2 * lib80211 crypt: host-based TKIP encryption implementation for lib80211
4 * Copyright (c) 2003-2004, Jouni Malinen <j@w1.fi>
5 * Copyright (c) 2008, John W. Linville <linville@tuxdriver.com>
7 * This program is free software; you can redistribute it and/or modify
8 * it under the terms of the GNU General Public License version 2 as
9 * published by the Free Software Foundation. See README and COPYING for
13 #define pr_fmt(fmt) KBUILD_MODNAME ": " fmt
15 #include <linux/err.h>
16 #include <linux/module.h>
17 #include <linux/init.h>
18 #include <linux/slab.h>
19 #include <linux/random.h>
20 #include <linux/scatterlist.h>
21 #include <linux/skbuff.h>
22 #include <linux/netdevice.h>
24 #include <linux/if_ether.h>
25 #include <linux/if_arp.h>
26 #include <asm/string.h>
28 #include <linux/wireless.h>
29 #include <linux/ieee80211.h>
30 #include <net/iw_handler.h>
32 #include <linux/crypto.h>
33 #include <linux/crc32.h>
35 #include <net/lib80211.h>
37 MODULE_AUTHOR("Jouni Malinen");
38 MODULE_DESCRIPTION("lib80211 crypt: TKIP");
39 MODULE_LICENSE("GPL");
41 #define TKIP_HDR_LEN 8
43 struct lib80211_tkip_data {
44 #define TKIP_KEY_LEN 32
60 u32 dot11RSNAStatsTKIPReplays;
61 u32 dot11RSNAStatsTKIPICVErrors;
62 u32 dot11RSNAStatsTKIPLocalMICFailures;
66 struct crypto_blkcipher *rx_tfm_arc4;
67 struct crypto_hash *rx_tfm_michael;
68 struct crypto_blkcipher *tx_tfm_arc4;
69 struct crypto_hash *tx_tfm_michael;
71 /* scratch buffers for virt_to_page() (crypto API) */
72 u8 rx_hdr[16], tx_hdr[16];
77 static unsigned long lib80211_tkip_set_flags(unsigned long flags, void *priv)
79 struct lib80211_tkip_data *_priv = priv;
80 unsigned long old_flags = _priv->flags;
85 static unsigned long lib80211_tkip_get_flags(void *priv)
87 struct lib80211_tkip_data *_priv = priv;
91 static void *lib80211_tkip_init(int key_idx)
93 struct lib80211_tkip_data *priv;
95 priv = kzalloc(sizeof(*priv), GFP_ATOMIC);
99 priv->key_idx = key_idx;
101 priv->tx_tfm_arc4 = crypto_alloc_blkcipher("ecb(arc4)", 0,
103 if (IS_ERR(priv->tx_tfm_arc4)) {
104 priv->tx_tfm_arc4 = NULL;
108 priv->tx_tfm_michael = crypto_alloc_hash("michael_mic", 0,
110 if (IS_ERR(priv->tx_tfm_michael)) {
111 priv->tx_tfm_michael = NULL;
115 priv->rx_tfm_arc4 = crypto_alloc_blkcipher("ecb(arc4)", 0,
117 if (IS_ERR(priv->rx_tfm_arc4)) {
118 priv->rx_tfm_arc4 = NULL;
122 priv->rx_tfm_michael = crypto_alloc_hash("michael_mic", 0,
124 if (IS_ERR(priv->rx_tfm_michael)) {
