search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
Linux 5.1.15
[linux/fpc-iii.git] / net / mac80211 / wpa.c
blob5dd48f0a4b1bd1d5eb24489f72a126a146639f4d
1 /*
2 * Copyright 2002-2004, Instant802 Networks, Inc.
3 * Copyright 2008, Jouni Malinen <j@w1.fi>
4 * Copyright (C) 2016-2017 Intel Deutschland GmbH
5 *
6 * This program is free software; you can redistribute it and/or modify
7 * it under the terms of the GNU General Public License version 2 as
8 * published by the Free Software Foundation.
9 */
10
11 #include <linux/netdevice.h>
12 #include <linux/types.h>
13 #include <linux/skbuff.h>
14 #include <linux/compiler.h>
15 #include <linux/ieee80211.h>
16 #include <linux/gfp.h>
17 #include <asm/unaligned.h>
18 #include <net/mac80211.h>
19 #include <crypto/aes.h>
20 #include <crypto/algapi.h>
21
22 #include "ieee80211_i.h"
23 #include "michael.h"
24 #include "tkip.h"
25 #include "aes_ccm.h"
26 #include "aes_cmac.h"
27 #include "aes_gmac.h"
28 #include "aes_gcm.h"
29 #include "wpa.h"
30
31 ieee80211_tx_result
32 ieee80211_tx_h_michael_mic_add(struct ieee80211_tx_data *tx)
33 {
34 u8 *data, *key, *mic;
35 size_t data_len;
36 unsigned int hdrlen;
37 struct ieee80211_hdr *hdr;
38 struct sk_buff *skb = tx->skb;
39 struct ieee80211_tx_info *info = IEEE80211_SKB_CB(skb);
40 int tail;
41
42 hdr = (struct ieee80211_hdr *)skb->data;
43 if (!tx->key || tx->key->conf.cipher != WLAN_CIPHER_SUITE_TKIP ||
44 skb->len < 24 || !ieee80211_is_data_present(hdr->frame_control))
45 return TX_CONTINUE;
46
47 hdrlen = ieee80211_hdrlen(hdr->frame_control);
48 if (skb->len < hdrlen)
49 return TX_DROP;
50
51 data = skb->data + hdrlen;
52 data_len = skb->len - hdrlen;
53
54 if (unlikely(info->flags & IEEE80211_TX_INTFL_TKIP_MIC_FAILURE)) {
55 /* Need to use software crypto for the test */
56 info->control.hw_key = NULL;
57 }
58
59 if (info->control.hw_key &&
60 (info->flags & IEEE80211_TX_CTL_DONTFRAG ||
61 ieee80211_hw_check(&tx->local->hw, SUPPORTS_TX_FRAG)) &&
62 !(tx->key->conf.flags & (IEEE80211_KEY_FLAG_GENERATE_MMIC |
63 IEEE80211_KEY_FLAG_PUT_MIC_SPACE))) {
64 /* hwaccel - with no need for SW-generated MMIC or MIC space */
65 return TX_CONTINUE;
66 }
67
68 tail = MICHAEL_MIC_LEN;
69 if (!info->control.hw_key)
70 tail += IEEE80211_TKIP_ICV_LEN;
71
72 if (WARN(skb_tailroom(skb) < tail ||
73 skb_headroom(skb) < IEEE80211_TKIP_IV_LEN,
74 "mmic: not enough head/tail (%d/%d,%d/%d)\n",
75 skb_headroom(skb), IEEE80211_TKIP_IV_LEN,
76 skb_tailroom(skb), tail))
77 return TX_DROP;
78
79 mic = skb_put(skb, MICHAEL_MIC_LEN);
80
81 if (tx->key->conf.flags & IEEE80211_KEY_FLAG_PUT_MIC_SPACE) {
82 /* Zeroed MIC can help with debug */
83 memset(mic, 0, MICHAEL_MIC_LEN);
84 return TX_CONTINUE;
85 }
86
87 key = &tx->key->conf.key[NL80211_TKIP_DATA_OFFSET_TX_MIC_KEY];
88 michael_mic(key, hdr, data, data_len, mic);
89 if (unlikely(info->flags & IEEE80211_TX_INTFL_TKIP_MIC_FAILURE))
90 mic[0]++;
91
92 return TX_CONTINUE;
93 }
94
95
96 ieee80211_rx_result
97 ieee80211_rx_h_michael_mic_verify(struct ieee80211_rx_data *rx)
98 {
99 u8 *data, *key = NULL;
100 size_t data_len;
101 unsigned int hdrlen;
102 u8 mic[MICHAEL_MIC_LEN];
103 struct sk_buff *skb = rx->skb;
104 struct ieee80211_rx_status *status = IEEE80211_SKB_RXCB(skb);
105 struct ieee80211_hdr *hdr = (struct ieee80211_hdr *)skb->data;
106
107 /*
108 * it makes no sense to check for MIC errors on anything other
109 * than data frames.
110 */
111 if (!ieee80211_is_data_present(hdr->frame_control))
112 return RX_CONTINUE;
113
114 /*
115 * No way to verify the MIC if the hardware stripped it or
116 * the IV with the key index. In this case we have solely rely
117 * on the driver to set RX_FLAG_MMIC_ERROR in the event of a
118 * MIC failure report.
119 */
120 if (status->flag & (RX_FLAG_MMIC_STRIPPED | RX_FLAG_IV_STRIPPED)) {
121 if (status->flag & RX_FLAG_MMIC_ERROR)
122 goto mic_fail_no_key;
123
124 if (!(status->flag & RX_FLAG_IV_STRIPPED) && rx->key &&
125 rx->key->conf.cipher == WLAN_CIPHER_SUITE_TKIP)
126 goto update_iv;
127
128 return RX_CONTINUE;
129 }
130
131 /*
132 * Some hardware seems to generate Michael MIC failure reports; even
133 * though, the frame was not encrypted with TKIP and therefore has no
134 * MIC. Ignore the flag them to avoid triggering countermeasures.
135 */
136 if (!rx->key || rx->key->conf.cipher != WLAN_CIPHER_SUITE_TKIP ||
137 !(status->flag & RX_FLAG_DECRYPTED))
138 return RX_CONTINUE;
139
140 if (rx->sdata->vif.type == NL80211_IFTYPE_AP && rx->key->conf.keyidx) {
141 /*
142 * APs with pairwise keys should never receive Michael MIC
143 * errors for non-zero keyidx because these are reserved for
144 * group keys and only the AP is sending real multicast
145 * frames in the BSS.
