2007-05-05 18:45:53 +00:00
|
|
|
/*
|
|
|
|
* Copyright 2002-2004, Instant802 Networks, Inc.
|
2009-01-08 11:32:01 +00:00
|
|
|
* Copyright 2008, Jouni Malinen <j@w1.fi>
|
2007-05-05 18:45:53 +00:00
|
|
|
*
|
|
|
|
* This program is free software; you can redistribute it and/or modify
|
|
|
|
* it under the terms of the GNU General Public License version 2 as
|
|
|
|
* published by the Free Software Foundation.
|
|
|
|
*/
|
|
|
|
|
|
|
|
#include <linux/netdevice.h>
|
|
|
|
#include <linux/types.h>
|
|
|
|
#include <linux/skbuff.h>
|
|
|
|
#include <linux/compiler.h>
|
2008-07-02 18:05:35 +00:00
|
|
|
#include <linux/ieee80211.h>
|
include cleanup: Update gfp.h and slab.h includes to prepare for breaking implicit slab.h inclusion from percpu.h
percpu.h is included by sched.h and module.h and thus ends up being
included when building most .c files. percpu.h includes slab.h which
in turn includes gfp.h making everything defined by the two files
universally available and complicating inclusion dependencies.
percpu.h -> slab.h dependency is about to be removed. Prepare for
this change by updating users of gfp and slab facilities include those
headers directly instead of assuming availability. As this conversion
needs to touch large number of source files, the following script is
used as the basis of conversion.
http://userweb.kernel.org/~tj/misc/slabh-sweep.py
The script does the followings.
* Scan files for gfp and slab usages and update includes such that
only the necessary includes are there. ie. if only gfp is used,
gfp.h, if slab is used, slab.h.
* When the script inserts a new include, it looks at the include
blocks and try to put the new include such that its order conforms
to its surrounding. It's put in the include block which contains
core kernel includes, in the same order that the rest are ordered -
alphabetical, Christmas tree, rev-Xmas-tree or at the end if there
doesn't seem to be any matching order.
* If the script can't find a place to put a new include (mostly
because the file doesn't have fitting include block), it prints out
an error message indicating which .h file needs to be added to the
file.
The conversion was done in the following steps.
1. The initial automatic conversion of all .c files updated slightly
over 4000 files, deleting around 700 includes and adding ~480 gfp.h
and ~3000 slab.h inclusions. The script emitted errors for ~400
files.
2. Each error was manually checked. Some didn't need the inclusion,
some needed manual addition while adding it to implementation .h or
embedding .c file was more appropriate for others. This step added
inclusions to around 150 files.
3. The script was run again and the output was compared to the edits
from #2 to make sure no file was left behind.
4. Several build tests were done and a couple of problems were fixed.
e.g. lib/decompress_*.c used malloc/free() wrappers around slab
APIs requiring slab.h to be added manually.
5. The script was run on all .h files but without automatically
editing them as sprinkling gfp.h and slab.h inclusions around .h
files could easily lead to inclusion dependency hell. Most gfp.h
inclusion directives were ignored as stuff from gfp.h was usually
wildly available and often used in preprocessor macros. Each
slab.h inclusion directive was examined and added manually as
necessary.
6. percpu.h was updated not to include slab.h.
7. Build test were done on the following configurations and failures
were fixed. CONFIG_GCOV_KERNEL was turned off for all tests (as my
distributed build env didn't work with gcov compiles) and a few
more options had to be turned off depending on archs to make things
build (like ipr on powerpc/64 which failed due to missing writeq).
* x86 and x86_64 UP and SMP allmodconfig and a custom test config.
* powerpc and powerpc64 SMP allmodconfig
* sparc and sparc64 SMP allmodconfig
* ia64 SMP allmodconfig
* s390 SMP allmodconfig
* alpha SMP allmodconfig
* um on x86_64 SMP allmodconfig
8. percpu.h modifications were reverted so that it could be applied as
a separate patch and serve as bisection point.
Given the fact that I had only a couple of failures from tests on step
6, I'm fairly confident about the coverage of this conversion patch.
If there is a breakage, it's likely to be something in one of the arch
headers which should be easily discoverable easily on most builds of
the specific arch.
Signed-off-by: Tejun Heo <tj@kernel.org>
Guess-its-ok-by: Christoph Lameter <cl@linux-foundation.org>
Cc: Ingo Molnar <mingo@redhat.com>
Cc: Lee Schermerhorn <Lee.Schermerhorn@hp.com>
2010-03-24 08:04:11 +00:00
|
|
|
#include <linux/gfp.h>
|
2008-07-02 18:05:35 +00:00
|
|
|
#include <asm/unaligned.h>
|
2007-05-05 18:45:53 +00:00
|
|
|
#include <net/mac80211.h>
|
2011-07-06 19:59:39 +00:00
|
|
|
#include <crypto/aes.h>
|
2007-08-28 21:01:53 +00:00
|
|
|
|
2007-05-05 18:45:53 +00:00
|
|
|
#include "ieee80211_i.h"
|
|
|
|
#include "michael.h"
|
|
|
|
#include "tkip.h"
|
|
|
|
#include "aes_ccm.h"
|
2009-01-08 11:32:01 +00:00
|
|
|
#include "aes_cmac.h"
|
2007-05-05 18:45:53 +00:00
|
|
|
#include "wpa.h"
|
|
|
|
|
2008-01-31 18:48:20 +00:00
|
|
|
ieee80211_tx_result
|
2008-02-25 15:27:43 +00:00
|
|
|
ieee80211_tx_h_michael_mic_add(struct ieee80211_tx_data *tx)
|
2007-05-05 18:45:53 +00:00
|
|
|
{
|
2011-02-03 16:34:28 +00:00
|
|
|
u8 *data, *key, *mic;
|
2007-05-05 18:45:53 +00:00
|
|
|
size_t data_len;
|
2008-07-02 18:05:35 +00:00
|
|
|
unsigned int hdrlen;
|
|
|
|
struct ieee80211_hdr *hdr;
|
2007-05-05 18:45:53 +00:00
|
|
|
struct sk_buff *skb = tx->skb;
|
2010-01-17 00:47:58 +00:00
|
|
|
struct ieee80211_tx_info *info = IEEE80211_SKB_CB(skb);
|
2008-05-29 08:38:53 +00:00
|
|
|
int tail;
|
2007-05-05 18:45:53 +00:00
|
|
|
|
2008-07-02 23:30:52 +00:00
|
|
|
hdr = (struct ieee80211_hdr *)skb->data;
|
2010-08-10 07:46:38 +00:00
|
|
|
if (!tx->key || tx->key->conf.cipher != WLAN_CIPHER_SUITE_TKIP ||
|
|
|
|
skb->len < 24 || !ieee80211_is_data_present(hdr->frame_control))
|
2008-01-31 18:48:20 +00:00
|
|
|
return TX_CONTINUE;
|
2007-05-05 18:45:53 +00:00
|
|
|
|
2008-07-02 18:05:35 +00:00
|
|
|
hdrlen = ieee80211_hdrlen(hdr->frame_control);
