1 /* 2 * Copyright 2002-2004, Instant802 Networks, Inc. 3 * Copyright 2008, Jouni Malinen <j@w1.fi> 4 * 5 * This program is free software; you can redistribute it and/or modify 6 * it under the terms of the GNU General Public License version 2 as 7 * published by the Free Software Foundation. 8 */ 9 10 #include <linux/netdevice.h> 11 #include <linux/types.h> 12 #include <linux/skbuff.h> 13 #include <linux/compiler.h> 14 #include <linux/ieee80211.h> 15 #include <linux/gfp.h> 16 #include <asm/unaligned.h> 17 #include <net/mac80211.h> 18 #include <crypto/aes.h> 19 20 #include "ieee80211_i.h" 21 #include "michael.h" 22 #include "tkip.h" 23 #include "aes_ccm.h" 24 #include "aes_cmac.h" 25 #include "wpa.h" 26 27 ieee80211_tx_result 28 ieee80211_tx_h_michael_mic_add(struct ieee80211_tx_data *tx) 29 { 30 u8 *data, *key, *mic; 31 size_t data_len; 32 unsigned int hdrlen; 33 struct ieee80211_hdr *hdr; 34 struct sk_buff *skb = tx->skb; 35 struct ieee80211_tx_info *info = IEEE80211_SKB_CB(skb); 36 int tail; 37 38 hdr = (struct ieee80211_hdr *)skb->data; 39 if (!tx->key || tx->key->conf.cipher != WLAN_CIPHER_SUITE_TKIP || 40 skb->len < 24 || !ieee80211_is_data_present(hdr->frame_control)) 41 return TX_CONTINUE; 42 43 hdrlen = ieee80211_hdrlen(hdr->frame_control); 44 if (skb->len < hdrlen) 45 return TX_DROP; 46 47 data = skb->data + hdrlen; 48 data_len = skb->len - hdrlen; 49 50 if (unlikely(info->flags & IEEE80211_TX_INTFL_TKIP_MIC_FAILURE)) { 51 /* Need to use software crypto for the test */ 52 info->control.hw_key = NULL; 53 } 54 55 if (info->control.hw_key && 56 (info->flags & IEEE80211_TX_CTL_DONTFRAG || 57 tx->local->ops->set_frag_threshold) && 58 !(tx->key->conf.flags & IEEE80211_KEY_FLAG_GENERATE_MMIC)) { 59 /* hwaccel - with no need for SW-generated MMIC */ 60 return TX_CONTINUE; 61 } 62 63 tail = MICHAEL_MIC_LEN; 64 if (!info->control.hw_key) 65 tail += TKIP_ICV_LEN; 66 67 if (WARN_ON(skb_tailroom(skb) < tail || 68 skb_headroom(skb) < TKIP_IV_LEN)) 69 return TX_DROP; 70 71 key = &tx->key->conf.key[NL80211_TKIP_DATA_OFFSET_TX_MIC_KEY]; 72 mic = skb_put(skb, MICHAEL_MIC_LEN); 73 michael_mic(key, hdr, data, data_len, mic); 74 if (unlikely(info->flags & IEEE80211_TX_INTFL_TKIP_MIC_FAILURE)) 75 mic[0]++; 76 77 return TX_CONTINUE; 78 } 79 80 81 ieee80211_rx_result 82 ieee80211_rx_h_michael_mic_verify(struct ieee80211_rx_data *rx) 83 { 84 u8 *data, *key = NULL; 85 size_t data_len; 86 unsigned int hdrlen; 87 u8 mic[MICHAEL_MIC_LEN]; 88 struct sk_buff *skb = rx->skb; 89 struct ieee80211_rx_status *status = IEEE80211_SKB_RXCB(skb); 90 struct ieee80211_hdr *hdr = (struct ieee80211_hdr *)skb->data; 91 92 /* 93 * it makes no sense to check for MIC errors on anything other 94 * than data frames. 