2 * Host AP crypt: host-based TKIP encryption implementation for Host AP driver
4 * Copyright (c) 2003-2004, Jouni Malinen <jkmaline@cc.hut.fi>
6 * This program is free software; you can redistribute it and/or modify
7 * it under the terms of the GNU General Public License version 2 as
8 * published by the Free Software Foundation. See README and COPYING for
12 //#include <linux/config.h>
13 #include <linux/version.h>
14 #include <linux/module.h>
15 #include <linux/init.h>
16 #include <linux/slab.h>
17 #include <linux/random.h>
18 #include <linux/skbuff.h>
19 #include <linux/netdevice.h>
20 #include <linux/if_ether.h>
21 #include <linux/if_arp.h>
22 #include <asm/string.h>
24 #include "ieee80211.h"
27 #include <linux/crypto.h>
28 #include <linux/scatterlist.h>
30 #include <linux/crc32.h>
32 MODULE_AUTHOR("Jouni Malinen");
33 MODULE_DESCRIPTION("Host AP crypt: TKIP");
34 MODULE_LICENSE("GPL");
37 #define OPENSUSE_SLED 0
40 struct ieee80211_tkip_data {
41 #define TKIP_KEY_LEN 32
57 u32 dot11RSNAStatsTKIPReplays;
58 u32 dot11RSNAStatsTKIPICVErrors;
59 u32 dot11RSNAStatsTKIPLocalMICFailures;
62 struct crypto_blkcipher *rx_tfm_arc4;
63 struct crypto_hash *rx_tfm_michael;
64 struct crypto_blkcipher *tx_tfm_arc4;
65 struct crypto_hash *tx_tfm_michael;
66 /* scratch buffers for virt_to_page() (crypto API) */
67 u8 rx_hdr[16], tx_hdr[16];
70 static void * ieee80211_tkip_init(int key_idx)
72 struct ieee80211_tkip_data *priv;
74 priv = kzalloc(sizeof(*priv), GFP_ATOMIC);
77 priv->key_idx = key_idx;
78 priv->tx_tfm_arc4 = crypto_alloc_blkcipher("ecb(arc4)", 0,
80 if (IS_ERR(priv->tx_tfm_arc4)) {
81 printk(KERN_DEBUG "ieee80211_crypt_tkip: could not allocate "
83 priv->tx_tfm_arc4 = NULL;
87 priv->tx_tfm_michael = crypto_alloc_hash("michael_mic", 0,
89 if (IS_ERR(priv->tx_tfm_michael)) {
90 printk(KERN_DEBUG "ieee80211_crypt_tkip: could not allocate "
91 "crypto API michael_mic\n");
92 priv->tx_tfm_michael = NULL;
96 priv->rx_tfm_arc4 = crypto_alloc_blkcipher("ecb(arc4)", 0,
98 if (IS_ERR(priv->rx_tfm_arc4)) {
99 printk(KERN_DEBUG "ieee80211_crypt_tkip: could not allocate "
100 "crypto API arc4\n");
101 priv->rx_tfm_arc4 = NULL;
105 priv->rx_tfm_michael = crypto_alloc_hash("michael_mic", 0,
107 if (IS_ERR(priv->rx_tfm_michael)) {
