2 * Host AP crypt: host-based TKIP encryption implementation for Host AP driver
4 * Copyright (c) 2003-2004, Jouni Malinen <jkmaline@cc.hut.fi>
6 * This program is free software; you can redistribute it and/or modify
7 * it under the terms of the GNU General Public License version 2 as
8 * published by the Free Software Foundation. See README and COPYING for
12 #include <crypto/hash.h>
13 #include <crypto/skcipher.h>
14 #include <linux/module.h>
15 #include <linux/init.h>
16 #include <linux/slab.h>
17 #include <linux/random.h>
18 #include <linux/skbuff.h>
19 #include <linux/netdevice.h>
20 #include <linux/if_ether.h>
21 #include <linux/if_arp.h>
22 #include <linux/string.h>
23 #include <linux/scatterlist.h>
24 #include <linux/crc32.h>
25 #include <linux/etherdevice.h>
29 struct rtllib_tkip_data {
30 #define TKIP_KEY_LEN 32
47 u32 dot11RSNAStatsTKIPReplays;
48 u32 dot11RSNAStatsTKIPICVErrors;
49 u32 dot11RSNAStatsTKIPLocalMICFailures;
52 struct crypto_skcipher *rx_tfm_arc4;
53 struct crypto_ahash *rx_tfm_michael;
54 struct crypto_skcipher *tx_tfm_arc4;
55 struct crypto_ahash *tx_tfm_michael;
56 /* scratch buffers for virt_to_page() (crypto API) */
61 static void *rtllib_tkip_init(int key_idx)
63 struct rtllib_tkip_data *priv;
65 priv = kzalloc(sizeof(*priv), GFP_ATOMIC);
68 priv->key_idx = key_idx;
69 priv->tx_tfm_arc4 = crypto_alloc_skcipher("ecb(arc4)", 0,
71 if (IS_ERR(priv->tx_tfm_arc4)) {
72 pr_debug("Could not allocate crypto API arc4\n");
73 priv->tx_tfm_arc4 = NULL;
77 priv->tx_tfm_michael = crypto_alloc_ahash("michael_mic", 0,
79 if (IS_ERR(priv->tx_tfm_michael)) {
80 pr_debug("Could not allocate crypto API michael_mic\n");
81 priv->tx_tfm_michael = NULL;
85 priv->rx_tfm_arc4 = crypto_alloc_skcipher("ecb(arc4)", 0,
87 if (IS_ERR(priv->rx_tfm_arc4)) {
88 pr_debug("Could not allocate crypto API arc4\n");
89 priv->rx_tfm_arc4 = NULL;
93 priv->rx_tfm_michael = crypto_alloc_ahash("michael_mic", 0,
95 if (IS_ERR(priv->rx_tfm_michael)) {
96 pr_debug("Could not allocate crypto API michael_mic\n");
97 priv->rx_tfm_michael = NULL;
104 crypto_free_ahash(priv->tx_tfm_michael);
105 crypto_free_skcipher(priv->tx_tfm_arc4);
106 crypto_free_ahash(priv->rx_tfm_michael);
107 crypto_free_skcipher(priv->rx_tfm_arc4);
115 static void rtllib_tkip_deinit(void *priv)
117 struct rtllib_tkip_data *_priv = priv;
120 crypto_free_ahash(_priv->tx_tfm_michael);
121 crypto_free_skcipher(_priv->tx_tfm_arc4);
122 crypto_free_ahash(_priv->rx_tfm_michael);
123 crypto_free_skcipher(_priv->rx_tfm_arc4);
129 static inline u16 RotR1(u16 val)
131 return (val >> 1) | (val << 15);
