1 // SPDX-License-Identifier: GPL-2.0-only
3 * lib80211 crypt: host-based TKIP encryption implementation for lib80211
5 * Copyright (c) 2003-2004, Jouni Malinen <j@w1.fi>
6 * Copyright (c) 2008, John W. Linville <linville@tuxdriver.com>
9 #define pr_fmt(fmt) KBUILD_MODNAME ": " fmt
11 #include <linux/err.h>
12 #include <linux/fips.h>
13 #include <linux/module.h>
14 #include <linux/init.h>
15 #include <linux/slab.h>
16 #include <linux/random.h>
17 #include <linux/scatterlist.h>
18 #include <linux/skbuff.h>
19 #include <linux/netdevice.h>
21 #include <linux/if_ether.h>
22 #include <linux/if_arp.h>
23 #include <asm/string.h>
25 #include <linux/wireless.h>
26 #include <linux/ieee80211.h>
27 #include <net/iw_handler.h>
29 #include <crypto/arc4.h>
30 #include <crypto/hash.h>
31 #include <linux/crypto.h>
32 #include <linux/crc32.h>
34 #include <net/lib80211.h>
36 MODULE_AUTHOR("Jouni Malinen");
37 MODULE_DESCRIPTION("lib80211 crypt: TKIP");
38 MODULE_LICENSE("GPL");
40 #define TKIP_HDR_LEN 8
42 struct lib80211_tkip_data
{
43 #define TKIP_KEY_LEN 32
59 u32 dot11RSNAStatsTKIPReplays
;
60 u32 dot11RSNAStatsTKIPICVErrors
;
61 u32 dot11RSNAStatsTKIPLocalMICFailures
;
65 struct arc4_ctx rx_ctx_arc4
;
66 struct arc4_ctx tx_ctx_arc4
;
67 struct crypto_shash
*rx_tfm_michael
;
68 struct crypto_shash
*tx_tfm_michael
;
70 /* scratch buffers for virt_to_page() (crypto API) */
71 u8 rx_hdr
[16], tx_hdr
[16];
76 static unsigned long lib80211_tkip_set_flags(unsigned long flags
, void *priv
)
78 struct lib80211_tkip_data
*_priv
= priv
;
79 unsigned long old_flags
= _priv
->flags
;
84 static unsigned long lib80211_tkip_get_flags(void *priv
)
86 struct lib80211_tkip_data
*_priv
= priv
;
90 static void *lib80211_tkip_init(int key_idx
)
92 struct lib80211_tkip_data
*priv
;
97 priv
= kzalloc(sizeof(*priv
), GFP_ATOMIC
);
101 priv
->key_idx
= key_idx
;
103 priv
->tx_tfm_michael
= crypto_alloc_shash("michael_mic", 0, 0);
104 if (IS_ERR(priv
->tx_tfm_michael
)) {
105 priv
->tx_tfm_michael
= NULL
;
109 priv
->rx_tfm_michael
= crypto_alloc_shash("michael_mic", 0, 0);
110 if (IS_ERR(priv
->rx_tfm_michael
)) {
111 priv
->rx_tfm_michael
= NULL
;
119 crypto_free_shash(priv
->tx_tfm_michael
);
120 crypto_free_shash(priv
->rx_tfm_michael
);
