2 * Copyright 2002-2004, Instant802 Networks, Inc.
4 * This program is free software; you can redistribute it and/or modify
5 * it under the terms of the GNU General Public License version 2 as
6 * published by the Free Software Foundation.
9 #include <linux/netdevice.h>
10 #include <linux/types.h>
11 #include <linux/slab.h>
12 #include <linux/skbuff.h>
13 #include <linux/compiler.h>
14 #include <net/mac80211.h>
16 #include "ieee80211_i.h"
22 static int ieee80211_get_hdr_info(const struct sk_buff *skb, u8 **sa, u8 **da,
23 u8 *qos_tid, u8 **data, size_t *data_len)
25 struct ieee80211_hdr *hdr;
29 hdr = (struct ieee80211_hdr *)skb->data;
30 fc = hdr->frame_control;
32 hdrlen = ieee80211_hdrlen(fc);
34 *sa = ieee80211_get_SA(hdr);
35 *da = ieee80211_get_DA(hdr);
37 *data = skb->data + hdrlen;
38 *data_len = skb->len - hdrlen;
40 if (ieee80211_is_data_qos(fc))
41 *qos_tid = (*ieee80211_get_qos_ctl(hdr) & 0x0f) | 0x80;
45 return skb->len < hdrlen ? -1 : 0;
50 ieee80211_tx_h_michael_mic_add(struct ieee80211_tx_data *tx)
52 u8 *data, *sa, *da, *key, *mic, qos_tid, key_offset;
55 struct sk_buff *skb = tx->skb;
62 if (!tx->key || tx->key->conf.alg != ALG_TKIP || skb->len < 24 ||
63 !WLAN_FC_DATA_PRESENT(fc))
66 if (ieee80211_get_hdr_info(skb, &sa, &da, &qos_tid, &data, &data_len))
69 if ((tx->key->flags & KEY_FLAG_UPLOADED_TO_HARDWARE) &&
70 !(tx->flags & IEEE80211_TX_FRAGMENTED) &&
71 !(tx->key->conf.flags & IEEE80211_KEY_FLAG_GENERATE_MMIC) &&
73 /* hwaccel - with no need for preallocated room for Michael MIC
78 tail = MICHAEL_MIC_LEN;
79 if (!(tx->key->flags & KEY_FLAG_UPLOADED_TO_HARDWARE))
82 if (WARN_ON(skb_tailroom(skb) < tail ||
83 skb_headroom(skb) < TKIP_IV_LEN))
87 authenticator = fc & IEEE80211_FCTL_FROMDS; /* FIX */
91 /* At this point we know we're using ALG_TKIP. To get the MIC key
92 * we now will rely on the offset from the ieee80211_key_conf::key */
93 key_offset = authenticator ?
94 NL80211_TKIP_DATA_OFFSET_TX_MIC_KEY :
95 NL80211_TKIP_DATA_OFFSET_RX_MIC_KEY;
96 key = &tx->key->conf.key[key_offset];
97 mic = skb_put(skb, MICHAEL_MIC_LEN);
98 michael_mic(key, da, sa, qos_tid & 0x0f, data, data_len, mic);
105 ieee80211_rx_h_michael_mic_verify(struct ieee80211_rx_data *rx)
107 u8 *data, *sa, *da, *key = NULL, qos_tid, key_offset;
110 u8 mic[MICHAEL_MIC_LEN];
111 struct sk_buff *skb = rx->skb;
112 int authenticator = 1, wpa_test = 0;
113 DECLARE_MAC_BUF(mac);
118 * No way to verify the MIC if the hardware stripped it
120 if (rx->status->flag & RX_FLAG_MMIC_STRIPPED)
123 if (!rx->key || rx->key->conf.alg != ALG_TKIP ||
124 !(rx->fc & IEEE80211_FCTL_PROTECTED) || !WLAN_FC_DATA_PRESENT(fc))
127 if (ieee80211_get_hdr_info(skb, &sa, &da, &qos_tid, &data, &data_len)
128 || data_len < MICHAEL_MIC_LEN)
129 return RX_DROP_UNUSABLE;
131 data_len -= MICHAEL_MIC_LEN;
134 authenticator = fc & IEEE80211_FCTL_TODS; /* FIX */
138 /* At this point we know we're using ALG_TKIP. To get the MIC key
139 * we now will rely on the offset from the ieee80211_key_conf::key */
140 key_offset = authenticator ?
