1 // SPDX-License-Identifier: GPL-2.0
2 /*
3  * Host AP crypt: host-based TKIP encryption implementation for Host AP driver
4  *
5  * Copyright (c) 2003-2004, Jouni Malinen <jkmaline@cc.hut.fi>
6  */
7 
8 #include <linux/module.h>
9 #include <linux/init.h>
10 #include <linux/slab.h>
11 #include <linux/random.h>
12 #include <linux/skbuff.h>
13 #include <linux/netdevice.h>
14 #include <linux/if_ether.h>
15 #include <linux/if_arp.h>
16 #include <linux/string.h>
17 
18 #include "ieee80211.h"
19 
20 #include <crypto/hash.h>
21 #include <crypto/skcipher.h>
22 	#include <linux/scatterlist.h>
23 #include <linux/crc32.h>
24 
25 MODULE_AUTHOR("Jouni Malinen");
26 MODULE_DESCRIPTION("Host AP crypt: TKIP");
27 MODULE_LICENSE("GPL");
28 
29 struct ieee80211_tkip_data {
30 #define TKIP_KEY_LEN 32
31 	u8 key[TKIP_KEY_LEN];
32 	int key_set;
33 
34 	u32 tx_iv32;
35 	u16 tx_iv16;
36 	u16 tx_ttak[5];
37 	int tx_phase1_done;
38 
39 	u32 rx_iv32;
40 	u16 rx_iv16;
41 	u16 rx_ttak[5];
42 	int rx_phase1_done;
43 	u32 rx_iv32_new;
44 	u16 rx_iv16_new;
45 
46 	u32 dot11RSNAStatsTKIPReplays;
47 	u32 dot11RSNAStatsTKIPICVErrors;
48 	u32 dot11RSNAStatsTKIPLocalMICFailures;
49 
50 	int key_idx;
51 
52 	struct crypto_sync_skcipher *rx_tfm_arc4;
53 	struct crypto_shash *rx_tfm_michael;
54 	struct crypto_sync_skcipher *tx_tfm_arc4;
55 	struct crypto_shash *tx_tfm_michael;
56 
57 	/* scratch buffers for virt_to_page() (crypto API) */
58 	u8 rx_hdr[16], tx_hdr[16];
59 };
60 
ieee80211_tkip_init(int key_idx)61 static void *ieee80211_tkip_init(int key_idx)
62 {
63 	struct ieee80211_tkip_data *priv;
64 
65 	priv = kzalloc(sizeof(*priv), GFP_KERNEL);
66 	if (!priv)
67 		goto fail;
68 	priv->key_idx = key_idx;
69 
70 	priv->tx_tfm_arc4 = crypto_alloc_sync_skcipher("ecb(arc4)", 0, 0);
71 	if (IS_ERR(priv->tx_tfm_arc4)) {
72 		printk(KERN_DEBUG "ieee80211_crypt_tkip: could not allocate "
73 				"crypto API arc4\n");
74 		priv->tx_tfm_arc4 = NULL;
75 		goto fail;
76 	}
77 
78 	priv->tx_tfm_michael = crypto_alloc_shash("michael_mic", 0, 0);
79 	if (IS_ERR(priv->tx_tfm_michael)) {
80 		printk(KERN_DEBUG "ieee80211_crypt_tkip: could not allocate "
81 				"crypto API michael_mic\n");
82 		priv->tx_tfm_michael = NULL;
83 		goto fail;
84 	}
85 
86 	priv->rx_tfm_arc4 = crypto_alloc_sync_skcipher("ecb(arc4)", 0, 0);
87 	if (IS_ERR(priv->rx_tfm_arc4)) {
88 		printk(KERN_DEBUG "ieee80211_crypt_tkip: could not allocate "
89 				"crypto API arc4\n");
90 		priv->rx_tfm_arc4 = NULL;
91 		goto fail;
92 	}
93 
94 	priv->rx_tfm_michael = crypto_alloc_shash("michael_mic", 0, 0);
95 	if (IS_ERR(priv->rx_tfm_michael)) {
96 		printk(KERN_DEBUG "ieee80211_crypt_tkip: could not allocate "
97 				"crypto API michael_mic\n");
98 		priv->rx_tfm_michael = NULL;
99 		goto fail;
100 	}
101 
102 	return priv;
103 
104 fail:
105 	if (priv) {
106 		crypto_free_shash(priv->tx_tfm_michael);
107 		crypto_free_sync_skcipher(priv->tx_tfm_arc4);
