1 // SPDX-License-Identifier: GPL-2.0-only 2 /* 3 * lib80211 crypt: host-based TKIP encryption implementation for lib80211 4 * 5 * Copyright (c) 2003-2004, Jouni Malinen <j@w1.fi> 6 * Copyright (c) 2008, John W. Linville <linville@tuxdriver.com> 7 */ 8 9 #define pr_fmt(fmt) KBUILD_MODNAME ": " fmt 10 11 #include <linux/err.h> 12 #include <linux/module.h> 13 #include <linux/init.h> 14 #include <linux/slab.h> 15 #include <linux/random.h> 16 #include <linux/scatterlist.h> 17 #include <linux/skbuff.h> 18 #include <linux/netdevice.h> 19 #include <linux/mm.h> 20 #include <linux/if_ether.h> 21 #include <linux/if_arp.h> 22 #include <asm/string.h> 23 24 #include <linux/wireless.h> 25 #include <linux/ieee80211.h> 26 #include <net/iw_handler.h> 27 28 #include <crypto/hash.h> 29 #include <linux/crypto.h> 30 #include <linux/crc32.h> 31 32 #include <net/lib80211.h> 33 34 MODULE_AUTHOR("Jouni Malinen"); 35 MODULE_DESCRIPTION("lib80211 crypt: TKIP"); 36 MODULE_LICENSE("GPL"); 37 38 #define TKIP_HDR_LEN 8 39 40 struct lib80211_tkip_data { 41 #define TKIP_KEY_LEN 32 42 u8 key[TKIP_KEY_LEN]; 43 int key_set; 44 45 u32 tx_iv32; 46 u16 tx_iv16; 47 u16 tx_ttak[5]; 48 int tx_phase1_done; 49 50 u32 rx_iv32; 51 u16 rx_iv16; 52 u16 rx_ttak[5]; 53 int rx_phase1_done; 54 u32 rx_iv32_new; 55 u16 rx_iv16_new; 56 57 u32 dot11RSNAStatsTKIPReplays; 58 u32 dot11RSNAStatsTKIPICVErrors; 59 u32 dot11RSNAStatsTKIPLocalMICFailures; 60 61 int key_idx; 62 63 struct crypto_cipher *rx_tfm_arc4; 64 struct crypto_shash *rx_tfm_michael; 65 struct crypto_cipher *tx_tfm_arc4; 66 struct crypto_shash *tx_tfm_michael; 67 68 /* scratch buffers for virt_to_page() (crypto API) */ 69 u8 rx_hdr[16], tx_hdr[16]; 70 71 unsigned long flags; 72 }; 73 74 static unsigned long lib80211_tkip_set_flags(unsigned long flags, void *priv) 75 { 76 struct lib80211_tkip_data *_priv = priv; 77 unsigned long old_flags = _priv->flags; 78 _priv->flags = flags; 79 return old_flags; 80 } 81 82 static unsigned long lib80211_tkip_get_flags(void *priv) 83 { 84 struct lib80211_tkip_data *_priv = priv; 85 return _priv->flags; 86 } 87 88 static void *lib80211_tkip_init(int key_idx) 89 { 90 struct lib80211_tkip_data *priv; 91 92 priv = kzalloc(sizeof(*priv), GFP_ATOMIC); 93 if (priv == NULL) 94 goto fail; 95 96 priv->key_idx = key_idx; 97 98 priv->tx_tfm_arc4 = crypto_alloc_cipher("arc4", 0, 0); 99 if (IS_ERR(priv->tx_tfm_arc4)) { 100 priv->tx_tfm_arc4 = NULL; 101 goto fail; 102 } 103 104 priv->tx_tfm_michael = crypto_alloc_shash("michael_mic", 0, 0); 105 if (IS_ERR(priv->tx_tfm_michael)) { 106 priv->tx_tfm_michael = NULL; 107 goto fail; 108 } 109 110 priv->rx_tfm_arc4 = crypto_alloc_cipher("arc4", 0, 0); 111 if (IS_ERR(priv->rx_tfm_arc4)) { 112 priv->rx_tfm_arc4 = NULL; 113 goto fail; 114 } 