1 // SPDX-License-Identifier: GPL-2.0
2 /*
3 * Host AP crypt: host-based TKIP encryption implementation for Host AP driver
4 *
5 * Copyright (c) 2003-2004, Jouni Malinen <jkmaline@cc.hut.fi>
6 */
7
8 #include <linux/module.h>
9 #include <linux/init.h>
10 #include <linux/slab.h>
11 #include <linux/random.h>
12 #include <linux/skbuff.h>
13 #include <linux/netdevice.h>
14 #include <linux/if_ether.h>
15 #include <linux/if_arp.h>
16 #include <linux/string.h>
17
18 #include "ieee80211.h"
19
20 #include <crypto/hash.h>
21 #include <crypto/skcipher.h>
22 #include <linux/scatterlist.h>
23 #include <linux/crc32.h>
24
25 MODULE_AUTHOR("Jouni Malinen");
26 MODULE_DESCRIPTION("Host AP crypt: TKIP");
27 MODULE_LICENSE("GPL");
28
29 struct ieee80211_tkip_data {
30 #define TKIP_KEY_LEN 32
31 u8 key[TKIP_KEY_LEN];
32 int key_set;
33
34 u32 tx_iv32;
35 u16 tx_iv16;
36 u16 tx_ttak[5];
37 int tx_phase1_done;
38
39 u32 rx_iv32;
40 u16 rx_iv16;
41 u16 rx_ttak[5];
42 int rx_phase1_done;
43 u32 rx_iv32_new;
44 u16 rx_iv16_new;
45
46 u32 dot11RSNAStatsTKIPReplays;
47 u32 dot11RSNAStatsTKIPICVErrors;
48 u32 dot11RSNAStatsTKIPLocalMICFailures;
49
50 int key_idx;
51
52 struct crypto_sync_skcipher *rx_tfm_arc4;
53 struct crypto_shash *rx_tfm_michael;
54 struct crypto_sync_skcipher *tx_tfm_arc4;
55 struct crypto_shash *tx_tfm_michael;
56
57 /* scratch buffers for virt_to_page() (crypto API) */
58 u8 rx_hdr[16], tx_hdr[16];
59 };
60
ieee80211_tkip_init(int key_idx)61 static void *ieee80211_tkip_init(int key_idx)
62 {
63 struct ieee80211_tkip_data *priv;
64
65 priv = kzalloc(sizeof(*priv), GFP_KERNEL);
66 if (!priv)
67 goto fail;
68 priv->key_idx = key_idx;
69
70 priv->tx_tfm_arc4 = crypto_alloc_sync_skcipher("ecb(arc4)", 0, 0);
71 if (IS_ERR(priv->tx_tfm_arc4)) {
72 printk(KERN_DEBUG "ieee80211_crypt_tkip: could not allocate "
73 "crypto API arc4\n");
74 priv->tx_tfm_arc4 = NULL;
75 goto fail;
76 }
77
78 priv->tx_tfm_michael = crypto_alloc_shash("michael_mic", 0, 0);
79 if (IS_ERR(priv->tx_tfm_michael)) {
80 printk(KERN_DEBUG "ieee80211_crypt_tkip: could not allocate "
81 "crypto API michael_mic\n");
82 priv->tx_tfm_michael = NULL;
83 goto fail;
84 }
85
86 priv->rx_tfm_arc4 = crypto_alloc_sync_skcipher("ecb(arc4)", 0, 0);
87 if (IS_ERR(priv->rx_tfm_arc4)) {
88 printk(KERN_DEBUG "ieee80211_crypt_tkip: could not allocate "
89 "crypto API arc4\n");
90 priv->rx_tfm_arc4 = NULL;
91 goto fail;
92 }
93
94 priv->rx_tfm_michael = crypto_alloc_shash("michael_mic", 0, 0);