|
|
|
|
if (skb->len < hdrlen)
|
2008-01-31 18:48:20 +00:00
|
|
|
return TX_DROP;
|
2007-05-05 18:45:53 +00:00
|
|
|
|
2008-07-02 18:05:35 +00:00
|
|
|
data = skb->data + hdrlen;
|
|
|
|
data_len = skb->len - hdrlen;
|
|
|
|
|
2011-02-03 16:35:19 +00:00
|
|
|
if (unlikely(info->flags & IEEE80211_TX_INTFL_TKIP_MIC_FAILURE)) {
|
|
|
|
/* Need to use software crypto for the test */
|
|
|
|
info->control.hw_key = NULL;
|
|
|
|
}
|
|
|
|
|
2010-01-17 00:47:58 +00:00
|
|
|
if (info->control.hw_key &&
|
2011-10-07 12:01:25 +00:00
|
|
|
(info->flags & IEEE80211_TX_CTL_DONTFRAG ||
|
|
|
|
tx->local->ops->set_frag_threshold) &&
|
2010-01-17 00:47:58 +00:00
|
|
|
!(tx->key->conf.flags & IEEE80211_KEY_FLAG_GENERATE_MMIC)) {
|
|
|
|
/* hwaccel - with no need for SW-generated MMIC */
|
2008-01-31 18:48:20 +00:00
|
|
|
return TX_CONTINUE;
|
2007-05-05 18:45:53 +00:00
|
|
|
}
|
|
|
|
|
2008-05-29 08:38:53 +00:00
|
|
|
tail = MICHAEL_MIC_LEN;
|
2010-01-17 00:47:58 +00:00
|
|
|
if (!info->control.hw_key)
|
2008-05-29 08:38:53 +00:00
|
|
|
tail += TKIP_ICV_LEN;
|
|
|
|
|
|
|
|
if (WARN_ON(skb_tailroom(skb) < tail ||
|
|
|
|
skb_headroom(skb) < TKIP_IV_LEN))
|
|
|
|
return TX_DROP;
|
2007-05-05 18:45:53 +00:00
|
|
|
|
2011-02-03 16:34:28 +00:00
|
|
|
key = &tx->key->conf.key[NL80211_TKIP_DATA_OFFSET_TX_MIC_KEY];
|
2007-05-05 18:45:53 +00:00
|
|
|
mic = skb_put(skb, MICHAEL_MIC_LEN);
|
2008-07-02 18:05:35 +00:00
|
|
|
michael_mic(key, hdr, data, data_len, mic);
|
2011-02-03 16:35:19 +00:00
|
|
|
if (unlikely(info->flags & IEEE80211_TX_INTFL_TKIP_MIC_FAILURE))
|
|
|
|
mic[0]++;
|
2007-05-05 18:45:53 +00:00
|
|
|
|
2008-01-31 18:48:20 +00:00
|
|
|
return TX_CONTINUE;
|
2007-05-05 18:45:53 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
|
2008-01-31 18:48:20 +00:00
|
|
|
ieee80211_rx_result
|
2008-02-25 15:27:43 +00:00
|
|
|
ieee80211_rx_h_michael_mic_verify(struct ieee80211_rx_data *rx)
|
2007-05-05 18:45:53 +00:00
|
|
|
{
|
2011-02-03 16:34:28 +00:00
|
|
|
u8 *data, *key = NULL;
|
2007-05-05 18:45:53 +00:00
|
|
|
size_t data_len;
|
2008-07-02 18:05:35 +00:00
|
|
|
unsigned int hdrlen;
|
2007-05-05 18:45:53 +00:00
|
|
|
u8 mic[MICHAEL_MIC_LEN];
|
|
|
|
struct sk_buff *skb = rx->skb;
|
2009-11-16 12:58:20 +00:00
|
|
|
struct ieee80211_rx_status *status = IEEE80211_SKB_RXCB(skb);
|
|
|
|
struct ieee80211_hdr *hdr = (struct ieee80211_hdr *)skb->data;
|
2007-05-05 18:45:53 +00:00
|
|
|
|
2011-04-30 13:24:30 +00:00
|
|
|
/*
|
|
|
|
* it makes no sense to check for MIC errors on anything other
|
|
|
|
* than data frames.
|
|
|
|
*/
|
|
|
|
if (!ieee80211_is_data_present(hdr->frame_control))
|
2008-01-31 18:48:20 +00:00
|
|
|
return RX_CONTINUE;
|
2007-05-05 18:45:53 +00:00
|
|
|
|
2011-04-30 13:24:30 +00:00
|
|
|
/*
|
|
|
|
* No way to verify the MIC if the hardware stripped it or
|
|
|
|
* the IV with the key index. In this case we have solely rely
|
|
|
|
* on the driver to set RX_FLAG_MMIC_ERROR in the event of a
|
|
|
|
* MIC failure report.
|
|
|
|
*/
|
|
|
|
if (status->flag & (RX_FLAG_MMIC_STRIPPED | RX_FLAG_IV_STRIPPED)) {
|
|
|
|
if (status->flag & RX_FLAG_MMIC_ERROR)
|
2012-12-04 14:17:42 +00:00
|
|
|
goto mic_fail_no_key;
|
2011-04-30 13:24:30 +00:00
|
|
|
|
2012-10-02 19:34:23 +00:00
|
|
|
if (!(status->flag & RX_FLAG_IV_STRIPPED) && rx->key &&
|
|
|
|
rx->key->conf.cipher == WLAN_CIPHER_SUITE_TKIP)
|
2011-04-30 13:24:30 +00:00
|
|
|
goto update_iv;
|
|
|
|
|
|
|
|
return RX_CONTINUE;
|
|
|
|
}
|
|
|
|
|
|
|
|
/*
|
|
|
|
* Some hardware seems to generate Michael MIC failure reports; even
|
|
|
|
* though, the frame was not encrypted with TKIP and therefore has no
|
|
|
|
* MIC. Ignore the flag them to avoid triggering countermeasures.
|
|
|
|
*/
|
2010-08-10 07:46:38 +00:00
|
|
|
if (!rx->key || rx->key->conf.cipher != WLAN_CIPHER_SUITE_TKIP ||
|
2011-04-30 13:24:30 +00:00
|
|
|
!(status->flag & RX_FLAG_DECRYPTED))
|
2008-01-31 18:48:20 +00:00
|
|
|
return RX_CONTINUE;
|
2007-05-05 18:45:53 +00:00
|
|
|
|
2011-04-30 13:24:30 +00:00
|
|
|
if (rx->sdata->vif.type == NL80211_IFTYPE_AP && rx->key->conf.keyidx) {
|
|
|
|
/*
|
|
|
|
* APs with pairwise keys should never receive Michael MIC
|
|
|
|
* errors for non-zero keyidx because these are reserved for
|
|
|
|
* group keys and only the AP is sending real multicast
|
|
|
|
* frames in the BSS. (
|
|
|
|
*/
|
|
|
|
return RX_DROP_UNUSABLE;
|
|
|
|
}
|
|
|
|
|
|
|
|
if (status->flag & RX_FLAG_MMIC_ERROR)
|
|
|
|
goto mic_fail;
|
|
|
|
|
2008-07-02 18:05:35 +00:00
|
|
|
hdrlen = ieee80211_hdrlen(hdr->frame_control);
|
|
|
|
if (skb->len < hdrlen + MICHAEL_MIC_LEN)
|
2008-01-31 18:48:21 +00:00
|
|
|
return RX_DROP_UNUSABLE;
|
2007-05-05 18:45:53 +00:00
|
|
|
|
2012-03-12 12:49:14 +00:00
|
|
|
if (skb_linearize(rx->skb))
|
|
|
|
return RX_DROP_UNUSABLE;
|
|
|
|
hdr = (void *)skb->data;
|
|
|
|
|
2008-07-02 18:05:35 +00:00
|
|
|
data = skb->data + hdrlen;
|
|
|
|
data_len = skb->len - hdrlen - MICHAEL_MIC_LEN;
|
2011-02-03 16:34:28 +00:00
|
|
|
key = &rx->key->conf.key[NL80211_TKIP_DATA_OFFSET_RX_MIC_KEY];
|
2008-07-02 18:05:35 +00:00
|
|
|
michael_mic(key, hdr, data, data_len, mic);
|
2011-04-30 13:24:30 +00:00
|
|
|
if (memcmp(mic, data + data_len, MICHAEL_MIC_LEN) != 0)
|
|
|
|
goto mic_fail;
|
2007-05-05 18:45:53 +00:00
|
|
|
|
|
|
|
/* remove Michael MIC from payload */
|
|
|
|
skb_trim(skb, skb->len - MICHAEL_MIC_LEN);
|
|
|
|
|
2011-04-30 13:24:30 +00:00
|
|
|
update_iv:
|
2007-09-26 13:19:45 +00:00
|
|
|
/* update IV in key information to be able to detect replays */
|
2011-07-07 16:45:03 +00:00
|
|
|
rx->key->u.tkip.rx[rx->security_idx].iv32 = rx->tkip_iv32;
|
|
|
|
rx->key->u.tkip.rx[rx->security_idx].iv16 = rx->tkip_iv16;
|
2007-09-26 13:19:45 +00:00
|
|
|
|
2008-01-31 18:48:20 +00:00
|
|
|
return RX_CONTINUE;
|
2011-04-30 13:24:30 +00:00
|
|
|
|
|
|
|
mic_fail:
|
2012-12-04 14:17:42 +00:00
|
|
|
rx->key->u.tkip.mic_failures++;
|
|
|
|
|
|
|
|
mic_fail_no_key:
|
2011-06-22 21:00:24 +00:00
|
|
|
/*
|
|
|
|
* In some cases the key can be unset - e.g. a multicast packet, in
|
|
|
|
* a driver that supports HW encryption. Send up the key idx only if
|
|
|
|
* the key is set.
