0001
0002
0003
0004
0005
0006
0007
0008
0009 #define pr_fmt(fmt) KBUILD_MODNAME ": " fmt
0010
0011 #include <linux/err.h>
0012 #include <linux/fips.h>
0013 #include <linux/module.h>
0014 #include <linux/init.h>
0015 #include <linux/slab.h>
0016 #include <linux/random.h>
0017 #include <linux/scatterlist.h>
0018 #include <linux/skbuff.h>
0019 #include <linux/netdevice.h>
0020 #include <linux/mm.h>
0021 #include <linux/if_ether.h>
0022 #include <linux/if_arp.h>
0023 #include <asm/string.h>
0024
0025 #include <linux/wireless.h>
0026 #include <linux/ieee80211.h>
0027 #include <net/iw_handler.h>
0028
0029 #include <crypto/arc4.h>
0030 #include <crypto/hash.h>
0031 #include <linux/crypto.h>
0032 #include <linux/crc32.h>
0033
0034 #include <net/lib80211.h>
0035
0036 MODULE_AUTHOR("Jouni Malinen");
0037 MODULE_DESCRIPTION("lib80211 crypt: TKIP");
0038 MODULE_LICENSE("GPL");
0039
0040 #define TKIP_HDR_LEN 8
0041
0042 struct lib80211_tkip_data {
0043 #define TKIP_KEY_LEN 32
0044 u8 key[TKIP_KEY_LEN];
0045 int key_set;
0046
0047 u32 tx_iv32;
0048 u16 tx_iv16;
0049 u16 tx_ttak[5];
0050 int tx_phase1_done;
0051
0052 u32 rx_iv32;
0053 u16 rx_iv16;
0054 u16 rx_ttak[5];
0055 int rx_phase1_done;
0056 u32 rx_iv32_new;
0057 u16 rx_iv16_new;
0058
0059 u32 dot11RSNAStatsTKIPReplays;
0060 u32 dot11RSNAStatsTKIPICVErrors;
0061 u32 dot11RSNAStatsTKIPLocalMICFailures;
0062
0063 int key_idx;
0064
0065 struct arc4_ctx rx_ctx_arc4;
0066 struct arc4_ctx tx_ctx_arc4;
0067 struct crypto_shash *rx_tfm_michael;
0068 struct crypto_shash *tx_tfm_michael;
0069
0070
0071 u8 rx_hdr[16], tx_hdr[16];
0072
0073 unsigned long flags;
0074 };
0075
0076 static unsigned long lib80211_tkip_set_flags(unsigned long flags, void *priv)
0077 {
0078 struct lib80211_tkip_data *_priv = priv;
0079 unsigned long old_flags = _priv->flags;
0080 _priv->flags = flags;
0081 return old_flags;
0082 }
0083
0084 static unsigned long lib80211_tkip_get_flags(void *priv)
0085 {
0086 struct lib80211_tkip_data *_priv = priv;
0087 return _priv->flags;
0088 }
0089
0090 static void *lib80211_tkip_init(int key_idx)
0091 {
0092 struct lib80211_tkip_data *priv;
0093
0094 if (fips_enabled)
0095 return NULL;
0096
0097 priv = kzalloc(sizeof(*priv), GFP_ATOMIC);
0098 if (priv == NULL)
0099 goto fail;
0100
0101 priv->key_idx = key_idx;
0102
0103 priv->tx_tfm_michael = crypto_alloc_shash("michael_mic", 0, 0);
0104 if (IS_ERR(priv->tx_tfm_michael)) {
0105 priv->tx_tfm_michael = NULL;
0106 goto fail;
0107 }
0108
0109 priv->rx_tfm_michael = crypto_alloc_shash("michael_mic", 0, 0);
0110 if (IS_ERR(priv->rx_tfm_michael)) {
0111 priv->rx_tfm_michael = NULL;
0112 goto fail;