115 116 priv->rx_tfm_michael = crypto_alloc_shash("michael_mic", 0, 0); 117 if (IS_ERR(priv->rx_tfm_michael)) { 118 priv->rx_tfm_michael = NULL; 119 goto fail; 120 } 121 122 return priv; 123 124 fail: 125 if (priv) { 126 crypto_free_shash(priv->tx_tfm_michael); 127 crypto_free_cipher(priv->tx_tfm_arc4); 128 crypto_free_shash(priv->rx_tfm_michael); 129 crypto_free_cipher(priv->rx_tfm_arc4); 130 kfree(priv); 131 } 132 133 return NULL; 134 } 135 136 static void lib80211_tkip_deinit(void *priv) 137 { 138 struct lib80211_tkip_data *_priv = priv; 139 if (_priv) { 140 crypto_free_shash(_priv->tx_tfm_michael); 141 crypto_free_cipher(_priv->tx_tfm_arc4); 142 crypto_free_shash(_priv->rx_tfm_michael); 143 crypto_free_cipher(_priv->rx_tfm_arc4); 144 } 145 kfree(priv); 146 } 147 148 static inline u16 RotR1(u16 val) 149 { 150 return (val >> 1) | (val << 15); 151 } 152 153 static inline u8 Lo8(u16 val) 154 { 155 return val & 0xff; 156 } 157 158 static inline u8 Hi8(u16 val) 159 { 160 return val >> 8; 161 } 162 163 static inline u16 Lo16(u32 val) 164 { 165 return val & 0xffff; 166 } 167 168 static inline u16 Hi16(u32 val) 169 { 170 return val >> 16; 171 } 172 173 static inline u16 Mk16(u8 hi, u8 lo) 174 { 175 return lo | (((u16) hi) << 8); 176 } 177 178 static inline u16 Mk16_le(__le16 * v) 179 { 180 return le16_to_cpu(*v); 181 } 182 183 static const u16 Sbox[256] = { 184 0xC6A5, 0xF884, 0xEE99, 0xF68D, 0xFF0D, 0xD6BD, 0xDEB1, 0x9154, 185 0x6050, 0x0203, 0xCEA9, 0x567D, 0xE719, 0xB562, 0x4DE6, 0xEC9A, 186 0x8F45, 0x1F9D, 0x8940, 0xFA87, 0xEF15, 0xB2EB, 0x8EC9, 0xFB0B, 187 0x41EC, 0xB367, 0x5FFD, 0x45EA, 0x23BF, 0x53F7, 0xE496, 0x9B5B, 188 0x75C2, 0xE11C, 0x3DAE, 0x4C6A, 0x6C5A, 0x7E41, 0xF502, 0x834F, 189 0x685C, 0x51F4, 0xD134, 0xF908, 0xE293, 0xAB73, 0x6253, 0x2A3F, 190 0x080C, 0x9552, 0x4665, 0x9D5E, 0x3028, 0x37A1, 0x0A0F, 0x2FB5, 191 0x0E09, 0x2436, 0x1B9B, 0xDF3D, 0xCD26, 0x4E69, 0x7FCD, 0xEA9F, 192 0x121B, 0x1D9E, 0x5874, 0x342E, 0x362D, 0xDCB2, 0xB4EE, 0x5BFB, 193 0xA4F6, 0x764D, 0xB761, 0x7DCE, 0x527B, 0xDD3E, 0x5E71, 0x1397, 194 0xA6F5, 0xB968, 0x0000, 0xC12C, 0x4060, 0xE31F, 0x79C8, 0xB6ED, 195 0xD4BE, 0x8D46, 0x67D9, 0x724B, 0x94DE, 0x98D4, 0xB0E8, 0x854A, 196 0xBB6B, 0xC52A, 0x4FE5, 0xED16, 0x86C5, 0x9AD7, 0x6655, 0x1194, 197 0x8ACF, 0xE910, 0x0406, 0xFE81, 0xA0F0, 0x7844, 0x25BA, 0x4BE3, 198 0xA2F3, 0x5DFE, 0x80C0, 0x058A, 0x3FAD, 0x21BC, 0x7048, 0xF104, 199 0x63DF, 0x77C1, 0xAF75, 0x4263, 0x2030, 0xE51A, 0xFD0E, 0xBF6D, 200 0x814C, 0x1814, 0x2635, 0xC32F, 0xBEE1, 0x35A2, 0x88CC, 0x2E39, 201 0x9357, 0x55F2, 0xFC82, 0x7A47, 0xC8AC, 0xBAE7, 0x322B, 0xE695, 202 0xC0A0, 0x1998, 0x9ED1, 0xA37F, 0x4466, 0x547E, 0x3BAB, 0x0B83, 203 0x8CCA, 0xC729, 0x6BD3, 0x283C, 0xA779, 0xBCE2, 0x161D, 0xAD76, 204 0xDB3B, 0x6456, 