2 * Host AP crypt: host-based TKIP encryption implementation for Host AP driver
4 * Copyright (c) 2003-2004, Jouni Malinen <jkmaline@cc.hut.fi>
6 * This program is free software; you can redistribute it and/or modify
7 * it under the terms of the GNU General Public License version 2 as
8 * published by the Free Software Foundation. See README and COPYING for
12 #include <crypto/hash.h>
13 #include <crypto/skcipher.h>
14 #include <linux/module.h>
15 #include <linux/init.h>
16 #include <linux/slab.h>
17 #include <linux/random.h>
18 #include <linux/skbuff.h>
19 #include <linux/netdevice.h>
20 #include <linux/if_ether.h>
21 #include <linux/if_arp.h>
22 #include <linux/string.h>
23 #include <linux/scatterlist.h>
24 #include <linux/crc32.h>
25 #include <linux/etherdevice.h>
29 struct rtllib_tkip_data {
30 #define TKIP_KEY_LEN 32
47 u32 dot11RSNAStatsTKIPReplays;
48 u32 dot11RSNAStatsTKIPICVErrors;
49 u32 dot11RSNAStatsTKIPLocalMICFailures;
52 struct crypto_skcipher *rx_tfm_arc4;
53 struct crypto_ahash *rx_tfm_michael;
54 struct crypto_skcipher *tx_tfm_arc4;
55 struct crypto_ahash *tx_tfm_michael;
56 /* scratch buffers for virt_to_page() (crypto API) */
61 static void *rtllib_tkip_init(int key_idx)
63 struct rtllib_tkip_data *priv;
65 priv = kzalloc(sizeof(*priv), GFP_ATOMIC);
68 priv->key_idx = key_idx;
69 priv->tx_tfm_arc4 = crypto_alloc_skcipher("ecb(arc4)", 0,
71 if (IS_ERR(priv->tx_tfm_arc4)) {
72 pr_debug("Could not allocate crypto API arc4\n");
73 priv->tx_tfm_arc4 = NULL;
77 priv->tx_tfm_michael = crypto_alloc_ahash("michael_mic", 0,
79 if (IS_ERR(priv->tx_tfm_michael)) {
80 pr_debug("Could not allocate crypto API michael_mic\n");
81 priv->tx_tfm_michael = NULL;
85 priv->rx_tfm_arc4 = crypto_alloc_skcipher("ecb(arc4)", 0,
87 if (IS_ERR(priv->rx_tfm_arc4)) {
88 pr_debug("Could not allocate crypto API arc4\n");
89 priv->rx_tfm_arc4 = NULL;
93 priv->rx_tfm_michael = crypto_alloc_ahash("michael_mic", 0,
95 if (IS_ERR(priv->rx_tfm_michael)) {
96 pr_debug("Could not allocate crypto API michael_mic\n");
97 priv->rx_tfm_michael = NULL;
104 crypto_free_ahash(priv->tx_tfm_michael);
105 crypto_free_skcipher(priv->tx_tfm_arc4);
106 crypto_free_ahash(priv->rx_tfm_michael);
107 crypto_free_skcipher(priv->rx_tfm_arc4);
115 static void rtllib_tkip_deinit(void *priv)
117 struct rtllib_tkip_data *_priv = priv;
120 crypto_free_ahash(_priv->tx_tfm_michael);
121 crypto_free_skcipher(_priv->tx_tfm_arc4);
122 crypto_free_ahash(_priv->rx_tfm_michael);
123 crypto_free_skcipher(_priv->rx_tfm_arc4);
129 static inline u16 RotR1(u16 val)
131 return (val >> 1) | (val << 15);
