]> git.proxmox.com Git - mirror_ubuntu-artful-kernel.git/blame - net/ieee80211/ieee80211_crypt_tkip.c
projects / mirror_ubuntu-artful-kernel.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
[PATCH] ieee80211: remove ieee80211_tx() is_queue_full warning
[mirror_ubuntu-artful-kernel.git] / net / ieee80211 / ieee80211_crypt_tkip.c
CommitLineData
b453872c
JG		 1/*
2 * Host AP crypt: host-based TKIP encryption implementation for Host AP driver
3 *
4 * Copyright (c) 2003-2004, Jouni Malinen <jkmaline@cc.hut.fi>
5 *
6 * This program is free software; you can redistribute it and/or modify
7 * it under the terms of the GNU General Public License version 2 as
8 * published by the Free Software Foundation. See README and COPYING for
9 * more details.
10 */
11
b453872c
JG		 12#include <linux/module.h>
13#include <linux/init.h>
14#include <linux/slab.h>
15#include <linux/random.h>
16#include <linux/skbuff.h>
17#include <linux/netdevice.h>
18#include <linux/if_ether.h>
19#include <linux/if_arp.h>
20#include <asm/string.h>
21
22#include <net/ieee80211.h>
23
b453872c
JG		 24#include <linux/crypto.h>
25#include <asm/scatterlist.h>
26#include <linux/crc32.h>
27
28MODULE_AUTHOR("Jouni Malinen");
29MODULE_DESCRIPTION("Host AP crypt: TKIP");
30MODULE_LICENSE("GPL");
31
32struct ieee80211_tkip_data {
33#define TKIP_KEY_LEN 32
34 u8 key[TKIP_KEY_LEN];
35 int key_set;
36
37 u32 tx_iv32;
38 u16 tx_iv16;
39 u16 tx_ttak[5];
40 int tx_phase1_done;
41
42 u32 rx_iv32;
43 u16 rx_iv16;
44 u16 rx_ttak[5];
45 int rx_phase1_done;
46 u32 rx_iv32_new;
47 u16 rx_iv16_new;
48
49 u32 dot11RSNAStatsTKIPReplays;
50 u32 dot11RSNAStatsTKIPICVErrors;
51 u32 dot11RSNAStatsTKIPLocalMICFailures;
52
53 int key_idx;
54
55 struct crypto_tfm *tfm_arc4;
56 struct crypto_tfm *tfm_michael;
57
58 /* scratch buffers for virt_to_page() (crypto API) */
59 u8 rx_hdr[16], tx_hdr[16];
20d64713 60
6eb6edf0 61 unsigned long flags;
b453872c
JG		 62};
63
6eb6edf0
JK		 64static unsigned long ieee80211_tkip_set_flags(unsigned long flags, void *priv)
65{
66 struct ieee80211_tkip_data *_priv = priv;
67 unsigned long old_flags = _priv->flags;
68 _priv->flags = flags;
69 return old_flags;
70}
71
72static unsigned long ieee80211_tkip_get_flags(void *priv)
73{
74 struct ieee80211_tkip_data *_priv = priv;
75 return _priv->flags;
76}
77
78static void *ieee80211_tkip_init(int key_idx)
b453872c
JG		 79{
80 struct ieee80211_tkip_data *priv;
81
8aa914b7 82 priv = kzalloc(sizeof(*priv), GFP_ATOMIC);
b453872c
JG		 83 if (priv == NULL)
84 goto fail;
20d64713 85
b453872c
JG		 86 priv->key_idx = key_idx;
87
88 priv->tfm_arc4 = crypto_alloc_tfm("arc4", 0);
89 if (priv->tfm_arc4 == NULL) {
90 printk(KERN_DEBUG "ieee80211_crypt_tkip: could not allocate "
91 "crypto API arc4\n");
92 goto fail;
93 }
94
95 priv->tfm_michael = crypto_alloc_tfm("michael_mic", 0);
96 if (priv->tfm_michael == NULL) {
97 printk(KERN_DEBUG "ieee80211_crypt_tkip: could not allocate "
