1 // SPDX-License-Identifier: GPL-2.0
3 * Host AP crypt: host-based TKIP encryption implementation for Host AP driver
5 * Copyright (c) 2003-2004, Jouni Malinen <jkmaline@cc.hut.fi>
8 #include <linux/module.h>
9 #include <linux/init.h>
10 #include <linux/slab.h>
11 #include <linux/random.h>
12 #include <linux/skbuff.h>
13 #include <linux/netdevice.h>
14 #include <linux/if_ether.h>
15 #include <linux/if_arp.h>
16 #include <linux/string.h>
18 #include "ieee80211.h"
20 #include <crypto/hash.h>
21 #include <crypto/skcipher.h>
22 #include <linux/scatterlist.h>
23 #include <linux/crc32.h>
25 MODULE_AUTHOR("Jouni Malinen");
26 MODULE_DESCRIPTION("Host AP crypt: TKIP");
27 MODULE_LICENSE("GPL");
29 struct ieee80211_tkip_data {
30 #define TKIP_KEY_LEN 32
46 u32 dot11RSNAStatsTKIPReplays;
47 u32 dot11RSNAStatsTKIPICVErrors;
48 u32 dot11RSNAStatsTKIPLocalMICFailures;
52 struct crypto_sync_skcipher *rx_tfm_arc4;
53 struct crypto_shash *rx_tfm_michael;
54 struct crypto_sync_skcipher *tx_tfm_arc4;
55 struct crypto_shash *tx_tfm_michael;
57 /* scratch buffers for virt_to_page() (crypto API) */
58 u8 rx_hdr[16], tx_hdr[16];
61 static void *ieee80211_tkip_init(int key_idx)
63 struct ieee80211_tkip_data *priv;
65 priv = kzalloc(sizeof(*priv), GFP_KERNEL);
68 priv->key_idx = key_idx;
70 priv->tx_tfm_arc4 = crypto_alloc_sync_skcipher("ecb(arc4)", 0, 0);
71 if (IS_ERR(priv->tx_tfm_arc4)) {
72 printk(KERN_DEBUG "ieee80211_crypt_tkip: could not allocate "
74 priv->tx_tfm_arc4 = NULL;
78 priv->tx_tfm_michael = crypto_alloc_shash("michael_mic", 0, 0);
79 if (IS_ERR(priv->tx_tfm_michael)) {
80 printk(KERN_DEBUG "ieee80211_crypt_tkip: could not allocate "
81 "crypto API michael_mic\n");
82 priv->tx_tfm_michael = NULL;
86 priv->rx_tfm_arc4 = crypto_alloc_sync_skcipher("ecb(arc4)", 0, 0);
87 if (IS_ERR(priv->rx_tfm_arc4)) {
88 printk(KERN_DEBUG "ieee80211_crypt_tkip: could not allocate "
90 priv->rx_tfm_arc4 = NULL;
94 priv->rx_tfm_michael = crypto_alloc_shash("michael_mic", 0, 0);
95 if (IS_ERR(priv->rx_tfm_michael)) {
96 printk(KERN_DEBUG "ieee80211_crypt_tkip: could not allocate "
97 "crypto API michael_mic\n");
98 priv->rx_tfm_michael = NULL;
106 crypto_free_shash(priv->tx_tfm_michael);
107 crypto_free_sync_skcipher(priv->tx_tfm_arc4);
108 crypto_free_shash(priv->rx_tfm_michael);
109 crypto_free_sync_skcipher(priv->rx_tfm_arc4);
117 static void ieee80211_tkip_deinit(void *priv)
119 struct ieee80211_tkip_data *_priv = priv;
122 crypto_free_shash(_priv->tx_tfm_michael);
123 crypto_free_sync_skcipher(_priv->tx_tfm_arc4);
124 crypto_free_shash(_priv->rx_tfm_michael);
125 crypto_free_sync_skcipher(_priv->rx_tfm_arc4);
131 static inline u16 RotR1(u16 val)
133 return (val >> 1) | (val << 15);
