1/* 2 * Host AP crypt: host-based TKIP encryption implementation for Host AP driver 3 * 4 * Copyright (c) 2003-2004, Jouni Malinen <jkmaline@cc.hut.fi> 5 * 6 * This program is free software; you can redistribute it and/or modify 7 * it under the terms of the GNU General Public License version 2 as 8 * published by the Free Software Foundation. See README and COPYING for 9 * more details. 10 */ 11 12//#include <linux/config.h> 13#include <linux/version.h> 14#include <linux/module.h> 15#include <linux/init.h> 16#include <linux/slab.h> 17#include <linux/random.h> 18#include <linux/skbuff.h> 19#include <linux/netdevice.h> 20#include <linux/if_ether.h> 21#include <linux/if_arp.h> 22#include <asm/string.h> 23 24#include "ieee80211.h" 25 26 27#include <linux/crypto.h> 28#include <linux/scatterlist.h> 29 30#include <linux/crc32.h> 31 32MODULE_AUTHOR("Jouni Malinen"); 33MODULE_DESCRIPTION("Host AP crypt: TKIP"); 34MODULE_LICENSE("GPL"); 35 36#ifndef OPENSUSE_SLED 37#define OPENSUSE_SLED 0 38#endif 39 40struct ieee80211_tkip_data { 41#define TKIP_KEY_LEN 32 42 u8 key[TKIP_KEY_LEN]; 43 int key_set; 44 45 u32 tx_iv32; 46 u16 tx_iv16; 47 u16 tx_ttak[5]; 48 int tx_phase1_done; 49 50 u32 rx_iv32; 51 u16 rx_iv16; 52 u16 rx_ttak[5]; 53 int rx_phase1_done; 54 u32 rx_iv32_new; 55 u16 rx_iv16_new; 56 57 u32 dot11RSNAStatsTKIPReplays; 58 u32 dot11RSNAStatsTKIPICVErrors; 59 u32 dot11RSNAStatsTKIPLocalMICFailures; 60 61 int key_idx; 62 struct crypto_blkcipher *rx_tfm_arc4; 63 struct crypto_hash *rx_tfm_michael; 64 struct crypto_blkcipher *tx_tfm_arc4; 65 struct crypto_hash *tx_tfm_michael; 66 /* scratch buffers for virt_to_page() (crypto API) */ 67 u8 rx_hdr[16], tx_hdr[16]; 68}; 69 70static void * ieee80211_tkip_init(int key_idx) 71{ 72 struct ieee80211_tkip_data *priv; 73 74 priv = kzalloc(sizeof(*priv), GFP_ATOMIC); 75 if (priv == NULL) 76 goto fail; 77 priv->key_idx = key_idx; 78 priv->tx_tfm_arc4 = crypto_alloc_blkcipher("ecb(arc4)", 0, 79 CRYPTO_ALG_ASYNC); 80 if (IS_ERR(priv->tx_tfm_arc4)) { 81 printk(KERN_DEBUG "ieee80211_crypt_tkip: could not allocate " 82 "crypto API arc4\n"); 83 priv->tx_tfm_arc4 = NULL; 84 goto fail; 85 } 86 87 priv->tx_tfm_michael = crypto_alloc_hash("michael_mic", 0, 88 CRYPTO_ALG_ASYNC); 89 if (IS_ERR(priv->tx_tfm_michael)) { 90 printk(KERN_DEBUG "ieee80211_crypt_tkip: could not allocate " 91 "crypto API michael_mic\n"); 92 priv->tx_tfm_michael = NULL; 93 goto fail; 94 } 95 96 priv->rx_tfm_arc4 = crypto_alloc_blkcipher("ecb(arc4)", 0, 97 CRYPTO_ALG_ASYNC); 98 if (IS_ERR(priv->rx_tfm_arc4)) { 99 printk(KERN_DEBUG "ieee80211_crypt_tkip: could not allocate " 100 "crypto API arc4\n"); 101 priv->rx_tfm_arc4 = NULL; 102 goto fail; 103 } 104 105 priv->rx_tfm_michael = crypto_alloc_hash("michael_mic", 0, 106 CRYPTO_ALG_ASYNC); 107 if (IS_ERR(priv->rx_tfm_michael)) { 108 printk(KERN_DEBUG "ieee80211_crypt_tkip: could not allocate " 109 "crypto API michael_mic\n"); 