projects / GitHub / mt8127 / android_kernel_alcatel_ttab.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
mac80211: remove ieee80211_get_hdr_info
[GitHub/mt8127/android_kernel_alcatel_ttab.git] / net / mac80211 / wpa.c
1 /*
2 * Copyright 2002-2004, Instant802 Networks, Inc.
3 *
4 * This program is free software; you can redistribute it and/or modify
5 * it under the terms of the GNU General Public License version 2 as
6 * published by the Free Software Foundation.
7 */
8
9 #include <linux/netdevice.h>
10 #include <linux/types.h>
11 #include <linux/slab.h>
12 #include <linux/skbuff.h>
13 #include <linux/compiler.h>
14 #include <linux/ieee80211.h>
15 #include <asm/unaligned.h>
16 #include <net/mac80211.h>
17
18 #include "ieee80211_i.h"
19 #include "michael.h"
20 #include "tkip.h"
21 #include "aes_ccm.h"
22 #include "wpa.h"
23
24 ieee80211_tx_result
25 ieee80211_tx_h_michael_mic_add(struct ieee80211_tx_data *tx)
26 {
27 u8 *data, *key, *mic, key_offset;
28 size_t data_len;
29 unsigned int hdrlen;
30 struct ieee80211_hdr *hdr;
31 u16 fc;
32 struct sk_buff *skb = tx->skb;
33 int authenticator;
34 int wpa_test = 0;
35 int tail;
36
37 fc = tx->fc;
38
39 if (!tx->key || tx->key->conf.alg != ALG_TKIP || skb->len < 24 ||
40 !WLAN_FC_DATA_PRESENT(fc))
41 return TX_CONTINUE;
42
43 hdr = (struct ieee80211_hdr *)skb->data;
44 hdrlen = ieee80211_hdrlen(hdr->frame_control);
45 if (skb->len < hdrlen)
46 return TX_DROP;
47
48 data = skb->data + hdrlen;
49 data_len = skb->len - hdrlen;
50
51 if ((tx->key->flags & KEY_FLAG_UPLOADED_TO_HARDWARE) &&
52 !(tx->flags & IEEE80211_TX_FRAGMENTED) &&
53 !(tx->key->conf.flags & IEEE80211_KEY_FLAG_GENERATE_MMIC) &&
54 !wpa_test) {
55 /* hwaccel - with no need for preallocated room for Michael MIC
56 */
57 return TX_CONTINUE;
58 }
59
60 tail = MICHAEL_MIC_LEN;
61 if (!(tx->key->flags & KEY_FLAG_UPLOADED_TO_HARDWARE))
62 tail += TKIP_ICV_LEN;
63
64 if (WARN_ON(skb_tailroom(skb) < tail ||
65 skb_headroom(skb) < TKIP_IV_LEN))
66 return TX_DROP;
67
68 #if 0
69 authenticator = fc & IEEE80211_FCTL_FROMDS; /* FIX */
70 #else
71 authenticator = 1;
72 #endif
73 /* At this point we know we're using ALG_TKIP. To get the MIC key
74 * we now will rely on the offset from the ieee80211_key_conf::key */
75 key_offset = authenticator ?
76 NL80211_TKIP_DATA_OFFSET_TX_MIC_KEY :
77 NL80211_TKIP_DATA_OFFSET_RX_MIC_KEY;
78 key = &tx->key->conf.key[key_offset];
79 mic = skb_put(skb, MICHAEL_MIC_LEN);
80 michael_mic(key, hdr, data, data_len, mic);
81
82 return TX_CONTINUE;
83 }
84
85
86 ieee80211_rx_result
87 ieee80211_rx_h_michael_mic_verify(struct ieee80211_rx_data *rx)
88 {
89 u8 *data, *key = NULL, key_offset;
90 size_t data_len;
91 unsigned int hdrlen;
92 struct ieee80211_hdr *hdr;
93 u16 fc;
94 u8 mic[MICHAEL_MIC_LEN];
95 struct sk_buff *skb = rx->skb;
96 int authenticator = 1, wpa_test = 0;
97 DECLARE_MAC_BUF(mac);
98
99 fc = rx->fc;
100
101 /*
102 * No way to verify the MIC if the hardware stripped it
103 */
104 if (rx->status->flag & RX_FLAG_MMIC_STRIPPED)
105 return RX_CONTINUE;
106
107 if (!rx->key || rx->key->conf.alg != ALG_TKIP ||
108 !(rx->fc & IEEE80211_FCTL_PROTECTED) || !WLAN_FC_DATA_PRESENT(fc))
109 return RX_CONTINUE;
110
111 hdr = (struct ieee80211_hdr *)skb->data;
112 hdrlen = ieee80211_hdrlen(hdr->frame_control);
113 if (skb->len < hdrlen + MICHAEL_MIC_LEN)
114 return RX_DROP_UNUSABLE;
115
116 data = skb->data + hdrlen;
117 data_len = skb->len - hdrlen - MICHAEL_MIC_LEN;
118
119 #if 0
120 authenticator = fc & IEEE80211_FCTL_TODS; /* FIX */
121 #else
122 authenticator = 1;
123 #endif
124 /* At this point we know we're using ALG_TKIP. To get the MIC key
125 * we now will rely on the offset from the ieee80211_key_conf::key */
126 key_offset = authenticator ?