95 if (IS_ERR(priv->rx_tfm_michael)) {
96 printk(KERN_DEBUG "ieee80211_crypt_tkip: could not allocate "
97 "crypto API michael_mic\n");
98 priv->rx_tfm_michael = NULL;
99 goto fail;
100 }
101
102 return priv;
103
104 fail:
105 if (priv) {
106 crypto_free_shash(priv->tx_tfm_michael);
107 crypto_free_sync_skcipher(priv->tx_tfm_arc4);
108 crypto_free_shash(priv->rx_tfm_michael);
109 crypto_free_sync_skcipher(priv->rx_tfm_arc4);
110 kfree(priv);
111 }
112
113 return NULL;
114 }
115
116
ieee80211_tkip_deinit(void * priv)117 static void ieee80211_tkip_deinit(void *priv)
118 {
119 struct ieee80211_tkip_data *_priv = priv;
120
121 if (_priv) {
122 crypto_free_shash(_priv->tx_tfm_michael);
123 crypto_free_sync_skcipher(_priv->tx_tfm_arc4);
124 crypto_free_shash(_priv->rx_tfm_michael);
125 crypto_free_sync_skcipher(_priv->rx_tfm_arc4);
126 }
127 kfree(priv);
128 }
129
130
RotR1(u16 val)131 static inline u16 RotR1(u16 val)
132 {
133 return (val >> 1) | (val << 15);
134 }
135
136
Lo8(u16 val)137 static inline u8 Lo8(u16 val)
138 {
139 return val & 0xff;
140 }
141
142
Hi8(u16 val)143 static inline u8 Hi8(u16 val)
144 {
145 return val >> 8;
146 }
147
148
Lo16(u32 val)149 static inline u16 Lo16(u32 val)
150 {
151 return val & 0xffff;
152 }
153
154
Hi16(u32 val)155 static inline u16 Hi16(u32 val)
156 {
157 return val >> 16;
158 }
159
160
Mk16(u8 hi,u8 lo)161 static inline u16 Mk16(u8 hi, u8 lo)
162 {
163 return lo | (((u16)hi) << 8);
164 }
165
166 static const u16 Sbox[256] = {
167 0xC6A5, 0xF884, 0xEE99, 0xF68D, 0xFF0D, 0xD6BD, 0xDEB1, 0x9154,
168 0x6050, 0x0203, 0xCEA9, 0x567D, 0xE719, 0xB562, 0x4DE6, 0xEC9A,
169 0x8F45, 0x1F9D, 0x8940, 0xFA87, 0xEF15, 0xB2EB, 0x8EC9, 0xFB0B,
170 0x41EC, 0xB367, 0x5FFD, 0x45EA, 0x23BF, 0x53F7, 0xE496, 0x9B5B,
171 0x75C2, 0xE11C, 0x3DAE, 0x4C6A, 0x6C5A, 0x7E41, 0xF502, 0x834F,
172 0x685C, 0x51F4, 0xD134, 0xF908, 0xE293, 0xAB73, 0x6253, 0x2A3F,
173 0x080C, 0x9552, 0x4665, 0x9D5E, 0x3028, 0x37A1, 0x0A0F, 0x2FB5,
174 0x0E09, 0x2436, 0x1B9B, 0xDF3D, 0xCD26, 0x4E69, 0x7FCD, 0xEA9F,
175 0x121B, 0x1D9E, 0x5874, 0x342E, 0x362D, 0xDCB2, 0xB4EE, 0x5BFB,
176 0xA4F6, 0x764D, 0xB761, 0x7DCE, 0x527B, 0xDD3E, 0x5E71, 0x1397,
177 0xA6F5, 0xB968, 0x0000, 0xC12C, 0x4060, 0xE31F, 0x79C8, 0xB6ED,
178 0xD4BE, 0x8D46, 0x67D9, 0x724B, 0x94DE, 0x98D4, 0xB0E8, 0x854A,
179 0xBB6B, 0xC52A, 0x4FE5, 0xED16, 0x86C5, 0x9AD7, 0x6655, 0x1194,
180 0x8ACF, 0xE910, 0x0406, 0xFE81, 0xA0F0, 0x7844, 0x25BA, 0x4BE3,
