1// SPDX-License-Identifier: GPL-2.0
2/*
3 * Host AP crypt: host-based TKIP encryption implementation for Host AP driver
4 *
5 * Copyright (c) 2003-2004, Jouni Malinen <jkmaline@cc.hut.fi>
6 */
7
8#include <crypto/arc4.h>
9#include <crypto/hash.h>
10#include <linux/fips.h>
11#include <linux/module.h>
12#include <linux/init.h>
13#include <linux/slab.h>
14#include <linux/random.h>
15#include <linux/skbuff.h>
16#include <linux/netdevice.h>
17#include <linux/if_ether.h>
18#include <linux/if_arp.h>
19#include <linux/string.h>
20#include <linux/crc32.h>
21#include <linux/etherdevice.h>
22
23#include "rtllib.h"
24
25struct rtllib_tkip_data {
26#define TKIP_KEY_LEN 32
27 u8 key[TKIP_KEY_LEN];
28 int key_set;
29
30 u32 tx_iv32;
31 u16 tx_iv16;
32 u16 tx_ttak[5];
33 int tx_phase1_done;
34
35 u32 rx_iv32;
36 u16 rx_iv16;
37 bool initialized;
38 u16 rx_ttak[5];
39 int rx_phase1_done;
40 u32 rx_iv32_new;
41 u16 rx_iv16_new;
42
43 u32 dot11RSNAStatsTKIPReplays;
44 u32 dot11RSNAStatsTKIPICVErrors;
45 u32 dot11RSNAStatsTKIPLocalMICFailures;
46
47 int key_idx;
48 struct arc4_ctx rx_ctx_arc4;
49 struct arc4_ctx tx_ctx_arc4;
50 struct crypto_shash *rx_tfm_michael;
51 struct crypto_shash *tx_tfm_michael;
52 /* scratch buffers for virt_to_page() (crypto API) */
53 u8 rx_hdr[16];
54 u8 tx_hdr[16];
55};
56
57static void *rtllib_tkip_init(int key_idx)
58{
59 struct rtllib_tkip_data *priv;
60
61 if (fips_enabled)
62 return NULL;
63
64 priv = kzalloc(size: sizeof(*priv), GFP_ATOMIC);
65 if (!priv)
66 goto fail;
67 priv->key_idx = key_idx;
68
69 priv->tx_tfm_michael = crypto_alloc_shash(alg_name: "michael_mic", type: 0, mask: 0);
70 if (IS_ERR(ptr: priv->tx_tfm_michael)) {
71 pr_debug("Could not allocate crypto API michael_mic\n");
72 priv->tx_tfm_michael = NULL;
73 goto fail;
74 }
75
76 priv->rx_tfm_michael = crypto_alloc_shash(alg_name: "michael_mic", type: 0, mask: 0);
77 if (IS_ERR(ptr: priv->rx_tfm_michael)) {
78 pr_debug("Could not allocate crypto API michael_mic\n");
79 priv->rx_tfm_michael = NULL;
80 goto fail;
81 }
82 return priv;
83
84fail:
85 if (priv) {
86 crypto_free_shash(tfm: priv->tx_tfm_michael);
87 crypto_free_shash(tfm: priv->rx_tfm_michael);
88 kfree(objp: priv);
89 }
90
91 return NULL;
92}
93
94static void rtllib_tkip_deinit(void *priv)
95{
96 struct rtllib_tkip_data *_priv = priv;
97
98 if (_priv) {
99 crypto_free_shash(tfm: _priv->tx_tfm_michael);
100 crypto_free_shash(tfm: _priv->rx_tfm_michael);
101 }
