2 * Host AP crypt: host-based TKIP encryption implementation for Host AP driver
4 * Copyright (c) 2003-2004, Jouni Malinen <jkmaline@cc.hut.fi>
6 * This program is free software; you can redistribute it and/or modify
7 * it under the terms of the GNU General Public License version 2 as
8 * published by the Free Software Foundation. See README and COPYING for
12 #include <linux/err.h>
13 #include <linux/module.h>
14 #include <linux/init.h>
15 #include <linux/slab.h>
16 #include <linux/random.h>
17 #include <linux/skbuff.h>
18 #include <linux/netdevice.h>
19 #include <linux/if_ether.h>
20 #include <linux/if_arp.h>
21 #include <asm/string.h>
23 #include <net/ieee80211.h>
25 #include <linux/crypto.h>
26 #include <asm/scatterlist.h>
27 #include <linux/crc32.h>
29 MODULE_AUTHOR("Jouni Malinen");
30 MODULE_DESCRIPTION("Host AP crypt: TKIP");
31 MODULE_LICENSE("GPL");
33 struct ieee80211_tkip_data {
34 #define TKIP_KEY_LEN 32
50 u32 dot11RSNAStatsTKIPReplays;
51 u32 dot11RSNAStatsTKIPICVErrors;
52 u32 dot11RSNAStatsTKIPLocalMICFailures;
56 struct crypto_blkcipher *rx_tfm_arc4;
57 struct crypto_hash *rx_tfm_michael;
58 struct crypto_blkcipher *tx_tfm_arc4;
59 struct crypto_hash *tx_tfm_michael;
61 /* scratch buffers for virt_to_page() (crypto API) */
62 u8 rx_hdr[16], tx_hdr[16];
67 static unsigned long ieee80211_tkip_set_flags(unsigned long flags, void *priv)
69 struct ieee80211_tkip_data *_priv = priv;
70 unsigned long old_flags = _priv->flags;
75 static unsigned long ieee80211_tkip_get_flags(void *priv)
77 struct ieee80211_tkip_data *_priv = priv;
81 static void *ieee80211_tkip_init(int key_idx)
83 struct ieee80211_tkip_data *priv;
85 priv = kzalloc(sizeof(*priv), GFP_ATOMIC);
89 priv->key_idx = key_idx;
91 priv->tx_tfm_arc4 = crypto_alloc_blkcipher("ecb(arc4)", 0,
93 if (IS_ERR(priv->tx_tfm_arc4)) {
94 printk(KERN_DEBUG "ieee80211_crypt_tkip: could not allocate "
96 priv->tfm_arc4 = NULL;
100 priv->tx_tfm_michael = crypto_alloc_hash("michael_mic", 0,
102 if (IS_ERR(priv->tx_tfm_michael)) {
103 printk(KERN_DEBUG "ieee80211_crypt_tkip: could not allocate "
104 "crypto API michael_mic\n");
108 priv->rx_tfm_arc4 = crypto_alloc_blkcipher("ecb(arc4)", 0,
110 if (IS_ERR(priv->rx_tfm_arc4)) {
111 printk(KERN_DEBUG "ieee80211_crypt_tkip: could not allocate "
112 "crypto API arc4\n");
116 priv->rx_tfm_michael = crypto_alloc_hash("michael_mic", 0,
118 if (IS_ERR(priv->rx_tfm_michael)) {
119 printk(KERN_DEBUG "ieee80211_crypt_tkip: could not allocate "
