1 // SPDX-License-Identifier: GPL-2.0
2 /*
3 * Host AP crypt: host-based TKIP encryption implementation for Host AP driver
4 *
5 * Copyright (c) 2003-2004, Jouni Malinen <jkmaline@cc.hut.fi>
6 */
7
8 #include <crypto/arc4.h>
9 #include <crypto/hash.h>
10 #include <linux/fips.h>
11 #include <linux/module.h>
12 #include <linux/init.h>
13 #include <linux/slab.h>
14 #include <linux/random.h>
15 #include <linux/skbuff.h>
16 #include <linux/netdevice.h>
17 #include <linux/if_ether.h>
18 #include <linux/if_arp.h>
19 #include <linux/string.h>
20 #include <linux/crc32.h>
21 #include <linux/etherdevice.h>
22
23 #include "rtllib.h"
24
25 struct rtllib_tkip_data {
26 #define TKIP_KEY_LEN 32
27 u8 key[TKIP_KEY_LEN];
28 int key_set;
29
30 u32 tx_iv32;
31 u16 tx_iv16;
32 u16 tx_ttak[5];
33 int tx_phase1_done;
34
35 u32 rx_iv32;
36 u16 rx_iv16;
37 bool initialized;
38 u16 rx_ttak[5];
39 int rx_phase1_done;
40 u32 rx_iv32_new;
41 u16 rx_iv16_new;
42
43 u32 dot11RSNAStatsTKIPReplays;
44 u32 dot11RSNAStatsTKIPICVErrors;
45 u32 dot11RSNAStatsTKIPLocalMICFailures;
46
47 int key_idx;
48 struct arc4_ctx rx_ctx_arc4;
49 struct arc4_ctx tx_ctx_arc4;
50 struct crypto_shash *rx_tfm_michael;
51 struct crypto_shash *tx_tfm_michael;
52 /* scratch buffers for virt_to_page() (crypto API) */
53 u8 rx_hdr[16];
54 u8 tx_hdr[16];
55 };
56
rtllib_tkip_init(int key_idx)57 static void *rtllib_tkip_init(int key_idx)
58 {
59 struct rtllib_tkip_data *priv;
60
61 if (fips_enabled)
62 return NULL;
63
64 priv = kzalloc(sizeof(*priv), GFP_ATOMIC);
65 if (priv == NULL)
66 goto fail;
67 priv->key_idx = key_idx;
68
69 priv->tx_tfm_michael = crypto_alloc_shash("michael_mic", 0, 0);
70 if (IS_ERR(priv->tx_tfm_michael)) {
71 pr_debug("Could not allocate crypto API michael_mic\n");
72 priv->tx_tfm_michael = NULL;
73 goto fail;
74 }
75
76 priv->rx_tfm_michael = crypto_alloc_shash("michael_mic", 0, 0);
77 if (IS_ERR(priv->rx_tfm_michael)) {
78 pr_debug("Could not allocate crypto API michael_mic\n");
79 priv->rx_tfm_michael = NULL;
80 goto fail;
81 }
82 return priv;
83
84 fail:
85 if (priv) {
86 crypto_free_shash(priv->tx_tfm_michael);
87 crypto_free_shash(priv->rx_tfm_michael);
88 kfree(priv);
89 }
90
91 return NULL;
92 }
93
94
rtllib_tkip_deinit(void * priv)95 static void rtllib_tkip_deinit(void *priv)
96 {
97 struct rtllib_tkip_data *_priv = priv;
98
99 if (_priv) {
100 crypto_free_shash(_priv->tx_tfm_michael);
101 crypto_free_shash(_priv->rx_tfm_michael);
102 }
