mac80111: Add CCMP-256 cipher
authorJouni Malinen <jouni@qca.qualcomm.com>
Sat, 24 Jan 2015 17:52:07 +0000 (19:52 +0200)
committerJohannes Berg <johannes.berg@intel.com>
Tue, 27 Jan 2015 10:07:35 +0000 (11:07 +0100)
This allows mac80211 to configure CCMP-256 to the driver and also use
software-implementation within mac80211 when the driver does not support
this with hardware accelaration.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
[squash ccmp256 -> mic_len argument change]
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
net/mac80211/aes_ccm.c
net/mac80211/aes_ccm.h
net/mac80211/cfg.c
net/mac80211/debugfs_key.c
net/mac80211/key.c
net/mac80211/main.c
net/mac80211/rx.c
net/mac80211/tx.c
net/mac80211/wpa.c
net/mac80211/wpa.h

index 09d9caaec59112f40b060951ae16796388e2e741..7869bb40acaa1acbe60763493a738bf32812bb34 100644 (file)
@@ -20,7 +20,8 @@
 #include "aes_ccm.h"
 
 void ieee80211_aes_ccm_encrypt(struct crypto_aead *tfm, u8 *b_0, u8 *aad,
-                              u8 *data, size_t data_len, u8 *mic)
+                              u8 *data, size_t data_len, u8 *mic,
+                              size_t mic_len)
 {
        struct scatterlist assoc, pt, ct[2];
 
@@ -35,7 +36,7 @@ void ieee80211_aes_ccm_encrypt(struct crypto_aead *tfm, u8 *b_0, u8 *aad,
        sg_init_one(&assoc, &aad[2], be16_to_cpup((__be16 *)aad));
        sg_init_table(ct, 2);
        sg_set_buf(&ct[0], data, data_len);
-       sg_set_buf(&ct[1], mic, IEEE80211_CCMP_MIC_LEN);
+       sg_set_buf(&ct[1], mic, mic_len);
 
        aead_request_set_tfm(aead_req, tfm);
        aead_request_set_assoc(aead_req, &assoc, assoc.length);
@@ -45,7 +46,8 @@ void ieee80211_aes_ccm_encrypt(struct crypto_aead *tfm, u8 *b_0, u8 *aad,
 }
 
 int ieee80211_aes_ccm_decrypt(struct crypto_aead *tfm, u8 *b_0, u8 *aad,
-                             u8 *data, size_t data_len, u8 *mic)
+                             u8 *data, size_t data_len, u8 *mic,
+                             size_t mic_len)
 {
        struct scatterlist assoc, pt, ct[2];
        char aead_req_data[sizeof(struct aead_request) +
@@ -62,17 +64,18 @@ int ieee80211_aes_ccm_decrypt(struct crypto_aead *tfm, u8 *b_0, u8 *aad,
        sg_init_one(&assoc, &aad[2], be16_to_cpup((__be16 *)aad));
        sg_init_table(ct, 2);
        sg_set_buf(&ct[0], data, data_len);
-       sg_set_buf(&ct[1], mic, IEEE80211_CCMP_MIC_LEN);
+       sg_set_buf(&ct[1], mic, mic_len);
 
        aead_request_set_tfm(aead_req, tfm);
        aead_request_set_assoc(aead_req, &assoc, assoc.length);
-       aead_request_set_crypt(aead_req, ct, &pt,
-                              data_len + IEEE80211_CCMP_MIC_LEN, b_0);
+       aead_request_set_crypt(aead_req, ct, &pt, data_len + mic_len, b_0);
 
        return crypto_aead_decrypt(aead_req);
 }
 
-struct crypto_aead *ieee80211_aes_key_setup_encrypt(const u8 key[])
+struct crypto_aead *ieee80211_aes_key_setup_encrypt(const u8 key[],
+                                                   size_t key_len,
+                                                   size_t mic_len)
 {
        struct crypto_aead *tfm;
        int err;
@@ -81,9 +84,9 @@ struct crypto_aead *ieee80211_aes_key_setup_encrypt(const u8 key[])
        if (IS_ERR(tfm))
                return tfm;
 