120 "crypto API michael_mic\n");
121 priv->tfm_michael = NULL;
129 if (priv->tx_tfm_michael)
130 crypto_free_hash(priv->tx_tfm_michael);
131 if (priv->tx_tfm_arc4)
132 crypto_free_blkcipher(priv->tx_tfm_arc4);
133 if (priv->rx_tfm_michael)
134 crypto_free_hash(priv->rx_tfm_michael);
135 if (priv->rx_tfm_arc4)
136 crypto_free_blkcipher(priv->rx_tfm_arc4);
143 static void ieee80211_tkip_deinit(void *priv)
145 struct ieee80211_tkip_data *_priv = priv;
147 if (_priv->tx_tfm_michael)
148 crypto_free_hash(_priv->tx_tfm_michael);
149 if (_priv->tx_tfm_arc4)
150 crypto_free_blkcipher(_priv->tx_tfm_arc4);
151 if (_priv->rx_tfm_michael)
152 crypto_free_hash(_priv->rx_tfm_michael);
153 if (_priv->rx_tfm_arc4)
154 crypto_free_blkcipher(_priv->rx_tfm_arc4);
159 static inline u16 RotR1(u16 val)
161 return (val >> 1) | (val << 15);
164 static inline u8 Lo8(u16 val)
169 static inline u8 Hi8(u16 val)
174 static inline u16 Lo16(u32 val)
179 static inline u16 Hi16(u32 val)
184 static inline u16 Mk16(u8 hi, u8 lo)
186 return lo | (((u16) hi) << 8);
189 static inline u16 Mk16_le(u16 * v)
191 return le16_to_cpu(*v);
194 static const u16 Sbox[256] = {
195 0xC6A5, 0xF884, 0xEE99, 0xF68D, 0xFF0D, 0xD6BD, 0xDEB1, 0x9154,
196 0x6050, 0x0203, 0xCEA9, 0x567D, 0xE719, 0xB562, 0x4DE6, 0xEC9A,
197 0x8F45, 0x1F9D, 0x8940, 0xFA87, 0xEF15, 0xB2EB, 0x8EC9, 0xFB0B,
198 0x41EC, 0xB367, 0x5FFD, 0x45EA, 0x23BF, 0x53F7, 0xE496, 0x9B5B,
199 0x75C2, 0xE11C, 0x3DAE, 0x4C6A, 0x6C5A, 0x7E41, 0xF502, 0x834F,
200 0x685C, 0x51F4, 0xD134, 0xF908, 0xE293, 0xAB73, 0x6253, 0x2A3F,
201 0x080C, 0x9552, 0x4665, 0x9D5E, 0x3028, 0x37A1, 0x0A0F, 0x2FB5,
202 0x0E09, 0x2436, 0x1B9B, 0xDF3D, 0xCD26, 0x4E69, 0x7FCD, 0xEA9F,
203 0x121B, 0x1D9E, 0x5874, 0x342E, 0x362D, 0xDCB2, 0xB4EE, 0x5BFB,
204 0xA4F6, 0x764D, 0xB761, 0x7DCE, 0x527B, 0xDD3E, 0x5E71, 0x1397,
205 0xA6F5, 0xB968, 0x0000, 0xC12C, 0x4060, 0xE31F, 0x79C8, 0xB6ED,
206 0xD4BE, 0x8D46, 0x67D9, 0x724B, 0x94DE, 0x98D4, 0xB0E8, 0x854A,
207 0xBB6B, 0xC52A, 0x4FE5, 0xED16, 0x86C5, 0x9AD7, 0x6655, 0x1194,
208 0x8ACF, 0xE910, 0x0406, 0xFE81, 0xA0F0, 0x7844, 0x25BA, 0x4BE3,
209 0xA2F3, 0x5DFE, 0x80C0, 0x058A, 0x3FAD, 0x21BC, 0x7048, 0xF104,
210 0x63DF, 0x77C1, 0xAF75, 0x4263, 0x2030, 0xE51A, 0xFD0E, 0xBF6D,
211 0x814C, 0x1814, 0x2635, 0xC32F, 0xBEE1, 0x35A2, 0x88CC, 0x2E39,
212 0x9357, 0x55F2, 0xFC82, 0x7A47, 0xC8AC, 0xBAE7, 0x322B, 0xE695,
213 0xC0A0, 0x1998, 0x9ED1, 0xA37F, 0x4466, 0x547E, 0x3BAB, 0x0B83,