108 printk(KERN_DEBUG "ieee80211_crypt_tkip: could not allocate "
109 "crypto API michael_mic\n");
110 priv->rx_tfm_michael = NULL;
117 if (priv->tx_tfm_michael)
118 crypto_free_hash(priv->tx_tfm_michael);
119 if (priv->tx_tfm_arc4)
120 crypto_free_blkcipher(priv->tx_tfm_arc4);
121 if (priv->rx_tfm_michael)
122 crypto_free_hash(priv->rx_tfm_michael);
123 if (priv->rx_tfm_arc4)
124 crypto_free_blkcipher(priv->rx_tfm_arc4);
132 static void ieee80211_tkip_deinit(void *priv)
134 struct ieee80211_tkip_data *_priv = priv;
136 if (_priv->tx_tfm_michael)
137 crypto_free_hash(_priv->tx_tfm_michael);
138 if (_priv->tx_tfm_arc4)
139 crypto_free_blkcipher(_priv->tx_tfm_arc4);
140 if (_priv->rx_tfm_michael)
141 crypto_free_hash(_priv->rx_tfm_michael);
142 if (_priv->rx_tfm_arc4)
143 crypto_free_blkcipher(_priv->rx_tfm_arc4);
149 static inline u16 RotR1(u16 val)
151 return (val >> 1) | (val << 15);
155 static inline u8 Lo8(u16 val)
161 static inline u8 Hi8(u16 val)
167 static inline u16 Lo16(u32 val)
173 static inline u16 Hi16(u32 val)
179 static inline u16 Mk16(u8 hi, u8 lo)
181 return lo | (((u16) hi) << 8);
185 static inline u16 Mk16_le(u16 *v)
187 return le16_to_cpu(*v);
191 static const u16 Sbox[256] =
193 0xC6A5, 0xF884, 0xEE99, 0xF68D, 0xFF0D, 0xD6BD, 0xDEB1, 0x9154,
194 0x6050, 0x0203, 0xCEA9, 0x567D, 0xE719, 0xB562, 0x4DE6, 0xEC9A,
195 0x8F45, 0x1F9D, 0x8940, 0xFA87, 0xEF15, 0xB2EB, 0x8EC9, 0xFB0B,
196 0x41EC, 0xB367, 0x5FFD, 0x45EA, 0x23BF, 0x53F7, 0xE496, 0x9B5B,
197 0x75C2, 0xE11C, 0x3DAE, 0x4C6A, 0x6C5A, 0x7E41, 0xF502, 0x834F,
198 0x685C, 0x51F4, 0xD134, 0xF908, 0xE293, 0xAB73, 0x6253, 0x2A3F,
199 0x080C, 0x9552, 0x4665, 0x9D5E, 0x3028, 0x37A1, 0x0A0F, 0x2FB5,
200 0x0E09, 0x2436, 0x1B9B, 0xDF3D, 0xCD26, 0x4E69, 0x7FCD, 0xEA9F,
201 0x121B, 0x1D9E, 0x5874, 0x342E, 0x362D, 0xDCB2, 0xB4EE, 0x5BFB,
202 0xA4F6, 0x764D, 0xB761, 0x7DCE, 0x527B, 0xDD3E, 0x5E71, 0x1397,
203 0xA6F5, 0xB968, 0x0000, 0xC12C, 0x4060, 0xE31F, 0x79C8, 0xB6ED,
204 0xD4BE, 0x8D46, 0x67D9, 0x724B, 0x94DE, 0x98D4, 0xB0E8, 0x854A,
205 0xBB6B, 0xC52A, 0x4FE5, 0xED16, 0x86C5, 0x9AD7, 0x6655, 0x1194,
206 0x8ACF, 0xE910, 0x0406, 0xFE81, 0xA0F0, 0x7844, 0x25BA, 0x4BE3,
207 0xA2F3, 0x5DFE, 0x80C0, 0x058A, 0x3FAD, 0x21BC, 0x7048, 0xF104,
208 0x63DF, 0x77C1, 0xAF75, 0x4263, 0x2030, 0xE51A, 0xFD0E, 0xBF6D,