146 */
147 return RX_DROP_UNUSABLE;
148 }
149
150 if (status->flag & RX_FLAG_MMIC_ERROR)
151 goto mic_fail;
152
153 hdrlen = ieee80211_hdrlen(hdr->frame_control);
154 if (skb->len < hdrlen + MICHAEL_MIC_LEN)
155 return RX_DROP_UNUSABLE;
156
157 if (skb_linearize(rx->skb))
158 return RX_DROP_UNUSABLE;
159 hdr = (void *)skb->data;
160
161 data = skb->data + hdrlen;
162 data_len = skb->len - hdrlen - MICHAEL_MIC_LEN;
163 key = &rx->key->conf.key[NL80211_TKIP_DATA_OFFSET_RX_MIC_KEY];
164 michael_mic(key, hdr, data, data_len, mic);
165 if (crypto_memneq(mic, data + data_len, MICHAEL_MIC_LEN))
166 goto mic_fail;
167
168 /* remove Michael MIC from payload */
169 skb_trim(skb, skb->len - MICHAEL_MIC_LEN);
170
171 update_iv:
172 /* update IV in key information to be able to detect replays */
173 rx->key->u.tkip.rx[rx->security_idx].iv32 = rx->tkip_iv32;
174 rx->key->u.tkip.rx[rx->security_idx].iv16 = rx->tkip_iv16;
175
176 return RX_CONTINUE;
177
178 mic_fail:
179 rx->key->u.tkip.mic_failures++;
180
181 mic_fail_no_key:
182 /*
183 * In some cases the key can be unset - e.g. a multicast packet, in
184 * a driver that supports HW encryption. Send up the key idx only if
185 * the key is set.
186 */
187 cfg80211_michael_mic_failure(rx->sdata->dev, hdr->addr2,
188 is_multicast_ether_addr(hdr->addr1) ?
189 NL80211_KEYTYPE_GROUP :
190 NL80211_KEYTYPE_PAIRWISE,
191 rx->key ? rx->key->conf.keyidx : -1,
192 NULL, GFP_ATOMIC);
193 return RX_DROP_UNUSABLE;
194 }
195
196 static int tkip_encrypt_skb(struct ieee80211_tx_data *tx, struct sk_buff *skb)
197 {
198 struct ieee80211_hdr *hdr = (struct ieee80211_hdr *) skb->data;
199 struct ieee80211_key *key = tx->key;
200 struct ieee80211_tx_info *info = IEEE80211_SKB_CB(skb);
201 unsigned int hdrlen;
202 int len, tail;
203 u64 pn;
204 u8 *pos;
205
206 if (info->control.hw_key &&
207 !(info->control.hw_key->flags & IEEE80211_KEY_FLAG_GENERATE_IV) &&
208 !(info->control.hw_key->flags & IEEE80211_KEY_FLAG_PUT_IV_SPACE)) {
209 /* hwaccel - with no need for software-generated IV */
210 return 0;
211 }
212
213 hdrlen = ieee80211_hdrlen(hdr->frame_control);
214 len = skb->len - hdrlen;
215
216 if (info->control.hw_key)
217 tail = 0;
218 else
219 tail = IEEE80211_TKIP_ICV_LEN;
220
221 if (WARN_ON(skb_tailroom(skb) < tail ||
222 skb_headroom(skb) < IEEE80211_TKIP_IV_LEN))
223 return -1;
224
225 pos = skb_push(skb, IEEE80211_TKIP_IV_LEN);
226 memmove(pos, pos + IEEE80211_TKIP_IV_LEN, hdrlen);
227 pos += hdrlen;
228
229 /* the HW only needs room for the IV, but not the actual IV */
230 if (info->control.hw_key &&
231 (info->control.hw_key->flags & IEEE80211_KEY_FLAG_PUT_IV_SPACE))
232 return 0;
233
234 /* Increase IV for the frame */
235 pn = atomic64_inc_return(&key->conf.tx_pn);
236 pos = ieee80211_tkip_add_iv(pos, &key->conf, pn);
237
238 /* hwaccel - with software IV */
239 if (info->control.hw_key)
240 return 0;
241
242 /* Add room for ICV */
243 skb_put(skb, IEEE80211_TKIP_ICV_LEN);
244
245 return ieee80211_tkip_encrypt_data(tx->local->wep_tx_tfm,
246 key, skb, pos, len);
247 }
248
249
250 ieee80211_tx_result
251 ieee80211_crypto_tkip_encrypt(struct ieee80211_tx_data *tx)
252 {
253 struct sk_buff *skb;
254
255 ieee80211_tx_set_protected(tx);
256
257 skb_queue_walk(&tx->skbs, skb) {
258 if (tkip_encrypt_skb(tx, skb) < 0)
259 return TX_DROP;
260 }
261
262 return TX_CONTINUE;
263 }
264
265
266 ieee80211_rx_result
267 ieee80211_crypto_tkip_decrypt(struct ieee80211_rx_data *rx)
268 {
269 struct ieee80211_hdr *hdr = (struct ieee80211_hdr *) rx->skb->data;
270 int hdrlen, res, hwaccel = 0;
271 struct ieee80211_key *key = rx->key;
272 struct sk_buff *skb = rx->skb;
273 struct ieee80211_rx_status *status = IEEE80211_SKB_RXCB(skb);
274
275 hdrlen = ieee80211_hdrlen(hdr->frame_control);
276
277 if (!ieee80211_is_data(hdr->frame_control))
278 return RX_CONTINUE;
279
280 if (!rx->sta || skb->len - hdrlen < 12)
281 return RX_DROP_UNUSABLE;
282
283 /* it may be possible to optimize this a bit more */
284 if (skb_linearize(rx->skb))
285 return RX_DROP_UNUSABLE;
286 hdr = (void *)skb->data;
287
288 /*
289 * Let TKIP code verify IV, but skip decryption.
