Linux Kernel  3.7.1
 All Data Structures Namespaces Files Functions Variables Typedefs Enumerations Enumerator Macros Groups Pages
rtllib_crypt_ccmp.c
Go to the documentation of this file.
1 /*
2  * Host AP crypt: host-based CCMP encryption implementation for Host AP driver
3  *
4  * Copyright (c) 2003-2004, Jouni Malinen <[email protected]>
5  *
6  * This program is free software; you can redistribute it and/or modify
7  * it under the terms of the GNU General Public License version 2 as
8  * published by the Free Software Foundation. See README and COPYING for
9  * more details.
10  */
11 
12 #include <linux/module.h>
13 #include <linux/init.h>
14 #include <linux/slab.h>
15 #include <linux/random.h>
16 #include <linux/skbuff.h>
17 #include <linux/netdevice.h>
18 #include <linux/if_ether.h>
19 #include <linux/if_arp.h>
20 #include <linux/string.h>
21 #include <linux/wireless.h>
22 #include "rtllib.h"
23 
24 #include <linux/crypto.h>
25 
26 #include <linux/scatterlist.h>
27 
28 #define AES_BLOCK_LEN 16
29 #define CCMP_HDR_LEN 8
30 #define CCMP_MIC_LEN 8
31 #define CCMP_TK_LEN 16
32 #define CCMP_PN_LEN 6
33 
36  int key_set;
37 
40 
44 
45  int key_idx;
46 
47  struct crypto_tfm *tfm;
48 
49  /* scratch buffers for virt_to_page() (crypto API) */
53 };
54 
55 static void rtllib_ccmp_aes_encrypt(struct crypto_tfm *tfm,
56  const u8 pt[16], u8 ct[16])
57 {
58  crypto_cipher_encrypt_one((void *)tfm, ct, pt);
59 }
60 
61 static void *rtllib_ccmp_init(int key_idx)
62 {
63  struct rtllib_ccmp_data *priv;
64 
65  priv = kzalloc(sizeof(*priv), GFP_ATOMIC);
66  if (priv == NULL)
67  goto fail;
68  priv->key_idx = key_idx;
69 
70  priv->tfm = (void *)crypto_alloc_cipher("aes", 0, CRYPTO_ALG_ASYNC);
71  if (IS_ERR(priv->tfm)) {
72  printk(KERN_DEBUG "rtllib_crypt_ccmp: could not allocate "
73  "crypto API aes\n");
74  priv->tfm = NULL;
75  goto fail;
76  }
77  return priv;
78 
79 fail:
80  if (priv) {
81  if (priv->tfm)
82  crypto_free_cipher((void *)priv->tfm);
83  kfree(priv);
84  }
85 
86  return NULL;
87 }
88 
89 
90 static void rtllib_ccmp_deinit(void *priv)
91 {
92  struct rtllib_ccmp_data *_priv = priv;
93  if (_priv && _priv->tfm)
94  crypto_free_cipher((void *)_priv->tfm);
95  kfree(priv);
96 }
97 
98 
99 static inline void xor_block(u8 *b, u8 *a, size_t len)
100 {
101  int i;
102  for (i = 0; i < len; i++)
103  b[i] ^= a[i];
104 }
105 
106 
107 
108 static void ccmp_init_blocks(struct crypto_tfm *tfm,
109  struct rtllib_hdr_4addr *hdr,
110  u8 *pn, size_t dlen, u8 *b0, u8 *auth,
111  u8 *s0)
112 {
113  u8 *pos, qc = 0;
114  size_t aad_len;
115  u16 fc;
116  int a4_included, qc_included;
117  u8 aad[2 * AES_BLOCK_LEN];
118 
119  fc = le16_to_cpu(hdr->frame_ctl);
120  a4_included = ((fc & (RTLLIB_FCTL_TODS | RTLLIB_FCTL_FROMDS)) ==
122  /*
123  qc_included = ((WLAN_FC_GET_TYPE(fc) == RTLLIB_FTYPE_DATA) &&
124  (WLAN_FC_GET_STYPE(fc) & 0x08));