103 kfree_sensitive(priv);
104 }
105
106
RotR1(u16 val)107 static inline u16 RotR1(u16 val)
108 {
109 return (val >> 1) | (val << 15);
110 }
111
112
Lo8(u16 val)113 static inline u8 Lo8(u16 val)
114 {
115 return val & 0xff;
116 }
117
118
Hi8(u16 val)119 static inline u8 Hi8(u16 val)
120 {
121 return val >> 8;
122 }
123
124
Lo16(u32 val)125 static inline u16 Lo16(u32 val)
126 {
127 return val & 0xffff;
128 }
129
130
Hi16(u32 val)131 static inline u16 Hi16(u32 val)
132 {
133 return val >> 16;
134 }
135
136
Mk16(u8 hi,u8 lo)137 static inline u16 Mk16(u8 hi, u8 lo)
138 {
139 return lo | (((u16) hi) << 8);
140 }
141
142
Mk16_le(u16 * v)143 static inline u16 Mk16_le(u16 *v)
144 {
145 return *v;
146 }
147
148
149 static const u16 Sbox[256] = {
150 0xC6A5, 0xF884, 0xEE99, 0xF68D, 0xFF0D, 0xD6BD, 0xDEB1, 0x9154,
151 0x6050, 0x0203, 0xCEA9, 0x567D, 0xE719, 0xB562, 0x4DE6, 0xEC9A,
152 0x8F45, 0x1F9D, 0x8940, 0xFA87, 0xEF15, 0xB2EB, 0x8EC9, 0xFB0B,
153 0x41EC, 0xB367, 0x5FFD, 0x45EA, 0x23BF, 0x53F7, 0xE496, 0x9B5B,
154 0x75C2, 0xE11C, 0x3DAE, 0x4C6A, 0x6C5A, 0x7E41, 0xF502, 0x834F,
155 0x685C, 0x51F4, 0xD134, 0xF908, 0xE293, 0xAB73, 0x6253, 0x2A3F,
156 0x080C, 0x9552, 0x4665, 0x9D5E, 0x3028, 0x37A1, 0x0A0F, 0x2FB5,
157 0x0E09, 0x2436, 0x1B9B, 0xDF3D, 0xCD26, 0x4E69, 0x7FCD, 0xEA9F,
158 0x121B, 0x1D9E, 0x5874, 0x342E, 0x362D, 0xDCB2, 0xB4EE, 0x5BFB,
159 0xA4F6, 0x764D, 0xB761, 0x7DCE, 0x527B, 0xDD3E, 0x5E71, 0x1397,
160 0xA6F5, 0xB968, 0x0000, 0xC12C, 0x4060, 0xE31F, 0x79C8, 0xB6ED,
161 0xD4BE, 0x8D46, 0x67D9, 0x724B, 0x94DE, 0x98D4, 0xB0E8, 0x854A,
162 0xBB6B, 0xC52A, 0x4FE5, 0xED16, 0x86C5, 0x9AD7, 0x6655, 0x1194,
163 0x8ACF, 0xE910, 0x0406, 0xFE81, 0xA0F0, 0x7844, 0x25BA, 0x4BE3,
164 0xA2F3, 0x5DFE, 0x80C0, 0x058A, 0x3FAD, 0x21BC, 0x7048, 0xF104,
165 0x63DF, 0x77C1, 0xAF75, 0x4263, 0x2030, 0xE51A, 0xFD0E, 0xBF6D,
166 0x814C, 0x1814, 0x2635, 0xC32F, 0xBEE1, 0x35A2, 0x88CC, 0x2E39,
167 0x9357, 0x55F2, 0xFC82, 0x7A47, 0xC8AC, 0xBAE7, 0x322B, 0xE695,
168 0xC0A0, 0x1998, 0x9ED1, 0xA37F, 0x4466, 0x547E, 0x3BAB, 0x0B83,
169 0x8CCA, 0xC729, 0x6BD3, 0x283C, 0xA779, 0xBCE2, 0x161D, 0xAD76,
170 0xDB3B, 0x6456, 0x744E, 0x141E, 0x92DB, 0x0C0A, 0x486C, 0xB8E4,
171 0x9F5D, 0xBD6E, 0x43EF, 0xC4A6, 0x39A8, 0x31A4, 0xD337, 0xF28B,
172 0xD532, 0x8B43, 0x6E59, 0xDAB7, 0x018C, 0xB164, 0x9CD2, 0x49E0,
173 0xD8B4, 0xACFA, 0xF307, 0xCF25, 0xCAAF, 0xF48E, 0x47E9, 0x1018,
174 0x6FD5, 0xF088, 0x4A6F, 0x5C72, 0x3824, 0x57F1, 0x73C7, 0x9751,