290 * In the case where hardware checks the IV as well,
291 * we don't even get here, see ieee80211_rx_h_decrypt()
292 */
293 if (status->flag & RX_FLAG_DECRYPTED)
294 hwaccel = 1;
295
296 res = ieee80211_tkip_decrypt_data(rx->local->wep_rx_tfm,
297 key, skb->data + hdrlen,
298 skb->len - hdrlen, rx->sta->sta.addr,
299 hdr->addr1, hwaccel, rx->security_idx,
300 &rx->tkip_iv32,
301 &rx->tkip_iv16);
302 if (res != TKIP_DECRYPT_OK)
303 return RX_DROP_UNUSABLE;
304
305 /* Trim ICV */
306 if (!(status->flag & RX_FLAG_ICV_STRIPPED))
307 skb_trim(skb, skb->len - IEEE80211_TKIP_ICV_LEN);
308
309 /* Remove IV */
310 memmove(skb->data + IEEE80211_TKIP_IV_LEN, skb->data, hdrlen);
311 skb_pull(skb, IEEE80211_TKIP_IV_LEN);
312
313 return RX_CONTINUE;
314 }
315
316
317 static void ccmp_special_blocks(struct sk_buff *skb, u8 *pn, u8 *b_0, u8 *aad)
318 {
319 __le16 mask_fc;
320 int a4_included, mgmt;
321 u8 qos_tid;
322 u16 len_a;
323 unsigned int hdrlen;
324 struct ieee80211_hdr *hdr = (struct ieee80211_hdr *)skb->data;
325
326 /*
327 * Mask FC: zero subtype b4 b5 b6 (if not mgmt)
328 * Retry, PwrMgt, MoreData; set Protected
329 */
330 mgmt = ieee80211_is_mgmt(hdr->frame_control);
331 mask_fc = hdr->frame_control;
332 mask_fc &= ~cpu_to_le16(IEEE80211_FCTL_RETRY |
333 IEEE80211_FCTL_PM | IEEE80211_FCTL_MOREDATA);
334 if (!mgmt)
335 mask_fc &= ~cpu_to_le16(0x0070);
336 mask_fc |= cpu_to_le16(IEEE80211_FCTL_PROTECTED);
337
338 hdrlen = ieee80211_hdrlen(hdr->frame_control);
339 len_a = hdrlen - 2;
340 a4_included = ieee80211_has_a4(hdr->frame_control);
341
342 if (ieee80211_is_data_qos(hdr->frame_control))
343 qos_tid = ieee80211_get_tid(hdr);
344 else
345 qos_tid = 0;
346
347 /* In CCM, the initial vectors (IV) used for CTR mode encryption and CBC
348 * mode authentication are not allowed to collide, yet both are derived
349 * from this vector b_0. We only set L := 1 here to indicate that the
350 * data size can be represented in (L+1) bytes. The CCM layer will take
351 * care of storing the data length in the top (L+1) bytes and setting
352 * and clearing the other bits as is required to derive the two IVs.
353 */
354 b_0[0] = 0x1;
355
356 /* Nonce: Nonce Flags | A2 | PN
357 * Nonce Flags: Priority (b0..b3) | Management (b4) | Reserved (b5..b7)
358 */
359 b_0[1] = qos_tid | (mgmt << 4);
360 memcpy(&b_0[2], hdr->addr2, ETH_ALEN);
361 memcpy(&b_0[8], pn, IEEE80211_CCMP_PN_LEN);
362
363 /* AAD (extra authenticate-only data) / masked 802.11 header
364 * FC | A1 | A2 | A3 | SC | [A4] | [QC] */
365 put_unaligned_be16(len_a, &aad[0]);
366 put_unaligned(mask_fc, (__le16 *)&aad[2]);
367 memcpy(&aad[4], &hdr->addr1, 3 * ETH_ALEN);
368
369 /* Mask Seq#, leave Frag# */
370 aad[22] = *((u8 *) &hdr->seq_ctrl) & 0x0f;
371 aad[23] = 0;
372
373 if (a4_included) {
374 memcpy(&aad[24], hdr->addr4, ETH_ALEN);
375 aad[30] = qos_tid;
376 aad[31] = 0;
377 } else {
378 memset(&aad[24], 0, ETH_ALEN + IEEE80211_QOS_CTL_LEN);
379 aad[24] = qos_tid;
380 }
381 }
382
383
384 static inline void ccmp_pn2hdr(u8 *hdr, u8 *pn, int key_id)
385 {
386 hdr[0] = pn[5];
387 hdr[1] = pn[4];
388 hdr[2] = 0;
389 hdr[3] = 0x20 | (key_id << 6);
390 hdr[4] = pn[3];
391 hdr[5] = pn[2];
392 hdr[6] = pn[1];
393 hdr[7] = pn[0];
394 }
395
396
397 static inline void ccmp_hdr2pn(u8 *pn, u8 *hdr)
398 {
399 pn[0] = hdr[7];
400 pn[1] = hdr[6];
401 pn[2] = hdr[5];
402 pn[3] = hdr[4];
403 pn[4] = hdr[1];
404 pn[5] = hdr[0];
405 }
406
407
408 static int ccmp_encrypt_skb(struct ieee80211_tx_data *tx, struct sk_buff *skb,
409 unsigned int mic_len)
410 {
411 struct ieee80211_hdr *hdr = (struct ieee80211_hdr *) skb->data;
412 struct ieee80211_key *key = tx->key;
413 struct ieee80211_tx_info *info = IEEE80211_SKB_CB(skb);
414 int hdrlen, len, tail;
415 u8 *pos;
416 u8 pn[6];
417 u64 pn64;
418 u8 aad[CCM_AAD_LEN];
419 u8 b_0[AES_BLOCK_SIZE];
420
421 if (info->control.hw_key &&
422 !(info->control.hw_key->flags & IEEE80211_KEY_FLAG_GENERATE_IV) &&
423 !(info->control.hw_key->flags & IEEE80211_KEY_FLAG_PUT_IV_SPACE) &&
424 !((info->control.hw_key->flags &
425 IEEE80211_KEY_FLAG_GENERATE_IV_MGMT) &&
426 ieee80211_is_mgmt(hdr->frame_control))) {
427 /*
428 * hwaccel has no need for preallocated room for CCMP
429 * header or MIC fields
430 */
431 return 0;
432 }
433
434 hdrlen = ieee80211_hdrlen(hdr->frame_control);
435 len = skb->len - hdrlen;
436
437 if (info->control.hw_key)
438 tail = 0;
439 else
440 tail = mic_len;
441
442 if (WARN_ON(skb_tailroom(skb) < tail ||
443 skb_headroom(skb) < IEEE80211_CCMP_HDR_LEN))
444 return -1;
445