98 "crypto API michael_mic\n");
99 goto fail;
100 }
101
102 return priv;
103
0edd5b44 104 fail:
b453872c
JG		 105 if (priv) {
106 if (priv->tfm_michael)
107 crypto_free_tfm(priv->tfm_michael);
108 if (priv->tfm_arc4)
109 crypto_free_tfm(priv->tfm_arc4);
110 kfree(priv);
111 }
112
113 return NULL;
114}
115
b453872c
JG		 116static void ieee80211_tkip_deinit(void *priv)
117{
118 struct ieee80211_tkip_data *_priv = priv;
119 if (_priv && _priv->tfm_michael)
120 crypto_free_tfm(_priv->tfm_michael);
121 if (_priv && _priv->tfm_arc4)
122 crypto_free_tfm(_priv->tfm_arc4);
123 kfree(priv);
124}
125
b453872c
JG		 126static inline u16 RotR1(u16 val)
127{
128 return (val >> 1) | (val << 15);
129}
130
b453872c
JG		 131static inline u8 Lo8(u16 val)
132{
133 return val & 0xff;
134}
135
b453872c
JG		 136static inline u8 Hi8(u16 val)
137{
138 return val >> 8;
139}
140
b453872c
JG		 141static inline u16 Lo16(u32 val)
142{
143 return val & 0xffff;
144}
145
b453872c
JG		 146static inline u16 Hi16(u32 val)
147{
148 return val >> 16;
149}
150
b453872c
JG		 151static inline u16 Mk16(u8 hi, u8 lo)
152{
153 return lo | (((u16) hi) << 8);
154}
155
0edd5b44 156static inline u16 Mk16_le(u16 * v)
b453872c
JG		 157{
158 return le16_to_cpu(*v);
159}
160
0edd5b44 161static const u16 Sbox[256] = {
b453872c
JG		 162 0xC6A5, 0xF884, 0xEE99, 0xF68D, 0xFF0D, 0xD6BD, 0xDEB1, 0x9154,
163 0x6050, 0x0203, 0xCEA9, 0x567D, 0xE719, 0xB562, 0x4DE6, 0xEC9A,
164 0x8F45, 0x1F9D, 0x8940, 0xFA87, 0xEF15, 0xB2EB, 0x8EC9, 0xFB0B,
165 0x41EC, 0xB367, 0x5FFD, 0x45EA, 0x23BF, 0x53F7, 0xE496, 0x9B5B,
166 0x75C2, 0xE11C, 0x3DAE, 0x4C6A, 0x6C5A, 0x7E41, 0xF502, 0x834F,
167 0x685C, 0x51F4, 0xD134, 0xF908, 0xE293, 0xAB73, 0x6253, 0x2A3F,
168 0x080C, 0x9552, 0x4665, 0x9D5E, 0x3028, 0x37A1, 0x0A0F, 0x2FB5,
169 0x0E09, 0x2436, 0x1B9B, 0xDF3D, 0xCD26, 0x4E69, 0x7FCD, 0xEA9F,
170 0x121B, 0x1D9E, 0x5874, 0x342E, 0x362D, 0xDCB2, 0xB4EE, 0x5BFB,
171 0xA4F6, 0x764D, 0xB761, 0x7DCE, 0x527B, 0xDD3E, 0x5E71, 0x1397,
172 0xA6F5, 0xB968, 0x0000, 0xC12C, 0x4060, 0xE31F, 0x79C8, 0xB6ED,
173 0xD4BE, 0x8D46, 0x67D9, 0x724B, 0x94DE, 0x98D4, 0xB0E8, 0x854A,
174 0xBB6B, 0xC52A, 0x4FE5, 0xED16, 0x86C5, 0x9AD7, 0x6655, 0x1194,
175 0x8ACF, 0xE910, 0x0406, 0xFE81, 0xA0F0, 0x7844, 0x25BA, 0x4BE3,
176 0xA2F3, 0x5DFE, 0x80C0, 0x058A, 0x3FAD, 0x21BC, 0x7048, 0xF104,
177 0x63DF, 0x77C1, 0xAF75, 0x4263, 0x2030, 0xE51A, 0xFD0E, 0xBF6D,
178 0x814C, 0x1814, 0x2635, 0xC32F, 0xBEE1, 0x35A2, 0x88CC, 0x2E39,
179 0x9357, 0x55F2, 0xFC82, 0x7A47, 0xC8AC, 0xBAE7, 0x322B, 0xE695,
180 0xC0A0, 0x1998, 0x9ED1, 0xA37F, 0x4466, 0x547E, 0x3BAB, 0x0B83,
181 0x8CCA, 0xC729, 0x6BD3, 0x283C, 0xA779, 0xBCE2, 0x161D, 0xAD76,
182 0xDB3B, 0x6456, 0x744E, 0x141E, 0x92DB, 0x0C0A, 0x486C, 0xB8E4,
183 0x9F5D, 0xBD6E, 0x43EF, 0xC4A6, 0x39A8, 0x31A4, 0xD337, 0xF28B,
184 0xD532, 0x8B43, 0x6E59, 0xDAB7, 0x018C, 0xB164, 0x9CD2, 0x49E0,
185 0xD8B4, 0xACFA, 0xF307, 0xCF25, 0xCAAF, 0xF48E, 0x47E9, 0x1018,
