]> git.proxmox.com Git - mirror_ubuntu-artful-kernel.git/blame - drivers/staging/rtl8192e/rtllib_crypt_tkip.c
projects / mirror_ubuntu-artful-kernel.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
Merge branch 'work.mount' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs
[mirror_ubuntu-artful-kernel.git] / drivers / staging / rtl8192e / rtllib_crypt_tkip.c
CommitLineData
ecdfa446
GKH		 1/*
2 * Host AP crypt: host-based TKIP encryption implementation for Host AP driver
3 *
4 * Copyright (c) 2003-2004, Jouni Malinen <jkmaline@cc.hut.fi>
5 *
6 * This program is free software; you can redistribute it and/or modify
7 * it under the terms of the GNU General Public License version 2 as
8 * published by the Free Software Foundation. See README and COPYING for
9 * more details.
10 */
11
a1d38394
HX		 12#include <crypto/hash.h>
13#include <crypto/skcipher.h>
ecdfa446
GKH		 14#include <linux/module.h>
15#include <linux/init.h>
16#include <linux/slab.h>
17#include <linux/random.h>
18#include <linux/skbuff.h>
19#include <linux/netdevice.h>
20#include <linux/if_ether.h>
21#include <linux/if_arp.h>
a44325f9 22#include <linux/string.h>
cb762154 23#include <linux/scatterlist.h>
ecdfa446 24#include <linux/crc32.h>
b57ceb19 25#include <linux/etherdevice.h>
ecdfa446 26
a44325f9
LF		 27#include "rtllib.h"
28
94a79942 29struct rtllib_tkip_data {
ecdfa446
GKH		 30#define TKIP_KEY_LEN 32
31 u8 key[TKIP_KEY_LEN];
32 int key_set;
33
34 u32 tx_iv32;
35 u16 tx_iv16;
36 u16 tx_ttak[5];
37 int tx_phase1_done;
38
39 u32 rx_iv32;
40 u16 rx_iv16;
a44325f9 41 bool initialized;
ecdfa446
GKH		 42 u16 rx_ttak[5];
43 int rx_phase1_done;
44 u32 rx_iv32_new;
45 u16 rx_iv16_new;
46
47 u32 dot11RSNAStatsTKIPReplays;
48 u32 dot11RSNAStatsTKIPICVErrors;
49 u32 dot11RSNAStatsTKIPLocalMICFailures;
50
51 int key_idx;
a1d38394
HX		 52 struct crypto_skcipher *rx_tfm_arc4;
53 struct crypto_ahash *rx_tfm_michael;
54 struct crypto_skcipher *tx_tfm_arc4;
55 struct crypto_ahash *tx_tfm_michael;
ecdfa446 56 /* scratch buffers for virt_to_page() (crypto API) */
06c11107
MK		 57 u8 rx_hdr[16];
58 u8 tx_hdr[16];
ecdfa446
GKH		 59};
60
a44325f9 61static void *rtllib_tkip_init(int key_idx)
ecdfa446 62{
94a79942 63 struct rtllib_tkip_data *priv;
ecdfa446 64
929fa2a4 65 priv = kzalloc(sizeof(*priv), GFP_ATOMIC);
ecdfa446
GKH		 66 if (priv == NULL)
67 goto fail;
ecdfa446 68 priv->key_idx = key_idx;
a1d38394
HX		 69 priv->tx_tfm_arc4 = crypto_alloc_skcipher("ecb(arc4)", 0,
70 CRYPTO_ALG_ASYNC);
ecdfa446 71 if (IS_ERR(priv->tx_tfm_arc4)) {
7bdfaa0a 72 pr_debug("Could not allocate crypto API arc4\n");
ecdfa446
GKH		 73 priv->tx_tfm_arc4 = NULL;
74 goto fail;
75 }
76
a1d38394
HX		 77 priv->tx_tfm_michael = crypto_alloc_ahash("michael_mic", 0,
78 CRYPTO_ALG_ASYNC);
ecdfa446 79 if (IS_ERR(priv->tx_tfm_michael)) {
7bdfaa0a 80 pr_debug("Could not allocate crypto API michael_mic\n");
ecdfa446
GKH		 81 priv->tx_tfm_michael = NULL;
82 goto fail;
83 }
84
a1d38394
HX		 85 priv->rx_tfm_arc4 = crypto_alloc_skcipher("ecb(arc4)", 0,
86 CRYPTO_ALG_ASYNC);
ecdfa446 87 if (IS_ERR(priv->rx_tfm_arc4)) {
