search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
[IPV6] NDISC: Add proxy_ndp sysctl.
[hh.org.git] / net / ieee80211 / ieee80211_crypt_tkip.c
blob407a17495b61a13208e76eb749a5ca6872565390
1 /*
2 * Host AP crypt: host-based TKIP encryption implementation for Host AP driver
3 *
4 * Copyright (c) 2003-2004, Jouni Malinen <jkmaline@cc.hut.fi>
5 *
6 * This program is free software; you can redistribute it and/or modify
7 * it under the terms of the GNU General Public License version 2 as
8 * published by the Free Software Foundation. See README and COPYING for
9 * more details.
10 */
11
12 #include <linux/err.h>
13 #include <linux/module.h>
14 #include <linux/init.h>
15 #include <linux/slab.h>
16 #include <linux/random.h>
17 #include <linux/skbuff.h>
18 #include <linux/netdevice.h>
19 #include <linux/if_ether.h>
20 #include <linux/if_arp.h>
21 #include <asm/string.h>
22
23 #include <net/ieee80211.h>
24
25 #include <linux/crypto.h>
26 #include <asm/scatterlist.h>
27 #include <linux/crc32.h>
28
29 MODULE_AUTHOR("Jouni Malinen");
30 MODULE_DESCRIPTION("Host AP crypt: TKIP");
31 MODULE_LICENSE("GPL");
32
33 struct ieee80211_tkip_data {
34 #define TKIP_KEY_LEN 32
35 u8 key[TKIP_KEY_LEN];
36 int key_set;
37
38 u32 tx_iv32;
39 u16 tx_iv16;
40 u16 tx_ttak[5];
41 int tx_phase1_done;
42
43 u32 rx_iv32;
44 u16 rx_iv16;
45 u16 rx_ttak[5];
46 int rx_phase1_done;
47 u32 rx_iv32_new;
48 u16 rx_iv16_new;
49
50 u32 dot11RSNAStatsTKIPReplays;
51 u32 dot11RSNAStatsTKIPICVErrors;
52 u32 dot11RSNAStatsTKIPLocalMICFailures;
53
54 int key_idx;
55
56 struct crypto_blkcipher *tfm_arc4;
57 struct crypto_hash *tfm_michael;
58
59 /* scratch buffers for virt_to_page() (crypto API) */
60 u8 rx_hdr[16], tx_hdr[16];
61
62 unsigned long flags;
63 };
64
65 static unsigned long ieee80211_tkip_set_flags(unsigned long flags, void *priv)
66 {
67 struct ieee80211_tkip_data *_priv = priv;
68 unsigned long old_flags = _priv->flags;
69 _priv->flags = flags;
70 return old_flags;
71 }
72
73 static unsigned long ieee80211_tkip_get_flags(void *priv)
74 {
75 struct ieee80211_tkip_data *_priv = priv;
76 return _priv->flags;
77 }
78
79 static void *ieee80211_tkip_init(int key_idx)
80 {
81 struct ieee80211_tkip_data *priv;
82
83 priv = kzalloc(sizeof(*priv), GFP_ATOMIC);
84 if (priv == NULL)
85 goto fail;
86
87 priv->key_idx = key_idx;
88
89 priv->tfm_arc4 = crypto_alloc_blkcipher("ecb(arc4)", 0,
90 CRYPTO_ALG_ASYNC);
91 if (IS_ERR(priv->tfm_arc4)) {
92 printk(KERN_DEBUG "ieee80211_crypt_tkip: could not allocate "
93 "crypto API arc4\n");
94 priv->tfm_arc4 = NULL;
95 goto fail;
96 }
97
98 priv->tfm_michael = crypto_alloc_hash("michael_mic", 0,
99 CRYPTO_ALG_ASYNC);
100 if (IS_ERR(priv->tfm_michael)) {
101 printk(KERN_DEBUG "ieee80211_crypt_tkip: could not allocate "