209 0x814C, 0x1814, 0x2635, 0xC32F, 0xBEE1, 0x35A2, 0x88CC, 0x2E39,
210 0x9357, 0x55F2, 0xFC82, 0x7A47, 0xC8AC, 0xBAE7, 0x322B, 0xE695,
211 0xC0A0, 0x1998, 0x9ED1, 0xA37F, 0x4466, 0x547E, 0x3BAB, 0x0B83,
212 0x8CCA, 0xC729, 0x6BD3, 0x283C, 0xA779, 0xBCE2, 0x161D, 0xAD76,
213 0xDB3B, 0x6456, 0x744E, 0x141E, 0x92DB, 0x0C0A, 0x486C, 0xB8E4,
214 0x9F5D, 0xBD6E, 0x43EF, 0xC4A6, 0x39A8, 0x31A4, 0xD337, 0xF28B,
215 0xD532, 0x8B43, 0x6E59, 0xDAB7, 0x018C, 0xB164, 0x9CD2, 0x49E0,
216 0xD8B4, 0xACFA, 0xF307, 0xCF25, 0xCAAF, 0xF48E, 0x47E9, 0x1018,
217 0x6FD5, 0xF088, 0x4A6F, 0x5C72, 0x3824, 0x57F1, 0x73C7, 0x9751,
218 0xCB23, 0xA17C, 0xE89C, 0x3E21, 0x96DD, 0x61DC, 0x0D86, 0x0F85,
219 0xE090, 0x7C42, 0x71C4, 0xCCAA, 0x90D8, 0x0605, 0xF701, 0x1C12,
220 0xC2A3, 0x6A5F, 0xAEF9, 0x69D0, 0x1791, 0x9958, 0x3A27, 0x27B9,
221 0xD938, 0xEB13, 0x2BB3, 0x2233, 0xD2BB, 0xA970, 0x0789, 0x33A7,
222 0x2DB6, 0x3C22, 0x1592, 0xC920, 0x8749, 0xAAFF, 0x5078, 0xA57A,
223 0x038F, 0x59F8, 0x0980, 0x1A17, 0x65DA, 0xD731, 0x84C6, 0xD0B8,
224 0x82C3, 0x29B0, 0x5A77, 0x1E11, 0x7BCB, 0xA8FC, 0x6DD6, 0x2C3A,
228 static inline u16 _S_(u16 v)
230 u16 t = Sbox[Hi8(v)];
231 return Sbox[Lo8(v)] ^ ((t << 8) | (t >> 8));
235 #define PHASE1_LOOP_COUNT 8
238 static void tkip_mixing_phase1(u16 *TTAK, const u8 *TK, const u8 *TA, u32 IV32)
242 /* Initialize the 80-bit TTAK from TSC (IV32) and TA[0..5] */
243 TTAK[0] = Lo16(IV32);
244 TTAK[1] = Hi16(IV32);
245 TTAK[2] = Mk16(TA[1], TA[0]);
246 TTAK[3] = Mk16(TA[3], TA[2]);
247 TTAK[4] = Mk16(TA[5], TA[4]);
249 for (i = 0; i < PHASE1_LOOP_COUNT; i++) {
251 TTAK[0] += _S_(TTAK[4] ^ Mk16(TK[1 + j], TK[0 + j]));
252 TTAK[1] += _S_(TTAK[0] ^ Mk16(TK[5 + j], TK[4 + j]));
253 TTAK[2] += _S_(TTAK[1] ^ Mk16(TK[9 + j], TK[8 + j]));
254 TTAK[3] += _S_(TTAK[2] ^ Mk16(TK[13 + j], TK[12 + j]));
255 TTAK[4] += _S_(TTAK[3] ^ Mk16(TK[1 + j], TK[0 + j])) + i;
260 static void tkip_mixing_phase2(u8 *WEPSeed, const u8 *TK, const u16 *TTAK,
263 /* Make temporary area overlap WEP seed so that the final copy can be
264 * avoided on little endian hosts. */
265 u16 *PPK = (u16 *) &WEPSeed[4];
267 /* Step 1 - make copy of TTAK and bring in TSC */
273 PPK[5] = TTAK[4] + IV16;
275 /* Step 2 - 96-bit bijective mixing using S-box */
