search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
xtensa: support DMA buffers in high memory
[cris-mirror.git] / net / mac80211 / wpa.c
blob785056cb76f6f09682b60e0ace5ceddcc17f7044
1 /*
2 * Copyright 2002-2004, Instant802 Networks, Inc.
3 * Copyright 2008, Jouni Malinen <j@w1.fi>
4 * Copyright (C) 2016-2017 Intel Deutschland GmbH
5 *
6 * This program is free software; you can redistribute it and/or modify
7 * it under the terms of the GNU General Public License version 2 as
8 * published by the Free Software Foundation.
9 */
10
11 #include <linux/netdevice.h>
12 #include <linux/types.h>
13 #include <linux/skbuff.h>
14 #include <linux/compiler.h>
15 #include <linux/ieee80211.h>
16 #include <linux/gfp.h>
17 #include <asm/unaligned.h>
18 #include <net/mac80211.h>
19 #include <crypto/aes.h>
20 #include <crypto/algapi.h>
21
22 #include "ieee80211_i.h"
23 #include "michael.h"
24 #include "tkip.h"
25 #include "aes_ccm.h"
26 #include "aes_cmac.h"
27 #include "aes_gmac.h"
28 #include "aes_gcm.h"
29 #include "wpa.h"
30
31 ieee80211_tx_result
32 ieee80211_tx_h_michael_mic_add(struct ieee80211_tx_data *tx)
33 {
34 u8 *data, *key, *mic;
35 size_t data_len;
36 unsigned int hdrlen;
37 struct ieee80211_hdr *hdr;
38 struct sk_buff *skb = tx->skb;
39 struct ieee80211_tx_info *info = IEEE80211_SKB_CB(skb);
40 int tail;
41
42 hdr = (struct ieee80211_hdr *)skb->data;
43 if (!tx->key || tx->key->conf.cipher != WLAN_CIPHER_SUITE_TKIP ||
44 skb->len < 24 || !ieee80211_is_data_present(hdr->frame_control))
45 return TX_CONTINUE;
46
47 hdrlen = ieee80211_hdrlen(hdr->frame_control);
48 if (skb->len < hdrlen)
49 return TX_DROP;
50
51 data = skb->data + hdrlen;
52 data_len = skb->len - hdrlen;
53
54 if (unlikely(info->flags & IEEE80211_TX_INTFL_TKIP_MIC_FAILURE)) {
55 /* Need to use software crypto for the test */
56 info->control.hw_key = NULL;
57 }
58
59 if (info->control.hw_key &&
60 (info->flags & IEEE80211_TX_CTL_DONTFRAG ||
61 ieee80211_hw_check(&tx->local->hw, SUPPORTS_TX_FRAG)) &&
62 !(tx->key->conf.flags & (IEEE80211_KEY_FLAG_GENERATE_MMIC |
63 IEEE80211_KEY_FLAG_PUT_MIC_SPACE))) {
64 /* hwaccel - with no need for SW-generated MMIC or MIC space */
65 return TX_CONTINUE;
66 }
67
68 tail = MICHAEL_MIC_LEN;
69 if (!info->control.hw_key)
70 tail += IEEE80211_TKIP_ICV_LEN;
71
72 if (WARN(skb_tailroom(skb) < tail ||
73 skb_headroom(skb) < IEEE80211_TKIP_IV_LEN,
74 "mmic: not enough head/tail (%d/%d,%d/%d)\n",
75 skb_headroom(skb), IEEE80211_TKIP_IV_LEN,
76 skb_tailroom(skb), tail))
77 return TX_DROP;
78
79 mic = skb_put(skb, MICHAEL_MIC_LEN);
80
81 if (tx->key->conf.flags & IEEE80211_KEY_FLAG_PUT_MIC_SPACE) {
82 /* Zeroed MIC can help with debug */
83 memset(mic, 0, MICHAEL_MIC_LEN);
84 return TX_CONTINUE;
85 }
86
87 key = &tx->key->conf.key[NL80211_TKIP_DATA_OFFSET_TX_MIC_KEY];
88 michael_mic(key, hdr, data, data_len, mic);
89 if (unlikely(info->flags & IEEE80211_TX_INTFL_TKIP_MIC_FAILURE))
90 mic[0]++;
91
92 return TX_CONTINUE;
93 }
94
95
96 ieee80211_rx_result
97 ieee80211_rx_h_michael_mic_verify(struct ieee80211_rx_data *rx)
98 {
99 u8 *data, *key = NULL;
100 size_t data_len;
101 unsigned int hdrlen;
102 u8 mic[MICHAEL_MIC_LEN];
103 struct sk_buff *skb = rx->skb;
104 struct ieee80211_rx_status *status = IEEE80211_SKB_RXCB(skb);
105 struct ieee80211_hdr *hdr = (struct ieee80211_hdr *)skb->data;
106
107 /*
108 * it makes no sense to check for MIC errors on anything other
109 * than data frames.
110 */
111 if (!ieee80211_is_data_present(hdr->frame_control))
112 return RX_CONTINUE;
113
114 /*
115 * No way to verify the MIC if the hardware stripped it or
116 * the IV with the key index. In this case we have solely rely
117 * on the driver to set RX_FLAG_MMIC_ERROR in the event of a
118 * MIC failure report.
119 */
120 if (status->flag & (RX_FLAG_MMIC_STRIPPED | RX_FLAG_IV_STRIPPED)) {
121 if (status->flag & RX_FLAG_MMIC_ERROR)
122 goto mic_fail_no_key;
123
124 if (!(status->flag & RX_FLAG_IV_STRIPPED) && rx->key &&
125 rx->key->conf.cipher == WLAN_CIPHER_SUITE_TKIP)
126 goto update_iv;
127
128 return RX_CONTINUE;
129 }
130
131 /*
132 * Some hardware seems to generate Michael MIC failure reports; even
133 * though, the frame was not encrypted with TKIP and therefore has no
134 * MIC. Ignore the flag them to avoid triggering countermeasures.
135 */
136 if (!rx->key || rx->key->conf.cipher != WLAN_CIPHER_SUITE_TKIP ||
137 !(status->flag & RX_FLAG_DECRYPTED))
138 return RX_CONTINUE;
139
140 if (rx->sdata->vif.type == NL80211_IFTYPE_AP && rx->key->conf.keyidx) {
141 /*
142 * APs with pairwise keys should never receive Michael MIC
143 * errors for non-zero keyidx because these are reserved for
144 * group keys and only the AP is sending real multicast
145 * frames in the BSS.