127 NL80211_TKIP_DATA_OFFSET_RX_MIC_KEY :
128 NL80211_TKIP_DATA_OFFSET_TX_MIC_KEY;
129 key = &rx->key->conf.key[key_offset];
130 michael_mic(key, hdr, data, data_len, mic);
131 if (memcmp(mic, data + data_len, MICHAEL_MIC_LEN) != 0 || wpa_test) {
132 if (!(rx->flags & IEEE80211_RX_RA_MATCH))
133 return RX_DROP_UNUSABLE;
134
135 mac80211_ev_michael_mic_failure(rx->dev, rx->key->conf.keyidx,
136 (void *) skb->data);
137 return RX_DROP_UNUSABLE;
138 }
139
140 /* remove Michael MIC from payload */
141 skb_trim(skb, skb->len - MICHAEL_MIC_LEN);
142
143 /* update IV in key information to be able to detect replays */
144 rx->key->u.tkip.rx[rx->queue].iv32 = rx->tkip_iv32;
145 rx->key->u.tkip.rx[rx->queue].iv16 = rx->tkip_iv16;
146
147 return RX_CONTINUE;
148 }
149
150
151 static int tkip_encrypt_skb(struct ieee80211_tx_data *tx, struct sk_buff *skb)
152 {
153 struct ieee80211_hdr *hdr = (struct ieee80211_hdr *) skb->data;
154 struct ieee80211_key *key = tx->key;
155 struct ieee80211_tx_info *info = IEEE80211_SKB_CB(skb);
156 unsigned int hdrlen;
157 int len, tail;
158 u8 *pos;
159
160 info->control.icv_len = TKIP_ICV_LEN;
161 info->control.iv_len = TKIP_IV_LEN;
162
163 if ((tx->key->flags & KEY_FLAG_UPLOADED_TO_HARDWARE) &&
164 !(tx->key->conf.flags & IEEE80211_KEY_FLAG_GENERATE_IV)) {
165 /* hwaccel - with no need for preallocated room for IV/ICV */
166 info->control.hw_key = &tx->key->conf;
167 return 0;
168 }
169
170 hdrlen = ieee80211_hdrlen(hdr->frame_control);
171 len = skb->len - hdrlen;
172
173 if (tx->key->flags & KEY_FLAG_UPLOADED_TO_HARDWARE)
174 tail = 0;
175 else
176 tail = TKIP_ICV_LEN;
177
178 if (WARN_ON(skb_tailroom(skb) < tail ||
179 skb_headroom(skb) < TKIP_IV_LEN))
180 return -1;
181
182 pos = skb_push(skb, TKIP_IV_LEN);
183 memmove(pos, pos + TKIP_IV_LEN, hdrlen);
184 pos += hdrlen;
185
186 /* Increase IV for the frame */
187 key->u.tkip.tx.iv16++;
188 if (key->u.tkip.tx.iv16 == 0)
189 key->u.tkip.tx.iv32++;
190
191 if (tx->key->flags & KEY_FLAG_UPLOADED_TO_HARDWARE) {
192 /* hwaccel - with preallocated room for IV */
193 ieee80211_tkip_add_iv(pos, key, key->u.tkip.tx.iv16);
194
195 info->control.hw_key = &tx->key->conf;
196 return 0;
197 }
198
199 /* Add room for ICV */
200 skb_put(skb, TKIP_ICV_LEN);
201
202 hdr = (struct ieee80211_hdr *) skb->data;
203 ieee80211_tkip_encrypt_data(tx->local->wep_tx_tfm,
204 key, pos, len, hdr->addr2);
205 return 0;
206 }
207
208
209 ieee80211_tx_result
210 ieee80211_crypto_tkip_encrypt(struct ieee80211_tx_data *tx)
211 {
212 struct sk_buff *skb = tx->skb;
213
214 ieee80211_tx_set_protected(tx);
215
216 if (tkip_encrypt_skb(tx, skb) < 0)
217 return TX_DROP;
218
219 if (tx->extra_frag) {
