1 // SPDX-License-Identifier: GPL-2.0-only 2 /* 3 * Copyright 2002-2004, Instant802 Networks, Inc. 4 * Copyright 2008, Jouni Malinen <j@w1.fi> 5 * Copyright (C) 2016-2017 Intel Deutschland GmbH 6 */ 7 8 #include <linux/netdevice.h> 9 #include <linux/types.h> 10 #include <linux/skbuff.h> 11 #include <linux/compiler.h> 12 #include <linux/ieee80211.h> 13 #include <linux/gfp.h> 14 #include <asm/unaligned.h> 15 #include <net/mac80211.h> 16 #include <crypto/aes.h> 17 #include <crypto/algapi.h> 18 19 #include "ieee80211_i.h" 20 #include "michael.h" 21 #include "tkip.h" 22 #include "aes_ccm.h" 23 #include "aes_cmac.h" 24 #include "aes_gmac.h" 25 #include "aes_gcm.h" 26 #include "wpa.h" 27 28 ieee80211_tx_result 29 ieee80211_tx_h_michael_mic_add(struct ieee80211_tx_data *tx) 30 { 31 u8 *data, *key, *mic; 32 size_t data_len; 33 unsigned int hdrlen; 34 struct ieee80211_hdr *hdr; 35 struct sk_buff *skb = tx->skb; 36 struct ieee80211_tx_info *info = IEEE80211_SKB_CB(skb); 37 int tail; 38 39 hdr = (struct ieee80211_hdr *)skb->data; 40 if (!tx->key || tx->key->conf.cipher != WLAN_CIPHER_SUITE_TKIP || 41 skb->len < 24 || !ieee80211_is_data_present(hdr->frame_control)) 42 return TX_CONTINUE; 43 44 hdrlen = ieee80211_hdrlen(hdr->frame_control); 45 if (skb->len < hdrlen) 46 return TX_DROP; 47 48 data = skb->data + hdrlen; 49 data_len = skb->len - hdrlen; 50 51 if (unlikely(info->flags & IEEE80211_TX_INTFL_TKIP_MIC_FAILURE)) { 52 /* Need to use software crypto for the test */ 53 info->control.hw_key = NULL; 54 } 55 56 if (info->control.hw_key && 57 (info->flags & IEEE80211_TX_CTL_DONTFRAG || 58 ieee80211_hw_check(&tx->local->hw, SUPPORTS_TX_FRAG)) && 59 !(tx->key->conf.flags & (IEEE80211_KEY_FLAG_GENERATE_MMIC | 60 IEEE80211_KEY_FLAG_PUT_MIC_SPACE))) { 61 /* hwaccel - with no need for SW-generated MMIC or MIC space */ 62 return TX_CONTINUE; 63 } 64 65 tail = MICHAEL_MIC_LEN; 66 if (!info->control.hw_key) 67 tail += IEEE80211_TKIP_ICV_LEN; 68 69 if (WARN(skb_tailroom(skb) < tail || 70 skb_headroom(skb) < IEEE80211_TKIP_IV_LEN, 71 "mmic: not enough head/tail (%d/%d,%d/%d)\n", 72 skb_headroom(skb), IEEE80211_TKIP_IV_LEN, 73 skb_tailroom(skb), tail)) 74 return TX_DROP; 75 76 mic = skb_put(skb, MICHAEL_MIC_LEN); 77 78 if (tx->key->conf.flags & IEEE80211_KEY_FLAG_PUT_MIC_SPACE) { 79 /* Zeroed MIC can help with debug */ 80 memset(mic, 0, MICHAEL_MIC_LEN); 81 return TX_CONTINUE; 82 } 83 84 key = &tx->key->conf.key[NL80211_TKIP_DATA_OFFSET_TX_MIC_KEY]; 85 michael_mic(key, hdr, data, data_len, mic); 86 if (unlikely(info->flags & IEEE80211_TX_INTFL_TKIP_MIC_FAILURE)) 87 mic[0]++; 88 89 return TX_CONTINUE; 90 } 91 92 93 ieee80211_rx_result 94 ieee80211_rx_h_michael_mic_verify(struct ieee80211_rx_data *rx) 95 { 96 u8 *data, *key = NULL; 97 size_t data_len; 98 unsigned int hdrlen; 99 u8 mic[MICHAEL_MIC_LEN]; 100 struct sk_buff *skb = rx->skb; 101 struct ieee80211_rx_status *status = IEEE80211_SKB_RXCB(skb); 102 struct ieee80211_hdr *hdr = (struct ieee80211_hdr *)skb->data; 103 104 /* 105 * it makes no sense to check for MIC errors on anything other 106 * than data frames. 107 */ 108 if (!ieee80211_is_data_present(hdr->frame_control)) 109 return RX_CONTINUE; 110 111 /* 112 * No way to verify the MIC if the hardware stripped it or 113 * the IV with the key index. In this case we have solely rely 114 * on the driver to set RX_FLAG_MMIC_ERROR in the event of a 115 * MIC failure report. 116 */ 117 if (status->flag & (RX_FLAG_MMIC_STRIPPED | RX_FLAG_IV_STRIPPED)) { 118 if (status->flag & RX_FLAG_MMIC_ERROR) 119 goto mic_fail_no_key; 120 121 if (!(status->flag & RX_FLAG_IV_STRIPPED) && rx->key && 122 rx->key->conf.cipher == WLAN_CIPHER_SUITE_TKIP) 123 goto update_iv; 124 125 return RX_CONTINUE; 126 } 127 128 /* 129 * Some hardware seems to generate Michael MIC failure reports; even 130 * though, the frame was not encrypted with TKIP and therefore has no 131 * MIC. Ignore the flag them to avoid triggering countermeasures. 132 */ 133 if (!rx->key || rx->key->conf.cipher != WLAN_CIPHER_SUITE_TKIP || 134 !