137 static inline u8 Lo8(u16 val)
143 static inline u8 Hi8(u16 val)
149 static inline u16 Lo16(u32 val)
155 static inline u16 Hi16(u32 val)
161 static inline u16 Mk16(u8 hi, u8 lo)
163 return lo | (((u16)hi) << 8);
166 static const u16 Sbox[256] = {
167 0xC6A5, 0xF884, 0xEE99, 0xF68D, 0xFF0D, 0xD6BD, 0xDEB1, 0x9154,
168 0x6050, 0x0203, 0xCEA9, 0x567D, 0xE719, 0xB562, 0x4DE6, 0xEC9A,
169 0x8F45, 0x1F9D, 0x8940, 0xFA87, 0xEF15, 0xB2EB, 0x8EC9, 0xFB0B,
170 0x41EC, 0xB367, 0x5FFD, 0x45EA, 0x23BF, 0x53F7, 0xE496, 0x9B5B,
171 0x75C2, 0xE11C, 0x3DAE, 0x4C6A, 0x6C5A, 0x7E41, 0xF502, 0x834F,
172 0x685C, 0x51F4, 0xD134, 0xF908, 0xE293, 0xAB73, 0x6253, 0x2A3F,
173 0x080C, 0x9552, 0x4665, 0x9D5E, 0x3028, 0x37A1, 0x0A0F, 0x2FB5,
174 0x0E09, 0x2436, 0x1B9B, 0xDF3D, 0xCD26, 0x4E69, 0x7FCD, 0xEA9F,
175 0x121B, 0x1D9E, 0x5874, 0x342E, 0x362D, 0xDCB2, 0xB4EE, 0x5BFB,
176 0xA4F6, 0x764D, 0xB761, 0x7DCE, 0x527B, 0xDD3E, 0x5E71, 0x1397,
177 0xA6F5, 0xB968, 0x0000, 0xC12C, 0x4060, 0xE31F, 0x79C8, 0xB6ED,
178 0xD4BE, 0x8D46, 0x67D9, 0x724B, 0x94DE, 0x98D4, 0xB0E8, 0x854A,
179 0xBB6B, 0xC52A, 0x4FE5, 0xED16, 0x86C5, 0x9AD7, 0x6655, 0x1194,
180 0x8ACF, 0xE910, 0x0406, 0xFE81, 0xA0F0, 0x7844, 0x25BA, 0x4BE3,
181 0xA2F3, 0x5DFE, 0x80C0, 0x058A, 0x3FAD, 0x21BC, 0x7048, 0xF104,
182 0x63DF, 0x77C1, 0xAF75, 0x4263, 0x2030, 0xE51A, 0xFD0E, 0xBF6D,
183 0x814C, 0x1814, 0x2635, 0xC32F, 0xBEE1, 0x35A2, 0x88CC, 0x2E39,
184 0x9357, 0x55F2, 0xFC82, 0x7A47, 0xC8AC, 0xBAE7, 0x322B, 0xE695,
185 0xC0A0, 0x1998, 0x9ED1, 0xA37F, 0x4466, 0x547E, 0x3BAB, 0x0B83,
186 0x8CCA, 0xC729, 0x6BD3, 0x283C, 0xA779, 0xBCE2, 0x161D, 0xAD76,
187 0xDB3B, 0x6456, 0x744E, 0x141E, 0x92DB, 0x0C0A, 0x486C, 0xB8E4,
188 0x9F5D, 0xBD6E, 0x43EF, 0xC4A6, 0x39A8, 0x31A4, 0xD337, 0xF28B,
189 0xD532, 0x8B43, 0x6E59, 0xDAB7, 0x018C, 0xB164, 0x9CD2, 0x49E0,
190 0xD8B4, 0xACFA, 0xF307, 0xCF25, 0xCAAF, 0xF48E, 0x47E9, 0x1018,
191 0x6FD5, 0xF088, 0x4A6F, 0x5C72, 0x3824, 0x57F1, 0x73C7, 0x9751,
192 0xCB23, 0xA17C, 0xE89C, 0x3E21, 0x96DD, 0x61DC, 0x0D86, 0x0F85,
193 0xE090, 0x7C42, 0x71C4, 0xCCAA, 0x90D8, 0x0605, 0xF701, 0x1C12,
194 0xC2A3, 0x6A5F, 0xAEF9, 0x69D0, 0x1791, 0x9958, 0x3A27, 0x27B9,
195 0xD938, 0xEB13, 0x2BB3, 0x2233, 0xD2BB, 0xA970, 0x0789, 0x33A7,
196 0x2DB6, 0x3C22, 0x1592, 0xC920, 0x8749, 0xAAFF, 0x5078, 0xA57A,
197 0x038F, 0x59F8, 0x0980, 0x1A17, 0x65DA, 0xD731, 0x84C6, 0xD0B8,
198 0x82C3, 0x29B0, 0x5A77, 0x1E11, 0x7BCB, 0xA8FC, 0x6DD6, 0x2C3A,
202 static inline u16 _S_(u16 v)
204 u16 t = Sbox[Hi8(v)];
205 return Sbox[Lo8(v)] ^ ((t << 8) | (t >> 8));
209 #define PHASE1_LOOP_COUNT 8
212 static void tkip_mixing_phase1(u16 *TTAK, const u8 *TK, const u8 *TA, u32 IV32)
216 /* Initialize the 80-bit TTAK from TSC (IV32) and TA[0..5] */
