projects / deliverable / linux.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
net: filter: Just In Time compiler for x86-64
[deliverable/linux.git] / net / wireless / lib80211_crypt_tkip.c
CommitLineData
b453872c 1/*
274bfb8d 2 * lib80211 crypt: host-based TKIP encryption implementation for lib80211
b453872c 3 *
85d32e7b 4 * Copyright (c) 2003-2004, Jouni Malinen <j@w1.fi>
274bfb8d 5 * Copyright (c) 2008, John W. Linville <linville@tuxdriver.com>
b453872c
JG		 6 *
7 * This program is free software; you can redistribute it and/or modify
8 * it under the terms of the GNU General Public License version 2 as
9 * published by the Free Software Foundation. See README and COPYING for
10 * more details.
11 */
12
e9c0268f
JP		 13#define pr_fmt(fmt) KBUILD_MODNAME ": " fmt
14
f12cc209 15#include <linux/err.h>
b453872c
JG		 16#include <linux/module.h>
17#include <linux/init.h>
18#include <linux/slab.h>
19#include <linux/random.h>
11763609 20#include <linux/scatterlist.h>
b453872c
JG		 21#include <linux/skbuff.h>
22#include <linux/netdevice.h>
d7fe0f24 23#include <linux/mm.h>
b453872c
JG		 24#include <linux/if_ether.h>
25#include <linux/if_arp.h>
26#include <asm/string.h>
27
274bfb8d
JL		 28#include <linux/wireless.h>
29#include <linux/ieee80211.h>
30#include <net/iw_handler.h>
b453872c 31
b453872c 32#include <linux/crypto.h>
b453872c
JG		 33#include <linux/crc32.h>
34
274bfb8d
JL		 35#include <net/lib80211.h>
36
b453872c 37MODULE_AUTHOR("Jouni Malinen");
274bfb8d 38MODULE_DESCRIPTION("lib80211 crypt: TKIP");
b453872c
JG		 39MODULE_LICENSE("GPL");
40
299af9d3
AT		 41#define TKIP_HDR_LEN 8
42
274bfb8d 43struct lib80211_tkip_data {
b453872c
JG		 44#define TKIP_KEY_LEN 32
45 u8 key[TKIP_KEY_LEN];
46 int key_set;
47
48 u32 tx_iv32;
49 u16 tx_iv16;
50 u16 tx_ttak[5];
51 int tx_phase1_done;
52
53 u32 rx_iv32;
54 u16 rx_iv16;
55 u16 rx_ttak[5];
56 int rx_phase1_done;
57 u32 rx_iv32_new;
58 u16 rx_iv16_new;
59
60 u32 dot11RSNAStatsTKIPReplays;
61 u32 dot11RSNAStatsTKIPICVErrors;
62 u32 dot11RSNAStatsTKIPLocalMICFailures;
63
64 int key_idx;
65
28eb177d
JG		 66 struct crypto_blkcipher *rx_tfm_arc4;
67 struct crypto_hash *rx_tfm_michael;
68 struct crypto_blkcipher *tx_tfm_arc4;
69 struct crypto_hash *tx_tfm_michael;
b453872c
JG		 70
71 /* scratch buffers for virt_to_page() (crypto API) */
72 u8 rx_hdr[16], tx_hdr[16];
20d64713 73
6eb6edf0 74 unsigned long flags;
b453872c
JG		 75};
76
274bfb8d 77static unsigned long lib80211_tkip_set_flags(unsigned long flags, void *priv)
6eb6edf0 78{
274bfb8d 79 struct lib80211_tkip_data *_priv = priv;
6eb6edf0
JK		 80 unsigned long old_flags = _priv->flags;
81 _priv->flags = flags;
82 return old_flags;
83}
84
274bfb8d 85static unsigned long lib80211_tkip_get_flags(void *priv)
6eb6edf0 86{
274bfb8d 87 struct lib80211_tkip_data *_priv = priv;
6eb6edf0
JK		 88 return _priv->flags;
89}
90
274bfb8d 91static void *lib80211_tkip_init(int key_idx)
b453872c 92{
274bfb8d 93 struct lib80211_tkip_data *priv;
b453872c 94
8aa914b7 95 priv = kzalloc(sizeof(*priv), GFP_ATOMIC);
b453872c
JG		 96 if (priv == NULL)
97 goto fail;
20d64713 98
b453872c
JG		 99 priv->key_idx = key_idx;
100
28eb177d 101 priv->tx_tfm_arc4 = crypto_alloc_blkcipher("ecb(arc4)", 0,
f12cc209 102 CRYPTO_ALG_ASYNC);
28eb177d 103 if (IS_ERR(priv->tx_tfm_arc4)) {
e9c0268f 104 printk(KERN_DEBUG pr_fmt("could not allocate crypto API arc4\n"));
18379879 105 priv->tx_tfm_arc4 = NULL;
b453872c
