search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
GUI: Fix Tomato RAF theme for all builds. Compilation typo.
[tomato.git] / release / src-rt-6.x.4708 / linux / linux-2.6.36 / net / mac80211 / wpa.c
blob6d13f5036dcb89f326b1bacade754df1e3465db2
1 /*
2 * Copyright 2002-2004, Instant802 Networks, Inc.
3 * Copyright 2008, Jouni Malinen <j@w1.fi>
4 *
5 * This program is free software; you can redistribute it and/or modify
6 * it under the terms of the GNU General Public License version 2 as
7 * published by the Free Software Foundation.
8 */
9
10 #include <linux/netdevice.h>
11 #include <linux/types.h>
12 #include <linux/skbuff.h>
13 #include <linux/compiler.h>
14 #include <linux/ieee80211.h>
15 #include <linux/gfp.h>
16 #include <asm/unaligned.h>
17 #include <net/mac80211.h>
18
19 #include "ieee80211_i.h"
20 #include "michael.h"
21 #include "tkip.h"
22 #include "aes_ccm.h"
23 #include "aes_cmac.h"
24 #include "wpa.h"
25
26 ieee80211_tx_result
27 ieee80211_tx_h_michael_mic_add(struct ieee80211_tx_data *tx)
28 {
29 u8 *data, *key, *mic, key_offset;
30 size_t data_len;
31 unsigned int hdrlen;
32 struct ieee80211_hdr *hdr;
33 struct sk_buff *skb = tx->skb;
34 struct ieee80211_tx_info *info = IEEE80211_SKB_CB(skb);
35 int authenticator;
36 int tail;
37
38 hdr = (struct ieee80211_hdr *)skb->data;
39 if (!tx->key || tx->key->conf.alg != ALG_TKIP || skb->len < 24 ||
40 !ieee80211_is_data_present(hdr->frame_control))
41 return TX_CONTINUE;
42
43 hdrlen = ieee80211_hdrlen(hdr->frame_control);
44 if (skb->len < hdrlen)
45 return TX_DROP;
46
47 data = skb->data + hdrlen;
48 data_len = skb->len - hdrlen;
49
50 if (info->control.hw_key &&
51 !(tx->flags & IEEE80211_TX_FRAGMENTED) &&
52 !(tx->key->conf.flags & IEEE80211_KEY_FLAG_GENERATE_MMIC)) {
53 /* hwaccel - with no need for SW-generated MMIC */
54 return TX_CONTINUE;
55 }
56
57 tail = MICHAEL_MIC_LEN;
58 if (!info->control.hw_key)
59 tail += TKIP_ICV_LEN;
60
61 if (WARN_ON(skb_tailroom(skb) < tail ||
62 skb_headroom(skb) < TKIP_IV_LEN))
63 return TX_DROP;
64
65 authenticator = 1;
66 key_offset = authenticator ?
67 NL80211_TKIP_DATA_OFFSET_TX_MIC_KEY :
68 NL80211_TKIP_DATA_OFFSET_RX_MIC_KEY;
69 key = &tx->key->conf.key[key_offset];
70 mic = skb_put(skb, MICHAEL_MIC_LEN);
71 michael_mic(key, hdr, data, data_len, mic);
72
73 return TX_CONTINUE;
74 }
75
76
77 ieee80211_rx_result
78 ieee80211_rx_h_michael_mic_verify(struct ieee80211_rx_data *rx)
79 {
80 u8 *data, *key = NULL, key_offset;
81 size_t data_len;
82 unsigned int hdrlen;
83 u8 mic[MICHAEL_MIC_LEN];
84 struct sk_buff *skb = rx->skb;
85 struct ieee80211_rx_status *status = IEEE80211_SKB_RXCB(skb);
86 struct ieee80211_hdr *hdr = (struct ieee80211_hdr *)skb->data;
87 int authenticator = 1, wpa_test = 0;
88
89 /* No way to verify the MIC if the hardware stripped it */
90 if (status->flag & RX_FLAG_MMIC_STRIPPED)
91 return RX_CONTINUE;
92
93 if (!rx->key || rx->key->conf.alg != ALG_TKIP ||
94 !ieee80211_has_protected(hdr->frame_control) ||
95 !ieee80211_is_data_present(hdr->frame_control))
96 return RX_CONTINUE;
97
98 hdrlen = ieee80211_hdrlen(hdr->frame_control);
99 if (skb->len < hdrlen + MICHAEL_MIC_LEN)
100 return RX_DROP_UNUSABLE;
101
102 data = skb->data + hdrlen;
103 data_len = skb->len - hdrlen - MICHAEL_MIC_LEN;
104
105 authenticator = 1;
106 key_offset = authenticator ?