217 TTAK[0] = Lo16(IV32);
218 TTAK[1] = Hi16(IV32);
219 TTAK[2] = Mk16(TA[1], TA[0]);
220 TTAK[3] = Mk16(TA[3], TA[2]);
221 TTAK[4] = Mk16(TA[5], TA[4]);
223 for (i = 0; i < PHASE1_LOOP_COUNT; i++) {
225 TTAK[0] += _S_(TTAK[4] ^ Mk16(TK[1 + j], TK[0 + j]));
226 TTAK[1] += _S_(TTAK[0] ^ Mk16(TK[5 + j], TK[4 + j]));
227 TTAK[2] += _S_(TTAK[1] ^ Mk16(TK[9 + j], TK[8 + j]));
228 TTAK[3] += _S_(TTAK[2] ^ Mk16(TK[13 + j], TK[12 + j]));
229 TTAK[4] += _S_(TTAK[3] ^ Mk16(TK[1 + j], TK[0 + j])) + i;
234 static void tkip_mixing_phase2(u8 *WEPSeed, const u8 *TK, const u16 *TTAK,
238 * Make temporary area overlap WEP seed so that the final copy can be
239 * avoided on little endian hosts.
241 u16 *PPK = (u16 *)&WEPSeed[4];
243 /* Step 1 - make copy of TTAK and bring in TSC */
249 PPK[5] = TTAK[4] + IV16;
251 /* Step 2 - 96-bit bijective mixing using S-box */
252 PPK[0] += _S_(PPK[5] ^ le16_to_cpu(*(__le16 *)(&TK[0])));
253 PPK[1] += _S_(PPK[0] ^ le16_to_cpu(*(__le16 *)(&TK[2])));
254 PPK[2] += _S_(PPK[1] ^ le16_to_cpu(*(__le16 *)(&TK[4])));
255 PPK[3] += _S_(PPK[2] ^ le16_to_cpu(*(__le16 *)(&TK[6])));
256 PPK[4] += _S_(PPK[3] ^ le16_to_cpu(*(__le16 *)(&TK[8])));
257 PPK[5] += _S_(PPK[4] ^ le16_to_cpu(*(__le16 *)(&TK[10])));
259 PPK[0] += RotR1(PPK[5] ^ le16_to_cpu(*(__le16 *)(&TK[12])));
260 PPK[1] += RotR1(PPK[0] ^ le16_to_cpu(*(__le16 *)(&TK[14])));
261 PPK[2] += RotR1(PPK[1]);
262 PPK[3] += RotR1(PPK[2]);
263 PPK[4] += RotR1(PPK[3]);
264 PPK[5] += RotR1(PPK[4]);
267 * Step 3 - bring in last of TK bits, assign 24-bit WEP IV value
268 * WEPSeed[0..2] is transmitted as WEP IV
270 WEPSeed[0] = Hi8(IV16);
271 WEPSeed[1] = (Hi8(IV16) | 0x20) & 0x7F;
272 WEPSeed[2] = Lo8(IV16);
273 WEPSeed[3] = Lo8((PPK[5] ^ le16_to_cpu(*(__le16 *)(&TK[0]))) >> 1);
279 for (i = 0; i < 6; i++)
280 PPK[i] = (PPK[i] << 8) | (PPK[i] >> 8);
286 static int ieee80211_tkip_encrypt(struct sk_buff *skb, int hdr_len, void *priv)
288 struct ieee80211_tkip_data *tkey = priv;
291 struct rtl_80211_hdr_4addr *hdr;
292 struct cb_desc *tcb_desc = (struct cb_desc *)(skb->cb + MAX_DEV_ADDR_SIZE);
296 struct scatterlist sg;
298 if (skb_headroom(skb) < 8 || skb_tailroom(skb) < 4 ||
302 hdr = (struct rtl_80211_hdr_4addr *)skb->data;
304 if (!tcb_desc->bHwSec) {
305 if (!tkey->tx_phase1_done) {
306 tkip_mixing_phase1(tkey->tx_ttak, tkey->key, hdr->addr2,
308 tkey->tx_phase1_done = 1;
310 tkip_mixing_phase2(rc4key, tkey->key, tkey->tx_ttak, tkey->tx_iv16);
312 tkey->tx_phase1_done = 1;
315 len = skb->len - hdr_len;
316 pos = skb_push(skb, 8);
317 memmove(pos, pos + 8, hdr_len);
320 if (tcb_desc->bHwSec) {
321 *pos++ = Hi8(tkey->tx_iv16);
322 *pos++ = (Hi8(tkey->tx_iv16) | 0x20) & 0x7F;
323 *pos++ = Lo8(tkey->tx_iv16);