446 pos = skb_push(skb, IEEE80211_CCMP_HDR_LEN);
447 memmove(pos, pos + IEEE80211_CCMP_HDR_LEN, hdrlen);
448
449 /* the HW only needs room for the IV, but not the actual IV */
450 if (info->control.hw_key &&
451 (info->control.hw_key->flags & IEEE80211_KEY_FLAG_PUT_IV_SPACE))
452 return 0;
453
454 hdr = (struct ieee80211_hdr *) pos;
455 pos += hdrlen;
456
457 pn64 = atomic64_inc_return(&key->conf.tx_pn);
458
459 pn[5] = pn64;
460 pn[4] = pn64 >> 8;
461 pn[3] = pn64 >> 16;
462 pn[2] = pn64 >> 24;
463 pn[1] = pn64 >> 32;
464 pn[0] = pn64 >> 40;
465
466 ccmp_pn2hdr(pos, pn, key->conf.keyidx);
467
468 /* hwaccel - with software CCMP header */
469 if (info->control.hw_key)
470 return 0;
471
472 pos += IEEE80211_CCMP_HDR_LEN;
473 ccmp_special_blocks(skb, pn, b_0, aad);
474 return ieee80211_aes_ccm_encrypt(key->u.ccmp.tfm, b_0, aad, pos, len,
475 skb_put(skb, mic_len));
476 }
477
478
479 ieee80211_tx_result
480 ieee80211_crypto_ccmp_encrypt(struct ieee80211_tx_data *tx,
481 unsigned int mic_len)
482 {
483 struct sk_buff *skb;
484
485 ieee80211_tx_set_protected(tx);
486
487 skb_queue_walk(&tx->skbs, skb) {
488 if (ccmp_encrypt_skb(tx, skb, mic_len) < 0)
489 return TX_DROP;
490 }
491
492 return TX_CONTINUE;
493 }
494
495
496 ieee80211_rx_result
497 ieee80211_crypto_ccmp_decrypt(struct ieee80211_rx_data *rx,
498 unsigned int mic_len)
499 {
500 struct ieee80211_hdr *hdr = (struct ieee80211_hdr *)rx->skb->data;
501 int hdrlen;
502 struct ieee80211_key *key = rx->key;
503 struct sk_buff *skb = rx->skb;
504 struct ieee80211_rx_status *status = IEEE80211_SKB_RXCB(skb);
505 u8 pn[IEEE80211_CCMP_PN_LEN];
506 int data_len;
507 int queue;
508
509 hdrlen = ieee80211_hdrlen(hdr->frame_control);
510
511 if (!ieee80211_is_data(hdr->frame_control) &&
512 !ieee80211_is_robust_mgmt_frame(skb))
513 return RX_CONTINUE;
514
515 if (status->flag & RX_FLAG_DECRYPTED) {
516 if (!pskb_may_pull(rx->skb, hdrlen + IEEE80211_CCMP_HDR_LEN))
517 return RX_DROP_UNUSABLE;
518 if (status->flag & RX_FLAG_MIC_STRIPPED)
519 mic_len = 0;
520 } else {
521 if (skb_linearize(rx->skb))
522 return RX_DROP_UNUSABLE;
523 }
524
525 data_len = skb->len - hdrlen - IEEE80211_CCMP_HDR_LEN - mic_len;
526 if (!rx->sta || data_len < 0)
527 return RX_DROP_UNUSABLE;
528
529 if (!(status->flag & RX_FLAG_PN_VALIDATED)) {
530 int res;
531
532 ccmp_hdr2pn(pn, skb->data + hdrlen);
533
534 queue = rx->security_idx;
535
536 res = memcmp(pn, key->u.ccmp.rx_pn[queue],
537 IEEE80211_CCMP_PN_LEN);
538 if (res < 0 ||
539 (!res && !(status->flag & RX_FLAG_ALLOW_SAME_PN))) {
540 key->u.ccmp.replays++;
541 return RX_DROP_UNUSABLE;
542 }
543
544 if (!(status->flag & RX_FLAG_DECRYPTED)) {
545 u8 aad[2 * AES_BLOCK_SIZE];
546 u8 b_0[AES_BLOCK_SIZE];
547 /* hardware didn't decrypt/verify MIC */
548 ccmp_special_blocks(skb, pn, b_0, aad);
549
550 if (ieee80211_aes_ccm_decrypt(
551 key->u.ccmp.tfm, b_0, aad,
552 skb->data + hdrlen + IEEE80211_CCMP_HDR_LEN,
553 data_len,
554 skb->data + skb->len - mic_len))
555 return RX_DROP_UNUSABLE;
556 }
557
558 memcpy(key->u.ccmp.rx_pn[queue], pn, IEEE80211_CCMP_PN_LEN);
559 }
560
561 /* Remove CCMP header and MIC */
562 if (pskb_trim(skb, skb->len - mic_len))
563 return RX_DROP_UNUSABLE;
564 memmove(skb->data + IEEE80211_CCMP_HDR_LEN, skb->data, hdrlen);
565 skb_pull(skb, IEEE80211_CCMP_HDR_LEN);
566
567 return RX_CONTINUE;
568 }
569
570 static void gcmp_special_blocks(struct sk_buff *skb, u8 *pn, u8 *j_0, u8 *aad)
571 {
572 __le16 mask_fc;
573 u8 qos_tid;
574 struct ieee80211_hdr *hdr = (struct ieee80211_hdr *)skb->data;
575
576 memcpy(j_0, hdr->addr2, ETH_ALEN);
577 memcpy(&j_0[ETH_ALEN], pn, IEEE80211_GCMP_PN_LEN);
578 j_0[13] = 0;
579 j_0[14] = 0;
580 j_0[AES_BLOCK_SIZE - 1] = 0x01;
581
582 /* AAD (extra authenticate-only data) / masked 802.11 header
583 * FC | A1 | A2 | A3 | SC | [A4] | [QC]
584 */
585 put_unaligned_be16(ieee80211_hdrlen(hdr->frame_control) - 2, &aad[0]);
586 /* Mask FC: zero subtype b4 b5 b6 (if not mgmt)
587 * Retry, PwrMgt, MoreData; set Protected
588 */
589 mask_fc = hdr->frame_control;
590 mask_fc &= ~cpu_to_le16(IEEE80211_FCTL_RETRY |
591 IEEE80211_FCTL_PM | IEEE80211_FCTL_MOREDATA);
592 if (!ieee80211_is_mgmt(hdr->frame_control))
593 mask_fc &= ~cpu_to_le16(0x0070);
594 mask_fc |= cpu_to_le16(IEEE80211_FCTL_PROTECTED);
595
596 put_unaligned(mask_fc, (__le16 *)&aad[2]);
597 memcpy(&aad[4], &hdr->addr1, 3 * ETH_ALEN);
598
599 /* Mask Seq#, leave Frag# */
600 aad[22] = *((u8 *)&hdr->seq_ctrl) & 0x0f;
601 aad[23] = 0;
602
603 if (ieee80211_is_data_qos(hdr->frame_control))
