1 // SPDX-License-Identifier: GPL-2.0-only 2 /* 3 * libipw crypt: host-based TKIP encryption implementation for libipw 4 * 5 * Copyright (c) 2003-2004, Jouni Malinen <j@w1.fi> 6 * Copyright (c) 2008, John W. Linville <linville@tuxdriver.com> 7 */ 8 9 #define pr_fmt(fmt) KBUILD_MODNAME ": " fmt 10 11 #include <linux/err.h> 12 #include <linux/fips.h> 13 #include <linux/module.h> 14 #include <linux/init.h> 15 #include <linux/slab.h> 16 #include <linux/random.h> 17 #include <linux/scatterlist.h> 18 #include <linux/skbuff.h> 19 #include <linux/netdevice.h> 20 #include <linux/mm.h> 21 #include <linux/if_ether.h> 22 #include <linux/if_arp.h> 23 #include <asm/string.h> 24 #include <linux/wireless.h> 25 #include <linux/ieee80211.h> 26 #include <net/iw_handler.h> 27 #include <crypto/arc4.h> 28 #include <crypto/hash.h> 29 #include <linux/crypto.h> 30 #include <linux/crc32.h> 31 #include "libipw.h" 32 33 #define TKIP_HDR_LEN 8 34 35 struct libipw_tkip_data { 36 #define TKIP_KEY_LEN 32 37 u8 key[TKIP_KEY_LEN]; 38 int key_set; 39 40 u32 tx_iv32; 41 u16 tx_iv16; 42 u16 tx_ttak[5]; 43 int tx_phase1_done; 44 45 u32 rx_iv32; 46 u16 rx_iv16; 47 u16 rx_ttak[5]; 48 int rx_phase1_done; 49 u32 rx_iv32_new; 50 u16 rx_iv16_new; 51 52 u32 dot11RSNAStatsTKIPReplays; 53 u32 dot11RSNAStatsTKIPICVErrors; 54 u32 dot11RSNAStatsTKIPLocalMICFailures; 55 56 int key_idx; 57 58 struct arc4_ctx rx_ctx_arc4; 59 struct arc4_ctx tx_ctx_arc4; 60 struct crypto_shash *rx_tfm_michael; 61 struct crypto_shash *tx_tfm_michael; 62 63 /* scratch buffers for virt_to_page() (crypto API) */ 64 u8 rx_hdr[16], tx_hdr[16]; 65 66 unsigned long flags; 67 }; 68 69 static unsigned long libipw_tkip_set_flags(unsigned long flags, void *priv) 70 { 71 struct libipw_tkip_data *_priv = priv; 72 unsigned long old_flags = _priv->flags; 73 _priv->flags = flags; 74 return old_flags; 75 } 76 77 static unsigned long libipw_tkip_get_flags(void *priv) 78 { 79 struct libipw_tkip_data *_priv = priv; 80 return _priv->flags; 81 } 82 83 static void *libipw_tkip_init(int key_idx) 84 { 85 struct libipw_tkip_data *priv; 86 87 if (fips_enabled) 88 return NULL; 89 90 priv = kzalloc(sizeof(*priv), GFP_ATOMIC); 91 if (priv == NULL) 92 goto fail; 93 94 priv->key_idx = key_idx; 95 96 priv->tx_tfm_michael = crypto_alloc_shash("michael_mic", 0, 0); 97 if (IS_ERR(priv->tx_tfm_michael)) { 98 priv->tx_tfm_michael = NULL; 99 goto fail; 100 } 101 102 priv->rx_tfm_michael = crypto_alloc_shash("michael_mic", 0, 0); 103 if (IS_ERR(priv->rx_tfm_michael)) { 104 priv->rx_tfm_michael = NULL; 105 goto fail; 106 } 107 108 return priv; 109 110 fail: 111 if (priv) { 112 crypto_free_shash(priv->tx_tfm_michael); 113 