276 PPK[0] += _S_(PPK[5] ^ Mk16_le((u16 *) &TK[0]));
277 PPK[1] += _S_(PPK[0] ^ Mk16_le((u16 *) &TK[2]));
278 PPK[2] += _S_(PPK[1] ^ Mk16_le((u16 *) &TK[4]));
279 PPK[3] += _S_(PPK[2] ^ Mk16_le((u16 *) &TK[6]));
280 PPK[4] += _S_(PPK[3] ^ Mk16_le((u16 *) &TK[8]));
281 PPK[5] += _S_(PPK[4] ^ Mk16_le((u16 *) &TK[10]));
283 PPK[0] += RotR1(PPK[5] ^ Mk16_le((u16 *) &TK[12]));
284 PPK[1] += RotR1(PPK[0] ^ Mk16_le((u16 *) &TK[14]));
285 PPK[2] += RotR1(PPK[1]);
286 PPK[3] += RotR1(PPK[2]);
287 PPK[4] += RotR1(PPK[3]);
288 PPK[5] += RotR1(PPK[4]);
290 /* Step 3 - bring in last of TK bits, assign 24-bit WEP IV value
291 * WEPSeed[0..2] is transmitted as WEP IV */
292 WEPSeed[0] = Hi8(IV16);
293 WEPSeed[1] = (Hi8(IV16) | 0x20) & 0x7F;
294 WEPSeed[2] = Lo8(IV16);
295 WEPSeed[3] = Lo8((PPK[5] ^ Mk16_le((u16 *) &TK[0])) >> 1);
300 for (i = 0; i < 6; i++)
301 PPK[i] = (PPK[i] << 8) | (PPK[i] >> 8);
307 static int ieee80211_tkip_encrypt(struct sk_buff *skb, int hdr_len, void *priv)
309 struct ieee80211_tkip_data *tkey = priv;
312 struct ieee80211_hdr_4addr *hdr;
313 cb_desc *tcb_desc = (cb_desc *)(skb->cb + MAX_DEV_ADDR_SIZE);
315 struct blkcipher_desc desc = {.tfm = tkey->tx_tfm_arc4};
319 struct scatterlist sg;
321 if (skb_headroom(skb) < 8 || skb_tailroom(skb) < 4 ||
325 hdr = (struct ieee80211_hdr_4addr *) skb->data;
327 if (!tcb_desc->bHwSec)
329 if (!tkey->tx_phase1_done) {
330 tkip_mixing_phase1(tkey->tx_ttak, tkey->key, hdr->addr2,
332 tkey->tx_phase1_done = 1;
334 tkip_mixing_phase2(rc4key, tkey->key, tkey->tx_ttak, tkey->tx_iv16);
337 tkey->tx_phase1_done = 1;
340 len = skb->len - hdr_len;
341 pos = skb_push(skb, 8);
342 memmove(pos, pos + 8, hdr_len);
345 if (tcb_desc->bHwSec)
347 *pos++ = Hi8(tkey->tx_iv16);
348 *pos++ = (Hi8(tkey->tx_iv16) | 0x20) & 0x7F;
349 *pos++ = Lo8(tkey->tx_iv16);
358 *pos++ = (tkey->key_idx << 6) | (1 << 5) /* Ext IV included */;
359 *pos++ = tkey->tx_iv32 & 0xff;
360 *pos++ = (tkey->tx_iv32 >> 8) & 0xff;
361 *pos++ = (tkey->tx_iv32 >> 16) & 0xff;
362 *pos++ = (tkey->tx_iv32 >> 24) & 0xff;
364 if (!tcb_desc->bHwSec)
366 icv = skb_put(skb, 4);
367 crc = ~crc32_le(~0, pos, len);
372 crypto_blkcipher_setkey(tkey->tx_tfm_arc4, rc4key, 16);
373 sg_init_one(&sg, pos, len+4);
374 ret= crypto_blkcipher_encrypt(&desc, &sg, &sg, len + 4);