7bdfaa0a 88 pr_debug("Could not allocate crypto API arc4\n");
ecdfa446
GKH		 89 priv->rx_tfm_arc4 = NULL;
90 goto fail;
91 }
92
a1d38394
HX		 93 priv->rx_tfm_michael = crypto_alloc_ahash("michael_mic", 0,
94 CRYPTO_ALG_ASYNC);
ecdfa446 95 if (IS_ERR(priv->rx_tfm_michael)) {
7bdfaa0a 96 pr_debug("Could not allocate crypto API michael_mic\n");
ecdfa446
GKH		 97 priv->rx_tfm_michael = NULL;
98 goto fail;
99 }
ecdfa446
GKH		 100 return priv;
101
102fail:
103 if (priv) {
a1d38394
HX		 104 crypto_free_ahash(priv->tx_tfm_michael);
105 crypto_free_skcipher(priv->tx_tfm_arc4);
106 crypto_free_ahash(priv->rx_tfm_michael);
107 crypto_free_skcipher(priv->rx_tfm_arc4);
ecdfa446
GKH		 108 kfree(priv);
109 }
110
111 return NULL;
112}
113
114
94a79942 115static void rtllib_tkip_deinit(void *priv)
ecdfa446 116{
94a79942 117 struct rtllib_tkip_data *_priv = priv;
cb762154 118
ecdfa446 119 if (_priv) {
a1d38394
HX		 120 crypto_free_ahash(_priv->tx_tfm_michael);
121 crypto_free_skcipher(_priv->tx_tfm_arc4);
122 crypto_free_ahash(_priv->rx_tfm_michael);
123 crypto_free_skcipher(_priv->rx_tfm_arc4);
ecdfa446 124 }
ecdfa446
GKH		 125 kfree(priv);
126}
127
128
129static inline u16 RotR1(u16 val)
130{
131 return (val >> 1) | (val << 15);
132}
133
134
135static inline u8 Lo8(u16 val)
136{
137 return val & 0xff;
138}
139
140
141static inline u8 Hi8(u16 val)
142{
143 return val >> 8;
144}
145
146
147static inline u16 Lo16(u32 val)
148{
149 return val & 0xffff;
150}
151
152
153static inline u16 Hi16(u32 val)
154{
155 return val >> 16;
156}
157
158
159static inline u16 Mk16(u8 hi, u8 lo)
160{
161 return lo | (((u16) hi) << 8);
162}
163
164
165static inline u16 Mk16_le(u16 *v)
166{
99277c1f 167 return *v;
ecdfa446
GKH		 168}
169
170
a44325f9 171static const u16 Sbox[256] = {
ecdfa446
GKH		 172 0xC6A5, 0xF884, 0xEE99, 0xF68D, 0xFF0D, 0xD6BD, 0xDEB1, 0x9154,
173 0x6050, 0x0203, 0xCEA9, 0x567D, 0xE719, 0xB562, 0x4DE6, 0xEC9A,
174 0x8F45, 0x1F9D, 0x8940, 0xFA87, 0xEF15, 0xB2EB, 0x8EC9, 0xFB0B,
175 0x41EC, 0xB367, 0x5FFD, 0x45EA, 0x23BF, 0x53F7, 0xE496, 0x9B5B,
176 0x75C2, 0xE11C, 0x3DAE, 0x4C6A, 0x6C5A, 0x7E41, 0xF502, 0x834F,
177 0x685C, 0x51F4, 0xD134, 0xF908, 0xE293, 0xAB73, 0x6253, 0x2A3F,
178 0x080C, 0x9552, 0x4665, 0x9D5E, 0x3028, 0x37A1, 0x0A0F, 0x2FB5,
179 0x0E09, 0x2436, 0x1B9B, 0xDF3D, 0xCD26, 0x4E69, 0x7FCD, 0xEA9F,
180 0x121B, 0x1D9E, 0x5874, 0x342E, 0x362D, 0xDCB2, 0xB4EE, 0x5BFB,
181 0xA4F6, 0x764D, 0xB761, 0x7DCE, 0x527B, 0xDD3E, 0x5E71, 0x1397,
182 0xA6F5, 0xB968, 0x0000, 0xC12C, 0x4060, 0xE31F, 0x79C8, 0xB6ED,
183 0xD4BE, 0x8D46, 0x67D9, 0x724B, 0x94DE, 0x98D4, 0xB0E8, 0x854A,
184 0xBB6B, 0xC52A, 0x4FE5, 0xED16, 0x86C5, 0x9AD7, 0x6655, 0x1194,
185 0x8ACF, 0xE910, 0x0406, 0xFE81, 0xA0F0, 0x7844, 0x25BA, 0x4BE3,
186 0xA2F3, 0x5DFE, 0x80C0, 0x058A, 0x3FAD, 0x21BC, 0x7048, 0xF104,
187 0x63DF, 0x77C1, 0xAF75, 0x4263, 0x2030, 0xE51A, 0xFD0E, 0xBF6D,
188 0x814C, 0x1814, 0x2635, 0xC32F, 0xBEE1, 0x35A2, 0x88CC, 0x2E39,
189 0x9357, 0x55F2, 0xFC82, 0x7A47, 0xC8AC, 0xBAE7, 0x322B, 0xE695,
190 0xC0A0, 0x1998, 0x9ED1, 0xA37F, 0x4466, 0x547E, 0x3BAB, 0x0B83,
