2007-05-06 02:45:53 +08:00
|
|
|
/*
|
|
|
|
* Copyright 2002-2004, Instant802 Networks, Inc.
|
2009-01-08 19:32:01 +08:00
|
|
|
* Copyright 2008, Jouni Malinen <j@w1.fi>
|
2016-02-14 19:56:35 +08:00
|
|
|
* Copyright (C) 2016 Intel Deutschland GmbH
|
2007-05-06 02:45:53 +08:00
|
|
|
*
|
|
|
|
* This program is free software; you can redistribute it and/or modify
|
|
|
|
* it under the terms of the GNU General Public License version 2 as
|
|
|
|
* published by the Free Software Foundation.
|
|
|
|
*/
|
|
|
|
|
|
|
|
#include <linux/netdevice.h>
|
|
|
|
#include <linux/types.h>
|
|
|
|
#include <linux/skbuff.h>
|
|
|
|
#include <linux/compiler.h>
|
2008-07-03 02:05:35 +08:00
|
|
|
#include <linux/ieee80211.h>
|
include cleanup: Update gfp.h and slab.h includes to prepare for breaking implicit slab.h inclusion from percpu.h
percpu.h is included by sched.h and module.h and thus ends up being
included when building most .c files. percpu.h includes slab.h which
in turn includes gfp.h making everything defined by the two files
universally available and complicating inclusion dependencies.
percpu.h -> slab.h dependency is about to be removed. Prepare for
this change by updating users of gfp and slab facilities include those
headers directly instead of assuming availability. As this conversion
needs to touch large number of source files, the following script is
used as the basis of conversion.
http://userweb.kernel.org/~tj/misc/slabh-sweep.py
The script does the followings.
* Scan files for gfp and slab usages and update includes such that
only the necessary includes are there. ie. if only gfp is used,
gfp.h, if slab is used, slab.h.
* When the script inserts a new include, it looks at the include
blocks and try to put the new include such that its order conforms
to its surrounding. It's put in the include block which contains
core kernel includes, in the same order that the rest are ordered -
alphabetical, Christmas tree, rev-Xmas-tree or at the end if there
doesn't seem to be any matching order.
* If the script can't find a place to put a new include (mostly
because the file doesn't have fitting include block), it prints out
an error message indicating which .h file needs to be added to the
file.
The conversion was done in the following steps.
1. The initial automatic conversion of all .c files updated slightly
over 4000 files, deleting around 700 includes and adding ~480 gfp.h
and ~3000 slab.h inclusions. The script emitted errors for ~400
files.
2. Each error was manually checked. Some didn't need the inclusion,
some needed manual addition while adding it to implementation .h or
embedding .c file was more appropriate for others. This step added
inclusions to around 150 files.
3. The script was run again and the output was compared to the edits
from #2 to make sure no file was left behind.
4. Several build tests were done and a couple of problems were fixed.
e.g. lib/decompress_*.c used malloc/free() wrappers around slab
APIs requiring slab.h to be added manually.
5. The script was run on all .h files but without automatically
editing them as sprinkling gfp.h and slab.h inclusions around .h
files could easily lead to inclusion dependency hell. Most gfp.h
inclusion directives were ignored as stuff from gfp.h was usually
wildly available and often used in preprocessor macros. Each
slab.h inclusion directive was examined and added manually as
necessary.
6. percpu.h was updated not to include slab.h.
7. Build test were done on the following configurations and failures
were fixed. CONFIG_GCOV_KERNEL was turned off for all tests (as my
distributed build env didn't work with gcov compiles) and a few
more options had to be turned off depending on archs to make things
build (like ipr on powerpc/64 which failed due to missing writeq).
* x86 and x86_64 UP and SMP allmodconfig and a custom test config.
* powerpc and powerpc64 SMP allmodconfig
* sparc and sparc64 SMP allmodconfig
* ia64 SMP allmodconfig
* s390 SMP allmodconfig
* alpha SMP allmodconfig
* um on x86_64 SMP allmodconfig
8. percpu.h modifications were reverted so that it could be applied as
a separate patch and serve as bisection point.
Given the fact that I had only a couple of failures from tests on step
6, I'm fairly confident about the coverage of this conversion patch.
If there is a breakage, it's likely to be something in one of the arch
headers which should be easily discoverable easily on most builds of
the specific arch.
Signed-off-by: Tejun Heo <tj@kernel.org>
Guess-its-ok-by: Christoph Lameter <cl@linux-foundation.org>
Cc: Ingo Molnar <mingo@redhat.com>
Cc: Lee Schermerhorn <Lee.Schermerhorn@hp.com>
2010-03-24 16:04:11 +08:00
|
|
|
#include <linux/gfp.h>
|
2008-07-03 02:05:35 +08:00
|
|
|
#include <asm/unaligned.h>
|
2007-05-06 02:45:53 +08:00
|
|
|
#include <net/mac80211.h>
|
2011-07-07 03:59:39 +08:00
|
|
|
#include <crypto/aes.h>
|
2017-06-10 10:59:12 +08:00
|
|
|
#include <crypto/algapi.h>
|
2007-08-29 05:01:53 +08:00
|
|
|
|
2007-05-06 02:45:53 +08:00
|
|
|
#include "ieee80211_i.h"
|
|
|
|
#include "michael.h"
|
|
|
|
#include "tkip.h"
|
|
|
|
#include "aes_ccm.h"
|
2009-01-08 19:32:01 +08:00
|
|
|
#include "aes_cmac.h"
|
2015-01-25 01:52:09 +08:00
|
|
|
#include "aes_gmac.h"
|
2015-01-25 01:52:06 +08:00
|
|
|
#include "aes_gcm.h"
|
2007-05-06 02:45:53 +08:00
|
|
|
#include "wpa.h"
|
|
|
|
|
2008-02-01 02:48:20 +08:00
|
|
|
ieee80211_tx_result
|
2008-02-25 23:27:43 +08:00
|
|
|
ieee80211_tx_h_michael_mic_add(struct ieee80211_tx_data *tx)
|
2007-05-06 02:45:53 +08:00
|
|
|
{
|
2011-02-04 00:34:28 +08:00
|
|
|
u8 *data, *key, *mic;
|
2007-05-06 02:45:53 +08:00
|
|
|
size_t data_len;
|
2008-07-03 02:05:35 +08:00
|
|
|
unsigned int hdrlen;
|
|
|
|
struct ieee80211_hdr *hdr;
|
2007-05-06 02:45:53 +08:00
|
|
|
struct sk_buff *skb = tx->skb;
|
2010-01-17 08:47:58 +08:00
|
|
|
struct ieee80211_tx_info *info = IEEE80211_SKB_CB(skb);
|
2008-05-29 16:38:53 +08:00
|
|
|
int tail;
|
2007-05-06 02:45:53 +08:00
|
|
|
|
2008-07-03 07:30:52 +08:00
|
|
|
hdr = (struct ieee80211_hdr *)skb->data;
|
2010-08-10 15:46:38 +08:00
|
|
|
if (!tx->key || tx->key->conf.cipher != WLAN_CIPHER_SUITE_TKIP ||
|
|
|
|
skb->len < 24 || !ieee80211_is_data_present(hdr->frame_control))
|
2008-02-01 02:48:20 +08:00
|
|
|
return TX_CONTINUE;
|
2007-05-06 02:45:53 +08:00
|
|
|
|
2008-07-03 02:05:35 +08:00
|
|
|
hdrlen = ieee80211_hdrlen(hdr->frame_control);
|
|
|
|
if (skb->len < hdrlen)
|
2008-02-01 02:48:20 +08:00
|
|
|
return TX_DROP;
|
2007-05-06 02:45:53 +08:00
|
|
|
|
2008-07-03 02:05:35 +08:00
|
|
|
data = skb->data + hdrlen;
|
|
|
|
data_len = skb->len - hdrlen;
|
|
|
|
|
2011-02-04 00:35:19 +08:00
|
|
|
if (unlikely(info->flags & IEEE80211_TX_INTFL_TKIP_MIC_FAILURE)) {
|
|
|
|
/* Need to use software crypto for the test */
|
|
|
|
info->control.hw_key = NULL;
|
|
|
|
}
|
|
|
|
|
2010-01-17 08:47:58 +08:00
|
|
|
if (info->control.hw_key &&
|
2011-10-07 20:01:25 +08:00
|
|
|
(info->flags & IEEE80211_TX_CTL_DONTFRAG ||
|
2016-10-19 04:12:11 +08:00
|
|
|
ieee80211_hw_check(&tx->local->hw, SUPPORTS_TX_FRAG)) &&
|
2010-01-17 08:47:58 +08:00
|
|
|
!(tx->key->conf.flags & IEEE80211_KEY_FLAG_GENERATE_MMIC)) {
|
|
|
|
/* hwaccel - with no need for SW-generated MMIC */
|
2008-02-01 02:48:20 +08:00
|
|
|
return TX_CONTINUE;
|
2007-05-06 02:45:53 +08:00
|
|
|
}
|
|
|
|
|
2008-05-29 16:38:53 +08:00
|
|
|
tail = MICHAEL_MIC_LEN;
|
2010-01-17 08:47:58 +08:00
|
|
|
if (!info->control.hw_key)
|
2013-05-08 19:09:08 +08:00
|
|
|
tail += IEEE80211_TKIP_ICV_LEN;
|
2008-05-29 16:38:53 +08:00
|
|
|
|
2014-09-08 17:22:42 +08:00
|
|
|
if (WARN(skb_tailroom(skb) < tail ||
|
|
|
|
skb_headroom(skb) < IEEE80211_TKIP_IV_LEN,
|
|
|
|
"mmic: not enough head/tail (%d/%d,%d/%d)\n",
|
|
|
|
skb_headroom(skb), IEEE80211_TKIP_IV_LEN,
|
|
|
|
skb_tailroom(skb), tail))
|
2008-05-29 16:38:53 +08:00
|
|
|
return TX_DROP;
|
2007-05-06 02:45:53 +08:00
|
|
|
|
2011-02-04 00:34:28 +08:00
|
|
|
key = &tx->key->conf.key[NL80211_TKIP_DATA_OFFSET_TX_MIC_KEY];
|
2007-05-06 02:45:53 +08:00
|
|
|
mic = skb_put(skb, MICHAEL_MIC_LEN);
|
2008-07-03 02:05:35 +08:00
|
|
|
michael_mic(key, hdr, data, data_len, mic);
|
2011-02-04 00:35:19 +08:00
|
|
|
if (unlikely(info->flags & IEEE80211_TX_INTFL_TKIP_MIC_FAILURE))
|
|
|
|
mic[0]++;
|
2007-05-06 02:45:53 +08:00
|
|
|
|
2008-02-01 02:48:20 +08:00
|
|
|
return TX_CONTINUE;
|
2007-05-06 02:45:53 +08:00
|
|
|
}
|
|
|
|
|
|
|
|
|
2008-02-01 02:48:20 +08:00
|
|
|
ieee80211_rx_result
|
2008-02-25 23:27:43 +08:00
|
|
|
ieee80211_rx_h_michael_mic_verify(struct ieee80211_rx_data *rx)
|
2007-05-06 02:45:53 +08:00
|
|
|
{
|
2011-02-04 00:34:28 +08:00
|
|
|
u8 *data, *key = NULL;
|
2007-05-06 02:45:53 +08:00
|
|
|
size_t data_len;
|
2008-07-03 02:05:35 +08:00
|
|
|
unsigned int hdrlen;
|
2007-05-06 02:45:53 +08:00
|
|
|
u8 mic[MICHAEL_MIC_LEN];
|
|
|
|
struct sk_buff *skb = rx->skb;
|
2009-11-16 20:58:20 +08:00
|
|
|
struct ieee80211_rx_status *status = IEEE80211_SKB_RXCB(skb);
|
|
|
|
struct ieee80211_hdr *hdr = (struct ieee80211_hdr *)skb->data;
|
2007-05-06 02:45:53 +08:00
|
|
|
|
2011-04-30 21:24:30 +08:00
|
|
|
/*
|
|
|
|
* it makes no sense to check for MIC errors on anything other
|
|
|
|
* than data frames.