379 if (tkey->tx_iv16 == 0) {
380 tkey->tx_phase1_done = 0;
384 if (!tcb_desc->bHwSec)
392 static int ieee80211_tkip_decrypt(struct sk_buff *skb, int hdr_len, void *priv)
394 struct ieee80211_tkip_data *tkey = priv;
398 struct ieee80211_hdr_4addr *hdr;
399 cb_desc *tcb_desc = (cb_desc *)(skb->cb + MAX_DEV_ADDR_SIZE);
400 struct blkcipher_desc desc = {.tfm = tkey->rx_tfm_arc4};
404 struct scatterlist sg;
406 if (skb->len < hdr_len + 8 + 4)
409 hdr = (struct ieee80211_hdr_4addr *) skb->data;
410 pos = skb->data + hdr_len;
412 if (!(keyidx & (1 << 5))) {
413 if (net_ratelimit()) {
414 printk(KERN_DEBUG "TKIP: received packet without ExtIV"
415 " flag from %pM\n", hdr->addr2);
420 if (tkey->key_idx != keyidx) {
421 printk(KERN_DEBUG "TKIP: RX tkey->key_idx=%d frame "
422 "keyidx=%d priv=%p\n", tkey->key_idx, keyidx, priv);
425 if (!tkey->key_set) {
426 if (net_ratelimit()) {
427 printk(KERN_DEBUG "TKIP: received packet from %pM"
428 " with keyid=%d that does not have a configured"
429 " key\n", hdr->addr2, keyidx);
433 iv16 = (pos[0] << 8) | pos[2];
434 iv32 = pos[4] | (pos[5] << 8) | (pos[6] << 16) | (pos[7] << 24);
437 if (!tcb_desc->bHwSec)
439 if (iv32 < tkey->rx_iv32 ||
440 (iv32 == tkey->rx_iv32 && iv16 <= tkey->rx_iv16)) {
441 if (net_ratelimit()) {
442 printk(KERN_DEBUG "TKIP: replay detected: STA=%pM"
443 " previous TSC %08x%04x received TSC "
444 "%08x%04x\n", hdr->addr2,
445 tkey->rx_iv32, tkey->rx_iv16, iv32, iv16);
447 tkey->dot11RSNAStatsTKIPReplays++;
451 if (iv32 != tkey->rx_iv32 || !tkey->rx_phase1_done) {
452 tkip_mixing_phase1(tkey->rx_ttak, tkey->key, hdr->addr2, iv32);
453 tkey->rx_phase1_done = 1;
455 tkip_mixing_phase2(rc4key, tkey->key, tkey->rx_ttak, iv16);
457 plen = skb->len - hdr_len - 12;
459 crypto_blkcipher_setkey(tkey->rx_tfm_arc4, rc4key, 16);
460 sg_init_one(&sg, pos, plen+4);
461 if (crypto_blkcipher_decrypt(&desc, &sg, &sg, plen + 4)) {
462 if (net_ratelimit()) {
463 printk(KERN_DEBUG ": TKIP: failed to decrypt "
464 "received packet from %pM\n",
470 crc = ~crc32_le(~0, pos, plen);
476 if (memcmp(icv, pos + plen, 4) != 0) {
477 if (iv32 != tkey->rx_iv32) {
478 /* Previously cached Phase1 result was already lost, so
479 * it needs to be recalculated for the next packet. */
480 tkey->rx_phase1_done = 0;