95 */ 96 if (!ieee80211_is_data_present(hdr->frame_control)) 97 return RX_CONTINUE; 98 99 /* 100 * No way to verify the MIC if the hardware stripped it or 101 * the IV with the key index. In this case we have solely rely 102 * on the driver to set RX_FLAG_MMIC_ERROR in the event of a 103 * MIC failure report. 104 */ 105 if (status->flag & (RX_FLAG_MMIC_STRIPPED | RX_FLAG_IV_STRIPPED)) { 106 if (status->flag & RX_FLAG_MMIC_ERROR) 107 goto mic_fail_no_key; 108 109 if (!(status->flag & RX_FLAG_IV_STRIPPED) && rx->key && 110 rx->key->conf.cipher == WLAN_CIPHER_SUITE_TKIP) 111 goto update_iv; 112 113 return RX_CONTINUE; 114 } 115 116 /* 117 * Some hardware seems to generate Michael MIC failure reports; even 118 * though, the frame was not encrypted with TKIP and therefore has no 119 * MIC. Ignore the flag them to avoid triggering countermeasures. 120 */ 121 if (!rx->key || rx->key->conf.cipher != WLAN_CIPHER_SUITE_TKIP || 122 !(status->flag & RX_FLAG_DECRYPTED)) 123 return RX_CONTINUE; 124 125 if (rx->sdata->vif.type == NL80211_IFTYPE_AP && rx->key->conf.keyidx) { 126 /* 127 * APs with pairwise keys should never receive Michael MIC 128 * errors for non-zero keyidx because these are reserved for 129 * group keys and only the AP is sending real multicast 130 * frames in the BSS. ( 131 */ 132 return RX_DROP_UNUSABLE; 133 } 134 135 if (status->flag & RX_FLAG_MMIC_ERROR) 136 goto mic_fail; 137 138 hdrlen = ieee80211_hdrlen(hdr->frame_control); 139 if (skb->len < hdrlen + MICHAEL_MIC_LEN) 140 return RX_DROP_UNUSABLE; 141 142 if (skb_linearize(rx->skb)) 143 return RX_DROP_UNUSABLE; 144 hdr = (void *)skb->data; 145 146 data = skb->data + hdrlen; 147 data_len = skb->len - hdrlen - MICHAEL_MIC_LEN; 148 key = &rx->key->conf.key[NL80211_TKIP_DATA_OFFSET_RX_MIC_KEY]; 149 michael_mic(key, hdr, data, data_len, mic); 150 if (memcmp(mic, data + data_len, MICHAEL_MIC_LEN) != 0) 151 goto mic_fail; 152 153 /* remove Michael MIC from payload */ 154 skb_trim(skb, skb->len - MICHAEL_MIC_LEN); 155 156 update_iv: 157 /* update IV in key information to be able to detect replays */ 158 rx->key->u.tkip.rx[rx->security_idx].iv32 = rx->tkip_iv32; 159 rx->key->u.tkip.rx[rx->security_idx].iv16 = rx->tkip_iv16; 160 161 return RX_CONTINUE; 162 163 mic_fail: 164 rx->key->u.tkip.mic_failures++; 165 166 mic_fail_no_key: 167 /* 168 * In some cases the key can be unset - e.g. a multicast packet, in 169 * a driver that supports HW encryption. Send up the key idx only if 170 * the key is set. 171 */ 172 mac80211_ev_michael_mic_failure(rx->sdata, 173 rx->key ? rx->key->conf.keyidx : -1, 174 (void *) skb->data, NULL, GFP_ATOMIC); 175 return RX_DROP_UNUSABLE; 176 } 177 178 179 static int tkip_encrypt_skb(struct ieee80211_tx_data *tx, struct sk_buff *skb) 180 { 181 struct ieee80211_hdr *hdr = (struct ieee80211_hdr *) skb->data; 182 struct ieee80211_key *key = tx->key; 183 struct ieee80211_tx_info *info = IEEE80211_SKB_CB(skb); 184 unsigned int hdrlen; 185 int len, tail; 186 u8 *pos; 187 188 if (info->control.hw_key && 189 !