0113 }
0114
0115 return priv;
0116
0117 fail:
0118 if (priv) {
0119 crypto_free_shash(priv->tx_tfm_michael);
0120 crypto_free_shash(priv->rx_tfm_michael);
0121 kfree(priv);
0122 }
0123
0124 return NULL;
0125 }
0126
0127 static void lib80211_tkip_deinit(void *priv)
0128 {
0129 struct lib80211_tkip_data *_priv = priv;
0130 if (_priv) {
0131 crypto_free_shash(_priv->tx_tfm_michael);
0132 crypto_free_shash(_priv->rx_tfm_michael);
0133 }
0134 kfree_sensitive(priv);
0135 }
0136
0137 static inline u16 RotR1(u16 val)
0138 {
0139 return (val >> 1) | (val << 15);
0140 }
0141
0142 static inline u8 Lo8(u16 val)
0143 {
0144 return val & 0xff;
0145 }
0146
0147 static inline u8 Hi8(u16 val)
0148 {
0149 return val >> 8;
0150 }
0151
0152 static inline u16 Lo16(u32 val)
0153 {
0154 return val & 0xffff;
0155 }
0156
0157 static inline u16 Hi16(u32 val)
0158 {
0159 return val >> 16;
0160 }
0161
0162 static inline u16 Mk16(u8 hi, u8 lo)
0163 {
0164 return lo | (((u16) hi) << 8);
0165 }
0166
0167 static inline u16 Mk16_le(__le16 * v)
0168 {
0169 return le16_to_cpu(*v);
0170 }
0171
0172 static const u16 Sbox[256] = {
0173 0xC6A5, 0xF884, 0xEE99, 0xF68D, 0xFF0D, 0xD6BD, 0xDEB1, 0x9154,
0174 0x6050, 0x0203, 0xCEA9, 0x567D, 0xE719, 0xB562, 0x4DE6, 0xEC9A,
0175 0x8F45, 0x1F9D, 0x8940, 0xFA87, 0xEF15, 0xB2EB, 0x8EC9, 0xFB0B,
0176 0x41EC, 0xB367, 0x5FFD, 0x45EA, 0x23BF, 0x53F7, 0xE496, 0x9B5B,
0177 0x75C2, 0xE11C, 0x3DAE, 0x4C6A, 0x6C5A, 0x7E41, 0xF502, 0x834F,
0178 0x685C, 0x51F4, 0xD134, 0xF908, 0xE293, 0xAB73, 0x6253, 0x2A3F,
0179 0x080C, 0x9552, 0x4665, 0x9D5E, 0x3028, 0x37A1, 0x0A0F, 0x2FB5,
0180 0x0E09, 0x2436, 0x1B9B, 0xDF3D, 0xCD26, 0x4E69, 0x7FCD, 0xEA9F,
0181 0x121B, 0x1D9E, 0x5874, 0x342E, 0x362D, 0xDCB2, 0xB4EE, 0x5BFB,
0182 0xA4F6, 0x764D, 0xB761, 0x7DCE, 0x527B, 0xDD3E, 0x5E71, 0x1397,
0183 0xA6F5, 0xB968, 0x0000, 0xC12C, 0x4060, 0xE31F, 0x79C8, 0xB6ED,
0184 0xD4BE, 0x8D46, 0x67D9, 0x724B, 0x94DE, 0x98D4, 0xB0E8, 0x854A,
0185 0xBB6B, 0xC52A, 0x4FE5, 0xED16, 0x86C5, 0x9AD7, 0x6655, 0x1194,
0186 0x8ACF, 0xE910, 0x0406, 0xFE81, 0xA0F0, 0x7844, 0x25BA, 0x4BE3,
0187 0xA2F3, 0x5DFE, 0x80C0, 0x058A, 0x3FAD, 0x21BC, 0x7048, 0xF104,
0188 0x63DF, 0x77C1, 0xAF75, 0x4263, 0x2030, 0xE51A, 0xFD0E, 0xBF6D,
0189 0x814C, 0x1814, 0x2635, 0xC32F, 0xBEE1, 0x35A2, 0x88CC, 0x2E39,
0190 0x9357, 0x55F2, 0xFC82, 0x7A47, 0xC8AC, 0xBAE7, 0x322B, 0xE695,
0191 0xC0A0, 0x1998, 0x9ED1, 0xA37F, 0x4466, 0x547E, 0x3BAB, 0x0B83,
0192 0x8CCA, 0xC729, 0x6BD3, 0x283C, 0xA779, 0xBCE2, 0x161D, 0xAD76,
0193 0xDB3B, 0x6456, 0x744E, 0x141E, 0x92DB, 0x0C0A, 0x486C, 0xB8E4,
0194 0x9F5D, 0xBD6E, 0x43EF, 0xC4A6, 0x39A8, 0x31A4, 0xD337, 0xF28B,
