13 #include <linux/module.h>
15 #include <linux/slab.h>
16 #include <linux/random.h>
18 #include <linux/netdevice.h>
19 #include <linux/if_ether.h>
20 #include <linux/if_arp.h>
21 #include <asm/string.h>
35 #define TKIP_KEY_LEN 32
68 static void * ieee80211_tkip_init(
int key_idx)
77 priv->
tx_tfm_arc4 = crypto_alloc_blkcipher(
"ecb(arc4)", 0,
90 "crypto API michael_mic\n");
95 priv->
rx_tfm_arc4 = crypto_alloc_blkcipher(
"ecb(arc4)", 0,
108 "crypto API michael_mic\n");
132 static void ieee80211_tkip_deinit(
void *priv)
152 return (val >> 1) | (val << 15);
182 return lo | (((
u16) hi) << 8);
186 static inline u16 Mk16_le(
u16 *
v)
192 static const u16 Sbox[256] =
194 0xC6A5, 0xF884, 0xEE99, 0xF68D, 0xFF0D, 0xD6BD, 0xDEB1, 0x9154,
195 0x6050, 0x0203, 0xCEA9, 0x567D, 0xE719, 0xB562, 0x4DE6, 0xEC9A,
196 0x8F45, 0x1F9D, 0x8940, 0xFA87, 0xEF15, 0xB2EB, 0x8EC9, 0xFB0B,
197 0x41EC, 0xB367, 0x5FFD, 0x45EA, 0x23BF, 0x53F7, 0xE496, 0x9B5B,
198 0x75C2, 0xE11C, 0x3DAE, 0x4C6A, 0x6C5A, 0x7E41, 0xF502, 0x834F,
199 0x685C, 0x51F4, 0xD134, 0xF908, 0xE293, 0xAB73, 0x6253, 0x2A3F,
200 0x080C, 0x9552, 0x4665, 0x9D5E, 0x3028, 0x37A1, 0x0A0F, 0x2FB5,
201 0x0E09, 0x2436, 0x1B9B, 0xDF3D, 0xCD26, 0x4E69, 0x7FCD, 0xEA9F,
202 0x121B, 0x1D9E, 0x5874, 0x342E, 0x362D, 0xDCB2, 0xB4EE, 0x5BFB,
203 0xA4F6, 0x764D, 0xB761, 0x7DCE, 0x527B, 0xDD3E, 0x5E71, 0x1397,
204 0xA6F5, 0xB968, 0x0000, 0xC12C, 0x4060, 0xE31F, 0x79C8, 0xB6ED,
205 0xD4BE, 0x8D46, 0x67D9, 0x724B, 0x94DE, 0x98D4, 0xB0E8, 0x854A,
206 0xBB6B, 0xC52A, 0x4FE5, 0xED16, 0x86C5, 0x9AD7, 0x6655, 0x1194,
207 0x8ACF, 0xE910, 0x0406, 0xFE81, 0xA0F0, 0x7844, 0x25BA, 0x4BE3,
208 0xA2F3, 0x5DFE, 0x80C0, 0x058A, 0x3FAD, 0x21BC, 0x7048, 0xF104,
209 0x63DF, 0x77C1, 0xAF75, 0x4263, 0x2030, 0xE51A, 0xFD0E, 0xBF6D,
210 0x814C, 0x1814, 0x2635, 0xC32F, 0xBEE1, 0x35A2, 0x88CC, 0x2E39,
211 0x9357, 0x55F2, 0xFC82, 0x7A47, 0xC8AC, 0xBAE7, 0x322B, 0xE695,
212 0xC0A0, 0x1998, 0x9ED1, 0xA37F, 0x4466, 0x547E, 0x3BAB, 0x0B83,
213 0x8CCA, 0xC729, 0x6BD3, 0x283C, 0xA779, 0xBCE2, 0x161D, 0xAD76,
214 0xDB3B, 0x6456, 0x744E, 0x141E, 0x92DB, 0x0C0A, 0x486C, 0xB8E4,
215 0x9F5D, 0xBD6E, 0x43EF, 0xC4A6, 0x39A8, 0x31A4, 0xD337, 0xF28B,
216 0xD532, 0x8B43, 0x6E59, 0xDAB7, 0x018C, 0xB164, 0x9CD2, 0x49E0,
217 0xD8B4, 0xACFA, 0xF307, 0xCF25, 0xCAAF, 0xF48E, 0x47E9, 0x1018,
218 0x6FD5, 0xF088, 0x4A6F, 0x5C72, 0x3824, 0x57F1, 0x73C7, 0x9751,
219 0xCB23, 0xA17C, 0xE89C, 0x3E21, 0x96DD, 0x61DC, 0x0D86, 0x0F85,
220 0xE090, 0x7C42, 0x71C4, 0xCCAA, 0x90D8, 0x0605, 0xF701, 0x1C12,
221 0xC2A3, 0x6A5F, 0xAEF9, 0x69D0, 0x1791, 0x9958, 0x3A27, 0x27B9,
222 0xD938, 0xEB13, 0x2BB3, 0x2233, 0xD2BB, 0xA970, 0x0789, 0x33A7,
223 0x2DB6, 0x3C22, 0x1592, 0xC920, 0x8749, 0xAAFF, 0x5078, 0xA57A,