482 if (net_ratelimit()) {
484 "TKIP: ICV error detected: STA=%pM\n",
487 tkey->dot11RSNAStatsTKIPICVErrors++;
493 /* Update real counters only after Michael MIC verification has
495 tkey->rx_iv32_new = iv32;
496 tkey->rx_iv16_new = iv16;
498 /* Remove IV and ICV */
499 memmove(skb->data + 8, skb->data, hdr_len);
501 skb_trim(skb, skb->len - 4);
507 static int michael_mic(struct crypto_hash *tfm_michael, u8 * key, u8 * hdr,
508 u8 * data, size_t data_len, u8 * mic)
510 struct hash_desc desc;
511 struct scatterlist sg[2];
513 if (tfm_michael == NULL) {
514 printk(KERN_WARNING "michael_mic: tfm_michael == NULL\n");
517 sg_init_table(sg, 2);
518 sg_set_buf(&sg[0], hdr, 16);
519 sg_set_buf(&sg[1], data, data_len);
521 if (crypto_hash_setkey(tfm_michael, key, 8))
524 desc.tfm = tfm_michael;
526 return crypto_hash_digest(&desc, sg, data_len + 16, mic);
531 static void michael_mic_hdr(struct sk_buff *skb, u8 *hdr)
533 struct ieee80211_hdr_4addr *hdr11;
535 hdr11 = (struct ieee80211_hdr_4addr *) skb->data;
536 switch (le16_to_cpu(hdr11->frame_ctl) &
537 (IEEE80211_FCTL_FROMDS | IEEE80211_FCTL_TODS)) {
538 case IEEE80211_FCTL_TODS:
539 memcpy(hdr, hdr11->addr3, ETH_ALEN); /* DA */
540 memcpy(hdr + ETH_ALEN, hdr11->addr2, ETH_ALEN); /* SA */
542 case IEEE80211_FCTL_FROMDS:
543 memcpy(hdr, hdr11->addr1, ETH_ALEN); /* DA */
544 memcpy(hdr + ETH_ALEN, hdr11->addr3, ETH_ALEN); /* SA */
546 case IEEE80211_FCTL_FROMDS | IEEE80211_FCTL_TODS:
547 memcpy(hdr, hdr11->addr3, ETH_ALEN); /* DA */
548 memcpy(hdr + ETH_ALEN, hdr11->addr4, ETH_ALEN); /* SA */
551 memcpy(hdr, hdr11->addr1, ETH_ALEN); /* DA */
552 memcpy(hdr + ETH_ALEN, hdr11->addr2, ETH_ALEN); /* SA */
556 hdr[12] = 0; /* priority */
558 hdr[13] = hdr[14] = hdr[15] = 0; /* reserved */
562 static int ieee80211_michael_mic_add(struct sk_buff *skb, int hdr_len, void *priv)
564 struct ieee80211_tkip_data *tkey = priv;
566 struct ieee80211_hdr_4addr *hdr;
568 hdr = (struct ieee80211_hdr_4addr *) skb->data;
570 if (skb_tailroom(skb) < 8 || skb->len < hdr_len) {
571 printk(KERN_DEBUG "Invalid packet for Michael MIC add "
572 "(tailroom=%d hdr_len=%d skb->len=%d)\n",
573 skb_tailroom(skb), hdr_len, skb->len);
577 michael_mic_hdr(skb, tkey->tx_hdr);
580 // fix the wpa process with wmm enabled.