(status->flag & RX_FLAG_DECRYPTED)) 135 return RX_CONTINUE; 136 137 if (rx->sdata->vif.type == NL80211_IFTYPE_AP && rx->key->conf.keyidx) { 138 /* 139 * APs with pairwise keys should never receive Michael MIC 140 * errors for non-zero keyidx because these are reserved for 141 * group keys and only the AP is sending real multicast 142 * frames in the BSS. 143 */ 144 return RX_DROP_UNUSABLE; 145 } 146 147 if (status->flag & RX_FLAG_MMIC_ERROR) 148 goto mic_fail; 149 150 hdrlen = ieee80211_hdrlen(hdr->frame_control); 151 if (skb->len < hdrlen + MICHAEL_MIC_LEN) 152 return RX_DROP_UNUSABLE; 153 154 if (skb_linearize(rx->skb)) 155 return RX_DROP_UNUSABLE; 156 hdr = (void *)skb->data; 157 158 data = skb->data + hdrlen; 159 data_len = skb->len - hdrlen - MICHAEL_MIC_LEN; 160 key = &rx->key->conf.key[NL80211_TKIP_DATA_OFFSET_RX_MIC_KEY]; 161 michael_mic(key, hdr, data, data_len, mic); 162 if (crypto_memneq(mic, data + data_len, MICHAEL_MIC_LEN)) 163 goto mic_fail; 164 165 /* remove Michael MIC from payload */ 166 skb_trim(skb, skb->len - MICHAEL_MIC_LEN); 167 168 update_iv: 169 /* update IV in key information to be able to detect replays */ 170 rx->key->u.tkip.rx[rx->security_idx].iv32 = rx->tkip_iv32; 171 rx->key->u.tkip.rx[rx->security_idx].iv16 = rx->tkip_iv16; 172 173 return RX_CONTINUE; 174 175 mic_fail: 176 rx->key->u.tkip.mic_failures++; 177 178 mic_fail_no_key: 179 /* 180 * In some cases the key can be unset - e.g. a multicast packet, in 181 * a driver that supports HW encryption. Send up the key idx only if 182 * the key is set. 183 */ 184 cfg80211_michael_mic_failure(rx->sdata->dev, hdr->addr2, 185 is_multicast_ether_addr(hdr->addr1) ? 186 NL80211_KEYTYPE_GROUP : 187 NL80211_KEYTYPE_PAIRWISE, 188 rx->key ? rx->key->conf.keyidx : -1, 189 NULL, GFP_ATOMIC); 190 return RX_DROP_UNUSABLE; 191 } 192 193 static int tkip_encrypt_skb(struct ieee80211_tx_data *tx, struct sk_buff *skb) 194 { 195 struct ieee80211_hdr *hdr = (struct ieee80211_hdr *) skb->data; 196 struct ieee80211_key *key = tx->key; 197 struct ieee80211_tx_info *info = IEEE80211_SKB_CB(skb); 198 unsigned int hdrlen; 199 int len, tail; 200 u64 pn; 201 u8 *pos; 202 203 if (info->control.hw_key && 204 !(info->control.hw_key->flags & IEEE80211_KEY_FLAG_GENERATE_IV) && 205 !(info->control.hw_key->flags & IEEE80211_KEY_FLAG_PUT_IV_SPACE)) { 206 /* hwaccel - with no need for software-generated IV */ 207 return 0; 208 } 209 210 hdrlen = ieee80211_hdrlen(hdr->frame_control); 211 len = skb->len - hdrlen; 212 213 if (info->control.hw_key) 214 tail = 0; 215 else 216 tail = IEEE80211_TKIP_ICV_LEN; 217 218 if (WARN_ON(skb_tailroom(skb) < tail || 219 skb_headroom(skb) < IEEE80211_TKIP_IV_LEN)) 220 return -1; 221 222 pos = skb_push(skb, IEEE80211_TKIP_IV_LEN); 223 memmove(pos, pos + IEEE80211_TKIP_IV_LEN, hdrlen); 224 pos += hdrlen; 225 226 /* the HW only needs room for the IV, but not the actual IV */ 227 if (info->control.hw_key && 228 (info->control.hw_key->flags & IEEE80211_KEY_FLAG_PUT_IV_SPACE)) 229 return 0; 230 231 /* Increase IV for the frame */ 232 pn = atomic64_inc_return(&key->conf.tx_pn); 233 pos = ieee80211_tkip_add_iv(pos, &key->conf, pn); 234 235 /* hwaccel - with software IV */ 236 if (info->control.hw_key) 237 return 0; 238 239 /* Add room for ICV */ 240 skb_put(skb, IEEE80211_TKIP_ICV_LEN); 241 242 return ieee80211_tkip_encrypt_data(&tx->local->wep_tx_ctx, 243 key, skb, pos, len); 244 } 245 246 247 ieee80211_tx_result 248 ieee80211_crypto_tkip_encrypt(struct ieee80211_tx_data *tx) 249 { 250 struct sk_buff *skb; 251 252 ieee80211_tx_set_protected(tx); 253 254 skb_queue_walk(&tx->skbs, skb) { 255 if (tkip_encrypt_skb(tx, skb) < 0) 256 return TX_DROP; 257 } 258 259 return TX_CONTINUE; 260 } 261 262 263 ieee80211_rx_result 264 ieee80211_crypto_tkip_decrypt(struct ieee80211_rx_data *rx) 265 { 266 struct ieee80211_hdr *hdr = (struct ieee80211_hdr *) rx->skb->data; 267 int hdrlen, res, hwaccel = 0; 268 struct ieee80211_key *key = rx->key; 269 struct sk_buff *skb = rx->skb; 270 struct ieee80211_rx_status *status = IEEE80211_SKB_RXCB(skb); 271 272 hdrlen = ieee80211_hdrlen(hdr->frame_control); 273 274 if (!ieee80211_is_data(hdr->frame_control)) 275 return RX_CONTINUE; 276 277 if (!rx->sta || skb->len - hdrlen < 12) 278 return RX_DROP_UNUSABLE; 279 280 /* it may be possible to optimize this a bit more */ 281 if (skb_linearize(rx->skb)) 282 return RX_DROP_UNUSABLE; 283 hdr = (void *)skb->data; 284 285 /* 286 * Let TKIP code verify IV, but skip decryption. 287 * In the case where hardware checks the IV as well, 288 * we don't even get here, see ieee80211_rx_h_decrypt() 289 */ 290 if (status->flag & RX_FLAG_DECRYPTED) 291 hwaccel = 1; 292 293 res = ieee80211_tkip_decrypt_data(&rx->local->wep_rx_ctx, 294 key, skb->data + hdrlen, 295 skb->len - hdrlen, rx->sta->sta.addr, 296 hdr->addr1, hwaccel, rx->security_idx, 297 &rx->tkip_iv32, 298 &rx->tkip_iv16); 299 if (res != TKIP_DECRYPT_OK) 300 return RX_DROP_UNUSABLE; 301 302 /* Trim ICV */ 303 if (!