JG		 106 goto fail;
107 }
108
28eb177d
JG		 109 priv->tx_tfm_michael = crypto_alloc_hash("michael_mic", 0,
110 CRYPTO_ALG_ASYNC);
111 if (IS_ERR(priv->tx_tfm_michael)) {
e9c0268f 112 printk(KERN_DEBUG pr_fmt("could not allocate crypto API michael_mic\n"));
18379879 113 priv->tx_tfm_michael = NULL;
5a656949
ZY		 114 goto fail;
115 }
116
28eb177d
JG		 117 priv->rx_tfm_arc4 = crypto_alloc_blkcipher("ecb(arc4)", 0,
118 CRYPTO_ALG_ASYNC);
119 if (IS_ERR(priv->rx_tfm_arc4)) {
e9c0268f 120 printk(KERN_DEBUG pr_fmt("could not allocate crypto API arc4\n"));
18379879 121 priv->rx_tfm_arc4 = NULL;
5a656949
ZY		 122 goto fail;
123 }
124
28eb177d
JG		 125 priv->rx_tfm_michael = crypto_alloc_hash("michael_mic", 0,
126 CRYPTO_ALG_ASYNC);
127 if (IS_ERR(priv->rx_tfm_michael)) {
e9c0268f 128 printk(KERN_DEBUG pr_fmt("could not allocate crypto API michael_mic\n"));
18379879 129 priv->rx_tfm_michael = NULL;
b453872c
JG		 130 goto fail;
131 }
132
133 return priv;
134
0edd5b44 135 fail:
b453872c 136 if (priv) {
5a656949 137 if (priv->tx_tfm_michael)
28eb177d 138 crypto_free_hash(priv->tx_tfm_michael);
5a656949 139 if (priv->tx_tfm_arc4)
28eb177d 140 crypto_free_blkcipher(priv->tx_tfm_arc4);
5a656949 141 if (priv->rx_tfm_michael)
28eb177d 142 crypto_free_hash(priv->rx_tfm_michael);
5a656949 143 if (priv->rx_tfm_arc4)
28eb177d 144 crypto_free_blkcipher(priv->rx_tfm_arc4);
b453872c
JG		 145 kfree(priv);
146 }
147
148 return NULL;
149}
150
274bfb8d 151static void lib80211_tkip_deinit(void *priv)
b453872c 152{
274bfb8d 153 struct lib80211_tkip_data *_priv = priv;
5a656949
ZY		 154 if (_priv) {
155 if (_priv->tx_tfm_michael)
28eb177d 156 crypto_free_hash(_priv->tx_tfm_michael);
5a656949 157 if (_priv->tx_tfm_arc4)
28eb177d 158 crypto_free_blkcipher(_priv->tx_tfm_arc4);
5a656949 159 if (_priv->rx_tfm_michael)
28eb177d 160 crypto_free_hash(_priv->rx_tfm_michael);
5a656949 161 if (_priv->rx_tfm_arc4)
28eb177d 162 crypto_free_blkcipher(_priv->rx_tfm_arc4);
5a656949 163 }
b453872c
JG		 164 kfree(priv);
165}
166
b453872c
JG		 167static inline u16 RotR1(u16 val)
168{
169 return (val >> 1) | (val << 15);
170}
171
b453872c
JG		 172static inline u8 Lo8(u16 val)
173{
174 return val & 0xff;
175}
176
b453872c
JG		 177static inline u8 Hi8(u16 val)
178{
179 return val >> 8;
180}
181
b453872c
JG		 182static inline u16 Lo16(u32 val)
183{
184 return val & 0xffff;
185}
186
b453872c
JG		 187static inline u16 Hi16(u32 val)
188{
189 return val >> 16;
190}
191
b453872c
JG		 192static inline u16 Mk16(u8 hi, u8 lo)
193{
194 return lo | (((u16) hi) << 8);
195}
196
d9e94d56 197static inline u16 Mk16_le(__le16 * v)
b453872c
JG		 198{
199 return le16_to_cpu(*v);
200}
201
0edd5b44 202static const u16 Sbox[256] = {
b453872c
JG		 203 0xC6A5, 0xF884, 0xEE99, 0xF68D, 0xFF0D, 0xD6BD, 0xDEB1, 0x9154,
204 0x6050, 0x0203, 0xCEA9, 0x567D, 0xE719, 0xB562, 0x4DE6, 0xEC9A,
205 0x8F45, 0x1F9D, 0x8940, 0xFA87, 0xEF15, 0xB2EB, 0x8EC9, 0xFB0B,
206 0x41EC, 0xB367, 0x5FFD, 0x45EA, 0x23BF, 0x53F7, 0xE496, 0x9B5B,
207 0x75C2, 0xE11C, 0x3DAE, 0x4C6A, 0x6C5A, 0x7E41, 0xF502, 0x834F,
208 0x685C, 0x51F4, 0xD134, 0xF908, 0xE293, 0xAB73, 0x6253, 0x2A3F,
209 0x080C, 0x9552, 0x4665, 0x9D5E, 0x3028, 0x37A1, 0x0A0F, 0x2FB5,
210 0x0E09, 0x2436, 0x1B9B, 0xDF3D, 0xCD26, 0x4E69, 0x7FCD, 0xEA9F,
211 0x121B, 0x1D9E, 0x5874, 0x342E, 0x362D, 0xDCB2, 0xB4EE, 0x5BFB,
212 0xA4F6, 0x764D, 0xB761, 0x7DCE, 0x527B, 0xDD3E, 0x5E71, 0x1397,
213 0xA6F5, 0xB968, 0x0000, 0xC12C, 0x4060, 0xE31F, 0x79C8, 0xB6ED,
