git.oblomov.eu Git - linux-2.6/blob - net/ieee80211/ieee80211_crypt_tkip.c

   1 /*
   2  * Host AP crypt: host-based TKIP encryption implementation for Host AP driver
   3  *
   4  * Copyright (c) 2003-2004, Jouni Malinen <jkmaline@cc.hut.fi>
   5  *
   6  * This program is free software; you can redistribute it and/or modify
   7  * it under the terms of the GNU General Public License version 2 as
   8  * published by the Free Software Foundation. See README and COPYING for
   9  * more details.
  10  */
  11
  12 #include <linux/config.h>
  13 #include <linux/version.h>
  14 #include <linux/module.h>
  15 #include <linux/init.h>
  16 #include <linux/slab.h>
  17 #include <linux/random.h>
  18 #include <linux/skbuff.h>
  19 #include <linux/netdevice.h>
  20 #include <linux/if_ether.h>
  21 #include <linux/if_arp.h>
  22 #include <asm/string.h>
  23
  24 #include <net/ieee80211.h>
  25
  26 #include <linux/crypto.h>
  27 #include <asm/scatterlist.h>
  28 #include <linux/crc32.h>
  29
  30 MODULE_AUTHOR("Jouni Malinen");
  31 MODULE_DESCRIPTION("Host AP crypt: TKIP");
  32 MODULE_LICENSE("GPL");
  33
  34 struct ieee80211_tkip_data {
  35 #define TKIP_KEY_LEN 32
  36         u8 key[TKIP_KEY_LEN];
  37         int key_set;
  38
  39         u32 tx_iv32;
  40         u16 tx_iv16;
  41         u16 tx_ttak[5];
  42         int tx_phase1_done;
  43
  44         u32 rx_iv32;
  45         u16 rx_iv16;
  46         u16 rx_ttak[5];
  47         int rx_phase1_done;
  48         u32 rx_iv32_new;
  49         u16 rx_iv16_new;
  50
  51         u32 dot11RSNAStatsTKIPReplays;
  52         u32 dot11RSNAStatsTKIPICVErrors;
  53         u32 dot11RSNAStatsTKIPLocalMICFailures;
  54
  55         int key_idx;
  56
  57         struct crypto_tfm *tfm_arc4;
  58         struct crypto_tfm *tfm_michael;
  59
  60         /* scratch buffers for virt_to_page() (crypto API) */
  61         u8 rx_hdr[16], tx_hdr[16];
  62 };
  63
  64 static void *ieee80211_tkip_init(int key_idx)
  65 {
  66         struct ieee80211_tkip_data *priv;
  67
  68         priv = kmalloc(sizeof(*priv), GFP_ATOMIC);
  69         if (priv == NULL)
  70                 goto fail;
  71         memset(priv, 0, sizeof(*priv));
  72         priv->key_idx = key_idx;
  73
  74         priv->tfm_arc4 = crypto_alloc_tfm("arc4", 0);
  75         if (priv->tfm_arc4 == NULL) {
  76                 printk(KERN_DEBUG "ieee80211_crypt_tkip: could not allocate "
  77                        "crypto API arc4\n");
  78                 goto fail;
  79         }
  80
  81         priv->tfm_michael = crypto_alloc_tfm("michael_mic", 0);
  82         if (priv->tfm_michael == NULL) {
  83                 printk(KERN_DEBUG "ieee80211_crypt_tkip: could not allocate "
  84                        "crypto API michael_mic\n");
  85                 goto fail;
  86         }
  87
  88         return priv;
  89
  90       fail:
  91         if (priv) {
  92                 if (priv->tfm_michael)
  93                         crypto_free_tfm(priv->tfm_michael);
  94                 if (priv->tfm_arc4)
  95                         crypto_free_tfm(priv->tfm_arc4);
  96                 kfree(priv);
  97         }
  98
  99         return NULL;
 100 }
 101
 102 static void ieee80211_tkip_deinit(void *priv)
 103 {
 104         struct ieee80211_tkip_data *_priv = priv;
 105         if (_priv && _priv->tfm_michael)