|
|
|
|
*/
|
|
|
|
mac80211_ev_michael_mic_failure(rx->sdata,
|
|
|
|
rx->key ? rx->key->conf.keyidx : -1,
|
2011-04-30 13:24:30 +00:00
|
|
|
(void *) skb->data, NULL, GFP_ATOMIC);
|
|
|
|
return RX_DROP_UNUSABLE;
|
2007-05-05 18:45:53 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
|
2008-05-15 10:55:29 +00:00
|
|
|
static int tkip_encrypt_skb(struct ieee80211_tx_data *tx, struct sk_buff *skb)
|
2007-05-05 18:45:53 +00:00
|
|
|
{
|
|
|
|
struct ieee80211_hdr *hdr = (struct ieee80211_hdr *) skb->data;
|
|
|
|
struct ieee80211_key *key = tx->key;
|
2008-05-15 10:55:29 +00:00
|
|
|
struct ieee80211_tx_info *info = IEEE80211_SKB_CB(skb);
|
mac80211: fix TKIP races, make API easier to use
Our current TKIP code races against itself on TX
since we can process multiple packets at the same
time on different ACs, but they all share the TX
context for TKIP. This can lead to bad IVs etc.
Also, the crypto offload helper code just obtains
the P1K/P2K from the cache, and can update it as
well, but there's no guarantee that packets are
really processed in order.
To fix these issues, first introduce a spinlock
that will protect the IV16/IV32 values in the TX
context. This first step makes sure that we don't
assign the same IV multiple times or get confused
in other ways.
Secondly, change the way the P1K cache works. I
add a field "p1k_iv32" that stores the value of
the IV32 when the P1K was last recomputed, and
if different from the last time, then a new P1K
is recomputed. This can cause the P1K computation
to flip back and forth if packets are processed
out of order. All this also happens under the new
spinlock.
Finally, because there are argument differences,
split up the ieee80211_get_tkip_key() API into
ieee80211_get_tkip_p1k() and ieee80211_get_tkip_p2k()
and give them the correct arguments.
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
2011-07-07 20:28:01 +00:00
|
|
|
unsigned long flags;
|
2008-06-11 21:21:58 +00:00
|
|
|
unsigned int hdrlen;
|
|
|
|
int len, tail;
|
2007-05-05 18:45:53 +00:00
|
|
|
u8 *pos;
|
|
|
|
|
2010-01-17 00:47:58 +00:00
|
|
|
if (info->control.hw_key &&
|
2012-05-09 05:11:20 +00:00
|
|
|
!(info->control.hw_key->flags & IEEE80211_KEY_FLAG_GENERATE_IV) &&
|
|
|
|
!(info->control.hw_key->flags & IEEE80211_KEY_FLAG_PUT_IV_SPACE)) {
|
2010-01-17 00:47:58 +00:00
|
|
|
/* hwaccel - with no need for software-generated IV */
|
2008-05-29 08:38:53 +00:00
|
|
|
return 0;
|
2008-05-15 10:55:29 +00:00
|
|
|
}
|
|
|
|
|
2008-06-11 21:21:58 +00:00
|
|
|
hdrlen = ieee80211_hdrlen(hdr->frame_control);
|
2007-05-05 18:45:53 +00:00
|
|
|
len = skb->len - hdrlen;
|
|
|
|
|
2010-01-17 00:47:58 +00:00
|
|
|
if (info->control.hw_key)
|
2008-05-29 08:38:53 +00:00
|
|
|
tail = 0;
|
2007-08-28 21:01:55 +00:00
|
|
|
else
|
2008-05-29 08:38:53 +00:00
|
|
|
tail = TKIP_ICV_LEN;
|
|
|
|
|
|
|
|
if (WARN_ON(skb_tailroom(skb) < tail ||
|
|
|
|
skb_headroom(skb) < TKIP_IV_LEN))
|
|
|
|
return -1;
|
2007-05-05 18:45:53 +00:00
|
|
|
|
|
|
|
pos = skb_push(skb, TKIP_IV_LEN);
|
|
|
|
memmove(pos, pos + TKIP_IV_LEN, hdrlen);
|
2012-05-10 10:21:09 +00:00
|
|
|
skb_set_network_header(skb, skb_network_offset(skb) + TKIP_IV_LEN);
|
2007-05-05 18:45:53 +00:00
|
|
|
pos += hdrlen;
|
|
|
|
|
2012-05-09 05:11:20 +00:00
|
|
|
/* the HW only needs room for the IV, but not the actual IV */
|
|
|
|
if (info->control.hw_key &&
|
|
|
|
(info->control.hw_key->flags & IEEE80211_KEY_FLAG_PUT_IV_SPACE))
|
|
|
|
return 0;
|
|
|
|
|
2007-05-05 18:45:53 +00:00
|
|
|
/* Increase IV for the frame */
|
mac80211: fix TKIP races, make API easier to use
Our current TKIP code races against itself on TX
since we can process multiple packets at the same
time on different ACs, but they all share the TX
context for TKIP. This can lead to bad IVs etc.
Also, the crypto offload helper code just obtains
the P1K/P2K from the cache, and can update it as
well, but there's no guarantee that packets are
really processed in order.
To fix these issues, first introduce a spinlock
that will protect the IV16/IV32 values in the TX
context. This first step makes sure that we don't
assign the same IV multiple times or get confused
in other ways.
Secondly, change the way the P1K cache works. I
add a field "p1k_iv32" that stores the value of
the IV32 when the P1K was last recomputed, and
if different from the last time, then a new P1K
is recomputed. This can cause the P1K computation
to flip back and forth if packets are processed
out of order. All this also happens under the new
spinlock.
Finally, because there are argument differences,
split up the ieee80211_get_tkip_key() API into
ieee80211_get_tkip_p1k() and ieee80211_get_tkip_p2k()
and give them the correct arguments.
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
2011-07-07 20:28:01 +00:00
|
|
|
spin_lock_irqsave(&key->u.tkip.txlock, flags);
|
2008-05-14 23:26:19 +00:00
|
|
|
key->u.tkip.tx.iv16++;
|
|
|
|
if (key->u.tkip.tx.iv16 == 0)
|
|
|
|
key->u.tkip.tx.iv32++;
|
mac80211: fix TKIP races, make API easier to use
Our current TKIP code races against itself on TX
since we can process multiple packets at the same
time on different ACs, but they all share the TX
context for TKIP. This can lead to bad IVs etc.
Also, the crypto offload helper code just obtains
the P1K/P2K from the cache, and can update it as
well, but there's no guarantee that packets are
really processed in order.