0195 0xD532, 0x8B43, 0x6E59, 0xDAB7, 0x018C, 0xB164, 0x9CD2, 0x49E0,
0196 0xD8B4, 0xACFA, 0xF307, 0xCF25, 0xCAAF, 0xF48E, 0x47E9, 0x1018,
0197 0x6FD5, 0xF088, 0x4A6F, 0x5C72, 0x3824, 0x57F1, 0x73C7, 0x9751,
0198 0xCB23, 0xA17C, 0xE89C, 0x3E21, 0x96DD, 0x61DC, 0x0D86, 0x0F85,
0199 0xE090, 0x7C42, 0x71C4, 0xCCAA, 0x90D8, 0x0605, 0xF701, 0x1C12,
0200 0xC2A3, 0x6A5F, 0xAEF9, 0x69D0, 0x1791, 0x9958, 0x3A27, 0x27B9,
0201 0xD938, 0xEB13, 0x2BB3, 0x2233, 0xD2BB, 0xA970, 0x0789, 0x33A7,
0202 0x2DB6, 0x3C22, 0x1592, 0xC920, 0x8749, 0xAAFF, 0x5078, 0xA57A,
0203 0x038F, 0x59F8, 0x0980, 0x1A17, 0x65DA, 0xD731, 0x84C6, 0xD0B8,
0204 0x82C3, 0x29B0, 0x5A77, 0x1E11, 0x7BCB, 0xA8FC, 0x6DD6, 0x2C3A,
0205 };
0206
0207 static inline u16 _S_(u16 v)
0208 {
0209 u16 t = Sbox[Hi8(v)];
0210 return Sbox[Lo8(v)] ^ ((t << 8) | (t >> 8));
0211 }
0212
0213 #define PHASE1_LOOP_COUNT 8
0214
0215 static void tkip_mixing_phase1(u16 * TTAK, const u8 * TK, const u8 * TA,
0216 u32 IV32)
0217 {
0218 int i, j;
0219
0220
0221 TTAK[0] = Lo16(IV32);
0222 TTAK[1] = Hi16(IV32);
0223 TTAK[2] = Mk16(TA[1], TA[0]);
0224 TTAK[3] = Mk16(TA[3], TA[2]);
0225 TTAK[4] = Mk16(TA[5], TA[4]);
0226
0227 for (i = 0; i < PHASE1_LOOP_COUNT; i++) {
0228 j = 2 * (i & 1);
0229 TTAK[0] += _S_(TTAK[4] ^ Mk16(TK[1 + j], TK[0 + j]));
0230 TTAK[1] += _S_(TTAK[0] ^ Mk16(TK[5 + j], TK[4 + j]));
0231 TTAK[2] += _S_(TTAK[1] ^ Mk16(TK[9 + j], TK[8 + j]));
0232 TTAK[3] += _S_(TTAK[2] ^ Mk16(TK[13 + j], TK[12 + j]));
0233 TTAK[4] += _S_(TTAK[3] ^ Mk16(TK[1 + j], TK[0 + j])) + i;
0234 }
0235 }
0236
0237 static void tkip_mixing_phase2(u8 * WEPSeed, const u8 * TK, const u16 * TTAK,
0238 u16 IV16)
0239 {
0240
0241
0242 u16 *PPK = (u16 *) & WEPSeed[4];
0243
0244
0245 PPK[0] = TTAK[0];
0246 PPK[1] = TTAK[1];
0247 PPK[2] = TTAK[2];
0248 PPK[3] = TTAK[3];
0249 PPK[4] = TTAK[4];
0250 PPK[5] = TTAK[4] + IV16;
0251
0252
0253 PPK[0] += _S_(PPK[5] ^ Mk16_le((__le16 *) & TK[0]));
0254 PPK[1] += _S_(PPK[0] ^ Mk16_le((__le16 *) & TK[2]));
0255 PPK[2] += _S_(PPK[1] ^ Mk16_le((__le16 *) & TK[4]));
0256 PPK[3] += _S_(PPK[2] ^ Mk16_le((__le16 *) & TK[6]));
0257 PPK[4] += _S_(PPK[3] ^ Mk16_le((__le16 *) & TK[8]));
0258 PPK[5] += _S_(PPK[4] ^ Mk16_le((__le16 *) & TK[10]));
0259
0260 PPK[0] += RotR1(PPK[5] ^ Mk16_le((__le16 *) & TK[12]));
0261 PPK[1] += RotR1(PPK[0] ^ Mk16_le((__le16 *) & TK[14]));
0262 PPK[2] += RotR1(PPK[1]);
0263 PPK[3] += RotR1(PPK[2]);
0264 PPK[4] += RotR1(PPK[3]);
0265 PPK[5] += RotR1(PPK[4]);
0266
0267
0268
0269 WEPSeed[0] = Hi8(IV16);
0270 WEPSeed[1] = (Hi8(IV16) | 0x20) & 0x7F;
0271 WEPSeed[2] = Lo8(IV16);
