1 /* 2 * lib80211 crypt: host-based TKIP encryption implementation for lib80211 3 * 4 * Copyright (c) 2003-2004, Jouni Malinen <j@w1.fi> 5 * Copyright (c) 2008, John W. Linville <linville@tuxdriver.com> 6 * 7 * This program is free software; you can redistribute it and/or modify 8 * it under the terms of the GNU General Public License version 2 as 9 * published by the Free Software Foundation. See README and COPYING for 10 * more details. 11 */ 12 13 #define pr_fmt(fmt) KBUILD_MODNAME ": " fmt 14 15 #include <linux/err.h> 16 #include <linux/module.h> 17 #include <linux/init.h> 18 #include <linux/slab.h> 19 #include <linux/random.h> 20 #include <linux/scatterlist.h> 21 #include <linux/skbuff.h> 22 #include <linux/netdevice.h> 23 #include <linux/mm.h> 24 #include <linux/if_ether.h> 25 #include <linux/if_arp.h> 26 #include <asm/string.h> 27 28 #include <linux/wireless.h> 29 #include <linux/ieee80211.h> 30 #include <net/iw_handler.h> 31 32 #include <linux/crypto.h> 33 #include <linux/crc32.h> 34 35 #include <net/lib80211.h> 36 37 MODULE_AUTHOR("Jouni Malinen"); 38 MODULE_DESCRIPTION("lib80211 crypt: TKIP"); 39 MODULE_LICENSE("GPL"); 40 41 #define TKIP_HDR_LEN 8 42 43 struct lib80211_tkip_data { 44 #define TKIP_KEY_LEN 32 45 u8 key[TKIP_KEY_LEN]; 46 int key_set; 47 48 u32 tx_iv32; 49 u16 tx_iv16; 50 u16 tx_ttak[5]; 51 int tx_phase1_done; 52 53 u32 rx_iv32; 54 u16 rx_iv16; 55 u16 rx_ttak[5]; 56 int rx_phase1_done; 57 u32 rx_iv32_new; 58 u16 rx_iv16_new; 59 60 u32 dot11RSNAStatsTKIPReplays; 61 u32 dot11RSNAStatsTKIPICVErrors; 62 u32 dot11RSNAStatsTKIPLocalMICFailures; 63 64 int key_idx; 65 66 struct crypto_blkcipher *rx_tfm_arc4; 67 struct crypto_hash *rx_tfm_michael; 68 struct crypto_blkcipher *tx_tfm_arc4; 69 struct crypto_hash *tx_tfm_michael; 70 71 /* scratch buffers for virt_to_page() (crypto API) */ 72 u8 rx_hdr[16], tx_hdr[16]; 73 74 unsigned long flags; 75 }; 76 77 static unsigned long lib80211_tkip_set_flags(unsigned long flags, void *priv) 78 { 79 struct lib80211_tkip_data *_priv = priv; 80 unsigned long old_flags = _priv->flags; 81 _priv->flags = flags; 82 return old_flags; 83 } 84 85 static unsigned long lib80211_tkip_get_flags(void *priv) 86 { 87 struct lib80211_tkip_data *_priv = priv; 88 return _priv->flags; 89 } 90 91 static void *lib80211_tkip_init(int key_idx) 92 { 93 struct lib80211_tkip_data *priv; 94 95 priv = kzalloc(sizeof(*priv), GFP_ATOMIC); 96 if (priv == NULL) 97 goto fail; 98 99 priv->key_idx = key_idx; 100 101 priv->tx_tfm_arc4 = crypto_alloc_blkcipher("ecb(arc4)", 0, 102 CRYPTO_ALG_ASYNC); 103 if (IS_ERR(priv->tx_tfm_arc4)) { 104 priv->tx_tfm_arc4 = NULL; 105 goto fail; 106 } 107 108 priv->tx_tfm_michael = crypto_alloc_hash("michael_mic", 0, 109 CRYPTO_ALG_ASYNC); 110 if (IS_ERR(priv->tx_tfm_michael)) { 111 priv->tx_tfm_michael = NULL; 112 goto fail; 113 } 114 115 