1 /* 2 * Copyright 2002-2004, Instant802 Networks, Inc. 3 * Copyright 2008, Jouni Malinen <j@w1.fi> 4 * 5 * This program is free software; you can redistribute it and/or modify 6 * it under the terms of the GNU General Public License version 2 as 7 * published by the Free Software Foundation. 8 */ 9 10 #include <linux/netdevice.h> 11 #include <linux/types.h> 12 #include <linux/skbuff.h> 13 #include <linux/compiler.h> 14 #include <linux/ieee80211.h> 15 #include <linux/gfp.h> 16 #include <asm/unaligned.h> 17 #include <net/mac80211.h> 18 #include <crypto/aes.h> 19 20 #include "ieee80211_i.h" 21 #include "michael.h" 22 #include "tkip.h" 23 #include "aes_ccm.h" 24 #include "aes_cmac.h" 25 #include "wpa.h" 26 27 ieee80211_tx_result 28 ieee80211_tx_h_michael_mic_add(struct ieee80211_tx_data *tx) 29 { 30 u8 *data, *key, *mic; 31 size_t data_len; 32 unsigned int hdrlen; 33 struct ieee80211_hdr *hdr; 34 struct sk_buff *skb = tx->skb; 35 struct ieee80211_tx_info *info = IEEE80211_SKB_CB(skb); 36 int tail; 37 38 hdr = (struct ieee80211_hdr *)skb->data; 39 if (!tx->key || tx->key->conf.cipher != WLAN_CIPHER_SUITE_TKIP || 40 skb->len < 24 || !ieee80211_is_data_present(hdr->frame_control)) 41 return TX_CONTINUE; 42 43 hdrlen = ieee80211_hdrlen(hdr->frame_control); 44 if (skb->len < hdrlen) 45 return TX_DROP; 46 47 data = skb->data + hdrlen; 48 data_len = skb->len - hdrlen; 49 50 if (unlikely(info->flags & IEEE80211_TX_INTFL_TKIP_MIC_FAILURE)) { 51 /* Need to use software crypto for the test */ 52 info->control.hw_key = NULL; 53 } 54 55 if (info->control.hw_key && 56 (info->flags & IEEE80211_TX_CTL_DONTFRAG || 57 tx->local->ops->set_frag_threshold) && 58 !(tx->key->conf.flags & IEEE80211_KEY_FLAG_GENERATE_MMIC)) { 59 /* hwaccel - with no need for SW-generated MMIC */ 60 return TX_CONTINUE; 61 } 62 63 tail = MICHAEL_MIC_LEN; 64 if (!info->control.hw_key) 65 tail += IEEE80211_TKIP_ICV_LEN; 66 67 if (WARN_ON(skb_tailroom(skb) < tail || 68 skb_headroom(skb) < IEEE80211_TKIP_IV_LEN)) 69 return TX_DROP; 70 71 key = &tx->key->conf.key[NL80211_TKIP_DATA_OFFSET_TX_MIC_KEY]; 72 mic = skb_put(skb, MICHAEL_MIC_LEN); 73 michael_mic(key, hdr, data, data_len, mic); 74 if (unlikely(info->flags & IEEE80211_TX_INTFL_TKIP_MIC_FAILURE)) 75 mic[0]++; 76 77 return TX_CONTINUE; 78 } 79 80 81 ieee80211_rx_result 82 ieee80211_rx_h_michael_mic_verify(struct ieee80211_rx_data *rx) 83 { 84 u8 *data, *key = NULL; 85 size_t data_len; 86 unsigned int hdrlen; 87 u8 mic[MICHAEL_MIC_LEN]; 88 struct sk_buff *skb = rx->skb; 89 struct ieee80211_rx_status *status = IEEE80211_SKB_RXCB(skb); 90 struct ieee80211_hdr *hdr = (struct ieee80211_hdr *)skb->data; 91 92 /* 93 * it makes no sense to check for MIC errors on anything other 94 * than data frames. 