projects / linux-2.6-block.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
Staging: rtl8192u: ieee80211: corrected indent
[linux-2.6-block.git] / drivers / staging / rtl8192u / ieee80211 / ieee80211_crypt_tkip.c
CommitLineData
8fc8598e
JC		 1/*
2 * Host AP crypt: host-based TKIP encryption implementation for Host AP driver
3 *
4 * Copyright (c) 2003-2004, Jouni Malinen <jkmaline@cc.hut.fi>
5 *
6 * This program is free software; you can redistribute it and/or modify
7 * it under the terms of the GNU General Public License version 2 as
8 * published by the Free Software Foundation. See README and COPYING for
9 * more details.
10 */
11
8fc8598e
JC		 12#include <linux/module.h>
13#include <linux/init.h>
14#include <linux/slab.h>
15#include <linux/random.h>
16#include <linux/skbuff.h>
17#include <linux/netdevice.h>
18#include <linux/if_ether.h>
19#include <linux/if_arp.h>
9a4ed8c5 20#include <linux/string.h>
8fc8598e
JC		 21
22#include "ieee80211.h"
8fc8598e 23
8fc8598e 24#include <linux/crypto.h>
e406322b 25 #include <linux/scatterlist.h>
8fc8598e
JC		 26#include <linux/crc32.h>
27
28MODULE_AUTHOR("Jouni Malinen");
29MODULE_DESCRIPTION("Host AP crypt: TKIP");
30MODULE_LICENSE("GPL");
31
8fc8598e
JC		 32struct ieee80211_tkip_data {
33#define TKIP_KEY_LEN 32
34 u8 key[TKIP_KEY_LEN];
35 int key_set;
36
37 u32 tx_iv32;
38 u16 tx_iv16;
39 u16 tx_ttak[5];
40 int tx_phase1_done;
41
42 u32 rx_iv32;
43 u16 rx_iv16;
44 u16 rx_ttak[5];
45 int rx_phase1_done;
46 u32 rx_iv32_new;
47 u16 rx_iv16_new;
48
49 u32 dot11RSNAStatsTKIPReplays;
50 u32 dot11RSNAStatsTKIPICVErrors;
51 u32 dot11RSNAStatsTKIPLocalMICFailures;
52
53 int key_idx;
f61fb935 54
8fc8598e
JC		 55 struct crypto_blkcipher *rx_tfm_arc4;
56 struct crypto_hash *rx_tfm_michael;
57 struct crypto_blkcipher *tx_tfm_arc4;
58 struct crypto_hash *tx_tfm_michael;
f61fb935 59
8fc8598e
JC		 60 /* scratch buffers for virt_to_page() (crypto API) */
61 u8 rx_hdr[16], tx_hdr[16];
62};
63
8acfd58a 64static void *ieee80211_tkip_init(int key_idx)
8fc8598e
JC		 65{
66 struct ieee80211_tkip_data *priv;
67
7a6cb0d5 68 priv = kzalloc(sizeof(*priv), GFP_ATOMIC);
8fc8598e
JC		 69 if (priv == NULL)
70 goto fail;
8fc8598e 71 priv->key_idx = key_idx;
8fc8598e 72
8fc8598e
JC		 73 priv->tx_tfm_arc4 = crypto_alloc_blkcipher("ecb(arc4)", 0,
74 CRYPTO_ALG_ASYNC);
75 if (IS_ERR(priv->tx_tfm_arc4)) {
76 printk(KERN_DEBUG "ieee80211_crypt_tkip: could not allocate "
77 "crypto API arc4\n");
78 priv->tx_tfm_arc4 = NULL;
79 goto fail;
80 }
81
82 priv->tx_tfm_michael = crypto_alloc_hash("michael_mic", 0,
83 CRYPTO_ALG_ASYNC);
84 if (IS_ERR(priv->tx_tfm_michael)) {
85 printk(KERN_DEBUG "ieee80211_crypt_tkip: could not allocate "
86 "crypto API michael_mic\n");
87 priv->tx_tfm_michael = NULL;
88 goto fail;
89 }
90
91 priv->rx_tfm_arc4 = crypto_alloc_blkcipher("ecb(arc4)", 0,
92 CRYPTO_ALG_ASYNC);
93 if (IS_ERR(priv->rx_tfm_arc4)) {
94 printk(KERN_DEBUG "ieee80211_crypt_tkip: could not allocate "