110 priv->rx_tfm_michael = NULL; 111 goto fail; 112 } 113 return priv; 114 115fail: 116 if (priv) { 117 if (priv->tx_tfm_michael) 118 crypto_free_hash(priv->tx_tfm_michael); 119 if (priv->tx_tfm_arc4) 120 crypto_free_blkcipher(priv->tx_tfm_arc4); 121 if (priv->rx_tfm_michael) 122 crypto_free_hash(priv->rx_tfm_michael); 123 if (priv->rx_tfm_arc4) 124 crypto_free_blkcipher(priv->rx_tfm_arc4); 125 kfree(priv); 126 } 127 128 return NULL; 129} 130 131 132static void ieee80211_tkip_deinit(void *priv) 133{ 134 struct ieee80211_tkip_data *_priv = priv; 135 if (_priv) { 136 if (_priv->tx_tfm_michael) 137 crypto_free_hash(_priv->tx_tfm_michael); 138 if (_priv->tx_tfm_arc4) 139 crypto_free_blkcipher(_priv->tx_tfm_arc4); 140 if (_priv->rx_tfm_michael) 141 crypto_free_hash(_priv->rx_tfm_michael); 142 if (_priv->rx_tfm_arc4) 143 crypto_free_blkcipher(_priv->rx_tfm_arc4); 144 } 145 kfree(priv); 146} 147 148 149static inline u16 RotR1(u16 val) 150{ 151 return (val >> 1) | (val << 15); 152} 153 154 155static inline u8 Lo8(u16 val) 156{ 157 return val & 0xff; 158} 159 160 161static inline u8 Hi8(u16 val) 162{ 163 return val >> 8; 164} 165 166 167static inline u16 Lo16(u32 val) 168{ 169 return val & 0xffff; 170} 171 172 173static inline u16 Hi16(u32 val) 174{ 175 return val >> 16; 176} 177 178 179static inline u16 Mk16(u8 hi, u8 lo) 180{ 181 return lo | (((u16) hi) << 8); 182} 183 184 185static inline u16 Mk16_le(u16 *v) 186{ 187 return le16_to_cpu(*v); 188} 189 190 191static const u16 Sbox[256] = 192{ 193 0xC6A5, 0xF884, 0xEE99, 0xF68D, 0xFF0D, 0xD6BD, 0xDEB1, 0x9154, 194 0x6050, 0x0203, 0xCEA9, 0x567D, 0xE719, 0xB562, 0x4DE6, 0xEC9A, 195 0x8F45, 0x1F9D, 0x8940, 0xFA87, 0xEF15, 0xB2EB, 0x8EC9, 0xFB0B, 196 0x41EC, 0xB367, 0x5FFD, 0x45EA, 0x23BF, 0x53F7, 0xE496, 0x9B5B, 197 0x75C2, 0xE11C, 0x3DAE, 0x4C6A, 0x6C5A, 0x7E41, 0xF502, 0x834F, 198 0x685C, 0x51F4, 0xD134, 0xF908, 0xE293, 0xAB73, 0x6253, 0x2A3F, 199 0x080C, 0x9552, 0x4665, 0x9D5E, 0x3028, 0x37A1, 0x0A0F, 0x2FB5, 200 0x0E09, 0x2436, 0x1B9B, 0xDF3D, 0xCD26, 0x4E69, 0x7FCD, 0xEA9F, 201 0x121B, 0x1D9E, 0x5874, 0x342E, 0x362D, 0xDCB2, 0xB4EE, 0x5BFB, 202 0xA4F6, 0x764D, 0xB761, 0x7DCE, 0x527B, 0xDD3E, 0x5E71, 0x1397, 203 0xA6F5, 0xB968, 0x0000, 0xC12C, 0x4060, 0xE31F, 0x79C8, 0xB6ED, 204 0xD4BE, 0x8D46, 0x67D9, 0x724B, 0x94DE, 0x98D4, 0xB0E8, 0x854A, 205 0xBB6B, 0xC52A, 0x4FE5, 0xED16, 0x86C5, 0x9AD7, 0x6655, 0x1194, 206 0x8ACF, 0xE910, 0x0406, 0xFE81, 0xA0F0, 0x7844, 0x25BA, 0x4BE3, 207 0xA2F3, 0x5DFE, 0x80C0, 0x058A, 0x3FAD, 0x21BC, 0x7048, 0xF104, 208 0x63DF, 0x77C1, 0xAF75, 0x4263, 0x2030, 0xE51A, 0xFD0E, 0xBF6D, 209 0x814C, 0x1814, 0x2635, 0xC32F, 0xBEE1, 0x35A2, 0x88CC, 0x2E39, 210 0x9357, 0x55F2, 0xFC82, 0x7A47, 0xC8AC, 0xBAE7, 0x322B, 0xE695, 211 0xC0A0, 0x1998, 0x9ED1, 0xA37F, 0x4466, 0x547E, 0x3BAB, 0x0B83, 212 0x8CCA, 0xC729, 0x6BD3, 0x283C, 0xA779, 0xBCE2, 0x161D, 0xAD76, 213 0xDB3B, 0x6456, 0x744E, 0x141E, 0x92DB, 