aboutsummaryrefslogtreecommitdiffstats
path: root/net/mac80211/rx.c
diff options
context:
space:
mode:
Diffstat (limited to 'net/mac80211/rx.c')
-rw-r--r--net/mac80211/rx.c404
1 files changed, 202 insertions, 202 deletions
diff --git a/net/mac80211/rx.c b/net/mac80211/rx.c
index 6b85f95b9ba1..a84f319c11ad 100644
--- a/net/mac80211/rx.c
+++ b/net/mac80211/rx.c
@@ -1055,207 +1055,6 @@ ieee80211_rx_h_check(struct ieee80211_rx_data *rx)
1055 1055
1056 1056
1057static ieee80211_rx_result debug_noinline 1057static ieee80211_rx_result debug_noinline
1058ieee80211_rx_h_decrypt(struct ieee80211_rx_data *rx)
1059{
1060 struct sk_buff *skb = rx->skb;
1061 struct ieee80211_rx_status *status = IEEE80211_SKB_RXCB(skb);
1062 struct ieee80211_hdr *hdr = (struct ieee80211_hdr *)skb->data;
1063 int keyidx;
1064 int hdrlen;
1065 ieee80211_rx_result result = RX_DROP_UNUSABLE;
1066 struct ieee80211_key *sta_ptk = NULL;
1067 int mmie_keyidx = -1;
1068 __le16 fc;
1069
1070 /*
1071 * Key selection 101
1072 *
1073 * There are four types of keys:
1074 * - GTK (group keys)
1075 * - IGTK (group keys for management frames)
1076 * - PTK (pairwise keys)
1077 * - STK (station-to-station pairwise keys)
1078 *
1079 * When selecting a key, we have to distinguish between multicast
1080 * (including broadcast) and unicast frames, the latter can only
1081 * use PTKs and STKs while the former always use GTKs and IGTKs.
1082 * Unless, of course, actual WEP keys ("pre-RSNA") are used, then
1083 * unicast frames can also use key indices like GTKs. Hence, if we
1084 * don't have a PTK/STK we check the key index for a WEP key.
1085 *
1086 * Note that in a regular BSS, multicast frames are sent by the
1087 * AP only, associated stations unicast the frame to the AP first
1088 * which then multicasts it on their behalf.
1089 *
1090 * There is also a slight problem in IBSS mode: GTKs are negotiated
1091 * with each station, that is something we don't currently handle.
1092 * The spec seems to expect that one negotiates the same key with
1093 * every station but there's no such requirement; VLANs could be
1094 * possible.
1095 */
1096
1097 /*
1098 * No point in finding a key and decrypting if the frame is neither
1099 * addressed to us nor a multicast frame.
1100 */
1101 if (!(status->rx_flags & IEEE80211_RX_RA_MATCH))
1102 return RX_CONTINUE;
1103
1104 /* start without a key */
1105 rx->key = NULL;
1106
1107 if (rx->sta)
1108 sta_ptk = rcu_dereference(rx->sta->ptk);
1109
1110 fc = hdr->frame_control;
1111
1112 if (!ieee80211_has_protected(fc))
1113 mmie_keyidx = ieee80211_get_mmie_keyidx(rx->skb);
1114
1115 if (!is_multicast_ether_addr(hdr->addr1) && sta_ptk) {
1116 rx->key = sta_ptk;
1117 if ((status->flag & RX_FLAG_DECRYPTED) &&
1118 (status->flag & RX_FLAG_IV_STRIPPED))
1119 return RX_CONTINUE;
1120 /* Skip decryption if the frame is not protected. */
1121 if (!ieee80211_has_protected(fc))
1122 return RX_CONTINUE;
1123 } else if (mmie_keyidx >= 0) {
1124 /* Broadcast/multicast robust management frame / BIP */
1125 if ((status->flag & RX_FLAG_DECRYPTED) &&
1126 (status->flag & RX_FLAG_IV_STRIPPED))
1127 return RX_CONTINUE;
1128
1129 if (mmie_keyidx < NUM_DEFAULT_KEYS ||
1130 mmie_keyidx >= NUM_DEFAULT_KEYS + NUM_DEFAULT_MGMT_KEYS)
1131 return RX_DROP_MONITOR; /* unexpected BIP keyidx */
1132 if (rx->sta)
1133 rx->key = rcu_dereference(rx->sta->gtk[mmie_keyidx]);
1134 if (!rx->key)
1135 rx->key = rcu_dereference(rx->sdata->keys[mmie_keyidx]);
1136 } else if (!ieee80211_has_protected(fc)) {
1137 /*
1138 * The frame was not protected, so skip decryption. However, we
1139 * need to set rx->key if there is a key that could have been
1140 * used so that the frame may be dropped if encryption would
1141 * have been expected.