141 NL80211_TKIP_DATA_OFFSET_RX_MIC_KEY :
142 NL80211_TKIP_DATA_OFFSET_TX_MIC_KEY;
143 key = &rx->key->conf.key[key_offset];
144 michael_mic(key, da, sa, qos_tid & 0x0f, data, data_len, mic);
145 if (memcmp(mic, data + data_len, MICHAEL_MIC_LEN) != 0 || wpa_test) {
146 if (!(rx->flags & IEEE80211_RX_RA_MATCH))
147 return RX_DROP_UNUSABLE;
149 printk(KERN_DEBUG "%s: invalid Michael MIC in data frame from "
150 "%s\n", rx->dev->name, print_mac(mac, sa));
152 mac80211_ev_michael_mic_failure(rx->dev, rx->key->conf.keyidx,
154 return RX_DROP_UNUSABLE;
157 /* remove Michael MIC from payload */
158 skb_trim(skb, skb->len - MICHAEL_MIC_LEN);
160 /* update IV in key information to be able to detect replays */
161 rx->key->u.tkip.rx[rx->queue].iv32 = rx->tkip_iv32;
162 rx->key->u.tkip.rx[rx->queue].iv16 = rx->tkip_iv16;
168 static int tkip_encrypt_skb(struct ieee80211_tx_data *tx, struct sk_buff *skb)
170 struct ieee80211_hdr *hdr = (struct ieee80211_hdr *) skb->data;
171 struct ieee80211_key *key = tx->key;
172 struct ieee80211_tx_info *info = IEEE80211_SKB_CB(skb);
177 info->control.icv_len = TKIP_ICV_LEN;
178 info->control.iv_len = TKIP_IV_LEN;
180 if ((tx->key->flags & KEY_FLAG_UPLOADED_TO_HARDWARE) &&
181 !(tx->key->conf.flags & IEEE80211_KEY_FLAG_GENERATE_IV)) {
182 /* hwaccel - with no need for preallocated room for IV/ICV */
183 info->control.hw_key = &tx->key->conf;
187 hdrlen = ieee80211_hdrlen(hdr->frame_control);
188 len = skb->len - hdrlen;
190 if (tx->key->flags & KEY_FLAG_UPLOADED_TO_HARDWARE)
195 if (WARN_ON(skb_tailroom(skb) < tail ||
196 skb_headroom(skb) < TKIP_IV_LEN))
199 pos = skb_push(skb, TKIP_IV_LEN);
200 memmove(pos, pos + TKIP_IV_LEN, hdrlen);
203 /* Increase IV for the frame */
204 key->u.tkip.tx.iv16++;
205 if (key->u.tkip.tx.iv16 == 0)
206 key->u.tkip.tx.iv32++;
208 if (tx->key->flags & KEY_FLAG_UPLOADED_TO_HARDWARE) {
209 /* hwaccel - with preallocated room for IV */
210 ieee80211_tkip_add_iv(pos, key, key->u.tkip.tx.iv16);
212 info->control.hw_key = &tx->key->conf;
216 /* Add room for ICV */
217 skb_put(skb, TKIP_ICV_LEN);
219 hdr = (struct ieee80211_hdr *) skb->data;
220 ieee80211_tkip_encrypt_data(tx->local->wep_tx_tfm,
221 key, pos, len, hdr->addr2);
227 ieee80211_crypto_tkip_encrypt(struct ieee80211_tx_data *tx)
229 struct sk_buff *skb = tx->skb;
231 ieee80211_tx_set_protected(tx);
233 if (tkip_encrypt_skb(tx, skb) < 0)
236 if (tx->extra_frag) {