135 static inline u8 Lo8(u16 val)
141 static inline u8 Hi8(u16 val)
147 static inline u16 Lo16(u32 val)
153 static inline u16 Hi16(u32 val)
159 static inline u16 Mk16(u8 hi, u8 lo)
161 return lo | (((u16) hi) << 8);
165 static inline u16 Mk16_le(u16 *v)
171 static const u16 Sbox[256] = {
172 0xC6A5, 0xF884, 0xEE99, 0xF68D, 0xFF0D, 0xD6BD, 0xDEB1, 0x9154,
173 0x6050, 0x0203, 0xCEA9, 0x567D, 0xE719, 0xB562, 0x4DE6, 0xEC9A,
174 0x8F45, 0x1F9D, 0x8940, 0xFA87, 0xEF15, 0xB2EB, 0x8EC9, 0xFB0B,
175 0x41EC, 0xB367, 0x5FFD, 0x45EA, 0x23BF, 0x53F7, 0xE496, 0x9B5B,
176 0x75C2, 0xE11C, 0x3DAE, 0x4C6A, 0x6C5A, 0x7E41, 0xF502, 0x834F,
177 0x685C, 0x51F4, 0xD134, 0xF908, 0xE293, 0xAB73, 0x6253, 0x2A3F,
178 0x080C, 0x9552, 0x4665, 0x9D5E, 0x3028, 0x37A1, 0x0A0F, 0x2FB5,
179 0x0E09, 0x2436, 0x1B9B, 0xDF3D, 0xCD26, 0x4E69, 0x7FCD, 0xEA9F,
180 0x121B, 0x1D9E, 0x5874, 0x342E, 0x362D, 0xDCB2, 0xB4EE, 0x5BFB,
181 0xA4F6, 0x764D, 0xB761, 0x7DCE, 0x527B, 0xDD3E, 0x5E71, 0x1397,
182 0xA6F5, 0xB968, 0x0000, 0xC12C, 0x4060, 0xE31F, 0x79C8, 0xB6ED,
183 0xD4BE, 0x8D46, 0x67D9, 0x724B, 0x94DE, 0x98D4, 0xB0E8, 0x854A,
184 0xBB6B, 0xC52A, 0x4FE5, 0xED16, 0x86C5, 0x9AD7, 0x6655, 0x1194,
185 0x8ACF, 0xE910, 0x0406, 0xFE81, 0xA0F0, 0x7844, 0x25BA, 0x4BE3,
186 0xA2F3, 0x5DFE, 0x80C0, 0x058A, 0x3FAD, 0x21BC, 0x7048, 0xF104,
187 0x63DF, 0x77C1, 0xAF75, 0x4263, 0x2030, 0xE51A, 0xFD0E, 0xBF6D,
188 0x814C, 0x1814, 0x2635, 0xC32F, 0xBEE1, 0x35A2, 0x88CC, 0x2E39,
189 0x9357, 0x55F2, 0xFC82, 0x7A47, 0xC8AC, 0xBAE7, 0x322B, 0xE695,
190 0xC0A0, 0x1998, 0x9ED1, 0xA37F, 0x4466, 0x547E, 0x3BAB, 0x0B83,
191 0x8CCA, 0xC729, 0x6BD3, 0x283C, 0xA779, 0xBCE2, 0x161D, 0xAD76,
192 0xDB3B, 0x6456, 0x744E, 0x141E, 0x92DB, 0x0C0A, 0x486C, 0xB8E4,
193 0x9F5D, 0xBD6E, 0x43EF, 0xC4A6, 0x39A8, 0x31A4, 0xD337, 0xF28B,
194 0xD532, 0x8B43, 0x6E59, 0xDAB7, 0x018C, 0xB164, 0x9CD2, 0x49E0,
195 0xD8B4, 0xACFA, 0xF307, 0xCF25, 0xCAAF, 0xF48E, 0x47E9, 0x1018,
196 0x6FD5, 0xF088, 0x4A6F, 0x5C72, 0x3824, 0x57F1, 0x73C7, 0x9751,
197 0xCB23, 0xA17C, 0xE89C, 0x3E21, 0x96DD, 0x61DC, 0x0D86, 0x0F85,
198 0xE090, 0x7C42, 0x71C4, 0xCCAA, 0x90D8, 0x0605, 0xF701, 0x1C12,
199 0xC2A3, 0x6A5F, 0xAEF9, 0x69D0, 0x1791, 0x9958, 0x3A27, 0x27B9,
200 0xD938, 0xEB13, 0x2BB3, 0x2233, 0xD2BB, 0xA970, 0x0789, 0x33A7,
201 0x2DB6, 0x3C22, 0x1592, 0xC920, 0x8749, 0xAAFF, 0x5078, 0xA57A,
202 0x038F, 0x59F8, 0x0980, 0x1A17, 0x65DA, 0xD731, 0x84C6, 0xD0B8,
203 0x82C3, 0x29B0, 0x5A77, 0x1E11, 0x7BCB, 0xA8FC, 0x6DD6, 0x2C3A,
207 static inline u16 _S_(u16 v)
209 u16 t = Sbox[Hi8(v)];
210 return Sbox[Lo8(v)] ^ ((t << 8) | (t >> 8));
214 #define PHASE1_LOOP_COUNT 8