102 kfree_sensitive(objp: priv);
103}
104
105static inline u16 RotR1(u16 val)
106{
107 return (val >> 1) | (val << 15);
108}
109
110static inline u8 Lo8(u16 val)
111{
112 return val & 0xff;
113}
114
115static inline u8 Hi8(u16 val)
116{
117 return val >> 8;
118}
119
120static inline u16 Lo16(u32 val)
121{
122 return val & 0xffff;
123}
124
125static inline u16 Hi16(u32 val)
126{
127 return val >> 16;
128}
129
130static inline u16 Mk16(u8 hi, u8 lo)
131{
132 return lo | (hi << 8);
133}
134
135static inline u16 Mk16_le(u16 *v)
136{
137 return *v;
138}
139
140static const u16 Sbox[256] = {
141 0xC6A5, 0xF884, 0xEE99, 0xF68D, 0xFF0D, 0xD6BD, 0xDEB1, 0x9154,
142 0x6050, 0x0203, 0xCEA9, 0x567D, 0xE719, 0xB562, 0x4DE6, 0xEC9A,
143 0x8F45, 0x1F9D, 0x8940, 0xFA87, 0xEF15, 0xB2EB, 0x8EC9, 0xFB0B,
144 0x41EC, 0xB367, 0x5FFD, 0x45EA, 0x23BF, 0x53F7, 0xE496, 0x9B5B,
145 0x75C2, 0xE11C, 0x3DAE, 0x4C6A, 0x6C5A, 0x7E41, 0xF502, 0x834F,
146 0x685C, 0x51F4, 0xD134, 0xF908, 0xE293, 0xAB73, 0x6253, 0x2A3F,
147 0x080C, 0x9552, 0x4665, 0x9D5E, 0x3028, 0x37A1, 0x0A0F, 0x2FB5,
148 0x0E09, 0x2436, 0x1B9B, 0xDF3D, 0xCD26, 0x4E69, 0x7FCD, 0xEA9F,
149 0x121B, 0x1D9E, 0x5874, 0x342E, 0x362D, 0xDCB2, 0xB4EE, 0x5BFB,
150 0xA4F6, 0x764D, 0xB761, 0x7DCE, 0x527B, 0xDD3E, 0x5E71, 0x1397,
151 0xA6F5, 0xB968, 0x0000, 0xC12C, 0x4060, 0xE31F, 0x79C8, 0xB6ED,
152 0xD4BE, 0x8D46, 0x67D9, 0x724B, 0x94DE, 0x98D4, 0xB0E8, 0x854A,
153 0xBB6B, 0xC52A, 0x4FE5, 0xED16, 0x86C5, 0x9AD7, 0x6655, 0x1194,
154 0x8ACF, 0xE910, 0x0406, 0xFE81, 0xA0F0, 0x7844, 0x25BA, 0x4BE3,
155 0xA2F3, 0x5DFE, 0x80C0, 0x058A, 0x3FAD, 0x21BC, 0x7048, 0xF104,
156 0x63DF, 0x77C1, 0xAF75, 0x4263, 0x2030, 0xE51A, 0xFD0E, 0xBF6D,
157 0x814C, 0x1814, 0x2635, 0xC32F, 0xBEE1, 0x35A2, 0x88CC, 0x2E39,
158 0x9357, 0x55F2, 0xFC82, 0x7A47, 0xC8AC, 0xBAE7, 0x322B, 0xE695,
159 0xC0A0, 0x1998, 0x9ED1, 0xA37F, 0x4466, 0x547E, 0x3BAB, 0x0B83,
160 0x8CCA, 0xC729, 0x6BD3, 0x283C, 0xA779, 0xBCE2, 0x161D, 0xAD76,
161 0xDB3B, 0x6456, 0x744E, 0x141E, 0x92DB, 0x0C0A, 0x486C, 0xB8E4,
162 0x9F5D, 0xBD6E, 0x43EF, 0xC4A6, 0x39A8, 0x31A4, 0xD337, 0xF28B,
163 0xD532, 0x8B43, 0x6E59, 0xDAB7, 0x018C, 0xB164, 0x9CD2, 0x49E0,
164 0xD8B4, 0xACFA, 0xF307, 0xCF25, 0xCAAF, 0xF48E, 0x47E9, 0x1018,
165 0x6FD5, 0xF088, 0x4A6F, 0x5C72, 0x3824, 0x57F1, 0x73C7, 0x9751,
166 0xCB23, 0xA17C, 0xE89C, 0x3E21, 0x96DD, 0x61DC, 0x0D86, 0x0F85,
167 0xE090, 0x7C42, 0x71C4, 0xCCAA, 0x90D8, 0x0605, 0xF701, 0x1C12,
