~ [ source navigation ] ~ [ diff markup ] ~ [ identifier search ] ~

TOMOYO Linux Cross Reference
Linux/net/mac80211/wpa.c

Version: ~ [ linux-5.7 ] ~ [ linux-5.6.15 ] ~ [ linux-5.5.19 ] ~ [ linux-5.4.43 ] ~ [ linux-5.3.18 ] ~ [ linux-5.2.21 ] ~ [ linux-5.1.21 ] ~ [ linux-5.0.21 ] ~ [ linux-4.20.17 ] ~ [ linux-4.19.125 ] ~ [ linux-4.18.20 ] ~ [ linux-4.17.19 ] ~ [ linux-4.16.18 ] ~ [ linux-4.15.18 ] ~ [ linux-4.14.182 ] ~ [ linux-4.13.16 ] ~ [ linux-4.12.14 ] ~ [ linux-4.11.12 ] ~ [ linux-4.10.17 ] ~ [ linux-4.9.225 ] ~ [ linux-4.8.17 ] ~ [ linux-4.7.10 ] ~ [ linux-4.6.7 ] ~ [ linux-4.5.7 ] ~ [ linux-4.4.225 ] ~ [ linux-4.3.6 ] ~ [ linux-4.2.8 ] ~ [ linux-4.1.52 ] ~ [ linux-4.0.9 ] ~ [ linux-3.19.8 ] ~ [ linux-3.18.140 ] ~ [ linux-3.17.8 ] ~ [ linux-3.16.84 ] ~ [ linux-3.15.10 ] ~ [ linux-3.14.79 ] ~ [ linux-3.13.11 ] ~ [ linux-3.12.74 ] ~ [ linux-3.11.10 ] ~ [ linux-3.10.108 ] ~ [ linux-2.6.32.71 ] ~ [ linux-2.6.0 ] ~ [ linux-2.4.37.11 ] ~ [ unix-v6-master ] ~ [ ccs-tools-1.8.5 ] ~ [ policy-sample ] ~
Architecture: ~ [ i386 ] ~ [ alpha ] ~ [ m68k ] ~ [ mips ] ~ [ ppc ] ~ [ sparc ] ~ [ sparc64 ] ~

  1 /*
  2  * Copyright 2002-2004, Instant802 Networks, Inc.
  3  * Copyright 2008, Jouni Malinen <j@w1.fi>
  4  *
  5  * This program is free software; you can redistribute it and/or modify
  6  * it under the terms of the GNU General Public License version 2 as
  7  * published by the Free Software Foundation.
  8  */
  9 
 10 #include <linux/netdevice.h>
 11 #include <linux/types.h>
 12 #include <linux/skbuff.h>
 13 #include <linux/compiler.h>
 14 #include <linux/ieee80211.h>
 15 #include <linux/gfp.h>
 16 #include <asm/unaligned.h>
 17 #include <net/mac80211.h>
 18 #include <crypto/aes.h>
 19 #include <crypto/algapi.h>
 20 
 21 #include "ieee80211_i.h"
 22 #include "michael.h"
 23 #include "tkip.h"
 24 #include "aes_ccm.h"
 25 #include "aes_cmac.h"
 26 #include "wpa.h"
 27 
 28 ieee80211_tx_result
 29 ieee80211_tx_h_michael_mic_add(struct ieee80211_tx_data *tx)
 30 {
 31         u8 *data, *key, *mic;
 32         size_t data_len;
 33         unsigned int hdrlen;
 34         struct ieee80211_hdr *hdr;
 35         struct sk_buff *skb = tx->skb;
 36         struct ieee80211_tx_info *info = IEEE80211_SKB_CB(skb);
 37         int tail;
 38 
 39         hdr = (struct ieee80211_hdr *)skb->data;
 40         if (!tx->key || tx->key->conf.cipher != WLAN_CIPHER_SUITE_TKIP ||
 41             skb->len < 24 || !ieee80211_is_data_present(hdr->frame_control))
 42                 return TX_CONTINUE;
 43 
 44         hdrlen = ieee80211_hdrlen(hdr->frame_control);
 45         if (skb->len < hdrlen)
 46                 return TX_DROP;
 47 
 48         data = skb->data + hdrlen;
 49         data_len = skb->len - hdrlen;
 50 
 51         if (unlikely(info->flags & IEEE80211_TX_INTFL_TKIP_MIC_FAILURE)) {
 52                 /* Need to use software crypto for the test */
 53                 info->control.hw_key = NULL;
 54         }
 55 
 56         if (info->control.hw_key &&
 57             (info->flags & IEEE80211_TX_CTL_DONTFRAG ||
 58              tx->local->ops->set_frag_threshold) &&
 59             !(tx->key->conf.flags & IEEE80211_KEY_FLAG_GENERATE_MMIC)) {
 60                 /* hwaccel - with no need for SW-generated MMIC */
 61                 return TX_CONTINUE;
 62         }
 63 
 64         tail = MICHAEL_MIC_LEN;
 65         if (!info->control.hw_key)
 66                 tail += IEEE80211_TKIP_ICV_LEN;
 67 
 68         if (WARN(skb_tailroom(skb) < tail ||
 69                  skb_headroom(skb) < IEEE80211_TKIP_IV_LEN,
 70                  "mmic: not enough head/tail (%d/%d,%d/%d)\n",
 71                  skb_headroom(skb), IEEE80211_TKIP_IV_LEN,
 72                  skb_tailroom(skb), tail))
 73                 return TX_DROP;
 74 
 75         key = &tx->key->conf.key[NL80211_TKIP_DATA_OFFSET_TX_MIC_KEY];
 76         mic = skb_put(skb, MICHAEL_MIC_LEN);