(status->flag & RX_FLAG_ICV_STRIPPED)) 304 skb_trim(skb, skb->len - IEEE80211_TKIP_ICV_LEN); 305 306 /* Remove IV */ 307 memmove(skb->data + IEEE80211_TKIP_IV_LEN, skb->data, hdrlen); 308 skb_pull(skb, IEEE80211_TKIP_IV_LEN); 309 310 return RX_CONTINUE; 311 } 312 313 314 static void ccmp_special_blocks(struct sk_buff *skb, u8 *pn, u8 *b_0, u8 *aad) 315 { 316 __le16 mask_fc; 317 int a4_included, mgmt; 318 u8 qos_tid; 319 u16 len_a; 320 unsigned int hdrlen; 321 struct ieee80211_hdr *hdr = (struct ieee80211_hdr *)skb->data; 322 323 /* 324 * Mask FC: zero subtype b4 b5 b6 (if not mgmt) 325 * Retry, PwrMgt, MoreData; set Protected 326 */ 327 mgmt = ieee80211_is_mgmt(hdr->frame_control); 328 mask_fc = hdr->frame_control; 329 mask_fc &= ~cpu_to_le16(IEEE80211_FCTL_RETRY | 330 IEEE80211_FCTL_PM | IEEE80211_FCTL_MOREDATA); 331 if (!mgmt) 332 mask_fc &= ~cpu_to_le16(0x0070); 333 mask_fc |= cpu_to_le16(IEEE80211_FCTL_PROTECTED); 334 335 hdrlen = ieee80211_hdrlen(hdr->frame_control); 336 len_a = hdrlen - 2; 337 a4_included = ieee80211_has_a4(hdr->frame_control); 338 339 if (ieee80211_is_data_qos(hdr->frame_control)) 340 qos_tid = ieee80211_get_tid(hdr); 341 else 342 qos_tid = 0; 343 344 /* In CCM, the initial vectors (IV) used for CTR mode encryption and CBC 345 * mode authentication are not allowed to collide, yet both are derived 346 * from this vector b_0. We only set L := 1 here to indicate that the 347 * data size can be represented in (L+1) bytes. The CCM layer will take 348 * care of storing the data length in the top (L+1) bytes and setting 349 * and clearing the other bits as is required to derive the two IVs. 350 */ 351 b_0[0] = 0x1; 352 353 /* Nonce: Nonce Flags | A2 | PN 354 * Nonce Flags: Priority (b0..b3) | Management (b4) | Reserved (b5..b7) 355 */ 356 b_0[1] = qos_tid | (mgmt << 4); 357 memcpy(&b_0[2], hdr->addr2, ETH_ALEN); 358 memcpy(&b_0[8], pn, IEEE80211_CCMP_PN_LEN); 359 360 /* AAD (extra authenticate-only data) / masked 802.11 header 361 * FC | A1 | A2 | A3 | SC | [A4] | [QC] */ 362 put_unaligned_be16(len_a, &aad[0]); 363 put_unaligned(mask_fc, (__le16 *)&aad[2]); 364 memcpy(&aad[4], &hdr->addr1, 3 * ETH_ALEN); 365 366 /* Mask Seq#, leave Frag# */ 367 aad[22] = *((u8 *) &hdr->seq_ctrl) & 0x0f; 368 aad[23] = 0; 369 370 if (a4_included) { 371 memcpy(&aad[24], hdr->addr4, ETH_ALEN); 372 aad[30] = qos_tid; 373 aad[31] = 0; 374 } else { 375 memset(&aad[24], 0, ETH_ALEN + IEEE80211_QOS_CTL_LEN); 376 aad[24] = qos_tid; 377 } 378 } 379 380 381 static inline void ccmp_pn2hdr(u8 *hdr, u8 *pn, int key_id) 382 { 383 hdr[0] = pn[5]; 384 hdr[1] = pn[4]; 385 hdr[2] = 0; 386 hdr[3] = 0x20 | (key_id << 6); 387 hdr[4] = pn[3]; 388 hdr[5] = pn[2]; 389 hdr[6] = pn[1]; 390 hdr[7] = pn[0]; 391 } 392 393 394 static inline void ccmp_hdr2pn(u8 *pn, u8 *hdr) 395 { 396 pn[0] = hdr[7]; 397 pn[1] = hdr[6]; 398 pn[2] = hdr[5]; 399 pn[3] = hdr[4]; 400 pn[4] = hdr[1]; 401 pn[5] = hdr[0]; 402 } 403 404 405 static int ccmp_encrypt_skb(struct ieee80211_tx_data *tx, struct sk_buff *skb, 406 unsigned int mic_len) 407 { 408 struct ieee80211_hdr *hdr = (struct ieee80211_hdr *) skb->data; 409 struct ieee80211_key *key = tx->key; 410 struct ieee80211_tx_info *info = IEEE80211_SKB_CB(skb); 411 int hdrlen, len, tail; 412 u8 *pos; 413 u8 pn[6]; 414 u64 pn64; 415 u8 aad[CCM_AAD_LEN]; 416 u8 b_0[AES_BLOCK_SIZE]; 417 418 if (info->control.hw_key && 419 !(info->control.hw_key->flags & IEEE80211_KEY_FLAG_GENERATE_IV) && 420 !(info->control.hw_key->flags & IEEE80211_KEY_FLAG_PUT_IV_SPACE) && 421 !((info->control.hw_key->flags & 422 IEEE80211_KEY_FLAG_GENERATE_IV_MGMT) && 423 ieee80211_is_mgmt(hdr->frame_control))) { 424 /* 425 * hwaccel has no need for preallocated room for CCMP 426 * header or MIC fields 427 */ 428 return 0; 429 } 430 431 hdrlen = ieee80211_hdrlen(hdr->frame_control); 432 len = skb->len - hdrlen; 433 434 if (info->control.hw_key) 435 tail = 0; 436 else 437 tail = mic_len; 438 439 if (WARN_ON(skb_tailroom(skb) < tail || 440 skb_headroom(skb) < IEEE80211_CCMP_HDR_LEN)) 441 return -1; 442 443 pos = skb_push(skb, IEEE80211_CCMP_HDR_LEN); 444 memmove(pos, pos + IEEE80211_CCMP_HDR_LEN, hdrlen); 445 446 /* the HW only needs room for the IV, but not the actual IV */ 447 if (info->control.hw_key && 448 (info->control.hw_key->flags & IEEE80211_KEY_FLAG_PUT_IV_SPACE)) 449 return 0; 450 451 hdr = (struct ieee80211_hdr *) pos; 452 