214 0x8CCA, 0xC729, 0x6BD3, 0x283C, 0xA779, 0xBCE2, 0x161D, 0xAD76,
215 0xDB3B, 0x6456, 0x744E, 0x141E, 0x92DB, 0x0C0A, 0x486C, 0xB8E4,
216 0x9F5D, 0xBD6E, 0x43EF, 0xC4A6, 0x39A8, 0x31A4, 0xD337, 0xF28B,
217 0xD532, 0x8B43, 0x6E59, 0xDAB7, 0x018C, 0xB164, 0x9CD2, 0x49E0,
218 0xD8B4, 0xACFA, 0xF307, 0xCF25, 0xCAAF, 0xF48E, 0x47E9, 0x1018,
219 0x6FD5, 0xF088, 0x4A6F, 0x5C72, 0x3824, 0x57F1, 0x73C7, 0x9751,
220 0xCB23, 0xA17C, 0xE89C, 0x3E21, 0x96DD, 0x61DC, 0x0D86, 0x0F85,
221 0xE090, 0x7C42, 0x71C4, 0xCCAA, 0x90D8, 0x0605, 0xF701, 0x1C12,
222 0xC2A3, 0x6A5F, 0xAEF9, 0x69D0, 0x1791, 0x9958, 0x3A27, 0x27B9,
223 0xD938, 0xEB13, 0x2BB3, 0x2233, 0xD2BB, 0xA970, 0x0789, 0x33A7,
224 0x2DB6, 0x3C22, 0x1592, 0xC920, 0x8749, 0xAAFF, 0x5078, 0xA57A,
225 0x038F, 0x59F8, 0x0980, 0x1A17, 0x65DA, 0xD731, 0x84C6, 0xD0B8,
226 0x82C3, 0x29B0, 0x5A77, 0x1E11, 0x7BCB, 0xA8FC, 0x6DD6, 0x2C3A,
229 static inline u16 _S_(u16 v)
231 u16 t = Sbox[Hi8(v)];
232 return Sbox[Lo8(v)] ^ ((t << 8) | (t >> 8));
235 #define PHASE1_LOOP_COUNT 8
237 static void tkip_mixing_phase1(u16 * TTAK, const u8 * TK, const u8 * TA,
242 /* Initialize the 80-bit TTAK from TSC (IV32) and TA[0..5] */
243 TTAK[0] = Lo16(IV32);
244 TTAK[1] = Hi16(IV32);
245 TTAK[2] = Mk16(TA[1], TA[0]);
246 TTAK[3] = Mk16(TA[3], TA[2]);
247 TTAK[4] = Mk16(TA[5], TA[4]);
249 for (i = 0; i < PHASE1_LOOP_COUNT; i++) {
251 TTAK[0] += _S_(TTAK[4] ^ Mk16(TK[1 + j], TK[0 + j]));
252 TTAK[1] += _S_(TTAK[0] ^ Mk16(TK[5 + j], TK[4 + j]));
253 TTAK[2] += _S_(TTAK[1] ^ Mk16(TK[9 + j], TK[8 + j]));
254 TTAK[3] += _S_(TTAK[2] ^ Mk16(TK[13 + j], TK[12 + j]));
255 TTAK[4] += _S_(TTAK[3] ^ Mk16(TK[1 + j], TK[0 + j])) + i;
259 static void tkip_mixing_phase2(u8 * WEPSeed, const u8 * TK, const u16 * TTAK,
262 /* Make temporary area overlap WEP seed so that the final copy can be
263 * avoided on little endian hosts. */
264 u16 *PPK = (u16 *) & WEPSeed[4];
266 /* Step 1 - make copy of TTAK and bring in TSC */
272 PPK[5] = TTAK[4] + IV16;
274 /* Step 2 - 96-bit bijective mixing using S-box */
275 PPK[0] += _S_(PPK[5] ^ Mk16_le((u16 *) & TK[0]));
276 PPK[1] += _S_(PPK[0] ^ Mk16_le((u16 *) & TK[2]));
277 PPK[2] += _S_(PPK[1] ^ Mk16_le((u16 *) & TK[4]));
278 PPK[3] += _S_(PPK[2] ^ Mk16_le((u16 *) & TK[6]));
279 PPK[4] += _S_(PPK[3] ^ Mk16_le((u16 *) & TK[8]));
280 PPK[5] += _S_(PPK[4] ^ Mk16_le((u16 *) & TK[10]));
282 PPK[0] += RotR1(PPK[5] ^ Mk16_le((u16 *) & TK[12]));
283 PPK[1] += RotR1(PPK[0] ^ Mk16_le((u16 *) & TK[14]));