 77         michael_mic(key, hdr, data, data_len, mic);
 78         if (unlikely(info->flags & IEEE80211_TX_INTFL_TKIP_MIC_FAILURE))
 79                 mic[0]++;
 80 
 81         return TX_CONTINUE;
 82 }
 83 
 84 
 85 ieee80211_rx_result
 86 ieee80211_rx_h_michael_mic_verify(struct ieee80211_rx_data *rx)
 87 {
 88         u8 *data, *key = NULL;
 89         size_t data_len;
 90         unsigned int hdrlen;
 91         u8 mic[MICHAEL_MIC_LEN];
 92         struct sk_buff *skb = rx->skb;
 93         struct ieee80211_rx_status *status = IEEE80211_SKB_RXCB(skb);
 94         struct ieee80211_hdr *hdr = (struct ieee80211_hdr *)skb->data;
 95 
 96         /*
 97          * it makes no sense to check for MIC errors on anything other
 98          * than data frames.
 99          */
100         if (!ieee80211_is_data_present(hdr->frame_control))
101                 return RX_CONTINUE;
102 
103         /*
104          * No way to verify the MIC if the hardware stripped it or
105          * the IV with the key index. In this case we have solely rely
106          * on the driver to set RX_FLAG_MMIC_ERROR in the event of a
107          * MIC failure report.
108          */
109         if (status->flag & (RX_FLAG_MMIC_STRIPPED | RX_FLAG_IV_STRIPPED)) {
110                 if (status->flag & RX_FLAG_MMIC_ERROR)
111                         goto mic_fail_no_key;
112 
113                 if (!(status->flag & RX_FLAG_IV_STRIPPED) && rx->key &&
114                     rx->key->conf.cipher == WLAN_CIPHER_SUITE_TKIP)
115                         goto update_iv;
116 
117                 return RX_CONTINUE;
118         }
119 
120         /*
121          * Some hardware seems to generate Michael MIC failure reports; even
122          * though, the frame was not encrypted with TKIP and therefore has no
123          * MIC. Ignore the flag them to avoid triggering countermeasures.
124          */
125         if (!rx->key || rx->key->conf.cipher != WLAN_CIPHER_SUITE_TKIP ||
126             !(status->flag & RX_FLAG_DECRYPTED))
127                 return RX_CONTINUE;
128 
129         if (rx->sdata->vif.type == NL80211_IFTYPE_AP && rx->key->conf.keyidx) {
130                 /*
131                  * APs with pairwise keys should never receive Michael MIC
132                  * errors for non-zero keyidx because these are reserved for
133                  * group keys and only the AP is sending real multicast
134                  * frames in the BSS.
135                  */
136                 return RX_DROP_UNUSABLE;
137         }
138 
139         if (status->flag & RX_FLAG_MMIC_ERROR)
140                 goto mic_fail;
141 
142         hdrlen = ieee80211_hdrlen(hdr->frame_control);
143         if (skb->len < hdrlen + MICHAEL_MIC_LEN)
144                 return RX_DROP_UNUSABLE;
145 
146         if (skb_linearize(rx->skb))
147                 return RX_DROP_UNUSABLE;
148         hdr = (void *)skb->data;
149 
150         data = skb->data + hdrlen;
151         data_len = skb->len - hdrlen - MICHAEL_MIC_LEN;
152         key = &rx->key->conf.key[NL80211_TKIP_DATA_OFFSET_RX_MIC_KEY];
153         michael_mic(key, hdr, data, data_len, mic);
154         if (crypto_memneq(mic, data + data_len, MICHAEL_MIC_LEN))
155                 goto mic_fail;
156 
157         /* remove Michael MIC from payload */
158         skb_trim(skb, skb->len - MICHAEL_MIC_LEN);
159 
160 update_iv:
161         /* update IV in key information to be able to detect replays */
162         rx->key->u.tkip.rx[rx->security_idx].iv32 = rx->tkip_iv32;
163         rx->key->u.tkip.rx[rx->security_idx].iv16 = rx->tkip_iv16;
164 
165         return RX_CONTINUE;
166 
167 mic_fail:
168         rx->key->u.tkip.mic_failures++;
169 
170 mic_fail_no_key:
171         /*
172          * In some cases the key can be unset - e.g. a multicast packet, in
173          * a driver that supports HW encryption. Send up the key idx only if
174          * the key is set.
