projects / linux-2.6-block.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
drm/i915: make hw page ioremap use ioremap_wc
[linux-2.6-block.git] / net / wireless / lib80211_crypt_tkip.c
CommitLineData
b453872c 1/*
274bfb8d 2 * lib80211 crypt: host-based TKIP encryption implementation for lib80211
b453872c 3 *
85d32e7b 4 * Copyright (c) 2003-2004, Jouni Malinen <j@w1.fi>
274bfb8d 5 * Copyright (c) 2008, John W. Linville <linville@tuxdriver.com>
b453872c
JG		 6 *
7 * This program is free software; you can redistribute it and/or modify
8 * it under the terms of the GNU General Public License version 2 as
9 * published by the Free Software Foundation. See README and COPYING for
10 * more details.
11 */
12
f12cc209 13#include <linux/err.h>
b453872c
JG		 14#include <linux/module.h>
15#include <linux/init.h>
16#include <linux/slab.h>
17#include <linux/random.h>
11763609 18#include <linux/scatterlist.h>
b453872c
JG		 19#include <linux/skbuff.h>
20#include <linux/netdevice.h>
d7fe0f24 21#include <linux/mm.h>
b453872c
JG		 22#include <linux/if_ether.h>
23#include <linux/if_arp.h>
24#include <asm/string.h>
25
274bfb8d
JL		 26#include <linux/wireless.h>
27#include <linux/ieee80211.h>
28#include <net/iw_handler.h>
b453872c 29
b453872c 30#include <linux/crypto.h>
b453872c
JG		 31#include <linux/crc32.h>
32
274bfb8d
JL		 33#include <net/lib80211.h>
34
b453872c 35MODULE_AUTHOR("Jouni Malinen");
274bfb8d 36MODULE_DESCRIPTION("lib80211 crypt: TKIP");
b453872c
JG		 37MODULE_LICENSE("GPL");
38
274bfb8d 39struct lib80211_tkip_data {
b453872c
JG		 40#define TKIP_KEY_LEN 32
41 u8 key[TKIP_KEY_LEN];
42 int key_set;
43
44 u32 tx_iv32;
45 u16 tx_iv16;
46 u16 tx_ttak[5];
47 int tx_phase1_done;
48
49 u32 rx_iv32;
50 u16 rx_iv16;
51 u16 rx_ttak[5];
52 int rx_phase1_done;
53 u32 rx_iv32_new;
54 u16 rx_iv16_new;
55
56 u32 dot11RSNAStatsTKIPReplays;
57 u32 dot11RSNAStatsTKIPICVErrors;
58 u32 dot11RSNAStatsTKIPLocalMICFailures;
59
60 int key_idx;
61
28eb177d
JG		 62 struct crypto_blkcipher *rx_tfm_arc4;
63 struct crypto_hash *rx_tfm_michael;
64 struct crypto_blkcipher *tx_tfm_arc4;
65 struct crypto_hash *tx_tfm_michael;
b453872c
JG		 66
67 /* scratch buffers for virt_to_page() (crypto API) */
68 u8 rx_hdr[16], tx_hdr[16];
20d64713 69
6eb6edf0 70 unsigned long flags;
b453872c
JG		 71};
72
274bfb8d 73static unsigned long lib80211_tkip_set_flags(unsigned long flags, void *priv)
6eb6edf0 74{
274bfb8d 75 struct lib80211_tkip_data *_priv = priv;
6eb6edf0
JK		 76 unsigned long old_flags = _priv->flags;
77 _priv->flags = flags;
78 return old_flags;
79}
80
274bfb8d 81static unsigned long lib80211_tkip_get_flags(void *priv)
6eb6edf0 82{
274bfb8d 83 struct lib80211_tkip_data *_priv = priv;
6eb6edf0
JK		 84 return _priv->flags;
85}
86
274bfb8d 87static void *lib80211_tkip_init(int key_idx)
b453872c 88{
274bfb8d 89 struct lib80211_tkip_data *priv;
b453872c 90
8aa914b7 91 priv = kzalloc(sizeof(*priv), GFP_ATOMIC);
b453872c
JG		 92 if (priv == NULL)
93 goto fail;
20d64713 94
b453872c
JG		 95 priv->key_idx = key_idx;
96
28eb177d 97 priv->tx_tfm_arc4 = crypto_alloc_blkcipher("ecb(arc4)", 0,
f12cc209 98 CRYPTO_ALG_ASYNC);
28eb177d 99 if (IS_ERR(priv->tx_tfm_arc4)) {
274bfb8d 100 printk(KERN_DEBUG "lib80211_crypt_tkip: could not allocate "
b453872c 101 "crypto API arc4\n");
18379879 102 priv->tx_tfm_arc4 = NULL;
b453872c
JG		 103 goto fail;
104 }
105
28eb177d
JG		 106 priv->tx_tfm_michael = crypto_alloc_hash("michael_mic", 0,