168 0xC2A3, 0x6A5F, 0xAEF9, 0x69D0, 0x1791, 0x9958, 0x3A27, 0x27B9,
169 0xD938, 0xEB13, 0x2BB3, 0x2233, 0xD2BB, 0xA970, 0x0789, 0x33A7,
170 0x2DB6, 0x3C22, 0x1592, 0xC920, 0x8749, 0xAAFF, 0x5078, 0xA57A,
171 0x038F, 0x59F8, 0x0980, 0x1A17, 0x65DA, 0xD731, 0x84C6, 0xD0B8,
172 0x82C3, 0x29B0, 0x5A77, 0x1E11, 0x7BCB, 0xA8FC, 0x6DD6, 0x2C3A,
173};
174
175static inline u16 _S_(u16 v)
176{
177 u16 t = Sbox[Hi8(val: v)];
178 return Sbox[Lo8(val: v)] ^ ((t << 8) | (t >> 8));
179}
180
181#define PHASE1_LOOP_COUNT 8
182
183static void tkip_mixing_phase1(u16 *TTAK, const u8 *TK, const u8 *TA, u32 IV32)
184{
185 int i, j;
186
187 /* Initialize the 80-bit TTAK from TSC (IV32) and TA[0..5] */
188 TTAK[0] = Lo16(val: IV32);
189 TTAK[1] = Hi16(val: IV32);
190 TTAK[2] = Mk16(hi: TA[1], lo: TA[0]);
191 TTAK[3] = Mk16(hi: TA[3], lo: TA[2]);
192 TTAK[4] = Mk16(hi: TA[5], lo: TA[4]);
193
194 for (i = 0; i < PHASE1_LOOP_COUNT; i++) {
195 j = 2 * (i & 1);
196 TTAK[0] += _S_(v: TTAK[4] ^ Mk16(hi: TK[1 + j], lo: TK[0 + j]));
197 TTAK[1] += _S_(v: TTAK[0] ^ Mk16(hi: TK[5 + j], lo: TK[4 + j]));
198 TTAK[2] += _S_(v: TTAK[1] ^ Mk16(hi: TK[9 + j], lo: TK[8 + j]));
199 TTAK[3] += _S_(v: TTAK[2] ^ Mk16(hi: TK[13 + j], lo: TK[12 + j]));
200 TTAK[4] += _S_(v: TTAK[3] ^ Mk16(hi: TK[1 + j], lo: TK[0 + j])) + i;
201 }
202}
203
204static void tkip_mixing_phase2(u8 *WEPSeed, const u8 *TK, const u16 *TTAK,
205 u16 IV16)
206{
207 /* Make temporary area overlap WEP seed so that the final copy can be
208 * avoided on little endian hosts.
209 */
210 u16 *PPK = (u16 *)&WEPSeed[4];
211
212 /* Step 1 - make copy of TTAK and bring in TSC */
213 PPK[0] = TTAK[0];
214 PPK[1] = TTAK[1];
215 PPK[2] = TTAK[2];
216 PPK[3] = TTAK[3];
217 PPK[4] = TTAK[4];
218 PPK[5] = TTAK[4] + IV16;
219
220 /* Step 2 - 96-bit bijective mixing using S-box */
221 PPK[0] += _S_(v: PPK[5] ^ Mk16_le(v: (u16 *)&TK[0]));
222 PPK[1] += _S_(v: PPK[0] ^ Mk16_le(v: (u16 *)&TK[2]));
223 PPK[2] += _S_(v: PPK[1] ^ Mk16_le(v: (u16 *)&TK[4]));
224 PPK[3] += _S_(v: PPK[2] ^ Mk16_le(v: (u16 *)&TK[6]));
225 PPK[4] += _S_(v: PPK[3] ^ Mk16_le(v: (u16 *)&TK[8]));
226 PPK[5] += _S_(v: PPK[4] ^ Mk16_le(v: (u16 *)&TK[10]));
227
228 PPK[0] += RotR1(val: PPK[5] ^ Mk16_le(v: (u16 *)&TK[12]));
229 PPK[1] += RotR1(val: PPK[0] ^ Mk16_le(v: (u16 *)&TK[14]));
230 PPK[2] += RotR1(val: PPK[1]);
231 PPK[3] += RotR1(val: PPK[2]);
232 PPK[4] += RotR1(val: PPK[3]);
233 PPK[5] += RotR1(val: PPK[4]);
234