125 priv->rx_tfm_michael = NULL;
133 if (priv->tx_tfm_michael)
134 crypto_free_hash(priv->tx_tfm_michael);
135 if (priv->tx_tfm_arc4)
136 crypto_free_blkcipher(priv->tx_tfm_arc4);
137 if (priv->rx_tfm_michael)
138 crypto_free_hash(priv->rx_tfm_michael);
139 if (priv->rx_tfm_arc4)
140 crypto_free_blkcipher(priv->rx_tfm_arc4);
147 static void lib80211_tkip_deinit(void *priv)
149 struct lib80211_tkip_data *_priv = priv;
151 if (_priv->tx_tfm_michael)
152 crypto_free_hash(_priv->tx_tfm_michael);
153 if (_priv->tx_tfm_arc4)
154 crypto_free_blkcipher(_priv->tx_tfm_arc4);
155 if (_priv->rx_tfm_michael)
156 crypto_free_hash(_priv->rx_tfm_michael);
157 if (_priv->rx_tfm_arc4)
158 crypto_free_blkcipher(_priv->rx_tfm_arc4);
163 static inline u16 RotR1(u16 val)
165 return (val >> 1) | (val << 15);
168 static inline u8 Lo8(u16 val)
173 static inline u8 Hi8(u16 val)
178 static inline u16 Lo16(u32 val)
183 static inline u16 Hi16(u32 val)
188 static inline u16 Mk16(u8 hi, u8 lo)
190 return lo | (((u16) hi) << 8);
193 static inline u16 Mk16_le(__le16 * v)
195 return le16_to_cpu(*v);
198 static const u16 Sbox[256] = {
199 0xC6A5, 0xF884, 0xEE99, 0xF68D, 0xFF0D, 0xD6BD, 0xDEB1, 0x9154,
200 0x6050, 0x0203, 0xCEA9, 0x567D, 0xE719, 0xB562, 0x4DE6, 0xEC9A,
201 0x8F45, 0x1F9D, 0x8940, 0xFA87, 0xEF15, 0xB2EB, 0x8EC9, 0xFB0B,
202 0x41EC, 0xB367, 0x5FFD, 0x45EA, 0x23BF, 0x53F7, 0xE496, 0x9B5B,
203 0x75C2, 0xE11C, 0x3DAE, 0x4C6A, 0x6C5A, 0x7E41, 0xF502, 0x834F,
204 0x685C, 0x51F4, 0xD134, 0xF908, 0xE293, 0xAB73, 0x6253, 0x2A3F,
205 0x080C, 0x9552, 0x4665, 0x9D5E, 0x3028, 0x37A1, 0x0A0F, 0x2FB5,
206 0x0E09, 0x2436, 0x1B9B, 0xDF3D, 0xCD26, 0x4E69, 0x7FCD, 0xEA9F,
207 0x121B, 0x1D9E, 0x5874, 0x342E, 0x362D, 0xDCB2, 0xB4EE, 0x5BFB,
208 0xA4F6, 0x764D, 0xB761, 0x7DCE, 0x527B, 0xDD3E, 0x5E71, 0x1397,
209 0xA6F5, 0xB968, 0x0000, 0xC12C, 0x4060, 0xE31F, 0x79C8, 0xB6ED,
210 0xD4BE, 0x8D46, 0x67D9, 0x724B, 0x94DE, 0x98D4, 0xB0E8, 0x854A,
211 0xBB6B, 0xC52A, 0x4FE5, 0xED16, 0x86C5, 0x9AD7, 0x6655, 0x1194,
212 0x8ACF, 0xE910, 0x0406, 0xFE81, 0xA0F0, 0x7844, 0x25BA, 0x4BE3,
213 0xA2F3, 0x5DFE, 0x80C0, 0x058A, 0x3FAD, 0x21BC, 0x7048, 0xF104,
214 0x63DF, 0x77C1, 0xAF75, 0x4263, 0x2030, 0xE51A, 0xFD0E, 0xBF6D,
215 0x814C, 0x1814, 0x2635, 0xC32F, 0xBEE1, 0x35A2, 0x88CC, 0x2E39,
216 0x9357, 0x55F2, 0xFC82, 0x7A47, 0xC8AC, 0xBAE7, 0x322B, 0xE695,
217 0xC0A0, 0x1998, 0x9ED1, 0xA37F, 0x4466, 0x547E, 0x3BAB, 0x0B83,