1142 */
1143 struct ieee80211_key *key = NULL;
1144 struct ieee80211_sub_if_data *sdata = rx->sdata;
1145 int i;
1146
1147 if (ieee80211_is_mgmt(fc) &&
1148 is_multicast_ether_addr(hdr->addr1) &&
1149 (key = rcu_dereference(rx->sdata->default_mgmt_key)))
1150 rx->key = key;
1151 else {
1152 if (rx->sta) {
1153 for (i = 0; i < NUM_DEFAULT_KEYS; i++) {
1154 key = rcu_dereference(rx->sta->gtk[i]);
1155 if (key)
1156 break;
1157 }
1158 }
1159 if (!key) {
1160 for (i = 0; i < NUM_DEFAULT_KEYS; i++) {
1161 key = rcu_dereference(sdata->keys[i]);
1162 if (key)
1163 break;
1164 }
1165 }
1166 if (key)
1167 rx->key = key;
1168 }
1169 return RX_CONTINUE;
1170 } else {
1171 u8 keyid;
1172 /*
1173 * The device doesn't give us the IV so we won't be
1174 * able to look up the key. That's ok though, we
1175 * don't need to decrypt the frame, we just won't
1176 * be able to keep statistics accurate.
1177 * Except for key threshold notifications, should
1178 * we somehow allow the driver to tell us which key
1179 * the hardware used if this flag is set?
1180 */
1181 if ((status->flag & RX_FLAG_DECRYPTED) &&
1182 (status->flag & RX_FLAG_IV_STRIPPED))
1183 return RX_CONTINUE;
1184
1185 hdrlen = ieee80211_hdrlen(fc);
1186
1187 if (rx->skb->len < 8 + hdrlen)
1188 return RX_DROP_UNUSABLE; /* TODO: count this? */
1189
1190 /*
1191 * no need to call ieee80211_wep_get_keyidx,
1192 * it verifies a bunch of things we've done already
1193 */
1194 skb_copy_bits(rx->skb, hdrlen + 3, &keyid, 1);
1195 keyidx = keyid >> 6;
1196
1197 /* check per-station GTK first, if multicast packet */
1198 if (is_multicast_ether_addr(hdr->addr1) && rx->sta)
1199 rx->key = rcu_dereference(rx->sta->gtk[keyidx]);
1200
1201 /* if not found, try default key */
1202 if (!rx->key) {
1203 rx->key = rcu_dereference(rx->sdata->keys[keyidx]);
1204
1205 /*
1206 * RSNA-protected unicast frames should always be
1207 * sent with pairwise or station-to-station keys,
1208 * but for WEP we allow using a key index as well.