127 static void lib80211_tkip_deinit(void *priv
)
129 struct lib80211_tkip_data
*_priv
= priv
;
131 crypto_free_shash(_priv
->tx_tfm_michael
);
132 crypto_free_shash(_priv
->rx_tfm_michael
);
134 kfree_sensitive(priv
);
137 static inline u16
RotR1(u16 val
)
139 return (val
>> 1) | (val
<< 15);
142 static inline u8
Lo8(u16 val
)
147 static inline u8
Hi8(u16 val
)
152 static inline u16
Lo16(u32 val
)
157 static inline u16
Hi16(u32 val
)
162 static inline u16
Mk16(u8 hi
, u8 lo
)
164 return lo
| (((u16
) hi
) << 8);
167 static inline u16
Mk16_le(__le16
* v
)
169 return le16_to_cpu(*v
);
172 static const u16 Sbox
[256] = {
173 0xC6A5, 0xF884, 0xEE99, 0xF68D, 0xFF0D, 0xD6BD, 0xDEB1, 0x9154,
174 0x6050, 0x0203, 0xCEA9, 0x567D, 0xE719, 0xB562, 0x4DE6, 0xEC9A,
175 0x8F45, 0x1F9D, 0x8940, 0xFA87, 0xEF15, 0xB2EB, 0x8EC9, 0xFB0B,
176 0x41EC, 0xB367, 0x5FFD, 0x45EA, 0x23BF, 0x53F7, 0xE496, 0x9B5B,
177 0x75C2, 0xE11C, 0x3DAE, 0x4C6A, 0x6C5A, 0x7E41, 0xF502, 0x834F,
178 0x685C, 0x51F4, 0xD134, 0xF908, 0xE293, 0xAB73, 0x6253, 0x2A3F,
179 0x080C, 0x9552, 0x4665, 0x9D5E, 0x3028, 0x37A1, 0x0A0F, 0x2FB5,
180 0x0E09, 0x2436, 0x1B9B, 0xDF3D, 0xCD26, 0x4E69, 0x7FCD, 0xEA9F,
181 0x121B, 0x1D9E, 0x5874, 0x342E, 0x362D, 0xDCB2, 0xB4EE, 0x5BFB,
182 0xA4F6, 0x764D, 0xB761, 0x7DCE, 0x527B, 0xDD3E, 0x5E71, 0x1397,
183 0xA6F5, 0xB968, 0x0000, 0xC12C, 0x4060, 0xE31F, 0x79C8, 0xB6ED,
184 0xD4BE, 0x8D46, 0x67D9, 0x724B, 0x94DE, 0x98D4, 0xB0E8, 0x854A,
185 0xBB6B, 0xC52A, 0x4FE5, 0xED16, 0x86C5, 0x9AD7, 0x6655, 0x1194,
186 0x8ACF, 0xE910, 0x0406, 0xFE81, 0xA0F0, 0x7844, 0x25BA, 0x4BE3,
187 0xA2F3, 0x5DFE, 0x80C0, 0x058A, 0x3FAD, 0x21BC, 0x7048, 0xF104,
188 0x63DF, 0x77C1, 0xAF75, 0x4263, 0x2030, 0xE51A, 0xFD0E, 0xBF6D,
189 0x814C, 0x1814, 0x2635, 0xC32F, 0xBEE1, 0x35A2, 0x88CC, 0x2E39,
190 0x9357, 0x55F2, 0xFC82, 0x7A47, 0xC8AC, 0xBAE7, 0x322B, 0xE695,
191 0xC0A0, 0x1998, 0x9ED1, 0xA37F, 0x4466, 0x547E, 0x3BAB, 0x0B83,
192 0x8CCA, 0xC729, 0x6BD3, 0x283C, 0xA779, 0xBCE2, 0x161D, 0xAD76,
193 0xDB3B, 0x6456, 0x744E, 0x141E, 0x92DB, 0x0C0A, 0x486C, 0xB8E4,
194 0x9F5D, 0xBD6E, 0x43EF, 0xC4A6, 0x39A8, 0x31A4, 0xD337, 0xF28B,
195 0xD532, 0x8B43, 0x6E59, 0xDAB7, 0x018C, 0xB164, 0x9CD2, 0x49E0,
196 0xD8B4, 0xACFA, 0xF307, 0xCF25, 0xCAAF, 0xF48E, 0x47E9, 0x1018,