95 "crypto API arc4\n");
96 priv->rx_tfm_arc4 = NULL;
97 goto fail;
98 }
99
100 priv->rx_tfm_michael = crypto_alloc_hash("michael_mic", 0,
101 CRYPTO_ALG_ASYNC);
102 if (IS_ERR(priv->rx_tfm_michael)) {
103 printk(KERN_DEBUG "ieee80211_crypt_tkip: could not allocate "
104 "crypto API michael_mic\n");
105 priv->rx_tfm_michael = NULL;
106 goto fail;
107 }
f61fb935 108
8fc8598e
JC		 109 return priv;
110
111fail:
112 if (priv) {
8fc8598e
JC		 113 if (priv->tx_tfm_michael)
114 crypto_free_hash(priv->tx_tfm_michael);
115 if (priv->tx_tfm_arc4)
116 crypto_free_blkcipher(priv->tx_tfm_arc4);
117 if (priv->rx_tfm_michael)
118 crypto_free_hash(priv->rx_tfm_michael);
119 if (priv->rx_tfm_arc4)
120 crypto_free_blkcipher(priv->rx_tfm_arc4);
8fc8598e
JC		 121 kfree(priv);
122 }
123
124 return NULL;
125}
126
127
128static void ieee80211_tkip_deinit(void *priv)
129{
130 struct ieee80211_tkip_data *_priv = priv;
f61fb935 131
8fc8598e
JC		 132 if (_priv) {
133 if (_priv->tx_tfm_michael)
134 crypto_free_hash(_priv->tx_tfm_michael);
135 if (_priv->tx_tfm_arc4)
136 crypto_free_blkcipher(_priv->tx_tfm_arc4);
137 if (_priv->rx_tfm_michael)
138 crypto_free_hash(_priv->rx_tfm_michael);
139 if (_priv->rx_tfm_arc4)
140 crypto_free_blkcipher(_priv->rx_tfm_arc4);
141 }
8fc8598e
JC		 142 kfree(priv);
143}
144
145
146static inline u16 RotR1(u16 val)
147{
148 return (val >> 1) | (val << 15);
149}
150
151
152static inline u8 Lo8(u16 val)
153{
154 return val & 0xff;
155}
156
157
158static inline u8 Hi8(u16 val)
159{
160 return val >> 8;
161}
162
163
164static inline u16 Lo16(u32 val)
165{
166 return val & 0xffff;
167}
168
169
170static inline u16 Hi16(u32 val)
171{
172 return val >> 16;
173}
174
175
176static inline u16 Mk16(u8 hi, u8 lo)
177{
178 return lo | (((u16) hi) << 8);
179}
180
181
182static inline u16 Mk16_le(u16 *v)
183{
184 return le16_to_cpu(*v);
185}
186
187
840a121e 188static const u16 Sbox[256] = {
8fc8598e
JC		 189 0xC6A5, 0xF884, 0xEE99, 0xF68D, 0xFF0D, 0xD6BD, 0xDEB1, 0x9154,
190 0x6050, 0x0203, 0xCEA9, 0x567D, 0xE719, 0xB562, 0x4DE6, 0xEC9A,
191 0x8F45, 0x1F9D, 0x8940, 0xFA87, 0xEF15, 0xB2EB, 0x8EC9, 0xFB0B,
192 0x41EC, 0xB367, 0x5FFD, 0x45EA, 0x23BF, 0x53F7, 0xE496, 0x9B5B,
193 0x75C2, 0xE11C, 0x3DAE, 0x4C6A, 0x6C5A, 0x7E41, 0xF502, 0x834F,
194 0x685C, 0x51F4, 0xD134, 0xF908, 0xE293, 0xAB73, 0x6253, 0x2A3F,
195 0x080C, 0x9552, 0x4665, 0x9D5E, 0x3028, 0x37A1, 0x0A0F, 0x2FB5,
196 0x0E09, 0x2436, 0x1B9B, 0xDF3D, 0xCD26, 0x4E69, 0x7FCD, 0xEA9F,
197 0x121B, 0x1D9E, 0x5874, 0x342E, 0x362D, 0xDCB2, 0xB4EE, 0x5BFB,
198 0xA4F6, 0x764D, 0xB761, 0x7DCE, 0x527B, 0xDD3E, 0x5E71, 0x1397,
199 0xA6F5, 0xB968, 0x0000, 0xC12C, 0x4060, 0xE31F, 0x79C8, 0xB6ED,
200 0xD4BE, 0x8D46, 0x67D9, 0x724B, 0x94DE, 0x98D4, 0xB0E8, 0x854A,
201 0xBB6B, 0xC52A, 0x4FE5, 0xED16, 0x86C5, 0x9AD7, 0x6655, 0x1194,
202 0x8ACF, 0xE910, 0x0406, 0xFE81, 0xA0F0, 0x7844, 0x25BA, 0x4BE3,
203 0xA2F3, 0x5DFE, 0x80C0, 0x058A, 0x3FAD, 0x21BC, 0x7048, 0xF104,
