1 /*
2 * lib80211 crypt: host-based TKIP encryption implementation for lib80211
3 *
4 * Copyright (c) 2003-2004, Jouni Malinen <j@w1.fi>
5 * Copyright (c) 2008, John W. Linville <linville@tuxdriver.com>
6 *
7 * This program is free software; you can redistribute it and/or modify
8 * it under the terms of the GNU General Public License version 2 as
9 * published by the Free Software Foundation. See README and COPYING for
10 * more details.
11 */
12
13 #define pr_fmt(fmt) KBUILD_MODNAME ": " fmt
14
15 #include <linux/err.h>
16 #include <linux/module.h>
17 #include <linux/init.h>
18 #include <linux/slab.h>
19 #include <linux/random.h>
20 #include <linux/scatterlist.h>
21 #include <linux/skbuff.h>
22 #include <linux/netdevice.h>
23 #include <linux/mm.h>
24 #include <linux/if_ether.h>
25 #include <linux/if_arp.h>
26 #include <asm/string.h>
27
28 #include <linux/wireless.h>
29 #include <linux/ieee80211.h>
30 #include <net/iw_handler.h>
31
32 #include <crypto/hash.h>
33 #include <crypto/skcipher.h>
34 #include <linux/crc32.h>
35
36 #include <net/lib80211.h>
37
38 MODULE_AUTHOR("Jouni Malinen");
39 MODULE_DESCRIPTION("lib80211 crypt: TKIP");
40 MODULE_LICENSE("GPL");
41
42 #define TKIP_HDR_LEN 8
43
44 struct lib80211_tkip_data {
45 #define TKIP_KEY_LEN 32
46 u8 key[TKIP_KEY_LEN];
47 int key_set;
48
49 u32 tx_iv32;
50 u16 tx_iv16;
51 u16 tx_ttak[5];
52 int tx_phase1_done;
53
54 u32 rx_iv32;
55 u16 rx_iv16;
56 u16 rx_ttak[5];
57 int rx_phase1_done;
58 u32 rx_iv32_new;
59 u16 rx_iv16_new;
60
61 u32 dot11RSNAStatsTKIPReplays;
62 u32 dot11RSNAStatsTKIPICVErrors;
63 u32 dot11RSNAStatsTKIPLocalMICFailures;
64
65 int key_idx;
66
67 struct crypto_skcipher *rx_tfm_arc4;
68 struct crypto_shash *rx_tfm_michael;
69 struct crypto_skcipher *tx_tfm_arc4;
70 struct crypto_shash *tx_tfm_michael;
71
72 /* scratch buffers for virt_to_page() (crypto API) */
73 u8 rx_hdr[16], tx_hdr[16];
74
75 unsigned long flags;
76 };
77
lib80211_tkip_set_flags(unsigned long flags,void * priv)78 static unsigned long lib80211_tkip_set_flags(unsigned long flags, void *priv)
79 {
80 struct lib80211_tkip_data *_priv = priv;
81 unsigned long old_flags = _priv->flags;
82 _priv->flags = flags;
83 return old_flags;
84 }
85
lib80211_tkip_get_flags(void * priv)86 static unsigned long lib80211_tkip_get_flags(void *priv)
87 {
88 struct lib80211_tkip_data *_priv = priv;
89 return _priv->flags;
90 }
91
lib80211_tkip_init(int key_idx)92 static void *lib80211_tkip_init(int key_idx)
93 {
94 struct lib80211_tkip_data *priv;
95
96 priv = kzalloc(sizeof(*priv), GFP_ATOMIC);
97 if (priv == NULL)
98 goto fail;
99
100 priv->key_idx = key_idx;
101
102 priv->tx_tfm_arc4 = crypto_alloc_skcipher("ecb(arc4)", 0,
103 CRYPTO_ALG_ASYNC);
104 if (IS_ERR(priv->tx_tfm_arc4)) {
105 priv->tx_tfm_arc4 = NULL;
106 goto fail;
107 }
108
109 priv->tx_tfm_michael = crypto_alloc_shash("michael_mic", 0, 0);
110 if (IS_ERR(priv->tx_tfm_michael)) {
111 priv->tx_tfm_michael = NULL;
112 goto fail;
113 }
114
115 priv->rx_tfm_arc4 = crypto_alloc_skcipher("ecb(arc4)", 0,