214 0xD4BE, 0x8D46, 0x67D9, 0x724B, 0x94DE, 0x98D4, 0xB0E8, 0x854A,
215 0xBB6B, 0xC52A, 0x4FE5, 0xED16, 0x86C5, 0x9AD7, 0x6655, 0x1194,
216 0x8ACF, 0xE910, 0x0406, 0xFE81, 0xA0F0, 0x7844, 0x25BA, 0x4BE3,
217 0xA2F3, 0x5DFE, 0x80C0, 0x058A, 0x3FAD, 0x21BC, 0x7048, 0xF104,
218 0x63DF, 0x77C1, 0xAF75, 0x4263, 0x2030, 0xE51A, 0xFD0E, 0xBF6D,
219 0x814C, 0x1814, 0x2635, 0xC32F, 0xBEE1, 0x35A2, 0x88CC, 0x2E39,
220 0x9357, 0x55F2, 0xFC82, 0x7A47, 0xC8AC, 0xBAE7, 0x322B, 0xE695,
221 0xC0A0, 0x1998, 0x9ED1, 0xA37F, 0x4466, 0x547E, 0x3BAB, 0x0B83,
222 0x8CCA, 0xC729, 0x6BD3, 0x283C, 0xA779, 0xBCE2, 0x161D, 0xAD76,
223 0xDB3B, 0x6456, 0x744E, 0x141E, 0x92DB, 0x0C0A, 0x486C, 0xB8E4,
224 0x9F5D, 0xBD6E, 0x43EF, 0xC4A6, 0x39A8, 0x31A4, 0xD337, 0xF28B,
225 0xD532, 0x8B43, 0x6E59, 0xDAB7, 0x018C, 0xB164, 0x9CD2, 0x49E0,
226 0xD8B4, 0xACFA, 0xF307, 0xCF25, 0xCAAF, 0xF48E, 0x47E9, 0x1018,
227 0x6FD5, 0xF088, 0x4A6F, 0x5C72, 0x3824, 0x57F1, 0x73C7, 0x9751,
228 0xCB23, 0xA17C, 0xE89C, 0x3E21, 0x96DD, 0x61DC, 0x0D86, 0x0F85,
229 0xE090, 0x7C42, 0x71C4, 0xCCAA, 0x90D8, 0x0605, 0xF701, 0x1C12,
230 0xC2A3, 0x6A5F, 0xAEF9, 0x69D0, 0x1791, 0x9958, 0x3A27, 0x27B9,
231 0xD938, 0xEB13, 0x2BB3, 0x2233, 0xD2BB, 0xA970, 0x0789, 0x33A7,
232 0x2DB6, 0x3C22, 0x1592, 0xC920, 0x8749, 0xAAFF, 0x5078, 0xA57A,
233 0x038F, 0x59F8, 0x0980, 0x1A17, 0x65DA, 0xD731, 0x84C6, 0xD0B8,
234 0x82C3, 0x29B0, 0x5A77, 0x1E11, 0x7BCB, 0xA8FC, 0x6DD6, 0x2C3A,
235};
236
b453872c
JG		 237static inline u16 _S_(u16 v)
238{
239 u16 t = Sbox[Hi8(v)];
240 return Sbox[Lo8(v)] ^ ((t << 8) | (t >> 8));
241}
242
b453872c
JG		 243#define PHASE1_LOOP_COUNT 8
244
0edd5b44
JG		 245static void tkip_mixing_phase1(u16 * TTAK, const u8 * TK, const u8 * TA,
246 u32 IV32)
b453872c
JG		 247{
248 int i, j;
249
250 /* Initialize the 80-bit TTAK from TSC (IV32) and TA[0..5] */
251 TTAK[0] = Lo16(IV32);
252 TTAK[1] = Hi16(IV32);
253 TTAK[2] = Mk16(TA[1], TA[0]);
254 TTAK[3] = Mk16(TA[3], TA[2]);
255 TTAK[4] = Mk16(TA[5], TA[4]);
256
257 for (i = 0; i < PHASE1_LOOP_COUNT; i++) {
258 j = 2 * (i & 1);
259 TTAK[0] += _S_(TTAK[4] ^ Mk16(TK[1 + j], TK[0 + j]));
260 TTAK[1] += _S_(TTAK[0] ^ Mk16(TK[5 + j], TK[4 + j]));
261 TTAK[2] += _S_(TTAK[1] ^ Mk16(TK[9 + j], TK[8 + j]));
262 TTAK[3] += _S_(TTAK[2] ^ Mk16(TK[13 + j], TK[12 + j]));
263 TTAK[4] += _S_(TTAK[3] ^ Mk16(TK[1 + j], TK[0 + j])) + i;
264 }
265}
266
0edd5b44 267static void tkip_mixing_phase2(u8 * WEPSeed, const u8 * TK, const u16 * TTAK,
b453872c
JG		 268 u16 IV16)
269{
270 /* Make temporary area overlap WEP seed so that the final copy can be
271 * avoided on little endian hosts. */
0edd5b44 272 u16 *PPK = (u16 *) & WEPSeed[4];
b453872c
JG		 273
274 /* Step 1 - make copy of TTAK and bring in TSC */
275 PPK[0] = TTAK[0];
276 PPK[1] = TTAK[1];
277 PPK[2] = TTAK[2];
278 PPK[3] = TTAK[3];
279 PPK[4] = TTAK[4];
280 PPK[5] = TTAK[4] + IV16;
281
282 /* Step 2 - 96-bit bijective mixing using S-box */
d9e94d56
AV		 283 PPK[0] += _S_(PPK[5] ^ Mk16_le((__le16 *) & TK[0]));
284 PPK[1] += _S_(PPK[0] ^ Mk16_le((__le16 *) & TK[2]));
285 PPK[2] += _S_(PPK[1] ^ Mk16_le((__le16 *) & TK[4]));
286 PPK[3] += _S_(PPK[2] ^ Mk16_le((__le16 *) & TK[6]));
287 PPK[4] += _S_(PPK[3] ^ Mk16_le((__le16 *) & TK[8]));
288 PPK[5] += _S_(PPK[4] ^ Mk16_le((__le16 *) & TK[10]));
289
290 PPK[0] += RotR1(PPK[5] ^ Mk16_le((__le16 *) & TK[12]));
291 PPK[1] += RotR1(PPK[0] ^ Mk16_le((__le16 *) & TK[14]));