175          */
176         mac80211_ev_michael_mic_failure(rx->sdata,
177                                         rx->key ? rx->key->conf.keyidx : -1,
178                                         (void *) skb->data, NULL, GFP_ATOMIC);
179         return RX_DROP_UNUSABLE;
180 }
181 
182 
183 static int tkip_encrypt_skb(struct ieee80211_tx_data *tx, struct sk_buff *skb)
184 {
185         struct ieee80211_hdr *hdr = (struct ieee80211_hdr *) skb->data;
186         struct ieee80211_key *key = tx->key;
187         struct ieee80211_tx_info *info = IEEE80211_SKB_CB(skb);
188         unsigned int hdrlen;
189         int len, tail;
190         u8 *pos;
191 
192         if (info->control.hw_key &&
193             !(info->control.hw_key->flags & IEEE80211_KEY_FLAG_GENERATE_IV) &&
194             !(info->control.hw_key->flags & IEEE80211_KEY_FLAG_PUT_IV_SPACE)) {
195                 /* hwaccel - with no need for software-generated IV */
196                 return 0;
197         }
198 
199         hdrlen = ieee80211_hdrlen(hdr->frame_control);
200         len = skb->len - hdrlen;
201 
202         if (info->control.hw_key)
203                 tail = 0;
204         else
205                 tail = IEEE80211_TKIP_ICV_LEN;
206 
207         if (WARN_ON(skb_tailroom(skb) < tail ||
208                     skb_headroom(skb) < IEEE80211_TKIP_IV_LEN))
209                 return -1;
210 
211         pos = skb_push(skb, IEEE80211_TKIP_IV_LEN);
212         memmove(pos, pos + IEEE80211_TKIP_IV_LEN, hdrlen);
213         skb_set_network_header(skb, skb_network_offset(skb) +
214                                     IEEE80211_TKIP_IV_LEN);
215         pos += hdrlen;
216 
217         /* the HW only needs room for the IV, but not the actual IV */
218         if (info->control.hw_key &&
219             (info->control.hw_key->flags & IEEE80211_KEY_FLAG_PUT_IV_SPACE))
220                 return 0;
221 
222         /* Increase IV for the frame */
223         spin_lock(&key->u.tkip.txlock);
224         key->u.tkip.tx.iv16++;
225         if (key->u.tkip.tx.iv16 == 0)
226                 key->u.tkip.tx.iv32++;
227         pos = ieee80211_tkip_add_iv(pos, key);
228         spin_unlock(&key->u.tkip.txlock);
229 
230         /* hwaccel - with software IV */
231         if (info->control.hw_key)
232                 return 0;
233 
234         /* Add room for ICV */
235         skb_put(skb, IEEE80211_TKIP_ICV_LEN);
236 
237         return ieee80211_tkip_encrypt_data(tx->local->wep_tx_tfm,
238                                            key, skb, pos, len);
239 }
240 
241 
242 ieee80211_tx_result
243 ieee80211_crypto_tkip_encrypt(struct ieee80211_tx_data *tx)
244 {
245         struct sk_buff *skb;
246 
247         ieee80211_tx_set_protected(tx);
248 
249         skb_queue_walk(&tx->skbs, skb) {
250                 if (tkip_encrypt_skb(tx, skb) < 0)
251                         return TX_DROP;
252         }
253 
254         return TX_CONTINUE;
255 }
256 
257 
258 ieee80211_rx_result
259 ieee80211_crypto_tkip_decrypt(struct ieee80211_rx_data *rx)
260 {
261         struct ieee80211_hdr *hdr = (struct ieee80211_hdr *) rx->skb->data;
262         int hdrlen, res, hwaccel = 0;
263         struct ieee80211_key *key = rx->key;
264         struct sk_buff *skb = rx->skb;
265         struct ieee80211_rx_status *status = IEEE80211_SKB_RXCB(skb);
266 
267         hdrlen = ieee80211_hdrlen(hdr->frame_control);
268 
269         if (!ieee80211_is_data(hdr->frame_control))
270                 return RX_CONTINUE;
271 
272         if (!rx->sta || skb->len - hdrlen < 12)
273                 return RX_DROP_UNUSABLE;
274 
275         /* it may be possible to optimize this a bit more */
276         if (skb_linearize(rx->skb))
277                 return RX_DROP_UNUSABLE;
278         hdr = (void *)skb->data;
279 
280         /*
281          * Let TKIP code verify IV, but skip decryption.
