1 /* 2 * Host AP crypt: host-based TKIP encryption implementation for Host AP driver 3 * 4 * Copyright (c) 2003-2004, Jouni Malinen <jkmaline@cc.hut.fi> 5 * 6 * This program is free software; you can redistribute it and/or modify 7 * it under the terms of the GNU General Public License version 2 as 8 * published by the Free Software Foundation. See README and COPYING for 9 * more details. 10 */ 11 12 #include <crypto/hash.h> 13 #include <crypto/skcipher.h> 14 #include <linux/module.h> 15 #include <linux/init.h> 16 #include <linux/slab.h> 17 #include <linux/random.h> 18 #include <linux/skbuff.h> 19 #include <linux/netdevice.h> 20 #include <linux/if_ether.h> 21 #include <linux/if_arp.h> 22 #include <linux/string.h> 23 #include <linux/scatterlist.h> 24 #include <linux/crc32.h> 25 #include <linux/etherdevice.h> 26 27 #include "rtllib.h" 28 29 struct rtllib_tkip_data { 30 #define TKIP_KEY_LEN 32 31 u8 key[TKIP_KEY_LEN]; 32 int key_set; 33 34 u32 tx_iv32; 35 u16 tx_iv16; 36 u16 tx_ttak[5]; 37 int tx_phase1_done; 38 39 u32 rx_iv32; 40 u16 rx_iv16; 41 bool initialized; 42 u16 rx_ttak[5]; 43 int rx_phase1_done; 44 u32 rx_iv32_new; 45 u16 rx_iv16_new; 46 47 u32 dot11RSNAStatsTKIPReplays; 48 u32 dot11RSNAStatsTKIPICVErrors; 49 u32 dot11RSNAStatsTKIPLocalMICFailures; 50 51 int key_idx; 52 struct crypto_skcipher *rx_tfm_arc4; 53 struct crypto_ahash *rx_tfm_michael; 54 struct crypto_skcipher *tx_tfm_arc4; 55 struct crypto_ahash *tx_tfm_michael; 56 /* scratch buffers for virt_to_page() (crypto API) */ 57 u8 rx_hdr[16]; 58 u8 tx_hdr[16]; 59 }; 60 61 static void *rtllib_tkip_init(int key_idx) 62 { 63 struct rtllib_tkip_data *priv; 64 65 priv = kzalloc(sizeof(*priv), GFP_ATOMIC); 66 if (priv == NULL) 67 goto fail; 68 priv->key_idx = key_idx; 69 priv->tx_tfm_arc4 = crypto_alloc_skcipher("ecb(arc4)", 0, 70 CRYPTO_ALG_ASYNC); 71 if (IS_ERR(priv->tx_tfm_arc4)) { 72 pr_debug("Could not allocate crypto API arc4\n"); 73 priv->tx_tfm_arc4 = NULL; 74 goto fail; 75 } 76 77 priv->tx_tfm_michael = crypto_alloc_ahash("michael_mic", 0, 78 CRYPTO_ALG_ASYNC); 79 if (IS_ERR(priv->tx_tfm_michael)) { 80 pr_debug("Could not allocate crypto API michael_mic\n"); 81 priv->tx_tfm_michael = NULL; 82 goto fail; 83 } 84 85 priv->rx_tfm_arc4 = crypto_alloc_skcipher("ecb(arc4)", 0, 86 CRYPTO_ALG_ASYNC); 87 if (IS_ERR(priv->rx_tfm_arc4)) { 88 pr_debug("Could not allocate crypto API arc4\n"); 89 priv->rx_tfm_arc4 = NULL; 90 goto fail; 91 } 92 93 priv->rx_tfm_michael = crypto_alloc_ahash("michael_mic", 0, 94 CRYPTO_ALG_ASYNC); 95 if (IS_ERR(priv->rx_tfm_michael)) { 96 pr_debug("Could not allocate crypto API michael_mic\n"); 97 priv->rx_tfm_michael = NULL; 98 goto fail; 99 } 100 return priv; 101 102 fail: 103 if (priv) { 104 crypto_free_ahash(priv->tx_tfm_michael); 105 