197 0x6FD5, 0xF088, 0x4A6F, 0x5C72, 0x3824, 0x57F1, 0x73C7, 0x9751,
198 0xCB23, 0xA17C, 0xE89C, 0x3E21, 0x96DD, 0x61DC, 0x0D86, 0x0F85,
199 0xE090, 0x7C42, 0x71C4, 0xCCAA, 0x90D8, 0x0605, 0xF701, 0x1C12,
200 0xC2A3, 0x6A5F, 0xAEF9, 0x69D0, 0x1791, 0x9958, 0x3A27, 0x27B9,
201 0xD938, 0xEB13, 0x2BB3, 0x2233, 0xD2BB, 0xA970, 0x0789, 0x33A7,
202 0x2DB6, 0x3C22, 0x1592, 0xC920, 0x8749, 0xAAFF, 0x5078, 0xA57A,
203 0x038F, 0x59F8, 0x0980, 0x1A17, 0x65DA, 0xD731, 0x84C6, 0xD0B8,
204 0x82C3, 0x29B0, 0x5A77, 0x1E11, 0x7BCB, 0xA8FC, 0x6DD6, 0x2C3A,
207 static inline u16
_S_(u16 v
)
209 u16 t
= Sbox
[Hi8(v
)];
210 return Sbox
[Lo8(v
)] ^ ((t
<< 8) | (t
>> 8));
213 #define PHASE1_LOOP_COUNT 8
215 static void tkip_mixing_phase1(u16
* TTAK
, const u8
* TK
, const u8
* TA
,
220 /* Initialize the 80-bit TTAK from TSC (IV32) and TA[0..5] */
221 TTAK
[0] = Lo16(IV32
);
222 TTAK
[1] = Hi16(IV32
);
223 TTAK
[2] = Mk16(TA
[1], TA
[0]);
224 TTAK
[3] = Mk16(TA
[3], TA
[2]);
225 TTAK
[4] = Mk16(TA
[5], TA
[4]);
227 for (i
= 0; i
< PHASE1_LOOP_COUNT
; i
++) {
229 TTAK
[0] += _S_(TTAK
[4] ^ Mk16(TK
[1 + j
], TK
[0 + j
]));
230 TTAK
[1] += _S_(TTAK
[0] ^ Mk16(TK
[5 + j
], TK
[4 + j
]));
231 TTAK
[2] += _S_(TTAK
[1] ^ Mk16(TK
[9 + j
], TK
[8 + j
]));
232 TTAK
[3] += _S_(TTAK
[2] ^ Mk16(TK
[13 + j
], TK
[12 + j
]));
233 TTAK
[4] += _S_(TTAK
[3] ^ Mk16(TK
[1 + j
], TK
[0 + j
])) + i
;
237 static void tkip_mixing_phase2(u8
* WEPSeed
, const u8
* TK
, const u16
* TTAK
,
240 /* Make temporary area overlap WEP seed so that the final copy can be
241 * avoided on little endian hosts. */
242 u16
*PPK
= (u16
*) & WEPSeed
[4];
244 /* Step 1 - make copy of TTAK and bring in TSC */
250 PPK
[5] = TTAK
[4] + IV16
;
252 /* Step 2 - 96-bit bijective mixing using S-box */
253 PPK
[0] += _S_(PPK
[5] ^ Mk16_le((__le16
*) & TK
[0]));
254 PPK
[1] += _S_(PPK
[0] ^ Mk16_le((__le16
*) & TK
[2]));
255 PPK
[2] += _S_(PPK
[1] ^ Mk16_le((__le16
*) & TK
[4]));
256 PPK
[3] += _S_(PPK
[2] ^ Mk16_le((__le16
*) & TK
[6]));
257 PPK
[4] += _S_(PPK
[3] ^ Mk16_le((__le16
*) & TK
[8]));
258 PPK
[5] += _S_(PPK
[4] ^ Mk16_le((__le16
*) & TK
[10]));
260 PPK
[0] += RotR1(PPK
[5] ^ Mk16_le((__le16
*) & TK
[12]));
261 PPK
[1] += RotR1(PPK
[0] ^ Mk16_le((__le16
*) & TK
[14]));
262 PPK
[2] += RotR1(PPK
[1]);