108 		crypto_free_shash(priv->rx_tfm_michael);
109 		crypto_free_sync_skcipher(priv->rx_tfm_arc4);
110 		kfree(priv);
111 	}
112 
113 	return NULL;
114 }
115 
116 
ieee80211_tkip_deinit(void * priv)117 static void ieee80211_tkip_deinit(void *priv)
118 {
119 	struct ieee80211_tkip_data *_priv = priv;
120 
121 	if (_priv) {
122 		crypto_free_shash(_priv->tx_tfm_michael);
123 		crypto_free_sync_skcipher(_priv->tx_tfm_arc4);
124 		crypto_free_shash(_priv->rx_tfm_michael);
125 		crypto_free_sync_skcipher(_priv->rx_tfm_arc4);
126 	}
127 	kfree(priv);
128 }
129 
130 
RotR1(u16 val)131 static inline u16 RotR1(u16 val)
132 {
133 	return (val >> 1) | (val << 15);
134 }
135 
136 
Lo8(u16 val)137 static inline u8 Lo8(u16 val)
138 {
139 	return val & 0xff;
140 }
141 
142 
Hi8(u16 val)143 static inline u8 Hi8(u16 val)
144 {
145 	return val >> 8;
146 }
147 
148 
Lo16(u32 val)149 static inline u16 Lo16(u32 val)
150 {
151 	return val & 0xffff;
152 }
153 
154 
Hi16(u32 val)155 static inline u16 Hi16(u32 val)
156 {
157 	return val >> 16;
158 }
159 
160 
Mk16(u8 hi,u8 lo)161 static inline u16 Mk16(u8 hi, u8 lo)
162 {
163 	return lo | (((u16)hi) << 8);
164 }
165 
166 static const u16 Sbox[256] = {
167 	0xC6A5, 0xF884, 0xEE99, 0xF68D, 0xFF0D, 0xD6BD, 0xDEB1, 0x9154,
168 	0x6050, 0x0203, 0xCEA9, 0x567D, 0xE719, 0xB562, 0x4DE6, 0xEC9A,
169 	0x8F45, 0x1F9D, 0x8940, 0xFA87, 0xEF15, 0xB2EB, 0x8EC9, 0xFB0B,
170 	0x41EC, 0xB367, 0x5FFD, 0x45EA, 0x23BF, 0x53F7, 0xE496, 0x9B5B,
171 	0x75C2, 0xE11C, 0x3DAE, 0x4C6A, 0x6C5A, 0x7E41, 0xF502, 0x834F,
172 	0x685C, 0x51F4, 0xD134, 0xF908, 0xE293, 0xAB73, 0x6253, 0x2A3F,
173 	0x080C, 0x9552, 0x4665, 0x9D5E, 0x3028, 0x37A1, 0x0A0F, 0x2FB5,
174 	0x0E09, 0x2436, 0x1B9B, 0xDF3D, 0xCD26, 0x4E69, 0x7FCD, 0xEA9F,
175 	0x121B, 0x1D9E, 0x5874, 0x342E, 0x362D, 0xDCB2, 0xB4EE, 0x5BFB,
176 	0xA4F6, 0x764D, 0xB761, 0x7DCE, 0x527B, 0xDD3E, 0x5E71, 0x1397,
177 	0xA6F5, 0xB968, 0x0000, 0xC12C, 0x4060, 0xE31F, 0x79C8, 0xB6ED,
178 	0xD4BE, 0x8D46, 0x67D9, 0x724B, 0x94DE, 0x98D4, 0xB0E8, 0x854A,
179 	0xBB6B, 0xC52A, 0x4FE5, 0xED16, 0x86C5, 0x9AD7, 0x6655, 0x1194,
180 	0x8ACF, 0xE910, 0x0406, 0xFE81, 0xA0F0, 0x7844, 0x25BA, 0x4BE3,
181 	0xA2F3, 0x5DFE, 0x80C0, 0x058A, 0x3FAD, 0x21BC, 0x7048, 0xF104,
182 	0x63DF, 0x77C1, 0xAF75, 0x4263, 0x2030, 0xE51A, 0xFD0E, 0xBF6D,
183 	0x814C, 0x1814, 0x2635, 0xC32F, 0xBEE1, 0x35A2, 0x88CC, 0x2E39,
184 	0x9357, 0x55F2, 0xFC82, 0x7A47, 0xC8AC, 0xBAE7, 0x322B, 0xE695,
185 	0xC0A0, 0x1998, 0x9ED1, 0xA37F, 0x4466, 0x547E, 0x3BAB, 0x0B83,
186 	0x8CCA, 0xC729, 0x6BD3, 0x283C, 0xA779, 0xBCE2, 0x161D, 0xAD76,
187 	0xDB3B, 0x6456, 0x744E, 0x141E, 0x92DB, 0x0C0A, 0x486C, 0xB8E4,
188 	0x9F5D, 0xBD6E, 0x43EF, 0xC4A6, 0x39A8, 0x31A4, 0xD337, 0xF28B,
189 	0xD532, 0x8B43, 0x6E59, 0xDAB7, 0x018C, 0xB164, 0x9CD2, 0x49E0,
190 	0xD8B4, 0xACFA, 0xF307, 0xCF25, 0xCAAF, 0xF48E, 0x47E9, 0x1018,
191 	0x6FD5, 0xF088, 0x4A6F, 0x5C72, 0x3824, 0x57F1, 0x73C7, 0x9751,