284 PPK[2] += RotR1(PPK[1]);
285 PPK[3] += RotR1(PPK[2]);
286 PPK[4] += RotR1(PPK[3]);
287 PPK[5] += RotR1(PPK[4]);
289 /* Step 3 - bring in last of TK bits, assign 24-bit WEP IV value
290 * WEPSeed[0..2] is transmitted as WEP IV */
291 WEPSeed[0] = Hi8(IV16);
292 WEPSeed[1] = (Hi8(IV16) | 0x20) & 0x7F;
293 WEPSeed[2] = Lo8(IV16);
294 WEPSeed[3] = Lo8((PPK[5] ^ Mk16_le((u16 *) & TK[0])) >> 1);
299 for (i = 0; i < 6; i++)
300 PPK[i] = (PPK[i] << 8) | (PPK[i] >> 8);
305 static int ieee80211_tkip_hdr(struct sk_buff *skb, int hdr_len,
306 u8 * rc4key, int keylen, void *priv)
308 struct ieee80211_tkip_data *tkey = priv;
311 struct ieee80211_hdr_4addr *hdr;
313 hdr = (struct ieee80211_hdr_4addr *)skb->data;
315 if (skb_headroom(skb) < 8 || skb->len < hdr_len)
318 if (rc4key == NULL || keylen < 16)
321 if (!tkey->tx_phase1_done) {
322 tkip_mixing_phase1(tkey->tx_ttak, tkey->key, hdr->addr2,
324 tkey->tx_phase1_done = 1;
326 tkip_mixing_phase2(rc4key, tkey->key, tkey->tx_ttak, tkey->tx_iv16);
328 len = skb->len - hdr_len;
329 pos = skb_push(skb, 8);
330 memmove(pos, pos + 8, hdr_len);
334 *pos++ = *(rc4key + 1);
335 *pos++ = *(rc4key + 2);
336 *pos++ = (tkey->key_idx << 6) | (1 << 5) /* Ext IV included */ ;
337 *pos++ = tkey->tx_iv32 & 0xff;
338 *pos++ = (tkey->tx_iv32 >> 8) & 0xff;
339 *pos++ = (tkey->tx_iv32 >> 16) & 0xff;
340 *pos++ = (tkey->tx_iv32 >> 24) & 0xff;
343 if (tkey->tx_iv16 == 0) {
344 tkey->tx_phase1_done = 0;
351 static int ieee80211_tkip_encrypt(struct sk_buff *skb, int hdr_len, void *priv)
353 struct ieee80211_tkip_data *tkey = priv;
354 struct blkcipher_desc desc = { .tfm = tkey->tx_tfm_arc4 };
356 u8 rc4key[16], *pos, *icv;
358 struct scatterlist sg;
360 if (tkey->flags & IEEE80211_CRYPTO_TKIP_COUNTERMEASURES) {
361 if (net_ratelimit()) {
362 struct ieee80211_hdr_4addr *hdr =
363 (struct ieee80211_hdr_4addr *)skb->data;
364 printk(KERN_DEBUG ": TKIP countermeasures: dropped "
365 "TX packet to " MAC_FMT "\n",
366 MAC_ARG(hdr->addr1));
371 if (skb_tailroom(skb) < 4 || skb->len < hdr_len)
374 len = skb->len - hdr_len;
375 pos = skb->data + hdr_len;
377 if ((ieee80211_tkip_hdr(skb, hdr_len, rc4key, 16, priv)) < 0)
380 icv = skb_put(skb, 4);
382 crc = ~crc32_le(~0, pos, len);
388 crypto_blkcipher_setkey(tkey->tx_tfm_arc4, rc4key, 16);
389 sg.page = virt_to_page(pos);
390 sg.offset = offset_in_page(pos);
392 return crypto_blkcipher_encrypt(&desc, &sg, &sg, len + 4);