To fix these issues, first introduce a spinlock
that will protect the IV16/IV32 values in the TX
context. This first step makes sure that we don't
assign the same IV multiple times or get confused
in other ways.
Secondly, change the way the P1K cache works. I
add a field "p1k_iv32" that stores the value of
the IV32 when the P1K was last recomputed, and
if different from the last time, then a new P1K
is recomputed. This can cause the P1K computation
to flip back and forth if packets are processed
out of order. All this also happens under the new
spinlock.
Finally, because there are argument differences,
split up the ieee80211_get_tkip_key() API into
ieee80211_get_tkip_p1k() and ieee80211_get_tkip_p2k()
and give them the correct arguments.
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
2011-07-07 20:28:01 +00:00
|
|
|
pos = ieee80211_tkip_add_iv(pos, key);
|
|
|
|
spin_unlock_irqrestore(&key->u.tkip.txlock, flags);
|
2007-05-05 18:45:53 +00:00
|
|
|
|
2010-01-17 00:47:58 +00:00
|
|
|
/* hwaccel - with software IV */
|
|
|
|
if (info->control.hw_key)
|
2007-05-05 18:45:53 +00:00
|
|
|
return 0;
|
|
|
|
|
|
|
|
/* Add room for ICV */
|
|
|
|
skb_put(skb, TKIP_ICV_LEN);
|
|
|
|
|
2010-07-07 19:07:49 +00:00
|
|
|
return ieee80211_tkip_encrypt_data(tx->local->wep_tx_tfm,
|
mac80211: fix TKIP races, make API easier to use
Our current TKIP code races against itself on TX
since we can process multiple packets at the same
time on different ACs, but they all share the TX
context for TKIP. This can lead to bad IVs etc.
Also, the crypto offload helper code just obtains
the P1K/P2K from the cache, and can update it as
well, but there's no guarantee that packets are
really processed in order.
To fix these issues, first introduce a spinlock
that will protect the IV16/IV32 values in the TX
context. This first step makes sure that we don't
assign the same IV multiple times or get confused
in other ways.
Secondly, change the way the P1K cache works. I
add a field "p1k_iv32" that stores the value of
the IV32 when the P1K was last recomputed, and
if different from the last time, then a new P1K
is recomputed. This can cause the P1K computation
to flip back and forth if packets are processed
out of order. All this also happens under the new
spinlock.
Finally, because there are argument differences,
split up the ieee80211_get_tkip_key() API into
ieee80211_get_tkip_p1k() and ieee80211_get_tkip_p2k()
and give them the correct arguments.
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
2011-07-07 20:28:01 +00:00
|
|
|
key, skb, pos, len);
|
2007-05-05 18:45:53 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
|
2008-01-31 18:48:20 +00:00
|
|
|
ieee80211_tx_result
|
2008-02-25 15:27:43 +00:00
|
|
|
ieee80211_crypto_tkip_encrypt(struct ieee80211_tx_data *tx)
|
2007-05-05 18:45:53 +00:00
|
|
|
{
|
2011-11-16 14:28:55 +00:00
|
|
|
struct sk_buff *skb;
|
2007-05-05 18:45:53 +00:00
|
|
|
|
2008-02-25 15:27:43 +00:00
|
|
|
ieee80211_tx_set_protected(tx);
|
2007-05-05 18:45:53 +00:00
|
|
|
|
2011-11-16 14:28:55 +00:00
|
|
|
skb_queue_walk(&tx->skbs, skb) {
|
2009-03-23 16:28:35 +00:00
|
|
|
if (tkip_encrypt_skb(tx, skb) < 0)
|
|
|
|
return TX_DROP;
|
2011-11-16 14:28:55 +00:00
|
|
|
}
|
2007-05-05 18:45:53 +00:00
|
|
|
|
2008-01-31 18:48:20 +00:00
|
|
|
return TX_CONTINUE;
|
2007-05-05 18:45:53 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
|
2008-01-31 18:48:20 +00:00
|
|
|
ieee80211_rx_result
|
2008-02-25 15:27:43 +00:00
|
|
|
ieee80211_crypto_tkip_decrypt(struct ieee80211_rx_data *rx)
|
2007-05-05 18:45:53 +00:00
|
|
|
{
|
|
|
|
struct ieee80211_hdr *hdr = (struct ieee80211_hdr *) rx->skb->data;
|
2011-02-03 16:34:28 +00:00
|
|
|
int hdrlen, res, hwaccel = 0;
|
2007-05-05 18:45:53 +00:00
|
|
|
struct ieee80211_key *key = rx->key;
|
|
|
|
struct sk_buff *skb = rx->skb;
|
2009-11-16 12:58:20 +00:00
|
|
|
struct ieee80211_rx_status *status = IEEE80211_SKB_RXCB(skb);
|
2007-05-05 18:45:53 +00:00
|
|
|
|
2008-06-11 21:21:58 +00:00
|
|
|
hdrlen = ieee80211_hdrlen(hdr->frame_control);
|
2007-05-05 18:45:53 +00:00
|
|
|
|
2008-07-02 23:30:52 +00:00
|
|
|
if (!ieee80211_is_data(hdr->frame_control))
|
2008-01-31 18:48:20 +00:00
|
|
|
return RX_CONTINUE;
|
2007-05-05 18:45:53 +00:00
|
|
|
|
|
|
|
if (!rx->sta || skb->len - hdrlen < 12)
|
2008-01-31 18:48:21 +00:00
|
|
|
return RX_DROP_UNUSABLE;
|
2007-05-05 18:45:53 +00:00
|
|
|
|
2012-03-12 12:49:14 +00:00
|
|
|
/* it may be possible to optimize this a bit more */
|
|
|
|
if (skb_linearize(rx->skb))
|
|
|
|
return RX_DROP_UNUSABLE;
|
|
|
|
hdr = (void *)skb->data;
|
|
|
|
|
2010-08-10 07:46:40 +00:00
|
|
|
/*
|
|
|
|
* Let TKIP code verify IV, but skip decryption.
