2 * Host AP crypt: host-based TKIP encryption implementation for Host AP driver
4 * Copyright (c) 2003-2004, Jouni Malinen <jkmaline@cc.hut.fi>
6 * This program is free software; you can redistribute it and/or modify
7 * it under the terms of the GNU General Public License version 2 as
8 * published by the Free Software Foundation. See README and COPYING for
12 #include <linux/module.h>
13 #include <linux/init.h>
14 #include <linux/slab.h>
15 #include <linux/random.h>
16 #include <linux/skbuff.h>
17 #include <linux/netdevice.h>
18 #include <linux/if_ether.h>
19 #include <linux/if_arp.h>
20 #include <linux/string.h>
21 #include <linux/crypto.h>
22 #include <linux/scatterlist.h>
23 #include <linux/crc32.h>
27 struct rtllib_tkip_data {
28 #define TKIP_KEY_LEN 32
45 u32 dot11RSNAStatsTKIPReplays;
46 u32 dot11RSNAStatsTKIPICVErrors;
47 u32 dot11RSNAStatsTKIPLocalMICFailures;
50 struct crypto_blkcipher *rx_tfm_arc4;
51 struct crypto_hash *rx_tfm_michael;
52 struct crypto_blkcipher *tx_tfm_arc4;
53 struct crypto_hash *tx_tfm_michael;
54 /* scratch buffers for virt_to_page() (crypto API) */
55 u8 rx_hdr[16], tx_hdr[16];
58 static void *rtllib_tkip_init(int key_idx)
60 struct rtllib_tkip_data *priv;
62 priv = kzalloc(sizeof(*priv), GFP_ATOMIC);
65 priv->key_idx = key_idx;
66 priv->tx_tfm_arc4 = crypto_alloc_blkcipher("ecb(arc4)", 0,
68 if (IS_ERR(priv->tx_tfm_arc4)) {
69 printk(KERN_DEBUG "rtllib_crypt_tkip: could not allocate "
71 priv->tx_tfm_arc4 = NULL;
75 priv->tx_tfm_michael = crypto_alloc_hash("michael_mic", 0,
77 if (IS_ERR(priv->tx_tfm_michael)) {
78 printk(KERN_DEBUG "rtllib_crypt_tkip: could not allocate "
79 "crypto API michael_mic\n");
80 priv->tx_tfm_michael = NULL;
84 priv->rx_tfm_arc4 = crypto_alloc_blkcipher("ecb(arc4)", 0,
86 if (IS_ERR(priv->rx_tfm_arc4)) {
87 printk(KERN_DEBUG "rtllib_crypt_tkip: could not allocate "
89 priv->rx_tfm_arc4 = NULL;
93 priv->rx_tfm_michael = crypto_alloc_hash("michael_mic", 0,
95 if (IS_ERR(priv->rx_tfm_michael)) {
96 printk(KERN_DEBUG "rtllib_crypt_tkip: could not allocate "
97 "crypto API michael_mic\n");
98 priv->rx_tfm_michael = NULL;
105 if (priv->tx_tfm_michael)
106 crypto_free_hash(priv->tx_tfm_michael);
107 if (priv->tx_tfm_arc4)
108 crypto_free_blkcipher(priv->tx_tfm_arc4);
109 if (priv->rx_tfm_michael)
110 crypto_free_hash(priv->rx_tfm_michael);
111 if (priv->rx_tfm_arc4)
112 crypto_free_blkcipher(priv->rx_tfm_arc4);
120 static void rtllib_tkip_deinit(void *priv)
122 struct rtllib_tkip_data *_priv = priv;
125 if (_priv->tx_tfm_michael)
126 crypto_free_hash(_priv->tx_tfm_michael);
127 if (_priv->tx_tfm_arc4)
128 crypto_free_blkcipher(_priv->tx_tfm_arc4);