218 0x8CCA, 0xC729, 0x6BD3, 0x283C, 0xA779, 0xBCE2, 0x161D, 0xAD76,
219 0xDB3B, 0x6456, 0x744E, 0x141E, 0x92DB, 0x0C0A, 0x486C, 0xB8E4,
220 0x9F5D, 0xBD6E, 0x43EF, 0xC4A6, 0x39A8, 0x31A4, 0xD337, 0xF28B,
221 0xD532, 0x8B43, 0x6E59, 0xDAB7, 0x018C, 0xB164, 0x9CD2, 0x49E0,
222 0xD8B4, 0xACFA, 0xF307, 0xCF25, 0xCAAF, 0xF48E, 0x47E9, 0x1018,
223 0x6FD5, 0xF088, 0x4A6F, 0x5C72, 0x3824, 0x57F1, 0x73C7, 0x9751,
224 0xCB23, 0xA17C, 0xE89C, 0x3E21, 0x96DD, 0x61DC, 0x0D86, 0x0F85,
225 0xE090, 0x7C42, 0x71C4, 0xCCAA, 0x90D8, 0x0605, 0xF701, 0x1C12,
226 0xC2A3, 0x6A5F, 0xAEF9, 0x69D0, 0x1791, 0x9958, 0x3A27, 0x27B9,
227 0xD938, 0xEB13, 0x2BB3, 0x2233, 0xD2BB, 0xA970, 0x0789, 0x33A7,
228 0x2DB6, 0x3C22, 0x1592, 0xC920, 0x8749, 0xAAFF, 0x5078, 0xA57A,
229 0x038F, 0x59F8, 0x0980, 0x1A17, 0x65DA, 0xD731, 0x84C6, 0xD0B8,
230 0x82C3, 0x29B0, 0x5A77, 0x1E11, 0x7BCB, 0xA8FC, 0x6DD6, 0x2C3A,
233 static inline u16 _S_(u16 v)
235 u16 t = Sbox[Hi8(v)];
236 return Sbox[Lo8(v)] ^ ((t << 8) | (t >> 8));
239 #define PHASE1_LOOP_COUNT 8
241 static void tkip_mixing_phase1(u16 * TTAK, const u8 * TK, const u8 * TA,
246 /* Initialize the 80-bit TTAK from TSC (IV32) and TA[0..5] */
247 TTAK[0] = Lo16(IV32);
248 TTAK[1] = Hi16(IV32);
249 TTAK[2] = Mk16(TA[1], TA[0]);
250 TTAK[3] = Mk16(TA[3], TA[2]);
251 TTAK[4] = Mk16(TA[5], TA[4]);
253 for (i = 0; i < PHASE1_LOOP_COUNT; i++) {
255 TTAK[0] += _S_(TTAK[4] ^ Mk16(TK[1 + j], TK[0 + j]));
256 TTAK[1] += _S_(TTAK[0] ^ Mk16(TK[5 + j], TK[4 + j]));
257 TTAK[2] += _S_(TTAK[1] ^ Mk16(TK[9 + j], TK[8 + j]));
258 TTAK[3] += _S_(TTAK[2] ^ Mk16(TK[13 + j], TK[12 + j]));
259 TTAK[4] += _S_(TTAK[3] ^ Mk16(TK[1 + j], TK[0 + j])) + i;
263 static void tkip_mixing_phase2(u8 * WEPSeed, const u8 * TK, const u16 * TTAK,
266 /* Make temporary area overlap WEP seed so that the final copy can be
267 * avoided on little endian hosts. */
268 u16 *PPK = (u16 *) & WEPSeed[4];
270 /* Step 1 - make copy of TTAK and bring in TSC */
276 PPK[5] = TTAK[4] + IV16;
278 /* Step 2 - 96-bit bijective mixing using S-box */
279 PPK[0] += _S_(PPK[5] ^ Mk16_le((__le16 *) & TK[0]));
280 PPK[1] += _S_(PPK[0] ^ Mk16_le((__le16 *) & TK[2]));
281 PPK[2] += _S_(PPK[1] ^ Mk16_le((__le16 *) & TK[4]));
282 PPK[3] += _S_(PPK[2] ^ Mk16_le((__le16 *) & TK[6]));
283 PPK[4] += _S_(PPK[3] ^ Mk16_le((__le16 *) & TK[8]));
284 PPK[5] += _S_(PPK[4] ^ Mk16_le((__le16 *) & TK[10]));
286 PPK[0] += RotR1(PPK[5] ^ Mk16_le((__le16 *) & TK[12]));