b453872c
JG		 292 PPK[2] += RotR1(PPK[1]);
293 PPK[3] += RotR1(PPK[2]);
294 PPK[4] += RotR1(PPK[3]);
295 PPK[5] += RotR1(PPK[4]);
296
297 /* Step 3 - bring in last of TK bits, assign 24-bit WEP IV value
298 * WEPSeed[0..2] is transmitted as WEP IV */
299 WEPSeed[0] = Hi8(IV16);
300 WEPSeed[1] = (Hi8(IV16) | 0x20) & 0x7F;
301 WEPSeed[2] = Lo8(IV16);
d9e94d56 302 WEPSeed[3] = Lo8((PPK[5] ^ Mk16_le((__le16 *) & TK[0])) >> 1);
b453872c
JG		 303
304#ifdef __BIG_ENDIAN
305 {
306 int i;
307 for (i = 0; i < 6; i++)
308 PPK[i] = (PPK[i] << 8) | (PPK[i] >> 8);
309 }
310#endif
311}
312
274bfb8d 313static int lib80211_tkip_hdr(struct sk_buff *skb, int hdr_len,
9184d934 314 u8 * rc4key, int keylen, void *priv)
b453872c 315{
274bfb8d 316 struct lib80211_tkip_data *tkey = priv;
9184d934 317 u8 *pos;
274bfb8d 318 struct ieee80211_hdr *hdr;
b453872c 319
274bfb8d 320 hdr = (struct ieee80211_hdr *)skb->data;
20d64713 321
299af9d3 322 if (skb_headroom(skb) < TKIP_HDR_LEN || skb->len < hdr_len)
9184d934
ZY		 323 return -1;
324
325 if (rc4key == NULL || keylen < 16)
326 return -1;
b453872c 327
b453872c
JG		 328 if (!tkey->tx_phase1_done) {
329 tkip_mixing_phase1(tkey->tx_ttak, tkey->key, hdr->addr2,
330 tkey->tx_iv32);
331 tkey->tx_phase1_done = 1;
332 }
333 tkip_mixing_phase2(rc4key, tkey->key, tkey->tx_ttak, tkey->tx_iv16);
334
299af9d3
AT		 335 pos = skb_push(skb, TKIP_HDR_LEN);
336 memmove(pos, pos + TKIP_HDR_LEN, hdr_len);
b453872c 337 pos += hdr_len;
b453872c 338
31b59eae
JK		 339 *pos++ = *rc4key;
340 *pos++ = *(rc4key + 1);
341 *pos++ = *(rc4key + 2);
0edd5b44 342 *pos++ = (tkey->key_idx << 6) | (1 << 5) /* Ext IV included */ ;
b453872c
JG		 343 *pos++ = tkey->tx_iv32 & 0xff;
344 *pos++ = (tkey->tx_iv32 >> 8) & 0xff;
345 *pos++ = (tkey->tx_iv32 >> 16) & 0xff;
346 *pos++ = (tkey->tx_iv32 >> 24) & 0xff;
347
9184d934
ZY		 348 tkey->tx_iv16++;
349 if (tkey->tx_iv16 == 0) {
350 tkey->tx_phase1_done = 0;
351 tkey->tx_iv32++;
352 }
b453872c 353
299af9d3 354 return TKIP_HDR_LEN;
31b59eae
JK		 355}
356
274bfb8d 357static int lib80211_tkip_encrypt(struct sk_buff *skb, int hdr_len, void *priv)
31b59eae 358{
274bfb8d 359 struct lib80211_tkip_data *tkey = priv;
28eb177d 360 struct blkcipher_desc desc = { .tfm = tkey->tx_tfm_arc4 };
31b59eae 361 int len;
9184d934
ZY		 362 u8 rc4key[16], *pos, *icv;
363 u32 crc;
31b59eae
JK		 364 struct scatterlist sg;
365
6eb6edf0 366 if (tkey->flags & IEEE80211_CRYPTO_TKIP_COUNTERMEASURES) {
31b59eae 367 if (net_ratelimit()) {
274bfb8d
JL		 368 struct ieee80211_hdr *hdr =
369 (struct ieee80211_hdr *)skb->data;
9184d934 370 printk(KERN_DEBUG ": TKIP countermeasures: dropped "
e174961c 371 "TX packet to %pM\n", hdr->addr1);
31b59eae
JK		 372 }
373 return -1;
374 }
375
376 if (skb_tailroom(skb) < 4 || skb->len < hdr_len)
377 return -1;
378
379 len = skb->len - hdr_len;
380 pos = skb->data + hdr_len;
381
274bfb8d 382 if ((lib80211_tkip_hdr(skb, hdr_len, rc4key, 16, priv)) < 0)
31b59eae
JK		 383 return -1;
384
9184d934 385 crc = ~crc32_le(~0, pos, len);
d0833a6a 386 icv = skb_put(skb, 4);
9184d934
ZY		 387 icv[0] = crc;
388 icv[1] = crc >> 8;
389 icv[2] = crc >> 16;
390 icv[3] = crc >> 24;
391
28eb177d 392 crypto_blkcipher_setkey(tkey->tx_tfm_arc4, rc4key, 16);
fa05f128 393 sg_init_one(&sg, pos, len + 4);
f12cc209 394 return crypto_blkcipher_encrypt(&desc, &sg, &sg, len + 4);
b4328d87
ZY		 395}
396
18379879
JG		 397/*
398 * deal with seq counter wrapping correctly.