235 /* Step 3 - bring in last of TK bits, assign 24-bit WEP IV value
236 * WEPSeed[0..2] is transmitted as WEP IV
237 */
238 WEPSeed[0] = Hi8(val: IV16);
239 WEPSeed[1] = (Hi8(val: IV16) | 0x20) & 0x7F;
240 WEPSeed[2] = Lo8(val: IV16);
241 WEPSeed[3] = Lo8(val: (PPK[5] ^ Mk16_le(v: (u16 *)&TK[0])) >> 1);
242
243#ifdef __BIG_ENDIAN
244 {
245 int i;
246
247 for (i = 0; i < 6; i++)
248 PPK[i] = (PPK[i] << 8) | (PPK[i] >> 8);
249 }
250#endif
251}
252
253static int rtllib_tkip_encrypt(struct sk_buff *skb, int hdr_len, void *priv)
254{
255 struct rtllib_tkip_data *tkey = priv;
256 int len;
257 u8 *pos;
258 struct ieee80211_hdr *hdr;
259 struct cb_desc *tcb_desc = (struct cb_desc *)(skb->cb +
260 MAX_DEV_ADDR_SIZE);
261 int ret = 0;
262 u8 rc4key[16], *icv;
263 u32 crc;
264
265 if (skb_headroom(skb) < 8 || skb_tailroom(skb) < 4 ||
266 skb->len < hdr_len)
267 return -1;
268
269 hdr = (struct ieee80211_hdr *)skb->data;
270
271 if (!tcb_desc->bHwSec) {
272 if (!tkey->tx_phase1_done) {
273 tkip_mixing_phase1(TTAK: tkey->tx_ttak, TK: tkey->key, TA: hdr->addr2,
274 IV32: tkey->tx_iv32);
275 tkey->tx_phase1_done = 1;
276 }
277 tkip_mixing_phase2(WEPSeed: rc4key, TK: tkey->key, TTAK: tkey->tx_ttak,
278 IV16: tkey->tx_iv16);
279 } else {
280 tkey->tx_phase1_done = 1;
281 }
282
283 len = skb->len - hdr_len;
284 pos = skb_push(skb, len: 8);
285 memmove(pos, pos + 8, hdr_len);
286 pos += hdr_len;
287
288 if (tcb_desc->bHwSec) {
289 *pos++ = Hi8(val: tkey->tx_iv16);
290 *pos++ = (Hi8(val: tkey->tx_iv16) | 0x20) & 0x7F;
291 *pos++ = Lo8(val: tkey->tx_iv16);
292 } else {
293 *pos++ = rc4key[0];
294 *pos++ = rc4key[1];
295 *pos++ = rc4key[2];
296 }
297
298 *pos++ = (tkey->key_idx << 6) | (1 << 5) /* Ext IV included */;
299 *pos++ = tkey->tx_iv32 & 0xff;
300 *pos++ = (tkey->tx_iv32 >> 8) & 0xff;
301 *pos++ = (tkey->tx_iv32 >> 16) & 0xff;
302 *pos++ = (tkey->tx_iv32 >> 24) & 0xff;
303
304 if (!tcb_desc->bHwSec) {
305 icv = skb_put(skb, len: 4);
306 crc = ~crc32_le(crc: ~0, p: pos, len);
307 icv[0] = crc;
308 icv[1] = crc >> 8;
309 icv[2] = crc >> 16;
310 icv[3] = crc >> 24;
311
312 arc4_setkey(ctx: &tkey->tx_ctx_arc4, in_key: rc4key, key_len: 16);
313 arc4_crypt(ctx: &tkey->tx_ctx_arc4, out: pos, in: pos, len: len + 4);
314 }
315
316 tkey->tx_iv16++;
317 if (tkey->tx_iv16 == 0) {
318 tkey->tx_phase1_done = 0;
319 tkey->tx_iv32++;
320 }
321
322 if (!tcb_desc->bHwSec)
323 return ret;
324 return 0;
325}
326
327static int rtllib_tkip_decrypt(struct sk_buff *skb, int hdr_len, void *priv)
