wpa.c
Go to the documentation of this file.
00001 /*
00002  * Copyright 2002-2004, Instant802 Networks, Inc.
00003  * Copyright 2008, Jouni Malinen <j@w1.fi>
00004  *
00005  * This program is free software; you can redistribute it and/or modify
00006  * it under the terms of the GNU General Public License version 2 as
00007  * published by the Free Software Foundation.
00008  */
00009 
00010 #include <linux/netdevice.h>
00011 #include <linux/types.h>
00012 #include <linux/skbuff.h>
00013 #include <linux/compiler.h>
00014 #include <linux/ieee80211.h>
00015 #include <linux/gfp.h>
00016 #include <asm/unaligned.h>
00017 #include <net/mac80211.h>
00018 #include <crypto/aes.h>
00019 
00020 #include "ieee80211_i.h"
00021 #include "michael.h"
00022 #include "tkip.h"
00023 #include "aes_ccm.h"
00024 #include "aes_cmac.h"
00025 #include "wpa.h"
00026 
00027 ieee80211_tx_result
00028 ieee80211_tx_h_michael_mic_add(struct ieee80211_tx_data *tx)
00029 {
00030         u8 *data, *key, *mic;
00031         size_t data_len;
00032         unsigned int hdrlen;
00033         struct ieee80211_hdr *hdr;
00034         struct sk_buff *skb = tx->skb;
00035         struct ieee80211_tx_info *info = IEEE80211_SKB_CB(skb);
00036         int tail;
00037 
00038         hdr = (struct ieee80211_hdr *)skb->data;
00039         if (!tx->key || tx->key->conf.cipher != WLAN_CIPHER_SUITE_TKIP ||
00040             skb->len < 24 || !ieee80211_is_data_present(hdr->frame_control))
00041                 return TX_CONTINUE;
00042 
00043         hdrlen = ieee80211_hdrlen(hdr->frame_control);
00044         if (skb->len < hdrlen)
00045                 return TX_DROP;
00046 
00047         data = skb->data + hdrlen;
00048         data_len = skb->len - hdrlen;
00049 
00050         if (unlikely(info->flags & IEEE80211_TX_INTFL_TKIP_MIC_FAILURE)) {
00051                 /* Need to use software crypto for the test */
00052                 info->control.hw_key = NULL;
00053         }
00054 
00055         if (info->control.hw_key &&
00056             (info->flags & IEEE80211_TX_CTL_DONTFRAG ||
00057              tx->local->ops->set_frag_threshold) &&
00058             !(tx->key->conf.flags & IEEE80211_KEY_FLAG_GENERATE_MMIC)) {
00059                 /* hwaccel - with no need for SW-generated MMIC */
00060                 return TX_CONTINUE;
00061         }
00062 
00063         tail = MICHAEL_MIC_LEN;
00064         if (!info->control.hw_key)
00065                 tail += TKIP_ICV_LEN;
00066 
00067         if (WARN_ON(skb_tailroom(skb) < tail ||
00068                     skb_headroom(skb) < TKIP_IV_LEN))
00069                 return TX_DROP;
00070 
00071         key = &tx->key->conf.key[NL80211_TKIP_DATA_OFFSET_TX_MIC_KEY];
00072         mic = skb_put(skb, MICHAEL_MIC_LEN);
00073         michael_mic(key, hdr, data, data_len, mic);
00074         if (unlikely(info->flags & IEEE80211_TX_INTFL_TKIP_MIC_FAILURE))
00075                 mic[0]++;
00076 
00077         return TX_CONTINUE;
00078 }
00079 
00080 
00081 ieee80211_rx_result
00082 ieee80211_rx_h_michael_mic_verify(struct ieee80211_rx_data *rx)
00083 {
00084         u8 *data, *key = NULL;
00085         size_t data_len;
00086         unsigned int hdrlen;
00087         u8 mic[MICHAEL_MIC_LEN];
00088         struct sk_buff *skb = rx->skb;
00089         struct ieee80211_rx_status *status = IEEE80211_SKB_RXCB(skb);
00090         struct ieee80211_hdr *hdr = (struct ieee80211_hdr *)skb->data;
00091 
00092         /*
00093          * it makes no sense to check for MIC errors on anything other
00094          * than data frames.
