1 /* 2 * Copyright 2002-2004, Instant802 Networks, Inc. 3 * Copyright 2008, Jouni Malinen <j@w1.fi> 4 * 5 * This program is free software; you can redistribute it and/or modify 6 * it under the terms of the GNU General Public License version 2 as 7 * published by the Free Software Foundation. 8 */ 9 10 #include <linux/netdevice.h> 11 #include <linux/types.h> 12 #include <linux/skbuff.h> 13 #include <linux/compiler.h> 14 #include <linux/ieee80211.h> 15 #include <linux/gfp.h> 16 #include <asm/unaligned.h> 17 #include <net/mac80211.h> 18 #include <crypto/aes.h> 19 20 #include "ieee80211_i.h" 21 #include "michael.h" 22 #include "tkip.h" 23 #include "aes_ccm.h" 24 #include "aes_cmac.h" 25 #include "wpa.h" 26 27 ieee80211_tx_result 28 ieee80211_tx_h_michael_mic_add(struct ieee80211_tx_data *tx) 29 { 30 u8 *data, *key, *mic; 31 size_t data_len; 32 unsigned int hdrlen; 33 struct ieee80211_hdr *hdr; 34 struct sk_buff *skb = tx->skb; 35 struct ieee80211_tx_info *info = IEEE80211_SKB_CB(skb); 36 int tail; 37 38 hdr = (struct ieee80211_hdr *)skb->data; 39 if (!tx->key || tx->key->conf.cipher != WLAN_CIPHER_SUITE_TKIP || 40 skb->len < 24 || !ieee80211_is_data_present(hdr->frame_control)) 41 return TX_CONTINUE; 42 43 hdrlen = ieee80211_hdrlen(hdr->frame_control); 44 if (skb->len < hdrlen) 45 return TX_DROP; 46 47 data = skb->data + hdrlen; 48 data_len = skb->len - hdrlen; 49 50 if (unlikely(info->flags & IEEE80211_TX_INTFL_TKIP_MIC_FAILURE)) { 51 /* Need to use software crypto for the test */ 52 info->control.hw_key = NULL; 53 } 54 55 if (info->control.hw_key && 56 (info->flags & IEEE80211_TX_CTL_DONTFRAG || 57 tx->local->ops->set_frag_threshold) && 58 !(tx->key->conf.flags & IEEE80211_KEY_FLAG_GENERATE_MMIC)) { 59 /* hwaccel - with no need for SW-generated MMIC */ 60 return TX_CONTINUE; 61 } 62 63 tail = MICHAEL_MIC_LEN; 64 if (!info->control.hw_key) 65 tail += IEEE80211_TKIP_ICV_LEN; 66 67 if (WARN_ON(skb_tailroom(skb) < tail || 68 skb_headroom(skb) < IEEE80211_TKIP_IV_LEN)) 69 return TX_DROP; 70 71 key = &tx->key->conf.key[NL80211_TKIP_DATA_OFFSET_TX_MIC_KEY]; 72 mic = skb_put(skb, MICHAEL_MIC_LEN); 73 michael_mic(key, hdr, data, data_len, mic); 74 if (unlikely(info->flags & IEEE80211_TX_INTFL_TKIP_MIC_FAILURE)) 75 mic[0]++; 76 77 return TX_CONTINUE; 78 } 79 80 81 ieee80211_rx_result 82 ieee80211_rx_h_michael_mic_verify(struct ieee80211_rx_data *rx) 83 { 84 u8 *data, *key = NULL; 85 size_t data_len; 86 unsigned int hdrlen; 87 u8 mic[MICHAEL_MIC_LEN]; 88 struct sk_buff *skb = rx->skb; 89 struct ieee80211_rx_status *status = IEEE80211_SKB_RXCB(skb); 90 struct ieee80211_hdr *hdr = (struct ieee80211_hdr *)skb->data; 91 92 /* 93 * it makes no sense to check for MIC errors on anything other 94 * than data frames. 