328{
329 struct rtllib_tkip_data *tkey = priv;
330 u8 keyidx, *pos;
331 u32 iv32;
332 u16 iv16;
333 struct ieee80211_hdr *hdr;
334 struct cb_desc *tcb_desc = (struct cb_desc *)(skb->cb +
335 MAX_DEV_ADDR_SIZE);
336 u8 rc4key[16];
337 u8 icv[4];
338 u32 crc;
339 int plen;
340
341 if (skb->len < hdr_len + 8 + 4)
342 return -1;
343
344 hdr = (struct ieee80211_hdr *)skb->data;
345 pos = skb->data + hdr_len;
346 keyidx = pos[3];
347 if (!(keyidx & (1 << 5))) {
348 if (net_ratelimit()) {
349 netdev_dbg(skb->dev,
350 "Received packet without ExtIV flag from %pM\n",
351 hdr->addr2);
352 }
353 return -2;
354 }
355 keyidx >>= 6;
356 if (tkey->key_idx != keyidx) {
357 netdev_dbg(skb->dev,
358 "RX tkey->key_idx=%d frame keyidx=%d priv=%p\n",
359 tkey->key_idx, keyidx, priv);
360 return -6;
361 }
362 if (!tkey->key_set) {
363 if (net_ratelimit()) {
364 netdev_dbg(skb->dev,
365 "Received packet from %pM with keyid=%d that does not have a configured key\n",
366 hdr->addr2, keyidx);
367 }
368 return -3;
369 }
370 iv16 = (pos[0] << 8) | pos[2];
371 iv32 = pos[4] | (pos[5] << 8) | (pos[6] << 16) | (pos[7] << 24);
372 pos += 8;
373
374 if (!tcb_desc->bHwSec || (skb->cb[0] == 1)) {
375 if ((iv32 < tkey->rx_iv32 ||
376 (iv32 == tkey->rx_iv32 && iv16 <= tkey->rx_iv16)) &&
377 tkey->initialized) {
378 if (net_ratelimit()) {
379 netdev_dbg(skb->dev,
380 "Replay detected: STA= %pM previous TSC %08x%04x received TSC %08x%04x\n",
381 hdr->addr2, tkey->rx_iv32,
382 tkey->rx_iv16, iv32, iv16);
383 }
384 tkey->dot11RSNAStatsTKIPReplays++;
385 return -4;
386 }
387 tkey->initialized = true;
388
389 if (iv32 != tkey->rx_iv32 || !tkey->rx_phase1_done) {
390 tkip_mixing_phase1(TTAK: tkey->rx_ttak, TK: tkey->key,
391 TA: hdr->addr2, IV32: iv32);
392 tkey->rx_phase1_done = 1;
393 }
394 tkip_mixing_phase2(WEPSeed: rc4key, TK: tkey->key, TTAK: tkey->rx_ttak, IV16: iv16);
395
396 plen = skb->len - hdr_len - 12;
397
398 arc4_setkey(ctx: &tkey->rx_ctx_arc4, in_key: rc4key, key_len: 16);
399 arc4_crypt(ctx: &tkey->rx_ctx_arc4, out: pos, in: pos, len: plen + 4);
400
401 crc = ~crc32_le(crc: ~0, p: pos, len: plen);
402 icv[0] = crc;
403 icv[1] = crc >> 8;
404 icv[2] = crc >> 16;
405 icv[3] = crc >> 24;
406
407 if (memcmp(p: icv, q: pos + plen, size: 4) != 0) {
408 if (iv32 != tkey->rx_iv32) {
409 /* Previously cached Phase1 result was already
410 * lost, so it needs to be recalculated for the
411 * next packet.