217 static void tkip_mixing_phase1(u16 *TTAK, const u8 *TK, const u8 *TA, u32 IV32)
221 /* Initialize the 80-bit TTAK from TSC (IV32) and TA[0..5] */
222 TTAK[0] = Lo16(IV32);
223 TTAK[1] = Hi16(IV32);
224 TTAK[2] = Mk16(TA[1], TA[0]);
225 TTAK[3] = Mk16(TA[3], TA[2]);
226 TTAK[4] = Mk16(TA[5], TA[4]);
228 for (i = 0; i < PHASE1_LOOP_COUNT; i++) {
230 TTAK[0] += _S_(TTAK[4] ^ Mk16(TK[1 + j], TK[0 + j]));
231 TTAK[1] += _S_(TTAK[0] ^ Mk16(TK[5 + j], TK[4 + j]));
232 TTAK[2] += _S_(TTAK[1] ^ Mk16(TK[9 + j], TK[8 + j]));
233 TTAK[3] += _S_(TTAK[2] ^ Mk16(TK[13 + j], TK[12 + j]));
234 TTAK[4] += _S_(TTAK[3] ^ Mk16(TK[1 + j], TK[0 + j])) + i;
239 static void tkip_mixing_phase2(u8 *WEPSeed, const u8 *TK, const u16 *TTAK,
242 /* Make temporary area overlap WEP seed so that the final copy can be
243 * avoided on little endian hosts.
245 u16 *PPK = (u16 *) &WEPSeed[4];
247 /* Step 1 - make copy of TTAK and bring in TSC */
253 PPK[5] = TTAK[4] + IV16;
255 /* Step 2 - 96-bit bijective mixing using S-box */
256 PPK[0] += _S_(PPK[5] ^ Mk16_le((u16 *) &TK[0]));
257 PPK[1] += _S_(PPK[0] ^ Mk16_le((u16 *) &TK[2]));
258 PPK[2] += _S_(PPK[1] ^ Mk16_le((u16 *) &TK[4]));
259 PPK[3] += _S_(PPK[2] ^ Mk16_le((u16 *) &TK[6]));
260 PPK[4] += _S_(PPK[3] ^ Mk16_le((u16 *) &TK[8]));
261 PPK[5] += _S_(PPK[4] ^ Mk16_le((u16 *) &TK[10]));
263 PPK[0] += RotR1(PPK[5] ^ Mk16_le((u16 *) &TK[12]));
264 PPK[1] += RotR1(PPK[0] ^ Mk16_le((u16 *) &TK[14]));
265 PPK[2] += RotR1(PPK[1]);
266 PPK[3] += RotR1(PPK[2]);
267 PPK[4] += RotR1(PPK[3]);
268 PPK[5] += RotR1(PPK[4]);
270 /* Step 3 - bring in last of TK bits, assign 24-bit WEP IV value
271 * WEPSeed[0..2] is transmitted as WEP IV
273 WEPSeed[0] = Hi8(IV16);
274 WEPSeed[1] = (Hi8(IV16) | 0x20) & 0x7F;
275 WEPSeed[2] = Lo8(IV16);
276 WEPSeed[3] = Lo8((PPK[5] ^ Mk16_le((u16 *) &TK[0])) >> 1);
282 for (i = 0; i < 6; i++)
283 PPK[i] = (PPK[i] << 8) | (PPK[i] >> 8);
289 static int rtllib_tkip_encrypt(struct sk_buff *skb, int hdr_len, void *priv)
291 struct rtllib_tkip_data *tkey = priv;
294 struct rtllib_hdr_4addr *hdr;
295 struct cb_desc *tcb_desc = (struct cb_desc *)(skb->cb +
300 struct scatterlist sg;
302 if (skb_headroom(skb) < 8 || skb_tailroom(skb) < 4 ||
306 hdr = (struct rtllib_hdr_4addr *) skb->data;
308 if (!tcb_desc->bHwSec) {
309 if (!tkey->tx_phase1_done) {
310 tkip_mixing_phase1(tkey->tx_ttak, tkey->key, hdr->addr2,
312 tkey->tx_phase1_done = 1;
314 tkip_mixing_phase2(rc4key, tkey->key, tkey->tx_ttak,
317 tkey->tx_phase1_done = 1;
320 len = skb->len - hdr_len;
321 pos = skb_push(skb, 8);
322 memmove(pos, pos + 8, hdr_len);
325 if (tcb_desc->bHwSec) {