146 */
147 return RX_DROP_UNUSABLE;
148 }
149
150 if (status->flag & RX_FLAG_MMIC_ERROR)
151 goto mic_fail;
152
153 hdrlen = ieee80211_hdrlen(hdr->frame_control);
154 if (skb->len < hdrlen + MICHAEL_MIC_LEN)
155 return RX_DROP_UNUSABLE;
156
157 if (skb_linearize(rx->skb))
158 return RX_DROP_UNUSABLE;
159 hdr = (void *)skb->data;
160
161 data = skb->data + hdrlen;
162 data_len = skb->len - hdrlen - MICHAEL_MIC_LEN;
163 key = &rx->key->conf.key[NL80211_TKIP_DATA_OFFSET_RX_MIC_KEY];
164 michael_mic(key, hdr, data, data_len, mic);
165 if (crypto_memneq(mic, data + data_len, MICHAEL_MIC_LEN))
166 goto mic_fail;
167
168 /* remove Michael MIC from payload */
169 skb_trim(skb, skb->len - MICHAEL_MIC_LEN);
170
171 update_iv:
172 /* update IV in key information to be able to detect replays */
173 rx->key->u.tkip.rx[rx->security_idx].iv32 = rx->tkip_iv32;
174 rx->key->u.tkip.rx[rx->security_idx].iv16 = rx->tkip_iv16;
175
176 return RX_CONTINUE;
177
178 mic_fail:
179 rx->key->u.tkip.mic_failures++;
180
181 mic_fail_no_key:
182 /*
183 * In some cases the key can be unset - e.g. a multicast packet, in
184 * a driver that supports HW encryption. Send up the key idx only if
185 * the key is set.
186 */
187 cfg80211_michael_mic_failure(rx->sdata->dev, hdr->addr2,
188 is_multicast_ether_addr(hdr->addr1) ?
189 NL80211_KEYTYPE_GROUP :
190 NL80211_KEYTYPE_PAIRWISE,
191 rx->key ? rx->key->conf.keyidx : -1,
192 NULL, GFP_ATOMIC);
193 return RX_DROP_UNUSABLE;
194 }
195
196 static int tkip_encrypt_skb(struct ieee80211_tx_data *tx, struct sk_buff *skb)
197 {
198 struct ieee80211_hdr *hdr = (struct ieee80211_hdr *) skb->data;
199 struct ieee80211_key *key = tx->key;
200 struct ieee80211_tx_info *info = IEEE80211_SKB_CB(skb);
201 unsigned int hdrlen;
202 int len, tail;
203 u64 pn;
204 u8 *pos;
205
206 if (info->control.hw_key &&
207 !(info->control.hw_key->flags & IEEE80211_KEY_FLAG_GENERATE_IV) &&
208 !(info->control.hw_key->flags & IEEE80211_KEY_FLAG_PUT_IV_SPACE)) {
209 /* hwaccel - with no need for software-generated IV */
210 return 0;
211 }
212
213 hdrlen = ieee80211_hdrlen(hdr->frame_control);
214 len = skb->len - hdrlen;
215
216 if (info->control.hw_key)
217 tail = 0;
218 else
219 tail = IEEE80211_TKIP_ICV_LEN;
220
221 if (WARN_ON(skb_tailroom(skb) < tail ||
222 skb_headroom(skb) < IEEE80211_TKIP_IV_LEN))
223 return -1;
224
225 pos = skb_push(skb, IEEE80211_TKIP_IV_LEN);
226 memmove(pos, pos + IEEE80211_TKIP_IV_LEN, hdrlen);
227 pos += hdrlen;
228
229 /* the HW only needs room for the IV, but not the actual IV */
230 if (info->control.hw_key &&
231 (info->control.hw_key->flags & IEEE80211_KEY_FLAG_PUT_IV_SPACE))
232 return 0;
233
234 /* Increase IV for the frame */
235 pn = atomic64_inc_return(&key->conf.tx_pn);
236 pos = ieee80211_tkip_add_iv(pos, &key->conf, pn);
237
238 /* hwaccel - with software IV */
239 if (info->control.hw_key)
240 return 0;
241
242 /* Add room for ICV */
243 skb_put(skb, IEEE80211_TKIP_ICV_LEN);
244
245 return ieee80211_tkip_encrypt_data(tx->local->wep_tx_tfm,
246 key, skb, pos, len);
247 }
248
249
250 ieee80211_tx_result
251 ieee80211_crypto_tkip_encrypt(struct ieee80211_tx_data *tx)
252 {
253 struct sk_buff *skb;
254
255 ieee80211_tx_set_protected(tx);
256
257 skb_queue_walk(&tx->skbs, skb) {
258 if (tkip_encrypt_skb(tx, skb) < 0)
259 return TX_DROP;
260 }
261
262 return TX_CONTINUE;
263 }
264
265
266 ieee80211_rx_result
267 ieee80211_crypto_tkip_decrypt(struct ieee80211_rx_data *rx)
268 {
269 struct ieee80211_hdr *hdr = (struct ieee80211_hdr *) rx->skb->data;
270 int hdrlen, res, hwaccel = 0;
271 struct ieee80211_key *key = rx->key;
272 struct sk_buff *skb = rx->skb;
273 struct ieee80211_rx_status *status = IEEE80211_SKB_RXCB(skb);
274
275 hdrlen = ieee80211_hdrlen(hdr->frame_control);
276
277 if (!ieee80211_is_data(hdr->frame_control))
278 return RX_CONTINUE;
279
280 if (!rx->sta || skb->len - hdrlen < 12)
281 return RX_DROP_UNUSABLE;
282
283 /* it may be possible to optimize this a bit more */
284 if (skb_linearize(rx->skb))
285 return RX_DROP_UNUSABLE;
286 hdr = (void *)skb->data;
287
288 /*
289 * Let TKIP code verify IV, but skip decryption.