204 0x63DF, 0x77C1, 0xAF75, 0x4263, 0x2030, 0xE51A, 0xFD0E, 0xBF6D,
205 0x814C, 0x1814, 0x2635, 0xC32F, 0xBEE1, 0x35A2, 0x88CC, 0x2E39,
206 0x9357, 0x55F2, 0xFC82, 0x7A47, 0xC8AC, 0xBAE7, 0x322B, 0xE695,
207 0xC0A0, 0x1998, 0x9ED1, 0xA37F, 0x4466, 0x547E, 0x3BAB, 0x0B83,
208 0x8CCA, 0xC729, 0x6BD3, 0x283C, 0xA779, 0xBCE2, 0x161D, 0xAD76,
209 0xDB3B, 0x6456, 0x744E, 0x141E, 0x92DB, 0x0C0A, 0x486C, 0xB8E4,
210 0x9F5D, 0xBD6E, 0x43EF, 0xC4A6, 0x39A8, 0x31A4, 0xD337, 0xF28B,
211 0xD532, 0x8B43, 0x6E59, 0xDAB7, 0x018C, 0xB164, 0x9CD2, 0x49E0,
212 0xD8B4, 0xACFA, 0xF307, 0xCF25, 0xCAAF, 0xF48E, 0x47E9, 0x1018,
213 0x6FD5, 0xF088, 0x4A6F, 0x5C72, 0x3824, 0x57F1, 0x73C7, 0x9751,
214 0xCB23, 0xA17C, 0xE89C, 0x3E21, 0x96DD, 0x61DC, 0x0D86, 0x0F85,
215 0xE090, 0x7C42, 0x71C4, 0xCCAA, 0x90D8, 0x0605, 0xF701, 0x1C12,
216 0xC2A3, 0x6A5F, 0xAEF9, 0x69D0, 0x1791, 0x9958, 0x3A27, 0x27B9,
217 0xD938, 0xEB13, 0x2BB3, 0x2233, 0xD2BB, 0xA970, 0x0789, 0x33A7,
218 0x2DB6, 0x3C22, 0x1592, 0xC920, 0x8749, 0xAAFF, 0x5078, 0xA57A,
219 0x038F, 0x59F8, 0x0980, 0x1A17, 0x65DA, 0xD731, 0x84C6, 0xD0B8,
220 0x82C3, 0x29B0, 0x5A77, 0x1E11, 0x7BCB, 0xA8FC, 0x6DD6, 0x2C3A,
221};
222
223
224static inline u16 _S_(u16 v)
225{
226 u16 t = Sbox[Hi8(v)];
227 return Sbox[Lo8(v)] ^ ((t << 8) | (t >> 8));
228}
229
230
231#define PHASE1_LOOP_COUNT 8
232
233
234static void tkip_mixing_phase1(u16 *TTAK, const u8 *TK, const u8 *TA, u32 IV32)
235{
236 int i, j;
237
238 /* Initialize the 80-bit TTAK from TSC (IV32) and TA[0..5] */
239 TTAK[0] = Lo16(IV32);
240 TTAK[1] = Hi16(IV32);
241 TTAK[2] = Mk16(TA[1], TA[0]);
242 TTAK[3] = Mk16(TA[3], TA[2]);
243 TTAK[4] = Mk16(TA[5], TA[4]);
244
245 for (i = 0; i < PHASE1_LOOP_COUNT; i++) {
246 j = 2 * (i & 1);
247 TTAK[0] += _S_(TTAK[4] ^ Mk16(TK[1 + j], TK[0 + j]));
248 TTAK[1] += _S_(TTAK[0] ^ Mk16(TK[5 + j], TK[4 + j]));
249 TTAK[2] += _S_(TTAK[1] ^ Mk16(TK[9 + j], TK[8 + j]));
250 TTAK[3] += _S_(TTAK[2] ^ Mk16(TK[13 + j], TK[12 + j]));
251 TTAK[4] += _S_(TTAK[3] ^ Mk16(TK[1 + j], TK[0 + j])) + i;
252 }
253}
254
255
256static void tkip_mixing_phase2(u8 *WEPSeed, const u8 *TK, const u16 *TTAK,
257 u16 IV16)
258{
259 /* Make temporary area overlap WEP seed so that the final copy can be
260 * avoided on little endian hosts. */
261 u16 *PPK = (u16 *) &WEPSeed[4];
262
263 /* Step 1 - make copy of TTAK and bring in TSC */
264 PPK[0] = TTAK[0];
265 PPK[1] = TTAK[1];
266 PPK[2] = TTAK[2];
267 PPK[3] = TTAK[3];
268 PPK[4] = TTAK[4];
269 PPK[5] = TTAK[4] + IV16;
270
271 /* Step 2 - 96-bit bijective mixing using S-box */
272 PPK[0] += _S_(PPK[5] ^ Mk16_le((u16 *) &TK[0]));
273 PPK[1] += _S_(PPK[0] ^ Mk16_le((u16 *) &TK[2]));
274 PPK[2] += _S_(PPK[1] ^ Mk16_le((u16 *) &TK[4]));
275 PPK[3] += _S_(PPK[2] ^ Mk16_le((u16 *) &TK[6]));
276 PPK[4] += _S_(PPK[3] ^ Mk16_le((u16 *) &TK[8]));
277 PPK[5] += _S_(PPK[4] ^ Mk16_le((u16 *) &TK[10]));
278
279 PPK[0] += RotR1(PPK[5] ^ Mk16_le((u16 *) &TK[12]));
