1 /* 2 * Copyright 2002-2004, Instant802 Networks, Inc. 3 * Copyright 2008, Jouni Malinen <j@w1.fi> 4 * Copyright (C) 2016 Intel Deutschland GmbH 5 * 6 * This program is free software; you can redistribute it and/or modify 7 * it under the terms of the GNU General Public License version 2 as 8 * published by the Free Software Foundation. 9 */ 10 11 #include <linux/netdevice.h> 12 #include <linux/types.h> 13 #include <linux/skbuff.h> 14 #include <linux/compiler.h> 15 #include <linux/ieee80211.h> 16 #include <linux/gfp.h> 17 #include <asm/unaligned.h> 18 #include <net/mac80211.h> 19 #include <crypto/aes.h> 20 21 #include "ieee80211_i.h" 22 #include "michael.h" 23 #include "tkip.h" 24 #include "aes_ccm.h" 25 #include "aes_cmac.h" 26 #include "aes_gmac.h" 27 #include "aes_gcm.h" 28 #include "wpa.h" 29 30 ieee80211_tx_result 31 ieee80211_tx_h_michael_mic_add(struct ieee80211_tx_data *tx) 32 { 33 u8 *data, *key, *mic; 34 size_t data_len; 35 unsigned int hdrlen; 36 struct ieee80211_hdr *hdr; 37 struct sk_buff *skb = tx->skb; 38 struct ieee80211_tx_info *info = IEEE80211_SKB_CB(skb); 39 int tail; 40 41 hdr = (struct ieee80211_hdr *)skb->data; 42 if (!tx->key || tx->key->conf.cipher != WLAN_CIPHER_SUITE_TKIP || 43 skb->len < 24 || !ieee80211_is_data_present(hdr->frame_control)) 44 return TX_CONTINUE; 45 46 hdrlen = ieee80211_hdrlen(hdr->frame_control); 47 if (skb->len < hdrlen) 48 return TX_DROP; 49 50 data = skb->data + hdrlen; 51 data_len = skb->len - hdrlen; 52 53 if (unlikely(info->flags & IEEE80211_TX_INTFL_TKIP_MIC_FAILURE)) { 54 /* Need to use software crypto for the test */ 55 info->control.hw_key = NULL; 56 } 57 58 if (info->control.hw_key && 59 (info->flags & IEEE80211_TX_CTL_DONTFRAG || 60 tx->local->ops->set_frag_threshold) && 61 !(tx->key->conf.flags & IEEE80211_KEY_FLAG_GENERATE_MMIC)) { 62 /* hwaccel - with no need for SW-generated MMIC */ 63 return TX_CONTINUE; 64 } 65 66 tail = MICHAEL_MIC_LEN; 67 if (!info->control.hw_key) 68 tail += IEEE80211_TKIP_ICV_LEN; 69 70 if (WARN(skb_tailroom(skb) < tail || 71 skb_headroom(skb) < IEEE80211_TKIP_IV_LEN, 72 "mmic: not enough head/tail (%d/%d,%d/%d)\n", 73 skb_headroom(skb), IEEE80211_TKIP_IV_LEN, 74 skb_tailroom(skb), tail)) 75 return TX_DROP; 76 77 key = &tx->key->conf.key[NL80211_TKIP_DATA_OFFSET_TX_MIC_KEY]; 78 mic = skb_put(skb, MICHAEL_MIC_LEN); 79 michael_mic(key, hdr, data, data_len, mic); 80 if (unlikely(info->flags & IEEE80211_TX_INTFL_TKIP_MIC_FAILURE)) 81 mic[0]++; 82 83 return TX_CONTINUE; 84 } 85 86 87 ieee80211_rx_result 88 ieee80211_rx_h_michael_mic_verify(struct ieee80211_rx_data *rx) 89 { 90 u8 *data, *key = NULL; 91 size_t data_len; 92 unsigned int hdrlen; 93 u8 mic[MICHAEL_MIC_LEN]; 94 struct sk_buff *skb = rx->skb; 95 struct ieee80211_rx_status *status = IEEE80211_SKB_RXCB(skb); 96 struct ieee80211_hdr *hdr = (struct ieee80211_hdr *)skb->data; 97 98 /* 99 * it makes no sense to check for MIC errors on anything other 100 * than data frames. 101 */ 102 if (!ieee80211_is_data_present(hdr->frame_control)) 103 return RX_CONTINUE; 104 105 /* 106 * No way to verify the MIC if the hardware stripped it or 107 * the IV with the key index. In this case we have solely rely 108 * on the driver to set RX_FLAG_MMIC_ERROR in the event of a 109 * MIC failure report. 110 */ 111 if (status->flag & (RX_FLAG_MMIC_STRIPPED | RX_FLAG_IV_STRIPPED)) { 112 if (status->flag & RX_FLAG_MMIC_ERROR) 113 goto mic_fail_no_key; 114 115 if (!(status->flag & RX_FLAG_IV_STRIPPED) && rx->key && 116 rx->key->conf.cipher == WLAN_CIPHER_SUITE_TKIP) 117 goto update_iv; 118 119 return RX_CONTINUE; 120 } 121 122 /* 123 * Some hardware seems to generate Michael MIC failure reports; even 124 * though, the frame was not encrypted with TKIP and therefore has no 125 * MIC. Ignore the flag them to avoid triggering countermeasures. 126 */ 127 if (!rx->key || rx->key->conf.cipher != WLAN_CIPHER_SUITE_TKIP || 128 !