581 if(IEEE80211_QOS_HAS_SEQ(le16_to_cpu(hdr->frame_ctl))) {
582 tkey->tx_hdr[12] = *(skb->data + hdr_len - 2) & 0x07;
585 pos = skb_put(skb, 8);
586 if (michael_mic(tkey->tx_tfm_michael, &tkey->key[16], tkey->tx_hdr,
587 skb->data + hdr_len, skb->len - 8 - hdr_len, pos))
594 #if WIRELESS_EXT >= 18
595 static void ieee80211_michael_mic_failure(struct net_device *dev,
596 struct ieee80211_hdr_4addr *hdr,
599 union iwreq_data wrqu;
600 struct iw_michaelmicfailure ev;
602 /* TODO: needed parameters: count, keyid, key type, TSC */
603 memset(&ev, 0, sizeof(ev));
604 ev.flags = keyidx & IW_MICFAILURE_KEY_ID;
605 if (hdr->addr1[0] & 0x01)
606 ev.flags |= IW_MICFAILURE_GROUP;
608 ev.flags |= IW_MICFAILURE_PAIRWISE;
609 ev.src_addr.sa_family = ARPHRD_ETHER;
610 memcpy(ev.src_addr.sa_data, hdr->addr2, ETH_ALEN);
611 memset(&wrqu, 0, sizeof(wrqu));
612 wrqu.data.length = sizeof(ev);
613 wireless_send_event(dev, IWEVMICHAELMICFAILURE, &wrqu, (char *) &ev);
615 #elif WIRELESS_EXT >= 15
616 static void ieee80211_michael_mic_failure(struct net_device *dev,
617 struct ieee80211_hdr_4addr *hdr,
620 union iwreq_data wrqu;
623 /* TODO: needed parameters: count, keyid, key type, TSC */
624 sprintf(buf, "MLME-MICHAELMICFAILURE.indication(keyid=%d %scast addr="
625 "%pM)", keyidx, hdr->addr1[0] & 0x01 ? "broad" : "uni",
627 memset(&wrqu, 0, sizeof(wrqu));
628 wrqu.data.length = strlen(buf);
629 wireless_send_event(dev, IWEVCUSTOM, &wrqu, buf);
631 #else /* WIRELESS_EXT >= 15 */
632 static inline void ieee80211_michael_mic_failure(struct net_device *dev,
633 struct ieee80211_hdr_4addr *hdr,
637 #endif /* WIRELESS_EXT >= 15 */
639 static int ieee80211_michael_mic_verify(struct sk_buff *skb, int keyidx,
640 int hdr_len, void *priv)
642 struct ieee80211_tkip_data *tkey = priv;
644 struct ieee80211_hdr_4addr *hdr;
646 hdr = (struct ieee80211_hdr_4addr *) skb->data;
651 michael_mic_hdr(skb, tkey->rx_hdr);
653 // fix the wpa process with wmm enabled.
654 if(IEEE80211_QOS_HAS_SEQ(le16_to_cpu(hdr->frame_ctl))) {
655 tkey->rx_hdr[12] = *(skb->data + hdr_len - 2) & 0x07;
659 if (michael_mic(tkey->rx_tfm_michael, &tkey->key[24], tkey->rx_hdr,
660 skb->data + hdr_len, skb->len - 8 - hdr_len, mic))
662 if (memcmp(mic, skb->data + skb->len - 8, 8) != 0) {
663 struct ieee80211_hdr_4addr *hdr;
664 hdr = (struct ieee80211_hdr_4addr *) skb->data;
665 printk(KERN_DEBUG "%s: Michael MIC verification failed for "
666 "MSDU from %pM keyidx=%d\n",
667 skb->dev ? skb->dev->name : "N/A", hdr->addr2,
670 ieee80211_michael_mic_failure(skb->dev, hdr, keyidx);
671 tkey->dot11RSNAStatsTKIPLocalMICFailures++;
675 /* Update TSC counters for RX now that the packet verification has
677 tkey->rx_iv32 = tkey->rx_iv32_new;
678 tkey->rx_iv16 = tkey->rx_iv16_new;
680 skb_trim(skb, skb->len - 8);
686 static int ieee80211_tkip_set_key(void *key, int len, u8 *seq, void *priv)
688 struct ieee80211_tkip_data *tkey = priv;