287 PPK[1] += RotR1(PPK[0] ^ Mk16_le((__le16 *) & TK[14]));
288 PPK[2] += RotR1(PPK[1]);
289 PPK[3] += RotR1(PPK[2]);
290 PPK[4] += RotR1(PPK[3]);
291 PPK[5] += RotR1(PPK[4]);
293 /* Step 3 - bring in last of TK bits, assign 24-bit WEP IV value
294 * WEPSeed[0..2] is transmitted as WEP IV */
295 WEPSeed[0] = Hi8(IV16);
296 WEPSeed[1] = (Hi8(IV16) | 0x20) & 0x7F;
297 WEPSeed[2] = Lo8(IV16);
298 WEPSeed[3] = Lo8((PPK[5] ^ Mk16_le((__le16 *) & TK[0])) >> 1);
303 for (i = 0; i < 6; i++)
304 PPK[i] = (PPK[i] << 8) | (PPK[i] >> 8);
309 static int lib80211_tkip_hdr(struct sk_buff *skb, int hdr_len,
310 u8 * rc4key, int keylen, void *priv)
312 struct lib80211_tkip_data *tkey = priv;
314 struct ieee80211_hdr *hdr;
316 hdr = (struct ieee80211_hdr *)skb->data;
318 if (skb_headroom(skb) < TKIP_HDR_LEN || skb->len < hdr_len)
321 if (rc4key == NULL || keylen < 16)
324 if (!tkey->tx_phase1_done) {
325 tkip_mixing_phase1(tkey->tx_ttak, tkey->key, hdr->addr2,
327 tkey->tx_phase1_done = 1;
329 tkip_mixing_phase2(rc4key, tkey->key, tkey->tx_ttak, tkey->tx_iv16);
331 pos = skb_push(skb, TKIP_HDR_LEN);
332 memmove(pos, pos + TKIP_HDR_LEN, hdr_len);
336 *pos++ = *(rc4key + 1);
337 *pos++ = *(rc4key + 2);
338 *pos++ = (tkey->key_idx << 6) | (1 << 5) /* Ext IV included */ ;
339 *pos++ = tkey->tx_iv32 & 0xff;
340 *pos++ = (tkey->tx_iv32 >> 8) & 0xff;
341 *pos++ = (tkey->tx_iv32 >> 16) & 0xff;
342 *pos++ = (tkey->tx_iv32 >> 24) & 0xff;
345 if (tkey->tx_iv16 == 0) {
346 tkey->tx_phase1_done = 0;
353 static int lib80211_tkip_encrypt(struct sk_buff *skb, int hdr_len, void *priv)
355 struct lib80211_tkip_data *tkey = priv;
356 struct blkcipher_desc desc = { .tfm = tkey->tx_tfm_arc4 };
358 u8 rc4key[16], *pos, *icv;
360 struct scatterlist sg;
362 if (tkey->flags & IEEE80211_CRYPTO_TKIP_COUNTERMEASURES) {
363 struct ieee80211_hdr *hdr = (struct ieee80211_hdr *)skb->data;
364 net_dbg_ratelimited("TKIP countermeasures: dropped TX packet to %pM\n",
369 if (skb_tailroom(skb) < 4 || skb->len < hdr_len)
372 len = skb->len - hdr_len;
373 pos = skb->data + hdr_len;
375 if ((lib80211_tkip_hdr(skb, hdr_len, rc4key, 16, priv)) < 0)
378 crc = ~crc32_le(~0, pos, len);
379 icv = skb_put(skb, 4);
385 crypto_blkcipher_setkey(tkey->tx_tfm_arc4, rc4key, 16);
386 sg_init_one(&sg, pos, len + 4);
387 return crypto_blkcipher_encrypt(&desc, &sg, &sg, len + 4);
391 * deal with seq counter wrapping correctly.