0272 WEPSeed[3] = Lo8((PPK[5] ^ Mk16_le((__le16 *) & TK[0])) >> 1);
0273
0274 #ifdef __BIG_ENDIAN
0275 {
0276 int i;
0277 for (i = 0; i < 6; i++)
0278 PPK[i] = (PPK[i] << 8) | (PPK[i] >> 8);
0279 }
0280 #endif
0281 }
0282
0283 static int lib80211_tkip_hdr(struct sk_buff *skb, int hdr_len,
0284 u8 * rc4key, int keylen, void *priv)
0285 {
0286 struct lib80211_tkip_data *tkey = priv;
0287 u8 *pos;
0288 struct ieee80211_hdr *hdr;
0289
0290 hdr = (struct ieee80211_hdr *)skb->data;
0291
0292 if (skb_headroom(skb) < TKIP_HDR_LEN || skb->len < hdr_len)
0293 return -1;
0294
0295 if (rc4key == NULL || keylen < 16)
0296 return -1;
0297
0298 if (!tkey->tx_phase1_done) {
0299 tkip_mixing_phase1(tkey->tx_ttak, tkey->key, hdr->addr2,
0300 tkey->tx_iv32);
0301 tkey->tx_phase1_done = 1;
0302 }
0303 tkip_mixing_phase2(rc4key, tkey->key, tkey->tx_ttak, tkey->tx_iv16);
0304
0305 pos = skb_push(skb, TKIP_HDR_LEN);
0306 memmove(pos, pos + TKIP_HDR_LEN, hdr_len);
0307 pos += hdr_len;
0308
0309 *pos++ = *rc4key;
0310 *pos++ = *(rc4key + 1);
0311 *pos++ = *(rc4key + 2);
0312 *pos++ = (tkey->key_idx << 6) | (1 << 5) ;
0313 *pos++ = tkey->tx_iv32 & 0xff;
0314 *pos++ = (tkey->tx_iv32 >> 8) & 0xff;
0315 *pos++ = (tkey->tx_iv32 >> 16) & 0xff;
0316 *pos++ = (tkey->tx_iv32 >> 24) & 0xff;
0317
0318 tkey->tx_iv16++;
0319 if (tkey->tx_iv16 == 0) {
0320 tkey->tx_phase1_done = 0;
0321 tkey->tx_iv32++;
0322 }
0323
0324 return TKIP_HDR_LEN;
0325 }
0326
0327 static int lib80211_tkip_encrypt(struct sk_buff *skb, int hdr_len, void *priv)
0328 {
0329 struct lib80211_tkip_data *tkey = priv;
0330 int len;
0331 u8 rc4key[16], *pos, *icv;
0332 u32 crc;
0333
0334 if (tkey->flags & IEEE80211_CRYPTO_TKIP_COUNTERMEASURES) {
0335 struct ieee80211_hdr *hdr = (struct ieee80211_hdr *)skb->data;
0336 net_dbg_ratelimited("TKIP countermeasures: dropped TX packet to %pM\n",
0337 hdr->addr1);
0338 return -1;
0339 }
0340
0341 if (skb_tailroom(skb) < 4 || skb->len < hdr_len)
0342 return -1;
0343
0344 len = skb->len - hdr_len;
0345 pos = skb->data + hdr_len;
0346
0347 if ((lib80211_tkip_hdr(skb, hdr_len, rc4key, 16, priv)) < 0)
0348 return -1;
0349
0350 crc = ~crc32_le(~0, pos, len);
0351 icv = skb_put(skb, 4);
0352 icv[0] = crc;
0353 icv[1] = crc >> 8;
0354 icv[2] = crc >> 16;
0355 icv[3] = crc >> 24;
0356
0357 arc4_setkey(&tkey->tx_ctx_arc4, rc4key, 16);
0358 arc4_crypt(&tkey->tx_ctx_arc4, pos, pos, len + 4);
0359
0360 return 0;
0361 }
0362
0363
0364
0365
0366
0367 static inline int tkip_replay_check(u32 iv32_n, u16 iv16_n,
0368 u32 iv32_o, u16 iv16_o)
0369 {
0370 if ((s32)iv32_n - (s32)iv32_o < 0 ||
0371 (iv32_n == iv32_o && iv16_n <= iv16_o))
0372 return 1;
0373 return 0;