181 0xA2F3, 0x5DFE, 0x80C0, 0x058A, 0x3FAD, 0x21BC, 0x7048, 0xF104,
182 0x63DF, 0x77C1, 0xAF75, 0x4263, 0x2030, 0xE51A, 0xFD0E, 0xBF6D,
183 0x814C, 0x1814, 0x2635, 0xC32F, 0xBEE1, 0x35A2, 0x88CC, 0x2E39,
184 0x9357, 0x55F2, 0xFC82, 0x7A47, 0xC8AC, 0xBAE7, 0x322B, 0xE695,
185 0xC0A0, 0x1998, 0x9ED1, 0xA37F, 0x4466, 0x547E, 0x3BAB, 0x0B83,
186 0x8CCA, 0xC729, 0x6BD3, 0x283C, 0xA779, 0xBCE2, 0x161D, 0xAD76,
187 0xDB3B, 0x6456, 0x744E, 0x141E, 0x92DB, 0x0C0A, 0x486C, 0xB8E4,
188 0x9F5D, 0xBD6E, 0x43EF, 0xC4A6, 0x39A8, 0x31A4, 0xD337, 0xF28B,
189 0xD532, 0x8B43, 0x6E59, 0xDAB7, 0x018C, 0xB164, 0x9CD2, 0x49E0,
190 0xD8B4, 0xACFA, 0xF307, 0xCF25, 0xCAAF, 0xF48E, 0x47E9, 0x1018,
191 0x6FD5, 0xF088, 0x4A6F, 0x5C72, 0x3824, 0x57F1, 0x73C7, 0x9751,
192 0xCB23, 0xA17C, 0xE89C, 0x3E21, 0x96DD, 0x61DC, 0x0D86, 0x0F85,
193 0xE090, 0x7C42, 0x71C4, 0xCCAA, 0x90D8, 0x0605, 0xF701, 0x1C12,
194 0xC2A3, 0x6A5F, 0xAEF9, 0x69D0, 0x1791, 0x9958, 0x3A27, 0x27B9,
195 0xD938, 0xEB13, 0x2BB3, 0x2233, 0xD2BB, 0xA970, 0x0789, 0x33A7,
196 0x2DB6, 0x3C22, 0x1592, 0xC920, 0x8749, 0xAAFF, 0x5078, 0xA57A,
197 0x038F, 0x59F8, 0x0980, 0x1A17, 0x65DA, 0xD731, 0x84C6, 0xD0B8,
198 0x82C3, 0x29B0, 0x5A77, 0x1E11, 0x7BCB, 0xA8FC, 0x6DD6, 0x2C3A,
199 };
200
201
_S_(u16 v)202 static inline u16 _S_(u16 v)
203 {
204 u16 t = Sbox[Hi8(v)];
205 return Sbox[Lo8(v)] ^ ((t << 8) | (t >> 8));
206 }
207
208
209 #define PHASE1_LOOP_COUNT 8
210
211
tkip_mixing_phase1(u16 * TTAK,const u8 * TK,const u8 * TA,u32 IV32)212 static void tkip_mixing_phase1(u16 *TTAK, const u8 *TK, const u8 *TA, u32 IV32)
213 {
214 int i, j;
215
216 /* Initialize the 80-bit TTAK from TSC (IV32) and TA[0..5] */
217 TTAK[0] = Lo16(IV32);
218 TTAK[1] = Hi16(IV32);
219 TTAK[2] = Mk16(TA[1], TA[0]);
220 TTAK[3] = Mk16(TA[3], TA[2]);
221 TTAK[4] = Mk16(TA[5], TA[4]);
222
223 for (i = 0; i < PHASE1_LOOP_COUNT; i++) {
224 j = 2 * (i & 1);
225 TTAK[0] += _S_(TTAK[4] ^ Mk16(TK[1 + j], TK[0 + j]));
226 TTAK[1] += _S_(TTAK[0] ^ Mk16(TK[5 + j], TK[4 + j]));
227 TTAK[2] += _S_(TTAK[1] ^ Mk16(TK[9 + j], TK[8 + j]));
228 TTAK[3] += _S_(TTAK[2] ^ Mk16(TK[13 + j], TK[12 + j]));
229 TTAK[4] += _S_(TTAK[3] ^ Mk16(TK[1 + j], TK[0 + j])) + i;
230 }
231 }
232
233
tkip_mixing_phase2(u8 * WEPSeed,const u8 * TK,const u16 * TTAK,u16 IV16)234 static void tkip_mixing_phase2(u8 *WEPSeed, const u8 *TK, const u16 *TTAK,
235 u16 IV16)
236 {
237 /*
238 * Make temporary area overlap WEP seed so that the final copy can be
239 * avoided on little endian hosts.