191 0x8CCA, 0xC729, 0x6BD3, 0x283C, 0xA779, 0xBCE2, 0x161D, 0xAD76,
192 0xDB3B, 0x6456, 0x744E, 0x141E, 0x92DB, 0x0C0A, 0x486C, 0xB8E4,
193 0x9F5D, 0xBD6E, 0x43EF, 0xC4A6, 0x39A8, 0x31A4, 0xD337, 0xF28B,
194 0xD532, 0x8B43, 0x6E59, 0xDAB7, 0x018C, 0xB164, 0x9CD2, 0x49E0,
195 0xD8B4, 0xACFA, 0xF307, 0xCF25, 0xCAAF, 0xF48E, 0x47E9, 0x1018,
196 0x6FD5, 0xF088, 0x4A6F, 0x5C72, 0x3824, 0x57F1, 0x73C7, 0x9751,
197 0xCB23, 0xA17C, 0xE89C, 0x3E21, 0x96DD, 0x61DC, 0x0D86, 0x0F85,
198 0xE090, 0x7C42, 0x71C4, 0xCCAA, 0x90D8, 0x0605, 0xF701, 0x1C12,
199 0xC2A3, 0x6A5F, 0xAEF9, 0x69D0, 0x1791, 0x9958, 0x3A27, 0x27B9,
200 0xD938, 0xEB13, 0x2BB3, 0x2233, 0xD2BB, 0xA970, 0x0789, 0x33A7,
201 0x2DB6, 0x3C22, 0x1592, 0xC920, 0x8749, 0xAAFF, 0x5078, 0xA57A,
202 0x038F, 0x59F8, 0x0980, 0x1A17, 0x65DA, 0xD731, 0x84C6, 0xD0B8,
203 0x82C3, 0x29B0, 0x5A77, 0x1E11, 0x7BCB, 0xA8FC, 0x6DD6, 0x2C3A,
204};
205
206
207static inline u16 _S_(u16 v)
208{
209 u16 t = Sbox[Hi8(v)];
210 return Sbox[Lo8(v)] ^ ((t << 8) | (t >> 8));
211}
212
213
214#define PHASE1_LOOP_COUNT 8
215
216
217static void tkip_mixing_phase1(u16 *TTAK, const u8 *TK, const u8 *TA, u32 IV32)
218{
219 int i, j;
220
221 /* Initialize the 80-bit TTAK from TSC (IV32) and TA[0..5] */
222 TTAK[0] = Lo16(IV32);
223 TTAK[1] = Hi16(IV32);
224 TTAK[2] = Mk16(TA[1], TA[0]);
225 TTAK[3] = Mk16(TA[3], TA[2]);
226 TTAK[4] = Mk16(TA[5], TA[4]);
227
228 for (i = 0; i < PHASE1_LOOP_COUNT; i++) {
229 j = 2 * (i & 1);
230 TTAK[0] += _S_(TTAK[4] ^ Mk16(TK[1 + j], TK[0 + j]));
231 TTAK[1] += _S_(TTAK[0] ^ Mk16(TK[5 + j], TK[4 + j]));
232 TTAK[2] += _S_(TTAK[1] ^ Mk16(TK[9 + j], TK[8 + j]));
233 TTAK[3] += _S_(TTAK[2] ^ Mk16(TK[13 + j], TK[12 + j]));
234 TTAK[4] += _S_(TTAK[3] ^ Mk16(TK[1 + j], TK[0 + j])) + i;
235 }
236}
237
238
239static void tkip_mixing_phase2(u8 *WEPSeed, const u8 *TK, const u16 *TTAK,
240 u16 IV16)
241{
242 /* Make temporary area overlap WEP seed so that the final copy can be
14b40d92
MK		 243 * avoided on little endian hosts.
244 */
ecdfa446
GKH		 245 u16 *PPK = (u16 *) &WEPSeed[4];
246
247 /* Step 1 - make copy of TTAK and bring in TSC */
248 PPK[0] = TTAK[0];
249 PPK[1] = TTAK[1];
250 PPK[2] = TTAK[2];
251 PPK[3] = TTAK[3];
252 PPK[4] = TTAK[4];
253 PPK[5] = TTAK[4] + IV16;
254
255 /* Step 2 - 96-bit bijective mixing using S-box */
256 PPK[0] += _S_(PPK[5] ^ Mk16_le((u16 *) &TK[0]));
257 PPK[1] += _S_(PPK[0] ^ Mk16_le((u16 *) &TK[2]));
258 PPK[2] += _S_(PPK[1] ^ Mk16_le((u16 *) &TK[4]));
259 PPK[3] += _S_(PPK[2] ^ Mk16_le((u16 *) &TK[6]));
260 PPK[4] += _S_(PPK[3] ^ Mk16_le((u16 *) &TK[8]));
261 PPK[5] += _S_(PPK[4] ^ Mk16_le((u16 *) &TK[10]));
262
263 PPK[0] += RotR1(PPK[5] ^ Mk16_le((u16 *) &TK[12]));
264 PPK[1] += RotR1(PPK[0] ^ Mk16_le((u16 *) &TK[14]));
265 PPK[2] += RotR1(PPK[1]);
266 PPK[3] += RotR1(PPK[2]);
267 PPK[4] += RotR1(PPK[3]);
268 PPK[5] += RotR1(PPK[4]);
269
270 /* Step 3 - bring in last of TK bits, assign 24-bit WEP IV value
14b40d92
MK		 271 * WEPSeed[0..2] is transmitted as WEP IV
272 */
ecdfa446
GKH		 273 WEPSeed[0] = Hi8(IV16);
274 WEPSeed[1] = (Hi8(IV16) | 0x20) & 0x7F;
275 WEPSeed[2] = Lo8(IV16);
