projects / GitHub / mt8127 / android_kernel_alcatel_ttab.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
Merge tag 'v3.10.64' into update
[GitHub/mt8127/android_kernel_alcatel_ttab.git] / net / wireless / lib80211_crypt_tkip.c
CommitLineData
b453872c 1/*
274bfb8d 2 * lib80211 crypt: host-based TKIP encryption implementation for lib80211
b453872c 3 *
85d32e7b 4 * Copyright (c) 2003-2004, Jouni Malinen <j@w1.fi>
274bfb8d 5 * Copyright (c) 2008, John W. Linville <linville@tuxdriver.com>
b453872c
JG		 6 *
7 * This program is free software; you can redistribute it and/or modify
8 * it under the terms of the GNU General Public License version 2 as
9 * published by the Free Software Foundation. See README and COPYING for
10 * more details.
11 */
12
e9c0268f
JP		 13#define pr_fmt(fmt) KBUILD_MODNAME ": " fmt
14
f12cc209 15#include <linux/err.h>
b453872c
JG		 16#include <linux/module.h>
17#include <linux/init.h>
18#include <linux/slab.h>
19#include <linux/random.h>
11763609 20#include <linux/scatterlist.h>
b453872c
JG		 21#include <linux/skbuff.h>
22#include <linux/netdevice.h>
d7fe0f24 23#include <linux/mm.h>
b453872c
JG		 24#include <linux/if_ether.h>
25#include <linux/if_arp.h>
26#include <asm/string.h>
27
274bfb8d
JL		 28#include <linux/wireless.h>
29#include <linux/ieee80211.h>
30#include <net/iw_handler.h>
b453872c 31
b453872c 32#include <linux/crypto.h>
b453872c
JG		 33#include <linux/crc32.h>
34
274bfb8d
JL		 35#include <net/lib80211.h>
36
b453872c 37MODULE_AUTHOR("Jouni Malinen");
274bfb8d 38MODULE_DESCRIPTION("lib80211 crypt: TKIP");
b453872c
JG		 39MODULE_LICENSE("GPL");
40
299af9d3
AT		 41#define TKIP_HDR_LEN 8
42
274bfb8d 43struct lib80211_tkip_data {
b453872c
JG		 44#define TKIP_KEY_LEN 32
45 u8 key[TKIP_KEY_LEN];
46 int key_set;
47
48 u32 tx_iv32;
49 u16 tx_iv16;
50 u16 tx_ttak[5];
51 int tx_phase1_done;
52
53 u32 rx_iv32;
54 u16 rx_iv16;
55 u16 rx_ttak[5];
56 int rx_phase1_done;
57 u32 rx_iv32_new;
58 u16 rx_iv16_new;
59
60 u32 dot11RSNAStatsTKIPReplays;
61 u32 dot11RSNAStatsTKIPICVErrors;
62 u32 dot11RSNAStatsTKIPLocalMICFailures;
63
64 int key_idx;
65
28eb177d
JG		 66 struct crypto_blkcipher *rx_tfm_arc4;
67 struct crypto_hash *rx_tfm_michael;
68 struct crypto_blkcipher *tx_tfm_arc4;
69 struct crypto_hash *tx_tfm_michael;
b453872c
JG		 70
71 /* scratch buffers for virt_to_page() (crypto API) */
72 u8 rx_hdr[16], tx_hdr[16];
20d64713 73
6eb6edf0 74 unsigned long flags;
b453872c
JG		 75};
76
274bfb8d 77static unsigned long lib80211_tkip_set_flags(unsigned long flags, void *priv)
6eb6edf0 78{
274bfb8d 79 struct lib80211_tkip_data *_priv = priv;
6eb6edf0
JK		 80 unsigned long old_flags = _priv->flags;
81 _priv->flags = flags;
82 return old_flags;
83}
84
274bfb8d 85static unsigned long lib80211_tkip_get_flags(void *priv)
6eb6edf0 86{
274bfb8d 87 struct lib80211_tkip_data *_priv = priv;
6eb6edf0
JK		 88 return _priv->flags;
89}
90
274bfb8d 91static void *lib80211_tkip_init(int key_idx)
b453872c 92{
274bfb8d 93 struct lib80211_tkip_data *priv;
b453872c 94
8aa914b7 95 priv = kzalloc(sizeof(*priv), GFP_ATOMIC);
b453872c
JG		 96 if (priv == NULL)
97 goto fail;
20d64713 98
b453872c
JG		 99 priv->key_idx = key_idx;
100
28eb177d 101 priv->tx_tfm_arc4 = crypto_alloc_blkcipher("ecb(arc4)", 0,
f12cc209 102 CRYPTO_ALG_ASYNC);
28eb177d 103 if (IS_ERR(priv->tx_tfm_arc4)) {