102 "crypto API michael_mic\n");
103 priv->tfm_michael = NULL;
104 goto fail;
105 }
106
107 return priv;
108
109 fail:
110 if (priv) {
111 if (priv->tfm_michael)
112 crypto_free_hash(priv->tfm_michael);
113 if (priv->tfm_arc4)
114 crypto_free_blkcipher(priv->tfm_arc4);
115 kfree(priv);
116 }
117
118 return NULL;
119 }
120
121 static void ieee80211_tkip_deinit(void *priv)
122 {
123 struct ieee80211_tkip_data *_priv = priv;
124 if (_priv && _priv->tfm_michael)
125 crypto_free_hash(_priv->tfm_michael);
126 if (_priv && _priv->tfm_arc4)
127 crypto_free_blkcipher(_priv->tfm_arc4);
128 kfree(priv);
129 }
130
131 static inline u16 RotR1(u16 val)
132 {
133 return (val >> 1) | (val << 15);
134 }
135
136 static inline u8 Lo8(u16 val)
137 {
138 return val & 0xff;
139 }
140
141 static inline u8 Hi8(u16 val)
142 {
143 return val >> 8;
144 }
145
146 static inline u16 Lo16(u32 val)
147 {
148 return val & 0xffff;
149 }
150
151 static inline u16 Hi16(u32 val)
152 {
153 return val >> 16;
154 }
155
156 static inline u16 Mk16(u8 hi, u8 lo)
157 {
158 return lo | (((u16) hi) << 8);
159 }
160
161 static inline u16 Mk16_le(u16 * v)
162 {
163 return le16_to_cpu(*v);
164 }
165
166 static const u16 Sbox[256] = {
167 0xC6A5, 0xF884, 0xEE99, 0xF68D, 0xFF0D, 0xD6BD, 0xDEB1, 0x9154,
168 0x6050, 0x0203, 0xCEA9, 0x567D, 0xE719, 0xB562, 0x4DE6, 0xEC9A,
169 0x8F45, 0x1F9D, 0x8940, 0xFA87, 0xEF15, 0xB2EB, 0x8EC9, 0xFB0B,
170 0x41EC, 0xB367, 0x5FFD, 0x45EA, 0x23BF, 0x53F7, 0xE496, 0x9B5B,
171 0x75C2, 0xE11C, 0x3DAE, 0x4C6A, 0x6C5A, 0x7E41, 0xF502, 0x834F,
172 0x685C, 0x51F4, 0xD134, 0xF908, 0xE293, 0xAB73, 0x6253, 0x2A3F,
173 0x080C, 0x9552, 0x4665, 0x9D5E, 0x3028, 0x37A1, 0x0A0F, 0x2FB5,
174 0x0E09, 0x2436, 0x1B9B, 0xDF3D, 0xCD26, 0x4E69, 0x7FCD, 0xEA9F,
175 0x121B, 0x1D9E, 0x5874, 0x342E, 0x362D, 0xDCB2, 0xB4EE, 0x5BFB,
176 0xA4F6, 0x764D, 0xB761, 0x7DCE, 0x527B, 0xDD3E, 0x5E71, 0x1397,
177 0xA6F5, 0xB968, 0x0000, 0xC12C, 0x4060, 0xE31F, 0x79C8, 0xB6ED,
178 0xD4BE, 0x8D46, 0x67D9, 0x724B, 0x94DE, 0x98D4, 0xB0E8, 0x854A,
179 0xBB6B, 0xC52A, 0x4FE5, 0xED16, 0x86C5, 0x9AD7, 0x6655, 0x1194,
180 0x8ACF, 0xE910, 0x0406, 0xFE81, 0xA0F0, 0x7844, 0x25BA, 0x4BE3,
181 0xA2F3, 0x5DFE, 0x80C0, 0x058A, 0x3FAD, 0x21BC, 0x7048, 0xF104,
182 0x63DF, 0x77C1, 0xAF75, 0x4263, 0x2030, 0xE51A, 0xFD0E, 0xBF6D,
183 0x814C, 0x1814, 0x2635, 0xC32F, 0xBEE1, 0x35A2, 0x88CC, 0x2E39,
184 0x9357, 0x55F2, 0xFC82, 0x7A47, 0xC8AC, 0xBAE7, 0x322B, 0xE695,
185 0xC0A0, 0x1998, 0x9ED1, 0xA37F, 0x4466, 0x547E, 0x3BAB, 0x0B83,
186 0x8CCA, 0xC729, 0x6BD3, 0x283C, 0xA779, 0xBCE2, 0x161D, 0xAD76,
187 0xDB3B, 0x6456, 0x744E, 0x141E, 0x92DB, 0x0C0A, 0x486C, 0xB8E4,
188 0x9F5D, 0xBD6E, 0x43EF, 0xC4A6, 0x39A8, 0x31A4, 0xD337, 0xF28B,
189 0xD532, 0x8B43, 0x6E59, 0xDAB7, 0x018C, 0xB164, 0x9CD2, 0x49E0,