pos += hdrlen; 453 454 pn64 = atomic64_inc_return(&key->conf.tx_pn); 455 456 pn[5] = pn64; 457 pn[4] = pn64 >> 8; 458 pn[3] = pn64 >> 16; 459 pn[2] = pn64 >> 24; 460 pn[1] = pn64 >> 32; 461 pn[0] = pn64 >> 40; 462 463 ccmp_pn2hdr(pos, pn, key->conf.keyidx); 464 465 /* hwaccel - with software CCMP header */ 466 if (info->control.hw_key) 467 return 0; 468 469 pos += IEEE80211_CCMP_HDR_LEN; 470 ccmp_special_blocks(skb, pn, b_0, aad); 471 return ieee80211_aes_ccm_encrypt(key->u.ccmp.tfm, b_0, aad, pos, len, 472 skb_put(skb, mic_len)); 473 } 474 475 476 ieee80211_tx_result 477 ieee80211_crypto_ccmp_encrypt(struct ieee80211_tx_data *tx, 478 unsigned int mic_len) 479 { 480 struct sk_buff *skb; 481 482 ieee80211_tx_set_protected(tx); 483 484 skb_queue_walk(&tx->skbs, skb) { 485 if (ccmp_encrypt_skb(tx, skb, mic_len) < 0) 486 return TX_DROP; 487 } 488 489 return TX_CONTINUE; 490 } 491 492 493 ieee80211_rx_result 494 ieee80211_crypto_ccmp_decrypt(struct ieee80211_rx_data *rx, 495 unsigned int mic_len) 496 { 497 struct ieee80211_hdr *hdr = (struct ieee80211_hdr *)rx->skb->data; 498 int hdrlen; 499 struct ieee80211_key *key = rx->key; 500 struct sk_buff *skb = rx->skb; 501 struct ieee80211_rx_status *status = IEEE80211_SKB_RXCB(skb); 502 u8 pn[IEEE80211_CCMP_PN_LEN]; 503 int data_len; 504 int queue; 505 506 hdrlen = ieee80211_hdrlen(hdr->frame_control); 507 508 if (!ieee80211_is_data(hdr->frame_control) && 509 !ieee80211_is_robust_mgmt_frame(skb)) 510 return RX_CONTINUE; 511 512 if (status->flag & RX_FLAG_DECRYPTED) { 513 if (!pskb_may_pull(rx->skb, hdrlen + IEEE80211_CCMP_HDR_LEN)) 514 return RX_DROP_UNUSABLE; 515 if (status->flag & RX_FLAG_MIC_STRIPPED) 516 mic_len = 0; 517 } else { 518 if (skb_linearize(rx->skb)) 519 return RX_DROP_UNUSABLE; 520 } 521 522 data_len = skb->len - hdrlen - IEEE80211_CCMP_HDR_LEN - mic_len; 523 if (!rx->sta || data_len < 0) 524 return RX_DROP_UNUSABLE; 525 526 if (!(status->flag & RX_FLAG_PN_VALIDATED)) { 527 int res; 528 529 ccmp_hdr2pn(pn, skb->data + hdrlen); 530 531 queue = rx->security_idx; 532 533 res = memcmp(pn, key->u.ccmp.rx_pn[queue], 534 IEEE80211_CCMP_PN_LEN); 535 if (res < 0 || 536 (!res && !(status->flag & RX_FLAG_ALLOW_SAME_PN))) { 537 key->u.ccmp.replays++; 538 return RX_DROP_UNUSABLE; 539 } 540 541 if (!(status->flag & RX_FLAG_DECRYPTED)) { 542 u8 aad[2 * AES_BLOCK_SIZE]; 543 u8 b_0[AES_BLOCK_SIZE]; 544 /* hardware didn't decrypt/verify MIC */ 545 ccmp_special_blocks(skb, pn, b_0, aad); 546 547 if (ieee80211_aes_ccm_decrypt( 548 key->u.ccmp.tfm, b_0, aad, 549 skb->data + hdrlen + IEEE80211_CCMP_HDR_LEN, 550 data_len, 551 skb->data + skb->len - mic_len)) 552 return RX_DROP_UNUSABLE; 553 } 554 555 memcpy(key->u.ccmp.rx_pn[queue], pn, IEEE80211_CCMP_PN_LEN); 556 } 557 558 /* Remove CCMP header and MIC */ 559 if (pskb_trim(skb, skb->len - mic_len)) 560 return RX_DROP_UNUSABLE; 561 memmove(skb->data + IEEE80211_CCMP_HDR_LEN, skb->data, hdrlen); 562 skb_pull(skb, IEEE80211_CCMP_HDR_LEN); 563 564 return RX_CONTINUE; 565 } 566 567 static void gcmp_special_blocks(struct sk_buff *skb, u8 *pn, u8 *j_0, u8 *aad) 568 { 569 __le16 mask_fc; 570 u8 qos_tid; 571 struct ieee80211_hdr *hdr = (struct ieee80211_hdr *)skb->data; 572 573 memcpy(j_0, hdr->addr2, ETH_ALEN); 574 memcpy(&j_0[ETH_ALEN], pn, IEEE80211_GCMP_PN_LEN); 575 j_0[13] = 0; 576 j_0[14] = 0; 577 j_0[AES_BLOCK_SIZE - 1] = 0x01; 578 579 /* AAD (extra authenticate-only data) / masked 802.11 header 580 * FC | A1 | A2 | A3 | SC | [A4] | [QC] 581 */ 582 put_unaligned_be16(ieee80211_hdrlen(hdr->frame_control) - 2, &aad[0]); 583 /* Mask FC: zero subtype b4 b5 b6 (if not mgmt) 584 * Retry, PwrMgt, MoreData; set Protected 585 */ 586 mask_fc = hdr->frame_control; 587 mask_fc &= ~cpu_to_le16(IEEE80211_FCTL_RETRY | 588 IEEE80211_FCTL_PM | IEEE80211_FCTL_MOREDATA); 589 if (!ieee80211_is_mgmt(hdr->frame_control)) 590 mask_fc &= ~cpu_to_le16(0x0070); 591 mask_fc |= cpu_to_le16(IEEE80211_FCTL_PROTECTED); 592 593 put_unaligned(mask_fc, (__le16 *)&aad[2]); 594 memcpy(&aad[4], &hdr->addr1, 3 * ETH_ALEN); 595 596 /* Mask Seq#, leave Frag# */ 597 aad[22] = *((u8 *)&hdr->seq_ctrl) & 0x0f; 598 aad[23] = 0; 599 600 if (ieee80211_is_data_qos(hdr->frame_control)) 601 qos_tid = ieee80211_get_tid(hdr); 602 else 603 qos_tid = 0; 604 605 if (ieee80211_has_a4(hdr->frame_control)) { 606 memcpy(&aad[24], hdr->addr4, ETH_ALEN); 607 aad[30] = qos_tid; 608 aad[31] = 0; 609 } else { 610 memset(&aad[24], 0, ETH_ALEN + IEEE80211_QOS_CTL_LEN); 