(status->flag & RX_FLAG_DECRYPTED)) 129 return RX_CONTINUE; 130 131 if (rx->sdata->vif.type == NL80211_IFTYPE_AP && rx->key->conf.keyidx) { 132 /* 133 * APs with pairwise keys should never receive Michael MIC 134 * errors for non-zero keyidx because these are reserved for 135 * group keys and only the AP is sending real multicast 136 * frames in the BSS. 137 */ 138 return RX_DROP_UNUSABLE; 139 } 140 141 if (status->flag & RX_FLAG_MMIC_ERROR) 142 goto mic_fail; 143 144 hdrlen = ieee80211_hdrlen(hdr->frame_control); 145 if (skb->len < hdrlen + MICHAEL_MIC_LEN) 146 return RX_DROP_UNUSABLE; 147 148 if (skb_linearize(rx->skb)) 149 return RX_DROP_UNUSABLE; 150 hdr = (void *)skb->data; 151 152 data = skb->data + hdrlen; 153 data_len = skb->len - hdrlen - MICHAEL_MIC_LEN; 154 key = &rx->key->conf.key[NL80211_TKIP_DATA_OFFSET_RX_MIC_KEY]; 155 michael_mic(key, hdr, data, data_len, mic); 156 if (memcmp(mic, data + data_len, MICHAEL_MIC_LEN) != 0) 157 goto mic_fail; 158 159 /* remove Michael MIC from payload */ 160 skb_trim(skb, skb->len - MICHAEL_MIC_LEN); 161 162 update_iv: 163 /* update IV in key information to be able to detect replays */ 164 rx->key->u.tkip.rx[rx->security_idx].iv32 = rx->tkip_iv32; 165 rx->key->u.tkip.rx[rx->security_idx].iv16 = rx->tkip_iv16; 166 167 return RX_CONTINUE; 168 169 mic_fail: 170 rx->key->u.tkip.mic_failures++; 171 172 mic_fail_no_key: 173 /* 174 * In some cases the key can be unset - e.g. a multicast packet, in 175 * a driver that supports HW encryption. Send up the key idx only if 176 * the key is set. 177 */ 178 cfg80211_michael_mic_failure(rx->sdata->dev, hdr->addr2, 179 is_multicast_ether_addr(hdr->addr1) ? 180 NL80211_KEYTYPE_GROUP : 181 NL80211_KEYTYPE_PAIRWISE, 182 rx->key ? rx->key->conf.keyidx : -1, 183 NULL, GFP_ATOMIC); 184 return RX_DROP_UNUSABLE; 185 } 186 187 static int tkip_encrypt_skb(struct ieee80211_tx_data *tx, struct sk_buff *skb) 188 { 189 struct ieee80211_hdr *hdr = (struct ieee80211_hdr *) skb->data; 190 struct ieee80211_key *key = tx->key; 191 struct ieee80211_tx_info *info = IEEE80211_SKB_CB(skb); 192 unsigned int hdrlen; 193 int len, tail; 194 u64 pn; 195 u8 *pos; 196 197 if (info->control.hw_key && 198 !(info->control.hw_key->flags & IEEE80211_KEY_FLAG_GENERATE_IV) && 199 !(info->control.hw_key->flags & IEEE80211_KEY_FLAG_PUT_IV_SPACE)) { 200 /* hwaccel - with no need for software-generated IV */ 201 return 0; 202 } 203 204 hdrlen = ieee80211_hdrlen(hdr->frame_control); 205 len = skb->len - hdrlen; 206 207 if (info->control.hw_key) 208 tail = 0; 209 else 210 tail = IEEE80211_TKIP_ICV_LEN; 211 212 if (WARN_ON(skb_tailroom(skb) < tail || 213 skb_headroom(skb) < IEEE80211_TKIP_IV_LEN)) 214 return -1; 215 216 pos = skb_push(skb, IEEE80211_TKIP_IV_LEN); 217 memmove(pos, pos + IEEE80211_TKIP_IV_LEN, hdrlen); 218 pos += hdrlen; 219 220 /* the HW only needs room for the IV, but not the actual IV */ 221 if (info->control.hw_key && 222 (info->control.hw_key->flags & IEEE80211_KEY_FLAG_PUT_IV_SPACE)) 223 return 0; 224 225 /* Increase IV for the frame */ 226 pn = atomic64_inc_return(&key->conf.tx_pn); 227 pos = ieee80211_tkip_add_iv(pos, &key->conf, pn); 228 229 /* hwaccel - with software IV */ 230 if (info->control.hw_key) 231 return 0; 232 233 /* Add room for ICV */ 234 skb_put(skb, IEEE80211_TKIP_ICV_LEN); 235 236 return ieee80211_tkip_encrypt_data(tx->local->wep_tx_tfm, 237 key, skb, pos, len); 238 } 239 240 241 ieee80211_tx_result 242 ieee80211_crypto_tkip_encrypt(struct ieee80211_tx_data *tx) 243 { 244 struct sk_buff *skb; 245 246 ieee80211_tx_set_protected(tx); 247 248 skb_queue_walk(&tx->skbs, skb) { 249 if (tkip_encrypt_skb(tx, skb) < 0) 250 return TX_DROP; 251 } 252 253 return TX_CONTINUE; 254 } 255 256 257 ieee80211_rx_result 258 ieee80211_crypto_tkip_decrypt(struct ieee80211_rx_data *rx) 259 { 260 struct ieee80211_hdr *hdr = (struct ieee80211_hdr *) rx->skb->data; 261 int hdrlen, res, hwaccel = 0; 262 struct ieee80211_key *key = rx->key; 263 struct sk_buff *skb = rx->skb; 264 struct ieee80211_rx_status *status = IEEE80211_SKB_RXCB(skb); 265 266 hdrlen = ieee80211_hdrlen(hdr->frame_control); 267 268 if (!ieee80211_is_data(hdr->frame_control)) 269 return RX_CONTINUE; 270 271 if (!rx->sta || skb->len - hdrlen < 12) 272 return RX_DROP_UNUSABLE; 273 274 /* it may be possible to optimize this a bit more */ 275 if (skb_linearize(rx->skb)) 276 return RX_DROP_UNUSABLE; 277 hdr = (void *)skb->data; 278 279 /* 280 * Let TKIP code verify IV, but skip decryption. 