326 *pos++ = Hi8(tkey->tx_iv16);
327 *pos++ = (Hi8(tkey->tx_iv16) | 0x20) & 0x7F;
328 *pos++ = Lo8(tkey->tx_iv16);
335 *pos++ = (tkey->key_idx << 6) | (1 << 5) /* Ext IV included */;
336 *pos++ = tkey->tx_iv32 & 0xff;
337 *pos++ = (tkey->tx_iv32 >> 8) & 0xff;
338 *pos++ = (tkey->tx_iv32 >> 16) & 0xff;
339 *pos++ = (tkey->tx_iv32 >> 24) & 0xff;
341 if (!tcb_desc->bHwSec) {
342 SKCIPHER_REQUEST_ON_STACK(req, tkey->tx_tfm_arc4);
344 icv = skb_put(skb, 4);
345 crc = ~crc32_le(~0, pos, len);
351 sg_init_one(&sg, pos, len+4);
354 crypto_skcipher_setkey(tkey->tx_tfm_arc4, rc4key, 16);
355 skcipher_request_set_tfm(req, tkey->tx_tfm_arc4);
356 skcipher_request_set_callback(req, 0, NULL, NULL);
357 skcipher_request_set_crypt(req, &sg, &sg, len + 4, NULL);
358 ret = crypto_skcipher_encrypt(req);
359 skcipher_request_zero(req);
363 if (tkey->tx_iv16 == 0) {
364 tkey->tx_phase1_done = 0;
368 if (!tcb_desc->bHwSec)
375 static int rtllib_tkip_decrypt(struct sk_buff *skb, int hdr_len, void *priv)
377 struct rtllib_tkip_data *tkey = priv;
381 struct rtllib_hdr_4addr *hdr;
382 struct cb_desc *tcb_desc = (struct cb_desc *)(skb->cb +
387 struct scatterlist sg;
391 if (skb->len < hdr_len + 8 + 4)
394 hdr = (struct rtllib_hdr_4addr *) skb->data;
395 pos = skb->data + hdr_len;
397 if (!(keyidx & (1 << 5))) {
398 if (net_ratelimit()) {
400 "Received packet without ExtIV flag from %pM\n",
406 if (tkey->key_idx != keyidx) {
408 "RX tkey->key_idx=%d frame keyidx=%d priv=%p\n",
409 tkey->key_idx, keyidx, priv);
412 if (!tkey->key_set) {
413 if (net_ratelimit()) {
415 "Received packet from %pM with keyid=%d that does not have a configured key\n",
420 iv16 = (pos[0] << 8) | pos[2];
421 iv32 = pos[4] | (pos[5] << 8) | (pos[6] << 16) | (pos[7] << 24);
424 if (!tcb_desc->bHwSec || (skb->cb[0] == 1)) {
425 SKCIPHER_REQUEST_ON_STACK(req, tkey->rx_tfm_arc4);
427 if ((iv32 < tkey->rx_iv32 ||
428 (iv32 == tkey->rx_iv32 && iv16 <= tkey->rx_iv16)) &&
430 if (net_ratelimit()) {
432 "Replay detected: STA= %pM previous TSC %08x%04x received TSC %08x%04x\n",
433 hdr->addr2, tkey->rx_iv32,
434 tkey->rx_iv16, iv32, iv16);
436 tkey->dot11RSNAStatsTKIPReplays++;
439 tkey->initialized = true;
441 if (iv32 != tkey->rx_iv32 || !tkey->rx_phase1_done) {
442 tkip_mixing_phase1(tkey->rx_ttak, tkey->key,
444 tkey->rx_phase1_done = 1;
446 tkip_mixing_phase2(rc4key, tkey->key, tkey->rx_ttak, iv16);
448 plen = skb->len - hdr_len - 12;
450 sg_init_one(&sg, pos, plen+4);
452 crypto_skcipher_setkey(tkey->rx_tfm_arc4, rc4key, 16);
453 skcipher_request_set_tfm(req, tkey->rx_tfm_arc4);
454 skcipher_request_set_callback(req, 0, NULL, NULL);