 106                 crypto_free_tfm(_priv->tfm_michael);
 107         if (_priv && _priv->tfm_arc4)
 108                 crypto_free_tfm(_priv->tfm_arc4);
 109         kfree(priv);
 110 }
 111
 112 static inline u16 RotR1(u16 val)
 113 {
 114         return (val >> 1) | (val << 15);
 115 }
 116
 117 static inline u8 Lo8(u16 val)
 118 {
 119         return val & 0xff;
 120 }
 121
 122 static inline u8 Hi8(u16 val)
 123 {
 124         return val >> 8;
 125 }
 126
 127 static inline u16 Lo16(u32 val)
 128 {
 129         return val & 0xffff;
 130 }
 131
 132 static inline u16 Hi16(u32 val)
 133 {
 134         return val >> 16;
 135 }
 136
 137 static inline u16 Mk16(u8 hi, u8 lo)
 138 {
 139         return lo | (((u16) hi) << 8);
 140 }
 141
 142 static inline u16 Mk16_le(u16 * v)
 143 {
 144         return le16_to_cpu(*v);
 145 }
 146
 147 static const u16 Sbox[256] = {
 148         0xC6A5, 0xF884, 0xEE99, 0xF68D, 0xFF0D, 0xD6BD, 0xDEB1, 0x9154,
 149         0x6050, 0x0203, 0xCEA9, 0x567D, 0xE719, 0xB562, 0x4DE6, 0xEC9A,
 150         0x8F45, 0x1F9D, 0x8940, 0xFA87, 0xEF15, 0xB2EB, 0x8EC9, 0xFB0B,
 151         0x41EC, 0xB367, 0x5FFD, 0x45EA, 0x23BF, 0x53F7, 0xE496, 0x9B5B,
 152         0x75C2, 0xE11C, 0x3DAE, 0x4C6A, 0x6C5A, 0x7E41, 0xF502, 0x834F,
 153         0x685C, 0x51F4, 0xD134, 0xF908, 0xE293, 0xAB73, 0x6253, 0x2A3F,
 154         0x080C, 0x9552, 0x4665, 0x9D5E, 0x3028, 0x37A1, 0x0A0F, 0x2FB5,
 155         0x0E09, 0x2436, 0x1B9B, 0xDF3D, 0xCD26, 0x4E69, 0x7FCD, 0xEA9F,
 156         0x121B, 0x1D9E, 0x5874, 0x342E, 0x362D, 0xDCB2, 0xB4EE, 0x5BFB,
 157         0xA4F6, 0x764D, 0xB761, 0x7DCE, 0x527B, 0xDD3E, 0x5E71, 0x1397,
 158         0xA6F5, 0xB968, 0x0000, 0xC12C, 0x4060, 0xE31F, 0x79C8, 0xB6ED,
 159         0xD4BE, 0x8D46, 0x67D9, 0x724B, 0x94DE, 0x98D4, 0xB0E8, 0x854A,
 160         0xBB6B, 0xC52A, 0x4FE5, 0xED16, 0x86C5, 0x9AD7, 0x6655, 0x1194,
 161         0x8ACF, 0xE910, 0x0406, 0xFE81, 0xA0F0, 0x7844, 0x25BA, 0x4BE3,
 162         0xA2F3, 0x5DFE, 0x80C0, 0x058A, 0x3FAD, 0x21BC, 0x7048, 0xF104,
 163         0x63DF, 0x77C1, 0xAF75, 0x4263, 0x2030, 0xE51A, 0xFD0E, 0xBF6D,
 164         0x814C, 0x1814, 0x2635, 0xC32F, 0xBEE1, 0x35A2, 0x88CC, 0x2E39,
 165         0x9357, 0x55F2, 0xFC82, 0x7A47, 0xC8AC, 0xBAE7, 0x322B, 0xE695,
 166         0xC0A0, 0x1998, 0x9ED1, 0xA37F, 0x4466, 0x547E, 0x3BAB, 0x0B83,
 167         0x8CCA, 0xC729, 0x6BD3, 0x283C, 0xA779, 0xBCE2, 0x161D, 0xAD76,
 168         0xDB3B, 0x6456, 0x744E, 0x141E, 0x92DB, 0x0C0A, 0x486C, 0xB8E4,
 169         0x9F5D, 0xBD6E, 0x43EF, 0xC4A6, 0x39A8, 0x31A4, 0xD337, 0xF28B,
 170         0xD532, 0x8B43, 0x6E59, 0xDAB7, 0x018C, 0xB164, 0x9CD2, 0x49E0,
 171         0xD8B4, 0xACFA, 0xF307, 0xCF25, 0xCAAF, 0xF48E, 0x47E9, 0x1018,
 172         0x6FD5, 0xF088, 0x4A6F, 0x5C72, 0x3824, 0x57F1, 0x73C7, 0x9751,
 173         0xCB23, 0xA17C, 0xE89C, 0x3E21, 0x96DD, 0x61DC, 0x0D86, 0x0F85,
 174         0xE090, 0x7C42, 0x71C4, 0xCCAA, 0x90D8, 0x0605, 0xF701, 0x1C12,
 175         0xC2A3, 0x6A5F, 0xAEF9, 0x69D0, 0x1791, 0x9958, 0x3A27, 0x27B9,
 176         0xD938, 0xEB13, 0x2BB3, 0x2233, 0xD2BB, 0xA970, 0x0789, 0x33A7,
 177         0x2DB6, 0x3C22, 0x1592, 0xC920, 0x8749, 0xAAFF, 0x5078, 0xA57A,
 178         0x038F, 0x59F8, 0x0980, 0x1A17, 0x65DA, 0xD731, 0x84C6, 0xD0B8,
 179         0x82C3, 0x29B0, 0x5A77, 0x1E11, 0x7BCB, 0xA8FC, 0x6DD6, 0x2C3A,
 180 };
 181
 182 static inline u16 _S_(u16 v)
 183 {
 184         u16 t = Sbox[Hi8(v)];