116 CRYPTO_ALG_ASYNC);
117 if (IS_ERR(priv->rx_tfm_arc4)) {
118 priv->rx_tfm_arc4 = NULL;
119 goto fail;
120 }
121
122 priv->rx_tfm_michael = crypto_alloc_shash("michael_mic", 0, 0);
123 if (IS_ERR(priv->rx_tfm_michael)) {
124 priv->rx_tfm_michael = NULL;
125 goto fail;
126 }
127
128 return priv;
129
130 fail:
131 if (priv) {
132 crypto_free_shash(priv->tx_tfm_michael);
133 crypto_free_skcipher(priv->tx_tfm_arc4);
134 crypto_free_shash(priv->rx_tfm_michael);
135 crypto_free_skcipher(priv->rx_tfm_arc4);
136 kfree(priv);
137 }
138
139 return NULL;
140 }
141
lib80211_tkip_deinit(void * priv)142 static void lib80211_tkip_deinit(void *priv)
143 {
144 struct lib80211_tkip_data *_priv = priv;
145 if (_priv) {
146 crypto_free_shash(_priv->tx_tfm_michael);
147 crypto_free_skcipher(_priv->tx_tfm_arc4);
148 crypto_free_shash(_priv->rx_tfm_michael);
149 crypto_free_skcipher(_priv->rx_tfm_arc4);
150 }
151 kfree(priv);
152 }
153
RotR1(u16 val)154 static inline u16 RotR1(u16 val)
155 {
156 return (val >> 1) | (val << 15);
157 }
158
Lo8(u16 val)159 static inline u8 Lo8(u16 val)
160 {
161 return val & 0xff;
162 }
163
Hi8(u16 val)164 static inline u8 Hi8(u16 val)
165 {
166 return val >> 8;
167 }
168
Lo16(u32 val)169 static inline u16 Lo16(u32 val)
170 {
171 return val & 0xffff;
172 }
173
Hi16(u32 val)174 static inline u16 Hi16(u32 val)
175 {
176 return val >> 16;
177 }
178
Mk16(u8 hi,u8 lo)179 static inline u16 Mk16(u8 hi, u8 lo)
180 {
181 return lo | (((u16) hi) << 8);
182 }
183
Mk16_le(__le16 * v)184 static inline u16 Mk16_le(__le16 * v)
185 {
186 return le16_to_cpu(*v);
187 }
188
189 static const u16 Sbox[256] = {
190 0xC6A5, 0xF884, 0xEE99, 0xF68D, 0xFF0D, 0xD6BD, 0xDEB1, 0x9154,
191 0x6050, 0x0203, 0xCEA9, 0x567D, 0xE719, 0xB562, 0x4DE6, 0xEC9A,
192 0x8F45, 0x1F9D, 0x8940, 0xFA87, 0xEF15, 0xB2EB, 0x8EC9, 0xFB0B,
193 0x41EC, 0xB367, 0x5FFD, 0x45EA, 0x23BF, 0x53F7, 0xE496, 0x9B5B,
194 0x75C2, 0xE11C, 0x3DAE, 0x4C6A, 0x6C5A, 0x7E41, 0xF502, 0x834F,
195 0x685C, 0x51F4, 0xD134, 0xF908, 0xE293, 0xAB73, 0x6253, 0x2A3F,
196 0x080C, 0x9552, 0x4665, 0x9D5E, 0x3028, 0x37A1, 0x0A0F, 0x2FB5,
197 0x0E09, 0x2436, 0x1B9B, 0xDF3D, 0xCD26, 0x4E69, 0x7FCD, 0xEA9F,
198 0x121B, 0x1D9E, 0x5874, 0x342E, 0x362D, 0xDCB2, 0xB4EE, 0x5BFB,
199 0xA4F6, 0x764D, 0xB761, 0x7DCE, 0x527B, 0xDD3E, 0x5E71, 0x1397,
200 0xA6F5, 0xB968, 0x0000, 0xC12C, 0x4060, 0xE31F, 0x79C8, 0xB6ED,
201 0xD4BE, 0x8D46, 0x67D9, 0x724B, 0x94DE, 0x98D4, 0xB0E8, 0x854A,
202 0xBB6B, 0xC52A, 0x4FE5, 0xED16, 0x86C5, 0x9AD7, 0x6655, 0x1194,
203 0x8ACF, 0xE910, 0x0406, 0xFE81, 0xA0F0, 0x7844, 0x25BA, 0x4BE3,
204 0xA2F3, 0x5DFE, 0x80C0, 0x058A, 0x3FAD, 0x21BC, 0x7048, 0xF104,
205 0x63DF, 0x77C1, 0xAF75, 0x4263, 0x2030, 0xE51A, 0xFD0E, 0xBF6D,
206 0x814C, 0x1814, 0x2635, 0xC32F, 0xBEE1, 0x35A2, 0x88CC, 0x2E39,
207 0x9357, 0x55F2, 0xFC82, 0x7A47, 0xC8AC, 0xBAE7, 0x322B, 0xE695,
208 0xC0A0, 0x1998, 0x9ED1, 0xA37F, 0x4466, 0x547E, 0x3BAB, 0x0B83,
209 0x8CCA, 0xC729, 0x6BD3, 0x283C, 0xA779, 0xBCE2, 0x161D, 0xAD76,