192 	0xCB23, 0xA17C, 0xE89C, 0x3E21, 0x96DD, 0x61DC, 0x0D86, 0x0F85,
193 	0xE090, 0x7C42, 0x71C4, 0xCCAA, 0x90D8, 0x0605, 0xF701, 0x1C12,
194 	0xC2A3, 0x6A5F, 0xAEF9, 0x69D0, 0x1791, 0x9958, 0x3A27, 0x27B9,
195 	0xD938, 0xEB13, 0x2BB3, 0x2233, 0xD2BB, 0xA970, 0x0789, 0x33A7,
196 	0x2DB6, 0x3C22, 0x1592, 0xC920, 0x8749, 0xAAFF, 0x5078, 0xA57A,
197 	0x038F, 0x59F8, 0x0980, 0x1A17, 0x65DA, 0xD731, 0x84C6, 0xD0B8,
198 	0x82C3, 0x29B0, 0x5A77, 0x1E11, 0x7BCB, 0xA8FC, 0x6DD6, 0x2C3A,
199 };
200 
201 
_S_(u16 v)202 static inline u16 _S_(u16 v)
203 {
204 	u16 t = Sbox[Hi8(v)];
205 	return Sbox[Lo8(v)] ^ ((t << 8) | (t >> 8));
206 }
207 
208 
209 #define PHASE1_LOOP_COUNT 8
210 
211 
tkip_mixing_phase1(u16 * TTAK,const u8 * TK,const u8 * TA,u32 IV32)212 static void tkip_mixing_phase1(u16 *TTAK, const u8 *TK, const u8 *TA, u32 IV32)
213 {
214 	int i, j;
215 
216 	/* Initialize the 80-bit TTAK from TSC (IV32) and TA[0..5] */
217 	TTAK[0] = Lo16(IV32);
218 	TTAK[1] = Hi16(IV32);
219 	TTAK[2] = Mk16(TA[1], TA[0]);
220 	TTAK[3] = Mk16(TA[3], TA[2]);
221 	TTAK[4] = Mk16(TA[5], TA[4]);
222 
223 	for (i = 0; i < PHASE1_LOOP_COUNT; i++) {
224 		j = 2 * (i & 1);
225 		TTAK[0] += _S_(TTAK[4] ^ Mk16(TK[1 + j], TK[0 + j]));
226 		TTAK[1] += _S_(TTAK[0] ^ Mk16(TK[5 + j], TK[4 + j]));
227 		TTAK[2] += _S_(TTAK[1] ^ Mk16(TK[9 + j], TK[8 + j]));
228 		TTAK[3] += _S_(TTAK[2] ^ Mk16(TK[13 + j], TK[12 + j]));
229 		TTAK[4] += _S_(TTAK[3] ^ Mk16(TK[1 + j], TK[0 + j])) + i;
230 	}
231 }
232 
233 
tkip_mixing_phase2(u8 * WEPSeed,const u8 * TK,const u16 * TTAK,u16 IV16)234 static void tkip_mixing_phase2(u8 *WEPSeed, const u8 *TK, const u16 *TTAK,
235 			       u16 IV16)
236 {
237 	/*
238 	 * Make temporary area overlap WEP seed so that the final copy can be
239 	 * avoided on little endian hosts.
240 	 */
241 	u16 *PPK = (u16 *)&WEPSeed[4];
242 
243 	/* Step 1 - make copy of TTAK and bring in TSC */
244 	PPK[0] = TTAK[0];
245 	PPK[1] = TTAK[1];
246 	PPK[2] = TTAK[2];
247 	PPK[3] = TTAK[3];
248 	PPK[4] = TTAK[4];
249 	PPK[5] = TTAK[4] + IV16;
250 
251 	/* Step 2 - 96-bit bijective mixing using S-box */
252 	PPK[0] += _S_(PPK[5] ^ le16_to_cpu(*(__le16 *)(&TK[0])));
253 	PPK[1] += _S_(PPK[0] ^ le16_to_cpu(*(__le16 *)(&TK[2])));
254 	PPK[2] += _S_(PPK[1] ^ le16_to_cpu(*(__le16 *)(&TK[4])));
255 	PPK[3] += _S_(PPK[2] ^ le16_to_cpu(*(__le16 *)(&TK[6])));
256 	PPK[4] += _S_(PPK[3] ^ le16_to_cpu(*(__le16 *)(&TK[8])));
257 	PPK[5] += _S_(PPK[4] ^ le16_to_cpu(*(__le16 *)(&TK[10])));
258 
259 	PPK[0] += RotR1(PPK[5] ^ le16_to_cpu(*(__le16 *)(&TK[12])));
260 	PPK[1] += RotR1(PPK[0] ^ le16_to_cpu(*(__le16 *)(&TK[14])));
261 	PPK[2] += RotR1(PPK[1]);
262 	PPK[3] += RotR1(PPK[2]);
263 	PPK[4] += RotR1(PPK[3]);
264 	PPK[5] += RotR1(PPK[4]);
265 
266 	/*
267 	 * Step 3 - bring in last of TK bits, assign 24-bit WEP IV value
268 	 * WEPSeed[0..2] is transmitted as WEP IV
269 	 */
270 	WEPSeed[0] = Hi8(IV16);
271 	WEPSeed[1] = (Hi8(IV16) | 0x20) & 0x7F;
