linux/net/mac80211/wpa.c
<<
>>
Prefs
   1/*
   2 * Copyright 2002-2004, Instant802 Networks, Inc.
   3 * Copyright 2008, Jouni Malinen <j@w1.fi>
   4 *
   5 * This program is free software; you can redistribute it and/or modify
   6 * it under the terms of the GNU General Public License version 2 as
   7 * published by the Free Software Foundation.
   8 */
   9
  10#include <linux/netdevice.h>
  11#include <linux/types.h>
  12#include <linux/skbuff.h>
  13#include <linux/compiler.h>
  14#include <linux/ieee80211.h>
  15#include <linux/gfp.h>
  16#include <asm/unaligned.h>
  17#include <net/mac80211.h>
  18#include <crypto/aes.h>
  19
  20#include "ieee80211_i.h"
  21#include "michael.h"
  22#include "tkip.h"
  23#include "aes_ccm.h"
  24#include "aes_cmac.h"
  25#include "wpa.h"
  26
  27ieee80211_tx_result
  28ieee80211_tx_h_michael_mic_add(struct ieee80211_tx_data *tx)
  29{
  30        u8 *data, *key, *mic;
  31        size_t data_len;
  32        unsigned int hdrlen;
  33        struct ieee80211_hdr *hdr;
  34        struct sk_buff *skb = tx->skb;
  35        struct ieee80211_tx_info *info = IEEE80211_SKB_CB(skb);
  36        int tail;
  37
  38        hdr = (struct ieee80211_hdr *)skb->data;
  39        if (!tx->key || tx->key->conf.cipher != WLAN_CIPHER_SUITE_TKIP ||
  40            skb->len < 24 || !ieee80211_is_data_present(hdr->frame_control))
  41                return TX_CONTINUE;
  42
  43        hdrlen = ieee80211_hdrlen(hdr->frame_control);
  44        if (skb->len < hdrlen)
  45                return TX_DROP;
  46
  47        data = skb->data + hdrlen;
  48        data_len = skb->len - hdrlen;
  49
  50        if (unlikely(info->flags & IEEE80211_TX_INTFL_TKIP_MIC_FAILURE)) {
  51                /* Need to use software crypto for the test */
  52                info->control.hw_key = NULL;
  53        }
  54
  55        if (info->control.hw_key &&
  56            (info->flags & IEEE80211_TX_CTL_DONTFRAG ||
  57             tx->local->ops->set_frag_threshold) &&
  58            !(tx->key->conf.flags & IEEE80211_KEY_FLAG_GENERATE_MMIC)) {
  59                /* hwaccel - with no need for SW-generated MMIC */
  60                return TX_CONTINUE;
  61        }
  62
  63        tail = MICHAEL_MIC_LEN;
  64        if (!info->control.hw_key)
  65                tail += TKIP_ICV_LEN;
  66
  67        if (WARN_ON(skb_tailroom(skb) < tail ||
  68                    skb_headroom(skb) < TKIP_IV_LEN))
  69                return TX_DROP;
  70
  71        key = &tx->key->conf.key[NL80211_TKIP_DATA_OFFSET_TX_MIC_KEY];
  72        mic = skb_put(skb, MICHAEL_MIC_LEN);
  73        michael_mic(key, hdr, data, data_len, mic);
  74        if (unlikely(info->flags & IEEE80211_TX_INTFL_TKIP_MIC_FAILURE))
  75                mic[0]++;
  76
  77        return TX_CONTINUE;
  78}
  79
  80
  81ieee80211_rx_result
  82ieee80211_rx_h_michael_mic_verify(struct ieee80211_rx_data *rx)
  83{
  84        u8 *data, *key = NULL;
  85        size_t data_len;
  86        unsigned int hdrlen;
  87        u8 mic[MICHAEL_MIC_LEN];
  88        struct sk_buff *skb = rx->skb;
  89        struct ieee80211_rx_status *status = IEEE80211_SKB_RXCB(skb);
  90        struct ieee80211_hdr *hdr = (struct ieee80211_hdr *)skb->data;
  91
  92        /*
  93         * it makes no sense to check for MIC errors on anything other
  94         * than data frames.