0x744E, 0x141E, 0x92DB, 0x0C0A, 0x486C, 0xB8E4, 205 0x9F5D, 0xBD6E, 0x43EF, 0xC4A6, 0x39A8, 0x31A4, 0xD337, 0xF28B, 206 0xD532, 0x8B43, 0x6E59, 0xDAB7, 0x018C, 0xB164, 0x9CD2, 0x49E0, 207 0xD8B4, 0xACFA, 0xF307, 0xCF25, 0xCAAF, 0xF48E, 0x47E9, 0x1018, 208 0x6FD5, 0xF088, 0x4A6F, 0x5C72, 0x3824, 0x57F1, 0x73C7, 0x9751, 209 0xCB23, 0xA17C, 0xE89C, 0x3E21, 0x96DD, 0x61DC, 0x0D86, 0x0F85, 210 0xE090, 0x7C42, 0x71C4, 0xCCAA, 0x90D8, 0x0605, 0xF701, 0x1C12, 211 0xC2A3, 0x6A5F, 0xAEF9, 0x69D0, 0x1791, 0x9958, 0x3A27, 0x27B9, 212 0xD938, 0xEB13, 0x2BB3, 0x2233, 0xD2BB, 0xA970, 0x0789, 0x33A7, 213 0x2DB6, 0x3C22, 0x1592, 0xC920, 0x8749, 0xAAFF, 0x5078, 0xA57A, 214 0x038F, 0x59F8, 0x0980, 0x1A17, 0x65DA, 0xD731, 0x84C6, 0xD0B8, 215 0x82C3, 0x29B0, 0x5A77, 0x1E11, 0x7BCB, 0xA8FC, 0x6DD6, 0x2C3A, 216 }; 217 218 static inline u16 _S_(u16 v) 219 { 220 u16 t = Sbox[Hi8(v)]; 221 return Sbox[Lo8(v)] ^ ((t << 8) | (t >> 8)); 222 } 223 224 #define PHASE1_LOOP_COUNT 8 225 226 static void tkip_mixing_phase1(u16 * TTAK, const u8 * TK, const u8 * TA, 227 u32 IV32) 228 { 229 int i, j; 230 231 /* Initialize the 80-bit TTAK from TSC (IV32) and TA[0..5] */ 232 TTAK[0] = Lo16(IV32); 233 TTAK[1] = Hi16(IV32); 234 TTAK[2] = Mk16(TA[1], TA[0]); 235 TTAK[3] = Mk16(TA[3], TA[2]); 236 TTAK[4] = Mk16(TA[5], TA[4]); 237 238 for (i = 0; i < PHASE1_LOOP_COUNT; i++) { 239 j = 2 * (i & 1); 240 TTAK[0] += _S_(TTAK[4] ^ Mk16(TK[1 + j], TK[0 + j])); 241 TTAK[1] += _S_(TTAK[0] ^ Mk16(TK[5 + j], TK[4 + j])); 242 TTAK[2] += _S_(TTAK[1] ^ Mk16(TK[9 + j], TK[8 + j])); 243 TTAK[3] += _S_(TTAK[2] ^ Mk16(TK[13 + j], TK[12 + j])); 244 TTAK[4] += _S_(TTAK[3] ^ Mk16(TK[1 + j], TK[0 + j])) + i; 245 } 246 } 247 248 static void tkip_mixing_phase2(u8 * WEPSeed, const u8 * TK, const u16 * TTAK, 249 u16 IV16) 250 { 251 /* Make temporary area overlap WEP seed so that the final copy can be 252 * avoided on little endian hosts. */ 253 u16 *PPK = (u16 *) & WEPSeed[4]; 254 255 /* Step 1 - make copy of TTAK and bring in TSC */ 256 PPK[0] = TTAK[0]; 257 PPK[1] = TTAK[1]; 258 PPK[2] = TTAK[2]; 259 PPK[3] = TTAK[3]; 260 PPK[4] = TTAK[4]; 261 PPK[5] = TTAK[4] + IV16; 262 263 /* Step 2 - 96-bit bijective mixing using S-box */ 264 PPK[0] += _S_(PPK[5] ^ Mk16_le((__le16 *) & TK[0])); 265 PPK[1] += _S_(PPK[0] ^ Mk16_le((__le16 *) & TK[2])); 266 PPK[2] += _S_(PPK[1] ^ Mk16_le((__le16 *) & TK[4])); 267 PPK[3] += _S_(PPK[2] ^ Mk16_le((__le16 *) & TK[6])); 268 PPK[4] += _S_(PPK[3] ^ Mk16_le((__le16 *) & TK[8])); 269 PPK[5] += _S_(PPK[4] ^ Mk16_le((__le16 *) & TK[10])); 270 271 PPK[0] += RotR1(PPK[5] ^ Mk16_le((__le16 *) & TK[12])); 272 PPK[1] += RotR1(PPK[0] ^ Mk16_le((__le16 *) & TK[14])); 273 PPK[2] += RotR1(PPK[1]); 274 PPK[3] += RotR1(PPK[2]); 275 PPK[4] += RotR1(PPK[3]); 276 