18379879 104 priv->tx_tfm_arc4 = NULL;
b453872c
JG		 105 goto fail;
106 }
107
28eb177d
JG		 108 priv->tx_tfm_michael = crypto_alloc_hash("michael_mic", 0,
109 CRYPTO_ALG_ASYNC);
110 if (IS_ERR(priv->tx_tfm_michael)) {
18379879 111 priv->tx_tfm_michael = NULL;
5a656949
ZY		 112 goto fail;
113 }
114
28eb177d
JG		 115 priv->rx_tfm_arc4 = crypto_alloc_blkcipher("ecb(arc4)", 0,
116 CRYPTO_ALG_ASYNC);
117 if (IS_ERR(priv->rx_tfm_arc4)) {
18379879 118 priv->rx_tfm_arc4 = NULL;
5a656949
ZY		 119 goto fail;
120 }
121
28eb177d
JG		 122 priv->rx_tfm_michael = crypto_alloc_hash("michael_mic", 0,
123 CRYPTO_ALG_ASYNC);
124 if (IS_ERR(priv->rx_tfm_michael)) {
18379879 125 priv->rx_tfm_michael = NULL;
b453872c
JG		 126 goto fail;
127 }
128
129 return priv;
130
0edd5b44 131 fail:
b453872c 132 if (priv) {
5a656949 133 if (priv->tx_tfm_michael)
28eb177d 134 crypto_free_hash(priv->tx_tfm_michael);
5a656949 135 if (priv->tx_tfm_arc4)
28eb177d 136 crypto_free_blkcipher(priv->tx_tfm_arc4);
5a656949 137 if (priv->rx_tfm_michael)
28eb177d 138 crypto_free_hash(priv->rx_tfm_michael);
5a656949 139 if (priv->rx_tfm_arc4)
28eb177d 140 crypto_free_blkcipher(priv->rx_tfm_arc4);
b453872c
JG		 141 kfree(priv);
142 }
143
144 return NULL;
145}
146
274bfb8d 147static void lib80211_tkip_deinit(void *priv)
b453872c 148{
274bfb8d 149 struct lib80211_tkip_data *_priv = priv;
5a656949
ZY		 150 if (_priv) {
151 if (_priv->tx_tfm_michael)
28eb177d 152 crypto_free_hash(_priv->tx_tfm_michael);
5a656949 153 if (_priv->tx_tfm_arc4)
28eb177d 154 crypto_free_blkcipher(_priv->tx_tfm_arc4);
5a656949 155 if (_priv->rx_tfm_michael)
28eb177d 156 crypto_free_hash(_priv->rx_tfm_michael);
5a656949 157 if (_priv->rx_tfm_arc4)
28eb177d 158 crypto_free_blkcipher(_priv->rx_tfm_arc4);
5a656949 159 }
b453872c
JG		 160 kfree(priv);
161}
162
b453872c
JG		 163static inline u16 RotR1(u16 val)
164{
165 return (val >> 1) | (val << 15);
166}
167
b453872c
JG		 168static inline u8 Lo8(u16 val)
169{
170 return val & 0xff;
171}
172
b453872c
JG		 173static inline u8 Hi8(u16 val)
174{
175 return val >> 8;
176}
177
b453872c
JG		 178static inline u16 Lo16(u32 val)
179{
180 return val & 0xffff;
181}
182
b453872c
JG		 183static inline u16 Hi16(u32 val)
184{
185 return val >> 16;
186}
187
b453872c
JG		 188static inline u16 Mk16(u8 hi, u8 lo)
189{
190 return lo | (((u16) hi) << 8);
191}
192
d9e94d56 193static inline u16 Mk16_le(__le16 * v)
b453872c
JG		 194{
195 return le16_to_cpu(*v);
196}
197
0edd5b44 198static const u16 Sbox[256] = {
b453872c
JG		 199 0xC6A5, 0xF884, 0xEE99, 0xF68D, 0xFF0D, 0xD6BD, 0xDEB1, 0x9154,
200 0x6050, 0x0203, 0xCEA9, 0x567D, 0xE719, 0xB562, 0x4DE6, 0xEC9A,
201 0x8F45, 0x1F9D, 0x8940, 0xFA87, 0xEF15, 0xB2EB, 0x8EC9, 0xFB0B,
202 0x41EC, 0xB367, 0x5FFD, 0x45EA, 0x23BF, 0x53F7, 0xE496, 0x9B5B,
203 0x75C2, 0xE11C, 0x3DAE, 0x4C6A, 0x6C5A, 0x7E41, 0xF502, 0x834F,
204 0x685C, 0x51F4, 0xD134, 0xF908, 0xE293, 0xAB73, 0x6253, 0x2A3F,
205 0x080C, 0x9552, 0x4665, 0x9D5E, 0x3028, 0x37A1, 0x0A0F, 0x2FB5,
206 0x0E09, 0x2436, 0x1B9B, 0xDF3D, 0xCD26, 0x4E69, 0x7FCD, 0xEA9F,
207 0x121B, 0x1D9E, 0x5874, 0x342E, 0x362D, 0xDCB2, 0xB4EE, 0x5BFB,
208 0xA4F6, 0x764D, 0xB761, 0x7DCE, 0x527B, 0xDD3E, 0x5E71, 0x1397,
209 0xA6F5, 0xB968, 0x0000, 0xC12C, 0x4060, 0xE31F, 0x79C8, 0xB6ED,
210 0xD4BE, 0x8D46, 0x67D9, 0x724B, 0x94DE, 0x98D4, 0xB0E8, 0x854A,
