Merge branch 'for-2.6.30' of git://linux-nfs.org/~bfields/linux
[linux-2.6] / net / wireless / lib80211_crypt_tkip.c
1 /*
2  * lib80211 crypt: host-based TKIP encryption implementation for lib80211
3  *
4  * Copyright (c) 2003-2004, Jouni Malinen <j@w1.fi>
5  * Copyright (c) 2008, John W. Linville <linville@tuxdriver.com>
6  *
7  * This program is free software; you can redistribute it and/or modify
8  * it under the terms of the GNU General Public License version 2 as
9  * published by the Free Software Foundation. See README and COPYING for
10  * more details.
11  */
12
13 #include <linux/err.h>
14 #include <linux/module.h>
15 #include <linux/init.h>
16 #include <linux/slab.h>
17 #include <linux/random.h>
18 #include <linux/scatterlist.h>
19 #include <linux/skbuff.h>
20 #include <linux/netdevice.h>
21 #include <linux/mm.h>
22 #include <linux/if_ether.h>
23 #include <linux/if_arp.h>
24 #include <asm/string.h>
25
26 #include <linux/wireless.h>
27 #include <linux/ieee80211.h>
28 #include <net/iw_handler.h>
29
30 #include <linux/crypto.h>
31 #include <linux/crc32.h>
32
33 #include <net/lib80211.h>
34
35 MODULE_AUTHOR("Jouni Malinen");
36 MODULE_DESCRIPTION("lib80211 crypt: TKIP");
37 MODULE_LICENSE("GPL");
38
39 struct lib80211_tkip_data {
40 #define TKIP_KEY_LEN 32
41         u8 key[TKIP_KEY_LEN];
42         int key_set;
43
44         u32 tx_iv32;
45         u16 tx_iv16;
46         u16 tx_ttak[5];
47         int tx_phase1_done;
48
49         u32 rx_iv32;
50         u16 rx_iv16;
51         u16 rx_ttak[5];
52         int rx_phase1_done;
53         u32 rx_iv32_new;
54         u16 rx_iv16_new;
55
56         u32 dot11RSNAStatsTKIPReplays;
57         u32 dot11RSNAStatsTKIPICVErrors;
58         u32 dot11RSNAStatsTKIPLocalMICFailures;
59
60         int key_idx;
61
62         struct crypto_blkcipher *rx_tfm_arc4;
63         struct crypto_hash *rx_tfm_michael;
64         struct crypto_blkcipher *tx_tfm_arc4;
65         struct crypto_hash *tx_tfm_michael;
66
67         /* scratch buffers for virt_to_page() (crypto API) */
68         u8 rx_hdr[16], tx_hdr[16];
69
70         unsigned long flags;
71 };
72
73 static unsigned long lib80211_tkip_set_flags(unsigned long flags, void *priv)
74 {
75         struct lib80211_tkip_data *_priv = priv;
76         unsigned long old_flags = _priv->flags;
77         _priv->flags = flags;
78         return old_flags;
79 }
80
81 static unsigned long lib80211_tkip_get_flags(void *priv)
82 {
83         struct lib80211_tkip_data *_priv = priv;
84         return _priv->flags;
85 }
86
87 static void *lib80211_tkip_init(int key_idx)
88 {
89         struct lib80211_tkip_data *priv;
90
91         priv = kzalloc(sizeof(*priv), GFP_ATOMIC);
92         if (priv == NULL)
93                 goto fail;
94
95         priv->key_idx = key_idx;
96
97         priv->tx_tfm_arc4 = crypto_alloc_blkcipher("ecb(arc4)", 0,
98                                                 CRYPTO_ALG_ASYNC);
99         if (IS_ERR(priv->tx_tfm_arc4)) {
100                 printk(KERN_DEBUG "lib80211_crypt_tkip: could not allocate "
101                        "crypto API arc4\n");
102                 priv->tx_tfm_arc4 = NULL;
103                 goto fail;
104         }
105
106         priv->tx_tfm_michael = crypto_alloc_hash("michael_mic", 0,
107                                                  CRYPTO_ALG_ASYNC);
108         if (IS_ERR(priv->tx_tfm_michael)) {
109                 printk(KERN_DEBUG "lib80211_crypt_tkip: could not allocate "
110                        "crypto API michael_mic\n");
111                 priv->tx_tfm_michael = NULL;
112                 goto fail;
113         }
114
115         priv->rx_tfm_arc4 = crypto_alloc_blkcipher("ecb(arc4)", 0,