611 aad[24] = qos_tid; 612 } 613 } 614 615 static inline void gcmp_pn2hdr(u8 *hdr, const u8 *pn, int key_id) 616 { 617 hdr[0] = pn[5]; 618 hdr[1] = pn[4]; 619 hdr[2] = 0; 620 hdr[3] = 0x20 | (key_id << 6); 621 hdr[4] = pn[3]; 622 hdr[5] = pn[2]; 623 hdr[6] = pn[1]; 624 hdr[7] = pn[0]; 625 } 626 627 static inline void gcmp_hdr2pn(u8 *pn, const u8 *hdr) 628 { 629 pn[0] = hdr[7]; 630 pn[1] = hdr[6]; 631 pn[2] = hdr[5]; 632 pn[3] = hdr[4]; 633 pn[4] = hdr[1]; 634 pn[5] = hdr[0]; 635 } 636 637 static int gcmp_encrypt_skb(struct ieee80211_tx_data *tx, struct sk_buff *skb) 638 { 639 struct ieee80211_hdr *hdr = (struct ieee80211_hdr *)skb->data; 640 struct ieee80211_key *key = tx->key; 641 struct ieee80211_tx_info *info = IEEE80211_SKB_CB(skb); 642 int hdrlen, len, tail; 643 u8 *pos; 644 u8 pn[6]; 645 u64 pn64; 646 u8 aad[GCM_AAD_LEN]; 647 u8 j_0[AES_BLOCK_SIZE]; 648 649 if (info->control.hw_key && 650 !(info->control.hw_key->flags & IEEE80211_KEY_FLAG_GENERATE_IV) && 651 !(info->control.hw_key->flags & IEEE80211_KEY_FLAG_PUT_IV_SPACE) && 652 !((info->control.hw_key->flags & 653 IEEE80211_KEY_FLAG_GENERATE_IV_MGMT) && 654 ieee80211_is_mgmt(hdr->frame_control))) { 655 /* hwaccel has no need for preallocated room for GCMP 656 * header or MIC fields 657 */ 658 return 0; 659 } 660 661 hdrlen = ieee80211_hdrlen(hdr->frame_control); 662 len = skb->len - hdrlen; 663 664 if (info->control.hw_key) 665 tail = 0; 666 else 667 tail = IEEE80211_GCMP_MIC_LEN; 668 669 if (WARN_ON(skb_tailroom(skb) < tail || 670 skb_headroom(skb) < IEEE80211_GCMP_HDR_LEN)) 671 return -1; 672 673 pos = skb_push(skb, IEEE80211_GCMP_HDR_LEN); 674 memmove(pos, pos + IEEE80211_GCMP_HDR_LEN, hdrlen); 675 skb_set_network_header(skb, skb_network_offset(skb) + 676 IEEE80211_GCMP_HDR_LEN); 677 678 /* the HW only needs room for the IV, but not the actual IV */ 679 if (info->control.hw_key && 680 (info->control.hw_key->flags & IEEE80211_KEY_FLAG_PUT_IV_SPACE)) 681 return 0; 682 683 hdr = (struct ieee80211_hdr *)pos; 684 pos += hdrlen; 685 686 pn64 = atomic64_inc_return(&key->conf.tx_pn); 687 688 pn[5] = pn64; 689 pn[4] = pn64 >> 8; 690 pn[3] = pn64 >> 16; 691 pn[2] = pn64 >> 24; 692 pn[1] = pn64 >> 32; 693 pn[0] = pn64 >> 40; 694 695 gcmp_pn2hdr(pos, pn, key->conf.keyidx); 696 697 /* hwaccel - with software GCMP header */ 698 if (info->control.hw_key) 699 return 0; 700 701 pos += IEEE80211_GCMP_HDR_LEN; 702 gcmp_special_blocks(skb, pn, j_0, aad); 703 return ieee80211_aes_gcm_encrypt(key->u.gcmp.tfm, j_0, aad, pos, len, 704 skb_put(skb, IEEE80211_GCMP_MIC_LEN)); 705 } 706 707 ieee80211_tx_result 708 ieee80211_crypto_gcmp_encrypt(struct ieee80211_tx_data *tx) 709 { 710 struct sk_buff *skb; 711 712 ieee80211_tx_set_protected(tx); 713 714 skb_queue_walk(&tx->skbs, skb) { 715 if (gcmp_encrypt_skb(tx, skb) < 0) 716 return TX_DROP; 717 } 718 719 return TX_CONTINUE; 720 } 721 722 ieee80211_rx_result 723 ieee80211_crypto_gcmp_decrypt(struct ieee80211_rx_data *rx) 724 { 725 struct ieee80211_hdr *hdr = (struct ieee80211_hdr *)rx->skb->data; 726 int hdrlen; 727 struct ieee80211_key *key = rx->key; 728 struct sk_buff *skb = rx->skb; 729 struct ieee80211_rx_status *status = IEEE80211_SKB_RXCB(skb); 730 u8 pn[IEEE80211_GCMP_PN_LEN]; 731 int data_len, queue, mic_len = IEEE80211_GCMP_MIC_LEN; 732 733 hdrlen = ieee80211_hdrlen(hdr->frame_control); 734 735 if (!ieee80211_is_data(hdr->frame_control) && 736 !ieee80211_is_robust_mgmt_frame(skb)) 737 return RX_CONTINUE; 738 739 if (status->flag & RX_FLAG_DECRYPTED) { 740 if (!pskb_may_pull(rx->skb, hdrlen + IEEE80211_GCMP_HDR_LEN)) 741 return RX_DROP_UNUSABLE; 742 if (status->flag & RX_FLAG_MIC_STRIPPED) 743 mic_len = 0; 744 } else { 745 if (skb_linearize(rx->skb)) 746 return RX_DROP_UNUSABLE; 747 } 748 749 data_len = skb->len - hdrlen - IEEE80211_GCMP_HDR_LEN - mic_len; 750 if (!rx->sta || data_len < 0) 751 return RX_DROP_UNUSABLE; 752 753 if (!(status->flag & RX_FLAG_PN_VALIDATED)) { 754 int res; 755 756 gcmp_hdr2pn(pn, skb->data + hdrlen); 757 758 queue = rx->security_idx; 759 760 res = memcmp(pn, key->u.gcmp.rx_pn[queue], 761 IEEE80211_GCMP_PN_LEN); 762 if (res < 0 || 763 (!res && !(status->flag & RX_FLAG_ALLOW_SAME_PN))) { 764 key->u.gcmp.replays++; 765 return RX_DROP_UNUSABLE; 766 } 767 768 if (!