00095          */
00096         if (!ieee80211_is_data_present(hdr->frame_control))
00097                 return RX_CONTINUE;
00098 
00099         /*
00100          * No way to verify the MIC if the hardware stripped it or
00101          * the IV with the key index. In this case we have solely rely
00102          * on the driver to set RX_FLAG_MMIC_ERROR in the event of a
00103          * MIC failure report.
00104          */
00105         if (status->flag & (RX_FLAG_MMIC_STRIPPED | RX_FLAG_IV_STRIPPED)) {
00106                 if (status->flag & RX_FLAG_MMIC_ERROR)
00107                         goto mic_fail;
00108 
00109                 if (!(status->flag & RX_FLAG_IV_STRIPPED) && rx->key)
00110                         goto update_iv;
00111 
00112                 return RX_CONTINUE;
00113         }
00114 
00115         /*
00116          * Some hardware seems to generate Michael MIC failure reports; even
00117          * though, the frame was not encrypted with TKIP and therefore has no
00118          * MIC. Ignore the flag them to avoid triggering countermeasures.
00119          */
00120         if (!rx->key || rx->key->conf.cipher != WLAN_CIPHER_SUITE_TKIP ||
00121             !(status->flag & RX_FLAG_DECRYPTED))
00122                 return RX_CONTINUE;
00123 
00124         if (rx->sdata->vif.type == NL80211_IFTYPE_AP && rx->key->conf.keyidx) {
00125                 /*
00126                  * APs with pairwise keys should never receive Michael MIC
00127                  * errors for non-zero keyidx because these are reserved for
00128                  * group keys and only the AP is sending real multicast
00129                  * frames in the BSS. (
00130                  */
00131                 return RX_DROP_UNUSABLE;
00132         }
00133 
00134         if (status->flag & RX_FLAG_MMIC_ERROR)
00135                 goto mic_fail;
00136 
00137         hdrlen = ieee80211_hdrlen(hdr->frame_control);
00138         if (skb->len < hdrlen + MICHAEL_MIC_LEN)
00139                 return RX_DROP_UNUSABLE;
00140 
00141         data = skb->data + hdrlen;
00142         data_len = skb->len - hdrlen - MICHAEL_MIC_LEN;
00143         key = &rx->key->conf.key[NL80211_TKIP_DATA_OFFSET_RX_MIC_KEY];
00144         michael_mic(key, hdr, data, data_len, mic);
00145         if (memcmp(mic, data + data_len, MICHAEL_MIC_LEN) != 0)
00146                 goto mic_fail;
00147 
00148         /* remove Michael MIC from payload */
00149         skb_trim(skb, skb->len - MICHAEL_MIC_LEN);
00150 
00151 update_iv:
00152         /* update IV in key information to be able to detect replays */
00153         rx->key->u.tkip.rx[rx->security_idx].iv32 = rx->tkip_iv32;
00154         rx->key->u.tkip.rx[rx->security_idx].iv16 = rx->tkip_iv16;
00155 
00156         return RX_CONTINUE;
00157 
00158 mic_fail:
00159         /*
00160          * In some cases the key can be unset - e.g. a multicast packet, in
00161          * a driver that supports HW encryption. Send up the key idx only if
00162          * the key is set.