116                                                 CRYPTO_ALG_ASYNC);
117         if (IS_ERR(priv->rx_tfm_arc4)) {
118                 printk(KERN_DEBUG "lib80211_crypt_tkip: could not allocate "
119                        "crypto API arc4\n");
120                 priv->rx_tfm_arc4 = NULL;
121                 goto fail;
122         }
123
124         priv->rx_tfm_michael = crypto_alloc_hash("michael_mic", 0,
125                                                  CRYPTO_ALG_ASYNC);
126         if (IS_ERR(priv->rx_tfm_michael)) {
127                 printk(KERN_DEBUG "lib80211_crypt_tkip: could not allocate "
128                        "crypto API michael_mic\n");
129                 priv->rx_tfm_michael = NULL;
130                 goto fail;
131         }
132
133         return priv;
134
135       fail:
136         if (priv) {
137                 if (priv->tx_tfm_michael)
138                         crypto_free_hash(priv->tx_tfm_michael);
139                 if (priv->tx_tfm_arc4)
140                         crypto_free_blkcipher(priv->tx_tfm_arc4);
141                 if (priv->rx_tfm_michael)
142                         crypto_free_hash(priv->rx_tfm_michael);
143                 if (priv->rx_tfm_arc4)
144                         crypto_free_blkcipher(priv->rx_tfm_arc4);
145                 kfree(priv);
146         }
147
148         return NULL;
149 }
150
151 static void lib80211_tkip_deinit(void *priv)
152 {
153         struct lib80211_tkip_data *_priv = priv;
154         if (_priv) {
155                 if (_priv->tx_tfm_michael)
156                         crypto_free_hash(_priv->tx_tfm_michael);
157                 if (_priv->tx_tfm_arc4)
158                         crypto_free_blkcipher(_priv->tx_tfm_arc4);
159                 if (_priv->rx_tfm_michael)
160                         crypto_free_hash(_priv->rx_tfm_michael);
161                 if (_priv->rx_tfm_arc4)
162                         crypto_free_blkcipher(_priv->rx_tfm_arc4);
163         }
164         kfree(priv);
165 }
166
167 static inline u16 RotR1(u16 val)
168 {
169         return (val >> 1) | (val << 15);
170 }
171
172 static inline u8 Lo8(u16 val)
173 {
174         return val & 0xff;
175 }
176
177 static inline u8 Hi8(u16 val)
178 {
179         return val >> 8;
180 }
181
182 static inline u16 Lo16(u32 val)
183 {
184         return val & 0xffff;
185 }
186
187 static inline u16 Hi16(u32 val)
188 {
189         return val >> 16;
190 }
191
192 static inline u16 Mk16(u8 hi, u8 lo)
193 {
194         return lo | (((u16) hi) << 8);
195 }
196
197 static inline u16 Mk16_le(__le16 * v)
198 {
199         return le16_to_cpu(*v);
200 }
201
202 static const u16 Sbox[256] = {
203         0xC6A5, 0xF884, 0xEE99, 0xF68D, 0xFF0D, 0xD6BD, 0xDEB1, 0x9154,
204         0x6050, 0x0203, 0xCEA9, 0x567D, 0xE719, 0xB562, 0x4DE6, 0xEC9A,
205         0x8F45, 0x1F9D, 0x8940, 0xFA87, 0xEF15, 0xB2EB, 0x8EC9, 0xFB0B,
206         0x41EC, 0xB367, 0x5FFD, 0x45EA, 0x23BF, 0x53F7, 0xE496, 0x9B5B,
207         0x75C2, 0xE11C, 0x3DAE, 0x4C6A, 0x6C5A, 0x7E41, 0xF502, 0x834F,
208         0x685C, 0x51F4, 0xD134, 0xF908, 0xE293, 0xAB73, 0x6253, 0x2A3F,
209         0x080C, 0x9552, 0x4665, 0x9D5E, 0x3028, 0x37A1, 0x0A0F, 0x2FB5,
210         0x0E09, 0x2436, 0x1B9B, 0xDF3D, 0xCD26, 0x4E69, 0x7FCD, 0xEA9F,
211         0x121B, 0x1D9E, 0x5874, 0x342E, 0x362D, 0xDCB2, 0xB4EE, 0x5BFB,
212         0xA4F6, 0x764D, 0xB761, 0x7DCE, 0x527B, 0xDD3E, 0x5E71, 0x1397,
213         0xA6F5, 0xB968, 0x0000, 0xC12C, 0x4060, 0xE31F, 0x79C8, 0xB6ED,
214         0xD4BE, 0x8D46, 0x67D9, 0x724B, 0x94DE, 0x98D4, 0xB0E8, 0x854A,
215         0xBB6B, 0xC52A, 0x4FE5, 0xED16, 0x86C5, 0x9AD7, 0x6655, 0x1194,
216         0x8ACF, 0xE910, 0x0406, 0xFE81, 0xA0F0, 0x7844, 0x25BA, 0x4BE3,