282          * In the case where hardware checks the IV as well,
283          * we don't even get here, see ieee80211_rx_h_decrypt()
284          */
285         if (status->flag & RX_FLAG_DECRYPTED)
286                 hwaccel = 1;
287 
288         res = ieee80211_tkip_decrypt_data(rx->local->wep_rx_tfm,
289                                           key, skb->data + hdrlen,
290                                           skb->len - hdrlen, rx->sta->sta.addr,
291                                           hdr->addr1, hwaccel, rx->security_idx,
292                                           &rx->tkip_iv32,
293                                           &rx->tkip_iv16);
294         if (res != TKIP_DECRYPT_OK)
295                 return RX_DROP_UNUSABLE;
296 
297         /* Trim ICV */
298         skb_trim(skb, skb->len - IEEE80211_TKIP_ICV_LEN);
299 
300         /* Remove IV */
301         memmove(skb->data + IEEE80211_TKIP_IV_LEN, skb->data, hdrlen);
302         skb_pull(skb, IEEE80211_TKIP_IV_LEN);
303 
304         return RX_CONTINUE;
305 }
306 
307 
308 static void ccmp_special_blocks(struct sk_buff *skb, u8 *pn, u8 *b_0, u8 *aad)
309 {
310         __le16 mask_fc;
311         int a4_included, mgmt;
312         u8 qos_tid;
313         u16 len_a;
314         unsigned int hdrlen;
315         struct ieee80211_hdr *hdr = (struct ieee80211_hdr *)skb->data;
316 
317         /*
318          * Mask FC: zero subtype b4 b5 b6 (if not mgmt)
319          * Retry, PwrMgt, MoreData; set Protected
320          */
321         mgmt = ieee80211_is_mgmt(hdr->frame_control);
322         mask_fc = hdr->frame_control;
323         mask_fc &= ~cpu_to_le16(IEEE80211_FCTL_RETRY |
324                                 IEEE80211_FCTL_PM | IEEE80211_FCTL_MOREDATA);
325         if (!mgmt)
326                 mask_fc &= ~cpu_to_le16(0x0070);
327         mask_fc |= cpu_to_le16(IEEE80211_FCTL_PROTECTED);
328 
329         hdrlen = ieee80211_hdrlen(hdr->frame_control);
330         len_a = hdrlen - 2;
331         a4_included = ieee80211_has_a4(hdr->frame_control);
332 
333         if (ieee80211_is_data_qos(hdr->frame_control))
334                 qos_tid = *ieee80211_get_qos_ctl(hdr) & IEEE80211_QOS_CTL_TID_MASK;
335         else
336                 qos_tid = 0;
337 
338         /* In CCM, the initial vectors (IV) used for CTR mode encryption and CBC
339          * mode authentication are not allowed to collide, yet both are derived
340          * from this vector b_0. We only set L := 1 here to indicate that the
341          * data size can be represented in (L+1) bytes. The CCM layer will take
342          * care of storing the data length in the top (L+1) bytes and setting
343          * and clearing the other bits as is required to derive the two IVs.
344          */
345         b_0[0] = 0x1;
346 
347         /* Nonce: Nonce Flags | A2 | PN
348          * Nonce Flags: Priority (b0..b3) | Management (b4) | Reserved (b5..b7)
349          */
350         b_0[1] = qos_tid | (mgmt << 4);
351         memcpy(&b_0[2], hdr->addr2, ETH_ALEN);
352         memcpy(&b_0[8], pn, IEEE80211_CCMP_PN_LEN);
353 
354         /* AAD (extra authenticate-only data) / masked 802.11 header
355          * FC | A1 | A2 | A3 | SC | [A4] | [QC] */
356         put_unaligned_be16(len_a, &aad[0]);
357         put_unaligned(mask_fc, (__le16 *)&aad[2]);
358         memcpy(&aad[4], &hdr->addr1, 3 * ETH_ALEN);
359 
360         /* Mask Seq#, leave Frag# */
361         aad[22] = *((u8 *) &hdr->seq_ctrl) & 0x0f;
362         aad[23] = 0;
363 
364         if (a4_included) {
365                 memcpy(&aad[24], hdr->addr4, ETH_ALEN);
366                 aad[30] = qos_tid;
367                 aad[31] = 0;
368         } else {
369                 memset(&aad[24], 0, ETH_ALEN + IEEE80211_QOS_CTL_LEN);
370                 aad[24] = qos_tid;
371         }
372 }
373 
374 
375 static inline void ccmp_pn2hdr(u8 *hdr, u8 *pn, int key_id)