135 static inline u8 Lo8(u16 val)
141 static inline u8 Hi8(u16 val)
147 static inline u16 Lo16(u32 val)
153 static inline u16 Hi16(u32 val)
159 static inline u16 Mk16(u8 hi, u8 lo)
161 return lo | (((u16) hi) << 8);
165 static inline u16 Mk16_le(u16 *v)
171 static const u16 Sbox[256] = {
172 0xC6A5, 0xF884, 0xEE99, 0xF68D, 0xFF0D, 0xD6BD, 0xDEB1, 0x9154,
173 0x6050, 0x0203, 0xCEA9, 0x567D, 0xE719, 0xB562, 0x4DE6, 0xEC9A,
174 0x8F45, 0x1F9D, 0x8940, 0xFA87, 0xEF15, 0xB2EB, 0x8EC9, 0xFB0B,
175 0x41EC, 0xB367, 0x5FFD, 0x45EA, 0x23BF, 0x53F7, 0xE496, 0x9B5B,
176 0x75C2, 0xE11C, 0x3DAE, 0x4C6A, 0x6C5A, 0x7E41, 0xF502, 0x834F,
177 0x685C, 0x51F4, 0xD134, 0xF908, 0xE293, 0xAB73, 0x6253, 0x2A3F,
178 0x080C, 0x9552, 0x4665, 0x9D5E, 0x3028, 0x37A1, 0x0A0F, 0x2FB5,
179 0x0E09, 0x2436, 0x1B9B, 0xDF3D, 0xCD26, 0x4E69, 0x7FCD, 0xEA9F,
180 0x121B, 0x1D9E, 0x5874, 0x342E, 0x362D, 0xDCB2, 0xB4EE, 0x5BFB,
181 0xA4F6, 0x764D, 0xB761, 0x7DCE, 0x527B, 0xDD3E, 0x5E71, 0x1397,
182 0xA6F5, 0xB968, 0x0000, 0xC12C, 0x4060, 0xE31F, 0x79C8, 0xB6ED,
183 0xD4BE, 0x8D46, 0x67D9, 0x724B, 0x94DE, 0x98D4, 0xB0E8, 0x854A,
184 0xBB6B, 0xC52A, 0x4FE5, 0xED16, 0x86C5, 0x9AD7, 0x6655, 0x1194,
185 0x8ACF, 0xE910, 0x0406, 0xFE81, 0xA0F0, 0x7844, 0x25BA, 0x4BE3,
186 0xA2F3, 0x5DFE, 0x80C0, 0x058A, 0x3FAD, 0x21BC, 0x7048, 0xF104,
187 0x63DF, 0x77C1, 0xAF75, 0x4263, 0x2030, 0xE51A, 0xFD0E, 0xBF6D,
188 0x814C, 0x1814, 0x2635, 0xC32F, 0xBEE1, 0x35A2, 0x88CC, 0x2E39,
189 0x9357, 0x55F2, 0xFC82, 0x7A47, 0xC8AC, 0xBAE7, 0x322B, 0xE695,
190 0xC0A0, 0x1998, 0x9ED1, 0xA37F, 0x4466, 0x547E, 0x3BAB, 0x0B83,
191 0x8CCA, 0xC729, 0x6BD3, 0x283C, 0xA779, 0xBCE2, 0x161D, 0xAD76,
192 0xDB3B, 0x6456, 0x744E, 0x141E, 0x92DB, 0x0C0A, 0x486C, 0xB8E4,
193 0x9F5D, 0xBD6E, 0x43EF, 0xC4A6, 0x39A8, 0x31A4, 0xD337, 0xF28B,
194 0xD532, 0x8B43, 0x6E59, 0xDAB7, 0x018C, 0xB164, 0x9CD2, 0x49E0,
195 0xD8B4, 0xACFA, 0xF307, 0xCF25, 0xCAAF, 0xF48E, 0x47E9, 0x1018,
196 0x6FD5, 0xF088, 0x4A6F, 0x5C72, 0x3824, 0x57F1, 0x73C7, 0x9751,
197 0xCB23, 0xA17C, 0xE89C, 0x3E21, 0x96DD, 0x61DC, 0x0D86, 0x0F85,
198 0xE090, 0x7C42, 0x71C4, 0xCCAA, 0x90D8, 0x0605, 0xF701, 0x1C12,
199 0xC2A3, 0x6A5F, 0xAEF9, 0x69D0, 0x1791, 0x9958, 0x3A27, 0x27B9,
200 0xD938, 0xEB13, 0x2BB3, 0x2233, 0xD2BB, 0xA970, 0x0789, 0x33A7,
201 0x2DB6, 0x3C22, 0x1592, 0xC920, 0x8749, 0xAAFF, 0x5078, 0xA57A,
202 0x038F, 0x59F8, 0x0980, 0x1A17, 0x65DA, 0xD731, 0x84C6, 0xD0B8,
203 0x82C3, 0x29B0, 0x5A77, 0x1E11, 0x7BCB, 0xA8FC, 0x6DD6, 0x2C3A,
207 static inline u16 _S_(u16 v)
209 u16 t = Sbox[Hi8(v)];
210 return Sbox[Lo8(v)] ^ ((t << 8) | (t >> 8));
214 #define PHASE1_LOOP_COUNT 8