107 NL80211_TKIP_DATA_OFFSET_RX_MIC_KEY :
108 NL80211_TKIP_DATA_OFFSET_TX_MIC_KEY;
109 key = &rx->key->conf.key[key_offset];
110 michael_mic(key, hdr, data, data_len, mic);
111 if (memcmp(mic, data + data_len, MICHAEL_MIC_LEN) != 0 || wpa_test) {
112 if (!(rx->flags & IEEE80211_RX_RA_MATCH))
113 return RX_DROP_UNUSABLE;
114
115 mac80211_ev_michael_mic_failure(rx->sdata, rx->key->conf.keyidx,
116 (void *) skb->data, NULL,
117 GFP_ATOMIC);
118 return RX_DROP_UNUSABLE;
119 }
120
121 /* remove Michael MIC from payload */
122 skb_trim(skb, skb->len - MICHAEL_MIC_LEN);
123
124 /* update IV in key information to be able to detect replays */
125 rx->key->u.tkip.rx[rx->queue].iv32 = rx->tkip_iv32;
126 rx->key->u.tkip.rx[rx->queue].iv16 = rx->tkip_iv16;
127
128 return RX_CONTINUE;
129 }
130
131
132 static int tkip_encrypt_skb(struct ieee80211_tx_data *tx, struct sk_buff *skb)
133 {
134 struct ieee80211_hdr *hdr = (struct ieee80211_hdr *) skb->data;
135 struct ieee80211_key *key = tx->key;
136 struct ieee80211_tx_info *info = IEEE80211_SKB_CB(skb);
137 unsigned int hdrlen;
138 int len, tail;
139 u8 *pos;
140
141 if (info->control.hw_key &&
142 !(info->control.hw_key->flags & IEEE80211_KEY_FLAG_GENERATE_IV)) {
143 /* hwaccel - with no need for software-generated IV */
144 return 0;
145 }
146
147 hdrlen = ieee80211_hdrlen(hdr->frame_control);
148 len = skb->len - hdrlen;
149
150 if (info->control.hw_key)
151 tail = 0;
152 else
153 tail = TKIP_ICV_LEN;
154
155 if (WARN_ON(skb_tailroom(skb) < tail ||
156 skb_headroom(skb) < TKIP_IV_LEN))
157 return -1;
158
159 pos = skb_push(skb, TKIP_IV_LEN);
160 memmove(pos, pos + TKIP_IV_LEN, hdrlen);
161 pos += hdrlen;
162
163 /* Increase IV for the frame */
164 key->u.tkip.tx.iv16++;
165 if (key->u.tkip.tx.iv16 == 0)
166 key->u.tkip.tx.iv32++;
167
168 pos = ieee80211_tkip_add_iv(pos, key, key->u.tkip.tx.iv16);
169
170 /* hwaccel - with software IV */
171 if (info->control.hw_key)
172 return 0;
173
174 /* Add room for ICV */
175 skb_put(skb, TKIP_ICV_LEN);
176
177 hdr = (struct ieee80211_hdr *) skb->data;
178 return ieee80211_tkip_encrypt_data(tx->local->wep_tx_tfm,
179 key, pos, len, hdr->addr2);
180 }
181
182
183 ieee80211_tx_result
184 ieee80211_crypto_tkip_encrypt(struct ieee80211_tx_data *tx)
185 {
186 struct sk_buff *skb = tx->skb;
187
188 ieee80211_tx_set_protected(tx);
189
190 do {
191 if (tkip_encrypt_skb(tx, skb) < 0)
192 return TX_DROP;
193 } while ((skb = skb->next));
194
195 return TX_CONTINUE;
196 }
197
198
199 ieee80211_rx_result
200 ieee80211_crypto_tkip_decrypt(struct ieee80211_rx_data *rx)
201 {
202 struct ieee80211_hdr *hdr = (struct ieee80211_hdr *) rx->skb->data;
203 int hdrlen, res, hwaccel = 0, wpa_test = 0;
204 struct ieee80211_key *key = rx->key;
205 struct sk_buff *skb = rx->skb;
206 struct ieee80211_rx_status *status = IEEE80211_SKB_RXCB(skb);
207
208 hdrlen = ieee80211_hdrlen(hdr->frame_control);
209
210 if (!ieee80211_is_data(hdr->frame_control))
211 return RX_CONTINUE;
212
213 if (!rx->sta || skb->len - hdrlen < 12)
214 return RX_DROP_UNUSABLE;
215
216 if (status->flag & RX_FLAG_DECRYPTED) {
217 if (status->flag & RX_FLAG_IV_STRIPPED) {
218 /*
219 * Hardware took care of all processing, including
220 * replay protection, and stripped the ICV/IV so
221 * we cannot do any checks here.