281 * In the case where hardware checks the IV as well, 282 * we don't even get here, see ieee80211_rx_h_decrypt() 283 */ 284 if (status->flag & RX_FLAG_DECRYPTED) 285 hwaccel = 1; 286 287 res = ieee80211_tkip_decrypt_data(rx->local->wep_rx_tfm, 288 key, skb->data + hdrlen, 289 skb->len - hdrlen, rx->sta->sta.addr, 290 hdr->addr1, hwaccel, rx->security_idx, 291 &rx->tkip_iv32, 292 &rx->tkip_iv16); 293 if (res != TKIP_DECRYPT_OK) 294 return RX_DROP_UNUSABLE; 295 296 /* Trim ICV */ 297 skb_trim(skb, skb->len - IEEE80211_TKIP_ICV_LEN); 298 299 /* Remove IV */ 300 memmove(skb->data + IEEE80211_TKIP_IV_LEN, skb->data, hdrlen); 301 skb_pull(skb, IEEE80211_TKIP_IV_LEN); 302 303 return RX_CONTINUE; 304 } 305 306 307 static void ccmp_special_blocks(struct sk_buff *skb, u8 *pn, u8 *b_0, u8 *aad) 308 { 309 __le16 mask_fc; 310 int a4_included, mgmt; 311 u8 qos_tid; 312 u16 len_a; 313 unsigned int hdrlen; 314 struct ieee80211_hdr *hdr = (struct ieee80211_hdr *)skb->data; 315 316 /* 317 * Mask FC: zero subtype b4 b5 b6 (if not mgmt) 318 * Retry, PwrMgt, MoreData; set Protected 319 */ 320 mgmt = ieee80211_is_mgmt(hdr->frame_control); 321 mask_fc = hdr->frame_control; 322 mask_fc &= ~cpu_to_le16(IEEE80211_FCTL_RETRY | 323 IEEE80211_FCTL_PM | IEEE80211_FCTL_MOREDATA); 324 if (!mgmt) 325 mask_fc &= ~cpu_to_le16(0x0070); 326 mask_fc |= cpu_to_le16(IEEE80211_FCTL_PROTECTED); 327 328 hdrlen = ieee80211_hdrlen(hdr->frame_control); 329 len_a = hdrlen - 2; 330 a4_included = ieee80211_has_a4(hdr->frame_control); 331 332 if (ieee80211_is_data_qos(hdr->frame_control)) 333 qos_tid = *ieee80211_get_qos_ctl(hdr) & IEEE80211_QOS_CTL_TID_MASK; 334 else 335 qos_tid = 0; 336 337 /* In CCM, the initial vectors (IV) used for CTR mode encryption and CBC 338 * mode authentication are not allowed to collide, yet both are derived 339 * from this vector b_0. We only set L := 1 here to indicate that the 340 * data size can be represented in (L+1) bytes. The CCM layer will take 341 * care of storing the data length in the top (L+1) bytes and setting 342 * and clearing the other bits as is required to derive the two IVs. 343 */ 344 b_0[0] = 0x1; 345 346 /* Nonce: Nonce Flags | A2 | PN 347 * Nonce Flags: Priority (b0..b3) | Management (b4) | Reserved (b5..b7) 348 */ 349 b_0[1] = qos_tid | (mgmt << 4); 350 memcpy(&b_0[2], hdr->addr2, ETH_ALEN); 351 memcpy(&b_0[8], pn, IEEE80211_CCMP_PN_LEN); 352 353 /* AAD (extra authenticate-only data) / masked 802.11 header 354 * FC | A1 | A2 | A3 | SC | [A4] | [QC] */ 355 put_unaligned_be16(len_a, &aad[0]); 356 put_unaligned(mask_fc, (__le16 *)&aad[2]); 357 memcpy(&aad[4], &hdr->addr1, 3 * ETH_ALEN); 358 359 /* Mask Seq#, leave Frag# */ 360 aad[22] = *((u8 *) &hdr->seq_ctrl) & 0x0f; 361 aad[23] = 0; 362 363 if (a4_included) { 364 memcpy(&aad[24], hdr->addr4, ETH_ALEN); 365 aad[30] = qos_tid; 366 aad[31] = 0; 367 } else { 368 memset(&aad[24], 0, ETH_ALEN + IEEE80211_QOS_CTL_LEN); 369 aad[24] = qos_tid; 370 } 371 } 372 373 374 static inline void ccmp_pn2hdr(u8 *hdr, u8 *pn, int key_id) 375 { 376 hdr[0] = pn[5]; 377 hdr[1] = pn[4]; 378 hdr[2] = 0; 379 hdr[3] = 0x20 | (key_id << 6); 380 hdr[4] = pn[3]; 381 hdr[5] = pn[2]; 382 hdr[6] = pn[1]; 383 hdr[7] = pn[0]; 384 } 385 386 387 static inline void ccmp_hdr2pn(u8 *pn, u8 *hdr) 388 { 389 pn[0] = hdr[7]; 390 pn[1] = hdr[6]; 391 pn[2] = hdr[5]; 392 pn[3] = hdr[4]; 393 pn[4] = hdr[1]; 394 pn[5] = hdr[0]; 395 } 396 397 398 static int ccmp_encrypt_skb(struct ieee80211_tx_data *tx, struct sk_buff *skb, 399 unsigned int mic_len) 400 { 401 struct ieee80211_hdr *hdr = (struct ieee80211_hdr *) skb->data; 402 struct ieee80211_key *key = tx->key; 403 struct ieee80211_tx_info *info = IEEE80211_SKB_CB(skb); 404 int hdrlen, len, tail; 405 u8 *pos; 406 u8 pn[6]; 407 u64 pn64; 408 u8 aad[2 * AES_BLOCK_SIZE]; 409 u8 b_0[AES_BLOCK_SIZE]; 410 411 if (info->control.hw_key && 412 !(info->control.hw_key->flags & IEEE80211_KEY_FLAG_GENERATE_IV) && 413 !(info->control.hw_key->flags & IEEE80211_KEY_FLAG_PUT_IV_SPACE) && 414 !((info->control.hw_key->flags & 415 IEEE80211_KEY_FLAG_GENERATE_IV_MGMT) && 416 ieee80211_is_mgmt(hdr->frame_control))) { 417 /* 418 * hwaccel has no need for preallocated room for CCMP 419 * header or MIC fields 420 */ 421 return 0; 422 } 423 424 hdrlen = ieee80211_hdrlen(hdr->frame_control); 425 len = skb->len - hdrlen; 426 427 if (info->control.hw_key) 428 tail = 0; 429 else 430 tail = mic_len; 431 432 if (WARN_ON(skb_tailroom(skb) < tail || 433 skb_headroom(skb) < IEEE80211_CCMP_HDR_LEN)) 434 return -1; 435 436 pos = skb_push(skb, IEEE80211_CCMP_HDR_LEN); 437 memmove(pos, pos + IEEE80211_CCMP_HDR_LEN, hdrlen); 438 439 /* the HW only needs room for the IV, but not the actual IV */ 440 if (info->control.hw_key && 441 (info->control.hw_key->flags & IEEE80211_KEY_FLAG_PUT_IV_SPACE)) 442 return 0; 443 444 hdr = (struct ieee80211_hdr *) pos; 445 pos += hdrlen; 446 447 pn64 = atomic64_inc_return(&key->conf.tx_pn); 448 449 pn[5] = pn64; 450 pn[4] = pn64 >> 8; 451 pn[3] = pn64 >> 16; 452 pn[2] = pn64 >> 24; 453 pn[1] = pn64 >> 32; 454 pn[0] = pn64 >> 40; 455 456 ccmp_pn2hdr(pos, pn, key->conf.keyidx); 457 458 /* hwaccel - with software CCMP header */ 459 if (info->control.hw_key) 460 return 0; 461 462 pos += IEEE80211_CCMP_HDR_LEN; 463 ccmp_special_blocks(skb, pn, b_0, aad); 464 ieee80211_aes_ccm_encrypt(key->u.ccmp.tfm, b_0, aad, pos, len, 465 skb_put(skb, mic_len), mic_len); 466 467 return 0; 468 } 469 470 471 ieee80211_tx_result 472 ieee80211_crypto_ccmp_encrypt(struct ieee80211_tx_data *tx, 473 unsigned int mic_len) 474 { 475 struct sk_buff *skb; 476 477 ieee80211_tx_set_protected(tx); 478 479 skb_queue_walk(&tx->skbs, skb) { 480 if (ccmp_encrypt_skb(tx, skb, mic_len) < 0) 481 return TX_DROP; 482 } 483 484 return TX_CONTINUE; 485 } 486 487 488 ieee80211_rx_result 489 ieee80211_crypto_ccmp_decrypt(struct ieee80211_rx_data *rx, 490 unsigned int mic_len) 491 { 492 struct ieee80211_hdr *hdr = (struct ieee80211_hdr *)rx->skb->data; 493 int hdrlen; 494 struct ieee80211_key *key = rx->key; 495 struct sk_buff *skb = rx->skb; 496 struct ieee80211_rx_status *status = IEEE80211_SKB_RXCB(skb); 497 u8 pn[IEEE80211_CCMP_PN_LEN]; 498 int data_len; 499 int queue; 500 501 hdrlen = ieee80211_hdrlen(hdr->frame_control); 502 503 if (!ieee80211_is_data(hdr->frame_control) && 504 !ieee80211_is_robust_mgmt_frame(skb)) 505 return RX_CONTINUE; 506 507 data_len = skb->len - hdrlen - IEEE80211_CCMP_HDR_LEN - mic_len; 508 if (!rx->sta || data_len < 0) 509 return RX_DROP_UNUSABLE; 510 511 if (status->flag & RX_FLAG_DECRYPTED) { 512 if (!pskb_may_pull(rx->skb, hdrlen + IEEE80211_CCMP_HDR_LEN)) 513 return RX_DROP_UNUSABLE; 514 } else { 515 if (skb_linearize(rx->skb)) 516 return RX_DROP_UNUSABLE; 517 } 518 519 if (!(status->flag & RX_FLAG_PN_VALIDATED)) { 520 ccmp_hdr2pn(pn, skb->data + hdrlen); 521 522 queue = rx->security_idx; 523 524 if (memcmp(pn, key->u.ccmp.rx_pn[queue], 525 IEEE80211_CCMP_PN_LEN) <= 0) { 526 key->u.ccmp.replays++; 527 return RX_DROP_UNUSABLE; 528 } 529 530 if (!(status->flag & RX_FLAG_DECRYPTED)) { 531 u8 aad[2 * AES_BLOCK_SIZE]; 532 u8 b_0[AES_BLOCK_SIZE]; 533 /* hardware didn't decrypt/verify MIC */ 534 ccmp_special_blocks(skb, pn, b_0, aad); 535 536 if (ieee80211_aes_ccm_decrypt( 537 key->u.ccmp.tfm, b_0, aad, 538 skb->data + hdrlen + IEEE80211_CCMP_HDR_LEN, 539 data_len, 540 skb->data + skb->len - mic_len, mic_len)) 541 return RX_DROP_UNUSABLE; 542 } 543 544 memcpy(key->u.ccmp.rx_pn[queue], pn, IEEE80211_CCMP_PN_LEN); 545 } 546 547 /* Remove CCMP header and MIC */ 548 if (pskb_trim(skb, skb->len - mic_len)) 549 return RX_DROP_UNUSABLE; 550 memmove(skb->data + IEEE80211_CCMP_HDR_LEN, skb->data, hdrlen); 551 skb_pull(skb, IEEE80211_CCMP_HDR_LEN); 552 553 return RX_CONTINUE; 554 } 555 556 static void gcmp_special_blocks(struct sk_buff *skb, u8 *pn, u8 *j_0, u8 *aad) 557 { 558 __le16 mask_fc; 559 u8 qos_tid; 560 struct ieee80211_hdr *hdr = (struct ieee80211_hdr *)skb->data; 561 562 memcpy(j_0, hdr->addr2, ETH_ALEN); 563 memcpy(&j_0[ETH_ALEN], pn, IEEE80211_GCMP_PN_LEN); 564 j_0[13] = 0; 565 j_0[14] = 0; 566 j_0[AES_BLOCK_SIZE - 1] = 0x01; 567 568 /* AAD (extra authenticate-only data) / masked 802.11 header 569 * FC | A1 | A2 | A3 | SC | [A4] | [QC] 570 */ 571 put_unaligned_be16(ieee80211_hdrlen(hdr->frame_control) - 2, &aad[0]); 572 /* Mask FC: zero subtype b4 b5 b6 (if not mgmt) 573 * Retry, PwrMgt, MoreData; set Protected 574 */ 575 mask_fc = hdr->frame_control; 576 mask_fc &= ~cpu_to_le16(IEEE80211_FCTL_RETRY | 577 IEEE80211_FCTL_PM | IEEE80211_FCTL_MOREDATA); 578 if (!ieee80211_is_mgmt(hdr->frame_control)) 579 mask_fc &= ~cpu_to_le16(0x0070); 580 mask_fc |= cpu_to_le16(IEEE80211_FCTL_PROTECTED); 581 582 put_unaligned(mask_fc, (__le16 *)&aad[2]); 583 memcpy(&aad[4], &hdr->addr1, 3 * ETH_ALEN); 584 585 /* Mask Seq#, leave Frag# */ 586 aad[22] = *((u8 *)&hdr->seq_ctrl) & 0x0f; 587 aad[23] = 0; 588 589 if (ieee80211_is_data_qos(hdr->frame_control)) 590 qos_tid = *ieee80211_get_qos_ctl(hdr) & 591 IEEE80211_QOS_CTL_TID_MASK; 592 else 593 qos_tid = 0; 594 595 if (ieee80211_has_a4(hdr->frame_control)) { 596 memcpy(&aad[24], hdr->addr4, ETH_ALEN); 597 aad[30] = qos_tid; 598 aad[31] = 0; 599 } else { 600 memset(&aad[24], 0, ETH_ALEN + IEEE80211_QOS_CTL_LEN); 601 aad[24] = qos_tid; 