604 qos_tid = ieee80211_get_tid(hdr);
605 else
606 qos_tid = 0;
607
608 if (ieee80211_has_a4(hdr->frame_control)) {
609 memcpy(&aad[24], hdr->addr4, ETH_ALEN);
610 aad[30] = qos_tid;
611 aad[31] = 0;
612 } else {
613 memset(&aad[24], 0, ETH_ALEN + IEEE80211_QOS_CTL_LEN);
614 aad[24] = qos_tid;
615 }
616 }
617
618 static inline void gcmp_pn2hdr(u8 *hdr, const u8 *pn, int key_id)
619 {
620 hdr[0] = pn[5];
621 hdr[1] = pn[4];
622 hdr[2] = 0;
623 hdr[3] = 0x20 | (key_id << 6);
624 hdr[4] = pn[3];
625 hdr[5] = pn[2];
626 hdr[6] = pn[1];
627 hdr[7] = pn[0];
628 }
629
630 static inline void gcmp_hdr2pn(u8 *pn, const u8 *hdr)
631 {
632 pn[0] = hdr[7];
633 pn[1] = hdr[6];
634 pn[2] = hdr[5];
635 pn[3] = hdr[4];
636 pn[4] = hdr[1];
637 pn[5] = hdr[0];
638 }
639
640 static int gcmp_encrypt_skb(struct ieee80211_tx_data *tx, struct sk_buff *skb)
641 {
642 struct ieee80211_hdr *hdr = (struct ieee80211_hdr *)skb->data;
643 struct ieee80211_key *key = tx->key;
644 struct ieee80211_tx_info *info = IEEE80211_SKB_CB(skb);
645 int hdrlen, len, tail;
646 u8 *pos;
647 u8 pn[6];
648 u64 pn64;
649 u8 aad[GCM_AAD_LEN];
650 u8 j_0[AES_BLOCK_SIZE];
651
652 if (info->control.hw_key &&
653 !(info->control.hw_key->flags & IEEE80211_KEY_FLAG_GENERATE_IV) &&
654 !(info->control.hw_key->flags & IEEE80211_KEY_FLAG_PUT_IV_SPACE) &&
655 !((info->control.hw_key->flags &
656 IEEE80211_KEY_FLAG_GENERATE_IV_MGMT) &&
657 ieee80211_is_mgmt(hdr->frame_control))) {
658 /* hwaccel has no need for preallocated room for GCMP
659 * header or MIC fields
660 */
661 return 0;
662 }
663
664 hdrlen = ieee80211_hdrlen(hdr->frame_control);
665 len = skb->len - hdrlen;
666
667 if (info->control.hw_key)
668 tail = 0;
669 else
670 tail = IEEE80211_GCMP_MIC_LEN;
671
672 if (WARN_ON(skb_tailroom(skb) < tail ||
673 skb_headroom(skb) < IEEE80211_GCMP_HDR_LEN))
674 return -1;
675
676 pos = skb_push(skb, IEEE80211_GCMP_HDR_LEN);
677 memmove(pos, pos + IEEE80211_GCMP_HDR_LEN, hdrlen);
678 skb_set_network_header(skb, skb_network_offset(skb) +
679 IEEE80211_GCMP_HDR_LEN);
680
681 /* the HW only needs room for the IV, but not the actual IV */
682 if (info->control.hw_key &&
683 (info->control.hw_key->flags & IEEE80211_KEY_FLAG_PUT_IV_SPACE))
684 return 0;
685
686 hdr = (struct ieee80211_hdr *)pos;
687 pos += hdrlen;
688
689 pn64 = atomic64_inc_return(&key->conf.tx_pn);
690
691 pn[5] = pn64;
692 pn[4] = pn64 >> 8;
693 pn[3] = pn64 >> 16;
694 pn[2] = pn64 >> 24;
695 pn[1] = pn64 >> 32;
696 pn[0] = pn64 >> 40;
697
698 gcmp_pn2hdr(pos, pn, key->conf.keyidx);
699
700 /* hwaccel - with software GCMP header */
701 if (info->control.hw_key)
702 return 0;
703
704 pos += IEEE80211_GCMP_HDR_LEN;
705 gcmp_special_blocks(skb, pn, j_0, aad);
706 return ieee80211_aes_gcm_encrypt(key->u.gcmp.tfm, j_0, aad, pos, len,
707 skb_put(skb, IEEE80211_GCMP_MIC_LEN));
708 }
709
710 ieee80211_tx_result
711 ieee80211_crypto_gcmp_encrypt(struct ieee80211_tx_data *tx)
712 {
713 struct sk_buff *skb;
714
715 ieee80211_tx_set_protected(tx);
716
717 skb_queue_walk(&tx->skbs, skb) {
718 if (gcmp_encrypt_skb(tx, skb) < 0)
719 return TX_DROP;
720 }
721
722 return TX_CONTINUE;
723 }
724
725 ieee80211_rx_result
726 ieee80211_crypto_gcmp_decrypt(struct ieee80211_rx_data *rx)
727 {
728 struct ieee80211_hdr *hdr = (struct ieee80211_hdr *)rx->skb->data;
729 int hdrlen;
730 struct ieee80211_key *key = rx->key;
731 struct sk_buff *skb = rx->skb;
732 struct ieee80211_rx_status *status = IEEE80211_SKB_RXCB(skb);
733 u8 pn[IEEE80211_GCMP_PN_LEN];
734 int data_len, queue, mic_len = IEEE80211_GCMP_MIC_LEN;
735
736 hdrlen = ieee80211_hdrlen(hdr->frame_control);
737
738 if (!ieee80211_is_data(hdr->frame_control) &&
739 !ieee80211_is_robust_mgmt_frame(skb))
740 return RX_CONTINUE;
741
742 if (status->flag & RX_FLAG_DECRYPTED) {
743 if (!pskb_may_pull(rx->skb, hdrlen + IEEE80211_GCMP_HDR_LEN))
744 return RX_DROP_UNUSABLE;
745 if (status->flag & RX_FLAG_MIC_STRIPPED)
746 mic_len = 0;
747 } else {
748 if (skb_linearize(rx->skb))
749 return RX_DROP_UNUSABLE;
750 }
751
752 data_len = skb->len - hdrlen - IEEE80211_GCMP_HDR_LEN - mic_len;
753 if (!rx->sta || data_len < 0)
754 return RX_DROP_UNUSABLE;
755
756 if (!(status->flag & RX_FLAG_PN_VALIDATED)) {
757 int res;
758
759 gcmp_hdr2pn(pn, skb->data + hdrlen);
760
761 queue = rx->security_idx;
762
763 res = memcmp(pn, key->u.gcmp.rx_pn[queue],
764 IEEE80211_GCMP_PN_LEN);
765 if (res < 0 ||
766 (!res && !(status->flag & RX_FLAG_ALLOW_SAME_PN))) {
767 key->u.gcmp.replays++;
768 return RX_DROP_UNUSABLE;
769 }
770
771 if (!(status->flag & RX_FLAG_DECRYPTED)) {