238 for (i = 0; i < tx->num_extra_frag; i++) {
239 if (tkip_encrypt_skb(tx, tx->extra_frag[i]) < 0)
249 ieee80211_crypto_tkip_decrypt(struct ieee80211_rx_data *rx)
251 struct ieee80211_hdr *hdr = (struct ieee80211_hdr *) rx->skb->data;
252 int hdrlen, res, hwaccel = 0, wpa_test = 0;
253 struct ieee80211_key *key = rx->key;
254 struct sk_buff *skb = rx->skb;
255 DECLARE_MAC_BUF(mac);
257 hdrlen = ieee80211_hdrlen(hdr->frame_control);
259 if ((rx->fc & IEEE80211_FCTL_FTYPE) != IEEE80211_FTYPE_DATA)
262 if (!rx->sta || skb->len - hdrlen < 12)
263 return RX_DROP_UNUSABLE;
265 if (rx->status->flag & RX_FLAG_DECRYPTED) {
266 if (rx->status->flag & RX_FLAG_IV_STRIPPED) {
268 * Hardware took care of all processing, including
269 * replay protection, and stripped the ICV/IV so
270 * we cannot do any checks here.
275 /* let TKIP code verify IV, but skip decryption */
279 res = ieee80211_tkip_decrypt_data(rx->local->wep_rx_tfm,
280 key, skb->data + hdrlen,
281 skb->len - hdrlen, rx->sta->addr,
282 hdr->addr1, hwaccel, rx->queue,
285 if (res != TKIP_DECRYPT_OK || wpa_test) {
286 #ifdef CONFIG_MAC80211_DEBUG
288 printk(KERN_DEBUG "%s: TKIP decrypt failed for RX "
289 "frame from %s (res=%d)\n", rx->dev->name,
290 print_mac(mac, rx->sta->addr), res);
291 #endif /* CONFIG_MAC80211_DEBUG */
292 return RX_DROP_UNUSABLE;
296 skb_trim(skb, skb->len - TKIP_ICV_LEN);
299 memmove(skb->data + TKIP_IV_LEN, skb->data, hdrlen);
300 skb_pull(skb, TKIP_IV_LEN);
306 static void ccmp_special_blocks(struct sk_buff *skb, u8 *pn, u8 *b_0, u8 *aad,
310 int a4_included, qos_included;
311 u8 qos_tid, *fc_pos, *data, *sa, *da;
314 struct ieee80211_hdr *hdr = (struct ieee80211_hdr *) skb->data;
316 fc_pos = (u8 *) &hdr->frame_control;
317 fc = fc_pos[0] ^ (fc_pos[1] << 8);
318 a4_included = (fc & (IEEE80211_FCTL_TODS | IEEE80211_FCTL_FROMDS)) ==
319 (IEEE80211_FCTL_TODS | IEEE80211_FCTL_FROMDS);
321 ieee80211_get_hdr_info(skb, &sa, &da, &qos_tid, &data, &data_len);
322 data_len -= CCMP_HDR_LEN + (encrypted ? CCMP_MIC_LEN : 0);
323 if (qos_tid & 0x80) {
328 /* First block, b_0 */
330 b_0[0] = 0x59; /* flags: Adata: 1, M: 011, L: 001 */
331 /* Nonce: QoS Priority | A2 | PN */
333 memcpy(&b_0[2], hdr->addr2, 6);
334 memcpy(&b_0[8], pn, CCMP_PN_LEN);
336 b_0[14] = (data_len >> 8) & 0xff;
337 b_0[15] = data_len & 0xff;
340 /* AAD (extra authenticate-only data) / masked 802.11 header