186 0x6FD5, 0xF088, 0x4A6F, 0x5C72, 0x3824, 0x57F1, 0x73C7, 0x9751,
187 0xCB23, 0xA17C, 0xE89C, 0x3E21, 0x96DD, 0x61DC, 0x0D86, 0x0F85,
188 0xE090, 0x7C42, 0x71C4, 0xCCAA, 0x90D8, 0x0605, 0xF701, 0x1C12,
189 0xC2A3, 0x6A5F, 0xAEF9, 0x69D0, 0x1791, 0x9958, 0x3A27, 0x27B9,
190 0xD938, 0xEB13, 0x2BB3, 0x2233, 0xD2BB, 0xA970, 0x0789, 0x33A7,
191 0x2DB6, 0x3C22, 0x1592, 0xC920, 0x8749, 0xAAFF, 0x5078, 0xA57A,
192 0x038F, 0x59F8, 0x0980, 0x1A17, 0x65DA, 0xD731, 0x84C6, 0xD0B8,
193 0x82C3, 0x29B0, 0x5A77, 0x1E11, 0x7BCB, 0xA8FC, 0x6DD6, 0x2C3A,
194};
195
b453872c
JG		 196static inline u16 _S_(u16 v)
197{
198 u16 t = Sbox[Hi8(v)];
199 return Sbox[Lo8(v)] ^ ((t << 8) | (t >> 8));
200}
201
b453872c
JG		 202#define PHASE1_LOOP_COUNT 8
203
0edd5b44
JG		 204static void tkip_mixing_phase1(u16 * TTAK, const u8 * TK, const u8 * TA,
205 u32 IV32)
b453872c
JG		 206{
207 int i, j;
208
209 /* Initialize the 80-bit TTAK from TSC (IV32) and TA[0..5] */
210 TTAK[0] = Lo16(IV32);
211 TTAK[1] = Hi16(IV32);
212 TTAK[2] = Mk16(TA[1], TA[0]);
213 TTAK[3] = Mk16(TA[3], TA[2]);
214 TTAK[4] = Mk16(TA[5], TA[4]);
215
216 for (i = 0; i < PHASE1_LOOP_COUNT; i++) {
217 j = 2 * (i & 1);
218 TTAK[0] += _S_(TTAK[4] ^ Mk16(TK[1 + j], TK[0 + j]));
219 TTAK[1] += _S_(TTAK[0] ^ Mk16(TK[5 + j], TK[4 + j]));
220 TTAK[2] += _S_(TTAK[1] ^ Mk16(TK[9 + j], TK[8 + j]));
221 TTAK[3] += _S_(TTAK[2] ^ Mk16(TK[13 + j], TK[12 + j]));
222 TTAK[4] += _S_(TTAK[3] ^ Mk16(TK[1 + j], TK[0 + j])) + i;
223 }
224}
225
0edd5b44 226static void tkip_mixing_phase2(u8 * WEPSeed, const u8 * TK, const u16 * TTAK,
b453872c
JG		 227 u16 IV16)
228{
229 /* Make temporary area overlap WEP seed so that the final copy can be
230 * avoided on little endian hosts. */
0edd5b44 231 u16 *PPK = (u16 *) & WEPSeed[4];
b453872c
JG		 232
233 /* Step 1 - make copy of TTAK and bring in TSC */
234 PPK[0] = TTAK[0];
235 PPK[1] = TTAK[1];
236 PPK[2] = TTAK[2];
237 PPK[3] = TTAK[3];
238 PPK[4] = TTAK[4];
239 PPK[5] = TTAK[4] + IV16;
240
241 /* Step 2 - 96-bit bijective mixing using S-box */
0edd5b44
JG		 242 PPK[0] += _S_(PPK[5] ^ Mk16_le((u16 *) & TK[0]));
243 PPK[1] += _S_(PPK[0] ^ Mk16_le((u16 *) & TK[2]));
244 PPK[2] += _S_(PPK[1] ^ Mk16_le((u16 *) & TK[4]));
245 PPK[3] += _S_(PPK[2] ^ Mk16_le((u16 *) & TK[6]));
246 PPK[4] += _S_(PPK[3] ^ Mk16_le((u16 *) & TK[8]));
247 PPK[5] += _S_(PPK[4] ^ Mk16_le((u16 *) & TK[10]));
248
249 PPK[0] += RotR1(PPK[5] ^ Mk16_le((u16 *) & TK[12]));
250 PPK[1] += RotR1(PPK[0] ^ Mk16_le((u16 *) & TK[14]));
b453872c
JG		 251 PPK[2] += RotR1(PPK[1]);
252 PPK[3] += RotR1(PPK[2]);
253 PPK[4] += RotR1(PPK[3]);
254 PPK[5] += RotR1(PPK[4]);
255
256 /* Step 3 - bring in last of TK bits, assign 24-bit WEP IV value
257 * WEPSeed[0..2] is transmitted as WEP IV */
258 WEPSeed[0] = Hi8(IV16);
259 WEPSeed[1] = (Hi8(IV16) | 0x20) & 0x7F;
260 WEPSeed[2] = Lo8(IV16);
0edd5b44 261 WEPSeed[3] = Lo8((PPK[5] ^ Mk16_le((u16 *) & TK[0])) >> 1);
b453872c
JG		 262
263#ifdef __BIG_ENDIAN