240 */
241 u16 *PPK = (u16 *)&WEPSeed[4];
242
243 /* Step 1 - make copy of TTAK and bring in TSC */
244 PPK[0] = TTAK[0];
245 PPK[1] = TTAK[1];
246 PPK[2] = TTAK[2];
247 PPK[3] = TTAK[3];
248 PPK[4] = TTAK[4];
249 PPK[5] = TTAK[4] + IV16;
250
251 /* Step 2 - 96-bit bijective mixing using S-box */
252 PPK[0] += _S_(PPK[5] ^ le16_to_cpu(*(__le16 *)(&TK[0])));
253 PPK[1] += _S_(PPK[0] ^ le16_to_cpu(*(__le16 *)(&TK[2])));
254 PPK[2] += _S_(PPK[1] ^ le16_to_cpu(*(__le16 *)(&TK[4])));
255 PPK[3] += _S_(PPK[2] ^ le16_to_cpu(*(__le16 *)(&TK[6])));
256 PPK[4] += _S_(PPK[3] ^ le16_to_cpu(*(__le16 *)(&TK[8])));
257 PPK[5] += _S_(PPK[4] ^ le16_to_cpu(*(__le16 *)(&TK[10])));
258
259 PPK[0] += RotR1(PPK[5] ^ le16_to_cpu(*(__le16 *)(&TK[12])));
260 PPK[1] += RotR1(PPK[0] ^ le16_to_cpu(*(__le16 *)(&TK[14])));
261 PPK[2] += RotR1(PPK[1]);
262 PPK[3] += RotR1(PPK[2]);
263 PPK[4] += RotR1(PPK[3]);
264 PPK[5] += RotR1(PPK[4]);
265
266 /*
267 * Step 3 - bring in last of TK bits, assign 24-bit WEP IV value
268 * WEPSeed[0..2] is transmitted as WEP IV
269 */
270 WEPSeed[0] = Hi8(IV16);
271 WEPSeed[1] = (Hi8(IV16) | 0x20) & 0x7F;
272 WEPSeed[2] = Lo8(IV16);
273 WEPSeed[3] = Lo8((PPK[5] ^ le16_to_cpu(*(__le16 *)(&TK[0]))) >> 1);
274
275 #ifdef __BIG_ENDIAN
276 {
277 int i;
278
279 for (i = 0; i < 6; i++)
280 PPK[i] = (PPK[i] << 8) | (PPK[i] >> 8);
281 }
282 #endif
283 }
284
285
ieee80211_tkip_encrypt(struct sk_buff * skb,int hdr_len,void * priv)286 static int ieee80211_tkip_encrypt(struct sk_buff *skb, int hdr_len, void *priv)
287 {
288 struct ieee80211_tkip_data *tkey = priv;
289 int len;
290 u8 *pos;
291 struct rtl_80211_hdr_4addr *hdr;
292 struct cb_desc *tcb_desc = (struct cb_desc *)(skb->cb + MAX_DEV_ADDR_SIZE);
293 int ret = 0;
294 u8 rc4key[16], *icv;
295 u32 crc;
296 struct scatterlist sg;
297
298 if (skb_headroom(skb) < 8 || skb_tailroom(skb) < 4 ||
299 skb->len < hdr_len)
300 return -1;
301
302 hdr = (struct rtl_80211_hdr_4addr *)skb->data;
303
304 if (!tcb_desc->bHwSec) {
305 if (!tkey->tx_phase1_done) {
306 tkip_mixing_phase1(tkey->tx_ttak, tkey->key, hdr->addr2,
307 tkey->tx_iv32);
308 tkey->tx_phase1_done = 1;
309 }
310 tkip_mixing_phase2(rc4key, tkey->key, tkey->tx_ttak, tkey->tx_iv16);
311 } else
312 tkey->tx_phase1_done = 1;
313
314
315 len = skb->len - hdr_len;
316 pos = skb_push(skb, 8);
317 memmove(pos, pos + 8, hdr_len);
318 pos += hdr_len;
319
320 if (tcb_desc->bHwSec) {
321 *pos++ = Hi8(tkey->tx_iv16);
322 *pos++ = (Hi8(tkey->tx_iv16) | 0x20) & 0x7F;
323 *pos++ = Lo8(tkey->tx_iv16);
324 } else {
325 *pos++ = rc4key[0];
326 *pos++ = rc4key[1];
327 *pos++ = rc4key[2];
328 }
329
330 *pos++ = (tkey->key_idx << 6) | BIT(5) /* Ext IV included */;
331 *pos++ = tkey->tx_iv32 & 0xff;
332 *pos++ = (tkey->tx_iv32 >> 8) & 0xff;
333 *pos++ = (tkey->tx_iv32 >> 16) & 0xff;
334 *pos++ = (tkey->tx_iv32 >> 24) & 0xff;
335
336 if (!tcb_desc->bHwSec) {
337 SYNC_SKCIPHER_REQUEST_ON_STACK(req, tkey->tx_tfm_arc4);
338
339 icv = skb_put(skb, 4);
340 crc = ~crc32_le(~0, pos, len);
341 icv[0] = crc;
342 icv[1] = crc >> 8;
343 icv[2] = crc >> 16;
344 icv[3] = crc >> 24;
345 crypto_sync_skcipher_setkey(tkey->tx_tfm_arc4, rc4key, 16);
346 sg_init_one(&sg, pos, len + 4);
347 skcipher_request_set_sync_tfm(req, tkey->tx_tfm_arc4);
348 skcipher_request_set_callback(req, 0, NULL, NULL);