129 if (_priv->rx_tfm_michael)
130 crypto_free_hash(_priv->rx_tfm_michael);
131 if (_priv->rx_tfm_arc4)
132 crypto_free_blkcipher(_priv->rx_tfm_arc4);
138 static inline u16 RotR1(u16 val)
140 return (val >> 1) | (val << 15);
144 static inline u8 Lo8(u16 val)
150 static inline u8 Hi8(u16 val)
156 static inline u16 Lo16(u32 val)
162 static inline u16 Hi16(u32 val)
168 static inline u16 Mk16(u8 hi, u8 lo)
170 return lo | (((u16) hi) << 8);
174 static inline u16 Mk16_le(u16 *v)
176 return le16_to_cpu(*v);
180 static const u16 Sbox[256] = {
181 0xC6A5, 0xF884, 0xEE99, 0xF68D, 0xFF0D, 0xD6BD, 0xDEB1, 0x9154,
182 0x6050, 0x0203, 0xCEA9, 0x567D, 0xE719, 0xB562, 0x4DE6, 0xEC9A,
183 0x8F45, 0x1F9D, 0x8940, 0xFA87, 0xEF15, 0xB2EB, 0x8EC9, 0xFB0B,
184 0x41EC, 0xB367, 0x5FFD, 0x45EA, 0x23BF, 0x53F7, 0xE496, 0x9B5B,
185 0x75C2, 0xE11C, 0x3DAE, 0x4C6A, 0x6C5A, 0x7E41, 0xF502, 0x834F,
186 0x685C, 0x51F4, 0xD134, 0xF908, 0xE293, 0xAB73, 0x6253, 0x2A3F,
187 0x080C, 0x9552, 0x4665, 0x9D5E, 0x3028, 0x37A1, 0x0A0F, 0x2FB5,
188 0x0E09, 0x2436, 0x1B9B, 0xDF3D, 0xCD26, 0x4E69, 0x7FCD, 0xEA9F,
189 0x121B, 0x1D9E, 0x5874, 0x342E, 0x362D, 0xDCB2, 0xB4EE, 0x5BFB,
190 0xA4F6, 0x764D, 0xB761, 0x7DCE, 0x527B, 0xDD3E, 0x5E71, 0x1397,
191 0xA6F5, 0xB968, 0x0000, 0xC12C, 0x4060, 0xE31F, 0x79C8, 0xB6ED,
192 0xD4BE, 0x8D46, 0x67D9, 0x724B, 0x94DE, 0x98D4, 0xB0E8, 0x854A,
193 0xBB6B, 0xC52A, 0x4FE5, 0xED16, 0x86C5, 0x9AD7, 0x6655, 0x1194,
194 0x8ACF, 0xE910, 0x0406, 0xFE81, 0xA0F0, 0x7844, 0x25BA, 0x4BE3,
195 0xA2F3, 0x5DFE, 0x80C0, 0x058A, 0x3FAD, 0x21BC, 0x7048, 0xF104,
196 0x63DF, 0x77C1, 0xAF75, 0x4263, 0x2030, 0xE51A, 0xFD0E, 0xBF6D,
197 0x814C, 0x1814, 0x2635, 0xC32F, 0xBEE1, 0x35A2, 0x88CC, 0x2E39,
198 0x9357, 0x55F2, 0xFC82, 0x7A47, 0xC8AC, 0xBAE7, 0x322B, 0xE695,
199 0xC0A0, 0x1998, 0x9ED1, 0xA37F, 0x4466, 0x547E, 0x3BAB, 0x0B83,
200 0x8CCA, 0xC729, 0x6BD3, 0x283C, 0xA779, 0xBCE2, 0x161D, 0xAD76,
201 0xDB3B, 0x6456, 0x744E, 0x141E, 0x92DB, 0x0C0A, 0x486C, 0xB8E4,
202 0x9F5D, 0xBD6E, 0x43EF, 0xC4A6, 0x39A8, 0x31A4, 0xD337, 0xF28B,
203 0xD532, 0x8B43, 0x6E59, 0xDAB7, 0x018C, 0xB164, 0x9CD2, 0x49E0,
204 0xD8B4, 0xACFA, 0xF307, 0xCF25, 0xCAAF, 0xF48E, 0x47E9, 0x1018,
205 0x6FD5, 0xF088, 0x4A6F, 0x5C72, 0x3824, 0x57F1, 0x73C7, 0x9751,
206 0xCB23, 0xA17C, 0xE89C, 0x3E21, 0x96DD, 0x61DC, 0x0D86, 0x0F85,
207 0xE090, 0x7C42, 0x71C4, 0xCCAA, 0x90D8, 0x0605, 0xF701, 0x1C12,
208 0xC2A3, 0x6A5F, 0xAEF9, 0x69D0, 0x1791, 0x9958, 0x3A27, 0x27B9,
209 0xD938, 0xEB13, 0x2BB3, 0x2233, 0xD2BB, 0xA970, 0x0789, 0x33A7,
210 0x2DB6, 0x3C22, 0x1592, 0xC920, 0x8749, 0xAAFF, 0x5078, 0xA57A,