  95         */
  96        if (!ieee80211_is_data_present(hdr->frame_control))
  97                return RX_CONTINUE;
  98
  99        /*
 100         * No way to verify the MIC if the hardware stripped it or
 101         * the IV with the key index. In this case we have solely rely
 102         * on the driver to set RX_FLAG_MMIC_ERROR in the event of a
 103         * MIC failure report.
 104         */
 105        if (status->flag & (RX_FLAG_MMIC_STRIPPED | RX_FLAG_IV_STRIPPED)) {
 106                if (status->flag & RX_FLAG_MMIC_ERROR)
 107                        goto mic_fail;
 108
 109                if (!(status->flag & RX_FLAG_IV_STRIPPED) && rx->key)
 110                        goto update_iv;
 111
 112                return RX_CONTINUE;
 113        }
 114
 115        /*
 116         * Some hardware seems to generate Michael MIC failure reports; even
 117         * though, the frame was not encrypted with TKIP and therefore has no
 118         * MIC. Ignore the flag them to avoid triggering countermeasures.
 119         */
 120        if (!rx->key || rx->key->conf.cipher != WLAN_CIPHER_SUITE_TKIP ||
 121            !(status->flag & RX_FLAG_DECRYPTED))
 122                return RX_CONTINUE;
 123
 124        if (rx->sdata->vif.type == NL80211_IFTYPE_AP && rx->key->conf.keyidx) {
 125                /*
 126                 * APs with pairwise keys should never receive Michael MIC
 127                 * errors for non-zero keyidx because these are reserved for
 128                 * group keys and only the AP is sending real multicast
 129                 * frames in the BSS. (
 130                 */
 131                return RX_DROP_UNUSABLE;
 132        }
 133
 134        if (status->flag & RX_FLAG_MMIC_ERROR)
 135                goto mic_fail;
 136
 137        hdrlen = ieee80211_hdrlen(hdr->frame_control);
 138        if (skb->len < hdrlen + MICHAEL_MIC_LEN)
 139                return RX_DROP_UNUSABLE;
 140
 141        if (skb_linearize(rx->skb))
 142                return RX_DROP_UNUSABLE;
 143        hdr = (void *)skb->data;
 144
 145        data = skb->data + hdrlen;
 146        data_len = skb->len - hdrlen - MICHAEL_MIC_LEN;
 147        key = &rx->key->conf.key[NL80211_TKIP_DATA_OFFSET_RX_MIC_KEY];
 148        michael_mic(key, hdr, data, data_len, mic);
 149        if (memcmp(mic, data + data_len, MICHAEL_MIC_LEN) != 0)
 150                goto mic_fail;
 151
 152        /* remove Michael MIC from payload */
 153        skb_trim(skb, skb->len - MICHAEL_MIC_LEN);
 154
 155update_iv:
 156        /* update IV in key information to be able to detect replays */
 157        rx->key->u.tkip.rx[rx->security_idx].iv32 = rx->tkip_iv32;
 158        rx->key->u.tkip.rx[rx->security_idx].iv16 = rx->tkip_iv16;
 159
 160        return RX_CONTINUE;
 161
 162mic_fail:
 163        /*
 164         * In some cases the key can be unset - e.g. a multicast packet, in
 165         * a driver that supports HW encryption. Send up the key idx only if
 166         * the key is set.