00163          */
00164         mac80211_ev_michael_mic_failure(rx->sdata,
00165                                         rx->key ? rx->key->conf.keyidx : -1,
00166                                         (void *) skb->data, NULL, GFP_ATOMIC);
00167         return RX_DROP_UNUSABLE;
00168 }
00169 
00170 
00171 static int tkip_encrypt_skb(struct ieee80211_tx_data *tx, struct sk_buff *skb)
00172 {
00173         struct ieee80211_hdr *hdr = (struct ieee80211_hdr *) skb->data;
00174         struct ieee80211_key *key = tx->key;
00175         struct ieee80211_tx_info *info = IEEE80211_SKB_CB(skb);
00176         unsigned long flags;
00177         unsigned int hdrlen;
00178         int len, tail;
00179         u8 *pos;
00180 
00181         if (info->control.hw_key &&
00182             !(info->control.hw_key->flags & IEEE80211_KEY_FLAG_GENERATE_IV)) {
00183                 /* hwaccel - with no need for software-generated IV */
00184                 return 0;
00185         }
00186 
00187         hdrlen = ieee80211_hdrlen(hdr->frame_control);
00188         len = skb->len - hdrlen;
00189 
00190         if (info->control.hw_key)
00191                 tail = 0;
00192         else
00193                 tail = TKIP_ICV_LEN;
00194 
00195         if (WARN_ON(skb_tailroom(skb) < tail ||
00196                     skb_headroom(skb) < TKIP_IV_LEN))
00197                 return -1;
00198 
00199         pos = skb_push(skb, TKIP_IV_LEN);
00200         memmove(pos, pos + TKIP_IV_LEN, hdrlen);
00201         pos += hdrlen;
00202 
00203         /* Increase IV for the frame */
00204         spin_lock_irqsave(&key->u.tkip.txlock, flags);
00205         key->u.tkip.tx.iv16++;
00206         if (key->u.tkip.tx.iv16 == 0)
00207                 key->u.tkip.tx.iv32++;
00208         pos = ieee80211_tkip_add_iv(pos, key);
00209         spin_unlock_irqrestore(&key->u.tkip.txlock, flags);
00210 
00211         /* hwaccel - with software IV */
00212         if (info->control.hw_key)
00213                 return 0;
00214 
00215         /* Add room for ICV */
00216         skb_put(skb, TKIP_ICV_LEN);
00217 
00218         return ieee80211_tkip_encrypt_data(tx->local->wep_tx_tfm,
00219                                            key, skb, pos, len);
00220 }
00221 
00222 
00223 ieee80211_tx_result
00224 ieee80211_crypto_tkip_encrypt(struct ieee80211_tx_data *tx)
00225 {
00226         struct sk_buff *skb = tx->skb;
00227 
00228         ieee80211_tx_set_protected(tx);
00229 
00230         do {
00231                 if (tkip_encrypt_skb(tx, skb) < 0)
00232                         return TX_DROP;
00233         } while ((skb = skb->next));
00234 
00235         return TX_CONTINUE;
00236 }
00237 
00238 
00239 ieee80211_rx_result
00240 ieee80211_crypto_tkip_decrypt(struct ieee80211_rx_data *rx)
00241 {
00242         struct ieee80211_hdr *hdr = (struct ieee80211_hdr *) rx->skb->data;
00243         int hdrlen, res, hwaccel = 0;
00244         struct ieee80211_key *key = rx->key;
00245         struct sk_buff *skb = rx->skb;
00246         struct ieee80211_rx_status *status = IEEE80211_SKB_RXCB(skb);
00247 
00248         hdrlen = ieee80211_hdrlen(hdr->frame_control);
00249 
00250         if (!ieee80211_is_data(hdr->frame_control))
00251                 return RX_CONTINUE;
00252 
00253         if (!rx->sta || skb->len - hdrlen < 12)
00254                 return RX_DROP_UNUSABLE;
00255 
00256         /*
00257          * Let TKIP code verify IV, but skip decryption.