190 0xD8B4, 0xACFA, 0xF307, 0xCF25, 0xCAAF, 0xF48E, 0x47E9, 0x1018,
191 0x6FD5, 0xF088, 0x4A6F, 0x5C72, 0x3824, 0x57F1, 0x73C7, 0x9751,
192 0xCB23, 0xA17C, 0xE89C, 0x3E21, 0x96DD, 0x61DC, 0x0D86, 0x0F85,
193 0xE090, 0x7C42, 0x71C4, 0xCCAA, 0x90D8, 0x0605, 0xF701, 0x1C12,
194 0xC2A3, 0x6A5F, 0xAEF9, 0x69D0, 0x1791, 0x9958, 0x3A27, 0x27B9,
195 0xD938, 0xEB13, 0x2BB3, 0x2233, 0xD2BB, 0xA970, 0x0789, 0x33A7,
196 0x2DB6, 0x3C22, 0x1592, 0xC920, 0x8749, 0xAAFF, 0x5078, 0xA57A,
197 0x038F, 0x59F8, 0x0980, 0x1A17, 0x65DA, 0xD731, 0x84C6, 0xD0B8,
198 0x82C3, 0x29B0, 0x5A77, 0x1E11, 0x7BCB, 0xA8FC, 0x6DD6, 0x2C3A,
199 };
200
201 static inline u16 _S_(u16 v)
202 {
203 u16 t = Sbox[Hi8(v)];
204 return Sbox[Lo8(v)] ^ ((t << 8) | (t >> 8));
205 }
206
207 #define PHASE1_LOOP_COUNT 8
208
209 static void tkip_mixing_phase1(u16 * TTAK, const u8 * TK, const u8 * TA,
210 u32 IV32)
211 {
212 int i, j;
213
214 /* Initialize the 80-bit TTAK from TSC (IV32) and TA[0..5] */
215 TTAK[0] = Lo16(IV32);
216 TTAK[1] = Hi16(IV32);
217 TTAK[2] = Mk16(TA[1], TA[0]);
218 TTAK[3] = Mk16(TA[3], TA[2]);
219 TTAK[4] = Mk16(TA[5], TA[4]);
220
221 for (i = 0; i < PHASE1_LOOP_COUNT; i++) {
222 j = 2 * (i & 1);
223 TTAK[0] += _S_(TTAK[4] ^ Mk16(TK[1 + j], TK[0 + j]));
224 TTAK[1] += _S_(TTAK[0] ^ Mk16(TK[5 + j], TK[4 + j]));
225 TTAK[2] += _S_(TTAK[1] ^ Mk16(TK[9 + j], TK[8 + j]));
226 TTAK[3] += _S_(TTAK[2] ^ Mk16(TK[13 + j], TK[12 + j]));
227 TTAK[4] += _S_(TTAK[3] ^ Mk16(TK[1 + j], TK[0 + j])) + i;
228 }
229 }
230
231 static void tkip_mixing_phase2(u8 * WEPSeed, const u8 * TK, const u16 * TTAK,
232 u16 IV16)
233 {
234 /* Make temporary area overlap WEP seed so that the final copy can be
235 * avoided on little endian hosts. */
236 u16 *PPK = (u16 *) & WEPSeed[4];
237
238 /* Step 1 - make copy of TTAK and bring in TSC */
239 PPK[0] = TTAK[0];
240 PPK[1] = TTAK[1];
241 PPK[2] = TTAK[2];
242 PPK[3] = TTAK[3];
243 PPK[4] = TTAK[4];
244 PPK[5] = TTAK[4] + IV16;
245
246 /* Step 2 - 96-bit bijective mixing using S-box */
247 PPK[0] += _S_(PPK[5] ^ Mk16_le((u16 *) & TK[0]));
248 PPK[1] += _S_(PPK[0] ^ Mk16_le((u16 *) & TK[2]));
249 PPK[2] += _S_(PPK[1] ^ Mk16_le((u16 *) & TK[4]));
250 PPK[3] += _S_(PPK[2] ^ Mk16_le((u16 *) & TK[6]));
251 PPK[4] += _S_(PPK[3] ^ Mk16_le((u16 *) & TK[8]));
252 PPK[5] += _S_(PPK[4] ^ Mk16_le((u16 *) & TK[10]));
253
254 PPK[0] += RotR1(PPK[5] ^ Mk16_le((u16 *) & TK[12]));
255 PPK[1] += RotR1(PPK[0] ^ Mk16_le((u16 *) & TK[14]));
256 PPK[2] += RotR1(PPK[1]);
257 PPK[3] += RotR1(PPK[2]);
258 PPK[4] += RotR1(PPK[3]);
259 PPK[5] += RotR1(PPK[4]);
260
261 /* Step 3 - bring in last of TK bits, assign 24-bit WEP IV value
262 * WEPSeed[0..2] is transmitted as WEP IV */
263 WEPSeed[0] = Hi8(IV16);
264 WEPSeed[1] = (Hi8(IV16) | 0x20) & 0x7F;
265 WEPSeed[2] = Lo8(IV16);
