2 * Copyright 2002-2004, Instant802 Networks, Inc.
4 * This program is free software; you can redistribute it and/or modify
5 * it under the terms of the GNU General Public License version 2 as
6 * published by the Free Software Foundation.
9 #include <linux/netdevice.h>
10 #include <linux/types.h>
11 #include <linux/slab.h>
12 #include <linux/skbuff.h>
13 #include <linux/compiler.h>
14 #include <net/mac80211.h>
16 #include "ieee80211_i.h"
22 static int ieee80211_get_hdr_info(const struct sk_buff *skb, u8 **sa, u8 **da,
23 u8 *qos_tid, u8 **data, size_t *data_len)
25 struct ieee80211_hdr *hdr;
29 hdr = (struct ieee80211_hdr *)skb->data;
30 fc = hdr->frame_control;
32 hdrlen = ieee80211_hdrlen(fc);
34 *sa = ieee80211_get_SA(hdr);
35 *da = ieee80211_get_DA(hdr);
37 *data = skb->data + hdrlen;
38 *data_len = skb->len - hdrlen;
40 if (ieee80211_is_data_qos(fc))
41 *qos_tid = (*ieee80211_get_qos_ctl(hdr) & IEEE80211_QOS_CTL_TID_MASK) | 0x80;
45 return skb->len < hdrlen ? -1 : 0;
50 ieee80211_tx_h_michael_mic_add(struct ieee80211_tx_data *tx)
52 u8 *data, *sa, *da, *key, *mic, qos_tid, key_offset;
55 struct sk_buff *skb = tx->skb;
62 if (!tx->key || tx->key->conf.alg != ALG_TKIP || skb->len < 24 ||
63 !WLAN_FC_DATA_PRESENT(fc))
66 if (ieee80211_get_hdr_info(skb, &sa, &da, &qos_tid, &data, &data_len))
69 if ((tx->key->flags & KEY_FLAG_UPLOADED_TO_HARDWARE) &&
70 !(tx->flags & IEEE80211_TX_FRAGMENTED) &&
71 !(tx->key->conf.flags & IEEE80211_KEY_FLAG_GENERATE_MMIC) &&
73 /* hwaccel - with no need for preallocated room for Michael MIC
78 tail = MICHAEL_MIC_LEN;
79 if (!(tx->key->flags & KEY_FLAG_UPLOADED_TO_HARDWARE))
82 if (WARN_ON(skb_tailroom(skb) < tail ||
83 skb_headroom(skb) < TKIP_IV_LEN))
87 authenticator = fc & IEEE80211_FCTL_FROMDS; /* FIX */
91 /* At this point we know we're using ALG_TKIP. To get the MIC key
92 * we now will rely on the offset from the ieee80211_key_conf::key */
93 key_offset = authenticator ?
94 NL80211_TKIP_DATA_OFFSET_TX_MIC_KEY :
95 NL80211_TKIP_DATA_OFFSET_RX_MIC_KEY;
96 key = &tx->key->conf.key[key_offset];
97 mic = skb_put(skb, MICHAEL_MIC_LEN);
98 michael_mic(key, da, sa, qos_tid & 0x0f, data, data_len, mic);
105 ieee80211_rx_h_michael_mic_verify(struct ieee80211_rx_data *rx)
107 u8 *data, *sa, *da, *key = NULL, qos_tid, key_offset;
110 u8 mic[MICHAEL_MIC_LEN];
111 struct sk_buff *skb = rx->skb;
112 int authenticator = 1, wpa_test = 0;
113 DECLARE_MAC_BUF(mac);
118 * No way to verify the MIC if the hardware stripped it
120 if (rx->status->flag & RX_FLAG_MMIC_STRIPPED)
123 if (!rx->key || rx->key->conf.alg != ALG_TKIP ||
124 !(rx->fc & IEEE80211_FCTL_PROTECTED) || !WLAN_FC_DATA_PRESENT(fc))
127 if (ieee80211_get_hdr_info(skb, &sa, &da, &qos_tid, &data, &data_len)
128 || data_len < MICHAEL_MIC_LEN)
129 return RX_DROP_UNUSABLE;
131 data_len -= MICHAEL_MIC_LEN;
134 authenticator = fc & IEEE80211_FCTL_TODS; /* FIX */
138 /* At this point we know we're using ALG_TKIP. To get the MIC key
139 * we now will rely on the offset from the ieee80211_key_conf::key */
140 key_offset = authenticator ?