330 *pos++ = (tkey->key_idx << 6) | BIT(5) /* Ext IV included */;
331 *pos++ = tkey->tx_iv32 & 0xff;
332 *pos++ = (tkey->tx_iv32 >> 8) & 0xff;
333 *pos++ = (tkey->tx_iv32 >> 16) & 0xff;
334 *pos++ = (tkey->tx_iv32 >> 24) & 0xff;
336 if (!tcb_desc->bHwSec) {
337 SYNC_SKCIPHER_REQUEST_ON_STACK(req, tkey->tx_tfm_arc4);
339 icv = skb_put(skb, 4);
340 crc = ~crc32_le(~0, pos, len);
345 crypto_sync_skcipher_setkey(tkey->tx_tfm_arc4, rc4key, 16);
346 sg_init_one(&sg, pos, len + 4);
347 skcipher_request_set_sync_tfm(req, tkey->tx_tfm_arc4);
348 skcipher_request_set_callback(req, 0, NULL, NULL);
349 skcipher_request_set_crypt(req, &sg, &sg, len + 4, NULL);
350 ret = crypto_skcipher_encrypt(req);
351 skcipher_request_zero(req);
355 if (tkey->tx_iv16 == 0) {
356 tkey->tx_phase1_done = 0;
360 if (!tcb_desc->bHwSec)
368 static int ieee80211_tkip_decrypt(struct sk_buff *skb, int hdr_len, void *priv)
370 struct ieee80211_tkip_data *tkey = priv;
374 struct rtl_80211_hdr_4addr *hdr;
375 struct cb_desc *tcb_desc = (struct cb_desc *)(skb->cb + MAX_DEV_ADDR_SIZE);
379 struct scatterlist sg;
383 if (skb->len < hdr_len + 8 + 4)
386 hdr = (struct rtl_80211_hdr_4addr *)skb->data;
387 pos = skb->data + hdr_len;
389 if (!(keyidx & BIT(5))) {
390 if (net_ratelimit()) {
391 netdev_dbg(skb->dev, "TKIP: received packet without ExtIV"
392 " flag from %pM\n", hdr->addr2);
397 if (tkey->key_idx != keyidx) {
398 netdev_dbg(skb->dev, "TKIP: RX tkey->key_idx=%d frame "
399 "keyidx=%d priv=%p\n", tkey->key_idx, keyidx, priv);
402 if (!tkey->key_set) {
403 if (net_ratelimit()) {
404 netdev_dbg(skb->dev, "TKIP: received packet from %pM"
405 " with keyid=%d that does not have a configured"
406 " key\n", hdr->addr2, keyidx);
410 iv16 = (pos[0] << 8) | pos[2];
411 iv32 = pos[4] | (pos[5] << 8) | (pos[6] << 16) | (pos[7] << 24);
414 if (!tcb_desc->bHwSec) {
415 SYNC_SKCIPHER_REQUEST_ON_STACK(req, tkey->rx_tfm_arc4);
417 if (iv32 < tkey->rx_iv32 ||
418 (iv32 == tkey->rx_iv32 && iv16 <= tkey->rx_iv16)) {
419 if (net_ratelimit()) {
420 netdev_dbg(skb->dev, "TKIP: replay detected: STA=%pM"
421 " previous TSC %08x%04x received TSC "
422 "%08x%04x\n", hdr->addr2,
423 tkey->rx_iv32, tkey->rx_iv16, iv32, iv16);
425 tkey->dot11RSNAStatsTKIPReplays++;
429 if (iv32 != tkey->rx_iv32 || !tkey->rx_phase1_done) {
430 tkip_mixing_phase1(tkey->rx_ttak, tkey->key, hdr->addr2, iv32);
431 tkey->rx_phase1_done = 1;
433 tkip_mixing_phase2(rc4key, tkey->key, tkey->rx_ttak, iv16);
435 plen = skb->len - hdr_len - 12;
437 crypto_sync_skcipher_setkey(tkey->rx_tfm_arc4, rc4key, 16);
438 sg_init_one(&sg, pos, plen + 4);
440 skcipher_request_set_sync_tfm(req, tkey->rx_tfm_arc4);
441 skcipher_request_set_callback(req, 0, NULL, NULL);