00258          * In the case where hardware checks the IV as well,
00259          * we don't even get here, see ieee80211_rx_h_decrypt()
00260          */
00261         if (status->flag & RX_FLAG_DECRYPTED)
00262                 hwaccel = 1;
00263 
00264         res = ieee80211_tkip_decrypt_data(rx->local->wep_rx_tfm,
00265                                           key, skb->data + hdrlen,
00266                                           skb->len - hdrlen, rx->sta->sta.addr,
00267                                           hdr->addr1, hwaccel, rx->security_idx,
00268                                           &rx->tkip_iv32,
00269                                           &rx->tkip_iv16);
00270         if (res != TKIP_DECRYPT_OK)
00271                 return RX_DROP_UNUSABLE;
00272 
00273         /* Trim ICV */
00274         skb_trim(skb, skb->len - TKIP_ICV_LEN);
00275 
00276         /* Remove IV */
00277         memmove(skb->data + TKIP_IV_LEN, skb->data, hdrlen);
00278         skb_pull(skb, TKIP_IV_LEN);
00279 
00280         return RX_CONTINUE;
00281 }
00282 
00283 
00284 static void ccmp_special_blocks(struct sk_buff *skb, u8 *pn, u8 *scratch,
00285                                 int encrypted)
00286 {
00287         __le16 mask_fc;
00288         int a4_included, mgmt;
00289         u8 qos_tid;
00290         u8 *b_0, *aad;
00291         u16 data_len, len_a;
00292         unsigned int hdrlen;
00293         struct ieee80211_hdr *hdr = (struct ieee80211_hdr *)skb->data;
00294 
00295         memset(scratch, 0, 6 * AES_BLOCK_SIZE);
00296 
00297         b_0 = scratch + 3 * AES_BLOCK_SIZE;
00298         aad = scratch + 4 * AES_BLOCK_SIZE;
00299 
00300         /*
00301          * Mask FC: zero subtype b4 b5 b6 (if not mgmt)
00302          * Retry, PwrMgt, MoreData; set Protected
00303          */
00304         mgmt = ieee80211_is_mgmt(hdr->frame_control);
00305         mask_fc = hdr->frame_control;
00306         mask_fc &= ~cpu_to_le16(IEEE80211_FCTL_RETRY |
00307                                 IEEE80211_FCTL_PM | IEEE80211_FCTL_MOREDATA);
00308         if (!mgmt)
00309                 mask_fc &= ~cpu_to_le16(0x0070);
00310         mask_fc |= cpu_to_le16(IEEE80211_FCTL_PROTECTED);
00311 
00312         hdrlen = ieee80211_hdrlen(hdr->frame_control);
00313         len_a = hdrlen - 2;
00314         a4_included = ieee80211_has_a4(hdr->frame_control);
00315 
00316         if (ieee80211_is_data_qos(hdr->frame_control))
00317                 qos_tid = *ieee80211_get_qos_ctl(hdr) & IEEE80211_QOS_CTL_TID_MASK;
00318         else
00319                 qos_tid = 0;
00320 
00321         data_len = skb->len - hdrlen - CCMP_HDR_LEN;
00322         if (encrypted)
00323                 data_len -= CCMP_MIC_LEN;
00324 
00325         /* First block, b_0 */
00326         b_0[0] = 0x59; /* flags: Adata: 1, M: 011, L: 001 */
00327         /* Nonce: Nonce Flags | A2 | PN
00328          * Nonce Flags: Priority (b0..b3) | Management (b4) | Reserved (b5..b7)
00329          */
00330         b_0[1] = qos_tid | (mgmt << 4);
00331         memcpy(&b_0[2], hdr->addr2, ETH_ALEN);
00332         memcpy(&b_0[8], pn, CCMP_PN_LEN);
00333         /* l(m) */
00334         put_unaligned_be16(data_len, &b_0[14]);
00335 
00336         /* AAD (extra authenticate-only data) / masked 802.11 header
00337          * FC | A1 | A2 | A3 | SC | [A4] | [QC] */
00338         put_unaligned_be16(len_a, &aad[0]);