395 static int ieee80211_tkip_decrypt(struct sk_buff *skb, int hdr_len, void *priv)
397 struct ieee80211_tkip_data *tkey = priv;
398 struct blkcipher_desc desc = { .tfm = tkey->rx_tfm_arc4 };
403 struct ieee80211_hdr_4addr *hdr;
406 struct scatterlist sg;
409 hdr = (struct ieee80211_hdr_4addr *)skb->data;
411 if (tkey->flags & IEEE80211_CRYPTO_TKIP_COUNTERMEASURES) {
412 if (net_ratelimit()) {
413 printk(KERN_DEBUG ": TKIP countermeasures: dropped "
414 "received packet from " MAC_FMT "\n",
415 MAC_ARG(hdr->addr2));
420 if (skb->len < hdr_len + 8 + 4)
423 pos = skb->data + hdr_len;
425 if (!(keyidx & (1 << 5))) {
426 if (net_ratelimit()) {
427 printk(KERN_DEBUG "TKIP: received packet without ExtIV"
428 " flag from " MAC_FMT "\n", MAC_ARG(hdr->addr2));
433 if (tkey->key_idx != keyidx) {
434 printk(KERN_DEBUG "TKIP: RX tkey->key_idx=%d frame "
435 "keyidx=%d priv=%p\n", tkey->key_idx, keyidx, priv);
438 if (!tkey->key_set) {
439 if (net_ratelimit()) {
440 printk(KERN_DEBUG "TKIP: received packet from " MAC_FMT
441 " with keyid=%d that does not have a configured"
442 " key\n", MAC_ARG(hdr->addr2), keyidx);
446 iv16 = (pos[0] << 8) | pos[2];
447 iv32 = pos[4] | (pos[5] << 8) | (pos[6] << 16) | (pos[7] << 24);
450 if (tkip_replay_check(iv32, iv16, tkey->rx_iv32, tkey->rx_iv16)) {
451 if (net_ratelimit()) {
452 printk(KERN_DEBUG "TKIP: replay detected: STA=" MAC_FMT
453 " previous TSC %08x%04x received TSC "
454 "%08x%04x\n", MAC_ARG(hdr->addr2),
455 tkey->rx_iv32, tkey->rx_iv16, iv32, iv16);
457 tkey->dot11RSNAStatsTKIPReplays++;
461 if (iv32 != tkey->rx_iv32 || !tkey->rx_phase1_done) {
462 tkip_mixing_phase1(tkey->rx_ttak, tkey->key, hdr->addr2, iv32);
463 tkey->rx_phase1_done = 1;
465 tkip_mixing_phase2(rc4key, tkey->key, tkey->rx_ttak, iv16);
467 plen = skb->len - hdr_len - 12;
469 crypto_blkcipher_setkey(tkey->rx_tfm_arc4, rc4key, 16);
470 sg.page = virt_to_page(pos);
471 sg.offset = offset_in_page(pos);
472 sg.length = plen + 4;
473 if (crypto_blkcipher_decrypt(&desc, &sg, &sg, plen + 4)) {
474 if (net_ratelimit()) {
475 printk(KERN_DEBUG ": TKIP: failed to decrypt "
476 "received packet from " MAC_FMT "\n",
477 MAC_ARG(hdr->addr2));
482 crc = ~crc32_le(~0, pos, plen);
487 if (memcmp(icv, pos + plen, 4) != 0) {
488 if (iv32 != tkey->rx_iv32) {
489 /* Previously cached Phase1 result was already lost, so
490 * it needs to be recalculated for the next packet. */
491 tkey->rx_phase1_done = 0;
493 if (net_ratelimit()) {
494 printk(KERN_DEBUG "TKIP: ICV error detected: STA="