107 CRYPTO_ALG_ASYNC);
108 if (IS_ERR(priv->tx_tfm_michael)) {
274bfb8d 109 printk(KERN_DEBUG "lib80211_crypt_tkip: could not allocate "
5a656949 110 "crypto API michael_mic\n");
18379879 111 priv->tx_tfm_michael = NULL;
5a656949
ZY		 112 goto fail;
113 }
114
28eb177d
JG		 115 priv->rx_tfm_arc4 = crypto_alloc_blkcipher("ecb(arc4)", 0,
116 CRYPTO_ALG_ASYNC);
117 if (IS_ERR(priv->rx_tfm_arc4)) {
274bfb8d 118 printk(KERN_DEBUG "lib80211_crypt_tkip: could not allocate "
5a656949 119 "crypto API arc4\n");
18379879 120 priv->rx_tfm_arc4 = NULL;
5a656949
ZY		 121 goto fail;
122 }
123
28eb177d
JG		 124 priv->rx_tfm_michael = crypto_alloc_hash("michael_mic", 0,
125 CRYPTO_ALG_ASYNC);
126 if (IS_ERR(priv->rx_tfm_michael)) {
274bfb8d 127 printk(KERN_DEBUG "lib80211_crypt_tkip: could not allocate "
b453872c 128 "crypto API michael_mic\n");
18379879 129 priv->rx_tfm_michael = NULL;
b453872c
JG		 130 goto fail;
131 }
132
133 return priv;
134
0edd5b44 135 fail:
b453872c 136 if (priv) {
5a656949 137 if (priv->tx_tfm_michael)
28eb177d 138 crypto_free_hash(priv->tx_tfm_michael);
5a656949 139 if (priv->tx_tfm_arc4)
28eb177d 140 crypto_free_blkcipher(priv->tx_tfm_arc4);
5a656949 141 if (priv->rx_tfm_michael)
28eb177d 142 crypto_free_hash(priv->rx_tfm_michael);
5a656949 143 if (priv->rx_tfm_arc4)
28eb177d 144 crypto_free_blkcipher(priv->rx_tfm_arc4);
b453872c
JG		 145 kfree(priv);
146 }
147
148 return NULL;
149}
150
274bfb8d 151static void lib80211_tkip_deinit(void *priv)
b453872c 152{
274bfb8d 153 struct lib80211_tkip_data *_priv = priv;
5a656949
ZY		 154 if (_priv) {
155 if (_priv->tx_tfm_michael)
28eb177d 156 crypto_free_hash(_priv->tx_tfm_michael);
5a656949 157 if (_priv->tx_tfm_arc4)
28eb177d 158 crypto_free_blkcipher(_priv->tx_tfm_arc4);
5a656949 159 if (_priv->rx_tfm_michael)
28eb177d 160 crypto_free_hash(_priv->rx_tfm_michael);
5a656949 161 if (_priv->rx_tfm_arc4)
28eb177d 162 crypto_free_blkcipher(_priv->rx_tfm_arc4);
5a656949 163 }
b453872c
JG		 164 kfree(priv);
165}
166
b453872c
JG		 167static inline u16 RotR1(u16 val)
168{
169 return (val >> 1) | (val << 15);
170}
171
b453872c
JG		 172static inline u8 Lo8(u16 val)
173{
174 return val & 0xff;
175}
176
b453872c
JG		 177static inline u8 Hi8(u16 val)
178{
179 return val >> 8;
180}
181
b453872c
JG		 182static inline u16 Lo16(u32 val)
183{
184 return val & 0xffff;
185}
186
b453872c
JG		 187static inline u16 Hi16(u32 val)
188{
189 return val >> 16;
190}
191
b453872c
JG		 192static inline u16 Mk16(u8 hi, u8 lo)
193{
194 return lo | (((u16) hi) << 8);
195}
196
d9e94d56 197static inline u16 Mk16_le(__le16 * v)
b453872c
JG		 198{
199 return le16_to_cpu(*v);
200}
201
0edd5b44 202static const u16 Sbox[256] = {
b453872c
JG		 203 0xC6A5, 0xF884, 0xEE99, 0xF68D, 0xFF0D, 0xD6BD, 0xDEB1, 0x9154,
204 0x6050, 0x0203, 0xCEA9, 0x567D, 0xE719, 0xB562, 0x4DE6, 0xEC9A,
205 0x8F45, 0x1F9D, 0x8940, 0xFA87, 0xEF15, 0xB2EB, 0x8EC9, 0xFB0B,
206 0x41EC, 0xB367, 0x5FFD, 0x45EA, 0x23BF, 0x53F7, 0xE496, 0x9B5B,
207 0x75C2, 0xE11C, 0x3DAE, 0x4C6A, 0x6C5A, 0x7E41, 0xF502, 0x834F,
208 0x685C, 0x51F4, 0xD134, 0xF908, 0xE293, 0xAB73, 0x6253, 0x2A3F,
209 0x080C, 0x9552, 0x4665, 0x9D5E, 0x3028, 0x37A1, 0x0A0F, 0x2FB5,
210 0x0E09, 0x2436, 0x1B9B, 0xDF3D, 0xCD26, 0x4E69, 0x7FCD, 0xEA9F,
211 0x121B, 0x1D9E, 0x5874, 0x342E, 0x362D, 0xDCB2, 0xB4EE, 0x5BFB,
212 0xA4F6, 0x764D, 0xB761, 0x7DCE, 0x527B, 0xDD3E, 0x5E71, 0x1397,