 185         return Sbox[Lo8(v)] ^ ((t << 8) | (t >> 8));
 186 }
 187
 188 #define PHASE1_LOOP_COUNT 8
 189
 190 static void tkip_mixing_phase1(u16 * TTAK, const u8 * TK, const u8 * TA,
 191                                u32 IV32)
 192 {
 193         int i, j;
 194
 195         /* Initialize the 80-bit TTAK from TSC (IV32) and TA[0..5] */
 196         TTAK[0] = Lo16(IV32);
 197         TTAK[1] = Hi16(IV32);
 198         TTAK[2] = Mk16(TA[1], TA[0]);
 199         TTAK[3] = Mk16(TA[3], TA[2]);
 200         TTAK[4] = Mk16(TA[5], TA[4]);
 201
 202         for (i = 0; i < PHASE1_LOOP_COUNT; i++) {
 203                 j = 2 * (i & 1);
 204                 TTAK[0] += _S_(TTAK[4] ^ Mk16(TK[1 + j], TK[0 + j]));
 205                 TTAK[1] += _S_(TTAK[0] ^ Mk16(TK[5 + j], TK[4 + j]));
 206                 TTAK[2] += _S_(TTAK[1] ^ Mk16(TK[9 + j], TK[8 + j]));
 207                 TTAK[3] += _S_(TTAK[2] ^ Mk16(TK[13 + j], TK[12 + j]));
 208                 TTAK[4] += _S_(TTAK[3] ^ Mk16(TK[1 + j], TK[0 + j])) + i;
 209         }
 210 }
 211
 212 static void tkip_mixing_phase2(u8 * WEPSeed, const u8 * TK, const u16 * TTAK,
 213                                u16 IV16)
 214 {
 215         /* Make temporary area overlap WEP seed so that the final copy can be
 216          * avoided on little endian hosts. */
 217         u16 *PPK = (u16 *) & WEPSeed[4];
 218
 219         /* Step 1 - make copy of TTAK and bring in TSC */
 220         PPK[0] = TTAK[0];
 221         PPK[1] = TTAK[1];
 222         PPK[2] = TTAK[2];
 223         PPK[3] = TTAK[3];
 224         PPK[4] = TTAK[4];
 225         PPK[5] = TTAK[4] + IV16;
 226
 227         /* Step 2 - 96-bit bijective mixing using S-box */
 228         PPK[0] += _S_(PPK[5] ^ Mk16_le((u16 *) & TK[0]));
 229         PPK[1] += _S_(PPK[0] ^ Mk16_le((u16 *) & TK[2]));
 230         PPK[2] += _S_(PPK[1] ^ Mk16_le((u16 *) & TK[4]));
 231         PPK[3] += _S_(PPK[2] ^ Mk16_le((u16 *) & TK[6]));
 232         PPK[4] += _S_(PPK[3] ^ Mk16_le((u16 *) & TK[8]));
 233         PPK[5] += _S_(PPK[4] ^ Mk16_le((u16 *) & TK[10]));
 234
 235         PPK[0] += RotR1(PPK[5] ^ Mk16_le((u16 *) & TK[12]));
 236         PPK[1] += RotR1(PPK[0] ^ Mk16_le((u16 *) & TK[14]));
 237         PPK[2] += RotR1(PPK[1]);
 238         PPK[3] += RotR1(PPK[2]);
 239         PPK[4] += RotR1(PPK[3]);
 240         PPK[5] += RotR1(PPK[4]);
 241
 242         /* Step 3 - bring in last of TK bits, assign 24-bit WEP IV value
 243          * WEPSeed[0..2] is transmitted as WEP IV */
 244         WEPSeed[0] = Hi8(IV16);
 245         WEPSeed[1] = (Hi8(IV16) | 0x20) & 0x7F;
 246         WEPSeed[2] = Lo8(IV16);
 247         WEPSeed[3] = Lo8((PPK[5] ^ Mk16_le((u16 *) & TK[0])) >> 1);
 248
 249 #ifdef __BIG_ENDIAN
 250         {
 251                 int i;
 252                 for (i = 0; i < 6; i++)
 253                         PPK[i] = (PPK[i] << 8) | (PPK[i] >> 8);
 254         }
 255 #endif
 256 }
 257
 258 static int ieee80211_tkip_encrypt(struct sk_buff *skb, int hdr_len, void *priv)
 259 {
 260         struct ieee80211_tkip_data *tkey = priv;
 261         int len;
 262         u8 rc4key[16], *pos, *icv;
 263         struct ieee80211_hdr *hdr;
 264         u32 crc;
 265         struct scatterlist sg;
 266
 267         if (skb_headroom(skb) < 8 || skb_tailroom(skb) < 4 ||
 268             skb->len < hdr_len)
 269                 return -1;
 270