crypto_free_skcipher(priv->tx_tfm_arc4); 106 crypto_free_ahash(priv->rx_tfm_michael); 107 crypto_free_skcipher(priv->rx_tfm_arc4); 108 kfree(priv); 109 } 110 111 return NULL; 112 } 113 114 115 static void rtllib_tkip_deinit(void *priv) 116 { 117 struct rtllib_tkip_data *_priv = priv; 118 119 if (_priv) { 120 crypto_free_ahash(_priv->tx_tfm_michael); 121 crypto_free_skcipher(_priv->tx_tfm_arc4); 122 crypto_free_ahash(_priv->rx_tfm_michael); 123 crypto_free_skcipher(_priv->rx_tfm_arc4); 124 } 125 kfree(priv); 126 } 127 128 129 static inline u16 RotR1(u16 val) 130 { 131 return (val >> 1) | (val << 15); 132 } 133 134 135 static inline u8 Lo8(u16 val) 136 { 137 return val & 0xff; 138 } 139 140 141 static inline u8 Hi8(u16 val) 142 { 143 return val >> 8; 144 } 145 146 147 static inline u16 Lo16(u32 val) 148 { 149 return val & 0xffff; 150 } 151 152 153 static inline u16 Hi16(u32 val) 154 { 155 return val >> 16; 156 } 157 158 159 static inline u16 Mk16(u8 hi, u8 lo) 160 { 161 return lo | (((u16) hi) << 8); 162 } 163 164 165 static inline u16 Mk16_le(u16 *v) 166 { 167 return *v; 168 } 169 170 171 static const u16 Sbox[256] = { 172 0xC6A5, 0xF884, 0xEE99, 0xF68D, 0xFF0D, 0xD6BD, 0xDEB1, 0x9154, 173 0x6050, 0x0203, 0xCEA9, 0x567D, 0xE719, 0xB562, 0x4DE6, 0xEC9A, 174 0x8F45, 0x1F9D, 0x8940, 0xFA87, 0xEF15, 0xB2EB, 0x8EC9, 0xFB0B, 175 0x41EC, 0xB367, 0x5FFD, 0x45EA, 0x23BF, 0x53F7, 0xE496, 0x9B5B, 176 0x75C2, 0xE11C, 0x3DAE, 0x4C6A, 0x6C5A, 0x7E41, 0xF502, 0x834F, 177 0x685C, 0x51F4, 0xD134, 0xF908, 0xE293, 0xAB73, 0x6253, 0x2A3F, 178 0x080C, 0x9552, 0x4665, 0x9D5E, 0x3028, 0x37A1, 0x0A0F, 0x2FB5, 179 0x0E09, 0x2436, 0x1B9B, 0xDF3D, 0xCD26, 0x4E69, 0x7FCD, 0xEA9F, 180 0x121B, 0x1D9E, 0x5874, 0x342E, 0x362D, 0xDCB2, 0xB4EE, 0x5BFB, 181 0xA4F6, 0x764D, 0xB761, 0x7DCE, 0x527B, 0xDD3E, 0x5E71, 0x1397, 182 0xA6F5, 0xB968, 0x0000, 0xC12C, 0x4060, 0xE31F, 0x79C8, 0xB6ED, 183 0xD4BE, 0x8D46, 0x67D9, 0x724B, 0x94DE, 0x98D4, 0xB0E8, 0x854A, 184 0xBB6B, 0xC52A, 0x4FE5, 0xED16, 0x86C5, 0x9AD7, 0x6655, 0x1194, 185 0x8ACF, 0xE910, 0x0406, 0xFE81, 0xA0F0, 0x7844, 0x25BA, 0x4BE3, 186 0xA2F3, 0x5DFE, 0x80C0, 0x058A, 0x3FAD, 0x21BC, 0x7048, 0xF104, 187 0x63DF, 0x77C1, 0xAF75, 0x4263, 0x2030, 0xE51A, 0xFD0E, 0xBF6D, 188 0x814C, 0x1814, 0x2635, 0xC32F, 0xBEE1, 0x35A2, 0x88CC, 0x2E39, 189 0x9357, 0x55F2, 0xFC82, 0x7A47, 0xC8AC, 0xBAE7, 0x322B, 0xE695, 190 0xC0A0, 0x1998, 0x9ED1, 0xA37F, 0x4466, 0x547E, 0x3BAB, 0x0B83, 191 0x8CCA, 0xC729, 0x6BD3, 0x283C, 0xA779, 0xBCE2, 0x161D, 0xAD76, 192 0xDB3B, 0x6456, 0x744E, 0x141E, 0x92DB, 0x0C0A, 0x486C, 0xB8E4, 193 0x9F5D, 0xBD6E, 0x43EF, 0xC4A6, 0x39A8, 0x31A4, 0xD337, 0xF28B, 194 0xD532, 0x8B43, 0x6E59, 0xDAB7, 0x018C, 0xB164, 0x9CD2, 0x49E0, 195 0xD8B4, 0xACFA, 0xF307, 0xCF25, 0xCAAF, 0xF48E, 0x47E9, 0x1018, 196 0x6FD5, 