222 */
223 return RX_CONTINUE;
224 }
225
226 /* let TKIP code verify IV, but skip decryption */
227 hwaccel = 1;
228 }
229
230 res = ieee80211_tkip_decrypt_data(rx->local->wep_rx_tfm,
231 key, skb->data + hdrlen,
232 skb->len - hdrlen, rx->sta->sta.addr,
233 hdr->addr1, hwaccel, rx->queue,
234 &rx->tkip_iv32,
235 &rx->tkip_iv16);
236 if (res != TKIP_DECRYPT_OK || wpa_test)
237 return RX_DROP_UNUSABLE;
238
239 /* Trim ICV */
240 skb_trim(skb, skb->len - TKIP_ICV_LEN);
241
242 /* Remove IV */
243 memmove(skb->data + TKIP_IV_LEN, skb->data, hdrlen);
244 skb_pull(skb, TKIP_IV_LEN);
245
246 return RX_CONTINUE;
247 }
248
249
250 static void ccmp_special_blocks(struct sk_buff *skb, u8 *pn, u8 *scratch,
251 int encrypted)
252 {
253 __le16 mask_fc;
254 int a4_included, mgmt;
255 u8 qos_tid;
256 u8 *b_0, *aad;
257 u16 data_len, len_a;
258 unsigned int hdrlen;
259 struct ieee80211_hdr *hdr = (struct ieee80211_hdr *)skb->data;
260
261 b_0 = scratch + 3 * AES_BLOCK_LEN;
262 aad = scratch + 4 * AES_BLOCK_LEN;
263
264 /*
265 * Mask FC: zero subtype b4 b5 b6 (if not mgmt)
266 * Retry, PwrMgt, MoreData; set Protected
267 */
268 mgmt = ieee80211_is_mgmt(hdr->frame_control);
269 mask_fc = hdr->frame_control;
270 mask_fc &= ~cpu_to_le16(IEEE80211_FCTL_RETRY |
271 IEEE80211_FCTL_PM | IEEE80211_FCTL_MOREDATA);
272 if (!mgmt)
273 mask_fc &= ~cpu_to_le16(0x0070);
274 mask_fc |= cpu_to_le16(IEEE80211_FCTL_PROTECTED);
275
276 hdrlen = ieee80211_hdrlen(hdr->frame_control);
277 len_a = hdrlen - 2;
278 a4_included = ieee80211_has_a4(hdr->frame_control);
279
280 if (ieee80211_is_data_qos(hdr->frame_control))
281 qos_tid = *ieee80211_get_qos_ctl(hdr) & IEEE80211_QOS_CTL_TID_MASK;
282 else
283 qos_tid = 0;
284
285 data_len = skb->len - hdrlen - CCMP_HDR_LEN;
286 if (encrypted)
287 data_len -= CCMP_MIC_LEN;
288
289 /* First block, b_0 */
290 b_0[0] = 0x59; /* flags: Adata: 1, M: 011, L: 001 */
291 /* Nonce: Nonce Flags | A2 | PN
292 * Nonce Flags: Priority (b0..b3) | Management (b4) | Reserved (b5..b7)
293 */
294 b_0[1] = qos_tid | (mgmt << 4);
295 memcpy(&b_0[2], hdr->addr2, ETH_ALEN);
296 memcpy(&b_0[8], pn, CCMP_PN_LEN);
297 /* l(m) */
298 put_unaligned_be16(data_len, &b_0[14]);
299
300 /* AAD (extra authenticate-only data) / masked 802.11 header
301 * FC | A1 | A2 | A3 | SC | [A4] | [QC] */
302 put_unaligned_be16(len_a, &aad[0]);
303 put_unaligned(mask_fc, (__le16 *)&aad[2]);
304 memcpy(&aad[4], &hdr->addr1, 3 * ETH_ALEN);
305
306 /* Mask Seq#, leave Frag# */
307 aad[22] = *((u8 *) &hdr->seq_ctrl) & 0x0f;