|
|
|
|
* In the case where hardware checks the IV as well,
|
|
|
|
* we don't even get here, see ieee80211_rx_h_decrypt()
|
|
|
|
*/
|
|
|
|
if (status->flag & RX_FLAG_DECRYPTED)
|
2007-05-05 18:45:53 +00:00
|
|
|
hwaccel = 1;
|
|
|
|
|
|
|
|
res = ieee80211_tkip_decrypt_data(rx->local->wep_rx_tfm,
|
|
|
|
key, skb->data + hdrlen,
|
2008-09-10 22:02:02 +00:00
|
|
|
skb->len - hdrlen, rx->sta->sta.addr,
|
2011-07-07 16:45:03 +00:00
|
|
|
hdr->addr1, hwaccel, rx->security_idx,
|
2008-02-25 15:27:43 +00:00
|
|
|
&rx->tkip_iv32,
|
|
|
|
&rx->tkip_iv16);
|
2011-02-03 16:34:28 +00:00
|
|
|
if (res != TKIP_DECRYPT_OK)
|
2008-01-31 18:48:21 +00:00
|
|
|
return RX_DROP_UNUSABLE;
|
2007-05-05 18:45:53 +00:00
|
|
|
|
|
|
|
/* Trim ICV */
|
|
|
|
skb_trim(skb, skb->len - TKIP_ICV_LEN);
|
|
|
|
|
|
|
|
/* Remove IV */
|
|
|
|
memmove(skb->data + TKIP_IV_LEN, skb->data, hdrlen);
|
|
|
|
skb_pull(skb, TKIP_IV_LEN);
|
|
|
|
|
2008-01-31 18:48:20 +00:00
|
|
|
return RX_CONTINUE;
|
2007-05-05 18:45:53 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
|
2008-07-02 23:30:52 +00:00
|
|
|
static void ccmp_special_blocks(struct sk_buff *skb, u8 *pn, u8 *scratch,
|
2007-05-05 18:45:53 +00:00
|
|
|
int encrypted)
|
|
|
|
{
|
2008-07-02 18:05:35 +00:00
|
|
|
__le16 mask_fc;
|
2009-01-08 11:32:00 +00:00
|
|
|
int a4_included, mgmt;
|
2008-07-02 18:05:35 +00:00
|
|
|
u8 qos_tid;
|
2008-07-02 23:30:52 +00:00
|
|
|
u8 *b_0, *aad;
|
2008-07-02 18:05:35 +00:00
|
|
|
u16 data_len, len_a;
|
|
|
|
unsigned int hdrlen;
|
|
|
|
struct ieee80211_hdr *hdr = (struct ieee80211_hdr *)skb->data;
|
2007-05-05 18:45:53 +00:00
|
|
|
|
2011-07-06 20:02:14 +00:00
|
|
|
memset(scratch, 0, 6 * AES_BLOCK_SIZE);
|
2011-07-06 19:59:39 +00:00
|
|
|
|
2011-07-06 20:02:14 +00:00
|
|
|
b_0 = scratch + 3 * AES_BLOCK_SIZE;
|
|
|
|
aad = scratch + 4 * AES_BLOCK_SIZE;
|
2008-07-02 23:30:52 +00:00
|
|
|
|
2008-07-02 18:05:35 +00:00
|
|
|
/*
|
2009-01-08 11:32:00 +00:00
|
|
|
* Mask FC: zero subtype b4 b5 b6 (if not mgmt)
|
2008-07-02 18:05:35 +00:00
|
|
|
* Retry, PwrMgt, MoreData; set Protected
|
|
|
|
*/
|
2009-01-08 11:32:00 +00:00
|
|
|
mgmt = ieee80211_is_mgmt(hdr->frame_control);
|
2008-07-02 18:05:35 +00:00
|
|
|
mask_fc = hdr->frame_control;
|
2009-01-08 11:32:00 +00:00
|
|
|
mask_fc &= ~cpu_to_le16(IEEE80211_FCTL_RETRY |
|
2008-07-02 18:05:35 +00:00
|
|
|
IEEE80211_FCTL_PM | IEEE80211_FCTL_MOREDATA);
|
2009-01-08 11:32:00 +00:00
|
|
|
if (!mgmt)
|
|
|
|
mask_fc &= ~cpu_to_le16(0x0070);
|
2008-07-02 18:05:35 +00:00
|
|
|
mask_fc |= cpu_to_le16(IEEE80211_FCTL_PROTECTED);
|
|
|
|
|
|
|
|
hdrlen = ieee80211_hdrlen(hdr->frame_control);
|
|
|
|
len_a = hdrlen - 2;
|
|
|
|
a4_included = ieee80211_has_a4(hdr->frame_control);
|
2007-05-05 18:45:53 +00:00
|
|
|
|
2008-07-02 18:05:35 +00:00
|
|
|
if (ieee80211_is_data_qos(hdr->frame_control))
|
|
|
|
qos_tid = *ieee80211_get_qos_ctl(hdr) & IEEE80211_QOS_CTL_TID_MASK;
|
|
|
|
else
|
|
|
|
qos_tid = 0;
|
|
|
|
|
|
|
|
data_len = skb->len - hdrlen - CCMP_HDR_LEN;
|
|
|
|
if (encrypted)
|
|
|
|
data_len -= CCMP_MIC_LEN;
|
|
|
|
|
|
|
|
/* First block, b_0 */
|
2007-05-05 18:45:53 +00:00
|
|
|
b_0[0] = 0x59; /* flags: Adata: 1, M: 011, L: 001 */
|
2009-01-08 11:32:00 +00:00
|
|
|
/* Nonce: Nonce Flags | A2 | PN
|
|
|
|
* Nonce Flags: Priority (b0..b3) | Management (b4) | Reserved (b5..b7)
|
|
|
|
*/
|
|
|
|
b_0[1] = qos_tid | (mgmt << 4);
|
2008-07-02 18:05:34 +00:00
|
|
|
memcpy(&b_0[2], hdr->addr2, ETH_ALEN);
|
2007-05-05 18:45:53 +00:00
|
|
|
memcpy(&b_0[8], pn, CCMP_PN_LEN);
|
|
|
|
/* l(m) */
|
2008-07-02 18:05:35 +00:00
|
|
|
put_unaligned_be16(data_len, &b_0[14]);
|
2007-05-05 18:45:53 +00:00
|
|
|
|
|
|
|
/* AAD (extra authenticate-only data) / masked 802.11 header
|
|
|
|
* FC | A1 | A2 | A3 | SC | [A4] | [QC] */
|
2008-07-02 18:05:35 +00:00
|
|
|
put_unaligned_be16(len_a, &aad[0]);
|
|
|
|
put_unaligned(mask_fc, (__le16 *)&aad[2]);
|
2008-07-02 18:05:34 +00:00
|
|
|
memcpy(&aad[4], &hdr->addr1, 3 * ETH_ALEN);
|
2007-05-05 18:45:53 +00:00
|
|
|
|
|
|
|
/* Mask Seq#, leave Frag# */
|
|
|
|
aad[22] = *((u8 *) &hdr->seq_ctrl) & 0x0f;
|
|
|
|
aad[23] = 0;
|
2008-07-02 18:05:35 +00:00
|
|
|
|
2007-05-05 18:45:53 +00:00
|
|
|
if (a4_included) {
|
2008-07-02 18:05:34 +00:00
|
|
|
memcpy(&aad[24], hdr->addr4, ETH_ALEN);
|
2008-07-02 18:05:35 +00:00
|
|
|
aad[30] = qos_tid;
|
2007-05-05 18:45:53 +00:00
|
|
|
aad[31] = 0;
|
2008-07-02 18:05:35 +00:00
|
|
|
} else {
|
2008-07-02 18:05:34 +00:00
|
|
|
memset(&aad[24], 0, ETH_ALEN + IEEE80211_QOS_CTL_LEN);
|
2008-07-02 18:05:35 +00:00
|
|
|
aad[24] = qos_tid;
|
2007-05-05 18:45:53 +00:00
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
static inline void ccmp_pn2hdr(u8 *hdr, u8 *pn, int key_id)
|
|
|
|
{
|
|
|
|
hdr[0] = pn[5];
|
|
|
|
hdr[1] = pn[4];
|
|
|
|
hdr[2] = 0;
|
|
|
|
hdr[3] = 0x20 | (key_id << 6);
|
|
|
|
hdr[4] = pn[3];
|
|
|
|
hdr[5] = pn[2];
|
|
|
|
hdr[6] = pn[1];
|
|
|
|
hdr[7] = pn[0];
|
|
|
|
}
|
|
|
|
|
|
|
|
|
2008-10-07 10:04:32 +00:00
|
|
|
static inline void ccmp_hdr2pn(u8 *pn, u8 *hdr)
|
2007-05-05 18:45:53 +00:00
|
|
|
{
|
|
|
|
pn[0] = hdr[7];
|
|
|
|
pn[1] = hdr[6];
|
|
|
|
pn[2] = hdr[5];
|
|
|
|
pn[3] = hdr[4];
|
|
|
|
pn[4] = hdr[1];
|
|
|
|
pn[5] = hdr[0];
|
|