1209 */
1210 if (rx->key &&
1211 rx->key->conf.cipher != WLAN_CIPHER_SUITE_WEP40 &&
1212 rx->key->conf.cipher != WLAN_CIPHER_SUITE_WEP104 &&
1213 !is_multicast_ether_addr(hdr->addr1))
1214 rx->key = NULL;
1215 }
1216 }
1217
1218 if (rx->key) {
1219 if (unlikely(rx->key->flags & KEY_FLAG_TAINTED))
1220 return RX_DROP_MONITOR;
1221
1222 rx->key->tx_rx_count++;
1223 /* TODO: add threshold stuff again */
1224 } else {
1225 return RX_DROP_MONITOR;
1226 }
1227
1228 switch (rx->key->conf.cipher) {
1229 case WLAN_CIPHER_SUITE_WEP40:
1230 case WLAN_CIPHER_SUITE_WEP104:
1231 result = ieee80211_crypto_wep_decrypt(rx);
1232 break;
1233 case WLAN_CIPHER_SUITE_TKIP:
1234 result = ieee80211_crypto_tkip_decrypt(rx);
1235 break;
1236 case WLAN_CIPHER_SUITE_CCMP:
1237 result = ieee80211_crypto_ccmp_decrypt(rx);
1238 break;
1239 case WLAN_CIPHER_SUITE_AES_CMAC:
1240 result = ieee80211_crypto_aes_cmac_decrypt(rx);
1241 break;
1242 default:
1243 /*
1244 * We can reach here only with HW-only algorithms
1245 * but why didn't it decrypt the frame?!
1246 */
1247 return RX_DROP_UNUSABLE;
1248 }
1249
1250 /* the hdr variable is invalid after the decrypt handlers */
1251
1252 /* either the frame has been decrypted or will be dropped */
1253 status->flag |= RX_FLAG_DECRYPTED;
1254
1255 return result;
1256}
1257
1258static ieee80211_rx_result debug_noinline
1259ieee80211_rx_h_check_more_data(struct ieee80211_rx_data *rx) 1058ieee80211_rx_h_check_more_data(struct ieee80211_rx_data *rx)
1260{ 1059{
1261 struct ieee80211_local *local; 1060 struct ieee80211_local *local;
@@ -1556,6 +1355,207 @@ ieee80211_rx_h_sta_process(struct ieee80211_rx_data *rx)
1556 return RX_CONTINUE; 1355 return RX_CONTINUE;
1557} /* ieee80211_rx_h_sta_process */ 1356} /* ieee80211_rx_h_sta_process */
1558 1357
1358static ieee80211_rx_result debug_noinline
1359ieee80211_rx_h_decrypt(struct ieee80211_rx_data *rx)
1360{
1361 struct sk_buff *skb = rx->skb;
1362 struct ieee80211_rx_status *status = IEEE80211_SKB_RXCB(skb);
1363 struct ieee80211_hdr *hdr = (struct ieee80211_hdr *)skb->data;
1364 int keyidx;
1365 int hdrlen;
1366 ieee80211_rx_result result = RX_DROP_UNUSABLE;
1367 struct ieee80211_key *sta_ptk = NULL;
1368 int mmie_keyidx = -1;
1369 __le16 fc;
1370
1371 /*
1372 * Key selection 101
1373 *
1374 * There are four types of keys:
1375 * - GTK (group keys)
1376 * - IGTK (group keys for management frames)
1377 * - PTK (pairwise keys)
1378 * - STK (station-to-station pairwise keys)
1379 *
1380 * When selecting a key, we have to distinguish between multicast
1381 * (including broadcast) and unicast frames, the latter can only
1382 * use PTKs and STKs while the former always use GTKs and IGTKs.
1383 * Unless, of course, actual WEP keys ("pre-RSNA") are used, then
1384 * unicast frames can also use key indices like GTKs. Hence, if we
1385 * don't have a PTK/STK we check the key index for a WEP key.
1386 *
1387 * Note that in a regular BSS, multicast frames are sent by the
1388 * AP only, associated stations unicast the frame to the AP first
1389 * which then multicasts it on their behalf.
1390 *
1391 * There is also a slight problem in IBSS mode: GTKs are negotiated
1392 * with each station, that is something we don't currently handle.
1393 * The spec seems to expect that one negotiates the same key with
1394 * every station but there's no such requirement; VLANs could be
1395 * possible.
1396 */
1397
1398 /*
1399 * No point in finding a key and decrypting if the frame is neither
1400 * addressed to us nor a multicast frame.