00339         put_unaligned(mask_fc, (__le16 *)&aad[2]);
00340         memcpy(&aad[4], &hdr->addr1, 3 * ETH_ALEN);
00341 
00342         /* Mask Seq#, leave Frag# */
00343         aad[22] = *((u8 *) &hdr->seq_ctrl) & 0x0f;
00344         aad[23] = 0;
00345 
00346         if (a4_included) {
00347                 memcpy(&aad[24], hdr->addr4, ETH_ALEN);
00348                 aad[30] = qos_tid;
00349                 aad[31] = 0;
00350         } else {
00351                 memset(&aad[24], 0, ETH_ALEN + IEEE80211_QOS_CTL_LEN);
00352                 aad[24] = qos_tid;
00353         }
00354 }
00355 
00356 
00357 static inline void ccmp_pn2hdr(u8 *hdr, u8 *pn, int key_id)
00358 {
00359         hdr[0] = pn[5];
00360         hdr[1] = pn[4];
00361         hdr[2] = 0;
00362         hdr[3] = 0x20 | (key_id << 6);
00363         hdr[4] = pn[3];
00364         hdr[5] = pn[2];
00365         hdr[6] = pn[1];
00366         hdr[7] = pn[0];
00367 }
00368 
00369 
00370 static inline void ccmp_hdr2pn(u8 *pn, u8 *hdr)
00371 {
00372         pn[0] = hdr[7];
00373         pn[1] = hdr[6];
00374         pn[2] = hdr[5];
00375         pn[3] = hdr[4];
00376         pn[4] = hdr[1];
00377         pn[5] = hdr[0];
00378 }
00379 
00380 
00381 static int ccmp_encrypt_skb(struct ieee80211_tx_data *tx, struct sk_buff *skb)
00382 {
00383         struct ieee80211_hdr *hdr = (struct ieee80211_hdr *) skb->data;
00384         struct ieee80211_key *key = tx->key;
00385         struct ieee80211_tx_info *info = IEEE80211_SKB_CB(skb);
00386         int hdrlen, len, tail;
00387         u8 *pos;
00388         u8 pn[6];
00389         u64 pn64;
00390         u8 scratch[6 * AES_BLOCK_SIZE];
00391 
00392         if (info->control.hw_key &&
00393             !(info->control.hw_key->flags & IEEE80211_KEY_FLAG_GENERATE_IV)) {
00394                 /*
00395                  * hwaccel has no need for preallocated room for CCMP
00396                  * header or MIC fields
00397                  */
00398                 return 0;
00399         }
00400 
00401         hdrlen = ieee80211_hdrlen(hdr->frame_control);
00402         len = skb->len - hdrlen;
00403 
00404         if (info->control.hw_key)
00405                 tail = 0;
00406         else
00407                 tail = CCMP_MIC_LEN;
00408 
00409         if (WARN_ON(skb_tailroom(skb) < tail ||
00410                     skb_headroom(skb) < CCMP_HDR_LEN))
00411                 return -1;
00412 
00413         pos = skb_push(skb, CCMP_HDR_LEN);
00414         memmove(pos, pos + CCMP_HDR_LEN, hdrlen);
00415         hdr = (struct ieee80211_hdr *) pos;
00416         pos += hdrlen;
00417 
00418         pn64 = atomic64_inc_return(&key->u.ccmp.tx_pn);
00419 
00420         pn[5] = pn64;
00421         pn[4] = pn64 >> 8;
00422         pn[3] = pn64 >> 16;
00423         pn[2] = pn64 >> 24;
00424         pn[1] = pn64 >> 32;
00425         pn[0] = pn64 >> 40;
00426 
00427         ccmp_pn2hdr(pos, pn, key->conf.keyidx);
00428 
00429         /* hwaccel - with software CCMP header */
00430         if (info->control.hw_key)
00431                 return 0;
00432 
00433         pos += CCMP_HDR_LEN;
00434         ccmp_special_blocks(skb, pn, scratch, 0);
00435         ieee80211_aes_ccm_encrypt(key->u.ccmp.tfm, scratch, pos, len,
00436                                   pos, skb_put(skb, CCMP_MIC_LEN));
00437 
00438         return 0;
00439 }
00440 
00441 
00442 ieee80211_tx_result
00443 ieee80211_crypto_ccmp_encrypt(struct ieee80211_tx_data *tx)