211 0xBB6B, 0xC52A, 0x4FE5, 0xED16, 0x86C5, 0x9AD7, 0x6655, 0x1194,
212 0x8ACF, 0xE910, 0x0406, 0xFE81, 0xA0F0, 0x7844, 0x25BA, 0x4BE3,
213 0xA2F3, 0x5DFE, 0x80C0, 0x058A, 0x3FAD, 0x21BC, 0x7048, 0xF104,
214 0x63DF, 0x77C1, 0xAF75, 0x4263, 0x2030, 0xE51A, 0xFD0E, 0xBF6D,
215 0x814C, 0x1814, 0x2635, 0xC32F, 0xBEE1, 0x35A2, 0x88CC, 0x2E39,
216 0x9357, 0x55F2, 0xFC82, 0x7A47, 0xC8AC, 0xBAE7, 0x322B, 0xE695,
217 0xC0A0, 0x1998, 0x9ED1, 0xA37F, 0x4466, 0x547E, 0x3BAB, 0x0B83,
218 0x8CCA, 0xC729, 0x6BD3, 0x283C, 0xA779, 0xBCE2, 0x161D, 0xAD76,
219 0xDB3B, 0x6456, 0x744E, 0x141E, 0x92DB, 0x0C0A, 0x486C, 0xB8E4,
220 0x9F5D, 0xBD6E, 0x43EF, 0xC4A6, 0x39A8, 0x31A4, 0xD337, 0xF28B,
221 0xD532, 0x8B43, 0x6E59, 0xDAB7, 0x018C, 0xB164, 0x9CD2, 0x49E0,
222 0xD8B4, 0xACFA, 0xF307, 0xCF25, 0xCAAF, 0xF48E, 0x47E9, 0x1018,
223 0x6FD5, 0xF088, 0x4A6F, 0x5C72, 0x3824, 0x57F1, 0x73C7, 0x9751,
224 0xCB23, 0xA17C, 0xE89C, 0x3E21, 0x96DD, 0x61DC, 0x0D86, 0x0F85,
225 0xE090, 0x7C42, 0x71C4, 0xCCAA, 0x90D8, 0x0605, 0xF701, 0x1C12,
226 0xC2A3, 0x6A5F, 0xAEF9, 0x69D0, 0x1791, 0x9958, 0x3A27, 0x27B9,
227 0xD938, 0xEB13, 0x2BB3, 0x2233, 0xD2BB, 0xA970, 0x0789, 0x33A7,
228 0x2DB6, 0x3C22, 0x1592, 0xC920, 0x8749, 0xAAFF, 0x5078, 0xA57A,
229 0x038F, 0x59F8, 0x0980, 0x1A17, 0x65DA, 0xD731, 0x84C6, 0xD0B8,
230 0x82C3, 0x29B0, 0x5A77, 0x1E11, 0x7BCB, 0xA8FC, 0x6DD6, 0x2C3A,
231};
232
b453872c
JG		 233static inline u16 _S_(u16 v)
234{
235 u16 t = Sbox[Hi8(v)];
236 return Sbox[Lo8(v)] ^ ((t << 8) | (t >> 8));
237}
238
b453872c
JG		 239#define PHASE1_LOOP_COUNT 8
240
0edd5b44
JG		 241static void tkip_mixing_phase1(u16 * TTAK, const u8 * TK, const u8 * TA,
242 u32 IV32)
b453872c
JG		 243{
244 int i, j;
245
246 /* Initialize the 80-bit TTAK from TSC (IV32) and TA[0..5] */
247 TTAK[0] = Lo16(IV32);
248 TTAK[1] = Hi16(IV32);
249 TTAK[2] = Mk16(TA[1], TA[0]);
250 TTAK[3] = Mk16(TA[3], TA[2]);
251 TTAK[4] = Mk16(TA[5], TA[4]);
252
253 for (i = 0; i < PHASE1_LOOP_COUNT; i++) {
254 j = 2 * (i & 1);
255 TTAK[0] += _S_(TTAK[4] ^ Mk16(TK[1 + j], TK[0 + j]));
256 TTAK[1] += _S_(TTAK[0] ^ Mk16(TK[5 + j], TK[4 + j]));
257 TTAK[2] += _S_(TTAK[1] ^ Mk16(TK[9 + j], TK[8 + j]));
258 TTAK[3] += _S_(TTAK[2] ^ Mk16(TK[13 + j], TK[12 + j]));
259 TTAK[4] += _S_(TTAK[3] ^ Mk16(TK[1 + j], TK[0 + j])) + i;
260 }
261}
262
0edd5b44 263static void tkip_mixing_phase2(u8 * WEPSeed, const u8 * TK, const u16 * TTAK,
b453872c
JG		 264 u16 IV16)
265{
266 /* Make temporary area overlap WEP seed so that the final copy can be
267 * avoided on little endian hosts. */
0edd5b44 268 u16 *PPK = (u16 *) & WEPSeed[4];
b453872c
JG		 269
270 /* Step 1 - make copy of TTAK and bring in TSC */
271 PPK[0] = TTAK[0];
272 PPK[1] = TTAK[1];
273 PPK[2] = TTAK[2];
274 PPK[3] = TTAK[3];
275 PPK[4] = TTAK[4];
276 PPK[5] = TTAK[4] + IV16;
277
278 /* Step 2 - 96-bit bijective mixing using S-box */
d9e94d56
AV		 279 PPK[0] += _S_(PPK[5] ^ Mk16_le((__le16 *) & TK[0]));
280 PPK[1] += _S_(PPK[0] ^ Mk16_le((__le16 *) & TK[2]));
281 PPK[2] += _S_(PPK[1] ^ Mk16_le((__le16 *) & TK[4]));
282 PPK[3] += _S_(PPK[2] ^ Mk16_le((__le16 *) & TK[6]));
283 PPK[4] += _S_(PPK[3] ^ Mk16_le((__le16 *) & TK[8]));
284 PPK[5] += _S_(PPK[4] ^ Mk16_le((__le16 *) & TK[10]));
285
286 PPK[0] += RotR1(PPK[5] ^ Mk16_le((__le16 *) & TK[12]));
287 PPK[1] += RotR1(PPK[0] ^ Mk16_le((__le16 *) & TK[14]));
b453872c