376 {
377         hdr[0] = pn[5];
378         hdr[1] = pn[4];
379         hdr[2] = 0;
380         hdr[3] = 0x20 | (key_id << 6);
381         hdr[4] = pn[3];
382         hdr[5] = pn[2];
383         hdr[6] = pn[1];
384         hdr[7] = pn[0];
385 }
386 
387 
388 static inline void ccmp_hdr2pn(u8 *pn, u8 *hdr)
389 {
390         pn[0] = hdr[7];
391         pn[1] = hdr[6];
392         pn[2] = hdr[5];
393         pn[3] = hdr[4];
394         pn[4] = hdr[1];
395         pn[5] = hdr[0];
396 }
397 
398 
399 static int ccmp_encrypt_skb(struct ieee80211_tx_data *tx, struct sk_buff *skb)
400 {
401         struct ieee80211_hdr *hdr = (struct ieee80211_hdr *) skb->data;
402         struct ieee80211_key *key = tx->key;
403         struct ieee80211_tx_info *info = IEEE80211_SKB_CB(skb);
404         int hdrlen, len, tail;
405         u8 *pos;
406         u8 pn[6];
407         u64 pn64;
408         u8 aad[2 * AES_BLOCK_SIZE];
409         u8 b_0[AES_BLOCK_SIZE];
410 
411         if (info->control.hw_key &&
412             !(info->control.hw_key->flags & IEEE80211_KEY_FLAG_GENERATE_IV) &&
413             !(info->control.hw_key->flags & IEEE80211_KEY_FLAG_PUT_IV_SPACE) &&
414             !((info->control.hw_key->flags &
415                IEEE80211_KEY_FLAG_GENERATE_IV_MGMT) &&
416               ieee80211_is_mgmt(hdr->frame_control))) {
417                 /*
418                  * hwaccel has no need for preallocated room for CCMP
419                  * header or MIC fields
420                  */
421                 return 0;
422         }
423 
424         hdrlen = ieee80211_hdrlen(hdr->frame_control);
425         len = skb->len - hdrlen;
426 
427         if (info->control.hw_key)
428                 tail = 0;
429         else
430                 tail = IEEE80211_CCMP_MIC_LEN;
431 
432         if (WARN_ON(skb_tailroom(skb) < tail ||
433                     skb_headroom(skb) < IEEE80211_CCMP_HDR_LEN))
434                 return -1;
435 
436         pos = skb_push(skb, IEEE80211_CCMP_HDR_LEN);
437         memmove(pos, pos + IEEE80211_CCMP_HDR_LEN, hdrlen);
438         skb_set_network_header(skb, skb_network_offset(skb) +
439                                     IEEE80211_CCMP_HDR_LEN);
440 
441         /* the HW only needs room for the IV, but not the actual IV */
442         if (info->control.hw_key &&
443             (info->control.hw_key->flags & IEEE80211_KEY_FLAG_PUT_IV_SPACE))
444                 return 0;
445 
446         hdr = (struct ieee80211_hdr *) pos;
447         pos += hdrlen;
448 
449         pn64 = atomic64_inc_return(&key->u.ccmp.tx_pn);
450 
451         pn[5] = pn64;
452         pn[4] = pn64 >> 8;
453         pn[3] = pn64 >> 16;
454         pn[2] = pn64 >> 24;
455         pn[1] = pn64 >> 32;
456         pn[0] = pn64 >> 40;
457 
458         ccmp_pn2hdr(pos, pn, key->conf.keyidx);
459 
460         /* hwaccel - with software CCMP header */
461         if (info->control.hw_key)
462                 return 0;
463 
464         pos += IEEE80211_CCMP_HDR_LEN;
465         ccmp_special_blocks(skb, pn, b_0, aad);
466         ieee80211_aes_ccm_encrypt(key->u.ccmp.tfm, b_0, aad, pos, len,
467                                   skb_put(skb, IEEE80211_CCMP_MIC_LEN));
468 
469         return 0;
470 }
471 
472 
473 ieee80211_tx_result
474 ieee80211_crypto_ccmp_encrypt(struct ieee80211_tx_data *tx)
475 {
476         struct sk_buff *skb;
477 
478         ieee80211_tx_set_protected(tx);
479 
480         skb_queue_walk(&tx->skbs, skb) {
481                 if (ccmp_encrypt_skb(tx, skb) < 0)
482                         return TX_DROP;
483         }
484 
485         return TX_CONTINUE;
486 }
487 
488 
489 ieee80211_rx_result
490 ieee80211_crypto_ccmp_decrypt(struct ieee80211_rx_data *rx)
491 {
492         struct ieee80211_hdr *hdr = (struct ieee80211_hdr *)rx->skb->data;
493         int hdrlen;
494         struct ieee80211_key *key = rx->key;
495         struct sk_buff *skb = rx->skb;