276 WEPSeed[3] = Lo8((PPK[5] ^ Mk16_le((u16 *) &TK[0])) >> 1);
277
278#ifdef __BIG_ENDIAN
279 {
280 int i;
3a6b70c3 281
ecdfa446
GKH		 282 for (i = 0; i < 6; i++)
283 PPK[i] = (PPK[i] << 8) | (PPK[i] >> 8);
284 }
285#endif
286}
287
288
94a79942 289static int rtllib_tkip_encrypt(struct sk_buff *skb, int hdr_len, void *priv)
ecdfa446 290{
94a79942 291 struct rtllib_tkip_data *tkey = priv;
ecdfa446
GKH		 292 int len;
293 u8 *pos;
94a79942 294 struct rtllib_hdr_4addr *hdr;
a44325f9
LF		 295 struct cb_desc *tcb_desc = (struct cb_desc *)(skb->cb +
296 MAX_DEV_ADDR_SIZE);
ecdfa446 297 int ret = 0;
ecdfa446
GKH		 298 u8 rc4key[16], *icv;
299 u32 crc;
300 struct scatterlist sg;
301
302 if (skb_headroom(skb) < 8 || skb_tailroom(skb) < 4 ||
303 skb->len < hdr_len)
304 return -1;
305
94a79942 306 hdr = (struct rtllib_hdr_4addr *) skb->data;
ecdfa446 307
94a79942 308 if (!tcb_desc->bHwSec) {
ecdfa446
GKH		 309 if (!tkey->tx_phase1_done) {
310 tkip_mixing_phase1(tkey->tx_ttak, tkey->key, hdr->addr2,
311 tkey->tx_iv32);
312 tkey->tx_phase1_done = 1;
313 }
a44325f9
LF		 314 tkip_mixing_phase2(rc4key, tkey->key, tkey->tx_ttak,
315 tkey->tx_iv16);
94a79942 316 } else
ecdfa446
GKH		 317 tkey->tx_phase1_done = 1;
318
319
320 len = skb->len - hdr_len;
321 pos = skb_push(skb, 8);
322 memmove(pos, pos + 8, hdr_len);
323 pos += hdr_len;
324
94a79942 325 if (tcb_desc->bHwSec) {
ecdfa446
GKH		 326 *pos++ = Hi8(tkey->tx_iv16);
327 *pos++ = (Hi8(tkey->tx_iv16) | 0x20) & 0x7F;
328 *pos++ = Lo8(tkey->tx_iv16);
94a79942 329 } else {
ecdfa446
GKH		 330 *pos++ = rc4key[0];
331 *pos++ = rc4key[1];
332 *pos++ = rc4key[2];
333 }
334
335 *pos++ = (tkey->key_idx << 6) | (1 << 5) /* Ext IV included */;
336 *pos++ = tkey->tx_iv32 & 0xff;
337 *pos++ = (tkey->tx_iv32 >> 8) & 0xff;
338 *pos++ = (tkey->tx_iv32 >> 16) & 0xff;
339 *pos++ = (tkey->tx_iv32 >> 24) & 0xff;
340
94a79942 341 if (!tcb_desc->bHwSec) {
a1d38394
HX		 342 SKCIPHER_REQUEST_ON_STACK(req, tkey->tx_tfm_arc4);
343
ecdfa446 344 icv = skb_put(skb, 4);
ecdfa446 345 crc = ~crc32_le(~0, pos, len);
ecdfa446
GKH		 346 icv[0] = crc;
347 icv[1] = crc >> 8;
348 icv[2] = crc >> 16;
349 icv[3] = crc >> 24;
94a79942 350
ecdfa446 351 sg_init_one(&sg, pos, len+4);
94a79942
LF		 352
353
a1d38394
HX		 354 crypto_skcipher_setkey(tkey->tx_tfm_arc4, rc4key, 16);
355 skcipher_request_set_tfm(req, tkey->tx_tfm_arc4);
356 skcipher_request_set_callback(req, 0, NULL, NULL);
357 skcipher_request_set_crypt(req, &sg, &sg, len + 4, NULL);
358 ret = crypto_skcipher_encrypt(req);
359 skcipher_request_zero(req);
ecdfa446
GKH		 360 }
361
362 tkey->tx_iv16++;
363 if (tkey->tx_iv16 == 0) {
364 tkey->tx_phase1_done = 0;
365 tkey->tx_iv32++;
366 }
367
368 if (!tcb_desc->bHwSec)
ecdfa446 369 return ret;
76134b3f 370 return 0;
ecdfa446
GKH		 371
372
373}
374
94a79942 375static int rtllib_tkip_decrypt(struct sk_buff *skb, int hdr_len, void *priv)
ecdfa446 376{
94a79942 377 struct rtllib_tkip_data *tkey = priv;
ecdfa446
GKH		 378 u8 keyidx, *pos;
379 u32 iv32;
380 u16 iv16;
94a79942 381 struct rtllib_hdr_4addr *hdr;
a44325f9
