WEPSeed[0] = Hi8(IV16);
295         WEPSeed[1] = (Hi8(IV16) | 0x20) & 0x7F;
296         WEPSeed[2] = Lo8(IV16);
297         WEPSeed[3] = Lo8((PPK[5] ^ Mk16_le((u16 *) & TK[0])) >> 1);
298
299 #ifdef __BIG_ENDIAN
300         {
301                 int i;
302                 for (i = 0; i < 6; i++)
303                         PPK[i] = (PPK[i] << 8) | (PPK[i] >> 8);
304         }
305 #endif
306 }
307
308 static int ieee80211_tkip_hdr(struct sk_buff *skb, int hdr_len,
309                               u8 * rc4key, int keylen, void *priv)
310 {
311         struct ieee80211_tkip_data *tkey = priv;
312         int len;
313         u8 *pos;
314         struct ieee80211_hdr_4addr *hdr;
315
316         hdr = (struct ieee80211_hdr_4addr *)skb->data;
317
318         if (skb_headroom(skb) < 8 || skb->len < hdr_len)
319                 return -1;
320
321         if (rc4key == NULL || keylen < 16)
322                 return -1;
323
324         if (!tkey->tx_phase1_done) {
325                 tkip_mixing_phase1(tkey->tx_ttak, tkey->key, hdr->addr2,
326                                    tkey->tx_iv32);
327                 tkey->tx_phase1_done = 1;
328         }
329         tkip_mixing_phase2(rc4key, tkey->key, tkey->tx_ttak, tkey->tx_iv16);
330
331         len = skb->len - hdr_len;
332         pos = skb_push(skb, 8);
333         memmove(pos, pos + 8, hdr_len);
334         pos += hdr_len;
335
336         *pos++ = *rc4key;
337         *pos++ = *(rc4key + 1);
338         *pos++ = *(rc4key + 2);
339         *pos++ = (tkey->key_idx << 6) | (1 << 5) /* Ext IV included */ ;
340         *pos++ = tkey->tx_iv32 & 0xff;
341         *pos++ = (tkey->tx_iv32 >> 8) & 0xff;
342         *pos++ = (tkey->tx_iv32 >> 16) & 0xff;
343         *pos++ = (tkey->tx_iv32 >> 24) & 0xff;
344
345         tkey->tx_iv16++;
346         if (tkey->tx_iv16 == 0) {
347                 tkey->tx_phase1_done = 0;
348                 tkey->tx_iv32++;
349         }
350
351         return 8;
352 }
353
354 static int ieee80211_tkip_encrypt(struct sk_buff *skb, int hdr_len, void *priv)
355 {
356         struct ieee80211_tkip_data *tkey = priv;
357         struct blkcipher_desc desc = { .tfm = tkey->tx_tfm_arc4 };
358         int len;
359         u8 rc4key[16], *pos, *icv;
360         u32 crc;
361         struct scatterlist sg;
362         DECLARE_MAC_BUF(mac);
363
364         if (tkey->flags & IEEE80211_CRYPTO_TKIP_COUNTERMEASURES) {
365                 if (net_ratelimit()) {
366                         struct ieee80211_hdr_4addr *hdr =
367                             (struct ieee80211_hdr_4addr *)skb->data;
368                         printk(KERN_DEBUG ": TKIP countermeasures: dropped "
369                                "TX packet to %s\n",
370                                print_mac(mac, hdr->addr1));
371                 }
372                 return -1;
373         }
374
375         if (skb_tailroom(skb) < 4 || skb->len < hdr_len)
376                 return -1;
377
378         len = skb->len - hdr_len;
379         pos = skb->data + hdr_len;
380
381         if ((ieee80211_tkip_hdr(skb, hdr_len, rc4key, 16, priv)) < 0)
382                 return -1;
383
384         icv = skb_put(skb, 4);
385
386         crc = ~crc32_le(~0, pos, len);
387         icv[0] = crc;
388         icv[1] = crc >> 8;
389         icv[2] = crc >> 16;
390         icv[3] = crc >> 24;
391
392         crypto_blkcipher_setkey(tkey->tx_tfm_arc4, rc4key, 16);
393         sg.page = virt_to_page(pos);
394         sg.offset = offset_in_page(pos);
395         sg.length = len + 4;
396         return crypto_blkcipher_encrypt(&desc, &sg, &sg, len + 4);
397 }
398
399 /*
400  * deal with seq counter wrapping correctly.