263 PPK
[3] += RotR1(PPK
[2]);
264 PPK
[4] += RotR1(PPK
[3]);
265 PPK
[5] += RotR1(PPK
[4]);
267 /* Step 3 - bring in last of TK bits, assign 24-bit WEP IV value
268 * WEPSeed[0..2] is transmitted as WEP IV */
269 WEPSeed
[0] = Hi8(IV16
);
270 WEPSeed
[1] = (Hi8(IV16
) | 0x20) & 0x7F;
271 WEPSeed
[2] = Lo8(IV16
);
272 WEPSeed
[3] = Lo8((PPK
[5] ^ Mk16_le((__le16
*) & TK
[0])) >> 1);
277 for (i
= 0; i
< 6; i
++)
278 PPK
[i
] = (PPK
[i
] << 8) | (PPK
[i
] >> 8);
283 static int lib80211_tkip_hdr(struct sk_buff
*skb
, int hdr_len
,
284 u8
* rc4key
, int keylen
, void *priv
)
286 struct lib80211_tkip_data
*tkey
= priv
;
288 struct ieee80211_hdr
*hdr
;
290 hdr
= (struct ieee80211_hdr
*)skb
->data
;
292 if (skb_headroom(skb
) < TKIP_HDR_LEN
|| skb
->len
< hdr_len
)
295 if (rc4key
== NULL
|| keylen
< 16)
298 if (!tkey
->tx_phase1_done
) {
299 tkip_mixing_phase1(tkey
->tx_ttak
, tkey
->key
, hdr
->addr2
,
301 tkey
->tx_phase1_done
= 1;
303 tkip_mixing_phase2(rc4key
, tkey
->key
, tkey
->tx_ttak
, tkey
->tx_iv16
);
305 pos
= skb_push(skb
, TKIP_HDR_LEN
);
306 memmove(pos
, pos
+ TKIP_HDR_LEN
, hdr_len
);
310 *pos
++ = *(rc4key
+ 1);
311 *pos
++ = *(rc4key
+ 2);
312 *pos
++ = (tkey
->key_idx
<< 6) | (1 << 5) /* Ext IV included */ ;
313 *pos
++ = tkey
->tx_iv32
& 0xff;
314 *pos
++ = (tkey
->tx_iv32
>> 8) & 0xff;
315 *pos
++ = (tkey
->tx_iv32
>> 16) & 0xff;
316 *pos
++ = (tkey
->tx_iv32
>> 24) & 0xff;
319 if (tkey
->tx_iv16
== 0) {
320 tkey
->tx_phase1_done
= 0;
327 static int lib80211_tkip_encrypt(struct sk_buff
*skb
, int hdr_len
, void *priv
)
329 struct lib80211_tkip_data
*tkey
= priv
;
331 u8 rc4key
[16], *pos
, *icv
;
334 if (tkey
->flags
& IEEE80211_CRYPTO_TKIP_COUNTERMEASURES
) {
335 struct ieee80211_hdr
*hdr
= (struct ieee80211_hdr
*)skb
->data
;
336 net_dbg_ratelimited("TKIP countermeasures: dropped TX packet to %pM\n",
341 if (skb_tailroom(skb
) < 4 || skb
->len
< hdr_len
)
344 len
= skb
->len
- hdr_len
;
345 pos
= skb
->data
+ hdr_len
;
347 if ((lib80211_tkip_hdr(skb
, hdr_len
, rc4key
, 16, priv
)) < 0)
350 crc
= ~crc32_le(~0, pos
, len
);
351 icv
= skb_put(skb
, 4);
357 arc4_setkey(&tkey
->tx_ctx_arc4
, rc4key
, 16);
358 arc4_crypt(&tkey
->tx_ctx_arc4
, pos
, pos
, len
+ 4);
364 * deal with seq counter wrapping correctly.