|
|
|
|
*/
|
|
|
|
if (!ieee80211_is_data_present(hdr->frame_control))
|
2008-02-01 02:48:20 +08:00
|
|
|
return RX_CONTINUE;
|
2007-05-06 02:45:53 +08:00
|
|
|
|
2011-04-30 21:24:30 +08:00
|
|
|
/*
|
|
|
|
* No way to verify the MIC if the hardware stripped it or
|
|
|
|
* the IV with the key index. In this case we have solely rely
|
|
|
|
* on the driver to set RX_FLAG_MMIC_ERROR in the event of a
|
|
|
|
* MIC failure report.
|
|
|
|
*/
|
|
|
|
if (status->flag & (RX_FLAG_MMIC_STRIPPED | RX_FLAG_IV_STRIPPED)) {
|
|
|
|
if (status->flag & RX_FLAG_MMIC_ERROR)
|
2012-12-04 22:17:42 +08:00
|
|
|
goto mic_fail_no_key;
|
2011-04-30 21:24:30 +08:00
|
|
|
|
2012-10-03 03:34:23 +08:00
|
|
|
if (!(status->flag & RX_FLAG_IV_STRIPPED) && rx->key &&
|
|
|
|
rx->key->conf.cipher == WLAN_CIPHER_SUITE_TKIP)
|
2011-04-30 21:24:30 +08:00
|
|
|
goto update_iv;
|
|
|
|
|
|
|
|
return RX_CONTINUE;
|
|
|
|
}
|
|
|
|
|
|
|
|
/*
|
|
|
|
* Some hardware seems to generate Michael MIC failure reports; even
|
|
|
|
* though, the frame was not encrypted with TKIP and therefore has no
|
|
|
|
* MIC. Ignore the flag them to avoid triggering countermeasures.
|
|
|
|
*/
|
2010-08-10 15:46:38 +08:00
|
|
|
if (!rx->key || rx->key->conf.cipher != WLAN_CIPHER_SUITE_TKIP ||
|
2011-04-30 21:24:30 +08:00
|
|
|
!(status->flag & RX_FLAG_DECRYPTED))
|
2008-02-01 02:48:20 +08:00
|
|
|
return RX_CONTINUE;
|
2007-05-06 02:45:53 +08:00
|
|
|
|
2011-04-30 21:24:30 +08:00
|
|
|
if (rx->sdata->vif.type == NL80211_IFTYPE_AP && rx->key->conf.keyidx) {
|
|
|
|
/*
|
|
|
|
* APs with pairwise keys should never receive Michael MIC
|
|
|
|
* errors for non-zero keyidx because these are reserved for
|
|
|
|
* group keys and only the AP is sending real multicast
|
2014-01-07 19:09:38 +08:00
|
|
|
* frames in the BSS.
|
2011-04-30 21:24:30 +08:00
|
|
|
*/
|
|
|
|
return RX_DROP_UNUSABLE;
|
|
|
|
}
|
|
|
|
|
|
|
|
if (status->flag & RX_FLAG_MMIC_ERROR)
|
|
|
|
goto mic_fail;
|
|
|
|
|
2008-07-03 02:05:35 +08:00
|
|
|
hdrlen = ieee80211_hdrlen(hdr->frame_control);
|
|
|
|
if (skb->len < hdrlen + MICHAEL_MIC_LEN)
|
2008-02-01 02:48:21 +08:00
|
|
|
return RX_DROP_UNUSABLE;
|
2007-05-06 02:45:53 +08:00
|
|
|
|
2012-03-12 20:49:14 +08:00
|
|
|
if (skb_linearize(rx->skb))
|
|
|
|
return RX_DROP_UNUSABLE;
|
|
|
|
hdr = (void *)skb->data;
|
|
|
|
|
2008-07-03 02:05:35 +08:00
|
|
|
data = skb->data + hdrlen;
|
|
|
|
data_len = skb->len - hdrlen - MICHAEL_MIC_LEN;
|
2011-02-04 00:34:28 +08:00
|
|
|
key = &rx->key->conf.key[NL80211_TKIP_DATA_OFFSET_RX_MIC_KEY];
|
2008-07-03 02:05:35 +08:00
|
|
|
michael_mic(key, hdr, data, data_len, mic);
|
2017-06-10 10:59:12 +08:00
|
|
|
if (crypto_memneq(mic, data + data_len, MICHAEL_MIC_LEN))
|
2011-04-30 21:24:30 +08:00
|
|
|
goto mic_fail;
|
2007-05-06 02:45:53 +08:00
|
|
|
|
|
|
|
/* remove Michael MIC from payload */
|
|
|
|
skb_trim(skb, skb->len - MICHAEL_MIC_LEN);
|
|
|
|
|
2011-04-30 21:24:30 +08:00
|
|
|
update_iv:
|
2007-09-26 21:19:45 +08:00
|
|
|
/* update IV in key information to be able to detect replays */
|
2011-07-08 00:45:03 +08:00
|
|
|
rx->key->u.tkip.rx[rx->security_idx].iv32 = rx->tkip_iv32;
|
|
|
|
rx->key->u.tkip.rx[rx->security_idx].iv16 = rx->tkip_iv16;
|
2007-09-26 21:19:45 +08:00
|
|
|
|
2008-02-01 02:48:20 +08:00
|
|
|
return RX_CONTINUE;
|
2011-04-30 21:24:30 +08:00
|
|
|
|
|
|
|
mic_fail:
|
2012-12-04 22:17:42 +08:00
|
|
|
rx->key->u.tkip.mic_failures++;
|
|
|
|
|
|
|
|
mic_fail_no_key:
|
2011-06-23 05:00:24 +08:00
|
|
|
/*
|
|
|
|
* In some cases the key can be unset - e.g. a multicast packet, in
|
|
|
|
* a driver that supports HW encryption. Send up the key idx only if
|
|
|
|
* the key is set.
|
|
|
|
*/
|
2015-10-15 00:40:10 +08:00
|
|
|
cfg80211_michael_mic_failure(rx->sdata->dev, hdr->addr2,
|
|
|
|
is_multicast_ether_addr(hdr->addr1) ?
|
|
|
|
NL80211_KEYTYPE_GROUP :
|
|
|
|
NL80211_KEYTYPE_PAIRWISE,
|
|
|
|
rx->key ? rx->key->conf.keyidx : -1,
|
|
|
|
NULL, GFP_ATOMIC);
|
2011-04-30 21:24:30 +08:00
|
|
|
return RX_DROP_UNUSABLE;
|
2007-05-06 02:45:53 +08:00
|
|
|
}
|
|
|
|
|
2008-05-15 18:55:29 +08:00
|
|
|
static int tkip_encrypt_skb(struct ieee80211_tx_data *tx, struct sk_buff *skb)
|
2007-05-06 02:45:53 +08:00
|
|
|
{
|
|
|
|
struct ieee80211_hdr *hdr = (struct ieee80211_hdr *) skb->data;
|
|
|
|
struct ieee80211_key *key = tx->key;
|
2008-05-15 18:55:29 +08:00
|
|
|
struct ieee80211_tx_info *info = IEEE80211_SKB_CB(skb);
|
2008-06-12 05:21:58 +08:00
|
|
|
unsigned int hdrlen;
|
|
|
|
int len, tail;
|
2016-02-14 19:56:35 +08:00
|
|
|
u64 pn;
|
2007-05-06 02:45:53 +08:00
|
|
|
u8 *pos;
|
|
|
|
|
2010-01-17 08:47:58 +08:00
|
|
|
if (info->control.hw_key &&
|
2012-05-09 13:11:20 +08:00
|
|
|
!(info->control.hw_key->flags & IEEE80211_KEY_FLAG_GENERATE_IV) &&
|
|
|
|
!(info->control.hw_key->flags & IEEE80211_KEY_FLAG_PUT_IV_SPACE)) {
|
2010-01-17 08:47:58 +08:00
|
|
|
/* hwaccel - with no need for software-generated IV */
|
2008-05-29 16:38:53 +08:00
|
|
|
return 0;
|
2008-05-15 18:55:29 +08:00
|
|
|
}
|
|
|
|
|
2008-06-12 05:21:58 +08:00
|
|
|
hdrlen = ieee80211_hdrlen(hdr->frame_control);
|
2007-05-06 02:45:53 +08:00
|
|
|
len = skb->len - hdrlen;
|
|
|
|
|
2010-01-17 08:47:58 +08:00
|
|
|
if (info->control.hw_key)
|
2008-05-29 16:38:53 +08:00
|
|
|
tail = 0;
|
2007-08-29 05:01:55 +08:00
|
|
|
else
|
2013-05-08 19:09:08 +08:00
|
|
|
tail = IEEE80211_TKIP_ICV_LEN;
|
2008-05-29 16:38:53 +08:00
|
|
|
|
|
|
|
if (WARN_ON(skb_tailroom(skb) < tail ||
|
2013-05-08 19:09:08 +08:00
|
|
|
skb_headroom(skb) < IEEE80211_TKIP_IV_LEN))
|
2008-05-29 16:38:53 +08:00
|
|
|
return -1;
|
2007-05-06 02:45:53 +08:00
|
|
|
|
2013-05-08 19:09:08 +08:00
|
|
|
pos = skb_push(skb, IEEE80211_TKIP_IV_LEN);
|
|
|
|
memmove(pos, pos + IEEE80211_TKIP_IV_LEN, hdrlen);
|
2007-05-06 02:45:53 +08:00
|
|
|
pos += hdrlen;
|
|
|
|
|
2012-05-09 13:11:20 +08:00
|
|
|
/* the HW only needs room for the IV, but not the actual IV */
|
|
|
|
if (info->control.hw_key &&
|
|
|
|
(info->control.hw_key->flags & IEEE80211_KEY_FLAG_PUT_IV_SPACE))
|
|
|
|
return 0;
|
|
|
|
|
2007-05-06 02:45:53 +08:00
|
|
|
/* Increase IV for the frame */
|
2016-02-14 19:56:35 +08:00
|
|
|
pn = atomic64_inc_return(&key->conf.tx_pn);
|
|
|
|
pos = ieee80211_tkip_add_iv(pos, &key->conf, pn);
|
2007-05-06 02:45:53 +08:00
|
|
|
|
2010-01-17 08:47:58 +08:00
|
|
|
/* hwaccel - with software IV */
|
|
|
|
if (info->control.hw_key)
|
2007-05-06 02:45:53 +08:00
|
|
|
return 0;
|
|
|
|
|
|
|
|
/* Add room for ICV */
|
2013-05-08 19:09:08 +08:00
|
|
|
skb_put(skb, IEEE80211_TKIP_ICV_LEN);
|
2007-05-06 02:45:53 +08:00
|
|
|
|
2010-07-08 03:07:49 +08:00
|
|
|
return ieee80211_tkip_encrypt_data(tx->local->wep_tx_tfm,
|
mac80211: fix TKIP races, make API easier to use
Our current TKIP code races against itself on TX
since we can process multiple packets at the same
time on different ACs, but they all share the TX
context for TKIP. This can lead to bad IVs etc.
Also, the crypto offload helper code just obtains
the P1K/P2K from the cache, and can update it as
well, but there's no guarantee that packets are
really processed in order.
To fix these issues, first introduce a spinlock
that will protect the IV16/IV32 values in the TX
context. This first step makes sure that we don't
assign the same IV multiple times or get confused
in other ways.
Secondly, change the way the P1K cache works. I
add a field "p1k_iv32" that stores the value of
the IV32 when the P1K was last recomputed, and
if different from the last time, then a new P1K
is recomputed. This can cause the P1K computation
to flip back and forth if packets are processed
out of order. All this also happens under the new
spinlock.
Finally, because there are argument differences,
split up the ieee80211_get_tkip_key() API into
ieee80211_get_tkip_p1k() and ieee80211_get_tkip_p2k()
and give them the correct arguments.
