OpenCores
URL https://opencores.org/ocsvn/test_project/test_project/trunk

Subversion Repositories test_project

[/] [test_project/] [trunk/] [linux_sd_driver/] [net/] [mac80211/] [wpa.c] - Blame information for rev 62

Details | Compare with Previous | View Log

Line No. Rev Author Line
1 62 marcus.erl
/*
2
 * Copyright 2002-2004, Instant802 Networks, Inc.
3
 *
4
 * This program is free software; you can redistribute it and/or modify
5
 * it under the terms of the GNU General Public License version 2 as
6
 * published by the Free Software Foundation.
7
 */
8
 
9
#include <linux/netdevice.h>
10
#include <linux/types.h>
11
#include <linux/slab.h>
12
#include <linux/skbuff.h>
13
#include <linux/compiler.h>
14
#include <net/mac80211.h>
15
 
16
#include "ieee80211_i.h"
17
#include "michael.h"
18
#include "tkip.h"
19
#include "aes_ccm.h"
20
#include "wpa.h"
21
 
22
static int ieee80211_get_hdr_info(const struct sk_buff *skb, u8 **sa, u8 **da,
23
                                  u8 *qos_tid, u8 **data, size_t *data_len)
24
{
25
        struct ieee80211_hdr *hdr;
26
        size_t hdrlen;
27
        u16 fc;
28
        int a4_included;
29
        u8 *pos;
30
 
31
        hdr = (struct ieee80211_hdr *) skb->data;
32
        fc = le16_to_cpu(hdr->frame_control);
33
 
34
        hdrlen = 24;
35
        if ((fc & (IEEE80211_FCTL_FROMDS | IEEE80211_FCTL_TODS)) ==
36
            (IEEE80211_FCTL_FROMDS | IEEE80211_FCTL_TODS)) {
37
                hdrlen += ETH_ALEN;
38
                *sa = hdr->addr4;
39
                *da = hdr->addr3;
40
        } else if (fc & IEEE80211_FCTL_FROMDS) {
41
                *sa = hdr->addr3;
42
                *da = hdr->addr1;
43
        } else if (fc & IEEE80211_FCTL_TODS) {
44
                *sa = hdr->addr2;
45
                *da = hdr->addr3;
46
        } else {
47
                *sa = hdr->addr2;
48
                *da = hdr->addr1;
49
        }
50
 
51
        if (fc & 0x80)
52
                hdrlen += 2;
53
 
54
        *data = skb->data + hdrlen;
55
        *data_len = skb->len - hdrlen;
56
 
57
        a4_included = (fc & (IEEE80211_FCTL_TODS | IEEE80211_FCTL_FROMDS)) ==
58
                (IEEE80211_FCTL_TODS | IEEE80211_FCTL_FROMDS);
59
        if ((fc & IEEE80211_FCTL_FTYPE) == IEEE80211_FTYPE_DATA &&
60
            fc & IEEE80211_STYPE_QOS_DATA) {
61
                pos = (u8 *) &hdr->addr4;
62
                if (a4_included)
63
                        pos += 6;
64
                *qos_tid = pos[0] & 0x0f;
65
                *qos_tid |= 0x80; /* qos_included flag */
66
        } else
67
                *qos_tid = 0;
68
 
69
        return skb->len < hdrlen ? -1 : 0;
70
}
71
 
72
 
73
ieee80211_txrx_result
74
ieee80211_tx_h_michael_mic_add(struct ieee80211_txrx_data *tx)
75
{
76
        u8 *data, *sa, *da, *key, *mic, qos_tid;
77
        size_t data_len;
78
        u16 fc;
79
        struct sk_buff *skb = tx->skb;
80
        int authenticator;
81
        int wpa_test = 0;
82
 
83
        fc = tx->fc;
84
 
85
        if (!tx->key || tx->key->conf.alg != ALG_TKIP || skb->len < 24 ||
86
            !WLAN_FC_DATA_PRESENT(fc))
87
                return TXRX_CONTINUE;
88
 
89
        if (ieee80211_get_hdr_info(skb, &sa, &da, &qos_tid, &data, &data_len))
90
                return TXRX_DROP;
91
 