772 u8 aad[2 * AES_BLOCK_SIZE];
773 u8 j_0[AES_BLOCK_SIZE];
774 /* hardware didn't decrypt/verify MIC */
775 gcmp_special_blocks(skb, pn, j_0, aad);
776
777 if (ieee80211_aes_gcm_decrypt(
778 key->u.gcmp.tfm, j_0, aad,
779 skb->data + hdrlen + IEEE80211_GCMP_HDR_LEN,
780 data_len,
781 skb->data + skb->len -
782 IEEE80211_GCMP_MIC_LEN))
783 return RX_DROP_UNUSABLE;
784 }
785
786 memcpy(key->u.gcmp.rx_pn[queue], pn, IEEE80211_GCMP_PN_LEN);
787 }
788
789 /* Remove GCMP header and MIC */
790 if (pskb_trim(skb, skb->len - mic_len))
791 return RX_DROP_UNUSABLE;
792 memmove(skb->data + IEEE80211_GCMP_HDR_LEN, skb->data, hdrlen);
793 skb_pull(skb, IEEE80211_GCMP_HDR_LEN);
794
795 return RX_CONTINUE;
796 }
797
798 static ieee80211_tx_result
799 ieee80211_crypto_cs_encrypt(struct ieee80211_tx_data *tx,
800 struct sk_buff *skb)
801 {
802 struct ieee80211_hdr *hdr = (struct ieee80211_hdr *)skb->data;
803 struct ieee80211_key *key = tx->key;
804 struct ieee80211_tx_info *info = IEEE80211_SKB_CB(skb);
805 int hdrlen;
806 u8 *pos, iv_len = key->conf.iv_len;
807
808 if (info->control.hw_key &&
809 !(info->control.hw_key->flags & IEEE80211_KEY_FLAG_PUT_IV_SPACE)) {
810 /* hwaccel has no need for preallocated head room */
811 return TX_CONTINUE;
812 }
813
814 if (unlikely(skb_headroom(skb) < iv_len &&
815 pskb_expand_head(skb, iv_len, 0, GFP_ATOMIC)))
816 return TX_DROP;
817
818 hdrlen = ieee80211_hdrlen(hdr->frame_control);
819
820 pos = skb_push(skb, iv_len);
821 memmove(pos, pos + iv_len, hdrlen);
822
823 return TX_CONTINUE;
824 }
825
826 static inline int ieee80211_crypto_cs_pn_compare(u8 *pn1, u8 *pn2, int len)
827 {
828 int i;
829
830 /* pn is little endian */
831 for (i = len - 1; i >= 0; i--) {
832 if (pn1[i] < pn2[i])
833 return -1;
834 else if (pn1[i] > pn2[i])
835 return 1;
836 }
837
838 return 0;
839 }
840
841 static ieee80211_rx_result
842 ieee80211_crypto_cs_decrypt(struct ieee80211_rx_data *rx)
843 {
844 struct ieee80211_key *key = rx->key;
845 struct ieee80211_hdr *hdr = (struct ieee80211_hdr *)rx->skb->data;
846 const struct ieee80211_cipher_scheme *cs = NULL;
847 int hdrlen = ieee80211_hdrlen(hdr->frame_control);
848 struct ieee80211_rx_status *status = IEEE80211_SKB_RXCB(rx->skb);
849 int data_len;
850 u8 *rx_pn;
851 u8 *skb_pn;
852 u8 qos_tid;
853
854 if (!rx->sta || !rx->sta->cipher_scheme ||
855 !(status->flag & RX_FLAG_DECRYPTED))
856 return RX_DROP_UNUSABLE;
857
858 if (!ieee80211_is_data(hdr->frame_control))
859 return RX_CONTINUE;
860
861 cs = rx->sta->cipher_scheme;
862
863 data_len = rx->skb->len - hdrlen - cs->hdr_len;
864
865 if (data_len < 0)
866 return RX_DROP_UNUSABLE;
867
868 if (ieee80211_is_data_qos(hdr->frame_control))
869 qos_tid = ieee80211_get_tid(hdr);
870 else
871 qos_tid = 0;
872
873 if (skb_linearize(rx->skb))
874 return RX_DROP_UNUSABLE;
875
876 hdr = (struct ieee80211_hdr *)rx->skb->data;
877
878 rx_pn = key->u.gen.rx_pn[qos_tid];
879 skb_pn = rx->skb->data + hdrlen + cs->pn_off;
880
881 if (ieee80211_crypto_cs_pn_compare(skb_pn, rx_pn, cs->pn_len) <= 0)
882 return RX_DROP_UNUSABLE;
883
884 memcpy(rx_pn, skb_pn, cs->pn_len);
885
886 /* remove security header and MIC */
887 if (pskb_trim(rx->skb, rx->skb->len - cs->mic_len))
888 return RX_DROP_UNUSABLE;
889
890 memmove(rx->skb->data + cs->hdr_len, rx->skb->data, hdrlen);
891 skb_pull(rx->skb, cs->hdr_len);
892
893 return RX_CONTINUE;
894 }
895
896 static void bip_aad(struct sk_buff *skb, u8 *aad)
897 {
898 __le16 mask_fc;
899 struct ieee80211_hdr *hdr = (struct ieee80211_hdr *) skb->data;
900
901 /* BIP AAD: FC(masked) || A1 || A2 || A3 */
902
903 /* FC type/subtype */
904 /* Mask FC Retry, PwrMgt, MoreData flags to zero */
905 mask_fc = hdr->frame_control;
906 mask_fc &= ~cpu_to_le16(IEEE80211_FCTL_RETRY | IEEE80211_FCTL_PM |
907 IEEE80211_FCTL_MOREDATA);
908 put_unaligned(mask_fc, (__le16 *) &aad[0]);
909 /* A1 || A2 || A3 */
910 memcpy(aad + 2, &hdr->addr1, 3 * ETH_ALEN);
911 }
912
913
914 static inline void bip_ipn_set64(u8 *d, u64 pn)
915 {
916 *d++ = pn;
917 *d++ = pn >> 8;
918 *d++ = pn >> 16;
919 *d++ = pn >> 24;
920 *d++ = pn >> 32;
921 *d = pn >> 40;
922 }
923
924 static inline void bip_ipn_swap(u8 *d, const u8 *s)
925 {
926 *d++ = s[5];
927 *d++ = s[4];
928 *d++ = s[3];
929 *d++ = s[2];
930 *d++ = s[1];
931 *d = s[0];
932 }
933
934
935 ieee80211_tx_result
936 ieee80211_crypto_aes_cmac_encrypt(struct ieee80211_tx_data *tx)
937 {
938 struct sk_buff *skb;
939 struct ieee80211_tx_info *info;
940 struct ieee80211_key *key = tx->key;
941 struct ieee80211_mmie *mmie;