272 	WEPSeed[2] = Lo8(IV16);
273 	WEPSeed[3] = Lo8((PPK[5] ^ le16_to_cpu(*(__le16 *)(&TK[0]))) >> 1);
274 
275 #ifdef __BIG_ENDIAN
276 	{
277 		int i;
278 
279 		for (i = 0; i < 6; i++)
280 			PPK[i] = (PPK[i] << 8) | (PPK[i] >> 8);
281 	}
282 #endif
283 }
284 
285 
ieee80211_tkip_encrypt(struct sk_buff * skb,int hdr_len,void * priv)286 static int ieee80211_tkip_encrypt(struct sk_buff *skb, int hdr_len, void *priv)
287 {
288 	struct ieee80211_tkip_data *tkey = priv;
289 	int len;
290 	u8 *pos;
291 	struct rtl_80211_hdr_4addr *hdr;
292 	struct cb_desc *tcb_desc = (struct cb_desc *)(skb->cb + MAX_DEV_ADDR_SIZE);
293 	int ret = 0;
294 	u8 rc4key[16],  *icv;
295 	u32 crc;
296 	struct scatterlist sg;
297 
298 	if (skb_headroom(skb) < 8 || skb_tailroom(skb) < 4 ||
299 	    skb->len < hdr_len)
300 		return -1;
301 
302 	hdr = (struct rtl_80211_hdr_4addr *)skb->data;
303 
304 	if (!tcb_desc->bHwSec) {
305 		if (!tkey->tx_phase1_done) {
306 			tkip_mixing_phase1(tkey->tx_ttak, tkey->key, hdr->addr2,
307 					   tkey->tx_iv32);
308 			tkey->tx_phase1_done = 1;
309 		}
310 		tkip_mixing_phase2(rc4key, tkey->key, tkey->tx_ttak, tkey->tx_iv16);
311 	} else
312 		tkey->tx_phase1_done = 1;
313 
314 
315 	len = skb->len - hdr_len;
316 	pos = skb_push(skb, 8);
317 	memmove(pos, pos + 8, hdr_len);
318 	pos += hdr_len;
319 
320 	if (tcb_desc->bHwSec) {
321 		*pos++ = Hi8(tkey->tx_iv16);
322 		*pos++ = (Hi8(tkey->tx_iv16) | 0x20) & 0x7F;
323 		*pos++ = Lo8(tkey->tx_iv16);
324 	} else {
325 		*pos++ = rc4key[0];
326 		*pos++ = rc4key[1];
327 		*pos++ = rc4key[2];
328 	}
329 
330 	*pos++ = (tkey->key_idx << 6) | BIT(5) /* Ext IV included */;
331 	*pos++ = tkey->tx_iv32 & 0xff;
332 	*pos++ = (tkey->tx_iv32 >> 8) & 0xff;
333 	*pos++ = (tkey->tx_iv32 >> 16) & 0xff;
334 	*pos++ = (tkey->tx_iv32 >> 24) & 0xff;
335 
336 	if (!tcb_desc->bHwSec) {
337 		SYNC_SKCIPHER_REQUEST_ON_STACK(req, tkey->tx_tfm_arc4);
338 
339 		icv = skb_put(skb, 4);
340 		crc = ~crc32_le(~0, pos, len);
341 		icv[0] = crc;
342 		icv[1] = crc >> 8;
343 		icv[2] = crc >> 16;
344 		icv[3] = crc >> 24;
345 		crypto_sync_skcipher_setkey(tkey->tx_tfm_arc4, rc4key, 16);
346 		sg_init_one(&sg, pos, len + 4);
347 		skcipher_request_set_sync_tfm(req, tkey->tx_tfm_arc4);
348 		skcipher_request_set_callback(req, 0, NULL, NULL);
349 		skcipher_request_set_crypt(req, &sg, &sg, len + 4, NULL);
350 		ret = crypto_skcipher_encrypt(req);
351 		skcipher_request_zero(req);
352 	}
353 
354 	tkey->tx_iv16++;
355 	if (tkey->tx_iv16 == 0) {
356 		tkey->tx_phase1_done = 0;
357 		tkey->tx_iv32++;
358 	}
359 
360 	if (!tcb_desc->bHwSec)
361 		return ret;
362 	else
363 		return 0;
364 
365 
366 }
367 
ieee80211_tkip_decrypt(struct sk_buff * skb,int hdr_len,void * priv)368 static int ieee80211_tkip_decrypt(struct sk_buff *skb, int hdr_len, void *priv)
369 {
370 	struct ieee80211_tkip_data *tkey = priv;
371 	u8 keyidx, *pos;
372 	u32 iv32;