401  * refer to timer_after() for jiffies wrapping handling
402  */
403 static inline int tkip_replay_check(u32 iv32_n, u16 iv16_n,
404                                     u32 iv32_o, u16 iv16_o)
405 {
406         if ((s32)iv32_n - (s32)iv32_o < 0 ||
407             (iv32_n == iv32_o && iv16_n <= iv16_o))
408                 return 1;
409         return 0;
410 }
411
412 static int ieee80211_tkip_decrypt(struct sk_buff *skb, int hdr_len, void *priv)
413 {
414         struct ieee80211_tkip_data *tkey = priv;
415         struct blkcipher_desc desc = { .tfm = tkey->rx_tfm_arc4 };
416         u8 rc4key[16];
417         u8 keyidx, *pos;
418         u32 iv32;
419         u16 iv16;
420         struct ieee80211_hdr_4addr *hdr;
421         u8 icv[4];
422         u32 crc;
423         struct scatterlist sg;
424         int plen;
425         DECLARE_MAC_BUF(mac);
426
427         hdr = (struct ieee80211_hdr_4addr *)skb->data;
428
429         if (tkey->flags & IEEE80211_CRYPTO_TKIP_COUNTERMEASURES) {
430                 if (net_ratelimit()) {
431                         printk(KERN_DEBUG ": TKIP countermeasures: dropped "
432                                "received packet from %s\n",
433                                print_mac(mac, hdr->addr2));
434                 }
435                 return -1;
436         }
437
438         if (skb->len < hdr_len + 8 + 4)
439                 return -1;
440
441         pos = skb->data + hdr_len;
442         keyidx = pos[3];
443         if (!(keyidx & (1 << 5))) {
444                 if (net_ratelimit()) {
445                         printk(KERN_DEBUG "TKIP: received packet without ExtIV"
446                                " flag from %s\n", print_mac(mac, hdr->addr2));
447                 }
448                 return -2;
449         }
450         keyidx >>= 6;
451         if (tkey->key_idx != keyidx) {
452                 printk(KERN_DEBUG "TKIP: RX tkey->key_idx=%d frame "
453                        "keyidx=%d priv=%p\n", tkey->key_idx, keyidx, priv);
454                 return -6;
455         }
456         if (!tkey->key_set) {
457                 if (net_ratelimit()) {
458                         printk(KERN_DEBUG "TKIP: received packet from %s"
459                                " with keyid=%d that does not have a configured"
460                                " key\n", print_mac(mac, hdr->addr2), keyidx);
461                 }
462                 return -3;
463         }
464         iv16 = (pos[0] << 8) | pos[2];
465         iv32 = pos[4] | (pos[5] << 8) | (pos[6] << 16) | (pos[7] << 24);
466         pos += 8;
467
468         if (tkip_replay_check(iv32, iv16, tkey->rx_iv32, tkey->rx_iv16)) {
469                 if (net_ratelimit()) {
470                         IEEE80211_DEBUG_DROP("TKIP: replay detected: STA=%s"
471                                " previous TSC %08x%04x received TSC "
472                                "%08x%04x\n", print_mac(mac, hdr->addr2),
473                                tkey->rx_iv32, tkey->rx_iv16, iv32, iv16);
474                 }
475                 tkey->dot11RSNAStatsTKIPReplays++;
476                 return -4;
477         }
478
479         if (iv32 != tkey->rx_iv32 || !tkey->rx_phase1_done) {
480                 tkip_mixing_phase1(tkey->rx_ttak, tkey->key, hdr->addr2, iv32);
481                 tkey->rx_phase1_done = 1;
482         }
483         tkip_mixing_phase2(rc4key, tkey->key, tkey->rx_ttak, iv16);
484
485         plen = skb->len - hdr_len - 12;
486
487         crypto_blkcipher_setkey(tkey->rx_tfm_arc4, rc4key, 16);
488         sg.page = virt_to_page(pos);
489         sg.offset = offset_in_page(pos);
490         sg.length = plen + 4;
491         if (crypto_blkcipher_decrypt(&desc, &sg, &sg, plen + 4)) {
492                 if (net_ratelimit()) {
493                         printk(KERN_DEBUG ": TKIP: failed to decrypt "
494                                "received packet from %s\n",
495                                print_mac(mac, hdr->addr2));
496                 }