211 0x038F, 0x59F8, 0x0980, 0x1A17, 0x65DA, 0xD731, 0x84C6, 0xD0B8,
212 0x82C3, 0x29B0, 0x5A77, 0x1E11, 0x7BCB, 0xA8FC, 0x6DD6, 0x2C3A,
216 static inline u16 _S_(u16 v)
218 u16 t = Sbox[Hi8(v)];
219 return Sbox[Lo8(v)] ^ ((t << 8) | (t >> 8));
223 #define PHASE1_LOOP_COUNT 8
226 static void tkip_mixing_phase1(u16 *TTAK, const u8 *TK, const u8 *TA, u32 IV32)
230 /* Initialize the 80-bit TTAK from TSC (IV32) and TA[0..5] */
231 TTAK[0] = Lo16(IV32);
232 TTAK[1] = Hi16(IV32);
233 TTAK[2] = Mk16(TA[1], TA[0]);
234 TTAK[3] = Mk16(TA[3], TA[2]);
235 TTAK[4] = Mk16(TA[5], TA[4]);
237 for (i = 0; i < PHASE1_LOOP_COUNT; i++) {
239 TTAK[0] += _S_(TTAK[4] ^ Mk16(TK[1 + j], TK[0 + j]));
240 TTAK[1] += _S_(TTAK[0] ^ Mk16(TK[5 + j], TK[4 + j]));
241 TTAK[2] += _S_(TTAK[1] ^ Mk16(TK[9 + j], TK[8 + j]));
242 TTAK[3] += _S_(TTAK[2] ^ Mk16(TK[13 + j], TK[12 + j]));
243 TTAK[4] += _S_(TTAK[3] ^ Mk16(TK[1 + j], TK[0 + j])) + i;
248 static void tkip_mixing_phase2(u8 *WEPSeed, const u8 *TK, const u16 *TTAK,
251 /* Make temporary area overlap WEP seed so that the final copy can be
252 * avoided on little endian hosts. */
253 u16 *PPK = (u16 *) &WEPSeed[4];
255 /* Step 1 - make copy of TTAK and bring in TSC */
261 PPK[5] = TTAK[4] + IV16;
263 /* Step 2 - 96-bit bijective mixing using S-box */
264 PPK[0] += _S_(PPK[5] ^ Mk16_le((u16 *) &TK[0]));
265 PPK[1] += _S_(PPK[0] ^ Mk16_le((u16 *) &TK[2]));
266 PPK[2] += _S_(PPK[1] ^ Mk16_le((u16 *) &TK[4]));
267 PPK[3] += _S_(PPK[2] ^ Mk16_le((u16 *) &TK[6]));
268 PPK[4] += _S_(PPK[3] ^ Mk16_le((u16 *) &TK[8]));
269 PPK[5] += _S_(PPK[4] ^ Mk16_le((u16 *) &TK[10]));
271 PPK[0] += RotR1(PPK[5] ^ Mk16_le((u16 *) &TK[12]));
272 PPK[1] += RotR1(PPK[0] ^ Mk16_le((u16 *) &TK[14]));
273 PPK[2] += RotR1(PPK[1]);
274 PPK[3] += RotR1(PPK[2]);
275 PPK[4] += RotR1(PPK[3]);
276 PPK[5] += RotR1(PPK[4]);
278 /* Step 3 - bring in last of TK bits, assign 24-bit WEP IV value
279 * WEPSeed[0..2] is transmitted as WEP IV */
280 WEPSeed[0] = Hi8(IV16);
281 WEPSeed[1] = (Hi8(IV16) | 0x20) & 0x7F;
282 WEPSeed[2] = Lo8(IV16);
283 WEPSeed[3] = Lo8((PPK[5] ^ Mk16_le((u16 *) &TK[0])) >> 1);
288 for (i = 0; i < 6; i++)
289 PPK[i] = (PPK[i] << 8) | (PPK[i] >> 8);
295 static int rtllib_tkip_encrypt(struct sk_buff *skb, int hdr_len, void *priv)
297 struct rtllib_tkip_data *tkey = priv;
300 struct rtllib_hdr_4addr *hdr;
301 struct cb_desc *tcb_desc = (struct cb_desc *)(skb->cb +
303 struct blkcipher_desc desc = {.tfm = tkey->tx_tfm_arc4};
307 struct scatterlist sg;
309 if (skb_headroom(skb) < 8 || skb_tailroom(skb) < 4 ||
313 hdr = (struct rtllib_hdr_4addr *) skb->data;
315 if (!tcb_desc->bHwSec) {
316 if (!tkey->tx_phase1_done) {
