diff options
| author | Emmanuel Grumbach <emmanuel.grumbach@intel.com> | 2008-03-20 09:06:42 -0400 |
|---|---|---|
| committer | John W. Linville <linville@tuxdriver.com> | 2008-03-25 16:41:53 -0400 |
| commit | 9ae4fda332df616ef47d5bb710c39681641d4303 (patch) | |
| tree | 7cecfed1dfac8e6fdf7e33957d7da7767a35619c | |
| parent | 5d2cdcd4e85c5187db30a6b29f79fbbe59f39f78 (diff) | |
mac80211: allows driver to request a Phase 1 RX key
This patch makes mac80211 able to send a phase1 key for TKIP
decryption.
This is needed for drivers that don't do the rekeying by themselves
(i.e. iwlwifi). Upon IV16 wrap around, the packet is decrypted in SW,
if decryption is ok, mac80211 calls to update_tkip_key with a new
phase 1 RX key.
Signed-off-by: Emmanuel Grumbach <emmanuel.grumbach@intel.com>
Signed-off-by: Tomas Winkler <tomas.winkler@intel.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
| -rw-r--r-- | include/net/mac80211.h | 17 | ||||
| -rw-r--r-- | net/mac80211/tkip.c | 15 | ||||
| -rw-r--r-- | net/mac80211/tkip.h | 2 | ||||
| -rw-r--r-- | net/mac80211/wpa.c | 2 |
4 files changed, 33 insertions, 3 deletions
diff --git a/include/net/mac80211.h b/include/net/mac80211.h index 2a134582fc16..48428a6b9109 100644 --- a/include/net/mac80211.h +++ b/include/net/mac80211.h | |||
| @@ -827,6 +827,16 @@ static inline void SET_IEEE80211_PERM_ADDR(struct ieee80211_hw *hw, u8 *addr) | |||
| 827 | * parameter is guaranteed to be valid until another call to set_key() | 827 | * parameter is guaranteed to be valid until another call to set_key() |
| 828 | * removes it, but it can only be used as a cookie to differentiate | 828 | * removes it, but it can only be used as a cookie to differentiate |
| 829 | * keys. | 829 | * keys. |
| 830 | * | ||
| 831 | * In TKIP some HW need to be provided a phase 1 key, for RX decryption | ||
| 832 | * acceleration (i.e. iwlwifi). Those drivers should provide update_tkip_key | ||
| 833 | * handler. | ||
| 834 | * The update_tkip_key() call updates the driver with the new phase 1 key. | ||
| 835 | * This happens everytime the iv16 wraps around (every 65536 packets). The | ||
| 836 | * set_key() call will happen only once for each key (unless the AP did | ||
| 837 | * rekeying), it will not include a valid phase 1 key. The valid phase 1 key is | ||
| 838 | * provided by udpate_tkip_key only. The trigger that makes mac80211 call this | ||
| 839 | * handler is software decryption with wrap around of iv16. | ||
| 830 | */ | 840 | */ |
| 831 | 841 | ||
| 832 | /** | 842 | /** |
| @@ -1003,6 +1013,10 @@ enum ieee80211_ampdu_mlme_action { | |||
| 1003 | * and remove_interface calls, i.e. while the interface with the | 1013 | * and remove_interface calls, i.e. while the interface with the |
| 1004 | * given local_address is enabled. | 1014 | * given local_address is enabled. |
| 1005 | * | 1015 | * |
| 1016 | * @update_tkip_key: See the section "Hardware crypto acceleration" | ||
| 1017 | * This callback will be called in the context of Rx. Called for drivers | ||
| 1018 | * which set IEEE80211_KEY_FLAG_TKIP_REQ_RX_P1_KEY. | ||
| 1019 | * | ||
| 1006 | * @hw_scan: Ask the hardware to service the scan request, no need to start | 1020 | * @hw_scan: Ask the hardware to service the scan request, no need to start |
| 1007 | * the scan state machine in stack. The scan must honour the channel | 1021 | * the scan state machine in stack. The scan must honour the channel |
| 1008 | * configuration done by the regulatory agent in the wiphy's registered | 1022 | * configuration done by the regulatory agent in the wiphy's registered |
| @@ -1094,6 +1108,9 @@ struct ieee80211_ops { | |||
| 1094 | int (*set_key)(struct ieee80211_hw *hw, enum set_key_cmd cmd, | 1108 | int (*set_key)(struct ieee80211_hw *hw, enum set_key_cmd cmd, |
| 1095 | const u8 *local_address, const u8 *address, | 1109 | const u8 *local_address, const u8 *address, |