341 * FC | A1 | A2 | A3 | SC | [A4] | [QC] */
343 len_a = a4_included ? 28 : 22;
347 aad[0] = 0; /* (len_a >> 8) & 0xff; */
348 aad[1] = len_a & 0xff;
349 /* Mask FC: zero subtype b4 b5 b6 */
350 aad[2] = fc_pos[0] & ~(BIT(4) | BIT(5) | BIT(6));
351 /* Retry, PwrMgt, MoreData; set Protected */
352 aad[3] = (fc_pos[1] & ~(BIT(3) | BIT(4) | BIT(5))) | BIT(6);
353 memcpy(&aad[4], &hdr->addr1, 18);
355 /* Mask Seq#, leave Frag# */
356 aad[22] = *((u8 *) &hdr->seq_ctrl) & 0x0f;
359 memcpy(&aad[24], hdr->addr4, 6);
363 memset(&aad[24], 0, 8);
365 u8 *dpos = &aad[a4_included ? 30 : 24];
367 /* Mask QoS Control field */
374 static inline void ccmp_pn2hdr(u8 *hdr, u8 *pn, int key_id)
379 hdr[3] = 0x20 | (key_id << 6);
387 static inline int ccmp_hdr2pn(u8 *pn, u8 *hdr)
395 return (hdr[3] >> 6) & 0x03;
399 static int ccmp_encrypt_skb(struct ieee80211_tx_data *tx, struct sk_buff *skb)
401 struct ieee80211_hdr *hdr = (struct ieee80211_hdr *) skb->data;
402 struct ieee80211_key *key = tx->key;
403 struct ieee80211_tx_info *info = IEEE80211_SKB_CB(skb);
404 int hdrlen, len, tail;
405 u8 *pos, *pn, *b_0, *aad, *scratch;
408 info->control.icv_len = CCMP_MIC_LEN;
409 info->control.iv_len = CCMP_HDR_LEN;
411 if ((tx->key->flags & KEY_FLAG_UPLOADED_TO_HARDWARE) &&
412 !(tx->key->conf.flags & IEEE80211_KEY_FLAG_GENERATE_IV)) {
413 /* hwaccel - with no need for preallocated room for CCMP "
414 * header or MIC fields */
415 info->control.hw_key = &tx->key->conf;
419 scratch = key->u.ccmp.tx_crypto_buf;
420 b_0 = scratch + 3 * AES_BLOCK_LEN;
421 aad = scratch + 4 * AES_BLOCK_LEN;
423 hdrlen = ieee80211_hdrlen(hdr->frame_control);
424 len = skb->len - hdrlen;
426 if (key->flags & KEY_FLAG_UPLOADED_TO_HARDWARE)
431 if (WARN_ON(skb_tailroom(skb) < tail ||
432 skb_headroom(skb) < CCMP_HDR_LEN))
435 pos = skb_push(skb, CCMP_HDR_LEN);
436 memmove(pos, pos + CCMP_HDR_LEN, hdrlen);
437 hdr = (struct ieee80211_hdr *) pos;
441 pn = key->u.ccmp.tx_pn;
443 for (i = CCMP_PN_LEN - 1; i >= 0; i--) {
449 ccmp_pn2hdr(pos, pn, key->conf.keyidx);
451 if (key->flags & KEY_FLAG_UPLOADED_TO_HARDWARE) {
452 /* hwaccel - with preallocated room for CCMP header */
453 info->control.hw_key = &tx->key->conf;
458 ccmp_special_blocks(skb, pn, b_0, aad, 0);
459 ieee80211_aes_ccm_encrypt(key->u.ccmp.tfm, scratch, b_0, aad, pos, len,
460 pos, skb_put(skb, CCMP_MIC_LEN));
467 ieee80211_crypto_ccmp_encrypt(struct ieee80211_tx_data *tx)