95 */ 96 if (!ieee80211_is_data_present(hdr->frame_control)) 97 return RX_CONTINUE; 98 99 /* 100 * No way to verify the MIC if the hardware stripped it or 101 * the IV with the key index. In this case we have solely rely 102 * on the driver to set RX_FLAG_MMIC_ERROR in the event of a 103 * MIC failure report. 104 */ 105 if (status->flag & (RX_FLAG_MMIC_STRIPPED | RX_FLAG_IV_STRIPPED)) { 106 if (status->flag & RX_FLAG_MMIC_ERROR) 107 goto mic_fail_no_key; 108 109 if (!(status->flag & RX_FLAG_IV_STRIPPED) && rx->key && 110 rx->key->conf.cipher == WLAN_CIPHER_SUITE_TKIP) 111 goto update_iv; 112 113 return RX_CONTINUE; 114 } 115 116 /* 117 * Some hardware seems to generate Michael MIC failure reports; even 118 * though, the frame was not encrypted with TKIP and therefore has no 119 * MIC. Ignore the flag them to avoid triggering countermeasures. 120 */ 121 if (!rx->key || rx->key->conf.cipher != WLAN_CIPHER_SUITE_TKIP || 122 !(status->flag & RX_FLAG_DECRYPTED)) 123 return RX_CONTINUE; 124 125 if (rx->sdata->vif.type == NL80211_IFTYPE_AP && rx->key->conf.keyidx) { 126 /* 127 * APs with pairwise keys should never receive Michael MIC 128 * errors for non-zero keyidx because these are reserved for 129 * group keys and only the AP is sending real multicast 130 * frames in the BSS. ( 131 */ 132 return RX_DROP_UNUSABLE; 133 } 134 135 if (status->flag & RX_FLAG_MMIC_ERROR) 136 goto mic_fail; 137 138 hdrlen = ieee80211_hdrlen(hdr->frame_control); 139 if (skb->len < hdrlen + MICHAEL_MIC_LEN) 140 return RX_DROP_UNUSABLE; 141 142 if (skb_linearize(rx->skb)) 143 return RX_DROP_UNUSABLE; 144 hdr = (void *)skb->data; 145 146 data = skb->data + hdrlen; 147 data_len = skb->len - hdrlen - MICHAEL_MIC_LEN; 148 key = &rx->key->conf.key[NL80211_TKIP_DATA_OFFSET_RX_MIC_KEY]; 149 michael_mic(key, hdr, data, data_len, mic); 150 if (memcmp(mic, data + data_len, MICHAEL_MIC_LEN) != 0) 151 goto mic_fail; 152 153 /* remove Michael MIC from payload */ 154 skb_trim(skb, skb->len - MICHAEL_MIC_LEN); 155 156 update_iv: 157 /* update IV in key information to be able to detect replays */ 158 rx->key->u.tkip.rx[rx->security_idx].iv32 = rx->tkip_iv32; 159 rx->key->u.tkip.rx[rx->security_idx].iv16 = rx->tkip_iv16; 160 161 return RX_CONTINUE; 162 163 mic_fail: 164 rx->key->u.tkip.mic_failures++; 165 166 mic_fail_no_key: 167 /* 168 * In some cases the key can be unset - e.g. a multicast packet, in 169 * a driver that supports HW encryption. Send up the key idx only if 170 * the key is set. 171 */ 172 mac80211_ev_michael_mic_failure(rx->sdata, 173 rx->key ? rx->key->conf.keyidx : -1, 174 (void *) skb->data, NULL, GFP_ATOMIC); 175 return RX_DROP_UNUSABLE; 176 } 177 178 179 static int tkip_encrypt_skb(struct ieee80211_tx_data *tx, struct sk_buff *skb) 180 { 181 struct ieee80211_hdr *hdr = (struct ieee80211_hdr *) skb->data; 182 struct ieee80211_key *key = tx->key; 183 struct ieee80211_tx_info *info = IEEE80211_SKB_CB(skb); 184 unsigned int hdrlen; 185 int len, tail; 186 u8 *pos; 187 188 if (info->control.hw_key && 189 !