1 files changed, 18 insertions, 18 deletions
diff --git a/net/mac80211/tkip.c b/net/mac80211/tkip.c
index 0ae207771a58..b3622823bad2 100644
--- a/net/mac80211/tkip.c
+++ b/net/mac80211/tkip.c
@@ -1,6 +1,7 @@
 /*
 * Copyright 2002-2004, Instant802 Networks, Inc.
 * Copyright 2005, Devicescape Software, Inc.
+ * Copyright (C) 2016 Intel Deutschland GmbH
 *
 * This program is free software; you can redistribute it and/or modify
 * it under the terms of the GNU General Public License version 2 as
@@ -142,15 +143,14 @@ static void tkip_mixing_phase2(const u8 *tk, struct tkip_ctx *ctx,
 /* Add TKIP IV and Ext. IV at @pos. @iv0, @iv1, and @iv2 are the first octets
 * of the IV. Returns pointer to the octet following IVs (i.e., beginning of
 * the packet payload). */
-u8 *ieee80211_tkip_add_iv(u8 *pos, struct ieee80211_key *key)
+u8 *ieee80211_tkip_add_iv(u8 *pos, struct ieee80211_key_conf *keyconf, u64 pn)
 {
-        lockdep_assert_held(&key->u.tkip.txlock);
+        pos = write_tkip_iv(pos, TKIP_PN_TO_IV16(pn));
+        *pos++ = (keyconf->keyidx << 6) | (1 << 5) /* Ext IV */;
-        pos = write_tkip_iv(pos, key->u.tkip.tx.iv16);
+        put_unaligned_le32(TKIP_PN_TO_IV32(pn), pos);
-        *pos++ = (key->conf.keyidx << 6) | (1 << 5) /* Ext IV */;
-        put_unaligned_le32(key->u.tkip.tx.iv32, pos);
        return pos + 4;
 }
+EXPORT_SYMBOL_GPL(ieee80211_tkip_add_iv);
 static void ieee80211_compute_tkip_p1k(struct ieee80211_key *key, u32 iv32)
 {
@@ -250,6 +250,7 @@ int ieee80211_tkip_decrypt_data(struct crypto_cipher *tfm,
        u8 rc4key[16], keyid, *pos = payload;
        int res;
        const u8 *tk = &key->conf.key[NL80211_TKIP_DATA_OFFSET_ENCR_KEY];
+        struct tkip_ctx_rx *rx_ctx = &key->u.tkip.rx[queue];
        if (payload_len < 12)
                return -1;
@@ -265,37 +266,36 @@ int ieee80211_tkip_decrypt_data(struct crypto_cipher *tfm,
        if ((keyid >> 6) != key->conf.keyidx)
                return TKIP_DECRYPT_INVALID_KEYIDX;
-        if (key->u.tkip.rx[queue].state != TKIP_STATE_NOT_INIT &&
+        if (rx_ctx->ctx.state != TKIP_STATE_NOT_INIT &&
-            (iv32 < key->u.tkip.rx[queue].iv32 ||
+            (iv32 < rx_ctx->iv32 ||
-             (iv32 == key->u.tkip.rx[queue].iv32 &&
+             (iv32 == rx_ctx->iv32 && iv16 <= rx_ctx->iv16)))
-              iv16 <= key->u.tkip.rx[queue].iv16)))
                return TKIP_DECRYPT_REPLAY;
        if (only_iv) {
                res = TKIP_DECRYPT_OK;
-                key->u.tkip.rx[queue].state = TKIP_STATE_PHASE1_HW_UPLOADED;
+                rx_ctx->ctx.state = TKIP_STATE_PHASE1_HW_UPLOADED;
                goto done;
        }
-        if (key->u.tkip.rx[queue].state == TKIP_STATE_NOT_INIT ||
+        if (rx_ctx->ctx.state == TKIP_STATE_NOT_INIT ||
-            key->u.tkip.rx[queue].iv32 != iv32) {
+            rx_ctx->iv32 != iv32) {
                /* IV16 wrapped around - perform TKIP phase 1 */
-                tkip_mixing_phase1(tk, &key->u.tkip.rx[queue], ta, iv32);
+                tkip_mixing_phase1(tk, &rx_ctx->ctx, ta, iv32);
        }
        if (key->local->ops->update_tkip_key &&