crypto_free_shash(priv->rx_tfm_michael); 114 kfree(priv); 115 } 116 117 return NULL; 118 } 119 120 static void libipw_tkip_deinit(void *priv) 121 { 122 struct libipw_tkip_data *_priv = priv; 123 if (_priv) { 124 crypto_free_shash(_priv->tx_tfm_michael); 125 crypto_free_shash(_priv->rx_tfm_michael); 126 } 127 kfree_sensitive(priv); 128 } 129 130 static inline u16 RotR1(u16 val) 131 { 132 return (val >> 1) | (val << 15); 133 } 134 135 static inline u8 Lo8(u16 val) 136 { 137 return val & 0xff; 138 } 139 140 static inline u8 Hi8(u16 val) 141 { 142 return val >> 8; 143 } 144 145 static inline u16 Lo16(u32 val) 146 { 147 return val & 0xffff; 148 } 149 150 static inline u16 Hi16(u32 val) 151 { 152 return val >> 16; 153 } 154 155 static inline u16 Mk16(u8 hi, u8 lo) 156 { 157 return lo | (((u16) hi) << 8); 158 } 159 160 static inline u16 Mk16_le(__le16 * v) 161 { 162 return le16_to_cpu(*v); 163 } 164 165 static const u16 Sbox[256] = { 166 0xC6A5, 0xF884, 0xEE99, 0xF68D, 0xFF0D, 0xD6BD, 0xDEB1, 0x9154, 167 0x6050, 0x0203, 0xCEA9, 0x567D, 0xE719, 0xB562, 0x4DE6, 0xEC9A, 168 0x8F45, 0x1F9D, 0x8940, 0xFA87, 0xEF15, 0xB2EB, 0x8EC9, 0xFB0B, 169 0x41EC, 0xB367, 0x5FFD, 0x45EA, 0x23BF, 0x53F7, 0xE496, 0x9B5B, 170 0x75C2, 0xE11C, 0x3DAE, 0x4C6A, 0x6C5A, 0x7E41, 0xF502, 0x834F, 171 0x685C, 0x51F4, 0xD134, 0xF908, 0xE293, 0xAB73, 0x6253, 0x2A3F, 172 0x080C, 0x9552, 0x4665, 0x9D5E, 0x3028, 0x37A1, 0x0A0F, 0x2FB5, 173 0x0E09, 0x2436, 0x1B9B, 0xDF3D, 0xCD26, 0x4E69, 0x7FCD, 0xEA9F, 174 0x121B, 0x1D9E, 0x5874, 0x342E, 0x362D, 0xDCB2, 0xB4EE, 0x5BFB, 175 0xA4F6, 0x764D, 0xB761, 0x7DCE, 0x527B, 0xDD3E, 0x5E71, 0x1397, 176 0xA6F5, 0xB968, 0x0000, 0xC12C, 0x4060, 0xE31F, 0x79C8, 0xB6ED, 177 0xD4BE, 0x8D46, 0x67D9, 0x724B, 0x94DE, 0x98D4, 0xB0E8, 0x854A, 178 0xBB6B, 0xC52A, 0x4FE5, 0xED16, 0x86C5, 0x9AD7, 0x6655, 0x1194, 179 0x8ACF, 0xE910, 0x0406, 0xFE81, 0xA0F0, 0x7844, 0x25BA, 0x4BE3, 180 0xA2F3, 0x5DFE, 0x80C0, 0x058A, 0x3FAD, 0x21BC, 0x7048, 0xF104, 181 0x63DF, 0x77C1, 0xAF75, 0x4263, 0x2030, 0xE51A, 0xFD0E, 0xBF6D, 182 0x814C, 0x1814, 0x2635, 0xC32F, 0xBEE1, 0x35A2, 0x88CC, 0x2E39, 183 0x9357, 0x55F2, 0xFC82, 0x7A47, 0xC8AC, 0xBAE7, 0x322B, 0xE695, 184 0xC0A0, 0x1998, 0x9ED1, 0xA37F, 0x4466, 0x547E, 0x3BAB, 0x0B83, 185 0x8CCA, 0xC729, 0x6BD3, 0x283C, 0xA779, 0xBCE2, 0x161D, 0xAD76, 186 0xDB3B, 0x6456, 0x744E, 0x141E, 0x92DB, 0x0C0A, 0x486C, 0xB8E4, 187 0x9F5D, 0xBD6E, 0x43EF, 0xC4A6, 0x39A8, 0x31A4, 0xD337, 0xF28B, 188 0xD532, 0x8B43, 0x6E59, 0xDAB7, 0x018C, 0xB164, 0x9CD2, 0x49E0, 189 0xD8B4, 0xACFA, 0xF307, 0xCF25, 0xCAAF, 0xF48E, 0x47E9, 0x1018, 190 0x6FD5, 0xF088, 0x4A6F, 0x5C72, 0x3824, 0x57F1, 0x73C7, 0x9751, 191 0xCB23, 0xA17C, 