210 0xDB3B, 0x6456, 0x744E, 0x141E, 0x92DB, 0x0C0A, 0x486C, 0xB8E4,
211 0x9F5D, 0xBD6E, 0x43EF, 0xC4A6, 0x39A8, 0x31A4, 0xD337, 0xF28B,
212 0xD532, 0x8B43, 0x6E59, 0xDAB7, 0x018C, 0xB164, 0x9CD2, 0x49E0,
213 0xD8B4, 0xACFA, 0xF307, 0xCF25, 0xCAAF, 0xF48E, 0x47E9, 0x1018,
214 0x6FD5, 0xF088, 0x4A6F, 0x5C72, 0x3824, 0x57F1, 0x73C7, 0x9751,
215 0xCB23, 0xA17C, 0xE89C, 0x3E21, 0x96DD, 0x61DC, 0x0D86, 0x0F85,
216 0xE090, 0x7C42, 0x71C4, 0xCCAA, 0x90D8, 0x0605, 0xF701, 0x1C12,
217 0xC2A3, 0x6A5F, 0xAEF9, 0x69D0, 0x1791, 0x9958, 0x3A27, 0x27B9,
218 0xD938, 0xEB13, 0x2BB3, 0x2233, 0xD2BB, 0xA970, 0x0789, 0x33A7,
219 0x2DB6, 0x3C22, 0x1592, 0xC920, 0x8749, 0xAAFF, 0x5078, 0xA57A,
220 0x038F, 0x59F8, 0x0980, 0x1A17, 0x65DA, 0xD731, 0x84C6, 0xD0B8,
221 0x82C3, 0x29B0, 0x5A77, 0x1E11, 0x7BCB, 0xA8FC, 0x6DD6, 0x2C3A,
222 };
223
_S_(u16 v)224 static inline u16 _S_(u16 v)
225 {
226 u16 t = Sbox[Hi8(v)];
227 return Sbox[Lo8(v)] ^ ((t << 8) | (t >> 8));
228 }
229
230 #define PHASE1_LOOP_COUNT 8
231
tkip_mixing_phase1(u16 * TTAK,const u8 * TK,const u8 * TA,u32 IV32)232 static void tkip_mixing_phase1(u16 * TTAK, const u8 * TK, const u8 * TA,
233 u32 IV32)
234 {
235 int i, j;
236
237 /* Initialize the 80-bit TTAK from TSC (IV32) and TA[0..5] */
238 TTAK[0] = Lo16(IV32);
239 TTAK[1] = Hi16(IV32);
240 TTAK[2] = Mk16(TA[1], TA[0]);
241 TTAK[3] = Mk16(TA[3], TA[2]);
242 TTAK[4] = Mk16(TA[5], TA[4]);
243
244 for (i = 0; i < PHASE1_LOOP_COUNT; i++) {
245 j = 2 * (i & 1);
246 TTAK[0] += _S_(TTAK[4] ^ Mk16(TK[1 + j], TK[0 + j]));
247 TTAK[1] += _S_(TTAK[0] ^ Mk16(TK[5 + j], TK[4 + j]));
248 TTAK[2] += _S_(TTAK[1] ^ Mk16(TK[9 + j], TK[8 + j]));
249 TTAK[3] += _S_(TTAK[2] ^ Mk16(TK[13 + j], TK[12 + j]));
250 TTAK[4] += _S_(TTAK[3] ^ Mk16(TK[1 + j], TK[0 + j])) + i;
251 }
252 }
253
tkip_mixing_phase2(u8 * WEPSeed,const u8 * TK,const u16 * TTAK,u16 IV16)254 static void tkip_mixing_phase2(u8 * WEPSeed, const u8 * TK, const u16 * TTAK,
255 u16 IV16)
256 {
257 /* Make temporary area overlap WEP seed so that the final copy can be
258 * avoided on little endian hosts. */
259 u16 *PPK = (u16 *) & WEPSeed[4];
260
261 /* Step 1 - make copy of TTAK and bring in TSC */
262 PPK[0] = TTAK[0];
263 PPK[1] = TTAK[1];
264 PPK[2] = TTAK[2];
265 PPK[3] = TTAK[3];
266 PPK[4] = TTAK[4];
267 PPK[5] = TTAK[4] + IV16;
268
269 /* Step 2 - 96-bit bijective mixing using S-box */
270 PPK[0] += _S_(PPK[5] ^ Mk16_le((__le16 *) & TK[0]));
271 PPK[1] += _S_(PPK[0] ^ Mk16_le((__le16 *) & TK[2]));
272 PPK[2] += _S_(PPK[1] ^ Mk16_le((__le16 *) & TK[4]));
273 PPK[3] += _S_(PPK[2] ^ Mk16_le((__le16 *) & TK[6]));
274 PPK[4] += _S_(PPK[3] ^ Mk16_le((__le16 *) & TK[8]));
275 PPK[5] += _S_(PPK[4] ^ Mk16_le((__le16 *) & TK[10]));
276
277 PPK[0] += RotR1(PPK[5] ^ Mk16_le((__le16 *) & TK[12]));
278 PPK[1] += RotR1(PPK[0] ^ Mk16_le((__le16 *) & TK[14]));
279 PPK[2] += RotR1(PPK[1]);
280 PPK[3] += RotR1(PPK[2]);
281 PPK[4] += RotR1(PPK[3]);
282 PPK[5] += RotR1(PPK[4]);
283
284 /* Step 3 - bring in last of TK bits, assign 24-bit WEP IV value