0xF088, 0x4A6F, 0x5C72, 0x3824, 0x57F1, 0x73C7, 0x9751, 197 0xCB23, 0xA17C, 0xE89C, 0x3E21, 0x96DD, 0x61DC, 0x0D86, 0x0F85, 198 0xE090, 0x7C42, 0x71C4, 0xCCAA, 0x90D8, 0x0605, 0xF701, 0x1C12, 199 0xC2A3, 0x6A5F, 0xAEF9, 0x69D0, 0x1791, 0x9958, 0x3A27, 0x27B9, 200 0xD938, 0xEB13, 0x2BB3, 0x2233, 0xD2BB, 0xA970, 0x0789, 0x33A7, 201 0x2DB6, 0x3C22, 0x1592, 0xC920, 0x8749, 0xAAFF, 0x5078, 0xA57A, 202 0x038F, 0x59F8, 0x0980, 0x1A17, 0x65DA, 0xD731, 0x84C6, 0xD0B8, 203 0x82C3, 0x29B0, 0x5A77, 0x1E11, 0x7BCB, 0xA8FC, 0x6DD6, 0x2C3A, 204 }; 205 206 207 static inline u16 _S_(u16 v) 208 { 209 u16 t = Sbox[Hi8(v)]; 210 return Sbox[Lo8(v)] ^ ((t << 8) | (t >> 8)); 211 } 212 213 214 #define PHASE1_LOOP_COUNT 8 215 216 217 static void tkip_mixing_phase1(u16 *TTAK, const u8 *TK, const u8 *TA, u32 IV32) 218 { 219 int i, j; 220 221 /* Initialize the 80-bit TTAK from TSC (IV32) and TA[0..5] */ 222 TTAK[0] = Lo16(IV32); 223 TTAK[1] = Hi16(IV32); 224 TTAK[2] = Mk16(TA[1], TA[0]); 225 TTAK[3] = Mk16(TA[3], TA[2]); 226 TTAK[4] = Mk16(TA[5], TA[4]); 227 228 for (i = 0; i < PHASE1_LOOP_COUNT; i++) { 229 j = 2 * (i & 1); 230 TTAK[0] += _S_(TTAK[4] ^ Mk16(TK[1 + j], TK[0 + j])); 231 TTAK[1] += _S_(TTAK[0] ^ Mk16(TK[5 + j], TK[4 + j])); 232 TTAK[2] += _S_(TTAK[1] ^ Mk16(TK[9 + j], TK[8 + j])); 233 TTAK[3] += _S_(TTAK[2] ^ Mk16(TK[13 + j], TK[12 + j])); 234 TTAK[4] += _S_(TTAK[3] ^ Mk16(TK[1 + j], TK[0 + j])) + i; 235 } 236 } 237 238 239 static void tkip_mixing_phase2(u8 *WEPSeed, const u8 *TK, const u16 *TTAK, 240 u16 IV16) 241 { 242 /* Make temporary area overlap WEP seed so that the final copy can be 243 * avoided on little endian hosts. 244 */ 245 u16 *PPK = (u16 *) &WEPSeed[4]; 246 247 /* Step 1 - make copy of TTAK and bring in TSC */ 248 PPK[0] = TTAK[0]; 249 PPK[1] = TTAK[1]; 250 PPK[2] = TTAK[2]; 251 PPK[3] = TTAK[3]; 252 PPK[4] = TTAK[4]; 253 PPK[5] = TTAK[4] + IV16; 254 255 /* Step 2 - 96-bit bijective mixing using S-box */ 256 PPK[0] += _S_(PPK[5] ^ Mk16_le((u16 *) &TK[0])); 257 PPK[1] += _S_(PPK[0] ^ Mk16_le((u16 *) &TK[2])); 258 PPK[2] += _S_(PPK[1] ^ Mk16_le((u16 *) &TK[4])); 259 PPK[3] += _S_(PPK[2] ^ Mk16_le((u16 *) &TK[6])); 260 PPK[4] += _S_(PPK[3] ^ Mk16_le((u16 *) &TK[8])); 261 PPK[5] += _S_(PPK[4] ^ Mk16_le((u16 *) &TK[10])); 262 263 PPK[0] += RotR1(PPK[5] ^ Mk16_le((u16 *) &TK[12])); 264 PPK[1] += RotR1(PPK[0] ^ Mk16_le((u16 *) &TK[14])); 265 PPK[2] += RotR1(PPK[1]); 266 PPK[3] += RotR1(PPK[2]); 267 PPK[4] += RotR1(PPK[3]); 268 PPK[5] += RotR1(PPK[4]); 269 270 /* Step 3 - bring in last of TK bits, assign 24-bit WEP IV value 271 * WEPSeed[0..2] is transmitted as WEP IV 272 */ 273 WEPSeed[0] = Hi8(IV16); 274 WEPSeed[1] = (Hi8(IV16) | 0x20) & 0x7F; 275 WEPSeed[2] = Lo8(IV16); 276 WEPSeed[3] = Lo8((PPK[5] ^ Mk16_le((u16 *) &TK[0])) >> 1); 