442 skcipher_request_set_crypt(req, &sg, &sg, plen + 4, NULL);
444 err = crypto_skcipher_decrypt(req);
445 skcipher_request_zero(req);
447 if (net_ratelimit()) {
448 netdev_dbg(skb->dev, "TKIP: failed to decrypt "
449 "received packet from %pM\n",
455 crc = ~crc32_le(~0, pos, plen);
461 if (memcmp(icv, pos + plen, 4) != 0) {
462 if (iv32 != tkey->rx_iv32) {
464 * Previously cached Phase1 result was already
465 * lost, so it needs to be recalculated for the
468 tkey->rx_phase1_done = 0;
470 if (net_ratelimit()) {
471 netdev_dbg(skb->dev, "TKIP: ICV error detected: STA="
472 "%pM\n", hdr->addr2);
474 tkey->dot11RSNAStatsTKIPICVErrors++;
481 * Update real counters only after Michael MIC verification has
484 tkey->rx_iv32_new = iv32;
485 tkey->rx_iv16_new = iv16;
487 /* Remove IV and ICV */
488 memmove(skb->data + 8, skb->data, hdr_len);
490 skb_trim(skb, skb->len - 4);
495 static int michael_mic(struct crypto_shash *tfm_michael, u8 *key, u8 *hdr,
496 u8 *data, size_t data_len, u8 *mic)
498 SHASH_DESC_ON_STACK(desc, tfm_michael);
501 desc->tfm = tfm_michael;
503 if (crypto_shash_setkey(tfm_michael, key, 8))
506 err = crypto_shash_init(desc);
509 err = crypto_shash_update(desc, hdr, 16);
512 err = crypto_shash_update(desc, data, data_len);
515 err = crypto_shash_final(desc, mic);
518 shash_desc_zero(desc);
522 static void michael_mic_hdr(struct sk_buff *skb, u8 *hdr)
524 struct rtl_80211_hdr_4addr *hdr11;
526 hdr11 = (struct rtl_80211_hdr_4addr *)skb->data;
527 switch (le16_to_cpu(hdr11->frame_ctl) &
528 (IEEE80211_FCTL_FROMDS | IEEE80211_FCTL_TODS)) {
529 case IEEE80211_FCTL_TODS:
530 memcpy(hdr, hdr11->addr3, ETH_ALEN); /* DA */
531 memcpy(hdr + ETH_ALEN, hdr11->addr2, ETH_ALEN); /* SA */
533 case IEEE80211_FCTL_FROMDS:
534 memcpy(hdr, hdr11->addr1, ETH_ALEN); /* DA */
535 memcpy(hdr + ETH_ALEN, hdr11->addr3, ETH_ALEN); /* SA */
537 case IEEE80211_FCTL_FROMDS | IEEE80211_FCTL_TODS:
538 memcpy(hdr, hdr11->addr3, ETH_ALEN); /* DA */
539 memcpy(hdr + ETH_ALEN, hdr11->addr4, ETH_ALEN); /* SA */
542 memcpy(hdr, hdr11->addr1, ETH_ALEN); /* DA */
543 memcpy(hdr + ETH_ALEN, hdr11->addr2, ETH_ALEN); /* SA */
547 hdr[12] = 0; /* priority */
549 hdr[13] = hdr[14] = hdr[15] = 0; /* reserved */
553 static int ieee80211_michael_mic_add(struct sk_buff *skb, int hdr_len, void *priv)
555 struct ieee80211_tkip_data *tkey = priv;
557 struct rtl_80211_hdr_4addr *hdr;
559 hdr = (struct rtl_80211_hdr_4addr *)skb->data;
561 if (skb_tailroom(skb) < 8 || skb->len < hdr_len) {
562 netdev_dbg(skb->dev, "Invalid packet for Michael MIC add "
563 "(tailroom=%d hdr_len=%d skb->len=%d)\n",
564 skb_tailroom(skb), hdr_len, skb->len);
568 michael_mic_hdr(skb, tkey->tx_hdr);
571 // fix the wpa process with wmm enabled.