217         0xA2F3, 0x5DFE, 0x80C0, 0x058A, 0x3FAD, 0x21BC, 0x7048, 0xF104,
218         0x63DF, 0x77C1, 0xAF75, 0x4263, 0x2030, 0xE51A, 0xFD0E, 0xBF6D,
219         0x814C, 0x1814, 0x2635, 0xC32F, 0xBEE1, 0x35A2, 0x88CC, 0x2E39,
220         0x9357, 0x55F2, 0xFC82, 0x7A47, 0xC8AC, 0xBAE7, 0x322B, 0xE695,
221         0xC0A0, 0x1998, 0x9ED1, 0xA37F, 0x4466, 0x547E, 0x3BAB, 0x0B83,
222         0x8CCA, 0xC729, 0x6BD3, 0x283C, 0xA779, 0xBCE2, 0x161D, 0xAD76,
223         0xDB3B, 0x6456, 0x744E, 0x141E, 0x92DB, 0x0C0A, 0x486C, 0xB8E4,
224         0x9F5D, 0xBD6E, 0x43EF, 0xC4A6, 0x39A8, 0x31A4, 0xD337, 0xF28B,
225         0xD532, 0x8B43, 0x6E59, 0xDAB7, 0x018C, 0xB164, 0x9CD2, 0x49E0,
226         0xD8B4, 0xACFA, 0xF307, 0xCF25, 0xCAAF, 0xF48E, 0x47E9, 0x1018,
227         0x6FD5, 0xF088, 0x4A6F, 0x5C72, 0x3824, 0x57F1, 0x73C7, 0x9751,
228         0xCB23, 0xA17C, 0xE89C, 0x3E21, 0x96DD, 0x61DC, 0x0D86, 0x0F85,
229         0xE090, 0x7C42, 0x71C4, 0xCCAA, 0x90D8, 0x0605, 0xF701, 0x1C12,
230         0xC2A3, 0x6A5F, 0xAEF9, 0x69D0, 0x1791, 0x9958, 0x3A27, 0x27B9,
231         0xD938, 0xEB13, 0x2BB3, 0x2233, 0xD2BB, 0xA970, 0x0789, 0x33A7,
232         0x2DB6, 0x3C22, 0x1592, 0xC920, 0x8749, 0xAAFF, 0x5078, 0xA57A,
233         0x038F, 0x59F8, 0x0980, 0x1A17, 0x65DA, 0xD731, 0x84C6, 0xD0B8,
234         0x82C3, 0x29B0, 0x5A77, 0x1E11, 0x7BCB, 0xA8FC, 0x6DD6, 0x2C3A,
235 };
236
237 static inline u16 _S_(u16 v)
238 {
239         u16 t = Sbox[Hi8(v)];
240         return Sbox[Lo8(v)] ^ ((t << 8) | (t >> 8));
241 }
242
243 #define PHASE1_LOOP_COUNT 8
244
245 static void tkip_mixing_phase1(u16 * TTAK, const u8 * TK, const u8 * TA,
246                                u32 IV32)
247 {
248         int i, j;
249
250         /* Initialize the 80-bit TTAK from TSC (IV32) and TA[0..5] */
251         TTAK[0] = Lo16(IV32);
252         TTAK[1] = Hi16(IV32);
253         TTAK[2] = Mk16(TA[1], TA[0]);
254         TTAK[3] = Mk16(TA[3], TA[2]);
255         TTAK[4] = Mk16(TA[5], TA[4]);
256
257         for (i = 0; i < PHASE1_LOOP_COUNT; i++) {
258                 j = 2 * (i & 1);
259                 TTAK[0] += _S_(TTAK[4] ^ Mk16(TK[1 + j], TK[0 + j]));
260                 TTAK[1] += _S_(TTAK[0] ^ Mk16(TK[5 + j], TK[4 + j]));
261                 TTAK[2] += _S_(TTAK[1] ^ Mk16(TK[9 + j], TK[8 + j]));
262                 TTAK[3] += _S_(TTAK[2] ^ Mk16(TK[13 + j], TK[12 + j]));
263                 TTAK[4] += _S_(TTAK[3] ^ Mk16(TK[1 + j], TK[0 + j])) + i;
264         }
265 }
266
267 static void tkip_mixing_phase2(u8 * WEPSeed, const u8 * TK, const u16 * TTAK,
268                                u16 IV16)
269 {
270         /* Make temporary area overlap WEP seed so that the final copy can be
271          * avoided on little endian hosts. */
272         u16 *PPK = (u16 *) & WEPSeed[4];
273
274         /* Step 1 - make copy of TTAK and bring in TSC */
275         PPK[0] = TTAK[0];
276         PPK[1] = TTAK[1];
277         PPK[2] = TTAK[2];
278         PPK[3] = TTAK[3];
279         PPK[4] = TTAK[4];
280         PPK[5] = TTAK[4] + IV16;
281
282         /* Step 2 - 96-bit bijective mixing using S-box */
283         PPK[0] += _S_(PPK[5] ^ Mk16_le((__le16 *) & TK[0]));
284         PPK[1] += _S_(PPK[0] ^ Mk16_le((__le16 *) & TK[2]));
285         PPK[2] += _S_(PPK[1] ^ Mk16_le((__le16 *) & TK[4]));
286         PPK[3] += _S_(PPK[2] ^ Mk16_le((__le16 *) & TK[6]));
287         PPK[4] += _S_(PPK[3] ^ Mk16_le((__le16 *) & TK[8]));
288         PPK[5] += _S_(PPK[4] ^ Mk16_le((__le16 *) & TK[10]));
289
290         PPK[0] += RotR1(PPK[5] ^ Mk16_le((__le16 *) & TK[12]));
291         PPK[1] += RotR1(PPK[0] ^ Mk16_le((__le16 *) & TK[14]));
292         PPK[2] += RotR1(PPK[1]);
293         PPK[3] += RotR1(PPK[2]);