0374 }
0375
0376 static int lib80211_tkip_decrypt(struct sk_buff *skb, int hdr_len, void *priv)
0377 {
0378 struct lib80211_tkip_data *tkey = priv;
0379 u8 rc4key[16];
0380 u8 keyidx, *pos;
0381 u32 iv32;
0382 u16 iv16;
0383 struct ieee80211_hdr *hdr;
0384 u8 icv[4];
0385 u32 crc;
0386 int plen;
0387
0388 hdr = (struct ieee80211_hdr *)skb->data;
0389
0390 if (tkey->flags & IEEE80211_CRYPTO_TKIP_COUNTERMEASURES) {
0391 net_dbg_ratelimited("TKIP countermeasures: dropped received packet from %pM\n",
0392 hdr->addr2);
0393 return -1;
0394 }
0395
0396 if (skb->len < hdr_len + TKIP_HDR_LEN + 4)
0397 return -1;
0398
0399 pos = skb->data + hdr_len;
0400 keyidx = pos[3];
0401 if (!(keyidx & (1 << 5))) {
0402 net_dbg_ratelimited("TKIP: received packet without ExtIV flag from %pM\n",
0403 hdr->addr2);
0404 return -2;
0405 }
0406 keyidx >>= 6;
0407 if (tkey->key_idx != keyidx) {
0408 net_dbg_ratelimited("TKIP: RX tkey->key_idx=%d frame keyidx=%d\n",
0409 tkey->key_idx, keyidx);
0410 return -6;
0411 }
0412 if (!tkey->key_set) {
0413 net_dbg_ratelimited("TKIP: received packet from %pM with keyid=%d that does not have a configured key\n",
0414 hdr->addr2, keyidx);
0415 return -3;
0416 }
0417 iv16 = (pos[0] << 8) | pos[2];
0418 iv32 = pos[4] | (pos[5] << 8) | (pos[6] << 16) | (pos[7] << 24);
0419 pos += TKIP_HDR_LEN;
0420
0421 if (tkip_replay_check(iv32, iv16, tkey->rx_iv32, tkey->rx_iv16)) {
0422 #ifdef CONFIG_LIB80211_DEBUG
0423 net_dbg_ratelimited("TKIP: replay detected: STA=%pM previous TSC %08x%04x received TSC %08x%04x\n",
0424 hdr->addr2, tkey->rx_iv32, tkey->rx_iv16,
0425 iv32, iv16);
0426 #endif
0427 tkey->dot11RSNAStatsTKIPReplays++;
0428 return -4;
0429 }
0430
0431 if (iv32 != tkey->rx_iv32 || !tkey->rx_phase1_done) {
0432 tkip_mixing_phase1(tkey->rx_ttak, tkey->key, hdr->addr2, iv32);
0433 tkey->rx_phase1_done = 1;
0434 }
0435 tkip_mixing_phase2(rc4key, tkey->key, tkey->rx_ttak, iv16);
0436
0437 plen = skb->len - hdr_len - 12;
0438
0439 arc4_setkey(&tkey->rx_ctx_arc4, rc4key, 16);
0440 arc4_crypt(&tkey->rx_ctx_arc4, pos, pos, plen + 4);
0441
0442 crc = ~crc32_le(~0, pos, plen);
0443 icv[0] = crc;
0444 icv[1] = crc >> 8;
0445 icv[2] = crc >> 16;
0446 icv[3] = crc >> 24;
0447 if (memcmp(icv, pos + plen, 4) != 0) {
0448 if (iv32 != tkey->rx_iv32) {
0449
0450
0451 tkey->rx_phase1_done = 0;
0452 }
0453 #ifdef CONFIG_LIB80211_DEBUG
0454 net_dbg_ratelimited("TKIP: ICV error detected: STA=%pM\n",
0455 hdr->addr2);
0456 #endif
0457 tkey->dot11RSNAStatsTKIPICVErrors++;
0458 return -5;
0459 }
0460
0461
0462
0463 tkey->rx_iv32_new = iv32;
0464 tkey->rx_iv16_new = iv16;
0465
0466