priv->rx_tfm_arc4 = crypto_alloc_blkcipher("ecb(arc4)", 0, 116 CRYPTO_ALG_ASYNC); 117 if (IS_ERR(priv->rx_tfm_arc4)) { 118 priv->rx_tfm_arc4 = NULL; 119 goto fail; 120 } 121 122 priv->rx_tfm_michael = crypto_alloc_hash("michael_mic", 0, 123 CRYPTO_ALG_ASYNC); 124 if (IS_ERR(priv->rx_tfm_michael)) { 125 priv->rx_tfm_michael = NULL; 126 goto fail; 127 } 128 129 return priv; 130 131 fail: 132 if (priv) { 133 if (priv->tx_tfm_michael) 134 crypto_free_hash(priv->tx_tfm_michael); 135 if (priv->tx_tfm_arc4) 136 crypto_free_blkcipher(priv->tx_tfm_arc4); 137 if (priv->rx_tfm_michael) 138 crypto_free_hash(priv->rx_tfm_michael); 139 if (priv->rx_tfm_arc4) 140 crypto_free_blkcipher(priv->rx_tfm_arc4); 141 kfree(priv); 142 } 143 144 return NULL; 145 } 146 147 static void lib80211_tkip_deinit(void *priv) 148 { 149 struct lib80211_tkip_data *_priv = priv; 150 if (_priv) { 151 if (_priv->tx_tfm_michael) 152 crypto_free_hash(_priv->tx_tfm_michael); 153 if (_priv->tx_tfm_arc4) 154 crypto_free_blkcipher(_priv->tx_tfm_arc4); 155 if (_priv->rx_tfm_michael) 156 crypto_free_hash(_priv->rx_tfm_michael); 157 if (_priv->rx_tfm_arc4) 158 crypto_free_blkcipher(_priv->rx_tfm_arc4); 159 } 160 kfree(priv); 161 } 162 163 static inline u16 RotR1(u16 val) 164 { 165 return (val >> 1) | (val << 15); 166 } 167 168 static inline u8 Lo8(u16 val) 169 { 170 return val & 0xff; 171 } 172 173 static inline u8 Hi8(u16 val) 174 { 175 return val >> 8; 176 } 177 178 static inline u16 Lo16(u32 val) 179 { 180 return val & 0xffff; 181 } 182 183 static inline u16 Hi16(u32 val) 184 { 185 return val >> 16; 186 } 187 188 static inline u16 Mk16(u8 hi, u8 lo) 189 { 190 return lo | (((u16) hi) << 8); 191 } 192 193 static inline u16 Mk16_le(__le16 * v) 194 { 195 return le16_to_cpu(*v); 196 } 197 198 static const u16 Sbox[256] = { 199 0xC6A5, 0xF884, 0xEE99, 0xF68D, 0xFF0D, 0xD6BD, 0xDEB1, 0x9154, 200 0x6050, 0x0203, 0xCEA9, 0x567D, 0xE719, 0xB562, 0x4DE6, 0xEC9A, 201 0x8F45, 0x1F9D, 0x8940, 0xFA87, 0xEF15, 0xB2EB, 0x8EC9, 0xFB0B, 202 0x41EC, 0xB367, 0x5FFD, 0x45EA, 0x23BF, 0x53F7, 0xE496, 0x9B5B, 203 0x75C2, 0xE11C, 0x3DAE, 0x4C6A, 0x6C5A, 0x7E41, 0xF502, 0x834F, 204 0x685C, 0x51F4, 0xD134, 0xF908, 0xE293, 0xAB73, 0x6253, 0x2A3F, 205 0x080C, 0x9552, 0x4665, 0x9D5E, 0x3028, 0x37A1, 0x0A0F, 0x2FB5, 206 0x0E09, 0x2436, 0x1B9B, 0xDF3D, 0xCD26, 0x4E69, 0x7FCD, 0xEA9F, 207 0x121B, 0x1D9E, 0x5874, 0x342E, 0x362D, 0xDCB2, 0xB4EE, 0x5BFB, 208 0xA4F6, 0x764D, 0xB761, 0x7DCE, 0x527B, 0xDD3E, 0x5E71, 0x1397, 209 0xA6F5, 0xB968, 0x0000, 0xC12C, 0x4060, 0xE31F, 0x79C8, 0xB6ED, 210 0xD4BE, 0x8D46, 0x67D9, 0x724B, 0x94DE, 0x98D4, 0xB0E8, 0x854A, 211 0xBB6B, 0xC52A, 0x4FE5, 0xED16, 0x86C5, 0x9AD7, 0x6655, 0x1194, 212 0x8ACF, 0xE910, 0x0406, 0xFE81, 0xA0F0, 0x7844, 0x25BA, 0x4BE3, 213 0xA2F3, 0x5DFE, 0x80C0, 0x058A, 0x3FAD, 0x21BC, 0x7048, 0xF104, 214 0x63DF, 