469 struct sk_buff *skb = tx->skb;
471 ieee80211_tx_set_protected(tx);
473 if (ccmp_encrypt_skb(tx, skb) < 0)
476 if (tx->extra_frag) {
478 for (i = 0; i < tx->num_extra_frag; i++) {
479 if (ccmp_encrypt_skb(tx, tx->extra_frag[i]) < 0)
489 ieee80211_crypto_ccmp_decrypt(struct ieee80211_rx_data *rx)
491 struct ieee80211_hdr *hdr = (struct ieee80211_hdr *) rx->skb->data;
493 struct ieee80211_key *key = rx->key;
494 struct sk_buff *skb = rx->skb;
497 DECLARE_MAC_BUF(mac);
499 hdrlen = ieee80211_hdrlen(hdr->frame_control);
501 if ((rx->fc & IEEE80211_FCTL_FTYPE) != IEEE80211_FTYPE_DATA)
504 data_len = skb->len - hdrlen - CCMP_HDR_LEN - CCMP_MIC_LEN;
505 if (!rx->sta || data_len < 0)
506 return RX_DROP_UNUSABLE;
508 if ((rx->status->flag & RX_FLAG_DECRYPTED) &&
509 (rx->status->flag & RX_FLAG_IV_STRIPPED))
512 (void) ccmp_hdr2pn(pn, skb->data + hdrlen);
514 if (memcmp(pn, key->u.ccmp.rx_pn[rx->queue], CCMP_PN_LEN) <= 0) {
515 #ifdef CONFIG_MAC80211_DEBUG
516 u8 *ppn = key->u.ccmp.rx_pn[rx->queue];
518 printk(KERN_DEBUG "%s: CCMP replay detected for RX frame from "
519 "%s (RX PN %02x%02x%02x%02x%02x%02x <= prev. PN "
520 "%02x%02x%02x%02x%02x%02x)\n", rx->dev->name,
521 print_mac(mac, rx->sta->addr),
522 pn[0], pn[1], pn[2], pn[3], pn[4], pn[5],
523 ppn[0], ppn[1], ppn[2], ppn[3], ppn[4], ppn[5]);
524 #endif /* CONFIG_MAC80211_DEBUG */
525 key->u.ccmp.replays++;
526 return RX_DROP_UNUSABLE;
529 if (!(rx->status->flag & RX_FLAG_DECRYPTED)) {
530 /* hardware didn't decrypt/verify MIC */
531 u8 *scratch, *b_0, *aad;
533 scratch = key->u.ccmp.rx_crypto_buf;
534 b_0 = scratch + 3 * AES_BLOCK_LEN;
535 aad = scratch + 4 * AES_BLOCK_LEN;
537 ccmp_special_blocks(skb, pn, b_0, aad, 1);
539 if (ieee80211_aes_ccm_decrypt(
540 key->u.ccmp.tfm, scratch, b_0, aad,
541 skb->data + hdrlen + CCMP_HDR_LEN, data_len,
542 skb->data + skb->len - CCMP_MIC_LEN,
543 skb->data + hdrlen + CCMP_HDR_LEN)) {
544 #ifdef CONFIG_MAC80211_DEBUG
546 printk(KERN_DEBUG "%s: CCMP decrypt failed "
547 "for RX frame from %s\n", rx->dev->name,
548 print_mac(mac, rx->sta->addr));
549 #endif /* CONFIG_MAC80211_DEBUG */
550 return RX_DROP_UNUSABLE;
554 memcpy(key->u.ccmp.rx_pn[rx->queue], pn, CCMP_PN_LEN);
556 /* Remove CCMP header and MIC */
557 skb_trim(skb, skb->len - CCMP_MIC_LEN);
558 memmove(skb->data + CCMP_HDR_LEN, skb->data, hdrlen);
559 skb_pull(skb, CCMP_HDR_LEN);
git://ftp.safe.ca / safe / jmp / linux-2.6 / blob