95 */ 96 if (!ieee80211_is_data_present(hdr->frame_control)) 97 return RX_CONTINUE; 98 99 /* 100 * No way to verify the MIC if the hardware stripped it or 101 * the IV with the key index. In this case we have solely rely 102 * on the driver to set RX_FLAG_MMIC_ERROR in the event of a 103 * MIC failure report. 104 */ 105 if (status->flag & (RX_FLAG_MMIC_STRIPPED | RX_FLAG_IV_STRIPPED)) { 106 if (status->flag & RX_FLAG_MMIC_ERROR) 107 goto mic_fail_no_key; 108 109 if (!(status->flag & RX_FLAG_IV_STRIPPED) && rx->key && 110 rx->key->conf.cipher == WLAN_CIPHER_SUITE_TKIP) 111 goto update_iv; 112 113 return RX_CONTINUE; 114 } 115 116 /* 117 * Some hardware seems to generate Michael MIC failure reports; even 118 * though, the frame was not encrypted with TKIP and therefore has no 119 * MIC. Ignore the flag them to avoid triggering countermeasures. 120 */ 121 if (!rx->key || rx->key->conf.cipher != WLAN_CIPHER_SUITE_TKIP || 122 !(status->flag & RX_FLAG_DECRYPTED)) 123 return RX_CONTINUE; 124 125 if (rx->sdata->vif.type == NL80211_IFTYPE_AP && rx->key->conf.keyidx) { 126 /* 127 * APs with pairwise keys should never receive Michael MIC 128 * errors for non-zero keyidx because these are reserved for 129 * group keys and only the AP is sending real multicast 130 * frames in the BSS. ( 131 */ 132 return RX_DROP_UNUSABLE; 133 } 134 135 if (status->flag & RX_FLAG_MMIC_ERROR) 136 goto mic_fail; 137 138 hdrlen = ieee80211_hdrlen(hdr->frame_control); 139 if (skb->len < hdrlen + MICHAEL_MIC_LEN) 140 return RX_DROP_UNUSABLE; 141 142 if (skb_linearize(rx->skb)) 143 return RX_DROP_UNUSABLE; 144 hdr = (void *)skb->data; 145 146 data = skb->data + hdrlen; 147 data_len = skb->len - hdrlen - MICHAEL_MIC_LEN; 148 key = &rx->key->conf.key[NL80211_TKIP_DATA_OFFSET_RX_MIC_KEY]; 149 michael_mic(key, hdr, data, data_len, mic); 150 if (memcmp(mic, data + data_len, MICHAEL_MIC_LEN) != 0) 151 goto mic_fail; 152 153 /* remove Michael MIC from payload */ 154 skb_trim(skb, skb->len - MICHAEL_MIC_LEN); 155 156 update_iv: 157 /* update IV in key information to be able to detect replays */ 158 rx->key->u.tkip.rx[rx->security_idx].iv32 = rx->tkip_iv32; 159 rx->key->u.tkip.rx[rx->security_idx].iv16 = rx->tkip_iv16; 160 161 return RX_CONTINUE; 162 163 mic_fail: 164 rx->key->u.tkip.mic_failures++; 165 166 mic_fail_no_key: 167 /* 168 * In some cases the key can be unset - e.g. a multicast packet, in 169 * a driver that supports HW encryption. Send up the key idx only if 170 * the key is set. 171 */ 172 mac80211_ev_michael_mic_failure(rx->sdata, 173 rx->key ? rx->key->conf.keyidx : -1, 174 (void *) skb->data, NULL, GFP_ATOMIC); 175 return RX_DROP_UNUSABLE; 176 } 177 178 179 static int tkip_encrypt_skb(struct ieee80211_tx_data *tx, struct sk_buff *skb) 180 { 181 struct ieee80211_hdr *hdr = (struct ieee80211_hdr *) skb->data; 182 struct ieee80211_key *key = tx->key; 183 struct ieee80211_tx_info *info = IEEE80211_SKB_CB(skb); 184 unsigned int hdrlen; 185 int len, tail; 186 u8 *pos; 187 188 if (info->control.hw_key && 189 !