266 WEPSeed[3] = Lo8((PPK[5] ^ Mk16_le((u16 *) & TK[0])) >> 1);
267
268 #ifdef __BIG_ENDIAN
269 {
270 int i;
271 for (i = 0; i < 6; i++)
272 PPK[i] = (PPK[i] << 8) | (PPK[i] >> 8);
273 }
274 #endif
275 }
276
277 static int ieee80211_tkip_hdr(struct sk_buff *skb, int hdr_len,
278 u8 * rc4key, int keylen, void *priv)
279 {
280 struct ieee80211_tkip_data *tkey = priv;
281 int len;
282 u8 *pos;
283 struct ieee80211_hdr_4addr *hdr;
284
285 hdr = (struct ieee80211_hdr_4addr *)skb->data;
286
287 if (skb_headroom(skb) < 8 || skb->len < hdr_len)
288 return -1;
289
290 if (rc4key == NULL || keylen < 16)
291 return -1;
292
293 if (!tkey->tx_phase1_done) {
294 tkip_mixing_phase1(tkey->tx_ttak, tkey->key, hdr->addr2,
295 tkey->tx_iv32);
296 tkey->tx_phase1_done = 1;
297 }
298 tkip_mixing_phase2(rc4key, tkey->key, tkey->tx_ttak, tkey->tx_iv16);
299
300 len = skb->len - hdr_len;
301 pos = skb_push(skb, 8);
302 memmove(pos, pos + 8, hdr_len);
303 pos += hdr_len;
304
305 *pos++ = *rc4key;
306 *pos++ = *(rc4key + 1);
307 *pos++ = *(rc4key + 2);
308 *pos++ = (tkey->key_idx << 6) | (1 << 5) /* Ext IV included */ ;
309 *pos++ = tkey->tx_iv32 & 0xff;
310 *pos++ = (tkey->tx_iv32 >> 8) & 0xff;
311 *pos++ = (tkey->tx_iv32 >> 16) & 0xff;
312 *pos++ = (tkey->tx_iv32 >> 24) & 0xff;
313
314 tkey->tx_iv16++;
315 if (tkey->tx_iv16 == 0) {
316 tkey->tx_phase1_done = 0;
317 tkey->tx_iv32++;
318 }
319
320 return 8;
321 }
322
323 static int ieee80211_tkip_encrypt(struct sk_buff *skb, int hdr_len, void *priv)
324 {
325 struct ieee80211_tkip_data *tkey = priv;
326 struct blkcipher_desc desc = { .tfm = tkey->tfm_arc4 };
327 int len;
328 u8 rc4key[16], *pos, *icv;
329 u32 crc;
330 struct scatterlist sg;
331
332 if (tkey->flags & IEEE80211_CRYPTO_TKIP_COUNTERMEASURES) {
333 if (net_ratelimit()) {
334 struct ieee80211_hdr_4addr *hdr =
335 (struct ieee80211_hdr_4addr *)skb->data;
336 printk(KERN_DEBUG ": TKIP countermeasures: dropped "
337 "TX packet to " MAC_FMT "\n",
338 MAC_ARG(hdr->addr1));
339 }
340 return -1;
341 }
342
343 if (skb_tailroom(skb) < 4 || skb->len < hdr_len)
344 return -1;
345
346 len = skb->len - hdr_len;
347 pos = skb->data + hdr_len;
348
349 if ((ieee80211_tkip_hdr(skb, hdr_len, rc4key, 16, priv)) < 0)
350 return -1;
351
352 icv = skb_put(skb, 4);
353
354 crc = ~crc32_le(~0, pos, len);
355 icv[0] = crc;
356 icv[1] = crc >> 8;
357 icv[2] = crc >> 16;
358 icv[3] = crc >> 24;
359
360 crypto_blkcipher_setkey(tkey->tfm_arc4, rc4key, 16);
361 sg.page = virt_to_page(pos);
362 sg.offset = offset_in_page(pos);
363 sg.length = len + 4;
364 return crypto_blkcipher_encrypt(&desc, &sg, &sg, len + 4);
365 }
366
367 static int ieee80211_tkip_decrypt(struct sk_buff *skb, int hdr_len, void *priv)
368 {
369 struct ieee80211_tkip_data *tkey = priv;
370 struct blkcipher_desc desc = { .tfm = tkey->tfm_arc4 };