JG		 288 PPK[2] += RotR1(PPK[1]);
289 PPK[3] += RotR1(PPK[2]);
290 PPK[4] += RotR1(PPK[3]);
291 PPK[5] += RotR1(PPK[4]);
292
293 /* Step 3 - bring in last of TK bits, assign 24-bit WEP IV value
294 * WEPSeed[0..2] is transmitted as WEP IV */
295 WEPSeed[0] = Hi8(IV16);
296 WEPSeed[1] = (Hi8(IV16) | 0x20) & 0x7F;
297 WEPSeed[2] = Lo8(IV16);
d9e94d56 298 WEPSeed[3] = Lo8((PPK[5] ^ Mk16_le((__le16 *) & TK[0])) >> 1);
b453872c
JG		 299
300#ifdef __BIG_ENDIAN
301 {
302 int i;
303 for (i = 0; i < 6; i++)
304 PPK[i] = (PPK[i] << 8) | (PPK[i] >> 8);
305 }
306#endif
307}
308
274bfb8d 309static int lib80211_tkip_hdr(struct sk_buff *skb, int hdr_len,
9184d934 310 u8 * rc4key, int keylen, void *priv)
b453872c 311{
274bfb8d 312 struct lib80211_tkip_data *tkey = priv;
9184d934 313 u8 *pos;
274bfb8d 314 struct ieee80211_hdr *hdr;
b453872c 315
274bfb8d 316 hdr = (struct ieee80211_hdr *)skb->data;
20d64713 317
299af9d3 318 if (skb_headroom(skb) < TKIP_HDR_LEN || skb->len < hdr_len)
9184d934
ZY		 319 return -1;
320
321 if (rc4key == NULL || keylen < 16)
322 return -1;
b453872c 323
b453872c
JG		 324 if (!tkey->tx_phase1_done) {
325 tkip_mixing_phase1(tkey->tx_ttak, tkey->key, hdr->addr2,
326 tkey->tx_iv32);
327 tkey->tx_phase1_done = 1;
328 }
329 tkip_mixing_phase2(rc4key, tkey->key, tkey->tx_ttak, tkey->tx_iv16);
330
299af9d3
AT		 331 pos = skb_push(skb, TKIP_HDR_LEN);
332 memmove(pos, pos + TKIP_HDR_LEN, hdr_len);
b453872c 333 pos += hdr_len;
b453872c 334
31b59eae
JK		 335 *pos++ = *rc4key;
336 *pos++ = *(rc4key + 1);
337 *pos++ = *(rc4key + 2);
0edd5b44 338 *pos++ = (tkey->key_idx << 6) | (1 << 5) /* Ext IV included */ ;
b453872c
JG		 339 *pos++ = tkey->tx_iv32 & 0xff;
340 *pos++ = (tkey->tx_iv32 >> 8) & 0xff;
341 *pos++ = (tkey->tx_iv32 >> 16) & 0xff;
342 *pos++ = (tkey->tx_iv32 >> 24) & 0xff;
343
9184d934
ZY		 344 tkey->tx_iv16++;
345 if (tkey->tx_iv16 == 0) {
346 tkey->tx_phase1_done = 0;
347 tkey->tx_iv32++;
348 }
b453872c 349
299af9d3 350 return TKIP_HDR_LEN;
31b59eae
JK		 351}
352
274bfb8d 353static int lib80211_tkip_encrypt(struct sk_buff *skb, int hdr_len, void *priv)
31b59eae 354{
274bfb8d 355 struct lib80211_tkip_data *tkey = priv;
28eb177d 356 struct blkcipher_desc desc = { .tfm = tkey->tx_tfm_arc4 };
31b59eae 357 int len;
9184d934
ZY		 358 u8 rc4key[16], *pos, *icv;
359 u32 crc;
31b59eae
JK		 360 struct scatterlist sg;
361
6eb6edf0 362 if (tkey->flags & IEEE80211_CRYPTO_TKIP_COUNTERMEASURES) {
e87cc472
JP		 363 struct ieee80211_hdr *hdr = (struct ieee80211_hdr *)skb->data;
364 net_dbg_ratelimited("TKIP countermeasures: dropped TX packet to %pM\n",
365 hdr->addr1);
31b59eae
JK		 366 return -1;
367 }
368
369 if (skb_tailroom(skb) < 4 || skb->len < hdr_len)
370 return -1;
371
372 len = skb->len - hdr_len;
373 pos = skb->data + hdr_len;
374
274bfb8d 375 if ((lib80211_tkip_hdr(skb, hdr_len, rc4key, 16, priv)) < 0)
31b59eae
JK		 376 return -1;
377
9184d934 378 crc = ~crc32_le(~0, pos, len);
d0833a6a 379 icv = skb_put(skb, 4);
9184d934
ZY		 380 icv[0] = crc;
381 icv[1] = crc >> 8;
382 icv[2] = crc >> 16;
383 icv[3] = crc >> 24;
384
28eb177d 385 crypto_blkcipher_setkey(tkey->tx_tfm_arc4, rc4key, 16);
fa05f128 386 sg_init_one(&sg, pos, len + 4);
f12cc209 387 return crypto_blkcipher_encrypt(&desc, &sg, &sg, len + 4);
b4328d87
ZY		 388}
389
18379879
JG		 390/*
391 * deal with seq counter wrapping correctly.