412 */
413 tkey->rx_phase1_done = 0;
414 }
415 if (net_ratelimit()) {
416 netdev_dbg(skb->dev,
417 "ICV error detected: STA= %pM\n",
418 hdr->addr2);
419 }
420 tkey->dot11RSNAStatsTKIPICVErrors++;
421 return -5;
422 }
423 }
424
425 /* Update real counters only after Michael MIC verification has
426 * completed
427 */
428 tkey->rx_iv32_new = iv32;
429 tkey->rx_iv16_new = iv16;
430
431 /* Remove IV and ICV */
432 memmove(skb->data + 8, skb->data, hdr_len);
433 skb_pull(skb, len: 8);
434 skb_trim(skb, len: skb->len - 4);
435
436 return keyidx;
437}
438
439static int michael_mic(struct crypto_shash *tfm_michael, u8 *key, u8 *hdr,
440 u8 *data, size_t data_len, u8 *mic)
441{
442 SHASH_DESC_ON_STACK(desc, tfm_michael);
443 int err;
444
445 desc->tfm = tfm_michael;
446
447 if (crypto_shash_setkey(tfm: tfm_michael, key, keylen: 8))
448 return -1;
449
450 err = crypto_shash_init(desc);
451 if (err)
452 goto out;
453 err = crypto_shash_update(desc, data: hdr, len: 16);
454 if (err)
455 goto out;
456 err = crypto_shash_update(desc, data, len: data_len);
457 if (err)
458 goto out;
459 err = crypto_shash_final(desc, out: mic);
460
461out:
462 shash_desc_zero(desc);
463 return err;
464}
465
466static void michael_mic_hdr(struct sk_buff *skb, u8 *hdr)
467{
468 struct ieee80211_hdr *hdr11;
469
470 hdr11 = (struct ieee80211_hdr *)skb->data;
471 switch (le16_to_cpu(hdr11->frame_control) &
472 (IEEE80211_FCTL_FROMDS | IEEE80211_FCTL_TODS)) {
473 case IEEE80211_FCTL_TODS:
474 ether_addr_copy(dst: hdr, src: hdr11->addr3); /* DA */
475 ether_addr_copy(dst: hdr + ETH_ALEN, src: hdr11->addr2); /* SA */
476 break;
477 case IEEE80211_FCTL_FROMDS:
478 ether_addr_copy(dst: hdr, src: hdr11->addr1); /* DA */
479 ether_addr_copy(dst: hdr + ETH_ALEN, src: hdr11->addr3); /* SA */
480 break;
481 case IEEE80211_FCTL_FROMDS | IEEE80211_FCTL_TODS:
482 ether_addr_copy(dst: hdr, src: hdr11->addr3); /* DA */
483 ether_addr_copy(dst: hdr + ETH_ALEN, src: hdr11->addr4); /* SA */
484 break;
485 case 0:
486 ether_addr_copy(dst: hdr, src: hdr11->addr1); /* DA */
487 ether_addr_copy(dst: hdr + ETH_ALEN, src: hdr11->addr2); /* SA */
488 break;
489 }
490
491 /* priority */
492 hdr[12] = 0;
493
494 /* reserved */
495 hdr[13] = 0;
496 hdr[14] = 0;
497 hdr[15] = 0;
498}
499
500static int rtllib_michael_mic_add(struct sk_buff *skb, int hdr_len, void *priv)
501{
502 struct rtllib_tkip_data *tkey = priv;
503 u8 *pos;
504 struct ieee80211_hdr *hdr;
505
506 hdr = (struct ieee80211_hdr *)skb->data;
507
508 if (skb_tailroom(skb) < 8 || skb->len < hdr_len) {
509 netdev_dbg(skb->dev,
510 "Invalid packet for Michael MIC add (tailroom=%d hdr_len=%d skb->len=%d)\n",
511 skb_tailroom(skb), hdr_len, skb->len);
512 return -1;
513 }
514
515 michael_mic_hdr(skb, hdr: tkey->tx_hdr);
516
517 if (RTLLIB_QOS_HAS_SEQ(le16_to_cpu(hdr->frame_control)))
518 tkey->tx_hdr[12] = *(skb->data + hdr_len - 2) & 0x07;