-       err = crypto_aead_setkey(tfm, key, WLAN_KEY_LEN_CCMP);
+       err = crypto_aead_setkey(tfm, key, key_len);
        if (!err)
-               err = crypto_aead_setauthsize(tfm, IEEE80211_CCMP_MIC_LEN);
+               err = crypto_aead_setauthsize(tfm, mic_len);
        if (!err)
                return tfm;
 
index 2c7ab1948a2edba3964a5c0edfb7e941752719f6..6a73d1e4d186d34a00da8c2f8e509985c3805607 100644 (file)
 
 #include <linux/crypto.h>
 
-struct crypto_aead *ieee80211_aes_key_setup_encrypt(const u8 key[]);
+struct crypto_aead *ieee80211_aes_key_setup_encrypt(const u8 key[],
+                                                   size_t key_len,
+                                                   size_t mic_len);
 void ieee80211_aes_ccm_encrypt(struct crypto_aead *tfm, u8 *b_0, u8 *aad,
-                              u8 *data, size_t data_len, u8 *mic);
+                              u8 *data, size_t data_len, u8 *mic,
+                              size_t mic_len);
 int ieee80211_aes_ccm_decrypt(struct crypto_aead *tfm, u8 *b_0, u8 *aad,
-                             u8 *data, size_t data_len, u8 *mic);
+                             u8 *data, size_t data_len, u8 *mic,
+                             size_t mic_len);
 void ieee80211_aes_key_free(struct crypto_aead *tfm);
 
 #endif /* AES_CCM_H */
index 1c1d061cff56308940bcad2c9cda9b9153d59adc..ef84441c119cff5d4ed68e2428f8517f80db2c59 100644 (file)
@@ -162,6 +162,7 @@ static int ieee80211_add_key(struct wiphy *wiphy, struct net_device *dev,
                        return -EINVAL;
                break;
        case WLAN_CIPHER_SUITE_CCMP:
+       case WLAN_CIPHER_SUITE_CCMP_256:
        case WLAN_CIPHER_SUITE_AES_CMAC:
        case WLAN_CIPHER_SUITE_GCMP:
        case WLAN_CIPHER_SUITE_GCMP_256:
@@ -349,6 +350,7 @@ static int ieee80211_get_key(struct wiphy *wiphy, struct net_device *dev,
                params.seq_len = 6;
                break;
        case WLAN_CIPHER_SUITE_CCMP:
+       case WLAN_CIPHER_SUITE_CCMP_256:
                pn64 = atomic64_read(&key->u.ccmp.tx_pn);
                seq[0] = pn64;
                seq[1] = pn64 >> 8;
index 0e223e6022960b962678c3dcc03d7bb2bcd02be7..64de07b1609248431266a3061b6deb8eaca07ef3 100644 (file)
@@ -94,6 +94,7 @@ static ssize_t key_tx_spec_read(struct file *file, char __user *userbuf,
                                key->u.tkip.tx.iv16);
                break;
        case WLAN_CIPHER_SUITE_CCMP:
+       case WLAN_CIPHER_SUITE_CCMP_256:
                pn = atomic64_read(&key->u.ccmp.tx_pn);
                len = scnprintf(buf, sizeof(buf), "%02x%02x%02x%02x%02x%02x\n",
                                (u8)(pn >> 40), (u8)(pn >> 32), (u8)(pn >> 24),
@@ -141,6 +142,7 @@ static ssize_t key_rx_spec_read(struct file *file, char __user *userbuf,
                len = p - buf;
                break;
        case WLAN_CIPHER_SUITE_CCMP:
+       case WLAN_CIPHER_SUITE_CCMP_256:
                for (i = 0; i < IEEE80211_NUM_TIDS + 1; i++) {
                        rpn = key->u.ccmp.rx_pn[i];
                        p += scnprintf(p, sizeof(buf)+buf-p,
@@ -185,6 +187,7 @@ static ssize_t key_replays_read(struct file *file, char __user *userbuf,
 