572 if (IEEE80211_QOS_HAS_SEQ(le16_to_cpu(hdr->frame_ctl)))
573 tkey->tx_hdr[12] = *(skb->data + hdr_len - 2) & 0x07;
575 pos = skb_put(skb, 8);
577 if (michael_mic(tkey->tx_tfm_michael, &tkey->key[16], tkey->tx_hdr,
578 skb->data + hdr_len, skb->len - 8 - hdr_len, pos))
584 static void ieee80211_michael_mic_failure(struct net_device *dev,
585 struct rtl_80211_hdr_4addr *hdr,
588 union iwreq_data wrqu;
589 struct iw_michaelmicfailure ev;
591 /* TODO: needed parameters: count, keyid, key type, TSC */
592 memset(&ev, 0, sizeof(ev));
593 ev.flags = keyidx & IW_MICFAILURE_KEY_ID;
594 if (hdr->addr1[0] & 0x01)
595 ev.flags |= IW_MICFAILURE_GROUP;
597 ev.flags |= IW_MICFAILURE_PAIRWISE;
598 ev.src_addr.sa_family = ARPHRD_ETHER;
599 memcpy(ev.src_addr.sa_data, hdr->addr2, ETH_ALEN);
600 memset(&wrqu, 0, sizeof(wrqu));
601 wrqu.data.length = sizeof(ev);
602 wireless_send_event(dev, IWEVMICHAELMICFAILURE, &wrqu, (char *)&ev);
605 static int ieee80211_michael_mic_verify(struct sk_buff *skb, int keyidx,
606 int hdr_len, void *priv)
608 struct ieee80211_tkip_data *tkey = priv;
610 struct rtl_80211_hdr_4addr *hdr;
612 hdr = (struct rtl_80211_hdr_4addr *)skb->data;
617 michael_mic_hdr(skb, tkey->rx_hdr);
619 // fix the wpa process with wmm enabled.
620 if (IEEE80211_QOS_HAS_SEQ(le16_to_cpu(hdr->frame_ctl)))
621 tkey->rx_hdr[12] = *(skb->data + hdr_len - 2) & 0x07;
624 if (michael_mic(tkey->rx_tfm_michael, &tkey->key[24], tkey->rx_hdr,
625 skb->data + hdr_len, skb->len - 8 - hdr_len, mic))
627 if (memcmp(mic, skb->data + skb->len - 8, 8) != 0) {
628 struct rtl_80211_hdr_4addr *hdr;
629 hdr = (struct rtl_80211_hdr_4addr *)skb->data;
631 netdev_dbg(skb->dev, "Michael MIC verification failed for "
632 "MSDU from %pM keyidx=%d\n",
635 ieee80211_michael_mic_failure(skb->dev, hdr, keyidx);
636 tkey->dot11RSNAStatsTKIPLocalMICFailures++;
641 * Update TSC counters for RX now that the packet verification has
644 tkey->rx_iv32 = tkey->rx_iv32_new;
645 tkey->rx_iv16 = tkey->rx_iv16_new;
647 skb_trim(skb, skb->len - 8);
653 static int ieee80211_tkip_set_key(void *key, int len, u8 *seq, void *priv)
655 struct ieee80211_tkip_data *tkey = priv;
657 struct crypto_shash *tfm = tkey->tx_tfm_michael;
658 struct crypto_sync_skcipher *tfm2 = tkey->tx_tfm_arc4;
659 struct crypto_shash *tfm3 = tkey->rx_tfm_michael;
660 struct crypto_sync_skcipher *tfm4 = tkey->rx_tfm_arc4;
662 keyidx = tkey->key_idx;
663 memset(tkey, 0, sizeof(*tkey));
664 tkey->key_idx = keyidx;
665 tkey->tx_tfm_michael = tfm;
666 tkey->tx_tfm_arc4 = tfm2;