0xE89C, 0x3E21, 0x96DD, 0x61DC, 0x0D86, 0x0F85, 192 0xE090, 0x7C42, 0x71C4, 0xCCAA, 0x90D8, 0x0605, 0xF701, 0x1C12, 193 0xC2A3, 0x6A5F, 0xAEF9, 0x69D0, 0x1791, 0x9958, 0x3A27, 0x27B9, 194 0xD938, 0xEB13, 0x2BB3, 0x2233, 0xD2BB, 0xA970, 0x0789, 0x33A7, 195 0x2DB6, 0x3C22, 0x1592, 0xC920, 0x8749, 0xAAFF, 0x5078, 0xA57A, 196 0x038F, 0x59F8, 0x0980, 0x1A17, 0x65DA, 0xD731, 0x84C6, 0xD0B8, 197 0x82C3, 0x29B0, 0x5A77, 0x1E11, 0x7BCB, 0xA8FC, 0x6DD6, 0x2C3A, 198 }; 199 200 static inline u16 _S_(u16 v) 201 { 202 u16 t = Sbox[Hi8(v)]; 203 return Sbox[Lo8(v)] ^ ((t << 8) | (t >> 8)); 204 } 205 206 #define PHASE1_LOOP_COUNT 8 207 208 static void tkip_mixing_phase1(u16 * TTAK, const u8 * TK, const u8 * TA, 209 u32 IV32) 210 { 211 int i, j; 212 213 /* Initialize the 80-bit TTAK from TSC (IV32) and TA[0..5] */ 214 TTAK[0] = Lo16(IV32); 215 TTAK[1] = Hi16(IV32); 216 TTAK[2] = Mk16(TA[1], TA[0]); 217 TTAK[3] = Mk16(TA[3], TA[2]); 218 TTAK[4] = Mk16(TA[5], TA[4]); 219 220 for (i = 0; i < PHASE1_LOOP_COUNT; i++) { 221 j = 2 * (i & 1); 222 TTAK[0] += _S_(TTAK[4] ^ Mk16(TK[1 + j], TK[0 + j])); 223 TTAK[1] += _S_(TTAK[0] ^ Mk16(TK[5 + j], TK[4 + j])); 224 TTAK[2] += _S_(TTAK[1] ^ Mk16(TK[9 + j], TK[8 + j])); 225 TTAK[3] += _S_(TTAK[2] ^ Mk16(TK[13 + j], TK[12 + j])); 226 TTAK[4] += _S_(TTAK[3] ^ Mk16(TK[1 + j], TK[0 + j])) + i; 227 } 228 } 229 230 static void tkip_mixing_phase2(u8 * WEPSeed, const u8 * TK, const u16 * TTAK, 231 u16 IV16) 232 { 233 /* Make temporary area overlap WEP seed so that the final copy can be 234 * avoided on little endian hosts. */ 235 u16 *PPK = (u16 *) & WEPSeed[4]; 236 237 /* Step 1 - make copy of TTAK and bring in TSC */ 238 PPK[0] = TTAK[0]; 239 PPK[1] = TTAK[1]; 240 PPK[2] = TTAK[2]; 241 PPK[3] = TTAK[3]; 242 PPK[4] = TTAK[4]; 243 PPK[5] = TTAK[4] + IV16; 244 245 /* Step 2 - 96-bit bijective mixing using S-box */ 246 PPK[0] += _S_(PPK[5] ^ Mk16_le((__le16 *) & TK[0])); 247 PPK[1] += _S_(PPK[0] ^ Mk16_le((__le16 *) & TK[2])); 248 PPK[2] += _S_(PPK[1] ^ Mk16_le((__le16 *) & TK[4])); 249 PPK[3] += _S_(PPK[2] ^ Mk16_le((__le16 *) & TK[6])); 250 PPK[4] += _S_(PPK[3] ^ Mk16_le((__le16 *) & TK[8])); 251 PPK[5] += _S_(PPK[4] ^ Mk16_le((__le16 *) & TK[10])); 252 253 PPK[0] += RotR1(PPK[5] ^ Mk16_le((__le16 *) & TK[12])); 254 PPK[1] += RotR1(PPK[0] ^ Mk16_le((__le16 *) & TK[14])); 255 PPK[2] += RotR1(PPK[1]); 256 PPK[3] += RotR1(PPK[2]); 257 PPK[4] += RotR1(PPK[3]); 258 PPK[5] += RotR1(PPK[4]); 259 260 /* Step 3 - bring in last of TK bits, assign 24-bit WEP IV value 261 * WEPSeed[0..2] is transmitted as WEP IV */ 262 WEPSeed[0] = Hi8(IV16); 263 WEPSeed[1] = (Hi8(IV16) | 0x20) & 0x7F; 264 WEPSeed[2] = Lo8(IV16); 