00444 {
00445         struct sk_buff *skb = tx->skb;
00446 
00447         ieee80211_tx_set_protected(tx);
00448 
00449         do {
00450                 if (ccmp_encrypt_skb(tx, skb) < 0)
00451                         return TX_DROP;
00452         } while ((skb = skb->next));
00453 
00454         return TX_CONTINUE;
00455 }
00456 
00457 
00458 ieee80211_rx_result
00459 ieee80211_crypto_ccmp_decrypt(struct ieee80211_rx_data *rx)
00460 {
00461         struct ieee80211_hdr *hdr = (struct ieee80211_hdr *)rx->skb->data;
00462         int hdrlen;
00463         struct ieee80211_key *key = rx->key;
00464         struct sk_buff *skb = rx->skb;
00465         struct ieee80211_rx_status *status = IEEE80211_SKB_RXCB(skb);
00466         u8 pn[CCMP_PN_LEN];
00467         int data_len;
00468         int queue;
00469 
00470         hdrlen = ieee80211_hdrlen(hdr->frame_control);
00471 
00472         if (!ieee80211_is_data(hdr->frame_control) &&
00473             !ieee80211_is_robust_mgmt_frame(hdr))
00474                 return RX_CONTINUE;
00475 
00476         data_len = skb->len - hdrlen - CCMP_HDR_LEN - CCMP_MIC_LEN;
00477         if (!rx->sta || data_len < 0)
00478                 return RX_DROP_UNUSABLE;
00479 
00480         ccmp_hdr2pn(pn, skb->data + hdrlen);
00481 
00482         queue = rx->security_idx;
00483 
00484         if (memcmp(pn, key->u.ccmp.rx_pn[queue], CCMP_PN_LEN) <= 0) {
00485                 key->u.ccmp.replays++;
00486                 return RX_DROP_UNUSABLE;
00487         }
00488 
00489         if (!(status->flag & RX_FLAG_DECRYPTED)) {
00490                 u8 scratch[6 * AES_BLOCK_SIZE];
00491                 /* hardware didn't decrypt/verify MIC */
00492                 ccmp_special_blocks(skb, pn, scratch, 1);
00493 
00494                 if (ieee80211_aes_ccm_decrypt(
00495                             key->u.ccmp.tfm, scratch,
00496                             skb->data + hdrlen + CCMP_HDR_LEN, data_len,
00497                             skb->data + skb->len - CCMP_MIC_LEN,
00498                             skb->data + hdrlen + CCMP_HDR_LEN))
00499                         return RX_DROP_UNUSABLE;
00500         }
00501 
00502         memcpy(key->u.ccmp.rx_pn[queue], pn, CCMP_PN_LEN);
00503 
00504         /* Remove CCMP header and MIC */
00505         skb_trim(skb, skb->len - CCMP_MIC_LEN);
00506         memmove(skb->data + CCMP_HDR_LEN, skb->data, hdrlen);
00507         skb_pull(skb, CCMP_HDR_LEN);
00508 
00509         return RX_CONTINUE;
00510 }
00511 
00512 
00513 static void bip_aad(struct sk_buff *skb, u8 *aad)
00514 {
00515         /* BIP AAD: FC(masked) || A1 || A2 || A3 */
00516 
00517         /* FC type/subtype */
00518         aad[0] = skb->data[0];
00519         /* Mask FC Retry, PwrMgt, MoreData flags to zero */
00520         aad[1] = skb->data[1] & ~(BIT(4) | BIT(5) | BIT(6));
00521         /* A1 || A2 || A3 */
00522         memcpy(aad + 2, skb->data + 4, 3 * ETH_ALEN);
00523 }
00524 
00525 
00526 static inline void bip_ipn_set64(u8 *d, u64 pn)
00527 {
00528         *d++ = pn;
00529         *d++ = pn >> 8;
00530         *d++ = pn >> 16;
00531         *d++ = pn >> 24;
00532         *d++ = pn >> 32;
00533         *d = pn >> 40;
00534 }
00535 
00536 static inline void bip_ipn_swap(u8 *d, const u8 *s)
00537 {
00538         *d++ = s[5];
00539         *d++ = s[4];
00540         *d++ = s[3];
00541         *d++ = s[2];