213 0xA6F5, 0xB968, 0x0000, 0xC12C, 0x4060, 0xE31F, 0x79C8, 0xB6ED,
214 0xD4BE, 0x8D46, 0x67D9, 0x724B, 0x94DE, 0x98D4, 0xB0E8, 0x854A,
215 0xBB6B, 0xC52A, 0x4FE5, 0xED16, 0x86C5, 0x9AD7, 0x6655, 0x1194,
216 0x8ACF, 0xE910, 0x0406, 0xFE81, 0xA0F0, 0x7844, 0x25BA, 0x4BE3,
217 0xA2F3, 0x5DFE, 0x80C0, 0x058A, 0x3FAD, 0x21BC, 0x7048, 0xF104,
218 0x63DF, 0x77C1, 0xAF75, 0x4263, 0x2030, 0xE51A, 0xFD0E, 0xBF6D,
219 0x814C, 0x1814, 0x2635, 0xC32F, 0xBEE1, 0x35A2, 0x88CC, 0x2E39,
220 0x9357, 0x55F2, 0xFC82, 0x7A47, 0xC8AC, 0xBAE7, 0x322B, 0xE695,
221 0xC0A0, 0x1998, 0x9ED1, 0xA37F, 0x4466, 0x547E, 0x3BAB, 0x0B83,
222 0x8CCA, 0xC729, 0x6BD3, 0x283C, 0xA779, 0xBCE2, 0x161D, 0xAD76,
223 0xDB3B, 0x6456, 0x744E, 0x141E, 0x92DB, 0x0C0A, 0x486C, 0xB8E4,
224 0x9F5D, 0xBD6E, 0x43EF, 0xC4A6, 0x39A8, 0x31A4, 0xD337, 0xF28B,
225 0xD532, 0x8B43, 0x6E59, 0xDAB7, 0x018C, 0xB164, 0x9CD2, 0x49E0,
226 0xD8B4, 0xACFA, 0xF307, 0xCF25, 0xCAAF, 0xF48E, 0x47E9, 0x1018,
227 0x6FD5, 0xF088, 0x4A6F, 0x5C72, 0x3824, 0x57F1, 0x73C7, 0x9751,
228 0xCB23, 0xA17C, 0xE89C, 0x3E21, 0x96DD, 0x61DC, 0x0D86, 0x0F85,
229 0xE090, 0x7C42, 0x71C4, 0xCCAA, 0x90D8, 0x0605, 0xF701, 0x1C12,
230 0xC2A3, 0x6A5F, 0xAEF9, 0x69D0, 0x1791, 0x9958, 0x3A27, 0x27B9,
231 0xD938, 0xEB13, 0x2BB3, 0x2233, 0xD2BB, 0xA970, 0x0789, 0x33A7,
232 0x2DB6, 0x3C22, 0x1592, 0xC920, 0x8749, 0xAAFF, 0x5078, 0xA57A,
233 0x038F, 0x59F8, 0x0980, 0x1A17, 0x65DA, 0xD731, 0x84C6, 0xD0B8,
234 0x82C3, 0x29B0, 0x5A77, 0x1E11, 0x7BCB, 0xA8FC, 0x6DD6, 0x2C3A,
235};
236
b453872c
JG		 237static inline u16 _S_(u16 v)
238{
239 u16 t = Sbox[Hi8(v)];
240 return Sbox[Lo8(v)] ^ ((t << 8) | (t >> 8));
241}
242
b453872c
JG		 243#define PHASE1_LOOP_COUNT 8
244
0edd5b44
JG		 245static void tkip_mixing_phase1(u16 * TTAK, const u8 * TK, const u8 * TA,
246 u32 IV32)
b453872c
JG		 247{
248 int i, j;
249
250 /* Initialize the 80-bit TTAK from TSC (IV32) and TA[0..5] */
251 TTAK[0] = Lo16(IV32);
252 TTAK[1] = Hi16(IV32);
253 TTAK[2] = Mk16(TA[1], TA[0]);
254 TTAK[3] = Mk16(TA[3], TA[2]);
255 TTAK[4] = Mk16(TA[5], TA[4]);
256
257 for (i = 0; i < PHASE1_LOOP_COUNT; i++) {
258 j = 2 * (i & 1);
259 TTAK[0] += _S_(TTAK[4] ^ Mk16(TK[1 + j], TK[0 + j]));
260 TTAK[1] += _S_(TTAK[0] ^ Mk16(TK[5 + j], TK[4 + j]));
261 TTAK[2] += _S_(TTAK[1] ^ Mk16(TK[9 + j], TK[8 + j]));
262 TTAK[3] += _S_(TTAK[2] ^ Mk16(TK[13 + j], TK[12 + j]));
263 TTAK[4] += _S_(TTAK[3] ^ Mk16(TK[1 + j], TK[0 + j])) + i;
264 }
265}
266
0edd5b44 267static void tkip_mixing_phase2(u8 * WEPSeed, const u8 * TK, const u16 * TTAK,
b453872c
JG		 268 u16 IV16)
269{
270 /* Make temporary area overlap WEP seed so that the final copy can be
271 * avoided on little endian hosts. */
0edd5b44 272 u16 *PPK = (u16 *) & WEPSeed[4];
b453872c
JG		 273
274 /* Step 1 - make copy of TTAK and bring in TSC */
275 PPK[0] = TTAK[0];
276 PPK[1] = TTAK[1];
277 PPK[2] = TTAK[2];
278 PPK[3] = TTAK[3];
279 PPK[4] = TTAK[4];
280 PPK[5] = TTAK[4] + IV16;
281
282 /* Step 2 - 96-bit bijective mixing using S-box */
d9e94d56
AV		 283 PPK[0] += _S_(PPK[5] ^ Mk16_le((__le16 *) & TK[0]));
284 PPK[1] += _S_(PPK[0] ^ Mk16_le((__le16 *) & TK[2]));
285 PPK[2] += _S_(PPK[1] ^ Mk16_le((__le16 *) & TK[4]));
286 PPK[3] += _S_(PPK[2] ^ Mk16_le((__le16 *) & TK[6]));
287 PPK[4] += _S_(PPK[3] ^ Mk16_le((__le16 *) & TK[8]));
288 PPK[5] += _S_(PPK[4] ^ Mk16_le((__le16 *) & TK[10]));
289
290 PPK[0] += RotR1(PPK[5] ^ Mk16_le((__le16 *) & TK[12]));
291 PPK[1] += RotR1(PPK[0] ^ Mk16_le((__le16 *) & TK[14]));