265 WEPSeed[3] = Lo8((PPK[5] ^ Mk16_le((__le16 *) & TK[0])) >> 1); 266 267 #ifdef __BIG_ENDIAN 268 { 269 int i; 270 for (i = 0; i < 6; i++) 271 PPK[i] = (PPK[i] << 8) | (PPK[i] >> 8); 272 } 273 #endif 274 } 275 276 static int libipw_tkip_hdr(struct sk_buff *skb, int hdr_len, 277 u8 * rc4key, int keylen, void *priv) 278 { 279 struct libipw_tkip_data *tkey = priv; 280 u8 *pos; 281 struct ieee80211_hdr *hdr; 282 283 hdr = (struct ieee80211_hdr *)skb->data; 284 285 if (skb_headroom(skb) < TKIP_HDR_LEN || skb->len < hdr_len) 286 return -1; 287 288 if (rc4key == NULL || keylen < 16) 289 return -1; 290 291 if (!tkey->tx_phase1_done) { 292 tkip_mixing_phase1(tkey->tx_ttak, tkey->key, hdr->addr2, 293 tkey->tx_iv32); 294 tkey->tx_phase1_done = 1; 295 } 296 tkip_mixing_phase2(rc4key, tkey->key, tkey->tx_ttak, tkey->tx_iv16); 297 298 pos = skb_push(skb, TKIP_HDR_LEN); 299 memmove(pos, pos + TKIP_HDR_LEN, hdr_len); 300 pos += hdr_len; 301 302 *pos++ = *rc4key; 303 *pos++ = *(rc4key + 1); 304 *pos++ = *(rc4key + 2); 305 *pos++ = (tkey->key_idx << 6) | (1 << 5) /* Ext IV included */ ; 306 *pos++ = tkey->tx_iv32 & 0xff; 307 *pos++ = (tkey->tx_iv32 >> 8) & 0xff; 308 *pos++ = (tkey->tx_iv32 >> 16) & 0xff; 309 *pos++ = (tkey->tx_iv32 >> 24) & 0xff; 310 311 tkey->tx_iv16++; 312 if (tkey->tx_iv16 == 0) { 313 tkey->tx_phase1_done = 0; 314 tkey->tx_iv32++; 315 } 316 317 return TKIP_HDR_LEN; 318 } 319 320 static int libipw_tkip_encrypt(struct sk_buff *skb, int hdr_len, void *priv) 321 { 322 struct libipw_tkip_data *tkey = priv; 323 int len; 324 u8 rc4key[16], *pos, *icv; 325 u32 crc; 326 327 if (tkey->flags & IEEE80211_CRYPTO_TKIP_COUNTERMEASURES) { 328 struct ieee80211_hdr *hdr = (struct ieee80211_hdr *)skb->data; 329 net_dbg_ratelimited("TKIP countermeasures: dropped TX packet to %pM\n", 330 hdr->addr1); 331 return -1; 332 } 333 334 if (skb_tailroom(skb) < 4 || skb->len < hdr_len) 335 return -1; 336 337 len = skb->len - hdr_len; 338 pos = skb->data + hdr_len; 339 340 if ((libipw_tkip_hdr(skb, hdr_len, rc4key, 16, priv)) < 0) 341 return -1; 342 343 crc = ~crc32_le(~0, pos, len); 344 icv = skb_put(skb, 4); 345 icv[0] = crc; 346 icv[1] = crc >> 8; 347 icv[2] = crc >> 16; 348 icv[3] = crc >> 24; 349 350 arc4_setkey(&tkey->tx_ctx_arc4, rc4key, 16); 351 arc4_crypt(&tkey->tx_ctx_arc4, pos, pos, len + 4); 352 353 return 0; 354 } 355 356 /* 357 * deal with seq counter wrapping correctly. 