 271         hdr = (struct ieee80211_hdr *)skb->data;
 272         if (!tkey->tx_phase1_done) {
 273                 tkip_mixing_phase1(tkey->tx_ttak, tkey->key, hdr->addr2,
 274                                    tkey->tx_iv32);
 275                 tkey->tx_phase1_done = 1;
 276         }
 277         tkip_mixing_phase2(rc4key, tkey->key, tkey->tx_ttak, tkey->tx_iv16);
 278
 279         len = skb->len - hdr_len;
 280         pos = skb_push(skb, 8);
 281         memmove(pos, pos + 8, hdr_len);
 282         pos += hdr_len;
 283         icv = skb_put(skb, 4);
 284
 285         *pos++ = rc4key[0];
 286         *pos++ = rc4key[1];
 287         *pos++ = rc4key[2];
 288         *pos++ = (tkey->key_idx << 6) | (1 << 5) /* Ext IV included */ ;
 289         *pos++ = tkey->tx_iv32 & 0xff;
 290         *pos++ = (tkey->tx_iv32 >> 8) & 0xff;
 291         *pos++ = (tkey->tx_iv32 >> 16) & 0xff;
 292         *pos++ = (tkey->tx_iv32 >> 24) & 0xff;
 293
 294         crc = ~crc32_le(~0, pos, len);
 295         icv[0] = crc;
 296         icv[1] = crc >> 8;
 297         icv[2] = crc >> 16;
 298         icv[3] = crc >> 24;
 299
 300         crypto_cipher_setkey(tkey->tfm_arc4, rc4key, 16);
 301         sg.page = virt_to_page(pos);
 302         sg.offset = offset_in_page(pos);
 303         sg.length = len + 4;
 304         crypto_cipher_encrypt(tkey->tfm_arc4, &sg, &sg, len + 4);
 305
 306         tkey->tx_iv16++;
 307         if (tkey->tx_iv16 == 0) {
 308                 tkey->tx_phase1_done = 0;
 309                 tkey->tx_iv32++;
 310         }
 311
 312         return 0;
 313 }
 314
 315 static int ieee80211_tkip_decrypt(struct sk_buff *skb, int hdr_len, void *priv)
 316 {
 317         struct ieee80211_tkip_data *tkey = priv;
 318         u8 rc4key[16];
 319         u8 keyidx, *pos;
 320         u32 iv32;
 321         u16 iv16;
 322         struct ieee80211_hdr *hdr;
 323         u8 icv[4];
 324         u32 crc;
 325         struct scatterlist sg;
 326         int plen;
 327
 328         if (skb->len < hdr_len + 8 + 4)
 329                 return -1;
 330
 331         hdr = (struct ieee80211_hdr *)skb->data;
 332         pos = skb->data + hdr_len;
 333         keyidx = pos[3];
 334         if (!(keyidx & (1 << 5))) {
 335                 if (net_ratelimit()) {
 336                         printk(KERN_DEBUG "TKIP: received packet without ExtIV"
 337                                " flag from " MAC_FMT "\n", MAC_ARG(hdr->addr2));
 338                 }
 339                 return -2;
 340         }
 341         keyidx >>= 6;
 342         if (tkey->key_idx != keyidx) {
 343                 printk(KERN_DEBUG "TKIP: RX tkey->key_idx=%d frame "
 344                        "keyidx=%d priv=%p\n", tkey->key_idx, keyidx, priv);
 345                 return -6;
 346         }
 347         if (!tkey->key_set) {
 348                 if (net_ratelimit()) {
 349                         printk(KERN_DEBUG "TKIP: received packet from " MAC_FMT
 350                                " with keyid=%d that does not have a configured"
 351                                " key\n", MAC_ARG(hdr->addr2), keyidx);
 352                 }
 353                 return -3;
 354         }
 355         iv16 = (pos[0] << 8) | pos[2];
 356         iv32 = pos[4] | (pos[5] << 8) | (pos[6] << 16) | (pos[7] << 24);
 357         pos += 8;
 358
 359         if (iv32 < tkey->rx_iv32 ||
 360             (iv32 == tkey->rx_iv32 && iv16 <= tkey->rx_iv16)) {