            key->flags & KEY_FLAG_UPLOADED_TO_HARDWARE &&
-            key->u.tkip.rx[queue].state != TKIP_STATE_PHASE1_HW_UPLOADED) {
+            rx_ctx->ctx.state != TKIP_STATE_PHASE1_HW_UPLOADED) {
                struct ieee80211_sub_if_data *sdata = key->sdata;
                if (sdata->vif.type == NL80211_IFTYPE_AP_VLAN)
                        sdata = container_of(key->sdata->bss,
                                        struct ieee80211_sub_if_data, u.ap);
                drv_update_tkip_key(key->local, sdata, &key->conf, key->sta,
-                                iv32, key->u.tkip.rx[queue].p1k);
+                                iv32, rx_ctx->ctx.p1k);
-                key->u.tkip.rx[queue].state = TKIP_STATE_PHASE1_HW_UPLOADED;
+                rx_ctx->ctx.state = TKIP_STATE_PHASE1_HW_UPLOADED;
        }
-        tkip_mixing_phase2(tk, &key->u.tkip.rx[queue], iv16, rc4key);
+        tkip_mixing_phase2(tk, &rx_ctx->ctx, iv16, rc4key);
        res = ieee80211_wep_decrypt_data(tfm, rc4key, 16, pos, payload_len - 12);
 done:

diff --git a/net/mac80211/tkip.c b/net/mac80211/tkip.c index 0ae207771a58..b3622823bad2 100644 --- a/net/mac80211/tkip.c +++ b/net/mac80211/tkip.c
@@ -1,6 +1,7 @@
1	/*	1	/*
2	* Copyright 2002-2004, Instant802 Networks, Inc.	2	* Copyright 2002-2004, Instant802 Networks, Inc.
3	* Copyright 2005, Devicescape Software, Inc.	3	* Copyright 2005, Devicescape Software, Inc.
		4	* Copyright (C) 2016 Intel Deutschland GmbH
4	*	5	*
5	* This program is free software; you can redistribute it and/or modify	6	* This program is free software; you can redistribute it and/or modify
6	* it under the terms of the GNU General Public License version 2 as	7	* it under the terms of the GNU General Public License version 2 as
@@ -142,15 +143,14 @@ static void tkip_mixing_phase2(const u8 tk, struct tkip_ctx ctx,
142	/* Add TKIP IV and Ext. IV at @pos. @iv0, @iv1, and @iv2 are the first octets	143	/* Add TKIP IV and Ext. IV at @pos. @iv0, @iv1, and @iv2 are the first octets
143	* of the IV. Returns pointer to the octet following IVs (i.e., beginning of	144	* of the IV. Returns pointer to the octet following IVs (i.e., beginning of
144	* the packet payload). */	145	* the packet payload). */
145	u8 ieee80211_tkip_add_iv(u8 pos, struct ieee80211_key *key)	146	u8 ieee80211_tkip_add_iv(u8 pos, struct ieee80211_key_conf *keyconf, u64 pn)
146	{	147	{
147	lockdep_assert_held(&key->u.tkip.txlock);	148	pos = write_tkip_iv(pos, TKIP_PN_TO_IV16(pn));
148		149	pos++ = (keyconf->keyidx << 6) \| (1 << 5) / Ext IV */;
149	pos = write_tkip_iv(pos, key->u.tkip.tx.iv16);	150	put_unaligned_le32(TKIP_PN_TO_IV32(pn), pos);
150	pos++ = (key->conf.keyidx << 6) \| (1 << 5) / Ext IV */;
151	put_unaligned_le32(key->u.tkip.tx.iv32, pos);
152	return pos + 4;	151	return pos + 4;
153	}	152	}
		153	EXPORT_SYMBOL_GPL(ieee80211_tkip_add_iv);
154		154
155	static void ieee80211_compute_tkip_p1k(struct ieee80211_key *key, u32 iv32)	155	static void ieee80211_compute_tkip_p1k(struct ieee80211_key *key, u32 iv32)
156	{	156	{
@@ -250,6 +250,7 @@ int ieee80211_tkip_decrypt_data(struct crypto_cipher *tfm,