125  */
126  qc_included = ((WLAN_FC_GET_TYPE(fc) == RTLLIB_FTYPE_DATA) &&
127  (WLAN_FC_GET_STYPE(fc) & 0x80));
128  aad_len = 22;
129  if (a4_included)
130  aad_len += 6;
131  if (qc_included) {
132  pos = (u8 *) &hdr->addr4;
133  if (a4_included)
134  pos += 6;
135  qc = *pos & 0x0f;
136  aad_len += 2;
137  }
138  /* CCM Initial Block:
139  * Flag (Include authentication header, M=3 (8-octet MIC),
140  * L=1 (2-octet Dlen))
141  * Nonce: 0x00 | A2 | PN
142  * Dlen */
143  b0[0] = 0x59;
144  b0[1] = qc;
145  memcpy(b0 + 2, hdr->addr2, ETH_ALEN);
146  memcpy(b0 + 8, pn, CCMP_PN_LEN);
147  b0[14] = (dlen >> 8) & 0xff;
148  b0[15] = dlen & 0xff;
149 
150  /* AAD:
151  * FC with bits 4..6 and 11..13 masked to zero; 14 is always one
152  * A1 | A2 | A3
153  * SC with bits 4..15 (seq#) masked to zero
154  * A4 (if present)
155  * QC (if present)
156  */
157  pos = (u8 *) hdr;
158  aad[0] = 0; /* aad_len >> 8 */
159  aad[1] = aad_len & 0xff;
160  aad[2] = pos[0] & 0x8f;
161  aad[3] = pos[1] & 0xc7;
162  memcpy(aad + 4, hdr->addr1, 3 * ETH_ALEN);
163  pos = (u8 *) &hdr->seq_ctl;
164  aad[22] = pos[0] & 0x0f;
165  aad[23] = 0; /* all bits masked */
166  memset(aad + 24, 0, 8);
167  if (a4_included)
168  memcpy(aad + 24, hdr->addr4, ETH_ALEN);
169  if (qc_included) {
170  aad[a4_included ? 30 : 24] = qc;
171  /* rest of QC masked */
172  }
173 
174  /* Start with the first block and AAD */
175  rtllib_ccmp_aes_encrypt(tfm, b0, auth);
176  xor_block(auth, aad, AES_BLOCK_LEN);
177  rtllib_ccmp_aes_encrypt(tfm, auth, auth);
178  xor_block(auth, &aad[AES_BLOCK_LEN], AES_BLOCK_LEN);
179  rtllib_ccmp_aes_encrypt(tfm, auth, auth);
180  b0[0] &= 0x07;
181  b0[14] = b0[15] = 0;
182  rtllib_ccmp_aes_encrypt(tfm, b0, s0);
183 }
184 
185 
186 
187 static int rtllib_ccmp_encrypt(struct sk_buff *skb, int hdr_len, void *priv)
188 {
189  struct rtllib_ccmp_data *key = priv;
190  int data_len, i;
191  u8 *pos;
192  struct rtllib_hdr_4addr *hdr;
193  struct cb_desc *tcb_desc = (struct cb_desc *)(skb->cb +
195  if (skb_headroom(skb) < CCMP_HDR_LEN ||
196  skb_tailroom(skb) < CCMP_MIC_LEN ||
197  skb->len < hdr_len)
198  return -1;
199 
200  data_len = skb->len - hdr_len;
201  pos = skb_push(skb, CCMP_HDR_LEN);
202  memmove(pos, pos + CCMP_HDR_LEN, hdr_len);
203  pos += hdr_len;
204 
205  i = CCMP_PN_LEN - 1;
206  while (i >= 0) {
207  key->tx_pn[i]++;
208  if (key->tx_pn[i] != 0)
209  break;
210  i--;
211  }
212 
213  *pos++ = key->tx_pn[5];
214  *pos++ = key->tx_pn[4];
215  *pos++ = 0;
216  *pos++ = (key->key_idx << 6) | (1 << 5) /* Ext IV included */;
217  *pos++ = key->tx_pn[3];
218  *pos++ = key->tx_pn[2];
219  *pos++ = key->tx_pn[1];
220  *pos++ = key->tx_pn[0];
221 
222 
223  hdr = (struct rtllib_hdr_4addr *) skb->data;
224  if (!tcb_desc->bHwSec) {
225  int blocks, last, len;
226  u8 *mic;
227  u8 *b0 = key->tx_b0;
228  u8 *b = key->tx_b;