519 pos = skb_put(skb, len: 8);
520 if (michael_mic(tfm_michael: tkey->tx_tfm_michael, key: &tkey->key[16], hdr: tkey->tx_hdr,
521 data: skb->data + hdr_len, data_len: skb->len - 8 - hdr_len, mic: pos))
522 return -1;
523
524 return 0;
525}
526
527static void rtllib_michael_mic_failure(struct net_device *dev,
528 struct ieee80211_hdr *hdr,
529 int keyidx)
530{
531 union iwreq_data wrqu;
532 struct iw_michaelmicfailure ev;
533
534 /* TODO: needed parameters: count, keyid, key type, TSC */
535 memset(&ev, 0, sizeof(ev));
536 ev.flags = keyidx & IW_MICFAILURE_KEY_ID;
537 if (hdr->addr1[0] & 0x01)
538 ev.flags |= IW_MICFAILURE_GROUP;
539 else
540 ev.flags |= IW_MICFAILURE_PAIRWISE;
541 ev.src_addr.sa_family = ARPHRD_ETHER;
542 ether_addr_copy(dst: ev.src_addr.sa_data, src: hdr->addr2);
543 memset(&wrqu, 0, sizeof(wrqu));
544 wrqu.data.length = sizeof(ev);
545 wireless_send_event(dev, IWEVMICHAELMICFAILURE, wrqu: &wrqu, extra: (char *)&ev);
546}
547
548static int rtllib_michael_mic_verify(struct sk_buff *skb, int keyidx,
549 int hdr_len, void *priv)
550{
551 struct rtllib_tkip_data *tkey = priv;
552 u8 mic[8];
553 struct ieee80211_hdr *hdr;
554
555 hdr = (struct ieee80211_hdr *)skb->data;
556
557 if (!tkey->key_set)
558 return -1;
559
560 michael_mic_hdr(skb, hdr: tkey->rx_hdr);
561 if (RTLLIB_QOS_HAS_SEQ(le16_to_cpu(hdr->frame_control)))
562 tkey->rx_hdr[12] = *(skb->data + hdr_len - 2) & 0x07;
563
564 if (michael_mic(tfm_michael: tkey->rx_tfm_michael, key: &tkey->key[24], hdr: tkey->rx_hdr,
565 data: skb->data + hdr_len, data_len: skb->len - 8 - hdr_len, mic))
566 return -1;
567
568 if (memcmp(p: mic, q: skb->data + skb->len - 8, size: 8) != 0) {
569 struct ieee80211_hdr *hdr;
570
571 hdr = (struct ieee80211_hdr *)skb->data;
572 netdev_dbg(skb->dev,
573 "Michael MIC verification failed for MSDU from %pM keyidx=%d\n",
574 hdr->addr2, keyidx);
575 netdev_dbg(skb->dev, "%d\n",
576 memcmp(mic, skb->data + skb->len - 8, 8) != 0);
577 if (skb->dev) {
578 pr_info("skb->dev != NULL\n");
579 rtllib_michael_mic_failure(dev: skb->dev, hdr, keyidx);
580 }
581 tkey->dot11RSNAStatsTKIPLocalMICFailures++;
582 return -1;
583 }
584
585 /* Update TSC counters for RX now that the packet verification has
586 * completed.
587 */
588 tkey->rx_iv32 = tkey->rx_iv32_new;
589 tkey->rx_iv16 = tkey->rx_iv16_new;
590
591 skb_trim(skb, len: skb->len - 8);
592
593 return 0;
594}
595
596static int rtllib_tkip_set_key(void *key, int len, u8 *seq, void *priv)
597{
598 struct rtllib_tkip_data *tkey = priv;
599 int keyidx;
600 struct crypto_shash *tfm = tkey->tx_tfm_michael;
601 struct crypto_shash *tfm3 = tkey->rx_tfm_michael;
602
603 keyidx = tkey->key_idx;
604 memset(tkey, 0, sizeof(*tkey));
605 tkey->key_idx = keyidx;
606 tkey->tx_tfm_michael = tfm;
607 tkey->rx_tfm_michael = tfm3;
608
609 if (len == TKIP_KEY_LEN) {
610 memcpy(tkey->key, key, TKIP_KEY_LEN);