308 aad[23] = 0;
309
310 if (a4_included) {
311 memcpy(&aad[24], hdr->addr4, ETH_ALEN);
312 aad[30] = qos_tid;
313 aad[31] = 0;
314 } else {
315 memset(&aad[24], 0, ETH_ALEN + IEEE80211_QOS_CTL_LEN);
316 aad[24] = qos_tid;
317 }
318 }
319
320
321 static inline void ccmp_pn2hdr(u8 *hdr, u8 *pn, int key_id)
322 {
323 hdr[0] = pn[5];
324 hdr[1] = pn[4];
325 hdr[2] = 0;
326 hdr[3] = 0x20 | (key_id << 6);
327 hdr[4] = pn[3];
328 hdr[5] = pn[2];
329 hdr[6] = pn[1];
330 hdr[7] = pn[0];
331 }
332
333
334 static inline void ccmp_hdr2pn(u8 *pn, u8 *hdr)
335 {
336 pn[0] = hdr[7];
337 pn[1] = hdr[6];
338 pn[2] = hdr[5];
339 pn[3] = hdr[4];
340 pn[4] = hdr[1];
341 pn[5] = hdr[0];
342 }
343
344
345 static int ccmp_encrypt_skb(struct ieee80211_tx_data *tx, struct sk_buff *skb)
346 {
347 struct ieee80211_hdr *hdr = (struct ieee80211_hdr *) skb->data;
348 struct ieee80211_key *key = tx->key;
349 struct ieee80211_tx_info *info = IEEE80211_SKB_CB(skb);
350 int hdrlen, len, tail;
351 u8 *pos, *pn;
352 int i;
353
354 if (info->control.hw_key &&
355 !(info->control.hw_key->flags & IEEE80211_KEY_FLAG_GENERATE_IV)) {
356 /*
357 * hwaccel has no need for preallocated room for CCMP
358 * header or MIC fields
359 */
360 return 0;
361 }
362
363 hdrlen = ieee80211_hdrlen(hdr->frame_control);
364 len = skb->len - hdrlen;
365
366 if (info->control.hw_key)
367 tail = 0;
368 else
369 tail = CCMP_MIC_LEN;
370
371 if (WARN_ON(skb_tailroom(skb) < tail ||
372 skb_headroom(skb) < CCMP_HDR_LEN))
373 return -1;
374
375 pos = skb_push(skb, CCMP_HDR_LEN);
376 memmove(pos, pos + CCMP_HDR_LEN, hdrlen);
377 hdr = (struct ieee80211_hdr *) pos;
378 pos += hdrlen;
379
380 /* PN = PN + 1 */
381 pn = key->u.ccmp.tx_pn;
382
383 for (i = CCMP_PN_LEN - 1; i >= 0; i--) {
384 pn[i]++;
385 if (pn[i])
386 break;
387 }
388
389 ccmp_pn2hdr(pos, pn, key->conf.keyidx);
390
391 /* hwaccel - with software CCMP header */
392 if (info->control.hw_key)
393 return 0;
394
395 pos += CCMP_HDR_LEN;
396 ccmp_special_blocks(skb, pn, key->u.ccmp.tx_crypto_buf, 0);
397 ieee80211_aes_ccm_encrypt(key->u.ccmp.tfm, key->u.ccmp.tx_crypto_buf, pos, len,
398 pos, skb_put(skb, CCMP_MIC_LEN));
399
400 return 0;
401 }
402
403
404 ieee80211_tx_result
405 ieee80211_crypto_ccmp_encrypt(struct ieee80211_tx_data *tx)
406 {
407 struct sk_buff *skb = tx->skb;
408
409 ieee80211_tx_set_protected(tx);
410
411 do {
412 if (ccmp_encrypt_skb(tx, skb) < 0)
413 return TX_DROP;
414 } while ((skb = skb->next));
415
416 return TX_CONTINUE;
417 }
418