0x77C1, 0xAF75, 0x4263, 0x2030, 0xE51A, 0xFD0E, 0xBF6D, 215 0x814C, 0x1814, 0x2635, 0xC32F, 0xBEE1, 0x35A2, 0x88CC, 0x2E39, 216 0x9357, 0x55F2, 0xFC82, 0x7A47, 0xC8AC, 0xBAE7, 0x322B, 0xE695, 217 0xC0A0, 0x1998, 0x9ED1, 0xA37F, 0x4466, 0x547E, 0x3BAB, 0x0B83, 218 0x8CCA, 0xC729, 0x6BD3, 0x283C, 0xA779, 0xBCE2, 0x161D, 0xAD76, 219 0xDB3B, 0x6456, 0x744E, 0x141E, 0x92DB, 0x0C0A, 0x486C, 0xB8E4, 220 0x9F5D, 0xBD6E, 0x43EF, 0xC4A6, 0x39A8, 0x31A4, 0xD337, 0xF28B, 221 0xD532, 0x8B43, 0x6E59, 0xDAB7, 0x018C, 0xB164, 0x9CD2, 0x49E0, 222 0xD8B4, 0xACFA, 0xF307, 0xCF25, 0xCAAF, 0xF48E, 0x47E9, 0x1018, 223 0x6FD5, 0xF088, 0x4A6F, 0x5C72, 0x3824, 0x57F1, 0x73C7, 0x9751, 224 0xCB23, 0xA17C, 0xE89C, 0x3E21, 0x96DD, 0x61DC, 0x0D86, 0x0F85, 225 0xE090, 0x7C42, 0x71C4, 0xCCAA, 0x90D8, 0x0605, 0xF701, 0x1C12, 226 0xC2A3, 0x6A5F, 0xAEF9, 0x69D0, 0x1791, 0x9958, 0x3A27, 0x27B9, 227 0xD938, 0xEB13, 0x2BB3, 0x2233, 0xD2BB, 0xA970, 0x0789, 0x33A7, 228 0x2DB6, 0x3C22, 0x1592, 0xC920, 0x8749, 0xAAFF, 0x5078, 0xA57A, 229 0x038F, 0x59F8, 0x0980, 0x1A17, 0x65DA, 0xD731, 0x84C6, 0xD0B8, 230 0x82C3, 0x29B0, 0x5A77, 0x1E11, 0x7BCB, 0xA8FC, 0x6DD6, 0x2C3A, 231 }; 232 233 static inline u16 _S_(u16 v) 234 { 235 u16 t = Sbox[Hi8(v)]; 236 return Sbox[Lo8(v)] ^ ((t << 8) | (t >> 8)); 237 } 238 239 #define PHASE1_LOOP_COUNT 8 240 241 static void tkip_mixing_phase1(u16 * TTAK, const u8 * TK, const u8 * TA, 242 u32 IV32) 243 { 244 int i, j; 245 246 /* Initialize the 80-bit TTAK from TSC (IV32) and TA[0..5] */ 247 TTAK[0] = Lo16(IV32); 248 TTAK[1] = Hi16(IV32); 249 TTAK[2] = Mk16(TA[1], TA[0]); 250 TTAK[3] = Mk16(TA[3], TA[2]); 251 TTAK[4] = Mk16(TA[5], TA[4]); 252 253 for (i = 0; i < PHASE1_LOOP_COUNT; i++) { 254 j = 2 * (i & 1); 255 TTAK[0] += _S_(TTAK[4] ^ Mk16(TK[1 + j], TK[0 + j])); 256 TTAK[1] += _S_(TTAK[0] ^ Mk16(TK[5 + j], TK[4 + j])); 257 TTAK[2] += _S_(TTAK[1] ^ Mk16(TK[9 + j], TK[8 + j])); 258 TTAK[3] += _S_(TTAK[2] ^ Mk16(TK[13 + j], TK[12 + j])); 259 TTAK[4] += _S_(TTAK[3] ^ Mk16(TK[1 + j], TK[0 + j])) + i; 260 } 261 } 262 263 static void tkip_mixing_phase2(u8 * WEPSeed, const u8 * TK, const u16 * TTAK, 264 u16 IV16) 265 { 266 /* Make temporary area overlap WEP seed so that the final copy can be 267 * avoided on little endian hosts. */ 268 u16 *PPK = (u16 *) & WEPSeed[4]; 269 270 /* Step 1 - make copy of TTAK and bring in TSC */ 271 PPK[0] = TTAK[0]; 272 PPK[1] = TTAK[1]; 273 PPK[2] = TTAK[2]; 274 PPK[3] = TTAK[3]; 275 PPK[4] = TTAK[4]; 276 PPK[5] = TTAK[4] + IV16; 277 278 /* Step 2 - 96-bit bijective mixing using S-box */ 279 PPK[0] += _S_(PPK[5] ^ Mk16_le((__le16 *) & TK[0])); 280 PPK[1] += _S_(PPK[0] ^ Mk16_le((__le16 *) & TK[2])); 281 PPK[2] += _S_(PPK[1] ^ Mk16_le((__le16 *) & TK[4])); 282 PPK[3] += _S_(PPK[2] ^ Mk16_le((__le16 *) & TK[6])); 283 PPK[4] += _S_(PPK[3] ^ Mk16_le((__le16 *) & TK[8])); 284 