280 PPK[1] += RotR1(PPK[0] ^ Mk16_le((u16 *) &TK[14]));
281 PPK[2] += RotR1(PPK[1]);
282 PPK[3] += RotR1(PPK[2]);
283 PPK[4] += RotR1(PPK[3]);
284 PPK[5] += RotR1(PPK[4]);
285
286 /* Step 3 - bring in last of TK bits, assign 24-bit WEP IV value
287 * WEPSeed[0..2] is transmitted as WEP IV */
288 WEPSeed[0] = Hi8(IV16);
289 WEPSeed[1] = (Hi8(IV16) | 0x20) & 0x7F;
290 WEPSeed[2] = Lo8(IV16);
291 WEPSeed[3] = Lo8((PPK[5] ^ Mk16_le((u16 *) &TK[0])) >> 1);
292
293#ifdef __BIG_ENDIAN
294 {
295 int i;
296 for (i = 0; i < 6; i++)
297 PPK[i] = (PPK[i] << 8) | (PPK[i] >> 8);
298 }
299#endif
300}
301
302
303static int ieee80211_tkip_encrypt(struct sk_buff *skb, int hdr_len, void *priv)
304{
305 struct ieee80211_tkip_data *tkey = priv;
7bdb7d55 306 int len;
8fc8598e 307 u8 *pos;
5c2918a5 308 struct rtl_80211_hdr_4addr *hdr;
8fc8598e 309 cb_desc *tcb_desc = (cb_desc *)(skb->cb + MAX_DEV_ADDR_SIZE);
8fc8598e
JC		 310 struct blkcipher_desc desc = {.tfm = tkey->tx_tfm_arc4};
311 int ret = 0;
8fc8598e
JC		 312 u8 rc4key[16], *icv;
313 u32 crc;
314 struct scatterlist sg;
315
316 if (skb_headroom(skb) < 8 || skb_tailroom(skb) < 4 ||
317 skb->len < hdr_len)
318 return -1;
319
5c2918a5 320 hdr = (struct rtl_80211_hdr_4addr *) skb->data;
8fc8598e 321
840a121e 322 if (!tcb_desc->bHwSec) {
8fc8598e
JC		 323 if (!tkey->tx_phase1_done) {
324 tkip_mixing_phase1(tkey->tx_ttak, tkey->key, hdr->addr2,
7bdb7d55 325 tkey->tx_iv32);
8fc8598e
JC		 326 tkey->tx_phase1_done = 1;
327 }
328 tkip_mixing_phase2(rc4key, tkey->key, tkey->tx_ttak, tkey->tx_iv16);
df58f2b9 329 } else
7bdb7d55 330 tkey->tx_phase1_done = 1;
8fc8598e
JC		 331
332
333 len = skb->len - hdr_len;
334 pos = skb_push(skb, 8);
335 memmove(pos, pos + 8, hdr_len);
336 pos += hdr_len;
337
840a121e 338 if (tcb_desc->bHwSec) {
8fc8598e
JC		 339 *pos++ = Hi8(tkey->tx_iv16);
340 *pos++ = (Hi8(tkey->tx_iv16) | 0x20) & 0x7F;
341 *pos++ = Lo8(tkey->tx_iv16);
df58f2b9 342 } else {
8fc8598e
JC		 343 *pos++ = rc4key[0];
344 *pos++ = rc4key[1];
345 *pos++ = rc4key[2];
346 }
347
348 *pos++ = (tkey->key_idx << 6) | (1 << 5) /* Ext IV included */;
349 *pos++ = tkey->tx_iv32 & 0xff;
350 *pos++ = (tkey->tx_iv32 >> 8) & 0xff;
351 *pos++ = (tkey->tx_iv32 >> 16) & 0xff;
352 *pos++ = (tkey->tx_iv32 >> 24) & 0xff;
353
840a121e 354 if (!tcb_desc->bHwSec) {
8fc8598e 355 icv = skb_put(skb, 4);
8fc8598e 356 crc = ~crc32_le(~0, pos, len);
8fc8598e
JC		 357 icv[0] = crc;
358 icv[1] = crc >> 8;
359 icv[2] = crc >> 16;
360 icv[3] = crc >> 24;
8fc8598e 361 crypto_blkcipher_setkey(tkey->tx_tfm_arc4, rc4key, 16);
8fc8598e 362 sg_init_one(&sg, pos, len+4);
a4255e7c 363 ret = crypto_blkcipher_encrypt(&desc, &sg, &sg, len + 4);
8fc8598e
JC		 364 }
365
366 tkey->tx_iv16++;
367 if (tkey->tx_iv16 == 0) {
368 tkey->tx_phase1_done = 0;
369 tkey->tx_iv32++;
370 }
371
372 if (!tcb_desc->bHwSec)
8fc8598e 373 return ret;
8fc8598e 374 else
e406322b 375 return 0;
8fc8598e
JC		 376
377
378}
379