217 static void tkip_mixing_phase1(u16 *TTAK, const u8 *TK, const u8 *TA, u32 IV32)
221 /* Initialize the 80-bit TTAK from TSC (IV32) and TA[0..5] */
222 TTAK[0] = Lo16(IV32);
223 TTAK[1] = Hi16(IV32);
224 TTAK[2] = Mk16(TA[1], TA[0]);
225 TTAK[3] = Mk16(TA[3], TA[2]);
226 TTAK[4] = Mk16(TA[5], TA[4]);
228 for (i = 0; i < PHASE1_LOOP_COUNT; i++) {
230 TTAK[0] += _S_(TTAK[4] ^ Mk16(TK[1 + j], TK[0 + j]));
231 TTAK[1] += _S_(TTAK[0] ^ Mk16(TK[5 + j], TK[4 + j]));
232 TTAK[2] += _S_(TTAK[1] ^ Mk16(TK[9 + j], TK[8 + j]));
233 TTAK[3] += _S_(TTAK[2] ^ Mk16(TK[13 + j], TK[12 + j]));
234 TTAK[4] += _S_(TTAK[3] ^ Mk16(TK[1 + j], TK[0 + j])) + i;
239 static void tkip_mixing_phase2(u8 *WEPSeed, const u8 *TK, const u16 *TTAK,
242 /* Make temporary area overlap WEP seed so that the final copy can be
243 * avoided on little endian hosts.
245 u16 *PPK = (u16 *) &WEPSeed[4];
247 /* Step 1 - make copy of TTAK and bring in TSC */
253 PPK[5] = TTAK[4] + IV16;
255 /* Step 2 - 96-bit bijective mixing using S-box */
256 PPK[0] += _S_(PPK[5] ^ Mk16_le((u16 *) &TK[0]));
257 PPK[1] += _S_(PPK[0] ^ Mk16_le((u16 *) &TK[2]));
258 PPK[2] += _S_(PPK[1] ^ Mk16_le((u16 *) &TK[4]));
259 PPK[3] += _S_(PPK[2] ^ Mk16_le((u16 *) &TK[6]));
260 PPK[4] += _S_(PPK[3] ^ Mk16_le((u16 *) &TK[8]));
261 PPK[5] += _S_(PPK[4] ^ Mk16_le((u16 *) &TK[10]));
263 PPK[0] += RotR1(PPK[5] ^ Mk16_le((u16 *) &TK[12]));
264 PPK[1] += RotR1(PPK[0] ^ Mk16_le((u16 *) &TK[14]));
265 PPK[2] += RotR1(PPK[1]);
266 PPK[3] += RotR1(PPK[2]);
267 PPK[4] += RotR1(PPK[3]);
268 PPK[5] += RotR1(PPK[4]);
270 /* Step 3 - bring in last of TK bits, assign 24-bit WEP IV value
271 * WEPSeed[0..2] is transmitted as WEP IV
273 WEPSeed[0] = Hi8(IV16);
274 WEPSeed[1] = (Hi8(IV16) | 0x20) & 0x7F;
275 WEPSeed[2] = Lo8(IV16);
276 WEPSeed[3] = Lo8((PPK[5] ^ Mk16_le((u16 *) &TK[0])) >> 1);
282 for (i = 0; i < 6; i++)
283 PPK[i] = (PPK[i] << 8) | (PPK[i] >> 8);
289 static int rtllib_tkip_encrypt(struct sk_buff *skb, int hdr_len, void *priv)
291 struct rtllib_tkip_data *tkey = priv;
294 struct rtllib_hdr_4addr *hdr;
295 struct cb_desc *tcb_desc = (struct cb_desc *)(skb->cb +
300 struct scatterlist sg;
302 if (skb_headroom(skb) < 8 || skb_tailroom(skb) < 4 ||
306 hdr = (struct rtllib_hdr_4addr *) skb->data;
308 if (!tcb_desc->bHwSec) {
309 if (!tkey->tx_phase1_done) {
310 tkip_mixing_phase1(tkey->tx_ttak, tkey->key, hdr->addr2,
312 tkey->tx_phase1_done = 1;
314 tkip_mixing_phase2(rc4key, tkey->key, tkey->tx_ttak,
317 tkey->tx_phase1_done = 1;
320 len = skb->len - hdr_len;
321 pos = skb_push(skb, 8);
322 memmove(pos, pos + 8, hdr_len);
325 if (tcb_desc->bHwSec) {