392 * refer to timer_after() for jiffies wrapping handling
393 */
394static inline int tkip_replay_check(u32 iv32_n, u16 iv16_n,
395 u32 iv32_o, u16 iv16_o)
396{
397 if ((s32)iv32_n - (s32)iv32_o < 0 ||
398 (iv32_n == iv32_o && iv16_n <= iv16_o))
399 return 1;
400 return 0;
401}
402
274bfb8d 403static int lib80211_tkip_decrypt(struct sk_buff *skb, int hdr_len, void *priv)
b453872c 404{
274bfb8d 405 struct lib80211_tkip_data *tkey = priv;
28eb177d 406 struct blkcipher_desc desc = { .tfm = tkey->rx_tfm_arc4 };
b453872c
JG		 407 u8 rc4key[16];
408 u8 keyidx, *pos;
409 u32 iv32;
410 u16 iv16;
274bfb8d 411 struct ieee80211_hdr *hdr;
b453872c
JG		 412 u8 icv[4];
413 u32 crc;
414 struct scatterlist sg;
415 int plen;
416
274bfb8d 417 hdr = (struct ieee80211_hdr *)skb->data;
20d64713 418
6eb6edf0 419 if (tkey->flags & IEEE80211_CRYPTO_TKIP_COUNTERMEASURES) {
e87cc472
JP		 420 net_dbg_ratelimited("TKIP countermeasures: dropped received packet from %pM\n",
421 hdr->addr2);
20d64713
JK		 422 return -1;
423 }
424
299af9d3 425 if (skb->len < hdr_len + TKIP_HDR_LEN + 4)
b453872c
JG		 426 return -1;
427
b453872c
JG		 428 pos = skb->data + hdr_len;
429 keyidx = pos[3];
430 if (!(keyidx & (1 << 5))) {
e87cc472
JP		 431 net_dbg_ratelimited("TKIP: received packet without ExtIV flag from %pM\n",
432 hdr->addr2);
b453872c
JG		 433 return -2;
434 }
435 keyidx >>= 6;
436 if (tkey->key_idx != keyidx) {
437 printk(KERN_DEBUG "TKIP: RX tkey->key_idx=%d frame "
438 "keyidx=%d priv=%p\n", tkey->key_idx, keyidx, priv);
439 return -6;
440 }
441 if (!tkey->key_set) {
e87cc472
JP		 442 net_dbg_ratelimited("TKIP: received packet from %pM with keyid=%d that does not have a configured key\n",
443 hdr->addr2, keyidx);
b453872c
JG		 444 return -3;
445 }
446 iv16 = (pos[0] << 8) | pos[2];
447 iv32 = pos[4] | (pos[5] << 8) | (pos[6] << 16) | (pos[7] << 24);
299af9d3 448 pos += TKIP_HDR_LEN;
b453872c 449
b4328d87 450 if (tkip_replay_check(iv32, iv16, tkey->rx_iv32, tkey->rx_iv16)) {
6f16bf3b 451#ifdef CONFIG_LIB80211_DEBUG
e87cc472
JP		 452 net_dbg_ratelimited("TKIP: replay detected: STA=%pM previous TSC %08x%04x received TSC %08x%04x\n",
453 hdr->addr2, tkey->rx_iv32, tkey->rx_iv16,
454 iv32, iv16);
6f16bf3b 455#endif
b453872c
JG		 456 tkey->dot11RSNAStatsTKIPReplays++;
457 return -4;
458 }
459
460 if (iv32 != tkey->rx_iv32 || !tkey->rx_phase1_done) {
461 tkip_mixing_phase1(tkey->rx_ttak, tkey->key, hdr->addr2, iv32);
462 tkey->rx_phase1_done = 1;
463 }
464 tkip_mixing_phase2(rc4key, tkey->key, tkey->rx_ttak, iv16);
465
466 plen = skb->len - hdr_len - 12;
467
28eb177d 468 crypto_blkcipher_setkey(tkey->rx_tfm_arc4, rc4key, 16);
fa05f128 469 sg_init_one(&sg, pos, plen + 4);
f12cc209 470 if (crypto_blkcipher_decrypt(&desc, &sg, &sg, plen + 4)) {
e87cc472
JP		 471 net_dbg_ratelimited("TKIP: failed to decrypt received packet from %pM\n",
472 hdr->addr2);
f12cc209
HX		 473 return -7;
474 }
b453872c
JG		 475
476 crc = ~crc32_le(~0, pos, plen);
477 icv[0] = crc;
478 icv[1] = crc >> 8;
479 icv[2] = crc >> 16;
480 icv[3] = crc >> 24;
481 if (memcmp(icv, pos + plen, 4) != 0) {
482 if (iv32 != tkey->rx_iv32) {
483 /* Previously cached Phase1 result was already lost, so