(info->control.hw_key->flags & IEEE80211_KEY_FLAG_GENERATE_IV) && 190 !(info->control.hw_key->flags & IEEE80211_KEY_FLAG_PUT_IV_SPACE)) { 191 /* hwaccel - with no need for software-generated IV */ 192 return 0; 193 } 194 195 hdrlen = ieee80211_hdrlen(hdr->frame_control); 196 len = skb->len - hdrlen; 197 198 if (info->control.hw_key) 199 tail = 0; 200 else 201 tail = TKIP_ICV_LEN; 202 203 if (WARN_ON(skb_tailroom(skb) < tail || 204 skb_headroom(skb) < TKIP_IV_LEN)) 205 return -1; 206 207 pos = skb_push(skb, TKIP_IV_LEN); 208 memmove(pos, pos + TKIP_IV_LEN, hdrlen); 209 skb_set_network_header(skb, skb_network_offset(skb) + TKIP_IV_LEN); 210 pos += hdrlen; 211 212 /* the HW only needs room for the IV, but not the actual IV */ 213 if (info->control.hw_key && 214 (info->control.hw_key->flags & IEEE80211_KEY_FLAG_PUT_IV_SPACE)) 215 return 0; 216 217 /* Increase IV for the frame */ 218 spin_lock(&key->u.tkip.txlock); 219 key->u.tkip.tx.iv16++; 220 if (key->u.tkip.tx.iv16 == 0) 221 key->u.tkip.tx.iv32++; 222 pos = ieee80211_tkip_add_iv(pos, key); 223 spin_unlock(&key->u.tkip.txlock); 224 225 /* hwaccel - with software IV */ 226 if (info->control.hw_key) 227 return 0; 228 229 /* Add room for ICV */ 230 skb_put(skb, TKIP_ICV_LEN); 231 232 return ieee80211_tkip_encrypt_data(tx->local->wep_tx_tfm, 233 key, skb, pos, len); 234 } 235 236 237 ieee80211_tx_result 238 ieee80211_crypto_tkip_encrypt(struct ieee80211_tx_data *tx) 239 { 240 struct sk_buff *skb; 241 242 ieee80211_tx_set_protected(tx); 243 244 skb_queue_walk(&tx->skbs, skb) { 245 if (tkip_encrypt_skb(tx, skb) < 0) 246 return TX_DROP; 247 } 248 249 return TX_CONTINUE; 250 } 251 252 253 ieee80211_rx_result 254 ieee80211_crypto_tkip_decrypt(struct ieee80211_rx_data *rx) 255 { 256 struct ieee80211_hdr *hdr = (struct ieee80211_hdr *) rx->skb->data; 257 int hdrlen, res, hwaccel = 0; 258 struct ieee80211_key *key = rx->key; 259 struct sk_buff *skb = rx->skb; 260 struct ieee80211_rx_status *status = IEEE80211_SKB_RXCB(skb); 261 262 hdrlen = ieee80211_hdrlen(hdr->frame_control); 263 264 if (!ieee80211_is_data(hdr->frame_control)) 265 return RX_CONTINUE; 266 267 if (!rx->sta || skb->len - hdrlen < 12) 268 return RX_DROP_UNUSABLE; 269 270 /* it may be possible to optimize this a bit more */ 271 if (skb_linearize(rx->skb)) 272 return RX_DROP_UNUSABLE; 273 hdr = (void *)skb->data; 274 275 /* 276 * Let TKIP code verify IV, but skip decryption. 