Commit | Line | Data |
---|---|---|
f0706e82 JB |
1 | /* |
2 | * Michael MIC implementation - optimized for TKIP MIC operations | |
3 | * Copyright 2002-2003, Instant802 Networks, Inc. | |
4 | * | |
5 | * This program is free software; you can redistribute it and/or modify | |
6 | * it under the terms of the GNU General Public License version 2 as | |
7 | * published by the Free Software Foundation. | |
8 | */ | |
9 | ||
10 | #include <linux/types.h> | |
11 | ||
12 | #include "michael.h" | |
13 | ||
14 | static inline u32 rotr(u32 val, int bits) | |
15 | { | |
16 | return (val >> bits) | (val << (32 - bits)); | |
17 | } | |
18 | ||
19 | ||
20 | static inline u32 rotl(u32 val, int bits) | |
21 | { | |
22 | return (val << bits) | (val >> (32 - bits)); | |
23 | } | |
24 | ||
25 | ||
26 | static inline u32 xswap(u32 val) | |
27 | { | |
28 | return ((val & 0xff00ff00) >> 8) | ((val & 0x00ff00ff) << 8); | |
29 | } | |
30 | ||
31 | ||
32 | #define michael_block(l, r) \ | |
33 | do { \ | |
34 | r ^= rotl(l, 17); \ | |
35 | l += r; \ | |
36 | r ^= xswap(l); \ | |
37 | l += r; \ | |
38 | r ^= rotl(l, 3); \ | |
39 | l += r; \ | |
40 | r ^= rotr(l, 2); \ | |
41 | l += r; \ | |
42 | } while (0) | |
43 | ||
44 | ||
45 | static inline u32 michael_get32(u8 *data) | |
46 | { | |
47 | return data[0] | (data[1] << 8) | (data[2] << 16) | (data[3] << 24); | |
48 | } | |
49 | ||
50 | ||
51 | static inline void michael_put32(u32 val, u8 *data) | |
52 | { | |
53 | data[0] = val & 0xff; | |
54 | data[1] = (val >> 8) & 0xff; | |
55 | data[2] = (val >> 16) & 0xff; | |
56 | data[3] = (val >> 24) & 0xff; | |
57 | } | |
58 | ||
59 | ||
60 | void michael_mic(u8 *key, u8 *da, u8 *sa, u8 priority, | |
61 | u8 *data, size_t data_len, u8 *mic) | |
62 | { | |
63 | u32 l, r, val; | |
64 | size_t block, blocks, left; | |
65 | ||
66 | l = michael_get32(key); | |
67 | r = michael_get32(key + 4); | |
68 | ||
69 | /* A pseudo header (DA, SA, Priority, 0, 0, 0) is used in Michael MIC | |
70 | * calculation, but it is _not_ transmitted */ | |
71 | l ^= michael_get32(da); | |
72 | michael_block(l, r); | |
73 | l ^= da[4] | (da[5] << 8) | (sa[0] << 16) | (sa[1] << 24); | |
74 | michael_block(l, r); | |
75 | l ^= michael_get32(&sa[2]); | |
76 | michael_block(l, r); | |
77 | l ^= priority; | |
78 | michael_block(l, r); | |
79 | ||
80 | /* Real data */ | |
81 | blocks = data_len / 4; | |
82 | left = data_len % 4; | |
83 | ||
84 | for (block = 0; block < blocks; block++) { | |
85 | l ^= michael_get32(&data[block * 4]); | |
86 | michael_block(l, r); | |
87 | } | |
88 | ||
89 | /* Partial block of 0..3 bytes and padding: 0x5a + 4..7 zeros to make | |
90 | * total length a multiple of 4. */ | |
91 | val = 0x5a; | |
92 | while (left > 0) { | |
93 | val <<= 8; | |
94 | left--; | |
95 | val |= data[blocks * 4 + left]; | |
96 | } | |
97 | l ^= val; | |
98 | michael_block(l, r); | |
99 | /* last block is zero, so l ^ 0 = l */ | |
100 | michael_block(l, r); | |
101 | ||
102 | michael_put32(l, mic); | |
103 | michael_put32(r, mic + 4); | |
104 | } |