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
2011-07-08 04:28:01 +08:00
|
|
|
key, skb, pos, len);
|
2007-05-06 02:45:53 +08:00
|
|
|
}
|
|
|
|
|
|
|
|
|
2008-02-01 02:48:20 +08:00
|
|
|
ieee80211_tx_result
|
2008-02-25 23:27:43 +08:00
|
|
|
ieee80211_crypto_tkip_encrypt(struct ieee80211_tx_data *tx)
|
2007-05-06 02:45:53 +08:00
|
|
|
{
|
2011-11-16 22:28:55 +08:00
|
|
|
struct sk_buff *skb;
|
2007-05-06 02:45:53 +08:00
|
|
|
|
2008-02-25 23:27:43 +08:00
|
|
|
ieee80211_tx_set_protected(tx);
|
2007-05-06 02:45:53 +08:00
|
|
|
|
2011-11-16 22:28:55 +08:00
|
|
|
skb_queue_walk(&tx->skbs, skb) {
|
2009-03-24 00:28:35 +08:00
|
|
|
if (tkip_encrypt_skb(tx, skb) < 0)
|
|
|
|
return TX_DROP;
|
2011-11-16 22:28:55 +08:00
|
|
|
}
|
2007-05-06 02:45:53 +08:00
|
|
|
|
2008-02-01 02:48:20 +08:00
|
|
|
return TX_CONTINUE;
|
2007-05-06 02:45:53 +08:00
|
|
|
}
|
|
|
|
|
|
|
|
|
2008-02-01 02:48:20 +08:00
|
|
|
ieee80211_rx_result
|
2008-02-25 23:27:43 +08:00
|
|
|
ieee80211_crypto_tkip_decrypt(struct ieee80211_rx_data *rx)
|
2007-05-06 02:45:53 +08:00
|
|
|
{
|
|
|
|
struct ieee80211_hdr *hdr = (struct ieee80211_hdr *) rx->skb->data;
|
2011-02-04 00:34:28 +08:00
|
|
|
int hdrlen, res, hwaccel = 0;
|
2007-05-06 02:45:53 +08:00
|
|
|
struct ieee80211_key *key = rx->key;
|
|
|
|
struct sk_buff *skb = rx->skb;
|
2009-11-16 20:58:20 +08:00
|
|
|
struct ieee80211_rx_status *status = IEEE80211_SKB_RXCB(skb);
|
2007-05-06 02:45:53 +08:00
|
|
|
|
2008-06-12 05:21:58 +08:00
|
|
|
hdrlen = ieee80211_hdrlen(hdr->frame_control);
|
2007-05-06 02:45:53 +08:00
|
|
|
|
2008-07-03 07:30:52 +08:00
|
|
|
if (!ieee80211_is_data(hdr->frame_control))
|
2008-02-01 02:48:20 +08:00
|
|
|
return RX_CONTINUE;
|
2007-05-06 02:45:53 +08:00
|
|
|
|
|
|
|
if (!rx->sta || skb->len - hdrlen < 12)
|
2008-02-01 02:48:21 +08:00
|
|
|
return RX_DROP_UNUSABLE;
|
2007-05-06 02:45:53 +08:00
|
|
|
|
2012-03-12 20:49:14 +08:00
|
|
|
/* it may be possible to optimize this a bit more */
|
|
|
|
if (skb_linearize(rx->skb))
|
|
|
|
return RX_DROP_UNUSABLE;
|
|
|
|
hdr = (void *)skb->data;
|
|
|
|
|
2010-08-10 15:46:40 +08:00
|
|
|
/*
|
|
|
|
* Let TKIP code verify IV, but skip decryption.
|
|
|
|
* In the case where hardware checks the IV as well,
|
|
|
|
* we don't even get here, see ieee80211_rx_h_decrypt()
|
|
|
|
*/
|
|
|
|
if (status->flag & RX_FLAG_DECRYPTED)
|
2007-05-06 02:45:53 +08:00
|
|
|
hwaccel = 1;
|
|
|
|
|
|
|
|
res = ieee80211_tkip_decrypt_data(rx->local->wep_rx_tfm,
|
|
|
|
key, skb->data + hdrlen,
|
2008-09-11 06:02:02 +08:00
|
|
|
skb->len - hdrlen, rx->sta->sta.addr,
|
2011-07-08 00:45:03 +08:00
|
|
|
hdr->addr1, hwaccel, rx->security_idx,
|
2008-02-25 23:27:43 +08:00
|
|
|
&rx->tkip_iv32,
|
|
|
|
&rx->tkip_iv16);
|
2011-02-04 00:34:28 +08:00
|
|
|
if (res != TKIP_DECRYPT_OK)
|
2008-02-01 02:48:21 +08:00
|
|
|
return RX_DROP_UNUSABLE;
|
2007-05-06 02:45:53 +08:00
|
|
|
|
|
|
|
/* Trim ICV */
|
2016-11-21 22:58:40 +08:00
|
|
|
if (!(status->flag & RX_FLAG_ICV_STRIPPED))
|
|
|
|
skb_trim(skb, skb->len - IEEE80211_TKIP_ICV_LEN);
|
2007-05-06 02:45:53 +08:00
|
|
|
|
|
|
|
/* Remove IV */
|
2013-05-08 19:09:08 +08:00
|
|
|
memmove(skb->data + IEEE80211_TKIP_IV_LEN, skb->data, hdrlen);
|
|
|
|
skb_pull(skb, IEEE80211_TKIP_IV_LEN);
|
2007-05-06 02:45:53 +08:00
|
|
|
|
2008-02-01 02:48:20 +08:00
|
|
|
return RX_CONTINUE;
|
2007-05-06 02:45:53 +08:00
|
|
|
}
|
|
|
|
|
|
|
|
|
2014-01-16 19:16:30 +08:00
|
|
|
static void ccmp_special_blocks(struct sk_buff *skb, u8 *pn, u8 *b_0, u8 *aad)
|
2007-05-06 02:45:53 +08:00
|
|
|
{
|
2008-07-03 02:05:35 +08:00
|
|
|
__le16 mask_fc;
|
2009-01-08 19:32:00 +08:00
|
|
|
int a4_included, mgmt;
|
2008-07-03 02:05:35 +08:00
|
|
|
u8 qos_tid;
|
2013-10-10 15:55:20 +08:00
|
|
|
u16 len_a;
|
2008-07-03 02:05:35 +08:00
|
|
|
unsigned int hdrlen;
|
|
|
|
struct ieee80211_hdr *hdr = (struct ieee80211_hdr *)skb->data;
|
2007-05-06 02:45:53 +08:00
|
|
|
|
2008-07-03 02:05:35 +08:00
|
|
|
/*
|
2009-01-08 19:32:00 +08:00
|
|
|
* Mask FC: zero subtype b4 b5 b6 (if not mgmt)
|
2008-07-03 02:05:35 +08:00
|
|
|
* Retry, PwrMgt, MoreData; set Protected
|
|
|
|
*/
|
2009-01-08 19:32:00 +08:00
|
|
|
mgmt = ieee80211_is_mgmt(hdr->frame_control);
|
2008-07-03 02:05:35 +08:00
|
|
|
mask_fc = hdr->frame_control;
|
2009-01-08 19:32:00 +08:00
|
|
|
mask_fc &= ~cpu_to_le16(IEEE80211_FCTL_RETRY |
|
2008-07-03 02:05:35 +08:00
|
|
|
IEEE80211_FCTL_PM | IEEE80211_FCTL_MOREDATA);
|
2009-01-08 19:32:00 +08:00
|
|
|
if (!mgmt)
|
|
|
|
mask_fc &= ~cpu_to_le16(0x0070);
|
2008-07-03 02:05:35 +08:00
|
|
|
mask_fc |= cpu_to_le16(IEEE80211_FCTL_PROTECTED);
|
|
|
|
|
|
|
|
hdrlen = ieee80211_hdrlen(hdr->frame_control);
|
|
|
|
len_a = hdrlen - 2;
|
|
|
|
a4_included = ieee80211_has_a4(hdr->frame_control);
|
2007-05-06 02:45:53 +08:00
|
|
|
|
2008-07-03 02:05:35 +08:00
|
|
|
if (ieee80211_is_data_qos(hdr->frame_control))
|
|
|
|
qos_tid = *ieee80211_get_qos_ctl(hdr) & IEEE80211_QOS_CTL_TID_MASK;
|
|
|
|
else
|
|
|
|
qos_tid = 0;
|
|
|
|
|
2013-10-10 15:55:20 +08:00
|
|
|
/* In CCM, the initial vectors (IV) used for CTR mode encryption and CBC
|
|
|
|
* mode authentication are not allowed to collide, yet both are derived
|
|
|
|
* from this vector b_0. We only set L := 1 here to indicate that the
|
|
|
|
* data size can be represented in (L+1) bytes. The CCM layer will take
|
|
|
|
* care of storing the data length in the top (L+1) bytes and setting
|
|
|
|
* and clearing the other bits as is required to derive the two IVs.
|
|
|
|
*/
|
|
|
|
b_0[0] = 0x1;
|
2008-07-03 02:05:35 +08:00
|
|
|
|
2009-01-08 19:32:00 +08:00
|
|
|
/* Nonce: Nonce Flags | A2 | PN
|
|
|
|
* Nonce Flags: Priority (b0..b3) | Management (b4) | Reserved (b5..b7)
|
|
|
|
*/
|
|
|
|
b_0[1] = qos_tid | (mgmt << 4);
|
2008-07-03 02:05:34 +08:00
|
|
|
memcpy(&b_0[2], hdr->addr2, ETH_ALEN);
|
2013-05-08 19:09:08 +08:00
|
|
|
memcpy(&b_0[8], pn, IEEE80211_CCMP_PN_LEN);
|
2007-05-06 02:45:53 +08:00
|
|
|
|
|
|
|
/* AAD (extra authenticate-only data) / masked 802.11 header
|
|
|
|
* FC | A1 | A2 | A3 | SC | [A4] | [QC] */
|
2008-07-03 02:05:35 +08:00
|
|
|
put_unaligned_be16(len_a, &aad[0]);
|
|
|
|
put_unaligned(mask_fc, (__le16 *)&aad[2]);
|
2008-07-03 02:05:34 +08:00
|
|
|
memcpy(&aad[4], &hdr->addr1, 3 * ETH_ALEN);
|
2007-05-06 02:45:53 +08:00
|
|
|
|
|
|
|
/* Mask Seq#, leave Frag# */
|
|
|
|
aad[22] = *((u8 *) &hdr->seq_ctrl) & 0x0f;
|
|
|
|
aad[23] = 0;
|
2008-07-03 02:05:35 +08:00
|
|
|
|
2007-05-06 02:45:53 +08:00
|
|
|
if (a4_included) {
|
2008-07-03 02:05:34 +08:00
|
|
|
memcpy(&aad[24], hdr->addr4, ETH_ALEN);
|
2008-07-03 02:05:35 +08:00
|
|
|
aad[30] = qos_tid;
|
2007-05-06 02:45:53 +08:00
|
|
|
aad[31] = 0;
|
2008-07-03 02:05:35 +08:00
|
|
|
} else {
|
2008-07-03 02:05:34 +08:00
|
|
|
memset(&aad[24], 0, ETH_ALEN + IEEE80211_QOS_CTL_LEN);
|
2008-07-03 02:05:35 +08:00
|
|
|
aad[24] = qos_tid;
|
2007-05-06 02:45:53 +08:00
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
static inline void ccmp_pn2hdr(u8 *hdr, u8 *pn, int key_id)
|
|
|
|
{
|
|
|
|
hdr[0] = pn[5];
|
|
|
|
hdr[1] = pn[4];
|
|
|
|
hdr[2] = 0;
|
|
|
|
hdr[3] = 0x20 | (key_id << 6);
|
|
|
|
hdr[4] = pn[3];
|
|
|
|
hdr[5] = pn[2];
|
|
|
|
hdr[6] = pn[1];
|
|
|
|
hdr[7] = pn[0];
|
|
|
|
}
|
|
|
|
|
|
|
|
|
2008-10-07 18:04:32 +08:00
|
|
|
static inline void ccmp_hdr2pn(u8 *pn, u8 *hdr)
|
2007-05-06 02:45:53 +08:00
|
|
|
{
|
|
|
|
pn[0] = hdr[7];
|
|
|
|
pn[1] = hdr[6];
|
|
|
|
pn[2] = hdr[5];
|
|
|
|
pn[3] = hdr[4];
|
|
|
|
pn[4] = hdr[1];
|
|
|
|
pn[5] = hdr[0];
|
|
|
|
}
|
|
|
|
|
|
|
|
|