277 * In the case where hardware checks the IV as well, 278 * we don't even get here, see ieee80211_rx_h_decrypt() 279 */ 280 if (status->flag & RX_FLAG_DECRYPTED) 281 hwaccel = 1; 282 283 res = ieee80211_tkip_decrypt_data(rx->local->wep_rx_tfm, 284 key, skb->data + hdrlen, 285 skb->len - hdrlen, rx->sta->sta.addr, 286 hdr->addr1, hwaccel, rx->security_idx, 287 &rx->tkip_iv32, 288 &rx->tkip_iv16); 289 if (res != TKIP_DECRYPT_OK) 290 return RX_DROP_UNUSABLE; 291 292 /* Trim ICV */ 293 skb_trim(skb, skb->len - TKIP_ICV_LEN); 294 295 /* Remove IV */ 296 memmove(skb->data + TKIP_IV_LEN, skb->data, hdrlen); 297 skb_pull(skb, TKIP_IV_LEN); 298 299 return RX_CONTINUE; 300 } 301 302 303 static void ccmp_special_blocks(struct sk_buff *skb, u8 *pn, u8 *scratch, 304 int encrypted) 305 { 306 __le16 mask_fc; 307 int a4_included, mgmt; 308 u8 qos_tid; 309 u8 *b_0, *aad; 310 u16 data_len, len_a; 311 unsigned int hdrlen; 312 struct ieee80211_hdr *hdr = (struct ieee80211_hdr *)skb->data; 313 314 memset(scratch, 0, 6 * AES_BLOCK_SIZE); 315 316 b_0 = scratch + 3 * AES_BLOCK_SIZE; 317 aad = scratch + 4 * AES_BLOCK_SIZE; 318 319 /* 320 * Mask FC: zero subtype b4 b5 b6 (if not mgmt) 321 * Retry, PwrMgt, MoreData; set Protected 322 */ 323 mgmt = ieee80211_is_mgmt(hdr->frame_control); 324 mask_fc = hdr->frame_control; 325 mask_fc &= ~cpu_to_le16(IEEE80211_FCTL_RETRY | 326 IEEE80211_FCTL_PM | IEEE80211_FCTL_MOREDATA); 327 if (!mgmt) 328 mask_fc &= ~cpu_to_le16(0x0070); 329 mask_fc |= cpu_to_le16(IEEE80211_FCTL_PROTECTED); 330 331 hdrlen = ieee80211_hdrlen(hdr->frame_control); 332 len_a = hdrlen - 2; 333 a4_included = ieee80211_has_a4(hdr->frame_control); 334 335 if (ieee80211_is_data_qos(hdr->frame_control)) 336 qos_tid = *ieee80211_get_qos_ctl(hdr) & IEEE80211_QOS_CTL_TID_MASK; 337 else 338 qos_tid = 0; 339 340 data_len = skb->len - hdrlen - CCMP_HDR_LEN; 341 if (encrypted) 342 data_len -= CCMP_MIC_LEN; 343 344 /* First block, b_0 */ 345 b_0[0] = 0x59; /* flags: Adata: 1, M: 011, L: 001 */ 346 /* Nonce: Nonce Flags | A2 | PN 347 * Nonce Flags: Priority (b0..b3) | Management (b4) | Reserved (b5..b7) 348 */ 349 b_0[1] = qos_tid | (mgmt << 4); 350 memcpy(&b_0[2], hdr->addr2, ETH_ALEN); 351 memcpy(&b_0[8], pn, CCMP_PN_LEN); 352 /* l(m) */ 353 put_unaligned_be16(data_len, &b_0[14]); 354 355 /* AAD (extra authenticate-only data) / masked 802.11 header 356 * FC | A1 | A2 | A3 | SC | [A4] | [QC] */ 357 put_unaligned_be16(len_a, &aad[0]); 358 put_unaligned(mask_fc, (__le16 *)&aad[2]); 359 memcpy(&aad[4], &hdr->addr1, 3 * ETH_ALEN); 360 361 /* Mask Seq#, leave Frag# */ 362 aad[22] = *((u8 *) &hdr->seq_ctrl) & 0x0f; 363 aad[23] = 0; 364 365 if (a4_included) { 366 memcpy(&aad[24], hdr->addr4, ETH_ALEN); 367 aad[30] = qos_tid; 368 aad[31] = 0; 369 } else { 370 memset(&aad[24], 0, ETH_ALEN + IEEE80211_QOS_CTL_LEN); 371 aad[24] = qos_tid; 372 } 373 } 374 375 376 static inline void ccmp_pn2hdr(u8 *hdr, u8 *pn, int