0x0C0A, 0x486C, 0xB8E4, 214 0x9F5D, 0xBD6E, 0x43EF, 0xC4A6, 0x39A8, 0x31A4, 0xD337, 0xF28B, 215 0xD532, 0x8B43, 0x6E59, 0xDAB7, 0x018C, 0xB164, 0x9CD2, 0x49E0, 216 0xD8B4, 0xACFA, 0xF307, 0xCF25, 0xCAAF, 0xF48E, 0x47E9, 0x1018, 217 0x6FD5, 0xF088, 0x4A6F, 0x5C72, 0x3824, 0x57F1, 0x73C7, 0x9751, 218 0xCB23, 0xA17C, 0xE89C, 0x3E21, 0x96DD, 0x61DC, 0x0D86, 0x0F85, 219 0xE090, 0x7C42, 0x71C4, 0xCCAA, 0x90D8, 0x0605, 0xF701, 0x1C12, 220 0xC2A3, 0x6A5F, 0xAEF9, 0x69D0, 0x1791, 0x9958, 0x3A27, 0x27B9, 221 0xD938, 0xEB13, 0x2BB3, 0x2233, 0xD2BB, 0xA970, 0x0789, 0x33A7, 222 0x2DB6, 0x3C22, 0x1592, 0xC920, 0x8749, 0xAAFF, 0x5078, 0xA57A, 223 0x038F, 0x59F8, 0x0980, 0x1A17, 0x65DA, 0xD731, 0x84C6, 0xD0B8, 224 0x82C3, 0x29B0, 0x5A77, 0x1E11, 0x7BCB, 0xA8FC, 0x6DD6, 0x2C3A, 225}; 226 227 228static inline u16 _S_(u16 v) 229{ 230 u16 t = Sbox[Hi8(v)]; 231 return Sbox[Lo8(v)] ^ ((t << 8) | (t >> 8)); 232} 233 234 235#define PHASE1_LOOP_COUNT 8 236 237 238static void tkip_mixing_phase1(u16 *TTAK, const u8 *TK, const u8 *TA, u32 IV32) 239{ 240 int i, j; 241 242 /* Initialize the 80-bit TTAK from TSC (IV32) and TA[0..5] */ 243 TTAK[0] = Lo16(IV32); 244 TTAK[1] = Hi16(IV32); 245 TTAK[2] = Mk16(TA[1], TA[0]); 246 TTAK[3] = Mk16(TA[3], TA[2]); 247 TTAK[4] = Mk16(TA[5], TA[4]); 248 249 for (i = 0; i < PHASE1_LOOP_COUNT; i++) { 250 j = 2 * (i & 1); 251 TTAK[0] += _S_(TTAK[4] ^ Mk16(TK[1 + j], TK[0 + j])); 252 TTAK[1] += _S_(TTAK[0] ^ Mk16(TK[5 + j], TK[4 + j])); 253 TTAK[2] += _S_(TTAK[1] ^ Mk16(TK[9 + j], TK[8 + j])); 254 TTAK[3] += _S_(TTAK[2] ^ Mk16(TK[13 + j], TK[12 + j])); 255 TTAK[4] += _S_(TTAK[3] ^ Mk16(TK[1 + j], TK[0 + j])) + i; 256 } 257} 258 259 260static void tkip_mixing_phase2(u8 *WEPSeed, const u8 *TK, const u16 *TTAK, 261 u16 IV16) 262{ 263 /* Make temporary area overlap WEP seed so that the final copy can be 264 * avoided on little endian hosts. */ 265 u16 *PPK = (u16 *) &WEPSeed[4]; 266 267 /* Step 1 - make copy of TTAK and bring in TSC */ 268 PPK[0] = TTAK[0]; 269 PPK[1] = TTAK[1]; 270 PPK[2] = TTAK[2]; 271 PPK[3] = TTAK[3]; 272 PPK[4] = TTAK[4]; 273 PPK[5] = TTAK[4] + IV16; 274 275 /* Step 2 - 96-bit bijective mixing using S-box */ 276 PPK[0] += _S_(PPK[5] ^ Mk16_le((u16 *) &TK[0])); 277 PPK[1] += _S_(PPK[0] ^ Mk16_le((u16 *) &TK[2])); 278 PPK[2] += _S_(PPK[1] ^ Mk16_le((u16 *) &TK[4])); 279 PPK[3] += _S_(PPK[2] ^ Mk16_le((u16 *) &TK[6])); 280 PPK[4] += _S_(PPK[3] ^ Mk16_le((u16 *) &TK[8])); 281 PPK[5] += _S_(PPK[4] ^ Mk16_le((u16 *) &TK[10])); 282 283 PPK[0] += RotR1(PPK[5] ^ Mk16_le((u16 *) &TK[12])); 284 PPK[1] += RotR1(PPK[0] ^ Mk16_le((u16 *) &TK[14])); 285 PPK[2] += RotR1(PPK[1]); 286 PPK[3] += RotR1(PPK[2]); 287 PPK[4] += RotR1(PPK[3]); 288 PPK[5] += RotR1(PPK[4]); 289 290 /* Step 3 - bring in last of TK bits, assign 24-bit WEP IV value 291 * WEPSeed[0..2] is transmitted as WEP IV */ 292 WEPSeed[0] = Hi8(IV16); 293 WEPSeed[1] = (Hi8(IV16) | 0x20) & 0x7F; 294 