Root/
1 | /* |
2 | * lib80211 crypt: host-based CCMP encryption implementation for lib80211 |
3 | * |
4 | * Copyright (c) 2003-2004, Jouni Malinen <j@w1.fi> |
5 | * Copyright (c) 2008, John W. Linville <linville@tuxdriver.com> |
6 | * |
7 | * This program is free software; you can redistribute it and/or modify |
8 | * it under the terms of the GNU General Public License version 2 as |
9 | * published by the Free Software Foundation. See README and COPYING for |
10 | * more details. |
11 | */ |
12 | |
13 | #include <linux/kernel.h> |
14 | #include <linux/err.h> |
15 | #include <linux/module.h> |
16 | #include <linux/init.h> |
17 | #include <linux/slab.h> |
18 | #include <linux/random.h> |
19 | #include <linux/skbuff.h> |
20 | #include <linux/netdevice.h> |
21 | #include <linux/if_ether.h> |
22 | #include <linux/if_arp.h> |
23 | #include <asm/string.h> |
24 | #include <linux/wireless.h> |
25 | |
26 | #include <linux/ieee80211.h> |
27 | |
28 | #include <linux/crypto.h> |
29 | |
30 | #include <net/lib80211.h> |
31 | |
32 | MODULE_AUTHOR("Jouni Malinen"); |
33 | MODULE_DESCRIPTION("Host AP crypt: CCMP"); |
34 | MODULE_LICENSE("GPL"); |
35 | |
36 | #define AES_BLOCK_LEN 16 |
37 | #define CCMP_HDR_LEN 8 |
38 | #define CCMP_MIC_LEN 8 |
39 | #define CCMP_TK_LEN 16 |
40 | #define CCMP_PN_LEN 6 |
41 | |
42 | struct lib80211_ccmp_data { |
43 | u8 key[CCMP_TK_LEN]; |
44 | int key_set; |
45 | |
46 | u8 tx_pn[CCMP_PN_LEN]; |
47 | u8 rx_pn[CCMP_PN_LEN]; |
48 | |
49 | u32 dot11RSNAStatsCCMPFormatErrors; |
50 | u32 dot11RSNAStatsCCMPReplays; |
51 | u32 dot11RSNAStatsCCMPDecryptErrors; |
52 | |
53 | int key_idx; |
54 | |
55 | struct crypto_cipher *tfm; |
56 | |
57 | /* scratch buffers for virt_to_page() (crypto API) */ |
58 | u8 tx_b0[AES_BLOCK_LEN], tx_b[AES_BLOCK_LEN], |
59 | tx_e[AES_BLOCK_LEN], tx_s0[AES_BLOCK_LEN]; |
60 | u8 rx_b0[AES_BLOCK_LEN], rx_b[AES_BLOCK_LEN], rx_a[AES_BLOCK_LEN]; |
61 | }; |
62 | |
63 | static inline void lib80211_ccmp_aes_encrypt(struct crypto_cipher *tfm, |
64 | const u8 pt[16], u8 ct[16]) |
65 | { |
66 | crypto_cipher_encrypt_one(tfm, ct, pt); |
67 | } |
68 | |
69 | static void *lib80211_ccmp_init(int key_idx) |
70 | { |
71 | struct lib80211_ccmp_data *priv; |
72 | |
73 | priv = kzalloc(sizeof(*priv), GFP_ATOMIC); |
74 | if (priv == NULL) |
75 | goto fail; |
76 | priv->key_idx = key_idx; |
77 | |
78 | priv->tfm = crypto_alloc_cipher("aes", 0, CRYPTO_ALG_ASYNC); |
79 | if (IS_ERR(priv->tfm)) { |
80 | printk(KERN_DEBUG "lib80211_crypt_ccmp: could not allocate " |
81 | "crypto API aes\n"); |
82 | priv->tfm = NULL; |
83 | goto fail; |
84 | } |
85 | |
86 | return priv; |
87 | |
88 | fail: |
89 | if (priv) { |
90 | if (priv->tfm) |
91 | crypto_free_cipher(priv->tfm); |
92 | kfree(priv); |
93 | } |
94 | |
95 | return NULL; |
96 | } |
97 | |
98 | static void lib80211_ccmp_deinit(void *priv) |
99 | { |
100 | struct lib80211_ccmp_data *_priv = priv; |
101 | if (_priv && _priv->tfm) |
102 | crypto_free_cipher(_priv->tfm); |
103 | kfree(priv); |
104 | } |
105 | |
106 | static inline void xor_block(u8 * b, u8 * a, size_t len) |
107 | { |
108 | int i; |
109 | for (i = 0; i < len; i++) |
110 | b[i] ^= a[i]; |
111 | } |
112 | |
113 | static void ccmp_init_blocks(struct crypto_cipher *tfm, |
114 | struct ieee80211_hdr *hdr, |
115 | u8 * pn, size_t dlen, u8 * b0, u8 * auth, u8 * s0) |
116 | { |
117 | u8 *pos, qc = 0; |
118 | size_t aad_len; |
119 | int a4_included, qc_included; |
120 | u8 aad[2 * AES_BLOCK_LEN]; |
121 | |
122 | a4_included = ieee80211_has_a4(hdr->frame_control); |
123 | qc_included = ieee80211_is_data_qos(hdr->frame_control); |
124 | |
125 | aad_len = 22; |
126 | if (a4_included) |
127 | aad_len += 6; |
128 | if (qc_included) { |
129 | pos = (u8 *) & hdr->addr4; |
130 | if (a4_included) |
131 | pos += 6; |
132 | qc = *pos & 0x0f; |
133 | aad_len += 2; |
134 | } |
135 | |
136 | /* CCM Initial Block: |
137 | * Flag (Include authentication header, M=3 (8-octet MIC), |
138 | * L=1 (2-octet Dlen)) |
139 | * Nonce: 0x00 | A2 | PN |
140 | * Dlen */ |
141 | b0[0] = 0x59; |
142 | b0[1] = qc; |
143 | memcpy(b0 + 2, hdr->addr2, ETH_ALEN); |
144 | memcpy(b0 + 8, pn, CCMP_PN_LEN); |
145 | b0[14] = (dlen >> 8) & 0xff; |
146 | b0[15] = dlen & 0xff; |
147 | |
148 | /* AAD: |
149 | * FC with bits 4..6 and 11..13 masked to zero; 14 is always one |
150 | * A1 | A2 | A3 |
151 | * SC with bits 4..15 (seq#) masked to zero |
152 | * A4 (if present) |
153 | * QC (if present) |
154 | */ |
155 | pos = (u8 *) hdr; |
156 | aad[0] = 0; /* aad_len >> 8 */ |
157 | aad[1] = aad_len & 0xff; |
158 | aad[2] = pos[0] & 0x8f; |
159 | aad[3] = pos[1] & 0xc7; |
160 | memcpy(aad + 4, hdr->addr1, 3 * ETH_ALEN); |
161 | pos = (u8 *) & hdr->seq_ctrl; |
162 | aad[22] = pos[0] & 0x0f; |
163 | aad[23] = 0; /* all bits masked */ |
164 | memset(aad + 24, 0, 8); |
165 | if (a4_included) |
166 | memcpy(aad + 24, hdr->addr4, ETH_ALEN); |
167 | if (qc_included) { |
168 | aad[a4_included ? 30 : 24] = qc; |
169 | /* rest of QC masked */ |
170 | } |
171 | |
172 | /* Start with the first block and AAD */ |
173 | lib80211_ccmp_aes_encrypt(tfm, b0, auth); |
174 | xor_block(auth, aad, AES_BLOCK_LEN); |
175 | lib80211_ccmp_aes_encrypt(tfm, auth, auth); |
176 | xor_block(auth, &aad[AES_BLOCK_LEN], AES_BLOCK_LEN); |
177 | lib80211_ccmp_aes_encrypt(tfm, auth, auth); |
178 | b0[0] &= 0x07; |
179 | b0[14] = b0[15] = 0; |
180 | lib80211_ccmp_aes_encrypt(tfm, b0, s0); |
181 | } |
182 | |
183 | static int lib80211_ccmp_hdr(struct sk_buff *skb, int hdr_len, |
184 | u8 *aeskey, int keylen, void *priv) |
185 | { |
186 | struct lib80211_ccmp_data *key = priv; |
187 | int i; |
188 | u8 *pos; |
189 | |
190 | if (skb_headroom(skb) < CCMP_HDR_LEN || skb->len < hdr_len) |
191 | return -1; |
192 | |
193 | if (aeskey != NULL && keylen >= CCMP_TK_LEN) |
194 | memcpy(aeskey, key->key, CCMP_TK_LEN); |
195 | |
196 | pos = skb_push(skb, CCMP_HDR_LEN); |
197 | memmove(pos, pos + CCMP_HDR_LEN, hdr_len); |
198 | pos += hdr_len; |
199 | |
200 | i = CCMP_PN_LEN - 1; |
201 | while (i >= 0) { |
202 | key->tx_pn[i]++; |
203 | if (key->tx_pn[i] != 0) |
204 | break; |
205 | i--; |
206 | } |
207 | |
208 | *pos++ = key->tx_pn[5]; |
209 | *pos++ = key->tx_pn[4]; |
210 | *pos++ = 0; |
211 | *pos++ = (key->key_idx << 6) | (1 << 5) /* Ext IV included */ ; |
212 | *pos++ = key->tx_pn[3]; |
213 | *pos++ = key->tx_pn[2]; |
214 | *pos++ = key->tx_pn[1]; |
215 | *pos++ = key->tx_pn[0]; |
216 | |
217 | return CCMP_HDR_LEN; |
218 | } |
219 | |
220 | static int lib80211_ccmp_encrypt(struct sk_buff *skb, int hdr_len, void *priv) |
221 | { |
222 | struct lib80211_ccmp_data *key = priv; |
223 | int data_len, i, blocks, last, len; |
224 | u8 *pos, *mic; |
225 | struct ieee80211_hdr *hdr; |
226 | u8 *b0 = key->tx_b0; |
227 | u8 *b = key->tx_b; |
228 | u8 *e = key->tx_e; |
229 | u8 *s0 = key->tx_s0; |
230 | |
231 | if (skb_tailroom(skb) < CCMP_MIC_LEN || skb->len < hdr_len) |
232 | return -1; |
233 | |
234 | data_len = skb->len - hdr_len; |
235 | len = lib80211_ccmp_hdr(skb, hdr_len, NULL, 0, priv); |
236 | if (len < 0) |
237 | return -1; |
238 | |
239 | pos = skb->data + hdr_len + CCMP_HDR_LEN; |
240 | mic = skb_put(skb, CCMP_MIC_LEN); |
241 | hdr = (struct ieee80211_hdr *)skb->data; |
242 | ccmp_init_blocks(key->tfm, hdr, key->tx_pn, data_len, b0, b, s0); |
243 | |
244 | blocks = DIV_ROUND_UP(data_len, AES_BLOCK_LEN); |
245 | last = data_len % AES_BLOCK_LEN; |
246 | |
247 | for (i = 1; i <= blocks; i++) { |
248 | len = (i == blocks && last) ? last : AES_BLOCK_LEN; |
249 | /* Authentication */ |
250 | xor_block(b, pos, len); |
251 | lib80211_ccmp_aes_encrypt(key->tfm, b, b); |
252 | /* Encryption, with counter */ |
253 | b0[14] = (i >> 8) & 0xff; |
254 | b0[15] = i & 0xff; |
255 | lib80211_ccmp_aes_encrypt(key->tfm, b0, e); |
256 | xor_block(pos, e, len); |
257 | pos += len; |
258 | } |
259 | |