175 0xCB23, 0xA17C, 0xE89C, 0x3E21, 0x96DD, 0x61DC, 0x0D86, 0x0F85,
176 0xE090, 0x7C42, 0x71C4, 0xCCAA, 0x90D8, 0x0605, 0xF701, 0x1C12,
177 0xC2A3, 0x6A5F, 0xAEF9, 0x69D0, 0x1791, 0x9958, 0x3A27, 0x27B9,
178 0xD938, 0xEB13, 0x2BB3, 0x2233, 0xD2BB, 0xA970, 0x0789, 0x33A7,
179 0x2DB6, 0x3C22, 0x1592, 0xC920, 0x8749, 0xAAFF, 0x5078, 0xA57A,
180 0x038F, 0x59F8, 0x0980, 0x1A17, 0x65DA, 0xD731, 0x84C6, 0xD0B8,
181 0x82C3, 0x29B0, 0x5A77, 0x1E11, 0x7BCB, 0xA8FC, 0x6DD6, 0x2C3A,
182 };
183
184
_S_(u16 v)185 static inline u16 _S_(u16 v)
186 {
187 u16 t = Sbox[Hi8(v)];
188 return Sbox[Lo8(v)] ^ ((t << 8) | (t >> 8));
189 }
190
191
192 #define PHASE1_LOOP_COUNT 8
193
194
tkip_mixing_phase1(u16 * TTAK,const u8 * TK,const u8 * TA,u32 IV32)195 static void tkip_mixing_phase1(u16 *TTAK, const u8 *TK, const u8 *TA, u32 IV32)
196 {
197 int i, j;
198
199 /* Initialize the 80-bit TTAK from TSC (IV32) and TA[0..5] */
200 TTAK[0] = Lo16(IV32);
201 TTAK[1] = Hi16(IV32);
202 TTAK[2] = Mk16(TA[1], TA[0]);
203 TTAK[3] = Mk16(TA[3], TA[2]);
204 TTAK[4] = Mk16(TA[5], TA[4]);
205
206 for (i = 0; i < PHASE1_LOOP_COUNT; i++) {
207 j = 2 * (i & 1);
208 TTAK[0] += _S_(TTAK[4] ^ Mk16(TK[1 + j], TK[0 + j]));
209 TTAK[1] += _S_(TTAK[0] ^ Mk16(TK[5 + j], TK[4 + j]));
210 TTAK[2] += _S_(TTAK[1] ^ Mk16(TK[9 + j], TK[8 + j]));
211 TTAK[3] += _S_(TTAK[2] ^ Mk16(TK[13 + j], TK[12 + j]));
212 TTAK[4] += _S_(TTAK[3] ^ Mk16(TK[1 + j], TK[0 + j])) + i;
213 }
214 }
215
216
tkip_mixing_phase2(u8 * WEPSeed,const u8 * TK,const u16 * TTAK,u16 IV16)217 static void tkip_mixing_phase2(u8 *WEPSeed, const u8 *TK, const u16 *TTAK,
218 u16 IV16)
219 {
220 /* Make temporary area overlap WEP seed so that the final copy can be
221 * avoided on little endian hosts.
222 */
223 u16 *PPK = (u16 *) &WEPSeed[4];
224
225 /* Step 1 - make copy of TTAK and bring in TSC */
226 PPK[0] = TTAK[0];
227 PPK[1] = TTAK[1];
228 PPK[2] = TTAK[2];
229 PPK[3] = TTAK[3];
230 PPK[4] = TTAK[4];
231 PPK[5] = TTAK[4] + IV16;
232
233 /* Step 2 - 96-bit bijective mixing using S-box */
234 PPK[0] += _S_(PPK[5] ^ Mk16_le((u16 *) &TK[0]));
235 PPK[1] += _S_(PPK[0] ^ Mk16_le((u16 *) &TK[2]));
236 PPK[2] += _S_(PPK[1] ^ Mk16_le((u16 *) &TK[4]));
237 PPK[3] += _S_(PPK[2] ^ Mk16_le((u16 *) &TK[6]));
238 PPK[4] += _S_(PPK[3] ^ Mk16_le((u16 *) &TK[8]));
239 PPK[5] += _S_(PPK[4] ^ Mk16_le((u16 *) &TK[10]));
240
241 PPK[0] += RotR1(PPK[5] ^ Mk16_le((u16 *) &TK[12]));
242 PPK[1] += RotR1(PPK[0] ^ Mk16_le((u16 *) &TK[14]));
243 PPK[2] += RotR1(PPK[1]);