358 * refer to timer_after() for jiffies wrapping handling 359 */ 360 static inline int tkip_replay_check(u32 iv32_n, u16 iv16_n, 361 u32 iv32_o, u16 iv16_o) 362 { 363 if ((s32)iv32_n - (s32)iv32_o < 0 || 364 (iv32_n == iv32_o && iv16_n <= iv16_o)) 365 return 1; 366 return 0; 367 } 368 369 static int libipw_tkip_decrypt(struct sk_buff *skb, int hdr_len, void *priv) 370 { 371 struct libipw_tkip_data *tkey = priv; 372 u8 rc4key[16]; 373 u8 keyidx, *pos; 374 u32 iv32; 375 u16 iv16; 376 struct ieee80211_hdr *hdr; 377 u8 icv[4]; 378 u32 crc; 379 int plen; 380 381 hdr = (struct ieee80211_hdr *)skb->data; 382 383 if (tkey->flags & IEEE80211_CRYPTO_TKIP_COUNTERMEASURES) { 384 net_dbg_ratelimited("TKIP countermeasures: dropped received packet from %pM\n", 385 hdr->addr2); 386 return -1; 387 } 388 389 if (skb->len < hdr_len + TKIP_HDR_LEN + 4) 390 return -1; 391 392 pos = skb->data + hdr_len; 393 keyidx = pos[3]; 394 if (!(keyidx & (1 << 5))) { 395 net_dbg_ratelimited("TKIP: received packet without ExtIV flag from %pM\n", 396 hdr->addr2); 397 return -2; 398 } 399 keyidx >>= 6; 400 if (tkey->key_idx != keyidx) { 401 net_dbg_ratelimited("TKIP: RX tkey->key_idx=%d frame keyidx=%d\n", 402 tkey->key_idx, keyidx); 403 return -6; 404 } 405 if (!tkey->key_set) { 406 net_dbg_ratelimited("TKIP: received packet from %pM with keyid=%d that does not have a configured key\n", 407 hdr->addr2, keyidx); 408 return -3; 409 } 410 iv16 = (pos[0] << 8) | pos[2]; 411 iv32 = pos[4] | (pos[5] << 8) | (pos[6] << 16) | (pos[7] << 24); 412 pos += TKIP_HDR_LEN; 413 414 if (tkip_replay_check(iv32, iv16, tkey->rx_iv32, tkey->rx_iv16)) { 415 #ifdef CONFIG_LIBIPW_DEBUG 416 net_dbg_ratelimited("TKIP: replay detected: STA=%pM previous TSC %08x%04x received TSC %08x%04x\n", 417 hdr->addr2, tkey->rx_iv32, tkey->rx_iv16, 418 iv32, iv16); 419 #endif 420 tkey->dot11RSNAStatsTKIPReplays++; 421 return -4; 422 } 423 424 if (iv32 != tkey->rx_iv32 || !tkey->rx_phase1_done) { 425 tkip_mixing_phase1(tkey->rx_ttak, tkey->key, hdr->addr2, iv32); 426 tkey->rx_phase1_done = 1; 427 } 428 tkip_mixing_phase2(rc4key, tkey->key, tkey->rx_ttak, iv16); 429 430 plen = skb->len - hdr_len - 12; 431 432 arc4_setkey(&tkey->rx_ctx_arc4, rc4key, 16); 433 arc4_crypt(&tkey->rx_ctx_arc4, pos, pos, plen + 4); 434 435 crc = ~crc32_le(~0, pos, plen); 436 icv[0] = crc; 437 icv[1] = crc >> 8; 438 icv[2] = crc >> 16; 439 icv[3] = crc >> 24; 440 if (memcmp(icv, pos + plen, 4) != 0) { 441 if (iv32 != tkey->rx_iv32) { 442 /* Previously cached Phase1 result was already lost, so 443 * it needs to be recalculated for the next packet. */ 444 tkey->rx_phase1_done = 0; 445 } 446 #ifdef CONFIG_LIBIPW_DEBUG 447 net_dbg_ratelimited("TKIP: ICV error detected: STA=%pM\n", 448 hdr->addr2); 449 #endif 450 tkey->dot11RSNAStatsTKIPICVErrors++; 451 return -5; 452 } 453 454 /* Update real counters only after Michael MIC verification has 455 * completed */ 456 