220 int i;
221 for (i = 0; i < tx->num_extra_frag; i++) {
222 if (tkip_encrypt_skb(tx, tx->extra_frag[i]) < 0)
223 return TX_DROP;
224 }
225 }
226
227 return TX_CONTINUE;
228 }
229
230
231 ieee80211_rx_result
232 ieee80211_crypto_tkip_decrypt(struct ieee80211_rx_data *rx)
233 {
234 struct ieee80211_hdr *hdr = (struct ieee80211_hdr *) rx->skb->data;
235 int hdrlen, res, hwaccel = 0, wpa_test = 0;
236 struct ieee80211_key *key = rx->key;
237 struct sk_buff *skb = rx->skb;
238 DECLARE_MAC_BUF(mac);
239
240 hdrlen = ieee80211_hdrlen(hdr->frame_control);
241
242 if ((rx->fc & IEEE80211_FCTL_FTYPE) != IEEE80211_FTYPE_DATA)
243 return RX_CONTINUE;
244
245 if (!rx->sta || skb->len - hdrlen < 12)
246 return RX_DROP_UNUSABLE;
247
248 if (rx->status->flag & RX_FLAG_DECRYPTED) {
249 if (rx->status->flag & RX_FLAG_IV_STRIPPED) {
250 /*
251 * Hardware took care of all processing, including
252 * replay protection, and stripped the ICV/IV so
253 * we cannot do any checks here.
254 */
255 return RX_CONTINUE;
256 }
257
258 /* let TKIP code verify IV, but skip decryption */
259 hwaccel = 1;
260 }
261
262 res = ieee80211_tkip_decrypt_data(rx->local->wep_rx_tfm,
263 key, skb->data + hdrlen,
264 skb->len - hdrlen, rx->sta->addr,
265 hdr->addr1, hwaccel, rx->queue,
266 &rx->tkip_iv32,
267 &rx->tkip_iv16);
268 if (res != TKIP_DECRYPT_OK || wpa_test)
269 return RX_DROP_UNUSABLE;
270
271 /* Trim ICV */
272 skb_trim(skb, skb->len - TKIP_ICV_LEN);
273
274 /* Remove IV */
275 memmove(skb->data + TKIP_IV_LEN, skb->data, hdrlen);
276 skb_pull(skb, TKIP_IV_LEN);
277
278 return RX_CONTINUE;
279 }
280
281
282 static void ccmp_special_blocks(struct sk_buff *skb, u8 *pn, u8 *b_0, u8 *aad,
283 int encrypted)
284 {
285 __le16 mask_fc;
286 int a4_included;
287 u8 qos_tid;
288 u16 data_len, len_a;
289 unsigned int hdrlen;
290 struct ieee80211_hdr *hdr = (struct ieee80211_hdr *)skb->data;
291
292 /*
293 * Mask FC: zero subtype b4 b5 b6
294 * Retry, PwrMgt, MoreData; set Protected
295 */
296 mask_fc = hdr->frame_control;
297 mask_fc &= ~cpu_to_le16(0x0070 | IEEE80211_FCTL_RETRY |
298 IEEE80211_FCTL_PM | IEEE80211_FCTL_MOREDATA);
299 mask_fc |= cpu_to_le16(IEEE80211_FCTL_PROTECTED);
300
301 hdrlen = ieee80211_hdrlen(hdr->frame_control);
302 len_a = hdrlen - 2;
303 a4_included = ieee80211_has_a4(hdr->frame_control);
304
305 if (ieee80211_is_data_qos(hdr->frame_control))
306 qos_tid = *ieee80211_get_qos_ctl(hdr) & IEEE80211_QOS_CTL_TID_MASK;
307 else
308 qos_tid = 0;
309
310 data_len = skb->len - hdrlen - CCMP_HDR_LEN;
311 if (encrypted)
312 data_len -= CCMP_MIC_LEN;
313
314 /* First block, b_0 */
315 b_0[0] = 0x59; /* flags: Adata: 1, M: 011, L: 001 */