294         PPK[4] += RotR1(PPK[3]);
295         PPK[5] += RotR1(PPK[4]);
296
297         /* Step 3 - bring in last of TK bits, assign 24-bit WEP IV value
298          * WEPSeed[0..2] is transmitted as WEP IV */
299         WEPSeed[0] = Hi8(IV16);
300         WEPSeed[1] = (Hi8(IV16) | 0x20) & 0x7F;
301         WEPSeed[2] = Lo8(IV16);
302         WEPSeed[3] = Lo8((PPK[5] ^ Mk16_le((__le16 *) & TK[0])) >> 1);
303
304 #ifdef __BIG_ENDIAN
305         {
306                 int i;
307                 for (i = 0; i < 6; i++)
308                         PPK[i] = (PPK[i] << 8) | (PPK[i] >> 8);
309         }
310 #endif
311 }
312
313 static int lib80211_tkip_hdr(struct sk_buff *skb, int hdr_len,
314                               u8 * rc4key, int keylen, void *priv)
315 {
316         struct lib80211_tkip_data *tkey = priv;
317         int len;
318         u8 *pos;
319         struct ieee80211_hdr *hdr;
320
321         hdr = (struct ieee80211_hdr *)skb->data;
322
323         if (skb_headroom(skb) < 8 || skb->len < hdr_len)
324                 return -1;
325
326         if (rc4key == NULL || keylen < 16)
327                 return -1;
328
329         if (!tkey->tx_phase1_done) {
330                 tkip_mixing_phase1(tkey->tx_ttak, tkey->key, hdr->addr2,
331                                    tkey->tx_iv32);
332                 tkey->tx_phase1_done = 1;
333         }
334         tkip_mixing_phase2(rc4key, tkey->key, tkey->tx_ttak, tkey->tx_iv16);
335
336         len = skb->len - hdr_len;
337         pos = skb_push(skb, 8);
338         memmove(pos, pos + 8, hdr_len);
339         pos += hdr_len;
340
341         *pos++ = *rc4key;
342         *pos++ = *(rc4key + 1);
343         *pos++ = *(rc4key + 2);
344         *pos++ = (tkey->key_idx << 6) | (1 << 5) /* Ext IV included */ ;
345         *pos++ = tkey->tx_iv32 & 0xff;
346         *pos++ = (tkey->tx_iv32 >> 8) & 0xff;
347         *pos++ = (tkey->tx_iv32 >> 16) & 0xff;
348         *pos++ = (tkey->tx_iv32 >> 24) & 0xff;
349
350         tkey->tx_iv16++;
351         if (tkey->tx_iv16 == 0) {
352                 tkey->tx_phase1_done = 0;
353                 tkey->tx_iv32++;
354         }
355
356         return 8;
357 }
358
359 static int lib80211_tkip_encrypt(struct sk_buff *skb, int hdr_len, void *priv)
360 {
361         struct lib80211_tkip_data *tkey = priv;
362         struct blkcipher_desc desc = { .tfm = tkey->tx_tfm_arc4 };
363         int len;
364         u8 rc4key[16], *pos, *icv;
365         u32 crc;
366         struct scatterlist sg;
367
368         if (tkey->flags & IEEE80211_CRYPTO_TKIP_COUNTERMEASURES) {
369                 if (net_ratelimit()) {
370                         struct ieee80211_hdr *hdr =
371                             (struct ieee80211_hdr *)skb->data;
372                         printk(KERN_DEBUG ": TKIP countermeasures: dropped "
373                                "TX packet to %pM\n", hdr->addr1);
374                 }
375                 return -1;
376         }
377
378         if (skb_tailroom(skb) < 4 || skb->len < hdr_len)
379                 return -1;
380
381         len = skb->len - hdr_len;
382         pos = skb->data + hdr_len;
383
384         if ((lib80211_tkip_hdr(skb, hdr_len, rc4key, 16, priv)) < 0)
385                 return -1;
386
387         icv = skb_put(skb, 4);
388
389         crc = ~crc32_le(~0, pos, len);
390         icv[0] = crc;
391         icv[1] = crc >> 8;
392         icv[2] = crc >> 16;
393         icv[3] = crc >> 24;
394
395         crypto_blkcipher_setkey(tkey->tx_tfm_arc4, rc4key, 16);
396         sg_init_one(&sg, pos, len + 4);
397         return crypto_blkcipher_encrypt(&desc, &sg, &sg, len + 4);
398 }
399
400 /*
401  * deal with seq counter wrapping correctly.