tkey->rx_iv32_new = iv32; 457 tkey->rx_iv16_new = iv16; 458 459 /* Remove IV and ICV */ 460 memmove(skb->data + TKIP_HDR_LEN, skb->data, hdr_len); 461 skb_pull(skb, TKIP_HDR_LEN); 462 skb_trim(skb, skb->len - 4); 463 464 return keyidx; 465 } 466 467 static int michael_mic(struct crypto_shash *tfm_michael, u8 *key, u8 *hdr, 468 u8 *data, size_t data_len, u8 *mic) 469 { 470 SHASH_DESC_ON_STACK(desc, tfm_michael); 471 int err; 472 473 if (tfm_michael == NULL) { 474 pr_warn("%s(): tfm_michael == NULL\n", __func__); 475 return -1; 476 } 477 478 desc->tfm = tfm_michael; 479 480 if (crypto_shash_setkey(tfm_michael, key, 8)) 481 return -1; 482 483 err = crypto_shash_init(desc); 484 if (err) 485 goto out; 486 err = crypto_shash_update(desc, hdr, 16); 487 if (err) 488 goto out; 489 err = crypto_shash_update(desc, data, data_len); 490 if (err) 491 goto out; 492 err = crypto_shash_final(desc, mic); 493 494 out: 495 shash_desc_zero(desc); 496 return err; 497 } 498 499 static void michael_mic_hdr(struct sk_buff *skb, u8 * hdr) 500 { 501 struct ieee80211_hdr *hdr11; 502 503 hdr11 = (struct ieee80211_hdr *)skb->data; 504 505 switch (le16_to_cpu(hdr11->frame_control) & 506 (IEEE80211_FCTL_FROMDS | IEEE80211_FCTL_TODS)) { 507 case IEEE80211_FCTL_TODS: 508 memcpy(hdr, hdr11->addr3, ETH_ALEN); /* DA */ 509 memcpy(hdr + ETH_ALEN, hdr11->addr2, ETH_ALEN); /* SA */ 510 break; 511 case IEEE80211_FCTL_FROMDS: 512 memcpy(hdr, hdr11->addr1, ETH_ALEN); /* DA */ 513 memcpy(hdr + ETH_ALEN, hdr11->addr3, ETH_ALEN); /* SA */ 514 break; 515 case IEEE80211_FCTL_FROMDS | IEEE80211_FCTL_TODS: 516 memcpy(hdr, hdr11->addr3, ETH_ALEN); /* DA */ 517 memcpy(hdr + ETH_ALEN, hdr11->addr4, ETH_ALEN); /* SA */ 518 break; 519 default: 520 memcpy(hdr, hdr11->addr1, ETH_ALEN); /* DA */ 521 memcpy(hdr + ETH_ALEN, hdr11->addr2, ETH_ALEN); /* SA */ 522 break; 523 } 524 525 if (ieee80211_is_data_qos(hdr11->frame_control)) { 526 hdr[12] = le16_to_cpu(*((__le16 *)ieee80211_get_qos_ctl(hdr11))) 527 & IEEE80211_QOS_CTL_TID_MASK; 528 } else 529 hdr[12] = 0; /* priority */ 530 531 hdr[13] = hdr[14] = hdr[15] = 0; /* reserved */ 532 } 533 534 static int libipw_michael_mic_add(struct sk_buff *skb, int hdr_len, 535 void *priv) 536 { 537 struct libipw_tkip_data *tkey = priv; 538 u8 *pos; 539 540 if (skb_tailroom(skb) < 8 || skb->len < hdr_len) { 541 printk(KERN_DEBUG "Invalid packet for Michael MIC add " 542 "(tailroom=%d hdr_len=%d skb->len=%d)\n", 543 skb_tailroom(skb), hdr_len, skb->len); 544 return -1; 545 } 546 547 michael_mic_hdr(skb, tkey->tx_hdr); 548 pos = skb_put(skb, 8); 549 if (michael_mic(tkey->tx_tfm_michael, &tkey->key[16], tkey->tx_hdr, 550 skb->data + hdr_len, skb->len - 8 - hdr_len, pos)) 551 return -1; 552 553 return 0; 554 } 555 556 static void libipw_michael_mic_failure(struct net_device *dev, 557 struct ieee80211_hdr *hdr, 558 int keyidx) 559 { 560 union iwreq_data wrqu; 561 struct iw_michaelmicfailure ev; 562 563 /* TODO: needed parameters: count, keyid, key type, TSC */ 564 memset(&ev, 0, sizeof(ev)); 565 ev.flags = keyidx & IW_MICFAILURE_KEY_ID; 566 if (hdr->addr1[0] & 0x01) 567 ev.flags |= IW_MICFAILURE_GROUP; 568 else 569 ev.flags |= IW_MICFAILURE_PAIRWISE; 570 ev.src_addr.sa_family = ARPHRD_ETHER; 571 memcpy(ev.src_addr.sa_data, hdr->addr2, ETH_ALEN); 572 memset(&wrqu, 0, sizeof(wrqu)); 573 wrqu.data.length = sizeof(ev); 574 wireless_send_event(dev, IWEVMICHAELMICFAILURE, &wrqu, (char *)&ev); 575 } 576 577 static int libipw_michael_mic_verify(struct sk_buff *skb, int keyidx, 578 int hdr_len, void *priv) 579 { 580 struct libipw_tkip_data *tkey = priv; 581 u8 mic[8]; 582 583 if (!tkey->key_set) 584 return -1; 585 586 michael_mic_hdr(skb, tkey->rx_hdr); 587 if (michael_mic(tkey->rx_tfm_michael, &tkey->key[24], tkey->rx_hdr, 588 skb->data + hdr_len, skb->len - 8 - hdr_len, mic)) 589 return -1; 590 if (memcmp(mic, skb->data + skb->len - 8, 8) != 0) { 591 struct ieee80211_hdr *hdr; 592 hdr = (struct ieee80211_hdr *)skb->data; 593 printk(KERN_DEBUG "%s: Michael MIC verification failed for " 594 "MSDU from %pM keyidx=%d\n", 595 skb->dev ? skb->dev->name : "N/A", hdr->addr2, 596 keyidx); 597 if (skb->dev) 598 libipw_michael_mic_failure(skb->dev, hdr, keyidx); 599 tkey->dot11RSNAStatsTKIPLocalMICFailures++; 600 return -1; 601 } 602 603 /* Update TSC counters for RX now that the packet verification has 604 * completed. */ 605 tkey->rx_iv32 = tkey->rx_iv32_new; 606 tkey->rx_iv16 = tkey->rx_iv16_new; 607 608 skb_trim(skb, skb->len - 8); 609 610 return 0; 611 } 612 613 static int libipw_tkip_set_key(void *key, int len, u8 * seq, void *priv) 614 { 615 struct libipw_tkip_data *tkey = priv; 616 int keyidx; 617 struct crypto_shash *tfm = tkey->tx_tfm_michael; 618 struct arc4_ctx *tfm2 = &tkey->tx_ctx_arc4; 619 struct crypto_shash *tfm3 = tkey->rx_tfm_michael; 620 struct arc4_ctx *tfm4 = &tkey->rx_ctx_arc4; 621 622 keyidx = tkey->key_idx; 623 memset(tkey, 0, sizeof(*tkey)); 624 tkey->key_idx = keyidx; 625 tkey->tx_tfm_michael = tfm; 626 tkey->tx_ctx_arc4 = *tfm2; 627 tkey->rx_tfm_michael = tfm3; 628 tkey->rx_ctx_arc4 = *tfm4; 629 if (len == TKIP_KEY_LEN) { 630 memcpy(tkey->key, key, TKIP_KEY_LEN); 631 tkey->key_set = 1; 632 tkey->tx_iv16 = 1; /* TSC is initialized to 1 */ 633 if (seq) { 634 tkey->rx_iv32 = (seq[5] << 24) | (seq[4] << 16) | 635 (seq[3] << 8) | seq[2]; 