260 | for (i = 0; i < CCMP_MIC_LEN; i++) |
261 | mic[i] = b[i] ^ s0[i]; |
262 | |
263 | return 0; |
264 | } |
265 | |
266 | /* |
267 | * deal with seq counter wrapping correctly. |
268 | * refer to timer_after() for jiffies wrapping handling |
269 | */ |
270 | static inline int ccmp_replay_check(u8 *pn_n, u8 *pn_o) |
271 | { |
272 | u32 iv32_n, iv16_n; |
273 | u32 iv32_o, iv16_o; |
274 | |
275 | iv32_n = (pn_n[0] << 24) | (pn_n[1] << 16) | (pn_n[2] << 8) | pn_n[3]; |
276 | iv16_n = (pn_n[4] << 8) | pn_n[5]; |
277 | |
278 | iv32_o = (pn_o[0] << 24) | (pn_o[1] << 16) | (pn_o[2] << 8) | pn_o[3]; |
279 | iv16_o = (pn_o[4] << 8) | pn_o[5]; |
280 | |
281 | if ((s32)iv32_n - (s32)iv32_o < 0 || |
282 | (iv32_n == iv32_o && iv16_n <= iv16_o)) |
283 | return 1; |
284 | return 0; |
285 | } |
286 | |
287 | static int lib80211_ccmp_decrypt(struct sk_buff *skb, int hdr_len, void *priv) |
288 | { |
289 | struct lib80211_ccmp_data *key = priv; |
290 | u8 keyidx, *pos; |
291 | struct ieee80211_hdr *hdr; |
292 | u8 *b0 = key->rx_b0; |
293 | u8 *b = key->rx_b; |
294 | u8 *a = key->rx_a; |
295 | u8 pn[6]; |
296 | int i, blocks, last, len; |
297 | size_t data_len = skb->len - hdr_len - CCMP_HDR_LEN - CCMP_MIC_LEN; |
298 | u8 *mic = skb->data + skb->len - CCMP_MIC_LEN; |
299 | |
300 | if (skb->len < hdr_len + CCMP_HDR_LEN + CCMP_MIC_LEN) { |
301 | key->dot11RSNAStatsCCMPFormatErrors++; |
302 | return -1; |
303 | } |
304 | |
305 | hdr = (struct ieee80211_hdr *)skb->data; |
306 | pos = skb->data + hdr_len; |
307 | keyidx = pos[3]; |
308 | if (!(keyidx & (1 << 5))) { |
309 | if (net_ratelimit()) { |
310 | printk(KERN_DEBUG "CCMP: received packet without ExtIV" |
311 | " flag from %pM\n", hdr->addr2); |
312 | } |
313 | key->dot11RSNAStatsCCMPFormatErrors++; |
314 | return -2; |
315 | } |
316 | keyidx >>= 6; |
317 | if (key->key_idx != keyidx) { |
318 | printk(KERN_DEBUG "CCMP: RX tkey->key_idx=%d frame " |
319 | "keyidx=%d priv=%p\n", key->key_idx, keyidx, priv); |
320 | return -6; |
321 | } |
322 | if (!key->key_set) { |
323 | if (net_ratelimit()) { |
324 | printk(KERN_DEBUG "CCMP: received packet from %pM" |
325 | " with keyid=%d that does not have a configured" |
326 | " key\n", hdr->addr2, keyidx); |
327 | } |
328 | return -3; |
329 | } |
330 | |
331 | pn[0] = pos[7]; |
332 | pn[1] = pos[6]; |
333 | pn[2] = pos[5]; |
334 | pn[3] = pos[4]; |
335 | pn[4] = pos[1]; |
336 | pn[5] = pos[0]; |
337 | pos += 8; |
338 | |
339 | if (ccmp_replay_check(pn, key->rx_pn)) { |
340 | #ifdef CONFIG_LIB80211_DEBUG |
341 | if (net_ratelimit()) { |
342 | printk(KERN_DEBUG "CCMP: replay detected: STA=%pM " |