484 * it needs to be recalculated for the next packet. */
485 tkey->rx_phase1_done = 0;
486 }
6f16bf3b 487#ifdef CONFIG_LIB80211_DEBUG
e87cc472
JP		 488 net_dbg_ratelimited("TKIP: ICV error detected: STA=%pM\n",
489 hdr->addr2);
6f16bf3b 490#endif
b453872c
JG		 491 tkey->dot11RSNAStatsTKIPICVErrors++;
492 return -5;
493 }
494
495 /* Update real counters only after Michael MIC verification has
496 * completed */
497 tkey->rx_iv32_new = iv32;
498 tkey->rx_iv16_new = iv16;
499
500 /* Remove IV and ICV */
299af9d3
AT		 501 memmove(skb->data + TKIP_HDR_LEN, skb->data, hdr_len);
502 skb_pull(skb, TKIP_HDR_LEN);
b453872c
JG		 503 skb_trim(skb, skb->len - 4);
504
505 return keyidx;
506}
507
28eb177d 508static int michael_mic(struct crypto_hash *tfm_michael, u8 * key, u8 * hdr,
0edd5b44 509 u8 * data, size_t data_len, u8 * mic)
b453872c 510{
35058687 511 struct hash_desc desc;
b453872c
JG		 512 struct scatterlist sg[2];
513
5a656949 514 if (tfm_michael == NULL) {
e9c0268f 515 pr_warn("%s(): tfm_michael == NULL\n", __func__);
b453872c
JG		 516 return -1;
517 }
fa05f128 518 sg_init_table(sg, 2);
642f1490
JA		 519 sg_set_buf(&sg[0], hdr, 16);
520 sg_set_buf(&sg[1], data, data_len);
b453872c 521
28eb177d 522 if (crypto_hash_setkey(tfm_michael, key, 8))
35058687 523 return -1;
b453872c 524
28eb177d 525 desc.tfm = tfm_michael;
35058687
HX		 526 desc.flags = 0;
527 return crypto_hash_digest(&desc, sg, data_len + 16, mic);
b453872c
JG		 528}
529
0edd5b44 530static void michael_mic_hdr(struct sk_buff *skb, u8 * hdr)
b453872c 531{
274bfb8d 532 struct ieee80211_hdr *hdr11;
b453872c 533
274bfb8d 534 hdr11 = (struct ieee80211_hdr *)skb->data;
ea284152 535
274bfb8d 536 switch (le16_to_cpu(hdr11->frame_control) &
b453872c
JG		 537 (IEEE80211_FCTL_FROMDS | IEEE80211_FCTL_TODS)) {
538 case IEEE80211_FCTL_TODS:
0edd5b44
JG		 539 memcpy(hdr, hdr11->addr3, ETH_ALEN); /* DA */
540 memcpy(hdr + ETH_ALEN, hdr11->addr2, ETH_ALEN); /* SA */
b453872c
JG		 541 break;
542 case IEEE80211_FCTL_FROMDS:
0edd5b44
JG		 543 memcpy(hdr, hdr11->addr1, ETH_ALEN); /* DA */
544 memcpy(hdr + ETH_ALEN, hdr11->addr3, ETH_ALEN); /* SA */
b453872c
JG		 545 break;
546 case IEEE80211_FCTL_FROMDS | IEEE80211_FCTL_TODS:
0edd5b44
JG		 547 memcpy(hdr, hdr11->addr3, ETH_ALEN); /* DA */
548 memcpy(hdr + ETH_ALEN, hdr11->addr4, ETH_ALEN); /* SA */
b453872c
JG		 549 break;
550 case 0:
0edd5b44
JG		 551 memcpy(hdr, hdr11->addr1, ETH_ALEN); /* DA */
552 memcpy(hdr + ETH_ALEN, hdr11->addr2, ETH_ALEN); /* SA */
b453872c
JG		 553 break;
554 }
555
274bfb8d 556 if (ieee80211_is_data_qos(hdr11->frame_control)) {
3f6ff6ba 557 hdr[12] = le16_to_cpu(*((__le16 *)ieee80211_get_qos_ctl(hdr11)))
274bfb8d 558 & IEEE80211_QOS_CTL_TID_MASK;
ea284152
ZY		 559 } else
560 hdr[12] = 0; /* priority */
561
0edd5b44 562 hdr[13] = hdr[14] = hdr[15] = 0; /* reserved */
b453872c
JG		 563}
564
274bfb8d 565static int lib80211_michael_mic_add(struct sk_buff *skb, int hdr_len,
0edd5b44 566 void *priv)
b453872c 567{
274bfb8d 568 struct lib80211_tkip_data *tkey = priv;
b453872c
JG		 569 u8 *pos;
570
571 if (skb_tailroom(skb) < 8 || skb->len < hdr_len) {
572 printk(KERN_DEBUG "Invalid packet for Michael MIC add "