141 NL80211_TKIP_DATA_OFFSET_RX_MIC_KEY :
142 NL80211_TKIP_DATA_OFFSET_TX_MIC_KEY;
143 key = &rx->key->conf.key[key_offset];
144 michael_mic(key, da, sa, qos_tid & 0x0f, data, data_len, mic);
145 if (memcmp(mic, data + data_len, MICHAEL_MIC_LEN) != 0 || wpa_test) {
146 if (!(rx->flags & IEEE80211_RX_RA_MATCH))
147 return RX_DROP_UNUSABLE;
149 mac80211_ev_michael_mic_failure(rx->dev, rx->key->conf.keyidx,
151 return RX_DROP_UNUSABLE;
154 /* remove Michael MIC from payload */
155 skb_trim(skb, skb->len - MICHAEL_MIC_LEN);
157 /* update IV in key information to be able to detect replays */
158 rx->key->u.tkip.rx[rx->queue].iv32 = rx->tkip_iv32;
159 rx->key->u.tkip.rx[rx->queue].iv16 = rx->tkip_iv16;
165 static int tkip_encrypt_skb(struct ieee80211_tx_data *tx, struct sk_buff *skb)
167 struct ieee80211_hdr *hdr = (struct ieee80211_hdr *) skb->data;
168 struct ieee80211_key *key = tx->key;
169 struct ieee80211_tx_info *info = IEEE80211_SKB_CB(skb);
174 info->control.icv_len = TKIP_ICV_LEN;
175 info->control.iv_len = TKIP_IV_LEN;
177 if ((tx->key->flags & KEY_FLAG_UPLOADED_TO_HARDWARE) &&
178 !(tx->key->conf.flags & IEEE80211_KEY_FLAG_GENERATE_IV)) {
179 /* hwaccel - with no need for preallocated room for IV/ICV */
180 info->control.hw_key = &tx->key->conf;
184 hdrlen = ieee80211_hdrlen(hdr->frame_control);
185 len = skb->len - hdrlen;
187 if (tx->key->flags & KEY_FLAG_UPLOADED_TO_HARDWARE)
192 if (WARN_ON(skb_tailroom(skb) < tail ||
193 skb_headroom(skb) < TKIP_IV_LEN))
196 pos = skb_push(skb, TKIP_IV_LEN);
197 memmove(pos, pos + TKIP_IV_LEN, hdrlen);
200 /* Increase IV for the frame */
201 key->u.tkip.tx.iv16++;
202 if (key->u.tkip.tx.iv16 == 0)
203 key->u.tkip.tx.iv32++;
205 if (tx->key->flags & KEY_FLAG_UPLOADED_TO_HARDWARE) {
206 /* hwaccel - with preallocated room for IV */
207 ieee80211_tkip_add_iv(pos, key, key->u.tkip.tx.iv16);
209 info->control.hw_key = &tx->key->conf;
213 /* Add room for ICV */
214 skb_put(skb, TKIP_ICV_LEN);
216 hdr = (struct ieee80211_hdr *) skb->data;
217 ieee80211_tkip_encrypt_data(tx->local->wep_tx_tfm,
218 key, pos, len, hdr->addr2);
224 ieee80211_crypto_tkip_encrypt(struct ieee80211_tx_data *tx)
226 struct sk_buff *skb = tx->skb;
228 ieee80211_tx_set_protected(tx);
230 if (tkip_encrypt_skb(tx, skb) < 0)
233 if (tx->extra_frag) {
235 for (i = 0; i < tx->num_extra_frag; i++) {
236 if (tkip_encrypt_skb(tx, tx->extra_frag[i]) < 0)
246 ieee80211_crypto_tkip_decrypt(struct ieee80211_rx_data *rx)
248 struct ieee80211_hdr *hdr = (struct ieee80211_hdr *) rx->skb->data;
249 int hdrlen, res, hwaccel = 0, wpa_test = 0;
250 struct ieee80211_key *key = rx->key;
251 struct sk_buff *skb = rx->skb;
252 DECLARE_MAC_BUF(mac);
254 hdrlen = ieee80211_hdrlen(hdr->frame_control);
256 if ((rx->fc & IEEE80211_FCTL_FTYPE) != IEEE80211_FTYPE_DATA)
259 if (!rx->sta || skb->len - hdrlen < 12)
260 return RX_DROP_UNUSABLE;
262 if (rx->status->flag & RX_FLAG_DECRYPTED) {
263 if (rx->status->flag & RX_FLAG_IV_STRIPPED) {
265 * Hardware took care of all processing, including
266 * replay protection, and stripped the ICV/IV so
267 * we cannot do any checks here.