00542         *d++ = s[1];
00543         *d = s[0];
00544 }
00545 
00546 
00547 ieee80211_tx_result
00548 ieee80211_crypto_aes_cmac_encrypt(struct ieee80211_tx_data *tx)
00549 {
00550         struct sk_buff *skb = tx->skb;
00551         struct ieee80211_tx_info *info = IEEE80211_SKB_CB(skb);
00552         struct ieee80211_key *key = tx->key;
00553         struct ieee80211_mmie *mmie;
00554         u8 aad[20];
00555         u64 pn64;
00556 
00557         if (info->control.hw_key)
00558                 return 0;
00559 
00560         if (WARN_ON(skb_tailroom(skb) < sizeof(*mmie)))
00561                 return TX_DROP;
00562 
00563         mmie = (struct ieee80211_mmie *) skb_put(skb, sizeof(*mmie));
00564         mmie->element_id = WLAN_EID_MMIE;
00565         mmie->length = sizeof(*mmie) - 2;
00566         mmie->key_id = cpu_to_le16(key->conf.keyidx);
00567 
00568         /* PN = PN + 1 */
00569         pn64 = atomic64_inc_return(&key->u.aes_cmac.tx_pn);
00570 
00571         bip_ipn_set64(mmie->sequence_number, pn64);
00572 
00573         bip_aad(skb, aad);
00574 
00575         /*
00576          * MIC = AES-128-CMAC(IGTK, AAD || Management Frame Body || MMIE, 64)
00577          */
00578         ieee80211_aes_cmac(key->u.aes_cmac.tfm, aad,
00579                            skb->data + 24, skb->len - 24, mmie->mic);
00580 
00581         return TX_CONTINUE;
00582 }
00583 
00584 
00585 ieee80211_rx_result
00586 ieee80211_crypto_aes_cmac_decrypt(struct ieee80211_rx_data *rx)
00587 {
00588         struct sk_buff *skb = rx->skb;
00589         struct ieee80211_rx_status *status = IEEE80211_SKB_RXCB(skb);
00590         struct ieee80211_key *key = rx->key;
00591         struct ieee80211_mmie *mmie;
00592         u8 aad[20], mic[8], ipn[6];
00593         struct ieee80211_hdr *hdr = (struct ieee80211_hdr *) skb->data;
00594 
00595         if (!ieee80211_is_mgmt(hdr->frame_control))
00596                 return RX_CONTINUE;
00597 
00598         if (skb->len < 24 + sizeof(*mmie))
00599                 return RX_DROP_UNUSABLE;
00600 
00601         mmie = (struct ieee80211_mmie *)
00602                 (skb->data + skb->len - sizeof(*mmie));
00603         if (mmie->element_id != WLAN_EID_MMIE ||
00604             mmie->length != sizeof(*mmie) - 2)
00605                 return RX_DROP_UNUSABLE; /* Invalid MMIE */
00606 
00607         bip_ipn_swap(ipn, mmie->sequence_number);
00608 
00609         if (memcmp(ipn, key->u.aes_cmac.rx_pn, 6) <= 0) {
00610                 key->u.aes_cmac.replays++;
00611                 return RX_DROP_UNUSABLE;
00612         }
00613 
00614         if (!(status->flag & RX_FLAG_DECRYPTED)) {
00615                 /* hardware didn't decrypt/verify MIC */
00616                 bip_aad(skb, aad);
00617                 ieee80211_aes_cmac(key->u.aes_cmac.tfm, aad,
00618                                    skb->data + 24, skb->len - 24, mic);
00619                 if (memcmp(mic, mmie->mic, sizeof(mmie->mic)) != 0) {
00620                         key->u.aes_cmac.icverrors++;
00621                         return RX_DROP_UNUSABLE;
00622                 }
00623         }
00624 
00625         memcpy(key->u.aes_cmac.rx_pn, ipn, 6);
00626 
00627         /* Remove MMIE */
00628         skb_trim(skb, skb->len - sizeof(*mmie));
00629 
00630         return RX_CONTINUE;
00631 }


ros_rt_wmp
Author(s): Danilo Tardioli, dantard@unizar.es
autogenerated on Mon Oct 6 2014 08:27:11