496         struct ieee80211_rx_status *status = IEEE80211_SKB_RXCB(skb);
497         u8 pn[IEEE80211_CCMP_PN_LEN];
498         int data_len;
499         int queue;
500 
501         hdrlen = ieee80211_hdrlen(hdr->frame_control);
502 
503         if (!ieee80211_is_data(hdr->frame_control) &&
504             !ieee80211_is_robust_mgmt_frame(skb))
505                 return RX_CONTINUE;
506 
507         data_len = skb->len - hdrlen - IEEE80211_CCMP_HDR_LEN -
508                    IEEE80211_CCMP_MIC_LEN;
509         if (!rx->sta || data_len < 0)
510                 return RX_DROP_UNUSABLE;
511 
512         if (status->flag & RX_FLAG_DECRYPTED) {
513                 if (!pskb_may_pull(rx->skb, hdrlen + IEEE80211_CCMP_HDR_LEN))
514                         return RX_DROP_UNUSABLE;
515         } else {
516                 if (skb_linearize(rx->skb))
517                         return RX_DROP_UNUSABLE;
518         }
519 
520         ccmp_hdr2pn(pn, skb->data + hdrlen);
521 
522         queue = rx->security_idx;
523 
524         if (memcmp(pn, key->u.ccmp.rx_pn[queue], IEEE80211_CCMP_PN_LEN) <= 0) {
525                 key->u.ccmp.replays++;
526                 return RX_DROP_UNUSABLE;
527         }
528 
529         if (!(status->flag & RX_FLAG_DECRYPTED)) {
530                 u8 aad[2 * AES_BLOCK_SIZE];
531                 u8 b_0[AES_BLOCK_SIZE];
532                 /* hardware didn't decrypt/verify MIC */
533                 ccmp_special_blocks(skb, pn, b_0, aad);
534 
535                 if (ieee80211_aes_ccm_decrypt(
536                             key->u.ccmp.tfm, b_0, aad,
537                             skb->data + hdrlen + IEEE80211_CCMP_HDR_LEN,
538                             data_len,
539                             skb->data + skb->len - IEEE80211_CCMP_MIC_LEN))
540                         return RX_DROP_UNUSABLE;
541         }
542 
543         memcpy(key->u.ccmp.rx_pn[queue], pn, IEEE80211_CCMP_PN_LEN);
544 
545         /* Remove CCMP header and MIC */
546         if (pskb_trim(skb, skb->len - IEEE80211_CCMP_MIC_LEN))
547                 return RX_DROP_UNUSABLE;
548         memmove(skb->data + IEEE80211_CCMP_HDR_LEN, skb->data, hdrlen);
549         skb_pull(skb, IEEE80211_CCMP_HDR_LEN);
550 
551         return RX_CONTINUE;
552 }
553 
554 static ieee80211_tx_result
555 ieee80211_crypto_cs_encrypt(struct ieee80211_tx_data *tx,
556                             struct sk_buff *skb)
557 {
558         struct ieee80211_hdr *hdr = (struct ieee80211_hdr *)skb->data;
559         struct ieee80211_key *key = tx->key;
560         struct ieee80211_tx_info *info = IEEE80211_SKB_CB(skb);
561         const struct ieee80211_cipher_scheme *cs = key->sta->cipher_scheme;
562         int hdrlen;
563         u8 *pos;
564 
565         if (info->control.hw_key &&
566             !(info->control.hw_key->flags & IEEE80211_KEY_FLAG_PUT_IV_SPACE)) {
567                 /* hwaccel has no need for preallocated head room */
568                 return TX_CONTINUE;
569         }
570 
571         if (unlikely(skb_headroom(skb) < cs->hdr_len &&
572                      pskb_expand_head(skb, cs->hdr_len, 0, GFP_ATOMIC)))
573                 return TX_DROP;
574 
575         hdrlen = ieee80211_hdrlen(hdr->frame_control);
576 
577         pos = skb_push(skb, cs->hdr_len);
578         memmove(pos, pos + cs->hdr_len, hdrlen);
579         skb_set_network_header(skb, skb_network_offset(skb) + cs->hdr_len);
580 
581         return TX_CONTINUE;
582 }
583 
584 static inline int ieee80211_crypto_cs_pn_compare(u8 *pn1, u8 *pn2, int len)
585 {
586         int i;
587 
588         /* pn is little endian */
589         for (i = len - 1; i >= 0; i--) {
590                 if (pn1[i] < pn2[i])
591                         return -1;
592                 else if (pn1[i] > pn2[i])
593                         return 1;
594         }
595 
596         return 0;
597 }
598 
599 static ieee80211_rx_result