380static int ieee80211_tkip_decrypt(struct sk_buff *skb, int hdr_len, void *priv)
381{
382 struct ieee80211_tkip_data *tkey = priv;
383 u8 keyidx, *pos;
384 u32 iv32;
385 u16 iv16;
5c2918a5 386 struct rtl_80211_hdr_4addr *hdr;
8fc8598e 387 cb_desc *tcb_desc = (cb_desc *)(skb->cb + MAX_DEV_ADDR_SIZE);
8fc8598e 388 struct blkcipher_desc desc = {.tfm = tkey->rx_tfm_arc4};
8fc8598e
JC		 389 u8 rc4key[16];
390 u8 icv[4];
391 u32 crc;
392 struct scatterlist sg;
393 int plen;
394 if (skb->len < hdr_len + 8 + 4)
395 return -1;
396
5c2918a5 397 hdr = (struct rtl_80211_hdr_4addr *) skb->data;
8fc8598e
JC		 398 pos = skb->data + hdr_len;
399 keyidx = pos[3];
400 if (!(keyidx & (1 << 5))) {
401 if (net_ratelimit()) {
402 printk(KERN_DEBUG "TKIP: received packet without ExtIV"
0ee9f67c 403 " flag from %pM\n", hdr->addr2);
8fc8598e
JC		 404 }
405 return -2;
406 }
407 keyidx >>= 6;
408 if (tkey->key_idx != keyidx) {
409 printk(KERN_DEBUG "TKIP: RX tkey->key_idx=%d frame "
410 "keyidx=%d priv=%p\n", tkey->key_idx, keyidx, priv);
411 return -6;
412 }
413 if (!tkey->key_set) {
414 if (net_ratelimit()) {
0ee9f67c 415 printk(KERN_DEBUG "TKIP: received packet from %pM"
8fc8598e 416 " with keyid=%d that does not have a configured"
0ee9f67c 417 " key\n", hdr->addr2, keyidx);
8fc8598e
JC		 418 }
419 return -3;
420 }
421 iv16 = (pos[0] << 8) | pos[2];
422 iv32 = pos[4] | (pos[5] << 8) | (pos[6] << 16) | (pos[7] << 24);
423 pos += 8;
424
840a121e 425 if (!tcb_desc->bHwSec) {
8fc8598e
JC		 426 if (iv32 < tkey->rx_iv32 ||
427 (iv32 == tkey->rx_iv32 && iv16 <= tkey->rx_iv16)) {
428 if (net_ratelimit()) {
0ee9f67c 429 printk(KERN_DEBUG "TKIP: replay detected: STA=%pM"
8fc8598e 430 " previous TSC %08x%04x received TSC "
0ee9f67c 431 "%08x%04x\n", hdr->addr2,
8fc8598e
JC		 432 tkey->rx_iv32, tkey->rx_iv16, iv32, iv16);
433 }
434 tkey->dot11RSNAStatsTKIPReplays++;
435 return -4;
436 }
437
438 if (iv32 != tkey->rx_iv32 || !tkey->rx_phase1_done) {
439 tkip_mixing_phase1(tkey->rx_ttak, tkey->key, hdr->addr2, iv32);
440 tkey->rx_phase1_done = 1;
441 }
442 tkip_mixing_phase2(rc4key, tkey->key, tkey->rx_ttak, iv16);
443
444 plen = skb->len - hdr_len - 12;
445
8fc8598e 446 crypto_blkcipher_setkey(tkey->rx_tfm_arc4, rc4key, 16);
8fc8598e 447 sg_init_one(&sg, pos, plen+4);
f61fb935 448
8fc8598e
JC		 449 if (crypto_blkcipher_decrypt(&desc, &sg, &sg, plen + 4)) {
450 if (net_ratelimit()) {
451 printk(KERN_DEBUG ": TKIP: failed to decrypt "
0ee9f67c
JP		 452 "received packet from %pM\n",
453 hdr->addr2);
8fc8598e
JC		 454 }
455 return -7;
456 }
8fc8598e 457
8fc8598e 458 crc = ~crc32_le(~0, pos, plen);
8fc8598e
JC		 459 icv[0] = crc;
460 icv[1] = crc >> 8;
461 icv[2] = crc >> 16;
462 icv[3] = crc >> 24;
463
464 if (memcmp(icv, pos + plen, 4) != 0) {
465 if (iv32 != tkey->rx_iv32) {
466 /* Previously cached Phase1 result was already lost, so
467 * it needs to be recalculated for the next packet. */
468 tkey->rx_phase1_done = 0;
469 }