WEPSeed[2] = Lo8(IV16); 295 WEPSeed[3] = Lo8((PPK[5] ^ Mk16_le((u16 *) &TK[0])) >> 1); 296 297#ifdef __BIG_ENDIAN 298 { 299 int i; 300 for (i = 0; i < 6; i++) 301 PPK[i] = (PPK[i] << 8) | (PPK[i] >> 8); 302 } 303#endif 304} 305 306 307static int ieee80211_tkip_encrypt(struct sk_buff *skb, int hdr_len, void *priv) 308{ 309 struct ieee80211_tkip_data *tkey = priv; 310 int len; 311 u8 *pos; 312 struct ieee80211_hdr_4addr *hdr; 313 cb_desc *tcb_desc = (cb_desc *)(skb->cb + MAX_DEV_ADDR_SIZE); 314 315 struct blkcipher_desc desc = {.tfm = tkey->tx_tfm_arc4}; 316 int ret = 0; 317 u8 rc4key[16], *icv; 318 u32 crc; 319 struct scatterlist sg; 320 321 if (skb_headroom(skb) < 8 || skb_tailroom(skb) < 4 || 322 skb->len < hdr_len) 323 return -1; 324 325 hdr = (struct ieee80211_hdr_4addr *) skb->data; 326 327 328 if (!tcb_desc->bHwSec) 329 { 330 if (!tkey->tx_phase1_done) { 331 tkip_mixing_phase1(tkey->tx_ttak, tkey->key, hdr->addr2, 332 tkey->tx_iv32); 333 tkey->tx_phase1_done = 1; 334 } 335 tkip_mixing_phase2(rc4key, tkey->key, tkey->tx_ttak, tkey->tx_iv16); 336 } 337 else 338 tkey->tx_phase1_done = 1; 339 340 341 len = skb->len - hdr_len; 342 pos = skb_push(skb, 8); 343 memmove(pos, pos + 8, hdr_len); 344 pos += hdr_len; 345 346 if (tcb_desc->bHwSec) 347 { 348 *pos++ = Hi8(tkey->tx_iv16); 349 *pos++ = (Hi8(tkey->tx_iv16) | 0x20) & 0x7F; 350 *pos++ = Lo8(tkey->tx_iv16); 351 } 352 else 353 { 354 *pos++ = rc4key[0]; 355 *pos++ = rc4key[1]; 356 *pos++ = rc4key[2]; 357 } 358 359 *pos++ = (tkey->key_idx << 6) | (1 << 5) /* Ext IV included */; 360 *pos++ = tkey->tx_iv32 & 0xff; 361 *pos++ = (tkey->tx_iv32 >> 8) & 0xff; 362 *pos++ = (tkey->tx_iv32 >> 16) & 0xff; 363 *pos++ = (tkey->tx_iv32 >> 24) & 0xff; 364 365 if (!tcb_desc->bHwSec) 366 { 367 icv = skb_put(skb, 4); 368 crc = ~crc32_le(~0, pos, len); 369 icv[0] = crc; 370 icv[1] = crc >> 8; 371 icv[2] = crc >> 16; 372 icv[3] = crc >> 24; 373 crypto_blkcipher_setkey(tkey->tx_tfm_arc4, rc4key, 16); 374 sg_init_one(&sg, pos, len+4); 375 ret= crypto_blkcipher_encrypt(&desc, &sg, &sg, len + 4); 376 377 } 378 379 tkey->tx_iv16++; 380 if (tkey->tx_iv16 == 0) { 381 tkey->tx_phase1_done = 0; 382 tkey->tx_iv32++; 383 } 384 385 if (!tcb_desc->bHwSec) 386 return ret; 387 else 388 return 0; 389 390 391} 392 393static int ieee80211_tkip_decrypt(struct sk_buff *skb, int hdr_len, void *priv) 394{ 395 struct ieee80211_tkip_data *tkey = priv; 396 u8 keyidx, *pos; 397 u32 iv32; 398 u16 iv16; 399 struct ieee80211_hdr_4addr *hdr; 400 cb_desc *tcb_desc = (cb_desc *)(skb->cb + MAX_DEV_ADDR_SIZE); 401 struct blkcipher_desc desc = {.tfm = tkey->rx_tfm_arc4}; 402 u8 rc4key[16]; 403 u8 icv[4]; 404 u32 crc; 405 struct scatterlist sg; 406 int plen; 407 if (skb->len < hdr_len + 8 + 4) 408 return -1; 409 410 hdr = (struct ieee80211_hdr_4addr *) skb->data; 411 pos = skb->data + hdr_len; 412 keyidx = pos[3]; 413 if (!