371 u8 rc4key[16];
372 u8 keyidx, *pos;
373 u32 iv32;
374 u16 iv16;
375 struct ieee80211_hdr_4addr *hdr;
376 u8 icv[4];
377 u32 crc;
378 struct scatterlist sg;
379 int plen;
380
381 hdr = (struct ieee80211_hdr_4addr *)skb->data;
382
383 if (tkey->flags & IEEE80211_CRYPTO_TKIP_COUNTERMEASURES) {
384 if (net_ratelimit()) {
385 printk(KERN_DEBUG ": TKIP countermeasures: dropped "
386 "received packet from " MAC_FMT "\n",
387 MAC_ARG(hdr->addr2));
388 }
389 return -1;
390 }
391
392 if (skb->len < hdr_len + 8 + 4)
393 return -1;
394
395 pos = skb->data + hdr_len;
396 keyidx = pos[3];
397 if (!(keyidx & (1 << 5))) {
398 if (net_ratelimit()) {
399 printk(KERN_DEBUG "TKIP: received packet without ExtIV"
400 " flag from " MAC_FMT "\n", MAC_ARG(hdr->addr2));
401 }
402 return -2;
403 }
404 keyidx >>= 6;
405 if (tkey->key_idx != keyidx) {
406 printk(KERN_DEBUG "TKIP: RX tkey->key_idx=%d frame "
407 "keyidx=%d priv=%p\n", tkey->key_idx, keyidx, priv);
408 return -6;
409 }
410 if (!tkey->key_set) {
411 if (net_ratelimit()) {
412 printk(KERN_DEBUG "TKIP: received packet from " MAC_FMT
413 " with keyid=%d that does not have a configured"
414 " key\n", MAC_ARG(hdr->addr2), keyidx);
415 }
416 return -3;
417 }
418 iv16 = (pos[0] << 8) | pos[2];
419 iv32 = pos[4] | (pos[5] << 8) | (pos[6] << 16) | (pos[7] << 24);
420 pos += 8;
421
422 if (iv32 < tkey->rx_iv32 ||
423 (iv32 == tkey->rx_iv32 && iv16 <= tkey->rx_iv16)) {
424 if (net_ratelimit()) {
425 printk(KERN_DEBUG "TKIP: replay detected: STA=" MAC_FMT
426 " previous TSC %08x%04x received TSC "
427 "%08x%04x\n", MAC_ARG(hdr->addr2),
428 tkey->rx_iv32, tkey->rx_iv16, iv32, iv16);
429 }
430 tkey->dot11RSNAStatsTKIPReplays++;
431 return -4;
432 }
433
434 if (iv32 != tkey->rx_iv32 || !tkey->rx_phase1_done) {
435 tkip_mixing_phase1(tkey->rx_ttak, tkey->key, hdr->addr2, iv32);
436 tkey->rx_phase1_done = 1;
437 }
438 tkip_mixing_phase2(rc4key, tkey->key, tkey->rx_ttak, iv16);
439
440 plen = skb->len - hdr_len - 12;
441
442 crypto_blkcipher_setkey(tkey->tfm_arc4, rc4key, 16);
443 sg.page = virt_to_page(pos);
444 sg.offset = offset_in_page(pos);
445 sg.length = plen + 4;
446 if (crypto_blkcipher_decrypt(&desc, &sg, &sg, plen + 4)) {
447 if (net_ratelimit()) {
448 printk(KERN_DEBUG ": TKIP: failed to decrypt "
449 "received packet from " MAC_FMT "\n",
450 MAC_ARG(hdr->addr2));
451 }
452 return -7;
453 }
454
455 crc = ~crc32_le(~0, pos, plen);
456 icv[0] = crc;
457 icv[1] = crc >> 8;
458 icv[2] = crc >> 16;
459 icv[3] = crc >> 24;
460 if (memcmp(icv, pos + plen, 4) != 0) {
461 if (iv32 != tkey->rx_iv32) {
462 /* Previously cached Phase1 result was already lost, so
463 * it needs to be recalculated for the next packet. */
464 tkey->rx_phase1_done = 0;
465 }
466 if (net_ratelimit()) {