399 * refer to timer_after() for jiffies wrapping handling
400 */
401static inline int tkip_replay_check(u32 iv32_n, u16 iv16_n,
402 u32 iv32_o, u16 iv16_o)
403{
404 if ((s32)iv32_n - (s32)iv32_o < 0 ||
405 (iv32_n == iv32_o && iv16_n <= iv16_o))
406 return 1;
407 return 0;
408}
409
274bfb8d 410static int lib80211_tkip_decrypt(struct sk_buff *skb, int hdr_len, void *priv)
b453872c 411{
274bfb8d 412 struct lib80211_tkip_data *tkey = priv;
28eb177d 413 struct blkcipher_desc desc = { .tfm = tkey->rx_tfm_arc4 };
b453872c
JG		 414 u8 rc4key[16];
415 u8 keyidx, *pos;
416 u32 iv32;
417 u16 iv16;
274bfb8d 418 struct ieee80211_hdr *hdr;
b453872c
JG		 419 u8 icv[4];
420 u32 crc;
421 struct scatterlist sg;
422 int plen;
423
274bfb8d 424 hdr = (struct ieee80211_hdr *)skb->data;
20d64713 425
6eb6edf0 426 if (tkey->flags & IEEE80211_CRYPTO_TKIP_COUNTERMEASURES) {
20d64713 427 if (net_ratelimit()) {
9184d934 428 printk(KERN_DEBUG ": TKIP countermeasures: dropped "
e174961c 429 "received packet from %pM\n", hdr->addr2);
20d64713
JK		 430 }
431 return -1;
432 }
433
299af9d3 434 if (skb->len < hdr_len + TKIP_HDR_LEN + 4)
b453872c
JG		 435 return -1;
436
b453872c
JG		 437 pos = skb->data + hdr_len;
438 keyidx = pos[3];
439 if (!(keyidx & (1 << 5))) {
440 if (net_ratelimit()) {
441 printk(KERN_DEBUG "TKIP: received packet without ExtIV"
e174961c 442 " flag from %pM\n", hdr->addr2);
b453872c
JG		 443 }
444 return -2;
445 }
446 keyidx >>= 6;
447 if (tkey->key_idx != keyidx) {
448 printk(KERN_DEBUG "TKIP: RX tkey->key_idx=%d frame "
449 "keyidx=%d priv=%p\n", tkey->key_idx, keyidx, priv);
450 return -6;
451 }
452 if (!tkey->key_set) {
453 if (net_ratelimit()) {
e174961c 454 printk(KERN_DEBUG "TKIP: received packet from %pM"
b453872c 455 " with keyid=%d that does not have a configured"
e174961c 456 " key\n", hdr->addr2, keyidx);
b453872c
JG		 457 }
458 return -3;
459 }
460 iv16 = (pos[0] << 8) | pos[2];
461 iv32 = pos[4] | (pos[5] << 8) | (pos[6] << 16) | (pos[7] << 24);
299af9d3 462 pos += TKIP_HDR_LEN;
b453872c 463
b4328d87 464 if (tkip_replay_check(iv32, iv16, tkey->rx_iv32, tkey->rx_iv16)) {
6f16bf3b 465#ifdef CONFIG_LIB80211_DEBUG
274bfb8d
JL		 466 if (net_ratelimit()) {
467 printk(KERN_DEBUG "TKIP: replay detected: STA=%pM"
b453872c 468 " previous TSC %08x%04x received TSC "
e174961c 469 "%08x%04x\n", hdr->addr2,
b453872c
JG		 470 tkey->rx_iv32, tkey->rx_iv16, iv32, iv16);
471 }
6f16bf3b 472#endif
b453872c
JG		 473 tkey->dot11RSNAStatsTKIPReplays++;
474 return -4;
475 }
476
477 if (iv32 != tkey->rx_iv32 || !tkey->rx_phase1_done) {
478 tkip_mixing_phase1(tkey->rx_ttak, tkey->key, hdr->addr2, iv32);
479 tkey->rx_phase1_done = 1;
480 }
481 tkip_mixing_phase2(rc4key, tkey->key, tkey->rx_ttak, iv16);
482
483 plen = skb->len - hdr_len - 12;
484
28eb177d 485 crypto_blkcipher_setkey(tkey->rx_tfm_arc4, rc4key, 16);
fa05f128 486 sg_init_one(&sg, pos, plen + 4);
f12cc209
HX		 487 if (crypto_blkcipher_decrypt(&desc, &sg, &sg, plen + 4)) {
488 if (net_ratelimit()) {
489 printk(KERN_DEBUG ": TKIP: failed to decrypt "
e174961c
JB		 490 "received packet from %pM\n",
491 hdr->addr2);
f12cc209
HX		 492 }
493 return -7;
494 }
b453872c
JG		 495
496 crc = ~crc32_le(~0, pos, plen);
497 icv[0] = crc;
498 icv[1] = crc >> 8;
499 icv[2] = crc >> 16;