(info->control.hw_key->flags & IEEE80211_KEY_FLAG_GENERATE_IV) && 190 !(info->control.hw_key->flags & IEEE80211_KEY_FLAG_PUT_IV_SPACE)) { 191 /* hwaccel - with no need for software-generated IV */ 192 return 0; 193 } 194 195 hdrlen = ieee80211_hdrlen(hdr->frame_control); 196 len = skb->len - hdrlen; 197 198 if (info->control.hw_key) 199 tail = 0; 200 else 201 tail = IEEE80211_TKIP_ICV_LEN; 202 203 if (WARN_ON(skb_tailroom(skb) < tail || 204 skb_headroom(skb) < IEEE80211_TKIP_IV_LEN)) 205 return -1; 206 207 pos = skb_push(skb, IEEE80211_TKIP_IV_LEN); 208 memmove(pos, pos + IEEE80211_TKIP_IV_LEN, hdrlen); 209 skb_set_network_header(skb, skb_network_offset(skb) + 210 IEEE80211_TKIP_IV_LEN); 211 pos += hdrlen; 212 213 /* the HW only needs room for the IV, but not the actual IV */ 214 if (info->control.hw_key && 215 (info->control.hw_key->flags & IEEE80211_KEY_FLAG_PUT_IV_SPACE)) 216 return 0; 217 218 /* Increase IV for the frame */ 219 spin_lock(&key->u.tkip.txlock); 220 key->u.tkip.tx.iv16++; 221 if (key->u.tkip.tx.iv16 == 0) 222 key->u.tkip.tx.iv32++; 223 pos = ieee80211_tkip_add_iv(pos, key); 224 spin_unlock(&key->u.tkip.txlock); 225 226 /* hwaccel - with software IV */ 227 if (info->control.hw_key) 228 return 0; 229 230 /* Add room for ICV */ 231 skb_put(skb, IEEE80211_TKIP_ICV_LEN); 232 233 return ieee80211_tkip_encrypt_data(tx->local->wep_tx_tfm, 234 key, skb, pos, len); 235 } 236 237 238 ieee80211_tx_result 239 ieee80211_crypto_tkip_encrypt(struct ieee80211_tx_data *tx) 240 { 241 struct sk_buff *skb; 242 243 ieee80211_tx_set_protected(tx); 244 245 skb_queue_walk(&tx->skbs, skb) { 246 if (tkip_encrypt_skb(tx, skb) < 0) 247 return TX_DROP; 248 } 249 250 return TX_CONTINUE; 251 } 252 253 254 ieee80211_rx_result 255 ieee80211_crypto_tkip_decrypt(struct ieee80211_rx_data *rx) 256 { 257 struct ieee80211_hdr *hdr = (struct ieee80211_hdr *) rx->skb->data; 258 int hdrlen, res, hwaccel = 0; 259 struct ieee80211_key *key = rx->key; 260 struct sk_buff *skb = rx->skb; 261 struct ieee80211_rx_status *status = IEEE80211_SKB_RXCB(skb); 262 263 hdrlen = ieee80211_hdrlen(hdr->frame_control); 264 265 if (!ieee80211_is_data(hdr->frame_control)) 266 return RX_CONTINUE; 267 268 if (!rx->sta || skb->len - hdrlen < 12) 269 return RX_DROP_UNUSABLE; 270 271 /* it may be possible to optimize this a bit more */ 272 if (skb_linearize(rx->skb)) 273 return RX_DROP_UNUSABLE; 274 hdr = (void *)skb->data; 275 276 /* 277 * Let TKIP code verify IV, but skip decryption. 