365 * refer to timer_after() for jiffies wrapping handling
367 static inline int tkip_replay_check(u32 iv32_n
, u16 iv16_n
,
368 u32 iv32_o
, u16 iv16_o
)
370 if ((s32
)iv32_n
- (s32
)iv32_o
< 0 ||
371 (iv32_n
== iv32_o
&& iv16_n
<= iv16_o
))
376 static int lib80211_tkip_decrypt(struct sk_buff
*skb
, int hdr_len
, void *priv
)
378 struct lib80211_tkip_data
*tkey
= priv
;
383 struct ieee80211_hdr
*hdr
;
388 hdr
= (struct ieee80211_hdr
*)skb
->data
;
390 if (tkey
->flags
& IEEE80211_CRYPTO_TKIP_COUNTERMEASURES
) {
391 net_dbg_ratelimited("TKIP countermeasures: dropped received packet from %pM\n",
396 if (skb
->len
< hdr_len
+ TKIP_HDR_LEN
+ 4)
399 pos
= skb
->data
+ hdr_len
;
401 if (!(keyidx
& (1 << 5))) {
402 net_dbg_ratelimited("TKIP: received packet without ExtIV flag from %pM\n",
407 if (tkey
->key_idx
!= keyidx
) {
408 net_dbg_ratelimited("TKIP: RX tkey->key_idx=%d frame keyidx=%d\n",
409 tkey
->key_idx
, keyidx
);
412 if (!tkey
->key_set
) {
413 net_dbg_ratelimited("TKIP: received packet from %pM with keyid=%d that does not have a configured key\n",
417 iv16
= (pos
[0] << 8) | pos
[2];
418 iv32
= pos
[4] | (pos
[5] << 8) | (pos
[6] << 16) | (pos
[7] << 24);
421 if (tkip_replay_check(iv32
, iv16
, tkey
->rx_iv32
, tkey
->rx_iv16
)) {
422 #ifdef CONFIG_LIB80211_DEBUG
423 net_dbg_ratelimited("TKIP: replay detected: STA=%pM previous TSC %08x%04x received TSC %08x%04x\n",
424 hdr
->addr2
, tkey
->rx_iv32
, tkey
->rx_iv16
,
427 tkey
->dot11RSNAStatsTKIPReplays
++;
431 if (iv32
!= tkey
->rx_iv32
|| !tkey
->rx_phase1_done
) {
432 tkip_mixing_phase1(tkey
->rx_ttak
, tkey
->key
, hdr
->addr2
, iv32
);
433 tkey
->rx_phase1_done
= 1;
435 tkip_mixing_phase2(rc4key
, tkey
->key
, tkey
->rx_ttak
, iv16
);
437 plen
= skb
->len
- hdr_len
- 12;
439 arc4_setkey(&tkey
->rx_ctx_arc4
, rc4key
, 16);
440 arc4_crypt(&tkey
->rx_ctx_arc4
, pos
, pos
, plen
+ 4);
442 crc
= ~crc32_le(~0, pos
, plen
);
447 if (memcmp(icv
, pos
+ plen
, 4) != 0) {
448 if (iv32
!= tkey
->rx_iv32
) {
449 /* Previously cached Phase1 result was already lost, so
450 * it needs to be recalculated for the next packet. */
451 tkey
->rx_phase1_done
= 0;
453 #ifdef CONFIG_LIB80211_DEBUG
454 net_dbg_ratelimited("TKIP: ICV error detected: STA=%pM\n",
457 tkey
->dot11RSNAStatsTKIPICVErrors
++;
461 /* Update real counters only after Michael MIC verification has
463 tkey
->rx_iv32_new
= iv32
;
464 tkey
->rx_iv16_new