317 tkip_mixing_phase1(tkey->tx_ttak, tkey->key, hdr->addr2,
319 tkey->tx_phase1_done = 1;
321 tkip_mixing_phase2(rc4key, tkey->key, tkey->tx_ttak,
324 tkey->tx_phase1_done = 1;
327 len = skb->len - hdr_len;
328 pos = skb_push(skb, 8);
329 memmove(pos, pos + 8, hdr_len);
332 if (tcb_desc->bHwSec) {
333 *pos++ = Hi8(tkey->tx_iv16);
334 *pos++ = (Hi8(tkey->tx_iv16) | 0x20) & 0x7F;
335 *pos++ = Lo8(tkey->tx_iv16);
342 *pos++ = (tkey->key_idx << 6) | (1 << 5) /* Ext IV included */;
343 *pos++ = tkey->tx_iv32 & 0xff;
344 *pos++ = (tkey->tx_iv32 >> 8) & 0xff;
345 *pos++ = (tkey->tx_iv32 >> 16) & 0xff;
346 *pos++ = (tkey->tx_iv32 >> 24) & 0xff;
348 if (!tcb_desc->bHwSec) {
349 icv = skb_put(skb, 4);
350 crc = ~crc32_le(~0, pos, len);
356 sg_init_one(&sg, pos, len+4);
359 crypto_blkcipher_setkey(tkey->tx_tfm_arc4, rc4key, 16);
360 ret = crypto_blkcipher_encrypt(&desc, &sg, &sg, len + 4);
364 if (tkey->tx_iv16 == 0) {
365 tkey->tx_phase1_done = 0;
369 if (!tcb_desc->bHwSec)
377 static int rtllib_tkip_decrypt(struct sk_buff *skb, int hdr_len, void *priv)
379 struct rtllib_tkip_data *tkey = priv;
383 struct rtllib_hdr_4addr *hdr;
384 struct cb_desc *tcb_desc = (struct cb_desc *)(skb->cb +
386 struct blkcipher_desc desc = {.tfm = tkey->rx_tfm_arc4};
390 struct scatterlist sg;
392 if (skb->len < hdr_len + 8 + 4)
395 hdr = (struct rtllib_hdr_4addr *) skb->data;
396 pos = skb->data + hdr_len;
398 if (!(keyidx & (1 << 5))) {
399 if (net_ratelimit()) {
400 printk(KERN_DEBUG "TKIP: received packet without ExtIV"
401 " flag from %pM\n", hdr->addr2);
406 if (tkey->key_idx != keyidx) {
407 printk(KERN_DEBUG "TKIP: RX tkey->key_idx=%d frame "
408 "keyidx=%d priv=%p\n", tkey->key_idx, keyidx, priv);
411 if (!tkey->key_set) {
412 if (net_ratelimit()) {
413 printk(KERN_DEBUG "TKIP: received packet from %pM"
414 " with keyid=%d that does not have a configured"
415 " key\n", hdr->addr2, keyidx);
419 iv16 = (pos[0] << 8) | pos[2];
420 iv32 = pos[4] | (pos[5] << 8) | (pos[6] << 16) | (pos[7] << 24);
423 if (!tcb_desc->bHwSec || (skb->cb[0] == 1)) {
424 if ((iv32 < tkey->rx_iv32 ||
425 (iv32 == tkey->rx_iv32 && iv16 <= tkey->rx_iv16)) &&
427 if (net_ratelimit()) {
428 printk(KERN_DEBUG "TKIP: replay detected: STA="
429 " %pM previous TSC %08x%04x received "
430 "TSC %08x%04x\n",hdr->addr2,
431 tkey->rx_iv32, tkey->rx_iv16, iv32, iv16);
433 tkey->dot11RSNAStatsTKIPReplays++;
436 tkey->initialized = true;
438 if (iv32 != tkey->rx_iv32 || !tkey->rx_phase1_done) {
439 tkip_mixing_phase1(tkey->rx_ttak, tkey->key,
441 tkey->rx_phase1_done = 1;
443 tkip_mixing_phase2(rc4key, tkey->key, tkey->rx_ttak, iv16);