PPK[5] += RotR1(PPK[4]); 277 278 /* Step 3 - bring in last of TK bits, assign 24-bit WEP IV value 279 * WEPSeed[0..2] is transmitted as WEP IV */ 280 WEPSeed[0] = Hi8(IV16); 281 WEPSeed[1] = (Hi8(IV16) | 0x20) & 0x7F; 282 WEPSeed[2] = Lo8(IV16); 283 WEPSeed[3] = Lo8((PPK[5] ^ Mk16_le((__le16 *) & TK[0])) >> 1); 284 285 #ifdef __BIG_ENDIAN 286 { 287 int i; 288 for (i = 0; i < 6; i++) 289 PPK[i] = (PPK[i] << 8) | (PPK[i] >> 8); 290 } 291 #endif 292 } 293 294 static int lib80211_tkip_hdr(struct sk_buff *skb, int hdr_len, 295 u8 * rc4key, int keylen, void *priv) 296 { 297 struct lib80211_tkip_data *tkey = priv; 298 u8 *pos; 299 struct ieee80211_hdr *hdr; 300 301 hdr = (struct ieee80211_hdr *)skb->data; 302 303 if (skb_headroom(skb) < TKIP_HDR_LEN || skb->len < hdr_len) 304 return -1; 305 306 if (rc4key == NULL || keylen < 16) 307 return -1; 308 309 if (!tkey->tx_phase1_done) { 310 tkip_mixing_phase1(tkey->tx_ttak, tkey->key, hdr->addr2, 311 tkey->tx_iv32); 312 tkey->tx_phase1_done = 1; 313 } 314 tkip_mixing_phase2(rc4key, tkey->key, tkey->tx_ttak, tkey->tx_iv16); 315 316 pos = skb_push(skb, TKIP_HDR_LEN); 317 memmove(pos, pos + TKIP_HDR_LEN, hdr_len); 318 pos += hdr_len; 319 320 *pos++ = *rc4key; 321 *pos++ = *(rc4key + 1); 322 *pos++ = *(rc4key + 2); 323 *pos++ = (tkey->key_idx << 6) | (1 << 5) /* Ext IV included */ ; 324 *pos++ = tkey->tx_iv32 & 0xff; 325 *pos++ = (tkey->tx_iv32 >> 8) & 0xff; 326 *pos++ = (tkey->tx_iv32 >> 16) & 0xff; 327 *pos++ = (tkey->tx_iv32 >> 24) & 0xff; 328 329 tkey->tx_iv16++; 330 if (tkey->tx_iv16 == 0) { 331 tkey->tx_phase1_done = 0; 332 tkey->tx_iv32++; 333 } 334 335 return TKIP_HDR_LEN; 336 } 337 338 static int lib80211_tkip_encrypt(struct sk_buff *skb, int hdr_len, void *priv) 339 { 340 struct lib80211_tkip_data *tkey = priv; 341 int len; 342 u8 rc4key[16], *pos, *icv; 343 u32 crc; 344 int i; 345 346 if (tkey->flags & IEEE80211_CRYPTO_TKIP_COUNTERMEASURES) { 347 struct ieee80211_hdr *hdr = (struct ieee80211_hdr *)skb->data; 348 net_dbg_ratelimited("TKIP countermeasures: dropped TX packet to %pM\n", 349 hdr->addr1); 350 return -1; 351 } 352 353 if (skb_tailroom(skb) < 4 || skb->len < hdr_len) 354 return -1; 355 356 len = skb->len - hdr_len; 357 pos = skb->data + hdr_len; 358 359 if ((lib80211_tkip_hdr(skb, hdr_len, rc4key, 16, priv)) < 0) 360 return -1; 361 362 crc = ~crc32_le(~0, pos, len); 363 icv = skb_put(skb, 4); 364 icv[0] = crc; 365 icv[1] = crc >> 8; 366 icv[2] = crc >> 16; 367 icv[3] = crc >> 24; 368 369 crypto_cipher_setkey(tkey->tx_tfm_arc4, rc4key, 16); 370 for (i = 0; i < len + 4; i++) 371 crypto_cipher_encrypt_one(tkey->tx_tfm_arc4, pos + i, pos + i); 372 return 0; 373 } 374 375 /* 376 * deal with seq counter wrapping correctly. 