316 /* Nonce: QoS Priority | A2 | PN */
317 b_0[1] = qos_tid;
318 memcpy(&b_0[2], hdr->addr2, ETH_ALEN);
319 memcpy(&b_0[8], pn, CCMP_PN_LEN);
320 /* l(m) */
321 put_unaligned_be16(data_len, &b_0[14]);
322
323 /* AAD (extra authenticate-only data) / masked 802.11 header
324 * FC | A1 | A2 | A3 | SC | [A4] | [QC] */
325 put_unaligned_be16(len_a, &aad[0]);
326 put_unaligned(mask_fc, (__le16 *)&aad[2]);
327 memcpy(&aad[4], &hdr->addr1, 3 * ETH_ALEN);
328
329 /* Mask Seq#, leave Frag# */
330 aad[22] = *((u8 *) &hdr->seq_ctrl) & 0x0f;
331 aad[23] = 0;
332
333 if (a4_included) {
334 memcpy(&aad[24], hdr->addr4, ETH_ALEN);
335 aad[30] = qos_tid;
336 aad[31] = 0;
337 } else {
338 memset(&aad[24], 0, ETH_ALEN + IEEE80211_QOS_CTL_LEN);
339 aad[24] = qos_tid;
340 }
341 }
342
343
344 static inline void ccmp_pn2hdr(u8 *hdr, u8 *pn, int key_id)
345 {
346 hdr[0] = pn[5];
347 hdr[1] = pn[4];
348 hdr[2] = 0;
349 hdr[3] = 0x20 | (key_id << 6);
350 hdr[4] = pn[3];
351 hdr[5] = pn[2];
352 hdr[6] = pn[1];
353 hdr[7] = pn[0];
354 }
355
356
357 static inline int ccmp_hdr2pn(u8 *pn, u8 *hdr)
358 {
359 pn[0] = hdr[7];
360 pn[1] = hdr[6];
361 pn[2] = hdr[5];
362 pn[3] = hdr[4];
363 pn[4] = hdr[1];
364 pn[5] = hdr[0];
365 return (hdr[3] >> 6) & 0x03;
366 }
367
368
369 static int ccmp_encrypt_skb(struct ieee80211_tx_data *tx, struct sk_buff *skb)
370 {
371 struct ieee80211_hdr *hdr = (struct ieee80211_hdr *) skb->data;
372 struct ieee80211_key *key = tx->key;
373 struct ieee80211_tx_info *info = IEEE80211_SKB_CB(skb);
374 int hdrlen, len, tail;
375 u8 *pos, *pn, *b_0, *aad, *scratch;
376 int i;
377
378 info->control.icv_len = CCMP_MIC_LEN;
379 info->control.iv_len = CCMP_HDR_LEN;
380
381 if ((tx->key->flags & KEY_FLAG_UPLOADED_TO_HARDWARE) &&
382 !(tx->key->conf.flags & IEEE80211_KEY_FLAG_GENERATE_IV)) {
383 /* hwaccel - with no need for preallocated room for CCMP "
384 * header or MIC fields */
385 info->control.hw_key = &tx->key->conf;
386 return 0;
387 }
388
389 scratch = key->u.ccmp.tx_crypto_buf;
390 b_0 = scratch + 3 * AES_BLOCK_LEN;
391 aad = scratch + 4 * AES_BLOCK_LEN;
392
393 hdrlen = ieee80211_hdrlen(hdr->frame_control);
394 len = skb->len - hdrlen;
395
396 if (key->flags & KEY_FLAG_UPLOADED_TO_HARDWARE)
397 tail = 0;
398 else
399 tail = CCMP_MIC_LEN;
400
401 if (WARN_ON(skb_tailroom(skb) < tail ||
402 skb_headroom(skb) < CCMP_HDR_LEN))
403 return -1;
404
405 pos = skb_push(skb, CCMP_HDR_LEN);
406 memmove(pos, pos + CCMP_HDR_LEN, hdrlen);
407 hdr = (struct ieee80211_hdr *) pos;
408 pos += hdrlen;
409
410 /* PN = PN + 1 */
411 pn = key->u.ccmp.tx_pn;
412
413 for (i = CCMP_PN_LEN - 1; i >= 0; i--) {
414 pn[i]++;
415 if (pn[i])
416 break;
417 }
418