445 plen = skb->len - hdr_len - 12;
447 sg_init_one(&sg, pos, plen+4);
449 crypto_blkcipher_setkey(tkey->rx_tfm_arc4, rc4key, 16);
450 if (crypto_blkcipher_decrypt(&desc, &sg, &sg, plen + 4)) {
451 if (net_ratelimit()) {
452 printk(KERN_DEBUG ": TKIP: failed to decrypt "
453 "received packet from %pM\n",
459 crc = ~crc32_le(~0, pos, plen);
465 if (memcmp(icv, pos + plen, 4) != 0) {
466 if (iv32 != tkey->rx_iv32) {
467 /* Previously cached Phase1 result was already
468 * lost, so it needs to be recalculated for the
470 tkey->rx_phase1_done = 0;
472 if (net_ratelimit()) {
473 printk(KERN_DEBUG "TKIP: ICV error detected: STA="
474 " %pM\n", hdr->addr2);
476 tkey->dot11RSNAStatsTKIPICVErrors++;
482 /* Update real counters only after Michael MIC verification has
484 tkey->rx_iv32_new = iv32;
485 tkey->rx_iv16_new = iv16;
487 /* Remove IV and ICV */
488 memmove(skb->data + 8, skb->data, hdr_len);
490 skb_trim(skb, skb->len - 4);
496 static int michael_mic(struct crypto_hash *tfm_michael, u8 *key, u8 *hdr,
497 u8 *data, size_t data_len, u8 *mic)
499 struct hash_desc desc;
500 struct scatterlist sg[2];
502 if (tfm_michael == NULL) {
503 printk(KERN_WARNING "michael_mic: tfm_michael == NULL\n");
506 sg_init_table(sg, 2);
507 sg_set_buf(&sg[0], hdr, 16);
508 sg_set_buf(&sg[1], data, data_len);
510 if (crypto_hash_setkey(tfm_michael, key, 8))
513 desc.tfm = tfm_michael;
515 return crypto_hash_digest(&desc, sg, data_len + 16, mic);
518 static void michael_mic_hdr(struct sk_buff *skb, u8 *hdr)
520 struct rtllib_hdr_4addr *hdr11;
522 hdr11 = (struct rtllib_hdr_4addr *) skb->data;
523 switch (le16_to_cpu(hdr11->frame_ctl) &
524 (RTLLIB_FCTL_FROMDS | RTLLIB_FCTL_TODS)) {
525 case RTLLIB_FCTL_TODS:
526 memcpy(hdr, hdr11->addr3, ETH_ALEN); /* DA */
527 memcpy(hdr + ETH_ALEN, hdr11->addr2, ETH_ALEN); /* SA */
529 case RTLLIB_FCTL_FROMDS:
530 memcpy(hdr, hdr11->addr1, ETH_ALEN); /* DA */
531 memcpy(hdr + ETH_ALEN, hdr11->addr3, ETH_ALEN); /* SA */
533 case RTLLIB_FCTL_FROMDS | RTLLIB_FCTL_TODS:
534 memcpy(hdr, hdr11->addr3, ETH_ALEN); /* DA */
535 memcpy(hdr + ETH_ALEN, hdr11->addr4, ETH_ALEN); /* SA */
538 memcpy(hdr, hdr11->addr1, ETH_ALEN); /* DA */
539 memcpy(hdr + ETH_ALEN, hdr11->addr2, ETH_ALEN); /* SA */
543 hdr[12] = 0; /* priority */
545 hdr[13] = hdr[14] = hdr[15] = 0; /* reserved */
549 static int rtllib_michael_mic_add(struct sk_buff *skb, int hdr_len, void *priv)
551 struct rtllib_tkip_data *tkey = priv;
553 struct rtllib_hdr_4addr *hdr;
555 hdr = (struct rtllib_hdr_4addr *) skb->data;
557 if (skb_tailroom(skb) < 8 || skb->len < hdr_len) {
558 printk(KERN_DEBUG "Invalid packet for Michael MIC add "