942 u8 aad[20];
943 u64 pn64;
944
945 if (WARN_ON(skb_queue_len(&tx->skbs) != 1))
946 return TX_DROP;
947
948 skb = skb_peek(&tx->skbs);
949
950 info = IEEE80211_SKB_CB(skb);
951
952 if (info->control.hw_key)
953 return TX_CONTINUE;
954
955 if (WARN_ON(skb_tailroom(skb) < sizeof(*mmie)))
956 return TX_DROP;
957
958 mmie = skb_put(skb, sizeof(*mmie));
959 mmie->element_id = WLAN_EID_MMIE;
960 mmie->length = sizeof(*mmie) - 2;
961 mmie->key_id = cpu_to_le16(key->conf.keyidx);
962
963 /* PN = PN + 1 */
964 pn64 = atomic64_inc_return(&key->conf.tx_pn);
965
966 bip_ipn_set64(mmie->sequence_number, pn64);
967
968 bip_aad(skb, aad);
969
970 /*
971 * MIC = AES-128-CMAC(IGTK, AAD || Management Frame Body || MMIE, 64)
972 */
973 ieee80211_aes_cmac(key->u.aes_cmac.tfm, aad,
974 skb->data + 24, skb->len - 24, mmie->mic);
975
976 return TX_CONTINUE;
977 }
978
979 ieee80211_tx_result
980 ieee80211_crypto_aes_cmac_256_encrypt(struct ieee80211_tx_data *tx)
981 {
982 struct sk_buff *skb;
983 struct ieee80211_tx_info *info;
984 struct ieee80211_key *key = tx->key;
985 struct ieee80211_mmie_16 *mmie;
986 u8 aad[20];
987 u64 pn64;
988
989 if (WARN_ON(skb_queue_len(&tx->skbs) != 1))
990 return TX_DROP;
991
992 skb = skb_peek(&tx->skbs);
993
994 info = IEEE80211_SKB_CB(skb);
995
996 if (info->control.hw_key)
997 return TX_CONTINUE;
998
999 if (WARN_ON(skb_tailroom(skb) < sizeof(*mmie)))
1000 return TX_DROP;
1001
1002 mmie = skb_put(skb, sizeof(*mmie));
1003 mmie->element_id = WLAN_EID_MMIE;
1004 mmie->length = sizeof(*mmie) - 2;
1005 mmie->key_id = cpu_to_le16(key->conf.keyidx);
1006
1007 /* PN = PN + 1 */
1008 pn64 = atomic64_inc_return(&key->conf.tx_pn);
1009
1010 bip_ipn_set64(mmie->sequence_number, pn64);
1011
1012 bip_aad(skb, aad);
1013
1014 /* MIC = AES-256-CMAC(IGTK, AAD || Management Frame Body || MMIE, 128)
1015 */
1016 ieee80211_aes_cmac_256(key->u.aes_cmac.tfm, aad,
1017 skb->data + 24, skb->len - 24, mmie->mic);
1018
1019 return TX_CONTINUE;
1020 }
1021
1022 ieee80211_rx_result
1023 ieee80211_crypto_aes_cmac_decrypt(struct ieee80211_rx_data *rx)
1024 {
1025 struct sk_buff *skb = rx->skb;
1026 struct ieee80211_rx_status *status = IEEE80211_SKB_RXCB(skb);
1027 struct ieee80211_key *key = rx->key;
1028 struct ieee80211_mmie *mmie;
1029 u8 aad[20], mic[8], ipn[6];
1030 struct ieee80211_hdr *hdr = (struct ieee80211_hdr *) skb->data;
1031
1032 if (!ieee80211_is_mgmt(hdr->frame_control))
1033 return RX_CONTINUE;
1034
1035 /* management frames are already linear */
1036
1037 if (skb->len < 24 + sizeof(*mmie))
1038 return RX_DROP_UNUSABLE;
1039
1040 mmie = (struct ieee80211_mmie *)
1041 (skb->data + skb->len - sizeof(*mmie));
1042 if (mmie->element_id != WLAN_EID_MMIE ||
1043 mmie->length != sizeof(*mmie) - 2)
1044 return RX_DROP_UNUSABLE; /* Invalid MMIE */
1045
1046 bip_ipn_swap(ipn, mmie->sequence_number);
1047
1048 if (memcmp(ipn, key->u.aes_cmac.rx_pn, 6) <= 0) {
1049 key->u.aes_cmac.replays++;
1050 return RX_DROP_UNUSABLE;
1051 }
1052
1053 if (!(status->flag & RX_FLAG_DECRYPTED)) {
1054 /* hardware didn't decrypt/verify MIC */
1055 bip_aad(skb, aad);
1056 ieee80211_aes_cmac(key->u.aes_cmac.tfm, aad,
1057 skb->data + 24, skb->len - 24, mic);
1058 if (crypto_memneq(mic, mmie->mic, sizeof(mmie->mic))) {
1059 key->u.aes_cmac.icverrors++;
1060 return RX_DROP_UNUSABLE;
1061 }
1062 }
1063
1064 memcpy(key->u.aes_cmac.rx_pn, ipn, 6);
1065
1066 /* Remove MMIE */
1067 skb_trim(skb, skb->len - sizeof(*mmie));
1068
1069 return RX_CONTINUE;
1070 }
1071
1072 ieee80211_rx_result
1073 ieee80211_crypto_aes_cmac_256_decrypt(struct ieee80211_rx_data *rx)
1074 {
1075 struct sk_buff *skb = rx->skb;
1076 struct ieee80211_rx_status *status = IEEE80211_SKB_RXCB(skb);
1077 struct ieee80211_key *key = rx->key;
1078 struct ieee80211_mmie_16 *mmie;
1079 u8 aad[20], mic[16], ipn[6];
1080 struct ieee80211_hdr *hdr = (struct ieee80211_hdr *)skb->data;
1081
1082 if (!ieee80211_is_mgmt(hdr->frame_control))
1083 return RX_CONTINUE;
1084
1085 /* management frames are already linear */
1086
1087 if (skb->len < 24 + sizeof(*mmie))
1088 return RX_DROP_UNUSABLE;
1089
1090 mmie = (struct ieee80211_mmie_16 *)
1091 (skb->data + skb->len - sizeof(*mmie));
1092 if (mmie->element_id != WLAN_EID_MMIE ||
1093 mmie->length != sizeof(*mmie) - 2)
1094 return RX_DROP_UNUSABLE; /* Invalid MMIE */
1095
1096 bip_ipn_swap(ipn, mmie->sequence_number);
1097
1098 if (memcmp(ipn, key->u.aes_cmac.rx_pn, 6) <= 0) {
1099 key->u.aes_cmac.replays++;
1100 return RX_DROP_UNUSABLE;
1101 }
1102