285 * WEPSeed[0..2] is transmitted as WEP IV */
286 WEPSeed[0] = Hi8(IV16);
287 WEPSeed[1] = (Hi8(IV16) | 0x20) & 0x7F;
288 WEPSeed[2] = Lo8(IV16);
289 WEPSeed[3] = Lo8((PPK[5] ^ Mk16_le((__le16 *) & TK[0])) >> 1);
290
291 #ifdef __BIG_ENDIAN
292 {
293 int i;
294 for (i = 0; i < 6; i++)
295 PPK[i] = (PPK[i] << 8) | (PPK[i] >> 8);
296 }
297 #endif
298 }
299
lib80211_tkip_hdr(struct sk_buff * skb,int hdr_len,u8 * rc4key,int keylen,void * priv)300 static int lib80211_tkip_hdr(struct sk_buff *skb, int hdr_len,
301 u8 * rc4key, int keylen, void *priv)
302 {
303 struct lib80211_tkip_data *tkey = priv;
304 u8 *pos;
305 struct ieee80211_hdr *hdr;
306
307 hdr = (struct ieee80211_hdr *)skb->data;
308
309 if (skb_headroom(skb) < TKIP_HDR_LEN || skb->len < hdr_len)
310 return -1;
311
312 if (rc4key == NULL || keylen < 16)
313 return -1;
314
315 if (!tkey->tx_phase1_done) {
316 tkip_mixing_phase1(tkey->tx_ttak, tkey->key, hdr->addr2,
317 tkey->tx_iv32);
318 tkey->tx_phase1_done = 1;
319 }
320 tkip_mixing_phase2(rc4key, tkey->key, tkey->tx_ttak, tkey->tx_iv16);
321
322 pos = skb_push(skb, TKIP_HDR_LEN);
323 memmove(pos, pos + TKIP_HDR_LEN, hdr_len);
324 pos += hdr_len;
325
326 *pos++ = *rc4key;
327 *pos++ = *(rc4key + 1);
328 *pos++ = *(rc4key + 2);
329 *pos++ = (tkey->key_idx << 6) | (1 << 5) /* Ext IV included */ ;
330 *pos++ = tkey->tx_iv32 & 0xff;
331 *pos++ = (tkey->tx_iv32 >> 8) & 0xff;
332 *pos++ = (tkey->tx_iv32 >> 16) & 0xff;
333 *pos++ = (tkey->tx_iv32 >> 24) & 0xff;
334
335 tkey->tx_iv16++;
336 if (tkey->tx_iv16 == 0) {
337 tkey->tx_phase1_done = 0;
338 tkey->tx_iv32++;
339 }
340
341 return TKIP_HDR_LEN;
342 }
343
lib80211_tkip_encrypt(struct sk_buff * skb,int hdr_len,void * priv)344 static int lib80211_tkip_encrypt(struct sk_buff *skb, int hdr_len, void *priv)
345 {
346 struct lib80211_tkip_data *tkey = priv;
347 SKCIPHER_REQUEST_ON_STACK(req, tkey->tx_tfm_arc4);
348 int len;
349 u8 rc4key[16], *pos, *icv;
350 u32 crc;
351 struct scatterlist sg;
352 int err;
353
354 if (tkey->flags & IEEE80211_CRYPTO_TKIP_COUNTERMEASURES) {
355 struct ieee80211_hdr *hdr = (struct ieee80211_hdr *)skb->data;
356 net_dbg_ratelimited("TKIP countermeasures: dropped TX packet to %pM\n",
357 hdr->addr1);
358 return -1;
359 }
360
361 if (skb_tailroom(skb) < 4 || skb->len < hdr_len)
362 return -1;
363
364 len = skb->len - hdr_len;
365 pos = skb->data + hdr_len;
366
367 if ((lib80211_tkip_hdr(skb, hdr_len, rc4key, 16, priv)) < 0)
368 return -1;
369
370 crc = ~crc32_le(~0, pos, len);
371 icv = skb_put(skb, 4);
372 icv[0] = crc;
373 icv[1] = crc >> 8;
374 icv[2] = crc >> 16;
375 icv[3] = crc >> 24;
376
377 crypto_skcipher_setkey(tkey->tx_tfm_arc4, rc4key, 16);
378 sg_init_one(&sg, pos, len + 4);
379 skcipher_request_set_tfm(req, tkey->tx_tfm_arc4);
380 skcipher_request_set_callback(req, 0, NULL, NULL);
381 skcipher_request_set_crypt(req, &sg, &sg, len + 4, NULL);
382 err = crypto_skcipher_encrypt(req);
383 skcipher_request_zero(req);
384 return err;
385 }
386
387 /*
388 * deal with seq counter wrapping correctly.