467 printk(KERN_DEBUG "TKIP: ICV error detected: STA="
468 MAC_FMT "\n", MAC_ARG(hdr->addr2));
469 }
470 tkey->dot11RSNAStatsTKIPICVErrors++;
471 return -5;
472 }
473
474 /* Update real counters only after Michael MIC verification has
475 * completed */
476 tkey->rx_iv32_new = iv32;
477 tkey->rx_iv16_new = iv16;
478
479 /* Remove IV and ICV */
480 memmove(skb->data + 8, skb->data, hdr_len);
481 skb_pull(skb, 8);
482 skb_trim(skb, skb->len - 4);
483
484 return keyidx;
485 }
486
487 static int michael_mic(struct ieee80211_tkip_data *tkey, u8 * key, u8 * hdr,
488 u8 * data, size_t data_len, u8 * mic)
489 {
490 struct hash_desc desc;
491 struct scatterlist sg[2];
492
493 if (tkey->tfm_michael == NULL) {
494 printk(KERN_WARNING "michael_mic: tfm_michael == NULL\n");
495 return -1;
496 }
497 sg[0].page = virt_to_page(hdr);
498 sg[0].offset = offset_in_page(hdr);
499 sg[0].length = 16;
500
501 sg[1].page = virt_to_page(data);
502 sg[1].offset = offset_in_page(data);
503 sg[1].length = data_len;
504
505 if (crypto_hash_setkey(tkey->tfm_michael, key, 8))
506 return -1;
507
508 desc.tfm = tkey->tfm_michael;
509 desc.flags = 0;
510 return crypto_hash_digest(&desc, sg, data_len + 16, mic);
511 }
512
513 static void michael_mic_hdr(struct sk_buff *skb, u8 * hdr)
514 {
515 struct ieee80211_hdr_4addr *hdr11;
516 u16 stype;
517
518 hdr11 = (struct ieee80211_hdr_4addr *)skb->data;
519 stype = WLAN_FC_GET_STYPE(le16_to_cpu(hdr11->frame_ctl));
520
521 switch (le16_to_cpu(hdr11->frame_ctl) &
522 (IEEE80211_FCTL_FROMDS | IEEE80211_FCTL_TODS)) {
523 case IEEE80211_FCTL_TODS:
524 memcpy(hdr, hdr11->addr3, ETH_ALEN); /* DA */
525 memcpy(hdr + ETH_ALEN, hdr11->addr2, ETH_ALEN); /* SA */
526 break;
527 case IEEE80211_FCTL_FROMDS:
528 memcpy(hdr, hdr11->addr1, ETH_ALEN); /* DA */
529 memcpy(hdr + ETH_ALEN, hdr11->addr3, ETH_ALEN); /* SA */
530 break;
531 case IEEE80211_FCTL_FROMDS | IEEE80211_FCTL_TODS:
532 memcpy(hdr, hdr11->addr3, ETH_ALEN); /* DA */
533 memcpy(hdr + ETH_ALEN, hdr11->addr4, ETH_ALEN); /* SA */
534 break;
535 case 0:
536 memcpy(hdr, hdr11->addr1, ETH_ALEN); /* DA */
537 memcpy(hdr + ETH_ALEN, hdr11->addr2, ETH_ALEN); /* SA */
538 break;
539 }
540
541 if (stype & IEEE80211_STYPE_QOS_DATA) {
542 const struct ieee80211_hdr_3addrqos *qoshdr =
543 (struct ieee80211_hdr_3addrqos *)skb->data;
544 hdr[12] = le16_to_cpu(qoshdr->qos_ctl) & IEEE80211_QCTL_TID;
545 } else
546 hdr[12] = 0; /* priority */
547
548 hdr[13] = hdr[14] = hdr[15] = 0; /* reserved */
549 }
550
551 static int ieee80211_michael_mic_add(struct sk_buff *skb, int hdr_len,
552 void *priv)
553 {
554 struct ieee80211_tkip_data *tkey = priv;
555 u8 *pos;
556
557 if (skb_tailroom(skb) < 8 || skb->len < hdr_len) {
558 printk(KERN_DEBUG "Invalid packet for Michael MIC add "
559 "(tailroom=%d hdr_len=%d skb->len=%d)\n",