 361                 if (net_ratelimit()) {
 362                         printk(KERN_DEBUG "TKIP: replay detected: STA=" MAC_FMT
 363                                " previous TSC %08x%04x received TSC "
 364                                "%08x%04x\n", MAC_ARG(hdr->addr2),
 365                                tkey->rx_iv32, tkey->rx_iv16, iv32, iv16);
 366                 }
 367                 tkey->dot11RSNAStatsTKIPReplays++;
 368                 return -4;
 369         }
 370
 371         if (iv32 != tkey->rx_iv32 || !tkey->rx_phase1_done) {
 372                 tkip_mixing_phase1(tkey->rx_ttak, tkey->key, hdr->addr2, iv32);
 373                 tkey->rx_phase1_done = 1;
 374         }
 375         tkip_mixing_phase2(rc4key, tkey->key, tkey->rx_ttak, iv16);
 376
 377         plen = skb->len - hdr_len - 12;
 378
 379         crypto_cipher_setkey(tkey->tfm_arc4, rc4key, 16);
 380         sg.page = virt_to_page(pos);
 381         sg.offset = offset_in_page(pos);
 382         sg.length = plen + 4;
 383         crypto_cipher_decrypt(tkey->tfm_arc4, &sg, &sg, plen + 4);
 384
 385         crc = ~crc32_le(~0, pos, plen);
 386         icv[0] = crc;
 387         icv[1] = crc >> 8;
 388         icv[2] = crc >> 16;
 389         icv[3] = crc >> 24;
 390         if (memcmp(icv, pos + plen, 4) != 0) {
 391                 if (iv32 != tkey->rx_iv32) {
 392                         /* Previously cached Phase1 result was already lost, so
 393                          * it needs to be recalculated for the next packet. */
 394                         tkey->rx_phase1_done = 0;
 395                 }
 396                 if (net_ratelimit()) {
 397                         printk(KERN_DEBUG "TKIP: ICV error detected: STA="
 398                                MAC_FMT "\n", MAC_ARG(hdr->addr2));
 399                 }
 400                 tkey->dot11RSNAStatsTKIPICVErrors++;
 401                 return -5;
 402         }
 403
 404         /* Update real counters only after Michael MIC verification has
 405          * completed */
 406         tkey->rx_iv32_new = iv32;
 407         tkey->rx_iv16_new = iv16;
 408
 409         /* Remove IV and ICV */
 410         memmove(skb->data + 8, skb->data, hdr_len);
 411         skb_pull(skb, 8);
 412         skb_trim(skb, skb->len - 4);
 413
 414         return keyidx;
 415 }
 416
 417 static int michael_mic(struct ieee80211_tkip_data *tkey, u8 * key, u8 * hdr,
 418                        u8 * data, size_t data_len, u8 * mic)
 419 {
 420         struct scatterlist sg[2];
 421
 422         if (tkey->tfm_michael == NULL) {
 423                 printk(KERN_WARNING "michael_mic: tfm_michael == NULL\n");
 424                 return -1;
 425         }
 426         sg[0].page = virt_to_page(hdr);
 427         sg[0].offset = offset_in_page(hdr);
 428         sg[0].length = 16;
 429
 430         sg[1].page = virt_to_page(data);
 431         sg[1].offset = offset_in_page(data);
 432         sg[1].length = data_len;
 433
 434         crypto_digest_init(tkey->tfm_michael);
 435         crypto_digest_setkey(tkey->tfm_michael, key, 8);
 436         crypto_digest_update(tkey->tfm_michael, sg, 2);
 437         crypto_digest_final(tkey->tfm_michael, mic);
 438
 439         return 0;
 440 }
 441
 442 static void michael_mic_hdr(struct sk_buff *skb, u8 * hdr)
 443 {
 444         struct ieee80211_hdr *hdr11;
 445