        switch (key->conf.cipher) {
        case WLAN_CIPHER_SUITE_CCMP:
+       case WLAN_CIPHER_SUITE_CCMP_256:
                len = scnprintf(buf, sizeof(buf), "%u\n", key->u.ccmp.replays);
                break;
        case WLAN_CIPHER_SUITE_AES_CMAC:
index cbee2f5180cef7f5b8d5e4959e1ea4f02996b15c..83c61085c3f03d92024471671ad7c341a1887c54 100644 (file)
@@ -163,6 +163,7 @@ static int ieee80211_key_enable_hw_accel(struct ieee80211_key *key)
        case WLAN_CIPHER_SUITE_WEP104:
        case WLAN_CIPHER_SUITE_TKIP:
        case WLAN_CIPHER_SUITE_CCMP:
+       case WLAN_CIPHER_SUITE_CCMP_256:
        case WLAN_CIPHER_SUITE_AES_CMAC:
        case WLAN_CIPHER_SUITE_GCMP:
        case WLAN_CIPHER_SUITE_GCMP_256:
@@ -389,7 +390,26 @@ ieee80211_key_alloc(u32 cipher, int idx, size_t key_len,
                 * Initialize AES key state here as an optimization so that
                 * it does not need to be initialized for every packet.
                 */
-               key->u.ccmp.tfm = ieee80211_aes_key_setup_encrypt(key_data);
+               key->u.ccmp.tfm = ieee80211_aes_key_setup_encrypt(
+                       key_data, key_len, IEEE80211_CCMP_MIC_LEN);
+               if (IS_ERR(key->u.ccmp.tfm)) {
+                       err = PTR_ERR(key->u.ccmp.tfm);
+                       kfree(key);
+                       return ERR_PTR(err);
+               }
+               break;
+       case WLAN_CIPHER_SUITE_CCMP_256:
+               key->conf.iv_len = IEEE80211_CCMP_256_HDR_LEN;
+               key->conf.icv_len = IEEE80211_CCMP_256_MIC_LEN;
+               for (i = 0; seq && i < IEEE80211_NUM_TIDS + 1; i++)
+                       for (j = 0; j < IEEE80211_CCMP_256_PN_LEN; j++)
+                               key->u.ccmp.rx_pn[i][j] =
+                                       seq[IEEE80211_CCMP_256_PN_LEN - j - 1];
+               /* Initialize AES key state here as an optimization so that
+                * it does not need to be initialized for every packet.
+                */
+               key->u.ccmp.tfm = ieee80211_aes_key_setup_encrypt(
+                       key_data, key_len, IEEE80211_CCMP_256_MIC_LEN);
                if (IS_ERR(key->u.ccmp.tfm)) {
                        err = PTR_ERR(key->u.ccmp.tfm);
                        kfree(key);
@@ -457,6 +477,7 @@ static void ieee80211_key_free_common(struct ieee80211_key *key)
 {
        switch (key->conf.cipher) {
        case WLAN_CIPHER_SUITE_CCMP:
+       case WLAN_CIPHER_SUITE_CCMP_256:
                ieee80211_aes_key_free(key->u.ccmp.tfm);
                break;
        case WLAN_CIPHER_SUITE_AES_CMAC:
@@ -773,6 +794,7 @@ void ieee80211_get_key_tx_seq(struct ieee80211_key_conf *keyconf,
                seq->tkip.iv16 = key->u.tkip.tx.iv16;
                break;
        case WLAN_CIPHER_SUITE_CCMP:
+       case WLAN_CIPHER_SUITE_CCMP_256:
                pn64 = atomic64_read(&key->u.ccmp.tx_pn);
                seq->ccmp.pn[5] = pn64;
                seq->ccmp.pn[4] = pn64 >> 8;
@@ -822,6 +844,7 @@ void ieee80211_get_key_rx_seq(struct ieee80211_key_conf *keyconf,
                seq->tkip.iv16 = key->u.tkip.rx[tid].iv16;
                break;
        case WLAN_CIPHER_SUITE_CCMP:
+       case WLAN_CIPHER_SUITE_CCMP_256:
                if (WARN_ON(tid < -1 || tid >= IEEE80211_NUM_TIDS))
                        return;
                if (tid < 0)
@@ -864,6 +887,7 @@ void ieee80211_set_key_tx_seq(struct ieee80211_key_conf *keyconf,
                key->u.tkip.tx.iv16 = seq->tkip.iv16;
                break;
        case WLAN_CIPHER_SUITE_CCMP:
+       case WLAN_CIPHER_SUITE_CCMP_256:
                pn64 = (u64)seq->ccmp.pn[5] |
                       ((u64)seq->ccmp.pn[4] << 8) |
                       ((u64)seq->ccmp.pn[3] << 16) |
@@ -914,6 +938,7 @@ void ieee80211_set_key_rx_seq(struct ieee80211_key_conf *keyconf,
                key->u.tkip.rx[tid].iv16 = seq->tkip.iv16;
                break;
        case WLAN_CIPHER_SUITE_CCMP:
+       case WLAN_CIPHER_SUITE_CCMP_256:
                if (WARN_ON(tid < -1 || tid >= IEEE80211_NUM_TIDS))
                        return;
                if (tid < 0)
index 7223b4e16752bf3f4910852b079bb08183eb549f..a5ad2d5bb29ba175372c69ca61b0a895dce58cb2 100644 (file)
@@ -666,6 +666,7 @@ static int ieee80211_init_cipher_suites(struct ieee80211_local *local)
                WLAN_CIPHER_SUITE_WEP104,
                WLAN_CIPHER_SUITE_TKIP,
                WLAN_CIPHER_SUITE_CCMP,
+               WLAN_CIPHER_SUITE_CCMP_256,
                WLAN_CIPHER_SUITE_GCMP,
                WLAN_CIPHER_SUITE_GCMP_256,
 