 167         */
 168        mac80211_ev_michael_mic_failure(rx->sdata,
 169                                        rx->key ? rx->key->conf.keyidx : -1,
 170                                        (void *) skb->data, NULL, GFP_ATOMIC);
 171        return RX_DROP_UNUSABLE;
 172}
 173
 174
 175static int tkip_encrypt_skb(struct ieee80211_tx_data *tx, struct sk_buff *skb)
 176{
 177        struct ieee80211_hdr *hdr = (struct ieee80211_hdr *) skb->data;
 178        struct ieee80211_key *key = tx->key;
 179        struct ieee80211_tx_info *info = IEEE80211_SKB_CB(skb);
 180        unsigned long flags;
 181        unsigned int hdrlen;
 182        int len, tail;
 183        u8 *pos;
 184
 185        if (info->control.hw_key &&
 186            !(info->control.hw_key->flags & IEEE80211_KEY_FLAG_GENERATE_IV) &&
 187            !(info->control.hw_key->flags & IEEE80211_KEY_FLAG_PUT_IV_SPACE)) {
 188                /* hwaccel - with no need for software-generated IV */
 189                return 0;
 190        }
 191
 192        hdrlen = ieee80211_hdrlen(hdr->frame_control);
 193        len = skb->len - hdrlen;
 194
 195        if (info->control.hw_key)
 196                tail = 0;
 197        else
 198                tail = TKIP_ICV_LEN;
 199
 200        if (WARN_ON(skb_tailroom(skb) < tail ||
 201                    skb_headroom(skb) < TKIP_IV_LEN))
 202                return -1;
 203
 204        pos = skb_push(skb, TKIP_IV_LEN);
 205        memmove(pos, pos + TKIP_IV_LEN, hdrlen);
 206        skb_set_network_header(skb, skb_network_offset(skb) + TKIP_IV_LEN);
 207        pos += hdrlen;
 208
 209        /* the HW only needs room for the IV, but not the actual IV */
 210        if (info->control.hw_key &&
 211            (info->control.hw_key->flags & IEEE80211_KEY_FLAG_PUT_IV_SPACE))
 212                return 0;
 213
 214        /* Increase IV for the frame */
 215        spin_lock_irqsave(&key->u.tkip.txlock, flags);
 216        key->u.tkip.tx.iv16++;
 217        if (key->u.tkip.tx.iv16 == 0)
 218                key->u.tkip.tx.iv32++;
 219        pos = ieee80211_tkip_add_iv(pos, key);
 220        spin_unlock_irqrestore(&key->u.tkip.txlock, flags);
 221
 222        /* hwaccel - with software IV */
 223        if (info->control.hw_key)
 224                return 0;
 225
 226        /* Add room for ICV */
 227        skb_put(skb, TKIP_ICV_LEN);
 228
 229        return ieee80211_tkip_encrypt_data(tx->local->wep_tx_tfm,
 230                                           key, skb, pos, len);
 231}
 232
 233
 234ieee80211_tx_result
 235ieee80211_crypto_tkip_encrypt(struct ieee80211_tx_data *tx)
 236{
 237        struct sk_buff *skb;
 238
 239        ieee80211_tx_set_protected(tx);
 240
 241        skb_queue_walk(&tx->skbs, skb) {
 242                if (tkip_encrypt_skb(tx, skb) < 0)
 243                        return TX_DROP;
 244        }
 245
 246        return TX_CONTINUE;
 247}
 248
 249
 250ieee80211_rx_result
 251ieee80211_crypto_tkip_decrypt(struct ieee80211_rx_data *rx)
 252{
 253        struct ieee80211_hdr *hdr = (struct ieee80211_hdr *) rx->skb->data;
 254        int hdrlen, res, hwaccel = 0;
 255        struct ieee80211_key *key = rx->key;
 256        struct sk_buff *skb = rx->skb;
 257        struct ieee80211_rx_status *status = IEEE80211_SKB_RXCB(skb);
 258
 259        hdrlen = ieee80211_hdrlen(hdr->frame_control);
 260
 261        if (!ieee80211_is_data(hdr->frame_control))
 262                return RX_CONTINUE;
 263
 264        if (!rx->sta || skb->len - hdrlen < 12)
 265                return RX_DROP_UNUSABLE;
 266
 267        /* it may be possible to optimize this a bit more */
 268        if (skb_linearize(rx->skb))
 269                return RX_DROP_UNUSABLE;
 270        hdr = (void *)skb->data;
 271
 272        /*
 273         * Let TKIP code verify IV, but skip decryption.
 274         * In the case where hardware checks the IV as well,
 275         * we don't even get here, see ieee80211_rx_h_decrypt()
 276         */
 277        if (status->flag & RX_FLAG_DECRYPTED)
 278                hwaccel = 1;
 279
 280        res = ieee80211_tkip_decrypt_data(rx->local->wep_rx_tfm,
 281                                          key, skb->data + hdrlen,
 282                                          skb->len - hdrlen, rx->sta->sta.addr,
 283                                          hdr->addr1, hwaccel, rx->security_idx,
 284                                          &rx->tkip_iv32,
 285                                          &rx->tkip_iv16);
 286        if (res != TKIP_DECRYPT_OK)
 287                return RX_DROP_UNUSABLE;
 288
 289        /* Trim ICV */
 290        skb_trim(skb, skb->len - TKIP_ICV_LEN);
 291
 292        /* Remove IV */
 293        memmove(skb->data + TKIP_IV_LEN, skb->data, hdrlen);
 294        skb_pull(skb, TKIP_IV_LEN);
 295
 296        return RX_CONTINUE;
 297}
 298
 299
 300static void ccmp_special_blocks(struct sk_buff *skb, u8 *pn, u8 *scratch,
 301                                int encrypted)
 302{
 303        __le16 mask_fc;
 304        int a4_included, mgmt;
 305        u8 qos_tid;
 306        u8 *b_0, *aad;
 307        u16 data_len, len_a;
 308        unsigned int hdrlen;
 309        struct ieee80211_hdr *hdr = (struct ieee80211_hdr *)skb->data;
 310
 311        memset(scratch, 0, 6 * AES_BLOCK_SIZE);
 312
 313        b_0 = scratch + 3 * AES_BLOCK_SIZE;
 314        aad = scratch + 4 * AES_BLOCK_SIZE;
 315
 316        /*
 317         * Mask FC: zero subtype b4 b5 b6 (if not mgmt)
 318         * Retry, PwrMgt, MoreData; set Protected
 319         */
 320        mgmt = ieee80211_is_mgmt(hdr->frame_control);
 321        mask_fc = hdr->frame_control;
 322        mask_fc &= ~cpu_to_le16(IEEE80211_FCTL_RETRY |
 323                                IEEE80211_FCTL_PM | IEEE80211_FCTL_MOREDATA);
 324        if (!mgmt)
 325                mask_fc &= ~cpu_to_le16(0x0070);
 326        mask_fc |= cpu_to_le16(IEEE80211_FCTL_PROTECTED);
 327
 328        hdrlen = ieee80211_hdrlen(hdr->frame_control);
 329        len_a = hdrlen - 2;
 330        a4_included = ieee80211_has_a4(hdr->frame_control);
 331
 332        if (ieee80211_is_data_qos(hdr->frame_control))
 333                qos_tid = *ieee80211_get_qos_ctl(hdr) & IEEE80211_QOS_CTL_TID_MASK;
 334        else
 335                qos_tid = 0;
 336
 337        data_len = skb->len - hdrlen - CCMP_HDR_LEN;
 338        if (encrypted)
 339                data_len -= CCMP_MIC_LEN;
 340
 341        /* First block, b_0 */
 342        b_0[0] = 0x59; /* flags: Adata: 1, M: 011, L: 001 */
 343        /* Nonce: Nonce Flags | A2 | PN
 344         * Nonce Flags: Priority (b0..b3) | Management (b4) | Reserved (b5..b7)
 345         */
 346        b_0[1] = qos_tid | (mgmt << 4);
 347        memcpy(&b_0[2], hdr->addr2, ETH_ALEN);
 348        memcpy(&b_0[8], pn, CCMP_PN_LEN);
 349        /* l(m) */
 350        put_unaligned_be16(data_len, &b_0[14]);
 351
 352        /* AAD (extra authenticate-only data) / masked 802.11 header
 353         * FC | A1 | A2 | A3 | SC | [A4] | [QC] */
 354        put_unaligned_be16(len_a, &aad[0]);
 355        put_unaligned(mask_fc, (__le16 *)&aad[2]);
 356        memcpy(&aad[4], &hdr->addr1, 3 * ETH_ALEN);
 357
 358        /* Mask Seq#, leave Frag# */
 359        aad[22] = *((u8 *) &hdr->seq_ctrl) & 0x0f;
 360        aad[23] = 0;
 361
 362        if (a4_included) {
 363                memcpy(&aad[24], hdr->addr4, ETH_ALEN);
 364                aad[30] = qos_tid;