264 {
265 int i;
266 for (i = 0; i < 6; i++)
267 PPK[i] = (PPK[i] << 8) | (PPK[i] >> 8);
268 }
269#endif
270}
271
9184d934
ZY		 272static int ieee80211_tkip_hdr(struct sk_buff *skb, int hdr_len,
273 u8 * rc4key, int keylen, void *priv)
b453872c
JG		 274{
275 struct ieee80211_tkip_data *tkey = priv;
276 int len;
9184d934 277 u8 *pos;
ee34af37 278 struct ieee80211_hdr_4addr *hdr;
b453872c 279
ee34af37 280 hdr = (struct ieee80211_hdr_4addr *)skb->data;
20d64713 281
31b59eae 282 if (skb_headroom(skb) < 8 || skb->len < hdr_len)
9184d934
ZY		 283 return -1;
284
285 if (rc4key == NULL || keylen < 16)
286 return -1;
b453872c 287
b453872c
JG		 288 if (!tkey->tx_phase1_done) {
289 tkip_mixing_phase1(tkey->tx_ttak, tkey->key, hdr->addr2,
290 tkey->tx_iv32);
291 tkey->tx_phase1_done = 1;
292 }
293 tkip_mixing_phase2(rc4key, tkey->key, tkey->tx_ttak, tkey->tx_iv16);
294
295 len = skb->len - hdr_len;
296 pos = skb_push(skb, 8);
297 memmove(pos, pos + 8, hdr_len);
298 pos += hdr_len;
b453872c 299
31b59eae
JK		 300 *pos++ = *rc4key;
301 *pos++ = *(rc4key + 1);
302 *pos++ = *(rc4key + 2);
0edd5b44 303 *pos++ = (tkey->key_idx << 6) | (1 << 5) /* Ext IV included */ ;
b453872c
JG		 304 *pos++ = tkey->tx_iv32 & 0xff;
305 *pos++ = (tkey->tx_iv32 >> 8) & 0xff;
306 *pos++ = (tkey->tx_iv32 >> 16) & 0xff;
307 *pos++ = (tkey->tx_iv32 >> 24) & 0xff;
308
9184d934
ZY		 309 tkey->tx_iv16++;
310 if (tkey->tx_iv16 == 0) {
311 tkey->tx_phase1_done = 0;
312 tkey->tx_iv32++;
313 }
b453872c 314
9184d934 315 return 8;
31b59eae
JK		 316}
317
318static int ieee80211_tkip_encrypt(struct sk_buff *skb, int hdr_len, void *priv)
319{
320 struct ieee80211_tkip_data *tkey = priv;
321 int len;
9184d934
ZY		 322 u8 rc4key[16], *pos, *icv;
323 u32 crc;
31b59eae
JK		 324 struct scatterlist sg;
325
6eb6edf0 326 if (tkey->flags & IEEE80211_CRYPTO_TKIP_COUNTERMEASURES) {
31b59eae
JK		 327 if (net_ratelimit()) {
328 struct ieee80211_hdr_4addr *hdr =
329 (struct ieee80211_hdr_4addr *)skb->data;
9184d934 330 printk(KERN_DEBUG ": TKIP countermeasures: dropped "
31b59eae 331 "TX packet to " MAC_FMT "\n",
6eb6edf0 332 MAC_ARG(hdr->addr1));
31b59eae
JK		 333 }
334 return -1;
335 }
336
337 if (skb_tailroom(skb) < 4 || skb->len < hdr_len)
338 return -1;
339
340 len = skb->len - hdr_len;
341 pos = skb->data + hdr_len;
342
9184d934 343 if ((ieee80211_tkip_hdr(skb, hdr_len, rc4key, 16, priv)) < 0)
31b59eae
JK		 344 return -1;
345
9184d934
ZY		 346 icv = skb_put(skb, 4);
347
348 crc = ~crc32_le(~0, pos, len);
349 icv[0] = crc;
350 icv[1] = crc >> 8;
351 icv[2] = crc >> 16;
352 icv[3] = crc >> 24;
353
b453872c
JG		 354 crypto_cipher_setkey(tkey->tfm_arc4, rc4key, 16);
355 sg.page = virt_to_page(pos);
356 sg.offset = offset_in_page(pos);
357 sg.length = len + 4;
358 crypto_cipher_encrypt(tkey->tfm_arc4, &sg, &sg, len + 4);
359
b453872c
JG		 360 return 0;
361}
362
363static int ieee80211_tkip_decrypt(struct sk_buff *skb, int hdr_len, void *priv)
364{