602 } 603 } 604 605 static inline void gcmp_pn2hdr(u8 *hdr, const u8 *pn, int key_id) 606 { 607 hdr[0] = pn[5]; 608 hdr[1] = pn[4]; 609 hdr[2] = 0; 610 hdr[3] = 0x20 | (key_id << 6); 611 hdr[4] = pn[3]; 612 hdr[5] = pn[2]; 613 hdr[6] = pn[1]; 614 hdr[7] = pn[0]; 615 } 616 617 static inline void gcmp_hdr2pn(u8 *pn, const u8 *hdr) 618 { 619 pn[0] = hdr[7]; 620 pn[1] = hdr[6]; 621 pn[2] = hdr[5]; 622 pn[3] = hdr[4]; 623 pn[4] = hdr[1]; 624 pn[5] = hdr[0]; 625 } 626 627 static int gcmp_encrypt_skb(struct ieee80211_tx_data *tx, struct sk_buff *skb) 628 { 629 struct ieee80211_hdr *hdr = (struct ieee80211_hdr *)skb->data; 630 struct ieee80211_key *key = tx->key; 631 struct ieee80211_tx_info *info = IEEE80211_SKB_CB(skb); 632 int hdrlen, len, tail; 633 u8 *pos; 634 u8 pn[6]; 635 u64 pn64; 636 u8 aad[2 * AES_BLOCK_SIZE]; 637 u8 j_0[AES_BLOCK_SIZE]; 638 639 if (info->control.hw_key && 640 !(info->control.hw_key->flags & IEEE80211_KEY_FLAG_GENERATE_IV) && 641 !(info->control.hw_key->flags & IEEE80211_KEY_FLAG_PUT_IV_SPACE) && 642 !((info->control.hw_key->flags & 643 IEEE80211_KEY_FLAG_GENERATE_IV_MGMT) && 644 ieee80211_is_mgmt(hdr->frame_control))) { 645 /* hwaccel has no need for preallocated room for GCMP 646 * header or MIC fields 647 */ 648 return 0; 649 } 650 651 hdrlen = ieee80211_hdrlen(hdr->frame_control); 652 len = skb->len - hdrlen; 653 654 if (info->control.hw_key) 655 tail = 0; 656 else 657 tail = IEEE80211_GCMP_MIC_LEN; 658 659 if (WARN_ON(skb_tailroom(skb) < tail || 660 skb_headroom(skb) < IEEE80211_GCMP_HDR_LEN)) 661 return -1; 662 663 pos = skb_push(skb, IEEE80211_GCMP_HDR_LEN); 664 memmove(pos, pos + IEEE80211_GCMP_HDR_LEN, hdrlen); 665 skb_set_network_header(skb, skb_network_offset(skb) + 666 IEEE80211_GCMP_HDR_LEN); 667 668 /* the HW only needs room for the IV, but not the actual IV */ 669 if (info->control.hw_key && 670 (info->control.hw_key->flags & IEEE80211_KEY_FLAG_PUT_IV_SPACE)) 671 return 0; 672 673 hdr = (struct ieee80211_hdr *)pos; 674 pos += hdrlen; 675 676 pn64 = atomic64_inc_return(&key->conf.tx_pn); 677 678 pn[5] = pn64; 679 pn[4] = pn64 >> 8; 680 pn[3] = pn64 >> 16; 681 pn[2] = pn64 >> 24; 682 pn[1] = pn64 >> 32; 683 pn[0] = pn64 >> 40; 684 685 gcmp_pn2hdr(pos, pn, key->conf.keyidx); 686 687 /* hwaccel - with software GCMP header */ 688 if (info->control.hw_key) 689 return 0; 690 691 pos += IEEE80211_GCMP_HDR_LEN; 692 gcmp_special_blocks(skb, pn, j_0, aad); 693 ieee80211_aes_gcm_encrypt(key->u.gcmp.tfm, j_0, aad, pos, len, 694 skb_put(skb, IEEE80211_GCMP_MIC_LEN)); 695 696 return 0; 697 } 698 699 ieee80211_tx_result 700 ieee80211_crypto_gcmp_encrypt(struct ieee80211_tx_data *tx) 701 { 702 struct sk_buff *skb; 703 704 ieee80211_tx_set_protected(tx); 705 706 skb_queue_walk(&tx->skbs, skb) { 707 if (gcmp_encrypt_skb(tx, skb) < 0) 708 return TX_DROP; 709 } 710 711 return TX_CONTINUE; 712 } 713 714 ieee80211_rx_result 715 ieee80211_crypto_gcmp_decrypt(struct ieee80211_rx_data *rx) 716 { 717 struct ieee80211_hdr *hdr = (struct ieee80211_hdr *)rx->skb->data; 718 int hdrlen; 719 struct ieee80211_key *key = rx->key; 720 struct sk_buff *skb = rx->skb; 721 struct ieee80211_rx_status *status = IEEE80211_SKB_RXCB(skb); 722 u8 pn[IEEE80211_GCMP_PN_LEN]; 723 int data_len; 724 int queue; 725 726 hdrlen = ieee80211_hdrlen(hdr->frame_control); 727 728 if (!ieee80211_is_data(hdr->frame_control) && 729 !ieee80211_is_robust_mgmt_frame(skb)) 730 return RX_CONTINUE; 731 732 data_len = skb->len - hdrlen - IEEE80211_GCMP_HDR_LEN - 733 IEEE80211_GCMP_MIC_LEN; 734 if (!rx->sta || data_len < 0) 735 return RX_DROP_UNUSABLE; 736 737 if (status->flag & RX_FLAG_DECRYPTED) { 738 if (!pskb_may_pull(rx->skb, hdrlen + IEEE80211_GCMP_HDR_LEN)) 739 return RX_DROP_UNUSABLE; 740 } else { 741 if (skb_linearize(rx->skb)) 742 return RX_DROP_UNUSABLE; 743 } 744 745 if (!(status->flag & RX_FLAG_PN_VALIDATED)) { 746 gcmp_hdr2pn(pn, skb->data + hdrlen); 747 748 queue = rx->security_idx; 749 750 if (memcmp(pn, key->u.gcmp.rx_pn[queue], 751 IEEE80211_GCMP_PN_LEN) <= 0) { 752 key->u.gcmp.replays++; 753 return RX_DROP_UNUSABLE; 754 } 755 756 if (!