377 * refer to timer_after() for jiffies wrapping handling 378 */ 379 static inline int tkip_replay_check(u32 iv32_n, u16 iv16_n, 380 u32 iv32_o, u16 iv16_o) 381 { 382 if ((s32)iv32_n - (s32)iv32_o < 0 || 383 (iv32_n == iv32_o && iv16_n <= iv16_o)) 384 return 1; 385 return 0; 386 } 387 388 static int lib80211_tkip_decrypt(struct sk_buff *skb, int hdr_len, void *priv) 389 { 390 struct lib80211_tkip_data *tkey = priv; 391 u8 rc4key[16]; 392 u8 keyidx, *pos; 393 u32 iv32; 394 u16 iv16; 395 struct ieee80211_hdr *hdr; 396 u8 icv[4]; 397 u32 crc; 398 int plen; 399 int i; 400 401 hdr = (struct ieee80211_hdr *)skb->data; 402 403 if (tkey->flags & IEEE80211_CRYPTO_TKIP_COUNTERMEASURES) { 404 net_dbg_ratelimited("TKIP countermeasures: dropped received packet from %pM\n", 405 hdr->addr2); 406 return -1; 407 } 408 409 if (skb->len < hdr_len + TKIP_HDR_LEN + 4) 410 return -1; 411 412 pos = skb->data + hdr_len; 413 keyidx = pos[3]; 414 if (!(keyidx & (1 << 5))) { 415 net_dbg_ratelimited("TKIP: received packet without ExtIV flag from %pM\n", 416 hdr->addr2); 417 return -2; 418 } 419 keyidx >>= 6; 420 if (tkey->key_idx != keyidx) { 421 net_dbg_ratelimited("TKIP: RX tkey->key_idx=%d frame keyidx=%d\n", 422 tkey->key_idx, keyidx); 423 return -6; 424 } 425 if (!tkey->key_set) { 426 net_dbg_ratelimited("TKIP: received packet from %pM with keyid=%d that does not have a configured key\n", 427 hdr->addr2, keyidx); 428 return -3; 429 } 430 iv16 = (pos[0] << 8) | pos[2]; 431 iv32 = pos[4] | (pos[5] << 8) | (pos[6] << 16) | (pos[7] << 24); 432 pos += TKIP_HDR_LEN; 433 434 if (tkip_replay_check(iv32, iv16, tkey->rx_iv32, tkey->rx_iv16)) { 435 #ifdef CONFIG_LIB80211_DEBUG 436 net_dbg_ratelimited("TKIP: replay detected: STA=%pM previous TSC %08x%04x received TSC %08x%04x\n", 437 hdr->addr2, tkey->rx_iv32, tkey->rx_iv16, 438 iv32, iv16); 439 #endif 440 tkey->dot11RSNAStatsTKIPReplays++; 441 return -4; 442 } 443 444 if (iv32 != tkey->rx_iv32 || !tkey->rx_phase1_done) { 445 tkip_mixing_phase1(tkey->rx_ttak, tkey->key, hdr->addr2, iv32); 446 tkey->rx_phase1_done = 1; 447 } 448 tkip_mixing_phase2(rc4key, tkey->key, tkey->rx_ttak, iv16); 449 450 plen = skb->len - hdr_len - 12; 451 452 crypto_cipher_setkey(tkey->rx_tfm_arc4, rc4key, 16); 453 for (i = 0; i < plen + 4; i++) 454 crypto_cipher_decrypt_one(tkey->rx_tfm_arc4, pos + i, pos + i); 455 456 crc = ~crc32_le(~0, pos, plen); 457 icv[0] = crc; 458 icv[1] = crc >> 8; 459 icv[2] = crc >> 16; 460 icv[3] = crc >> 24; 461 if (memcmp(icv, pos + plen, 4) != 0) { 462 if (iv32 != tkey->rx_iv32) { 463 /* Previously cached Phase1 result was already lost, so 464 * it needs to be recalculated for the next packet. */ 465 tkey->rx_phase1_done = 0; 466 } 467 #ifdef CONFIG_LIB80211_DEBUG 468 net_dbg_ratelimited("TKIP: ICV error detected: STA=%pM\n", 