 446         hdr11 = (struct ieee80211_hdr *)skb->data;
 447         switch (le16_to_cpu(hdr11->frame_ctl) &
 448                 (IEEE80211_FCTL_FROMDS | IEEE80211_FCTL_TODS)) {
 449         case IEEE80211_FCTL_TODS:
 450                 memcpy(hdr, hdr11->addr3, ETH_ALEN);    /* DA */
 451                 memcpy(hdr + ETH_ALEN, hdr11->addr2, ETH_ALEN); /* SA */
 452                 break;
 453         case IEEE80211_FCTL_FROMDS:
 454                 memcpy(hdr, hdr11->addr1, ETH_ALEN);    /* DA */
 455                 memcpy(hdr + ETH_ALEN, hdr11->addr3, ETH_ALEN); /* SA */
 456                 break;
 457         case IEEE80211_FCTL_FROMDS | IEEE80211_FCTL_TODS:
 458                 memcpy(hdr, hdr11->addr3, ETH_ALEN);    /* DA */
 459                 memcpy(hdr + ETH_ALEN, hdr11->addr4, ETH_ALEN); /* SA */
 460                 break;
 461         case 0:
 462                 memcpy(hdr, hdr11->addr1, ETH_ALEN);    /* DA */
 463                 memcpy(hdr + ETH_ALEN, hdr11->addr2, ETH_ALEN); /* SA */
 464                 break;
 465         }
 466
 467         hdr[12] = 0;            /* priority */
 468         hdr[13] = hdr[14] = hdr[15] = 0;        /* reserved */
 469 }
 470
 471 static int ieee80211_michael_mic_add(struct sk_buff *skb, int hdr_len,
 472                                      void *priv)
 473 {
 474         struct ieee80211_tkip_data *tkey = priv;
 475         u8 *pos;
 476
 477         if (skb_tailroom(skb) < 8 || skb->len < hdr_len) {
 478                 printk(KERN_DEBUG "Invalid packet for Michael MIC add "
 479                        "(tailroom=%d hdr_len=%d skb->len=%d)\n",
 480                        skb_tailroom(skb), hdr_len, skb->len);
 481                 return -1;
 482         }
 483
 484         michael_mic_hdr(skb, tkey->tx_hdr);
 485         pos = skb_put(skb, 8);
 486         if (michael_mic(tkey, &tkey->key[16], tkey->tx_hdr,
 487                         skb->data + hdr_len, skb->len - 8 - hdr_len, pos))
 488                 return -1;
 489
 490         return 0;
 491 }
 492
 493 #if WIRELESS_EXT >= 18
 494 static void ieee80211_michael_mic_failure(struct net_device *dev,
 495                                           struct ieee80211_hdr *hdr, int keyidx)
 496 {
 497         union iwreq_data wrqu;
 498         struct iw_michaelmicfailure ev;
 499
 500         /* TODO: needed parameters: count, keyid, key type, TSC */
 501         memset(&ev, 0, sizeof(ev));
 502         ev.flags = keyidx & IW_MICFAILURE_KEY_ID;
 503         if (hdr->addr1[0] & 0x01)
 504                 ev.flags |= IW_MICFAILURE_GROUP;
 505         else
 506                 ev.flags |= IW_MICFAILURE_PAIRWISE;
 507         ev.src_addr.sa_family = ARPHRD_ETHER;
 508         memcpy(ev.src_addr.sa_data, hdr->addr2, ETH_ALEN);
 509         memset(&wrqu, 0, sizeof(wrqu));
 510         wrqu.data.length = sizeof(ev);
 511         wireless_send_event(dev, IWEVMICHAELMICFAILURE, &wrqu, (char *)&ev);
 512 }
 513 #elif WIRELESS_EXT >= 15
 514 static void ieee80211_michael_mic_failure(struct net_device *dev,
 515                                           struct ieee80211_hdr *hdr, int keyidx)
 516 {
 517         union iwreq_data wrqu;
 518         char buf[128];
 519
 520         /* TODO: needed parameters: count, keyid, key type, TSC */
 521         sprintf(buf, "MLME-MICHAELMICFAILURE.indication(keyid=%d %scast addr="
 522                 MAC_FMT ")", keyidx, hdr->addr1[0] & 0x01 ? "broad" : "uni",