277 278 #ifdef __BIG_ENDIAN 279 { 280 int i; 281 282 for (i = 0; i < 6; i++) 283 PPK[i] = (PPK[i] << 8) | (PPK[i] >> 8); 284 } 285 #endif 286 } 287 288 289 static int rtllib_tkip_encrypt(struct sk_buff *skb, int hdr_len, void *priv) 290 { 291 struct rtllib_tkip_data *tkey = priv; 292 int len; 293 u8 *pos; 294 struct rtllib_hdr_4addr *hdr; 295 struct cb_desc *tcb_desc = (struct cb_desc *)(skb->cb + 296 MAX_DEV_ADDR_SIZE); 297 int ret = 0; 298 u8 rc4key[16], *icv; 299 u32 crc; 300 struct scatterlist sg; 301 302 if (skb_headroom(skb) < 8 || skb_tailroom(skb) < 4 || 303 skb->len < hdr_len) 304 return -1; 305 306 hdr = (struct rtllib_hdr_4addr *) skb->data; 307 308 if (!tcb_desc->bHwSec) { 309 if (!tkey->tx_phase1_done) { 310 tkip_mixing_phase1(tkey->tx_ttak, tkey->key, hdr->addr2, 311 tkey->tx_iv32); 312 tkey->tx_phase1_done = 1; 313 } 314 tkip_mixing_phase2(rc4key, tkey->key, tkey->tx_ttak, 315 tkey->tx_iv16); 316 } else 317 tkey->tx_phase1_done = 1; 318 319 320 len = skb->len - hdr_len; 321 pos = skb_push(skb, 8); 322 memmove(pos, pos + 8, hdr_len); 323 pos += hdr_len; 324 325 if (tcb_desc->bHwSec) { 326 *pos++ = Hi8(tkey->tx_iv16); 327 *pos++ = (Hi8(tkey->tx_iv16) | 0x20) & 0x7F; 328 *pos++ = Lo8(tkey->tx_iv16); 329 } else { 330 *pos++ = rc4key[0]; 331 *pos++ = rc4key[1]; 332 *pos++ = rc4key[2]; 333 } 334 335 *pos++ = (tkey->key_idx << 6) | (1 << 5) /* Ext IV included */; 336 *pos++ = tkey->tx_iv32 & 0xff; 337 *pos++ = (tkey->tx_iv32 >> 8) & 0xff; 338 *pos++ = (tkey->tx_iv32 >> 16) & 0xff; 339 *pos++ = (tkey->tx_iv32 >> 24) & 0xff; 340 341 if (!tcb_desc->bHwSec) { 342 SKCIPHER_REQUEST_ON_STACK(req, tkey->tx_tfm_arc4); 343 344 icv = skb_put(skb, 4); 345 crc = ~crc32_le(~0, pos, len); 346 icv[0] = crc; 347 icv[1] = crc >> 8; 348 icv[2] = crc >> 16; 349 icv[3] = crc >> 24; 350 351 sg_init_one(&sg, pos, len+4); 352 353 354 crypto_skcipher_setkey(tkey->tx_tfm_arc4, rc4key, 16); 355 skcipher_request_set_tfm(req, tkey->tx_tfm_arc4); 356 skcipher_request_set_callback(req, 0, NULL, NULL); 357 skcipher_request_set_crypt(req, &sg, &sg, len + 4, NULL); 358 ret = crypto_skcipher_encrypt(req); 359 skcipher_request_zero(req); 360 } 361 362 tkey->tx_iv16++; 363 if (tkey->tx_iv16 == 0) { 364 tkey->tx_phase1_done = 0; 365 tkey->tx_iv32++; 366 } 367 368 if (!tcb_desc->bHwSec) 369 return ret; 370 return 0; 371 372 373 } 374 375 static int rtllib_tkip_decrypt(struct sk_buff *skb, int hdr_len, void *priv) 376 { 377 struct rtllib_tkip_data *tkey = priv; 378 u8 keyidx, *pos; 379 u32 iv32; 380 u16 iv16; 381 struct rtllib_hdr_4addr *hdr; 382 struct cb_desc *tcb_desc = (struct cb_desc *)(skb->cb + 383 MAX_DEV_ADDR_SIZE); 384 u8 rc4key[16]; 385 u8 icv[4]; 386 u32 crc; 387 struct scatterlist sg; 388 int plen; 389 int err; 390 391 if (skb->len < hdr_len + 8 + 4) 392 return -1; 393 394 hdr = (struct rtllib_hdr_4addr *) skb->data; 395 pos = skb->data + hdr_len; 396 keyidx = pos[3]; 397 if (!