290 * In the case where hardware checks the IV as well,
291 * we don't even get here, see ieee80211_rx_h_decrypt()
292 */
293 if (status->flag & RX_FLAG_DECRYPTED)
294 hwaccel = 1;
295
296 res = ieee80211_tkip_decrypt_data(rx->local->wep_rx_tfm,
297 key, skb->data + hdrlen,
298 skb->len - hdrlen, rx->sta->sta.addr,
299 hdr->addr1, hwaccel, rx->security_idx,
300 &rx->tkip_iv32,
301 &rx->tkip_iv16);
302 if (res != TKIP_DECRYPT_OK)
303 return RX_DROP_UNUSABLE;
304
305 /* Trim ICV */
306 if (!(status->flag & RX_FLAG_ICV_STRIPPED))
307 skb_trim(skb, skb->len - IEEE80211_TKIP_ICV_LEN);
308
309 /* Remove IV */
310 memmove(skb->data + IEEE80211_TKIP_IV_LEN, skb->data, hdrlen);
311 skb_pull(skb, IEEE80211_TKIP_IV_LEN);
312
313 return RX_CONTINUE;
314 }
315
316
317 static void ccmp_special_blocks(struct sk_buff *skb, u8 *pn, u8 *b_0, u8 *aad)
318 {
319 __le16 mask_fc;
320 int a4_included, mgmt;
321 u8 qos_tid;
322 u16 len_a;
323 unsigned int hdrlen;
324 struct ieee80211_hdr *hdr = (struct ieee80211_hdr *)skb->data;
325
326 /*
327 * Mask FC: zero subtype b4 b5 b6 (if not mgmt)
328 * Retry, PwrMgt, MoreData; set Protected
329 */
330 mgmt = ieee80211_is_mgmt(hdr->frame_control);
331 mask_fc = hdr->frame_control;
332 mask_fc &= ~cpu_to_le16(IEEE80211_FCTL_RETRY |
333 IEEE80211_FCTL_PM | IEEE80211_FCTL_MOREDATA);
334 if (!mgmt)
335 mask_fc &= ~cpu_to_le16(0x0070);
336 mask_fc |= cpu_to_le16(IEEE80211_FCTL_PROTECTED);
337
338 hdrlen = ieee80211_hdrlen(hdr->frame_control);
339 len_a = hdrlen - 2;
340 a4_included = ieee80211_has_a4(hdr->frame_control);
341
342 if (ieee80211_is_data_qos(hdr->frame_control))
343 qos_tid = *ieee80211_get_qos_ctl(hdr) & IEEE80211_QOS_CTL_TID_MASK;
344 else
345 qos_tid = 0;
346
347 /* In CCM, the initial vectors (IV) used for CTR mode encryption and CBC
348 * mode authentication are not allowed to collide, yet both are derived
349 * from this vector b_0. We only set L := 1 here to indicate that the
350 * data size can be represented in (L+1) bytes. The CCM layer will take
351 * care of storing the data length in the top (L+1) bytes and setting
352 * and clearing the other bits as is required to derive the two IVs.
353 */
354 b_0[0] = 0x1;
355
356 /* Nonce: Nonce Flags | A2 | PN
357 * Nonce Flags: Priority (b0..b3) | Management (b4) | Reserved (b5..b7)
358 */
359 b_0[1] = qos_tid | (mgmt << 4);
360 memcpy(&b_0[2], hdr->addr2, ETH_ALEN);
361 memcpy(&b_0[8], pn, IEEE80211_CCMP_PN_LEN);
362
363 /* AAD (extra authenticate-only data) / masked 802.11 header
364 * FC | A1 | A2 | A3 | SC | [A4] | [QC] */
365 put_unaligned_be16(len_a, &aad[0]);
366 put_unaligned(mask_fc, (__le16 *)&aad[2]);
367 memcpy(&aad[4], &hdr->addr1, 3 * ETH_ALEN);
368
369 /* Mask Seq#, leave Frag# */
370 aad[22] = *((u8 *) &hdr->seq_ctrl) & 0x0f;
371 aad[23] = 0;
372
373 if (a4_included) {
374 memcpy(&aad[24], hdr->addr4, ETH_ALEN);
375 aad[30] = qos_tid;
376 aad[31] = 0;
377 } else {
378 memset(&aad[24], 0, ETH_ALEN + IEEE80211_QOS_CTL_LEN);
379 aad[24] = qos_tid;
380 }
381 }
382
383
384 static inline void ccmp_pn2hdr(u8 *hdr, u8 *pn, int key_id)
385 {
386 hdr[0] = pn[5];
387 hdr[1] = pn[4];
388 hdr[2] = 0;
389 hdr[3] = 0x20 | (key_id << 6);
390 hdr[4] = pn[3];
391 hdr[5] = pn[2];
392 hdr[6] = pn[1];
393 hdr[7] = pn[0];
394 }
395
396
397 static inline void ccmp_hdr2pn(u8 *pn, u8 *hdr)
398 {
399 pn[0] = hdr[7];
400 pn[1] = hdr[6];
401 pn[2] = hdr[5];
402 pn[3] = hdr[4];
403 pn[4] = hdr[1];
404 pn[5] = hdr[0];
405 }
406
407
408 static int ccmp_encrypt_skb(struct ieee80211_tx_data *tx, struct sk_buff *skb,
409 unsigned int mic_len)
410 {
411 struct ieee80211_hdr *hdr = (struct ieee80211_hdr *) skb->data;
412 struct ieee80211_key *key = tx->key;
413 struct ieee80211_tx_info *info = IEEE80211_SKB_CB(skb);
414 int hdrlen, len, tail;
415 u8 *pos;
416 u8 pn[6];
417 u64 pn64;
418 u8 aad[CCM_AAD_LEN];
419 u8 b_0[AES_BLOCK_SIZE];
420
421 if (info->control.hw_key &&
422 !(info->control.hw_key->flags & IEEE80211_KEY_FLAG_GENERATE_IV) &&
423 !(info->control.hw_key->flags & IEEE80211_KEY_FLAG_PUT_IV_SPACE) &&
424 !((info->control.hw_key->flags &
425 IEEE80211_KEY_FLAG_GENERATE_IV_MGMT) &&
426 ieee80211_is_mgmt(hdr->frame_control))) {
427 /*
428 * hwaccel has no need for preallocated room for CCMP
429 * header or MIC fields
430 */
431 return 0;
432 }
433
434 hdrlen = ieee80211_hdrlen(hdr->frame_control);
435 len = skb->len - hdrlen;
436
437 if (info->control.hw_key)
438 tail = 0;
439 else
440 tail = mic_len;
441
442 if (WARN_ON(skb_tailroom(skb) < tail ||
443 skb_headroom(skb) < IEEE80211_CCMP_HDR_LEN))