559 "(tailroom=%d hdr_len=%d skb->len=%d)\n",
560 skb_tailroom(skb), hdr_len, skb->len);
564 michael_mic_hdr(skb, tkey->tx_hdr);
566 if (RTLLIB_QOS_HAS_SEQ(le16_to_cpu(hdr->frame_ctl)))
567 tkey->tx_hdr[12] = *(skb->data + hdr_len - 2) & 0x07;
568 pos = skb_put(skb, 8);
569 if (michael_mic(tkey->tx_tfm_michael, &tkey->key[16], tkey->tx_hdr,
570 skb->data + hdr_len, skb->len - 8 - hdr_len, pos))
577 static void rtllib_michael_mic_failure(struct net_device *dev,
578 struct rtllib_hdr_4addr *hdr,
581 union iwreq_data wrqu;
582 struct iw_michaelmicfailure ev;
584 /* TODO: needed parameters: count, keyid, key type, TSC */
585 memset(&ev, 0, sizeof(ev));
586 ev.flags = keyidx & IW_MICFAILURE_KEY_ID;
587 if (hdr->addr1[0] & 0x01)
588 ev.flags |= IW_MICFAILURE_GROUP;
590 ev.flags |= IW_MICFAILURE_PAIRWISE;
591 ev.src_addr.sa_family = ARPHRD_ETHER;
592 memcpy(ev.src_addr.sa_data, hdr->addr2, ETH_ALEN);
593 memset(&wrqu, 0, sizeof(wrqu));
594 wrqu.data.length = sizeof(ev);
595 wireless_send_event(dev, IWEVMICHAELMICFAILURE, &wrqu, (char *) &ev);
598 static int rtllib_michael_mic_verify(struct sk_buff *skb, int keyidx,
599 int hdr_len, void *priv)
601 struct rtllib_tkip_data *tkey = priv;
603 struct rtllib_hdr_4addr *hdr;
605 hdr = (struct rtllib_hdr_4addr *) skb->data;
610 michael_mic_hdr(skb, tkey->rx_hdr);
611 if (RTLLIB_QOS_HAS_SEQ(le16_to_cpu(hdr->frame_ctl)))
612 tkey->rx_hdr[12] = *(skb->data + hdr_len - 2) & 0x07;
614 if (michael_mic(tkey->rx_tfm_michael, &tkey->key[24], tkey->rx_hdr,
615 skb->data + hdr_len, skb->len - 8 - hdr_len, mic))
618 if (memcmp(mic, skb->data + skb->len - 8, 8) != 0) {
619 struct rtllib_hdr_4addr *hdr;
620 hdr = (struct rtllib_hdr_4addr *) skb->data;
621 printk(KERN_DEBUG "%s: Michael MIC verification failed for "
622 "MSDU from %pM keyidx=%d\n",
623 skb->dev ? skb->dev->name : "N/A", hdr->addr2,
625 printk(KERN_DEBUG "%d\n",
626 memcmp(mic, skb->data + skb->len - 8, 8) != 0);
628 printk(KERN_INFO "skb->dev != NULL\n");
629 rtllib_michael_mic_failure(skb->dev, hdr, keyidx);
631 tkey->dot11RSNAStatsTKIPLocalMICFailures++;
635 /* Update TSC counters for RX now that the packet verification has
637 tkey->rx_iv32 = tkey->rx_iv32_new;
638 tkey->rx_iv16 = tkey->rx_iv16_new;
640 skb_trim(skb, skb->len - 8);
646 static int rtllib_tkip_set_key(void *key, int len, u8 *seq, void *priv)
648 struct rtllib_tkip_data *tkey = priv;
650 struct crypto_hash *tfm = tkey->tx_tfm_michael;
651 struct crypto_blkcipher *tfm2 = tkey->tx_tfm_arc4;
652 struct crypto_hash *tfm3 = tkey->rx_tfm_michael;
653 struct crypto_blkcipher *tfm4 = tkey->rx_tfm_arc4;
655 keyidx = tkey->key_idx;
656 memset(tkey, 0, sizeof(*tkey));