600 ieee80211_crypto_cs_decrypt(struct ieee80211_rx_data *rx)
601 {
602         struct ieee80211_key *key = rx->key;
603         struct ieee80211_hdr *hdr = (struct ieee80211_hdr *)rx->skb->data;
604         const struct ieee80211_cipher_scheme *cs = NULL;
605         int hdrlen = ieee80211_hdrlen(hdr->frame_control);
606         struct ieee80211_rx_status *status = IEEE80211_SKB_RXCB(rx->skb);
607         int data_len;
608         u8 *rx_pn;
609         u8 *skb_pn;
610         u8 qos_tid;
611 
612         if (!rx->sta || !rx->sta->cipher_scheme ||
613             !(status->flag & RX_FLAG_DECRYPTED))
614                 return RX_DROP_UNUSABLE;
615 
616         if (!ieee80211_is_data(hdr->frame_control))
617                 return RX_CONTINUE;
618 
619         cs = rx->sta->cipher_scheme;
620 
621         data_len = rx->skb->len - hdrlen - cs->hdr_len;
622 
623         if (data_len < 0)
624                 return RX_DROP_UNUSABLE;
625 
626         if (ieee80211_is_data_qos(hdr->frame_control))
627                 qos_tid = *ieee80211_get_qos_ctl(hdr) &
628                                 IEEE80211_QOS_CTL_TID_MASK;
629         else
630                 qos_tid = 0;
631 
632         if (skb_linearize(rx->skb))
633                 return RX_DROP_UNUSABLE;
634 
635         hdr = (struct ieee80211_hdr *)rx->skb->data;
636 
637         rx_pn = key->u.gen.rx_pn[qos_tid];
638         skb_pn = rx->skb->data + hdrlen + cs->pn_off;
639 
640         if (ieee80211_crypto_cs_pn_compare(skb_pn, rx_pn, cs->pn_len) <= 0)
641                 return RX_DROP_UNUSABLE;
642 
643         memcpy(rx_pn, skb_pn, cs->pn_len);
644 
645         /* remove security header and MIC */
646         if (pskb_trim(rx->skb, rx->skb->len - cs->mic_len))
647                 return RX_DROP_UNUSABLE;
648 
649         memmove(rx->skb->data + cs->hdr_len, rx->skb->data, hdrlen);
650         skb_pull(rx->skb, cs->hdr_len);
651 
652         return RX_CONTINUE;
653 }
654 
655 static void bip_aad(struct sk_buff *skb, u8 *aad)
656 {
657         __le16 mask_fc;
658         struct ieee80211_hdr *hdr = (struct ieee80211_hdr *) skb->data;
659 
660         /* BIP AAD: FC(masked) || A1 || A2 || A3 */
661 
662         /* FC type/subtype */
663         /* Mask FC Retry, PwrMgt, MoreData flags to zero */
664         mask_fc = hdr->frame_control;
665         mask_fc &= ~cpu_to_le16(IEEE80211_FCTL_RETRY | IEEE80211_FCTL_PM |
666                                 IEEE80211_FCTL_MOREDATA);
667         put_unaligned(mask_fc, (__le16 *) &aad[0]);
668         /* A1 || A2 || A3 */
669         memcpy(aad + 2, &hdr->addr1, 3 * ETH_ALEN);
670 }
671 
672 
673 static inline void bip_ipn_set64(u8 *d, u64 pn)
674 {
675         *d++ = pn;
676         *d++ = pn >> 8;
677         *d++ = pn >> 16;
678         *d++ = pn >> 24;
679         *d++ = pn >> 32;
680         *d = pn >> 40;
681 }
682 
683 static inline void bip_ipn_swap(u8 *d, const u8 *s)
684 {
685         *d++ = s[5];
686         *d++ = s[4];
687         *d++ = s[3];
688         *d++ = s[2];
689         *d++ = s[1];
690         *d = s[0];
691 }
692 
693 
694 ieee80211_tx_result
695 ieee80211_crypto_aes_cmac_encrypt(struct ieee80211_tx_data *tx)
696 {
697         struct sk_buff *skb;
698         struct ieee80211_tx_info *info;
699         struct ieee80211_key *key = tx->key;
700         struct ieee80211_mmie *mmie;
701         u8 aad[20];
702         u64 pn64;
703 
704         if (WARN_ON(skb_queue_len(&tx->skbs) != 1))
705                 return TX_DROP;
706 
707         skb = skb_peek(&tx->skbs);
708 
709         info = IEEE80211_SKB_CB(skb);
710 
711         if (info->control.hw_key)
712                 return TX_CONTINUE;
713 
714         if (WARN_ON(skb_tailroom(skb) < sizeof(*mmie)))
715                 return TX_DROP;
716 
717         mmie = (struct ieee80211_mmie *) skb_put(skb, sizeof(*mmie));
718         mmie->element_id = WLAN_EID_MMIE;