497                 return -7;
498         }
499
500         crc = ~crc32_le(~0, pos, plen);
501         icv[0] = crc;
502         icv[1] = crc >> 8;
503         icv[2] = crc >> 16;
504         icv[3] = crc >> 24;
505         if (memcmp(icv, pos + plen, 4) != 0) {
506                 if (iv32 != tkey->rx_iv32) {
507                         /* Previously cached Phase1 result was already lost, so
508                          * it needs to be recalculated for the next packet. */
509                         tkey->rx_phase1_done = 0;
510                 }
511                 if (net_ratelimit()) {
512                         IEEE80211_DEBUG_DROP("TKIP: ICV error detected: STA="
513                                "%s\n", print_mac(mac, hdr->addr2));
514                 }
515                 tkey->dot11RSNAStatsTKIPICVErrors++;
516                 return -5;
517         }
518
519         /* Update real counters only after Michael MIC verification has
520          * completed */
521         tkey->rx_iv32_new = iv32;
522         tkey->rx_iv16_new = iv16;
523
524         /* Remove IV and ICV */
525         memmove(skb->data + 8, skb->data, hdr_len);
526         skb_pull(skb, 8);
527         skb_trim(skb, skb->len - 4);
528
529         return keyidx;
530 }
531
532 static int michael_mic(struct crypto_hash *tfm_michael, u8 * key, u8 * hdr,
533                        u8 * data, size_t data_len, u8 * mic)
534 {
535         struct hash_desc desc;
536         struct scatterlist sg[2];
537
538         if (tfm_michael == NULL) {
539                 printk(KERN_WARNING "michael_mic: tfm_michael == NULL\n");
540                 return -1;
541         }
542         sg[0].page = virt_to_page(hdr);
543         sg[0].offset = offset_in_page(hdr);
544         sg[0].length = 16;
545
546         sg[1].page = virt_to_page(data);
547         sg[1].offset = offset_in_page(data);
548         sg[1].length = data_len;
549
550         if (crypto_hash_setkey(tfm_michael, key, 8))
551                 return -1;
552
553         desc.tfm = tfm_michael;
554         desc.flags = 0;
555         return crypto_hash_digest(&desc, sg, data_len + 16, mic);
556 }
557
558 static void michael_mic_hdr(struct sk_buff *skb, u8 * hdr)
559 {
560         struct ieee80211_hdr_4addr *hdr11;
561         u16 stype;
562
563         hdr11 = (struct ieee80211_hdr_4addr *)skb->data;
564         stype  = WLAN_FC_GET_STYPE(le16_to_cpu(hdr11->frame_ctl));
565
566         switch (le16_to_cpu(hdr11->frame_ctl) &
567                 (IEEE80211_FCTL_FROMDS | IEEE80211_FCTL_TODS)) {
568         case IEEE80211_FCTL_TODS:
569                 memcpy(hdr, hdr11->addr3, ETH_ALEN);    /* DA */
570                 memcpy(hdr + ETH_ALEN, hdr11->addr2, ETH_ALEN); /* SA */
571                 break;
572         case IEEE80211_FCTL_FROMDS:
573                 memcpy(hdr, hdr11->addr1, ETH_ALEN);    /* DA */
574                 memcpy(hdr + ETH_ALEN, hdr11->addr3, ETH_ALEN); /* SA */
575                 break;
576         case IEEE80211_FCTL_FROMDS | IEEE80211_FCTL_TODS:
577                 memcpy(hdr, hdr11->addr3, ETH_ALEN);    /* DA */
578                 memcpy(hdr + ETH_ALEN, hdr11->addr4, ETH_ALEN); /* SA */
579                 break;
580         case 0:
581                 memcpy(hdr, hdr11->addr1, ETH_ALEN);    /* DA */
582                 memcpy(hdr + ETH_ALEN, hdr11->addr2, ETH_ALEN); /* SA */
583                 break;
584         }
585
586         if (stype & IEEE80211_STYPE_QOS_DATA) {
587                 const struct ieee80211_hdr_3addrqos *qoshdr =
588                         (struct ieee80211_hdr_3addrqos *)skb->data;
589                 hdr[12] = qoshdr->qos_ctl & cpu_to_le16(IEEE80211_QCTL_TID);
590         } else
591                 hdr[12] = 0;            /* priority */
592
593         hdr[13] = hdr[14] = hdr[15] = 0;        /* reserved */
594 }
595
596 static int ieee80211_michael_mic_add(struct sk_buff *skb, int hdr_len,
597                                      void *priv)