(status->flag & RX_FLAG_DECRYPTED)) { 757 u8 aad[2 * AES_BLOCK_SIZE]; 758 u8 j_0[AES_BLOCK_SIZE]; 759 /* hardware didn't decrypt/verify MIC */ 760 gcmp_special_blocks(skb, pn, j_0, aad); 761 762 if (ieee80211_aes_gcm_decrypt( 763 key->u.gcmp.tfm, j_0, aad, 764 skb->data + hdrlen + IEEE80211_GCMP_HDR_LEN, 765 data_len, 766 skb->data + skb->len - 767 IEEE80211_GCMP_MIC_LEN)) 768 return RX_DROP_UNUSABLE; 769 } 770 771 memcpy(key->u.gcmp.rx_pn[queue], pn, IEEE80211_GCMP_PN_LEN); 772 } 773 774 /* Remove GCMP header and MIC */ 775 if (pskb_trim(skb, skb->len - IEEE80211_GCMP_MIC_LEN)) 776 return RX_DROP_UNUSABLE; 777 memmove(skb->data + IEEE80211_GCMP_HDR_LEN, skb->data, hdrlen); 778 skb_pull(skb, IEEE80211_GCMP_HDR_LEN); 779 780 return RX_CONTINUE; 781 } 782 783 static ieee80211_tx_result 784 ieee80211_crypto_cs_encrypt(struct ieee80211_tx_data *tx, 785 struct sk_buff *skb) 786 { 787 struct ieee80211_hdr *hdr = (struct ieee80211_hdr *)skb->data; 788 struct ieee80211_key *key = tx->key; 789 struct ieee80211_tx_info *info = IEEE80211_SKB_CB(skb); 790 int hdrlen; 791 u8 *pos, iv_len = key->conf.iv_len; 792 793 if (info->control.hw_key && 794 !(info->control.hw_key->flags & IEEE80211_KEY_FLAG_PUT_IV_SPACE)) { 795 /* hwaccel has no need for preallocated head room */ 796 return TX_CONTINUE; 797 } 798 799 if (unlikely(skb_headroom(skb) < iv_len && 800 pskb_expand_head(skb, iv_len, 0, GFP_ATOMIC))) 801 return TX_DROP; 802 803 hdrlen = ieee80211_hdrlen(hdr->frame_control); 804 805 pos = skb_push(skb, iv_len); 806 memmove(pos, pos + iv_len, hdrlen); 807 808 return TX_CONTINUE; 809 } 810 811 static inline int ieee80211_crypto_cs_pn_compare(u8 *pn1, u8 *pn2, int len) 812 { 813 int i; 814 815 /* pn is little endian */ 816 for (i = len - 1; i >= 0; i--) { 817 if (pn1[i] < pn2[i]) 818 return -1; 819 else if (pn1[i] > pn2[i]) 820 return 1; 821 } 822 823 return 0; 824 } 825 826 static ieee80211_rx_result 827 ieee80211_crypto_cs_decrypt(struct ieee80211_rx_data *rx) 828 { 829 struct ieee80211_key *key = rx->key; 830 struct ieee80211_hdr *hdr = (struct ieee80211_hdr *)rx->skb->data; 831 const struct ieee80211_cipher_scheme *cs = NULL; 832 int hdrlen = ieee80211_hdrlen(hdr->frame_control); 833 struct ieee80211_rx_status *status = IEEE80211_SKB_RXCB(rx->skb); 834 int data_len; 835 u8 *rx_pn; 836 u8 *skb_pn; 837 u8 qos_tid; 838 839 if (!rx->sta || !rx->sta->cipher_scheme || 840 !(status->flag & RX_FLAG_DECRYPTED)) 841 return RX_DROP_UNUSABLE; 842 843 if (!ieee80211_is_data(hdr->frame_control)) 844 return RX_CONTINUE; 845 846 cs = rx->sta->cipher_scheme; 847 848 data_len = rx->skb->len - hdrlen - cs->hdr_len; 849 850 if (data_len < 0) 851 return RX_DROP_UNUSABLE; 852 853 if (ieee80211_is_data_qos(hdr->frame_control)) 854 qos_tid = *ieee80211_get_qos_ctl(hdr) & 855 IEEE80211_QOS_CTL_TID_MASK; 856 else 857 qos_tid = 0; 858 859 if (skb_linearize(rx->skb)) 860 return RX_DROP_UNUSABLE; 861 862 hdr = (struct ieee80211_hdr *)rx->skb->data; 863 864 rx_pn = key->u.gen.rx_pn[qos_tid]; 865 skb_pn = rx->skb->data + hdrlen + cs->pn_off; 866 867 if (ieee80211_crypto_cs_pn_compare(skb_pn, rx_pn, cs->pn_len) <= 0) 868 return RX_DROP_UNUSABLE; 869 870 memcpy(rx_pn, skb_pn, cs->pn_len); 871 872 /* remove security header and MIC */ 873 if (pskb_trim(rx->skb, rx->skb->len - cs->mic_len)) 874 return RX_DROP_UNUSABLE; 875 876 memmove(rx->skb->data + cs->hdr_len, rx->skb->data, hdrlen); 877 skb_pull(rx->skb, cs->hdr_len); 878 879 return RX_CONTINUE; 880 } 881 882 static void bip_aad(struct sk_buff *skb, u8 *aad) 883 { 884 __le16 mask_fc; 885 struct ieee80211_hdr *hdr = (struct ieee80211_hdr *) skb->data; 886 887 /* BIP AAD: FC(masked) || A1 || A2 || A3 */ 888 889 /* FC type/subtype */ 890 /* Mask FC Retry, PwrMgt, MoreData flags to zero */ 891 mask_fc = hdr->frame_control; 892 mask_fc &= ~cpu_to_le16(IEEE80211_FCTL_RETRY | IEEE80211_FCTL_PM | 893 IEEE80211_FCTL_MOREDATA); 894 put_unaligned(mask_fc, (__le16 *) &aad[0]); 895 /* A1 || A2 || A3 */ 896 memcpy(aad + 2, &hdr->addr1, 3 * ETH_ALEN); 897 } 898 899 900 static inline void bip_ipn_set64(u8 *d, u64 pn) 901 { 902 *d++ = pn; 903 *d++ = pn >> 8; 904 *d++ = pn >> 16; 905 *d++ = pn >> 24; 906 *d++ = pn >> 32; 907 *d = pn >> 40; 908 } 909 910 static inline void bip_ipn_swap(u8 *d, const u8 *s) 911 { 912 *d++ = s[5]; 913 *d++ = s[4]; 914 *d++ = s[3]; 915 *d++ = s[2]; 916 *d++ = s[1]; 917 *d = s[0]; 918 } 919 920 921 ieee80211_tx_result 922 ieee80211_crypto_aes_cmac_encrypt(struct ieee80211_tx_data *tx) 923 { 924 struct sk_buff *skb; 925 struct ieee80211_tx_info *info; 926 struct ieee80211_key *key = tx->key; 927 struct ieee80211_mmie *mmie; 928 u8 aad[20]; 929 u64 pn64; 930 931 if (WARN_ON(skb_queue_len(&tx->skbs) != 1)) 932 return TX_DROP; 