444 return -1;
445
446 pos = skb_push(skb, IEEE80211_CCMP_HDR_LEN);
447 memmove(pos, pos + IEEE80211_CCMP_HDR_LEN, hdrlen);
448
449 /* the HW only needs room for the IV, but not the actual IV */
450 if (info->control.hw_key &&
451 (info->control.hw_key->flags & IEEE80211_KEY_FLAG_PUT_IV_SPACE))
452 return 0;
453
454 hdr = (struct ieee80211_hdr *) pos;
455 pos += hdrlen;
456
457 pn64 = atomic64_inc_return(&key->conf.tx_pn);
458
459 pn[5] = pn64;
460 pn[4] = pn64 >> 8;
461 pn[3] = pn64 >> 16;
462 pn[2] = pn64 >> 24;
463 pn[1] = pn64 >> 32;
464 pn[0] = pn64 >> 40;
465
466 ccmp_pn2hdr(pos, pn, key->conf.keyidx);
467
468 /* hwaccel - with software CCMP header */
469 if (info->control.hw_key)
470 return 0;
471
472 pos += IEEE80211_CCMP_HDR_LEN;
473 ccmp_special_blocks(skb, pn, b_0, aad);
474 return ieee80211_aes_ccm_encrypt(key->u.ccmp.tfm, b_0, aad, pos, len,
475 skb_put(skb, mic_len));
476 }
477
478
479 ieee80211_tx_result
480 ieee80211_crypto_ccmp_encrypt(struct ieee80211_tx_data *tx,
481 unsigned int mic_len)
482 {
483 struct sk_buff *skb;
484
485 ieee80211_tx_set_protected(tx);
486
487 skb_queue_walk(&tx->skbs, skb) {
488 if (ccmp_encrypt_skb(tx, skb, mic_len) < 0)
489 return TX_DROP;
490 }
491
492 return TX_CONTINUE;
493 }
494
495
496 ieee80211_rx_result
497 ieee80211_crypto_ccmp_decrypt(struct ieee80211_rx_data *rx,
498 unsigned int mic_len)
499 {
500 struct ieee80211_hdr *hdr = (struct ieee80211_hdr *)rx->skb->data;
501 int hdrlen;
502 struct ieee80211_key *key = rx->key;
503 struct sk_buff *skb = rx->skb;
504 struct ieee80211_rx_status *status = IEEE80211_SKB_RXCB(skb);
505 u8 pn[IEEE80211_CCMP_PN_LEN];
506 int data_len;
507 int queue;
508
509 hdrlen = ieee80211_hdrlen(hdr->frame_control);
510
511 if (!ieee80211_is_data(hdr->frame_control) &&
512 !ieee80211_is_robust_mgmt_frame(skb))
513 return RX_CONTINUE;
514
515 if (status->flag & RX_FLAG_DECRYPTED) {
516 if (!pskb_may_pull(rx->skb, hdrlen + IEEE80211_CCMP_HDR_LEN))
517 return RX_DROP_UNUSABLE;
518 if (status->flag & RX_FLAG_MIC_STRIPPED)
519 mic_len = 0;
520 } else {
521 if (skb_linearize(rx->skb))
522 return RX_DROP_UNUSABLE;
523 }
524
525 data_len = skb->len - hdrlen - IEEE80211_CCMP_HDR_LEN - mic_len;
526 if (!rx->sta || data_len < 0)
527 return RX_DROP_UNUSABLE;
528
529 if (!(status->flag & RX_FLAG_PN_VALIDATED)) {
530 int res;
531
532 ccmp_hdr2pn(pn, skb->data + hdrlen);
533
534 queue = rx->security_idx;
535
536 res = memcmp(pn, key->u.ccmp.rx_pn[queue],
537 IEEE80211_CCMP_PN_LEN);
538 if (res < 0 ||
539 (!res && !(status->flag & RX_FLAG_ALLOW_SAME_PN))) {
540 key->u.ccmp.replays++;
541 return RX_DROP_UNUSABLE;
542 }
543
544 if (!(status->flag & RX_FLAG_DECRYPTED)) {
545 u8 aad[2 * AES_BLOCK_SIZE];
546 u8 b_0[AES_BLOCK_SIZE];
547 /* hardware didn't decrypt/verify MIC */
548 ccmp_special_blocks(skb, pn, b_0, aad);
549
550 if (ieee80211_aes_ccm_decrypt(
551 key->u.ccmp.tfm, b_0, aad,
552 skb->data + hdrlen + IEEE80211_CCMP_HDR_LEN,
553 data_len,
554 skb->data + skb->len - mic_len))
555 return RX_DROP_UNUSABLE;
556 }
557
558 memcpy(key->u.ccmp.rx_pn[queue], pn, IEEE80211_CCMP_PN_LEN);
559 }
560
561 /* Remove CCMP header and MIC */
562 if (pskb_trim(skb, skb->len - mic_len))
563 return RX_DROP_UNUSABLE;
564 memmove(skb->data + IEEE80211_CCMP_HDR_LEN, skb->data, hdrlen);
565 skb_pull(skb, IEEE80211_CCMP_HDR_LEN);
566
567 return RX_CONTINUE;
568 }
569
570 static void gcmp_special_blocks(struct sk_buff *skb, u8 *pn, u8 *j_0, u8 *aad)
571 {
572 __le16 mask_fc;
573 u8 qos_tid;
574 struct ieee80211_hdr *hdr = (struct ieee80211_hdr *)skb->data;
575
576 memcpy(j_0, hdr->addr2, ETH_ALEN);
577 memcpy(&j_0[ETH_ALEN], pn, IEEE80211_GCMP_PN_LEN);
578 j_0[13] = 0;
579 j_0[14] = 0;
580 j_0[AES_BLOCK_SIZE - 1] = 0x01;
581
582 /* AAD (extra authenticate-only data) / masked 802.11 header
583 * FC | A1 | A2 | A3 | SC | [A4] | [QC]
584 */
585 put_unaligned_be16(ieee80211_hdrlen(hdr->frame_control) - 2, &aad[0]);
586 /* Mask FC: zero subtype b4 b5 b6 (if not mgmt)
587 * Retry, PwrMgt, MoreData; set Protected
588 */
589 mask_fc = hdr->frame_control;
590 mask_fc &= ~cpu_to_le16(IEEE80211_FCTL_RETRY |
591 IEEE80211_FCTL_PM | IEEE80211_FCTL_MOREDATA);
592 if (!ieee80211_is_mgmt(hdr->frame_control))
593 mask_fc &= ~cpu_to_le16(0x0070);
594 mask_fc |= cpu_to_le16(IEEE80211_FCTL_PROTECTED);
595
596 put_unaligned(mask_fc, (__le16 *)&aad[2]);
597 memcpy(&aad[4], &hdr->addr1, 3 * ETH_ALEN);
598
599 /* Mask Seq#, leave Frag# */
600 aad[22] = *((u8 *)&hdr->seq_ctrl) & 0x0f;
601 aad[23] = 0;
602