(status->flag & RX_FLAG_DECRYPTED)) { 769 u8 aad[2 * AES_BLOCK_SIZE]; 770 u8 j_0[AES_BLOCK_SIZE]; 771 /* hardware didn't decrypt/verify MIC */ 772 gcmp_special_blocks(skb, pn, j_0, aad); 773 774 if (ieee80211_aes_gcm_decrypt( 775 key->u.gcmp.tfm, j_0, aad, 776 skb->data + hdrlen + IEEE80211_GCMP_HDR_LEN, 777 data_len, 778 skb->data + skb->len - 779 IEEE80211_GCMP_MIC_LEN)) 780 return RX_DROP_UNUSABLE; 781 } 782 783 memcpy(key->u.gcmp.rx_pn[queue], pn, IEEE80211_GCMP_PN_LEN); 784 } 785 786 /* Remove GCMP header and MIC */ 787 if (pskb_trim(skb, skb->len - mic_len)) 788 return RX_DROP_UNUSABLE; 789 memmove(skb->data + IEEE80211_GCMP_HDR_LEN, skb->data, hdrlen); 790 skb_pull(skb, IEEE80211_GCMP_HDR_LEN); 791 792 return RX_CONTINUE; 793 } 794 795 static ieee80211_tx_result 796 ieee80211_crypto_cs_encrypt(struct ieee80211_tx_data *tx, 797 struct sk_buff *skb) 798 { 799 struct ieee80211_hdr *hdr = (struct ieee80211_hdr *)skb->data; 800 struct ieee80211_key *key = tx->key; 801 struct ieee80211_tx_info *info = IEEE80211_SKB_CB(skb); 802 int hdrlen; 803 u8 *pos, iv_len = key->conf.iv_len; 804 805 if (info->control.hw_key && 806 !(info->control.hw_key->flags & IEEE80211_KEY_FLAG_PUT_IV_SPACE)) { 807 /* hwaccel has no need for preallocated head room */ 808 return TX_CONTINUE; 809 } 810 811 if (unlikely(skb_headroom(skb) < iv_len && 812 pskb_expand_head(skb, iv_len, 0, GFP_ATOMIC))) 813 return TX_DROP; 814 815 hdrlen = ieee80211_hdrlen(hdr->frame_control); 816 817 pos = skb_push(skb, iv_len); 818 memmove(pos, pos + iv_len, hdrlen); 819 820 return TX_CONTINUE; 821 } 822 823 static inline int ieee80211_crypto_cs_pn_compare(u8 *pn1, u8 *pn2, int len) 824 { 825 int i; 826 827 /* pn is little endian */ 828 for (i = len - 1; i >= 0; i--) { 829 if (pn1[i] < pn2[i]) 830 return -1; 831 else if (pn1[i] > pn2[i]) 832 return 1; 833 } 834 835 return 0; 836 } 837 838 static ieee80211_rx_result 839 ieee80211_crypto_cs_decrypt(struct ieee80211_rx_data *rx) 840 { 841 struct ieee80211_key *key = rx->key; 842 struct ieee80211_hdr *hdr = (struct ieee80211_hdr *)rx->skb->data; 843 const struct ieee80211_cipher_scheme *cs = NULL; 844 int hdrlen = ieee80211_hdrlen(hdr->frame_control); 845 struct ieee80211_rx_status *status = IEEE80211_SKB_RXCB(rx->skb); 846 int data_len; 847 u8 *rx_pn; 848 u8 *skb_pn; 849 u8 qos_tid; 850 851 if (!rx->sta || !rx->sta->cipher_scheme || 852 !(status->flag & RX_FLAG_DECRYPTED)) 853 return RX_DROP_UNUSABLE; 854 855 if (!ieee80211_is_data(hdr->frame_control)) 856 return RX_CONTINUE; 857 858 cs = rx->sta->cipher_scheme; 859 860 data_len = rx->skb->len - hdrlen - cs->hdr_len; 861 862 if (data_len < 0) 863 return RX_DROP_UNUSABLE; 864 865 if (ieee80211_is_data_qos(hdr->frame_control)) 866 qos_tid = ieee80211_get_tid(hdr); 867 else 868 qos_tid = 0; 869 870 if (skb_linearize(rx->skb)) 871 return RX_DROP_UNUSABLE; 872 873 hdr = (struct ieee80211_hdr *)rx->skb->data; 874 875 rx_pn = key->u.gen.rx_pn[qos_tid]; 876 skb_pn = rx->skb->data + hdrlen + cs->pn_off; 877 878 if (ieee80211_crypto_cs_pn_compare(skb_pn, rx_pn, cs->pn_len) <= 0) 879 return RX_DROP_UNUSABLE; 880 881 memcpy(rx_pn, skb_pn, cs->pn_len); 882 883 /* remove security header and MIC */ 884 if (pskb_trim(rx->skb, rx->skb->len - cs->mic_len)) 885 return RX_DROP_UNUSABLE; 886 887 memmove(rx->skb->data + cs->hdr_len, rx->skb->data, hdrlen); 888 skb_pull(rx->skb, cs->hdr_len); 889 890 return RX_CONTINUE; 891 } 892 893 static void bip_aad(struct sk_buff *skb, u8 *aad) 894 { 895 __le16 mask_fc; 896 struct ieee80211_hdr *hdr = (struct ieee80211_hdr *) skb->data; 897 898 /* BIP AAD: FC(masked) || A1 || A2 || A3 */ 899 900 /* FC type/subtype */ 901 /* Mask FC Retry, PwrMgt, MoreData flags to zero */ 902 mask_fc = hdr->frame_control; 903 mask_fc &= ~cpu_to_le16(IEEE80211_FCTL_RETRY | IEEE80211_FCTL_PM | 904 IEEE80211_FCTL_MOREDATA); 905 put_unaligned(mask_fc, (__le16 *) &aad[0]); 906 /* A1 || A2 || A3 */ 907 memcpy(aad + 2, &hdr->addr1, 3 * ETH_ALEN); 908 } 909 910 911 static inline void bip_ipn_set64(u8 *d, u64 pn) 912 { 913 *d++ = pn; 914 *d++ = pn >> 8; 915 *d++ = pn >> 16; 916 *d++ = pn >> 24; 917 *d++ = pn >> 32; 918 *d = pn >> 40; 919 } 920 921 static inline void bip_ipn_swap(u8 *d, const u8 *s) 922 { 923 *d++ = s[5]; 924 *d++ = s[4]; 925 *d++ = s[3]; 926 *d++ = s[2]; 927 *d++ = s[1]; 928 *d = s[0]; 929 } 930 931 932 ieee80211_tx_result 933 ieee80211_crypto_aes_cmac_encrypt(struct ieee80211_tx_data *tx) 934 { 935 struct sk_buff *skb; 936 struct ieee80211_tx_info *info; 937 struct ieee80211_key *key = tx->key; 938 struct ieee80211_mmie *mmie; 939 u8 aad[20]; 940 u64 pn64; 941 942 if (WARN_ON(skb_queue_len(&tx->skbs) != 1)) 943 return TX_DROP; 