0467 memmove(skb->data + TKIP_HDR_LEN, skb->data, hdr_len);
0468 skb_pull(skb, TKIP_HDR_LEN);
0469 skb_trim(skb, skb->len - 4);
0470
0471 return keyidx;
0472 }
0473
0474 static int michael_mic(struct crypto_shash *tfm_michael, u8 *key, u8 *hdr,
0475 u8 *data, size_t data_len, u8 *mic)
0476 {
0477 SHASH_DESC_ON_STACK(desc, tfm_michael);
0478 int err;
0479
0480 if (tfm_michael == NULL) {
0481 pr_warn("%s(): tfm_michael == NULL\n", __func__);
0482 return -1;
0483 }
0484
0485 desc->tfm = tfm_michael;
0486
0487 if (crypto_shash_setkey(tfm_michael, key, 8))
0488 return -1;
0489
0490 err = crypto_shash_init(desc);
0491 if (err)
0492 goto out;
0493 err = crypto_shash_update(desc, hdr, 16);
0494 if (err)
0495 goto out;
0496 err = crypto_shash_update(desc, data, data_len);
0497 if (err)
0498 goto out;
0499 err = crypto_shash_final(desc, mic);
0500
0501 out:
0502 shash_desc_zero(desc);
0503 return err;
0504 }
0505
0506 static void michael_mic_hdr(struct sk_buff *skb, u8 * hdr)
0507 {
0508 struct ieee80211_hdr *hdr11;
0509
0510 hdr11 = (struct ieee80211_hdr *)skb->data;
0511
0512 switch (le16_to_cpu(hdr11->frame_control) &
0513 (IEEE80211_FCTL_FROMDS | IEEE80211_FCTL_TODS)) {
0514 case IEEE80211_FCTL_TODS:
0515 memcpy(hdr, hdr11->addr3, ETH_ALEN);
0516 memcpy(hdr + ETH_ALEN, hdr11->addr2, ETH_ALEN);
0517 break;
0518 case IEEE80211_FCTL_FROMDS:
0519 memcpy(hdr, hdr11->addr1, ETH_ALEN);
0520 memcpy(hdr + ETH_ALEN, hdr11->addr3, ETH_ALEN);
0521 break;
0522 case IEEE80211_FCTL_FROMDS | IEEE80211_FCTL_TODS:
0523 memcpy(hdr, hdr11->addr3, ETH_ALEN);
0524 memcpy(hdr + ETH_ALEN, hdr11->addr4, ETH_ALEN);
0525 break;
0526 default:
0527 memcpy(hdr, hdr11->addr1, ETH_ALEN);
0528 memcpy(hdr + ETH_ALEN, hdr11->addr2, ETH_ALEN);
0529 break;
0530 }
0531
0532 if (ieee80211_is_data_qos(hdr11->frame_control)) {
0533 hdr[12] = le16_to_cpu(*((__le16 *)ieee80211_get_qos_ctl(hdr11)))
0534 & IEEE80211_QOS_CTL_TID_MASK;
0535 } else
0536 hdr[12] = 0;
0537
0538 hdr[13] = hdr[14] = hdr[15] = 0;
0539 }
0540
0541 static int lib80211_michael_mic_add(struct sk_buff *skb, int hdr_len,
0542 void *priv)
0543 {
0544 struct lib80211_tkip_data *tkey = priv;
0545 u8 *pos;
0546
0547 if (skb_tailroom(skb) < 8 || skb->len < hdr_len) {
0548 printk(KERN_DEBUG "Invalid packet for Michael MIC add "
0549 "(tailroom=%d hdr_len=%d skb->len=%d)\n",
0550 skb_tailroom(skb), hdr_len, skb->len);
0551 return -1;
0552 }
0553
0554 michael_mic_hdr(skb, tkey->tx_hdr);
0555 pos = skb_put(skb, 8);
0556 if (michael_mic(tkey->tx_tfm_michael, &tkey->key[16], tkey->tx_hdr,
0557 skb->data + hdr_len, skb->len - 8 - hdr_len, pos))
0558 return -1;
0559
0560 return 0;