244 PPK[3] += RotR1(PPK[2]);
245 PPK[4] += RotR1(PPK[3]);
246 PPK[5] += RotR1(PPK[4]);
247
248 /* Step 3 - bring in last of TK bits, assign 24-bit WEP IV value
249 * WEPSeed[0..2] is transmitted as WEP IV
250 */
251 WEPSeed[0] = Hi8(IV16);
252 WEPSeed[1] = (Hi8(IV16) | 0x20) & 0x7F;
253 WEPSeed[2] = Lo8(IV16);
254 WEPSeed[3] = Lo8((PPK[5] ^ Mk16_le((u16 *) &TK[0])) >> 1);
255
256 #ifdef __BIG_ENDIAN
257 {
258 int i;
259
260 for (i = 0; i < 6; i++)
261 PPK[i] = (PPK[i] << 8) | (PPK[i] >> 8);
262 }
263 #endif
264 }
265
266
rtllib_tkip_encrypt(struct sk_buff * skb,int hdr_len,void * priv)267 static int rtllib_tkip_encrypt(struct sk_buff *skb, int hdr_len, void *priv)
268 {
269 struct rtllib_tkip_data *tkey = priv;
270 int len;
271 u8 *pos;
272 struct rtllib_hdr_4addr *hdr;
273 struct cb_desc *tcb_desc = (struct cb_desc *)(skb->cb +
274 MAX_DEV_ADDR_SIZE);
275 int ret = 0;
276 u8 rc4key[16], *icv;
277 u32 crc;
278
279 if (skb_headroom(skb) < 8 || skb_tailroom(skb) < 4 ||
280 skb->len < hdr_len)
281 return -1;
282
283 hdr = (struct rtllib_hdr_4addr *) skb->data;
284
285 if (!tcb_desc->bHwSec) {
286 if (!tkey->tx_phase1_done) {
287 tkip_mixing_phase1(tkey->tx_ttak, tkey->key, hdr->addr2,
288 tkey->tx_iv32);
289 tkey->tx_phase1_done = 1;
290 }
291 tkip_mixing_phase2(rc4key, tkey->key, tkey->tx_ttak,
292 tkey->tx_iv16);
293 } else
294 tkey->tx_phase1_done = 1;
295
296
297 len = skb->len - hdr_len;
298 pos = skb_push(skb, 8);
299 memmove(pos, pos + 8, hdr_len);
300 pos += hdr_len;
301
302 if (tcb_desc->bHwSec) {
303 *pos++ = Hi8(tkey->tx_iv16);
304 *pos++ = (Hi8(tkey->tx_iv16) | 0x20) & 0x7F;
305 *pos++ = Lo8(tkey->tx_iv16);
306 } else {
307 *pos++ = rc4key[0];
308 *pos++ = rc4key[1];
309 *pos++ = rc4key[2];
310 }
311
312 *pos++ = (tkey->key_idx << 6) | (1 << 5) /* Ext IV included */;
313 *pos++ = tkey->tx_iv32 & 0xff;
314 *pos++ = (tkey->tx_iv32 >> 8) & 0xff;
315 *pos++ = (tkey->tx_iv32 >> 16) & 0xff;
316 *pos++ = (tkey->tx_iv32 >> 24) & 0xff;
317
318 if (!tcb_desc->bHwSec) {
319 icv = skb_put(skb, 4);
320 crc = ~crc32_le(~0, pos, len);
321 icv[0] = crc;
322 icv[1] = crc >> 8;
323 icv[2] = crc >> 16;
324 icv[3] = crc >> 24;
325
326 arc4_setkey(&tkey->tx_ctx_arc4, rc4key, 16);
327 arc4_crypt(&tkey->tx_ctx_arc4, pos, pos, len + 4);
328 }
329
330 tkey->tx_iv16++;
331 if (tkey->tx_iv16 == 0) {
332 tkey->tx_phase1_done = 0;
333 tkey->tx_iv32++;
334 }
335
336 if (!tcb_desc->bHwSec)
337 return ret;
338 return 0;
339
340