(keyidx & (1 << 5))) { 414 if (net_ratelimit()) { 415 printk(KERN_DEBUG "TKIP: received packet without ExtIV" 416 " flag from %pM\n", hdr->addr2); 417 } 418 return -2; 419 } 420 keyidx >>= 6; 421 if (tkey->key_idx != keyidx) { 422 printk(KERN_DEBUG "TKIP: RX tkey->key_idx=%d frame " 423 "keyidx=%d priv=%p\n", tkey->key_idx, keyidx, priv); 424 return -6; 425 } 426 if (!tkey->key_set) { 427 if (net_ratelimit()) { 428 printk(KERN_DEBUG "TKIP: received packet from %pM" 429 " with keyid=%d that does not have a configured" 430 " key\n", hdr->addr2, keyidx); 431 } 432 return -3; 433 } 434 iv16 = (pos[0] << 8) | pos[2]; 435 iv32 = pos[4] | (pos[5] << 8) | (pos[6] << 16) | (pos[7] << 24); 436 pos += 8; 437 438 if (!tcb_desc->bHwSec) 439 { 440 if (iv32 < tkey->rx_iv32 || 441 (iv32 == tkey->rx_iv32 && iv16 <= tkey->rx_iv16)) { 442 if (net_ratelimit()) { 443 printk(KERN_DEBUG "TKIP: replay detected: STA=%pM" 444 " previous TSC %08x%04x received TSC " 445 "%08x%04x\n", hdr->addr2, 446 tkey->rx_iv32, tkey->rx_iv16, iv32, iv16); 447 } 448 tkey->dot11RSNAStatsTKIPReplays++; 449 return -4; 450 } 451 452 if (iv32 != tkey->rx_iv32 || !tkey->rx_phase1_done) { 453 tkip_mixing_phase1(tkey->rx_ttak, tkey->key, hdr->addr2, iv32); 454 tkey->rx_phase1_done = 1; 455 } 456 tkip_mixing_phase2(rc4key, tkey->key, tkey->rx_ttak, iv16); 457 458 plen = skb->len - hdr_len - 12; 459 460 crypto_blkcipher_setkey(tkey->rx_tfm_arc4, rc4key, 16); 461 sg_init_one(&sg, pos, plen+4); 462 if (crypto_blkcipher_decrypt(&desc, &sg, &sg, plen + 4)) { 463 if (net_ratelimit()) { 464 printk(KERN_DEBUG ": TKIP: failed to decrypt " 465 "received packet from %pM\n", 466 hdr->addr2); 467 } 468 return -7; 469 } 470 471 crc = ~crc32_le(~0, pos, plen); 472 icv[0] = crc; 473 icv[1] = crc >> 8; 474 icv[2] = crc >> 16; 475 icv[3] = crc >> 24; 476 477 if (memcmp(icv, pos + plen, 4) != 0) { 478 if (iv32 != tkey->rx_iv32) { 479 /* Previously cached Phase1 result was already lost, so 480 * it needs to be recalculated for the next packet. */ 481 tkey->rx_phase1_done = 0; 482 } 483 if (net_ratelimit()) { 484 printk(KERN_DEBUG 485 "TKIP: ICV error detected: STA=%pM\n", 486 hdr->addr2); 487 } 488 tkey->dot11RSNAStatsTKIPICVErrors++; 489 return -5; 490 } 491 492 } 493 494 /* Update real counters only after Michael MIC verification has 495 * completed */ 496 tkey->rx_iv32_new = iv32; 497 tkey->rx_iv16_new = iv16; 498 499 /* Remove IV and ICV */ 500 memmove(skb->data + 8, skb->data, hdr_len); 501 skb_pull(skb, 8); 502 skb_trim(skb, skb->len - 4); 503 504//john's test 505#ifdef JOHN_DUMP 506if( ((u16*)skb->data)[0] & 0x4000){ 507 printk("@@ rx decrypted skb->data"); 508 int i; 509 for(i=0;i<skb->len;i++){ 510 if( (i%24)==0 ) printk("\n"); 511 printk("%2x ", ((u8*)skb->data)[i]); 512 } 513 printk("\n"); 514} 515#endif /*JOHN_DUMP*/ 516 return keyidx; 517} 518 519 520static int michael_mic(struct crypto_hash *tfm_michael, u8 * key, u8 * hdr, 521 u8 * data, size_t data_len, u8 * mic) 