389 * refer to timer_after() for jiffies wrapping handling
390 */
tkip_replay_check(u32 iv32_n,u16 iv16_n,u32 iv32_o,u16 iv16_o)391 static inline int tkip_replay_check(u32 iv32_n, u16 iv16_n,
392 u32 iv32_o, u16 iv16_o)
393 {
394 if ((s32)iv32_n - (s32)iv32_o < 0 ||
395 (iv32_n == iv32_o && iv16_n <= iv16_o))
396 return 1;
397 return 0;
398 }
399
lib80211_tkip_decrypt(struct sk_buff * skb,int hdr_len,void * priv)400 static int lib80211_tkip_decrypt(struct sk_buff *skb, int hdr_len, void *priv)
401 {
402 struct lib80211_tkip_data *tkey = priv;
403 SKCIPHER_REQUEST_ON_STACK(req, tkey->rx_tfm_arc4);
404 u8 rc4key[16];
405 u8 keyidx, *pos;
406 u32 iv32;
407 u16 iv16;
408 struct ieee80211_hdr *hdr;
409 u8 icv[4];
410 u32 crc;
411 struct scatterlist sg;
412 int plen;
413 int err;
414
415 hdr = (struct ieee80211_hdr *)skb->data;
416
417 if (tkey->flags & IEEE80211_CRYPTO_TKIP_COUNTERMEASURES) {
418 net_dbg_ratelimited("TKIP countermeasures: dropped received packet from %pM\n",
419 hdr->addr2);
420 return -1;
421 }
422
423 if (skb->len < hdr_len + TKIP_HDR_LEN + 4)
424 return -1;
425
426 pos = skb->data + hdr_len;
427 keyidx = pos[3];
428 if (!(keyidx & (1 << 5))) {
429 net_dbg_ratelimited("TKIP: received packet without ExtIV flag from %pM\n",
430 hdr->addr2);
431 return -2;
432 }
433 keyidx >>= 6;
434 if (tkey->key_idx != keyidx) {
435 net_dbg_ratelimited("TKIP: RX tkey->key_idx=%d frame keyidx=%d\n",
436 tkey->key_idx, keyidx);
437 return -6;
438 }
439 if (!tkey->key_set) {
440 net_dbg_ratelimited("TKIP: received packet from %pM with keyid=%d that does not have a configured key\n",
441 hdr->addr2, keyidx);
442 return -3;
443 }
444 iv16 = (pos[0] << 8) | pos[2];
445 iv32 = pos[4] | (pos[5] << 8) | (pos[6] << 16) | (pos[7] << 24);
446 pos += TKIP_HDR_LEN;
447
448 if (tkip_replay_check(iv32, iv16, tkey->rx_iv32, tkey->rx_iv16)) {
449 #ifdef CONFIG_LIB80211_DEBUG
450 net_dbg_ratelimited("TKIP: replay detected: STA=%pM previous TSC %08x%04x received TSC %08x%04x\n",
451 hdr->addr2, tkey->rx_iv32, tkey->rx_iv16,
452 iv32, iv16);
453 #endif
454 tkey->dot11RSNAStatsTKIPReplays++;
455 return -4;
456 }
457
458 if (iv32 != tkey->rx_iv32 || !tkey->rx_phase1_done) {
459 tkip_mixing_phase1(tkey->rx_ttak, tkey->key, hdr->addr2, iv32);
460 tkey->rx_phase1_done = 1;
461 }
462 tkip_mixing_phase2(rc4key, tkey->key, tkey->rx_ttak, iv16);
463
464 plen = skb->len - hdr_len - 12;
465
466 crypto_skcipher_setkey(tkey->rx_tfm_arc4, rc4key, 16);
467 sg_init_one(&sg, pos, plen + 4);
468 skcipher_request_set_tfm(req, tkey->rx_tfm_arc4);
469 skcipher_request_set_callback(req, 0, NULL, NULL);
470 skcipher_request_set_crypt(req, &sg, &sg, plen + 4, NULL);
471 err = crypto_skcipher_decrypt(req);
472 skcipher_request_zero(req);
473 if (err) {
474 net_dbg_ratelimited("TKIP: failed to decrypt received packet from %pM\n",
475 hdr->addr2);
476 return -7;
477 }
478
479 crc = ~crc32_le(~0, pos, plen);
480 icv[0] = crc;
481 icv[1] = crc >> 8;
482 icv[2] = crc >> 16;
483 icv[3] = crc >> 24;
484 if (memcmp(icv, pos + plen, 4) != 0) {
485 if (iv32 != tkey->rx_iv32) {