2015-01-25 01:52:07 +08:00
|
|
|
static int ccmp_encrypt_skb(struct ieee80211_tx_data *tx, struct sk_buff *skb,
|
|
|
|
unsigned int mic_len)
|
2007-05-06 02:45:53 +08:00
|
|
|
{
|
|
|
|
struct ieee80211_hdr *hdr = (struct ieee80211_hdr *) skb->data;
|
|
|
|
struct ieee80211_key *key = tx->key;
|
2008-05-15 18:55:29 +08:00
|
|
|
struct ieee80211_tx_info *info = IEEE80211_SKB_CB(skb);
|
2008-05-29 16:38:53 +08:00
|
|
|
int hdrlen, len, tail;
|
2011-07-07 03:59:39 +08:00
|
|
|
u8 *pos;
|
|
|
|
u8 pn[6];
|
|
|
|
u64 pn64;
|
2016-10-17 22:05:33 +08:00
|
|
|
u8 aad[CCM_AAD_LEN];
|
2013-10-10 15:55:20 +08:00
|
|
|
u8 b_0[AES_BLOCK_SIZE];
|
2007-05-06 02:45:53 +08:00
|
|
|
|
2010-01-17 08:47:58 +08:00
|
|
|
if (info->control.hw_key &&
|
2011-10-23 14:21:41 +08:00
|
|
|
!(info->control.hw_key->flags & IEEE80211_KEY_FLAG_GENERATE_IV) &&
|
2014-04-14 17:27:21 +08:00
|
|
|
!(info->control.hw_key->flags & IEEE80211_KEY_FLAG_PUT_IV_SPACE) &&
|
|
|
|
!((info->control.hw_key->flags &
|
|
|
|
IEEE80211_KEY_FLAG_GENERATE_IV_MGMT) &&
|
|
|
|
ieee80211_is_mgmt(hdr->frame_control))) {
|
2010-01-17 08:47:58 +08:00
|
|
|
/*
|
|
|
|
* hwaccel has no need for preallocated room for CCMP
|
|
|
|
* header or MIC fields
|
|
|
|
*/
|
2008-05-29 16:38:53 +08:00
|
|
|
return 0;
|
2008-05-15 18:55:29 +08:00
|
|
|
}
|
|
|
|
|
2008-06-12 05:21:58 +08:00
|
|
|
hdrlen = ieee80211_hdrlen(hdr->frame_control);
|
2007-05-06 02:45:53 +08:00
|
|
|
len = skb->len - hdrlen;
|
|
|
|
|
2010-01-17 08:47:58 +08:00
|
|
|
if (info->control.hw_key)
|
2008-05-29 16:38:53 +08:00
|
|
|
tail = 0;
|
2007-08-29 05:01:55 +08:00
|
|
|
else
|
2015-01-25 01:52:07 +08:00
|
|
|
tail = mic_len;
|
2008-05-29 16:38:53 +08:00
|
|
|
|
|
|
|
if (WARN_ON(skb_tailroom(skb) < tail ||
|
2013-05-08 19:09:08 +08:00
|
|
|
skb_headroom(skb) < IEEE80211_CCMP_HDR_LEN))
|
2008-05-29 16:38:53 +08:00
|
|
|
return -1;
|
2007-05-06 02:45:53 +08:00
|
|
|
|
2013-05-08 19:09:08 +08:00
|
|
|
pos = skb_push(skb, IEEE80211_CCMP_HDR_LEN);
|
|
|
|
memmove(pos, pos + IEEE80211_CCMP_HDR_LEN, hdrlen);
|
2011-10-23 14:21:41 +08:00
|
|
|
|
|
|
|
/* the HW only needs room for the IV, but not the actual IV */
|
2011-11-10 15:35:13 +08:00
|
|
|
if (info->control.hw_key &&
|
|
|
|
(info->control.hw_key->flags & IEEE80211_KEY_FLAG_PUT_IV_SPACE))
|
2011-10-23 14:21:41 +08:00
|
|
|
return 0;
|
|
|
|
|
2007-05-06 02:45:53 +08:00
|
|
|
hdr = (struct ieee80211_hdr *) pos;
|
|
|
|
pos += hdrlen;
|
|
|
|
|
2015-06-01 21:36:51 +08:00
|
|
|
pn64 = atomic64_inc_return(&key->conf.tx_pn);
|
2007-05-06 02:45:53 +08:00
|
|
|
|
2011-07-07 03:59:39 +08:00
|
|
|
pn[5] = pn64;
|
|
|
|
pn[4] = pn64 >> 8;
|
|
|
|
pn[3] = pn64 >> 16;
|
|
|
|
pn[2] = pn64 >> 24;
|
|
|
|
pn[1] = pn64 >> 32;
|
|
|
|
pn[0] = pn64 >> 40;
|
2007-05-06 02:45:53 +08:00
|
|
|
|
2007-08-29 05:01:54 +08:00
|
|
|
ccmp_pn2hdr(pos, pn, key->conf.keyidx);
|
2007-05-06 02:45:53 +08:00
|
|
|
|
2010-01-17 08:47:58 +08:00
|
|
|
/* hwaccel - with software CCMP header */
|
|
|
|
if (info->control.hw_key)
|
2007-05-06 02:45:53 +08:00
|
|
|
return 0;
|
|
|
|
|
2013-05-08 19:09:08 +08:00
|
|
|
pos += IEEE80211_CCMP_HDR_LEN;
|
2014-01-16 19:16:30 +08:00
|
|
|
ccmp_special_blocks(skb, pn, b_0, aad);
|
2016-10-17 22:05:33 +08:00
|
|
|
return ieee80211_aes_ccm_encrypt(key->u.ccmp.tfm, b_0, aad, pos, len,
|
2017-10-11 10:31:49 +08:00
|
|
|
skb_put(skb, mic_len));
|
2007-05-06 02:45:53 +08:00
|
|
|
}
|
|
|
|
|
|
|
|
|
2008-02-01 02:48:20 +08:00
|
|
|
ieee80211_tx_result
|
2015-01-25 01:52:07 +08:00
|
|
|
ieee80211_crypto_ccmp_encrypt(struct ieee80211_tx_data *tx,
|
|
|
|
unsigned int mic_len)
|
2007-05-06 02:45:53 +08:00
|
|
|
{
|
2011-11-16 22:28:55 +08:00
|
|
|
struct sk_buff *skb;
|
2007-05-06 02:45:53 +08:00
|
|
|
|
2008-02-25 23:27:43 +08:00
|
|
|
ieee80211_tx_set_protected(tx);
|
2007-05-06 02:45:53 +08:00
|
|
|
|
2011-11-16 22:28:55 +08:00
|
|
|
skb_queue_walk(&tx->skbs, skb) {
|
2015-01-25 01:52:07 +08:00
|
|
|
if (ccmp_encrypt_skb(tx, skb, mic_len) < 0)
|
2009-03-24 00:28:35 +08:00
|
|
|
return TX_DROP;
|
2011-11-16 22:28:55 +08:00
|
|
|
}
|
2007-05-06 02:45:53 +08:00
|
|
|
|
2008-02-01 02:48:20 +08:00
|
|
|
return TX_CONTINUE;
|
2007-05-06 02:45:53 +08:00
|
|
|
}
|
|
|
|
|
|
|
|
|
2008-02-01 02:48:20 +08:00
|
|
|
ieee80211_rx_result
|
2015-01-25 01:52:07 +08:00
|
|
|
ieee80211_crypto_ccmp_decrypt(struct ieee80211_rx_data *rx,
|
|
|
|
unsigned int mic_len)
|
2007-05-06 02:45:53 +08:00
|
|
|
{
|
2008-07-03 07:30:52 +08:00
|
|
|
struct ieee80211_hdr *hdr = (struct ieee80211_hdr *)rx->skb->data;
|
2007-05-06 02:45:53 +08:00
|
|
|
int hdrlen;
|
|
|
|
struct ieee80211_key *key = rx->key;
|
|
|
|
struct sk_buff *skb = rx->skb;
|
2009-11-16 20:58:20 +08:00
|
|
|
struct ieee80211_rx_status *status = IEEE80211_SKB_RXCB(skb);
|
2013-05-08 19:09:08 +08:00
|
|
|
u8 pn[IEEE80211_CCMP_PN_LEN];
|
2007-05-06 02:45:53 +08:00
|
|
|
int data_len;
|
2010-06-12 01:27:33 +08:00
|
|
|
int queue;
|
2007-05-06 02:45:53 +08:00
|
|
|
|
2008-06-12 05:21:58 +08:00
|
|
|
hdrlen = ieee80211_hdrlen(hdr->frame_control);
|
2007-05-06 02:45:53 +08:00
|
|
|
|
2009-01-08 19:32:00 +08:00
|
|
|
if (!ieee80211_is_data(hdr->frame_control) &&
|
2014-01-23 23:20:29 +08:00
|
|
|
!ieee80211_is_robust_mgmt_frame(skb))
|
2008-02-01 02:48:20 +08:00
|
|
|
return RX_CONTINUE;
|
2007-05-06 02:45:53 +08:00
|
|
|
|
2012-03-12 20:49:14 +08:00
|
|
|
if (status->flag & RX_FLAG_DECRYPTED) {
|
2013-05-08 19:09:08 +08:00
|
|
|
if (!pskb_may_pull(rx->skb, hdrlen + IEEE80211_CCMP_HDR_LEN))
|
2012-03-12 20:49:14 +08:00
|
|
|
return RX_DROP_UNUSABLE;
|
2016-02-24 17:49:45 +08:00
|
|
|
if (status->flag & RX_FLAG_MIC_STRIPPED)
|
|
|
|
mic_len = 0;
|
2012-03-12 20:49:14 +08:00
|
|
|
} else {
|
|
|
|
if (skb_linearize(rx->skb))
|
|
|
|
return RX_DROP_UNUSABLE;
|
|
|
|
}
|
|
|
|
|
2016-02-24 17:49:45 +08:00
|
|
|
data_len = skb->len - hdrlen - IEEE80211_CCMP_HDR_LEN - mic_len;
|
|
|
|
if (!rx->sta || data_len < 0)
|
|
|
|
return RX_DROP_UNUSABLE;
|
|
|
|
|
2015-06-12 20:39:02 +08:00
|
|
|
if (!(status->flag & RX_FLAG_PN_VALIDATED)) {
|
2016-05-03 20:59:44 +08:00
|
|
|
int res;
|
|
|
|
|
2015-06-12 20:39:02 +08:00
|
|
|
ccmp_hdr2pn(pn, skb->data + hdrlen);
|
2007-05-06 02:45:53 +08:00
|
|
|
|
2015-06-12 20:39:02 +08:00
|
|
|
queue = rx->security_idx;
|
2010-06-12 01:27:33 +08:00
|
|
|
|
2016-05-03 20:59:44 +08:00
|
|
|
res = memcmp(pn, key->u.ccmp.rx_pn[queue],
|
|
|
|
IEEE80211_CCMP_PN_LEN);
|
|
|
|
if (res < 0 ||
|
|
|
|
(!res && !(status->flag & RX_FLAG_ALLOW_SAME_PN))) {
|
2015-06-12 20:39:02 +08:00
|
|
|
key->u.ccmp.replays++;
|
2008-02-01 02:48:21 +08:00
|
|
|
return RX_DROP_UNUSABLE;
|
2015-06-12 20:39:02 +08:00
|
|
|
}
|
|
|
|
|
|
|
|
if (!(status->flag & RX_FLAG_DECRYPTED)) {
|
|
|
|
u8 aad[2 * AES_BLOCK_SIZE];
|
|
|
|
u8 b_0[AES_BLOCK_SIZE];
|
|
|
|
/* hardware didn't decrypt/verify MIC */
|
|
|
|
ccmp_special_blocks(skb, pn, b_0, aad);
|
|
|
|
|
|
|
|
if (ieee80211_aes_ccm_decrypt(
|
|
|
|
key->u.ccmp.tfm, b_0, aad,
|
|
|
|
skb->data + hdrlen + IEEE80211_CCMP_HDR_LEN,
|
|
|
|
data_len,
|
2017-10-11 10:31:49 +08:00
|
|
|
skb->data + skb->len - mic_len))
|
2015-06-12 20:39:02 +08:00
|
|
|
return RX_DROP_UNUSABLE;
|
|
|
|
}
|
|
|
|
|
|
|
|
memcpy(key->u.ccmp.rx_pn[queue], pn, IEEE80211_CCMP_PN_LEN);
|
2007-05-06 02:45:53 +08:00
|
|
|
}
|
|
|
|
|
|
|
|
/* Remove CCMP header and MIC */
|
2015-01-25 01:52:07 +08:00
|
|
|
if (pskb_trim(skb, skb->len - mic_len))
|
2012-03-12 20:49:14 +08:00
|
|
|
return RX_DROP_UNUSABLE;
|
2013-05-08 19:09:08 +08:00
|
|
|
memmove(skb->data + IEEE80211_CCMP_HDR_LEN, skb->data, hdrlen);