392 * refer to timer_after() for jiffies wrapping handling
394 static inline int tkip_replay_check(u32 iv32_n, u16 iv16_n,
395 u32 iv32_o, u16 iv16_o)
397 if ((s32)iv32_n - (s32)iv32_o < 0 ||
398 (iv32_n == iv32_o && iv16_n <= iv16_o))
403 static int lib80211_tkip_decrypt(struct sk_buff *skb, int hdr_len, void *priv)
405 struct lib80211_tkip_data *tkey = priv;
406 struct blkcipher_desc desc = { .tfm = tkey->rx_tfm_arc4 };
411 struct ieee80211_hdr *hdr;
414 struct scatterlist sg;
417 hdr = (struct ieee80211_hdr *)skb->data;
419 if (tkey->flags & IEEE80211_CRYPTO_TKIP_COUNTERMEASURES) {
420 net_dbg_ratelimited("TKIP countermeasures: dropped received packet from %pM\n",
425 if (skb->len < hdr_len + TKIP_HDR_LEN + 4)
428 pos = skb->data + hdr_len;
430 if (!(keyidx & (1 << 5))) {
431 net_dbg_ratelimited("TKIP: received packet without ExtIV flag from %pM\n",
436 if (tkey->key_idx != keyidx) {
437 printk(KERN_DEBUG "TKIP: RX tkey->key_idx=%d frame "
438 "keyidx=%d priv=%p\n", tkey->key_idx, keyidx, priv);
441 if (!tkey->key_set) {
442 net_dbg_ratelimited("TKIP: received packet from %pM with keyid=%d that does not have a configured key\n",
446 iv16 = (pos[0] << 8) | pos[2];
447 iv32 = pos[4] | (pos[5] << 8) | (pos[6] << 16) | (pos[7] << 24);
450 if (tkip_replay_check(iv32, iv16, tkey->rx_iv32, tkey->rx_iv16)) {
451 #ifdef CONFIG_LIB80211_DEBUG
452 net_dbg_ratelimited("TKIP: replay detected: STA=%pM previous TSC %08x%04x received TSC %08x%04x\n",
453 hdr->addr2, tkey->rx_iv32, tkey->rx_iv16,
456 tkey->dot11RSNAStatsTKIPReplays++;
460 if (iv32 != tkey->rx_iv32 || !tkey->rx_phase1_done) {
461 tkip_mixing_phase1(tkey->rx_ttak, tkey->key, hdr->addr2, iv32);
462 tkey->rx_phase1_done = 1;
464 tkip_mixing_phase2(rc4key, tkey->key, tkey->rx_ttak, iv16);
466 plen = skb->len - hdr_len - 12;
468 crypto_blkcipher_setkey(tkey->rx_tfm_arc4, rc4key, 16);
469 sg_init_one(&sg, pos, plen + 4);
470 if (crypto_blkcipher_decrypt(&desc, &sg, &sg, plen + 4)) {
471 net_dbg_ratelimited("TKIP: failed to decrypt received packet from %pM\n",
476 crc = ~crc32_le(~0, pos, plen);
481 if (memcmp(icv, pos + plen, 4) != 0) {
482 if (iv32 != tkey->rx_iv32) {
483 /* Previously cached Phase1 result was already lost, so
484 * it needs to be recalculated for the next packet. */
485 tkey->rx_phase1_done = 0;
487 #ifdef CONFIG_LIB80211_DEBUG
488 net_dbg_ratelimited("TKIP: ICV error detected: STA=%pM\n",
491 tkey->dot11RSNAStatsTKIPICVErrors++;
495 /* Update real counters only after Michael MIC verification has
497 tkey->rx_iv32_new = iv32;
498 tkey->rx_iv16_new = iv16;
500 /* Remove IV and ICV */
501 memmove(skb->data + TKIP_HDR_LEN, skb->data, hdr_len);
502 skb_pull(skb, TKIP_HDR_LEN);
503 skb_trim(skb, skb->len - 4);
508 static int michael_mic(struct crypto_hash *tfm_michael, u8 * key, u8 * hdr,
509 u8 * data, size_t data_len, u8 * mic)
511 struct hash_desc desc;
512 struct scatterlist sg[2];
514 if (tfm_michael == NULL) {
515 pr_warn("%s(): tfm_michael == NULL\n", __func__);
518 sg_init_table(sg, 2);
519 sg_set_buf(&sg[0], hdr, 16);
520 sg_set_buf(&sg[1], data, data_len);
522 if (crypto_hash_setkey(tfm_michael, key, 8))
525 desc.tfm = tfm_michael;