 365                aad[31] = 0;
 366        } else {
 367                memset(&aad[24], 0, ETH_ALEN + IEEE80211_QOS_CTL_LEN);
 368                aad[24] = qos_tid;
 369        }
 370}
 371
 372
 373static inline void ccmp_pn2hdr(u8 *hdr, u8 *pn, int key_id)
 374{
 375        hdr[0] = pn[5];
 376        hdr[1] = pn[4];
 377        hdr[2] = 0;
 378        hdr[3] = 0x20 | (key_id << 6);
 379        hdr[4] = pn[3];
 380        hdr[5] = pn[2];
 381        hdr[6] = pn[1];
 382        hdr[7] = pn[0];
 383}
 384
 385
 386static inline void ccmp_hdr2pn(u8 *pn, u8 *hdr)
 387{
 388        pn[0] = hdr[7];
 389        pn[1] = hdr[6];
 390        pn[2] = hdr[5];
 391        pn[3] = hdr[4];
 392        pn[4] = hdr[1];
 393        pn[5] = hdr[0];
 394}
 395
 396
 397static int ccmp_encrypt_skb(struct ieee80211_tx_data *tx, struct sk_buff *skb)
 398{
 399        struct ieee80211_hdr *hdr = (struct ieee80211_hdr *) skb->data;
 400        struct ieee80211_key *key = tx->key;
 401        struct ieee80211_tx_info *info = IEEE80211_SKB_CB(skb);
 402        int hdrlen, len, tail;
 403        u8 *pos;
 404        u8 pn[6];
 405        u64 pn64;
 406        u8 scratch[6 * AES_BLOCK_SIZE];
 407
 408        if (info->control.hw_key &&
 409            !(info->control.hw_key->flags & IEEE80211_KEY_FLAG_GENERATE_IV) &&
 410            !(info->control.hw_key->flags & IEEE80211_KEY_FLAG_PUT_IV_SPACE)) {
 411                /*
 412                 * hwaccel has no need for preallocated room for CCMP
 413                 * header or MIC fields
 414                 */
 415                return 0;
 416        }
 417
 418        hdrlen = ieee80211_hdrlen(hdr->frame_control);
 419        len = skb->len - hdrlen;
 420
 421        if (info->control.hw_key)
 422                tail = 0;
 423        else
 424                tail = CCMP_MIC_LEN;
 425
 426        if (WARN_ON(skb_tailroom(skb) < tail ||
 427                    skb_headroom(skb) < CCMP_HDR_LEN))
 428                return -1;
 429
 430        pos = skb_push(skb, CCMP_HDR_LEN);
 431        memmove(pos, pos + CCMP_HDR_LEN, hdrlen);
 432        skb_set_network_header(skb, skb_network_offset(skb) + CCMP_HDR_LEN);
 433
 434        /* the HW only needs room for the IV, but not the actual IV */
 435        if (info->control.hw_key &&
 436            (info->control.hw_key->flags & IEEE80211_KEY_FLAG_PUT_IV_SPACE))
 437                return 0;
 438
 439        hdr = (struct ieee80211_hdr *) pos;
 440        pos += hdrlen;
 441
 442        pn64 = atomic64_inc_return(&key->u.ccmp.tx_pn);
 443
 444        pn[5] = pn64;
 445        pn[4] = pn64 >> 8;
 446        pn[3] = pn64 >> 16;
 447        pn[2] = pn64 >> 24;
 448        pn[1] = pn64 >> 32;
 449        pn[0] = pn64 >> 40;
 450
 451        ccmp_pn2hdr(pos, pn, key->conf.keyidx);
 452
 453        /* hwaccel - with software CCMP header */
 454        if (info->control.hw_key)
 455                return 0;
 456
 457        pos += CCMP_HDR_LEN;
 458        ccmp_special_blocks(skb, pn, scratch, 0);
 459        ieee80211_aes_ccm_encrypt(key->u.ccmp.tfm, scratch, pos, len,
 460                                  pos, skb_put(skb, CCMP_MIC_LEN));
 461
 462        return 0;
 463}
 464
 465
 466ieee80211_tx_result
 467ieee80211_crypto_ccmp_encrypt(struct ieee80211_tx_data *tx)
 468{
 469        struct sk_buff *skb;
 470
 471        ieee80211_tx_set_protected(tx);
 472
 473        skb_queue_walk(&tx->skbs, skb) {
 474                if (ccmp_encrypt_skb(tx, skb) < 0)
 475                        return TX_DROP;
 476        }
 477
 478        return TX_CONTINUE;
 479}
 480
 481
 482ieee80211_rx_result