603 if (ieee80211_is_data_qos(hdr->frame_control))
604 qos_tid = *ieee80211_get_qos_ctl(hdr) &
605 IEEE80211_QOS_CTL_TID_MASK;
606 else
607 qos_tid = 0;
608
609 if (ieee80211_has_a4(hdr->frame_control)) {
610 memcpy(&aad[24], hdr->addr4, ETH_ALEN);
611 aad[30] = qos_tid;
612 aad[31] = 0;
613 } else {
614 memset(&aad[24], 0, ETH_ALEN + IEEE80211_QOS_CTL_LEN);
615 aad[24] = qos_tid;
616 }
617 }
618
619 static inline void gcmp_pn2hdr(u8 *hdr, const u8 *pn, int key_id)
620 {
621 hdr[0] = pn[5];
622 hdr[1] = pn[4];
623 hdr[2] = 0;
624 hdr[3] = 0x20 | (key_id << 6);
625 hdr[4] = pn[3];
626 hdr[5] = pn[2];
627 hdr[6] = pn[1];
628 hdr[7] = pn[0];
629 }
630
631 static inline void gcmp_hdr2pn(u8 *pn, const u8 *hdr)
632 {
633 pn[0] = hdr[7];
634 pn[1] = hdr[6];
635 pn[2] = hdr[5];
636 pn[3] = hdr[4];
637 pn[4] = hdr[1];
638 pn[5] = hdr[0];
639 }
640
641 static int gcmp_encrypt_skb(struct ieee80211_tx_data *tx, struct sk_buff *skb)
642 {
643 struct ieee80211_hdr *hdr = (struct ieee80211_hdr *)skb->data;
644 struct ieee80211_key *key = tx->key;
645 struct ieee80211_tx_info *info = IEEE80211_SKB_CB(skb);
646 int hdrlen, len, tail;
647 u8 *pos;
648 u8 pn[6];
649 u64 pn64;
650 u8 aad[GCM_AAD_LEN];
651 u8 j_0[AES_BLOCK_SIZE];
652
653 if (info->control.hw_key &&
654 !(info->control.hw_key->flags & IEEE80211_KEY_FLAG_GENERATE_IV) &&
655 !(info->control.hw_key->flags & IEEE80211_KEY_FLAG_PUT_IV_SPACE) &&
656 !((info->control.hw_key->flags &
657 IEEE80211_KEY_FLAG_GENERATE_IV_MGMT) &&
658 ieee80211_is_mgmt(hdr->frame_control))) {
659 /* hwaccel has no need for preallocated room for GCMP
660 * header or MIC fields
661 */
662 return 0;
663 }
664
665 hdrlen = ieee80211_hdrlen(hdr->frame_control);
666 len = skb->len - hdrlen;
667
668 if (info->control.hw_key)
669 tail = 0;
670 else
671 tail = IEEE80211_GCMP_MIC_LEN;
672
673 if (WARN_ON(skb_tailroom(skb) < tail ||
674 skb_headroom(skb) < IEEE80211_GCMP_HDR_LEN))
675 return -1;
676
677 pos = skb_push(skb, IEEE80211_GCMP_HDR_LEN);
678 memmove(pos, pos + IEEE80211_GCMP_HDR_LEN, hdrlen);
679 skb_set_network_header(skb, skb_network_offset(skb) +
680 IEEE80211_GCMP_HDR_LEN);
681
682 /* the HW only needs room for the IV, but not the actual IV */
683 if (info->control.hw_key &&
684 (info->control.hw_key->flags & IEEE80211_KEY_FLAG_PUT_IV_SPACE))
685 return 0;
686
687 hdr = (struct ieee80211_hdr *)pos;
688 pos += hdrlen;
689
690 pn64 = atomic64_inc_return(&key->conf.tx_pn);
691
692 pn[5] = pn64;
693 pn[4] = pn64 >> 8;
694 pn[3] = pn64 >> 16;
695 pn[2] = pn64 >> 24;
696 pn[1] = pn64 >> 32;
697 pn[0] = pn64 >> 40;
698
699 gcmp_pn2hdr(pos, pn, key->conf.keyidx);
700
701 /* hwaccel - with software GCMP header */
702 if (info->control.hw_key)
703 return 0;
704
705 pos += IEEE80211_GCMP_HDR_LEN;
706 gcmp_special_blocks(skb, pn, j_0, aad);
707 return ieee80211_aes_gcm_encrypt(key->u.gcmp.tfm, j_0, aad, pos, len,
708 skb_put(skb, IEEE80211_GCMP_MIC_LEN));
709 }
710
711 ieee80211_tx_result
712 ieee80211_crypto_gcmp_encrypt(struct ieee80211_tx_data *tx)
713 {
714 struct sk_buff *skb;
715
716 ieee80211_tx_set_protected(tx);
717
718 skb_queue_walk(&tx->skbs, skb) {
719 if (gcmp_encrypt_skb(tx, skb) < 0)
720 return TX_DROP;
721 }
722
723 return TX_CONTINUE;
724 }
725
726 ieee80211_rx_result
727 ieee80211_crypto_gcmp_decrypt(struct ieee80211_rx_data *rx)
728 {
729 struct ieee80211_hdr *hdr = (struct ieee80211_hdr *)rx->skb->data;
730 int hdrlen;
731 struct ieee80211_key *key = rx->key;
732 struct sk_buff *skb = rx->skb;
733 struct ieee80211_rx_status *status = IEEE80211_SKB_RXCB(skb);
734 u8 pn[IEEE80211_GCMP_PN_LEN];
735 int data_len, queue, mic_len = IEEE80211_GCMP_MIC_LEN;
736
737 hdrlen = ieee80211_hdrlen(hdr->frame_control);
738
739 if (!ieee80211_is_data(hdr->frame_control) &&
740 !ieee80211_is_robust_mgmt_frame(skb))
741 return RX_CONTINUE;
742
743 if (status->flag & RX_FLAG_DECRYPTED) {
744 if (!pskb_may_pull(rx->skb, hdrlen + IEEE80211_GCMP_HDR_LEN))
745 return RX_DROP_UNUSABLE;
746 if (status->flag & RX_FLAG_MIC_STRIPPED)
747 mic_len = 0;
748 } else {
749 if (skb_linearize(rx->skb))
750 return RX_DROP_UNUSABLE;
751 }
752
753 data_len = skb->len - hdrlen - IEEE80211_GCMP_HDR_LEN - mic_len;
754 if (!rx->sta || data_len < 0)
755 return RX_DROP_UNUSABLE;
756
757 if (!(status->flag & RX_FLAG_PN_VALIDATED)) {
758 int res;
759
760 gcmp_hdr2pn(pn, skb->data + hdrlen);
761
762 queue = rx->security_idx;
763
764 res = memcmp(pn, key->u.gcmp.rx_pn[queue],
765 IEEE80211_GCMP_PN_LEN);
766 if (res < 0 ||
767 (!res && !(status->flag & RX_FLAG_ALLOW_SAME_PN))) {
768 key->u.gcmp.replays++;