LF		 382 struct cb_desc *tcb_desc = (struct cb_desc *)(skb->cb +
383 MAX_DEV_ADDR_SIZE);
ecdfa446
GKH		 384 u8 rc4key[16];
385 u8 icv[4];
386 u32 crc;
387 struct scatterlist sg;
388 int plen;
a1d38394 389 int err;
3a6b70c3 390
ecdfa446
GKH		 391 if (skb->len < hdr_len + 8 + 4)
392 return -1;
393
94a79942 394 hdr = (struct rtllib_hdr_4addr *) skb->data;
ecdfa446
GKH		 395 pos = skb->data + hdr_len;
396 keyidx = pos[3];
397 if (!(keyidx & (1 << 5))) {
398 if (net_ratelimit()) {
7bdfaa0a
MK		 399 netdev_dbg(skb->dev,
400 "Received packet without ExtIV flag from %pM\n",
401 hdr->addr2);
ecdfa446
GKH		 402 }
403 return -2;
404 }
405 keyidx >>= 6;
406 if (tkey->key_idx != keyidx) {
7bdfaa0a
MK		 407 netdev_dbg(skb->dev,
408 "RX tkey->key_idx=%d frame keyidx=%d priv=%p\n",
409 tkey->key_idx, keyidx, priv);
ecdfa446
GKH		 410 return -6;
411 }
412 if (!tkey->key_set) {
413 if (net_ratelimit()) {
7bdfaa0a
MK		 414 netdev_dbg(skb->dev,
415 "Received packet from %pM with keyid=%d that does not have a configured key\n",
416 hdr->addr2, keyidx);
ecdfa446
GKH		 417 }
418 return -3;
419 }
420 iv16 = (pos[0] << 8) | pos[2];
421 iv32 = pos[4] | (pos[5] << 8) | (pos[6] << 16) | (pos[7] << 24);
422 pos += 8;
423
a44325f9 424 if (!tcb_desc->bHwSec || (skb->cb[0] == 1)) {
a1d38394
HX		 425 SKCIPHER_REQUEST_ON_STACK(req, tkey->rx_tfm_arc4);
426
94a79942 427 if ((iv32 < tkey->rx_iv32 ||
a44325f9
LF		 428 (iv32 == tkey->rx_iv32 && iv16 <= tkey->rx_iv16)) &&
429 tkey->initialized) {
ecdfa446 430 if (net_ratelimit()) {
7bdfaa0a
MK		 431 netdev_dbg(skb->dev,
432 "Replay detected: STA= %pM previous TSC %08x%04x received TSC %08x%04x\n",
433 hdr->addr2, tkey->rx_iv32,
434 tkey->rx_iv16, iv32, iv16);
ecdfa446
GKH		 435 }
436 tkey->dot11RSNAStatsTKIPReplays++;
437 return -4;
438 }
a44325f9 439 tkey->initialized = true;
ecdfa446
GKH		 440
441 if (iv32 != tkey->rx_iv32 || !tkey->rx_phase1_done) {
a44325f9
LF		 442 tkip_mixing_phase1(tkey->rx_ttak, tkey->key,
443 hdr->addr2, iv32);
ecdfa446
GKH		 444 tkey->rx_phase1_done = 1;
445 }
446 tkip_mixing_phase2(rc4key, tkey->key, tkey->rx_ttak, iv16);
447
448 plen = skb->len - hdr_len - 12;
449
ecdfa446 450 sg_init_one(&sg, pos, plen+4);
94a79942 451
a1d38394
HX		 452 crypto_skcipher_setkey(tkey->rx_tfm_arc4, rc4key, 16);
453 skcipher_request_set_tfm(req, tkey->rx_tfm_arc4);
454 skcipher_request_set_callback(req, 0, NULL, NULL);
455 skcipher_request_set_crypt(req, &sg, &sg, plen + 4, NULL);
456 err = crypto_skcipher_decrypt(req);
457 skcipher_request_zero(req);
458 if (err) {
ecdfa446 459 if (net_ratelimit()) {
7bdfaa0a
MK		 460 netdev_dbg(skb->dev,
461 "Failed to decrypt received packet from %pM\n",
462 hdr->addr2);
ecdfa446
GKH		 463 }
464 return -7;
465 }
ecdfa446 466
ecdfa446 467 crc = ~crc32_le(~0, pos, plen);
ecdfa446
GKH		 468 icv[0] = crc;
469 icv[1] = crc >> 8;
470 icv[2] = crc >> 16;
471 icv[3] = crc >> 24;
472
473 if (memcmp(icv, pos + plen, 4) != 0) {
474 if (iv32 != tkey->rx_iv32) {
a44325f9
LF		 475 /* Previously cached Phase1 result was already
476 * lost, so it needs to be recalculated for the
14b40d92
MK		 477 * next packet.