 483ieee80211_crypto_ccmp_decrypt(struct ieee80211_rx_data *rx)
 484{
 485        struct ieee80211_hdr *hdr = (struct ieee80211_hdr *)rx->skb->data;
 486        int hdrlen;
 487        struct ieee80211_key *key = rx->key;
 488        struct sk_buff *skb = rx->skb;
 489        struct ieee80211_rx_status *status = IEEE80211_SKB_RXCB(skb);
 490        u8 pn[CCMP_PN_LEN];
 491        int data_len;
 492        int queue;
 493
 494        hdrlen = ieee80211_hdrlen(hdr->frame_control);
 495
 496        if (!ieee80211_is_data(hdr->frame_control) &&
 497            !ieee80211_is_robust_mgmt_frame(hdr))
 498                return RX_CONTINUE;
 499
 500        data_len = skb->len - hdrlen - CCMP_HDR_LEN - CCMP_MIC_LEN;
 501        if (!rx->sta || data_len < 0)
 502                return RX_DROP_UNUSABLE;
 503
 504        if (status->flag & RX_FLAG_DECRYPTED) {
 505                if (!pskb_may_pull(rx->skb, hdrlen + CCMP_HDR_LEN))
 506                        return RX_DROP_UNUSABLE;
 507        } else {
 508                if (skb_linearize(rx->skb))
 509                        return RX_DROP_UNUSABLE;
 510        }
 511
 512        ccmp_hdr2pn(pn, skb->data + hdrlen);
 513
 514        queue = rx->security_idx;
 515
 516        if (memcmp(pn, key->u.ccmp.rx_pn[queue], CCMP_PN_LEN) <= 0) {
 517                key->u.ccmp.replays++;
 518                return RX_DROP_UNUSABLE;
 519        }
 520
 521        if (!(status->flag & RX_FLAG_DECRYPTED)) {
 522                u8 scratch[6 * AES_BLOCK_SIZE];
 523                /* hardware didn't decrypt/verify MIC */
 524                ccmp_special_blocks(skb, pn, scratch, 1);
 525
 526                if (ieee80211_aes_ccm_decrypt(
 527                            key->u.ccmp.tfm, scratch,
 528                            skb->data + hdrlen + CCMP_HDR_LEN, data_len,
 529                            skb->data + skb->len - CCMP_MIC_LEN,
 530                            skb->data + hdrlen + CCMP_HDR_LEN))
 531                        return RX_DROP_UNUSABLE;
 532        }
 533
 534        memcpy(key->u.ccmp.rx_pn[queue], pn, CCMP_PN_LEN);
 535
 536        /* Remove CCMP header and MIC */
 537        if (pskb_trim(skb, skb->len - CCMP_MIC_LEN))
 538                return RX_DROP_UNUSABLE;
 539        memmove(skb->data + CCMP_HDR_LEN, skb->data, hdrlen);
 540        skb_pull(skb, CCMP_HDR_LEN);
 541
 542        return RX_CONTINUE;
 543}
 544
 545
 546static void bip_aad(struct sk_buff *skb, u8 *aad)
 547{
 548        /* BIP AAD: FC(masked) || A1 || A2 || A3 */
 549
 550        /* FC type/subtype */
 551        aad[0] = skb->data[0];
 552        /* Mask FC Retry, PwrMgt, MoreData flags to zero */
 553        aad[1] = skb->data[1] & ~(BIT(4) | BIT(5) | BIT(6));
 554        /* A1 || A2 || A3 */
 555        memcpy(aad + 2, skb->data + 4, 3 * ETH_ALEN);
 556}
 557
 558
 559static inline void bip_ipn_set64(u8 *d, u64 pn)
 560{
 561        *d++ = pn;
 562        *d++ = pn >> 8;
 563        *d++ = pn >> 16;
 564        *d++ = pn >> 24;
 565        *d++ = pn >> 32;
 566        *d = pn >> 40;
 567}
 568
 569static inline void bip_ipn_swap(u8 *d, const u8 *s)
 570{
 571        *d++ = s[5];
 572        *d++ = s[4];
 573        *d++ = s[3];
 574        *d++ = s[2];
 575        *d++ = s[1];
 576        *d = s[0];
 577}
 578
 579
 580ieee80211_tx_result
 581ieee80211_crypto_aes_cmac_encrypt(struct ieee80211_tx_data *tx)
 582{
 583        struct sk_buff *skb;
 584        struct ieee80211_tx_info *info;
 585        struct ieee80211_key *key = tx->key;
 586        struct ieee80211_mmie *mmie;
 587        u8 aad[20];
 588        u64 pn64;
 589
