2
* Copyright 2002-2004, Instant802 Networks, Inc.
3
* Copyright 2008, Jouni Malinen <j@w1.fi>
5
* This program is free software; you can redistribute it and/or modify
6
* it under the terms of the GNU General Public License version 2 as
7
* published by the Free Software Foundation.
10
#include <linux/netdevice.h>
11
#include <linux/types.h>
12
#include <linux/skbuff.h>
13
#include <linux/compiler.h>
14
#include <linux/ieee80211.h>
15
#include <linux/gfp.h>
16
#include <asm/unaligned.h>
17
#include <net/mac80211.h>
19
#include "ieee80211_i.h"
27
ieee80211_tx_h_michael_mic_add(struct ieee80211_tx_data *tx)
29
u8 *data, *key, *mic, key_offset;
32
struct ieee80211_hdr *hdr;
33
struct sk_buff *skb = tx->skb;
34
struct ieee80211_tx_info *info = IEEE80211_SKB_CB(skb);
38
hdr = (struct ieee80211_hdr *)skb->data;
39
if (!tx->key || tx->key->conf.alg != ALG_TKIP || skb->len < 24 ||
40
!ieee80211_is_data_present(hdr->frame_control))
43
hdrlen = ieee80211_hdrlen(hdr->frame_control);
44
if (skb->len < hdrlen)
47
data = skb->data + hdrlen;
48
data_len = skb->len - hdrlen;
50
if (info->control.hw_key &&
51
!(tx->flags & IEEE80211_TX_FRAGMENTED) &&
52
!(tx->key->conf.flags & IEEE80211_KEY_FLAG_GENERATE_MMIC)) {
53
/* hwaccel - with no need for SW-generated MMIC */
57
tail = MICHAEL_MIC_LEN;
58
if (!info->control.hw_key)
61
if (WARN_ON(skb_tailroom(skb) < tail ||
62
skb_headroom(skb) < TKIP_IV_LEN))
66
authenticator = fc & IEEE80211_FCTL_FROMDS; /* FIX */
70
key_offset = authenticator ?
71
NL80211_TKIP_DATA_OFFSET_TX_MIC_KEY :
72
NL80211_TKIP_DATA_OFFSET_RX_MIC_KEY;
73
key = &tx->key->conf.key[key_offset];
74
mic = skb_put(skb, MICHAEL_MIC_LEN);
75
michael_mic(key, hdr, data, data_len, mic);
82
ieee80211_rx_h_michael_mic_verify(struct ieee80211_rx_data *rx)
84
u8 *data, *key = NULL, key_offset;
87
u8 mic[MICHAEL_MIC_LEN];
88
struct sk_buff *skb = rx->skb;
89
struct ieee80211_rx_status *status = IEEE80211_SKB_RXCB(skb);
90
struct ieee80211_hdr *hdr = (struct ieee80211_hdr *)skb->data;
91
int authenticator = 1, wpa_test = 0;
93
/* No way to verify the MIC if the hardware stripped it */
94
if (status->flag & RX_FLAG_MMIC_STRIPPED)
97
if (!rx->key || rx->key->conf.alg != ALG_TKIP ||
98
!ieee80211_has_protected(hdr->frame_control) ||
99
!ieee80211_is_data_present(hdr->frame_control))
102
hdrlen = ieee80211_hdrlen(hdr->frame_control);
103
if (skb->len < hdrlen + MICHAEL_MIC_LEN)
104
return RX_DROP_UNUSABLE;
106
data = skb->data + hdrlen;
107
data_len = skb->len - hdrlen - MICHAEL_MIC_LEN;
110
authenticator = fc & IEEE80211_FCTL_TODS; /* FIX */
114
key_offset = authenticator ?