(keyidx & (1 << 5))) { 398 if (net_ratelimit()) { 399 netdev_dbg(skb->dev, 400 "Received packet without ExtIV flag from %pM\n", 401 hdr->addr2); 402 } 403 return -2; 404 } 405 keyidx >>= 6; 406 if (tkey->key_idx != keyidx) { 407 netdev_dbg(skb->dev, 408 "RX tkey->key_idx=%d frame keyidx=%d priv=%p\n", 409 tkey->key_idx, keyidx, priv); 410 return -6; 411 } 412 if (!tkey->key_set) { 413 if (net_ratelimit()) { 414 netdev_dbg(skb->dev, 415 "Received packet from %pM with keyid=%d that does not have a configured key\n", 416 hdr->addr2, keyidx); 417 } 418 return -3; 419 } 420 iv16 = (pos[0] << 8) | pos[2]; 421 iv32 = pos[4] | (pos[5] << 8) | (pos[6] << 16) | (pos[7] << 24); 422 pos += 8; 423 424 if (!tcb_desc->bHwSec || (skb->cb[0] == 1)) { 425 SKCIPHER_REQUEST_ON_STACK(req, tkey->rx_tfm_arc4); 426 427 if ((iv32 < tkey->rx_iv32 || 428 (iv32 == tkey->rx_iv32 && iv16 <= tkey->rx_iv16)) && 429 tkey->initialized) { 430 if (net_ratelimit()) { 431 netdev_dbg(skb->dev, 432 "Replay detected: STA= %pM previous TSC %08x%04x received TSC %08x%04x\n", 433 hdr->addr2, tkey->rx_iv32, 434 tkey->rx_iv16, iv32, iv16); 435 } 436 tkey->dot11RSNAStatsTKIPReplays++; 437 return -4; 438 } 439 tkey->initialized = true; 440 441 if (iv32 != tkey->rx_iv32 || !tkey->rx_phase1_done) { 442 tkip_mixing_phase1(tkey->rx_ttak, tkey->key, 443 hdr->addr2, iv32); 444 tkey->rx_phase1_done = 1; 445 } 446 tkip_mixing_phase2(rc4key, tkey->key, tkey->rx_ttak, iv16); 447 448 plen = skb->len - hdr_len - 12; 449 450 sg_init_one(&sg, pos, plen+4); 451 452 crypto_skcipher_setkey(tkey->rx_tfm_arc4, rc4key, 16); 453 skcipher_request_set_tfm(req, tkey->rx_tfm_arc4); 454 skcipher_request_set_callback(req, 0, NULL, NULL); 455 skcipher_request_set_crypt(req, &sg, &sg, plen + 4, NULL); 456 err = crypto_skcipher_decrypt(req); 457 skcipher_request_zero(req); 458 if (err) { 459 if (net_ratelimit()) { 460 netdev_dbg(skb->dev, 461 "Failed to decrypt received packet from %pM\n", 462 hdr->addr2); 463 } 464 return -7; 465 } 466 467 crc = ~crc32_le(~0, pos, plen); 468 icv[0] = crc; 469 icv[1] = crc >> 8; 470 icv[2] = crc >> 16; 471 icv[3] = crc >> 24; 472 473 if (memcmp(icv, pos + plen, 4) != 0) { 474 if (iv32 != tkey->rx_iv32) { 475 /* Previously cached Phase1 result was already 476 * lost, so it needs to be recalculated for the 477 * next packet. 