229  u8 *e = key->tx_e;
230  u8 *s0 = key->tx_s0;
231 
232  mic = skb_put(skb, CCMP_MIC_LEN);
233 
234  ccmp_init_blocks(key->tfm, hdr, key->tx_pn, data_len,
235  b0, b, s0);
236 
237  blocks = (data_len + AES_BLOCK_LEN - 1) / AES_BLOCK_LEN;
238  last = data_len % AES_BLOCK_LEN;
239 
240  for (i = 1; i <= blocks; i++) {
241  len = (i == blocks && last) ? last : AES_BLOCK_LEN;
242  /* Authentication */
243  xor_block(b, pos, len);
244  rtllib_ccmp_aes_encrypt(key->tfm, b, b);
245  /* Encryption, with counter */
246  b0[14] = (i >> 8) & 0xff;
247  b0[15] = i & 0xff;
248  rtllib_ccmp_aes_encrypt(key->tfm, b0, e);
249  xor_block(pos, e, len);
250  pos += len;
251  }
252 
253  for (i = 0; i < CCMP_MIC_LEN; i++)
254  mic[i] = b[i] ^ s0[i];
255  }
256  return 0;
257 }
258 
259 
260 static int rtllib_ccmp_decrypt(struct sk_buff *skb, int hdr_len, void *priv)
261 {
262  struct rtllib_ccmp_data *key = priv;
263  u8 keyidx, *pos;
264  struct rtllib_hdr_4addr *hdr;
265  struct cb_desc *tcb_desc = (struct cb_desc *)(skb->cb +
267  u8 pn[6];
268 
269  if (skb->len < hdr_len + CCMP_HDR_LEN + CCMP_MIC_LEN) {
271  return -1;
272  }
273 
274  hdr = (struct rtllib_hdr_4addr *) skb->data;
275  pos = skb->data + hdr_len;
276  keyidx = pos[3];
277  if (!(keyidx & (1 << 5))) {
278  if (net_ratelimit()) {
279  printk(KERN_DEBUG "CCMP: received packet without ExtIV"
280  " flag from %pM\n", hdr->addr2);
281  }
283  return -2;
284  }
285  keyidx >>= 6;
286  if (key->key_idx != keyidx) {
287  printk(KERN_DEBUG "CCMP: RX tkey->key_idx=%d frame "
288  "keyidx=%d priv=%p\n", key->key_idx, keyidx, priv);
289  return -6;
290  }
291  if (!key->key_set) {
292  if (net_ratelimit()) {
293  printk(KERN_DEBUG "CCMP: received packet from %pM"
294  " with keyid=%d that does not have a configured"
295  " key\n", hdr->addr2, keyidx);
296  }
297  return -3;
298  }
299 
300  pn[0] = pos[7];
301  pn[1] = pos[6];
302  pn[2] = pos[5];
303  pn[3] = pos[4];
304  pn[4] = pos[1];
305  pn[5] = pos[0];
306  pos += 8;
307  if (memcmp(pn, key->rx_pn, CCMP_PN_LEN) <= 0) {
309  return -4;
310  }
311  if (!tcb_desc->bHwSec) {
312  size_t data_len = skb->len - hdr_len - CCMP_HDR_LEN -
313  CCMP_MIC_LEN;
314  u8 *mic = skb->data + skb->len - CCMP_MIC_LEN;
315  u8 *b0 = key->rx_b0;
316  u8 *b = key->rx_b;
317  u8 *a = key->rx_a;
318  int i, blocks, last, len;
319 
320 
321  ccmp_init_blocks(key->tfm, hdr, pn, data_len, b0, a, b);
322  xor_block(mic, b, CCMP_MIC_LEN);
323 
324  blocks = (data_len + AES_BLOCK_LEN - 1) / AES_BLOCK_LEN;
325  last = data_len % AES_BLOCK_LEN;
326 
327  for (i = 1; i <= blocks; i++) {
328  len = (i == blocks && last) ? last : AES_BLOCK_LEN;
329  /* Decrypt, with counter */
330  b0[14] = (i >> 8) & 0xff;
331  b0[15] = i & 0xff;
332  rtllib_ccmp_aes_encrypt(key->tfm, b0, b);
333  xor_block(pos, b, len);
334  /* Authentication */
335  xor_block(a, pos, len);