115
NL80211_TKIP_DATA_OFFSET_RX_MIC_KEY :
116
NL80211_TKIP_DATA_OFFSET_TX_MIC_KEY;
117
key = &rx->key->conf.key[key_offset];
118
michael_mic(key, hdr, data, data_len, mic);
119
if (memcmp(mic, data + data_len, MICHAEL_MIC_LEN) != 0 || wpa_test) {
120
if (!(rx->flags & IEEE80211_RX_RA_MATCH))
121
return RX_DROP_UNUSABLE;
123
mac80211_ev_michael_mic_failure(rx->sdata, rx->key->conf.keyidx,
124
(void *) skb->data, NULL,
126
return RX_DROP_UNUSABLE;
129
/* remove Michael MIC from payload */
130
skb_trim(skb, skb->len - MICHAEL_MIC_LEN);
132
/* update IV in key information to be able to detect replays */
133
rx->key->u.tkip.rx[rx->queue].iv32 = rx->tkip_iv32;
134
rx->key->u.tkip.rx[rx->queue].iv16 = rx->tkip_iv16;
140
static int tkip_encrypt_skb(struct ieee80211_tx_data *tx, struct sk_buff *skb)
142
struct ieee80211_hdr *hdr = (struct ieee80211_hdr *) skb->data;
143
struct ieee80211_key *key = tx->key;
144
struct ieee80211_tx_info *info = IEEE80211_SKB_CB(skb);
149
if (info->control.hw_key &&
150
!(info->control.hw_key->flags & IEEE80211_KEY_FLAG_GENERATE_IV)) {
151
/* hwaccel - with no need for software-generated IV */
155
hdrlen = ieee80211_hdrlen(hdr->frame_control);
156
len = skb->len - hdrlen;
158
if (info->control.hw_key)
163
if (WARN_ON(skb_tailroom(skb) < tail ||
164
skb_headroom(skb) < TKIP_IV_LEN))
167
pos = skb_push(skb, TKIP_IV_LEN);
168
memmove(pos, pos + TKIP_IV_LEN, hdrlen);
171
/* Increase IV for the frame */
172
key->u.tkip.tx.iv16++;
173
if (key->u.tkip.tx.iv16 == 0)
174
key->u.tkip.tx.iv32++;
176
pos = ieee80211_tkip_add_iv(pos, key, key->u.tkip.tx.iv16);
178
/* hwaccel - with software IV */
179
if (info->control.hw_key)
182
/* Add room for ICV */
183
skb_put(skb, TKIP_ICV_LEN);
185
hdr = (struct ieee80211_hdr *) skb->data;
186
return ieee80211_tkip_encrypt_data(tx->local->wep_tx_tfm,
187
key, pos, len, hdr->addr2);
192
ieee80211_crypto_tkip_encrypt(struct ieee80211_tx_data *tx)
194
struct sk_buff *skb = tx->skb;
196
ieee80211_tx_set_protected(tx);
199
if (tkip_encrypt_skb(tx, skb) < 0)
201
} while ((skb = skb->next));
208
ieee80211_crypto_tkip_decrypt(struct ieee80211_rx_data *rx)
210
struct ieee80211_hdr *hdr = (struct ieee80211_hdr *) rx->skb->data;
211
int hdrlen, res, hwaccel = 0, wpa_test = 0;
212
struct ieee80211_key *key = rx->key;
213
struct sk_buff *skb = rx->skb;
214
struct ieee80211_rx_status *status = IEEE80211_SKB_RXCB(skb);
216
hdrlen = ieee80211_hdrlen(hdr->frame_control);
218
if (!ieee80211_is_data(hdr->frame_control))
221
if (!rx->sta || skb->len - hdrlen < 12)
222
return RX_DROP_UNUSABLE;
224
if (status->flag & RX_FLAG_DECRYPTED) {
225
if (status->flag & RX_FLAG_IV_STRIPPED) {
227
* Hardware took care of all processing, including
228
* replay protection, and stripped the ICV/IV so
229
* we cannot do any checks here.