341 }
342
rtllib_tkip_decrypt(struct sk_buff * skb,int hdr_len,void * priv)343 static int rtllib_tkip_decrypt(struct sk_buff *skb, int hdr_len, void *priv)
344 {
345 struct rtllib_tkip_data *tkey = priv;
346 u8 keyidx, *pos;
347 u32 iv32;
348 u16 iv16;
349 struct rtllib_hdr_4addr *hdr;
350 struct cb_desc *tcb_desc = (struct cb_desc *)(skb->cb +
351 MAX_DEV_ADDR_SIZE);
352 u8 rc4key[16];
353 u8 icv[4];
354 u32 crc;
355 int plen;
356
357 if (skb->len < hdr_len + 8 + 4)
358 return -1;
359
360 hdr = (struct rtllib_hdr_4addr *) skb->data;
361 pos = skb->data + hdr_len;
362 keyidx = pos[3];
363 if (!(keyidx & (1 << 5))) {
364 if (net_ratelimit()) {
365 netdev_dbg(skb->dev,
366 "Received packet without ExtIV flag from %pM\n",
367 hdr->addr2);
368 }
369 return -2;
370 }
371 keyidx >>= 6;
372 if (tkey->key_idx != keyidx) {
373 netdev_dbg(skb->dev,
374 "RX tkey->key_idx=%d frame keyidx=%d priv=%p\n",
375 tkey->key_idx, keyidx, priv);
376 return -6;
377 }
378 if (!tkey->key_set) {
379 if (net_ratelimit()) {
380 netdev_dbg(skb->dev,
381 "Received packet from %pM with keyid=%d that does not have a configured key\n",
382 hdr->addr2, keyidx);
383 }
384 return -3;
385 }
386 iv16 = (pos[0] << 8) | pos[2];
387 iv32 = pos[4] | (pos[5] << 8) | (pos[6] << 16) | (pos[7] << 24);
388 pos += 8;
389
390 if (!tcb_desc->bHwSec || (skb->cb[0] == 1)) {
391 if ((iv32 < tkey->rx_iv32 ||
392 (iv32 == tkey->rx_iv32 && iv16 <= tkey->rx_iv16)) &&
393 tkey->initialized) {
394 if (net_ratelimit()) {
395 netdev_dbg(skb->dev,
396 "Replay detected: STA= %pM previous TSC %08x%04x received TSC %08x%04x\n",
397 hdr->addr2, tkey->rx_iv32,
398 tkey->rx_iv16, iv32, iv16);
399 }
400 tkey->dot11RSNAStatsTKIPReplays++;
401 return -4;
402 }
403 tkey->initialized = true;
404
405 if (iv32 != tkey->rx_iv32 || !tkey->rx_phase1_done) {
406 tkip_mixing_phase1(tkey->rx_ttak, tkey->key,
407 hdr->addr2, iv32);
408 tkey->rx_phase1_done = 1;
409 }
410 tkip_mixing_phase2(rc4key, tkey->key, tkey->rx_ttak, iv16);
411
412 plen = skb->len - hdr_len - 12;
413
414 arc4_setkey(&tkey->rx_ctx_arc4, rc4key, 16);
415 arc4_crypt(&tkey->rx_ctx_arc4, pos, pos, plen + 4);
416
417 crc = ~crc32_le(~0, pos, plen);
418 icv[0] = crc;
419 icv[1] = crc >> 8;
420 icv[2] = crc >> 16;
421 icv[3] = crc >> 24;
422
423 if (memcmp(icv, pos + plen, 4) != 0) {
424 if (iv32 != tkey->rx_iv32) {
425 /* Previously cached Phase1 result was already
426 * lost, so it needs to be recalculated for the
427 * next packet.