= iv16
;
466 /* Remove IV and ICV */
467 memmove(skb
->data
+ TKIP_HDR_LEN
, skb
->data
, hdr_len
);
468 skb_pull(skb
, TKIP_HDR_LEN
);
469 skb_trim(skb
, skb
->len
- 4);
474 static int michael_mic(struct crypto_shash
*tfm_michael
, u8
*key
, u8
*hdr
,
475 u8
*data
, size_t data_len
, u8
*mic
)
477 SHASH_DESC_ON_STACK(desc
, tfm_michael
);
480 if (tfm_michael
== NULL
) {
481 pr_warn("%s(): tfm_michael == NULL\n", __func__
);
485 desc
->tfm
= tfm_michael
;
487 if (crypto_shash_setkey(tfm_michael
, key
, 8))
490 err
= crypto_shash_init(desc
);
493 err
= crypto_shash_update(desc
, hdr
, 16);
496 err
= crypto_shash_update(desc
, data
, data_len
);
499 err
= crypto_shash_final(desc
, mic
);
502 shash_desc_zero(desc
);
506 static void michael_mic_hdr(struct sk_buff
*skb
, u8
* hdr
)
508 struct ieee80211_hdr
*hdr11
;
510 hdr11
= (struct ieee80211_hdr
*)skb
->data
;
512 switch (le16_to_cpu(hdr11
->frame_control
) &
513 (IEEE80211_FCTL_FROMDS
| IEEE80211_FCTL_TODS
)) {
514 case IEEE80211_FCTL_TODS
:
515 memcpy(hdr
, hdr11
->addr3
, ETH_ALEN
); /* DA */
516 memcpy(hdr
+ ETH_ALEN
, hdr11
->addr2
, ETH_ALEN
); /* SA */
518 case IEEE80211_FCTL_FROMDS
:
519 memcpy(hdr
, hdr11
->addr1
, ETH_ALEN
); /* DA */
520 memcpy(hdr
+ ETH_ALEN
, hdr11
->addr3
, ETH_ALEN
); /* SA */
522 case IEEE80211_FCTL_FROMDS
| IEEE80211_FCTL_TODS
:
523 memcpy(hdr
, hdr11
->addr3
, ETH_ALEN
); /* DA */
524 memcpy(hdr
+ ETH_ALEN
, hdr11
->addr4
, ETH_ALEN
); /* SA */
527 memcpy(hdr
, hdr11
->addr1
, ETH_ALEN
); /* DA */
528 memcpy(hdr
+ ETH_ALEN
, hdr11
->addr2
, ETH_ALEN
); /* SA */
532 if (ieee80211_is_data_qos(hdr11
->frame_control
)) {
533 hdr
[12] = le16_to_cpu(*((__le16
*)ieee80211_get_qos_ctl(hdr11
)))
534 & IEEE80211_QOS_CTL_TID_MASK
;
536 hdr
[12] = 0; /* priority */
538 hdr
[13] = hdr
[14] = hdr
[15] = 0; /* reserved */
541 static int lib80211_michael_mic_add(struct sk_buff
*skb
, int hdr_len
,
544 struct lib80211_tkip_data
*tkey
= priv
;
547 if (skb_tailroom(skb
) < 8 || skb
->len
< hdr_len
) {
548 printk(KERN_DEBUG
"Invalid packet for Michael MIC add "
549 "(tailroom=%d hdr_len=%d skb->len=%d)\n",
550 skb_tailroom(skb
), hdr_len
, skb
->len
);
554 michael_mic_hdr(skb
, tkey
->tx_hdr
);
555 pos
= skb_put(skb
, 8);
556 if (michael_mic(tkey
->tx_tfm_michael
, &tkey
->key
[16], tkey
->tx_hdr
,
557 skb
->data
+ hdr_len
, skb
->len
- 8 - hdr_len
, pos
))
563 static void lib80211_michael_mic_failure(struct net_device