365 struct ieee80211_tkip_data *tkey = priv;
366 u8 rc4key[16];
367 u8 keyidx, *pos;
368 u32 iv32;
369 u16 iv16;
ee34af37 370 struct ieee80211_hdr_4addr *hdr;
b453872c
JG		 371 u8 icv[4];
372 u32 crc;
373 struct scatterlist sg;
374 int plen;
375
ee34af37 376 hdr = (struct ieee80211_hdr_4addr *)skb->data;
20d64713 377
6eb6edf0 378 if (tkey->flags & IEEE80211_CRYPTO_TKIP_COUNTERMEASURES) {
20d64713 379 if (net_ratelimit()) {
9184d934 380 printk(KERN_DEBUG ": TKIP countermeasures: dropped "
20d64713 381 "received packet from " MAC_FMT "\n",
6eb6edf0 382 MAC_ARG(hdr->addr2));
20d64713
JK		 383 }
384 return -1;
385 }
386
b453872c
JG		 387 if (skb->len < hdr_len + 8 + 4)
388 return -1;
389
b453872c
JG		 390 pos = skb->data + hdr_len;
391 keyidx = pos[3];
392 if (!(keyidx & (1 << 5))) {
393 if (net_ratelimit()) {
394 printk(KERN_DEBUG "TKIP: received packet without ExtIV"
395 " flag from " MAC_FMT "\n", MAC_ARG(hdr->addr2));
396 }
397 return -2;
398 }
399 keyidx >>= 6;
400 if (tkey->key_idx != keyidx) {
401 printk(KERN_DEBUG "TKIP: RX tkey->key_idx=%d frame "
402 "keyidx=%d priv=%p\n", tkey->key_idx, keyidx, priv);
403 return -6;
404 }
405 if (!tkey->key_set) {
406 if (net_ratelimit()) {
407 printk(KERN_DEBUG "TKIP: received packet from " MAC_FMT
408 " with keyid=%d that does not have a configured"
409 " key\n", MAC_ARG(hdr->addr2), keyidx);
410 }
411 return -3;
412 }
413 iv16 = (pos[0] << 8) | pos[2];
414 iv32 = pos[4] | (pos[5] << 8) | (pos[6] << 16) | (pos[7] << 24);
415 pos += 8;
416
417 if (iv32 < tkey->rx_iv32 ||
418 (iv32 == tkey->rx_iv32 && iv16 <= tkey->rx_iv16)) {
419 if (net_ratelimit()) {
420 printk(KERN_DEBUG "TKIP: replay detected: STA=" MAC_FMT
421 " previous TSC %08x%04x received TSC "
422 "%08x%04x\n", MAC_ARG(hdr->addr2),
423 tkey->rx_iv32, tkey->rx_iv16, iv32, iv16);
424 }
425 tkey->dot11RSNAStatsTKIPReplays++;
426 return -4;
427 }
428
429 if (iv32 != tkey->rx_iv32 || !tkey->rx_phase1_done) {
430 tkip_mixing_phase1(tkey->rx_ttak, tkey->key, hdr->addr2, iv32);
431 tkey->rx_phase1_done = 1;
432 }
433 tkip_mixing_phase2(rc4key, tkey->key, tkey->rx_ttak, iv16);
434
435 plen = skb->len - hdr_len - 12;
436
437 crypto_cipher_setkey(tkey->tfm_arc4, rc4key, 16);
438 sg.page = virt_to_page(pos);
439 sg.offset = offset_in_page(pos);
440 sg.length = plen + 4;
441 crypto_cipher_decrypt(tkey->tfm_arc4, &sg, &sg, plen + 4);
442
443 crc = ~crc32_le(~0, pos, plen);
444 icv[0] = crc;
445 icv[1] = crc >> 8;
446 icv[2] = crc >> 16;
447 icv[3] = crc >> 24;
448 if (memcmp(icv, pos + plen, 4) != 0) {
449 if (iv32 != tkey->rx_iv32) {
450 /* Previously cached Phase1 result was already lost, so
451 * it needs to be recalculated for the next packet. */
452 tkey->rx_phase1_done = 0;
453 }
454 if (net_ratelimit()) {
455 printk(KERN_DEBUG "TKIP: ICV error detected: STA="
456 MAC_FMT "\n", MAC_ARG(hdr->addr2));
457 }
458 tkey->dot11RSNAStatsTKIPICVErrors++;
459 return -5;
460 }
461