598 {
599         struct ieee80211_tkip_data *tkey = priv;
600         u8 *pos;
601
602         if (skb_tailroom(skb) < 8 || skb->len < hdr_len) {
603                 printk(KERN_DEBUG "Invalid packet for Michael MIC add "
604                        "(tailroom=%d hdr_len=%d skb->len=%d)\n",
605                        skb_tailroom(skb), hdr_len, skb->len);
606                 return -1;
607         }
608
609         michael_mic_hdr(skb, tkey->tx_hdr);
610         pos = skb_put(skb, 8);
611         if (michael_mic(tkey->tx_tfm_michael, &tkey->key[16], tkey->tx_hdr,
612                         skb->data + hdr_len, skb->len - 8 - hdr_len, pos))
613                 return -1;
614
615         return 0;
616 }
617
618 static void ieee80211_michael_mic_failure(struct net_device *dev,
619                                           struct ieee80211_hdr_4addr *hdr,
620                                           int keyidx)
621 {
622         union iwreq_data wrqu;
623         struct iw_michaelmicfailure ev;
624
625         /* TODO: needed parameters: count, keyid, key type, TSC */
626         memset(&ev, 0, sizeof(ev));
627         ev.flags = keyidx & IW_MICFAILURE_KEY_ID;
628         if (hdr->addr1[0] & 0x01)
629                 ev.flags |= IW_MICFAILURE_GROUP;
630         else
631                 ev.flags |= IW_MICFAILURE_PAIRWISE;
632         ev.src_addr.sa_family = ARPHRD_ETHER;
633         memcpy(ev.src_addr.sa_data, hdr->addr2, ETH_ALEN);
634         memset(&wrqu, 0, sizeof(wrqu));
635         wrqu.data.length = sizeof(ev);
636         wireless_send_event(dev, IWEVMICHAELMICFAILURE, &wrqu, (char *)&ev);
637 }
638
639 static int ieee80211_michael_mic_verify(struct sk_buff *skb, int keyidx,
640                                         int hdr_len, void *priv)
641 {
642         struct ieee80211_tkip_data *tkey = priv;
643         u8 mic[8];
644         DECLARE_MAC_BUF(mac);
645
646         if (!tkey->key_set)
647                 return -1;
648
649         michael_mic_hdr(skb, tkey->rx_hdr);
650         if (michael_mic(tkey->rx_tfm_michael, &tkey->key[24], tkey->rx_hdr,
651                         skb->data + hdr_len, skb->len - 8 - hdr_len, mic))
652                 return -1;
653         if (memcmp(mic, skb->data + skb->len - 8, 8) != 0) {
654                 struct ieee80211_hdr_4addr *hdr;
655                 hdr = (struct ieee80211_hdr_4addr *)skb->data;
656                 printk(KERN_DEBUG "%s: Michael MIC verification failed for "
657                        "MSDU from %s keyidx=%d\n",
658                        skb->dev ? skb->dev->name : "N/A", print_mac(mac, hdr->addr2),
659                        keyidx);
660                 if (skb->dev)
661                         ieee80211_michael_mic_failure(skb->dev, hdr, keyidx);
662                 tkey->dot11RSNAStatsTKIPLocalMICFailures++;
663                 return -1;
664         }
665
666         /* Update TSC counters for RX now that the packet verification has
667          * completed. */
668         tkey->rx_iv32 = tkey->rx_iv32_new;
669         tkey->rx_iv16 = tkey->rx_iv16_new;
670
671         skb_trim(skb, skb->len - 8);
672
673         return 0;
674 }
675
676 static int ieee80211_tkip_set_key(void *key, int len, u8 * seq, void *priv)
677 {
678         struct ieee80211_tkip_data *tkey = priv;
679         int keyidx;
680         struct crypto_hash *tfm = tkey->tx_tfm_michael;
681         struct crypto_blkcipher *tfm2 = tkey->tx_tfm_arc4;
682         struct crypto_hash *tfm3 = tkey->rx_tfm_michael;
683         struct crypto_blkcipher *tfm4 = tkey->rx_tfm_arc4;
684
685         keyidx = tkey->key_idx;
686         memset(tkey, 0, sizeof(*tkey));
687         tkey->key_idx = keyidx;
688         tkey->tx_tfm_michael = tfm;
689         tkey->tx_tfm_arc4 = tfm2;
690         tkey->rx_tfm_michael = tfm3;
691         tkey->rx_tfm_arc4 = tfm4;
692         if (len == TKIP_KEY_LEN) {
693                 memcpy(tkey->key, key, TKIP_KEY_LEN);
694                 tkey->key_set = 1;