419 ccmp_pn2hdr(pos, pn, key->conf.keyidx);
420
421 if (key->flags & KEY_FLAG_UPLOADED_TO_HARDWARE) {
422 /* hwaccel - with preallocated room for CCMP header */
423 info->control.hw_key = &tx->key->conf;
424 return 0;
425 }
426
427 pos += CCMP_HDR_LEN;
428 ccmp_special_blocks(skb, pn, b_0, aad, 0);
429 ieee80211_aes_ccm_encrypt(key->u.ccmp.tfm, scratch, b_0, aad, pos, len,
430 pos, skb_put(skb, CCMP_MIC_LEN));
431
432 return 0;
433 }
434
435
436 ieee80211_tx_result
437 ieee80211_crypto_ccmp_encrypt(struct ieee80211_tx_data *tx)
438 {
439 struct sk_buff *skb = tx->skb;
440
441 ieee80211_tx_set_protected(tx);
442
443 if (ccmp_encrypt_skb(tx, skb) < 0)
444 return TX_DROP;
445
446 if (tx->extra_frag) {
447 int i;
448 for (i = 0; i < tx->num_extra_frag; i++) {
449 if (ccmp_encrypt_skb(tx, tx->extra_frag[i]) < 0)
450 return TX_DROP;
451 }
452 }
453
454 return TX_CONTINUE;
455 }
456
457
458 ieee80211_rx_result
459 ieee80211_crypto_ccmp_decrypt(struct ieee80211_rx_data *rx)
460 {
461 struct ieee80211_hdr *hdr = (struct ieee80211_hdr *) rx->skb->data;
462 int hdrlen;
463 struct ieee80211_key *key = rx->key;
464 struct sk_buff *skb = rx->skb;
465 u8 pn[CCMP_PN_LEN];
466 int data_len;
467 DECLARE_MAC_BUF(mac);
468
469 hdrlen = ieee80211_hdrlen(hdr->frame_control);
470
471 if ((rx->fc & IEEE80211_FCTL_FTYPE) != IEEE80211_FTYPE_DATA)
472 return RX_CONTINUE;
473
474 data_len = skb->len - hdrlen - CCMP_HDR_LEN - CCMP_MIC_LEN;
475 if (!rx->sta || data_len < 0)
476 return RX_DROP_UNUSABLE;
477
478 if ((rx->status->flag & RX_FLAG_DECRYPTED) &&
479 (rx->status->flag & RX_FLAG_IV_STRIPPED))
480 return RX_CONTINUE;
481
482 (void) ccmp_hdr2pn(pn, skb->data + hdrlen);
483
484 if (memcmp(pn, key->u.ccmp.rx_pn[rx->queue], CCMP_PN_LEN) <= 0) {
485 key->u.ccmp.replays++;
486 return RX_DROP_UNUSABLE;
487 }
488
489 if (!(rx->status->flag & RX_FLAG_DECRYPTED)) {
490 /* hardware didn't decrypt/verify MIC */
491 u8 *scratch, *b_0, *aad;
492
493 scratch = key->u.ccmp.rx_crypto_buf;
494 b_0 = scratch + 3 * AES_BLOCK_LEN;
495 aad = scratch + 4 * AES_BLOCK_LEN;
496
497 ccmp_special_blocks(skb, pn, b_0, aad, 1);
498
499 if (ieee80211_aes_ccm_decrypt(
500 key->u.ccmp.tfm, scratch, b_0, aad,
501 skb->data + hdrlen + CCMP_HDR_LEN, data_len,
502 skb->data + skb->len - CCMP_MIC_LEN,
503 skb->data + hdrlen + CCMP_HDR_LEN)) {
504 return RX_DROP_UNUSABLE;
505 }
506 }
507
508 memcpy(key->u.ccmp.rx_pn[rx->queue], pn, CCMP_PN_LEN);
509
510 /* Remove CCMP header and MIC */
511 skb_trim(skb, skb->len - CCMP_MIC_LEN);
512 memmove(skb->data + CCMP_HDR_LEN, skb->data, hdrlen);
513 skb_pull(skb, CCMP_HDR_LEN);
514
515 return RX_CONTINUE;
516 }
kernel source for telekom puls (alcatel/mediatek)