573 "(tailroom=%d hdr_len=%d skb->len=%d)\n",
574 skb_tailroom(skb), hdr_len, skb->len);
575 return -1;
576 }
577
578 michael_mic_hdr(skb, tkey->tx_hdr);
579 pos = skb_put(skb, 8);
5a656949 580 if (michael_mic(tkey->tx_tfm_michael, &tkey->key[16], tkey->tx_hdr,
b453872c
JG		 581 skb->data + hdr_len, skb->len - 8 - hdr_len, pos))
582 return -1;
583
584 return 0;
585}
586
274bfb8d
JL		 587static void lib80211_michael_mic_failure(struct net_device *dev,
588 struct ieee80211_hdr *hdr,
ee34af37 589 int keyidx)
b453872c
JG		 590{
591 union iwreq_data wrqu;
592 struct iw_michaelmicfailure ev;
593
594 /* TODO: needed parameters: count, keyid, key type, TSC */
595 memset(&ev, 0, sizeof(ev));
596 ev.flags = keyidx & IW_MICFAILURE_KEY_ID;
597 if (hdr->addr1[0] & 0x01)
598 ev.flags |= IW_MICFAILURE_GROUP;
599 else
600 ev.flags |= IW_MICFAILURE_PAIRWISE;
601 ev.src_addr.sa_family = ARPHRD_ETHER;
602 memcpy(ev.src_addr.sa_data, hdr->addr2, ETH_ALEN);
603 memset(&wrqu, 0, sizeof(wrqu));
604 wrqu.data.length = sizeof(ev);
0edd5b44 605 wireless_send_event(dev, IWEVMICHAELMICFAILURE, &wrqu, (char *)&ev);
b453872c 606}
b453872c 607
274bfb8d 608static int lib80211_michael_mic_verify(struct sk_buff *skb, int keyidx,
0edd5b44 609 int hdr_len, void *priv)
b453872c 610{
274bfb8d 611 struct lib80211_tkip_data *tkey = priv;
b453872c
JG		 612 u8 mic[8];
613
614 if (!tkey->key_set)
615 return -1;
616
617 michael_mic_hdr(skb, tkey->rx_hdr);
5a656949 618 if (michael_mic(tkey->rx_tfm_michael, &tkey->key[24], tkey->rx_hdr,
b453872c
JG		 619 skb->data + hdr_len, skb->len - 8 - hdr_len, mic))
620 return -1;
621 if (memcmp(mic, skb->data + skb->len - 8, 8) != 0) {
274bfb8d
JL		 622 struct ieee80211_hdr *hdr;
623 hdr = (struct ieee80211_hdr *)skb->data;
b453872c 624 printk(KERN_DEBUG "%s: Michael MIC verification failed for "
e174961c
JB		 625 "MSDU from %pM keyidx=%d\n",
626 skb->dev ? skb->dev->name : "N/A", hdr->addr2,
b453872c
JG		 627 keyidx);
628 if (skb->dev)
274bfb8d 629 lib80211_michael_mic_failure(skb->dev, hdr, keyidx);
b453872c
JG		 630 tkey->dot11RSNAStatsTKIPLocalMICFailures++;
631 return -1;
632 }
633
634 /* Update TSC counters for RX now that the packet verification has
635 * completed. */
636 tkey->rx_iv32 = tkey->rx_iv32_new;
637 tkey->rx_iv16 = tkey->rx_iv16_new;
638
639 skb_trim(skb, skb->len - 8);
640
641 return 0;
642}
643
274bfb8d 644static int lib80211_tkip_set_key(void *key, int len, u8 * seq, void *priv)
b453872c 645{
274bfb8d 646 struct lib80211_tkip_data *tkey = priv;
b453872c 647 int keyidx;
28eb177d
JG		 648 struct crypto_hash *tfm = tkey->tx_tfm_michael;
649 struct crypto_blkcipher *tfm2 = tkey->tx_tfm_arc4;
650 struct crypto_hash *tfm3 = tkey->rx_tfm_michael;
651 struct crypto_blkcipher *tfm4 = tkey->rx_tfm_arc4;
b453872c
JG		 652
653 keyidx = tkey->key_idx;
654 memset(tkey, 0, sizeof(*tkey));
655 tkey->key_idx = keyidx;
5a656949
ZY		 656 tkey->tx_tfm_michael = tfm;
657 tkey->tx_tfm_arc4 = tfm2;
658 tkey->rx_tfm_michael = tfm3;
659 tkey->rx_tfm_arc4 = tfm4;
b453872c
JG		 660 if (len == TKIP_KEY_LEN) {
661 memcpy(tkey->key, key, TKIP_KEY_LEN);
662 tkey->key_set = 1;
0edd5b44 663 tkey->tx_iv16 = 1; /* TSC is initialized to 1 */
b453872c