933 934 skb = skb_peek(&tx->skbs); 935 936 info = IEEE80211_SKB_CB(skb); 937 938 if (info->control.hw_key) 939 return TX_CONTINUE; 940 941 if (WARN_ON(skb_tailroom(skb) < sizeof(*mmie))) 942 return TX_DROP; 943 944 mmie = (struct ieee80211_mmie *) skb_put(skb, sizeof(*mmie)); 945 mmie->element_id = WLAN_EID_MMIE; 946 mmie->length = sizeof(*mmie) - 2; 947 mmie->key_id = cpu_to_le16(key->conf.keyidx); 948 949 /* PN = PN + 1 */ 950 pn64 = atomic64_inc_return(&key->conf.tx_pn); 951 952 bip_ipn_set64(mmie->sequence_number, pn64); 953 954 bip_aad(skb, aad); 955 956 /* 957 * MIC = AES-128-CMAC(IGTK, AAD || Management Frame Body || MMIE, 64) 958 */ 959 ieee80211_aes_cmac(key->u.aes_cmac.tfm, aad, 960 skb->data + 24, skb->len - 24, mmie->mic); 961 962 return TX_CONTINUE; 963 } 964 965 ieee80211_tx_result 966 ieee80211_crypto_aes_cmac_256_encrypt(struct ieee80211_tx_data *tx) 967 { 968 struct sk_buff *skb; 969 struct ieee80211_tx_info *info; 970 struct ieee80211_key *key = tx->key; 971 struct ieee80211_mmie_16 *mmie; 972 u8 aad[20]; 973 u64 pn64; 974 975 if (WARN_ON(skb_queue_len(&tx->skbs) != 1)) 976 return TX_DROP; 977 978 skb = skb_peek(&tx->skbs); 979 980 info = IEEE80211_SKB_CB(skb); 981 982 if (info->control.hw_key) 983 return TX_CONTINUE; 984 985 if (WARN_ON(skb_tailroom(skb) < sizeof(*mmie))) 986 return TX_DROP; 987 988 mmie = (struct ieee80211_mmie_16 *)skb_put(skb, sizeof(*mmie)); 989 mmie->element_id = WLAN_EID_MMIE; 990 mmie->length = sizeof(*mmie) - 2; 991 mmie->key_id = cpu_to_le16(key->conf.keyidx); 992 993 /* PN = PN + 1 */ 994 pn64 = atomic64_inc_return(&key->conf.tx_pn); 995 996 bip_ipn_set64(mmie->sequence_number, pn64); 997 998 bip_aad(skb, aad); 999 1000 /* MIC = AES-256-CMAC(IGTK, AAD || Management Frame Body || MMIE, 128) 1001 */ 1002 ieee80211_aes_cmac_256(key->u.aes_cmac.tfm, aad, 1003 skb->data + 24, skb->len - 24, mmie->mic); 1004 1005 return TX_CONTINUE; 1006 } 1007 1008 ieee80211_rx_result 1009 ieee80211_crypto_aes_cmac_decrypt(struct ieee80211_rx_data *rx) 1010 { 1011 struct sk_buff *skb = rx->skb; 1012 struct ieee80211_rx_status *status = IEEE80211_SKB_RXCB(skb); 1013 struct ieee80211_key *key = rx->key; 1014 struct ieee80211_mmie *mmie; 1015 u8 aad[20], mic[8], ipn[6]; 1016 struct ieee80211_hdr *hdr = (struct ieee80211_hdr *) skb->data; 1017 1018 if (!ieee80211_is_mgmt(hdr->frame_control)) 1019 return RX_CONTINUE; 1020 1021 /* management frames are already linear */ 1022 1023 if (skb->len < 24 + sizeof(*mmie)) 1024 return RX_DROP_UNUSABLE; 1025 1026 mmie = (struct ieee80211_mmie *) 1027 (skb->data + skb->len - sizeof(*mmie)); 1028 if (mmie->element_id != WLAN_EID_MMIE || 1029 mmie->length != sizeof(*mmie) - 2) 1030 return RX_DROP_UNUSABLE; /* Invalid MMIE */ 1031 1032 bip_ipn_swap(ipn, mmie->sequence_number); 1033 1034 if (memcmp(ipn, key->u.aes_cmac.rx_pn, 6) <= 0) { 1035 key->u.aes_cmac.replays++; 1036 return RX_DROP_UNUSABLE; 1037 } 1038 1039 if (!(status->flag & RX_FLAG_DECRYPTED)) { 1040 /* hardware didn't decrypt/verify MIC */ 1041 bip_aad(skb, aad); 1042 ieee80211_aes_cmac(key->u.aes_cmac.tfm, aad, 1043 skb->data + 24, skb->len - 24, mic); 1044 if (memcmp(mic, mmie->mic, sizeof(mmie->mic)) != 0) { 1045 key->u.aes_cmac.icverrors++; 1046 return RX_DROP_UNUSABLE; 1047 } 1048 } 1049 1050 memcpy(key->u.aes_cmac.rx_pn, ipn, 6); 1051 1052 /* Remove MMIE */ 1053 skb_trim(skb, skb->len - sizeof(*mmie)); 1054 1055 return RX_CONTINUE; 1056 } 1057 1058 ieee80211_rx_result 1059 ieee80211_crypto_aes_cmac_256_decrypt(struct ieee80211_rx_data *rx) 1060 { 1061 struct sk_buff *skb = rx->skb; 1062 struct ieee80211_rx_status *status = IEEE80211_SKB_RXCB(skb); 1063 struct ieee80211_key *key = rx->key; 1064 struct ieee80211_mmie_16 *mmie; 1065 u8 aad[20], mic[16], ipn[6]; 1066 struct ieee80211_hdr *hdr = (struct ieee80211_hdr *)skb->data; 1067 1068 if (!ieee80211_is_mgmt(hdr->frame_control)) 1069 return RX_CONTINUE; 1070 1071 /* management frames are already linear */ 1072 1073 if (skb->len < 24 + sizeof(*mmie)) 1074 return RX_DROP_UNUSABLE; 1075 1076 mmie = (struct ieee80211_mmie_16 *) 1077 (skb->data + skb->len - sizeof(*mmie)); 1078 if (mmie->element_id != WLAN_EID_MMIE || 1079 mmie->length != sizeof(*mmie) - 2) 1080 return RX_DROP_UNUSABLE; /* Invalid MMIE */ 1081 1082 bip_ipn_swap(ipn, mmie->sequence_number); 1083 1084 if (memcmp(ipn, key->u.aes_cmac.rx_pn, 6) <= 0) { 1085 key->u.aes_cmac.replays++; 1086 return RX_DROP_UNUSABLE; 1087 } 1088 1089 if (!