719         mmie->length = sizeof(*mmie) - 2;
720         mmie->key_id = cpu_to_le16(key->conf.keyidx);
721 
722         /* PN = PN + 1 */
723         pn64 = atomic64_inc_return(&key->u.aes_cmac.tx_pn);
724 
725         bip_ipn_set64(mmie->sequence_number, pn64);
726 
727         bip_aad(skb, aad);
728 
729         /*
730          * MIC = AES-128-CMAC(IGTK, AAD || Management Frame Body || MMIE, 64)
731          */
732         ieee80211_aes_cmac(key->u.aes_cmac.tfm, aad,
733                            skb->data + 24, skb->len - 24, mmie->mic);
734 
735         return TX_CONTINUE;
736 }
737 
738 
739 ieee80211_rx_result
740 ieee80211_crypto_aes_cmac_decrypt(struct ieee80211_rx_data *rx)
741 {
742         struct sk_buff *skb = rx->skb;
743         struct ieee80211_rx_status *status = IEEE80211_SKB_RXCB(skb);
744         struct ieee80211_key *key = rx->key;
745         struct ieee80211_mmie *mmie;
746         u8 aad[20], mic[8], ipn[6];
747         struct ieee80211_hdr *hdr = (struct ieee80211_hdr *) skb->data;
748 
749         if (!ieee80211_is_mgmt(hdr->frame_control))
750                 return RX_CONTINUE;
751 
752         /* management frames are already linear */
753 
754         if (skb->len < 24 + sizeof(*mmie))
755                 return RX_DROP_UNUSABLE;
756 
757         mmie = (struct ieee80211_mmie *)
758                 (skb->data + skb->len - sizeof(*mmie));
759         if (mmie->element_id != WLAN_EID_MMIE ||
760             mmie->length != sizeof(*mmie) - 2)
761                 return RX_DROP_UNUSABLE; /* Invalid MMIE */
762 
763         bip_ipn_swap(ipn, mmie->sequence_number);
764 
765         if (memcmp(ipn, key->u.aes_cmac.rx_pn, 6) <= 0) {
766                 key->u.aes_cmac.replays++;
767                 return RX_DROP_UNUSABLE;
768         }
769 
770         if (!(status->flag & RX_FLAG_DECRYPTED)) {
771                 /* hardware didn't decrypt/verify MIC */
772                 bip_aad(skb, aad);
773                 ieee80211_aes_cmac(key->u.aes_cmac.tfm, aad,
774                                    skb->data + 24, skb->len - 24, mic);
775                 if (crypto_memneq(mic, mmie->mic, sizeof(mmie->mic))) {
776                         key->u.aes_cmac.icverrors++;
777                         return RX_DROP_UNUSABLE;
778                 }
779         }
780 
781         memcpy(key->u.aes_cmac.rx_pn, ipn, 6);
782 
783         /* Remove MMIE */
784         skb_trim(skb, skb->len - sizeof(*mmie));
785 
786         return RX_CONTINUE;
787 }
788 
789 ieee80211_tx_result
790 ieee80211_crypto_hw_encrypt(struct ieee80211_tx_data *tx)
791 {
792         struct sk_buff *skb;
793         struct ieee80211_tx_info *info = NULL;
794         ieee80211_tx_result res;
795 
796         skb_queue_walk(&tx->skbs, skb) {
797                 info  = IEEE80211_SKB_CB(skb);
798 
799                 /* handle hw-only algorithm */
800                 if (!info->control.hw_key)
801                         return TX_DROP;
802 
803                 if (tx->key->sta->cipher_scheme) {
804                         res = ieee80211_crypto_cs_encrypt(tx, skb);
805                         if (res != TX_CONTINUE)
806                                 return res;
807                 }
808         }
809 
810         ieee80211_tx_set_protected(tx);
811 
812         return TX_CONTINUE;
813 }
814 
815 ieee80211_rx_result
816 ieee80211_crypto_hw_decrypt(struct ieee80211_rx_data *rx)
817 {
818         if (rx->sta && rx->sta->cipher_scheme)
819                 return ieee80211_crypto_cs_decrypt(rx);
820 
821         return RX_DROP_UNUSABLE;
822 }
823 

~ [ source navigation ] ~ [ diff markup ] ~ [ identifier search ] ~

kernel.org | git.kernel.org | LWN.net | Project Home | Wiki (Japanese) | Wiki (English) | SVN repository | Mail admin

Linux® is a registered trademark of Linus Torvalds in the United States and other countries.
TOMOYO® is a registered trademark of NTT DATA CORPORATION.

osdn.jp