500 icv[3] = crc >> 24;
501 if (memcmp(icv, pos + plen, 4) != 0) {
502 if (iv32 != tkey->rx_iv32) {
503 /* Previously cached Phase1 result was already lost, so
504 * it needs to be recalculated for the next packet. */
505 tkey->rx_phase1_done = 0;
506 }
6f16bf3b 507#ifdef CONFIG_LIB80211_DEBUG
274bfb8d
JL		 508 if (net_ratelimit()) {
509 printk(KERN_DEBUG "TKIP: ICV error detected: STA="
e174961c 510 "%pM\n", hdr->addr2);
b453872c 511 }
6f16bf3b 512#endif
b453872c
JG		 513 tkey->dot11RSNAStatsTKIPICVErrors++;
514 return -5;
515 }
516
517 /* Update real counters only after Michael MIC verification has
518 * completed */
519 tkey->rx_iv32_new = iv32;
520 tkey->rx_iv16_new = iv16;
521
522 /* Remove IV and ICV */
299af9d3
AT		 523 memmove(skb->data + TKIP_HDR_LEN, skb->data, hdr_len);
524 skb_pull(skb, TKIP_HDR_LEN);
b453872c
JG		 525 skb_trim(skb, skb->len - 4);
526
527 return keyidx;
528}
529
28eb177d 530static int michael_mic(struct crypto_hash *tfm_michael, u8 * key, u8 * hdr,
0edd5b44 531 u8 * data, size_t data_len, u8 * mic)
b453872c 532{
35058687 533 struct hash_desc desc;
b453872c
JG		 534 struct scatterlist sg[2];
535
5a656949 536 if (tfm_michael == NULL) {
e9c0268f 537 pr_warn("%s(): tfm_michael == NULL\n", __func__);
b453872c
JG		 538 return -1;
539 }
fa05f128 540 sg_init_table(sg, 2);
642f1490
JA		 541 sg_set_buf(&sg[0], hdr, 16);
542 sg_set_buf(&sg[1], data, data_len);
b453872c 543
28eb177d 544 if (crypto_hash_setkey(tfm_michael, key, 8))
35058687 545 return -1;
b453872c 546
28eb177d 547 desc.tfm = tfm_michael;
35058687
HX		 548 desc.flags = 0;
549 return crypto_hash_digest(&desc, sg, data_len + 16, mic);
b453872c
JG		 550}
551
0edd5b44 552static void michael_mic_hdr(struct sk_buff *skb, u8 * hdr)
b453872c 553{
274bfb8d 554 struct ieee80211_hdr *hdr11;
b453872c 555
274bfb8d 556 hdr11 = (struct ieee80211_hdr *)skb->data;
ea284152 557
274bfb8d 558 switch (le16_to_cpu(hdr11->frame_control) &
b453872c
JG		 559 (IEEE80211_FCTL_FROMDS | IEEE80211_FCTL_TODS)) {
560 case IEEE80211_FCTL_TODS:
0edd5b44
JG		 561 memcpy(hdr, hdr11->addr3, ETH_ALEN); /* DA */
562 memcpy(hdr + ETH_ALEN, hdr11->addr2, ETH_ALEN); /* SA */
b453872c
JG		 563 break;
564 case IEEE80211_FCTL_FROMDS:
0edd5b44
JG		 565 memcpy(hdr, hdr11->addr1, ETH_ALEN); /* DA */
566 memcpy(hdr + ETH_ALEN, hdr11->addr3, ETH_ALEN); /* SA */
b453872c
JG		 567 break;
568 case IEEE80211_FCTL_FROMDS | IEEE80211_FCTL_TODS:
0edd5b44
JG		 569 memcpy(hdr, hdr11->addr3, ETH_ALEN); /* DA */
570 memcpy(hdr + ETH_ALEN, hdr11->addr4, ETH_ALEN); /* SA */
b453872c
JG		 571 break;
572 case 0:
0edd5b44
JG		 573 memcpy(hdr, hdr11->addr1, ETH_ALEN); /* DA */
574 memcpy(hdr + ETH_ALEN, hdr11->addr2, ETH_ALEN); /* SA */
b453872c
JG		 575 break;
576 }
577
274bfb8d 578 if (ieee80211_is_data_qos(hdr11->frame_control)) {
3f6ff6ba 579 hdr[12] = le16_to_cpu(*((__le16 *)ieee80211_get_qos_ctl(hdr11)))
274bfb8d 580 & IEEE80211_QOS_CTL_TID_MASK;
ea284152
ZY		 581 } else
582 hdr[12] = 0; /* priority */
583
0edd5b44 584 hdr[13] = hdr[14] = hdr[15] = 0; /* reserved */
b453872c
JG		 585}
586
274bfb8d 587static int lib80211_michael_mic_add(struct sk_buff *skb, int hdr_len,
0edd5b44 588 void *priv)
b453872c 589{
274bfb8d 590 struct lib80211_tkip_data *tkey = priv;
b453872c
JG		 591 u8 *pos;