92
        if ((tx->key->flags & KEY_FLAG_UPLOADED_TO_HARDWARE) &&
93
            !(tx->flags & IEEE80211_TXRXD_FRAGMENTED) &&
94
            !(tx->key->conf.flags & IEEE80211_KEY_FLAG_GENERATE_MMIC) &&
95
            !wpa_test) {
96
                /* hwaccel - with no need for preallocated room for Michael MIC
97
                 */
98
                return TXRX_CONTINUE;
99
        }
100
 
101
        if (skb_tailroom(skb) < MICHAEL_MIC_LEN) {
102
                I802_DEBUG_INC(tx->local->tx_expand_skb_head);
103
                if (unlikely(pskb_expand_head(skb, TKIP_IV_LEN,
104
                                              MICHAEL_MIC_LEN + TKIP_ICV_LEN,
105
                                              GFP_ATOMIC))) {
106
                        printk(KERN_DEBUG "%s: failed to allocate more memory "
107
                               "for Michael MIC\n", tx->dev->name);
108
                        return TXRX_DROP;
109
                }
110
        }
111
 
112
#if 0
113
        authenticator = fc & IEEE80211_FCTL_FROMDS; /* FIX */
114
#else
115
        authenticator = 1;
116
#endif
117
        key = &tx->key->conf.key[authenticator ? ALG_TKIP_TEMP_AUTH_TX_MIC_KEY :
118
                                 ALG_TKIP_TEMP_AUTH_RX_MIC_KEY];
119
        mic = skb_put(skb, MICHAEL_MIC_LEN);
120
        michael_mic(key, da, sa, qos_tid & 0x0f, data, data_len, mic);
121
 
122
        return TXRX_CONTINUE;
123
}
124
 
125
 
126
ieee80211_txrx_result
127
ieee80211_rx_h_michael_mic_verify(struct ieee80211_txrx_data *rx)
128
{
129
        u8 *data, *sa, *da, *key = NULL, qos_tid;
130
        size_t data_len;
131
        u16 fc;
132
        u8 mic[MICHAEL_MIC_LEN];
133
        struct sk_buff *skb = rx->skb;
134
        int authenticator = 1, wpa_test = 0;
135
        DECLARE_MAC_BUF(mac);
136
 
137
        fc = rx->fc;
138
 
139
        /*
140
         * No way to verify the MIC if the hardware stripped it
141
         */
142
        if (rx->u.rx.status->flag & RX_FLAG_MMIC_STRIPPED)
143
                return TXRX_CONTINUE;
144
 
145
        if (!rx->key || rx->key->conf.alg != ALG_TKIP ||
146
            !(rx->fc & IEEE80211_FCTL_PROTECTED) || !WLAN_FC_DATA_PRESENT(fc))
147
                return TXRX_CONTINUE;
148
 
149
        if (ieee80211_get_hdr_info(skb, &sa, &da, &qos_tid, &data, &data_len)
150
            || data_len < MICHAEL_MIC_LEN)
151
                return TXRX_DROP;
152
 
153
        data_len -= MICHAEL_MIC_LEN;
154
 
155
#if 0
156
        authenticator = fc & IEEE80211_FCTL_TODS; /* FIX */
157
#else
158
        authenticator = 1;
159
#endif
160
        key = &rx->key->conf.key[authenticator ? ALG_TKIP_TEMP_AUTH_RX_MIC_KEY :
161
                                 ALG_TKIP_TEMP_AUTH_TX_MIC_KEY];
162
        michael_mic(key, da, sa, qos_tid & 0x0f, data, data_len, mic);
163
        if (memcmp(mic, data + data_len, MICHAEL_MIC_LEN) != 0 || wpa_test) {
164
                if (!(rx->flags & IEEE80211_TXRXD_RXRA_MATCH))
165
                        return TXRX_DROP;
166
 
167
                printk(KERN_DEBUG "%s: invalid Michael MIC in data frame from "
168
                       "%s\n", rx->dev->name, print_mac(mac, sa));
169
 
170
                mac80211_ev_michael_mic_failure(rx->dev, rx->key->conf.keyidx,
171
                                                (void *) skb->data);
172
                return TXRX_DROP;
173
        }
174
 