527 return crypto_hash_digest(&desc, sg, data_len + 16, mic);
530 static void michael_mic_hdr(struct sk_buff *skb, u8 * hdr)
532 struct ieee80211_hdr *hdr11;
534 hdr11 = (struct ieee80211_hdr *)skb->data;
536 switch (le16_to_cpu(hdr11->frame_control) &
537 (IEEE80211_FCTL_FROMDS | IEEE80211_FCTL_TODS)) {
538 case IEEE80211_FCTL_TODS:
539 memcpy(hdr, hdr11->addr3, ETH_ALEN); /* DA */
540 memcpy(hdr + ETH_ALEN, hdr11->addr2, ETH_ALEN); /* SA */
542 case IEEE80211_FCTL_FROMDS:
543 memcpy(hdr, hdr11->addr1, ETH_ALEN); /* DA */
544 memcpy(hdr + ETH_ALEN, hdr11->addr3, ETH_ALEN); /* SA */
546 case IEEE80211_FCTL_FROMDS | IEEE80211_FCTL_TODS:
547 memcpy(hdr, hdr11->addr3, ETH_ALEN); /* DA */
548 memcpy(hdr + ETH_ALEN, hdr11->addr4, ETH_ALEN); /* SA */
551 memcpy(hdr, hdr11->addr1, ETH_ALEN); /* DA */
552 memcpy(hdr + ETH_ALEN, hdr11->addr2, ETH_ALEN); /* SA */
556 if (ieee80211_is_data_qos(hdr11->frame_control)) {
557 hdr[12] = le16_to_cpu(*((__le16 *)ieee80211_get_qos_ctl(hdr11)))
558 & IEEE80211_QOS_CTL_TID_MASK;
560 hdr[12] = 0; /* priority */
562 hdr[13] = hdr[14] = hdr[15] = 0; /* reserved */
565 static int lib80211_michael_mic_add(struct sk_buff *skb, int hdr_len,
568 struct lib80211_tkip_data *tkey = priv;
571 if (skb_tailroom(skb) < 8 || skb->len < hdr_len) {
572 printk(KERN_DEBUG "Invalid packet for Michael MIC add "
573 "(tailroom=%d hdr_len=%d skb->len=%d)\n",
574 skb_tailroom(skb), hdr_len, skb->len);
578 michael_mic_hdr(skb, tkey->tx_hdr);
579 pos = skb_put(skb, 8);
580 if (michael_mic(tkey->tx_tfm_michael, &tkey->key[16], tkey->tx_hdr,
581 skb->data + hdr_len, skb->len - 8 - hdr_len, pos))
587 static void lib80211_michael_mic_failure(struct net_device *dev,
588 struct ieee80211_hdr *hdr,
591 union iwreq_data wrqu;
592 struct iw_michaelmicfailure ev;
594 /* TODO: needed parameters: count, keyid, key type, TSC */
595 memset(&ev, 0, sizeof(ev));
596 ev.flags = keyidx & IW_MICFAILURE_KEY_ID;
597 if (hdr->addr1[0] & 0x01)
598 ev.flags |= IW_MICFAILURE_GROUP;
600 ev.flags |= IW_MICFAILURE_PAIRWISE;
601 ev.src_addr.sa_family = ARPHRD_ETHER;
602 memcpy(ev.src_addr.sa_data, hdr->addr2, ETH_ALEN);
603 memset(&wrqu, 0, sizeof(wrqu));
604 wrqu.data.length = sizeof(ev);
605 wireless_send_event(dev, IWEVMICHAELMICFAILURE, &wrqu, (char *)&ev);
608 static int lib80211_michael_mic_verify(struct sk_buff *skb, int keyidx,
609 int hdr_len, void *priv)
611 struct lib80211_tkip_data *tkey = priv;
617 michael_mic_hdr(skb, tkey->rx_hdr);
618 if (michael_mic(tkey->rx_tfm_michael, &tkey->key[24], tkey->rx_hdr,
619 skb->data + hdr_len, skb->len - 8 - hdr_len, mic))
621 if (memcmp(mic, skb->data + skb->len - 8, 8) != 0) {
622 struct ieee80211_hdr *hdr;
623 hdr = (struct ieee80211_hdr *)skb->data;
624 printk(KERN_DEBUG "%s: Michael MIC verification failed for "
625 "MSDU from %pM keyidx=%d\n",
626 skb->dev ? skb->dev->name : "N/A", hdr->addr2,
629 lib80211_michael_mic_failure(skb->dev, hdr, keyidx);
630 tkey->dot11RSNAStatsTKIPLocalMICFailures++;
634 /* Update TSC counters for RX now that the packet verification has
636 tkey->rx_iv32 = tkey->rx_iv32_new;
637 tkey->rx_iv16 = tkey->rx_iv16_new;
639 skb_trim(skb, skb->len - 8);