495 MAC_FMT "\n", MAC_ARG(hdr->addr2));
497 tkey->dot11RSNAStatsTKIPICVErrors++;
501 /* Update real counters only after Michael MIC verification has
503 tkey->rx_iv32_new = iv32;
504 tkey->rx_iv16_new = iv16;
506 /* Remove IV and ICV */
507 memmove(skb->data + 8, skb->data, hdr_len);
509 skb_trim(skb, skb->len - 4);
514 static int michael_mic(struct crypto_hash *tfm_michael, u8 * key, u8 * hdr,
515 u8 * data, size_t data_len, u8 * mic)
517 struct hash_desc desc;
518 struct scatterlist sg[2];
520 if (tfm_michael == NULL) {
521 printk(KERN_WARNING "michael_mic: tfm_michael == NULL\n");
524 sg[0].page = virt_to_page(hdr);
525 sg[0].offset = offset_in_page(hdr);
528 sg[1].page = virt_to_page(data);
529 sg[1].offset = offset_in_page(data);
530 sg[1].length = data_len;
532 if (crypto_hash_setkey(tfm_michael, key, 8))
535 desc.tfm = tfm_michael;
537 return crypto_hash_digest(&desc, sg, data_len + 16, mic);
540 static void michael_mic_hdr(struct sk_buff *skb, u8 * hdr)
542 struct ieee80211_hdr_4addr *hdr11;
545 hdr11 = (struct ieee80211_hdr_4addr *)skb->data;
546 stype = WLAN_FC_GET_STYPE(le16_to_cpu(hdr11->frame_ctl));
548 switch (le16_to_cpu(hdr11->frame_ctl) &
549 (IEEE80211_FCTL_FROMDS | IEEE80211_FCTL_TODS)) {
550 case IEEE80211_FCTL_TODS:
551 memcpy(hdr, hdr11->addr3, ETH_ALEN); /* DA */
552 memcpy(hdr + ETH_ALEN, hdr11->addr2, ETH_ALEN); /* SA */
554 case IEEE80211_FCTL_FROMDS:
555 memcpy(hdr, hdr11->addr1, ETH_ALEN); /* DA */
556 memcpy(hdr + ETH_ALEN, hdr11->addr3, ETH_ALEN); /* SA */
558 case IEEE80211_FCTL_FROMDS | IEEE80211_FCTL_TODS:
559 memcpy(hdr, hdr11->addr3, ETH_ALEN); /* DA */
560 memcpy(hdr + ETH_ALEN, hdr11->addr4, ETH_ALEN); /* SA */
563 memcpy(hdr, hdr11->addr1, ETH_ALEN); /* DA */
564 memcpy(hdr + ETH_ALEN, hdr11->addr2, ETH_ALEN); /* SA */
568 if (stype & IEEE80211_STYPE_QOS_DATA) {
569 const struct ieee80211_hdr_3addrqos *qoshdr =
570 (struct ieee80211_hdr_3addrqos *)skb->data;
571 hdr[12] = qoshdr->qos_ctl & cpu_to_le16(IEEE80211_QCTL_TID);
573 hdr[12] = 0; /* priority */
575 hdr[13] = hdr[14] = hdr[15] = 0; /* reserved */
578 static int ieee80211_michael_mic_add(struct sk_buff *skb, int hdr_len,
581 struct ieee80211_tkip_data *tkey = priv;
584 if (skb_tailroom(skb) < 8 || skb->len < hdr_len) {
585 printk(KERN_DEBUG "Invalid packet for Michael MIC add "
586 "(tailroom=%d hdr_len=%d skb->len=%d)\n",
587 skb_tailroom(skb), hdr_len, skb->len);
591 michael_mic_hdr(skb, tkey->tx_hdr);