486 /* Previously cached Phase1 result was already lost, so
487 * it needs to be recalculated for the next packet. */
488 tkey->rx_phase1_done = 0;
489 }
490 #ifdef CONFIG_LIB80211_DEBUG
491 net_dbg_ratelimited("TKIP: ICV error detected: STA=%pM\n",
492 hdr->addr2);
493 #endif
494 tkey->dot11RSNAStatsTKIPICVErrors++;
495 return -5;
496 }
497
498 /* Update real counters only after Michael MIC verification has
499 * completed */
500 tkey->rx_iv32_new = iv32;
501 tkey->rx_iv16_new = iv16;
502
503 /* Remove IV and ICV */
504 memmove(skb->data + TKIP_HDR_LEN, skb->data, hdr_len);
505 skb_pull(skb, TKIP_HDR_LEN);
506 skb_trim(skb, skb->len - 4);
507
508 return keyidx;
509 }
510
michael_mic(struct crypto_shash * tfm_michael,u8 * key,u8 * hdr,u8 * data,size_t data_len,u8 * mic)511 static int michael_mic(struct crypto_shash *tfm_michael, u8 *key, u8 *hdr,
512 u8 *data, size_t data_len, u8 *mic)
513 {
514 SHASH_DESC_ON_STACK(desc, tfm_michael);
515 int err;
516
517 if (tfm_michael == NULL) {
518 pr_warn("%s(): tfm_michael == NULL\n", __func__);
519 return -1;
520 }
521
522 desc->tfm = tfm_michael;
523 desc->flags = 0;
524
525 if (crypto_shash_setkey(tfm_michael, key, 8))
526 return -1;
527
528 err = crypto_shash_init(desc);
529 if (err)
530 goto out;
531 err = crypto_shash_update(desc, hdr, 16);
532 if (err)
533 goto out;
534 err = crypto_shash_update(desc, data, data_len);
535 if (err)
536 goto out;
537 err = crypto_shash_final(desc, mic);
538
539 out:
540 shash_desc_zero(desc);
541 return err;
542 }
543
michael_mic_hdr(struct sk_buff * skb,u8 * hdr)544 static void michael_mic_hdr(struct sk_buff *skb, u8 * hdr)
545 {
546 struct ieee80211_hdr *hdr11;
547
548 hdr11 = (struct ieee80211_hdr *)skb->data;
549
550 switch (le16_to_cpu(hdr11->frame_control) &
551 (IEEE80211_FCTL_FROMDS | IEEE80211_FCTL_TODS)) {
552 case IEEE80211_FCTL_TODS:
553 memcpy(hdr, hdr11->addr3, ETH_ALEN); /* DA */
554 memcpy(hdr + ETH_ALEN, hdr11->addr2, ETH_ALEN); /* SA */
555 break;
556 case IEEE80211_FCTL_FROMDS:
557 memcpy(hdr, hdr11->addr1, ETH_ALEN); /* DA */
558 memcpy(hdr + ETH_ALEN, hdr11->addr3, ETH_ALEN); /* SA */
559 break;
560 case IEEE80211_FCTL_FROMDS | IEEE80211_FCTL_TODS:
561 memcpy(hdr, hdr11->addr3, ETH_ALEN); /* DA */
562 memcpy(hdr + ETH_ALEN, hdr11->addr4, ETH_ALEN); /* SA */
563 break;
564 default:
565 memcpy(hdr, hdr11->addr1, ETH_ALEN); /* DA */
566 memcpy(hdr + ETH_ALEN, hdr11->addr2, ETH_ALEN); /* SA */
567 break;
568 }
569
570 if (ieee80211_is_data_qos(hdr11->frame_control)) {
571 hdr[12] = le16_to_cpu(*((__le16 *)ieee80211_get_qos_ctl(hdr11)))
572 & IEEE80211_QOS_CTL_TID_MASK;
573 } else
574 hdr[12] = 0; /* priority */
575
576 hdr[13] = hdr[14] = hdr[15] = 0; /* reserved */
577 }
578
lib80211_michael_mic_add(struct sk_buff * skb,int hdr_len,void * priv)579 static int lib80211_michael_mic_add(struct sk_buff *skb, int hdr_len,
580 void *priv)
581 {
582 struct lib80211_tkip_data *tkey = priv;
583 u8 *pos;
584
585 if (skb_tailroom(skb) < 8 || skb->len < hdr_len) {
586 printk(KERN_DEBUG "Invalid packet for Michael MIC add "