278 * In the case where hardware checks the IV as well, 279 * we don't even get here, see ieee80211_rx_h_decrypt() 280 */ 281 if (status->flag & RX_FLAG_DECRYPTED) 282 hwaccel = 1; 283 284 res = ieee80211_tkip_decrypt_data(rx->local->wep_rx_tfm, 285 key, skb->data + hdrlen, 286 skb->len - hdrlen, rx->sta->sta.addr, 287 hdr->addr1, hwaccel, rx->security_idx, 288 &rx->tkip_iv32, 289 &rx->tkip_iv16); 290 if (res != TKIP_DECRYPT_OK) 291 return RX_DROP_UNUSABLE; 292 293 /* Trim ICV */ 294 skb_trim(skb, skb->len - IEEE80211_TKIP_ICV_LEN); 295 296 /* Remove IV */ 297 memmove(skb->data + IEEE80211_TKIP_IV_LEN, skb->data, hdrlen); 298 skb_pull(skb, IEEE80211_TKIP_IV_LEN); 299 300 return RX_CONTINUE; 301 } 302 303 304 static void ccmp_special_blocks(struct sk_buff *skb, u8 *pn, u8 *scratch, 305 int encrypted) 306 { 307 __le16 mask_fc; 308 int a4_included, mgmt; 309 u8 qos_tid; 310 u8 *b_0, *aad; 311 u16 data_len, len_a; 312 unsigned int hdrlen; 313 struct ieee80211_hdr *hdr = (struct ieee80211_hdr *)skb->data; 314 315 memset(scratch, 0, 6 * AES_BLOCK_SIZE); 316 317 b_0 = scratch + 3 * AES_BLOCK_SIZE; 318 aad = scratch + 4 * AES_BLOCK_SIZE; 319 320 /* 321 * Mask FC: zero subtype b4 b5 b6 (if not mgmt) 322 * Retry, PwrMgt, MoreData; set Protected 323 */ 324 mgmt = ieee80211_is_mgmt(hdr->frame_control); 325 mask_fc = hdr->frame_control; 326 mask_fc &= ~cpu_to_le16(IEEE80211_FCTL_RETRY | 327 IEEE80211_FCTL_PM | IEEE80211_FCTL_MOREDATA); 328 if (!mgmt) 329 mask_fc &= ~cpu_to_le16(0x0070); 330 mask_fc |= cpu_to_le16(IEEE80211_FCTL_PROTECTED); 331 332 hdrlen = ieee80211_hdrlen(hdr->frame_control); 333 len_a = hdrlen - 2; 334 a4_included = ieee80211_has_a4(hdr->frame_control); 335 336 if (ieee80211_is_data_qos(hdr->frame_control)) 337 qos_tid = *ieee80211_get_qos_ctl(hdr) & IEEE80211_QOS_CTL_TID_MASK; 338 else 339 qos_tid = 0; 340 341 data_len = skb->len - hdrlen - IEEE80211_CCMP_HDR_LEN; 342 if (encrypted) 343 data_len -= IEEE80211_CCMP_MIC_LEN; 344 345 /* First block, b_0 */ 346 b_0[0] = 0x59; /* flags: Adata: 1, M: 011, L: 001 */ 347 /* Nonce: Nonce Flags | A2 | PN 348 * Nonce Flags: Priority (b0..b3) | Management (b4) | Reserved (b5..b7) 349 */ 350 b_0[1] = qos_tid | (mgmt << 4); 351 memcpy(&b_0[2], hdr->addr2, ETH_ALEN); 352 memcpy(&b_0[8], pn, IEEE80211_CCMP_PN_LEN); 353 /* l(m) */ 354 put_unaligned_be16(data_len, &b_0[14]); 355 356 /* AAD (extra authenticate-only data) / masked 802.11 header 357 * FC | A1 | A2 | A3 | SC | [A4] | [QC] */ 358 put_unaligned_be16(len_a, &aad[0]); 359 put_unaligned(mask_fc, (__le16 *)&aad[2]); 360 memcpy(&aad[4], &hdr->addr1, 3 * ETH_ALEN); 361 362 /* Mask Seq#, leave Frag# */ 363 aad[22] = *((u8 *) &hdr->seq_ctrl) & 0x0f; 364 aad[23] = 0; 365 366 if (a4_included) { 367 memcpy(&aad[24], hdr->addr4, ETH_ALEN); 368 aad[30] = qos_tid; 369 aad[31] = 0; 370 } else { 371 memset(&aad[24], 0, ETH_ALEN + IEEE80211_QOS_CTL_LEN); 372 aad[24] = qos_tid; 373 } 374 } 375 376 377 static inline void ccmp_pn2hdr(u8 *hdr, u8 *pn, int key_id) 378 { 379 hdr[0] = pn[5]; 380 hdr[1] = pn[4]; 381 