234
/* let TKIP code verify IV, but skip decryption */
238
res = ieee80211_tkip_decrypt_data(rx->local->wep_rx_tfm,
239
key, skb->data + hdrlen,
240
skb->len - hdrlen, rx->sta->sta.addr,
241
hdr->addr1, hwaccel, rx->queue,
244
if (res != TKIP_DECRYPT_OK || wpa_test)
245
return RX_DROP_UNUSABLE;
248
skb_trim(skb, skb->len - TKIP_ICV_LEN);
251
memmove(skb->data + TKIP_IV_LEN, skb->data, hdrlen);
252
skb_pull(skb, TKIP_IV_LEN);
258
static void ccmp_special_blocks(struct sk_buff *skb, u8 *pn, u8 *scratch,
262
int a4_included, mgmt;
267
struct ieee80211_hdr *hdr = (struct ieee80211_hdr *)skb->data;
269
b_0 = scratch + 3 * AES_BLOCK_LEN;
270
aad = scratch + 4 * AES_BLOCK_LEN;
273
* Mask FC: zero subtype b4 b5 b6 (if not mgmt)
274
* Retry, PwrMgt, MoreData; set Protected
276
mgmt = ieee80211_is_mgmt(hdr->frame_control);
277
mask_fc = hdr->frame_control;
278
mask_fc &= ~cpu_to_le16(IEEE80211_FCTL_RETRY |
279
IEEE80211_FCTL_PM | IEEE80211_FCTL_MOREDATA);
281
mask_fc &= ~cpu_to_le16(0x0070);
282
mask_fc |= cpu_to_le16(IEEE80211_FCTL_PROTECTED);
284
hdrlen = ieee80211_hdrlen(hdr->frame_control);
286
a4_included = ieee80211_has_a4(hdr->frame_control);
288
if (ieee80211_is_data_qos(hdr->frame_control))
289
qos_tid = *ieee80211_get_qos_ctl(hdr) & IEEE80211_QOS_CTL_TID_MASK;
293
data_len = skb->len - hdrlen - CCMP_HDR_LEN;
295
data_len -= CCMP_MIC_LEN;
297
/* First block, b_0 */
298
b_0[0] = 0x59; /* flags: Adata: 1, M: 011, L: 001 */
299
/* Nonce: Nonce Flags | A2 | PN
300
* Nonce Flags: Priority (b0..b3) | Management (b4) | Reserved (b5..b7)
302
b_0[1] = qos_tid | (mgmt << 4);
303
memcpy(&b_0[2], hdr->addr2, ETH_ALEN);
304
memcpy(&b_0[8], pn, CCMP_PN_LEN);
306
put_unaligned_be16(data_len, &b_0[14]);
308
/* AAD (extra authenticate-only data) / masked 802.11 header
309
* FC | A1 | A2 | A3 | SC | [A4] | [QC] */
310
put_unaligned_be16(len_a, &aad[0]);
311
put_unaligned(mask_fc, (__le16 *)&aad[2]);
312
memcpy(&aad[4], &hdr->addr1, 3 * ETH_ALEN);
314
/* Mask Seq#, leave Frag# */
315
aad[22] = *((u8 *) &hdr->seq_ctrl) & 0x0f;
319
memcpy(&aad[24], hdr->addr4, ETH_ALEN);
323
memset(&aad[24], 0, ETH_ALEN + IEEE80211_QOS_CTL_LEN);
329
static inline void ccmp_pn2hdr(u8 *hdr, u8 *pn, int key_id)
334
hdr[3] = 0x20 | (key_id << 6);
342
static inline void ccmp_hdr2pn(u8 *pn, u8 *hdr)
353
static int ccmp_encrypt_skb(struct ieee80211_tx_data *tx, struct sk_buff *skb)
355
struct ieee80211_hdr *hdr = (struct ieee80211_hdr *) skb->data;
356
struct ieee80211_key *key = tx->key;
357
struct ieee80211_tx_info *info = IEEE80211_SKB_CB(skb);
358
int hdrlen, len, tail;
362