key_id) 377 { 378 hdr[0] = pn[5]; 379 hdr[1] = pn[4]; 380 hdr[2] = 0; 381 hdr[3] = 0x20 | (key_id << 6); 382 hdr[4] = pn[3]; 383 hdr[5] = pn[2]; 384 hdr[6] = pn[1]; 385 hdr[7] = pn[0]; 386 } 387 388 389 static inline void ccmp_hdr2pn(u8 *pn, u8 *hdr) 390 { 391 pn[0] = hdr[7]; 392 pn[1] = hdr[6]; 393 pn[2] = hdr[5]; 394 pn[3] = hdr[4]; 395 pn[4] = hdr[1]; 396 pn[5] = hdr[0]; 397 } 398 399 400 static int ccmp_encrypt_skb(struct ieee80211_tx_data *tx, struct sk_buff *skb) 401 { 402 struct ieee80211_hdr *hdr = (struct ieee80211_hdr *) skb->data; 403 struct ieee80211_key *key = tx->key; 404 struct ieee80211_tx_info *info = IEEE80211_SKB_CB(skb); 405 int hdrlen, len, tail; 406 u8 *pos; 407 u8 pn[6]; 408 u64 pn64; 409 u8 scratch[6 * AES_BLOCK_SIZE]; 410 411 if (info->control.hw_key && 412 !(info->control.hw_key->flags & IEEE80211_KEY_FLAG_GENERATE_IV) && 413 !(info->control.hw_key->flags & IEEE80211_KEY_FLAG_PUT_IV_SPACE)) { 414 /* 415 * hwaccel has no need for preallocated room for CCMP 416 * header or MIC fields 417 */ 418 return 0; 419 } 420 421 hdrlen = ieee80211_hdrlen(hdr->frame_control); 422 len = skb->len - hdrlen; 423 424 if (info->control.hw_key) 425 tail = 0; 426 else 427 tail = CCMP_MIC_LEN; 428 429 if (WARN_ON(skb_tailroom(skb) < tail || 430 skb_headroom(skb) < CCMP_HDR_LEN)) 431 return -1; 432 433 pos = skb_push(skb, CCMP_HDR_LEN); 434 memmove(pos, pos + CCMP_HDR_LEN, hdrlen); 435 skb_set_network_header(skb, skb_network_offset(skb) + CCMP_HDR_LEN); 436 437 /* the HW only needs room for the IV, but not the actual IV */ 438 if (info->control.hw_key && 439 (info->control.hw_key->flags & IEEE80211_KEY_FLAG_PUT_IV_SPACE)) 440 return 0; 441 442 hdr = (struct ieee80211_hdr *) pos; 443 pos += hdrlen; 444 445 pn64 = atomic64_inc_return(&key->u.ccmp.tx_pn); 446 447 pn[5] = pn64; 448 pn[4] = pn64 >> 8; 449 pn[3] = pn64 >> 16; 450 pn[2] = pn64 >> 24; 451 pn[1] = pn64 >> 32; 452 pn[0] = pn64 >> 40; 453 454 ccmp_pn2hdr(pos, pn, key->conf.keyidx); 455 456 /* hwaccel - with software CCMP header */ 457 if (info->control.hw_key) 458 return 0; 459 460 pos += CCMP_HDR_LEN; 461 ccmp_special_blocks(skb, pn, scratch, 0); 462 ieee80211_aes_ccm_encrypt(key->u.ccmp.tfm, scratch, pos, len, 463 pos, skb_put(skb, CCMP_MIC_LEN)); 464 465 return 0; 466 } 467 468 469 ieee80211_tx_result 470 ieee80211_crypto_ccmp_encrypt(struct ieee80211_tx_data *tx) 471 { 472 struct sk_buff *skb; 473 474 ieee80211_tx_set_protected(tx); 475 476 skb_queue_walk(&tx->skbs, skb) { 477 if (ccmp_encrypt_skb(tx, skb) < 0) 478 return TX_DROP; 479 } 480 481 return TX_CONTINUE; 482 } 483 484 485 ieee80211_rx_result 486 ieee80211_crypto_ccmp_decrypt(struct ieee80211_rx_data *rx) 487 { 488 struct ieee80211_hdr *hdr = (struct ieee80211_hdr *)rx->skb->data; 489 int hdrlen; 490 struct