419
420 ieee80211_rx_result
421 ieee80211_crypto_ccmp_decrypt(struct ieee80211_rx_data *rx)
422 {
423 struct ieee80211_hdr *hdr = (struct ieee80211_hdr *)rx->skb->data;
424 int hdrlen;
425 struct ieee80211_key *key = rx->key;
426 struct sk_buff *skb = rx->skb;
427 struct ieee80211_rx_status *status = IEEE80211_SKB_RXCB(skb);
428 u8 pn[CCMP_PN_LEN];
429 int data_len;
430 int queue;
431
432 hdrlen = ieee80211_hdrlen(hdr->frame_control);
433
434 if (!ieee80211_is_data(hdr->frame_control) &&
435 !ieee80211_is_robust_mgmt_frame(hdr))
436 return RX_CONTINUE;
437
438 data_len = skb->len - hdrlen - CCMP_HDR_LEN - CCMP_MIC_LEN;
439 if (!rx->sta || data_len < 0)
440 return RX_DROP_UNUSABLE;
441
442 if ((status->flag & RX_FLAG_DECRYPTED) &&
443 (status->flag & RX_FLAG_IV_STRIPPED))
444 return RX_CONTINUE;
445
446 ccmp_hdr2pn(pn, skb->data + hdrlen);
447
448 queue = ieee80211_is_mgmt(hdr->frame_control) ?
449 NUM_RX_DATA_QUEUES : rx->queue;
450
451 if (memcmp(pn, key->u.ccmp.rx_pn[queue], CCMP_PN_LEN) <= 0) {
452 key->u.ccmp.replays++;
453 return RX_DROP_UNUSABLE;
454 }
455
456 if (!(status->flag & RX_FLAG_DECRYPTED)) {
457 /* hardware didn't decrypt/verify MIC */
458 ccmp_special_blocks(skb, pn, key->u.ccmp.rx_crypto_buf, 1);
459
460 if (ieee80211_aes_ccm_decrypt(
461 key->u.ccmp.tfm, key->u.ccmp.rx_crypto_buf,
462 skb->data + hdrlen + CCMP_HDR_LEN, data_len,
463 skb->data + skb->len - CCMP_MIC_LEN,
464 skb->data + hdrlen + CCMP_HDR_LEN))
465 return RX_DROP_UNUSABLE;
466 }
467
468 memcpy(key->u.ccmp.rx_pn[queue], pn, CCMP_PN_LEN);
469
470 /* Remove CCMP header and MIC */
471 skb_trim(skb, skb->len - CCMP_MIC_LEN);
472 memmove(skb->data + CCMP_HDR_LEN, skb->data, hdrlen);
473 skb_pull(skb, CCMP_HDR_LEN);
474
475 return RX_CONTINUE;
476 }
477
478
479 static void bip_aad(struct sk_buff *skb, u8 *aad)
480 {
481 /* BIP AAD: FC(masked) || A1 || A2 || A3 */
482
483 /* FC type/subtype */
484 aad[0] = skb->data[0];
485 /* Mask FC Retry, PwrMgt, MoreData flags to zero */
486 aad[1] = skb->data[1] & ~(BIT(4) | BIT(5) | BIT(6));
487 /* A1 || A2 || A3 */
488 memcpy(aad + 2, skb->data + 4, 3 * ETH_ALEN);
489 }
490
491
492 static inline void bip_ipn_swap(u8 *d, const u8 *s)
493 {
494 *d++ = s[5];
495 *d++ = s[4];
496 *d++ = s[3];
497 *d++ = s[2];
498 *d++ = s[1];
499 *d = s[0];
500 }
501
502
503 ieee80211_tx_result
504 ieee80211_crypto_aes_cmac_encrypt(struct ieee80211_tx_data *tx)
505 {
506 struct sk_buff *skb = tx->skb;
507 struct ieee80211_tx_info *info = IEEE80211_SKB_CB(skb);