272 /* let TKIP code verify IV, but skip decryption */
276 res = ieee80211_tkip_decrypt_data(rx->local->wep_rx_tfm,
277 key, skb->data + hdrlen,
278 skb->len - hdrlen, rx->sta->addr,
279 hdr->addr1, hwaccel, rx->queue,
282 if (res != TKIP_DECRYPT_OK || wpa_test)
283 return RX_DROP_UNUSABLE;
286 skb_trim(skb, skb->len - TKIP_ICV_LEN);
289 memmove(skb->data + TKIP_IV_LEN, skb->data, hdrlen);
290 skb_pull(skb, TKIP_IV_LEN);
296 static void ccmp_special_blocks(struct sk_buff *skb, u8 *pn, u8 *b_0, u8 *aad,
300 int a4_included, qos_included;
301 u8 qos_tid, *fc_pos, *data, *sa, *da;
304 struct ieee80211_hdr *hdr = (struct ieee80211_hdr *) skb->data;
306 fc_pos = (u8 *) &hdr->frame_control;
307 fc = fc_pos[0] ^ (fc_pos[1] << 8);
308 a4_included = (fc & (IEEE80211_FCTL_TODS | IEEE80211_FCTL_FROMDS)) ==
309 (IEEE80211_FCTL_TODS | IEEE80211_FCTL_FROMDS);
311 ieee80211_get_hdr_info(skb, &sa, &da, &qos_tid, &data, &data_len);
312 data_len -= CCMP_HDR_LEN + (encrypted ? CCMP_MIC_LEN : 0);
313 if (qos_tid & 0x80) {
315 qos_tid &= IEEE80211_QOS_CTL_TID_MASK;
318 /* First block, b_0 */
320 b_0[0] = 0x59; /* flags: Adata: 1, M: 011, L: 001 */
321 /* Nonce: QoS Priority | A2 | PN */
323 memcpy(&b_0[2], hdr->addr2, ETH_ALEN);
324 memcpy(&b_0[8], pn, CCMP_PN_LEN);
326 b_0[14] = (data_len >> 8) & 0xff;
327 b_0[15] = data_len & 0xff;
330 /* AAD (extra authenticate-only data) / masked 802.11 header
331 * FC | A1 | A2 | A3 | SC | [A4] | [QC] */
333 len_a = a4_included ? 28 : 22;
335 len_a += IEEE80211_QOS_CTL_LEN;
337 aad[0] = 0; /* (len_a >> 8) & 0xff; */
338 aad[1] = len_a & 0xff;
339 /* Mask FC: zero subtype b4 b5 b6 */
340 aad[2] = fc_pos[0] & ~(BIT(4) | BIT(5) | BIT(6));
341 /* Retry, PwrMgt, MoreData; set Protected */
342 aad[3] = (fc_pos[1] & ~(BIT(3) | BIT(4) | BIT(5))) | BIT(6);
343 memcpy(&aad[4], &hdr->addr1, 3 * ETH_ALEN);
345 /* Mask Seq#, leave Frag# */
346 aad[22] = *((u8 *) &hdr->seq_ctrl) & 0x0f;
349 memcpy(&aad[24], hdr->addr4, ETH_ALEN);
353 memset(&aad[24], 0, ETH_ALEN + IEEE80211_QOS_CTL_LEN);
355 u8 *dpos = &aad[a4_included ? 30 : 24];
357 /* Mask QoS Control field */
364 static inline void ccmp_pn2hdr(u8 *hdr, u8 *pn, int key_id)
369 hdr[3] = 0x20 | (key_id << 6);
377 static inline int ccmp_hdr2pn(u8 *pn, u8 *hdr)
385 return (hdr[3] >> 6) & 0x03;
389 static int ccmp_encrypt_skb(struct ieee80211_tx_data *tx, struct sk_buff *skb)
391 struct ieee80211_hdr *hdr = (struct ieee80211_hdr *) skb->data;
392 struct ieee80211_key *key = tx->key;
393 struct ieee80211_tx_info *info = IEEE80211_SKB_CB(skb);
394 int hdrlen, len, tail;
395 u8 *pos, *pn, *b_0, *aad, *scratch;
398 info->control.icv_len = CCMP_MIC_LEN;
399 info->control.iv_len = CCMP_HDR_LEN;
401 if ((tx->key->flags & KEY_FLAG_UPLOADED_TO_HARDWARE) &&
402 !(tx->key->conf.flags & IEEE80211_KEY_FLAG_GENERATE_IV)) {