@@ -727,9 +728,9 @@ static int ieee80211_init_cipher_suites(struct ieee80211_local *local)
                 * including the schemes)
                 *
                 * We start counting ciphers defined by schemes, TKIP, CCMP,
-                * GCMP, and GCMP-256
+                * CCMP-256, GCMP, and GCMP-256
                 */
-               n_suites = local->hw.n_cipher_schemes + 4;
+               n_suites = local->hw.n_cipher_schemes + 5;
 
                /* check if we have WEP40 and WEP104 */
                if (have_wep)
@@ -744,6 +745,7 @@ static int ieee80211_init_cipher_suites(struct ieee80211_local *local)
                        return -ENOMEM;
 
                suites[w++] = WLAN_CIPHER_SUITE_CCMP;
+               suites[w++] = WLAN_CIPHER_SUITE_CCMP_256;
                suites[w++] = WLAN_CIPHER_SUITE_TKIP;
                suites[w++] = WLAN_CIPHER_SUITE_GCMP;
                suites[w++] = WLAN_CIPHER_SUITE_GCMP_256;
index a11d2518c36577e755591b0960c9dbe41312e08a..e8c6ba5ce70b84b24387f5af0bfa377392dde20a 100644 (file)
@@ -1650,7 +1650,12 @@ ieee80211_rx_h_decrypt(struct ieee80211_rx_data *rx)
                result = ieee80211_crypto_tkip_decrypt(rx);
                break;
        case WLAN_CIPHER_SUITE_CCMP:
-               result = ieee80211_crypto_ccmp_decrypt(rx);
+               result = ieee80211_crypto_ccmp_decrypt(
+                       rx, IEEE80211_CCMP_MIC_LEN);
+               break;
+       case WLAN_CIPHER_SUITE_CCMP_256:
+               result = ieee80211_crypto_ccmp_decrypt(
+                       rx, IEEE80211_CCMP_256_MIC_LEN);
                break;
        case WLAN_CIPHER_SUITE_AES_CMAC:
                result = ieee80211_crypto_aes_cmac_decrypt(rx);
@@ -1785,7 +1790,9 @@ ieee80211_rx_h_defragment(struct ieee80211_rx_data *rx)
                /* This is the first fragment of a new frame. */
                entry = ieee80211_reassemble_add(rx->sdata, frag, seq,
                                                 rx->seqno_idx, &(rx->skb));
-               if (rx->key && rx->key->conf.cipher == WLAN_CIPHER_SUITE_CCMP &&
+               if (rx->key &&
+                   (rx->key->conf.cipher == WLAN_CIPHER_SUITE_CCMP ||
+                    rx->key->conf.cipher == WLAN_CIPHER_SUITE_CCMP_256) &&
                    ieee80211_has_protected(fc)) {
                        int queue = rx->security_idx;
                        /* Store CCMP PN so that we can verify that the next
@@ -1814,7 +1821,9 @@ ieee80211_rx_h_defragment(struct ieee80211_rx_data *rx)
                int i;
                u8 pn[IEEE80211_CCMP_PN_LEN], *rpn;
                int queue;
-               if (!rx->key || rx->key->conf.cipher != WLAN_CIPHER_SUITE_CCMP)
+               if (!rx->key ||