349 skcipher_request_set_crypt(req, &sg, &sg, len + 4, NULL);
350 ret = crypto_skcipher_encrypt(req);
351 skcipher_request_zero(req);
352 }
353
354 tkey->tx_iv16++;
355 if (tkey->tx_iv16 == 0) {
356 tkey->tx_phase1_done = 0;
357 tkey->tx_iv32++;
358 }
359
360 if (!tcb_desc->bHwSec)
361 return ret;
362 else
363 return 0;
364
365
366 }
367
ieee80211_tkip_decrypt(struct sk_buff * skb,int hdr_len,void * priv)368 static int ieee80211_tkip_decrypt(struct sk_buff *skb, int hdr_len, void *priv)
369 {
370 struct ieee80211_tkip_data *tkey = priv;
371 u8 keyidx, *pos;
372 u32 iv32;
373 u16 iv16;
374 struct rtl_80211_hdr_4addr *hdr;
375 struct cb_desc *tcb_desc = (struct cb_desc *)(skb->cb + MAX_DEV_ADDR_SIZE);
376 u8 rc4key[16];
377 u8 icv[4];
378 u32 crc;
379 struct scatterlist sg;
380 int plen;
381 int err;
382
383 if (skb->len < hdr_len + 8 + 4)
384 return -1;
385
386 hdr = (struct rtl_80211_hdr_4addr *)skb->data;
387 pos = skb->data + hdr_len;
388 keyidx = pos[3];
389 if (!(keyidx & BIT(5))) {
390 if (net_ratelimit()) {
391 printk(KERN_DEBUG "TKIP: received packet without ExtIV"
392 " flag from %pM\n", hdr->addr2);
393 }
394 return -2;
395 }
396 keyidx >>= 6;
397 if (tkey->key_idx != keyidx) {
398 printk(KERN_DEBUG "TKIP: RX tkey->key_idx=%d frame "
399 "keyidx=%d priv=%p\n", tkey->key_idx, keyidx, priv);
400 return -6;
401 }
402 if (!tkey->key_set) {
403 if (net_ratelimit()) {
404 printk(KERN_DEBUG "TKIP: received packet from %pM"
405 " with keyid=%d that does not have a configured"
406 " key\n", hdr->addr2, keyidx);
407 }
408 return -3;
409 }
410 iv16 = (pos[0] << 8) | pos[2];
411 iv32 = pos[4] | (pos[5] << 8) | (pos[6] << 16) | (pos[7] << 24);
412 pos += 8;
413
414 if (!tcb_desc->bHwSec) {
415 SYNC_SKCIPHER_REQUEST_ON_STACK(req, tkey->rx_tfm_arc4);
416
417 if (iv32 < tkey->rx_iv32 ||
418 (iv32 == tkey->rx_iv32 && iv16 <= tkey->rx_iv16)) {
419 if (net_ratelimit()) {
420 printk(KERN_DEBUG "TKIP: replay detected: STA=%pM"
421 " previous TSC %08x%04x received TSC "
422 "%08x%04x\n", hdr->addr2,
423 tkey->rx_iv32, tkey->rx_iv16, iv32, iv16);
424 }
425 tkey->dot11RSNAStatsTKIPReplays++;
426 return -4;
427 }
428
429 if (iv32 != tkey->rx_iv32 || !tkey->rx_phase1_done) {
430 tkip_mixing_phase1(tkey->rx_ttak, tkey->key, hdr->addr2, iv32);
431 tkey->rx_phase1_done = 1;
432 }
433 tkip_mixing_phase2(rc4key, tkey->key, tkey->rx_ttak, iv16);
434
435 plen = skb->len - hdr_len - 12;
436
437 crypto_sync_skcipher_setkey(tkey->rx_tfm_arc4, rc4key, 16);
438 sg_init_one(&sg, pos, plen + 4);
439
440 skcipher_request_set_sync_tfm(req, tkey->rx_tfm_arc4);
441 skcipher_request_set_callback(req, 0, NULL, NULL);
442 skcipher_request_set_crypt(req, &sg, &sg, plen + 4, NULL);
443
444 err = crypto_skcipher_decrypt(req);
445 skcipher_request_zero(req);
446 if (err) {
447 if (net_ratelimit()) {
448 printk(KERN_DEBUG ": TKIP: failed to decrypt "
449 "received packet from %pM\n",
450 hdr->addr2);
451 }
452 return -7;
453 }
454
455 crc = ~crc32_le(~0, pos, plen);
456 icv[0] = crc;
457 icv[1] = crc >> 8;
458 icv[2] = crc >> 16;
459 icv[3] = crc >> 24;
460
461 if (memcmp(icv, pos + plen, 4) != 0) {
462 if (iv32 != tkey->rx_iv32) {
463 /*
464 * Previously cached Phase1 result was already
465 * lost, so it needs to be recalculated for the
466 * next packet.