373 	u16 iv16;
374 	struct rtl_80211_hdr_4addr *hdr;
375 	struct cb_desc *tcb_desc = (struct cb_desc *)(skb->cb + MAX_DEV_ADDR_SIZE);
376 	u8 rc4key[16];
377 	u8 icv[4];
378 	u32 crc;
379 	struct scatterlist sg;
380 	int plen;
381 	int err;
382 
383 	if (skb->len < hdr_len + 8 + 4)
384 		return -1;
385 
386 	hdr = (struct rtl_80211_hdr_4addr *)skb->data;
387 	pos = skb->data + hdr_len;
388 	keyidx = pos[3];
389 	if (!(keyidx & BIT(5))) {
390 		if (net_ratelimit()) {
391 			printk(KERN_DEBUG "TKIP: received packet without ExtIV"
392 			       " flag from %pM\n", hdr->addr2);
393 		}
394 		return -2;
395 	}
396 	keyidx >>= 6;
397 	if (tkey->key_idx != keyidx) {
398 		printk(KERN_DEBUG "TKIP: RX tkey->key_idx=%d frame "
399 		       "keyidx=%d priv=%p\n", tkey->key_idx, keyidx, priv);
400 		return -6;
401 	}
402 	if (!tkey->key_set) {
403 		if (net_ratelimit()) {
404 			printk(KERN_DEBUG "TKIP: received packet from %pM"
405 			       " with keyid=%d that does not have a configured"
406 			       " key\n", hdr->addr2, keyidx);
407 		}
408 		return -3;
409 	}
410 	iv16 = (pos[0] << 8) | pos[2];
411 	iv32 = pos[4] | (pos[5] << 8) | (pos[6] << 16) | (pos[7] << 24);
412 	pos += 8;
413 
414 	if (!tcb_desc->bHwSec) {
415 		SYNC_SKCIPHER_REQUEST_ON_STACK(req, tkey->rx_tfm_arc4);
416 
417 		if (iv32 < tkey->rx_iv32 ||
418 		(iv32 == tkey->rx_iv32 && iv16 <= tkey->rx_iv16)) {
419 			if (net_ratelimit()) {
420 				printk(KERN_DEBUG "TKIP: replay detected: STA=%pM"
421 				" previous TSC %08x%04x received TSC "
422 				"%08x%04x\n", hdr->addr2,
423 				tkey->rx_iv32, tkey->rx_iv16, iv32, iv16);
424 			}
425 			tkey->dot11RSNAStatsTKIPReplays++;
426 			return -4;
427 		}
428 
429 		if (iv32 != tkey->rx_iv32 || !tkey->rx_phase1_done) {
430 			tkip_mixing_phase1(tkey->rx_ttak, tkey->key, hdr->addr2, iv32);
431 			tkey->rx_phase1_done = 1;
432 		}
433 		tkip_mixing_phase2(rc4key, tkey->key, tkey->rx_ttak, iv16);
434 
435 		plen = skb->len - hdr_len - 12;
436 
437 		crypto_sync_skcipher_setkey(tkey->rx_tfm_arc4, rc4key, 16);
438 		sg_init_one(&sg, pos, plen + 4);
439 
440 		skcipher_request_set_sync_tfm(req, tkey->rx_tfm_arc4);
441 		skcipher_request_set_callback(req, 0, NULL, NULL);
442 		skcipher_request_set_crypt(req, &sg, &sg, plen + 4, NULL);
443 
444 		err = crypto_skcipher_decrypt(req);
445 		skcipher_request_zero(req);
446 		if (err) {
447 			if (net_ratelimit()) {
448 				printk(KERN_DEBUG ": TKIP: failed to decrypt "
449 						"received packet from %pM\n",
450 						hdr->addr2);
451 			}
452 			return -7;
453 		}
454 
455 		crc = ~crc32_le(~0, pos, plen);
456 		icv[0] = crc;
457 		icv[1] = crc >> 8;
458 		icv[2] = crc >> 16;
459 		icv[3] = crc >> 24;
460 
461 		if (memcmp(icv, pos + plen, 4) != 0) {
462 			if (iv32 != tkey->rx_iv32) {
463 				/*
464 				 * Previously cached Phase1 result was already
465 				 * lost, so it needs to be recalculated for the
466 				 * next packet.