b453872c
JG		 292 PPK[2] += RotR1(PPK[1]);
293 PPK[3] += RotR1(PPK[2]);
294 PPK[4] += RotR1(PPK[3]);
295 PPK[5] += RotR1(PPK[4]);
296
297 /* Step 3 - bring in last of TK bits, assign 24-bit WEP IV value
298 * WEPSeed[0..2] is transmitted as WEP IV */
299 WEPSeed[0] = Hi8(IV16);
300 WEPSeed[1] = (Hi8(IV16) | 0x20) & 0x7F;
301 WEPSeed[2] = Lo8(IV16);
d9e94d56 302 WEPSeed[3] = Lo8((PPK[5] ^ Mk16_le((__le16 *) & TK[0])) >> 1);
b453872c
JG		 303
304#ifdef __BIG_ENDIAN
305 {
306 int i;
307 for (i = 0; i < 6; i++)
308 PPK[i] = (PPK[i] << 8) | (PPK[i] >> 8);
309 }
310#endif
311}
312
274bfb8d 313static int lib80211_tkip_hdr(struct sk_buff *skb, int hdr_len,
9184d934 314 u8 * rc4key, int keylen, void *priv)
b453872c 315{
274bfb8d 316 struct lib80211_tkip_data *tkey = priv;
b453872c 317 int len;
9184d934 318 u8 *pos;
274bfb8d 319 struct ieee80211_hdr *hdr;
b453872c 320
274bfb8d 321 hdr = (struct ieee80211_hdr *)skb->data;
20d64713 322
31b59eae 323 if (skb_headroom(skb) < 8 || skb->len < hdr_len)
9184d934
ZY		 324 return -1;
325
326 if (rc4key == NULL || keylen < 16)
327 return -1;
b453872c 328
b453872c
JG		 329 if (!tkey->tx_phase1_done) {
330 tkip_mixing_phase1(tkey->tx_ttak, tkey->key, hdr->addr2,
331 tkey->tx_iv32);
332 tkey->tx_phase1_done = 1;
333 }
334 tkip_mixing_phase2(rc4key, tkey->key, tkey->tx_ttak, tkey->tx_iv16);
335
336 len = skb->len - hdr_len;
337 pos = skb_push(skb, 8);
338 memmove(pos, pos + 8, hdr_len);
339 pos += hdr_len;
b453872c 340
31b59eae
JK		 341 *pos++ = *rc4key;
342 *pos++ = *(rc4key + 1);
343 *pos++ = *(rc4key + 2);
0edd5b44 344 *pos++ = (tkey->key_idx << 6) | (1 << 5) /* Ext IV included */ ;
b453872c
JG		 345 *pos++ = tkey->tx_iv32 & 0xff;
346 *pos++ = (tkey->tx_iv32 >> 8) & 0xff;
347 *pos++ = (tkey->tx_iv32 >> 16) & 0xff;
348 *pos++ = (tkey->tx_iv32 >> 24) & 0xff;
349
9184d934
ZY		 350 tkey->tx_iv16++;
351 if (tkey->tx_iv16 == 0) {
352 tkey->tx_phase1_done = 0;
353 tkey->tx_iv32++;
354 }
b453872c 355
9184d934 356 return 8;
31b59eae
JK		 357}
358
274bfb8d 359static int lib80211_tkip_encrypt(struct sk_buff *skb, int hdr_len, void *priv)
31b59eae 360{
274bfb8d 361 struct lib80211_tkip_data *tkey = priv;
28eb177d 362 struct blkcipher_desc desc = { .tfm = tkey->tx_tfm_arc4 };
31b59eae 363 int len;
9184d934
ZY		 364 u8 rc4key[16], *pos, *icv;
365 u32 crc;
31b59eae
JK		 366 struct scatterlist sg;
367
6eb6edf0 368 if (tkey->flags & IEEE80211_CRYPTO_TKIP_COUNTERMEASURES) {
31b59eae 369 if (net_ratelimit()) {
274bfb8d
JL		 370 struct ieee80211_hdr *hdr =
371 (struct ieee80211_hdr *)skb->data;
9184d934 372 printk(KERN_DEBUG ": TKIP countermeasures: dropped "
e174961c 373 "TX packet to %pM\n", hdr->addr1);
31b59eae
JK		 374 }
375 return -1;
376 }
377
378 if (skb_tailroom(skb) < 4 || skb->len < hdr_len)
379 return -1;
380
381 len = skb->len - hdr_len;
382 pos = skb->data + hdr_len;
383
274bfb8d 384 if ((lib80211_tkip_hdr(skb, hdr_len, rc4key, 16, priv)) < 0)
31b59eae
JK		 385 return -1;
386
9184d934
ZY		 387 icv = skb_put(skb, 4);
388
389 crc = ~crc32_le(~0, pos, len);
390 icv[0] = crc;
391 icv[1] = crc >> 8;
392 icv[2] = crc >> 16;
393 icv[3] = crc >> 24;
394
28eb177d 395 crypto_blkcipher_setkey(tkey->tx_tfm_arc4, rc4key, 16);
fa05f128 396 sg_init_one(&sg, pos, len + 4);
f12cc209 397 return crypto_blkcipher_encrypt(&desc, &sg, &sg, len + 4);
b4328d87
ZY		 398}
399
18379879
JG		 400/*
401 * deal with seq counter wrapping correctly.