|
|
|
|
skb_pull(skb, IEEE80211_CCMP_HDR_LEN);
|
2007-05-06 02:45:53 +08:00
|
|
|
|
2008-02-01 02:48:20 +08:00
|
|
|
return RX_CONTINUE;
|
2007-05-06 02:45:53 +08:00
|
|
|
}
|
2009-01-08 19:32:01 +08:00
|
|
|
|
2015-01-25 01:52:06 +08:00
|
|
|
static void gcmp_special_blocks(struct sk_buff *skb, u8 *pn, u8 *j_0, u8 *aad)
|
|
|
|
{
|
|
|
|
__le16 mask_fc;
|
|
|
|
u8 qos_tid;
|
|
|
|
struct ieee80211_hdr *hdr = (struct ieee80211_hdr *)skb->data;
|
|
|
|
|
|
|
|
memcpy(j_0, hdr->addr2, ETH_ALEN);
|
|
|
|
memcpy(&j_0[ETH_ALEN], pn, IEEE80211_GCMP_PN_LEN);
|
|
|
|
j_0[13] = 0;
|
|
|
|
j_0[14] = 0;
|
|
|
|
j_0[AES_BLOCK_SIZE - 1] = 0x01;
|
|
|
|
|
|
|
|
/* AAD (extra authenticate-only data) / masked 802.11 header
|
|
|
|
* FC | A1 | A2 | A3 | SC | [A4] | [QC]
|
|
|
|
*/
|
|
|
|
put_unaligned_be16(ieee80211_hdrlen(hdr->frame_control) - 2, &aad[0]);
|
|
|
|
/* Mask FC: zero subtype b4 b5 b6 (if not mgmt)
|
|
|
|
* Retry, PwrMgt, MoreData; set Protected
|
|
|
|
*/
|
|
|
|
mask_fc = hdr->frame_control;
|
|
|
|
mask_fc &= ~cpu_to_le16(IEEE80211_FCTL_RETRY |
|
|
|
|
IEEE80211_FCTL_PM | IEEE80211_FCTL_MOREDATA);
|
|
|
|
if (!ieee80211_is_mgmt(hdr->frame_control))
|
|
|
|
mask_fc &= ~cpu_to_le16(0x0070);
|
|
|
|
mask_fc |= cpu_to_le16(IEEE80211_FCTL_PROTECTED);
|
|
|
|
|
|
|
|
put_unaligned(mask_fc, (__le16 *)&aad[2]);
|
|
|
|
memcpy(&aad[4], &hdr->addr1, 3 * ETH_ALEN);
|
|
|
|
|
|
|
|
/* Mask Seq#, leave Frag# */
|
|
|
|
aad[22] = *((u8 *)&hdr->seq_ctrl) & 0x0f;
|
|
|
|
aad[23] = 0;
|
|
|
|
|
|
|
|
if (ieee80211_is_data_qos(hdr->frame_control))
|
|
|
|
qos_tid = *ieee80211_get_qos_ctl(hdr) &
|
|
|
|
IEEE80211_QOS_CTL_TID_MASK;
|
|
|
|
else
|
|
|
|
qos_tid = 0;
|
|
|
|
|
|
|
|
if (ieee80211_has_a4(hdr->frame_control)) {
|
|
|
|
memcpy(&aad[24], hdr->addr4, ETH_ALEN);
|
|
|
|
aad[30] = qos_tid;
|
|
|
|
aad[31] = 0;
|
|
|
|
} else {
|
|
|
|
memset(&aad[24], 0, ETH_ALEN + IEEE80211_QOS_CTL_LEN);
|
|
|
|
aad[24] = qos_tid;
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
static inline void gcmp_pn2hdr(u8 *hdr, const u8 *pn, int key_id)
|
|
|
|
{
|
|
|
|
hdr[0] = pn[5];
|
|
|
|
hdr[1] = pn[4];
|
|
|
|
hdr[2] = 0;
|
|
|
|
hdr[3] = 0x20 | (key_id << 6);
|
|
|
|
hdr[4] = pn[3];
|
|
|
|
hdr[5] = pn[2];
|
|
|
|
hdr[6] = pn[1];
|
|
|
|
hdr[7] = pn[0];
|
|
|
|
}
|
|
|
|
|
|
|
|
static inline void gcmp_hdr2pn(u8 *pn, const u8 *hdr)
|
|
|
|
{
|
|
|
|
pn[0] = hdr[7];
|
|
|
|
pn[1] = hdr[6];
|
|
|
|
pn[2] = hdr[5];
|
|
|
|
pn[3] = hdr[4];
|
|
|
|
pn[4] = hdr[1];
|
|
|
|
pn[5] = hdr[0];
|
|
|
|
}
|
|
|
|
|
|
|
|
static int gcmp_encrypt_skb(struct ieee80211_tx_data *tx, struct sk_buff *skb)
|
|
|
|
{
|
|
|
|
struct ieee80211_hdr *hdr = (struct ieee80211_hdr *)skb->data;
|
|
|
|
struct ieee80211_key *key = tx->key;
|
|
|
|
struct ieee80211_tx_info *info = IEEE80211_SKB_CB(skb);
|
|
|
|
int hdrlen, len, tail;
|
|
|
|
u8 *pos;
|
|
|
|
u8 pn[6];
|
|
|
|
u64 pn64;
|
2016-10-17 22:05:33 +08:00
|
|
|
u8 aad[GCM_AAD_LEN];
|
2015-01-25 01:52:06 +08:00
|
|
|
u8 j_0[AES_BLOCK_SIZE];
|
|
|
|
|
|
|
|
if (info->control.hw_key &&
|
|
|
|
!(info->control.hw_key->flags & IEEE80211_KEY_FLAG_GENERATE_IV) &&
|
|
|
|
!(info->control.hw_key->flags & IEEE80211_KEY_FLAG_PUT_IV_SPACE) &&
|
|
|
|
!((info->control.hw_key->flags &
|
|
|
|
IEEE80211_KEY_FLAG_GENERATE_IV_MGMT) &&
|
|
|
|
ieee80211_is_mgmt(hdr->frame_control))) {
|
|
|
|
/* hwaccel has no need for preallocated room for GCMP
|
|
|
|
* header or MIC fields
|
|
|
|
*/
|
|
|
|
return 0;
|
|
|
|
}
|
|
|
|
|
|
|
|
hdrlen = ieee80211_hdrlen(hdr->frame_control);
|
|
|
|
len = skb->len - hdrlen;
|
|
|
|
|
|
|
|
if (info->control.hw_key)
|
|
|
|
tail = 0;
|
|
|
|
else
|
|
|
|
tail = IEEE80211_GCMP_MIC_LEN;
|
|
|
|
|
|
|
|
if (WARN_ON(skb_tailroom(skb) < tail ||
|
|
|
|
skb_headroom(skb) < IEEE80211_GCMP_HDR_LEN))
|
|
|
|
return -1;
|
|
|
|
|
|
|
|
pos = skb_push(skb, IEEE80211_GCMP_HDR_LEN);
|
|
|
|
memmove(pos, pos + IEEE80211_GCMP_HDR_LEN, hdrlen);
|
|
|
|
skb_set_network_header(skb, skb_network_offset(skb) +
|
|
|
|
IEEE80211_GCMP_HDR_LEN);
|
|
|
|
|
|
|
|
/* the HW only needs room for the IV, but not the actual IV */
|
|
|
|
if (info->control.hw_key &&
|
|
|
|
(info->control.hw_key->flags & IEEE80211_KEY_FLAG_PUT_IV_SPACE))
|
|
|
|
return 0;
|
|
|
|
|
|
|
|
hdr = (struct ieee80211_hdr *)pos;
|
|
|
|
pos += hdrlen;
|
|
|
|
|
2015-06-01 21:36:51 +08:00
|
|
|
pn64 = atomic64_inc_return(&key->conf.tx_pn);
|
2015-01-25 01:52:06 +08:00
|
|
|
|
|
|
|
pn[5] = pn64;
|
|
|
|
pn[4] = pn64 >> 8;
|
|
|
|
pn[3] = pn64 >> 16;
|
|
|
|
pn[2] = pn64 >> 24;
|
|
|
|
pn[1] = pn64 >> 32;
|
|
|
|
pn[0] = pn64 >> 40;
|
|
|
|
|
|
|
|
gcmp_pn2hdr(pos, pn, key->conf.keyidx);
|
|
|
|
|
|
|
|
/* hwaccel - with software GCMP header */
|
|
|
|
if (info->control.hw_key)
|
|
|
|
return 0;
|
|
|
|
|
|
|
|
pos += IEEE80211_GCMP_HDR_LEN;
|
|
|
|
gcmp_special_blocks(skb, pn, j_0, aad);
|
2016-10-17 22:05:33 +08:00
|
|
|
return ieee80211_aes_gcm_encrypt(key->u.gcmp.tfm, j_0, aad, pos, len,
|
|
|
|
skb_put(skb, IEEE80211_GCMP_MIC_LEN));
|
2015-01-25 01:52:06 +08:00
|
|
|
}
|
|
|
|
|
|
|
|
ieee80211_tx_result
|
|
|
|
ieee80211_crypto_gcmp_encrypt(struct ieee80211_tx_data *tx)
|
|
|
|
{
|
|
|
|
struct sk_buff *skb;
|
|
|
|
|
|
|
|
ieee80211_tx_set_protected(tx);
|
|
|
|
|
|
|
|
skb_queue_walk(&tx->skbs, skb) {
|
|
|
|
if (gcmp_encrypt_skb(tx, skb) < 0)
|
|
|
|
return TX_DROP;
|
|
|
|
}
|
|
|
|
|
|
|
|
return TX_CONTINUE;
|
|
|
|
}
|
|
|
|
|
|
|
|
ieee80211_rx_result
|
|
|
|
ieee80211_crypto_gcmp_decrypt(struct ieee80211_rx_data *rx)
|
|
|
|
{
|
|
|
|
struct ieee80211_hdr *hdr = (struct ieee80211_hdr *)rx->skb->data;
|
|
|
|
int hdrlen;
|
|
|
|
struct ieee80211_key *key = rx->key;
|
|
|
|
struct sk_buff *skb = rx->skb;
|
|
|
|
struct ieee80211_rx_status *status = IEEE80211_SKB_RXCB(skb);
|
|
|
|
u8 pn[IEEE80211_GCMP_PN_LEN];
|
2016-02-24 17:49:45 +08:00
|
|
|
int data_len, queue, mic_len = IEEE80211_GCMP_MIC_LEN;
|
2015-01-25 01:52:06 +08:00
|
|
|
|
|
|
|
hdrlen = ieee80211_hdrlen(hdr->frame_control);
|
|
|
|
|
|
|
|
if (!ieee80211_is_data(hdr->frame_control) &&
|
|
|
|
!ieee80211_is_robust_mgmt_frame(skb))
|
|
|
|
return RX_CONTINUE;
|
|
|
|
|
|
|
|
if (status->flag & RX_FLAG_DECRYPTED) {
|
|
|
|
if (!pskb_may_pull(rx->skb, hdrlen + IEEE80211_GCMP_HDR_LEN))
|
|
|
|
return RX_DROP_UNUSABLE;
|
2016-02-24 17:49:45 +08:00
|
|
|
if (status->flag & RX_FLAG_MIC_STRIPPED)
|
|
|
|
mic_len = 0;
|
2015-01-25 01:52:06 +08:00
|
|
|
} else {
|
|
|
|
if (skb_linearize(rx->skb))
|
|
|
|
return RX_DROP_UNUSABLE;
|
|
|
|
}
|
|
|
|
|
2016-02-24 17:49:45 +08:00
|
|
|
data_len = skb->len - hdrlen - IEEE80211_GCMP_HDR_LEN - mic_len;
|
|
|
|
if (!rx->sta || data_len < 0)
|
|
|
|
return RX_DROP_UNUSABLE;
|
|
|
|
|
2015-06-12 20:39:02 +08:00
|
|
|
if (!(status->flag & RX_FLAG_PN_VALIDATED)) {
|
2016-05-03 20:59:44 +08:00
|
|
|
int res;
|
|
|
|
|
2015-06-12 20:39:02 +08:00
|
|
|
gcmp_hdr2pn(pn, skb->data + hdrlen);
|
2015-01-25 01:52:06 +08:00
|
|
|
|
2015-06-12 20:39:02 +08:00
|
|
|
queue = rx->security_idx;
|
2015-01-25 01:52:06 +08:00
|
|
|
|
2016-05-03 20:59:44 +08:00
|
|
|
res = memcmp(pn, key->u.gcmp.rx_pn[queue],
|
|
|
|
IEEE80211_GCMP_PN_LEN);
|
|
|
|
if (res < 0 ||
|
|
|
|
(!res && !(status->flag & RX_FLAG_ALLOW_SAME_PN))) {
|
2015-06-12 20:39:02 +08:00
|
|
|
key->u.gcmp.replays++;
|
2015-01-25 01:52:06 +08:00
|
|
|
return RX_DROP_UNUSABLE;
|
2015-06-12 20:39:02 +08:00
|
|
|
}
|
|
|
|
|
|
|
|
if (!(status->flag & RX_FLAG_DECRYPTED)) {
|
|
|
|
u8 aad[2 * AES_BLOCK_SIZE];
|
|
|
|
u8 j_0[AES_BLOCK_SIZE];
|
|
|
|
/* hardware didn't decrypt/verify MIC */