hdr[2] = 0; 382 hdr[3] = 0x20 | (key_id << 6); 383 hdr[4] = pn[3]; 384 hdr[5] = pn[2]; 385 hdr[6] = pn[1]; 386 hdr[7] = pn[0]; 387 } 388 389 390 static inline void ccmp_hdr2pn(u8 *pn, u8 *hdr) 391 { 392 pn[0] = hdr[7]; 393 pn[1] = hdr[6]; 394 pn[2] = hdr[5]; 395 pn[3] = hdr[4]; 396 pn[4] = hdr[1]; 397 pn[5] = hdr[0]; 398 } 399 400 401 static int ccmp_encrypt_skb(struct ieee80211_tx_data *tx, struct sk_buff *skb) 402 { 403 struct ieee80211_hdr *hdr = (struct ieee80211_hdr *) skb->data; 404 struct ieee80211_key *key = tx->key; 405 struct ieee80211_tx_info *info = IEEE80211_SKB_CB(skb); 406 int hdrlen, len, tail; 407 u8 *pos; 408 u8 pn[6]; 409 u64 pn64; 410 u8 scratch[6 * AES_BLOCK_SIZE]; 411 412 if (info->control.hw_key && 413 !(info->control.hw_key->flags & IEEE80211_KEY_FLAG_GENERATE_IV) && 414 !(info->control.hw_key->flags & IEEE80211_KEY_FLAG_PUT_IV_SPACE)) { 415 /* 416 * hwaccel has no need for preallocated room for CCMP 417 * header or MIC fields 418 */ 419 return 0; 420 } 421 422 hdrlen = ieee80211_hdrlen(hdr->frame_control); 423 len = skb->len - hdrlen; 424 425 if (info->control.hw_key) 426 tail = 0; 427 else 428 tail = IEEE80211_CCMP_MIC_LEN; 429 430 if (WARN_ON(skb_tailroom(skb) < tail || 431 skb_headroom(skb) < IEEE80211_CCMP_HDR_LEN)) 432 return -1; 433 434 pos = skb_push(skb, IEEE80211_CCMP_HDR_LEN); 435 memmove(pos, pos + IEEE80211_CCMP_HDR_LEN, hdrlen); 436 skb_set_network_header(skb, skb_network_offset(skb) + 437 IEEE80211_CCMP_HDR_LEN); 438 439 /* the HW only needs room for the IV, but not the actual IV */ 440 if (info->control.hw_key && 441 (info->control.hw_key->flags & IEEE80211_KEY_FLAG_PUT_IV_SPACE)) 442 return 0; 443 444 hdr = (struct ieee80211_hdr *) pos; 445 pos += hdrlen; 446 447 pn64 = atomic64_inc_return(&key->u.ccmp.tx_pn); 448 449 pn[5] = pn64; 450 pn[4] = pn64 >> 8; 451 pn[3] = pn64 >> 16; 452 pn[2] = pn64 >> 24; 453 pn[1] = pn64 >> 32; 454 pn[0] = pn64 >> 40; 455 456 ccmp_pn2hdr(pos, pn, key->conf.keyidx); 457 458 /* hwaccel - with software CCMP header */ 459 if (info->control.hw_key) 460 return 0; 461 462 pos += IEEE80211_CCMP_HDR_LEN; 463 ccmp_special_blocks(skb, pn, scratch, 0); 464 ieee80211_aes_ccm_encrypt(key->u.ccmp.tfm, scratch, pos, len, 465 pos, skb_put(skb, IEEE80211_CCMP_MIC_LEN)); 466 467 return 0; 468 } 469 470 471 ieee80211_tx_result 472 ieee80211_crypto_ccmp_encrypt(struct ieee80211_tx_data *tx) 473 { 474 struct sk_buff *skb; 475 476 ieee80211_tx_set_protected(tx); 477 478 skb_queue_walk(&tx->skbs, skb) { 479 if (ccmp_encrypt_skb(tx, skb) < 0) 480 return TX_DROP; 481 } 482 483 return TX_CONTINUE; 484 } 485 486 487 ieee80211_rx_result 488 ieee80211_crypto_ccmp_decrypt(struct ieee80211_rx_data *rx) 489 { 490 struct ieee80211_hdr *hdr = (struct ieee80211_hdr *)rx->skb->data; 491 int hdrlen; 492 struct ieee80211_key *key = rx->key; 