326 *pos++ = Hi8(tkey->tx_iv16);
327 *pos++ = (Hi8(tkey->tx_iv16) | 0x20) & 0x7F;
328 *pos++ = Lo8(tkey->tx_iv16);
335 *pos++ = (tkey->key_idx << 6) | (1 << 5) /* Ext IV included */;
336 *pos++ = tkey->tx_iv32 & 0xff;
337 *pos++ = (tkey->tx_iv32 >> 8) & 0xff;
338 *pos++ = (tkey->tx_iv32 >> 16) & 0xff;
339 *pos++ = (tkey->tx_iv32 >> 24) & 0xff;
341 if (!tcb_desc->bHwSec) {
342 SKCIPHER_REQUEST_ON_STACK(req, tkey->tx_tfm_arc4);
344 icv = skb_put(skb, 4);
345 crc = ~crc32_le(~0, pos, len);
351 sg_init_one(&sg, pos, len+4);
354 crypto_skcipher_setkey(tkey->tx_tfm_arc4, rc4key, 16);
355 skcipher_request_set_tfm(req, tkey->tx_tfm_arc4);
356 skcipher_request_set_callback(req, 0, NULL, NULL);
357 skcipher_request_set_crypt(req, &sg, &sg, len + 4, NULL);
358 ret = crypto_skcipher_encrypt(req);
359 skcipher_request_zero(req);
363 if (tkey->tx_iv16 == 0) {
364 tkey->tx_phase1_done = 0;
368 if (!tcb_desc->bHwSec)
376 static int rtllib_tkip_decrypt(struct sk_buff *skb, int hdr_len, void *priv)
378 struct rtllib_tkip_data *tkey = priv;
382 struct rtllib_hdr_4addr *hdr;
383 struct cb_desc *tcb_desc = (struct cb_desc *)(skb->cb +
388 struct scatterlist sg;
392 if (skb->len < hdr_len + 8 + 4)
395 hdr = (struct rtllib_hdr_4addr *) skb->data;
396 pos = skb->data + hdr_len;
398 if (!(keyidx & (1 << 5))) {
399 if (net_ratelimit()) {
401 "Received packet without ExtIV flag from %pM\n",
407 if (tkey->key_idx != keyidx) {
409 "RX tkey->key_idx=%d frame keyidx=%d priv=%p\n",
410 tkey->key_idx, keyidx, priv);
413 if (!tkey->key_set) {
414 if (net_ratelimit()) {
416 "Received packet from %pM with keyid=%d that does not have a configured key\n",
421 iv16 = (pos[0] << 8) | pos[2];
422 iv32 = pos[4] | (pos[5] << 8) | (pos[6] << 16) | (pos[7] << 24);
425 if (!tcb_desc->bHwSec || (skb->cb[0] == 1)) {
426 SKCIPHER_REQUEST_ON_STACK(req, tkey->rx_tfm_arc4);
428 if ((iv32 < tkey->rx_iv32 ||
429 (iv32 == tkey->rx_iv32 && iv16 <= tkey->rx_iv16)) &&
431 if (net_ratelimit()) {
433 "Replay detected: STA= %pM previous TSC %08x%04x received TSC %08x%04x\n",
434 hdr->addr2, tkey->rx_iv32,
435 tkey->rx_iv16, iv32, iv16);
437 tkey->dot11RSNAStatsTKIPReplays++;
440 tkey->initialized = true;
442 if (iv32 != tkey->rx_iv32 || !tkey->rx_phase1_done) {
443 tkip_mixing_phase1(tkey->rx_ttak, tkey->key,
445 tkey->rx_phase1_done = 1;
447 tkip_mixing_phase2(rc4key, tkey->key, tkey->rx_ttak, iv16);
449 plen = skb->len - hdr_len - 12;
451 sg_init_one(&sg, pos, plen+4);
453 crypto_skcipher_setkey(tkey->rx_tfm_arc4, rc4key, 16);
454 skcipher_request_set_tfm(req, tkey->rx_tfm_arc4);
455 skcipher_request_set_callback(req, 0, NULL, NULL);