(status->flag & RX_FLAG_DECRYPTED)) { 1090 /* hardware didn't decrypt/verify MIC */ 1091 bip_aad(skb, aad); 1092 ieee80211_aes_cmac_256(key->u.aes_cmac.tfm, aad, 1093 skb->data + 24, skb->len - 24, mic); 1094 if (memcmp(mic, mmie->mic, sizeof(mmie->mic)) != 0) { 1095 key->u.aes_cmac.icverrors++; 1096 return RX_DROP_UNUSABLE; 1097 } 1098 } 1099 1100 memcpy(key->u.aes_cmac.rx_pn, ipn, 6); 1101 1102 /* Remove MMIE */ 1103 skb_trim(skb, skb->len - sizeof(*mmie)); 1104 1105 return RX_CONTINUE; 1106 } 1107 1108 ieee80211_tx_result 1109 ieee80211_crypto_aes_gmac_encrypt(struct ieee80211_tx_data *tx) 1110 { 1111 struct sk_buff *skb; 1112 struct ieee80211_tx_info *info; 1113 struct ieee80211_key *key = tx->key; 1114 struct ieee80211_mmie_16 *mmie; 1115 struct ieee80211_hdr *hdr; 1116 u8 aad[20]; 1117 u64 pn64; 1118 u8 nonce[12]; 1119 1120 if (WARN_ON(skb_queue_len(&tx->skbs) != 1)) 1121 return TX_DROP; 1122 1123 skb = skb_peek(&tx->skbs); 1124 1125 info = IEEE80211_SKB_CB(skb); 1126 1127 if (info->control.hw_key) 1128 return TX_CONTINUE; 1129 1130 if (WARN_ON(skb_tailroom(skb) < sizeof(*mmie))) 1131 return TX_DROP; 1132 1133 mmie = (struct ieee80211_mmie_16 *)skb_put(skb, sizeof(*mmie)); 1134 mmie->element_id = WLAN_EID_MMIE; 1135 mmie->length = sizeof(*mmie) - 2; 1136 mmie->key_id = cpu_to_le16(key->conf.keyidx); 1137 1138 /* PN = PN + 1 */ 1139 pn64 = atomic64_inc_return(&key->conf.tx_pn); 1140 1141 bip_ipn_set64(mmie->sequence_number, pn64); 1142 1143 bip_aad(skb, aad); 1144 1145 hdr = (struct ieee80211_hdr *)skb->data; 1146 memcpy(nonce, hdr->addr2, ETH_ALEN); 1147 bip_ipn_swap(nonce + ETH_ALEN, mmie->sequence_number); 1148 1149 /* MIC = AES-GMAC(IGTK, AAD || Management Frame Body || MMIE, 128) */ 1150 if (ieee80211_aes_gmac(key->u.aes_gmac.tfm, aad, nonce, 1151 skb->data + 24, skb->len - 24, mmie->mic) < 0) 1152 return TX_DROP; 1153 1154 return TX_CONTINUE; 1155 } 1156 1157 ieee80211_rx_result 1158 ieee80211_crypto_aes_gmac_decrypt(struct ieee80211_rx_data *rx) 1159 { 1160 struct sk_buff *skb = rx->skb; 1161 struct ieee80211_rx_status *status = IEEE80211_SKB_RXCB(skb); 1162 struct ieee80211_key *key = rx->key; 1163 struct ieee80211_mmie_16 *mmie; 1164 u8 aad[20], mic[16], ipn[6], nonce[12]; 1165 struct ieee80211_hdr *hdr = (struct ieee80211_hdr *)skb->data; 1166 1167 if (!ieee80211_is_mgmt(hdr->frame_control)) 1168 return RX_CONTINUE; 1169 1170 /* management frames are already linear */ 1171 1172 if (skb->len < 24 + sizeof(*mmie)) 1173 return RX_DROP_UNUSABLE; 1174 1175 mmie = (struct ieee80211_mmie_16 *) 1176 (skb->data + skb->len - sizeof(*mmie)); 1177 if (mmie->element_id != WLAN_EID_MMIE || 1178 mmie->length != sizeof(*mmie) - 2) 1179 return RX_DROP_UNUSABLE; /* Invalid MMIE */ 1180 1181 bip_ipn_swap(ipn, mmie->sequence_number); 1182 1183 if (memcmp(ipn, key->u.aes_gmac.rx_pn, 6) <= 0) { 1184 key->u.aes_gmac.replays++; 1185 return RX_DROP_UNUSABLE; 1186 } 1187 1188 if (!(status->flag & RX_FLAG_DECRYPTED)) { 1189 /* hardware didn't decrypt/verify MIC */ 1190 bip_aad(skb, aad); 1191 1192 memcpy(nonce, hdr->addr2, ETH_ALEN); 1193 memcpy(nonce + ETH_ALEN, ipn, 6); 1194 1195 if (ieee80211_aes_gmac(key->u.aes_gmac.tfm, aad, nonce, 1196 skb->data + 24, skb->len - 24, 1197 mic) < 0 || 1198 memcmp(mic, mmie->mic, sizeof(mmie->mic)) != 0) { 1199 key->u.aes_gmac.icverrors++; 1200 return RX_DROP_UNUSABLE; 1201 } 1202 } 1203 1204 memcpy(key->u.aes_gmac.rx_pn, ipn, 6); 1205 1206 /* Remove MMIE */ 1207 skb_trim(skb, skb->len - sizeof(*mmie)); 1208 1209 return RX_CONTINUE; 1210 } 1211 1212 ieee80211_tx_result 1213 ieee80211_crypto_hw_encrypt(struct ieee80211_tx_data *tx) 1214 { 1215 struct sk_buff *skb; 1216 struct ieee80211_tx_info *info = NULL; 1217 ieee80211_tx_result res; 1218 1219 skb_queue_walk(&tx->skbs, skb) { 1220 info = IEEE80211_SKB_CB(skb); 1221 1222 /* handle hw-only algorithm */ 1223 if (!info->control.hw_key) 1224 return TX_DROP; 1225 1226 if (tx->key->flags & KEY_FLAG_CIPHER_SCHEME) { 1227 res = ieee80211_crypto_cs_encrypt(tx, skb); 1228 if (res != TX_CONTINUE) 1229 return res; 1230 } 1231 } 1232 1233 ieee80211_tx_set_protected(tx); 1234 1235 return TX_CONTINUE; 1236 } 1237 1238 ieee80211_rx_result 1239 ieee80211_crypto_hw_decrypt(struct ieee80211_rx_data *rx) 1240 { 1241 if (rx->sta && rx->sta->cipher_scheme) 1242 return ieee80211_crypto_cs_decrypt(rx); 1243 1244 return RX_DROP_UNUSABLE; 1245 } 1246