PPK[5] += _S_(PPK[4] ^ Mk16_le((__le16 *) & TK[10])); 285 286 PPK[0] += RotR1(PPK[5] ^ Mk16_le((__le16 *) & TK[12])); 287 PPK[1] += RotR1(PPK[0] ^ Mk16_le((__le16 *) & TK[14])); 288 PPK[2] += RotR1(PPK[1]); 289 PPK[3] += RotR1(PPK[2]); 290 PPK[4] += RotR1(PPK[3]); 291 PPK[5] += RotR1(PPK[4]); 292 293 /* Step 3 - bring in last of TK bits, assign 24-bit WEP IV value 294 * WEPSeed[0..2] is transmitted as WEP IV */ 295 WEPSeed[0] = Hi8(IV16); 296 WEPSeed[1] = (Hi8(IV16) | 0x20) & 0x7F; 297 WEPSeed[2] = Lo8(IV16); 298 WEPSeed[3] = Lo8((PPK[5] ^ Mk16_le((__le16 *) & TK[0])) >> 1); 299 300 #ifdef __BIG_ENDIAN 301 { 302 int i; 303 for (i = 0; i < 6; i++) 304 PPK[i] = (PPK[i] << 8) | (PPK[i] >> 8); 305 } 306 #endif 307 } 308 309 static int lib80211_tkip_hdr(struct sk_buff *skb, int hdr_len, 310 u8 * rc4key, int keylen, void *priv) 311 { 312 struct lib80211_tkip_data *tkey = priv; 313 u8 *pos; 314 struct ieee80211_hdr *hdr; 315 316 hdr = (struct ieee80211_hdr *)skb->data; 317 318 if (skb_headroom(skb) < TKIP_HDR_LEN || skb->len < hdr_len) 319 return -1; 320 321 if (rc4key == NULL || keylen < 16) 322 return -1; 323 324 if (!tkey->tx_phase1_done) { 325 tkip_mixing_phase1(tkey->tx_ttak, tkey->key, hdr->addr2, 326 tkey->tx_iv32); 327 tkey->tx_phase1_done = 1; 328 } 329 tkip_mixing_phase2(rc4key, tkey->key, tkey->tx_ttak, tkey->tx_iv16); 330 331 pos = skb_push(skb, TKIP_HDR_LEN); 332 memmove(pos, pos + TKIP_HDR_LEN, hdr_len); 333 pos += hdr_len; 334 335 *pos++ = *rc4key; 336 *pos++ = *(rc4key + 1); 337 *pos++ = *(rc4key + 2); 338 *pos++ = (tkey->key_idx << 6) | (1 << 5) /* Ext IV included */ ; 339 *pos++ = tkey->tx_iv32 & 0xff; 340 *pos++ = (tkey->tx_iv32 >> 8) & 0xff; 341 *pos++ = (tkey->tx_iv32 >> 16) & 0xff; 342 *pos++ = (tkey->tx_iv32 >> 24) & 0xff; 343 344 tkey->tx_iv16++; 345 if (tkey->tx_iv16 == 0) { 346 tkey->tx_phase1_done = 0; 347 tkey->tx_iv32++; 348 } 349 350 return TKIP_HDR_LEN; 351 } 352 353 static int lib80211_tkip_encrypt(struct sk_buff *skb, int hdr_len, void *priv) 354 { 355 struct lib80211_tkip_data *tkey = priv; 356 struct blkcipher_desc desc = { .tfm = tkey->tx_tfm_arc4 }; 357 int len; 358 u8 rc4key[16], *pos, *icv; 359 u32 crc; 360 struct scatterlist sg; 361 362 if (tkey->flags & IEEE80211_CRYPTO_TKIP_COUNTERMEASURES) { 363 struct ieee80211_hdr *hdr = (struct ieee80211_hdr *)skb->data; 364 net_dbg_ratelimited("TKIP countermeasures: dropped TX packet to %pM\n", 365 hdr->addr1); 366 return -1; 367 } 368 369 if (skb_tailroom(skb) < 4 || skb->len < hdr_len) 370 return -1; 371 372 len = skb->len - hdr_len; 373 pos = skb->data + hdr_len; 374 375 if ((lib80211_tkip_hdr(skb, hdr_len, rc4key, 16, priv)) < 0) 376 return -1; 377 378 crc = ~crc32_le(~0, pos, len); 379 icv = skb_put(skb, 4); 380 icv[0] = crc; 381 icv[1] = crc >> 8; 382 icv[2] = crc >> 16; 383 icv[3] = crc >> 24; 384 385 crypto_blkcipher_setkey(tkey->tx_tfm_arc4, rc4key, 16); 386 sg_init_one(&sg, pos, len + 4); 387 return crypto_blkcipher_encrypt(&desc, &sg, &sg, len + 4); 388 } 389 390 /* 391 * deal with seq counter wrapping correctly. 