470 if (net_ratelimit()) {
471 printk(KERN_DEBUG "TKIP: ICV error detected: STA="
0ee9f67c 472 "%pM\n", hdr->addr2);
8fc8598e
JC		 473 }
474 tkey->dot11RSNAStatsTKIPICVErrors++;
475 return -5;
476 }
477
478 }
479
480 /* Update real counters only after Michael MIC verification has
481 * completed */
482 tkey->rx_iv32_new = iv32;
483 tkey->rx_iv16_new = iv16;
484
485 /* Remove IV and ICV */
486 memmove(skb->data + 8, skb->data, hdr_len);
487 skb_pull(skb, 8);
488 skb_trim(skb, skb->len - 4);
489
8fc8598e
JC		 490 return keyidx;
491}
492
8acfd58a
XR		 493static int michael_mic(struct crypto_hash *tfm_michael, u8 *key, u8 *hdr,
494 u8 *data, size_t data_len, u8 *mic)
8fc8598e 495{
e406322b
MCC		 496 struct hash_desc desc;
497 struct scatterlist sg[2];
8fc8598e 498
e406322b
MCC		 499 if (tfm_michael == NULL) {
500 printk(KERN_WARNING "michael_mic: tfm_michael == NULL\n");
501 return -1;
502 }
f61fb935 503
e406322b
MCC		 504 sg_init_table(sg, 2);
505 sg_set_buf(&sg[0], hdr, 16);
506 sg_set_buf(&sg[1], data, data_len);
8fc8598e 507
e406322b
MCC		 508 if (crypto_hash_setkey(tfm_michael, key, 8))
509 return -1;
8fc8598e 510
e406322b
MCC		 511 desc.tfm = tfm_michael;
512 desc.flags = 0;
513 return crypto_hash_digest(&desc, sg, data_len + 16, mic);
8fc8598e 514}
8fc8598e
JC		 515
516static void michael_mic_hdr(struct sk_buff *skb, u8 *hdr)
517{
5c2918a5 518 struct rtl_80211_hdr_4addr *hdr11;
8fc8598e 519
5c2918a5 520 hdr11 = (struct rtl_80211_hdr_4addr *) skb->data;
8fc8598e
JC		 521 switch (le16_to_cpu(hdr11->frame_ctl) &
522 (IEEE80211_FCTL_FROMDS | IEEE80211_FCTL_TODS)) {
523 case IEEE80211_FCTL_TODS:
524 memcpy(hdr, hdr11->addr3, ETH_ALEN); /* DA */
525 memcpy(hdr + ETH_ALEN, hdr11->addr2, ETH_ALEN); /* SA */
526 break;
527 case IEEE80211_FCTL_FROMDS:
528 memcpy(hdr, hdr11->addr1, ETH_ALEN); /* DA */
529 memcpy(hdr + ETH_ALEN, hdr11->addr3, ETH_ALEN); /* SA */
530 break;
531 case IEEE80211_FCTL_FROMDS | IEEE80211_FCTL_TODS:
532 memcpy(hdr, hdr11->addr3, ETH_ALEN); /* DA */
533 memcpy(hdr + ETH_ALEN, hdr11->addr4, ETH_ALEN); /* SA */
534 break;
535 case 0:
536 memcpy(hdr, hdr11->addr1, ETH_ALEN); /* DA */
537 memcpy(hdr + ETH_ALEN, hdr11->addr2, ETH_ALEN); /* SA */
538 break;
539 }
540
541 hdr[12] = 0; /* priority */
542
543 hdr[13] = hdr[14] = hdr[15] = 0; /* reserved */
544}
545
546
547static int ieee80211_michael_mic_add(struct sk_buff *skb, int hdr_len, void *priv)
548{
549 struct ieee80211_tkip_data *tkey = priv;
550 u8 *pos;
5c2918a5 551 struct rtl_80211_hdr_4addr *hdr;
8fc8598e 552
5c2918a5 553 hdr = (struct rtl_80211_hdr_4addr *) skb->data;
8fc8598e
JC		 554
555 if (skb_tailroom(skb) < 8 || skb->len < hdr_len) {
556 printk(KERN_DEBUG "Invalid packet for Michael MIC add "
557 "(tailroom=%d hdr_len=%d skb->len=%d)\n",
558 skb_tailroom(skb), hdr_len, skb->len);
559 return -1;
560 }
561
562 michael_mic_hdr(skb, tkey->tx_hdr);
563
564 // { david, 2006.9.1
565 // fix the wpa process with wmm enabled.