478 */ 479 tkey->rx_phase1_done = 0; 480 } 481 if (net_ratelimit()) { 482 netdev_dbg(skb->dev, 483 "ICV error detected: STA= %pM\n", 484 hdr->addr2); 485 } 486 tkey->dot11RSNAStatsTKIPICVErrors++; 487 return -5; 488 } 489 490 } 491 492 /* Update real counters only after Michael MIC verification has 493 * completed 494 */ 495 tkey->rx_iv32_new = iv32; 496 tkey->rx_iv16_new = iv16; 497 498 /* Remove IV and ICV */ 499 memmove(skb->data + 8, skb->data, hdr_len); 500 skb_pull(skb, 8); 501 skb_trim(skb, skb->len - 4); 502 503 return keyidx; 504 } 505 506 507 static int michael_mic(struct crypto_ahash *tfm_michael, u8 *key, u8 *hdr, 508 u8 *data, size_t data_len, u8 *mic) 509 { 510 AHASH_REQUEST_ON_STACK(req, tfm_michael); 511 struct scatterlist sg[2]; 512 int err; 513 514 if (tfm_michael == NULL) { 515 pr_warn("michael_mic: tfm_michael == NULL\n"); 516 return -1; 517 } 518 sg_init_table(sg, 2); 519 sg_set_buf(&sg[0], hdr, 16); 520 sg_set_buf(&sg[1], data, data_len); 521 522 if (crypto_ahash_setkey(tfm_michael, key, 8)) 523 return -1; 524 525 ahash_request_set_tfm(req, tfm_michael); 526 ahash_request_set_callback(req, 0, NULL, NULL); 527 ahash_request_set_crypt(req, sg, mic, data_len + 16); 528 err = crypto_ahash_digest(req); 529 ahash_request_zero(req); 530 return err; 531 } 532 533 static void michael_mic_hdr(struct sk_buff *skb, u8 *hdr) 534 { 535 struct rtllib_hdr_4addr *hdr11; 536 537 hdr11 = (struct rtllib_hdr_4addr *) skb->data; 538 switch (le16_to_cpu(hdr11->frame_ctl) & 539 (RTLLIB_FCTL_FROMDS | RTLLIB_FCTL_TODS)) { 540 case RTLLIB_FCTL_TODS: 541 ether_addr_copy(hdr, hdr11->addr3); /* DA */ 542 ether_addr_copy(hdr + ETH_ALEN, hdr11->addr2); /* SA */ 543 break; 544 case RTLLIB_FCTL_FROMDS: 545 ether_addr_copy(hdr, hdr11->addr1); /* DA */ 546 ether_addr_copy(hdr + ETH_ALEN, hdr11->addr3); /* SA */ 547 break; 548 case RTLLIB_FCTL_FROMDS | RTLLIB_FCTL_TODS: 549 ether_addr_copy(hdr, hdr11->addr3); /* DA */ 550 ether_addr_copy(hdr + ETH_ALEN, hdr11->addr4); /* SA */ 551 break; 552 case 0: 553 ether_addr_copy(hdr, hdr11->addr1); /* DA */ 554 ether_addr_copy(hdr + ETH_ALEN, hdr11->addr2); /* SA */ 555 break; 556 } 557 558 hdr[12] = 0; /* priority */ 559 560 hdr[13] = hdr[14] = hdr[15] = 0; /* reserved */ 561 } 562 563 564 static int rtllib_michael_mic_add(struct sk_buff *skb, int hdr_len, void *priv) 565 { 566 struct rtllib_tkip_data *tkey = priv; 567 u8 *pos; 568 struct rtllib_hdr_4addr *hdr; 569 570 hdr = (struct rtllib_hdr_4addr *) skb->data; 571 572 if (skb_tailroom(skb) < 8 || skb->len < hdr_len) { 573 netdev_dbg(skb->dev, 574 "Invalid packet for Michael MIC add (tailroom=%d hdr_len=%d skb->len=%d)\n", 575 skb_tailroom(skb), hdr_len, skb->len); 576 return -1; 577 } 578 579 michael_mic_hdr(skb, tkey->tx_hdr); 580 581 if (RTLLIB_QOS_HAS_SEQ(le16_to_cpu(hdr->frame_ctl))) 582 tkey->tx_hdr[12] = *(skb->data + hdr_len - 2) & 0x07; 583 pos = skb_put(skb, 8); 584 if (michael_mic(tkey->tx_tfm_michael, &tkey->key[16], tkey->tx_hdr, 585 skb->data + hdr_len, skb->len - 8 - hdr_len, pos)) 586 return -1; 587 588 return 0; 589 } 590 591 592 static void