469 hdr->addr2); 470 #endif 471 tkey->dot11RSNAStatsTKIPICVErrors++; 472 return -5; 473 } 474 475 /* Update real counters only after Michael MIC verification has 476 * completed */ 477 tkey->rx_iv32_new = iv32; 478 tkey->rx_iv16_new = iv16; 479 480 /* Remove IV and ICV */ 481 memmove(skb->data + TKIP_HDR_LEN, skb->data, hdr_len); 482 skb_pull(skb, TKIP_HDR_LEN); 483 skb_trim(skb, skb->len - 4); 484 485 return keyidx; 486 } 487 488 static int michael_mic(struct crypto_shash *tfm_michael, u8 *key, u8 *hdr, 489 u8 *data, size_t data_len, u8 *mic) 490 { 491 SHASH_DESC_ON_STACK(desc, tfm_michael); 492 int err; 493 494 if (tfm_michael == NULL) { 495 pr_warn("%s(): tfm_michael == NULL\n", __func__); 496 return -1; 497 } 498 499 desc->tfm = tfm_michael; 500 501 if (crypto_shash_setkey(tfm_michael, key, 8)) 502 return -1; 503 504 err = crypto_shash_init(desc); 505 if (err) 506 goto out; 507 err = crypto_shash_update(desc, hdr, 16); 508 if (err) 509 goto out; 510 err = crypto_shash_update(desc, data, data_len); 511 if (err) 512 goto out; 513 err = crypto_shash_final(desc, mic); 514 515 out: 516 shash_desc_zero(desc); 517 return err; 518 } 519 520 static void michael_mic_hdr(struct sk_buff *skb, u8 * hdr) 521 { 522 struct ieee80211_hdr *hdr11; 523 524 hdr11 = (struct ieee80211_hdr *)skb->data; 525 526 switch (le16_to_cpu(hdr11->frame_control) & 527 (IEEE80211_FCTL_FROMDS | IEEE80211_FCTL_TODS)) { 528 case IEEE80211_FCTL_TODS: 529 memcpy(hdr, hdr11->addr3, ETH_ALEN); /* DA */ 530 memcpy(hdr + ETH_ALEN, hdr11->addr2, ETH_ALEN); /* SA */ 531 break; 532 case IEEE80211_FCTL_FROMDS: 533 memcpy(hdr, hdr11->addr1, ETH_ALEN); /* DA */ 534 memcpy(hdr + ETH_ALEN, hdr11->addr3, ETH_ALEN); /* SA */ 535 break; 536 case IEEE80211_FCTL_FROMDS | IEEE80211_FCTL_TODS: 537 memcpy(hdr, hdr11->addr3, ETH_ALEN); /* DA */ 538 memcpy(hdr + ETH_ALEN, hdr11->addr4, ETH_ALEN); /* SA */ 539 break; 540 default: 541 memcpy(hdr, hdr11->addr1, ETH_ALEN); /* DA */ 542 memcpy(hdr + ETH_ALEN, hdr11->addr2, ETH_ALEN); /* SA */ 543 break; 544 } 545 546 if (ieee80211_is_data_qos(hdr11->frame_control)) { 547 hdr[12] = le16_to_cpu(*((__le16 *)ieee80211_get_qos_ctl(hdr11))) 548 & IEEE80211_QOS_CTL_TID_MASK; 549 } else 550 hdr[12] = 0; /* priority */ 551 552 hdr[13] = hdr[14] = hdr[15] = 0; /* reserved */ 553 } 554 555 static int lib80211_michael_mic_add(struct sk_buff *skb, int hdr_len, 556 void *priv) 557 { 558 struct lib80211_tkip_data *tkey = priv; 559 u8 *pos; 560 561 if (skb_tailroom(skb) < 8 || skb->len < hdr_len) { 562 printk(KERN_DEBUG "Invalid packet for Michael MIC add " 563 "(tailroom=%d hdr_len=%d skb->len=%d)\n", 564 skb_tailroom(skb), hdr_len, skb->len); 565 return -1; 566 } 567 568 michael_mic_hdr(skb, tkey->tx_hdr); 569 pos = skb_put(skb, 8); 