|
|
}
|
|
|
|
|
|
|
|
|
2008-05-15 10:55:29 +00:00
|
|
|
static int ccmp_encrypt_skb(struct ieee80211_tx_data *tx, struct sk_buff *skb)
|
2007-05-05 18:45:53 +00:00
|
|
|
{
|
|
|
|
struct ieee80211_hdr *hdr = (struct ieee80211_hdr *) skb->data;
|
|
|
|
struct ieee80211_key *key = tx->key;
|
2008-05-15 10:55:29 +00:00
|
|
|
struct ieee80211_tx_info *info = IEEE80211_SKB_CB(skb);
|
2008-05-29 08:38:53 +00:00
|
|
|
int hdrlen, len, tail;
|
2011-07-06 19:59:39 +00:00
|
|
|
u8 *pos;
|
|
|
|
u8 pn[6];
|
|
|
|
u64 pn64;
|
2011-07-06 20:02:14 +00:00
|
|
|
u8 scratch[6 * AES_BLOCK_SIZE];
|
2007-05-05 18:45:53 +00:00
|
|
|
|
2010-01-17 00:47:58 +00:00
|
|
|
if (info->control.hw_key &&
|
2011-10-23 06:21:41 +00:00
|
|
|
!(info->control.hw_key->flags & IEEE80211_KEY_FLAG_GENERATE_IV) &&
|
|
|
|
!(info->control.hw_key->flags & IEEE80211_KEY_FLAG_PUT_IV_SPACE)) {
|
2010-01-17 00:47:58 +00:00
|
|
|
/*
|
|
|
|
* hwaccel has no need for preallocated room for CCMP
|
|
|
|
* header or MIC fields
|
|
|
|
*/
|
2008-05-29 08:38:53 +00:00
|
|
|
return 0;
|
2008-05-15 10:55:29 +00:00
|
|
|
}
|
|
|
|
|
2008-06-11 21:21:58 +00:00
|
|
|
hdrlen = ieee80211_hdrlen(hdr->frame_control);
|
2007-05-05 18:45:53 +00:00
|
|
|
len = skb->len - hdrlen;
|
|
|
|
|
2010-01-17 00:47:58 +00:00
|
|
|
if (info->control.hw_key)
|
2008-05-29 08:38:53 +00:00
|
|
|
tail = 0;
|
2007-08-28 21:01:55 +00:00
|
|
|
else
|
2008-05-29 08:38:53 +00:00
|
|
|
tail = CCMP_MIC_LEN;
|
|
|
|
|
|
|
|
if (WARN_ON(skb_tailroom(skb) < tail ||
|
|
|
|
skb_headroom(skb) < CCMP_HDR_LEN))
|
|
|
|
return -1;
|
2007-05-05 18:45:53 +00:00
|
|
|
|
|
|
|
pos = skb_push(skb, CCMP_HDR_LEN);
|
|
|
|
memmove(pos, pos + CCMP_HDR_LEN, hdrlen);
|
2012-05-10 10:21:09 +00:00
|
|
|
skb_set_network_header(skb, skb_network_offset(skb) + CCMP_HDR_LEN);
|
2011-10-23 06:21:41 +00:00
|
|
|
|
|
|
|
/* the HW only needs room for the IV, but not the actual IV */
|
2011-11-10 07:35:13 +00:00
|
|
|
if (info->control.hw_key &&
|
|
|
|
(info->control.hw_key->flags & IEEE80211_KEY_FLAG_PUT_IV_SPACE))
|
2011-10-23 06:21:41 +00:00
|
|
|
return 0;
|
|
|
|
|
2007-05-05 18:45:53 +00:00
|
|
|
hdr = (struct ieee80211_hdr *) pos;
|
|
|
|
pos += hdrlen;
|
|
|
|
|
2011-07-06 19:59:39 +00:00
|
|
|
pn64 = atomic64_inc_return(&key->u.ccmp.tx_pn);
|
2007-05-05 18:45:53 +00:00
|
|
|
|
2011-07-06 19:59:39 +00:00
|
|
|
pn[5] = pn64;
|
|
|
|
pn[4] = pn64 >> 8;
|
|
|
|
pn[3] = pn64 >> 16;
|
|
|
|
pn[2] = pn64 >> 24;
|
|
|
|
pn[1] = pn64 >> 32;
|
|
|
|
pn[0] = pn64 >> 40;
|
2007-05-05 18:45:53 +00:00
|
|
|
|
2007-08-28 21:01:54 +00:00
|
|
|
ccmp_pn2hdr(pos, pn, key->conf.keyidx);
|
2007-05-05 18:45:53 +00:00
|
|
|
|
2010-01-17 00:47:58 +00:00
|
|
|
/* hwaccel - with software CCMP header */
|
|
|
|
if (info->control.hw_key)
|
2007-05-05 18:45:53 +00:00
|
|
|
return 0;
|
|
|
|
|
|
|
|
pos += CCMP_HDR_LEN;
|
2011-07-06 19:59:39 +00:00
|
|
|
ccmp_special_blocks(skb, pn, scratch, 0);
|
|
|
|
ieee80211_aes_ccm_encrypt(key->u.ccmp.tfm, scratch, pos, len,
|
2007-05-05 18:45:53 +00:00
|
|
|
pos, skb_put(skb, CCMP_MIC_LEN));
|
|
|
|
|
|
|
|
return 0;
|
|
|
|
}
|
|
|
|
|
|
|
|
|
2008-01-31 18:48:20 +00:00
|
|
|
ieee80211_tx_result
|
2008-02-25 15:27:43 +00:00
|
|
|
ieee80211_crypto_ccmp_encrypt(struct ieee80211_tx_data *tx)
|
2007-05-05 18:45:53 +00:00
|
|
|
{
|
2011-11-16 14:28:55 +00:00
|
|
|
struct sk_buff *skb;
|
2007-05-05 18:45:53 +00:00
|
|
|
|
2008-02-25 15:27:43 +00:00
|
|
|
ieee80211_tx_set_protected(tx);
|
2007-05-05 18:45:53 +00:00
|
|
|
|
2011-11-16 14:28:55 +00:00
|
|
|
skb_queue_walk(&tx->skbs, skb) {
|
2009-03-23 16:28:35 +00:00
|
|
|
if (ccmp_encrypt_skb(tx, skb) < 0)
|
|
|
|
return TX_DROP;
|
2011-11-16 14:28:55 +00:00
|
|
|
}
|
2007-05-05 18:45:53 +00:00
|
|
|
|
2008-01-31 18:48:20 +00:00
|
|
|
return TX_CONTINUE;
|
2007-05-05 18:45:53 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
|
2008-01-31 18:48:20 +00:00
|
|
|
ieee80211_rx_result
|
2008-02-25 15:27:43 +00:00
|
|
|
ieee80211_crypto_ccmp_decrypt(struct ieee80211_rx_data *rx)
|
2007-05-05 18:45:53 +00:00
|
|
|
{
|
2008-07-02 23:30:52 +00:00
|
|
|
struct ieee80211_hdr *hdr = (struct ieee80211_hdr *)rx->skb->data;
|
2007-05-05 18:45:53 +00:00
|
|
|
int hdrlen;
|
|
|
|
struct ieee80211_key *key = rx->key;
|
|
|
|
struct sk_buff *skb = rx->skb;
|
2009-11-16 12:58:20 +00:00
|
|
|
struct ieee80211_rx_status *status = IEEE80211_SKB_RXCB(skb);
|
2007-05-05 18:45:53 +00:00
|
|
|
u8 pn[CCMP_PN_LEN];
|
|
|
|
int data_len;
|
2010-06-11 17:27:33 +00:00
|
|
|
int queue;
|
2007-05-05 18:45:53 +00:00
|
|
|
|
2008-06-11 21:21:58 +00:00
|
|
|
hdrlen = ieee80211_hdrlen(hdr->frame_control);
|
2007-05-05 18:45:53 +00:00
|
|
|
|
2009-01-08 11:32:00 +00:00
|
|
|
if (!ieee80211_is_data(hdr->frame_control) &&
|
|
|
|
!ieee80211_is_robust_mgmt_frame(hdr))
|
2008-01-31 18:48:20 +00:00
|
|
|
return RX_CONTINUE;
|
2007-05-05 18:45:53 +00:00
|
|
|
|
|
|
|
data_len = skb->len - hdrlen - CCMP_HDR_LEN - CCMP_MIC_LEN;
|
|
|
|
if (!rx->sta || data_len < 0)
|
2008-01-31 18:48:21 +00:00
|
|
|
return RX_DROP_UNUSABLE;
|
2007-05-05 18:45:53 +00:00
|
|
|
|
2012-03-12 12:49:14 +00:00
|
|
|
if (status->flag & RX_FLAG_DECRYPTED) {
|
|
|
|
if (!pskb_may_pull(rx->skb, hdrlen + CCMP_HDR_LEN))
|
|
|
|
return RX_DROP_UNUSABLE;
|