rtllib_michael_mic_failure(struct net_device *dev, 593 struct rtllib_hdr_4addr *hdr, 594 int keyidx) 595 { 596 union iwreq_data wrqu; 597 struct iw_michaelmicfailure ev; 598 599 /* TODO: needed parameters: count, keyid, key type, TSC */ 600 memset(&ev, 0, sizeof(ev)); 601 ev.flags = keyidx & IW_MICFAILURE_KEY_ID; 602 if (hdr->addr1[0] & 0x01) 603 ev.flags |= IW_MICFAILURE_GROUP; 604 else 605 ev.flags |= IW_MICFAILURE_PAIRWISE; 606 ev.src_addr.sa_family = ARPHRD_ETHER; 607 ether_addr_copy(ev.src_addr.sa_data, hdr->addr2); 608 memset(&wrqu, 0, sizeof(wrqu)); 609 wrqu.data.length = sizeof(ev); 610 wireless_send_event(dev, IWEVMICHAELMICFAILURE, &wrqu, (char *) &ev); 611 } 612 613 static int rtllib_michael_mic_verify(struct sk_buff *skb, int keyidx, 614 int hdr_len, void *priv) 615 { 616 struct rtllib_tkip_data *tkey = priv; 617 u8 mic[8]; 618 struct rtllib_hdr_4addr *hdr; 619 620 hdr = (struct rtllib_hdr_4addr *) skb->data; 621 622 if (!tkey->key_set) 623 return -1; 624 625 michael_mic_hdr(skb, tkey->rx_hdr); 626 if (RTLLIB_QOS_HAS_SEQ(le16_to_cpu(hdr->frame_ctl))) 627 tkey->rx_hdr[12] = *(skb->data + hdr_len - 2) & 0x07; 628 629 if (michael_mic(tkey->rx_tfm_michael, &tkey->key[24], tkey->rx_hdr, 630 skb->data + hdr_len, skb->len - 8 - hdr_len, mic)) 631 return -1; 632 633 if (memcmp(mic, skb->data + skb->len - 8, 8) != 0) { 634 struct rtllib_hdr_4addr *hdr; 635 636 hdr = (struct rtllib_hdr_4addr *) skb->data; 637 netdev_dbg(skb->dev, 638 "Michael MIC verification failed for MSDU from %pM keyidx=%d\n", 639 hdr->addr2, keyidx); 640 netdev_dbg(skb->dev, "%d\n", 641 memcmp(mic, skb->data + skb->len - 8, 8) != 0); 642 if (skb->dev) { 643 pr_info("skb->dev != NULL\n"); 644 rtllib_michael_mic_failure(skb->dev, hdr, keyidx); 645 } 646 tkey->dot11RSNAStatsTKIPLocalMICFailures++; 647 return -1; 648 } 649 650 /* Update TSC counters for RX now that the packet verification has 651 * completed. 652 */ 653 tkey->rx_iv32 = tkey->rx_iv32_new; 654 tkey->rx_iv16 = tkey->rx_iv16_new; 655 656 skb_trim(skb, skb->len - 8); 657 658 return 0; 659 } 660 661 662 static int rtllib_tkip_set_key(void *key, int len, u8 *seq, void *priv) 663 { 664 struct rtllib_tkip_data *tkey = priv; 665 int keyidx; 666 struct crypto_ahash *tfm = tkey->tx_tfm_michael; 667 struct crypto_skcipher *tfm2 = tkey->tx_tfm_arc4; 668 struct crypto_ahash *tfm3 = tkey->rx_tfm_michael; 669 struct crypto_skcipher *tfm4 = tkey->rx_tfm_arc4; 670 671 keyidx = tkey->key_idx; 672 memset(tkey, 0, sizeof(*tkey)); 673 tkey->key_idx = keyidx; 674 tkey->tx_tfm_michael = tfm; 675 tkey->tx_tfm_arc4 = tfm2; 676 tkey->rx_tfm_michael = tfm3; 677 tkey->rx_tfm_arc4 = tfm4; 678 679 if (len == TKIP_KEY_LEN) { 680 memcpy(tkey->key, key, TKIP_KEY_LEN); 681 tkey->key_set = 1; 682 tkey->tx_iv16 = 1; /* TSC is