570 if (michael_mic(tkey->tx_tfm_michael, &tkey->key[16], tkey->tx_hdr, 571 skb->data + hdr_len, skb->len - 8 - hdr_len, pos)) 572 return -1; 573 574 return 0; 575 } 576 577 static void lib80211_michael_mic_failure(struct net_device *dev, 578 struct ieee80211_hdr *hdr, 579 int keyidx) 580 { 581 union iwreq_data wrqu; 582 struct iw_michaelmicfailure ev; 583 584 /* TODO: needed parameters: count, keyid, key type, TSC */ 585 memset(&ev, 0, sizeof(ev)); 586 ev.flags = keyidx & IW_MICFAILURE_KEY_ID; 587 if (hdr->addr1[0] & 0x01) 588 ev.flags |= IW_MICFAILURE_GROUP; 589 else 590 ev.flags |= IW_MICFAILURE_PAIRWISE; 591 ev.src_addr.sa_family = ARPHRD_ETHER; 592 memcpy(ev.src_addr.sa_data, hdr->addr2, ETH_ALEN); 593 memset(&wrqu, 0, sizeof(wrqu)); 594 wrqu.data.length = sizeof(ev); 595 wireless_send_event(dev, IWEVMICHAELMICFAILURE, &wrqu, (char *)&ev); 596 } 597 598 static int lib80211_michael_mic_verify(struct sk_buff *skb, int keyidx, 599 int hdr_len, void *priv) 600 { 601 struct lib80211_tkip_data *tkey = priv; 602 u8 mic[8]; 603 604 if (!tkey->key_set) 605 return -1; 606 607 michael_mic_hdr(skb, tkey->rx_hdr); 608 if (michael_mic(tkey->rx_tfm_michael, &tkey->key[24], tkey->rx_hdr, 609 skb->data + hdr_len, skb->len - 8 - hdr_len, mic)) 610 return -1; 611 if (memcmp(mic, skb->data + skb->len - 8, 8) != 0) { 612 struct ieee80211_hdr *hdr; 613 hdr = (struct ieee80211_hdr *)skb->data; 614 printk(KERN_DEBUG "%s: Michael MIC verification failed for " 615 "MSDU from %pM keyidx=%d\n", 616 skb->dev ? skb->dev->name : "N/A", hdr->addr2, 617 keyidx); 618 if (skb->dev) 619 lib80211_michael_mic_failure(skb->dev, hdr, keyidx); 620 tkey->dot11RSNAStatsTKIPLocalMICFailures++; 621 return -1; 622 } 623 624 /* Update TSC counters for RX now that the packet verification has 625 * completed. */ 626 tkey->rx_iv32 = tkey->rx_iv32_new; 627 tkey->rx_iv16 = tkey->rx_iv16_new; 628 629 skb_trim(skb, skb->len - 8); 630 631 return 0; 632 } 633 634 static int lib80211_tkip_set_key(void *key, int len, u8 * seq, void *priv) 635 { 636 struct lib80211_tkip_data *tkey = priv; 637 int keyidx; 638 struct crypto_shash *tfm = tkey->tx_tfm_michael; 639 struct crypto_cipher *tfm2 = tkey->tx_tfm_arc4; 640 struct crypto_shash *tfm3 = tkey->rx_tfm_michael; 641 struct crypto_cipher *tfm4 = tkey->rx_tfm_arc4; 642 643 keyidx = tkey->key_idx; 644 memset(tkey, 0, sizeof(*tkey)); 645 tkey->key_idx = keyidx; 646 tkey->tx_tfm_michael = tfm; 647 tkey->tx_tfm_arc4 = tfm2; 648 tkey->rx_tfm_michael = tfm3; 649 tkey->rx_tfm_arc4 = tfm4; 650 if (len == TKIP_KEY_LEN) { 651 memcpy(tkey->key, key, TKIP_KEY_LEN); 652 tkey->key_set = 1; 653 tkey->tx_iv16 = 1; /* TSC is initialized to 1 */ 654 if (seq) { 655 tkey->rx_iv32 = (seq[5] << 24) | (seq[4] << 16) | 656 (seq[3] << 