(info->control.hw_key->flags & IEEE80211_KEY_FLAG_GENERATE_IV) && 190 !(info->control.hw_key->flags & IEEE80211_KEY_FLAG_PUT_IV_SPACE)) { 191 /* hwaccel - with no need for software-generated IV */ 192 return 0; 193 } 194 195 hdrlen = ieee80211_hdrlen(hdr->frame_control); 196 len = skb->len - hdrlen; 197 198 if (info->control.hw_key) 199 tail = 0; 200 else 201 tail = IEEE80211_TKIP_ICV_LEN; 202 203 if (WARN_ON(skb_tailroom(skb) < tail || 204 skb_headroom(skb) < IEEE80211_TKIP_IV_LEN)) 205 return -1; 206 207 pos = skb_push(skb, IEEE80211_TKIP_IV_LEN); 208 memmove(pos, pos + IEEE80211_TKIP_IV_LEN, hdrlen); 209 skb_set_network_header(skb, skb_network_offset(skb) + 210 IEEE80211_TKIP_IV_LEN); 211 pos += hdrlen; 212 213 /* the HW only needs room for the IV, but not the actual IV */ 214 if (info->control.hw_key && 215 (info->control.hw_key->flags & IEEE80211_KEY_FLAG_PUT_IV_SPACE)) 216 return 0; 217 218 /* Increase IV for the frame */ 219 spin_lock(&key->u.tkip.txlock); 220 key->u.tkip.tx.iv16++; 221 if (key->u.tkip.tx.iv16 == 0) 222 key->u.tkip.tx.iv32++; 223 pos = ieee80211_tkip_add_iv(pos, key); 224 spin_unlock(&key->u.tkip.txlock); 225 226 /* hwaccel - with software IV */ 227 if (info->control.hw_key) 228 return 0; 229 230 /* Add room for ICV */ 231 skb_put(skb, IEEE80211_TKIP_ICV_LEN); 232 233 return ieee80211_tkip_encrypt_data(tx->local->wep_tx_tfm, 234 key, skb, pos, len); 235 } 236 237 238 ieee80211_tx_result 239 ieee80211_crypto_tkip_encrypt(struct ieee80211_tx_data *tx) 240 { 241 struct sk_buff *skb; 242 243 ieee80211_tx_set_protected(tx); 244 245 skb_queue_walk(&tx->skbs, skb) { 246 if (tkip_encrypt_skb(tx, skb) < 0) 247 return TX_DROP; 248 } 249 250 return TX_CONTINUE; 251 } 252 253 254 ieee80211_rx_result 255 ieee80211_crypto_tkip_decrypt(struct ieee80211_rx_data *rx) 256 { 257 struct ieee80211_hdr *hdr = (struct ieee80211_hdr *) rx->skb->data; 258 int hdrlen, res, hwaccel = 0; 259 struct ieee80211_key *key = rx->key; 260 struct sk_buff *skb = rx->skb; 261 struct ieee80211_rx_status *status = IEEE80211_SKB_RXCB(skb); 262 263 hdrlen = ieee80211_hdrlen(hdr->frame_control); 264 265 if (!ieee80211_is_data(hdr->frame_control)) 266 return RX_CONTINUE; 267 268 if (!rx->sta || skb->len - hdrlen < 12) 269 return RX_DROP_UNUSABLE; 270 271 /* it may be possible to optimize this a bit more */ 272 if (skb_linearize(rx->skb)) 273 return RX_DROP_UNUSABLE; 274 hdr = (void *)skb->data; 275 276 /* 277 * Let TKIP code verify IV, but skip decryption. 