944 945 skb = skb_peek(&tx->skbs); 946 947 info = IEEE80211_SKB_CB(skb); 948 949 if (info->control.hw_key) 950 return TX_CONTINUE; 951 952 if (WARN_ON(skb_tailroom(skb) < sizeof(*mmie))) 953 return TX_DROP; 954 955 mmie = skb_put(skb, sizeof(*mmie)); 956 mmie->element_id = WLAN_EID_MMIE; 957 mmie->length = sizeof(*mmie) - 2; 958 mmie->key_id = cpu_to_le16(key->conf.keyidx); 959 960 /* PN = PN + 1 */ 961 pn64 = atomic64_inc_return(&key->conf.tx_pn); 962 963 bip_ipn_set64(mmie->sequence_number, pn64); 964 965 bip_aad(skb, aad); 966 967 /* 968 * MIC = AES-128-CMAC(IGTK, AAD || Management Frame Body || MMIE, 64) 969 */ 970 ieee80211_aes_cmac(key->u.aes_cmac.tfm, aad, 971 skb->data + 24, skb->len - 24, mmie->mic); 972 973 return TX_CONTINUE; 974 } 975 976 ieee80211_tx_result 977 ieee80211_crypto_aes_cmac_256_encrypt(struct ieee80211_tx_data *tx) 978 { 979 struct sk_buff *skb; 980 struct ieee80211_tx_info *info; 981 struct ieee80211_key *key = tx->key; 982 struct ieee80211_mmie_16 *mmie; 983 u8 aad[20]; 984 u64 pn64; 985 986 if (WARN_ON(skb_queue_len(&tx->skbs) != 1)) 987 return TX_DROP; 988 989 skb = skb_peek(&tx->skbs); 990 991 info = IEEE80211_SKB_CB(skb); 992 993 if (info->control.hw_key) 994 return TX_CONTINUE; 995 996 if (WARN_ON(skb_tailroom(skb) < sizeof(*mmie))) 997 return TX_DROP; 998 999 mmie = skb_put(skb, sizeof(*mmie)); 1000 mmie->element_id = WLAN_EID_MMIE; 1001 mmie->length = sizeof(*mmie) - 2; 1002 mmie->key_id = cpu_to_le16(key->conf.keyidx); 1003 1004 /* PN = PN + 1 */ 1005 pn64 = atomic64_inc_return(&key->conf.tx_pn); 1006 1007 bip_ipn_set64(mmie->sequence_number, pn64); 1008 1009 bip_aad(skb, aad); 1010 1011 /* MIC = AES-256-CMAC(IGTK, AAD || Management Frame Body || MMIE, 128) 1012 */ 1013 ieee80211_aes_cmac_256(key->u.aes_cmac.tfm, aad, 1014 skb->data + 24, skb->len - 24, mmie->mic); 1015 1016 return TX_CONTINUE; 1017 } 1018 1019 ieee80211_rx_result 1020 ieee80211_crypto_aes_cmac_decrypt(struct ieee80211_rx_data *rx) 1021 { 1022 struct sk_buff *skb = rx->skb; 1023 struct ieee80211_rx_status *status = IEEE80211_SKB_RXCB(skb); 1024 struct ieee80211_key *key = rx->key; 1025 struct ieee80211_mmie *mmie; 1026 u8 aad[20], mic[8], ipn[6]; 1027 struct ieee80211_hdr *hdr = (struct ieee80211_hdr *) skb->data; 1028 1029 if (!ieee80211_is_mgmt(hdr->frame_control)) 1030 return RX_CONTINUE; 1031 1032 /* management frames are already linear */ 1033 1034 if (skb->len < 24 + sizeof(*mmie)) 1035 return RX_DROP_UNUSABLE; 1036 1037 mmie = (struct ieee80211_mmie *) 1038 (skb->data + skb->len - sizeof(*mmie)); 1039 if (mmie->element_id != WLAN_EID_MMIE || 1040 mmie->length != sizeof(*mmie) - 2) 1041 return RX_DROP_UNUSABLE; /* Invalid MMIE */ 1042 1043 bip_ipn_swap(ipn, mmie->sequence_number); 1044 1045 if (memcmp(ipn, key->u.aes_cmac.rx_pn, 6) <= 0) { 1046 key->u.aes_cmac.replays++; 1047 return RX_DROP_UNUSABLE; 1048 } 1049 1050 if (!(status->flag & RX_FLAG_DECRYPTED)) { 1051 /* hardware didn't decrypt/verify MIC */ 1052 bip_aad(skb, aad); 1053 ieee80211_aes_cmac(key->u.aes_cmac.tfm, aad, 1054 skb->data + 24, skb->len - 24, mic); 1055 if (crypto_memneq(mic, mmie->mic, sizeof(mmie->mic))) { 1056 key->u.aes_cmac.icverrors++; 1057 return RX_DROP_UNUSABLE; 1058 } 1059 } 1060 1061 memcpy(key->u.aes_cmac.rx_pn, ipn, 6); 1062 1063 /* Remove MMIE */ 1064 skb_trim(skb, skb->len - sizeof(*mmie)); 1065 1066 return RX_CONTINUE; 1067 } 1068 1069 ieee80211_rx_result 1070 ieee80211_crypto_aes_cmac_256_decrypt(struct ieee80211_rx_data *rx) 1071 { 1072 struct sk_buff *skb = rx->skb; 1073 struct ieee80211_rx_status *status = IEEE80211_SKB_RXCB(skb); 1074 struct ieee80211_key *key = rx->key; 1075 struct ieee80211_mmie_16 *mmie; 1076 u8 aad[20], mic[16], ipn[6]; 1077 struct ieee80211_hdr *hdr = (struct ieee80211_hdr *)skb->data; 1078 1079 if (!ieee80211_is_mgmt(hdr->frame_control)) 1080 return RX_CONTINUE; 1081 1082 /* management frames are already linear */ 1083 1084 if (skb->len < 24 + sizeof(*mmie)) 1085 return RX_DROP_UNUSABLE; 1086 1087 mmie = (struct ieee80211_mmie_16 *) 1088 (skb->data + skb->len - sizeof(*mmie)); 1089 if (mmie->element_id != WLAN_EID_MMIE || 1090 mmie->length != sizeof(*mmie) - 2) 1091 return RX_DROP_UNUSABLE; /* Invalid MMIE */ 1092 1093 bip_ipn_swap(ipn, mmie->sequence_number); 1094 1095 if (memcmp(ipn, key->u.aes_cmac.rx_pn, 6) <= 0) { 1096 key->u.aes_cmac.replays++; 1097 return RX_DROP_UNUSABLE; 1098 } 1099 1100 if (!