467 */
468 tkey->rx_phase1_done = 0;
469 }
470 if (net_ratelimit()) {
471 printk(KERN_DEBUG "TKIP: ICV error detected: STA="
472 "%pM\n", hdr->addr2);
473 }
474 tkey->dot11RSNAStatsTKIPICVErrors++;
475 return -5;
476 }
477
478 }
479
480 /*
481 * Update real counters only after Michael MIC verification has
482 * completed.
483 */
484 tkey->rx_iv32_new = iv32;
485 tkey->rx_iv16_new = iv16;
486
487 /* Remove IV and ICV */
488 memmove(skb->data + 8, skb->data, hdr_len);
489 skb_pull(skb, 8);
490 skb_trim(skb, skb->len - 4);
491
492 return keyidx;
493 }
494
michael_mic(struct crypto_shash * tfm_michael,u8 * key,u8 * hdr,u8 * data,size_t data_len,u8 * mic)495 static int michael_mic(struct crypto_shash *tfm_michael, u8 *key, u8 *hdr,
496 u8 *data, size_t data_len, u8 *mic)
497 {
498 SHASH_DESC_ON_STACK(desc, tfm_michael);
499 int err;
500
501 desc->tfm = tfm_michael;
502
503 if (crypto_shash_setkey(tfm_michael, key, 8))
504 return -1;
505
506 err = crypto_shash_init(desc);
507 if (err)
508 goto out;
509 err = crypto_shash_update(desc, hdr, 16);
510 if (err)
511 goto out;
512 err = crypto_shash_update(desc, data, data_len);
513 if (err)
514 goto out;
515 err = crypto_shash_final(desc, mic);
516
517 out:
518 shash_desc_zero(desc);
519 return err;
520 }
521
michael_mic_hdr(struct sk_buff * skb,u8 * hdr)522 static void michael_mic_hdr(struct sk_buff *skb, u8 *hdr)
523 {
524 struct rtl_80211_hdr_4addr *hdr11;
525
526 hdr11 = (struct rtl_80211_hdr_4addr *)skb->data;
527 switch (le16_to_cpu(hdr11->frame_ctl) &
528 (IEEE80211_FCTL_FROMDS | IEEE80211_FCTL_TODS)) {
529 case IEEE80211_FCTL_TODS:
530 memcpy(hdr, hdr11->addr3, ETH_ALEN); /* DA */
531 memcpy(hdr + ETH_ALEN, hdr11->addr2, ETH_ALEN); /* SA */
532 break;
533 case IEEE80211_FCTL_FROMDS:
534 memcpy(hdr, hdr11->addr1, ETH_ALEN); /* DA */
535 memcpy(hdr + ETH_ALEN, hdr11->addr3, ETH_ALEN); /* SA */
536 break;
537 case IEEE80211_FCTL_FROMDS | IEEE80211_FCTL_TODS:
538 memcpy(hdr, hdr11->addr3, ETH_ALEN); /* DA */
539 memcpy(hdr + ETH_ALEN, hdr11->addr4, ETH_ALEN); /* SA */
540 break;
541 default:
542 memcpy(hdr, hdr11->addr1, ETH_ALEN); /* DA */
543 memcpy(hdr + ETH_ALEN, hdr11->addr2, ETH_ALEN); /* SA */
544 break;
545 }
546
547 hdr[12] = 0; /* priority */
548
549 hdr[13] = hdr[14] = hdr[15] = 0; /* reserved */
550 }
551
552
ieee80211_michael_mic_add(struct sk_buff * skb,int hdr_len,void * priv)553 static int ieee80211_michael_mic_add(struct sk_buff *skb, int hdr_len, void *priv)
554 {
555 struct ieee80211_tkip_data *tkey = priv;
556 u8 *pos;
557 struct rtl_80211_hdr_4addr *hdr;
558
559 hdr = (struct rtl_80211_hdr_4addr *)skb->data;
560
561 if (skb_tailroom(skb) < 8 || skb->len < hdr_len) {
562 printk(KERN_DEBUG "Invalid packet for Michael MIC add "
563 "(tailroom=%d hdr_len=%d skb->len=%d)\n",
564 skb_tailroom(skb), hdr_len, skb->len);
565 return -1;
566 }
567
568 michael_mic_hdr(skb, tkey->tx_hdr);
569
570 // { david, 2006.9.1
571 // fix the wpa process with wmm enabled.