175
        /* remove Michael MIC from payload */
176
        skb_trim(skb, skb->len - MICHAEL_MIC_LEN);
177
 
178
        /* update IV in key information to be able to detect replays */
179
        rx->key->u.tkip.iv32_rx[rx->u.rx.queue] = rx->u.rx.tkip_iv32;
180
        rx->key->u.tkip.iv16_rx[rx->u.rx.queue] = rx->u.rx.tkip_iv16;
181
 
182
        return TXRX_CONTINUE;
183
}
184
 
185
 
186
static int tkip_encrypt_skb(struct ieee80211_txrx_data *tx,
187
                            struct sk_buff *skb, int test)
188
{
189
        struct ieee80211_hdr *hdr = (struct ieee80211_hdr *) skb->data;
190
        struct ieee80211_key *key = tx->key;
191
        int hdrlen, len, tailneed;
192
        u16 fc;
193
        u8 *pos;
194
 
195
        fc = le16_to_cpu(hdr->frame_control);
196
        hdrlen = ieee80211_get_hdrlen(fc);
197
        len = skb->len - hdrlen;
198
 
199
        if (tx->key->flags & KEY_FLAG_UPLOADED_TO_HARDWARE)
200
                tailneed = 0;
201
        else
202
                tailneed = TKIP_ICV_LEN;
203
 
204
        if ((skb_headroom(skb) < TKIP_IV_LEN ||
205
             skb_tailroom(skb) < tailneed)) {
206
                I802_DEBUG_INC(tx->local->tx_expand_skb_head);
207
                if (unlikely(pskb_expand_head(skb, TKIP_IV_LEN, tailneed,
208
                                              GFP_ATOMIC)))
209
                        return -1;
210
        }
211
 
212
        pos = skb_push(skb, TKIP_IV_LEN);
213
        memmove(pos, pos + TKIP_IV_LEN, hdrlen);
214
        pos += hdrlen;
215
 
216
        /* Increase IV for the frame */
217
        key->u.tkip.iv16++;
218
        if (key->u.tkip.iv16 == 0)
219
                key->u.tkip.iv32++;
220
 
221
        if (tx->key->flags & KEY_FLAG_UPLOADED_TO_HARDWARE) {
222
                hdr = (struct ieee80211_hdr *)skb->data;
223
 
224
                /* hwaccel - with preallocated room for IV */
225
                ieee80211_tkip_add_iv(pos, key,
226
                                      (u8) (key->u.tkip.iv16 >> 8),
227
                                      (u8) (((key->u.tkip.iv16 >> 8) | 0x20) &
228
                                            0x7f),
229
                                      (u8) key->u.tkip.iv16);
230
 
231
                tx->u.tx.control->key_idx = tx->key->conf.hw_key_idx;
232
                return 0;
233
        }
234
 
235
        /* Add room for ICV */
236
        skb_put(skb, TKIP_ICV_LEN);
237
 
238
        hdr = (struct ieee80211_hdr *) skb->data;
239
        ieee80211_tkip_encrypt_data(tx->local->wep_tx_tfm,
240
                                    key, pos, len, hdr->addr2);
241
        return 0;
242
}
243
 
244
 
245
ieee80211_txrx_result
246
ieee80211_crypto_tkip_encrypt(struct ieee80211_txrx_data *tx)
247
{
248
        struct ieee80211_hdr *hdr = (struct ieee80211_hdr *) tx->skb->data;
249
        u16 fc;
250
        struct sk_buff *skb = tx->skb;
251
        int wpa_test = 0, test = 0;
252
 
253
        fc = le16_to_cpu(hdr->frame_control);
254
 
255
        if (!WLAN_FC_DATA_PRESENT(fc))
256
                return TXRX_CONTINUE;
257
 
258
        tx->u.tx.control->icv_len = TKIP_ICV_LEN;
259
        tx->u.tx.control->iv_len = TKIP_IV_LEN;
260
        ieee80211_tx_set_iswep(tx);
261
 
262
        if ((tx->key->flags & KEY_FLAG_UPLOADED_TO_HARDWARE) &&
263
            !(tx->key->conf.flags & IEEE80211_KEY_FLAG_GENERATE_IV) &&
264
            !wpa_test) {
265
                /* hwaccel - with no need for preallocated room for IV/ICV */
266
                tx->u.tx.control->key_idx = tx->key->conf.hw_key_idx;
267
                return TXRX_CONTINUE;
268
        }
269
 