224 0x038F, 0x59F8, 0x0980, 0x1A17, 0x65DA, 0xD731, 0x84C6, 0xD0B8,
225 0x82C3, 0x29B0, 0x5A77, 0x1E11, 0x7BCB, 0xA8FC, 0x6DD6, 0x2C3A,
232 return Sbox[
Lo8(v)] ^ ((t << 8) | (t >> 8));
235 #define PHASE1_LOOP_COUNT 8
237 static void tkip_mixing_phase1(
u16 *TTAK,
const u8 *TK,
const u8 *
TA,
u32 IV32)
242 TTAK[0] =
Lo16(IV32);
243 TTAK[1] =
Hi16(IV32);
244 TTAK[2] =
Mk16(TA[1], TA[0]);
245 TTAK[3] =
Mk16(TA[3], TA[2]);
246 TTAK[4] =
Mk16(TA[5], TA[4]);
250 TTAK[0] +=
_S_(TTAK[4] ^
Mk16(TK[1 + j], TK[0 + j]));
251 TTAK[1] +=
_S_(TTAK[0] ^
Mk16(TK[5 + j], TK[4 + j]));
252 TTAK[2] +=
_S_(TTAK[1] ^
Mk16(TK[9 + j], TK[8 + j]));
253 TTAK[3] +=
_S_(TTAK[2] ^
Mk16(TK[13 + j], TK[12 + j]));
254 TTAK[4] +=
_S_(TTAK[3] ^
Mk16(TK[1 + j], TK[0 + j])) +
i;
259 static void tkip_mixing_phase2(
u8 *WEPSeed,
const u8 *TK,
const u16 *TTAK,
264 u16 *PPK = (
u16 *) &WEPSeed[4];
272 PPK[5] = TTAK[4] + IV16;
275 PPK[0] +=
_S_(PPK[5] ^ Mk16_le((
u16 *) &TK[0]));
276 PPK[1] +=
_S_(PPK[0] ^ Mk16_le((
u16 *) &TK[2]));
277 PPK[2] +=
_S_(PPK[1] ^ Mk16_le((
u16 *) &TK[4]));
278 PPK[3] +=
_S_(PPK[2] ^ Mk16_le((
u16 *) &TK[6]));
279 PPK[4] +=
_S_(PPK[3] ^ Mk16_le((
u16 *) &TK[8]));
280 PPK[5] +=
_S_(PPK[4] ^ Mk16_le((
u16 *) &TK[10]));
282 PPK[0] +=
RotR1(PPK[5] ^ Mk16_le((
u16 *) &TK[12]));
283 PPK[1] +=
RotR1(PPK[0] ^ Mk16_le((
u16 *) &TK[14]));
284 PPK[2] +=
RotR1(PPK[1]);
285 PPK[3] +=
RotR1(PPK[2]);
286 PPK[4] +=
RotR1(PPK[3]);
287 PPK[5] +=
RotR1(PPK[4]);
291 WEPSeed[0] =
Hi8(IV16);
292 WEPSeed[1] = (
Hi8(IV16) | 0x20) & 0x7F;
293 WEPSeed[2] =
Lo8(IV16);
294 WEPSeed[3] =
Lo8((PPK[5] ^ Mk16_le((
u16 *) &TK[0])) >> 1);
299 for (i = 0; i < 6; i++)
300 PPK[i] = (PPK[i] << 8) | (PPK[
i] >> 8);
318 if (skb_headroom(skb) < 8 || skb_tailroom(skb) < 4 ||
333 memmove(pos, pos + 8, hdr_len);
339 *pos++ = (tkey->
key_idx << 6) | (1 << 5) ;
341 *pos++ = (tkey->
tx_iv32 >> 8) & 0xff;
342 *pos++ = (tkey->
tx_iv32 >> 16) & 0xff;
343 *pos++ = (tkey->
tx_iv32 >> 24) & 0xff;
351 crypto_blkcipher_setkey(tkey->
tx_tfm_arc4, rc4key, 16);
353 ret= crypto_blkcipher_encrypt(&desc, &
sg, &
sg, len + 4);
363 static int ieee80211_tkip_decrypt(
struct sk_buff *skb,
int hdr_len,
void *priv)
377 if (skb->
len < hdr_len + 8 + 4)
381 pos = skb->
data + hdr_len;
383 if (!(keyidx & (1 << 5))) {
386 " flag from %pM\n", hdr->
addr2);
393 "keyidx=%d priv=%p\n", tkey->
key_idx, keyidx, priv);
399 " with keyid=%d that does not have a configured"
400 " key\n", hdr->
addr2, keyidx);
404 iv16 = (pos[0] << 8) | pos[2];
405 iv32 = pos[4] | (pos[5] << 8) | (pos[6] << 16) | (pos[7] << 24);
408 if (iv32 < tkey->rx_iv32 ||
409 (iv32 == tkey->
rx_iv32 && iv16 <= tkey->rx_iv16)) {