278 * In the case where hardware checks the IV as well, 279 * we don't even get here, see ieee80211_rx_h_decrypt() 280 */ 281 if (status->flag & RX_FLAG_DECRYPTED) 282 hwaccel = 1; 283 284 res = ieee80211_tkip_decrypt_data(rx->local->wep_rx_tfm, 285 key, skb->data + hdrlen, 286 skb->len - hdrlen, rx->sta->sta.addr, 287 hdr->addr1, hwaccel, rx->security_idx, 288 &rx->tkip_iv32, 289 &rx->tkip_iv16); 290 if (res != TKIP_DECRYPT_OK) 291 return RX_DROP_UNUSABLE; 292 293 /* Trim ICV */ 294 skb_trim(skb, skb->len - IEEE80211_TKIP_ICV_LEN); 295 296 /* Remove IV */ 297 memmove(skb->data + IEEE80211_TKIP_IV_LEN, skb->data, hdrlen); 298 skb_pull(skb, IEEE80211_TKIP_IV_LEN); 299 300 return RX_CONTINUE; 301 } 302 303 304 static void ccmp_special_blocks(struct sk_buff *skb, u8 *pn, u8 *b_0, u8 *aad, 305 int encrypted) 306 { 307 __le16 mask_fc; 308 int a4_included, mgmt; 309 u8 qos_tid; 310 u16 len_a; 311 unsigned int hdrlen; 312 struct ieee80211_hdr *hdr = (struct ieee80211_hdr *)skb->data; 313 314 /* 315 * Mask FC: zero subtype b4 b5 b6 (if not mgmt) 316 * Retry, PwrMgt, MoreData; set Protected 317 */ 318 mgmt = ieee80211_is_mgmt(hdr->frame_control); 319 mask_fc = hdr->frame_control; 320 mask_fc &= ~cpu_to_le16(IEEE80211_FCTL_RETRY | 321 IEEE80211_FCTL_PM | IEEE80211_FCTL_MOREDATA); 322 if (!mgmt) 323 mask_fc &= ~cpu_to_le16(0x0070); 324 mask_fc |= cpu_to_le16(IEEE80211_FCTL_PROTECTED); 325 326 hdrlen = ieee80211_hdrlen(hdr->frame_control); 327 len_a = hdrlen - 2; 328 a4_included = ieee80211_has_a4(hdr->frame_control); 329 330 if (ieee80211_is_data_qos(hdr->frame_control)) 331 qos_tid = *ieee80211_get_qos_ctl(hdr) & IEEE80211_QOS_CTL_TID_MASK; 332 else 333 qos_tid = 0; 334 335 /* In CCM, the initial vectors (IV) used for CTR mode encryption and CBC 336 * mode authentication are not allowed to collide, yet both are derived 337 * from this vector b_0. We only set L := 1 here to indicate that the 338 * data size can be represented in (L+1) bytes. The CCM layer will take 339 * care of storing the data length in the top (L+1) bytes and setting 340 * and clearing the other bits as is required to derive the two IVs. 341 */ 342 b_0[0] = 0x1; 343 344 /* Nonce: Nonce Flags | A2 | PN 345 * Nonce Flags: Priority (b0..b3) | Management (b4) | Reserved (b5..b7) 346 */ 347 b_0[1] = qos_tid | (mgmt << 4); 348 memcpy(&b_0[2], hdr->addr2, ETH_ALEN); 349 memcpy(&b_0[8], pn, IEEE80211_CCMP_PN_LEN); 350 351 /* AAD (extra authenticate-only data) / masked 802.11 header 352 * FC | A1 | A2 | A3 | SC | [A4] | [QC] */ 353 put_unaligned_be16(len_a, &aad[0]); 354 put_unaligned(mask_fc, (__le16 *)&aad[2]); 355 memcpy(&aad[4], &hdr->addr1, 3 * ETH_ALEN); 356 357 /* Mask Seq#, leave Frag# */ 358 aad[22] = *((u8 *) &hdr->seq_ctrl) & 0x0f; 359 aad[23] = 0; 360 361 if (a4_included) { 362 memcpy(&aad[24], hdr->addr4, ETH_ALEN); 363 aad[30] = qos_tid; 364 aad[31] = 0; 365 } else { 366 memset(&aad[24], 0, ETH_ALEN + IEEE80211_QOS_CTL_LEN); 367 aad[24] = qos_tid; 368 } 369 } 370 371 372 static inline void ccmp_pn2hdr(u8 *hdr, u8 *pn, int key_id) 373 { 374 hdr[0] = pn[5]; 