if (info->control.hw_key &&
363
!(info->control.hw_key->flags & IEEE80211_KEY_FLAG_GENERATE_IV)) {
365
* hwaccel has no need for preallocated room for CCMP
366
* header or MIC fields
371
hdrlen = ieee80211_hdrlen(hdr->frame_control);
372
len = skb->len - hdrlen;
374
if (info->control.hw_key)
379
if (WARN_ON(skb_tailroom(skb) < tail ||
380
skb_headroom(skb) < CCMP_HDR_LEN))
383
pos = skb_push(skb, CCMP_HDR_LEN);
384
memmove(pos, pos + CCMP_HDR_LEN, hdrlen);
385
hdr = (struct ieee80211_hdr *) pos;
389
pn = key->u.ccmp.tx_pn;
391
for (i = CCMP_PN_LEN - 1; i >= 0; i--) {
397
ccmp_pn2hdr(pos, pn, key->conf.keyidx);
399
/* hwaccel - with software CCMP header */
400
if (info->control.hw_key)
404
ccmp_special_blocks(skb, pn, key->u.ccmp.tx_crypto_buf, 0);
405
ieee80211_aes_ccm_encrypt(key->u.ccmp.tfm, key->u.ccmp.tx_crypto_buf, pos, len,
406
pos, skb_put(skb, CCMP_MIC_LEN));
413
ieee80211_crypto_ccmp_encrypt(struct ieee80211_tx_data *tx)
415
struct sk_buff *skb = tx->skb;
417
ieee80211_tx_set_protected(tx);
420
if (ccmp_encrypt_skb(tx, skb) < 0)
422
} while ((skb = skb->next));
429
ieee80211_crypto_ccmp_decrypt(struct ieee80211_rx_data *rx)
431
struct ieee80211_hdr *hdr = (struct ieee80211_hdr *)rx->skb->data;
433
struct ieee80211_key *key = rx->key;
434
struct sk_buff *skb = rx->skb;
435
struct ieee80211_rx_status *status = IEEE80211_SKB_RXCB(skb);
440
hdrlen = ieee80211_hdrlen(hdr->frame_control);
442
if (!ieee80211_is_data(hdr->frame_control) &&
443
!ieee80211_is_robust_mgmt_frame(hdr))
446
data_len = skb->len - hdrlen - CCMP_HDR_LEN - CCMP_MIC_LEN;
447
if (!rx->sta || data_len < 0)
448
return RX_DROP_UNUSABLE;
450
if ((status->flag & RX_FLAG_DECRYPTED) &&
451
(status->flag & RX_FLAG_IV_STRIPPED))
454
ccmp_hdr2pn(pn, skb->data + hdrlen);
456
queue = ieee80211_is_mgmt(hdr->frame_control) ?
457
NUM_RX_DATA_QUEUES : rx->queue;
459
if (memcmp(pn, key->u.ccmp.rx_pn[queue], CCMP_PN_LEN) <= 0) {
460
key->u.ccmp.replays++;
461
return RX_DROP_UNUSABLE;
464
if (!(status->flag & RX_FLAG_DECRYPTED)) {
465
/* hardware didn't decrypt/verify MIC */
466
ccmp_special_blocks(skb, pn, key->u.ccmp.rx_crypto_buf, 1);
468
if (ieee80211_aes_ccm_decrypt(
469
key->u.ccmp.tfm, key->u.ccmp.rx_crypto_buf,
470
skb->data + hdrlen + CCMP_HDR_LEN, data_len,
471
skb->data + skb->len - CCMP_MIC_LEN,
472
skb->data + hdrlen + CCMP_HDR_LEN))
473
return RX_DROP_UNUSABLE;
476
memcpy(key->u.ccmp.rx_pn[queue], pn, CCMP_PN_LEN);
478
/* Remove CCMP header and MIC */
479
skb_trim(skb, skb->len - CCMP_MIC_LEN);
480
memmove(skb->data + CCMP_HDR_LEN, skb->data, hdrlen);
481
skb_pull(skb, CCMP_HDR_LEN);