412 " previous TSC %08x%04x received TSC "
413 "%08x%04x\n", hdr->
addr2,
424 tkip_mixing_phase2(rc4key, tkey->
key, tkey->
rx_ttak, iv16);
426 plen = skb->
len - hdr_len - 12;
427 crypto_blkcipher_setkey(tkey->
rx_tfm_arc4, rc4key, 16);
429 if (crypto_blkcipher_decrypt(&desc, &
sg, &
sg, plen + 4)) {
432 "received packet from %pM\n",
443 if (
memcmp(icv, pos + plen, 4) != 0) {
451 "%pM\n", hdr->
addr2);
476 if (tfm_michael ==
NULL) {
482 sg_set_buf(&
sg[0], hdr, 16);
483 sg_set_buf(&
sg[1], data, data_len);
485 if (crypto_hash_setkey(tfm_michael, key, 8))
488 desc.
tfm = tfm_michael;
490 return crypto_hash_digest(&desc,
sg, data_len + 16, mic);
493 static void michael_mic_hdr(
struct sk_buff *skb,
u8 *hdr)
520 hdr[13] = hdr[14] = hdr[15] = 0;
524 static int ieee80211_michael_mic_add(
struct sk_buff *skb,
int hdr_len,
void *priv)
534 "(tailroom=%d hdr_len=%d skb->len=%d)\n",
535 skb_tailroom(skb), hdr_len, skb->
len);
539 michael_mic_hdr(skb, tkey->
tx_hdr);
544 tkey->
tx_hdr[12] = *(skb->
data + hdr_len - 2) & 0x07;
550 skb->
data + hdr_len, skb->
len - 8 - hdr_len, pos))
556 static void ieee80211_michael_mic_failure(
struct net_device *
dev,
564 memset(&ev, 0,
sizeof(ev));
566 if (hdr->
addr1[0] & 0x01)
572 memset(&wrqu, 0,
sizeof(wrqu));
573 wrqu.data.length =
sizeof(ev);
577 static int ieee80211_michael_mic_verify(
struct sk_buff *skb,
int keyidx,
578 int hdr_len,
void *priv)
589 michael_mic_hdr(skb, tkey->
rx_hdr);
593 tkey->
rx_hdr[12] = *(skb->
data + hdr_len - 2) & 0x07;
598 skb->
data + hdr_len, skb->
len - 8 - hdr_len, mic))
605 "MSDU from %pM keyidx=%d\n",
609 ieee80211_michael_mic_failure(skb->
dev, hdr, keyidx);
625 static int ieee80211_tkip_set_key(
void *key,
int len,
u8 *seq,
void *priv)
635 memset(tkey, 0,
sizeof(*tkey));
648 tkey->
rx_iv32 = (seq[5] << 24) | (seq[4] << 16) |
649 (seq[3] << 8) | seq[2];
650 tkey->
rx_iv16 = (seq[1] << 8) | seq[0];
661 static int ieee80211_tkip_get_key(
void *key,
int len,
u8 *seq,
void *priv)
691 static char * ieee80211_tkip_print_stats(
char *
p,
void *priv)
694 p +=
sprintf(p,
"key[%d] alg=TKIP key_set=%d "
695 "tx_pn=%02x%02x%02x%02x%02x%02x "
696 "rx_pn=%02x%02x%02x%02x%02x%02x "
697 "replays=%d icv_errors=%d local_mic_failures=%d\n",
720 .init = ieee80211_tkip_init,
721 .deinit = ieee80211_tkip_deinit,
722 .encrypt_mpdu = ieee80211_tkip_encrypt,
723 .decrypt_mpdu = ieee80211_tkip_decrypt,
724 .encrypt_msdu = ieee80211_michael_mic_add,
725 .decrypt_msdu = ieee80211_michael_mic_verify,
726 .set_key = ieee80211_tkip_set_key,
727 .get_key = ieee80211_tkip_get_key,
728 .print_stats = ieee80211_tkip_print_stats,
729 .extra_prefix_len = 4 + 4,
730 .extra_postfix_len = 8 + 4,