478 */
ecdfa446
GKH		 479 tkey->rx_phase1_done = 0;
480 }
481 if (net_ratelimit()) {
7bdfaa0a
MK		 482 netdev_dbg(skb->dev,
483 "ICV error detected: STA= %pM\n",
484 hdr->addr2);
ecdfa446
GKH		 485 }
486 tkey->dot11RSNAStatsTKIPICVErrors++;
487 return -5;
488 }
489
490 }
491
492 /* Update real counters only after Michael MIC verification has
14b40d92
MK		 493 * completed
494 */
ecdfa446
GKH		 495 tkey->rx_iv32_new = iv32;
496 tkey->rx_iv16_new = iv16;
497
498 /* Remove IV and ICV */
499 memmove(skb->data + 8, skb->data, hdr_len);
500 skb_pull(skb, 8);
501 skb_trim(skb, skb->len - 4);
502
ecdfa446
GKH		 503 return keyidx;
504}
505
506
a1d38394 507static int michael_mic(struct crypto_ahash *tfm_michael, u8 *key, u8 *hdr,
a44325f9 508 u8 *data, size_t data_len, u8 *mic)
ecdfa446 509{
a1d38394 510 AHASH_REQUEST_ON_STACK(req, tfm_michael);
a44325f9 511 struct scatterlist sg[2];
a1d38394 512 int err;
a44325f9
LF		 513
514 if (tfm_michael == NULL) {
d69d2054 515 pr_warn("michael_mic: tfm_michael == NULL\n");
a44325f9
LF		 516 return -1;
517 }
518 sg_init_table(sg, 2);
519 sg_set_buf(&sg[0], hdr, 16);
520 sg_set_buf(&sg[1], data, data_len);
521
a1d38394 522 if (crypto_ahash_setkey(tfm_michael, key, 8))
a44325f9
LF		 523 return -1;
524
a1d38394
HX		 525 ahash_request_set_tfm(req, tfm_michael);
526 ahash_request_set_callback(req, 0, NULL, NULL);
527 ahash_request_set_crypt(req, sg, mic, data_len + 16);
528 err = crypto_ahash_digest(req);
529 ahash_request_zero(req);
530 return err;
ecdfa446 531}
ecdfa446
GKH		 532
533static void michael_mic_hdr(struct sk_buff *skb, u8 *hdr)
534{
94a79942 535 struct rtllib_hdr_4addr *hdr11;
ecdfa446 536
94a79942 537 hdr11 = (struct rtllib_hdr_4addr *) skb->data;
ecdfa446 538 switch (le16_to_cpu(hdr11->frame_ctl) &
94a79942
LF		 539 (RTLLIB_FCTL_FROMDS | RTLLIB_FCTL_TODS)) {
540 case RTLLIB_FCTL_TODS:
b57ceb19
MK		 541 ether_addr_copy(hdr, hdr11->addr3); /* DA */
542 ether_addr_copy(hdr + ETH_ALEN, hdr11->addr2); /* SA */
ecdfa446 543 break;
94a79942 544 case RTLLIB_FCTL_FROMDS:
b57ceb19
MK		 545 ether_addr_copy(hdr, hdr11->addr1); /* DA */
546 ether_addr_copy(hdr + ETH_ALEN, hdr11->addr3); /* SA */
ecdfa446 547 break;
94a79942 548 case RTLLIB_FCTL_FROMDS | RTLLIB_FCTL_TODS:
b57ceb19
MK		 549 ether_addr_copy(hdr, hdr11->addr3); /* DA */
550 ether_addr_copy(hdr + ETH_ALEN, hdr11->addr4); /* SA */
ecdfa446
GKH		 551 break;
552 case 0:
b57ceb19
MK		 553 ether_addr_copy(hdr, hdr11->addr1); /* DA */
554 ether_addr_copy(hdr + ETH_ALEN, hdr11->addr2); /* SA */
ecdfa446
GKH		 555 break;
556 }
557
558 hdr[12] = 0; /* priority */
559
560 hdr[13] = hdr[14] = hdr[15] = 0; /* reserved */
561}
562
563
94a79942 564static int rtllib_michael_mic_add(struct sk_buff *skb, int hdr_len, void *priv)
ecdfa446 565{
94a79942 566 struct rtllib_tkip_data *tkey = priv;
ecdfa446 567 u8 *pos;
94a79942 568 struct rtllib_hdr_4addr *hdr;
ecdfa446 569
94a79942 570 hdr = (struct rtllib_hdr_4addr *) skb->data;