456 skcipher_request_set_crypt(req, &sg, &sg, plen + 4, NULL);
457 err = crypto_skcipher_decrypt(req);
458 skcipher_request_zero(req);
460 if (net_ratelimit()) {
462 "Failed to decrypt received packet from %pM\n",
468 crc = ~crc32_le(~0, pos, plen);
474 if (memcmp(icv, pos + plen, 4) != 0) {
475 if (iv32 != tkey->rx_iv32) {
476 /* Previously cached Phase1 result was already
477 * lost, so it needs to be recalculated for the
480 tkey->rx_phase1_done = 0;
482 if (net_ratelimit()) {
484 "ICV error detected: STA= %pM\n",
487 tkey->dot11RSNAStatsTKIPICVErrors++;
493 /* Update real counters only after Michael MIC verification has
496 tkey->rx_iv32_new = iv32;
497 tkey->rx_iv16_new = iv16;
499 /* Remove IV and ICV */
500 memmove(skb->data + 8, skb->data, hdr_len);
502 skb_trim(skb, skb->len - 4);
508 static int michael_mic(struct crypto_ahash *tfm_michael, u8 *key, u8 *hdr,
509 u8 *data, size_t data_len, u8 *mic)
511 AHASH_REQUEST_ON_STACK(req, tfm_michael);
512 struct scatterlist sg[2];
515 if (tfm_michael == NULL) {
516 pr_warn("michael_mic: tfm_michael == NULL\n");
519 sg_init_table(sg, 2);
520 sg_set_buf(&sg[0], hdr, 16);
521 sg_set_buf(&sg[1], data, data_len);
523 if (crypto_ahash_setkey(tfm_michael, key, 8))
526 ahash_request_set_tfm(req, tfm_michael);
527 ahash_request_set_callback(req, 0, NULL, NULL);
528 ahash_request_set_crypt(req, sg, mic, data_len + 16);
529 err = crypto_ahash_digest(req);
530 ahash_request_zero(req);
534 static void michael_mic_hdr(struct sk_buff *skb, u8 *hdr)
536 struct rtllib_hdr_4addr *hdr11;
538 hdr11 = (struct rtllib_hdr_4addr *) skb->data;
539 switch (le16_to_cpu(hdr11->frame_ctl) &
540 (RTLLIB_FCTL_FROMDS | RTLLIB_FCTL_TODS)) {
541 case RTLLIB_FCTL_TODS:
542 ether_addr_copy(hdr, hdr11->addr3); /* DA */
543 ether_addr_copy(hdr + ETH_ALEN, hdr11->addr2); /* SA */
545 case RTLLIB_FCTL_FROMDS:
546 ether_addr_copy(hdr, hdr11->addr1); /* DA */
547 ether_addr_copy(hdr + ETH_ALEN, hdr11->addr3); /* SA */
549 case RTLLIB_FCTL_FROMDS | RTLLIB_FCTL_TODS:
550 ether_addr_copy(hdr, hdr11->addr3); /* DA */
551 ether_addr_copy(hdr + ETH_ALEN, hdr11->addr4); /* SA */
554 ether_addr_copy(hdr, hdr11->addr1); /* DA */
555 ether_addr_copy(hdr + ETH_ALEN, hdr11->addr2); /* SA */
559 hdr[12] = 0; /* priority */
561 hdr[13] = hdr[14] = hdr[15] = 0; /* reserved */
565 static int rtllib_michael_mic_add(struct sk_buff *skb, int hdr_len, void *priv)
567 struct rtllib_tkip_data *tkey = priv;
569 struct rtllib_hdr_4addr *hdr;
571 hdr = (struct rtllib_hdr_4addr *) skb->data;
573 if (skb_tailroom(skb) < 8 || skb->len < hdr_len) {