65ed40dd 566 if (IEEE80211_QOS_HAS_SEQ(le16_to_cpu(hdr->frame_ctl))) {
8fc8598e
JC		 567 tkey->tx_hdr[12] = *(skb->data + hdr_len - 2) & 0x07;
568 }
569 // }
570 pos = skb_put(skb, 8);
f61fb935 571
8fc8598e
JC		 572 if (michael_mic(tkey->tx_tfm_michael, &tkey->key[16], tkey->tx_hdr,
573 skb->data + hdr_len, skb->len - 8 - hdr_len, pos))
8fc8598e
JC		 574 return -1;
575
576 return 0;
577}
578
8fc8598e 579static void ieee80211_michael_mic_failure(struct net_device *dev,
5c2918a5 580 struct rtl_80211_hdr_4addr *hdr,
8fc8598e
JC		 581 int keyidx)
582{
583 union iwreq_data wrqu;
584 struct iw_michaelmicfailure ev;
585
586 /* TODO: needed parameters: count, keyid, key type, TSC */
587 memset(&ev, 0, sizeof(ev));
588 ev.flags = keyidx & IW_MICFAILURE_KEY_ID;
589 if (hdr->addr1[0] & 0x01)
590 ev.flags |= IW_MICFAILURE_GROUP;
591 else
592 ev.flags |= IW_MICFAILURE_PAIRWISE;
593 ev.src_addr.sa_family = ARPHRD_ETHER;
594 memcpy(ev.src_addr.sa_data, hdr->addr2, ETH_ALEN);
595 memset(&wrqu, 0, sizeof(wrqu));
596 wrqu.data.length = sizeof(ev);
597 wireless_send_event(dev, IWEVMICHAELMICFAILURE, &wrqu, (char *) &ev);
598}
8fc8598e
JC		 599
600static int ieee80211_michael_mic_verify(struct sk_buff *skb, int keyidx,
7bdb7d55 601 int hdr_len, void *priv)
8fc8598e
JC		 602{
603 struct ieee80211_tkip_data *tkey = priv;
604 u8 mic[8];
5c2918a5 605 struct rtl_80211_hdr_4addr *hdr;
8fc8598e 606
5c2918a5 607 hdr = (struct rtl_80211_hdr_4addr *) skb->data;
8fc8598e
JC		 608
609 if (!tkey->key_set)
610 return -1;
611
612 michael_mic_hdr(skb, tkey->rx_hdr);
613 // { david, 2006.9.1
614 // fix the wpa process with wmm enabled.
65ed40dd 615 if (IEEE80211_QOS_HAS_SEQ(le16_to_cpu(hdr->frame_ctl))) {
8fc8598e
JC		 616 tkey->rx_hdr[12] = *(skb->data + hdr_len - 2) & 0x07;
617 }
618 // }
619
8fc8598e 620 if (michael_mic(tkey->rx_tfm_michael, &tkey->key[24], tkey->rx_hdr,
7bdb7d55 621 skb->data + hdr_len, skb->len - 8 - hdr_len, mic))
e406322b 622 return -1;
8fc8598e 623 if (memcmp(mic, skb->data + skb->len - 8, 8) != 0) {
5c2918a5
PG		 624 struct rtl_80211_hdr_4addr *hdr;
625 hdr = (struct rtl_80211_hdr_4addr *) skb->data;
8fc8598e 626 printk(KERN_DEBUG "%s: Michael MIC verification failed for "
0ee9f67c
JP		 627 "MSDU from %pM keyidx=%d\n",
628 skb->dev ? skb->dev->name : "N/A", hdr->addr2,
8fc8598e
JC		 629 keyidx);
630 if (skb->dev)
631 ieee80211_michael_mic_failure(skb->dev, hdr, keyidx);
632 tkey->dot11RSNAStatsTKIPLocalMICFailures++;
633 return -1;
634 }
635
636 /* Update TSC counters for RX now that the packet verification has
637 * completed. */
638 tkey->rx_iv32 = tkey->rx_iv32_new;
639 tkey->rx_iv16 = tkey->rx_iv16_new;
640
641 skb_trim(skb, skb->len - 8);
642
643 return 0;
644}
645
646
647static int ieee80211_tkip_set_key(void *key, int len, u8 *seq, void *priv)
648{
649 struct ieee80211_tkip_data *tkey = priv;
650 int keyidx;
8fc8598e
JC		 651 struct crypto_hash *tfm = tkey->tx_tfm_michael;
652 struct crypto_blkcipher *tfm2 = tkey->tx_tfm_arc4;
653 struct crypto_hash *tfm3 = tkey->rx_tfm_michael;
654 struct crypto_blkcipher *tfm4 = tkey->rx_tfm_arc4;
8fc8598e
JC		 655
656 keyidx = tkey->key_idx;
657 memset(tkey, 0, sizeof(*tkey));
658 tkey->key_idx = keyidx;