462 /* Update real counters only after Michael MIC verification has
463 * completed */
464 tkey->rx_iv32_new = iv32;
465 tkey->rx_iv16_new = iv16;
466
467 /* Remove IV and ICV */
468 memmove(skb->data + 8, skb->data, hdr_len);
469 skb_pull(skb, 8);
470 skb_trim(skb, skb->len - 4);
471
472 return keyidx;
473}
474
0edd5b44
JG		 475static int michael_mic(struct ieee80211_tkip_data *tkey, u8 * key, u8 * hdr,
476 u8 * data, size_t data_len, u8 * mic)
b453872c
JG		 477{
478 struct scatterlist sg[2];
479
480 if (tkey->tfm_michael == NULL) {
481 printk(KERN_WARNING "michael_mic: tfm_michael == NULL\n");
482 return -1;
483 }
484 sg[0].page = virt_to_page(hdr);
485 sg[0].offset = offset_in_page(hdr);
486 sg[0].length = 16;
487
488 sg[1].page = virt_to_page(data);
489 sg[1].offset = offset_in_page(data);
490 sg[1].length = data_len;
491
492 crypto_digest_init(tkey->tfm_michael);
493 crypto_digest_setkey(tkey->tfm_michael, key, 8);
494 crypto_digest_update(tkey->tfm_michael, sg, 2);
495 crypto_digest_final(tkey->tfm_michael, mic);
496
497 return 0;
498}
499
0edd5b44 500static void michael_mic_hdr(struct sk_buff *skb, u8 * hdr)
b453872c 501{
ee34af37 502 struct ieee80211_hdr_4addr *hdr11;
ea284152 503 u16 stype;
b453872c 504
ee34af37 505 hdr11 = (struct ieee80211_hdr_4addr *)skb->data;
ea284152
ZY		 506 stype = WLAN_FC_GET_STYPE(le16_to_cpu(hdr11->frame_ctl));
507
b453872c
JG		 508 switch (le16_to_cpu(hdr11->frame_ctl) &
509 (IEEE80211_FCTL_FROMDS | IEEE80211_FCTL_TODS)) {
510 case IEEE80211_FCTL_TODS:
0edd5b44
JG		 511 memcpy(hdr, hdr11->addr3, ETH_ALEN); /* DA */
512 memcpy(hdr + ETH_ALEN, hdr11->addr2, ETH_ALEN); /* SA */
b453872c
JG		 513 break;
514 case IEEE80211_FCTL_FROMDS:
0edd5b44
JG		 515 memcpy(hdr, hdr11->addr1, ETH_ALEN); /* DA */
516 memcpy(hdr + ETH_ALEN, hdr11->addr3, ETH_ALEN); /* SA */
b453872c
JG		 517 break;
518 case IEEE80211_FCTL_FROMDS | IEEE80211_FCTL_TODS:
0edd5b44
JG		 519 memcpy(hdr, hdr11->addr3, ETH_ALEN); /* DA */
520 memcpy(hdr + ETH_ALEN, hdr11->addr4, ETH_ALEN); /* SA */
b453872c
JG		 521 break;
522 case 0:
0edd5b44
JG		 523 memcpy(hdr, hdr11->addr1, ETH_ALEN); /* DA */
524 memcpy(hdr + ETH_ALEN, hdr11->addr2, ETH_ALEN); /* SA */
b453872c
JG		 525 break;
526 }
527
ea284152
ZY		 528 if (stype & IEEE80211_STYPE_QOS_DATA) {
529 const struct ieee80211_hdr_3addrqos *qoshdr =
530 (struct ieee80211_hdr_3addrqos *)skb->data;
65b6a277 531 hdr[12] = qoshdr->qos_ctl & cpu_to_le16(IEEE80211_QCTL_TID);
ea284152
ZY		 532 } else
533 hdr[12] = 0; /* priority */
534
0edd5b44 535 hdr[13] = hdr[14] = hdr[15] = 0; /* reserved */
b453872c
JG		 536}
537
0edd5b44
JG		 538static int ieee80211_michael_mic_add(struct sk_buff *skb, int hdr_len,
539 void *priv)
b453872c
JG		 540{
541 struct ieee80211_tkip_data *tkey = priv;
542 u8 *pos;
543
544 if (skb_tailroom(skb) < 8 || skb->len < hdr_len) {
545 printk(KERN_DEBUG "Invalid packet for Michael MIC add "
546 "(tailroom=%d hdr_len=%d skb->len=%d)\n",
547 skb_tailroom(skb), hdr_len, skb->len);