572 if (IEEE80211_QOS_HAS_SEQ(le16_to_cpu(hdr->frame_ctl)))
573 tkey->tx_hdr[12] = *(skb->data + hdr_len - 2) & 0x07;
574 // }
575 pos = skb_put(skb, 8);
576
577 if (michael_mic(tkey->tx_tfm_michael, &tkey->key[16], tkey->tx_hdr,
578 skb->data + hdr_len, skb->len - 8 - hdr_len, pos))
579 return -1;
580
581 return 0;
582 }
583
ieee80211_michael_mic_failure(struct net_device * dev,struct rtl_80211_hdr_4addr * hdr,int keyidx)584 static void ieee80211_michael_mic_failure(struct net_device *dev,
585 struct rtl_80211_hdr_4addr *hdr,
586 int keyidx)
587 {
588 union iwreq_data wrqu;
589 struct iw_michaelmicfailure ev;
590
591 /* TODO: needed parameters: count, keyid, key type, TSC */
592 memset(&ev, 0, sizeof(ev));
593 ev.flags = keyidx & IW_MICFAILURE_KEY_ID;
594 if (hdr->addr1[0] & 0x01)
595 ev.flags |= IW_MICFAILURE_GROUP;
596 else
597 ev.flags |= IW_MICFAILURE_PAIRWISE;
598 ev.src_addr.sa_family = ARPHRD_ETHER;
599 memcpy(ev.src_addr.sa_data, hdr->addr2, ETH_ALEN);
600 memset(&wrqu, 0, sizeof(wrqu));
601 wrqu.data.length = sizeof(ev);
602 wireless_send_event(dev, IWEVMICHAELMICFAILURE, &wrqu, (char *)&ev);
603 }
604
ieee80211_michael_mic_verify(struct sk_buff * skb,int keyidx,int hdr_len,void * priv)605 static int ieee80211_michael_mic_verify(struct sk_buff *skb, int keyidx,
606 int hdr_len, void *priv)
607 {
608 struct ieee80211_tkip_data *tkey = priv;
609 u8 mic[8];
610 struct rtl_80211_hdr_4addr *hdr;
611
612 hdr = (struct rtl_80211_hdr_4addr *)skb->data;
613
614 if (!tkey->key_set)
615 return -1;
616
617 michael_mic_hdr(skb, tkey->rx_hdr);
618 // { david, 2006.9.1
619 // fix the wpa process with wmm enabled.
620 if (IEEE80211_QOS_HAS_SEQ(le16_to_cpu(hdr->frame_ctl)))
621 tkey->rx_hdr[12] = *(skb->data + hdr_len - 2) & 0x07;
622 // }
623
624 if (michael_mic(tkey->rx_tfm_michael, &tkey->key[24], tkey->rx_hdr,
625 skb->data + hdr_len, skb->len - 8 - hdr_len, mic))
626 return -1;
627 if (memcmp(mic, skb->data + skb->len - 8, 8) != 0) {
628 struct rtl_80211_hdr_4addr *hdr;
629 hdr = (struct rtl_80211_hdr_4addr *)skb->data;
630
631 printk(KERN_DEBUG "%s: Michael MIC verification failed for "
632 "MSDU from %pM keyidx=%d\n",
633 skb->dev ? skb->dev->name : "N/A", hdr->addr2,
634 keyidx);
635 if (skb->dev)
636 ieee80211_michael_mic_failure(skb->dev, hdr, keyidx);
637 tkey->dot11RSNAStatsTKIPLocalMICFailures++;
638 return -1;
639 }
640
641 /*
642 * Update TSC counters for RX now that the packet verification has
643 * completed.