467 				 */
468 				tkey->rx_phase1_done = 0;
469 			}
470 			if (net_ratelimit()) {
471 				printk(KERN_DEBUG "TKIP: ICV error detected: STA="
472 				"%pM\n", hdr->addr2);
473 			}
474 			tkey->dot11RSNAStatsTKIPICVErrors++;
475 			return -5;
476 		}
477 
478 	}
479 
480 	/*
481 	 * Update real counters only after Michael MIC verification has
482 	 * completed.
483 	 */
484 	tkey->rx_iv32_new = iv32;
485 	tkey->rx_iv16_new = iv16;
486 
487 	/* Remove IV and ICV */
488 	memmove(skb->data + 8, skb->data, hdr_len);
489 	skb_pull(skb, 8);
490 	skb_trim(skb, skb->len - 4);
491 
492 	return keyidx;
493 }
494 
michael_mic(struct crypto_shash * tfm_michael,u8 * key,u8 * hdr,u8 * data,size_t data_len,u8 * mic)495 static int michael_mic(struct crypto_shash *tfm_michael, u8 *key, u8 *hdr,
496 		       u8 *data, size_t data_len, u8 *mic)
497 {
498 	SHASH_DESC_ON_STACK(desc, tfm_michael);
499 	int err;
500 
501 	desc->tfm = tfm_michael;
502 
503 	if (crypto_shash_setkey(tfm_michael, key, 8))
504 		return -1;
505 
506 	err = crypto_shash_init(desc);
507 	if (err)
508 		goto out;
509 	err = crypto_shash_update(desc, hdr, 16);
510 	if (err)
511 		goto out;
512 	err = crypto_shash_update(desc, data, data_len);
513 	if (err)
514 		goto out;
515 	err = crypto_shash_final(desc, mic);
516 
517 out:
518 	shash_desc_zero(desc);
519 	return err;
520 }
521 
michael_mic_hdr(struct sk_buff * skb,u8 * hdr)522 static void michael_mic_hdr(struct sk_buff *skb, u8 *hdr)
523 {
524 	struct rtl_80211_hdr_4addr *hdr11;
525 
526 	hdr11 = (struct rtl_80211_hdr_4addr *)skb->data;
527 	switch (le16_to_cpu(hdr11->frame_ctl) &
528 		(IEEE80211_FCTL_FROMDS | IEEE80211_FCTL_TODS)) {
529 	case IEEE80211_FCTL_TODS:
530 		memcpy(hdr, hdr11->addr3, ETH_ALEN); /* DA */
531 		memcpy(hdr + ETH_ALEN, hdr11->addr2, ETH_ALEN); /* SA */
532 		break;
533 	case IEEE80211_FCTL_FROMDS:
534 		memcpy(hdr, hdr11->addr1, ETH_ALEN); /* DA */
535 		memcpy(hdr + ETH_ALEN, hdr11->addr3, ETH_ALEN); /* SA */
536 		break;
537 	case IEEE80211_FCTL_FROMDS | IEEE80211_FCTL_TODS:
538 		memcpy(hdr, hdr11->addr3, ETH_ALEN); /* DA */
539 		memcpy(hdr + ETH_ALEN, hdr11->addr4, ETH_ALEN); /* SA */
540 		break;
541 	default:
542 		memcpy(hdr, hdr11->addr1, ETH_ALEN); /* DA */
543 		memcpy(hdr + ETH_ALEN, hdr11->addr2, ETH_ALEN); /* SA */
544 		break;
545 	}
546 
547 	hdr[12] = 0; /* priority */
548 
549 	hdr[13] = hdr[14] = hdr[15] = 0; /* reserved */
550 }
551 
552 
ieee80211_michael_mic_add(struct sk_buff * skb,int hdr_len,void * priv)553 static int ieee80211_michael_mic_add(struct sk_buff *skb, int hdr_len, void *priv)
554 {
555 	struct ieee80211_tkip_data *tkey = priv;
556 	u8 *pos;
557 	struct rtl_80211_hdr_4addr *hdr;
558 
559 	hdr = (struct rtl_80211_hdr_4addr *)skb->data;
560 
561 	if (skb_tailroom(skb) < 8 || skb->len < hdr_len) {
562 		printk(KERN_DEBUG "Invalid packet for Michael MIC add "
563 		       "(tailroom=%d hdr_len=%d skb->len=%d)\n",
564 		       skb_tailroom(skb), hdr_len, skb->len);
565 		return -1;
566 	}
567 
568 	michael_mic_hdr(skb, tkey->tx_hdr);
569 
570 	// { david, 2006.9.1
571 	// fix the wpa process with wmm enabled.