|
|
|
|
gcmp_special_blocks(skb, pn, j_0, aad);
|
|
|
|
|
|
|
|
if (ieee80211_aes_gcm_decrypt(
|
|
|
|
key->u.gcmp.tfm, j_0, aad,
|
|
|
|
skb->data + hdrlen + IEEE80211_GCMP_HDR_LEN,
|
|
|
|
data_len,
|
|
|
|
skb->data + skb->len -
|
|
|
|
IEEE80211_GCMP_MIC_LEN))
|
|
|
|
return RX_DROP_UNUSABLE;
|
|
|
|
}
|
|
|
|
|
|
|
|
memcpy(key->u.gcmp.rx_pn[queue], pn, IEEE80211_GCMP_PN_LEN);
|
2015-01-25 01:52:06 +08:00
|
|
|
}
|
|
|
|
|
|
|
|
/* Remove GCMP header and MIC */
|
2016-02-24 17:49:45 +08:00
|
|
|
if (pskb_trim(skb, skb->len - mic_len))
|
2015-01-25 01:52:06 +08:00
|
|
|
return RX_DROP_UNUSABLE;
|
|
|
|
memmove(skb->data + IEEE80211_GCMP_HDR_LEN, skb->data, hdrlen);
|
|
|
|
skb_pull(skb, IEEE80211_GCMP_HDR_LEN);
|
|
|
|
|
|
|
|
return RX_CONTINUE;
|
|
|
|
}
|
|
|
|
|
2013-03-24 20:23:27 +08:00
|
|
|
static ieee80211_tx_result
|
|
|
|
ieee80211_crypto_cs_encrypt(struct ieee80211_tx_data *tx,
|
|
|
|
struct sk_buff *skb)
|
|
|
|
{
|
|
|
|
struct ieee80211_hdr *hdr = (struct ieee80211_hdr *)skb->data;
|
|
|
|
struct ieee80211_key *key = tx->key;
|
|
|
|
struct ieee80211_tx_info *info = IEEE80211_SKB_CB(skb);
|
|
|
|
int hdrlen;
|
2015-03-17 18:47:33 +08:00
|
|
|
u8 *pos, iv_len = key->conf.iv_len;
|
2013-03-24 20:23:27 +08:00
|
|
|
|
|
|
|
if (info->control.hw_key &&
|
|
|
|
!(info->control.hw_key->flags & IEEE80211_KEY_FLAG_PUT_IV_SPACE)) {
|
|
|
|
/* hwaccel has no need for preallocated head room */
|
|
|
|
return TX_CONTINUE;
|
|
|
|
}
|
|
|
|
|
2015-03-17 18:47:33 +08:00
|
|
|
if (unlikely(skb_headroom(skb) < iv_len &&
|
|
|
|
pskb_expand_head(skb, iv_len, 0, GFP_ATOMIC)))
|
2013-03-24 20:23:27 +08:00
|
|
|
return TX_DROP;
|
|
|
|
|
|
|
|
hdrlen = ieee80211_hdrlen(hdr->frame_control);
|
|
|
|
|
2015-03-17 18:47:33 +08:00
|
|
|
pos = skb_push(skb, iv_len);
|
|
|
|
memmove(pos, pos + iv_len, hdrlen);
|
2013-03-24 20:23:27 +08:00
|
|
|
|
|
|
|
return TX_CONTINUE;
|
|
|
|
}
|
|
|
|
|
|
|
|
static inline int ieee80211_crypto_cs_pn_compare(u8 *pn1, u8 *pn2, int len)
|
|
|
|
{
|
|
|
|
int i;
|
|
|
|
|
|
|
|
/* pn is little endian */
|
|
|
|
for (i = len - 1; i >= 0; i--) {
|
|
|
|
if (pn1[i] < pn2[i])
|
|
|
|
return -1;
|
|
|
|
else if (pn1[i] > pn2[i])
|
|
|
|
return 1;
|
|
|
|
}
|
|
|
|
|
|
|
|
return 0;
|
|
|
|
}
|
|
|
|
|
|
|
|
static ieee80211_rx_result
|
|
|
|
ieee80211_crypto_cs_decrypt(struct ieee80211_rx_data *rx)
|
|
|
|
{
|
|
|
|
struct ieee80211_key *key = rx->key;
|
|
|
|
struct ieee80211_hdr *hdr = (struct ieee80211_hdr *)rx->skb->data;
|
|
|
|
const struct ieee80211_cipher_scheme *cs = NULL;
|
|
|
|
int hdrlen = ieee80211_hdrlen(hdr->frame_control);
|
|
|
|
struct ieee80211_rx_status *status = IEEE80211_SKB_RXCB(rx->skb);
|
|
|
|
int data_len;
|
|
|
|
u8 *rx_pn;
|
|
|
|
u8 *skb_pn;
|
|
|
|
u8 qos_tid;
|
|
|
|
|
|
|
|
if (!rx->sta || !rx->sta->cipher_scheme ||
|
|
|
|
!(status->flag & RX_FLAG_DECRYPTED))
|
|
|
|
return RX_DROP_UNUSABLE;
|
|
|
|
|
|
|
|
if (!ieee80211_is_data(hdr->frame_control))
|
|
|
|
return RX_CONTINUE;
|
|
|
|
|
|
|
|
cs = rx->sta->cipher_scheme;
|
|
|
|
|
|
|
|
data_len = rx->skb->len - hdrlen - cs->hdr_len;
|
|
|
|
|
|
|
|
if (data_len < 0)
|
|
|
|
return RX_DROP_UNUSABLE;
|
|
|
|
|
|
|
|
if (ieee80211_is_data_qos(hdr->frame_control))
|
|
|
|
qos_tid = *ieee80211_get_qos_ctl(hdr) &
|
|
|
|
IEEE80211_QOS_CTL_TID_MASK;
|
|
|
|
else
|
|
|
|
qos_tid = 0;
|
|
|
|
|
|
|
|
if (skb_linearize(rx->skb))
|
|
|
|
return RX_DROP_UNUSABLE;
|
|
|
|
|
|
|
|
hdr = (struct ieee80211_hdr *)rx->skb->data;
|
|
|
|
|
|
|
|
rx_pn = key->u.gen.rx_pn[qos_tid];
|
|
|
|
skb_pn = rx->skb->data + hdrlen + cs->pn_off;
|
|
|
|
|
|
|
|
if (ieee80211_crypto_cs_pn_compare(skb_pn, rx_pn, cs->pn_len) <= 0)
|
|
|
|
return RX_DROP_UNUSABLE;
|
|
|
|
|
|
|
|
memcpy(rx_pn, skb_pn, cs->pn_len);
|
|
|
|
|
|
|
|
/* remove security header and MIC */
|
|
|
|
if (pskb_trim(rx->skb, rx->skb->len - cs->mic_len))
|
|
|
|
return RX_DROP_UNUSABLE;
|
|
|
|
|
|
|
|
memmove(rx->skb->data + cs->hdr_len, rx->skb->data, hdrlen);
|
|
|
|
skb_pull(rx->skb, cs->hdr_len);
|
|
|
|
|
|
|
|
return RX_CONTINUE;
|
|
|
|
}
|
2009-01-08 19:32:01 +08:00
|
|
|
|
|
|
|
static void bip_aad(struct sk_buff *skb, u8 *aad)
|
|
|
|
{
|
mac80211: Fix FC masking in BIP AAD generation
The bits used in the mask were off-by-one and ended up masking PwrMgt,
MoreData, Protected fields instead of Retry, PwrMgt, MoreData. Fix this
and to mask the correct fields. While doing so, convert the code to mask
the full FC using IEEE80211_FCTL_* defines similarly to how CCMP AAD is
built.
Since BIP is used only with broadcast/multicast management frames, the
Retry field is always 0 in these frames. The Protected field is also
zero to maintain backwards compatibility. As such, the incorrect mask
here does not really cause any problems for valid frames. In theory, an
invalid BIP frame with Retry or Protected field set to 1 could be
rejected because of BIP validation. However, no such frame should show
up with standard compliant implementations, so this does not cause
problems in normal BIP use.
Signed-off-by: Jouni Malinen <j@w1.fi>
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
2012-10-01 00:47:40 +08:00
|
|
|
__le16 mask_fc;
|
|
|
|
struct ieee80211_hdr *hdr = (struct ieee80211_hdr *) skb->data;
|
|
|
|
|
2009-01-08 19:32:01 +08:00
|
|
|
/* BIP AAD: FC(masked) || A1 || A2 || A3 */
|
|
|
|
|
|
|
|
/* FC type/subtype */
|
|
|
|
/* Mask FC Retry, PwrMgt, MoreData flags to zero */
|
mac80211: Fix FC masking in BIP AAD generation
The bits used in the mask were off-by-one and ended up masking PwrMgt,
MoreData, Protected fields instead of Retry, PwrMgt, MoreData. Fix this
and to mask the correct fields. While doing so, convert the code to mask
the full FC using IEEE80211_FCTL_* defines similarly to how CCMP AAD is
built.
Since BIP is used only with broadcast/multicast management frames, the
Retry field is always 0 in these frames. The Protected field is also
zero to maintain backwards compatibility. As such, the incorrect mask
here does not really cause any problems for valid frames. In theory, an
invalid BIP frame with Retry or Protected field set to 1 could be
rejected because of BIP validation. However, no such frame should show
up with standard compliant implementations, so this does not cause
problems in normal BIP use.
Signed-off-by: Jouni Malinen <j@w1.fi>
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
2012-10-01 00:47:40 +08:00
|
|
|
mask_fc = hdr->frame_control;
|
|
|
|
mask_fc &= ~cpu_to_le16(IEEE80211_FCTL_RETRY | IEEE80211_FCTL_PM |
|
|
|
|
IEEE80211_FCTL_MOREDATA);
|
|
|
|
put_unaligned(mask_fc, (__le16 *) &aad[0]);
|
2009-01-08 19:32:01 +08:00
|
|
|
/* A1 || A2 || A3 */
|
mac80211: Fix FC masking in BIP AAD generation
The bits used in the mask were off-by-one and ended up masking PwrMgt,
MoreData, Protected fields instead of Retry, PwrMgt, MoreData. Fix this
and to mask the correct fields. While doing so, convert the code to mask
the full FC using IEEE80211_FCTL_* defines similarly to how CCMP AAD is
built.
Since BIP is used only with broadcast/multicast management frames, the
Retry field is always 0 in these frames. The Protected field is also
zero to maintain backwards compatibility. As such, the incorrect mask
here does not really cause any problems for valid frames. In theory, an
invalid BIP frame with Retry or Protected field set to 1 could be
rejected because of BIP validation. However, no such frame should show
up with standard compliant implementations, so this does not cause
problems in normal BIP use.