1401 */
1402 if (!(status->rx_flags & IEEE80211_RX_RA_MATCH))
1403 return RX_CONTINUE;
1404
1405 /* start without a key */
1406 rx->key = NULL;
1407
1408 if (rx->sta)
1409 sta_ptk = rcu_dereference(rx->sta->ptk);
1410
1411 fc = hdr->frame_control;
1412
1413 if (!ieee80211_has_protected(fc))
1414 mmie_keyidx = ieee80211_get_mmie_keyidx(rx->skb);
1415
1416 if (!is_multicast_ether_addr(hdr->addr1) && sta_ptk) {
1417 rx->key = sta_ptk;
1418 if ((status->flag & RX_FLAG_DECRYPTED) &&
1419 (status->flag & RX_FLAG_IV_STRIPPED))
1420 return RX_CONTINUE;
1421 /* Skip decryption if the frame is not protected. */
1422 if (!ieee80211_has_protected(fc))
1423 return RX_CONTINUE;
1424 } else if (mmie_keyidx >= 0) {
1425 /* Broadcast/multicast robust management frame / BIP */
1426 if ((status->flag & RX_FLAG_DECRYPTED) &&
1427 (status->flag & RX_FLAG_IV_STRIPPED))
1428 return RX_CONTINUE;
1429
1430 if (mmie_keyidx < NUM_DEFAULT_KEYS ||
1431 mmie_keyidx >= NUM_DEFAULT_KEYS + NUM_DEFAULT_MGMT_KEYS)
1432 return RX_DROP_MONITOR; /* unexpected BIP keyidx */
1433 if (rx->sta)
1434 rx->key = rcu_dereference(rx->sta->gtk[mmie_keyidx]);
1435 if (!rx->key)
1436 rx->key = rcu_dereference(rx->sdata->keys[mmie_keyidx]);
1437 } else if (!ieee80211_has_protected(fc)) {
1438 /*
1439 * The frame was not protected, so skip decryption. However, we
1440 * need to set rx->key if there is a key that could have been
1441 * used so that the frame may be dropped if encryption would
1442 * have been expected.
1443 */
1444 struct ieee80211_key *key = NULL;
1445 struct ieee80211_sub_if_data *sdata = rx->sdata;
1446 int i;
1447
1448 if (ieee80211_is_mgmt(fc) &&
1449 is_multicast_ether_addr(hdr->addr1) &&
1450 (key = rcu_dereference(rx->sdata->default_mgmt_key)))
1451 rx->key = key;
1452 else {
1453 if (rx->sta) {
1454 for (i = 0; i < NUM_DEFAULT_KEYS; i++) {
1455 key = rcu_dereference(rx->sta->gtk[i]);
1456 if (key)
1457 break;
1458 }
1459 }
1460 if (!key) {
1461 for (i = 0; i < NUM_DEFAULT_KEYS; i++) {
1462 key = rcu_dereference(sdata->keys[i]);
1463 if (key)
1464 break;
1465 }
1466 }
1467 if (key)
1468 rx->key = key;
1469 }
1470 return RX_CONTINUE;
1471 } else {
1472 u8 keyid;
1473 /*
1474 * The device doesn't give us the IV so we won't be
1475 * able to look up the key. That's ok though, we
1476 * don't need to decrypt the frame, we just won't
1477 * be able to keep statistics accurate.
1478 * Except for key threshold notifications, should
1479 * we somehow allow the driver to tell us which key
1480 * the hardware used if this flag is set?
1481 */
1482 if ((status->flag & RX_FLAG_DECRYPTED) &&
1483 (status->flag & RX_FLAG_IV_STRIPPED))
1484 return RX_CONTINUE;
1485
1486 hdrlen = ieee80211_hdrlen(fc);
1487
1488 if (rx->skb->len < 8 + hdrlen)
1489 return RX_DROP_UNUSABLE; /* TODO: count this? */
1490
1491 /*
1492 * no need to call ieee80211_wep_get_keyidx,
1493 * it verifies a bunch of things we've done already
1494 */
1495 skb_copy_bits(rx->skb, hdrlen + 3, &keyid, 1);
1496 keyidx = keyid >> 6;
1497
1498 /* check per-station GTK first, if multicast packet */
1499 if (is_multicast_ether_addr(hdr->addr1) && rx->sta)
1500 rx->key = rcu_dereference(rx->sta->gtk[keyidx]);
1501
1502 /* if not found, try default key */
1503 if (!rx->key) {
1504 rx->key = rcu_dereference(rx->sdata->keys[keyidx]);
1505
1506 /*
1507 * RSNA-protected unicast frames should always be
1508 * sent with pairwise or station-to-station keys,
1509 * but for WEP we allow using a key index as well.