522{ 523 struct hash_desc desc; 524 struct scatterlist sg[2]; 525 526 if (tfm_michael == NULL) { 527 printk(KERN_WARNING "michael_mic: tfm_michael == NULL\n"); 528 return -1; 529 } 530 sg_init_table(sg, 2); 531 sg_set_buf(&sg[0], hdr, 16); 532 sg_set_buf(&sg[1], data, data_len); 533 534 if (crypto_hash_setkey(tfm_michael, key, 8)) 535 return -1; 536 537 desc.tfm = tfm_michael; 538 desc.flags = 0; 539 return crypto_hash_digest(&desc, sg, data_len + 16, mic); 540} 541 542 543 544static void michael_mic_hdr(struct sk_buff *skb, u8 *hdr) 545{ 546 struct ieee80211_hdr_4addr *hdr11; 547 548 hdr11 = (struct ieee80211_hdr_4addr *) skb->data; 549 switch (le16_to_cpu(hdr11->frame_ctl) & 550 (IEEE80211_FCTL_FROMDS | IEEE80211_FCTL_TODS)) { 551 case IEEE80211_FCTL_TODS: 552 memcpy(hdr, hdr11->addr3, ETH_ALEN); /* DA */ 553 memcpy(hdr + ETH_ALEN, hdr11->addr2, ETH_ALEN); /* SA */ 554 break; 555 case IEEE80211_FCTL_FROMDS: 556 memcpy(hdr, hdr11->addr1, ETH_ALEN); /* DA */ 557 memcpy(hdr + ETH_ALEN, hdr11->addr3, ETH_ALEN); /* SA */ 558 break; 559 case IEEE80211_FCTL_FROMDS | IEEE80211_FCTL_TODS: 560 memcpy(hdr, hdr11->addr3, ETH_ALEN); /* DA */ 561 memcpy(hdr + ETH_ALEN, hdr11->addr4, ETH_ALEN); /* SA */ 562 break; 563 case 0: 564 memcpy(hdr, hdr11->addr1, ETH_ALEN); /* DA */ 565 memcpy(hdr + ETH_ALEN, hdr11->addr2, ETH_ALEN); /* SA */ 566 break; 567 } 568 569 hdr[12] = 0; /* priority */ 570 571 hdr[13] = hdr[14] = hdr[15] = 0; /* reserved */ 572} 573 574 575static int ieee80211_michael_mic_add(struct sk_buff *skb, int hdr_len, void *priv) 576{ 577 struct ieee80211_tkip_data *tkey = priv; 578 u8 *pos; 579 struct ieee80211_hdr_4addr *hdr; 580 581 hdr = (struct ieee80211_hdr_4addr *) skb->data; 582 583 if (skb_tailroom(skb) < 8 || skb->len < hdr_len) { 584 printk(KERN_DEBUG "Invalid packet for Michael MIC add " 585 "(tailroom=%d hdr_len=%d skb->len=%d)\n", 586 skb_tailroom(skb), hdr_len, skb->len); 587 return -1; 588 } 589 590 michael_mic_hdr(skb, tkey->tx_hdr); 591 592 // { david, 2006.9.1 593 // fix the wpa process with wmm enabled. 594 if(IEEE80211_QOS_HAS_SEQ(le16_to_cpu(hdr->frame_ctl))) { 595 tkey->tx_hdr[12] = *(skb->data + hdr_len - 2) & 0x07; 596 } 597 // } 598 pos = skb_put(skb, 8); 599 if (michael_mic(tkey->tx_tfm_michael, &tkey->key[16], tkey->tx_hdr, 600 skb->data + hdr_len, skb->len - 8 - hdr_len, pos)) 601 return -1; 602 603 return 0; 604} 605 606 607#if WIRELESS_EXT >= 18 608static void ieee80211_michael_mic_failure(struct net_device *dev, 609 struct ieee80211_hdr_4addr *hdr, 610 int keyidx) 611{ 612 union iwreq_data wrqu; 613 struct iw_michaelmicfailure ev; 614 615 /* TODO: needed parameters: count, keyid, key type, TSC */ 616 memset(&ev, 0, sizeof(ev)); 617 ev.flags = keyidx & IW_MICFAILURE_KEY_ID; 618 if (hdr->addr1[0] & 0x01) 619 ev.flags |= IW_MICFAILURE_GROUP; 620 else 621 ev.flags |= IW_MICFAILURE_PAIRWISE; 622 ev.src_addr.sa_family = ARPHRD_ETHER; 623 