ieee80211_key *key = rx->key; 491 struct sk_buff *skb = rx->skb; 492 struct ieee80211_rx_status *status = IEEE80211_SKB_RXCB(skb); 493 u8 pn[CCMP_PN_LEN]; 494 int data_len; 495 int queue; 496 497 hdrlen = ieee80211_hdrlen(hdr->frame_control); 498 499 if (!ieee80211_is_data(hdr->frame_control) && 500 !ieee80211_is_robust_mgmt_frame(hdr)) 501 return RX_CONTINUE; 502 503 data_len = skb->len - hdrlen - CCMP_HDR_LEN - CCMP_MIC_LEN; 504 if (!rx->sta || data_len < 0) 505 return RX_DROP_UNUSABLE; 506 507 if (status->flag & RX_FLAG_DECRYPTED) { 508 if (!pskb_may_pull(rx->skb, hdrlen + CCMP_HDR_LEN)) 509 return RX_DROP_UNUSABLE; 510 } else { 511 if (skb_linearize(rx->skb)) 512 return RX_DROP_UNUSABLE; 513 } 514 515 ccmp_hdr2pn(pn, skb->data + hdrlen); 516 517 queue = rx->security_idx; 518 519 if (memcmp(pn, key->u.ccmp.rx_pn[queue], CCMP_PN_LEN) <= 0) { 520 key->u.ccmp.replays++; 521 return RX_DROP_UNUSABLE; 522 } 523 524 if (!(status->flag & RX_FLAG_DECRYPTED)) { 525 u8 scratch[6 * AES_BLOCK_SIZE]; 526 /* hardware didn't decrypt/verify MIC */ 527 ccmp_special_blocks(skb, pn, scratch, 1); 528 529 if (ieee80211_aes_ccm_decrypt( 530 key->u.ccmp.tfm, scratch, 531 skb->data + hdrlen + CCMP_HDR_LEN, data_len, 532 skb->data + skb->len - CCMP_MIC_LEN, 533 skb->data + hdrlen + CCMP_HDR_LEN)) 534 return RX_DROP_UNUSABLE; 535 } 536 537 memcpy(key->u.ccmp.rx_pn[queue], pn, CCMP_PN_LEN); 538 539 /* Remove CCMP header and MIC */ 540 if (pskb_trim(skb, skb->len - CCMP_MIC_LEN)) 541 return RX_DROP_UNUSABLE; 542 memmove(skb->data + CCMP_HDR_LEN, skb->data, hdrlen); 543 skb_pull(skb, CCMP_HDR_LEN); 544 545 return RX_CONTINUE; 546 } 547 548 549 static void bip_aad(struct sk_buff *skb, u8 *aad) 550 { 551 __le16 mask_fc; 552 struct ieee80211_hdr *hdr = (struct ieee80211_hdr *) skb->data; 553 554 /* BIP AAD: FC(masked) || A1 || A2 || A3 */ 555 556 /* FC type/subtype */ 557 /* Mask FC Retry, PwrMgt, MoreData flags to zero */ 558 mask_fc = hdr->frame_control; 559 mask_fc &= ~cpu_to_le16(IEEE80211_FCTL_RETRY | IEEE80211_FCTL_PM | 560 IEEE80211_FCTL_MOREDATA); 561 put_unaligned(mask_fc, (__le16 *) &aad[0]); 562 /* A1 || A2 || A3 */ 563 memcpy(aad + 2, &hdr->addr1, 3 * ETH_ALEN); 564 } 565 566 567 static inline void bip_ipn_set64(u8 *d, u64 pn) 568 { 569 *d++ = pn; 570 *d++ = pn >> 8; 571 *d++ = pn >> 16; 572 *d++ = pn >> 24; 573 *d++ = pn >> 32; 574 *d = pn >> 40; 575 } 576 577 static inline void bip_ipn_swap(u8 *d, const u8 *s) 578 { 579 *d++ = s[5]; 580 *d++ = s[4]; 581 *d++ = s[3]; 582 *d++ = s[2]; 583 *d++ = s[1]; 584 *d = s[0]; 585 } 586 587 588 ieee80211_tx_result 589 ieee80211_crypto_aes_cmac_encrypt(struct ieee80211_tx_data *tx) 590 { 591 struct sk_buff *skb; 592 struct ieee80211_tx_info *info; 593 struct ieee80211_key *key = tx->key; 594 struct ieee80211_mmie *mmie; 595 u8 aad[20]; 596 u64 pn64; 597 598 if (WARN_ON(skb_queue_len(&tx->skbs) != 1)) 599 return TX_DROP; 600 601 skb = skb_peek(&tx->skbs); 602 603 info = IEEE80211_SKB_CB(skb); 604 605 if (info->control.hw_key) 606 return TX_CONTINUE; 607 608 if (WARN_ON(skb_tailroom(skb) < sizeof(*mmie))) 609 return TX_DROP; 610 611 mmie = (struct ieee80211_mmie *) skb_put(skb, sizeof(*mmie)); 612 mmie->element_id = WLAN_EID_MMIE; 613 mmie->length = sizeof(*mmie) - 2; 614 mmie->key_id = cpu_to_le16(key->conf.keyidx); 615 616 /* PN = PN + 1 */ 617 pn64 = atomic64_inc_return(&key->u.aes_cmac.tx_pn); 618 619 bip_ipn_set64(mmie->sequence_number, pn64); 620 621 bip_aad(skb, aad); 622 623 /* 624 * MIC = AES-128-CMAC(IGTK, AAD || Management Frame Body || MMIE, 64) 625 */ 626 ieee80211_aes_cmac(key->u.aes_cmac.tfm, aad, 627 skb->data + 24, skb->len - 24, mmie->mic); 628 629 return TX_CONTINUE; 630 } 631 632 633 ieee80211_rx_result 634 ieee80211_crypto_aes_cmac_decrypt(struct ieee80211_rx_data *rx) 635 { 636 struct sk_buff *skb = rx->skb; 637 struct ieee80211_rx_status *status = IEEE80211_SKB_RXCB(skb); 638 struct ieee80211_key *key = rx->key; 639 struct ieee80211_mmie *mmie; 640 u8 aad[20], mic[8], ipn[6]; 641 struct ieee80211_hdr *hdr = (struct ieee80211_hdr *) skb->data; 642 643 if (!ieee80211_is_mgmt(hdr->frame_control)) 644 return RX_CONTINUE; 645 646 /* management frames are already linear */ 647 648 if (skb->len < 24 + sizeof(*mmie)) 649 return RX_DROP_UNUSABLE; 650 651 mmie = (struct ieee80211_mmie *) 652 (skb->data + skb->len - sizeof(*mmie)); 653 if (mmie->element_id != WLAN_EID_MMIE || 654 mmie->length != sizeof(*mmie) - 2) 655 return RX_DROP_UNUSABLE; /* Invalid MMIE */ 656 657 bip_ipn_swap(ipn, mmie->sequence_number); 658 659 if (memcmp(ipn, key->u.aes_cmac.rx_pn, 6) <= 0) { 660 key->u.aes_cmac.replays++; 661 return RX_DROP_UNUSABLE; 662 } 663 664 if (!(status->flag & RX_FLAG_DECRYPTED)) { 665 /* hardware didn't decrypt/verify MIC */ 666 bip_aad(skb, aad); 667 ieee80211_aes_cmac(key->u.aes_cmac.tfm, aad, 668 skb->data + 24, skb->len - 24, mic); 669 if (memcmp(mic, mmie->mic, sizeof(mmie->mic)) != 0) { 670 key->u.aes_cmac.icverrors++; 671 return RX_DROP_UNUSABLE; 672 } 673 } 674 675 memcpy(key->u.aes_cmac.rx_pn, ipn, 6); 676 677 /* Remove MMIE */ 678 skb_trim(skb, skb->len - sizeof(*mmie)); 679 680 return RX_CONTINUE; 681 } 682 683 ieee80211_tx_result 684 ieee80211_crypto_hw_encrypt(struct ieee80211_tx_data *tx) 685 { 686 struct sk_buff *skb; 687 struct ieee80211_tx_info *info = NULL; 688 689 skb_queue_walk(&tx->skbs, skb) { 690 info = IEEE80211_SKB_CB(skb); 691 692 /* handle hw-only algorithm */ 693 if (!info->control.hw_key) 694 return TX_DROP; 695 } 696 697 ieee80211_tx_set_protected(tx); 698 699 return TX_CONTINUE; 700 } 701