ecdfa446
GKH		 571
572 if (skb_tailroom(skb) < 8 || skb->len < hdr_len) {
7bdfaa0a
MK		 573 netdev_dbg(skb->dev,
574 "Invalid packet for Michael MIC add (tailroom=%d hdr_len=%d skb->len=%d)\n",
575 skb_tailroom(skb), hdr_len, skb->len);
ecdfa446
GKH		 576 return -1;
577 }
578
579 michael_mic_hdr(skb, tkey->tx_hdr);
580
a44325f9 581 if (RTLLIB_QOS_HAS_SEQ(le16_to_cpu(hdr->frame_ctl)))
ecdfa446 582 tkey->tx_hdr[12] = *(skb->data + hdr_len - 2) & 0x07;
ecdfa446 583 pos = skb_put(skb, 8);
ecdfa446 584 if (michael_mic(tkey->tx_tfm_michael, &tkey->key[16], tkey->tx_hdr,
a44325f9 585 skb->data + hdr_len, skb->len - 8 - hdr_len, pos))
ecdfa446
GKH		 586 return -1;
587
588 return 0;
589}
590
591
94a79942
LF		 592static void rtllib_michael_mic_failure(struct net_device *dev,
593 struct rtllib_hdr_4addr *hdr,
ecdfa446
GKH		 594 int keyidx)
595{
596 union iwreq_data wrqu;
597 struct iw_michaelmicfailure ev;
598
599 /* TODO: needed parameters: count, keyid, key type, TSC */
600 memset(&ev, 0, sizeof(ev));
601 ev.flags = keyidx & IW_MICFAILURE_KEY_ID;
602 if (hdr->addr1[0] & 0x01)
603 ev.flags |= IW_MICFAILURE_GROUP;
604 else
605 ev.flags |= IW_MICFAILURE_PAIRWISE;
606 ev.src_addr.sa_family = ARPHRD_ETHER;
b57ceb19 607 ether_addr_copy(ev.src_addr.sa_data, hdr->addr2);
ecdfa446
GKH		 608 memset(&wrqu, 0, sizeof(wrqu));
609 wrqu.data.length = sizeof(ev);
610 wireless_send_event(dev, IWEVMICHAELMICFAILURE, &wrqu, (char *) &ev);
611}
ecdfa446 612
94a79942 613static int rtllib_michael_mic_verify(struct sk_buff *skb, int keyidx,
32c44cb5 614 int hdr_len, void *priv)
ecdfa446 615{
94a79942 616 struct rtllib_tkip_data *tkey = priv;
ecdfa446 617 u8 mic[8];
94a79942 618 struct rtllib_hdr_4addr *hdr;
ecdfa446 619
94a79942 620 hdr = (struct rtllib_hdr_4addr *) skb->data;
ecdfa446
GKH		 621
622 if (!tkey->key_set)
623 return -1;
624
625 michael_mic_hdr(skb, tkey->rx_hdr);
a44325f9 626 if (RTLLIB_QOS_HAS_SEQ(le16_to_cpu(hdr->frame_ctl)))
ecdfa446 627 tkey->rx_hdr[12] = *(skb->data + hdr_len - 2) & 0x07;
ecdfa446 628
ecdfa446 629 if (michael_mic(tkey->rx_tfm_michael, &tkey->key[24], tkey->rx_hdr,
a44325f9 630 skb->data + hdr_len, skb->len - 8 - hdr_len, mic))
94a79942
LF		 631 return -1;
632
32c44cb5 633 if (memcmp(mic, skb->data + skb->len - 8, 8) != 0) {
94a79942 634 struct rtllib_hdr_4addr *hdr;
3a6b70c3 635
94a79942 636 hdr = (struct rtllib_hdr_4addr *) skb->data;
7bdfaa0a
MK		 637 netdev_dbg(skb->dev,
638 "Michael MIC verification failed for MSDU from %pM keyidx=%d\n",
639 hdr->addr2, keyidx);
640 netdev_dbg(skb->dev, "%d\n",
641 memcmp(mic, skb->data + skb->len - 8, 8) != 0);
94a79942 642 if (skb->dev) {
d69d2054 643 pr_info("skb->dev != NULL\n");
94a79942 644 rtllib_michael_mic_failure(skb->dev, hdr, keyidx);
a44325f9 645 }
ecdfa446
GKH		 646 tkey->dot11RSNAStatsTKIPLocalMICFailures++;
647 return -1;
648 }
649
650 /* Update TSC counters for RX now that the packet verification has
14b40d92
MK		 651 * completed.