*dev
,
564 struct ieee80211_hdr
*hdr
,
567 union iwreq_data wrqu
;
568 struct iw_michaelmicfailure ev
;
570 /* TODO: needed parameters: count, keyid, key type, TSC */
571 memset(&ev
, 0, sizeof(ev
));
572 ev
.flags
= keyidx
& IW_MICFAILURE_KEY_ID
;
573 if (hdr
->addr1
[0] & 0x01)
574 ev
.flags
|= IW_MICFAILURE_GROUP
;
576 ev
.flags
|= IW_MICFAILURE_PAIRWISE
;
577 ev
.src_addr
.sa_family
= ARPHRD_ETHER
;
578 memcpy(ev
.src_addr
.sa_data
, hdr
->addr2
, ETH_ALEN
);
579 memset(&wrqu
, 0, sizeof(wrqu
));
580 wrqu
.data
.length
= sizeof(ev
);
581 wireless_send_event(dev
, IWEVMICHAELMICFAILURE
, &wrqu
, (char *)&ev
);
584 static int lib80211_michael_mic_verify(struct sk_buff
*skb
, int keyidx
,
585 int hdr_len
, void *priv
)
587 struct lib80211_tkip_data
*tkey
= priv
;
593 michael_mic_hdr(skb
, tkey
->rx_hdr
);
594 if (michael_mic(tkey
->rx_tfm_michael
, &tkey
->key
[24], tkey
->rx_hdr
,
595 skb
->data
+ hdr_len
, skb
->len
- 8 - hdr_len
, mic
))
597 if (memcmp(mic
, skb
->data
+ skb
->len
- 8, 8) != 0) {
598 struct ieee80211_hdr
*hdr
;
599 hdr
= (struct ieee80211_hdr
*)skb
->data
;
600 printk(KERN_DEBUG
"%s: Michael MIC verification failed for "
601 "MSDU from %pM keyidx=%d\n",
602 skb
->dev
? skb
->dev
->name
: "N/A", hdr
->addr2
,
605 lib80211_michael_mic_failure(skb
->dev
, hdr
, keyidx
);
606 tkey
->dot11RSNAStatsTKIPLocalMICFailures
++;
610 /* Update TSC counters for RX now that the packet verification has
612 tkey
->rx_iv32
= tkey
->rx_iv32_new
;
613 tkey
->rx_iv16
= tkey
->rx_iv16_new
;
615 skb_trim(skb
, skb
->len
- 8);
620 static int lib80211_tkip_set_key(void *key
, int len
, u8
* seq
, void *priv
)
622 struct lib80211_tkip_data
*tkey
= priv
;
624 struct crypto_shash
*tfm
= tkey
->tx_tfm_michael
;
625 struct arc4_ctx
*tfm2
= &tkey
->tx_ctx_arc4
;
626 struct crypto_shash
*tfm3
= tkey
->rx_tfm_michael
;
627 struct arc4_ctx
*tfm4
= &tkey
->rx_ctx_arc4
;
629 keyidx
= tkey
->key_idx
;
630 memset(tkey
, 0, sizeof(*tkey
));
631 tkey
->key_idx
= keyidx
;
632 tkey
->tx_tfm_michael
= tfm
;
633 tkey
->tx_ctx_arc4
= *tfm2
;
634 tkey
->rx_tfm_michael
= tfm3
;
635 tkey
->rx_ctx_arc4
= *tfm4
;
636 if (len
== TKIP_KEY_LEN
) {
637 memcpy(tkey
->key
, key
, TKIP_KEY_LEN
);
639 tkey
->tx_iv16
= 1; /* TSC is initialized to 1 */
641 tkey
->rx_iv32
= (seq
[5] << 24) | (seq
[4] << 16) |
642 (seq
[3] << 8) | seq
[2];
643 tkey
->rx_iv16
= (seq
[1] << 8) | seq