587 "(tailroom=%d hdr_len=%d skb->len=%d)\n",
588 skb_tailroom(skb), hdr_len, skb->len);
589 return -1;
590 }
591
592 michael_mic_hdr(skb, tkey->tx_hdr);
593 pos = skb_put(skb, 8);
594 if (michael_mic(tkey->tx_tfm_michael, &tkey->key[16], tkey->tx_hdr,
595 skb->data + hdr_len, skb->len - 8 - hdr_len, pos))
596 return -1;
597
598 return 0;
599 }
600
lib80211_michael_mic_failure(struct net_device * dev,struct ieee80211_hdr * hdr,int keyidx)601 static void lib80211_michael_mic_failure(struct net_device *dev,
602 struct ieee80211_hdr *hdr,
603 int keyidx)
604 {
605 union iwreq_data wrqu;
606 struct iw_michaelmicfailure ev;
607
608 /* TODO: needed parameters: count, keyid, key type, TSC */
609 memset(&ev, 0, sizeof(ev));
610 ev.flags = keyidx & IW_MICFAILURE_KEY_ID;
611 if (hdr->addr1[0] & 0x01)
612 ev.flags |= IW_MICFAILURE_GROUP;
613 else
614 ev.flags |= IW_MICFAILURE_PAIRWISE;
615 ev.src_addr.sa_family = ARPHRD_ETHER;
616 memcpy(ev.src_addr.sa_data, hdr->addr2, ETH_ALEN);
617 memset(&wrqu, 0, sizeof(wrqu));
618 wrqu.data.length = sizeof(ev);
619 wireless_send_event(dev, IWEVMICHAELMICFAILURE, &wrqu, (char *)&ev);
620 }
621
lib80211_michael_mic_verify(struct sk_buff * skb,int keyidx,int hdr_len,void * priv)622 static int lib80211_michael_mic_verify(struct sk_buff *skb, int keyidx,
623 int hdr_len, void *priv)
624 {
625 struct lib80211_tkip_data *tkey = priv;
626 u8 mic[8];
627
628 if (!tkey->key_set)
629 return -1;
630
631 michael_mic_hdr(skb, tkey->rx_hdr);
632 if (michael_mic(tkey->rx_tfm_michael, &tkey->key[24], tkey->rx_hdr,
633 skb->data + hdr_len, skb->len - 8 - hdr_len, mic))
634 return -1;
635 if (memcmp(mic, skb->data + skb->len - 8, 8) != 0) {
636 struct ieee80211_hdr *hdr;
637 hdr = (struct ieee80211_hdr *)skb->data;
638 printk(KERN_DEBUG "%s: Michael MIC verification failed for "
639 "MSDU from %pM keyidx=%d\n",
640 skb->dev ? skb->dev->name : "N/A", hdr->addr2,
641 keyidx);
642 if (skb->dev)
643 lib80211_michael_mic_failure(skb->dev, hdr, keyidx);
644 tkey->dot11RSNAStatsTKIPLocalMICFailures++;
645 return -1;
646 }
647
648 /* Update TSC counters for RX now that the packet verification has
649 * completed. */
650 tkey->rx_iv32 = tkey->rx_iv32_new;
651 tkey->rx_iv16 = tkey->rx_iv16_new;
652
653 skb_trim(skb, skb->len - 8);
654
655 return 0;
656 }
657
lib80211_tkip_set_key(void * key,int len,u8 * seq,void * priv)658 static int lib80211_tkip_set_key(void *key, int len, u8 * seq, void *priv)
659 {
660 struct lib80211_tkip_data *tkey = priv;
661 int keyidx;
662 struct crypto_shash *tfm = tkey->tx_tfm_michael;
663 struct crypto_skcipher *tfm2 = tkey->tx_tfm_arc4;
664 struct crypto_shash *tfm3 = tkey->rx_tfm_michael;
665 struct crypto_skcipher *tfm4 = tkey->rx_tfm_arc4;
666
667 keyidx = tkey->key_idx;
668 memset(tkey, 0, sizeof(*tkey));
669 tkey->key_idx = keyidx;
670 tkey->tx_tfm_michael = tfm;
671 tkey->tx_tfm_arc4 = tfm2;
672 tkey->rx_tfm_michael = tfm3;
673 tkey->rx_tfm_arc4 = tfm4;
674 if (len == TKIP_KEY_LEN) {
675 memcpy(tkey->key, key, TKIP_KEY_LEN);
676 tkey->key_set = 1;