402 * refer to timer_after() for jiffies wrapping handling
403 */
404static inline int tkip_replay_check(u32 iv32_n, u16 iv16_n,
405 u32 iv32_o, u16 iv16_o)
406{
407 if ((s32)iv32_n - (s32)iv32_o < 0 ||
408 (iv32_n == iv32_o && iv16_n <= iv16_o))
409 return 1;
410 return 0;
411}
412
274bfb8d 413static int lib80211_tkip_decrypt(struct sk_buff *skb, int hdr_len, void *priv)
b453872c 414{
274bfb8d 415 struct lib80211_tkip_data *tkey = priv;
28eb177d 416 struct blkcipher_desc desc = { .tfm = tkey->rx_tfm_arc4 };
b453872c
JG		 417 u8 rc4key[16];
418 u8 keyidx, *pos;
419 u32 iv32;
420 u16 iv16;
274bfb8d 421 struct ieee80211_hdr *hdr;
b453872c
JG		 422 u8 icv[4];
423 u32 crc;
424 struct scatterlist sg;
425 int plen;
426
274bfb8d 427 hdr = (struct ieee80211_hdr *)skb->data;
20d64713 428
6eb6edf0 429 if (tkey->flags & IEEE80211_CRYPTO_TKIP_COUNTERMEASURES) {
20d64713 430 if (net_ratelimit()) {
9184d934 431 printk(KERN_DEBUG ": TKIP countermeasures: dropped "
e174961c 432 "received packet from %pM\n", hdr->addr2);
20d64713
JK		 433 }
434 return -1;
435 }
436
b453872c
JG		 437 if (skb->len < hdr_len + 8 + 4)
438 return -1;
439
b453872c
JG		 440 pos = skb->data + hdr_len;
441 keyidx = pos[3];
442 if (!(keyidx & (1 << 5))) {
443 if (net_ratelimit()) {
444 printk(KERN_DEBUG "TKIP: received packet without ExtIV"
e174961c 445 " flag from %pM\n", hdr->addr2);
b453872c
JG		 446 }
447 return -2;
448 }
449 keyidx >>= 6;
450 if (tkey->key_idx != keyidx) {
451 printk(KERN_DEBUG "TKIP: RX tkey->key_idx=%d frame "
452 "keyidx=%d priv=%p\n", tkey->key_idx, keyidx, priv);
453 return -6;
454 }
455 if (!tkey->key_set) {
456 if (net_ratelimit()) {
e174961c 457 printk(KERN_DEBUG "TKIP: received packet from %pM"
b453872c 458 " with keyid=%d that does not have a configured"
e174961c 459 " key\n", hdr->addr2, keyidx);
b453872c
JG		 460 }
461 return -3;
462 }
463 iv16 = (pos[0] << 8) | pos[2];
464 iv32 = pos[4] | (pos[5] << 8) | (pos[6] << 16) | (pos[7] << 24);
465 pos += 8;
466
b4328d87 467 if (tkip_replay_check(iv32, iv16, tkey->rx_iv32, tkey->rx_iv16)) {
274bfb8d
JL		 468 if (net_ratelimit()) {
469 printk(KERN_DEBUG "TKIP: replay detected: STA=%pM"
b453872c 470 " previous TSC %08x%04x received TSC "
e174961c 471 "%08x%04x\n", hdr->addr2,
b453872c
JG		 472 tkey->rx_iv32, tkey->rx_iv16, iv32, iv16);
473 }
474 tkey->dot11RSNAStatsTKIPReplays++;
475 return -4;
476 }
477
478 if (iv32 != tkey->rx_iv32 || !tkey->rx_phase1_done) {
479 tkip_mixing_phase1(tkey->rx_ttak, tkey->key, hdr->addr2, iv32);
480 tkey->rx_phase1_done = 1;
481 }
482 tkip_mixing_phase2(rc4key, tkey->key, tkey->rx_ttak, iv16);
483
484 plen = skb->len - hdr_len - 12;
485
28eb177d 486 crypto_blkcipher_setkey(tkey->rx_tfm_arc4, rc4key, 16);
fa05f128 487 sg_init_one(&sg, pos, plen + 4);
f12cc209
HX		 488 if (crypto_blkcipher_decrypt(&desc, &sg, &sg, plen + 4)) {
489 if (net_ratelimit()) {
490 printk(KERN_DEBUG ": TKIP: failed to decrypt "
e174961c
JB		 491 "received packet from %pM\n",
492 hdr->addr2);
f12cc209
HX		 493 }
494 return -7;
495 }
b453872c
JG		 496
497 crc = ~crc32_le(~0, pos, plen);
498 icv[0] = crc;
499 icv[1] = crc >> 8;
500 icv[2] = crc >> 16;
501 icv[3] = crc >> 24;
502 if (memcmp(icv, pos + plen, 4) != 0) {