375 hdr[1] = pn[4]; 376 hdr[2] = 0; 377 hdr[3] = 0x20 | (key_id << 6); 378 hdr[4] = pn[3]; 379 hdr[5] = pn[2]; 380 hdr[6] = pn[1]; 381 hdr[7] = pn[0]; 382 } 383 384 385 static inline void ccmp_hdr2pn(u8 *pn, u8 *hdr) 386 { 387 pn[0] = hdr[7]; 388 pn[1] = hdr[6]; 389 pn[2] = hdr[5]; 390 pn[3] = hdr[4]; 391 pn[4] = hdr[1]; 392 pn[5] = hdr[0]; 393 } 394 395 396 static int ccmp_encrypt_skb(struct ieee80211_tx_data *tx, struct sk_buff *skb) 397 { 398 struct ieee80211_hdr *hdr = (struct ieee80211_hdr *) skb->data; 399 struct ieee80211_key *key = tx->key; 400 struct ieee80211_tx_info *info = IEEE80211_SKB_CB(skb); 401 int hdrlen, len, tail; 402 u8 *pos; 403 u8 pn[6]; 404 u64 pn64; 405 u8 aad[2 * AES_BLOCK_SIZE]; 406 u8 b_0[AES_BLOCK_SIZE]; 407 408 if (info->control.hw_key && 409 !(info->control.hw_key->flags & IEEE80211_KEY_FLAG_GENERATE_IV) && 410 !(info->control.hw_key->flags & IEEE80211_KEY_FLAG_PUT_IV_SPACE)) { 411 /* 412 * hwaccel has no need for preallocated room for CCMP 413 * header or MIC fields 414 */ 415 return 0; 416 } 417 418 hdrlen = ieee80211_hdrlen(hdr->frame_control); 419 len = skb->len - hdrlen; 420 421 if (info->control.hw_key) 422 tail = 0; 423 else 424 tail = IEEE80211_CCMP_MIC_LEN; 425 426 if (WARN_ON(skb_tailroom(skb) < tail || 427 skb_headroom(skb) < IEEE80211_CCMP_HDR_LEN)) 428 return -1; 429 430 pos = skb_push(skb, IEEE80211_CCMP_HDR_LEN); 431 memmove(pos, pos + IEEE80211_CCMP_HDR_LEN, hdrlen); 432 skb_set_network_header(skb, skb_network_offset(skb) + 433 IEEE80211_CCMP_HDR_LEN); 434 435 /* the HW only needs room for the IV, but not the actual IV */ 436 if (info->control.hw_key && 437 (info->control.hw_key->flags & IEEE80211_KEY_FLAG_PUT_IV_SPACE)) 438 return 0; 439 440 hdr = (struct ieee80211_hdr *) pos; 441 pos += hdrlen; 442 443 pn64 = atomic64_inc_return(&key->u.ccmp.tx_pn); 444 445 pn[5] = pn64; 446 pn[4] = pn64 >> 8; 447 pn[3] = pn64 >> 16; 448 pn[2] = pn64 >> 24; 449 pn[1] = pn64 >> 32; 450 pn[0] = pn64 >> 40; 451 452 ccmp_pn2hdr(pos, pn, key->conf.keyidx); 453 454 /* hwaccel - with software CCMP header */ 455 if (info->control.hw_key) 456 return 0; 457 458 pos += IEEE80211_CCMP_HDR_LEN; 459 ccmp_special_blocks(skb, pn, b_0, aad, 0); 460 ieee80211_aes_ccm_encrypt(key->u.ccmp.tfm, b_0, aad, pos, len, 461 skb_put(skb, IEEE80211_CCMP_MIC_LEN)); 462 463 return 0; 464 } 465 466 467 ieee80211_tx_result 468 ieee80211_crypto_ccmp_encrypt(struct ieee80211_tx_data *tx) 469 { 470 struct sk_buff *skb; 471 472 ieee80211_tx_set_protected(tx); 473 474 skb_queue_walk(&tx->skbs, skb) { 475 if (ccmp_encrypt_skb(tx, skb) < 0) 476 return TX_DROP; 477 } 478 479 return TX_CONTINUE; 480 } 481 482 483 ieee80211_rx_result 484 ieee80211_crypto_ccmp_decrypt(struct ieee80211_rx_data *rx) 485 { 486 struct ieee80211_hdr *hdr = (struct ieee80211_hdr *)rx->skb->data; 487 int hdrlen; 488 