695                 tkey->tx_iv16 = 1;      /* TSC is initialized to 1 */
696                 if (seq) {
697                         tkey->rx_iv32 = (seq[5] << 24) | (seq[4] << 16) |
698                             (seq[3] << 8) | seq[2];
699                         tkey->rx_iv16 = (seq[1] << 8) | seq[0];
700                 }
701         } else if (len == 0)
702                 tkey->key_set = 0;
703         else
704                 return -1;
705
706         return 0;
707 }
708
709 static int ieee80211_tkip_get_key(void *key, int len, u8 * seq, void *priv)
710 {
711         struct ieee80211_tkip_data *tkey = priv;
712
713         if (len < TKIP_KEY_LEN)
714                 return -1;
715
716         if (!tkey->key_set)
717                 return 0;
718         memcpy(key, tkey->key, TKIP_KEY_LEN);
719
720         if (seq) {
721                 /* Return the sequence number of the last transmitted frame. */
722                 u16 iv16 = tkey->tx_iv16;
723                 u32 iv32 = tkey->tx_iv32;
724                 if (iv16 == 0)
725                         iv32--;
726                 iv16--;
727                 seq[0] = tkey->tx_iv16;
728                 seq[1] = tkey->tx_iv16 >> 8;
729                 seq[2] = tkey->tx_iv32;
730                 seq[3] = tkey->tx_iv32 >> 8;
731                 seq[4] = tkey->tx_iv32 >> 16;
732                 seq[5] = tkey->tx_iv32 >> 24;
733         }
734
735         return TKIP_KEY_LEN;
736 }
737
738 static char *ieee80211_tkip_print_stats(char *p, void *priv)
739 {
740         struct ieee80211_tkip_data *tkip = priv;
741         p += sprintf(p, "key[%d] alg=TKIP key_set=%d "
742                      "tx_pn=%02x%02x%02x%02x%02x%02x "
743                      "rx_pn=%02x%02x%02x%02x%02x%02x "
744                      "replays=%d icv_errors=%d local_mic_failures=%d\n",
745                      tkip->key_idx, tkip->key_set,
746                      (tkip->tx_iv32 >> 24) & 0xff,
747                      (tkip->tx_iv32 >> 16) & 0xff,
748                      (tkip->tx_iv32 >> 8) & 0xff,
749                      tkip->tx_iv32 & 0xff,
750                      (tkip->tx_iv16 >> 8) & 0xff,
751                      tkip->tx_iv16 & 0xff,
752                      (tkip->rx_iv32 >> 24) & 0xff,
753                      (tkip->rx_iv32 >> 16) & 0xff,
754                      (tkip->rx_iv32 >> 8) & 0xff,
755                      tkip->rx_iv32 & 0xff,
756                      (tkip->rx_iv16 >> 8) & 0xff,
757                      tkip->rx_iv16 & 0xff,
758                      tkip->dot11RSNAStatsTKIPReplays,
759                      tkip->dot11RSNAStatsTKIPICVErrors,
760                      tkip->dot11RSNAStatsTKIPLocalMICFailures);
761         return p;
762 }
763
764 static struct ieee80211_crypto_ops ieee80211_crypt_tkip = {
765         .name = "TKIP",
766         .init = ieee80211_tkip_init,
767         .deinit = ieee80211_tkip_deinit,
768         .build_iv = ieee80211_tkip_hdr,
769         .encrypt_mpdu = ieee80211_tkip_encrypt,
770         .decrypt_mpdu = ieee80211_tkip_decrypt,
771         .encrypt_msdu = ieee80211_michael_mic_add,
772         .decrypt_msdu = ieee80211_michael_mic_verify,
773         .set_key = ieee80211_tkip_set_key,
774         .get_key = ieee80211_tkip_get_key,
775         .print_stats = ieee80211_tkip_print_stats,
776         .extra_mpdu_prefix_len = 4 + 4, /* IV + ExtIV */
777         .extra_mpdu_postfix_len = 4,    /* ICV */
778         .extra_msdu_postfix_len = 8,    /* MIC */
779         .get_flags = ieee80211_tkip_get_flags,
780         .set_flags = ieee80211_tkip_set_flags,
781         .owner = THIS_MODULE,
782 };
783
784 static int __init ieee80211_crypto_tkip_init(void)
785 {
786         return ieee80211_register_crypto_ops(&ieee80211_crypt_tkip);
787 }
788
789 static void __exit ieee80211_crypto_tkip_exit(void)
790 {
791         ieee80211_unregister_crypto_ops(&ieee80211_crypt_tkip);
792 }
793
794 module_init(ieee80211_crypto_tkip_init);
795 module_exit(ieee80211_crypto_tkip_exit);