0561 }
0562
0563 static void lib80211_michael_mic_failure(struct net_device *dev,
0564 struct ieee80211_hdr *hdr,
0565 int keyidx)
0566 {
0567 union iwreq_data wrqu;
0568 struct iw_michaelmicfailure ev;
0569
0570
0571 memset(&ev, 0, sizeof(ev));
0572 ev.flags = keyidx & IW_MICFAILURE_KEY_ID;
0573 if (hdr->addr1[0] & 0x01)
0574 ev.flags |= IW_MICFAILURE_GROUP;
0575 else
0576 ev.flags |= IW_MICFAILURE_PAIRWISE;
0577 ev.src_addr.sa_family = ARPHRD_ETHER;
0578 memcpy(ev.src_addr.sa_data, hdr->addr2, ETH_ALEN);
0579 memset(&wrqu, 0, sizeof(wrqu));
0580 wrqu.data.length = sizeof(ev);
0581 wireless_send_event(dev, IWEVMICHAELMICFAILURE, &wrqu, (char *)&ev);
0582 }
0583
0584 static int lib80211_michael_mic_verify(struct sk_buff *skb, int keyidx,
0585 int hdr_len, void *priv)
0586 {
0587 struct lib80211_tkip_data *tkey = priv;
0588 u8 mic[8];
0589
0590 if (!tkey->key_set)
0591 return -1;
0592
0593 michael_mic_hdr(skb, tkey->rx_hdr);
0594 if (michael_mic(tkey->rx_tfm_michael, &tkey->key[24], tkey->rx_hdr,
0595 skb->data + hdr_len, skb->len - 8 - hdr_len, mic))
0596 return -1;
0597 if (memcmp(mic, skb->data + skb->len - 8, 8) != 0) {
0598 struct ieee80211_hdr *hdr;
0599 hdr = (struct ieee80211_hdr *)skb->data;
0600 printk(KERN_DEBUG "%s: Michael MIC verification failed for "
0601 "MSDU from %pM keyidx=%d\n",
0602 skb->dev ? skb->dev->name : "N/A", hdr->addr2,
0603 keyidx);
0604 if (skb->dev)
0605 lib80211_michael_mic_failure(skb->dev, hdr, keyidx);
0606 tkey->dot11RSNAStatsTKIPLocalMICFailures++;
0607 return -1;
0608 }
0609
0610
0611
0612 tkey->rx_iv32 = tkey->rx_iv32_new;
0613 tkey->rx_iv16 = tkey->rx_iv16_new;
0614
0615 skb_trim(skb, skb->len - 8);
0616
0617 return 0;
0618 }
0619
0620 static int lib80211_tkip_set_key(void *key, int len, u8 * seq, void *priv)
0621 {
0622 struct lib80211_tkip_data *tkey = priv;
0623 int keyidx;
0624 struct crypto_shash *tfm = tkey->tx_tfm_michael;
0625 struct arc4_ctx *tfm2 = &tkey->tx_ctx_arc4;
0626 struct crypto_shash *tfm3 = tkey->rx_tfm_michael;
0627 struct arc4_ctx *tfm4 = &tkey->rx_ctx_arc4;
0628
0629 keyidx = tkey->key_idx;
0630 memset(tkey, 0, sizeof(*tkey));
0631 tkey->key_idx = keyidx;
0632 tkey->tx_tfm_michael = tfm;
0633 tkey->tx_ctx_arc4 = *tfm2;
0634 tkey->rx_tfm_michael = tfm3;
0635 tkey->rx_ctx_arc4 = *tfm4;
0636 if (len == TKIP_KEY_LEN) {
0637 memcpy(tkey->key, key, TKIP_KEY_LEN);
0638 tkey->key_set = 1;
0639 tkey->tx_iv16 = 1;
0640 if (seq) {
0641 tkey->rx_iv32 = (seq[5] << 24) | (seq[4] << 16) |
0642 (seq[3] << 8) | seq[2];
0643 tkey->rx_iv16 = (seq[1] << 8) | seq[0];
0644 }
0645 } else if (len == 0)
0646 tkey->key_set = 0;
0647 else