struct ieee80211_key *key = rx->key; 489 struct sk_buff *skb = rx->skb; 490 struct ieee80211_rx_status *status = IEEE80211_SKB_RXCB(skb); 491 u8 pn[IEEE80211_CCMP_PN_LEN]; 492 int data_len; 493 int queue; 494 495 hdrlen = ieee80211_hdrlen(hdr->frame_control); 496 497 if (!ieee80211_is_data(hdr->frame_control) && 498 !ieee80211_is_robust_mgmt_frame(hdr)) 499 return RX_CONTINUE; 500 501 data_len = skb->len - hdrlen - IEEE80211_CCMP_HDR_LEN - 502 IEEE80211_CCMP_MIC_LEN; 503 if (!rx->sta || data_len < 0) 504 return RX_DROP_UNUSABLE; 505 506 if (status->flag & RX_FLAG_DECRYPTED) { 507 if (!pskb_may_pull(rx->skb, hdrlen + IEEE80211_CCMP_HDR_LEN)) 508 return RX_DROP_UNUSABLE; 509 } else { 510 if (skb_linearize(rx->skb)) 511 return RX_DROP_UNUSABLE; 512 } 513 514 ccmp_hdr2pn(pn, skb->data + hdrlen); 515 516 queue = rx->security_idx; 517 518 if (memcmp(pn, key->u.ccmp.rx_pn[queue], IEEE80211_CCMP_PN_LEN) <= 0) { 519 key->u.ccmp.replays++; 520 return RX_DROP_UNUSABLE; 521 } 522 523 if (!(status->flag & RX_FLAG_DECRYPTED)) { 524 u8 aad[2 * AES_BLOCK_SIZE]; 525 u8 b_0[AES_BLOCK_SIZE]; 526 /* hardware didn't decrypt/verify MIC */ 527 ccmp_special_blocks(skb, pn, b_0, aad, 1); 528 529 if (ieee80211_aes_ccm_decrypt( 530 key->u.ccmp.tfm, b_0, aad, 531 skb->data + hdrlen + IEEE80211_CCMP_HDR_LEN, 532 data_len, 533 skb->data + skb->len - IEEE80211_CCMP_MIC_LEN)) 534 return RX_DROP_UNUSABLE; 535 } 536 537 memcpy(key->u.ccmp.rx_pn[queue], pn, IEEE80211_CCMP_PN_LEN); 538 539 /* Remove CCMP header and MIC */ 540 if (pskb_trim(skb, skb->len - IEEE80211_CCMP_MIC_LEN)) 541 return RX_DROP_UNUSABLE; 542 memmove(skb->data + IEEE80211_CCMP_HDR_LEN, skb->data, hdrlen); 543 skb_pull(skb, IEEE80211_CCMP_HDR_LEN); 544 545 return RX_CONTINUE; 546 } 547 548 549 static void bip_aad(struct sk_buff *skb, u8 *aad) 550 { 551 __le16 mask_fc; 552 struct ieee80211_hdr *hdr = (struct ieee80211_hdr *) skb->data; 553 554 /* BIP AAD: FC(masked) || A1 || A2 || A3 */ 555 556 /* FC type/subtype */ 557 /* Mask FC Retry, PwrMgt, MoreData flags to zero */ 558 mask_fc = hdr->frame_control; 559 mask_fc &= ~cpu_to_le16(IEEE80211_FCTL_RETRY | IEEE80211_FCTL_PM | 560 IEEE80211_FCTL_MOREDATA); 561 put_unaligned(mask_fc, (__le16 *) &aad[0]); 562 /* A1 || A2 || A3 */ 563 memcpy(aad + 2, &hdr->addr1, 3 * ETH_ALEN); 564 } 565 566 567 static inline void bip_ipn_set64(u8 *d, u64 pn) 568 { 569 *d++ = pn; 570 *d++ = pn >> 8; 571 *d++ = pn >> 16; 572 *d++ = pn >> 24; 573 *d++ = pn >> 32; 574 *d = pn >> 40; 575 } 576 577 static inline void bip_ipn_swap(u8 *d, const u8 *s) 578 { 579 *d++ = s[5]; 580 *d++ = s[4]; 581 *d++ = s[3]; 582 *d++ = s[2]; 583 *d++ = s[1]; 584 *d = s[0]; 585 } 586 587 588 ieee80211_tx_result 589 ieee80211_crypto_aes_cmac_encrypt(struct ieee80211_tx_data *tx) 590 { 591 struct sk_buff *skb; 592 struct ieee80211_tx_info *info; 593 