428 */
429 tkey->rx_phase1_done = 0;
430 }
431 if (net_ratelimit()) {
432 netdev_dbg(skb->dev,
433 "ICV error detected: STA= %pM\n",
434 hdr->addr2);
435 }
436 tkey->dot11RSNAStatsTKIPICVErrors++;
437 return -5;
438 }
439
440 }
441
442 /* Update real counters only after Michael MIC verification has
443 * completed
444 */
445 tkey->rx_iv32_new = iv32;
446 tkey->rx_iv16_new = iv16;
447
448 /* Remove IV and ICV */
449 memmove(skb->data + 8, skb->data, hdr_len);
450 skb_pull(skb, 8);
451 skb_trim(skb, skb->len - 4);
452
453 return keyidx;
454 }
455
456
michael_mic(struct crypto_shash * tfm_michael,u8 * key,u8 * hdr,u8 * data,size_t data_len,u8 * mic)457 static int michael_mic(struct crypto_shash *tfm_michael, u8 *key, u8 *hdr,
458 u8 *data, size_t data_len, u8 *mic)
459 {
460 SHASH_DESC_ON_STACK(desc, tfm_michael);
461 int err;
462
463 desc->tfm = tfm_michael;
464
465 if (crypto_shash_setkey(tfm_michael, key, 8))
466 return -1;
467
468 err = crypto_shash_init(desc);
469 if (err)
470 goto out;
471 err = crypto_shash_update(desc, hdr, 16);
472 if (err)
473 goto out;
474 err = crypto_shash_update(desc, data, data_len);
475 if (err)
476 goto out;
477 err = crypto_shash_final(desc, mic);
478
479 out:
480 shash_desc_zero(desc);
481 return err;
482 }
483
michael_mic_hdr(struct sk_buff * skb,u8 * hdr)484 static void michael_mic_hdr(struct sk_buff *skb, u8 *hdr)
485 {
486 struct rtllib_hdr_4addr *hdr11;
487
488 hdr11 = (struct rtllib_hdr_4addr *) skb->data;
489 switch (le16_to_cpu(hdr11->frame_ctl) &
490 (RTLLIB_FCTL_FROMDS | RTLLIB_FCTL_TODS)) {
491 case RTLLIB_FCTL_TODS:
492 ether_addr_copy(hdr, hdr11->addr3); /* DA */
493 ether_addr_copy(hdr + ETH_ALEN, hdr11->addr2); /* SA */
494 break;
495 case RTLLIB_FCTL_FROMDS:
496 ether_addr_copy(hdr, hdr11->addr1); /* DA */
497 ether_addr_copy(hdr + ETH_ALEN, hdr11->addr3); /* SA */
498 break;
499 case RTLLIB_FCTL_FROMDS | RTLLIB_FCTL_TODS:
500 ether_addr_copy(hdr, hdr11->addr3); /* DA */
501 ether_addr_copy(hdr + ETH_ALEN, hdr11->addr4); /* SA */
502 break;
503 case 0:
504 ether_addr_copy(hdr, hdr11->addr1); /* DA */
505 ether_addr_copy(hdr + ETH_ALEN, hdr11->addr2); /* SA */
506 break;
507 }
508
509 hdr[12] = 0; /* priority */
510
511 hdr[13] = hdr[14] = hdr[15] = 0; /* reserved */
512 }
513
514
rtllib_michael_mic_add(struct sk_buff * skb,int hdr_len,void * priv)515 static int rtllib_michael_mic_add(struct sk_buff *skb, int hdr_len, void *priv)
516 {
517 struct rtllib_tkip_data *tkey = priv;
518 u8 *pos;
519 struct rtllib_hdr_4addr *hdr;
520
521 hdr = (struct rtllib_hdr_4addr *) skb->data;
522
523 if (skb_tailroom(skb) < 8 || skb->len < hdr_len) {
524 netdev_dbg(skb->dev,
525 "Invalid packet for Michael MIC add (tailroom=%d hdr_len=%d skb->len=%d)\n",
526 skb_tailroom(skb), hdr_len, skb->len);
527 return -1;
528 }
529
530 michael_mic_hdr(skb, tkey->tx_hdr);
531
532 if (RTLLIB_QOS_HAS_SEQ(le16_to_cpu(hdr->frame_ctl)))
533 tkey->tx_hdr[12] = *(skb->data + hdr_len - 2) & 0x07;
534 pos = skb_put(skb, 8);