487
static void bip_aad(struct sk_buff *skb, u8 *aad)
489
/* BIP AAD: FC(masked) || A1 || A2 || A3 */
491
/* FC type/subtype */
492
aad[0] = skb->data[0];
493
/* Mask FC Retry, PwrMgt, MoreData flags to zero */
494
aad[1] = skb->data[1] & ~(BIT(4) | BIT(5) | BIT(6));
496
memcpy(aad + 2, skb->data + 4, 3 * ETH_ALEN);
500
static inline void bip_ipn_swap(u8 *d, const u8 *s)
512
ieee80211_crypto_aes_cmac_encrypt(struct ieee80211_tx_data *tx)
514
struct sk_buff *skb = tx->skb;
515
struct ieee80211_tx_info *info = IEEE80211_SKB_CB(skb);
516
struct ieee80211_key *key = tx->key;
517
struct ieee80211_mmie *mmie;
521
if (info->control.hw_key)
524
if (WARN_ON(skb_tailroom(skb) < sizeof(*mmie)))
527
mmie = (struct ieee80211_mmie *) skb_put(skb, sizeof(*mmie));
528
mmie->element_id = WLAN_EID_MMIE;
529
mmie->length = sizeof(*mmie) - 2;
530
mmie->key_id = cpu_to_le16(key->conf.keyidx);
533
pn = key->u.aes_cmac.tx_pn;
535
for (i = sizeof(key->u.aes_cmac.tx_pn) - 1; i >= 0; i--) {
540
bip_ipn_swap(mmie->sequence_number, pn);
545
* MIC = AES-128-CMAC(IGTK, AAD || Management Frame Body || MMIE, 64)
547
ieee80211_aes_cmac(key->u.aes_cmac.tfm, key->u.aes_cmac.tx_crypto_buf,
548
aad, skb->data + 24, skb->len - 24, mmie->mic);
555
ieee80211_crypto_aes_cmac_decrypt(struct ieee80211_rx_data *rx)
557
struct sk_buff *skb = rx->skb;
558
struct ieee80211_rx_status *status = IEEE80211_SKB_RXCB(skb);
559
struct ieee80211_key *key = rx->key;
560
struct ieee80211_mmie *mmie;
561
u8 aad[20], mic[8], ipn[6];
562
struct ieee80211_hdr *hdr = (struct ieee80211_hdr *) skb->data;
564
if (!ieee80211_is_mgmt(hdr->frame_control))
567
if ((status->flag & RX_FLAG_DECRYPTED) &&
568
(status->flag & RX_FLAG_IV_STRIPPED))
571
if (skb->len < 24 + sizeof(*mmie))
572
return RX_DROP_UNUSABLE;
574
mmie = (struct ieee80211_mmie *)
575
(skb->data + skb->len - sizeof(*mmie));
576
if (mmie->element_id != WLAN_EID_MMIE ||
577
mmie->length != sizeof(*mmie) - 2)
578
return RX_DROP_UNUSABLE; /* Invalid MMIE */
580
bip_ipn_swap(ipn, mmie->sequence_number);
582
if (memcmp(ipn, key->u.aes_cmac.rx_pn, 6) <= 0) {
583
key->u.aes_cmac.replays++;
584
return RX_DROP_UNUSABLE;
587
if (!(status->flag & RX_FLAG_DECRYPTED)) {
588
/* hardware didn't decrypt/verify MIC */
590
ieee80211_aes_cmac(key->u.aes_cmac.tfm,
591
key->u.aes_cmac.rx_crypto_buf, aad,
592
skb->data + 24, skb->len - 24, mic);
593
if (memcmp(mic, mmie->mic, sizeof(mmie->mic)) != 0) {
594
key->u.aes_cmac.icverrors++;
595
return RX_DROP_UNUSABLE;
599
memcpy(key->u.aes_cmac.rx_pn, ipn, 6);
602
skb_trim(skb, skb->len - sizeof(*mmie));