Signed-off-by: Jouni Malinen <j@w1.fi>
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
2012-10-01 00:47:40 +08:00
|
|
|
memcpy(aad + 2, &hdr->addr1, 3 * ETH_ALEN);
|
2009-01-08 19:32:01 +08:00
|
|
|
}
|
|
|
|
|
|
|
|
|
2011-07-07 04:00:35 +08:00
|
|
|
static inline void bip_ipn_set64(u8 *d, u64 pn)
|
|
|
|
{
|
|
|
|
*d++ = pn;
|
|
|
|
*d++ = pn >> 8;
|
|
|
|
*d++ = pn >> 16;
|
|
|
|
*d++ = pn >> 24;
|
|
|
|
*d++ = pn >> 32;
|
|
|
|
*d = pn >> 40;
|
|
|
|
}
|
|
|
|
|
2009-01-08 19:32:01 +08:00
|
|
|
static inline void bip_ipn_swap(u8 *d, const u8 *s)
|
|
|
|
{
|
|
|
|
*d++ = s[5];
|
|
|
|
*d++ = s[4];
|
|
|
|
*d++ = s[3];
|
|
|
|
*d++ = s[2];
|
|
|
|
*d++ = s[1];
|
|
|
|
*d = s[0];
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
ieee80211_tx_result
|
|
|
|
ieee80211_crypto_aes_cmac_encrypt(struct ieee80211_tx_data *tx)
|
|
|
|
{
|
2011-11-16 22:28:55 +08:00
|
|
|
struct sk_buff *skb;
|
|
|
|
struct ieee80211_tx_info *info;
|
2009-01-08 19:32:01 +08:00
|
|
|
struct ieee80211_key *key = tx->key;
|
|
|
|
struct ieee80211_mmie *mmie;
|
2011-07-07 04:00:35 +08:00
|
|
|
u8 aad[20];
|
|
|
|
u64 pn64;
|
2009-01-08 19:32:01 +08:00
|
|
|
|
2011-11-16 22:28:55 +08:00
|
|
|
if (WARN_ON(skb_queue_len(&tx->skbs) != 1))
|
|
|
|
return TX_DROP;
|
|
|
|
|
|
|
|
skb = skb_peek(&tx->skbs);
|
|
|
|
|
|
|
|
info = IEEE80211_SKB_CB(skb);
|
|
|
|
|
2010-01-17 08:47:58 +08:00
|
|
|
if (info->control.hw_key)
|
2011-11-16 22:28:55 +08:00
|
|
|
return TX_CONTINUE;
|
2009-01-08 19:32:01 +08:00
|
|
|
|
|
|
|
if (WARN_ON(skb_tailroom(skb) < sizeof(*mmie)))
|
|
|
|
return TX_DROP;
|
|
|
|
|
networking: make skb_put & friends return void pointers
It seems like a historic accident that these return unsigned char *,
and in many places that means casts are required, more often than not.
Make these functions (skb_put, __skb_put and pskb_put) return void *
and remove all the casts across the tree, adding a (u8 *) cast only
where the unsigned char pointer was used directly, all done with the
following spatch:
@@
expression SKB, LEN;
typedef u8;
identifier fn = { skb_put, __skb_put };
@@
- *(fn(SKB, LEN))
+ *(u8 *)fn(SKB, LEN)
@@
expression E, SKB, LEN;
identifier fn = { skb_put, __skb_put };
type T;
@@
- E = ((T *)(fn(SKB, LEN)))
+ E = fn(SKB, LEN)
which actually doesn't cover pskb_put since there are only three
users overall.
A handful of stragglers were converted manually, notably a macro in
drivers/isdn/i4l/isdn_bsdcomp.c and, oddly enough, one of the many
instances in net/bluetooth/hci_sock.c. In the former file, I also
had to fix one whitespace problem spatch introduced.
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
2017-06-16 20:29:21 +08:00
|
|
|
mmie = skb_put(skb, sizeof(*mmie));
|
2009-01-08 19:32:01 +08:00
|
|
|
mmie->element_id = WLAN_EID_MMIE;
|
|
|
|
mmie->length = sizeof(*mmie) - 2;
|
|
|
|
mmie->key_id = cpu_to_le16(key->conf.keyidx);
|
|
|
|
|
|
|
|
/* PN = PN + 1 */
|
2015-06-01 21:36:51 +08:00
|
|
|
pn64 = atomic64_inc_return(&key->conf.tx_pn);
|
2009-01-08 19:32:01 +08:00
|
|
|
|
2011-07-07 04:00:35 +08:00
|
|
|
bip_ipn_set64(mmie->sequence_number, pn64);
|
2009-01-08 19:32:01 +08:00
|
|
|
|
|
|
|
bip_aad(skb, aad);
|
|
|
|
|
|
|
|
/*
|
|
|
|
* MIC = AES-128-CMAC(IGTK, AAD || Management Frame Body || MMIE, 64)
|
|
|
|
*/
|
2011-07-07 04:00:35 +08:00
|
|
|
ieee80211_aes_cmac(key->u.aes_cmac.tfm, aad,
|
|
|
|
skb->data + 24, skb->len - 24, mmie->mic);
|
2009-01-08 19:32:01 +08:00
|
|
|
|
|
|
|
return TX_CONTINUE;
|
|
|
|
}
|
|
|
|
|
2015-01-25 01:52:08 +08:00
|
|
|
ieee80211_tx_result
|
|
|
|
ieee80211_crypto_aes_cmac_256_encrypt(struct ieee80211_tx_data *tx)
|
|
|
|
{
|
|
|
|
struct sk_buff *skb;
|
|
|
|
struct ieee80211_tx_info *info;
|
|
|
|
struct ieee80211_key *key = tx->key;
|
|
|
|
struct ieee80211_mmie_16 *mmie;
|
|
|
|
u8 aad[20];
|
|
|
|
u64 pn64;
|
|
|
|
|
|
|
|
if (WARN_ON(skb_queue_len(&tx->skbs) != 1))
|
|
|
|
return TX_DROP;
|
|
|
|
|
|
|
|
skb = skb_peek(&tx->skbs);
|
|
|
|
|
|
|
|
info = IEEE80211_SKB_CB(skb);
|
|
|
|
|
|
|
|
if (info->control.hw_key)
|
|
|
|
return TX_CONTINUE;
|
|
|
|
|
|
|
|
if (WARN_ON(skb_tailroom(skb) < sizeof(*mmie)))
|
|
|
|
return TX_DROP;
|
|
|
|
|
networking: make skb_put & friends return void pointers
It seems like a historic accident that these return unsigned char *,
and in many places that means casts are required, more often than not.
Make these functions (skb_put, __skb_put and pskb_put) return void *
and remove all the casts across the tree, adding a (u8 *) cast only
where the unsigned char pointer was used directly, all done with the
following spatch:
@@
expression SKB, LEN;
typedef u8;
identifier fn = { skb_put, __skb_put };
@@
- *(fn(SKB, LEN))
+ *(u8 *)fn(SKB, LEN)
@@
expression E, SKB, LEN;
identifier fn = { skb_put, __skb_put };
type T;
@@
- E = ((T *)(fn(SKB, LEN)))
+ E = fn(SKB, LEN)
which actually doesn't cover pskb_put since there are only three
users overall.
A handful of stragglers were converted manually, notably a macro in
drivers/isdn/i4l/isdn_bsdcomp.c and, oddly enough, one of the many
instances in net/bluetooth/hci_sock.c. In the former file, I also
had to fix one whitespace problem spatch introduced.
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
2017-06-16 20:29:21 +08:00
|
|
|
mmie = skb_put(skb, sizeof(*mmie));
|
2015-01-25 01:52:08 +08:00
|
|
|
mmie->element_id = WLAN_EID_MMIE;
|
|
|
|
mmie->length = sizeof(*mmie) - 2;
|
|
|
|
mmie->key_id = cpu_to_le16(key->conf.keyidx);
|
|
|
|
|
|
|
|
/* PN = PN + 1 */
|
2015-06-01 21:36:51 +08:00
|
|
|
pn64 = atomic64_inc_return(&key->conf.tx_pn);
|
2015-01-25 01:52:08 +08:00
|
|
|
|
|
|
|
bip_ipn_set64(mmie->sequence_number, pn64);
|
|
|
|
|
|
|
|
bip_aad(skb, aad);
|
|
|
|
|
|
|
|
/* MIC = AES-256-CMAC(IGTK, AAD || Management Frame Body || MMIE, 128)
|
|
|
|
*/
|
|
|
|
ieee80211_aes_cmac_256(key->u.aes_cmac.tfm, aad,
|
|
|
|
skb->data + 24, skb->len - 24, mmie->mic);
|
|
|
|
|
|
|
|
return TX_CONTINUE;
|
|
|
|
}
|
2009-01-08 19:32:01 +08:00
|
|
|
|
|
|
|
ieee80211_rx_result
|
|
|
|
ieee80211_crypto_aes_cmac_decrypt(struct ieee80211_rx_data *rx)
|
|
|
|
{
|
|
|
|
struct sk_buff *skb = rx->skb;
|
2009-11-16 20:58:20 +08:00
|
|
|
struct ieee80211_rx_status *status = IEEE80211_SKB_RXCB(skb);
|
2009-01-08 19:32:01 +08:00
|
|
|
struct ieee80211_key *key = rx->key;
|
|
|
|
struct ieee80211_mmie *mmie;
|
|
|
|
u8 aad[20], mic[8], ipn[6];
|
|
|
|
struct ieee80211_hdr *hdr = (struct ieee80211_hdr *) skb->data;
|
|
|
|
|
|
|
|
if (!ieee80211_is_mgmt(hdr->frame_control))
|
|
|
|
return RX_CONTINUE;
|
|
|
|
|
2012-03-12 20:49:14 +08:00
|
|
|
/* management frames are already linear */
|
|
|
|
|
2009-01-08 19:32:01 +08:00
|
|
|
if (skb->len < 24 + sizeof(*mmie))
|
|
|
|
return RX_DROP_UNUSABLE;
|
|
|
|
|
|
|
|
mmie = (struct ieee80211_mmie *)
|
|
|
|
(skb->data + skb->len - sizeof(*mmie));
|
|
|
|
if (mmie->element_id != WLAN_EID_MMIE ||
|
|
|
|
mmie->length != sizeof(*mmie) - 2)
|
|
|
|
return RX_DROP_UNUSABLE; /* Invalid MMIE */
|
|
|
|
|
|
|
|
bip_ipn_swap(ipn, mmie->sequence_number);
|
|
|
|
|
|
|
|
if (memcmp(ipn, key->u.aes_cmac.rx_pn, 6) <= 0) {
|
|
|
|
key->u.aes_cmac.replays++;
|
|
|
|
return RX_DROP_UNUSABLE;
|
|
|
|
}
|
|
|
|
|
2009-11-16 20:58:20 +08:00
|
|
|
if (!(status->flag & RX_FLAG_DECRYPTED)) {
|
2009-01-08 19:32:01 +08:00
|
|
|
/* hardware didn't decrypt/verify MIC */
|
|
|
|
bip_aad(skb, aad);
|
2011-07-07 04:00:35 +08:00
|
|
|
ieee80211_aes_cmac(key->u.aes_cmac.tfm, aad,
|
2009-01-08 19:32:01 +08:00
|
|
|
skb->data + 24, skb->len - 24, mic);
|
2017-06-10 10:59:12 +08:00
|
|
|
if (crypto_memneq(mic, mmie->mic, sizeof(mmie->mic))) {
|
2009-01-08 19:32:01 +08:00
|
|
|
key->u.aes_cmac.icverrors++;
|
|
|
|
return RX_DROP_UNUSABLE;
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
memcpy(key->u.aes_cmac.rx_pn, ipn, 6);
|
|
|
|
|
|
|
|
/* Remove MMIE */
|
|
|
|
skb_trim(skb, skb->len - sizeof(*mmie));