455 skcipher_request_set_crypt(req, &sg, &sg, plen + 4, NULL);
456 err = crypto_skcipher_decrypt(req);
457 skcipher_request_zero(req);
459 if (net_ratelimit()) {
461 "Failed to decrypt received packet from %pM\n",
467 crc = ~crc32_le(~0, pos, plen);
473 if (memcmp(icv, pos + plen, 4) != 0) {
474 if (iv32 != tkey->rx_iv32) {
475 /* Previously cached Phase1 result was already
476 * lost, so it needs to be recalculated for the
479 tkey->rx_phase1_done = 0;
481 if (net_ratelimit()) {
483 "ICV error detected: STA= %pM\n",
486 tkey->dot11RSNAStatsTKIPICVErrors++;
492 /* Update real counters only after Michael MIC verification has
495 tkey->rx_iv32_new = iv32;
496 tkey->rx_iv16_new = iv16;
498 /* Remove IV and ICV */
499 memmove(skb->data + 8, skb->data, hdr_len);
501 skb_trim(skb, skb->len - 4);
507 static int michael_mic(struct crypto_ahash *tfm_michael, u8 *key, u8 *hdr,
508 u8 *data, size_t data_len, u8 *mic)
510 AHASH_REQUEST_ON_STACK(req, tfm_michael);
511 struct scatterlist sg[2];
514 if (tfm_michael == NULL) {
515 pr_warn("michael_mic: tfm_michael == NULL\n");
518 sg_init_table(sg, 2);
519 sg_set_buf(&sg[0], hdr, 16);
520 sg_set_buf(&sg[1], data, data_len);
522 if (crypto_ahash_setkey(tfm_michael, key, 8))
525 ahash_request_set_tfm(req, tfm_michael);
526 ahash_request_set_callback(req, 0, NULL, NULL);
527 ahash_request_set_crypt(req, sg, mic, data_len + 16);
528 err = crypto_ahash_digest(req);
529 ahash_request_zero(req);
533 static void michael_mic_hdr(struct sk_buff *skb, u8 *hdr)
535 struct rtllib_hdr_4addr *hdr11;
537 hdr11 = (struct rtllib_hdr_4addr *) skb->data;
538 switch (le16_to_cpu(hdr11->frame_ctl) &
539 (RTLLIB_FCTL_FROMDS | RTLLIB_FCTL_TODS)) {
540 case RTLLIB_FCTL_TODS:
541 ether_addr_copy(hdr, hdr11->addr3); /* DA */
542 ether_addr_copy(hdr + ETH_ALEN, hdr11->addr2); /* SA */
544 case RTLLIB_FCTL_FROMDS:
545 ether_addr_copy(hdr, hdr11->addr1); /* DA */
546 ether_addr_copy(hdr + ETH_ALEN, hdr11->addr3); /* SA */
548 case RTLLIB_FCTL_FROMDS | RTLLIB_FCTL_TODS:
549 ether_addr_copy(hdr, hdr11->addr3); /* DA */
550 ether_addr_copy(hdr + ETH_ALEN, hdr11->addr4); /* SA */
553 ether_addr_copy(hdr, hdr11->addr1); /* DA */
554 ether_addr_copy(hdr + ETH_ALEN, hdr11->addr2); /* SA */
558 hdr[12] = 0; /* priority */
560 hdr[13] = hdr[14] = hdr[15] = 0; /* reserved */
564 static int rtllib_michael_mic_add(struct sk_buff *skb, int hdr_len, void *priv)
566 struct rtllib_tkip_data *tkey = priv;
568 struct rtllib_hdr_4addr *hdr;
570 hdr = (struct rtllib_hdr_4addr *) skb->data;
572 if (skb_tailroom(skb) < 8 || skb->len < hdr_len) {