592 pos = skb_put(skb, 8);
593 if (michael_mic(tkey->tx_tfm_michael, &tkey->key[16], tkey->tx_hdr,
594 skb->data + hdr_len, skb->len - 8 - hdr_len, pos))
600 static void ieee80211_michael_mic_failure(struct net_device *dev,
601 struct ieee80211_hdr_4addr *hdr,
604 union iwreq_data wrqu;
605 struct iw_michaelmicfailure ev;
607 /* TODO: needed parameters: count, keyid, key type, TSC */
608 memset(&ev, 0, sizeof(ev));
609 ev.flags = keyidx & IW_MICFAILURE_KEY_ID;
610 if (hdr->addr1[0] & 0x01)
611 ev.flags |= IW_MICFAILURE_GROUP;
613 ev.flags |= IW_MICFAILURE_PAIRWISE;
614 ev.src_addr.sa_family = ARPHRD_ETHER;
615 memcpy(ev.src_addr.sa_data, hdr->addr2, ETH_ALEN);
616 memset(&wrqu, 0, sizeof(wrqu));
617 wrqu.data.length = sizeof(ev);
618 wireless_send_event(dev, IWEVMICHAELMICFAILURE, &wrqu, (char *)&ev);
621 static int ieee80211_michael_mic_verify(struct sk_buff *skb, int keyidx,
622 int hdr_len, void *priv)
624 struct ieee80211_tkip_data *tkey = priv;
630 michael_mic_hdr(skb, tkey->rx_hdr);
631 if (michael_mic(tkey->rx_tfm_michael, &tkey->key[24], tkey->rx_hdr,
632 skb->data + hdr_len, skb->len - 8 - hdr_len, mic))
634 if (memcmp(mic, skb->data + skb->len - 8, 8) != 0) {
635 struct ieee80211_hdr_4addr *hdr;
636 hdr = (struct ieee80211_hdr_4addr *)skb->data;
637 printk(KERN_DEBUG "%s: Michael MIC verification failed for "
638 "MSDU from " MAC_FMT " keyidx=%d\n",
639 skb->dev ? skb->dev->name : "N/A", MAC_ARG(hdr->addr2),
642 ieee80211_michael_mic_failure(skb->dev, hdr, keyidx);
643 tkey->dot11RSNAStatsTKIPLocalMICFailures++;
647 /* Update TSC counters for RX now that the packet verification has
649 tkey->rx_iv32 = tkey->rx_iv32_new;
650 tkey->rx_iv16 = tkey->rx_iv16_new;
652 skb_trim(skb, skb->len - 8);
657 static int ieee80211_tkip_set_key(void *key, int len, u8 * seq, void *priv)
659 struct ieee80211_tkip_data *tkey = priv;
661 struct crypto_hash *tfm = tkey->tx_tfm_michael;
662 struct crypto_blkcipher *tfm2 = tkey->tx_tfm_arc4;
663 struct crypto_hash *tfm3 = tkey->rx_tfm_michael;
664 struct crypto_blkcipher *tfm4 = tkey->rx_tfm_arc4;
666 keyidx = tkey->key_idx;
667 memset(tkey, 0, sizeof(*tkey));
668 tkey->key_idx = keyidx;
669 tkey->tx_tfm_michael = tfm;
670 tkey->tx_tfm_arc4 = tfm2;
671 tkey->rx_tfm_michael = tfm3;
672 tkey->rx_tfm_arc4 = tfm4;
673 if (len == TKIP_KEY_LEN) {
674 memcpy(tkey->key, key, TKIP_KEY_LEN);
676 tkey->tx_iv16 = 1; /* TSC is initialized to 1 */
678 tkey->rx_iv32 = (seq[5] << 24) | (seq[4] << 16) |