503 if (iv32 != tkey->rx_iv32) {
504 /* Previously cached Phase1 result was already lost, so
505 * it needs to be recalculated for the next packet. */
506 tkey->rx_phase1_done = 0;
507 }
274bfb8d
JL		 508 if (net_ratelimit()) {
509 printk(KERN_DEBUG "TKIP: ICV error detected: STA="
e174961c 510 "%pM\n", hdr->addr2);
b453872c
JG		 511 }
512 tkey->dot11RSNAStatsTKIPICVErrors++;
513 return -5;
514 }
515
516 /* Update real counters only after Michael MIC verification has
517 * completed */
518 tkey->rx_iv32_new = iv32;
519 tkey->rx_iv16_new = iv16;
520
521 /* Remove IV and ICV */
522 memmove(skb->data + 8, skb->data, hdr_len);
523 skb_pull(skb, 8);
524 skb_trim(skb, skb->len - 4);
525
526 return keyidx;
527}
528
28eb177d 529static int michael_mic(struct crypto_hash *tfm_michael, u8 * key, u8 * hdr,
0edd5b44 530 u8 * data, size_t data_len, u8 * mic)
b453872c 531{
35058687 532 struct hash_desc desc;
b453872c
JG		 533 struct scatterlist sg[2];
534
5a656949 535 if (tfm_michael == NULL) {
b453872c
JG		 536 printk(KERN_WARNING "michael_mic: tfm_michael == NULL\n");
537 return -1;
538 }
fa05f128 539 sg_init_table(sg, 2);
642f1490
JA		 540 sg_set_buf(&sg[0], hdr, 16);
541 sg_set_buf(&sg[1], data, data_len);
b453872c 542
28eb177d 543 if (crypto_hash_setkey(tfm_michael, key, 8))
35058687 544 return -1;
b453872c 545
28eb177d 546 desc.tfm = tfm_michael;
35058687
HX		 547 desc.flags = 0;
548 return crypto_hash_digest(&desc, sg, data_len + 16, mic);
b453872c
JG		 549}
550
0edd5b44 551static void michael_mic_hdr(struct sk_buff *skb, u8 * hdr)
b453872c 552{
274bfb8d 553 struct ieee80211_hdr *hdr11;
b453872c 554
274bfb8d 555 hdr11 = (struct ieee80211_hdr *)skb->data;
ea284152 556
274bfb8d 557 switch (le16_to_cpu(hdr11->frame_control) &
b453872c
JG		 558 (IEEE80211_FCTL_FROMDS | IEEE80211_FCTL_TODS)) {
559 case IEEE80211_FCTL_TODS:
0edd5b44
JG		 560 memcpy(hdr, hdr11->addr3, ETH_ALEN); /* DA */
561 memcpy(hdr + ETH_ALEN, hdr11->addr2, ETH_ALEN); /* SA */
b453872c
JG		 562 break;
563 case IEEE80211_FCTL_FROMDS:
0edd5b44
JG		 564 memcpy(hdr, hdr11->addr1, ETH_ALEN); /* DA */
565 memcpy(hdr + ETH_ALEN, hdr11->addr3, ETH_ALEN); /* SA */
b453872c
JG		 566 break;
567 case IEEE80211_FCTL_FROMDS | IEEE80211_FCTL_TODS:
0edd5b44
JG		 568 memcpy(hdr, hdr11->addr3, ETH_ALEN); /* DA */
569 memcpy(hdr + ETH_ALEN, hdr11->addr4, ETH_ALEN); /* SA */
b453872c
JG		 570 break;
571 case 0:
0edd5b44
JG		 572 memcpy(hdr, hdr11->addr1, ETH_ALEN); /* DA */
573 memcpy(hdr + ETH_ALEN, hdr11->addr2, ETH_ALEN); /* SA */
b453872c
JG		 574 break;
575 }
576
274bfb8d
JL		 577 if (ieee80211_is_data_qos(hdr11->frame_control)) {
578 hdr[12] = le16_to_cpu(*ieee80211_get_qos_ctl(hdr11))
579 & IEEE80211_QOS_CTL_TID_MASK;
ea284152
ZY		 580 } else
581 hdr[12] = 0; /* priority */
582
0edd5b44 583 hdr[13] = hdr[14] = hdr[15] = 0; /* reserved */
b453872c
JG		 584}
585
274bfb8d 586static int lib80211_michael_mic_add(struct sk_buff *skb, int hdr_len,
0edd5b44 587 void *priv)
b453872c 588{
274bfb8d 589 struct lib80211_tkip_data *tkey = priv;
b453872c
JG		 590 u8 *pos;
591
592 if (skb_tailroom(skb) < 8 || skb->len < hdr_len) {
593 printk(KERN_DEBUG "Invalid packet for Michael MIC add "