0648 return -1;
0649
0650 return 0;
0651 }
0652
0653 static int lib80211_tkip_get_key(void *key, int len, u8 * seq, void *priv)
0654 {
0655 struct lib80211_tkip_data *tkey = priv;
0656
0657 if (len < TKIP_KEY_LEN)
0658 return -1;
0659
0660 if (!tkey->key_set)
0661 return 0;
0662 memcpy(key, tkey->key, TKIP_KEY_LEN);
0663
0664 if (seq) {
0665
0666 u16 iv16 = tkey->tx_iv16;
0667 u32 iv32 = tkey->tx_iv32;
0668 if (iv16 == 0)
0669 iv32--;
0670 iv16--;
0671 seq[0] = tkey->tx_iv16;
0672 seq[1] = tkey->tx_iv16 >> 8;
0673 seq[2] = tkey->tx_iv32;
0674 seq[3] = tkey->tx_iv32 >> 8;
0675 seq[4] = tkey->tx_iv32 >> 16;
0676 seq[5] = tkey->tx_iv32 >> 24;
0677 }
0678
0679 return TKIP_KEY_LEN;
0680 }
0681
0682 static void lib80211_tkip_print_stats(struct seq_file *m, void *priv)
0683 {
0684 struct lib80211_tkip_data *tkip = priv;
0685 seq_printf(m,
0686 "key[%d] alg=TKIP key_set=%d "
0687 "tx_pn=%02x%02x%02x%02x%02x%02x "
0688 "rx_pn=%02x%02x%02x%02x%02x%02x "
0689 "replays=%d icv_errors=%d local_mic_failures=%d\n",
0690 tkip->key_idx, tkip->key_set,
0691 (tkip->tx_iv32 >> 24) & 0xff,
0692 (tkip->tx_iv32 >> 16) & 0xff,
0693 (tkip->tx_iv32 >> 8) & 0xff,
0694 tkip->tx_iv32 & 0xff,
0695 (tkip->tx_iv16 >> 8) & 0xff,
0696 tkip->tx_iv16 & 0xff,
0697 (tkip->rx_iv32 >> 24) & 0xff,
0698 (tkip->rx_iv32 >> 16) & 0xff,
0699 (tkip->rx_iv32 >> 8) & 0xff,
0700 tkip->rx_iv32 & 0xff,
0701 (tkip->rx_iv16 >> 8) & 0xff,
0702 tkip->rx_iv16 & 0xff,
0703 tkip->dot11RSNAStatsTKIPReplays,
0704 tkip->dot11RSNAStatsTKIPICVErrors,
0705 tkip->dot11RSNAStatsTKIPLocalMICFailures);
0706 }
0707
0708 static struct lib80211_crypto_ops lib80211_crypt_tkip = {
0709 .name = "TKIP",
0710 .init = lib80211_tkip_init,
0711 .deinit = lib80211_tkip_deinit,
0712 .encrypt_mpdu = lib80211_tkip_encrypt,
0713 .decrypt_mpdu = lib80211_tkip_decrypt,
0714 .encrypt_msdu = lib80211_michael_mic_add,
0715 .decrypt_msdu = lib80211_michael_mic_verify,
0716 .set_key = lib80211_tkip_set_key,
0717 .get_key = lib80211_tkip_get_key,
0718 .print_stats = lib80211_tkip_print_stats,
0719 .extra_mpdu_prefix_len = 4 + 4,
0720 .extra_mpdu_postfix_len = 4,
0721 .extra_msdu_postfix_len = 8,
0722 .get_flags = lib80211_tkip_get_flags,
0723 .set_flags = lib80211_tkip_set_flags,
0724 .owner = THIS_MODULE,
0725 };
0726
0727 static int __init lib80211_crypto_tkip_init(void)
0728 {
0729 return lib80211_register_crypto_ops(&lib80211_crypt_tkip);
0730 }
0731
0732 static void __exit lib80211_crypto_tkip_exit(void)
0733 {
0734 lib80211_unregister_crypto_ops(&lib80211_crypt_tkip);
0735 }
0736
0737 module_init(lib80211_crypto_tkip_init);
0738 module_exit(lib80211_crypto_tkip_exit);