270
        if (tkip_encrypt_skb(tx, skb, test) < 0)
271
                return TXRX_DROP;
272
 
273
        if (tx->u.tx.extra_frag) {
274
                int i;
275
                for (i = 0; i < tx->u.tx.num_extra_frag; i++) {
276
                        if (tkip_encrypt_skb(tx, tx->u.tx.extra_frag[i], test)
277
                            < 0)
278
                                return TXRX_DROP;
279
                }
280
        }
281
 
282
        return TXRX_CONTINUE;
283
}
284
 
285
 
286
ieee80211_txrx_result
287
ieee80211_crypto_tkip_decrypt(struct ieee80211_txrx_data *rx)
288
{
289
        struct ieee80211_hdr *hdr = (struct ieee80211_hdr *) rx->skb->data;
290
        u16 fc;
291
        int hdrlen, res, hwaccel = 0, wpa_test = 0;
292
        struct ieee80211_key *key = rx->key;
293
        struct sk_buff *skb = rx->skb;
294
        DECLARE_MAC_BUF(mac);
295
 
296
        fc = le16_to_cpu(hdr->frame_control);
297
        hdrlen = ieee80211_get_hdrlen(fc);
298
 
299
        if ((rx->fc & IEEE80211_FCTL_FTYPE) != IEEE80211_FTYPE_DATA)
300
                return TXRX_CONTINUE;
301
 
302
        if (!rx->sta || skb->len - hdrlen < 12)
303
                return TXRX_DROP;
304
 
305
        if (rx->u.rx.status->flag & RX_FLAG_DECRYPTED) {
306
                if (rx->u.rx.status->flag & RX_FLAG_IV_STRIPPED) {
307
                        /*
308
                         * Hardware took care of all processing, including
309
                         * replay protection, and stripped the ICV/IV so
310
                         * we cannot do any checks here.
311
                         */
312
                        return TXRX_CONTINUE;
313
                }
314
 
315
                /* let TKIP code verify IV, but skip decryption */
316
                hwaccel = 1;
317
        }
318
 
319
        res = ieee80211_tkip_decrypt_data(rx->local->wep_rx_tfm,
320
                                          key, skb->data + hdrlen,
321
                                          skb->len - hdrlen, rx->sta->addr,
322
                                          hwaccel, rx->u.rx.queue,
323
                                          &rx->u.rx.tkip_iv32,
324
                                          &rx->u.rx.tkip_iv16);
325
        if (res != TKIP_DECRYPT_OK || wpa_test) {
326
#ifdef CONFIG_MAC80211_DEBUG
327
                if (net_ratelimit())
328
                        printk(KERN_DEBUG "%s: TKIP decrypt failed for RX "
329
                               "frame from %s (res=%d)\n", rx->dev->name,
330
                               print_mac(mac, rx->sta->addr), res);
331
#endif /* CONFIG_MAC80211_DEBUG */
332
                return TXRX_DROP;
333
        }
334
 
335
        /* Trim ICV */
336
        skb_trim(skb, skb->len - TKIP_ICV_LEN);
337
 
338
        /* Remove IV */
339
        memmove(skb->data + TKIP_IV_LEN, skb->data, hdrlen);
340
        skb_pull(skb, TKIP_IV_LEN);
341
 
342
        return TXRX_CONTINUE;
343
}
344
 
345
 
346
static void ccmp_special_blocks(struct sk_buff *skb, u8 *pn, u8 *b_0, u8 *aad,
347
                                int encrypted)
348
{
349
        u16 fc;
350
        int a4_included, qos_included;
351
        u8 qos_tid, *fc_pos, *data, *sa, *da;
352
        int len_a;
353
        size_t data_len;
354
        struct ieee80211_hdr *hdr = (struct ieee80211_hdr *) skb->data;
355
 
356
        fc_pos = (u8 *) &hdr->frame_control;
357
        fc = fc_pos[0] ^ (fc_pos[1] << 8);
358
        a4_included = (fc & (IEEE80211_FCTL_TODS | IEEE80211_FCTL_FROMDS)) ==
359
                (IEEE80211_FCTL_TODS | IEEE80211_FCTL_FROMDS);
360
 