 590        if (WARN_ON(skb_queue_len(&tx->skbs) != 1))
 591                return TX_DROP;
 592
 593        skb = skb_peek(&tx->skbs);
 594
 595        info = IEEE80211_SKB_CB(skb);
 596
 597        if (info->control.hw_key)
 598                return TX_CONTINUE;
 599
 600        if (WARN_ON(skb_tailroom(skb) < sizeof(*mmie)))
 601                return TX_DROP;
 602
 603        mmie = (struct ieee80211_mmie *) skb_put(skb, sizeof(*mmie));
 604        mmie->element_id = WLAN_EID_MMIE;
 605        mmie->length = sizeof(*mmie) - 2;
 606        mmie->key_id = cpu_to_le16(key->conf.keyidx);
 607
 608        /* PN = PN + 1 */
 609        pn64 = atomic64_inc_return(&key->u.aes_cmac.tx_pn);
 610
 611        bip_ipn_set64(mmie->sequence_number, pn64);
 612
 613        bip_aad(skb, aad);
 614
 615        /*
 616         * MIC = AES-128-CMAC(IGTK, AAD || Management Frame Body || MMIE, 64)
 617         */
 618        ieee80211_aes_cmac(key->u.aes_cmac.tfm, aad,
 619                           skb->data + 24, skb->len - 24, mmie->mic);
 620
 621        return TX_CONTINUE;
 622}
 623
 624
 625ieee80211_rx_result
 626ieee80211_crypto_aes_cmac_decrypt(struct ieee80211_rx_data *rx)
 627{
 628        struct sk_buff *skb = rx->skb;
 629        struct ieee80211_rx_status *status = IEEE80211_SKB_RXCB(skb);
 630        struct ieee80211_key *key = rx->key;
 631        struct ieee80211_mmie *mmie;
 632        u8 aad[20], mic[8], ipn[6];
 633        struct ieee80211_hdr *hdr = (struct ieee80211_hdr *) skb->data;
 634
 635        if (!ieee80211_is_mgmt(hdr->frame_control))
 636                return RX_CONTINUE;
 637
 638        /* management frames are already linear */
 639
 640        if (skb->len < 24 + sizeof(*mmie))
 641                return RX_DROP_UNUSABLE;
 642
 643        mmie = (struct ieee80211_mmie *)
 644                (skb->data + skb->len - sizeof(*mmie));
 645        if (mmie->element_id != WLAN_EID_MMIE ||
 646            mmie->length != sizeof(*mmie) - 2)
 647                return RX_DROP_UNUSABLE; /* Invalid MMIE */
 648
 649        bip_ipn_swap(ipn, mmie->sequence_number);
 650
 651        if (memcmp(ipn, key->u.aes_cmac.rx_pn, 6) <= 0) {
 652                key->u.aes_cmac.replays++;
 653                return RX_DROP_UNUSABLE;
 654        }
 655
 656        if (!(status->flag & RX_FLAG_DECRYPTED)) {
 657                /* hardware didn't decrypt/verify MIC */
 658                bip_aad(skb, aad);
 659                ieee80211_aes_cmac(key->u.aes_cmac.tfm, aad,
 660                                   skb->data + 24, skb->len - 24, mic);
 661                if (memcmp(mic, mmie->mic, sizeof(mmie->mic)) != 0) {
 662                        key->u.aes_cmac.icverrors++;
 663                        return RX_DROP_UNUSABLE;
 664                }
 665        }
 666
 667        memcpy(key->u.aes_cmac.rx_pn, ipn, 6);
 668
 669        /* Remove MMIE */
 670        skb_trim(skb, skb->len - sizeof(*mmie));
 671
 672        return RX_CONTINUE;
 673}
 674
 675ieee80211_tx_result
 676ieee80211_crypto_hw_encrypt(struct ieee80211_tx_data *tx)
 677{
 678        struct sk_buff *skb;
 679        struct ieee80211_tx_info *info = NULL;
 680
 681        skb_queue_walk(&tx->skbs, skb) {
 682                info  = IEEE80211_SKB_CB(skb);
 683
 684                /* handle hw-only algorithm */
 685                if (!info->control.hw_key)
 686                        return TX_DROP;
 687        }
 688
 689        ieee80211_tx_set_protected(tx);
 690
 691        return TX_CONTINUE;
 692}
 693
lxr.linux.no kindly hosted by Redpill Linpro AS, provider of Linux consulting and operations services since 1995.