memcpy(ev.src_addr.sa_data, hdr->addr2, ETH_ALEN); 624 memset(&wrqu, 0, sizeof(wrqu)); 625 wrqu.data.length = sizeof(ev); 626 wireless_send_event(dev, IWEVMICHAELMICFAILURE, &wrqu, (char *) &ev); 627} 628#elif WIRELESS_EXT >= 15 629static void ieee80211_michael_mic_failure(struct net_device *dev, 630 struct ieee80211_hdr_4addr *hdr, 631 int keyidx) 632{ 633 union iwreq_data wrqu; 634 char buf[128]; 635 636 /* TODO: needed parameters: count, keyid, key type, TSC */ 637 sprintf(buf, "MLME-MICHAELMICFAILURE.indication(keyid=%d %scast addr=" 638 "%pM)", keyidx, hdr->addr1[0] & 0x01 ? "broad" : "uni", 639 hdr->addr2); 640 memset(&wrqu, 0, sizeof(wrqu)); 641 wrqu.data.length = strlen(buf); 642 wireless_send_event(dev, IWEVCUSTOM, &wrqu, buf); 643} 644#else /* WIRELESS_EXT >= 15 */ 645static inline void ieee80211_michael_mic_failure(struct net_device *dev, 646 struct ieee80211_hdr_4addr *hdr, 647 int keyidx) 648{ 649} 650#endif /* WIRELESS_EXT >= 15 */ 651 652static int ieee80211_michael_mic_verify(struct sk_buff *skb, int keyidx, 653 int hdr_len, void *priv) 654{ 655 struct ieee80211_tkip_data *tkey = priv; 656 u8 mic[8]; 657 struct ieee80211_hdr_4addr *hdr; 658 659 hdr = (struct ieee80211_hdr_4addr *) skb->data; 660 661 if (!tkey->key_set) 662 return -1; 663 664 michael_mic_hdr(skb, tkey->rx_hdr); 665 // { david, 2006.9.1 666 // fix the wpa process with wmm enabled. 667 if(IEEE80211_QOS_HAS_SEQ(le16_to_cpu(hdr->frame_ctl))) { 668 tkey->rx_hdr[12] = *(skb->data + hdr_len - 2) & 0x07; 669 } 670 // } 671 672 if (michael_mic(tkey->rx_tfm_michael, &tkey->key[24], tkey->rx_hdr, 673 skb->data + hdr_len, skb->len - 8 - hdr_len, mic)) 674 return -1; 675 if (memcmp(mic, skb->data + skb->len - 8, 8) != 0) { 676 struct ieee80211_hdr_4addr *hdr; 677 hdr = (struct ieee80211_hdr_4addr *) skb->data; 678 printk(KERN_DEBUG "%s: Michael MIC verification failed for " 679 "MSDU from %pM keyidx=%d\n", 680 skb->dev ? skb->dev->name : "N/A", hdr->addr2, 681 keyidx); 682 if (skb->dev) 683 ieee80211_michael_mic_failure(skb->dev, hdr, keyidx); 684 tkey->dot11RSNAStatsTKIPLocalMICFailures++; 685 return -1; 686 } 687 688 /* Update TSC counters for RX now that the packet verification has 689 * completed. */ 690 tkey->rx_iv32 = tkey->rx_iv32_new; 691 tkey->rx_iv16 = tkey->rx_iv16_new; 692 693 skb_trim(skb, skb->len - 8); 694 695 return 0; 696} 697 698 699static int ieee80211_tkip_set_key(void *key, int len, u8 *seq, void *priv) 700{ 701 struct ieee80211_tkip_data *tkey = priv; 702 int keyidx; 703 struct crypto_hash *tfm = tkey->tx_tfm_michael; 704 struct crypto_blkcipher *tfm2 = tkey->tx_tfm_arc4; 705 struct crypto_hash *tfm3 = tkey->rx_tfm_michael; 706 struct crypto_blkcipher *tfm4 = tkey->rx_tfm_arc4; 707 708 keyidx = tkey->key_idx; 709 memset(tkey, 0, sizeof(*tkey)); 710 tkey->key_idx = keyidx; 711 tkey->tx_tfm_michael = tfm; 712 tkey->tx_tfm_arc4 = tfm2; 713 tkey->rx_tfm_michael = tfm3; 714 