361
        ieee80211_get_hdr_info(skb, &sa, &da, &qos_tid, &data, &data_len);
362
        data_len -= CCMP_HDR_LEN + (encrypted ? CCMP_MIC_LEN : 0);
363
        if (qos_tid & 0x80) {
364
                qos_included = 1;
365
                qos_tid &= 0x0f;
366
        } else
367
                qos_included = 0;
368
        /* First block, b_0 */
369
 
370
        b_0[0] = 0x59; /* flags: Adata: 1, M: 011, L: 001 */
371
        /* Nonce: QoS Priority | A2 | PN */
372
        b_0[1] = qos_tid;
373
        memcpy(&b_0[2], hdr->addr2, 6);
374
        memcpy(&b_0[8], pn, CCMP_PN_LEN);
375
        /* l(m) */
376
        b_0[14] = (data_len >> 8) & 0xff;
377
        b_0[15] = data_len & 0xff;
378
 
379
 
380
        /* AAD (extra authenticate-only data) / masked 802.11 header
381
         * FC | A1 | A2 | A3 | SC | [A4] | [QC] */
382
 
383
        len_a = a4_included ? 28 : 22;
384
        if (qos_included)
385
                len_a += 2;
386
 
387
        aad[0] = 0; /* (len_a >> 8) & 0xff; */
388
        aad[1] = len_a & 0xff;
389
        /* Mask FC: zero subtype b4 b5 b6 */
390
        aad[2] = fc_pos[0] & ~(BIT(4) | BIT(5) | BIT(6));
391
        /* Retry, PwrMgt, MoreData; set Protected */
392
        aad[3] = (fc_pos[1] & ~(BIT(3) | BIT(4) | BIT(5))) | BIT(6);
393
        memcpy(&aad[4], &hdr->addr1, 18);
394
 
395
        /* Mask Seq#, leave Frag# */
396
        aad[22] = *((u8 *) &hdr->seq_ctrl) & 0x0f;
397
        aad[23] = 0;
398
        if (a4_included) {
399
                memcpy(&aad[24], hdr->addr4, 6);
400
                aad[30] = 0;
401
                aad[31] = 0;
402
        } else
403
                memset(&aad[24], 0, 8);
404
        if (qos_included) {
405
                u8 *dpos = &aad[a4_included ? 30 : 24];
406
 
407
                /* Mask QoS Control field */
408
                dpos[0] = qos_tid;
409
                dpos[1] = 0;
410
        }
411
}
412
 
413
 
414
static inline void ccmp_pn2hdr(u8 *hdr, u8 *pn, int key_id)
415
{
416
        hdr[0] = pn[5];
417
        hdr[1] = pn[4];
418
        hdr[2] = 0;
419
        hdr[3] = 0x20 | (key_id << 6);
420
        hdr[4] = pn[3];
421
        hdr[5] = pn[2];
422
        hdr[6] = pn[1];
423
        hdr[7] = pn[0];
424
}
425
 
426
 
427
static inline int ccmp_hdr2pn(u8 *pn, u8 *hdr)
428
{
429
        pn[0] = hdr[7];
430
        pn[1] = hdr[6];
431
        pn[2] = hdr[5];
432
        pn[3] = hdr[4];
433
        pn[4] = hdr[1];
434
        pn[5] = hdr[0];
435
        return (hdr[3] >> 6) & 0x03;
436
}
437
 
438
 
439
static int ccmp_encrypt_skb(struct ieee80211_txrx_data *tx,
440
                            struct sk_buff *skb, int test)
441
{
442
        struct ieee80211_hdr *hdr = (struct ieee80211_hdr *) skb->data;
443
        struct ieee80211_key *key = tx->key;
444
        int hdrlen, len, tailneed;
445
        u16 fc;
446
        u8 *pos, *pn, *b_0, *aad, *scratch;
447
        int i;
448
 
449
        scratch = key->u.ccmp.tx_crypto_buf;
450
        b_0 = scratch + 3 * AES_BLOCK_LEN;
451
        aad = scratch + 4 * AES_BLOCK_LEN;
452
 