|
|
|
|
|
|
|
|
return RX_CONTINUE;
|
|
|
|
}
|
2012-01-16 21:18:59 +08:00
|
|
|
|
2015-01-25 01:52:08 +08:00
|
|
|
ieee80211_rx_result
|
|
|
|
ieee80211_crypto_aes_cmac_256_decrypt(struct ieee80211_rx_data *rx)
|
|
|
|
{
|
|
|
|
struct sk_buff *skb = rx->skb;
|
|
|
|
struct ieee80211_rx_status *status = IEEE80211_SKB_RXCB(skb);
|
|
|
|
struct ieee80211_key *key = rx->key;
|
|
|
|
struct ieee80211_mmie_16 *mmie;
|
|
|
|
u8 aad[20], mic[16], ipn[6];
|
|
|
|
struct ieee80211_hdr *hdr = (struct ieee80211_hdr *)skb->data;
|
|
|
|
|
|
|
|
if (!ieee80211_is_mgmt(hdr->frame_control))
|
|
|
|
return RX_CONTINUE;
|
|
|
|
|
|
|
|
/* management frames are already linear */
|
|
|
|
|
|
|
|
if (skb->len < 24 + sizeof(*mmie))
|
|
|
|
return RX_DROP_UNUSABLE;
|
|
|
|
|
|
|
|
mmie = (struct ieee80211_mmie_16 *)
|
|
|
|
(skb->data + skb->len - sizeof(*mmie));
|
|
|
|
if (mmie->element_id != WLAN_EID_MMIE ||
|
|
|
|
mmie->length != sizeof(*mmie) - 2)
|
|
|
|
return RX_DROP_UNUSABLE; /* Invalid MMIE */
|
|
|
|
|
|
|
|
bip_ipn_swap(ipn, mmie->sequence_number);
|
|
|
|
|
|
|
|
if (memcmp(ipn, key->u.aes_cmac.rx_pn, 6) <= 0) {
|
|
|
|
key->u.aes_cmac.replays++;
|
|
|
|
return RX_DROP_UNUSABLE;
|
|
|
|
}
|
|
|
|
|
|
|
|
if (!(status->flag & RX_FLAG_DECRYPTED)) {
|
|
|
|
/* hardware didn't decrypt/verify MIC */
|
|
|
|
bip_aad(skb, aad);
|
|
|
|
ieee80211_aes_cmac_256(key->u.aes_cmac.tfm, aad,
|
|
|
|
skb->data + 24, skb->len - 24, mic);
|
2017-06-10 10:59:12 +08:00
|
|
|
if (crypto_memneq(mic, mmie->mic, sizeof(mmie->mic))) {
|
2015-01-25 01:52:08 +08:00
|
|
|
key->u.aes_cmac.icverrors++;
|
|
|
|
return RX_DROP_UNUSABLE;
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
memcpy(key->u.aes_cmac.rx_pn, ipn, 6);
|
|
|
|
|
|
|
|
/* Remove MMIE */
|
|
|
|
skb_trim(skb, skb->len - sizeof(*mmie));
|
|
|
|
|
|
|
|
return RX_CONTINUE;
|
|
|
|
}
|
|
|
|
|
2015-01-25 01:52:09 +08:00
|
|
|
ieee80211_tx_result
|
|
|
|
ieee80211_crypto_aes_gmac_encrypt(struct ieee80211_tx_data *tx)
|
|
|
|
{
|
|
|
|
struct sk_buff *skb;
|
|
|
|
struct ieee80211_tx_info *info;
|
|
|
|
struct ieee80211_key *key = tx->key;
|
|
|
|
struct ieee80211_mmie_16 *mmie;
|
|
|
|
struct ieee80211_hdr *hdr;
|
2016-10-17 22:05:33 +08:00
|
|
|
u8 aad[GMAC_AAD_LEN];
|
2015-01-25 01:52:09 +08:00
|
|
|
u64 pn64;
|
2016-10-17 22:05:33 +08:00
|
|
|
u8 nonce[GMAC_NONCE_LEN];
|
2015-01-25 01:52:09 +08:00
|
|
|
|
|
|
|
if (WARN_ON(skb_queue_len(&tx->skbs) != 1))
|
|
|
|
return TX_DROP;
|
|
|
|
|
|
|
|
skb = skb_peek(&tx->skbs);
|
|
|
|
|
|
|
|
info = IEEE80211_SKB_CB(skb);
|
|
|
|
|
|
|
|
if (info->control.hw_key)
|
|
|
|
return TX_CONTINUE;
|
|
|
|
|
|
|
|
if (WARN_ON(skb_tailroom(skb) < sizeof(*mmie)))
|
|
|
|
return TX_DROP;
|
|
|
|
|
networking: make skb_put & friends return void pointers
It seems like a historic accident that these return unsigned char *,
and in many places that means casts are required, more often than not.
Make these functions (skb_put, __skb_put and pskb_put) return void *
and remove all the casts across the tree, adding a (u8 *) cast only
where the unsigned char pointer was used directly, all done with the
following spatch:
@@
expression SKB, LEN;
typedef u8;
identifier fn = { skb_put, __skb_put };
@@
- *(fn(SKB, LEN))
+ *(u8 *)fn(SKB, LEN)
@@
expression E, SKB, LEN;
identifier fn = { skb_put, __skb_put };
type T;
@@
- E = ((T *)(fn(SKB, LEN)))
+ E = fn(SKB, LEN)
which actually doesn't cover pskb_put since there are only three
users overall.
A handful of stragglers were converted manually, notably a macro in
drivers/isdn/i4l/isdn_bsdcomp.c and, oddly enough, one of the many
instances in net/bluetooth/hci_sock.c. In the former file, I also
had to fix one whitespace problem spatch introduced.
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
2017-06-16 20:29:21 +08:00
|
|
|
mmie = skb_put(skb, sizeof(*mmie));
|
2015-01-25 01:52:09 +08:00
|
|
|
mmie->element_id = WLAN_EID_MMIE;
|
|
|
|
mmie->length = sizeof(*mmie) - 2;
|
|
|
|
mmie->key_id = cpu_to_le16(key->conf.keyidx);
|
|
|
|
|
|
|
|
/* PN = PN + 1 */
|
2015-06-01 21:36:51 +08:00
|
|
|
pn64 = atomic64_inc_return(&key->conf.tx_pn);
|
2015-01-25 01:52:09 +08:00
|
|
|
|
|
|
|
bip_ipn_set64(mmie->sequence_number, pn64);
|
|
|
|
|
|
|
|
bip_aad(skb, aad);
|
|
|
|
|
|
|
|
hdr = (struct ieee80211_hdr *)skb->data;
|
|
|
|
memcpy(nonce, hdr->addr2, ETH_ALEN);
|
|
|
|
bip_ipn_swap(nonce + ETH_ALEN, mmie->sequence_number);
|
|
|
|
|
|
|
|
/* MIC = AES-GMAC(IGTK, AAD || Management Frame Body || MMIE, 128) */
|
|
|
|
if (ieee80211_aes_gmac(key->u.aes_gmac.tfm, aad, nonce,
|
|
|
|
skb->data + 24, skb->len - 24, mmie->mic) < 0)
|
|
|
|
return TX_DROP;
|
|
|
|
|
|
|
|
return TX_CONTINUE;
|
|
|
|
}
|
|
|
|
|
|
|
|
ieee80211_rx_result
|
|
|
|
ieee80211_crypto_aes_gmac_decrypt(struct ieee80211_rx_data *rx)
|
|
|
|
{
|
|
|
|
struct sk_buff *skb = rx->skb;
|
|
|
|
struct ieee80211_rx_status *status = IEEE80211_SKB_RXCB(skb);
|
|
|
|
struct ieee80211_key *key = rx->key;
|
|
|
|
struct ieee80211_mmie_16 *mmie;
|
2016-10-17 22:05:33 +08:00
|
|
|
u8 aad[GMAC_AAD_LEN], mic[GMAC_MIC_LEN], ipn[6], nonce[GMAC_NONCE_LEN];
|
2015-01-25 01:52:09 +08:00
|
|
|
struct ieee80211_hdr *hdr = (struct ieee80211_hdr *)skb->data;
|
|
|
|
|
|
|
|
if (!ieee80211_is_mgmt(hdr->frame_control))
|
|
|
|
return RX_CONTINUE;
|
|
|
|
|
|
|
|
/* management frames are already linear */
|
|
|
|
|
|
|
|
if (skb->len < 24 + sizeof(*mmie))
|
|
|
|
return RX_DROP_UNUSABLE;
|
|
|
|
|
|
|
|
mmie = (struct ieee80211_mmie_16 *)
|
|
|
|
(skb->data + skb->len - sizeof(*mmie));
|
|
|
|
if (mmie->element_id != WLAN_EID_MMIE ||
|
|
|
|
mmie->length != sizeof(*mmie) - 2)
|
|
|
|
return RX_DROP_UNUSABLE; /* Invalid MMIE */
|
|
|
|
|
|
|
|
bip_ipn_swap(ipn, mmie->sequence_number);
|
|
|
|
|
|
|
|
if (memcmp(ipn, key->u.aes_gmac.rx_pn, 6) <= 0) {
|
|
|
|
key->u.aes_gmac.replays++;
|
|
|
|
return RX_DROP_UNUSABLE;
|
|
|
|
}
|
|
|
|
|
|
|
|
if (!(status->flag & RX_FLAG_DECRYPTED)) {
|
|
|
|
/* hardware didn't decrypt/verify MIC */
|
|
|
|
bip_aad(skb, aad);
|
|
|
|
|
|
|
|
memcpy(nonce, hdr->addr2, ETH_ALEN);
|
|
|
|
memcpy(nonce + ETH_ALEN, ipn, 6);
|
|
|
|
|
|
|
|
if (ieee80211_aes_gmac(key->u.aes_gmac.tfm, aad, nonce,
|
|
|
|
skb->data + 24, skb->len - 24,
|
|
|
|
mic) < 0 ||
|
2017-06-10 10:59:12 +08:00
|
|
|
crypto_memneq(mic, mmie->mic, sizeof(mmie->mic))) {
|
2015-01-25 01:52:09 +08:00
|
|
|
key->u.aes_gmac.icverrors++;
|
|
|
|
return RX_DROP_UNUSABLE;
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
memcpy(key->u.aes_gmac.rx_pn, ipn, 6);
|
|
|
|
|
|
|
|
/* Remove MMIE */
|
|
|
|
skb_trim(skb, skb->len - sizeof(*mmie));
|
|
|
|
|
|
|
|
return RX_CONTINUE;
|
|
|
|
}
|
|
|
|
|
2012-01-16 21:18:59 +08:00
|
|
|
ieee80211_tx_result
|
|
|
|
ieee80211_crypto_hw_encrypt(struct ieee80211_tx_data *tx)
|
|
|
|
{
|
|
|
|
struct sk_buff *skb;
|
|
|
|
struct ieee80211_tx_info *info = NULL;
|
2013-03-24 20:23:27 +08:00
|
|
|
ieee80211_tx_result res;
|
2012-01-16 21:18:59 +08:00
|
|
|
|
|
|
|
skb_queue_walk(&tx->skbs, skb) {
|
|
|
|
info = IEEE80211_SKB_CB(skb);
|
|
|
|
|
|
|
|
/* handle hw-only algorithm */
|
|
|
|
if (!info->control.hw_key)
|
|
|
|
return TX_DROP;
|
2013-03-24 20:23:27 +08:00
|
|
|
|
2015-03-17 18:47:33 +08:00
|
|
|
if (tx->key->flags & KEY_FLAG_CIPHER_SCHEME) {
|
2013-03-24 20:23:27 +08:00
|
|
|
res = ieee80211_crypto_cs_encrypt(tx, skb);
|
|
|
|
if (res != TX_CONTINUE)
|
|
|
|
return res;
|
|
|
|
}
|
2012-01-16 21:18:59 +08:00
|
|
|
}
|
|
|
|
|
|
|
|
ieee80211_tx_set_protected(tx);
|
|
|
|
|
|
|
|
return TX_CONTINUE;
|
|
|
|
}
|
2013-03-24 20:23:27 +08:00
|
|
|
|
|
|
|
ieee80211_rx_result
|
|
|
|
ieee80211_crypto_hw_decrypt(struct ieee80211_rx_data *rx)
|
|
|
|
{
|
2014-07-09 21:55:32 +08:00
|
|
|
if (rx->sta && rx->sta->cipher_scheme)
|
2013-03-24 20:23:27 +08:00
|
|
|
return ieee80211_crypto_cs_decrypt(rx);
|
|
|
|
|
|
|
|
return RX_DROP_UNUSABLE;
|
|
|
|
}
|