403 /* hwaccel - with no need for preallocated room for CCMP "
404 * header or MIC fields */
405 info->control.hw_key = &tx->key->conf;
409 scratch = key->u.ccmp.tx_crypto_buf;
410 b_0 = scratch + 3 * AES_BLOCK_LEN;
411 aad = scratch + 4 * AES_BLOCK_LEN;
413 hdrlen = ieee80211_hdrlen(hdr->frame_control);
414 len = skb->len - hdrlen;
416 if (key->flags & KEY_FLAG_UPLOADED_TO_HARDWARE)
421 if (WARN_ON(skb_tailroom(skb) < tail ||
422 skb_headroom(skb) < CCMP_HDR_LEN))
425 pos = skb_push(skb, CCMP_HDR_LEN);
426 memmove(pos, pos + CCMP_HDR_LEN, hdrlen);
427 hdr = (struct ieee80211_hdr *) pos;
431 pn = key->u.ccmp.tx_pn;
433 for (i = CCMP_PN_LEN - 1; i >= 0; i--) {
439 ccmp_pn2hdr(pos, pn, key->conf.keyidx);
441 if (key->flags & KEY_FLAG_UPLOADED_TO_HARDWARE) {
442 /* hwaccel - with preallocated room for CCMP header */
443 info->control.hw_key = &tx->key->conf;
448 ccmp_special_blocks(skb, pn, b_0, aad, 0);
449 ieee80211_aes_ccm_encrypt(key->u.ccmp.tfm, scratch, b_0, aad, pos, len,
450 pos, skb_put(skb, CCMP_MIC_LEN));
457 ieee80211_crypto_ccmp_encrypt(struct ieee80211_tx_data *tx)
459 struct sk_buff *skb = tx->skb;
461 ieee80211_tx_set_protected(tx);
463 if (ccmp_encrypt_skb(tx, skb) < 0)
466 if (tx->extra_frag) {
468 for (i = 0; i < tx->num_extra_frag; i++) {
469 if (ccmp_encrypt_skb(tx, tx->extra_frag[i]) < 0)
479 ieee80211_crypto_ccmp_decrypt(struct ieee80211_rx_data *rx)
481 struct ieee80211_hdr *hdr = (struct ieee80211_hdr *) rx->skb->data;
483 struct ieee80211_key *key = rx->key;
484 struct sk_buff *skb = rx->skb;
487 DECLARE_MAC_BUF(mac);
489 hdrlen = ieee80211_hdrlen(hdr->frame_control);
491 if ((rx->fc & IEEE80211_FCTL_FTYPE) != IEEE80211_FTYPE_DATA)
494 data_len = skb->len - hdrlen - CCMP_HDR_LEN - CCMP_MIC_LEN;
495 if (!rx->sta || data_len < 0)
496 return RX_DROP_UNUSABLE;
498 if ((rx->status->flag & RX_FLAG_DECRYPTED) &&
499 (rx->status->flag & RX_FLAG_IV_STRIPPED))
502 (void) ccmp_hdr2pn(pn, skb->data + hdrlen);
504 if (memcmp(pn, key->u.ccmp.rx_pn[rx->queue], CCMP_PN_LEN) <= 0) {
505 key->u.ccmp.replays++;
506 return RX_DROP_UNUSABLE;
509 if (!(rx->status->flag & RX_FLAG_DECRYPTED)) {
510 /* hardware didn't decrypt/verify MIC */
511 u8 *scratch, *b_0, *aad;
513 scratch = key->u.ccmp.rx_crypto_buf;
514 b_0 = scratch + 3 * AES_BLOCK_LEN;
515 aad = scratch + 4 * AES_BLOCK_LEN;
517 ccmp_special_blocks(skb, pn, b_0, aad, 1);
519 if (ieee80211_aes_ccm_decrypt(
520 key->u.ccmp.tfm, scratch, b_0, aad,
521 skb->data + hdrlen + CCMP_HDR_LEN, data_len,
522 skb->data + skb->len - CCMP_MIC_LEN,
523 skb->data + hdrlen + CCMP_HDR_LEN)) {
524 return RX_DROP_UNUSABLE;
528 memcpy(key->u.ccmp.rx_pn[rx->queue], pn, CCMP_PN_LEN);
530 /* Remove CCMP header and MIC */
531 skb_trim(skb, skb->len - CCMP_MIC_LEN);
532 memmove(skb->data + CCMP_HDR_LEN, skb->data, hdrlen);
533 skb_pull(skb, CCMP_HDR_LEN);