 523                 MAC_ARG(hdr->addr2));
 524         memset(&wrqu, 0, sizeof(wrqu));
 525         wrqu.data.length = strlen(buf);
 526         wireless_send_event(dev, IWEVCUSTOM, &wrqu, buf);
 527 }
 528 #else                           /* WIRELESS_EXT >= 15 */
 529 static inline void ieee80211_michael_mic_failure(struct net_device *dev,
 530                                                  struct ieee80211_hdr *hdr,
 531                                                  int keyidx)
 532 {
 533 }
 534 #endif                          /* WIRELESS_EXT >= 15 */
 535
 536 static int ieee80211_michael_mic_verify(struct sk_buff *skb, int keyidx,
 537                                         int hdr_len, void *priv)
 538 {
 539         struct ieee80211_tkip_data *tkey = priv;
 540         u8 mic[8];
 541
 542         if (!tkey->key_set)
 543                 return -1;
 544
 545         michael_mic_hdr(skb, tkey->rx_hdr);
 546         if (michael_mic(tkey, &tkey->key[24], tkey->rx_hdr,
 547                         skb->data + hdr_len, skb->len - 8 - hdr_len, mic))
 548                 return -1;
 549         if (memcmp(mic, skb->data + skb->len - 8, 8) != 0) {
 550                 struct ieee80211_hdr *hdr;
 551                 hdr = (struct ieee80211_hdr *)skb->data;
 552                 printk(KERN_DEBUG "%s: Michael MIC verification failed for "
 553                        "MSDU from " MAC_FMT " keyidx=%d\n",
 554                        skb->dev ? skb->dev->name : "N/A", MAC_ARG(hdr->addr2),
 555                        keyidx);
 556                 if (skb->dev)
 557                         ieee80211_michael_mic_failure(skb->dev, hdr, keyidx);
 558                 tkey->dot11RSNAStatsTKIPLocalMICFailures++;
 559                 return -1;
 560         }
 561
 562         /* Update TSC counters for RX now that the packet verification has
 563          * completed. */
 564         tkey->rx_iv32 = tkey->rx_iv32_new;
 565         tkey->rx_iv16 = tkey->rx_iv16_new;
 566
 567         skb_trim(skb, skb->len - 8);
 568
 569         return 0;
 570 }
 571
 572 static int ieee80211_tkip_set_key(void *key, int len, u8 * seq, void *priv)
 573 {
 574         struct ieee80211_tkip_data *tkey = priv;
 575         int keyidx;
 576         struct crypto_tfm *tfm = tkey->tfm_michael;
 577         struct crypto_tfm *tfm2 = tkey->tfm_arc4;
 578
 579         keyidx = tkey->key_idx;
 580         memset(tkey, 0, sizeof(*tkey));
 581         tkey->key_idx = keyidx;
 582         tkey->tfm_michael = tfm;
 583         tkey->tfm_arc4 = tfm2;
 584         if (len == TKIP_KEY_LEN) {
 585                 memcpy(tkey->key, key, TKIP_KEY_LEN);
 586                 tkey->key_set = 1;
 587                 tkey->tx_iv16 = 1;      /* TSC is initialized to 1 */
 588                 if (seq) {
 589                         tkey->rx_iv32 = (seq[5] << 24) | (seq[4] << 16) |
 590                             (seq[3] << 8) | seq[2];
 591                         tkey->rx_iv16 = (seq[1] << 8) | seq[0];
 592                 }
 593         } else if (len == 0)
 594                 tkey->key_set = 0;
 595         else
 596                 return -1;
 597
 598         return 0;
 599 }
 600
 601 static int ieee80211_tkip_get_key(void *key, int len, u8 * seq, void *priv)
 602 {
 603         struct ieee80211_tkip_data *tkey = priv;
 604
 605         if (len < TKIP_KEY_LEN)