392 * refer to timer_after() for jiffies wrapping handling 393 */ 394 static inline int tkip_replay_check(u32 iv32_n, u16 iv16_n, 395 u32 iv32_o, u16 iv16_o) 396 { 397 if ((s32)iv32_n - (s32)iv32_o < 0 || 398 (iv32_n == iv32_o && iv16_n <= iv16_o)) 399 return 1; 400 return 0; 401 } 402 403 static int lib80211_tkip_decrypt(struct sk_buff *skb, int hdr_len, void *priv) 404 { 405 struct lib80211_tkip_data *tkey = priv; 406 struct blkcipher_desc desc = { .tfm = tkey->rx_tfm_arc4 }; 407 u8 rc4key[16]; 408 u8 keyidx, *pos; 409 u32 iv32; 410 u16 iv16; 411 struct ieee80211_hdr *hdr; 412 u8 icv[4]; 413 u32 crc; 414 struct scatterlist sg; 415 int plen; 416 417 hdr = (struct ieee80211_hdr *)skb->data; 418 419 if (tkey->flags & IEEE80211_CRYPTO_TKIP_COUNTERMEASURES) { 420 net_dbg_ratelimited("TKIP countermeasures: dropped received packet from %pM\n", 421 hdr->addr2); 422 return -1; 423 } 424 425 if (skb->len < hdr_len + TKIP_HDR_LEN + 4) 426 return -1; 427 428 pos = skb->data + hdr_len; 429 keyidx = pos[3]; 430 if (!(keyidx & (1 << 5))) { 431 net_dbg_ratelimited("TKIP: received packet without ExtIV flag from %pM\n", 432 hdr->addr2); 433 return -2; 434 } 435 keyidx >>= 6; 436 if (tkey->key_idx != keyidx) { 437 printk(KERN_DEBUG "TKIP: RX tkey->key_idx=%d frame " 438 "keyidx=%d priv=%p\n", tkey->key_idx, keyidx, priv); 439 return -6; 440 } 441 if (!tkey->key_set) { 442 net_dbg_ratelimited("TKIP: received packet from %pM with keyid=%d that does not have a configured key\n", 443 hdr->addr2, keyidx); 444 return -3; 445 } 446 iv16 = (pos[0] << 8) | pos[2]; 447 iv32 = pos[4] | (pos[5] << 8) | (pos[6] << 16) | (pos[7] << 24); 448 pos += TKIP_HDR_LEN; 449 450 if (tkip_replay_check(iv32, iv16, tkey->rx_iv32, tkey->rx_iv16)) { 451 #ifdef CONFIG_LIB80211_DEBUG 452 net_dbg_ratelimited("TKIP: replay detected: STA=%pM previous TSC %08x%04x received TSC %08x%04x\n", 453 hdr->addr2, tkey->rx_iv32, tkey->rx_iv16, 454 iv32, iv16); 455 #endif 456 tkey->dot11RSNAStatsTKIPReplays++; 457 return -4; 458 } 459 460 if (iv32 != tkey->rx_iv32 || !tkey->rx_phase1_done) { 461 tkip_mixing_phase1(tkey->rx_ttak, tkey->key, hdr->addr2, iv32); 462 tkey->rx_phase1_done = 1; 463 } 464 tkip_mixing_phase2(rc4key, tkey->key, tkey->rx_ttak, iv16); 465 466 plen = skb->len - hdr_len - 12; 467 468 crypto_blkcipher_setkey(tkey->rx_tfm_arc4, rc4key, 16); 469 sg_init_one(&sg, pos, plen + 4); 470 if (crypto_blkcipher_decrypt(&desc, &sg, &sg, plen + 4)) { 471 net_dbg_ratelimited("TKIP: failed to decrypt received packet from %pM\n", 472 hdr->addr2); 473 return -7; 474 } 475 476 crc = ~crc32_le(~0, pos, plen); 477 icv[0] = crc; 478 icv[1] = crc >> 8; 