592
593 if (skb_tailroom(skb) < 8 || skb->len < hdr_len) {
594 printk(KERN_DEBUG "Invalid packet for Michael MIC add "
595 "(tailroom=%d hdr_len=%d skb->len=%d)\n",
596 skb_tailroom(skb), hdr_len, skb->len);
597 return -1;
598 }
599
600 michael_mic_hdr(skb, tkey->tx_hdr);
601 pos = skb_put(skb, 8);
5a656949 602 if (michael_mic(tkey->tx_tfm_michael, &tkey->key[16], tkey->tx_hdr,
b453872c
JG		 603 skb->data + hdr_len, skb->len - 8 - hdr_len, pos))
604 return -1;
605
606 return 0;
607}
608
274bfb8d
JL		 609static void lib80211_michael_mic_failure(struct net_device *dev,
610 struct ieee80211_hdr *hdr,
ee34af37 611 int keyidx)
b453872c
JG		 612{
613 union iwreq_data wrqu;
614 struct iw_michaelmicfailure ev;
615
616 /* TODO: needed parameters: count, keyid, key type, TSC */
617 memset(&ev, 0, sizeof(ev));
618 ev.flags = keyidx & IW_MICFAILURE_KEY_ID;
619 if (hdr->addr1[0] & 0x01)
620 ev.flags |= IW_MICFAILURE_GROUP;
621 else
622 ev.flags |= IW_MICFAILURE_PAIRWISE;
623 ev.src_addr.sa_family = ARPHRD_ETHER;
624 memcpy(ev.src_addr.sa_data, hdr->addr2, ETH_ALEN);
625 memset(&wrqu, 0, sizeof(wrqu));
626 wrqu.data.length = sizeof(ev);
0edd5b44 627 wireless_send_event(dev, IWEVMICHAELMICFAILURE, &wrqu, (char *)&ev);
b453872c 628}
b453872c 629
274bfb8d 630static int lib80211_michael_mic_verify(struct sk_buff *skb, int keyidx,
0edd5b44 631 int hdr_len, void *priv)
b453872c 632{
274bfb8d 633 struct lib80211_tkip_data *tkey = priv;
b453872c
JG		 634 u8 mic[8];
635
636 if (!tkey->key_set)
637 return -1;
638
639 michael_mic_hdr(skb, tkey->rx_hdr);
5a656949 640 if (michael_mic(tkey->rx_tfm_michael, &tkey->key[24], tkey->rx_hdr,
b453872c
JG		 641 skb->data + hdr_len, skb->len - 8 - hdr_len, mic))
642 return -1;
643 if (memcmp(mic, skb->data + skb->len - 8, 8) != 0) {
274bfb8d
JL		 644 struct ieee80211_hdr *hdr;
645 hdr = (struct ieee80211_hdr *)skb->data;
b453872c 646 printk(KERN_DEBUG "%s: Michael MIC verification failed for "
e174961c
JB		 647 "MSDU from %pM keyidx=%d\n",
648 skb->dev ? skb->dev->name : "N/A", hdr->addr2,
b453872c
JG		 649 keyidx);
650 if (skb->dev)
274bfb8d 651 lib80211_michael_mic_failure(skb->dev, hdr, keyidx);
b453872c
JG		 652 tkey->dot11RSNAStatsTKIPLocalMICFailures++;
653 return -1;
654 }
655
656 /* Update TSC counters for RX now that the packet verification has
657 * completed. */
658 tkey->rx_iv32 = tkey->rx_iv32_new;
659 tkey->rx_iv16 = tkey->rx_iv16_new;
660
661 skb_trim(skb, skb->len - 8);
662
663 return 0;
664}
665
274bfb8d 666static int lib80211_tkip_set_key(void *key, int len, u8 * seq, void *priv)
b453872c 667{
274bfb8d 668 struct lib80211_tkip_data *tkey = priv;
b453872c 669 int keyidx;
28eb177d
JG		 670 struct crypto_hash *tfm = tkey->tx_tfm_michael;
671 struct crypto_blkcipher *tfm2 = tkey->tx_tfm_arc4;
672 struct crypto_hash *tfm3 = tkey->rx_tfm_michael;
673 struct crypto_blkcipher *tfm4 = tkey->rx_tfm_arc4;
b453872c
JG		 674
675 keyidx = tkey->key_idx;
676 memset(tkey, 0, sizeof(*tkey));
677 tkey->key_idx = keyidx;
5a656949
ZY		 678 tkey->tx_tfm_michael = tfm;
679 tkey->tx_tfm_arc4 = tfm2;
680 tkey->rx_tfm_michael = tfm3;
681 tkey->rx_tfm_arc4 = tfm4;
b453872c
JG		 682 if (len == TKIP_KEY_LEN) {
683 memcpy(tkey->key, key, TKIP_KEY_LEN);
684 tkey->key_set = 1;