575 "Invalid packet for Michael MIC add (tailroom=%d hdr_len=%d skb->len=%d)\n",
576 skb_tailroom(skb), hdr_len, skb->len);
580 michael_mic_hdr(skb, tkey->tx_hdr);
582 if (RTLLIB_QOS_HAS_SEQ(le16_to_cpu(hdr->frame_ctl)))
583 tkey->tx_hdr[12] = *(skb->data + hdr_len - 2) & 0x07;
584 pos = skb_put(skb, 8);
585 if (michael_mic(tkey->tx_tfm_michael, &tkey->key[16], tkey->tx_hdr,
586 skb->data + hdr_len, skb->len - 8 - hdr_len, pos))
593 static void rtllib_michael_mic_failure(struct net_device *dev,
594 struct rtllib_hdr_4addr *hdr,
597 union iwreq_data wrqu;
598 struct iw_michaelmicfailure ev;
600 /* TODO: needed parameters: count, keyid, key type, TSC */
601 memset(&ev, 0, sizeof(ev));
602 ev.flags = keyidx & IW_MICFAILURE_KEY_ID;
603 if (hdr->addr1[0] & 0x01)
604 ev.flags |= IW_MICFAILURE_GROUP;
606 ev.flags |= IW_MICFAILURE_PAIRWISE;
607 ev.src_addr.sa_family = ARPHRD_ETHER;
608 ether_addr_copy(ev.src_addr.sa_data, hdr->addr2);
609 memset(&wrqu, 0, sizeof(wrqu));
610 wrqu.data.length = sizeof(ev);
611 wireless_send_event(dev, IWEVMICHAELMICFAILURE, &wrqu, (char *) &ev);
614 static int rtllib_michael_mic_verify(struct sk_buff *skb, int keyidx,
615 int hdr_len, void *priv)
617 struct rtllib_tkip_data *tkey = priv;
619 struct rtllib_hdr_4addr *hdr;
621 hdr = (struct rtllib_hdr_4addr *) skb->data;
626 michael_mic_hdr(skb, tkey->rx_hdr);
627 if (RTLLIB_QOS_HAS_SEQ(le16_to_cpu(hdr->frame_ctl)))
628 tkey->rx_hdr[12] = *(skb->data + hdr_len - 2) & 0x07;
630 if (michael_mic(tkey->rx_tfm_michael, &tkey->key[24], tkey->rx_hdr,
631 skb->data + hdr_len, skb->len - 8 - hdr_len, mic))
634 if (memcmp(mic, skb->data + skb->len - 8, 8) != 0) {
635 struct rtllib_hdr_4addr *hdr;
637 hdr = (struct rtllib_hdr_4addr *) skb->data;
639 "Michael MIC verification failed for MSDU from %pM keyidx=%d\n",
641 netdev_dbg(skb->dev, "%d\n",
642 memcmp(mic, skb->data + skb->len - 8, 8) != 0);
644 pr_info("skb->dev != NULL\n");
645 rtllib_michael_mic_failure(skb->dev, hdr, keyidx);
647 tkey->dot11RSNAStatsTKIPLocalMICFailures++;
651 /* Update TSC counters for RX now that the packet verification has
654 tkey->rx_iv32 = tkey->rx_iv32_new;
655 tkey->rx_iv16 = tkey->rx_iv16_new;
657 skb_trim(skb, skb->len - 8);
663 static int rtllib_tkip_set_key(void *key, int len, u8 *seq, void *priv)
665 struct rtllib_tkip_data *tkey = priv;
667 struct crypto_ahash *tfm = tkey->tx_tfm_michael;
668 struct crypto_skcipher *tfm2 = tkey->tx_tfm_arc4;
669 struct crypto_ahash *tfm3 = tkey->rx_tfm_michael;
670 struct crypto_skcipher *tfm4 = tkey->rx_tfm_arc4;
672 keyidx = tkey->key_idx;
673 memset(tkey, 0, sizeof(*tkey));