594 "(tailroom=%d hdr_len=%d skb->len=%d)\n",
595 skb_tailroom(skb), hdr_len, skb->len);
596 return -1;
597 }
598
599 michael_mic_hdr(skb, tkey->tx_hdr);
600 pos = skb_put(skb, 8);
5a656949 601 if (michael_mic(tkey->tx_tfm_michael, &tkey->key[16], tkey->tx_hdr,
b453872c
JG		 602 skb->data + hdr_len, skb->len - 8 - hdr_len, pos))
603 return -1;
604
605 return 0;
606}
607
274bfb8d
JL		 608static void lib80211_michael_mic_failure(struct net_device *dev,
609 struct ieee80211_hdr *hdr,
ee34af37 610 int keyidx)
b453872c
JG		 611{
612 union iwreq_data wrqu;
613 struct iw_michaelmicfailure ev;
614
615 /* TODO: needed parameters: count, keyid, key type, TSC */
616 memset(&ev, 0, sizeof(ev));
617 ev.flags = keyidx & IW_MICFAILURE_KEY_ID;
618 if (hdr->addr1[0] & 0x01)
619 ev.flags |= IW_MICFAILURE_GROUP;
620 else
621 ev.flags |= IW_MICFAILURE_PAIRWISE;
622 ev.src_addr.sa_family = ARPHRD_ETHER;
623 memcpy(ev.src_addr.sa_data, hdr->addr2, ETH_ALEN);
624 memset(&wrqu, 0, sizeof(wrqu));
625 wrqu.data.length = sizeof(ev);
0edd5b44 626 wireless_send_event(dev, IWEVMICHAELMICFAILURE, &wrqu, (char *)&ev);
b453872c 627}
b453872c 628
274bfb8d 629static int lib80211_michael_mic_verify(struct sk_buff *skb, int keyidx,
0edd5b44 630 int hdr_len, void *priv)
b453872c 631{
274bfb8d 632 struct lib80211_tkip_data *tkey = priv;
b453872c
JG		 633 u8 mic[8];
634
635 if (!tkey->key_set)
636 return -1;
637
638 michael_mic_hdr(skb, tkey->rx_hdr);
5a656949 639 if (michael_mic(tkey->rx_tfm_michael, &tkey->key[24], tkey->rx_hdr,
b453872c
JG		 640 skb->data + hdr_len, skb->len - 8 - hdr_len, mic))
641 return -1;
642 if (memcmp(mic, skb->data + skb->len - 8, 8) != 0) {
274bfb8d
JL		 643 struct ieee80211_hdr *hdr;
644 hdr = (struct ieee80211_hdr *)skb->data;
b453872c 645 printk(KERN_DEBUG "%s: Michael MIC verification failed for "
e174961c
JB		 646 "MSDU from %pM keyidx=%d\n",
647 skb->dev ? skb->dev->name : "N/A", hdr->addr2,
b453872c
JG		 648 keyidx);
649 if (skb->dev)
274bfb8d 650 lib80211_michael_mic_failure(skb->dev, hdr, keyidx);
b453872c
JG		 651 tkey->dot11RSNAStatsTKIPLocalMICFailures++;
652 return -1;
653 }
654
655 /* Update TSC counters for RX now that the packet verification has
656 * completed. */
657 tkey->rx_iv32 = tkey->rx_iv32_new;
658 tkey->rx_iv16 = tkey->rx_iv16_new;
659
660 skb_trim(skb, skb->len - 8);
661
662 return 0;
663}
664
274bfb8d 665static int lib80211_tkip_set_key(void *key, int len, u8 * seq, void *priv)
b453872c 666{
274bfb8d 667 struct lib80211_tkip_data *tkey = priv;
b453872c 668 int keyidx;
28eb177d
JG		 669 struct crypto_hash *tfm = tkey->tx_tfm_michael;
670 struct crypto_blkcipher *tfm2 = tkey->tx_tfm_arc4;
671 struct crypto_hash *tfm3 = tkey->rx_tfm_michael;
672 struct crypto_blkcipher *tfm4 = tkey->rx_tfm_arc4;
b453872c
JG		 673
674 keyidx = tkey->key_idx;
675 memset(tkey, 0, sizeof(*tkey));
676 tkey->key_idx = keyidx;
5a656949
ZY		 677 tkey->tx_tfm_michael = tfm;
678 tkey->tx_tfm_arc4 = tfm2;
679 tkey->rx_tfm_michael = tfm3;
680 tkey->rx_tfm_arc4 = tfm4;
b453872c
JG		 681 if (len == TKIP_KEY_LEN) {
682 memcpy(tkey->key, key, TKIP_KEY_LEN);
683 tkey->key_set = 1;
0edd5b44 684 tkey->tx_iv16 = 1; /* TSC is initialized to 1 */
b453872c