560 skb_tailroom(skb), hdr_len, skb->len);
561 return -1;
562 }
563
564 michael_mic_hdr(skb, tkey->tx_hdr);
565 pos = skb_put(skb, 8);
566 if (michael_mic(tkey, &tkey->key[16], tkey->tx_hdr,
567 skb->data + hdr_len, skb->len - 8 - hdr_len, pos))
568 return -1;
569
570 return 0;
571 }
572
573 static void ieee80211_michael_mic_failure(struct net_device *dev,
574 struct ieee80211_hdr_4addr *hdr,
575 int keyidx)
576 {
577 union iwreq_data wrqu;
578 struct iw_michaelmicfailure ev;
579
580 /* TODO: needed parameters: count, keyid, key type, TSC */
581 memset(&ev, 0, sizeof(ev));
582 ev.flags = keyidx & IW_MICFAILURE_KEY_ID;
583 if (hdr->addr1[0] & 0x01)
584 ev.flags |= IW_MICFAILURE_GROUP;
585 else
586 ev.flags |= IW_MICFAILURE_PAIRWISE;
587 ev.src_addr.sa_family = ARPHRD_ETHER;
588 memcpy(ev.src_addr.sa_data, hdr->addr2, ETH_ALEN);
589 memset(&wrqu, 0, sizeof(wrqu));
590 wrqu.data.length = sizeof(ev);
591 wireless_send_event(dev, IWEVMICHAELMICFAILURE, &wrqu, (char *)&ev);
592 }
593
594 static int ieee80211_michael_mic_verify(struct sk_buff *skb, int keyidx,
595 int hdr_len, void *priv)
596 {
597 struct ieee80211_tkip_data *tkey = priv;
598 u8 mic[8];
599
600 if (!tkey->key_set)
601 return -1;
602
603 michael_mic_hdr(skb, tkey->rx_hdr);
604 if (michael_mic(tkey, &tkey->key[24], tkey->rx_hdr,
605 skb->data + hdr_len, skb->len - 8 - hdr_len, mic))
606 return -1;
607 if (memcmp(mic, skb->data + skb->len - 8, 8) != 0) {
608 struct ieee80211_hdr_4addr *hdr;
609 hdr = (struct ieee80211_hdr_4addr *)skb->data;
610 printk(KERN_DEBUG "%s: Michael MIC verification failed for "
611 "MSDU from " MAC_FMT " keyidx=%d\n",
612 skb->dev ? skb->dev->name : "N/A", MAC_ARG(hdr->addr2),
613 keyidx);
614 if (skb->dev)
615 ieee80211_michael_mic_failure(skb->dev, hdr, keyidx);
616 tkey->dot11RSNAStatsTKIPLocalMICFailures++;
617 return -1;
618 }
619
620 /* Update TSC counters for RX now that the packet verification has
621 * completed. */
622 tkey->rx_iv32 = tkey->rx_iv32_new;
623 tkey->rx_iv16 = tkey->rx_iv16_new;
624
625 skb_trim(skb, skb->len - 8);
626
627 return 0;
628 }
629
630 static int ieee80211_tkip_set_key(void *key, int len, u8 * seq, void *priv)
631 {
632 struct ieee80211_tkip_data *tkey = priv;
633 int keyidx;
634 struct crypto_hash *tfm = tkey->tfm_michael;
635 struct crypto_blkcipher *tfm2 = tkey->tfm_arc4;
636
637 keyidx = tkey->key_idx;
638 memset(tkey, 0, sizeof(*tkey));
639 tkey->key_idx = keyidx;
640 tkey->tfm_michael = tfm;
641 tkey->tfm_arc4 = tfm2;
642 if (len == TKIP_KEY_LEN) {
643 memcpy(tkey->key, key, TKIP_KEY_LEN);
644 tkey->key_set = 1;
645 tkey->tx_iv16 = 1; /* TSC is initialized to 1 */
646 if (seq) {
647 tkey->rx_iv32 = (seq[5] << 24) | (seq[4] << 16) |
648 (seq[3] << 8) | seq[2];
649 tkey->rx_iv16 = (seq[1] << 8) | seq[0];