|
|
|
} else {
|
|
|
|
if (skb_linearize(rx->skb))
|
|
|
|
return RX_DROP_UNUSABLE;
|
|
|
|
}
|
|
|
|
|
2008-10-07 10:04:32 +00:00
|
|
|
ccmp_hdr2pn(pn, skb->data + hdrlen);
|
2007-05-05 18:45:53 +00:00
|
|
|
|
2011-07-07 16:45:03 +00:00
|
|
|
queue = rx->security_idx;
|
2010-06-11 17:27:33 +00:00
|
|
|
|
|
|
|
if (memcmp(pn, key->u.ccmp.rx_pn[queue], CCMP_PN_LEN) <= 0) {
|
2007-05-05 18:45:53 +00:00
|
|
|
key->u.ccmp.replays++;
|
2008-01-31 18:48:21 +00:00
|
|
|
return RX_DROP_UNUSABLE;
|
2007-05-05 18:45:53 +00:00
|
|
|
}
|
|
|
|
|
2009-11-16 12:58:20 +00:00
|
|
|
if (!(status->flag & RX_FLAG_DECRYPTED)) {
|
2011-07-06 20:02:14 +00:00
|
|
|
u8 scratch[6 * AES_BLOCK_SIZE];
|
2007-09-14 15:10:25 +00:00
|
|
|
/* hardware didn't decrypt/verify MIC */
|
2011-07-06 19:59:39 +00:00
|
|
|
ccmp_special_blocks(skb, pn, scratch, 1);
|
2007-05-05 18:45:53 +00:00
|
|
|
|
|
|
|
if (ieee80211_aes_ccm_decrypt(
|
2011-07-06 19:59:39 +00:00
|
|
|
key->u.ccmp.tfm, scratch,
|
2007-05-05 18:45:53 +00:00
|
|
|
skb->data + hdrlen + CCMP_HDR_LEN, data_len,
|
|
|
|
skb->data + skb->len - CCMP_MIC_LEN,
|
2008-10-07 10:04:32 +00:00
|
|
|
skb->data + hdrlen + CCMP_HDR_LEN))
|
2008-01-31 18:48:21 +00:00
|
|
|
return RX_DROP_UNUSABLE;
|
2007-05-05 18:45:53 +00:00
|
|
|
}
|
|
|
|
|
2010-06-11 17:27:33 +00:00
|
|
|
memcpy(key->u.ccmp.rx_pn[queue], pn, CCMP_PN_LEN);
|
2007-05-05 18:45:53 +00:00
|
|
|
|
|
|
|
/* Remove CCMP header and MIC */
|
2012-03-12 12:49:14 +00:00
|
|
|
if (pskb_trim(skb, skb->len - CCMP_MIC_LEN))
|
|
|
|
return RX_DROP_UNUSABLE;
|
2007-05-05 18:45:53 +00:00
|
|
|
memmove(skb->data + CCMP_HDR_LEN, skb->data, hdrlen);
|
|
|
|
skb_pull(skb, CCMP_HDR_LEN);
|
|
|
|
|
2008-01-31 18:48:20 +00:00
|
|
|
return RX_CONTINUE;
|
2007-05-05 18:45:53 +00:00
|
|
|
}
|
2009-01-08 11:32:01 +00:00
|
|
|
|
|
|
|
|
|
|
|
static void bip_aad(struct sk_buff *skb, u8 *aad)
|
|
|
|
{
|
mac80211: Fix FC masking in BIP AAD generation
The bits used in the mask were off-by-one and ended up masking PwrMgt,
MoreData, Protected fields instead of Retry, PwrMgt, MoreData. Fix this
and to mask the correct fields. While doing so, convert the code to mask
the full FC using IEEE80211_FCTL_* defines similarly to how CCMP AAD is
built.
Since BIP is used only with broadcast/multicast management frames, the
Retry field is always 0 in these frames. The Protected field is also
zero to maintain backwards compatibility. As such, the incorrect mask
here does not really cause any problems for valid frames. In theory, an
invalid BIP frame with Retry or Protected field set to 1 could be
rejected because of BIP validation. However, no such frame should show
up with standard compliant implementations, so this does not cause
problems in normal BIP use.
Signed-off-by: Jouni Malinen <j@w1.fi>
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
2012-09-30 16:47:40 +00:00
|
|
|
__le16 mask_fc;
|
|
|
|
struct ieee80211_hdr *hdr = (struct ieee80211_hdr *) skb->data;
|
|
|
|
|
2009-01-08 11:32:01 +00:00
|
|
|
/* BIP AAD: FC(masked) || A1 || A2 || A3 */
|
|
|
|
|
|
|
|
/* FC type/subtype */
|
|
|
|
/* Mask FC Retry, PwrMgt, MoreData flags to zero */
|
mac80211: Fix FC masking in BIP AAD generation
The bits used in the mask were off-by-one and ended up masking PwrMgt,
MoreData, Protected fields instead of Retry, PwrMgt, MoreData. Fix this
and to mask the correct fields. While doing so, convert the code to mask
the full FC using IEEE80211_FCTL_* defines similarly to how CCMP AAD is
built.
Since BIP is used only with broadcast/multicast management frames, the
Retry field is always 0 in these frames. The Protected field is also
zero to maintain backwards compatibility. As such, the incorrect mask
here does not really cause any problems for valid frames. In theory, an
invalid BIP frame with Retry or Protected field set to 1 could be
rejected because of BIP validation. However, no such frame should show
up with standard compliant implementations, so this does not cause
problems in normal BIP use.
Signed-off-by: Jouni Malinen <j@w1.fi>
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
2012-09-30 16:47:40 +00:00
|
|
|
mask_fc = hdr->frame_control;
|
|
|
|
mask_fc &= ~cpu_to_le16(IEEE80211_FCTL_RETRY | IEEE80211_FCTL_PM |
|
|
|
|
IEEE80211_FCTL_MOREDATA);
|
|
|
|
put_unaligned(mask_fc, (__le16 *) &aad[0]);
|
2009-01-08 11:32:01 +00:00
|
|
|
/* A1 || A2 || A3 */
|
mac80211: Fix FC masking in BIP AAD generation
The bits used in the mask were off-by-one and ended up masking PwrMgt,
MoreData, Protected fields instead of Retry, PwrMgt, MoreData. Fix this
and to mask the correct fields. While doing so, convert the code to mask
the full FC using IEEE80211_FCTL_* defines similarly to how CCMP AAD is
built.
Since BIP is used only with broadcast/multicast management frames, the
Retry field is always 0 in these frames. The Protected field is also
zero to maintain backwards compatibility. As such, the incorrect mask
here does not really cause any problems for valid frames. In theory, an
invalid BIP frame with Retry or Protected field set to 1 could be
rejected because of BIP validation. However, no such frame should show
up with standard compliant implementations, so this does not cause
problems in normal BIP use.