572 	if (IEEE80211_QOS_HAS_SEQ(le16_to_cpu(hdr->frame_ctl)))
573 		tkey->tx_hdr[12] = *(skb->data + hdr_len - 2) & 0x07;
574 	// }
575 	pos = skb_put(skb, 8);
576 
577 	if (michael_mic(tkey->tx_tfm_michael, &tkey->key[16], tkey->tx_hdr,
578 				skb->data + hdr_len, skb->len - 8 - hdr_len, pos))
579 		return -1;
580 
581 	return 0;
582 }
583 
ieee80211_michael_mic_failure(struct net_device * dev,struct rtl_80211_hdr_4addr * hdr,int keyidx)584 static void ieee80211_michael_mic_failure(struct net_device *dev,
585 				       struct rtl_80211_hdr_4addr *hdr,
586 				       int keyidx)
587 {
588 	union iwreq_data wrqu;
589 	struct iw_michaelmicfailure ev;
590 
591 	/* TODO: needed parameters: count, keyid, key type, TSC */
592 	memset(&ev, 0, sizeof(ev));
593 	ev.flags = keyidx & IW_MICFAILURE_KEY_ID;
594 	if (hdr->addr1[0] & 0x01)
595 		ev.flags |= IW_MICFAILURE_GROUP;
596 	else
597 		ev.flags |= IW_MICFAILURE_PAIRWISE;
598 	ev.src_addr.sa_family = ARPHRD_ETHER;
599 	memcpy(ev.src_addr.sa_data, hdr->addr2, ETH_ALEN);
600 	memset(&wrqu, 0, sizeof(wrqu));
601 	wrqu.data.length = sizeof(ev);
602 	wireless_send_event(dev, IWEVMICHAELMICFAILURE, &wrqu, (char *)&ev);
603 }
604 
ieee80211_michael_mic_verify(struct sk_buff * skb,int keyidx,int hdr_len,void * priv)605 static int ieee80211_michael_mic_verify(struct sk_buff *skb, int keyidx,
606 					int hdr_len, void *priv)
607 {
608 	struct ieee80211_tkip_data *tkey = priv;
609 	u8 mic[8];
610 	struct rtl_80211_hdr_4addr *hdr;
611 
612 	hdr = (struct rtl_80211_hdr_4addr *)skb->data;
613 
614 	if (!tkey->key_set)
615 		return -1;
616 
617 	michael_mic_hdr(skb, tkey->rx_hdr);
618 	// { david, 2006.9.1
619 	// fix the wpa process with wmm enabled.
620 	if (IEEE80211_QOS_HAS_SEQ(le16_to_cpu(hdr->frame_ctl)))
621 		tkey->rx_hdr[12] = *(skb->data + hdr_len - 2) & 0x07;
622 	// }
623 
624 	if (michael_mic(tkey->rx_tfm_michael, &tkey->key[24], tkey->rx_hdr,
625 			skb->data + hdr_len, skb->len - 8 - hdr_len, mic))
626 		return -1;
627 	if (memcmp(mic, skb->data + skb->len - 8, 8) != 0) {
628 		struct rtl_80211_hdr_4addr *hdr;
629 		hdr = (struct rtl_80211_hdr_4addr *)skb->data;
630 
631 		printk(KERN_DEBUG "%s: Michael MIC verification failed for "
632 		       "MSDU from %pM keyidx=%d\n",
633 		       skb->dev ? skb->dev->name : "N/A", hdr->addr2,
634 		       keyidx);
635 		if (skb->dev)
636 			ieee80211_michael_mic_failure(skb->dev, hdr, keyidx);
637 		tkey->dot11RSNAStatsTKIPLocalMICFailures++;
638 		return -1;
639 	}
640 
641 	/*
642 	 * Update TSC counters for RX now that the packet verification has
643 	 * completed.
644 	 */
645 	tkey->rx_iv32 = tkey->rx_iv32_new;
646 	tkey->rx_iv16 = tkey->rx_iv16_new;
647 
648 	skb_trim(skb, skb->len - 8);
649 
650 	return 0;
651 }
652 
653 
ieee80211_tkip_set_key(void * key,int len,u8 * seq,void * priv)654 static int ieee80211_tkip_set_key(void *key, int len, u8 *seq, void *priv)
655 {
656 	struct ieee80211_tkip_data *tkey = priv;
657 	int keyidx;
658 	struct crypto_shash *tfm = tkey->tx_tfm_michael;
659 	struct crypto_sync_skcipher *tfm2 = tkey->tx_tfm_arc4;
660 	struct crypto_shash *tfm3 = tkey->rx_tfm_michael;
661 	struct crypto_sync_skcipher *tfm4 = tkey->rx_tfm_arc4;
662 
663 	keyidx = tkey->key_idx;
664 	memset(tkey, 0, sizeof(*tkey));
665 	tkey->key_idx = keyidx;
666 	tkey->tx_tfm_michael = tfm;
667 	tkey->tx_tfm_arc4 = tfm2;
668 	tkey->rx_tfm_michael = tfm3;