769 return RX_DROP_UNUSABLE;
770 }
771
772 if (!(status->flag & RX_FLAG_DECRYPTED)) {
773 u8 aad[2 * AES_BLOCK_SIZE];
774 u8 j_0[AES_BLOCK_SIZE];
775 /* hardware didn't decrypt/verify MIC */
776 gcmp_special_blocks(skb, pn, j_0, aad);
777
778 if (ieee80211_aes_gcm_decrypt(
779 key->u.gcmp.tfm, j_0, aad,
780 skb->data + hdrlen + IEEE80211_GCMP_HDR_LEN,
781 data_len,
782 skb->data + skb->len -
783 IEEE80211_GCMP_MIC_LEN))
784 return RX_DROP_UNUSABLE;
785 }
786
787 memcpy(key->u.gcmp.rx_pn[queue], pn, IEEE80211_GCMP_PN_LEN);
788 }
789
790 /* Remove GCMP header and MIC */
791 if (pskb_trim(skb, skb->len - mic_len))
792 return RX_DROP_UNUSABLE;
793 memmove(skb->data + IEEE80211_GCMP_HDR_LEN, skb->data, hdrlen);
794 skb_pull(skb, IEEE80211_GCMP_HDR_LEN);
795
796 return RX_CONTINUE;
797 }
798
799 static ieee80211_tx_result
800 ieee80211_crypto_cs_encrypt(struct ieee80211_tx_data *tx,
801 struct sk_buff *skb)
802 {
803 struct ieee80211_hdr *hdr = (struct ieee80211_hdr *)skb->data;
804 struct ieee80211_key *key = tx->key;
805 struct ieee80211_tx_info *info = IEEE80211_SKB_CB(skb);
806 int hdrlen;
807 u8 *pos, iv_len = key->conf.iv_len;
808
809 if (info->control.hw_key &&
810 !(info->control.hw_key->flags & IEEE80211_KEY_FLAG_PUT_IV_SPACE)) {
811 /* hwaccel has no need for preallocated head room */
812 return TX_CONTINUE;
813 }
814
815 if (unlikely(skb_headroom(skb) < iv_len &&
816 pskb_expand_head(skb, iv_len, 0, GFP_ATOMIC)))
817 return TX_DROP;
818
819 hdrlen = ieee80211_hdrlen(hdr->frame_control);
820
821 pos = skb_push(skb, iv_len);
822 memmove(pos, pos + iv_len, hdrlen);
823
824 return TX_CONTINUE;
825 }
826
827 static inline int ieee80211_crypto_cs_pn_compare(u8 *pn1, u8 *pn2, int len)
828 {
829 int i;
830
831 /* pn is little endian */
832 for (i = len - 1; i >= 0; i--) {
833 if (pn1[i] < pn2[i])
834 return -1;
835 else if (pn1[i] > pn2[i])
836 return 1;
837 }
838
839 return 0;
840 }
841
842 static ieee80211_rx_result
843 ieee80211_crypto_cs_decrypt(struct ieee80211_rx_data *rx)
844 {
845 struct ieee80211_key *key = rx->key;
846 struct ieee80211_hdr *hdr = (struct ieee80211_hdr *)rx->skb->data;
847 const struct ieee80211_cipher_scheme *cs = NULL;
848 int hdrlen = ieee80211_hdrlen(hdr->frame_control);
849 struct ieee80211_rx_status *status = IEEE80211_SKB_RXCB(rx->skb);
850 int data_len;
851 u8 *rx_pn;
852 u8 *skb_pn;
853 u8 qos_tid;
854
855 if (!rx->sta || !rx->sta->cipher_scheme ||
856 !(status->flag & RX_FLAG_DECRYPTED))
857 return RX_DROP_UNUSABLE;
858
859 if (!ieee80211_is_data(hdr->frame_control))
860 return RX_CONTINUE;
861
862 cs = rx->sta->cipher_scheme;
863
864 data_len = rx->skb->len - hdrlen - cs->hdr_len;
865
866 if (data_len < 0)
867 return RX_DROP_UNUSABLE;
868
869 if (ieee80211_is_data_qos(hdr->frame_control))
870 qos_tid = *ieee80211_get_qos_ctl(hdr) &
871 IEEE80211_QOS_CTL_TID_MASK;
872 else
873 qos_tid = 0;
874
875 if (skb_linearize(rx->skb))
876 return RX_DROP_UNUSABLE;
877
878 hdr = (struct ieee80211_hdr *)rx->skb->data;
879
880 rx_pn = key->u.gen.rx_pn[qos_tid];
881 skb_pn = rx->skb->data + hdrlen + cs->pn_off;
882
883 if (ieee80211_crypto_cs_pn_compare(skb_pn, rx_pn, cs->pn_len) <= 0)
884 return RX_DROP_UNUSABLE;
885
886 memcpy(rx_pn, skb_pn, cs->pn_len);
887
888 /* remove security header and MIC */
889 if (pskb_trim(rx->skb, rx->skb->len - cs->mic_len))
890 return RX_DROP_UNUSABLE;
891
892 memmove(rx->skb->data + cs->hdr_len, rx->skb->data, hdrlen);
893 skb_pull(rx->skb, cs->hdr_len);
894
895 return RX_CONTINUE;
896 }
897
898 static void bip_aad(struct sk_buff *skb, u8 *aad)
899 {
900 __le16 mask_fc;
901 struct ieee80211_hdr *hdr = (struct ieee80211_hdr *) skb->data;
902
903 /* BIP AAD: FC(masked) || A1 || A2 || A3 */
904
905 /* FC type/subtype */
906 /* Mask FC Retry, PwrMgt, MoreData flags to zero */
907 mask_fc = hdr->frame_control;
908 mask_fc &= ~cpu_to_le16(IEEE80211_FCTL_RETRY | IEEE80211_FCTL_PM |
909 IEEE80211_FCTL_MOREDATA);
910 put_unaligned(mask_fc, (__le16 *) &aad[0]);
911 /* A1 || A2 || A3 */
912 memcpy(aad + 2, &hdr->addr1, 3 * ETH_ALEN);
913 }
914
915
916 static inline void bip_ipn_set64(u8 *d, u64 pn)
917 {
918 *d++ = pn;
919 *d++ = pn >> 8;
920 *d++ = pn >> 16;
921 *d++ = pn >> 24;
922 *d++ = pn >> 32;
923 *d = pn >> 40;
924 }
925
926 static inline void bip_ipn_swap(u8 *d, const u8 *s)
927 {
928 *d++ = s[5];
929 *d++ = s[4];
930 *d++ = s[3];
931 *d++ = s[2];
932 *d++ = s[1];
933 *d = s[0];
934 }
935
936
937 ieee80211_tx_result
938 ieee80211_crypto_aes_cmac_encrypt(struct ieee80211_tx_data *tx)
939 {