+                   (rx->key->conf.cipher != WLAN_CIPHER_SUITE_CCMP &&
+                    rx->key->conf.cipher != WLAN_CIPHER_SUITE_CCMP_256))
                        return RX_DROP_UNUSABLE;
                memcpy(pn, entry->last_pn, IEEE80211_CCMP_PN_LEN);
                for (i = IEEE80211_CCMP_PN_LEN - 1; i >= 0; i--) {
index e4c6fbc4bf7ace048192ec1a07cb90fe45d59957..be57e0afd019f2f04dc4500bf1da2fcb08baae63 100644 (file)
@@ -626,6 +626,7 @@ ieee80211_tx_h_select_key(struct ieee80211_tx_data *tx)
                                tx->key = NULL;
                        break;
                case WLAN_CIPHER_SUITE_CCMP:
+               case WLAN_CIPHER_SUITE_CCMP_256:
                case WLAN_CIPHER_SUITE_GCMP:
                case WLAN_CIPHER_SUITE_GCMP_256:
                        if (!ieee80211_is_data_present(hdr->frame_control) &&
@@ -1013,7 +1014,11 @@ ieee80211_tx_h_encrypt(struct ieee80211_tx_data *tx)
        case WLAN_CIPHER_SUITE_TKIP:
                return ieee80211_crypto_tkip_encrypt(tx);
        case WLAN_CIPHER_SUITE_CCMP:
-               return ieee80211_crypto_ccmp_encrypt(tx);
+               return ieee80211_crypto_ccmp_encrypt(
+                       tx, IEEE80211_CCMP_MIC_LEN);
+       case WLAN_CIPHER_SUITE_CCMP_256:
+               return ieee80211_crypto_ccmp_encrypt(
+                       tx, IEEE80211_CCMP_256_MIC_LEN);
        case WLAN_CIPHER_SUITE_AES_CMAC:
                return ieee80211_crypto_aes_cmac_encrypt(tx);
        case WLAN_CIPHER_SUITE_GCMP:
index 96b65c2401094e2f5fd4d26c02001dd2172b275d..ae654de9782aaadd54c6ff1442a170901133e484 100644 (file)
@@ -394,7 +394,8 @@ static inline void ccmp_hdr2pn(u8 *pn, u8 *hdr)
 }
 
 
-static int ccmp_encrypt_skb(struct ieee80211_tx_data *tx, struct sk_buff *skb)
+static int ccmp_encrypt_skb(struct ieee80211_tx_data *tx, struct sk_buff *skb,
+                           unsigned int mic_len)
 {
        struct ieee80211_hdr *hdr = (struct ieee80211_hdr *) skb->data;
        struct ieee80211_key *key = tx->key;
@@ -425,7 +426,7 @@ static int ccmp_encrypt_skb(struct ieee80211_tx_data *tx, struct sk_buff *skb)
        if (info->control.hw_key)
                tail = 0;
        else
-               tail = IEEE80211_CCMP_MIC_LEN;
+               tail = mic_len;
 
        if (WARN_ON(skb_tailroom(skb) < tail ||
                    skb_headroom(skb) < IEEE80211_CCMP_HDR_LEN))
@@ -460,21 +461,22 @@ static int ccmp_encrypt_skb(struct ieee80211_tx_data *tx, struct sk_buff *skb)
        pos += IEEE80211_CCMP_HDR_LEN;
        ccmp_special_blocks(skb, pn, b_0, aad);
        ieee80211_aes_ccm_encrypt(key->u.ccmp.tfm, b_0, aad, pos, len,
-                                 skb_put(skb, IEEE80211_CCMP_MIC_LEN));
+                                 skb_put(skb, mic_len), mic_len);
 