669 	tkey->rx_tfm_arc4 = tfm4;
670 
671 	if (len == TKIP_KEY_LEN) {
672 		memcpy(tkey->key, key, TKIP_KEY_LEN);
673 		tkey->key_set = 1;
674 		tkey->tx_iv16 = 1; /* TSC is initialized to 1 */
675 		if (seq) {
676 			tkey->rx_iv32 = (seq[5] << 24) | (seq[4] << 16) |
677 				(seq[3] << 8) | seq[2];
678 			tkey->rx_iv16 = (seq[1] << 8) | seq[0];
679 		}
680 	} else if (len == 0)
681 		tkey->key_set = 0;
682 	else
683 		return -1;
684 
685 	return 0;
686 }
687 
688 
ieee80211_tkip_get_key(void * key,int len,u8 * seq,void * priv)689 static int ieee80211_tkip_get_key(void *key, int len, u8 *seq, void *priv)
690 {
691 	struct ieee80211_tkip_data *tkey = priv;
692 
693 	if (len < TKIP_KEY_LEN)
694 		return -1;
695 
696 	if (!tkey->key_set)
697 		return 0;
698 	memcpy(key, tkey->key, TKIP_KEY_LEN);
699 
700 	if (seq) {
701 		/* Return the sequence number of the last transmitted frame. */
702 		u16 iv16 = tkey->tx_iv16;
703 		u32 iv32 = tkey->tx_iv32;
704 
705 		if (iv16 == 0)
706 			iv32--;
707 		iv16--;
708 		seq[0] = tkey->tx_iv16;
709 		seq[1] = tkey->tx_iv16 >> 8;
710 		seq[2] = tkey->tx_iv32;
711 		seq[3] = tkey->tx_iv32 >> 8;
712 		seq[4] = tkey->tx_iv32 >> 16;
713 		seq[5] = tkey->tx_iv32 >> 24;
714 	}
715 
716 	return TKIP_KEY_LEN;
717 }
718 
719 
ieee80211_tkip_print_stats(char * p,void * priv)720 static char *ieee80211_tkip_print_stats(char *p, void *priv)
721 {
722 	struct ieee80211_tkip_data *tkip = priv;
723 
724 	p += sprintf(p, "key[%d] alg=TKIP key_set=%d "
725 		     "tx_pn=%02x%02x%02x%02x%02x%02x "
726 		     "rx_pn=%02x%02x%02x%02x%02x%02x "
727 		     "replays=%d icv_errors=%d local_mic_failures=%d\n",
728 		     tkip->key_idx, tkip->key_set,
729 		     (tkip->tx_iv32 >> 24) & 0xff,
730 		     (tkip->tx_iv32 >> 16) & 0xff,
731 		     (tkip->tx_iv32 >> 8) & 0xff,
732 		     tkip->tx_iv32 & 0xff,
733 		     (tkip->tx_iv16 >> 8) & 0xff,
734 		     tkip->tx_iv16 & 0xff,
735 		     (tkip->rx_iv32 >> 24) & 0xff,
736 		     (tkip->rx_iv32 >> 16) & 0xff,
737 		     (tkip->rx_iv32 >> 8) & 0xff,
738 		     tkip->rx_iv32 & 0xff,
739 		     (tkip->rx_iv16 >> 8) & 0xff,
740 		     tkip->rx_iv16 & 0xff,
741 		     tkip->dot11RSNAStatsTKIPReplays,
742 		     tkip->dot11RSNAStatsTKIPICVErrors,
743 		     tkip->dot11RSNAStatsTKIPLocalMICFailures);
744 	return p;
745 }
746 
747 
748 static struct ieee80211_crypto_ops ieee80211_crypt_tkip = {
749 	.name			= "TKIP",
750 	.init			= ieee80211_tkip_init,
751 	.deinit			= ieee80211_tkip_deinit,
752 	.encrypt_mpdu		= ieee80211_tkip_encrypt,
753 	.decrypt_mpdu		= ieee80211_tkip_decrypt,
754 	.encrypt_msdu		= ieee80211_michael_mic_add,
755 	.decrypt_msdu		= ieee80211_michael_mic_verify,
756 	.set_key		= ieee80211_tkip_set_key,
757 	.get_key		= ieee80211_tkip_get_key,
758 	.print_stats		= ieee80211_tkip_print_stats,
759 	.extra_prefix_len	= 4 + 4, /* IV + ExtIV */
760 	.extra_postfix_len	= 8 + 4, /* MIC + ICV */
761 	.owner			= THIS_MODULE,
762 };
763 
ieee80211_crypto_tkip_init(void)764 int __init ieee80211_crypto_tkip_init(void)
765 {
766 	return ieee80211_register_crypto_ops(&ieee80211_crypt_tkip);
767 }
768 
ieee80211_crypto_tkip_exit(void)769 void __exit ieee80211_crypto_tkip_exit(void)
770 {
771 	ieee80211_unregister_crypto_ops(&ieee80211_crypt_tkip);
772 }
773 
ieee80211_tkip_null(void)774 void ieee80211_tkip_null(void)
775 {
776 //    printk("============>%s()\n", __func__);
777 	return;
778 }
779