674 tkey->key_idx = keyidx;
675 tkey->tx_tfm_michael = tfm;
676 tkey->tx_tfm_arc4 = tfm2;
677 tkey->rx_tfm_michael = tfm3;
678 tkey->rx_tfm_arc4 = tfm4;
680 if (len == TKIP_KEY_LEN) {
681 memcpy(tkey->key, key, TKIP_KEY_LEN);
683 tkey->tx_iv16 = 1; /* TSC is initialized to 1 */
685 tkey->rx_iv32 = (seq[5] << 24) | (seq[4] << 16) |
686 (seq[3] << 8) | seq[2];
687 tkey->rx_iv16 = (seq[1] << 8) | seq[0];
698 static int rtllib_tkip_get_key(void *key, int len, u8 *seq, void *priv)
700 struct rtllib_tkip_data *tkey = priv;
702 if (len < TKIP_KEY_LEN)
707 memcpy(key, tkey->key, TKIP_KEY_LEN);
710 /* Return the sequence number of the last transmitted frame. */
711 u16 iv16 = tkey->tx_iv16;
712 u32 iv32 = tkey->tx_iv32;
717 seq[0] = tkey->tx_iv16;
718 seq[1] = tkey->tx_iv16 >> 8;
719 seq[2] = tkey->tx_iv32;
720 seq[3] = tkey->tx_iv32 >> 8;
721 seq[4] = tkey->tx_iv32 >> 16;
722 seq[5] = tkey->tx_iv32 >> 24;
729 static void rtllib_tkip_print_stats(struct seq_file *m, void *priv)
731 struct rtllib_tkip_data *tkip = priv;
734 "key[%d] alg=TKIP key_set=%d tx_pn=%02x%02x%02x%02x%02x%02x rx_pn=%02x%02x%02x%02x%02x%02x replays=%d icv_errors=%d local_mic_failures=%d\n",
735 tkip->key_idx, tkip->key_set,
736 (tkip->tx_iv32 >> 24) & 0xff,
737 (tkip->tx_iv32 >> 16) & 0xff,
738 (tkip->tx_iv32 >> 8) & 0xff,
739 tkip->tx_iv32 & 0xff,
740 (tkip->tx_iv16 >> 8) & 0xff,
741 tkip->tx_iv16 & 0xff,
742 (tkip->rx_iv32 >> 24) & 0xff,
743 (tkip->rx_iv32 >> 16) & 0xff,
744 (tkip->rx_iv32 >> 8) & 0xff,
745 tkip->rx_iv32 & 0xff,
746 (tkip->rx_iv16 >> 8) & 0xff,
747 tkip->rx_iv16 & 0xff,
748 tkip->dot11RSNAStatsTKIPReplays,
749 tkip->dot11RSNAStatsTKIPICVErrors,
750 tkip->dot11RSNAStatsTKIPLocalMICFailures);
753 static struct lib80211_crypto_ops rtllib_crypt_tkip = {
755 .init = rtllib_tkip_init,
756 .deinit = rtllib_tkip_deinit,
757 .encrypt_mpdu = rtllib_tkip_encrypt,
758 .decrypt_mpdu = rtllib_tkip_decrypt,
759 .encrypt_msdu = rtllib_michael_mic_add,
760 .decrypt_msdu = rtllib_michael_mic_verify,
761 .set_key = rtllib_tkip_set_key,
762 .get_key = rtllib_tkip_get_key,
763 .print_stats = rtllib_tkip_print_stats,
764 .extra_mpdu_prefix_len = 4 + 4, /* IV + ExtIV */
765 .extra_mpdu_postfix_len = 4, /* ICV */
766 .extra_msdu_postfix_len = 8, /* MIC */
767 .owner = THIS_MODULE,
771 static int __init rtllib_crypto_tkip_init(void)
773 return lib80211_register_crypto_ops(&rtllib_crypt_tkip);
777 static void __exit rtllib_crypto_tkip_exit(void)
779 lib80211_unregister_crypto_ops(&rtllib_crypt_tkip);
782 module_init(rtllib_crypto_tkip_init);
783 module_exit(rtllib_crypto_tkip_exit);
785 MODULE_LICENSE("GPL");