        return 0;
 }
 
 
 ieee80211_tx_result
-ieee80211_crypto_ccmp_encrypt(struct ieee80211_tx_data *tx)
+ieee80211_crypto_ccmp_encrypt(struct ieee80211_tx_data *tx,
+                             unsigned int mic_len)
 {
        struct sk_buff *skb;
 
        ieee80211_tx_set_protected(tx);
 
        skb_queue_walk(&tx->skbs, skb) {
-               if (ccmp_encrypt_skb(tx, skb) < 0)
+               if (ccmp_encrypt_skb(tx, skb, mic_len) < 0)
                        return TX_DROP;
        }
 
@@ -483,7 +485,8 @@ ieee80211_crypto_ccmp_encrypt(struct ieee80211_tx_data *tx)
 
 
 ieee80211_rx_result
-ieee80211_crypto_ccmp_decrypt(struct ieee80211_rx_data *rx)
+ieee80211_crypto_ccmp_decrypt(struct ieee80211_rx_data *rx,
+                             unsigned int mic_len)
 {
        struct ieee80211_hdr *hdr = (struct ieee80211_hdr *)rx->skb->data;
        int hdrlen;
@@ -500,8 +503,7 @@ ieee80211_crypto_ccmp_decrypt(struct ieee80211_rx_data *rx)
            !ieee80211_is_robust_mgmt_frame(skb))
                return RX_CONTINUE;
 
-       data_len = skb->len - hdrlen - IEEE80211_CCMP_HDR_LEN -
-                  IEEE80211_CCMP_MIC_LEN;
+       data_len = skb->len - hdrlen - IEEE80211_CCMP_HDR_LEN - mic_len;
        if (!rx->sta || data_len < 0)
                return RX_DROP_UNUSABLE;
 
@@ -532,14 +534,14 @@ ieee80211_crypto_ccmp_decrypt(struct ieee80211_rx_data *rx)
                            key->u.ccmp.tfm, b_0, aad,
                            skb->data + hdrlen + IEEE80211_CCMP_HDR_LEN,
                            data_len,
-                           skb->data + skb->len - IEEE80211_CCMP_MIC_LEN))
+                           skb->data + skb->len - mic_len, mic_len))
                        return RX_DROP_UNUSABLE;
        }
 
        memcpy(key->u.ccmp.rx_pn[queue], pn, IEEE80211_CCMP_PN_LEN);
 
        /* Remove CCMP header and MIC */
-       if (pskb_trim(skb, skb->len - IEEE80211_CCMP_MIC_LEN))
+       if (pskb_trim(skb, skb->len - mic_len))
                return RX_DROP_UNUSABLE;
        memmove(skb->data + IEEE80211_CCMP_HDR_LEN, skb->data, hdrlen);
        skb_pull(skb, IEEE80211_CCMP_HDR_LEN);
index ea955f27835163bdfd64076db7f30bd63b1e11b3..43e109f27a89135fb88d1133291ed0735cae9f21 100644 (file)
@@ -24,9 +24,11 @@ ieee80211_rx_result
 ieee80211_crypto_tkip_decrypt(struct ieee80211_rx_data *rx);
 
 ieee80211_tx_result
-ieee80211_crypto_ccmp_encrypt(struct ieee80211_tx_data *tx);
+ieee80211_crypto_ccmp_encrypt(struct ieee80211_tx_data *tx,
+                             unsigned int mic_len);
 ieee80211_rx_result
-ieee80211_crypto_ccmp_decrypt(struct ieee80211_rx_data *rx);
+ieee80211_crypto_ccmp_decrypt(struct ieee80211_rx_data *rx,
+                             unsigned int mic_len);
 
 ieee80211_tx_result
 ieee80211_crypto_aes_cmac_encrypt(struct ieee80211_tx_data *tx);