402  * refer to timer_after() for jiffies wrapping handling
403  */
404 static inline int tkip_replay_check(u32 iv32_n, u16 iv16_n,
405                                     u32 iv32_o, u16 iv16_o)
406 {
407         if ((s32)iv32_n - (s32)iv32_o < 0 ||
408             (iv32_n == iv32_o && iv16_n <= iv16_o))
409                 return 1;
410         return 0;
411 }
412
413 static int lib80211_tkip_decrypt(struct sk_buff *skb, int hdr_len, void *priv)
414 {
415         struct lib80211_tkip_data *tkey = priv;
416         struct blkcipher_desc desc = { .tfm = tkey->rx_tfm_arc4 };
417         u8 rc4key[16];
418         u8 keyidx, *pos;
419         u32 iv32;
420         u16 iv16;
421         struct ieee80211_hdr *hdr;
422         u8 icv[4];
423         u32 crc;
424         struct scatterlist sg;
425         int plen;
426
427         hdr = (struct ieee80211_hdr *)skb->data;
428
429         if (tkey->flags & IEEE80211_CRYPTO_TKIP_COUNTERMEASURES) {
430                 if (net_ratelimit()) {
431                         printk(KERN_DEBUG ": TKIP countermeasures: dropped "
432                                "received packet from %pM\n", hdr->addr2);
433                 }
434                 return -1;
435         }
436
437         if (skb->len < hdr_len + 8 + 4)
438                 return -1;
439
440         pos = skb->data + hdr_len;
441         keyidx = pos[3];
442         if (!(keyidx & (1 << 5))) {
443                 if (net_ratelimit()) {
444                         printk(KERN_DEBUG "TKIP: received packet without ExtIV"
445                                " flag from %pM\n", hdr->addr2);
446                 }
447                 return -2;
448         }
449         keyidx >>= 6;
450         if (tkey->key_idx != keyidx) {
451                 printk(KERN_DEBUG "TKIP: RX tkey->key_idx=%d frame "
452                        "keyidx=%d priv=%p\n", tkey->key_idx, keyidx, priv);
453                 return -6;
454         }
455         if (!tkey->key_set) {
456                 if (net_ratelimit()) {
457                         printk(KERN_DEBUG "TKIP: received packet from %pM"
458                                " with keyid=%d that does not have a configured"
459                                " key\n", hdr->addr2, keyidx);
460                 }
461                 return -3;
462         }
463         iv16 = (pos[0] << 8) | pos[2];
464         iv32 = pos[4] | (pos[5] << 8) | (pos[6] << 16) | (pos[7] << 24);
465         pos += 8;
466
467         if (tkip_replay_check(iv32, iv16, tkey->rx_iv32, tkey->rx_iv16)) {
468 #ifdef CONFIG_LIB80211_DEBUG
469                 if (net_ratelimit()) {
470                         printk(KERN_DEBUG "TKIP: replay detected: STA=%pM"
471                                " previous TSC %08x%04x received TSC "
472                                "%08x%04x\n", hdr->addr2,
473                                tkey->rx_iv32, tkey->rx_iv16, iv32, iv16);
474                 }
475 #endif
476                 tkey->dot11RSNAStatsTKIPReplays++;
477                 return -4;
478         }
479
480         if (iv32 != tkey->rx_iv32 || !tkey->rx_phase1_done) {
481                 tkip_mixing_phase1(tkey->rx_ttak, tkey->key, hdr->addr2, iv32);
482                 tkey->rx_phase1_done = 1;
483         }
484         tkip_mixing_phase2(rc4key, tkey->key, tkey->rx_ttak, iv16);
485
486         plen = skb->len - hdr_len - 12;
487
488         crypto_blkcipher_setkey(tkey->rx_tfm_arc4, rc4key, 16);
489         sg_init_one(&sg, pos, plen + 4);
490         if (crypto_blkcipher_decrypt(&desc, &sg, &sg, plen + 4)) {
491                 if (net_ratelimit()) {
492                         printk(KERN_DEBUG ": TKIP: failed to decrypt "
493                                "received packet from %pM\n",
494                                hdr->addr2);
495                 }
496                 return -7;