336  rtllib_ccmp_aes_encrypt(key->tfm, a, a);
337  pos += len;
338  }
339 
340  if (memcmp(mic, a, CCMP_MIC_LEN) != 0) {
341  if (net_ratelimit()) {
342  printk(KERN_DEBUG "CCMP: decrypt failed: STA="
343  " %pM\n", hdr->addr2);
344  }
346  return -5;
347  }
348 
349  memcpy(key->rx_pn, pn, CCMP_PN_LEN);
350  }
351  /* Remove hdr and MIC */
352  memmove(skb->data + CCMP_HDR_LEN, skb->data, hdr_len);
353  skb_pull(skb, CCMP_HDR_LEN);
354  skb_trim(skb, skb->len - CCMP_MIC_LEN);
355 
356  return keyidx;
357 }
358 
359 
360 static int rtllib_ccmp_set_key(void *key, int len, u8 *seq, void *priv)
361 {
362  struct rtllib_ccmp_data *data = priv;
363  int keyidx;
364  struct crypto_tfm *tfm = data->tfm;
365 
366  keyidx = data->key_idx;
367  memset(data, 0, sizeof(*data));
368  data->key_idx = keyidx;
369  data->tfm = tfm;
370  if (len == CCMP_TK_LEN) {
371  memcpy(data->key, key, CCMP_TK_LEN);
372  data->key_set = 1;
373  if (seq) {
374  data->rx_pn[0] = seq[5];
375  data->rx_pn[1] = seq[4];
376  data->rx_pn[2] = seq[3];
377  data->rx_pn[3] = seq[2];
378  data->rx_pn[4] = seq[1];
379  data->rx_pn[5] = seq[0];
380  }
381  crypto_cipher_setkey((void *)data->tfm, data->key, CCMP_TK_LEN);
382  } else if (len == 0)
383  data->key_set = 0;
384  else
385  return -1;
386 
387  return 0;
388 }
389 
390 
391 static int rtllib_ccmp_get_key(void *key, int len, u8 *seq, void *priv)
392 {
393  struct rtllib_ccmp_data *data = priv;
394 
395  if (len < CCMP_TK_LEN)
396  return -1;
397 
398  if (!data->key_set)
399  return 0;
400  memcpy(key, data->key, CCMP_TK_LEN);
401 
402  if (seq) {
403  seq[0] = data->tx_pn[5];
404  seq[1] = data->tx_pn[4];
405  seq[2] = data->tx_pn[3];
406  seq[3] = data->tx_pn[2];
407  seq[4] = data->tx_pn[1];
408  seq[5] = data->tx_pn[0];
409  }
410 
411  return CCMP_TK_LEN;
412 }
413 
414 
415 static char *rtllib_ccmp_print_stats(char *p, void *priv)
416 {
417  struct rtllib_ccmp_data *ccmp = priv;
418  p += sprintf(p, "key[%d] alg=CCMP key_set=%d "
419  "tx_pn=%pM rx_pn=%pM "
420  "format_errors=%d replays=%d decrypt_errors=%d\n",
421  ccmp->key_idx, ccmp->key_set,
422  ccmp->tx_pn, ccmp->rx_pn,
426 
427  return p;
428 }
429 
430 static struct lib80211_crypto_ops rtllib_crypt_ccmp = {
431  .name = "R-CCMP",
432  .init = rtllib_ccmp_init,
433  .deinit = rtllib_ccmp_deinit,
434  .encrypt_mpdu = rtllib_ccmp_encrypt,
435  .decrypt_mpdu = rtllib_ccmp_decrypt,
436  .encrypt_msdu = NULL,
437  .decrypt_msdu = NULL,
438  .set_key = rtllib_ccmp_set_key,
439  .get_key = rtllib_ccmp_get_key,
440  .print_stats = rtllib_ccmp_print_stats,
441  .extra_mpdu_prefix_len = CCMP_HDR_LEN,
442  .extra_mpdu_postfix_len = CCMP_MIC_LEN,
443  .owner = THIS_MODULE,
444 };
445 
446 
448 {
449  return lib80211_register_crypto_ops(&rtllib_crypt_ccmp);
450 }
451 
452 
454 {
455  lib80211_unregister_crypto_ops(&rtllib_crypt_ccmp);
456 }
457 
460 
461 MODULE_LICENSE("GPL");