493 struct sk_buff *skb = rx->skb; 494 struct ieee80211_rx_status *status = IEEE80211_SKB_RXCB(skb); 495 u8 pn[IEEE80211_CCMP_PN_LEN]; 496 int data_len; 497 int queue; 498 499 hdrlen = ieee80211_hdrlen(hdr->frame_control); 500 501 if (!ieee80211_is_data(hdr->frame_control) && 502 !ieee80211_is_robust_mgmt_frame(hdr)) 503 return RX_CONTINUE; 504 505 data_len = skb->len - hdrlen - IEEE80211_CCMP_HDR_LEN - 506 IEEE80211_CCMP_MIC_LEN; 507 if (!rx->sta || data_len < 0) 508 return RX_DROP_UNUSABLE; 509 510 if (status->flag & RX_FLAG_DECRYPTED) { 511 if (!pskb_may_pull(rx->skb, hdrlen + IEEE80211_CCMP_HDR_LEN)) 512 return RX_DROP_UNUSABLE; 513 } else { 514 if (skb_linearize(rx->skb)) 515 return RX_DROP_UNUSABLE; 516 } 517 518 ccmp_hdr2pn(pn, skb->data + hdrlen); 519 520 queue = rx->security_idx; 521 522 if (memcmp(pn, key->u.ccmp.rx_pn[queue], IEEE80211_CCMP_PN_LEN) <= 0) { 523 key->u.ccmp.replays++; 524 return RX_DROP_UNUSABLE; 525 } 526 527 if (!(status->flag & RX_FLAG_DECRYPTED)) { 528 u8 scratch[6 * AES_BLOCK_SIZE]; 529 /* hardware didn't decrypt/verify MIC */ 530 ccmp_special_blocks(skb, pn, scratch, 1); 531 532 if (ieee80211_aes_ccm_decrypt( 533 key->u.ccmp.tfm, scratch, 534 skb->data + hdrlen + IEEE80211_CCMP_HDR_LEN, 535 data_len, 536 skb->data + skb->len - IEEE80211_CCMP_MIC_LEN, 537 skb->data + hdrlen + IEEE80211_CCMP_HDR_LEN)) 538 return RX_DROP_UNUSABLE; 539 } 540 541 memcpy(key->u.ccmp.rx_pn[queue], pn, IEEE80211_CCMP_PN_LEN); 542 543 /* Remove CCMP header and MIC */ 544 if (pskb_trim(skb, skb->len - IEEE80211_CCMP_MIC_LEN)) 545 return RX_DROP_UNUSABLE; 546 memmove(skb->data + IEEE80211_CCMP_HDR_LEN, skb->data, hdrlen); 547 skb_pull(skb, IEEE80211_CCMP_HDR_LEN); 548 549 return RX_CONTINUE; 550 } 551 552 553 static void bip_aad(struct sk_buff *skb, u8 *aad) 554 { 555 __le16 mask_fc; 556 struct ieee80211_hdr *hdr = (struct ieee80211_hdr *) skb->data; 557 558 /* BIP AAD: FC(masked) || A1 || A2 || A3 */ 559 560 /* FC type/subtype */ 561 /* Mask FC Retry, PwrMgt, MoreData flags to zero */ 562 mask_fc = hdr->frame_control; 563 mask_fc &= ~cpu_to_le16(IEEE80211_FCTL_RETRY | IEEE80211_FCTL_PM | 564 IEEE80211_FCTL_MOREDATA); 565 put_unaligned(mask_fc, (__le16 *) &aad[0]); 566 /* A1 || A2 || A3 */ 567 memcpy(aad + 2, &hdr->addr1, 3 * ETH_ALEN); 568 } 569 570 571 static inline void bip_ipn_set64(u8 *d, u64 pn) 572 { 573 *d++ = pn; 574 *d++ = pn >> 8; 575 *d++ = pn >> 16; 576 *d++ = pn >> 24; 577 *d++ = pn >> 32; 578 *d = pn >> 40; 579 } 580 581 static inline void bip_ipn_swap(u8 *d, const u8 *s) 582 { 583 *d++ = s[5]; 584 *d++ = s[4]; 585 *d++ = s[3]; 586 *d++ = s[2]; 587 *d++ = s[1]; 588 *d = s[0]; 589 } 590 591 592 ieee80211_tx_result 593 ieee80211_crypto_aes_cmac_encrypt(struct ieee80211_tx_data *tx) 594 { 595 struct sk_buff *skb; 596 struct ieee80211_tx_info *info; 597 struct