497         }
498
499         crc = ~crc32_le(~0, pos, plen);
500         icv[0] = crc;
501         icv[1] = crc >> 8;
502         icv[2] = crc >> 16;
503         icv[3] = crc >> 24;
504         if (memcmp(icv, pos + plen, 4) != 0) {
505                 if (iv32 != tkey->rx_iv32) {
506                         /* Previously cached Phase1 result was already lost, so
507                          * it needs to be recalculated for the next packet. */
508                         tkey->rx_phase1_done = 0;
509                 }
510 #ifdef CONFIG_LIB80211_DEBUG
511                 if (net_ratelimit()) {
512                         printk(KERN_DEBUG "TKIP: ICV error detected: STA="
513                                "%pM\n", hdr->addr2);
514                 }
515 #endif
516                 tkey->dot11RSNAStatsTKIPICVErrors++;
517                 return -5;
518         }
519
520         /* Update real counters only after Michael MIC verification has
521          * completed */
522         tkey->rx_iv32_new = iv32;
523         tkey->rx_iv16_new = iv16;
524
525         /* Remove IV and ICV */
526         memmove(skb->data + 8, skb->data, hdr_len);
527         skb_pull(skb, 8);
528         skb_trim(skb, skb->len - 4);
529
530         return keyidx;
531 }
532
533 static int michael_mic(struct crypto_hash *tfm_michael, u8 * key, u8 * hdr,
534                        u8 * data, size_t data_len, u8 * mic)
535 {
536         struct hash_desc desc;
537         struct scatterlist sg[2];
538
539         if (tfm_michael == NULL) {
540                 printk(KERN_WARNING "michael_mic: tfm_michael == NULL\n");
541                 return -1;
542         }
543         sg_init_table(sg, 2);
544         sg_set_buf(&sg[0], hdr, 16);
545         sg_set_buf(&sg[1], data, data_len);
546
547         if (crypto_hash_setkey(tfm_michael, key, 8))
548                 return -1;
549
550         desc.tfm = tfm_michael;
551         desc.flags = 0;
552         return crypto_hash_digest(&desc, sg, data_len + 16, mic);
553 }
554
555 static void michael_mic_hdr(struct sk_buff *skb, u8 * hdr)
556 {
557         struct ieee80211_hdr *hdr11;
558
559         hdr11 = (struct ieee80211_hdr *)skb->data;
560
561         switch (le16_to_cpu(hdr11->frame_control) &
562                 (IEEE80211_FCTL_FROMDS | IEEE80211_FCTL_TODS)) {
563         case IEEE80211_FCTL_TODS:
564                 memcpy(hdr, hdr11->addr3, ETH_ALEN);    /* DA */
565                 memcpy(hdr + ETH_ALEN, hdr11->addr2, ETH_ALEN); /* SA */
566                 break;
567         case IEEE80211_FCTL_FROMDS:
568                 memcpy(hdr, hdr11->addr1, ETH_ALEN);    /* DA */
569                 memcpy(hdr + ETH_ALEN, hdr11->addr3, ETH_ALEN); /* SA */
570                 break;
571         case IEEE80211_FCTL_FROMDS | IEEE80211_FCTL_TODS:
572                 memcpy(hdr, hdr11->addr3, ETH_ALEN);    /* DA */
573                 memcpy(hdr + ETH_ALEN, hdr11->addr4, ETH_ALEN); /* SA */
574                 break;
575         case 0:
576                 memcpy(hdr, hdr11->addr1, ETH_ALEN);    /* DA */
577                 memcpy(hdr + ETH_ALEN, hdr11->addr2, ETH_ALEN); /* SA */
578                 break;
579         }
580
581         if (ieee80211_is_data_qos(hdr11->frame_control)) {
582                 hdr[12] = le16_to_cpu(*ieee80211_get_qos_ctl(hdr11))
583                         & IEEE80211_QOS_CTL_TID_MASK;
584         } else
585                 hdr[12] = 0;            /* priority */
586
587         hdr[13] = hdr[14] = hdr[15] = 0;        /* reserved */
588 }
589
590 static int lib80211_michael_mic_add(struct sk_buff *skb, int hdr_len,
591                                      void *priv)
592 {
593         struct lib80211_tkip_data *tkey = priv;
594         u8 *pos;
595
596         if (skb_tailroom(skb) < 8 || skb->len < hdr_len) {
597                 printk(KERN_DEBUG "Invalid packet for Michael MIC add "