453
        fc = le16_to_cpu(hdr->frame_control);
454
        hdrlen = ieee80211_get_hdrlen(fc);
455
        len = skb->len - hdrlen;
456
 
457
        if (key->flags & KEY_FLAG_UPLOADED_TO_HARDWARE)
458
                tailneed = 0;
459
        else
460
                tailneed = CCMP_MIC_LEN;
461
 
462
        if ((skb_headroom(skb) < CCMP_HDR_LEN ||
463
             skb_tailroom(skb) < tailneed)) {
464
                I802_DEBUG_INC(tx->local->tx_expand_skb_head);
465
                if (unlikely(pskb_expand_head(skb, CCMP_HDR_LEN, tailneed,
466
                                              GFP_ATOMIC)))
467
                        return -1;
468
        }
469
 
470
        pos = skb_push(skb, CCMP_HDR_LEN);
471
        memmove(pos, pos + CCMP_HDR_LEN, hdrlen);
472
        hdr = (struct ieee80211_hdr *) pos;
473
        pos += hdrlen;
474
 
475
        /* PN = PN + 1 */
476
        pn = key->u.ccmp.tx_pn;
477
 
478
        for (i = CCMP_PN_LEN - 1; i >= 0; i--) {
479
                pn[i]++;
480
                if (pn[i])
481
                        break;
482
        }
483
 
484
        ccmp_pn2hdr(pos, pn, key->conf.keyidx);
485
 
486
        if (key->flags & KEY_FLAG_UPLOADED_TO_HARDWARE) {
487
                /* hwaccel - with preallocated room for CCMP header */
488
                tx->u.tx.control->key_idx = key->conf.hw_key_idx;
489
                return 0;
490
        }
491
 
492
        pos += CCMP_HDR_LEN;
493
        ccmp_special_blocks(skb, pn, b_0, aad, 0);
494
        ieee80211_aes_ccm_encrypt(key->u.ccmp.tfm, scratch, b_0, aad, pos, len,
495
                                  pos, skb_put(skb, CCMP_MIC_LEN));
496
 
497
        return 0;
498
}
499
 
500
 
501
ieee80211_txrx_result
502
ieee80211_crypto_ccmp_encrypt(struct ieee80211_txrx_data *tx)
503
{
504
        struct ieee80211_hdr *hdr = (struct ieee80211_hdr *) tx->skb->data;
505
        u16 fc;
506
        struct sk_buff *skb = tx->skb;
507
        int test = 0;
508
 
509
        fc = le16_to_cpu(hdr->frame_control);
510
 
511
        if (!WLAN_FC_DATA_PRESENT(fc))
512
                return TXRX_CONTINUE;
513
 
514
        tx->u.tx.control->icv_len = CCMP_MIC_LEN;
515
        tx->u.tx.control->iv_len = CCMP_HDR_LEN;
516
        ieee80211_tx_set_iswep(tx);
517
 
518
        if ((tx->key->flags & KEY_FLAG_UPLOADED_TO_HARDWARE) &&
519
            !(tx->key->conf.flags & IEEE80211_KEY_FLAG_GENERATE_IV)) {
520
                /* hwaccel - with no need for preallocated room for CCMP "
521
                 * header or MIC fields */
522
                tx->u.tx.control->key_idx = tx->key->conf.hw_key_idx;
523
                return TXRX_CONTINUE;
524
        }
525
 
526
        if (ccmp_encrypt_skb(tx, skb, test) < 0)
527
                return TXRX_DROP;
528
 
529
        if (tx->u.tx.extra_frag) {
530
                int i;
531
                for (i = 0; i < tx->u.tx.num_extra_frag; i++) {
532
                        if (ccmp_encrypt_skb(tx, tx->u.tx.extra_frag[i], test)
533
                            < 0)
534
                                return TXRX_DROP;
535
                }
536
        }
537
 