0edd5b44 685 tkey->tx_iv16 = 1; /* TSC is initialized to 1 */
b453872c
JG		 686 if (seq) {
687 tkey->rx_iv32 = (seq[5] << 24) | (seq[4] << 16) |
0edd5b44 688 (seq[3] << 8) | seq[2];
b453872c
JG		 689 tkey->rx_iv16 = (seq[1] << 8) | seq[0];
690 }
691 } else if (len == 0)
692 tkey->key_set = 0;
693 else
694 return -1;
695
696 return 0;
697}
698
274bfb8d 699static int lib80211_tkip_get_key(void *key, int len, u8 * seq, void *priv)
b453872c 700{
274bfb8d 701 struct lib80211_tkip_data *tkey = priv;
b453872c
JG		 702
703 if (len < TKIP_KEY_LEN)
704 return -1;
705
706 if (!tkey->key_set)
707 return 0;
708 memcpy(key, tkey->key, TKIP_KEY_LEN);
709
710 if (seq) {
711 /* Return the sequence number of the last transmitted frame. */
712 u16 iv16 = tkey->tx_iv16;
713 u32 iv32 = tkey->tx_iv32;
714 if (iv16 == 0)
715 iv32--;
716 iv16--;
717 seq[0] = tkey->tx_iv16;
718 seq[1] = tkey->tx_iv16 >> 8;
719 seq[2] = tkey->tx_iv32;
720 seq[3] = tkey->tx_iv32 >> 8;
721 seq[4] = tkey->tx_iv32 >> 16;
722 seq[5] = tkey->tx_iv32 >> 24;
723 }
724
725 return TKIP_KEY_LEN;
726}
727
274bfb8d 728static char *lib80211_tkip_print_stats(char *p, void *priv)
b453872c 729{
274bfb8d 730 struct lib80211_tkip_data *tkip = priv;
b453872c
JG		 731 p += sprintf(p, "key[%d] alg=TKIP key_set=%d "
732 "tx_pn=%02x%02x%02x%02x%02x%02x "
733 "rx_pn=%02x%02x%02x%02x%02x%02x "
734 "replays=%d icv_errors=%d local_mic_failures=%d\n",
735 tkip->key_idx, tkip->key_set,
736 (tkip->tx_iv32 >> 24) & 0xff,
737 (tkip->tx_iv32 >> 16) & 0xff,
738 (tkip->tx_iv32 >> 8) & 0xff,
739 tkip->tx_iv32 & 0xff,
740 (tkip->tx_iv16 >> 8) & 0xff,
741 tkip->tx_iv16 & 0xff,
742 (tkip->rx_iv32 >> 24) & 0xff,
743 (tkip->rx_iv32 >> 16) & 0xff,
744 (tkip->rx_iv32 >> 8) & 0xff,
745 tkip->rx_iv32 & 0xff,
746 (tkip->rx_iv16 >> 8) & 0xff,
747 tkip->rx_iv16 & 0xff,
748 tkip->dot11RSNAStatsTKIPReplays,
749 tkip->dot11RSNAStatsTKIPICVErrors,
750 tkip->dot11RSNAStatsTKIPLocalMICFailures);
751 return p;
752}
753
274bfb8d 754static struct lib80211_crypto_ops lib80211_crypt_tkip = {
74079fdc 755 .name = "TKIP",
274bfb8d
JL		 756 .init = lib80211_tkip_init,
757 .deinit = lib80211_tkip_deinit,
274bfb8d
JL		 758 .encrypt_mpdu = lib80211_tkip_encrypt,
759 .decrypt_mpdu = lib80211_tkip_decrypt,
760 .encrypt_msdu = lib80211_michael_mic_add,
761 .decrypt_msdu = lib80211_michael_mic_verify,
762 .set_key = lib80211_tkip_set_key,
763 .get_key = lib80211_tkip_get_key,
764 .print_stats = lib80211_tkip_print_stats,
1264fc04
JK		 765 .extra_mpdu_prefix_len = 4 + 4, /* IV + ExtIV */
766 .extra_mpdu_postfix_len = 4, /* ICV */
767 .extra_msdu_postfix_len = 8, /* MIC */
274bfb8d
JL		 768 .get_flags = lib80211_tkip_get_flags,
769 .set_flags = lib80211_tkip_set_flags,
74079fdc 770 .owner = THIS_MODULE,
b453872c
JG		 771};
772
274bfb8d 773static int __init lib80211_crypto_tkip_init(void)
b453872c 774{
274bfb8d 775 return lib80211_register_crypto_ops(&lib80211_crypt_tkip);
b453872c
JG		 776}
777
274bfb8d 778static void __exit lib80211_crypto_tkip_exit(void)
b453872c 779{
274bfb8d 780 lib80211_unregister_crypto_ops(&lib80211_crypt_tkip);
b453872c
JG		 781}
782
274bfb8d
JL		 783module_init(lib80211_crypto_tkip_init);
784module_exit(lib80211_crypto_tkip_exit);
Linux kernel - Deliverables
This page took 0.640325 seconds and 5 git commands to generate.