548 return -1;
549 }
550
551 michael_mic_hdr(skb, tkey->tx_hdr);
552 pos = skb_put(skb, 8);
553 if (michael_mic(tkey, &tkey->key[16], tkey->tx_hdr,
554 skb->data + hdr_len, skb->len - 8 - hdr_len, pos))
555 return -1;
556
557 return 0;
558}
559
b453872c 560static void ieee80211_michael_mic_failure(struct net_device *dev,
ee34af37
JK		 561 struct ieee80211_hdr_4addr *hdr,
562 int keyidx)
b453872c
JG		 563{
564 union iwreq_data wrqu;
565 struct iw_michaelmicfailure ev;
566
567 /* TODO: needed parameters: count, keyid, key type, TSC */
568 memset(&ev, 0, sizeof(ev));
569 ev.flags = keyidx & IW_MICFAILURE_KEY_ID;
570 if (hdr->addr1[0] & 0x01)
571 ev.flags |= IW_MICFAILURE_GROUP;
572 else
573 ev.flags |= IW_MICFAILURE_PAIRWISE;
574 ev.src_addr.sa_family = ARPHRD_ETHER;
575 memcpy(ev.src_addr.sa_data, hdr->addr2, ETH_ALEN);
576 memset(&wrqu, 0, sizeof(wrqu));
577 wrqu.data.length = sizeof(ev);
0edd5b44 578 wireless_send_event(dev, IWEVMICHAELMICFAILURE, &wrqu, (char *)&ev);
b453872c 579}
b453872c
JG		 580
581static int ieee80211_michael_mic_verify(struct sk_buff *skb, int keyidx,
0edd5b44 582 int hdr_len, void *priv)
b453872c
JG		 583{
584 struct ieee80211_tkip_data *tkey = priv;
585 u8 mic[8];
586
587 if (!tkey->key_set)
588 return -1;
589
590 michael_mic_hdr(skb, tkey->rx_hdr);
591 if (michael_mic(tkey, &tkey->key[24], tkey->rx_hdr,
592 skb->data + hdr_len, skb->len - 8 - hdr_len, mic))
593 return -1;
594 if (memcmp(mic, skb->data + skb->len - 8, 8) != 0) {
ee34af37
JK		 595 struct ieee80211_hdr_4addr *hdr;
596 hdr = (struct ieee80211_hdr_4addr *)skb->data;
b453872c
JG		 597 printk(KERN_DEBUG "%s: Michael MIC verification failed for "
598 "MSDU from " MAC_FMT " keyidx=%d\n",
599 skb->dev ? skb->dev->name : "N/A", MAC_ARG(hdr->addr2),
600 keyidx);
601 if (skb->dev)
602 ieee80211_michael_mic_failure(skb->dev, hdr, keyidx);
603 tkey->dot11RSNAStatsTKIPLocalMICFailures++;
604 return -1;
605 }
606
607 /* Update TSC counters for RX now that the packet verification has
608 * completed. */
609 tkey->rx_iv32 = tkey->rx_iv32_new;
610 tkey->rx_iv16 = tkey->rx_iv16_new;
611
612 skb_trim(skb, skb->len - 8);
613
614 return 0;
615}
616
0edd5b44 617static int ieee80211_tkip_set_key(void *key, int len, u8 * seq, void *priv)
b453872c
JG		 618{
619 struct ieee80211_tkip_data *tkey = priv;
620 int keyidx;
621 struct crypto_tfm *tfm = tkey->tfm_michael;
622 struct crypto_tfm *tfm2 = tkey->tfm_arc4;
623
624 keyidx = tkey->key_idx;
625 memset(tkey, 0, sizeof(*tkey));
626 tkey->key_idx = keyidx;
627 tkey->tfm_michael = tfm;
628 tkey->tfm_arc4 = tfm2;
629 if (len == TKIP_KEY_LEN) {
630 memcpy(tkey->key, key, TKIP_KEY_LEN);
631 tkey->key_set = 1;
0edd5b44 632 tkey->tx_iv16 = 1; /* TSC is initialized to 1 */
b453872c
JG		 633 if (seq) {
634 tkey->rx_iv32 = (seq[5] << 24) | (seq[4] << 16) |
0edd5b44 635 (seq[3] << 8) | seq[2];
b453872c
JG		 636 tkey->rx_iv16 = (seq[1] << 8) | seq[0];
637 }
638 } else if (len == 0)