538
        return TXRX_CONTINUE;
539
}
540
 
541
 
542
ieee80211_txrx_result
543
ieee80211_crypto_ccmp_decrypt(struct ieee80211_txrx_data *rx)
544
{
545
        struct ieee80211_hdr *hdr = (struct ieee80211_hdr *) rx->skb->data;
546
        u16 fc;
547
        int hdrlen;
548
        struct ieee80211_key *key = rx->key;
549
        struct sk_buff *skb = rx->skb;
550
        u8 pn[CCMP_PN_LEN];
551
        int data_len;
552
        DECLARE_MAC_BUF(mac);
553
 
554
        fc = le16_to_cpu(hdr->frame_control);
555
        hdrlen = ieee80211_get_hdrlen(fc);
556
 
557
        if ((rx->fc & IEEE80211_FCTL_FTYPE) != IEEE80211_FTYPE_DATA)
558
                return TXRX_CONTINUE;
559
 
560
        data_len = skb->len - hdrlen - CCMP_HDR_LEN - CCMP_MIC_LEN;
561
        if (!rx->sta || data_len < 0)
562
                return TXRX_DROP;
563
 
564
        if ((rx->u.rx.status->flag & RX_FLAG_DECRYPTED) &&
565
            (rx->u.rx.status->flag & RX_FLAG_IV_STRIPPED))
566
                return TXRX_CONTINUE;
567
 
568
        (void) ccmp_hdr2pn(pn, skb->data + hdrlen);
569
 
570
        if (memcmp(pn, key->u.ccmp.rx_pn[rx->u.rx.queue], CCMP_PN_LEN) <= 0) {
571
#ifdef CONFIG_MAC80211_DEBUG
572
                u8 *ppn = key->u.ccmp.rx_pn[rx->u.rx.queue];
573
 
574
                printk(KERN_DEBUG "%s: CCMP replay detected for RX frame from "
575
                       "%s (RX PN %02x%02x%02x%02x%02x%02x <= prev. PN "
576
                       "%02x%02x%02x%02x%02x%02x)\n", rx->dev->name,
577
                       print_mac(mac, rx->sta->addr),
578
                       pn[0], pn[1], pn[2], pn[3], pn[4], pn[5],
579
                       ppn[0], ppn[1], ppn[2], ppn[3], ppn[4], ppn[5]);
580
#endif /* CONFIG_MAC80211_DEBUG */
581
                key->u.ccmp.replays++;
582
                return TXRX_DROP;
583
        }
584
 
585
        if (!(rx->u.rx.status->flag & RX_FLAG_DECRYPTED)) {
586
                /* hardware didn't decrypt/verify MIC */
587
                u8 *scratch, *b_0, *aad;
588
 
589
                scratch = key->u.ccmp.rx_crypto_buf;
590
                b_0 = scratch + 3 * AES_BLOCK_LEN;
591
                aad = scratch + 4 * AES_BLOCK_LEN;
592
 
593
                ccmp_special_blocks(skb, pn, b_0, aad, 1);
594
 
595
                if (ieee80211_aes_ccm_decrypt(
596
                            key->u.ccmp.tfm, scratch, b_0, aad,
597
                            skb->data + hdrlen + CCMP_HDR_LEN, data_len,
598
                            skb->data + skb->len - CCMP_MIC_LEN,
599
                            skb->data + hdrlen + CCMP_HDR_LEN)) {
600
#ifdef CONFIG_MAC80211_DEBUG
601
                        if (net_ratelimit())
602
                                printk(KERN_DEBUG "%s: CCMP decrypt failed "
603
                                       "for RX frame from %s\n", rx->dev->name,
604
                                       print_mac(mac, rx->sta->addr));
605
#endif /* CONFIG_MAC80211_DEBUG */
606
                        return TXRX_DROP;
607
                }
608
        }
609
 
610
        memcpy(key->u.ccmp.rx_pn[rx->u.rx.queue], pn, CCMP_PN_LEN);
611
 
612
        /* Remove CCMP header and MIC */
613
        skb_trim(skb, skb->len - CCMP_MIC_LEN);
614
        memmove(skb->data + CCMP_HDR_LEN, skb->data, hdrlen);
615
        skb_pull(skb, CCMP_HDR_LEN);
616
 
617
        return TXRX_CONTINUE;
618
}

powered by: WebSVN 2.1.0

© copyright 1999-2024 OpenCores.org, equivalent to Oliscience, all rights reserved. OpenCores®, registered trademark.