644 */
645 tkey->rx_iv32 = tkey->rx_iv32_new;
646 tkey->rx_iv16 = tkey->rx_iv16_new;
647
648 skb_trim(skb, skb->len - 8);
649
650 return 0;
651 }
652
653
ieee80211_tkip_set_key(void * key,int len,u8 * seq,void * priv)654 static int ieee80211_tkip_set_key(void *key, int len, u8 *seq, void *priv)
655 {
656 struct ieee80211_tkip_data *tkey = priv;
657 int keyidx;
658 struct crypto_shash *tfm = tkey->tx_tfm_michael;
659 struct crypto_sync_skcipher *tfm2 = tkey->tx_tfm_arc4;
660 struct crypto_shash *tfm3 = tkey->rx_tfm_michael;
661 struct crypto_sync_skcipher *tfm4 = tkey->rx_tfm_arc4;
662
663 keyidx = tkey->key_idx;
664 memset(tkey, 0, sizeof(*tkey));
665 tkey->key_idx = keyidx;
666 tkey->tx_tfm_michael = tfm;
667 tkey->tx_tfm_arc4 = tfm2;
668 tkey->rx_tfm_michael = tfm3;
669 tkey->rx_tfm_arc4 = tfm4;
670
671 if (len == TKIP_KEY_LEN) {
672 memcpy(tkey->key, key, TKIP_KEY_LEN);
673 tkey->key_set = 1;
674 tkey->tx_iv16 = 1; /* TSC is initialized to 1 */
675 if (seq) {
676 tkey->rx_iv32 = (seq[5] << 24) | (seq[4] << 16) |
677 (seq[3] << 8) | seq[2];
678 tkey->rx_iv16 = (seq[1] << 8) | seq[0];
679 }
680 } else if (len == 0)
681 tkey->key_set = 0;
682 else
683 return -1;
684
685 return 0;
686 }
687
688
ieee80211_tkip_get_key(void * key,int len,u8 * seq,void * priv)689 static int ieee80211_tkip_get_key(void *key, int len, u8 *seq, void *priv)
690 {
691 struct ieee80211_tkip_data *tkey = priv;
692
693 if (len < TKIP_KEY_LEN)
694 return -1;
695
696 if (!tkey->key_set)
697 return 0;
698 memcpy(key, tkey->key, TKIP_KEY_LEN);
699
700 if (seq) {
701 /* Return the sequence number of the last transmitted frame. */
702 u16 iv16 = tkey->tx_iv16;
703 u32 iv32 = tkey->tx_iv32;
704
705 if (iv16 == 0)
706 iv32--;
707 iv16--;
708 seq[0] = tkey->tx_iv16;
709 seq[1] = tkey->tx_iv16 >> 8;
710 seq[2] = tkey->tx_iv32;
711 seq[3] = tkey->tx_iv32 >> 8;
712 seq[4] = tkey->tx_iv32 >> 16;
713 seq[5] = tkey->tx_iv32 >> 24;
714 }
715
716 return TKIP_KEY_LEN;
717 }
718
719
ieee80211_tkip_print_stats(char * p,void * priv)720 static char *ieee80211_tkip_print_stats(char *p, void *priv)
721 {
722 struct ieee80211_tkip_data *tkip = priv;
723
724 p += sprintf(p, "key[%d] alg=TKIP key_set=%d "
725 "tx_pn=%02x%02x%02x%02x%02x%02x "
726 "rx_pn=%02x%02x%02x%02x%02x%02x "
727 "replays=%d icv_errors=%d local_mic_failures=%d\n",
728 tkip->key_idx, tkip->key_set,
729 (tkip->tx_iv32 >> 24) & 0xff,
730 (tkip->tx_iv32 >> 16) & 0xff,
731 (tkip->tx_iv32 >> 8) & 0xff,
732 tkip->tx_iv32 & 0xff,
733 (tkip->tx_iv16 >> 8) & 0xff,
734 tkip->tx_iv16 & 0xff,
735 (tkip->rx_iv32 >> 24) & 0xff,
736 (tkip->rx_iv32 >> 16) & 0xff,
737 (tkip->rx_iv32 >> 8) & 0xff,
738 tkip->rx_iv32 & 0xff,
739 (tkip->rx_iv16 >> 8) & 0xff,
740 tkip->rx_iv16 & 0xff,
741 tkip->dot11RSNAStatsTKIPReplays,
742 tkip->dot11RSNAStatsTKIPICVErrors,
743 tkip->dot11RSNAStatsTKIPLocalMICFailures);
744 return p;
745 }
746
747
748 static struct ieee80211_crypto_ops ieee80211_crypt_tkip = {
749 .name = "TKIP",
750 .init = ieee80211_tkip_init,
751 .deinit = ieee80211_tkip_deinit,
752 .encrypt_mpdu = ieee80211_tkip_encrypt,
753 .decrypt_mpdu = ieee80211_tkip_decrypt,
754 .encrypt_msdu = ieee80211_michael_mic_add,
755 .decrypt_msdu = ieee80211_michael_mic_verify,
756 .set_key = ieee80211_tkip_set_key,
757 .get_key = ieee80211_tkip_get_key,
758 .print_stats = ieee80211_tkip_print_stats,
759 .extra_prefix_len = 4 + 4, /* IV + ExtIV */
760 .extra_postfix_len = 8 + 4, /* MIC + ICV */
761 .owner = THIS_MODULE,
762 };
763
ieee80211_crypto_tkip_init(void)764 int __init ieee80211_crypto_tkip_init(void)
765 {
766 return ieee80211_register_crypto_ops(&ieee80211_crypt_tkip);
767 }
768
ieee80211_crypto_tkip_exit(void)769 void __exit ieee80211_crypto_tkip_exit(void)
770 {
771 ieee80211_unregister_crypto_ops(&ieee80211_crypt_tkip);
772 }
773
ieee80211_tkip_null(void)774 void ieee80211_tkip_null(void)
775 {
776 // printk("============>%s()\n", __func__);
777 return;
778 }
779