940 struct sk_buff *skb;
941 struct ieee80211_tx_info *info;
942 struct ieee80211_key *key = tx->key;
943 struct ieee80211_mmie *mmie;
944 u8 aad[20];
945 u64 pn64;
946
947 if (WARN_ON(skb_queue_len(&tx->skbs) != 1))
948 return TX_DROP;
949
950 skb = skb_peek(&tx->skbs);
951
952 info = IEEE80211_SKB_CB(skb);
953
954 if (info->control.hw_key)
955 return TX_CONTINUE;
956
957 if (WARN_ON(skb_tailroom(skb) < sizeof(*mmie)))
958 return TX_DROP;
959
960 mmie = skb_put(skb, sizeof(*mmie));
961 mmie->element_id = WLAN_EID_MMIE;
962 mmie->length = sizeof(*mmie) - 2;
963 mmie->key_id = cpu_to_le16(key->conf.keyidx);
964
965 /* PN = PN + 1 */
966 pn64 = atomic64_inc_return(&key->conf.tx_pn);
967
968 bip_ipn_set64(mmie->sequence_number, pn64);
969
970 bip_aad(skb, aad);
971
972 /*
973 * MIC = AES-128-CMAC(IGTK, AAD || Management Frame Body || MMIE, 64)
974 */
975 ieee80211_aes_cmac(key->u.aes_cmac.tfm, aad,
976 skb->data + 24, skb->len - 24, mmie->mic);
977
978 return TX_CONTINUE;
979 }
980
981 ieee80211_tx_result
982 ieee80211_crypto_aes_cmac_256_encrypt(struct ieee80211_tx_data *tx)
983 {
984 struct sk_buff *skb;
985 struct ieee80211_tx_info *info;
986 struct ieee80211_key *key = tx->key;
987 struct ieee80211_mmie_16 *mmie;
988 u8 aad[20];
989 u64 pn64;
990
991 if (WARN_ON(skb_queue_len(&tx->skbs) != 1))
992 return TX_DROP;
993
994 skb = skb_peek(&tx->skbs);
995
996 info = IEEE80211_SKB_CB(skb);
997
998 if (info->control.hw_key)
999 return TX_CONTINUE;
1000
1001 if (WARN_ON(skb_tailroom(skb) < sizeof(*mmie)))
1002 return TX_DROP;
1003
1004 mmie = skb_put(skb, sizeof(*mmie));
1005 mmie->element_id = WLAN_EID_MMIE;
1006 mmie->length = sizeof(*mmie) - 2;
1007 mmie->key_id = cpu_to_le16(key->conf.keyidx);
1008
1009 /* PN = PN + 1 */
1010 pn64 = atomic64_inc_return(&key->conf.tx_pn);
1011
1012 bip_ipn_set64(mmie->sequence_number, pn64);
1013
1014 bip_aad(skb, aad);
1015
1016 /* MIC = AES-256-CMAC(IGTK, AAD || Management Frame Body || MMIE, 128)
1017 */
1018 ieee80211_aes_cmac_256(key->u.aes_cmac.tfm, aad,
1019 skb->data + 24, skb->len - 24, mmie->mic);
1020
1021 return TX_CONTINUE;
1022 }
1023
1024 ieee80211_rx_result
1025 ieee80211_crypto_aes_cmac_decrypt(struct ieee80211_rx_data *rx)
1026 {
1027 struct sk_buff *skb = rx->skb;
1028 struct ieee80211_rx_status *status = IEEE80211_SKB_RXCB(skb);
1029 struct ieee80211_key *key = rx->key;
1030 struct ieee80211_mmie *mmie;
1031 u8 aad[20], mic[8], ipn[6];
1032 struct ieee80211_hdr *hdr = (struct ieee80211_hdr *) skb->data;
1033
1034 if (!ieee80211_is_mgmt(hdr->frame_control))
1035 return RX_CONTINUE;
1036
1037 /* management frames are already linear */
1038
1039 if (skb->len < 24 + sizeof(*mmie))
1040 return RX_DROP_UNUSABLE;
1041
1042 mmie = (struct ieee80211_mmie *)
1043 (skb->data + skb->len - sizeof(*mmie));
1044 if (mmie->element_id != WLAN_EID_MMIE ||
1045 mmie->length != sizeof(*mmie) - 2)
1046 return RX_DROP_UNUSABLE; /* Invalid MMIE */
1047
1048 bip_ipn_swap(ipn, mmie->sequence_number);
1049
1050 if (memcmp(ipn, key->u.aes_cmac.rx_pn, 6) <= 0) {
1051 key->u.aes_cmac.replays++;
1052 return RX_DROP_UNUSABLE;
1053 }
1054
1055 if (!(status->flag & RX_FLAG_DECRYPTED)) {
1056 /* hardware didn't decrypt/verify MIC */
1057 bip_aad(skb, aad);
1058 ieee80211_aes_cmac(key->u.aes_cmac.tfm, aad,
1059 skb->data + 24, skb->len - 24, mic);
1060 if (crypto_memneq(mic, mmie->mic, sizeof(mmie->mic))) {
1061 key->u.aes_cmac.icverrors++;
1062 return RX_DROP_UNUSABLE;
1063 }
1064 }
1065
1066 memcpy(key->u.aes_cmac.rx_pn, ipn, 6);
1067
1068 /* Remove MMIE */
1069 skb_trim(skb, skb->len - sizeof(*mmie));
1070
1071 return RX_CONTINUE;
1072 }
1073
1074 ieee80211_rx_result
1075 ieee80211_crypto_aes_cmac_256_decrypt(struct ieee80211_rx_data *rx)
1076 {
1077 struct sk_buff *skb = rx->skb;
1078 struct ieee80211_rx_status *status = IEEE80211_SKB_RXCB(skb);
1079 struct ieee80211_key *key = rx->key;
1080 struct ieee80211_mmie_16 *mmie;
1081 u8 aad[20], mic[16], ipn[6];
1082 struct ieee80211_hdr *hdr = (struct ieee80211_hdr *)skb->data;
1083
1084 if (!ieee80211_is_mgmt(hdr->frame_control))
1085 return RX_CONTINUE;
1086
1087 /* management frames are already linear */
1088
1089 if (skb->len < 24 + sizeof(*mmie))
1090 return RX_DROP_UNUSABLE;
1091
1092 mmie = (struct ieee80211_mmie_16 *)
1093 (skb->data + skb->len - sizeof(*mmie));
1094 if (mmie->element_id != WLAN_EID_MMIE ||
1095 mmie->length != sizeof(*mmie) - 2)
1096 return RX_DROP_UNUSABLE; /* Invalid MMIE */
1097
1098 bip_ipn_swap(ipn, mmie->sequence_number);
1099
1100 if (memcmp(ipn, key->u.aes_cmac.rx_pn, 6) <= 0) {