(status->flag & RX_FLAG_DECRYPTED)) { 1101 /* hardware didn't decrypt/verify MIC */ 1102 bip_aad(skb, aad); 1103 ieee80211_aes_cmac_256(key->u.aes_cmac.tfm, aad, 1104 skb->data + 24, skb->len - 24, mic); 1105 if (crypto_memneq(mic, mmie->mic, sizeof(mmie->mic))) { 1106 key->u.aes_cmac.icverrors++; 1107 return RX_DROP_UNUSABLE; 1108 } 1109 } 1110 1111 memcpy(key->u.aes_cmac.rx_pn, ipn, 6); 1112 1113 /* Remove MMIE */ 1114 skb_trim(skb, skb->len - sizeof(*mmie)); 1115 1116 return RX_CONTINUE; 1117 } 1118 1119 ieee80211_tx_result 1120 ieee80211_crypto_aes_gmac_encrypt(struct ieee80211_tx_data *tx) 1121 { 1122 struct sk_buff *skb; 1123 struct ieee80211_tx_info *info; 1124 struct ieee80211_key *key = tx->key; 1125 struct ieee80211_mmie_16 *mmie; 1126 struct ieee80211_hdr *hdr; 1127 u8 aad[GMAC_AAD_LEN]; 1128 u64 pn64; 1129 u8 nonce[GMAC_NONCE_LEN]; 1130 1131 if (WARN_ON(skb_queue_len(&tx->skbs) != 1)) 1132 return TX_DROP; 1133 1134 skb = skb_peek(&tx->skbs); 1135 1136 info = IEEE80211_SKB_CB(skb); 1137 1138 if (info->control.hw_key) 1139 return TX_CONTINUE; 1140 1141 if (WARN_ON(skb_tailroom(skb) < sizeof(*mmie))) 1142 return TX_DROP; 1143 1144 mmie = skb_put(skb, sizeof(*mmie)); 1145 mmie->element_id = WLAN_EID_MMIE; 1146 mmie->length = sizeof(*mmie) - 2; 1147 mmie->key_id = cpu_to_le16(key->conf.keyidx); 1148 1149 /* PN = PN + 1 */ 1150 pn64 = atomic64_inc_return(&key->conf.tx_pn); 1151 1152 bip_ipn_set64(mmie->sequence_number, pn64); 1153 1154 bip_aad(skb, aad); 1155 1156 hdr = (struct ieee80211_hdr *)skb->data; 1157 memcpy(nonce, hdr->addr2, ETH_ALEN); 1158 bip_ipn_swap(nonce + ETH_ALEN, mmie->sequence_number); 1159 1160 /* MIC = AES-GMAC(IGTK, AAD || Management Frame Body || MMIE, 128) */ 1161 if (ieee80211_aes_gmac(key->u.aes_gmac.tfm, aad, nonce, 1162 skb->data + 24, skb->len - 24, mmie->mic) < 0) 1163 return TX_DROP; 1164 1165 return TX_CONTINUE; 1166 } 1167 1168 ieee80211_rx_result 1169 ieee80211_crypto_aes_gmac_decrypt(struct ieee80211_rx_data *rx) 1170 { 1171 struct sk_buff *skb = rx->skb; 1172 struct ieee80211_rx_status *status = IEEE80211_SKB_RXCB(skb); 1173 struct ieee80211_key *key = rx->key; 1174 struct ieee80211_mmie_16 *mmie; 1175 u8 aad[GMAC_AAD_LEN], *mic, ipn[6], nonce[GMAC_NONCE_LEN]; 1176 struct ieee80211_hdr *hdr = (struct ieee80211_hdr *)skb->data; 1177 1178 if (!ieee80211_is_mgmt(hdr->frame_control)) 1179 return RX_CONTINUE; 1180 1181 /* management frames are already linear */ 1182 1183 if (skb->len < 24 + sizeof(*mmie)) 1184 return RX_DROP_UNUSABLE; 1185 1186 mmie = (struct ieee80211_mmie_16 *) 1187 (skb->data + skb->len - sizeof(*mmie)); 1188 if (mmie->element_id != WLAN_EID_MMIE || 1189 mmie->length != sizeof(*mmie) - 2) 1190 return RX_DROP_UNUSABLE; /* Invalid MMIE */ 1191 1192 bip_ipn_swap(ipn, mmie->sequence_number); 1193 1194 if (memcmp(ipn, key->u.aes_gmac.rx_pn, 6) <= 0) { 1195 key->u.aes_gmac.replays++; 1196 return RX_DROP_UNUSABLE; 1197 } 1198 1199 if (!(status->flag & RX_FLAG_DECRYPTED)) { 1200 /* hardware didn't decrypt/verify MIC */ 1201 bip_aad(skb, aad); 1202 1203 memcpy(nonce, hdr->addr2, ETH_ALEN); 1204 memcpy(nonce + ETH_ALEN, ipn, 6); 1205 1206 mic = kmalloc(GMAC_MIC_LEN, GFP_ATOMIC); 1207 if (!mic) 1208 return RX_DROP_UNUSABLE; 1209 if (ieee80211_aes_gmac(key->u.aes_gmac.tfm, aad, nonce, 1210 skb->data + 24, skb->len - 24, 1211 mic) < 0 || 1212 crypto_memneq(mic, mmie->mic, sizeof(mmie->mic))) { 1213 key->u.aes_gmac.icverrors++; 1214 kfree(mic); 1215 return RX_DROP_UNUSABLE; 1216 } 1217 kfree(mic); 1218 } 1219 1220 memcpy(key->u.aes_gmac.rx_pn, ipn, 6); 1221 1222 /* Remove MMIE */ 1223 skb_trim(skb, skb->len - sizeof(*mmie)); 1224 1225 return RX_CONTINUE; 1226 } 1227 1228 ieee80211_tx_result 1229 ieee80211_crypto_hw_encrypt(struct ieee80211_tx_data *tx) 1230 { 1231 struct sk_buff *skb; 1232 struct ieee80211_tx_info *info = NULL; 1233 ieee80211_tx_result res; 1234 1235 skb_queue_walk(&tx->skbs, skb) { 1236 info = IEEE80211_SKB_CB(skb); 1237 1238 /* handle hw-only algorithm */ 1239 if (!info->control.hw_key) 1240 return TX_DROP; 1241 1242 if (tx->key->flags & KEY_FLAG_CIPHER_SCHEME) { 1243 res = ieee80211_crypto_cs_encrypt(tx, skb); 1244 if (res != TX_CONTINUE) 1245 return res; 1246 } 1247 } 1248 1249 ieee80211_tx_set_protected(tx); 1250 1251 return TX_CONTINUE; 1252 } 1253 1254 ieee80211_rx_result 1255 ieee80211_crypto_hw_decrypt(struct ieee80211_rx_data *rx) 1256 { 1257 if (rx->sta && rx->sta->cipher_scheme) 1258 return ieee80211_crypto_cs_decrypt(rx); 1259 1260 return RX_DROP_UNUSABLE; 1261 } 1262