667 tkey->rx_tfm_michael = tfm3;
668 tkey->rx_tfm_arc4 = tfm4;
670 if (len == TKIP_KEY_LEN) {
671 memcpy(tkey->key, key, TKIP_KEY_LEN);
673 tkey->tx_iv16 = 1; /* TSC is initialized to 1 */
675 tkey->rx_iv32 = (seq[5] << 24) | (seq[4] << 16) |
676 (seq[3] << 8) | seq[2];
677 tkey->rx_iv16 = (seq[1] << 8) | seq[0];
688 static int ieee80211_tkip_get_key(void *key, int len, u8 *seq, void *priv)
690 struct ieee80211_tkip_data *tkey = priv;
692 if (len < TKIP_KEY_LEN)
697 memcpy(key, tkey->key, TKIP_KEY_LEN);
700 /* Return the sequence number of the last transmitted frame. */
701 u16 iv16 = tkey->tx_iv16;
702 u32 iv32 = tkey->tx_iv32;
707 seq[0] = tkey->tx_iv16;
708 seq[1] = tkey->tx_iv16 >> 8;
709 seq[2] = tkey->tx_iv32;
710 seq[3] = tkey->tx_iv32 >> 8;
711 seq[4] = tkey->tx_iv32 >> 16;
712 seq[5] = tkey->tx_iv32 >> 24;
719 static char *ieee80211_tkip_print_stats(char *p, void *priv)
721 struct ieee80211_tkip_data *tkip = priv;
723 p += sprintf(p, "key[%d] alg=TKIP key_set=%d "
724 "tx_pn=%02x%02x%02x%02x%02x%02x "
725 "rx_pn=%02x%02x%02x%02x%02x%02x "
726 "replays=%d icv_errors=%d local_mic_failures=%d\n",
727 tkip->key_idx, tkip->key_set,
728 (tkip->tx_iv32 >> 24) & 0xff,
729 (tkip->tx_iv32 >> 16) & 0xff,
730 (tkip->tx_iv32 >> 8) & 0xff,
731 tkip->tx_iv32 & 0xff,
732 (tkip->tx_iv16 >> 8) & 0xff,
733 tkip->tx_iv16 & 0xff,
734 (tkip->rx_iv32 >> 24) & 0xff,
735 (tkip->rx_iv32 >> 16) & 0xff,
736 (tkip->rx_iv32 >> 8) & 0xff,
737 tkip->rx_iv32 & 0xff,
738 (tkip->rx_iv16 >> 8) & 0xff,
739 tkip->rx_iv16 & 0xff,
740 tkip->dot11RSNAStatsTKIPReplays,
741 tkip->dot11RSNAStatsTKIPICVErrors,
742 tkip->dot11RSNAStatsTKIPLocalMICFailures);
747 static struct ieee80211_crypto_ops ieee80211_crypt_tkip = {
749 .init = ieee80211_tkip_init,
750 .deinit = ieee80211_tkip_deinit,
751 .encrypt_mpdu = ieee80211_tkip_encrypt,
752 .decrypt_mpdu = ieee80211_tkip_decrypt,
753 .encrypt_msdu = ieee80211_michael_mic_add,
754 .decrypt_msdu = ieee80211_michael_mic_verify,
755 .set_key = ieee80211_tkip_set_key,
756 .get_key = ieee80211_tkip_get_key,
757 .print_stats = ieee80211_tkip_print_stats,
758 .extra_prefix_len = 4 + 4, /* IV + ExtIV */
759 .extra_postfix_len = 8 + 4, /* MIC + ICV */
760 .owner = THIS_MODULE,
763 int __init ieee80211_crypto_tkip_init(void)
765 return ieee80211_register_crypto_ops(&ieee80211_crypt_tkip);
768 void __exit ieee80211_crypto_tkip_exit(void)
770 ieee80211_unregister_crypto_ops(&ieee80211_crypt_tkip);
773 void ieee80211_tkip_null(void)
775 // printk("============>%s()\n", __func__);