ieee80211_key *key = tx->key; 598 struct ieee80211_mmie *mmie; 599 u8 aad[20]; 600 u64 pn64; 601 602 if (WARN_ON(skb_queue_len(&tx->skbs) != 1)) 603 return TX_DROP; 604 605 skb = skb_peek(&tx->skbs); 606 607 info = IEEE80211_SKB_CB(skb); 608 609 if (info->control.hw_key) 610 return TX_CONTINUE; 611 612 if (WARN_ON(skb_tailroom(skb) < sizeof(*mmie))) 613 return TX_DROP; 614 615 mmie = (struct ieee80211_mmie *) skb_put(skb, sizeof(*mmie)); 616 mmie->element_id = WLAN_EID_MMIE; 617 mmie->length = sizeof(*mmie) - 2; 618 mmie->key_id = cpu_to_le16(key->conf.keyidx); 619 620 /* PN = PN + 1 */ 621 pn64 = atomic64_inc_return(&key->u.aes_cmac.tx_pn); 622 623 bip_ipn_set64(mmie->sequence_number, pn64); 624 625 bip_aad(skb, aad); 626 627 /* 628 * MIC = AES-128-CMAC(IGTK, AAD || Management Frame Body || MMIE, 64) 629 */ 630 ieee80211_aes_cmac(key->u.aes_cmac.tfm, aad, 631 skb->data + 24, skb->len - 24, mmie->mic); 632 633 return TX_CONTINUE; 634 } 635 636 637 ieee80211_rx_result 638 ieee80211_crypto_aes_cmac_decrypt(struct ieee80211_rx_data *rx) 639 { 640 struct sk_buff *skb = rx->skb; 641 struct ieee80211_rx_status *status = IEEE80211_SKB_RXCB(skb); 642 struct ieee80211_key *key = rx->key; 643 struct ieee80211_mmie *mmie; 644 u8 aad[20], mic[8], ipn[6]; 645 struct ieee80211_hdr *hdr = (struct ieee80211_hdr *) skb->data; 646 647 if (!ieee80211_is_mgmt(hdr->frame_control)) 648 return RX_CONTINUE; 649 650 /* management frames are already linear */ 651 652 if (skb->len < 24 + sizeof(*mmie)) 653 return RX_DROP_UNUSABLE; 654 655 mmie = (struct ieee80211_mmie *) 656 (skb->data + skb->len - sizeof(*mmie)); 657 if (mmie->element_id != WLAN_EID_MMIE || 658 mmie->length != sizeof(*mmie) - 2) 659 return RX_DROP_UNUSABLE; /* Invalid MMIE */ 660 661 bip_ipn_swap(ipn, mmie->sequence_number); 662 663 if (memcmp(ipn, key->u.aes_cmac.rx_pn, 6) <= 0) { 664 key->u.aes_cmac.replays++; 665 return RX_DROP_UNUSABLE; 666 } 667 668 if (!(status->flag & RX_FLAG_DECRYPTED)) { 669 /* hardware didn't decrypt/verify MIC */ 670 bip_aad(skb, aad); 671 ieee80211_aes_cmac(key->u.aes_cmac.tfm, aad, 672 skb->data + 24, skb->len - 24, mic); 673 if (memcmp(mic, mmie->mic, sizeof(mmie->mic)) != 0) { 674 key->u.aes_cmac.icverrors++; 675 return RX_DROP_UNUSABLE; 676 } 677 } 678 679 memcpy(key->u.aes_cmac.rx_pn, ipn, 6); 680 681 /* Remove MMIE */ 682 skb_trim(skb, skb->len - sizeof(*mmie)); 683 684 return RX_CONTINUE; 685 } 686 687 ieee80211_tx_result 688 ieee80211_crypto_hw_encrypt(struct ieee80211_tx_data *tx) 689 { 690 struct sk_buff *skb; 691 struct ieee80211_tx_info *info = NULL; 692 693 skb_queue_walk(&tx->skbs, skb) { 694 info = IEEE80211_SKB_CB(skb); 695 696 /* handle hw-only algorithm */ 697 if (!info->control.hw_key) 698 return TX_DROP; 699 } 700 701 ieee80211_tx_set_protected(tx); 702 703 return TX_CONTINUE; 704 } 705