479 icv[2] = crc >> 16; 480 icv[3] = crc >> 24; 481 if (memcmp(icv, pos + plen, 4) != 0) { 482 if (iv32 != tkey->rx_iv32) { 483 /* Previously cached Phase1 result was already lost, so 484 * it needs to be recalculated for the next packet. */ 485 tkey->rx_phase1_done = 0; 486 } 487 #ifdef CONFIG_LIB80211_DEBUG 488 net_dbg_ratelimited("TKIP: ICV error detected: STA=%pM\n", 489 hdr->addr2); 490 #endif 491 tkey->dot11RSNAStatsTKIPICVErrors++; 492 return -5; 493 } 494 495 /* Update real counters only after Michael MIC verification has 496 * completed */ 497 tkey->rx_iv32_new = iv32; 498 tkey->rx_iv16_new = iv16; 499 500 /* Remove IV and ICV */ 501 memmove(skb->data + TKIP_HDR_LEN, skb->data, hdr_len); 502 skb_pull(skb, TKIP_HDR_LEN); 503 skb_trim(skb, skb->len - 4); 504 505 return keyidx; 506 } 507 508 static int michael_mic(struct crypto_hash *tfm_michael, u8 * key, u8 * hdr, 509 u8 * data, size_t data_len, u8 * mic) 510 { 511 struct hash_desc desc; 512 struct scatterlist sg[2]; 513 514 if (tfm_michael == NULL) { 515 pr_warn("%s(): tfm_michael == NULL\n", __func__); 516 return -1; 517 } 518 sg_init_table(sg, 2); 519 sg_set_buf(&sg[0], hdr, 16); 520 sg_set_buf(&sg[1], data, data_len); 521 522 if (crypto_hash_setkey(tfm_michael, key, 8)) 523 return -1; 524 525 desc.tfm = tfm_michael; 526 desc.flags = 0; 527 return crypto_hash_digest(&desc, sg, data_len + 16, mic); 528 } 529 530 static void michael_mic_hdr(struct sk_buff *skb, u8 * hdr) 531 { 532 struct ieee80211_hdr *hdr11; 533 534 hdr11 = (struct ieee80211_hdr *)skb->data; 535 536 switch (le16_to_cpu(hdr11->frame_control) & 537 (IEEE80211_FCTL_FROMDS | IEEE80211_FCTL_TODS)) { 538 case IEEE80211_FCTL_TODS: 539 memcpy(hdr, hdr11->addr3, ETH_ALEN); /* DA */ 540 memcpy(hdr + ETH_ALEN, hdr11->addr2, ETH_ALEN); /* SA */ 541 break; 542 case IEEE80211_FCTL_FROMDS: 543 memcpy(hdr, hdr11->addr1, ETH_ALEN); /* DA */ 544 memcpy(hdr + ETH_ALEN, hdr11->addr3, ETH_ALEN); /* SA */ 545 break; 546 case IEEE80211_FCTL_FROMDS | IEEE80211_FCTL_TODS: 547 memcpy(hdr, hdr11->addr3, ETH_ALEN); /* DA */ 548 memcpy(hdr + ETH_ALEN, hdr11->addr4, ETH_ALEN); /* SA */ 549 break; 550 case 0: 551 memcpy(hdr, hdr11->addr1, ETH_ALEN); /* DA */ 552 memcpy(hdr + ETH_ALEN, hdr11->addr2, ETH_ALEN); /* SA */ 553 break; 554 } 555 556 if (ieee80211_is_data_qos(hdr11->frame_control)) { 557 hdr[12] = le16_to_cpu(*((__le16 *)ieee80211_get_qos_ctl(hdr11))) 558 & IEEE80211_QOS_CTL_TID_MASK; 559 } else 560 hdr[12] = 0; /* priority */ 561 562 hdr[13] = hdr[14] = hdr[15] = 0; /* reserved */ 563 } 564 565 static int lib80211_michael_mic_add(struct sk_buff *skb, int hdr_len, 566 void *priv) 567 { 568 struct lib80211_tkip_data *tkey = priv; 569 u8 *pos; 570 571 if (skb_tailroom(skb) < 8 || skb->len < hdr_len) { 572 printk(KERN_DEBUG "Invalid packet for Michael MIC add " 573 "(tailroom=%d