343 | "previous PN %02x%02x%02x%02x%02x%02x " |
344 | "received PN %02x%02x%02x%02x%02x%02x\n", |
345 | hdr->addr2, |
346 | key->rx_pn[0], key->rx_pn[1], key->rx_pn[2], |
347 | key->rx_pn[3], key->rx_pn[4], key->rx_pn[5], |
348 | pn[0], pn[1], pn[2], pn[3], pn[4], pn[5]); |
349 | } |
350 | #endif |
351 | key->dot11RSNAStatsCCMPReplays++; |
352 | return -4; |
353 | } |
354 | |
355 | ccmp_init_blocks(key->tfm, hdr, pn, data_len, b0, a, b); |
356 | xor_block(mic, b, CCMP_MIC_LEN); |
357 | |
358 | blocks = DIV_ROUND_UP(data_len, AES_BLOCK_LEN); |
359 | last = data_len % AES_BLOCK_LEN; |
360 | |
361 | for (i = 1; i <= blocks; i++) { |
362 | len = (i == blocks && last) ? last : AES_BLOCK_LEN; |
363 | /* Decrypt, with counter */ |
364 | b0[14] = (i >> 8) & 0xff; |
365 | b0[15] = i & 0xff; |
366 | lib80211_ccmp_aes_encrypt(key->tfm, b0, b); |
367 | xor_block(pos, b, len); |
368 | /* Authentication */ |
369 | xor_block(a, pos, len); |
370 | lib80211_ccmp_aes_encrypt(key->tfm, a, a); |
371 | pos += len; |
372 | } |
373 | |
374 | if (memcmp(mic, a, CCMP_MIC_LEN) != 0) { |
375 | if (net_ratelimit()) { |
376 | printk(KERN_DEBUG "CCMP: decrypt failed: STA=" |
377 | "%pM\n", hdr->addr2); |
378 | } |
379 | key->dot11RSNAStatsCCMPDecryptErrors++; |
380 | return -5; |
381 | } |
382 | |
383 | memcpy(key->rx_pn, pn, CCMP_PN_LEN); |
384 | |
385 | /* Remove hdr and MIC */ |
386 | memmove(skb->data + CCMP_HDR_LEN, skb->data, hdr_len); |
387 | skb_pull(skb, CCMP_HDR_LEN); |
388 | skb_trim(skb, skb->len - CCMP_MIC_LEN); |
389 | |
390 | return keyidx; |
391 | } |
392 | |
393 | static int lib80211_ccmp_set_key(void *key, int len, u8 * seq, void *priv) |
394 | { |
395 | struct lib80211_ccmp_data *data = priv; |
396 | int keyidx; |
397 | struct crypto_cipher *tfm = data->tfm; |
398 | |
399 | keyidx = data->key_idx; |
400 | memset(data, 0, sizeof(*data)); |
401 | data->key_idx = keyidx; |
402 | data->tfm = tfm; |
403 | if (len == CCMP_TK_LEN) { |
404 | memcpy(data->key, key, CCMP_TK_LEN); |
405 | data->key_set = 1; |
406 | if (seq) { |
407 | data->rx_pn[0] = seq[5]; |
408 | data->rx_pn[1] = seq[4]; |
409 | data->rx_pn[2] = seq[3]; |
410 | data->rx_pn[3] = seq[2]; |
411 | data->rx_pn[4] = seq[1]; |
412 | data->rx_pn[5] = seq[0]; |
413 | } |
414 | crypto_cipher_setkey(data->tfm, data->key, CCMP_TK_LEN); |
415 | } else if (len == 0) |
416 | data->key_set = 0; |
417 | else |
418 | return -1; |
419 | |
420 | return 0; |
421 | } |
422 | |
423 | static int lib80211_ccmp_get_key(void *key, int len, u8 * seq, void *priv) |
424 | { |
425 | struct lib80211_ccmp_data *data = priv; |
426 | |
427 | if (len < CCMP_TK_LEN) |