tkey->rx_tfm_arc4 = tfm4; 715 716 if (len == TKIP_KEY_LEN) { 717 memcpy(tkey->key, key, TKIP_KEY_LEN); 718 tkey->key_set = 1; 719 tkey->tx_iv16 = 1; /* TSC is initialized to 1 */ 720 if (seq) { 721 tkey->rx_iv32 = (seq[5] << 24) | (seq[4] << 16) | 722 (seq[3] << 8) | seq[2]; 723 tkey->rx_iv16 = (seq[1] << 8) | seq[0]; 724 } 725 } else if (len == 0) 726 tkey->key_set = 0; 727 else 728 return -1; 729 730 return 0; 731} 732 733 734static int ieee80211_tkip_get_key(void *key, int len, u8 *seq, void *priv) 735{ 736 struct ieee80211_tkip_data *tkey = priv; 737 738 if (len < TKIP_KEY_LEN) 739 return -1; 740 741 if (!tkey->key_set) 742 return 0; 743 memcpy(key, tkey->key, TKIP_KEY_LEN); 744 745 if (seq) { 746 /* Return the sequence number of the last transmitted frame. */ 747 u16 iv16 = tkey->tx_iv16; 748 u32 iv32 = tkey->tx_iv32; 749 if (iv16 == 0) 750 iv32--; 751 iv16--; 752 seq[0] = tkey->tx_iv16; 753 seq[1] = tkey->tx_iv16 >> 8; 754 seq[2] = tkey->tx_iv32; 755 seq[3] = tkey->tx_iv32 >> 8; 756 seq[4] = tkey->tx_iv32 >> 16; 757 seq[5] = tkey->tx_iv32 >> 24; 758 } 759 760 return TKIP_KEY_LEN; 761} 762 763 764static char * ieee80211_tkip_print_stats(char *p, void *priv) 765{ 766 struct ieee80211_tkip_data *tkip = priv; 767 p += sprintf(p, "key[%d] alg=TKIP key_set=%d " 768 "tx_pn=%02x%02x%02x%02x%02x%02x " 769 "rx_pn=%02x%02x%02x%02x%02x%02x " 770 "replays=%d icv_errors=%d local_mic_failures=%d\n", 771 tkip->key_idx, tkip->key_set, 772 (tkip->tx_iv32 >> 24) & 0xff, 773 (tkip->tx_iv32 >> 16) & 0xff, 774 (tkip->tx_iv32 >> 8) & 0xff, 775 tkip->tx_iv32 & 0xff, 776 (tkip->tx_iv16 >> 8) & 0xff, 777 tkip->tx_iv16 & 0xff, 778 (tkip->rx_iv32 >> 24) & 0xff, 779 (tkip->rx_iv32 >> 16) & 0xff, 780 (tkip->rx_iv32 >> 8) & 0xff, 781 tkip->rx_iv32 & 0xff, 782 (tkip->rx_iv16 >> 8) & 0xff, 783 tkip->rx_iv16 & 0xff, 784 tkip->dot11RSNAStatsTKIPReplays, 785 tkip->dot11RSNAStatsTKIPICVErrors, 786 tkip->dot11RSNAStatsTKIPLocalMICFailures); 787 return p; 788} 789 790 791static struct ieee80211_crypto_ops ieee80211_crypt_tkip = { 792 .name = "TKIP", 793 .init = ieee80211_tkip_init, 794 .deinit = ieee80211_tkip_deinit, 795 .encrypt_mpdu = ieee80211_tkip_encrypt, 796 .decrypt_mpdu = ieee80211_tkip_decrypt, 797 .encrypt_msdu = ieee80211_michael_mic_add, 798 .decrypt_msdu = ieee80211_michael_mic_verify, 799 .set_key = ieee80211_tkip_set_key, 800 .get_key = ieee80211_tkip_get_key, 801 .print_stats = ieee80211_tkip_print_stats, 802 .extra_prefix_len = 4 + 4, /* IV + ExtIV */ 803 .extra_postfix_len = 8 + 4, /* MIC + ICV */ 804 .owner = THIS_MODULE, 805}; 806 807 808int __init ieee80211_crypto_tkip_init(void) 809{ 810 return ieee80211_register_crypto_ops(&ieee80211_crypt_tkip); 811} 812 813 814void ieee80211_crypto_tkip_exit(void) 815{ 816 ieee80211_unregister_crypto_ops(&ieee80211_crypt_tkip); 817} 818 819void ieee80211_tkip_null(void) 820{ 821// printk("============>%s()\n", __FUNCTION__); 822 return; 823} 824