508 struct ieee80211_key *key = tx->key;
509 struct ieee80211_mmie *mmie;
510 u8 *pn, aad[20];
511 int i;
512
513 if (info->control.hw_key)
514 return 0;
515
516 if (WARN_ON(skb_tailroom(skb) < sizeof(*mmie)))
517 return TX_DROP;
518
519 mmie = (struct ieee80211_mmie *) skb_put(skb, sizeof(*mmie));
520 mmie->element_id = WLAN_EID_MMIE;
521 mmie->length = sizeof(*mmie) - 2;
522 mmie->key_id = cpu_to_le16(key->conf.keyidx);
523
524 /* PN = PN + 1 */
525 pn = key->u.aes_cmac.tx_pn;
526
527 for (i = sizeof(key->u.aes_cmac.tx_pn) - 1; i >= 0; i--) {
528 pn[i]++;
529 if (pn[i])
530 break;
531 }
532 bip_ipn_swap(mmie->sequence_number, pn);
533
534 bip_aad(skb, aad);
535
536 /*
537 * MIC = AES-128-CMAC(IGTK, AAD || Management Frame Body || MMIE, 64)
538 */
539 ieee80211_aes_cmac(key->u.aes_cmac.tfm, key->u.aes_cmac.tx_crypto_buf,
540 aad, skb->data + 24, skb->len - 24, mmie->mic);
541
542 return TX_CONTINUE;
543 }
544
545
546 ieee80211_rx_result
547 ieee80211_crypto_aes_cmac_decrypt(struct ieee80211_rx_data *rx)
548 {
549 struct sk_buff *skb = rx->skb;
550 struct ieee80211_rx_status *status = IEEE80211_SKB_RXCB(skb);
551 struct ieee80211_key *key = rx->key;
552 struct ieee80211_mmie *mmie;
553 u8 aad[20], mic[8], ipn[6];
554 struct ieee80211_hdr *hdr = (struct ieee80211_hdr *) skb->data;
555
556 if (!ieee80211_is_mgmt(hdr->frame_control))
557 return RX_CONTINUE;
558
559 if ((status->flag & RX_FLAG_DECRYPTED) &&
560 (status->flag & RX_FLAG_IV_STRIPPED))
561 return RX_CONTINUE;
562
563 if (skb->len < 24 + sizeof(*mmie))
564 return RX_DROP_UNUSABLE;
565
566 mmie = (struct ieee80211_mmie *)
567 (skb->data + skb->len - sizeof(*mmie));
568 if (mmie->element_id != WLAN_EID_MMIE ||
569 mmie->length != sizeof(*mmie) - 2)
570 return RX_DROP_UNUSABLE; /* Invalid MMIE */
571
572 bip_ipn_swap(ipn, mmie->sequence_number);
573
574 if (memcmp(ipn, key->u.aes_cmac.rx_pn, 6) <= 0) {
575 key->u.aes_cmac.replays++;
576 return RX_DROP_UNUSABLE;
577 }
578
579 if (!(status->flag & RX_FLAG_DECRYPTED)) {
580 /* hardware didn't decrypt/verify MIC */
581 bip_aad(skb, aad);
582 ieee80211_aes_cmac(key->u.aes_cmac.tfm,
583 key->u.aes_cmac.rx_crypto_buf, aad,
584 skb->data + 24, skb->len - 24, mic);
585 if (memcmp(mic, mmie->mic, sizeof(mmie->mic)) != 0) {
586 key->u.aes_cmac.icverrors++;
587 return RX_DROP_UNUSABLE;
588 }
589 }
590
591 memcpy(key->u.aes_cmac.rx_pn, ipn, 6);
592
593 /* Remove MMIE */
594 skb_trim(skb, skb->len - sizeof(*mmie));
595
596 return RX_CONTINUE;
597 }
Tomato firmware and modifications.