644 static int lib80211_tkip_set_key(void *key, int len, u8 * seq, void *priv)
646 struct lib80211_tkip_data *tkey = priv;
648 struct crypto_hash *tfm = tkey->tx_tfm_michael;
649 struct crypto_blkcipher *tfm2 = tkey->tx_tfm_arc4;
650 struct crypto_hash *tfm3 = tkey->rx_tfm_michael;
651 struct crypto_blkcipher *tfm4 = tkey->rx_tfm_arc4;
653 keyidx = tkey->key_idx;
654 memset(tkey, 0, sizeof(*tkey));
655 tkey->key_idx = keyidx;
656 tkey->tx_tfm_michael = tfm;
657 tkey->tx_tfm_arc4 = tfm2;
658 tkey->rx_tfm_michael = tfm3;
659 tkey->rx_tfm_arc4 = tfm4;
660 if (len == TKIP_KEY_LEN) {
661 memcpy(tkey->key, key, TKIP_KEY_LEN);
663 tkey->tx_iv16 = 1; /* TSC is initialized to 1 */
665 tkey->rx_iv32 = (seq[5] << 24) | (seq[4] << 16) |
666 (seq[3] << 8) | seq[2];
667 tkey->rx_iv16 = (seq[1] << 8) | seq[0];
677 static int lib80211_tkip_get_key(void *key, int len, u8 * seq, void *priv)
679 struct lib80211_tkip_data *tkey = priv;
681 if (len < TKIP_KEY_LEN)
686 memcpy(key, tkey->key, TKIP_KEY_LEN);
689 /* Return the sequence number of the last transmitted frame. */
690 u16 iv16 = tkey->tx_iv16;
691 u32 iv32 = tkey->tx_iv32;
695 seq[0] = tkey->tx_iv16;
696 seq[1] = tkey->tx_iv16 >> 8;
697 seq[2] = tkey->tx_iv32;
698 seq[3] = tkey->tx_iv32 >> 8;
699 seq[4] = tkey->tx_iv32 >> 16;
700 seq[5] = tkey->tx_iv32 >> 24;
706 static void lib80211_tkip_print_stats(struct seq_file *m, void *priv)
708 struct lib80211_tkip_data *tkip = priv;
710 "key[%d] alg=TKIP key_set=%d "
711 "tx_pn=%02x%02x%02x%02x%02x%02x "
712 "rx_pn=%02x%02x%02x%02x%02x%02x "
713 "replays=%d icv_errors=%d local_mic_failures=%d\n",
714 tkip->key_idx, tkip->key_set,
715 (tkip->tx_iv32 >> 24) & 0xff,
716 (tkip->tx_iv32 >> 16) & 0xff,
717 (tkip->tx_iv32 >> 8) & 0xff,
718 tkip->tx_iv32 & 0xff,
719 (tkip->tx_iv16 >> 8) & 0xff,
720 tkip->tx_iv16 & 0xff,
721 (tkip->rx_iv32 >> 24) & 0xff,
722 (tkip->rx_iv32 >> 16) & 0xff,
723 (tkip->rx_iv32 >> 8) & 0xff,
724 tkip->rx_iv32 & 0xff,
725 (tkip->rx_iv16 >> 8) & 0xff,
726 tkip->rx_iv16 & 0xff,
727 tkip->dot11RSNAStatsTKIPReplays,
728 tkip->dot11RSNAStatsTKIPICVErrors,
729 tkip->dot11RSNAStatsTKIPLocalMICFailures);
732 static struct lib80211_crypto_ops lib80211_crypt_tkip = {
734 .init = lib80211_tkip_init,
735 .deinit = lib80211_tkip_deinit,
736 .encrypt_mpdu = lib80211_tkip_encrypt,
737 .decrypt_mpdu = lib80211_tkip_decrypt,
738 .encrypt_msdu = lib80211_michael_mic_add,
739 .decrypt_msdu = lib80211_michael_mic_verify,
740 .set_key = lib80211_tkip_set_key,
741 .get_key = lib80211_tkip_get_key,
742 .print_stats = lib80211_tkip_print_stats,
743 .extra_mpdu_prefix_len = 4 + 4, /* IV + ExtIV */
744 .extra_mpdu_postfix_len = 4, /* ICV */
745 .extra_msdu_postfix_len = 8, /* MIC */
746 .get_flags = lib80211_tkip_get_flags,
747 .set_flags = lib80211_tkip_set_flags,
748 .owner = THIS_MODULE,
751 static int __init lib80211_crypto_tkip_init(void)
753 return lib80211_register_crypto_ops(&lib80211_crypt_tkip);
756 static void __exit lib80211_crypto_tkip_exit(void)
758 lib80211_unregister_crypto_ops(&lib80211_crypt_tkip);
761 module_init(lib80211_crypto_tkip_init);
762 module_exit(lib80211_crypto_tkip_exit);
Code Review / kvmfornfv.git / blob