657 tkey->key_idx = keyidx;
658 tkey->tx_tfm_michael = tfm;
659 tkey->tx_tfm_arc4 = tfm2;
660 tkey->rx_tfm_michael = tfm3;
661 tkey->rx_tfm_arc4 = tfm4;
663 if (len == TKIP_KEY_LEN) {
664 memcpy(tkey->key, key, TKIP_KEY_LEN);
666 tkey->tx_iv16 = 1; /* TSC is initialized to 1 */
668 tkey->rx_iv32 = (seq[5] << 24) | (seq[4] << 16) |
669 (seq[3] << 8) | seq[2];
670 tkey->rx_iv16 = (seq[1] << 8) | seq[0];
681 static int rtllib_tkip_get_key(void *key, int len, u8 *seq, void *priv)
683 struct rtllib_tkip_data *tkey = priv;
685 if (len < TKIP_KEY_LEN)
690 memcpy(key, tkey->key, TKIP_KEY_LEN);
693 /* Return the sequence number of the last transmitted frame. */
694 u16 iv16 = tkey->tx_iv16;
695 u32 iv32 = tkey->tx_iv32;
699 seq[0] = tkey->tx_iv16;
700 seq[1] = tkey->tx_iv16 >> 8;
701 seq[2] = tkey->tx_iv32;
702 seq[3] = tkey->tx_iv32 >> 8;
703 seq[4] = tkey->tx_iv32 >> 16;
704 seq[5] = tkey->tx_iv32 >> 24;
711 static void rtllib_tkip_print_stats(struct seq_file *m, void *priv)
713 struct rtllib_tkip_data *tkip = priv;
715 "key[%d] alg=TKIP key_set=%d "
716 "tx_pn=%02x%02x%02x%02x%02x%02x "
717 "rx_pn=%02x%02x%02x%02x%02x%02x "
718 "replays=%d icv_errors=%d local_mic_failures=%d\n",
719 tkip->key_idx, tkip->key_set,
720 (tkip->tx_iv32 >> 24) & 0xff,
721 (tkip->tx_iv32 >> 16) & 0xff,
722 (tkip->tx_iv32 >> 8) & 0xff,
723 tkip->tx_iv32 & 0xff,
724 (tkip->tx_iv16 >> 8) & 0xff,
725 tkip->tx_iv16 & 0xff,
726 (tkip->rx_iv32 >> 24) & 0xff,
727 (tkip->rx_iv32 >> 16) & 0xff,
728 (tkip->rx_iv32 >> 8) & 0xff,
729 tkip->rx_iv32 & 0xff,
730 (tkip->rx_iv16 >> 8) & 0xff,
731 tkip->rx_iv16 & 0xff,
732 tkip->dot11RSNAStatsTKIPReplays,
733 tkip->dot11RSNAStatsTKIPICVErrors,
734 tkip->dot11RSNAStatsTKIPLocalMICFailures);
737 static struct lib80211_crypto_ops rtllib_crypt_tkip = {
739 .init = rtllib_tkip_init,
740 .deinit = rtllib_tkip_deinit,
741 .encrypt_mpdu = rtllib_tkip_encrypt,
742 .decrypt_mpdu = rtllib_tkip_decrypt,
743 .encrypt_msdu = rtllib_michael_mic_add,
744 .decrypt_msdu = rtllib_michael_mic_verify,
745 .set_key = rtllib_tkip_set_key,
746 .get_key = rtllib_tkip_get_key,
747 .print_stats = rtllib_tkip_print_stats,
748 .extra_mpdu_prefix_len = 4 + 4, /* IV + ExtIV */
749 .extra_mpdu_postfix_len = 4, /* ICV */
750 .extra_msdu_postfix_len = 8, /* MIC */
751 .owner = THIS_MODULE,
755 int __init rtllib_crypto_tkip_init(void)
757 return lib80211_register_crypto_ops(&rtllib_crypt_tkip);
761 void __exit rtllib_crypto_tkip_exit(void)
763 lib80211_unregister_crypto_ops(&rtllib_crypt_tkip);
766 module_init(rtllib_crypto_tkip_init);
767 module_exit(rtllib_crypto_tkip_exit);
769 MODULE_LICENSE("GPL");