8fc8598e
JC		 659 tkey->tx_tfm_michael = tfm;
660 tkey->tx_tfm_arc4 = tfm2;
661 tkey->rx_tfm_michael = tfm3;
662 tkey->rx_tfm_arc4 = tfm4;
8fc8598e
JC		 663
664 if (len == TKIP_KEY_LEN) {
665 memcpy(tkey->key, key, TKIP_KEY_LEN);
666 tkey->key_set = 1;
667 tkey->tx_iv16 = 1; /* TSC is initialized to 1 */
668 if (seq) {
669 tkey->rx_iv32 = (seq[5] << 24) | (seq[4] << 16) |
670 (seq[3] << 8) | seq[2];
671 tkey->rx_iv16 = (seq[1] << 8) | seq[0];
672 }
673 } else if (len == 0)
674 tkey->key_set = 0;
675 else
676 return -1;
677
678 return 0;
679}
680
681
682static int ieee80211_tkip_get_key(void *key, int len, u8 *seq, void *priv)
683{
684 struct ieee80211_tkip_data *tkey = priv;
685
686 if (len < TKIP_KEY_LEN)
687 return -1;
688
689 if (!tkey->key_set)
690 return 0;
691 memcpy(key, tkey->key, TKIP_KEY_LEN);
692
693 if (seq) {
694 /* Return the sequence number of the last transmitted frame. */
695 u16 iv16 = tkey->tx_iv16;
696 u32 iv32 = tkey->tx_iv32;
697 if (iv16 == 0)
698 iv32--;
699 iv16--;
700 seq[0] = tkey->tx_iv16;
701 seq[1] = tkey->tx_iv16 >> 8;
702 seq[2] = tkey->tx_iv32;
703 seq[3] = tkey->tx_iv32 >> 8;
704 seq[4] = tkey->tx_iv32 >> 16;
705 seq[5] = tkey->tx_iv32 >> 24;
706 }
707
708 return TKIP_KEY_LEN;
709}
710
711
8acfd58a 712static char *ieee80211_tkip_print_stats(char *p, void *priv)
8fc8598e
JC		 713{
714 struct ieee80211_tkip_data *tkip = priv;
715 p += sprintf(p, "key[%d] alg=TKIP key_set=%d "
716 "tx_pn=%02x%02x%02x%02x%02x%02x "
717 "rx_pn=%02x%02x%02x%02x%02x%02x "
718 "replays=%d icv_errors=%d local_mic_failures=%d\n",
719 tkip->key_idx, tkip->key_set,
720 (tkip->tx_iv32 >> 24) & 0xff,
721 (tkip->tx_iv32 >> 16) & 0xff,
722 (tkip->tx_iv32 >> 8) & 0xff,
723 tkip->tx_iv32 & 0xff,
724 (tkip->tx_iv16 >> 8) & 0xff,
725 tkip->tx_iv16 & 0xff,
726 (tkip->rx_iv32 >> 24) & 0xff,
727 (tkip->rx_iv32 >> 16) & 0xff,
728 (tkip->rx_iv32 >> 8) & 0xff,
729 tkip->rx_iv32 & 0xff,
730 (tkip->rx_iv16 >> 8) & 0xff,
731 tkip->rx_iv16 & 0xff,
732 tkip->dot11RSNAStatsTKIPReplays,
733 tkip->dot11RSNAStatsTKIPICVErrors,
734 tkip->dot11RSNAStatsTKIPLocalMICFailures);
735 return p;
736}
737
738
739static struct ieee80211_crypto_ops ieee80211_crypt_tkip = {
740 .name = "TKIP",
741 .init = ieee80211_tkip_init,
742 .deinit = ieee80211_tkip_deinit,
743 .encrypt_mpdu = ieee80211_tkip_encrypt,
744 .decrypt_mpdu = ieee80211_tkip_decrypt,
745 .encrypt_msdu = ieee80211_michael_mic_add,
746 .decrypt_msdu = ieee80211_michael_mic_verify,
747 .set_key = ieee80211_tkip_set_key,
748 .get_key = ieee80211_tkip_get_key,
749 .print_stats = ieee80211_tkip_print_stats,
750 .extra_prefix_len = 4 + 4, /* IV + ExtIV */
751 .extra_postfix_len = 8 + 4, /* MIC + ICV */
e406322b 752 .owner = THIS_MODULE,
8fc8598e
JC		 753};
754
f61fb935 755int __init ieee80211_crypto_tkip_init(void)
8fc8598e
JC		 756{
757 return ieee80211_register_crypto_ops(&ieee80211_crypt_tkip);
758}
759
f61fb935 760void __exit ieee80211_crypto_tkip_exit(void)
8fc8598e
JC		 761{
762 ieee80211_unregister_crypto_ops(&ieee80211_crypt_tkip);
763}
764
765void ieee80211_tkip_null(void)
766{
f8628a47 767// printk("============>%s()\n", __func__);
e406322b 768 return;
8fc8598e 769}
Linux 6.x block layer and io_uring tree(s)