struct ieee80211_key *key = tx->key; 594 struct ieee80211_mmie *mmie; 595 u8 aad[20]; 596 u64 pn64; 597 598 if (WARN_ON(skb_queue_len(&tx->skbs) != 1)) 599 return TX_DROP; 600 601 skb = skb_peek(&tx->skbs); 602 603 info = IEEE80211_SKB_CB(skb); 604 605 if (info->control.hw_key) 606 return TX_CONTINUE; 607 608 if (WARN_ON(skb_tailroom(skb) < sizeof(*mmie))) 609 return TX_DROP; 610 611 mmie = (struct ieee80211_mmie *) skb_put(skb, sizeof(*mmie)); 612 mmie->element_id = WLAN_EID_MMIE; 613 mmie->length = sizeof(*mmie) - 2; 614 mmie->key_id = cpu_to_le16(key->conf.keyidx); 615 616 /* PN = PN + 1 */ 617 pn64 = atomic64_inc_return(&key->u.aes_cmac.tx_pn); 618 619 bip_ipn_set64(mmie->sequence_number, pn64); 620 621 bip_aad(skb, aad); 622 623 /* 624 * MIC = AES-128-CMAC(IGTK, AAD || Management Frame Body || MMIE, 64) 625 */ 626 ieee80211_aes_cmac(key->u.aes_cmac.tfm, aad, 627 skb->data + 24, skb->len - 24, mmie->mic); 628 629 return TX_CONTINUE; 630 } 631 632 633 ieee80211_rx_result 634 ieee80211_crypto_aes_cmac_decrypt(struct ieee80211_rx_data *rx) 635 { 636 struct sk_buff *skb = rx->skb; 637 struct ieee80211_rx_status *status = IEEE80211_SKB_RXCB(skb); 638 struct ieee80211_key *key = rx->key; 639 struct ieee80211_mmie *mmie; 640 u8 aad[20], mic[8], ipn[6]; 641 struct ieee80211_hdr *hdr = (struct ieee80211_hdr *) skb->data; 642 643 if (!ieee80211_is_mgmt(hdr->frame_control)) 644 return RX_CONTINUE; 645 646 /* management frames are already linear */ 647 648 if (skb->len < 24 + sizeof(*mmie)) 649 return RX_DROP_UNUSABLE; 650 651 mmie = (struct ieee80211_mmie *) 652 (skb->data + skb->len - sizeof(*mmie)); 653 if (mmie->element_id != WLAN_EID_MMIE || 654 mmie->length != sizeof(*mmie) - 2) 655 return RX_DROP_UNUSABLE; /* Invalid MMIE */ 656 657 bip_ipn_swap(ipn, mmie->sequence_number); 658 659 if (memcmp(ipn, key->u.aes_cmac.rx_pn, 6) <= 0) { 660 key->u.aes_cmac.replays++; 661 return RX_DROP_UNUSABLE; 662 } 663 664 if (!(status->flag & RX_FLAG_DECRYPTED)) { 665 /* hardware didn't decrypt/verify MIC */ 666 bip_aad(skb, aad); 667 ieee80211_aes_cmac(key->u.aes_cmac.tfm, aad, 668 skb->data + 24, skb->len - 24, mic); 669 if (memcmp(mic, mmie->mic, sizeof(mmie->mic)) != 0) { 670 key->u.aes_cmac.icverrors++; 671 return RX_DROP_UNUSABLE; 672 } 673 } 674 675 memcpy(key->u.aes_cmac.rx_pn, ipn, 6); 676 677 /* Remove MMIE */ 678 skb_trim(skb, skb->len - sizeof(*mmie)); 679 680 return RX_CONTINUE; 681 } 682 683 ieee80211_tx_result 684 ieee80211_crypto_hw_encrypt(struct ieee80211_tx_data *tx) 685 { 686 struct sk_buff *skb; 687 struct ieee80211_tx_info *info = NULL; 688 689 skb_queue_walk(&tx->skbs, skb) { 690 info = IEEE80211_SKB_CB(skb); 691 692 /* handle hw-only algorithm */ 693 if (!info->control.hw_key) 694 return TX_DROP; 695 } 696 697 ieee80211_tx_set_protected(tx); 698 699 return TX_CONTINUE; 700 } 701