611 tkey->key_set = 1;
612 tkey->tx_iv16 = 1; /* TSC is initialized to 1 */
613 if (seq) {
614 tkey->rx_iv32 = (seq[5] << 24) | (seq[4] << 16) |
615 (seq[3] << 8) | seq[2];
616 tkey->rx_iv16 = (seq[1] << 8) | seq[0];
617 }
618 } else if (len == 0) {
619 tkey->key_set = 0;
620 } else {
621 return -1;
622 }
623
624 return 0;
625}
626
627static int rtllib_tkip_get_key(void *key, int len, u8 *seq, void *priv)
628{
629 struct rtllib_tkip_data *tkey = priv;
630
631 if (len < TKIP_KEY_LEN)
632 return -1;
633
634 if (!tkey->key_set)
635 return 0;
636 memcpy(key, tkey->key, TKIP_KEY_LEN);
637
638 if (seq) {
639 /* Return the sequence number of the last transmitted frame. */
640 u16 iv16 = tkey->tx_iv16;
641 u32 iv32 = tkey->tx_iv32;
642
643 if (iv16 == 0)
644 iv32--;
645 iv16--;
646 seq[0] = tkey->tx_iv16;
647 seq[1] = tkey->tx_iv16 >> 8;
648 seq[2] = tkey->tx_iv32;
649 seq[3] = tkey->tx_iv32 >> 8;
650 seq[4] = tkey->tx_iv32 >> 16;
651 seq[5] = tkey->tx_iv32 >> 24;
652 }
653
654 return TKIP_KEY_LEN;
655}
656
657static void rtllib_tkip_print_stats(struct seq_file *m, void *priv)
658{
659 struct rtllib_tkip_data *tkip = priv;
660
661 seq_printf(m,
662 fmt: "key[%d] alg=TKIP key_set=%d tx_pn=%02x%02x%02x%02x%02x%02x rx_pn=%02x%02x%02x%02x%02x%02x replays=%d icv_errors=%d local_mic_failures=%d\n",
663 tkip->key_idx, tkip->key_set,
664 (tkip->tx_iv32 >> 24) & 0xff,
665 (tkip->tx_iv32 >> 16) & 0xff,
666 (tkip->tx_iv32 >> 8) & 0xff,
667 tkip->tx_iv32 & 0xff,
668 (tkip->tx_iv16 >> 8) & 0xff,
669 tkip->tx_iv16 & 0xff,
670 (tkip->rx_iv32 >> 24) & 0xff,
671 (tkip->rx_iv32 >> 16) & 0xff,
672 (tkip->rx_iv32 >> 8) & 0xff,
673 tkip->rx_iv32 & 0xff,
674 (tkip->rx_iv16 >> 8) & 0xff,
675 tkip->rx_iv16 & 0xff,
676 tkip->dot11RSNAStatsTKIPReplays,
677 tkip->dot11RSNAStatsTKIPICVErrors,
678 tkip->dot11RSNAStatsTKIPLocalMICFailures);
679}
680
681static struct lib80211_crypto_ops rtllib_crypt_tkip = {
682 .name = "R-TKIP",
683 .init = rtllib_tkip_init,
684 .deinit = rtllib_tkip_deinit,
685 .encrypt_mpdu = rtllib_tkip_encrypt,
686 .decrypt_mpdu = rtllib_tkip_decrypt,
687 .encrypt_msdu = rtllib_michael_mic_add,
688 .decrypt_msdu = rtllib_michael_mic_verify,
689 .set_key = rtllib_tkip_set_key,
690 .get_key = rtllib_tkip_get_key,
691 .print_stats = rtllib_tkip_print_stats,
692 .extra_mpdu_prefix_len = 4 + 4, /* IV + ExtIV */
693 .extra_mpdu_postfix_len = 4, /* ICV */
694 .extra_msdu_postfix_len = 8, /* MIC */
695 .owner = THIS_MODULE,
696};
697
698static int __init rtllib_crypto_tkip_init(void)
699{
700 return lib80211_register_crypto_ops(ops: &rtllib_crypt_tkip);
701}
702
703static void __exit rtllib_crypto_tkip_exit(void)
704{
705 lib80211_unregister_crypto_ops(ops: &rtllib_crypt_tkip);
706}
707
708module_init(rtllib_crypto_tkip_init);
709module_exit(rtllib_crypto_tkip_exit);
710
711MODULE_LICENSE("GPL");
712

source code of linux/drivers/staging/rtl8192e/rtllib_crypt_tkip.c