574 "Invalid packet for Michael MIC add (tailroom=%d hdr_len=%d skb->len=%d)\n",
575 skb_tailroom(skb), hdr_len, skb->len);
579 michael_mic_hdr(skb, tkey->tx_hdr);
581 if (RTLLIB_QOS_HAS_SEQ(le16_to_cpu(hdr->frame_ctl)))
582 tkey->tx_hdr[12] = *(skb->data + hdr_len - 2) & 0x07;
583 pos = skb_put(skb, 8);
584 if (michael_mic(tkey->tx_tfm_michael, &tkey->key[16], tkey->tx_hdr,
585 skb->data + hdr_len, skb->len - 8 - hdr_len, pos))
592 static void rtllib_michael_mic_failure(struct net_device *dev,
593 struct rtllib_hdr_4addr *hdr,
596 union iwreq_data wrqu;
597 struct iw_michaelmicfailure ev;
599 /* TODO: needed parameters: count, keyid, key type, TSC */
600 memset(&ev, 0, sizeof(ev));
601 ev.flags = keyidx & IW_MICFAILURE_KEY_ID;
602 if (hdr->addr1[0] & 0x01)
603 ev.flags |= IW_MICFAILURE_GROUP;
605 ev.flags |= IW_MICFAILURE_PAIRWISE;
606 ev.src_addr.sa_family = ARPHRD_ETHER;
607 ether_addr_copy(ev.src_addr.sa_data, hdr->addr2);
608 memset(&wrqu, 0, sizeof(wrqu));
609 wrqu.data.length = sizeof(ev);
610 wireless_send_event(dev, IWEVMICHAELMICFAILURE, &wrqu, (char *) &ev);
613 static int rtllib_michael_mic_verify(struct sk_buff *skb, int keyidx,
614 int hdr_len, void *priv)
616 struct rtllib_tkip_data *tkey = priv;
618 struct rtllib_hdr_4addr *hdr;
620 hdr = (struct rtllib_hdr_4addr *) skb->data;
625 michael_mic_hdr(skb, tkey->rx_hdr);
626 if (RTLLIB_QOS_HAS_SEQ(le16_to_cpu(hdr->frame_ctl)))
627 tkey->rx_hdr[12] = *(skb->data + hdr_len - 2) & 0x07;
629 if (michael_mic(tkey->rx_tfm_michael, &tkey->key[24], tkey->rx_hdr,
630 skb->data + hdr_len, skb->len - 8 - hdr_len, mic))
633 if (memcmp(mic, skb->data + skb->len - 8, 8) != 0) {
634 struct rtllib_hdr_4addr *hdr;
636 hdr = (struct rtllib_hdr_4addr *) skb->data;
638 "Michael MIC verification failed for MSDU from %pM keyidx=%d\n",
640 netdev_dbg(skb->dev, "%d\n",
641 memcmp(mic, skb->data + skb->len - 8, 8) != 0);
643 pr_info("skb->dev != NULL\n");
644 rtllib_michael_mic_failure(skb->dev, hdr, keyidx);
646 tkey->dot11RSNAStatsTKIPLocalMICFailures++;
650 /* Update TSC counters for RX now that the packet verification has
653 tkey->rx_iv32 = tkey->rx_iv32_new;
654 tkey->rx_iv16 = tkey->rx_iv16_new;
656 skb_trim(skb, skb->len - 8);
662 static int rtllib_tkip_set_key(void *key, int len, u8 *seq, void *priv)
664 struct rtllib_tkip_data *tkey = priv;
666 struct crypto_ahash *tfm = tkey->tx_tfm_michael;
667 struct crypto_skcipher *tfm2 = tkey->tx_tfm_arc4;
668 struct crypto_ahash *tfm3 = tkey->rx_tfm_michael;
669 struct crypto_skcipher *tfm4 = tkey->rx_tfm_arc4;
671 keyidx = tkey->key_idx;
672 memset(tkey, 0, sizeof(*tkey));