639 tkey->key_set = 0;
640 else
641 return -1;
642
643 return 0;
644}
645
0edd5b44 646static int ieee80211_tkip_get_key(void *key, int len, u8 * seq, void *priv)
b453872c
JG		 647{
648 struct ieee80211_tkip_data *tkey = priv;
649
650 if (len < TKIP_KEY_LEN)
651 return -1;
652
653 if (!tkey->key_set)
654 return 0;
655 memcpy(key, tkey->key, TKIP_KEY_LEN);
656
657 if (seq) {
658 /* Return the sequence number of the last transmitted frame. */
659 u16 iv16 = tkey->tx_iv16;
660 u32 iv32 = tkey->tx_iv32;
661 if (iv16 == 0)
662 iv32--;
663 iv16--;
664 seq[0] = tkey->tx_iv16;
665 seq[1] = tkey->tx_iv16 >> 8;
666 seq[2] = tkey->tx_iv32;
667 seq[3] = tkey->tx_iv32 >> 8;
668 seq[4] = tkey->tx_iv32 >> 16;
669 seq[5] = tkey->tx_iv32 >> 24;
670 }
671
672 return TKIP_KEY_LEN;
673}
674
0edd5b44 675static char *ieee80211_tkip_print_stats(char *p, void *priv)
b453872c
JG		 676{
677 struct ieee80211_tkip_data *tkip = priv;
678 p += sprintf(p, "key[%d] alg=TKIP key_set=%d "
679 "tx_pn=%02x%02x%02x%02x%02x%02x "
680 "rx_pn=%02x%02x%02x%02x%02x%02x "
681 "replays=%d icv_errors=%d local_mic_failures=%d\n",
682 tkip->key_idx, tkip->key_set,
683 (tkip->tx_iv32 >> 24) & 0xff,
684 (tkip->tx_iv32 >> 16) & 0xff,
685 (tkip->tx_iv32 >> 8) & 0xff,
686 tkip->tx_iv32 & 0xff,
687 (tkip->tx_iv16 >> 8) & 0xff,
688 tkip->tx_iv16 & 0xff,
689 (tkip->rx_iv32 >> 24) & 0xff,
690 (tkip->rx_iv32 >> 16) & 0xff,
691 (tkip->rx_iv32 >> 8) & 0xff,
692 tkip->rx_iv32 & 0xff,
693 (tkip->rx_iv16 >> 8) & 0xff,
694 tkip->rx_iv16 & 0xff,
695 tkip->dot11RSNAStatsTKIPReplays,
696 tkip->dot11RSNAStatsTKIPICVErrors,
697 tkip->dot11RSNAStatsTKIPLocalMICFailures);
698 return p;
699}
700
b453872c 701static struct ieee80211_crypto_ops ieee80211_crypt_tkip = {
74079fdc
JK		 702 .name = "TKIP",
703 .init = ieee80211_tkip_init,
704 .deinit = ieee80211_tkip_deinit,
9184d934 705 .build_iv = ieee80211_tkip_hdr,
74079fdc
JK		 706 .encrypt_mpdu = ieee80211_tkip_encrypt,
707 .decrypt_mpdu = ieee80211_tkip_decrypt,
708 .encrypt_msdu = ieee80211_michael_mic_add,
709 .decrypt_msdu = ieee80211_michael_mic_verify,
710 .set_key = ieee80211_tkip_set_key,
711 .get_key = ieee80211_tkip_get_key,
712 .print_stats = ieee80211_tkip_print_stats,
1264fc04
JK		 713 .extra_mpdu_prefix_len = 4 + 4, /* IV + ExtIV */
714 .extra_mpdu_postfix_len = 4, /* ICV */
715 .extra_msdu_postfix_len = 8, /* MIC */
6eb6edf0
JK		 716 .get_flags = ieee80211_tkip_get_flags,
717 .set_flags = ieee80211_tkip_set_flags,
74079fdc 718 .owner = THIS_MODULE,
b453872c
JG		 719};
720
b453872c
JG		 721static int __init ieee80211_crypto_tkip_init(void)
722{
723 return ieee80211_register_crypto_ops(&ieee80211_crypt_tkip);
724}
725
b453872c
JG		 726static void __exit ieee80211_crypto_tkip_exit(void)
727{
728 ieee80211_unregister_crypto_ops(&ieee80211_crypt_tkip);
729}
730
b453872c
JG		 731module_init(ieee80211_crypto_tkip_init);
732module_exit(ieee80211_crypto_tkip_exit);
Ubuntu Artful kernel mirror