677 tkey->tx_iv16 = 1; /* TSC is initialized to 1 */
678 if (seq) {
679 tkey->rx_iv32 = (seq[5] << 24) | (seq[4] << 16) |
680 (seq[3] << 8) | seq[2];
681 tkey->rx_iv16 = (seq[1] << 8) | seq[0];
682 }
683 } else if (len == 0)
684 tkey->key_set = 0;
685 else
686 return -1;
687
688 return 0;
689 }
690
lib80211_tkip_get_key(void * key,int len,u8 * seq,void * priv)691 static int lib80211_tkip_get_key(void *key, int len, u8 * seq, void *priv)
692 {
693 struct lib80211_tkip_data *tkey = priv;
694
695 if (len < TKIP_KEY_LEN)
696 return -1;
697
698 if (!tkey->key_set)
699 return 0;
700 memcpy(key, tkey->key, TKIP_KEY_LEN);
701
702 if (seq) {
703 /* Return the sequence number of the last transmitted frame. */
704 u16 iv16 = tkey->tx_iv16;
705 u32 iv32 = tkey->tx_iv32;
706 if (iv16 == 0)
707 iv32--;
708 iv16--;
709 seq[0] = tkey->tx_iv16;
710 seq[1] = tkey->tx_iv16 >> 8;
711 seq[2] = tkey->tx_iv32;
712 seq[3] = tkey->tx_iv32 >> 8;
713 seq[4] = tkey->tx_iv32 >> 16;
714 seq[5] = tkey->tx_iv32 >> 24;
715 }
716
717 return TKIP_KEY_LEN;
718 }
719
lib80211_tkip_print_stats(struct seq_file * m,void * priv)720 static void lib80211_tkip_print_stats(struct seq_file *m, void *priv)
721 {
722 struct lib80211_tkip_data *tkip = priv;
723 seq_printf(m,
724 "key[%d] alg=TKIP key_set=%d "
725 "tx_pn=%02x%02x%02x%02x%02x%02x "
726 "rx_pn=%02x%02x%02x%02x%02x%02x "
727 "replays=%d icv_errors=%d local_mic_failures=%d\n",
728 tkip->key_idx, tkip->key_set,
729 (tkip->tx_iv32 >> 24) & 0xff,
730 (tkip->tx_iv32 >> 16) & 0xff,
731 (tkip->tx_iv32 >> 8) & 0xff,
732 tkip->tx_iv32 & 0xff,
733 (tkip->tx_iv16 >> 8) & 0xff,
734 tkip->tx_iv16 & 0xff,
735 (tkip->rx_iv32 >> 24) & 0xff,
736 (tkip->rx_iv32 >> 16) & 0xff,
737 (tkip->rx_iv32 >> 8) & 0xff,
738 tkip->rx_iv32 & 0xff,
739 (tkip->rx_iv16 >> 8) & 0xff,
740 tkip->rx_iv16 & 0xff,
741 tkip->dot11RSNAStatsTKIPReplays,
742 tkip->dot11RSNAStatsTKIPICVErrors,
743 tkip->dot11RSNAStatsTKIPLocalMICFailures);
744 }
745
746 static struct lib80211_crypto_ops lib80211_crypt_tkip = {
747 .name = "TKIP",
748 .init = lib80211_tkip_init,
749 .deinit = lib80211_tkip_deinit,
750 .encrypt_mpdu = lib80211_tkip_encrypt,
751 .decrypt_mpdu = lib80211_tkip_decrypt,
752 .encrypt_msdu = lib80211_michael_mic_add,
753 .decrypt_msdu = lib80211_michael_mic_verify,
754 .set_key = lib80211_tkip_set_key,
755 .get_key = lib80211_tkip_get_key,
756 .print_stats = lib80211_tkip_print_stats,
757 .extra_mpdu_prefix_len = 4 + 4, /* IV + ExtIV */
758 .extra_mpdu_postfix_len = 4, /* ICV */
759 .extra_msdu_postfix_len = 8, /* MIC */
760 .get_flags = lib80211_tkip_get_flags,
761 .set_flags = lib80211_tkip_set_flags,
762 .owner = THIS_MODULE,
763 };
764
lib80211_crypto_tkip_init(void)765 static int __init lib80211_crypto_tkip_init(void)
766 {
767 return lib80211_register_crypto_ops(&lib80211_crypt_tkip);
768 }
769
lib80211_crypto_tkip_exit(void)770 static void __exit lib80211_crypto_tkip_exit(void)
771 {
772 lib80211_unregister_crypto_ops(&lib80211_crypt_tkip);
773 }
774
775 module_init(lib80211_crypto_tkip_init);
776 module_exit(lib80211_crypto_tkip_exit);
777