 606                 return -1;
 607
 608         if (!tkey->key_set)
 609                 return 0;
 610         memcpy(key, tkey->key, TKIP_KEY_LEN);
 611
 612         if (seq) {
 613                 /* Return the sequence number of the last transmitted frame. */
 614                 u16 iv16 = tkey->tx_iv16;
 615                 u32 iv32 = tkey->tx_iv32;
 616                 if (iv16 == 0)
 617                         iv32--;
 618                 iv16--;
 619                 seq[0] = tkey->tx_iv16;
 620                 seq[1] = tkey->tx_iv16 >> 8;
 621                 seq[2] = tkey->tx_iv32;
 622                 seq[3] = tkey->tx_iv32 >> 8;
 623                 seq[4] = tkey->tx_iv32 >> 16;
 624                 seq[5] = tkey->tx_iv32 >> 24;
 625         }
 626
 627         return TKIP_KEY_LEN;
 628 }
 629
 630 static char *ieee80211_tkip_print_stats(char *p, void *priv)
 631 {
 632         struct ieee80211_tkip_data *tkip = priv;
 633         p += sprintf(p, "key[%d] alg=TKIP key_set=%d "
 634                      "tx_pn=%02x%02x%02x%02x%02x%02x "
 635                      "rx_pn=%02x%02x%02x%02x%02x%02x "
 636                      "replays=%d icv_errors=%d local_mic_failures=%d\n",
 637                      tkip->key_idx, tkip->key_set,
 638                      (tkip->tx_iv32 >> 24) & 0xff,
 639                      (tkip->tx_iv32 >> 16) & 0xff,
 640                      (tkip->tx_iv32 >> 8) & 0xff,
 641                      tkip->tx_iv32 & 0xff,
 642                      (tkip->tx_iv16 >> 8) & 0xff,
 643                      tkip->tx_iv16 & 0xff,
 644                      (tkip->rx_iv32 >> 24) & 0xff,
 645                      (tkip->rx_iv32 >> 16) & 0xff,
 646                      (tkip->rx_iv32 >> 8) & 0xff,
 647                      tkip->rx_iv32 & 0xff,
 648                      (tkip->rx_iv16 >> 8) & 0xff,
 649                      tkip->rx_iv16 & 0xff,
 650                      tkip->dot11RSNAStatsTKIPReplays,
 651                      tkip->dot11RSNAStatsTKIPICVErrors,
 652                      tkip->dot11RSNAStatsTKIPLocalMICFailures);
 653         return p;
 654 }
 655
 656 static struct ieee80211_crypto_ops ieee80211_crypt_tkip = {
 657         .name                   = "TKIP",
 658         .init                   = ieee80211_tkip_init,
 659         .deinit                 = ieee80211_tkip_deinit,
 660         .encrypt_mpdu           = ieee80211_tkip_encrypt,
 661         .decrypt_mpdu           = ieee80211_tkip_decrypt,
 662         .encrypt_msdu           = ieee80211_michael_mic_add,
 663         .decrypt_msdu           = ieee80211_michael_mic_verify,
 664         .set_key                = ieee80211_tkip_set_key,
 665         .get_key                = ieee80211_tkip_get_key,
 666         .print_stats            = ieee80211_tkip_print_stats,
 667         .extra_prefix_len       = 4 + 4,        /* IV + ExtIV */
 668         .extra_postfix_len      = 8 + 4,        /* MIC + ICV */
 669         .owner                  = THIS_MODULE,
 670 };
 671
 672 static int __init ieee80211_crypto_tkip_init(void)
 673 {
 674         return ieee80211_register_crypto_ops(&ieee80211_crypt_tkip);
 675 }
 676
 677 static void __exit ieee80211_crypto_tkip_exit(void)
 678 {
 679         ieee80211_unregister_crypto_ops(&ieee80211_crypt_tkip);
 680 }
 681
 682 module_init(ieee80211_crypto_tkip_init);
 683 module_exit(ieee80211_crypto_tkip_exit);