535 if (michael_mic(tkey->tx_tfm_michael, &tkey->key[16], tkey->tx_hdr,
536 skb->data + hdr_len, skb->len - 8 - hdr_len, pos))
537 return -1;
538
539 return 0;
540 }
541
542
rtllib_michael_mic_failure(struct net_device * dev,struct rtllib_hdr_4addr * hdr,int keyidx)543 static void rtllib_michael_mic_failure(struct net_device *dev,
544 struct rtllib_hdr_4addr *hdr,
545 int keyidx)
546 {
547 union iwreq_data wrqu;
548 struct iw_michaelmicfailure ev;
549
550 /* TODO: needed parameters: count, keyid, key type, TSC */
551 memset(&ev, 0, sizeof(ev));
552 ev.flags = keyidx & IW_MICFAILURE_KEY_ID;
553 if (hdr->addr1[0] & 0x01)
554 ev.flags |= IW_MICFAILURE_GROUP;
555 else
556 ev.flags |= IW_MICFAILURE_PAIRWISE;
557 ev.src_addr.sa_family = ARPHRD_ETHER;
558 ether_addr_copy(ev.src_addr.sa_data, hdr->addr2);
559 memset(&wrqu, 0, sizeof(wrqu));
560 wrqu.data.length = sizeof(ev);
561 wireless_send_event(dev, IWEVMICHAELMICFAILURE, &wrqu, (char *) &ev);
562 }
563
rtllib_michael_mic_verify(struct sk_buff * skb,int keyidx,int hdr_len,void * priv)564 static int rtllib_michael_mic_verify(struct sk_buff *skb, int keyidx,
565 int hdr_len, void *priv)
566 {
567 struct rtllib_tkip_data *tkey = priv;
568 u8 mic[8];
569 struct rtllib_hdr_4addr *hdr;
570
571 hdr = (struct rtllib_hdr_4addr *) skb->data;
572
573 if (!tkey->key_set)
574 return -1;
575
576 michael_mic_hdr(skb, tkey->rx_hdr);
577 if (RTLLIB_QOS_HAS_SEQ(le16_to_cpu(hdr->frame_ctl)))
578 tkey->rx_hdr[12] = *(skb->data + hdr_len - 2) & 0x07;
579
580 if (michael_mic(tkey->rx_tfm_michael, &tkey->key[24], tkey->rx_hdr,
581 skb->data + hdr_len, skb->len - 8 - hdr_len, mic))
582 return -1;
583
584 if (memcmp(mic, skb->data + skb->len - 8, 8) != 0) {
585 struct rtllib_hdr_4addr *hdr;
586
587 hdr = (struct rtllib_hdr_4addr *) skb->data;
588 netdev_dbg(skb->dev,
589 "Michael MIC verification failed for MSDU from %pM keyidx=%d\n",
590 hdr->addr2, keyidx);
591 netdev_dbg(skb->dev, "%d\n",
592 memcmp(mic, skb->data + skb->len - 8, 8) != 0);
593 if (skb->dev) {
594 pr_info("skb->dev != NULL\n");
595 rtllib_michael_mic_failure(skb->dev, hdr, keyidx);
596 }
597 tkey->dot11RSNAStatsTKIPLocalMICFailures++;
598 return -1;
599 }
600
601 /* Update TSC counters for RX now that the packet verification has
602 * completed.
603 */
604 tkey->rx_iv32 = tkey->rx_iv32_new;
605 tkey->rx_iv16 = tkey->rx_iv16_new;
606
607 skb_trim(skb, skb->len - 8);
608
609 return 0;
610 }
611
612
rtllib_tkip_set_key(void * key,int len,u8 * seq,void * priv)613 static int rtllib_tkip_set_key(void *key, int len, u8 *seq, void *priv)
614 {
615 struct rtllib_tkip_data *tkey = priv;
616 int keyidx;
617 struct crypto_shash *tfm = tkey->tx_tfm_michael;
618 struct crypto_shash *tfm3 = tkey->rx_tfm_michael;
619
620 keyidx = tkey->key_idx;
621 memset(tkey, 0, sizeof(*tkey));
622 tkey->key_idx = keyidx;
623 tkey->tx_tfm_michael = tfm;
624 tkey->rx_tfm_michael = tfm3;
625
626 if (len == TKIP_KEY_LEN) {
627 memcpy(tkey->key, key, TKIP_KEY_LEN);
628 tkey->key_set = 1;