1510 */
1511 if (rx->key &&
1512 rx->key->conf.cipher != WLAN_CIPHER_SUITE_WEP40 &&
1513 rx->key->conf.cipher != WLAN_CIPHER_SUITE_WEP104 &&
1514 !is_multicast_ether_addr(hdr->addr1))
1515 rx->key = NULL;
1516 }
1517 }
1518
1519 if (rx->key) {
1520 if (unlikely(rx->key->flags & KEY_FLAG_TAINTED))
1521 return RX_DROP_MONITOR;
1522
1523 rx->key->tx_rx_count++;
1524 /* TODO: add threshold stuff again */
1525 } else {
1526 return RX_DROP_MONITOR;
1527 }
1528
1529 switch (rx->key->conf.cipher) {
1530 case WLAN_CIPHER_SUITE_WEP40:
1531 case WLAN_CIPHER_SUITE_WEP104:
1532 result = ieee80211_crypto_wep_decrypt(rx);
1533 break;
1534 case WLAN_CIPHER_SUITE_TKIP:
1535 result = ieee80211_crypto_tkip_decrypt(rx);
1536 break;
1537 case WLAN_CIPHER_SUITE_CCMP:
1538 result = ieee80211_crypto_ccmp_decrypt(rx);
1539 break;
1540 case WLAN_CIPHER_SUITE_AES_CMAC:
1541 result = ieee80211_crypto_aes_cmac_decrypt(rx);
1542 break;
1543 default:
1544 /*
1545 * We can reach here only with HW-only algorithms
1546 * but why didn't it decrypt the frame?!
1547 */
1548 return RX_DROP_UNUSABLE;
1549 }
1550
1551 /* the hdr variable is invalid after the decrypt handlers */
1552
1553 /* either the frame has been decrypted or will be dropped */
1554 status->flag |= RX_FLAG_DECRYPTED;
1555
1556 return result;
1557}
1558
1559static inline struct ieee80211_fragment_entry * 1559static inline struct ieee80211_fragment_entry *
1560ieee80211_reassemble_add(struct ieee80211_sub_if_data *sdata, 1560ieee80211_reassemble_add(struct ieee80211_sub_if_data *sdata,
1561 unsigned int frag, unsigned int seq, int rx_queue, 1561 unsigned int frag, unsigned int seq, int rx_queue,
@@ -2939,10 +2939,10 @@ static void ieee80211_rx_handlers(struct ieee80211_rx_data *rx,
2939 */ 2939 */
2940 rx->skb = skb; 2940 rx->skb = skb;
2941 2941
2942 CALL_RXH(ieee80211_rx_h_decrypt)
2943 CALL_RXH(ieee80211_rx_h_check_more_data) 2942 CALL_RXH(ieee80211_rx_h_check_more_data)
2944 CALL_RXH(ieee80211_rx_h_uapsd_and_pspoll) 2943 CALL_RXH(ieee80211_rx_h_uapsd_and_pspoll)
2945 CALL_RXH(ieee80211_rx_h_sta_process) 2944 CALL_RXH(ieee80211_rx_h_sta_process)
2945 CALL_RXH(ieee80211_rx_h_decrypt)
2946 CALL_RXH(ieee80211_rx_h_defragment) 2946 CALL_RXH(ieee80211_rx_h_defragment)
2947 CALL_RXH(ieee80211_rx_h_michael_mic_verify) 2947 CALL_RXH(ieee80211_rx_h_michael_mic_verify)
2948 /* must be after MMIC verify so header is counted in MPDU mic */ 2948 /* must be after MMIC verify so header is counted in MPDU mic */
generated by cgit v1.2.2 (git 2.25.0) at 2025-02-23 17:10:56 -0500