636 tkey->rx_iv16 = (seq[1] << 8) | seq[0]; 637 } 638 } else if (len == 0) 639 tkey->key_set = 0; 640 else 641 return -1; 642 643 return 0; 644 } 645 646 static int libipw_tkip_get_key(void *key, int len, u8 * seq, void *priv) 647 { 648 struct libipw_tkip_data *tkey = priv; 649 650 if (len < TKIP_KEY_LEN) 651 return -1; 652 653 if (!tkey->key_set) 654 return 0; 655 memcpy(key, tkey->key, TKIP_KEY_LEN); 656 657 if (seq) { 658 /* 659 * Not clear if this should return the value as is 660 * or - as the code previously seemed to partially 661 * have been written as - subtract one from it. It 662 * was working this way for a long time so leave it. 663 */ 664 seq[0] = tkey->tx_iv16; 665 seq[1] = tkey->tx_iv16 >> 8; 666 seq[2] = tkey->tx_iv32; 667 seq[3] = tkey->tx_iv32 >> 8; 668 seq[4] = tkey->tx_iv32 >> 16; 669 seq[5] = tkey->tx_iv32 >> 24; 670 } 671 672 return TKIP_KEY_LEN; 673 } 674 675 static void libipw_tkip_print_stats(struct seq_file *m, void *priv) 676 { 677 struct libipw_tkip_data *tkip = priv; 678 seq_printf(m, 679 "key[%d] alg=TKIP key_set=%d " 680 "tx_pn=%02x%02x%02x%02x%02x%02x " 681 "rx_pn=%02x%02x%02x%02x%02x%02x " 682 "replays=%d icv_errors=%d local_mic_failures=%d\n", 683 tkip->key_idx, tkip->key_set, 684 (tkip->tx_iv32 >> 24) & 0xff, 685 (tkip->tx_iv32 >> 16) & 0xff, 686 (tkip->tx_iv32 >> 8) & 0xff, 687 tkip->tx_iv32 & 0xff, 688 (tkip->tx_iv16 >> 8) & 0xff, 689 tkip->tx_iv16 & 0xff, 690 (tkip->rx_iv32 >> 24) & 0xff, 691 (tkip->rx_iv32 >> 16) & 0xff, 692 (tkip->rx_iv32 >> 8) & 0xff, 693 tkip->rx_iv32 & 0xff, 694 (tkip->rx_iv16 >> 8) & 0xff, 695 tkip->rx_iv16 & 0xff, 696 tkip->dot11RSNAStatsTKIPReplays, 697 tkip->dot11RSNAStatsTKIPICVErrors, 698 tkip->dot11RSNAStatsTKIPLocalMICFailures); 699 } 700 701 static const struct libipw_crypto_ops libipw_crypt_tkip = { 702 .name = "TKIP", 703 .init = libipw_tkip_init, 704 .deinit = libipw_tkip_deinit, 705 .encrypt_mpdu = libipw_tkip_encrypt, 706 .decrypt_mpdu = libipw_tkip_decrypt, 707 .encrypt_msdu = libipw_michael_mic_add, 708 .decrypt_msdu = libipw_michael_mic_verify, 709 .set_key = libipw_tkip_set_key, 710 .get_key = libipw_tkip_get_key, 711 .print_stats = libipw_tkip_print_stats, 712 .extra_mpdu_prefix_len = 4 + 4, /* IV + ExtIV */ 713 .extra_mpdu_postfix_len = 4, /* ICV */ 714 .extra_msdu_postfix_len = 8, /* MIC */ 715 .get_flags = libipw_tkip_get_flags, 716 .set_flags = libipw_tkip_set_flags, 717 .owner = THIS_MODULE, 718 }; 719 720 int __init libipw_crypto_tkip_init(void) 721 { 722 return libipw_register_crypto_ops(&libipw_crypt_tkip); 723 } 724 725 void libipw_crypto_tkip_exit(void) 726 { 727 libipw_unregister_crypto_ops(&libipw_crypt_tkip); 728 } 729