JG		 685 if (seq) {
686 tkey->rx_iv32 = (seq[5] << 24) | (seq[4] << 16) |
0edd5b44 687 (seq[3] << 8) | seq[2];
b453872c
JG		 688 tkey->rx_iv16 = (seq[1] << 8) | seq[0];
689 }
690 } else if (len == 0)
691 tkey->key_set = 0;
692 else
693 return -1;
694
695 return 0;
696}
697
274bfb8d 698static int lib80211_tkip_get_key(void *key, int len, u8 * seq, void *priv)
b453872c 699{
274bfb8d 700 struct lib80211_tkip_data *tkey = priv;
b453872c
JG		 701
702 if (len < TKIP_KEY_LEN)
703 return -1;
704
705 if (!tkey->key_set)
706 return 0;
707 memcpy(key, tkey->key, TKIP_KEY_LEN);
708
709 if (seq) {
710 /* Return the sequence number of the last transmitted frame. */
711 u16 iv16 = tkey->tx_iv16;
712 u32 iv32 = tkey->tx_iv32;
713 if (iv16 == 0)
714 iv32--;
715 iv16--;
716 seq[0] = tkey->tx_iv16;
717 seq[1] = tkey->tx_iv16 >> 8;
718 seq[2] = tkey->tx_iv32;
719 seq[3] = tkey->tx_iv32 >> 8;
720 seq[4] = tkey->tx_iv32 >> 16;
721 seq[5] = tkey->tx_iv32 >> 24;
722 }
723
724 return TKIP_KEY_LEN;
725}
726
274bfb8d 727static char *lib80211_tkip_print_stats(char *p, void *priv)
b453872c 728{
274bfb8d 729 struct lib80211_tkip_data *tkip = priv;
b453872c
JG		 730 p += sprintf(p, "key[%d] alg=TKIP key_set=%d "
731 "tx_pn=%02x%02x%02x%02x%02x%02x "
732 "rx_pn=%02x%02x%02x%02x%02x%02x "
733 "replays=%d icv_errors=%d local_mic_failures=%d\n",
734 tkip->key_idx, tkip->key_set,
735 (tkip->tx_iv32 >> 24) & 0xff,
736 (tkip->tx_iv32 >> 16) & 0xff,
737 (tkip->tx_iv32 >> 8) & 0xff,
738 tkip->tx_iv32 & 0xff,
739 (tkip->tx_iv16 >> 8) & 0xff,
740 tkip->tx_iv16 & 0xff,
741 (tkip->rx_iv32 >> 24) & 0xff,
742 (tkip->rx_iv32 >> 16) & 0xff,
743 (tkip->rx_iv32 >> 8) & 0xff,
744 tkip->rx_iv32 & 0xff,
745 (tkip->rx_iv16 >> 8) & 0xff,
746 tkip->rx_iv16 & 0xff,
747 tkip->dot11RSNAStatsTKIPReplays,
748 tkip->dot11RSNAStatsTKIPICVErrors,
749 tkip->dot11RSNAStatsTKIPLocalMICFailures);
750 return p;
751}
752
274bfb8d 753static struct lib80211_crypto_ops lib80211_crypt_tkip = {
74079fdc 754 .name = "TKIP",
274bfb8d
JL		 755 .init = lib80211_tkip_init,
756 .deinit = lib80211_tkip_deinit,
757 .build_iv = lib80211_tkip_hdr,
758 .encrypt_mpdu = lib80211_tkip_encrypt,
759 .decrypt_mpdu = lib80211_tkip_decrypt,
760 .encrypt_msdu = lib80211_michael_mic_add,
761 .decrypt_msdu = lib80211_michael_mic_verify,
762 .set_key = lib80211_tkip_set_key,
763 .get_key = lib80211_tkip_get_key,
764 .print_stats = lib80211_tkip_print_stats,
1264fc04
JK		 765 .extra_mpdu_prefix_len = 4 + 4, /* IV + ExtIV */
766 .extra_mpdu_postfix_len = 4, /* ICV */
767 .extra_msdu_postfix_len = 8, /* MIC */
274bfb8d
JL		 768 .get_flags = lib80211_tkip_get_flags,
769 .set_flags = lib80211_tkip_set_flags,
74079fdc 770 .owner = THIS_MODULE,
b453872c
JG		 771};
772
274bfb8d 773static int __init lib80211_crypto_tkip_init(void)
b453872c 774{
274bfb8d 775 return lib80211_register_crypto_ops(&lib80211_crypt_tkip);
b453872c
JG		 776}
777
274bfb8d 778static void __exit lib80211_crypto_tkip_exit(void)
b453872c 779{
274bfb8d 780 lib80211_unregister_crypto_ops(&lib80211_crypt_tkip);
b453872c
JG		 781}
782
274bfb8d
JL		 783module_init(lib80211_crypto_tkip_init);
784module_exit(lib80211_crypto_tkip_exit);
Linux 6.x block layer and io_uring tree(s)