598                        "(tailroom=%d hdr_len=%d skb->len=%d)\n",
599                        skb_tailroom(skb), hdr_len, skb->len);
600                 return -1;
601         }
602
603         michael_mic_hdr(skb, tkey->tx_hdr);
604         pos = skb_put(skb, 8);
605         if (michael_mic(tkey->tx_tfm_michael, &tkey->key[16], tkey->tx_hdr,
606                         skb->data + hdr_len, skb->len - 8 - hdr_len, pos))
607                 return -1;
608
609         return 0;
610 }
611
612 static void lib80211_michael_mic_failure(struct net_device *dev,
613                                           struct ieee80211_hdr *hdr,
614                                           int keyidx)
615 {
616         union iwreq_data wrqu;
617         struct iw_michaelmicfailure ev;
618
619         /* TODO: needed parameters: count, keyid, key type, TSC */
620         memset(&ev, 0, sizeof(ev));
621         ev.flags = keyidx & IW_MICFAILURE_KEY_ID;
622         if (hdr->addr1[0] & 0x01)
623                 ev.flags |= IW_MICFAILURE_GROUP;
624         else
625                 ev.flags |= IW_MICFAILURE_PAIRWISE;
626         ev.src_addr.sa_family = ARPHRD_ETHER;
627         memcpy(ev.src_addr.sa_data, hdr->addr2, ETH_ALEN);
628         memset(&wrqu, 0, sizeof(wrqu));
629         wrqu.data.length = sizeof(ev);
630         wireless_send_event(dev, IWEVMICHAELMICFAILURE, &wrqu, (char *)&ev);
631 }
632
633 static int lib80211_michael_mic_verify(struct sk_buff *skb, int keyidx,
634                                         int hdr_len, void *priv)
635 {
636         struct lib80211_tkip_data *tkey = priv;
637         u8 mic[8];
638
639         if (!tkey->key_set)
640                 return -1;
641
642         michael_mic_hdr(skb, tkey->rx_hdr);
643         if (michael_mic(tkey->rx_tfm_michael, &tkey->key[24], tkey->rx_hdr,
644                         skb->data + hdr_len, skb->len - 8 - hdr_len, mic))
645                 return -1;
646         if (memcmp(mic, skb->data + skb->len - 8, 8) != 0) {
647                 struct ieee80211_hdr *hdr;
648                 hdr = (struct ieee80211_hdr *)skb->data;
649                 printk(KERN_DEBUG "%s: Michael MIC verification failed for "
650                        "MSDU from %pM keyidx=%d\n",
651                        skb->dev ? skb->dev->name : "N/A", hdr->addr2,
652                        keyidx);
653                 if (skb->dev)
654                         lib80211_michael_mic_failure(skb->dev, hdr, keyidx);
655                 tkey->dot11RSNAStatsTKIPLocalMICFailures++;
656                 return -1;
657         }
658
659         /* Update TSC counters for RX now that the packet verification has
660          * completed. */
661         tkey->rx_iv32 = tkey->rx_iv32_new;
662         tkey->rx_iv16 = tkey->rx_iv16_new;
663
664         skb_trim(skb, skb->len - 8);
665
666         return 0;
667 }
668
669 static int lib80211_tkip_set_key(void *key, int len, u8 * seq, void *priv)
670 {
671         struct lib80211_tkip_data *tkey = priv;
672         int keyidx;
673         struct crypto_hash *tfm = tkey->tx_tfm_michael;
674         struct crypto_blkcipher *tfm2 = tkey->tx_tfm_arc4;
675         struct crypto_hash *tfm3 = tkey->rx_tfm_michael;
676         struct crypto_blkcipher *tfm4 = tkey->rx_tfm_arc4;
677
678         keyidx = tkey->key_idx;
679         memset(tkey, 0, sizeof(*tkey));
680         tkey->key_idx = keyidx;
681         tkey->tx_tfm_michael = tfm;
682         tkey->tx_tfm_arc4 = tfm2;
683         tkey->rx_tfm_michael = tfm3;
684         tkey->rx_tfm_arc4 = tfm4;
685         if (len == TKIP_KEY_LEN) {
686                 memcpy(tkey->key, key, TKIP_KEY_LEN);
687                 tkey->key_set = 1;
688                 tkey->tx_iv16 = 1;      /* TSC is initialized to 1 */
689                 if (seq) {