679 (seq[3] << 8) | seq[2];
680 tkey->rx_iv16 = (seq[1] << 8) | seq[0];
690 static int ieee80211_tkip_get_key(void *key, int len, u8 * seq, void *priv)
692 struct ieee80211_tkip_data *tkey = priv;
694 if (len < TKIP_KEY_LEN)
699 memcpy(key, tkey->key, TKIP_KEY_LEN);
702 /* Return the sequence number of the last transmitted frame. */
703 u16 iv16 = tkey->tx_iv16;
704 u32 iv32 = tkey->tx_iv32;
708 seq[0] = tkey->tx_iv16;
709 seq[1] = tkey->tx_iv16 >> 8;
710 seq[2] = tkey->tx_iv32;
711 seq[3] = tkey->tx_iv32 >> 8;
712 seq[4] = tkey->tx_iv32 >> 16;
713 seq[5] = tkey->tx_iv32 >> 24;
719 static char *ieee80211_tkip_print_stats(char *p, void *priv)
721 struct ieee80211_tkip_data *tkip = priv;
722 p += sprintf(p, "key[%d] alg=TKIP key_set=%d "
723 "tx_pn=%02x%02x%02x%02x%02x%02x "
724 "rx_pn=%02x%02x%02x%02x%02x%02x "
725 "replays=%d icv_errors=%d local_mic_failures=%d\n",
726 tkip->key_idx, tkip->key_set,
727 (tkip->tx_iv32 >> 24) & 0xff,
728 (tkip->tx_iv32 >> 16) & 0xff,
729 (tkip->tx_iv32 >> 8) & 0xff,
730 tkip->tx_iv32 & 0xff,
731 (tkip->tx_iv16 >> 8) & 0xff,
732 tkip->tx_iv16 & 0xff,
733 (tkip->rx_iv32 >> 24) & 0xff,
734 (tkip->rx_iv32 >> 16) & 0xff,
735 (tkip->rx_iv32 >> 8) & 0xff,
736 tkip->rx_iv32 & 0xff,
737 (tkip->rx_iv16 >> 8) & 0xff,
738 tkip->rx_iv16 & 0xff,
739 tkip->dot11RSNAStatsTKIPReplays,
740 tkip->dot11RSNAStatsTKIPICVErrors,
741 tkip->dot11RSNAStatsTKIPLocalMICFailures);
745 static struct ieee80211_crypto_ops ieee80211_crypt_tkip = {
747 .init = ieee80211_tkip_init,
748 .deinit = ieee80211_tkip_deinit,
749 .build_iv = ieee80211_tkip_hdr,
750 .encrypt_mpdu = ieee80211_tkip_encrypt,
751 .decrypt_mpdu = ieee80211_tkip_decrypt,
752 .encrypt_msdu = ieee80211_michael_mic_add,
753 .decrypt_msdu = ieee80211_michael_mic_verify,
754 .set_key = ieee80211_tkip_set_key,
755 .get_key = ieee80211_tkip_get_key,
756 .print_stats = ieee80211_tkip_print_stats,
757 .extra_mpdu_prefix_len = 4 + 4, /* IV + ExtIV */
758 .extra_mpdu_postfix_len = 4, /* ICV */
759 .extra_msdu_postfix_len = 8, /* MIC */
760 .get_flags = ieee80211_tkip_get_flags,
761 .set_flags = ieee80211_tkip_set_flags,
762 .owner = THIS_MODULE,
765 static int __init ieee80211_crypto_tkip_init(void)
767 return ieee80211_register_crypto_ops(&ieee80211_crypt_tkip);
770 static void __exit ieee80211_crypto_tkip_exit(void)
772 ieee80211_unregister_crypto_ops(&ieee80211_crypt_tkip);
775 module_init(ieee80211_crypto_tkip_init);
776 module_exit(ieee80211_crypto_tkip_exit);