hdr_len=%d skb->len=%d)\n", 574 skb_tailroom(skb), hdr_len, skb->len); 575 return -1; 576 } 577 578 michael_mic_hdr(skb, tkey->tx_hdr); 579 pos = skb_put(skb, 8); 580 if (michael_mic(tkey->tx_tfm_michael, &tkey->key[16], tkey->tx_hdr, 581 skb->data + hdr_len, skb->len - 8 - hdr_len, pos)) 582 return -1; 583 584 return 0; 585 } 586 587 static void lib80211_michael_mic_failure(struct net_device *dev, 588 struct ieee80211_hdr *hdr, 589 int keyidx) 590 { 591 union iwreq_data wrqu; 592 struct iw_michaelmicfailure ev; 593 594 /* TODO: needed parameters: count, keyid, key type, TSC */ 595 memset(&ev, 0, sizeof(ev)); 596 ev.flags = keyidx & IW_MICFAILURE_KEY_ID; 597 if (hdr->addr1[0] & 0x01) 598 ev.flags |= IW_MICFAILURE_GROUP; 599 else 600 ev.flags |= IW_MICFAILURE_PAIRWISE; 601 ev.src_addr.sa_family = ARPHRD_ETHER; 602 memcpy(ev.src_addr.sa_data, hdr->addr2, ETH_ALEN); 603 memset(&wrqu, 0, sizeof(wrqu)); 604 wrqu.data.length = sizeof(ev); 605 wireless_send_event(dev, IWEVMICHAELMICFAILURE, &wrqu, (char *)&ev); 606 } 607 608 static int lib80211_michael_mic_verify(struct sk_buff *skb, int keyidx, 609 int hdr_len, void *priv) 610 { 611 struct lib80211_tkip_data *tkey = priv; 612 u8 mic[8]; 613 614 if (!tkey->key_set) 615 return -1; 616 617 michael_mic_hdr(skb, tkey->rx_hdr); 618 if (michael_mic(tkey->rx_tfm_michael, &tkey->key[24], tkey->rx_hdr, 619 skb->data + hdr_len, skb->len - 8 - hdr_len, mic)) 620 return -1; 621 if (memcmp(mic, skb->data + skb->len - 8, 8) != 0) { 622 struct ieee80211_hdr *hdr; 623 hdr = (struct ieee80211_hdr *)skb->data; 624 printk(KERN_DEBUG "%s: Michael MIC verification failed for " 625 "MSDU from %pM keyidx=%d\n", 626 skb->dev ? skb->dev->name : "N/A", hdr->addr2, 627 keyidx); 628 if (skb->dev) 629 lib80211_michael_mic_failure(skb->dev, hdr, keyidx); 630 tkey->dot11RSNAStatsTKIPLocalMICFailures++; 631 return -1; 632 } 633 634 /* Update TSC counters for RX now that the packet verification has 635 * completed. */ 636 tkey->rx_iv32 = tkey->rx_iv32_new; 637 tkey->rx_iv16 = tkey->rx_iv16_new; 638 639 skb_trim(skb, skb->len - 8); 640 641 return 0; 642 } 643 644 static int lib80211_tkip_set_key(void *key, int len, u8 * seq, void *priv) 645 { 646 struct lib80211_tkip_data *tkey = priv; 647 int keyidx; 648 struct crypto_hash *tfm = tkey->tx_tfm_michael; 649 struct crypto_blkcipher *tfm2 = tkey->tx_tfm_arc4; 650 struct crypto_hash *tfm3 = tkey->rx_tfm_michael; 651 struct crypto_blkcipher *tfm4 = tkey->rx_tfm_arc4; 652 653 keyidx = tkey->key_idx; 654 memset(tkey, 0, sizeof(*tkey)); 655 tkey->key_idx = keyidx; 656 tkey->tx_tfm_michael = tfm; 657 tkey->tx_tfm_arc4 = tfm2; 658 tkey->rx_tfm_michael = tfm3; 659 tkey->rx_tfm_arc4 = tfm4; 660 if (len == TKIP_KEY_LEN) { 661 memcpy(tkey->key, key, TKIP_KEY_LEN); 662 tkey->key_set = 1; 663 tkey->tx_iv16 = 1; /* TSC is initialized to 1 */ 664 if (seq) { 665 tkey->rx_iv32 = (seq[5] << 24) | (seq[4] << 16) | 666 (seq[3] << 8) | seq[2]; 667 tkey->rx_iv16 = (seq[1] << 8) | seq[0]; 668 } 669 } else if (len == 0) 670 tkey->key_set = 0; 671 else 672 return -1; 673 674 return 0; 675 } 676 677 static int lib80211_tkip_get_key(void *key, int len, u8 * seq, void *priv) 678 { 679 struct lib80211_tkip_data *tkey = priv; 680 681 if (len < TKIP_KEY_LEN) 682 return -1; 683 684 if (!tkey->key_set) 685 return 0; 686 memcpy(key, tkey->key, TKIP_KEY_LEN); 687 688 if (seq) { 689 /* Return the sequence number of the last transmitted frame. */ 690 u16 iv16 = tkey->tx_iv16; 691 u32 iv32 = tkey->tx_iv32; 692 if (iv16 == 0) 693 iv32--; 694 iv16--; 695 seq[0] = tkey->tx_iv16; 696 seq[1] = tkey->tx_iv16 >> 8; 697 seq[2] = tkey->tx_iv32; 698 seq[3] = tkey->tx_iv32 >> 8; 699 seq[4] = tkey->tx_iv32 >> 16; 700 seq[5] = tkey->tx_iv32 >> 24; 701 } 702 703 return TKIP_KEY_LEN; 704 } 705 706 static void lib80211_tkip_print_stats(struct seq_file *m, void *priv) 707 { 708 struct lib80211_tkip_data *tkip = priv; 709 seq_printf(m, 710 "key[%d] alg=TKIP key_set=%d " 711 "tx_pn=%02x%02x%02x%02x%02x%02x " 712 "rx_pn=%02x%02x%02x%02x%02x%02x " 713 "replays=%d icv_errors=%d local_mic_failures=%d\n", 714 tkip->key_idx, tkip->key_set, 715 (tkip->tx_iv32 >> 24) & 0xff, 716 (tkip->tx_iv32 >> 16) & 0xff, 717 (tkip->tx_iv32 >> 8) & 0xff, 718 tkip->tx_iv32 & 0xff, 719 (tkip->tx_iv16 >> 8) & 0xff, 720 tkip->tx_iv16 & 0xff, 721 (tkip->rx_iv32 >> 24) & 0xff, 722 (tkip->rx_iv32 >> 16) & 0xff, 723 (tkip->rx_iv32 >> 8) & 0xff, 724 tkip->rx_iv32 & 0xff, 725 (tkip->rx_iv16 >> 8) & 0xff, 726 tkip->rx_iv16 & 0xff, 727 tkip->dot11RSNAStatsTKIPReplays, 728 tkip->dot11RSNAStatsTKIPICVErrors, 729 tkip->dot11RSNAStatsTKIPLocalMICFailures); 730 } 731 732 static struct lib80211_crypto_ops lib80211_crypt_tkip = { 733 .name = "TKIP", 734 .init = lib80211_tkip_init, 735 .deinit = lib80211_tkip_deinit, 736 .encrypt_mpdu = lib80211_tkip_encrypt, 737 .decrypt_mpdu = lib80211_tkip_decrypt, 738 .encrypt_msdu = lib80211_michael_mic_add, 739 .decrypt_msdu = lib80211_michael_mic_verify, 740 .set_key = lib80211_tkip_set_key, 741 .get_key = lib80211_tkip_get_key, 742 .print_stats = lib80211_tkip_print_stats, 743 .extra_mpdu_prefix_len = 4 + 4, /* IV + ExtIV */ 744 .extra_mpdu_postfix_len = 4, /* ICV */ 745 .extra_msdu_postfix_len = 8, /* MIC */ 746 .get_flags = lib80211_tkip_get_flags, 747 .set_flags = lib80211_tkip_set_flags, 748 .owner = THIS_MODULE, 749 }; 750 751 static int __init lib80211_crypto_tkip_init(void) 752 { 753 return lib80211_register_crypto_ops(&lib80211_crypt_tkip); 754 } 755 756 static void __exit lib80211_crypto_tkip_exit(void) 757 { 758 lib80211_unregister_crypto_ops(&lib80211_crypt_tkip); 759 } 760 761 module_init(lib80211_crypto_tkip_init); 762 module_exit(lib80211_crypto_tkip_exit); 763