673 tkey->key_idx = keyidx;
674 tkey->tx_tfm_michael = tfm;
675 tkey->tx_tfm_arc4 = tfm2;
676 tkey->rx_tfm_michael = tfm3;
677 tkey->rx_tfm_arc4 = tfm4;
679 if (len == TKIP_KEY_LEN) {
680 memcpy(tkey->key, key, TKIP_KEY_LEN);
682 tkey->tx_iv16 = 1; /* TSC is initialized to 1 */
684 tkey->rx_iv32 = (seq[5] << 24) | (seq[4] << 16) |
685 (seq[3] << 8) | seq[2];
686 tkey->rx_iv16 = (seq[1] << 8) | seq[0];
697 static int rtllib_tkip_get_key(void *key, int len, u8 *seq, void *priv)
699 struct rtllib_tkip_data *tkey = priv;
701 if (len < TKIP_KEY_LEN)
706 memcpy(key, tkey->key, TKIP_KEY_LEN);
709 /* Return the sequence number of the last transmitted frame. */
710 u16 iv16 = tkey->tx_iv16;
711 u32 iv32 = tkey->tx_iv32;
716 seq[0] = tkey->tx_iv16;
717 seq[1] = tkey->tx_iv16 >> 8;
718 seq[2] = tkey->tx_iv32;
719 seq[3] = tkey->tx_iv32 >> 8;
720 seq[4] = tkey->tx_iv32 >> 16;
721 seq[5] = tkey->tx_iv32 >> 24;
728 static void rtllib_tkip_print_stats(struct seq_file *m, void *priv)
730 struct rtllib_tkip_data *tkip = priv;
733 "key[%d] alg=TKIP key_set=%d tx_pn=%02x%02x%02x%02x%02x%02x rx_pn=%02x%02x%02x%02x%02x%02x replays=%d icv_errors=%d local_mic_failures=%d\n",
734 tkip->key_idx, tkip->key_set,
735 (tkip->tx_iv32 >> 24) & 0xff,
736 (tkip->tx_iv32 >> 16) & 0xff,
737 (tkip->tx_iv32 >> 8) & 0xff,
738 tkip->tx_iv32 & 0xff,
739 (tkip->tx_iv16 >> 8) & 0xff,
740 tkip->tx_iv16 & 0xff,
741 (tkip->rx_iv32 >> 24) & 0xff,
742 (tkip->rx_iv32 >> 16) & 0xff,
743 (tkip->rx_iv32 >> 8) & 0xff,
744 tkip->rx_iv32 & 0xff,
745 (tkip->rx_iv16 >> 8) & 0xff,
746 tkip->rx_iv16 & 0xff,
747 tkip->dot11RSNAStatsTKIPReplays,
748 tkip->dot11RSNAStatsTKIPICVErrors,
749 tkip->dot11RSNAStatsTKIPLocalMICFailures);
752 static struct lib80211_crypto_ops rtllib_crypt_tkip = {
754 .init = rtllib_tkip_init,
755 .deinit = rtllib_tkip_deinit,
756 .encrypt_mpdu = rtllib_tkip_encrypt,
757 .decrypt_mpdu = rtllib_tkip_decrypt,
758 .encrypt_msdu = rtllib_michael_mic_add,
759 .decrypt_msdu = rtllib_michael_mic_verify,
760 .set_key = rtllib_tkip_set_key,
761 .get_key = rtllib_tkip_get_key,
762 .print_stats = rtllib_tkip_print_stats,
763 .extra_mpdu_prefix_len = 4 + 4, /* IV + ExtIV */
764 .extra_mpdu_postfix_len = 4, /* ICV */
765 .extra_msdu_postfix_len = 8, /* MIC */
766 .owner = THIS_MODULE,
770 static int __init rtllib_crypto_tkip_init(void)
772 return lib80211_register_crypto_ops(&rtllib_crypt_tkip);
776 static void __exit rtllib_crypto_tkip_exit(void)
778 lib80211_unregister_crypto_ops(&rtllib_crypt_tkip);
781 module_init(rtllib_crypto_tkip_init);
782 module_exit(rtllib_crypto_tkip_exit);
784 MODULE_LICENSE("GPL");