650 }
651 } else if (len == 0)
652 tkey->key_set = 0;
653 else
654 return -1;
655
656 return 0;
657 }
658
659 static int ieee80211_tkip_get_key(void *key, int len, u8 * seq, void *priv)
660 {
661 struct ieee80211_tkip_data *tkey = priv;
662
663 if (len < TKIP_KEY_LEN)
664 return -1;
665
666 if (!tkey->key_set)
667 return 0;
668 memcpy(key, tkey->key, TKIP_KEY_LEN);
669
670 if (seq) {
671 /* Return the sequence number of the last transmitted frame. */
672 u16 iv16 = tkey->tx_iv16;
673 u32 iv32 = tkey->tx_iv32;
674 if (iv16 == 0)
675 iv32--;
676 iv16--;
677 seq[0] = tkey->tx_iv16;
678 seq[1] = tkey->tx_iv16 >> 8;
679 seq[2] = tkey->tx_iv32;
680 seq[3] = tkey->tx_iv32 >> 8;
681 seq[4] = tkey->tx_iv32 >> 16;
682 seq[5] = tkey->tx_iv32 >> 24;
683 }
684
685 return TKIP_KEY_LEN;
686 }
687
688 static char *ieee80211_tkip_print_stats(char *p, void *priv)
689 {
690 struct ieee80211_tkip_data *tkip = priv;
691 p += sprintf(p, "key[%d] alg=TKIP key_set=%d "
692 "tx_pn=%02x%02x%02x%02x%02x%02x "
693 "rx_pn=%02x%02x%02x%02x%02x%02x "
694 "replays=%d icv_errors=%d local_mic_failures=%d\n",
695 tkip->key_idx, tkip->key_set,
696 (tkip->tx_iv32 >> 24) & 0xff,
697 (tkip->tx_iv32 >> 16) & 0xff,
698 (tkip->tx_iv32 >> 8) & 0xff,
699 tkip->tx_iv32 & 0xff,
700 (tkip->tx_iv16 >> 8) & 0xff,
701 tkip->tx_iv16 & 0xff,
702 (tkip->rx_iv32 >> 24) & 0xff,
703 (tkip->rx_iv32 >> 16) & 0xff,
704 (tkip->rx_iv32 >> 8) & 0xff,
705 tkip->rx_iv32 & 0xff,
706 (tkip->rx_iv16 >> 8) & 0xff,
707 tkip->rx_iv16 & 0xff,
708 tkip->dot11RSNAStatsTKIPReplays,
709 tkip->dot11RSNAStatsTKIPICVErrors,
710 tkip->dot11RSNAStatsTKIPLocalMICFailures);
711 return p;
712 }
713
714 static struct ieee80211_crypto_ops ieee80211_crypt_tkip = {
715 .name = "TKIP",
716 .init = ieee80211_tkip_init,
717 .deinit = ieee80211_tkip_deinit,
718 .build_iv = ieee80211_tkip_hdr,
719 .encrypt_mpdu = ieee80211_tkip_encrypt,
720 .decrypt_mpdu = ieee80211_tkip_decrypt,
721 .encrypt_msdu = ieee80211_michael_mic_add,
722 .decrypt_msdu = ieee80211_michael_mic_verify,
723 .set_key = ieee80211_tkip_set_key,
724 .get_key = ieee80211_tkip_get_key,
725 .print_stats = ieee80211_tkip_print_stats,
726 .extra_mpdu_prefix_len = 4 + 4, /* IV + ExtIV */
727 .extra_mpdu_postfix_len = 4, /* ICV */
728 .extra_msdu_postfix_len = 8, /* MIC */
729 .get_flags = ieee80211_tkip_get_flags,
730 .set_flags = ieee80211_tkip_set_flags,
731 .owner = THIS_MODULE,
732 };
733
734 static int __init ieee80211_crypto_tkip_init(void)
735 {
736 return ieee80211_register_crypto_ops(&ieee80211_crypt_tkip);
737 }
738
739 static void __exit ieee80211_crypto_tkip_exit(void)
740 {
741 ieee80211_unregister_crypto_ops(&ieee80211_crypt_tkip);
742 }
743
744 module_init(ieee80211_crypto_tkip_init);
745 module_exit(ieee80211_crypto_tkip_exit);
hh.org GIT migration