629 tkey->tx_iv16 = 1; /* TSC is initialized to 1 */
630 if (seq) {
631 tkey->rx_iv32 = (seq[5] << 24) | (seq[4] << 16) |
632 (seq[3] << 8) | seq[2];
633 tkey->rx_iv16 = (seq[1] << 8) | seq[0];
634 }
635 } else if (len == 0)
636 tkey->key_set = 0;
637 else
638 return -1;
639
640 return 0;
641 }
642
643
rtllib_tkip_get_key(void * key,int len,u8 * seq,void * priv)644 static int rtllib_tkip_get_key(void *key, int len, u8 *seq, void *priv)
645 {
646 struct rtllib_tkip_data *tkey = priv;
647
648 if (len < TKIP_KEY_LEN)
649 return -1;
650
651 if (!tkey->key_set)
652 return 0;
653 memcpy(key, tkey->key, TKIP_KEY_LEN);
654
655 if (seq) {
656 /* Return the sequence number of the last transmitted frame. */
657 u16 iv16 = tkey->tx_iv16;
658 u32 iv32 = tkey->tx_iv32;
659
660 if (iv16 == 0)
661 iv32--;
662 iv16--;
663 seq[0] = tkey->tx_iv16;
664 seq[1] = tkey->tx_iv16 >> 8;
665 seq[2] = tkey->tx_iv32;
666 seq[3] = tkey->tx_iv32 >> 8;
667 seq[4] = tkey->tx_iv32 >> 16;
668 seq[5] = tkey->tx_iv32 >> 24;
669 }
670
671 return TKIP_KEY_LEN;
672 }
673
674
rtllib_tkip_print_stats(struct seq_file * m,void * priv)675 static void rtllib_tkip_print_stats(struct seq_file *m, void *priv)
676 {
677 struct rtllib_tkip_data *tkip = priv;
678
679 seq_printf(m,
680 "key[%d] alg=TKIP key_set=%d tx_pn=%02x%02x%02x%02x%02x%02x rx_pn=%02x%02x%02x%02x%02x%02x replays=%d icv_errors=%d local_mic_failures=%d\n",
681 tkip->key_idx, tkip->key_set,
682 (tkip->tx_iv32 >> 24) & 0xff,
683 (tkip->tx_iv32 >> 16) & 0xff,
684 (tkip->tx_iv32 >> 8) & 0xff,
685 tkip->tx_iv32 & 0xff,
686 (tkip->tx_iv16 >> 8) & 0xff,
687 tkip->tx_iv16 & 0xff,
688 (tkip->rx_iv32 >> 24) & 0xff,
689 (tkip->rx_iv32 >> 16) & 0xff,
690 (tkip->rx_iv32 >> 8) & 0xff,
691 tkip->rx_iv32 & 0xff,
692 (tkip->rx_iv16 >> 8) & 0xff,
693 tkip->rx_iv16 & 0xff,
694 tkip->dot11RSNAStatsTKIPReplays,
695 tkip->dot11RSNAStatsTKIPICVErrors,
696 tkip->dot11RSNAStatsTKIPLocalMICFailures);
697 }
698
699 static struct lib80211_crypto_ops rtllib_crypt_tkip = {
700 .name = "R-TKIP",
701 .init = rtllib_tkip_init,
702 .deinit = rtllib_tkip_deinit,
703 .encrypt_mpdu = rtllib_tkip_encrypt,
704 .decrypt_mpdu = rtllib_tkip_decrypt,
705 .encrypt_msdu = rtllib_michael_mic_add,
706 .decrypt_msdu = rtllib_michael_mic_verify,
707 .set_key = rtllib_tkip_set_key,
708 .get_key = rtllib_tkip_get_key,
709 .print_stats = rtllib_tkip_print_stats,
710 .extra_mpdu_prefix_len = 4 + 4, /* IV + ExtIV */
711 .extra_mpdu_postfix_len = 4, /* ICV */
712 .extra_msdu_postfix_len = 8, /* MIC */
713 .owner = THIS_MODULE,
714 };
715
716
rtllib_crypto_tkip_init(void)717 static int __init rtllib_crypto_tkip_init(void)
718 {
719 return lib80211_register_crypto_ops(&rtllib_crypt_tkip);
720 }
721
722
rtllib_crypto_tkip_exit(void)723 static void __exit rtllib_crypto_tkip_exit(void)
724 {
725 lib80211_unregister_crypto_ops(&rtllib_crypt_tkip);
726 }
727
728 module_init(rtllib_crypto_tkip_init);
729 module_exit(rtllib_crypto_tkip_exit);
730
731 MODULE_LICENSE("GPL");
732