JG		 664 if (seq) {
665 tkey->rx_iv32 = (seq[5] << 24) | (seq[4] << 16) |
0edd5b44 666 (seq[3] << 8) | seq[2];
b453872c
JG		 667 tkey->rx_iv16 = (seq[1] << 8) | seq[0];
668 }
669 } else if (len == 0)
670 tkey->key_set = 0;
671 else
672 return -1;
673
674 return 0;
675}
676
274bfb8d 677static int lib80211_tkip_get_key(void *key, int len, u8 * seq, void *priv)
b453872c 678{
274bfb8d 679 struct lib80211_tkip_data *tkey = priv;
b453872c
JG		 680
681 if (len < TKIP_KEY_LEN)
682 return -1;
683
684 if (!tkey->key_set)
685 return 0;
686 memcpy(key, tkey->key, TKIP_KEY_LEN);
687
688 if (seq) {
689 /* Return the sequence number of the last transmitted frame. */
690 u16 iv16 = tkey->tx_iv16;
691 u32 iv32 = tkey->tx_iv32;
692 if (iv16 == 0)
693 iv32--;
694 iv16--;
695 seq[0] = tkey->tx_iv16;
696 seq[1] = tkey->tx_iv16 >> 8;
697 seq[2] = tkey->tx_iv32;
698 seq[3] = tkey->tx_iv32 >> 8;
699 seq[4] = tkey->tx_iv32 >> 16;
700 seq[5] = tkey->tx_iv32 >> 24;
701 }
702
703 return TKIP_KEY_LEN;
704}
705
6bbefe86 706static void lib80211_tkip_print_stats(struct seq_file *m, void *priv)
b453872c 707{
274bfb8d 708 struct lib80211_tkip_data *tkip = priv;
6bbefe86
DH		 709 seq_printf(m,
710 "key[%d] alg=TKIP key_set=%d "
711 "tx_pn=%02x%02x%02x%02x%02x%02x "
712 "rx_pn=%02x%02x%02x%02x%02x%02x "
713 "replays=%d icv_errors=%d local_mic_failures=%d\n",
714 tkip->key_idx, tkip->key_set,
715 (tkip->tx_iv32 >> 24) & 0xff,
716 (tkip->tx_iv32 >> 16) & 0xff,
717 (tkip->tx_iv32 >> 8) & 0xff,
718 tkip->tx_iv32 & 0xff,
719 (tkip->tx_iv16 >> 8) & 0xff,
720 tkip->tx_iv16 & 0xff,
721 (tkip->rx_iv32 >> 24) & 0xff,
722 (tkip->rx_iv32 >> 16) & 0xff,
723 (tkip->rx_iv32 >> 8) & 0xff,
724 tkip->rx_iv32 & 0xff,
725 (tkip->rx_iv16 >> 8) & 0xff,
726 tkip->rx_iv16 & 0xff,
727 tkip->dot11RSNAStatsTKIPReplays,
728 tkip->dot11RSNAStatsTKIPICVErrors,
729 tkip->dot11RSNAStatsTKIPLocalMICFailures);
b453872c
JG		 730}
731
274bfb8d 732static struct lib80211_crypto_ops lib80211_crypt_tkip = {
74079fdc 733 .name = "TKIP",
274bfb8d
JL		 734 .init = lib80211_tkip_init,
735 .deinit = lib80211_tkip_deinit,
274bfb8d
JL		 736 .encrypt_mpdu = lib80211_tkip_encrypt,
737 .decrypt_mpdu = lib80211_tkip_decrypt,
738 .encrypt_msdu = lib80211_michael_mic_add,
739 .decrypt_msdu = lib80211_michael_mic_verify,
740 .set_key = lib80211_tkip_set_key,
741 .get_key = lib80211_tkip_get_key,
742 .print_stats = lib80211_tkip_print_stats,
1264fc04
JK		 743 .extra_mpdu_prefix_len = 4 + 4, /* IV + ExtIV */
744 .extra_mpdu_postfix_len = 4, /* ICV */
745 .extra_msdu_postfix_len = 8, /* MIC */
274bfb8d
JL		 746 .get_flags = lib80211_tkip_get_flags,
747 .set_flags = lib80211_tkip_set_flags,
74079fdc 748 .owner = THIS_MODULE,
b453872c
JG		 749};
750
274bfb8d 751static int __init lib80211_crypto_tkip_init(void)
b453872c 752{
274bfb8d 753 return lib80211_register_crypto_ops(&lib80211_crypt_tkip);
b453872c
JG		 754}
755
274bfb8d 756static void __exit lib80211_crypto_tkip_exit(void)
b453872c 757{
274bfb8d 758 lib80211_unregister_crypto_ops(&lib80211_crypt_tkip);
b453872c
JG		 759}
760
274bfb8d
JL		 761module_init(lib80211_crypto_tkip_init);
762module_exit(lib80211_crypto_tkip_exit);
kernel source for telekom puls (alcatel/mediatek)