initialized to 1 */ 683 if (seq) { 684 tkey->rx_iv32 = (seq[5] << 24) | (seq[4] << 16) | 685 (seq[3] << 8) | seq[2]; 686 tkey->rx_iv16 = (seq[1] << 8) | seq[0]; 687 } 688 } else if (len == 0) 689 tkey->key_set = 0; 690 else 691 return -1; 692 693 return 0; 694 } 695 696 697 static int rtllib_tkip_get_key(void *key, int len, u8 *seq, void *priv) 698 { 699 struct rtllib_tkip_data *tkey = priv; 700 701 if (len < TKIP_KEY_LEN) 702 return -1; 703 704 if (!tkey->key_set) 705 return 0; 706 memcpy(key, tkey->key, TKIP_KEY_LEN); 707 708 if (seq) { 709 /* Return the sequence number of the last transmitted frame. */ 710 u16 iv16 = tkey->tx_iv16; 711 u32 iv32 = tkey->tx_iv32; 712 713 if (iv16 == 0) 714 iv32--; 715 iv16--; 716 seq[0] = tkey->tx_iv16; 717 seq[1] = tkey->tx_iv16 >> 8; 718 seq[2] = tkey->tx_iv32; 719 seq[3] = tkey->tx_iv32 >> 8; 720 seq[4] = tkey->tx_iv32 >> 16; 721 seq[5] = tkey->tx_iv32 >> 24; 722 } 723 724 return TKIP_KEY_LEN; 725 } 726 727 728 static void rtllib_tkip_print_stats(struct seq_file *m, void *priv) 729 { 730 struct rtllib_tkip_data *tkip = priv; 731 732 seq_printf(m, 733 "key[%d] alg=TKIP key_set=%d tx_pn=%02x%02x%02x%02x%02x%02x rx_pn=%02x%02x%02x%02x%02x%02x replays=%d icv_errors=%d local_mic_failures=%d\n", 734 tkip->key_idx, tkip->key_set, 735 (tkip->tx_iv32 >> 24) & 0xff, 736 (tkip->tx_iv32 >> 16) & 0xff, 737 (tkip->tx_iv32 >> 8) & 0xff, 738 tkip->tx_iv32 & 0xff, 739 (tkip->tx_iv16 >> 8) & 0xff, 740 tkip->tx_iv16 & 0xff, 741 (tkip->rx_iv32 >> 24) & 0xff, 742 (tkip->rx_iv32 >> 16) & 0xff, 743 (tkip->rx_iv32 >> 8) & 0xff, 744 tkip->rx_iv32 & 0xff, 745 (tkip->rx_iv16 >> 8) & 0xff, 746 tkip->rx_iv16 & 0xff, 747 tkip->dot11RSNAStatsTKIPReplays, 748 tkip->dot11RSNAStatsTKIPICVErrors, 749 tkip->dot11RSNAStatsTKIPLocalMICFailures); 750 } 751 752 static struct lib80211_crypto_ops rtllib_crypt_tkip = { 753 .name = "R-TKIP", 754 .init = rtllib_tkip_init, 755 .deinit = rtllib_tkip_deinit, 756 .encrypt_mpdu = rtllib_tkip_encrypt, 757 .decrypt_mpdu = rtllib_tkip_decrypt, 758 .encrypt_msdu = rtllib_michael_mic_add, 759 .decrypt_msdu = rtllib_michael_mic_verify, 760 .set_key = rtllib_tkip_set_key, 761 .get_key = rtllib_tkip_get_key, 762 .print_stats = rtllib_tkip_print_stats, 763 .extra_mpdu_prefix_len = 4 + 4, /* IV + ExtIV */ 764 .extra_mpdu_postfix_len = 4, /* ICV */ 765 .extra_msdu_postfix_len = 8, /* MIC */ 766 .owner = THIS_MODULE, 767 }; 768 769 770 static int __init rtllib_crypto_tkip_init(void) 771 { 772 return lib80211_register_crypto_ops(&rtllib_crypt_tkip); 773 } 774 775 776 static void __exit rtllib_crypto_tkip_exit(void) 777 { 778 lib80211_unregister_crypto_ops(&rtllib_crypt_tkip); 779 } 780 781 module_init(rtllib_crypto_tkip_init); 782 module_exit(rtllib_crypto_tkip_exit); 783 784 MODULE_LICENSE("GPL"); 785