1101 key->u.aes_cmac.replays++;
1102 return RX_DROP_UNUSABLE;
1103 }
1104
1105 if (!(status->flag & RX_FLAG_DECRYPTED)) {
1106 /* hardware didn't decrypt/verify MIC */
1107 bip_aad(skb, aad);
1108 ieee80211_aes_cmac_256(key->u.aes_cmac.tfm, aad,
1109 skb->data + 24, skb->len - 24, mic);
1110 if (crypto_memneq(mic, mmie->mic, sizeof(mmie->mic))) {
1111 key->u.aes_cmac.icverrors++;
1112 return RX_DROP_UNUSABLE;
1113 }
1114 }
1115
1116 memcpy(key->u.aes_cmac.rx_pn, ipn, 6);
1117
1118 /* Remove MMIE */
1119 skb_trim(skb, skb->len - sizeof(*mmie));
1120
1121 return RX_CONTINUE;
1122 }
1123
1124 ieee80211_tx_result
1125 ieee80211_crypto_aes_gmac_encrypt(struct ieee80211_tx_data *tx)
1126 {
1127 struct sk_buff *skb;
1128 struct ieee80211_tx_info *info;
1129 struct ieee80211_key *key = tx->key;
1130 struct ieee80211_mmie_16 *mmie;
1131 struct ieee80211_hdr *hdr;
1132 u8 aad[GMAC_AAD_LEN];
1133 u64 pn64;
1134 u8 nonce[GMAC_NONCE_LEN];
1135
1136 if (WARN_ON(skb_queue_len(&tx->skbs) != 1))
1137 return TX_DROP;
1138
1139 skb = skb_peek(&tx->skbs);
1140
1141 info = IEEE80211_SKB_CB(skb);
1142
1143 if (info->control.hw_key)
1144 return TX_CONTINUE;
1145
1146 if (WARN_ON(skb_tailroom(skb) < sizeof(*mmie)))
1147 return TX_DROP;
1148
1149 mmie = skb_put(skb, sizeof(*mmie));
1150 mmie->element_id = WLAN_EID_MMIE;
1151 mmie->length = sizeof(*mmie) - 2;
1152 mmie->key_id = cpu_to_le16(key->conf.keyidx);
1153
1154 /* PN = PN + 1 */
1155 pn64 = atomic64_inc_return(&key->conf.tx_pn);
1156
1157 bip_ipn_set64(mmie->sequence_number, pn64);
1158
1159 bip_aad(skb, aad);
1160
1161 hdr = (struct ieee80211_hdr *)skb->data;
1162 memcpy(nonce, hdr->addr2, ETH_ALEN);
1163 bip_ipn_swap(nonce + ETH_ALEN, mmie->sequence_number);
1164
1165 /* MIC = AES-GMAC(IGTK, AAD || Management Frame Body || MMIE, 128) */
1166 if (ieee80211_aes_gmac(key->u.aes_gmac.tfm, aad, nonce,
1167 skb->data + 24, skb->len - 24, mmie->mic) < 0)
1168 return TX_DROP;
1169
1170 return TX_CONTINUE;
1171 }
1172
1173 ieee80211_rx_result
1174 ieee80211_crypto_aes_gmac_decrypt(struct ieee80211_rx_data *rx)
1175 {
1176 struct sk_buff *skb = rx->skb;
1177 struct ieee80211_rx_status *status = IEEE80211_SKB_RXCB(skb);
1178 struct ieee80211_key *key = rx->key;
1179 struct ieee80211_mmie_16 *mmie;
1180 u8 aad[GMAC_AAD_LEN], mic[GMAC_MIC_LEN], ipn[6], nonce[GMAC_NONCE_LEN];
1181 struct ieee80211_hdr *hdr = (struct ieee80211_hdr *)skb->data;
1182
1183 if (!ieee80211_is_mgmt(hdr->frame_control))
1184 return RX_CONTINUE;
1185
1186 /* management frames are already linear */
1187
1188 if (skb->len < 24 + sizeof(*mmie))
1189 return RX_DROP_UNUSABLE;
1190
1191 mmie = (struct ieee80211_mmie_16 *)
1192 (skb->data + skb->len - sizeof(*mmie));
1193 if (mmie->element_id != WLAN_EID_MMIE ||
1194 mmie->length != sizeof(*mmie) - 2)
1195 return RX_DROP_UNUSABLE; /* Invalid MMIE */
1196
1197 bip_ipn_swap(ipn, mmie->sequence_number);
1198
1199 if (memcmp(ipn, key->u.aes_gmac.rx_pn, 6) <= 0) {
1200 key->u.aes_gmac.replays++;
1201 return RX_DROP_UNUSABLE;
1202 }
1203
1204 if (!(status->flag & RX_FLAG_DECRYPTED)) {
1205 /* hardware didn't decrypt/verify MIC */
1206 bip_aad(skb, aad);
1207
1208 memcpy(nonce, hdr->addr2, ETH_ALEN);
1209 memcpy(nonce + ETH_ALEN, ipn, 6);
1210
1211 if (ieee80211_aes_gmac(key->u.aes_gmac.tfm, aad, nonce,
1212 skb->data + 24, skb->len - 24,
1213 mic) < 0 ||
1214 crypto_memneq(mic, mmie->mic, sizeof(mmie->mic))) {
1215 key->u.aes_gmac.icverrors++;
1216 return RX_DROP_UNUSABLE;
1217 }
1218 }
1219
1220 memcpy(key->u.aes_gmac.rx_pn, ipn, 6);
1221
1222 /* Remove MMIE */
1223 skb_trim(skb, skb->len - sizeof(*mmie));
1224
1225 return RX_CONTINUE;
1226 }
1227
1228 ieee80211_tx_result
1229 ieee80211_crypto_hw_encrypt(struct ieee80211_tx_data *tx)
1230 {
1231 struct sk_buff *skb;
1232 struct ieee80211_tx_info *info = NULL;
1233 ieee80211_tx_result res;
1234
1235 skb_queue_walk(&tx->skbs, skb) {
1236 info = IEEE80211_SKB_CB(skb);
1237
1238 /* handle hw-only algorithm */
1239 if (!info->control.hw_key)
1240 return TX_DROP;
1241
1242 if (tx->key->flags & KEY_FLAG_CIPHER_SCHEME) {
1243 res = ieee80211_crypto_cs_encrypt(tx, skb);
1244 if (res != TX_CONTINUE)
1245 return res;
1246 }
1247 }
1248
1249 ieee80211_tx_set_protected(tx);
1250
1251 return TX_CONTINUE;
1252 }
1253
1254 ieee80211_rx_result
1255 ieee80211_crypto_hw_decrypt(struct ieee80211_rx_data *rx)
1256 {
1257 if (rx->sta && rx->sta->cipher_scheme)
1258 return ieee80211_crypto_cs_decrypt(rx);
1259
1260 return RX_DROP_UNUSABLE;
1261 }
CRIS linux kernel tree