690                         tkey->rx_iv32 = (seq[5] << 24) | (seq[4] << 16) |
691                             (seq[3] << 8) | seq[2];
692                         tkey->rx_iv16 = (seq[1] << 8) | seq[0];
693                 }
694         } else if (len == 0)
695                 tkey->key_set = 0;
696         else
697                 return -1;
698
699         return 0;
700 }
701
702 static int lib80211_tkip_get_key(void *key, int len, u8 * seq, void *priv)
703 {
704         struct lib80211_tkip_data *tkey = priv;
705
706         if (len < TKIP_KEY_LEN)
707                 return -1;
708
709         if (!tkey->key_set)
710                 return 0;
711         memcpy(key, tkey->key, TKIP_KEY_LEN);
712
713         if (seq) {
714                 /* Return the sequence number of the last transmitted frame. */
715                 u16 iv16 = tkey->tx_iv16;
716                 u32 iv32 = tkey->tx_iv32;
717                 if (iv16 == 0)
718                         iv32--;
719                 iv16--;
720                 seq[0] = tkey->tx_iv16;
721                 seq[1] = tkey->tx_iv16 >> 8;
722                 seq[2] = tkey->tx_iv32;
723                 seq[3] = tkey->tx_iv32 >> 8;
724                 seq[4] = tkey->tx_iv32 >> 16;
725                 seq[5] = tkey->tx_iv32 >> 24;
726         }
727
728         return TKIP_KEY_LEN;
729 }
730
731 static char *lib80211_tkip_print_stats(char *p, void *priv)
732 {
733         struct lib80211_tkip_data *tkip = priv;
734         p += sprintf(p, "key[%d] alg=TKIP key_set=%d "
735                      "tx_pn=%02x%02x%02x%02x%02x%02x "
736                      "rx_pn=%02x%02x%02x%02x%02x%02x "
737                      "replays=%d icv_errors=%d local_mic_failures=%d\n",
738                      tkip->key_idx, tkip->key_set,
739                      (tkip->tx_iv32 >> 24) & 0xff,
740                      (tkip->tx_iv32 >> 16) & 0xff,
741                      (tkip->tx_iv32 >> 8) & 0xff,
742                      tkip->tx_iv32 & 0xff,
743                      (tkip->tx_iv16 >> 8) & 0xff,
744                      tkip->tx_iv16 & 0xff,
745                      (tkip->rx_iv32 >> 24) & 0xff,
746                      (tkip->rx_iv32 >> 16) & 0xff,
747                      (tkip->rx_iv32 >> 8) & 0xff,
748                      tkip->rx_iv32 & 0xff,
749                      (tkip->rx_iv16 >> 8) & 0xff,
750                      tkip->rx_iv16 & 0xff,
751                      tkip->dot11RSNAStatsTKIPReplays,
752                      tkip->dot11RSNAStatsTKIPICVErrors,
753                      tkip->dot11RSNAStatsTKIPLocalMICFailures);
754         return p;
755 }
756
757 static struct lib80211_crypto_ops lib80211_crypt_tkip = {
758         .name = "TKIP",
759         .init = lib80211_tkip_init,
760         .deinit = lib80211_tkip_deinit,
761         .build_iv = lib80211_tkip_hdr,
762         .encrypt_mpdu = lib80211_tkip_encrypt,
763         .decrypt_mpdu = lib80211_tkip_decrypt,
764         .encrypt_msdu = lib80211_michael_mic_add,
765         .decrypt_msdu = lib80211_michael_mic_verify,
766         .set_key = lib80211_tkip_set_key,
767         .get_key = lib80211_tkip_get_key,
768         .print_stats = lib80211_tkip_print_stats,
769         .extra_mpdu_prefix_len = 4 + 4, /* IV + ExtIV */
770         .extra_mpdu_postfix_len = 4,    /* ICV */
771         .extra_msdu_postfix_len = 8,    /* MIC */
772         .get_flags = lib80211_tkip_get_flags,
773         .set_flags = lib80211_tkip_set_flags,
774         .owner = THIS_MODULE,
775 };
776
777 static int __init lib80211_crypto_tkip_init(void)
778 {
779         return lib80211_register_crypto_ops(&lib80211_crypt_tkip);
780 }
781
782 static void __exit lib80211_crypto_tkip_exit(void)
783 {
784         lib80211_unregister_crypto_ops(&lib80211_crypt_tkip);
785 }
786
787 module_init(lib80211_crypto_tkip_init);
788 module_exit(lib80211_crypto_tkip_exit);