652 */
ecdfa446
GKH		 653 tkey->rx_iv32 = tkey->rx_iv32_new;
654 tkey->rx_iv16 = tkey->rx_iv16_new;
655
656 skb_trim(skb, skb->len - 8);
657
658 return 0;
659}
660
661
94a79942 662static int rtllib_tkip_set_key(void *key, int len, u8 *seq, void *priv)
ecdfa446 663{
94a79942 664 struct rtllib_tkip_data *tkey = priv;
ecdfa446 665 int keyidx;
a1d38394
HX		 666 struct crypto_ahash *tfm = tkey->tx_tfm_michael;
667 struct crypto_skcipher *tfm2 = tkey->tx_tfm_arc4;
668 struct crypto_ahash *tfm3 = tkey->rx_tfm_michael;
669 struct crypto_skcipher *tfm4 = tkey->rx_tfm_arc4;
ecdfa446
GKH		 670
671 keyidx = tkey->key_idx;
672 memset(tkey, 0, sizeof(*tkey));
673 tkey->key_idx = keyidx;
ecdfa446
GKH		 674 tkey->tx_tfm_michael = tfm;
675 tkey->tx_tfm_arc4 = tfm2;
676 tkey->rx_tfm_michael = tfm3;
677 tkey->rx_tfm_arc4 = tfm4;
ecdfa446
GKH		 678
679 if (len == TKIP_KEY_LEN) {
680 memcpy(tkey->key, key, TKIP_KEY_LEN);
681 tkey->key_set = 1;
682 tkey->tx_iv16 = 1; /* TSC is initialized to 1 */
683 if (seq) {
684 tkey->rx_iv32 = (seq[5] << 24) | (seq[4] << 16) |
685 (seq[3] << 8) | seq[2];
686 tkey->rx_iv16 = (seq[1] << 8) | seq[0];
687 }
688 } else if (len == 0)
689 tkey->key_set = 0;
690 else
691 return -1;
692
693 return 0;
694}
695
696
94a79942 697static int rtllib_tkip_get_key(void *key, int len, u8 *seq, void *priv)
ecdfa446 698{
94a79942 699 struct rtllib_tkip_data *tkey = priv;
ecdfa446
GKH		 700
701 if (len < TKIP_KEY_LEN)
702 return -1;
703
704 if (!tkey->key_set)
705 return 0;
706 memcpy(key, tkey->key, TKIP_KEY_LEN);
707
708 if (seq) {
709 /* Return the sequence number of the last transmitted frame. */
710 u16 iv16 = tkey->tx_iv16;
711 u32 iv32 = tkey->tx_iv32;
3a6b70c3 712
ecdfa446
GKH		 713 if (iv16 == 0)
714 iv32--;
715 iv16--;
716 seq[0] = tkey->tx_iv16;
717 seq[1] = tkey->tx_iv16 >> 8;
718 seq[2] = tkey->tx_iv32;
719 seq[3] = tkey->tx_iv32 >> 8;
720 seq[4] = tkey->tx_iv32 >> 16;
721 seq[5] = tkey->tx_iv32 >> 24;
722 }
723
724 return TKIP_KEY_LEN;
725}
726
727
6bbefe86 728static void rtllib_tkip_print_stats(struct seq_file *m, void *priv)
ecdfa446 729{
94a79942 730 struct rtllib_tkip_data *tkip = priv;
3a6b70c3 731
6bbefe86 732 seq_printf(m,
0822339b 733 "key[%d] alg=TKIP key_set=%d tx_pn=%02x%02x%02x%02x%02x%02x rx_pn=%02x%02x%02x%02x%02x%02x replays=%d icv_errors=%d local_mic_failures=%d\n",
6bbefe86
DH		 734 tkip->key_idx, tkip->key_set,
735 (tkip->tx_iv32 >> 24) & 0xff,
736 (tkip->tx_iv32 >> 16) & 0xff,
737 (tkip->tx_iv32 >> 8) & 0xff,
738 tkip->tx_iv32 & 0xff,
739 (tkip->tx_iv16 >> 8) & 0xff,
740 tkip->tx_iv16 & 0xff,
741 (tkip->rx_iv32 >> 24) & 0xff,
742 (tkip->rx_iv32 >> 16) & 0xff,
743 (tkip->rx_iv32 >> 8) & 0xff,
744 tkip->rx_iv32 & 0xff,
745 (tkip->rx_iv16 >> 8) & 0xff,
746 tkip->rx_iv16 & 0xff,
747 tkip->dot11RSNAStatsTKIPReplays,
748 tkip->dot11RSNAStatsTKIPICVErrors,
749 tkip->dot11RSNAStatsTKIPLocalMICFailures);
ecdfa446
GKH		 750}
751
32c44cb5 752static struct lib80211_crypto_ops rtllib_crypt_tkip = {
3b148be0 753 .name = "R-TKIP",
94a79942
LF		 754 .init = rtllib_tkip_init,
755 .deinit = rtllib_tkip_deinit,
756 .encrypt_mpdu = rtllib_tkip_encrypt,
757 .decrypt_mpdu = rtllib_tkip_decrypt,
758 .encrypt_msdu = rtllib_michael_mic_add,
759 .decrypt_msdu = rtllib_michael_mic_verify,
760 .set_key = rtllib_tkip_set_key,
761 .get_key = rtllib_tkip_get_key,
762 .print_stats = rtllib_tkip_print_stats,
32c44cb5
SM		 763 .extra_mpdu_prefix_len = 4 + 4, /* IV + ExtIV */
764 .extra_mpdu_postfix_len = 4, /* ICV */
765 .extra_msdu_postfix_len = 8, /* MIC */
a44325f9 766 .owner = THIS_MODULE,
ecdfa446
GKH		 767};
768
769
316de3ca 770static int __init rtllib_crypto_tkip_init(void)
ecdfa446 771{
3b148be0 772 return lib80211_register_crypto_ops(&rtllib_crypt_tkip);
ecdfa446
GKH		 773}
774
775
316de3ca 776static void __exit rtllib_crypto_tkip_exit(void)
ecdfa446 777{
3b148be0 778 lib80211_unregister_crypto_ops(&rtllib_crypt_tkip);
ecdfa446
GKH		 779}
780
d37e0208
SM		 781module_init(rtllib_crypto_tkip_init);
782module_exit(rtllib_crypto_tkip_exit);
783
784MODULE_LICENSE("GPL");
Ubuntu Artful kernel mirror