1103 if (!(status->flag & RX_FLAG_DECRYPTED)) {
1104 /* hardware didn't decrypt/verify MIC */
1105 bip_aad(skb, aad);
1106 ieee80211_aes_cmac_256(key->u.aes_cmac.tfm, aad,
1107 skb->data + 24, skb->len - 24, mic);
1108 if (crypto_memneq(mic, mmie->mic, sizeof(mmie->mic))) {
1109 key->u.aes_cmac.icverrors++;
1110 return RX_DROP_UNUSABLE;
1111 }
1112 }
1113
1114 memcpy(key->u.aes_cmac.rx_pn, ipn, 6);
1115
1116 /* Remove MMIE */
1117 skb_trim(skb, skb->len - sizeof(*mmie));
1118
1119 return RX_CONTINUE;
1120 }
1121
1122 ieee80211_tx_result
1123 ieee80211_crypto_aes_gmac_encrypt(struct ieee80211_tx_data *tx)
1124 {
1125 struct sk_buff *skb;
1126 struct ieee80211_tx_info *info;
1127 struct ieee80211_key *key = tx->key;
1128 struct ieee80211_mmie_16 *mmie;
1129 struct ieee80211_hdr *hdr;
1130 u8 aad[GMAC_AAD_LEN];
1131 u64 pn64;
1132 u8 nonce[GMAC_NONCE_LEN];
1133
1134 if (WARN_ON(skb_queue_len(&tx->skbs) != 1))
1135 return TX_DROP;
1136
1137 skb = skb_peek(&tx->skbs);
1138
1139 info = IEEE80211_SKB_CB(skb);
1140
1141 if (info->control.hw_key)
1142 return TX_CONTINUE;
1143
1144 if (WARN_ON(skb_tailroom(skb) < sizeof(*mmie)))
1145 return TX_DROP;
1146
1147 mmie = skb_put(skb, sizeof(*mmie));
1148 mmie->element_id = WLAN_EID_MMIE;
1149 mmie->length = sizeof(*mmie) - 2;
1150 mmie->key_id = cpu_to_le16(key->conf.keyidx);
1151
1152 /* PN = PN + 1 */
1153 pn64 = atomic64_inc_return(&key->conf.tx_pn);
1154
1155 bip_ipn_set64(mmie->sequence_number, pn64);
1156
1157 bip_aad(skb, aad);
1158
1159 hdr = (struct ieee80211_hdr *)skb->data;
1160 memcpy(nonce, hdr->addr2, ETH_ALEN);
1161 bip_ipn_swap(nonce + ETH_ALEN, mmie->sequence_number);
1162
1163 /* MIC = AES-GMAC(IGTK, AAD || Management Frame Body || MMIE, 128) */
1164 if (ieee80211_aes_gmac(key->u.aes_gmac.tfm, aad, nonce,
1165 skb->data + 24, skb->len - 24, mmie->mic) < 0)
1166 return TX_DROP;
1167
1168 return TX_CONTINUE;
1169 }
1170
1171 ieee80211_rx_result
1172 ieee80211_crypto_aes_gmac_decrypt(struct ieee80211_rx_data *rx)
1173 {
1174 struct sk_buff *skb = rx->skb;
1175 struct ieee80211_rx_status *status = IEEE80211_SKB_RXCB(skb);
1176 struct ieee80211_key *key = rx->key;
1177 struct ieee80211_mmie_16 *mmie;
1178 u8 aad[GMAC_AAD_LEN], *mic, ipn[6], nonce[GMAC_NONCE_LEN];
1179 struct ieee80211_hdr *hdr = (struct ieee80211_hdr *)skb->data;
1180
1181 if (!ieee80211_is_mgmt(hdr->frame_control))
1182 return RX_CONTINUE;
1183
1184 /* management frames are already linear */
1185
1186 if (skb->len < 24 + sizeof(*mmie))
1187 return RX_DROP_UNUSABLE;
1188
1189 mmie = (struct ieee80211_mmie_16 *)
1190 (skb->data + skb->len - sizeof(*mmie));
1191 if (mmie->element_id != WLAN_EID_MMIE ||
1192 mmie->length != sizeof(*mmie) - 2)
1193 return RX_DROP_UNUSABLE; /* Invalid MMIE */
1194
1195 bip_ipn_swap(ipn, mmie->sequence_number);
1196
1197 if (memcmp(ipn, key->u.aes_gmac.rx_pn, 6) <= 0) {
1198 key->u.aes_gmac.replays++;
1199 return RX_DROP_UNUSABLE;
1200 }
1201
1202 if (!(status->flag & RX_FLAG_DECRYPTED)) {
1203 /* hardware didn't decrypt/verify MIC */
1204 bip_aad(skb, aad);
1205
1206 memcpy(nonce, hdr->addr2, ETH_ALEN);
1207 memcpy(nonce + ETH_ALEN, ipn, 6);
1208
1209 mic = kmalloc(GMAC_MIC_LEN, GFP_ATOMIC);
1210 if (!mic)
1211 return RX_DROP_UNUSABLE;
1212 if (ieee80211_aes_gmac(key->u.aes_gmac.tfm, aad, nonce,
1213 skb->data + 24, skb->len - 24,
1214 mic) < 0 ||
1215 crypto_memneq(mic, mmie->mic, sizeof(mmie->mic))) {
1216 key->u.aes_gmac.icverrors++;
1217 kfree(mic);
1218 return RX_DROP_UNUSABLE;
1219 }
1220 kfree(mic);
1221 }
1222
1223 memcpy(key->u.aes_gmac.rx_pn, ipn, 6);
1224
1225 /* Remove MMIE */
1226 skb_trim(skb, skb->len - sizeof(*mmie));
1227
1228 return RX_CONTINUE;
1229 }
1230
1231 ieee80211_tx_result
1232 ieee80211_crypto_hw_encrypt(struct ieee80211_tx_data *tx)
1233 {
1234 struct sk_buff *skb;
1235 struct ieee80211_tx_info *info = NULL;
1236 ieee80211_tx_result res;
1237
1238 skb_queue_walk(&tx->skbs, skb) {
1239 info = IEEE80211_SKB_CB(skb);
1240
1241 /* handle hw-only algorithm */
1242 if (!info->control.hw_key)
1243 return TX_DROP;
1244
1245 if (tx->key->flags & KEY_FLAG_CIPHER_SCHEME) {
1246 res = ieee80211_crypto_cs_encrypt(tx, skb);
1247 if (res != TX_CONTINUE)
1248 return res;
1249 }
1250 }
1251
1252 ieee80211_tx_set_protected(tx);
1253
1254 return TX_CONTINUE;
1255 }
1256
1257 ieee80211_rx_result
1258 ieee80211_crypto_hw_decrypt(struct ieee80211_rx_data *rx)
1259 {
1260 if (rx->sta && rx->sta->cipher_scheme)
1261 return ieee80211_crypto_cs_decrypt(rx);
1262
1263 return RX_DROP_UNUSABLE;
1264 }
Linux with added FPC-III support