[0];
653 static int lib80211_tkip_get_key(void *key
, int len
, u8
* seq
, void *priv
)
655 struct lib80211_tkip_data
*tkey
= priv
;
657 if (len
< TKIP_KEY_LEN
)
662 memcpy(key
, tkey
->key
, TKIP_KEY_LEN
);
665 /* Return the sequence number of the last transmitted frame. */
666 u16 iv16
= tkey
->tx_iv16
;
667 u32 iv32
= tkey
->tx_iv32
;
671 seq
[0] = tkey
->tx_iv16
;
672 seq
[1] = tkey
->tx_iv16
>> 8;
673 seq
[2] = tkey
->tx_iv32
;
674 seq
[3] = tkey
->tx_iv32
>> 8;
675 seq
[4] = tkey
->tx_iv32
>> 16;
676 seq
[5] = tkey
->tx_iv32
>> 24;
682 static void lib80211_tkip_print_stats(struct seq_file
*m
, void *priv
)
684 struct lib80211_tkip_data
*tkip
= priv
;
686 "key[%d] alg=TKIP key_set=%d "
687 "tx_pn=%02x%02x%02x%02x%02x%02x "
688 "rx_pn=%02x%02x%02x%02x%02x%02x "
689 "replays=%d icv_errors=%d local_mic_failures=%d\n",
690 tkip
->key_idx
, tkip
->key_set
,
691 (tkip
->tx_iv32
>> 24) & 0xff,
692 (tkip
->tx_iv32
>> 16) & 0xff,
693 (tkip
->tx_iv32
>> 8) & 0xff,
694 tkip
->tx_iv32
& 0xff,
695 (tkip
->tx_iv16
>> 8) & 0xff,
696 tkip
->tx_iv16
& 0xff,
697 (tkip
->rx_iv32
>> 24) & 0xff,
698 (tkip
->rx_iv32
>> 16) & 0xff,
699 (tkip
->rx_iv32
>> 8) & 0xff,
700 tkip
->rx_iv32
& 0xff,
701 (tkip
->rx_iv16
>> 8) & 0xff,
702 tkip
->rx_iv16
& 0xff,
703 tkip
->dot11RSNAStatsTKIPReplays
,
704 tkip
->dot11RSNAStatsTKIPICVErrors
,
705 tkip
->dot11RSNAStatsTKIPLocalMICFailures
);
708 static struct lib80211_crypto_ops lib80211_crypt_tkip
= {
710 .init
= lib80211_tkip_init
,
711 .deinit
= lib80211_tkip_deinit
,
712 .encrypt_mpdu
= lib80211_tkip_encrypt
,
713 .decrypt_mpdu
= lib80211_tkip_decrypt
,
714 .encrypt_msdu
= lib80211_michael_mic_add
,
715 .decrypt_msdu
= lib80211_michael_mic_verify
,
716 .set_key
= lib80211_tkip_set_key
,
717 .get_key
= lib80211_tkip_get_key
,
718 .print_stats
= lib80211_tkip_print_stats
,
719 .extra_mpdu_prefix_len
= 4 + 4, /* IV + ExtIV */
720 .extra_mpdu_postfix_len
= 4, /* ICV */
721 .extra_msdu_postfix_len
= 8, /* MIC */
722 .get_flags
= lib80211_tkip_get_flags
,
723 .set_flags
= lib80211_tkip_set_flags
,
724 .owner
= THIS_MODULE
,
727 static int __init
lib80211_crypto_tkip_init(void)
729 return lib80211_register_crypto_ops(&lib80211_crypt_tkip
);
732 static void __exit
lib80211_crypto_tkip_exit(void)
734 lib80211_unregister_crypto_ops(&lib80211_crypt_tkip
);
737 module_init(lib80211_crypto_tkip_init
);
738 module_exit(lib80211_crypto_tkip_exit
);