Signed-off-by: Jouni Malinen <j@w1.fi>
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
2012-09-30 16:47:40 +00:00
|
|
|
memcpy(aad + 2, &hdr->addr1, 3 * ETH_ALEN);
|
2009-01-08 11:32:01 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
|
2011-07-06 20:00:35 +00:00
|
|
|
static inline void bip_ipn_set64(u8 *d, u64 pn)
|
|
|
|
{
|
|
|
|
*d++ = pn;
|
|
|
|
*d++ = pn >> 8;
|
|
|
|
*d++ = pn >> 16;
|
|
|
|
*d++ = pn >> 24;
|
|
|
|
*d++ = pn >> 32;
|
|
|
|
*d = pn >> 40;
|
|
|
|
}
|
|
|
|
|
2009-01-08 11:32:01 +00:00
|
|
|
static inline void bip_ipn_swap(u8 *d, const u8 *s)
|
|
|
|
{
|
|
|
|
*d++ = s[5];
|
|
|
|
*d++ = s[4];
|
|
|
|
*d++ = s[3];
|
|
|
|
*d++ = s[2];
|
|
|
|
*d++ = s[1];
|
|
|
|
*d = s[0];
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
ieee80211_tx_result
|
|
|
|
ieee80211_crypto_aes_cmac_encrypt(struct ieee80211_tx_data *tx)
|
|
|
|
{
|
2011-11-16 14:28:55 +00:00
|
|
|
struct sk_buff *skb;
|
|
|
|
struct ieee80211_tx_info *info;
|
2009-01-08 11:32:01 +00:00
|
|
|
struct ieee80211_key *key = tx->key;
|
|
|
|
struct ieee80211_mmie *mmie;
|
2011-07-06 20:00:35 +00:00
|
|
|
u8 aad[20];
|
|
|
|
u64 pn64;
|
2009-01-08 11:32:01 +00:00
|
|
|
|
2011-11-16 14:28:55 +00:00
|
|
|
if (WARN_ON(skb_queue_len(&tx->skbs) != 1))
|
|
|
|
return TX_DROP;
|
|
|
|
|
|
|
|
skb = skb_peek(&tx->skbs);
|
|
|
|
|
|
|
|
info = IEEE80211_SKB_CB(skb);
|
|
|
|
|
2010-01-17 00:47:58 +00:00
|
|
|
if (info->control.hw_key)
|
2011-11-16 14:28:55 +00:00
|
|
|
return TX_CONTINUE;
|
2009-01-08 11:32:01 +00:00
|
|
|
|
|
|
|
if (WARN_ON(skb_tailroom(skb) < sizeof(*mmie)))
|
|
|
|
return TX_DROP;
|
|
|
|
|
|
|
|
mmie = (struct ieee80211_mmie *) skb_put(skb, sizeof(*mmie));
|
|
|
|
mmie->element_id = WLAN_EID_MMIE;
|
|
|
|
mmie->length = sizeof(*mmie) - 2;
|
|
|
|
mmie->key_id = cpu_to_le16(key->conf.keyidx);
|
|
|
|
|
|
|
|
/* PN = PN + 1 */
|
2011-07-06 20:00:35 +00:00
|
|
|
pn64 = atomic64_inc_return(&key->u.aes_cmac.tx_pn);
|
2009-01-08 11:32:01 +00:00
|
|
|
|
2011-07-06 20:00:35 +00:00
|
|
|
bip_ipn_set64(mmie->sequence_number, pn64);
|
2009-01-08 11:32:01 +00:00
|
|
|
|
|
|
|
bip_aad(skb, aad);
|
|
|
|
|
|
|
|
/*
|
|
|
|
* MIC = AES-128-CMAC(IGTK, AAD || Management Frame Body || MMIE, 64)
|
|
|
|
*/
|
2011-07-06 20:00:35 +00:00
|
|
|
ieee80211_aes_cmac(key->u.aes_cmac.tfm, aad,
|
|
|
|
skb->data + 24, skb->len - 24, mmie->mic);
|
2009-01-08 11:32:01 +00:00
|
|
|
|
|
|
|
return TX_CONTINUE;
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
ieee80211_rx_result
|
|
|
|
ieee80211_crypto_aes_cmac_decrypt(struct ieee80211_rx_data *rx)
|
|
|
|
{
|
|
|
|
struct sk_buff *skb = rx->skb;
|
2009-11-16 12:58:20 +00:00
|
|
|
struct ieee80211_rx_status *status = IEEE80211_SKB_RXCB(skb);
|
2009-01-08 11:32:01 +00:00
|
|
|
struct ieee80211_key *key = rx->key;
|
|
|
|
struct ieee80211_mmie *mmie;
|
|
|
|
u8 aad[20], mic[8], ipn[6];
|
|
|
|
struct ieee80211_hdr *hdr = (struct ieee80211_hdr *) skb->data;
|
|
|
|
|
|
|
|
if (!ieee80211_is_mgmt(hdr->frame_control))
|
|
|
|
return RX_CONTINUE;
|
|
|
|
|
2012-03-12 12:49:14 +00:00
|
|
|
/* management frames are already linear */
|
|
|
|
|
2009-01-08 11:32:01 +00:00
|
|
|
if (skb->len < 24 + sizeof(*mmie))
|
|
|
|
return RX_DROP_UNUSABLE;
|
|
|
|
|
|
|
|
mmie = (struct ieee80211_mmie *)
|
|
|
|
(skb->data + skb->len - sizeof(*mmie));
|
|
|
|
if (mmie->element_id != WLAN_EID_MMIE ||
|
|
|
|
mmie->length != sizeof(*mmie) - 2)
|
|
|
|
return RX_DROP_UNUSABLE; /* Invalid MMIE */
|
|
|
|
|
|
|
|
bip_ipn_swap(ipn, mmie->sequence_number);
|
|
|
|
|
|
|
|
if (memcmp(ipn, key->u.aes_cmac.rx_pn, 6) <= 0) {
|
|
|
|
key->u.aes_cmac.replays++;
|
|
|
|
return RX_DROP_UNUSABLE;
|
|
|
|
}
|
|
|
|
|
2009-11-16 12:58:20 +00:00
|
|
|
if (!(status->flag & RX_FLAG_DECRYPTED)) {
|
2009-01-08 11:32:01 +00:00
|
|
|
/* hardware didn't decrypt/verify MIC */
|
|
|
|
bip_aad(skb, aad);
|
2011-07-06 20:00:35 +00:00
|
|
|
ieee80211_aes_cmac(key->u.aes_cmac.tfm, aad,
|
2009-01-08 11:32:01 +00:00
|
|
|
skb->data + 24, skb->len - 24, mic);
|
|
|
|
if (memcmp(mic, mmie->mic, sizeof(mmie->mic)) != 0) {
|
|
|
|
key->u.aes_cmac.icverrors++;
|
|
|
|
return RX_DROP_UNUSABLE;
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
memcpy(key->u.aes_cmac.rx_pn, ipn, 6);
|
|
|
|
|
|
|
|
/* Remove MMIE */
|
|
|
|
skb_trim(skb, skb->len - sizeof(*mmie));
|
|
|
|
|
|
|
|
return RX_CONTINUE;
|
|
|
|
}
|
2012-01-16 13:18:59 +00:00
|
|
|
|
|
|
|
ieee80211_tx_result
|
|
|
|
ieee80211_crypto_hw_encrypt(struct ieee80211_tx_data *tx)
|
|
|
|
{
|
|
|
|
struct sk_buff *skb;
|
|
|
|
struct ieee80211_tx_info *info = NULL;
|
|
|
|
|
|
|
|
skb_queue_walk(&tx->skbs, skb) {
|
|
|
|
info = IEEE80211_SKB_CB(skb);
|
|
|
|
|
|
|
|
/* handle hw-only algorithm */
|
|
|
|
if (!info->control.hw_key)
|
|
|
|
return TX_DROP;
|
|
|
|
}
|
|
|
|
|
|
|
|
ieee80211_tx_set_protected(tx);
|
|
|
|
|
|
|
|
return TX_CONTINUE;
|
|
|
|
}
|