690 struct crypto_hash *tfm = tkey->tx_tfm_michael;
691 struct crypto_blkcipher *tfm2 = tkey->tx_tfm_arc4;
692 struct crypto_hash *tfm3 = tkey->rx_tfm_michael;
693 struct crypto_blkcipher *tfm4 = tkey->rx_tfm_arc4;
695 keyidx = tkey->key_idx;
696 memset(tkey, 0, sizeof(*tkey));
697 tkey->key_idx = keyidx;
698 tkey->tx_tfm_michael = tfm;
699 tkey->tx_tfm_arc4 = tfm2;
700 tkey->rx_tfm_michael = tfm3;
701 tkey->rx_tfm_arc4 = tfm4;
703 if (len == TKIP_KEY_LEN) {
704 memcpy(tkey->key, key, TKIP_KEY_LEN);
706 tkey->tx_iv16 = 1; /* TSC is initialized to 1 */
708 tkey->rx_iv32 = (seq[5] << 24) | (seq[4] << 16) |
709 (seq[3] << 8) | seq[2];
710 tkey->rx_iv16 = (seq[1] << 8) | seq[0];
721 static int ieee80211_tkip_get_key(void *key, int len, u8 *seq, void *priv)
723 struct ieee80211_tkip_data *tkey = priv;
725 if (len < TKIP_KEY_LEN)
730 memcpy(key, tkey->key, TKIP_KEY_LEN);
733 /* Return the sequence number of the last transmitted frame. */
734 u16 iv16 = tkey->tx_iv16;
735 u32 iv32 = tkey->tx_iv32;
739 seq[0] = tkey->tx_iv16;
740 seq[1] = tkey->tx_iv16 >> 8;
741 seq[2] = tkey->tx_iv32;
742 seq[3] = tkey->tx_iv32 >> 8;
743 seq[4] = tkey->tx_iv32 >> 16;
744 seq[5] = tkey->tx_iv32 >> 24;
751 static char * ieee80211_tkip_print_stats(char *p, void *priv)
753 struct ieee80211_tkip_data *tkip = priv;
754 p += sprintf(p, "key[%d] alg=TKIP key_set=%d "
755 "tx_pn=%02x%02x%02x%02x%02x%02x "
756 "rx_pn=%02x%02x%02x%02x%02x%02x "
757 "replays=%d icv_errors=%d local_mic_failures=%d\n",
758 tkip->key_idx, tkip->key_set,
759 (tkip->tx_iv32 >> 24) & 0xff,
760 (tkip->tx_iv32 >> 16) & 0xff,
761 (tkip->tx_iv32 >> 8) & 0xff,
762 tkip->tx_iv32 & 0xff,
763 (tkip->tx_iv16 >> 8) & 0xff,
764 tkip->tx_iv16 & 0xff,
765 (tkip->rx_iv32 >> 24) & 0xff,
766 (tkip->rx_iv32 >> 16) & 0xff,
767 (tkip->rx_iv32 >> 8) & 0xff,
768 tkip->rx_iv32 & 0xff,
769 (tkip->rx_iv16 >> 8) & 0xff,
770 tkip->rx_iv16 & 0xff,
771 tkip->dot11RSNAStatsTKIPReplays,
772 tkip->dot11RSNAStatsTKIPICVErrors,
773 tkip->dot11RSNAStatsTKIPLocalMICFailures);
778 static struct ieee80211_crypto_ops ieee80211_crypt_tkip = {
780 .init = ieee80211_tkip_init,
781 .deinit = ieee80211_tkip_deinit,
782 .encrypt_mpdu = ieee80211_tkip_encrypt,
783 .decrypt_mpdu = ieee80211_tkip_decrypt,
784 .encrypt_msdu = ieee80211_michael_mic_add,
785 .decrypt_msdu = ieee80211_michael_mic_verify,
786 .set_key = ieee80211_tkip_set_key,
787 .get_key = ieee80211_tkip_get_key,
788 .print_stats = ieee80211_tkip_print_stats,
789 .extra_prefix_len = 4 + 4, /* IV + ExtIV */
790 .extra_postfix_len = 8 + 4, /* MIC + ICV */
791 .owner = THIS_MODULE,
795 int __init ieee80211_crypto_tkip_init(void)
797 return ieee80211_register_crypto_ops(&ieee80211_crypt_tkip);
801 void ieee80211_crypto_tkip_exit(void)
803 ieee80211_unregister_crypto_ops(&ieee80211_crypt_tkip);
806 void ieee80211_tkip_null(void)
projects / kernel / linux-3.0.git / blob