428 | return -1; |
429 | |
430 | if (!data->key_set) |
431 | return 0; |
432 | memcpy(key, data->key, CCMP_TK_LEN); |
433 | |
434 | if (seq) { |
435 | seq[0] = data->tx_pn[5]; |
436 | seq[1] = data->tx_pn[4]; |
437 | seq[2] = data->tx_pn[3]; |
438 | seq[3] = data->tx_pn[2]; |
439 | seq[4] = data->tx_pn[1]; |
440 | seq[5] = data->tx_pn[0]; |
441 | } |
442 | |
443 | return CCMP_TK_LEN; |
444 | } |
445 | |
446 | static char *lib80211_ccmp_print_stats(char *p, void *priv) |
447 | { |
448 | struct lib80211_ccmp_data *ccmp = priv; |
449 | |
450 | p += sprintf(p, "key[%d] alg=CCMP key_set=%d " |
451 | "tx_pn=%02x%02x%02x%02x%02x%02x " |
452 | "rx_pn=%02x%02x%02x%02x%02x%02x " |
453 | "format_errors=%d replays=%d decrypt_errors=%d\n", |
454 | ccmp->key_idx, ccmp->key_set, |
455 | ccmp->tx_pn[0], ccmp->tx_pn[1], ccmp->tx_pn[2], |
456 | ccmp->tx_pn[3], ccmp->tx_pn[4], ccmp->tx_pn[5], |
457 | ccmp->rx_pn[0], ccmp->rx_pn[1], ccmp->rx_pn[2], |
458 | ccmp->rx_pn[3], ccmp->rx_pn[4], ccmp->rx_pn[5], |
459 | ccmp->dot11RSNAStatsCCMPFormatErrors, |
460 | ccmp->dot11RSNAStatsCCMPReplays, |
461 | ccmp->dot11RSNAStatsCCMPDecryptErrors); |
462 | |
463 | return p; |
464 | } |
465 | |
466 | static struct lib80211_crypto_ops lib80211_crypt_ccmp = { |
467 | .name = "CCMP", |
468 | .init = lib80211_ccmp_init, |
469 | .deinit = lib80211_ccmp_deinit, |
470 | .build_iv = lib80211_ccmp_hdr, |
471 | .encrypt_mpdu = lib80211_ccmp_encrypt, |
472 | .decrypt_mpdu = lib80211_ccmp_decrypt, |
473 | .encrypt_msdu = NULL, |
474 | .decrypt_msdu = NULL, |
475 | .set_key = lib80211_ccmp_set_key, |
476 | .get_key = lib80211_ccmp_get_key, |
477 | .print_stats = lib80211_ccmp_print_stats, |
478 | .extra_mpdu_prefix_len = CCMP_HDR_LEN, |
479 | .extra_mpdu_postfix_len = CCMP_MIC_LEN, |
480 | .owner = THIS_MODULE, |
481 | }; |
482 | |
483 | static int __init lib80211_crypto_ccmp_init(void) |
484 | { |
485 | return lib80211_register_crypto_ops(&lib80211_crypt_ccmp); |
486 | } |
487 | |
488 | static void __exit lib80211_crypto_ccmp_exit(void) |
489 | { |
490 | lib80211_unregister_crypto_ops(&lib80211_crypt_ccmp); |
491 | } |
492 | |
493 | module_init(lib80211_crypto_ccmp_init); |
494 | module_exit(lib80211_crypto_ccmp_exit); |
495 |
Branches:
ben-wpan
ben-wpan-stefan
javiroman/ks7010
jz-2.6.34
jz-2.6.34-rc5
jz-2.6.34-rc6
jz-2.6.34-rc7
jz-2.6.35
jz-2.6.36
jz-2.6.37
jz-2.6.38
jz-2.6.39
jz-3.0
jz-3.1
jz-3.11
jz-3.12
jz-3.13
jz-3.15
jz-3.16
jz-3.18-dt
jz-3.2
jz-3.3
jz-3.4
jz-3.5
jz-3.6
jz-3.6-rc2-pwm
jz-3.9
jz-3.9-clk
jz-3.9-rc8
jz47xx
jz47xx-2.6.38
master
Tags:
od-2011-09-04
od-2011-09-18
v2.6.34-rc5
v2.6.34-rc6
v2.6.34-rc7
v3.9