| 1096 | struct ieee80211_key_conf *key); | 1110 | struct ieee80211_key_conf *key); |
| 1111 | void (*update_tkip_key)(struct ieee80211_hw *hw, | ||
| 1112 | struct ieee80211_key_conf *conf, const u8 *address, | ||
| 1113 | u32 iv32, u16 *phase1key); | ||
| 1097 | int (*hw_scan)(struct ieee80211_hw *hw, u8 *ssid, size_t len); | 1114 | int (*hw_scan)(struct ieee80211_hw *hw, u8 *ssid, size_t len); |
| 1098 | int (*get_stats)(struct ieee80211_hw *hw, | 1115 | int (*get_stats)(struct ieee80211_hw *hw, |
| 1099 | struct ieee80211_low_level_stats *stats); | 1116 | struct ieee80211_low_level_stats *stats); |
diff --git a/net/mac80211/tkip.c b/net/mac80211/tkip.c index 5c36b2df3faf..45d59f19c29f 100644 --- a/net/mac80211/tkip.c +++ b/net/mac80211/tkip.c | |||
| @@ -291,7 +291,7 @@ void ieee80211_tkip_encrypt_data(struct crypto_blkcipher *tfm, | |||
| 291 | int ieee80211_tkip_decrypt_data(struct crypto_blkcipher *tfm, | 291 | int ieee80211_tkip_decrypt_data(struct crypto_blkcipher *tfm, |
| 292 | struct ieee80211_key *key, | 292 | struct ieee80211_key *key, |
| 293 | u8 *payload, size_t payload_len, u8 *ta, | 293 | u8 *payload, size_t payload_len, u8 *ta, |
| 294 | int only_iv, int queue, | 294 | u8 *ra, int only_iv, int queue, |
| 295 | u32 *out_iv32, u16 *out_iv16) | 295 | u32 *out_iv32, u16 *out_iv16) |
| 296 | { | 296 | { |
| 297 | u32 iv32; | 297 | u32 iv32; |
| @@ -368,6 +368,19 @@ int ieee80211_tkip_decrypt_data(struct crypto_blkcipher *tfm, | |||
| 368 | printk("\n"); | 368 | printk("\n"); |
| 369 | } | 369 | } |
| 370 | #endif /* CONFIG_TKIP_DEBUG */ | 370 | #endif /* CONFIG_TKIP_DEBUG */ |
| 371 | if (key->local->ops->update_tkip_key && | ||
| 372 | key->flags & KEY_FLAG_UPLOADED_TO_HARDWARE) { | ||
| 373 | u8 bcast[ETH_ALEN] = | ||
| 374 | {0xff, 0xff, 0xff, 0xff, 0xff, 0xff}; | ||
| 375 | u8 *sta_addr = key->sta->addr; | ||
| 376 | |||
| 377 | if (is_multicast_ether_addr(ra)) | ||
| 378 | sta_addr = bcast; | ||
| 379 | |||
| 380 | key->local->ops->update_tkip_key( | ||
| 381 | local_to_hw(key->local), &key->conf, | ||
| 382 | sta_addr, iv32, key->u.tkip.p1k_rx[queue]); | ||
| 383 | } | ||
| 371 | } | 384 | } |
| 372 | 385 | ||
| 373 | tkip_mixing_phase2(key->u.tkip.p1k_rx[queue], | 386 | tkip_mixing_phase2(key->u.tkip.p1k_rx[queue], |
diff --git a/net/mac80211/tkip.h b/net/mac80211/tkip.h index 73d8ef2a93b0..ffaee3253e19 100644 --- a/net/mac80211/tkip.h +++ b/net/mac80211/tkip.h | |||
| @@ -31,7 +31,7 @@ enum { | |||
| 31 | int ieee80211_tkip_decrypt_data(struct crypto_blkcipher *tfm, | 31 | int ieee80211_tkip_decrypt_data(struct crypto_blkcipher *tfm, |
| 32 | struct ieee80211_key *key, | 32 | struct ieee80211_key *key, |
| 33 | u8 *payload, size_t payload_len, u8 *ta, | 33 | u8 *payload, size_t payload_len, u8 *ta, |
| 34 | int only_iv, int queue, | 34 | u8 *ra, int only_iv, int queue, |
| 35 | u32 *out_iv32, u16 *out_iv16); | 35 | u32 *out_iv32, u16 *out_iv16); |
| 36 | 36 | ||
| 37 | #endif /* TKIP_H */ | 37 | #endif /* TKIP_H */ |
diff --git a/net/mac80211/wpa.c b/net/mac80211/wpa.c index df0b7341efc8..45709ada8fee 100644 --- a/net/mac80211/wpa.c +++ b/net/mac80211/wpa.c | |||
| @@ -312,7 +312,7 @@ ieee80211_crypto_tkip_decrypt(struct ieee80211_rx_data *rx) | |||
| 312 | res = ieee80211_tkip_decrypt_data(rx->local->wep_rx_tfm, | 312 | res = ieee80211_tkip_decrypt_data(rx->local->wep_rx_tfm, |
| 313 | key, skb->data + hdrlen, | 313 | key, skb->data + hdrlen, |
| 314 | skb->len - hdrlen, rx->sta->addr, | 314 | skb->len - hdrlen, rx->sta->addr, |
| 315 | hwaccel, rx->queue, | 315 | hdr->addr1, hwaccel, rx->queue, |
| 316 | &rx->tkip_iv32, | 316 | &rx->tkip_iv32, |
| 317 | &rx->tkip_iv16); | 317 | &rx->tkip_iv16); |
| 318 | if (res != TKIP_DECRYPT_OK || wpa_test) { | 318 | if (res != TKIP_DECRYPT_OK || wpa_test) { |