8) | seq[2]; 657 tkey->rx_iv16 = (seq[1] << 8) | seq[0]; 658 } 659 } else if (len == 0) 660 tkey->key_set = 0; 661 else 662 return -1; 663 664 return 0; 665 } 666 667 static int lib80211_tkip_get_key(void *key, int len, u8 * seq, void *priv) 668 { 669 struct lib80211_tkip_data *tkey = priv; 670 671 if (len < TKIP_KEY_LEN) 672 return -1; 673 674 if (!tkey->key_set) 675 return 0; 676 memcpy(key, tkey->key, TKIP_KEY_LEN); 677 678 if (seq) { 679 /* Return the sequence number of the last transmitted frame. */ 680 u16 iv16 = tkey->tx_iv16; 681 u32 iv32 = tkey->tx_iv32; 682 if (iv16 == 0) 683 iv32--; 684 iv16--; 685 seq[0] = tkey->tx_iv16; 686 seq[1] = tkey->tx_iv16 >> 8; 687 seq[2] = tkey->tx_iv32; 688 seq[3] = tkey->tx_iv32 >> 8; 689 seq[4] = tkey->tx_iv32 >> 16; 690 seq[5] = tkey->tx_iv32 >> 24; 691 } 692 693 return TKIP_KEY_LEN; 694 } 695 696 static void lib80211_tkip_print_stats(struct seq_file *m, void *priv) 697 { 698 struct lib80211_tkip_data *tkip = priv; 699 seq_printf(m, 700 "key[%d] alg=TKIP key_set=%d " 701 "tx_pn=%02x%02x%02x%02x%02x%02x " 702 "rx_pn=%02x%02x%02x%02x%02x%02x " 703 "replays=%d icv_errors=%d local_mic_failures=%d\n", 704 tkip->key_idx, tkip->key_set, 705 (tkip->tx_iv32 >> 24) & 0xff, 706 (tkip->tx_iv32 >> 16) & 0xff, 707 (tkip->tx_iv32 >> 8) & 0xff, 708 tkip->tx_iv32 & 0xff, 709 (tkip->tx_iv16 >> 8) & 0xff, 710 tkip->tx_iv16 & 0xff, 711 (tkip->rx_iv32 >> 24) & 0xff, 712 (tkip->rx_iv32 >> 16) & 0xff, 713 (tkip->rx_iv32 >> 8) & 0xff, 714 tkip->rx_iv32 & 0xff, 715 (tkip->rx_iv16 >> 8) & 0xff, 716 tkip->rx_iv16 & 0xff, 717 tkip->dot11RSNAStatsTKIPReplays, 718 tkip->dot11RSNAStatsTKIPICVErrors, 719 tkip->dot11RSNAStatsTKIPLocalMICFailures); 720 } 721 722 static struct lib80211_crypto_ops lib80211_crypt_tkip = { 723 .name = "TKIP", 724 .init = lib80211_tkip_init, 725 .deinit = lib80211_tkip_deinit, 726 .encrypt_mpdu = lib80211_tkip_encrypt, 727 .decrypt_mpdu = lib80211_tkip_decrypt, 728 .encrypt_msdu = lib80211_michael_mic_add, 729 .decrypt_msdu = lib80211_michael_mic_verify, 730 .set_key = lib80211_tkip_set_key, 731 .get_key = lib80211_tkip_get_key, 732 .print_stats = lib80211_tkip_print_stats, 733 .extra_mpdu_prefix_len = 4 + 4, /* IV + ExtIV */ 734 .extra_mpdu_postfix_len = 4, /* ICV */ 735 .extra_msdu_postfix_len = 8, /* MIC */ 736 .get_flags = lib80211_tkip_get_flags, 737 .set_flags = lib80211_tkip_set_flags, 738 .owner = THIS_MODULE, 739 }; 740 741 static int __init lib80211_crypto_tkip_init(void) 742 { 743 return lib80211_register_crypto_ops(&lib80211_crypt_tkip); 744 } 745 746 static void __exit lib80211_crypto_tkip_exit(void) 747 { 748 lib80211_unregister_crypto_ops(&lib80211_crypt_tkip); 749 } 750 751 module_init(lib80211_crypto_tkip_init); 752 module_exit(lib80211_crypto_tkip_exit); 753