| Jiri Benc | f0706e8 | 2007-05-05 11:45:53 -0700 | [diff] [blame] | 1 | /* |
| 2 | * Michael MIC implementation - optimized for TKIP MIC operations |
| 3 | * Copyright 2002-2003, Instant802 Networks, Inc. |
| 4 | * |
| 5 | * This program is free software; you can redistribute it and/or modify |
| 6 | * it under the terms of the GNU General Public License version 2 as |
| 7 | * published by the Free Software Foundation. |
| 8 | */ |
| 9 | |
| 10 | #include <linux/types.h> |
| 11 | |
| 12 | #include "michael.h" |
| 13 | |
| 14 | static inline u32 rotr(u32 val, int bits) |
| 15 | { |
| 16 | return (val >> bits) | (val << (32 - bits)); |
| 17 | } |
| 18 | |
| 19 | |
| 20 | static inline u32 rotl(u32 val, int bits) |
| 21 | { |
| 22 | return (val << bits) | (val >> (32 - bits)); |
| 23 | } |
| 24 | |
| 25 | |
| 26 | static inline u32 xswap(u32 val) |
| 27 | { |
| 28 | return ((val & 0xff00ff00) >> 8) | ((val & 0x00ff00ff) << 8); |
| 29 | } |
| 30 | |
| 31 | |
| 32 | #define michael_block(l, r) \ |
| 33 | do { \ |
| 34 | r ^= rotl(l, 17); \ |
| 35 | l += r; \ |
| 36 | r ^= xswap(l); \ |
| 37 | l += r; \ |
| 38 | r ^= rotl(l, 3); \ |
| 39 | l += r; \ |
| 40 | r ^= rotr(l, 2); \ |
| 41 | l += r; \ |
| 42 | } while (0) |
| 43 | |
| 44 | |
| 45 | static inline u32 michael_get32(u8 *data) |
| 46 | { |
| 47 | return data[0] | (data[1] << 8) | (data[2] << 16) | (data[3] << 24); |
| 48 | } |
| 49 | |
| 50 | |
| 51 | static inline void michael_put32(u32 val, u8 *data) |
| 52 | { |
| 53 | data[0] = val & 0xff; |
| 54 | data[1] = (val >> 8) & 0xff; |
| 55 | data[2] = (val >> 16) & 0xff; |
| 56 | data[3] = (val >> 24) & 0xff; |
| 57 | } |
| 58 | |
| 59 | |
| 60 | void michael_mic(u8 *key, u8 *da, u8 *sa, u8 priority, |
| 61 | u8 *data, size_t data_len, u8 *mic) |
| 62 | { |
| 63 | u32 l, r, val; |
| 64 | size_t block, blocks, left; |
| 65 | |
| 66 | l = michael_get32(key); |
| 67 | r = michael_get32(key + 4); |
| 68 | |
| 69 | /* A pseudo header (DA, SA, Priority, 0, 0, 0) is used in Michael MIC |
| 70 | * calculation, but it is _not_ transmitted */ |
| 71 | l ^= michael_get32(da); |
| 72 | michael_block(l, r); |
| 73 | l ^= da[4] | (da[5] << 8) | (sa[0] << 16) | (sa[1] << 24); |
| 74 | michael_block(l, r); |
| 75 | l ^= michael_get32(&sa[2]); |
| 76 | michael_block(l, r); |
| 77 | l ^= priority; |
| 78 | michael_block(l, r); |
| 79 | |
| 80 | /* Real data */ |
| 81 | blocks = data_len / 4; |
| 82 | left = data_len % 4; |
| 83 | |
| 84 | for (block = 0; block < blocks; block++) { |
| 85 | l ^= michael_get32(&data[block * 4]); |
| 86 | michael_block(l, r); |
| 87 | } |
| 88 | |
| 89 | /* Partial block of 0..3 bytes and padding: 0x5a + 4..7 zeros to make |
| 90 | * total length a multiple of 4. */ |
| 91 | val = 0x5a; |
| 92 | while (left > 0) { |
| 93 | val <<= 8; |
| 94 | left--; |
| 95 | val |= data[blocks * 4 + left]; |
| 96 | } |
| 97 | l ^= val; |
| 98 | michael_block(l, r); |
| 99 | /* last block is zero, so l ^ 0 = l */ |
| 100 | michael_block(l, r); |
| 101 | |
| 102 | michael_put32(l, mic); |
| 103 | michael_put32(r, mic + 4); |
| 104 | } |