250	u8 rc4key[16], keyid, *pos = payload;	250	u8 rc4key[16], keyid, *pos = payload;
251	int res;	251	int res;
252	const u8 *tk = &key->conf.key[NL80211_TKIP_DATA_OFFSET_ENCR_KEY];	252	const u8 *tk = &key->conf.key[NL80211_TKIP_DATA_OFFSET_ENCR_KEY];
		253	struct tkip_ctx_rx *rx_ctx = &key->u.tkip.rx[queue];
253		254
254	if (payload_len < 12)	255	if (payload_len < 12)
255	return -1;	256	return -1;
@@ -265,37 +266,36 @@ int ieee80211_tkip_decrypt_data(struct crypto_cipher *tfm,
265	if ((keyid >> 6) != key->conf.keyidx)	266	if ((keyid >> 6) != key->conf.keyidx)
266	return TKIP_DECRYPT_INVALID_KEYIDX;	267	return TKIP_DECRYPT_INVALID_KEYIDX;
267		268
268	if (key->u.tkip.rx[queue].state != TKIP_STATE_NOT_INIT &&	269	if (rx_ctx->ctx.state != TKIP_STATE_NOT_INIT &&
269	(iv32 < key->u.tkip.rx[queue].iv32 \|\|	270	(iv32 < rx_ctx->iv32 \|\|
270	(iv32 == key->u.tkip.rx[queue].iv32 &&	271	(iv32 == rx_ctx->iv32 && iv16 <= rx_ctx->iv16)))
271	iv16 <= key->u.tkip.rx[queue].iv16)))
272	return TKIP_DECRYPT_REPLAY;	272	return TKIP_DECRYPT_REPLAY;
273		273
274	if (only_iv) {	274	if (only_iv) {
275	res = TKIP_DECRYPT_OK;	275	res = TKIP_DECRYPT_OK;
276	key->u.tkip.rx[queue].state = TKIP_STATE_PHASE1_HW_UPLOADED;	276	rx_ctx->ctx.state = TKIP_STATE_PHASE1_HW_UPLOADED;
277	goto done;	277	goto done;
278	}	278	}
279		279
280	if (key->u.tkip.rx[queue].state == TKIP_STATE_NOT_INIT \|\|	280	if (rx_ctx->ctx.state == TKIP_STATE_NOT_INIT \|\|
281	key->u.tkip.rx[queue].iv32 != iv32) {	281	rx_ctx->iv32 != iv32) {
282	/* IV16 wrapped around - perform TKIP phase 1 */	282	/* IV16 wrapped around - perform TKIP phase 1 */
283	tkip_mixing_phase1(tk, &key->u.tkip.rx[queue], ta, iv32);	283	tkip_mixing_phase1(tk, &rx_ctx->ctx, ta, iv32);
284	}	284	}
285	if (key->local->ops->update_tkip_key &&	285	if (key->local->ops->update_tkip_key &&
286	key->flags & KEY_FLAG_UPLOADED_TO_HARDWARE &&	286	key->flags & KEY_FLAG_UPLOADED_TO_HARDWARE &&
287	key->u.tkip.rx[queue].state != TKIP_STATE_PHASE1_HW_UPLOADED) {	287	rx_ctx->ctx.state != TKIP_STATE_PHASE1_HW_UPLOADED) {
288	struct ieee80211_sub_if_data *sdata = key->sdata;	288	struct ieee80211_sub_if_data *sdata = key->sdata;
289		289
290	if (sdata->vif.type == NL80211_IFTYPE_AP_VLAN)	290	if (sdata->vif.type == NL80211_IFTYPE_AP_VLAN)
291	sdata = container_of(key->sdata->bss,	291	sdata = container_of(key->sdata->bss,
292	struct ieee80211_sub_if_data, u.ap);	292	struct ieee80211_sub_if_data, u.ap);
293	drv_update_tkip_key(key->local, sdata, &key->conf, key->sta,	293	drv_update_tkip_key(key->local, sdata, &key->conf, key->sta,
294	iv32, key->u.tkip.rx[queue].p1k);	294	iv32, rx_ctx->ctx.p1k);
295	key->u.tkip.rx[queue].state = TKIP_STATE_PHASE1_HW_UPLOADED;	295	rx_ctx->ctx.state = TKIP_STATE_PHASE1_HW_UPLOADED;
296	}	296	}
297		297
298	tkip_mixing_phase2(tk, &key->u.tkip.rx[queue], iv16, rc4key);	298	tkip_mixing_phase2(tk, &rx_ctx->ctx, iv16, rc4key);
299		299
300	res = ieee80211_wep_decrypt_data(tfm, rc4key, 16, pos, payload_len - 12);	300	res = ieee80211_wep_decrypt_data(tfm, rc4key, 16, pos, payload_len - 12);
301	done:	301	done: