mac80211: 802.11w - Add BIP (AES-128-CMAC)

Implement Broadcast/Multicast Integrity Protocol for management frame protection. This patch adds the needed definitions for the new information element (MMIE) and implementation for the new "encryption" type (though, BIP is actually not encrypting data, it provides only integrity protection). These routines will be used by a follow-on patch that enables BIP for multicast/broadcast robust management frames. Signed-off-by: Jouni Malinen <j@w1.fi> Acked-by: Johannes Berg <johannes@sipsolutions.net> Signed-off-by: John W. Linville <linville@tuxdriver.com>
author: Jouni Malinen <j@w1.fi> 2009-01-08 06:32:01 -0500
committer: John W. Linville <linville@tuxdriver.com> 2009-01-29 16:00:02 -0500
commit: 765cb46a3fc856245ea68a7c961ac87c77e4ae2d (patch)
tree: 210cb9cd260430221ddb3be9620ee8ae90ecee34
parent: fb7333367632c67d8b6b06fb8d906cdabb11b02a (diff)
8 files changed, 306 insertions, 1 deletions
diff --git a/include/linux/ieee80211.h b/include/linux/ieee80211.h
index d5165895f316..cceb9e86c744 100644
--- a/include/linux/ieee80211.h
+++ b/include/linux/ieee80211.h
@@ -655,6 +655,15 @@ struct ieee80211_mgmt {
 #define IEEE80211_MIN_ACTION_SIZE offsetof(struct ieee80211_mgmt, u.action.u)
+/* Management MIC information element (IEEE 802.11w) */
+struct ieee80211_mmie {
+        u8 element_id;
+        u8 length;
+        __le16 key_id;
+        u8 sequence_number[6];
+        u8 mic[8];
+} __attribute__ ((packed));
 /* Control frames */
 struct ieee80211_rts {
        __le16 frame_control;
@@ -1018,6 +1027,7 @@ enum ieee80211_eid {
        WLAN_EID_HT_INFORMATION = 61,
        /* 802.11i */
        WLAN_EID_RSN = 48,
+        WLAN_EID_MMIE = 76 /* 802.11w */,
        WLAN_EID_WPA = 221,
        WLAN_EID_GENERIC = 221,
        WLAN_EID_VENDOR_SPECIFIC = 221,
diff --git a/net/mac80211/Makefile b/net/mac80211/Makefile
index 7d4971aa443f..5c6fadfb6a00 100644
--- a/net/mac80211/Makefile
+++ b/net/mac80211/Makefile
@@ -15,6 +15,7 @@ mac80211-y := \
        michael.o \
        tkip.o \
        aes_ccm.o \
+        aes_cmac.o \
        cfg.o \
        rx.o \
        spectmgmt.o \
diff --git a/net/mac80211/aes_cmac.c b/net/mac80211/aes_cmac.c
new file mode 100644
index 000000000000..3d097b3d7b62
--- /dev/null
+++ b/net/mac80211/aes_cmac.c
@@ -0,0 +1,135 @@
+/*
+ * AES-128-CMAC with TLen 16 for IEEE 802.11w BIP
+ * Copyright 2008, Jouni Malinen <j@w1.fi>
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License version 2 as
+ * published by the Free Software Foundation.
+ */
+#include <linux/kernel.h>
+#include <linux/types.h>
+#include <linux/crypto.h>
+#include <linux/err.h>
+#include <net/mac80211.h>
+#include "key.h"
+#include "aes_cmac.h"
+#define AES_BLOCK_SIZE 16
+#define AES_CMAC_KEY_LEN 16
+#define CMAC_TLEN 8 /* CMAC TLen = 64 bits (8 octets) */
+#define AAD_LEN 20
+static void gf_mulx(u8 *pad)
+{
+        int i, carry;
+        carry = pad[0] & 0x80;
+        for (i = 0; i < AES_BLOCK_SIZE - 1; i++)
+                pad[i] = (pad[i] << 1) | (pad[i + 1] >> 7);
+        pad[AES_BLOCK_SIZE - 1] <<= 1;
+        if (carry)
+                pad[AES_BLOCK_SIZE - 1] ^= 0x87;
+}
+static void aes_128_cmac_vector(struct crypto_cipher *tfm, u8 *scratch,
+                                size_t num_elem,
+                                const u8 *addr[], const size_t *len, u8 *mac)
+{
+        u8 *cbc, *pad;
+        const u8 *pos, *end;
+        size_t i, e, left, total_len;
+        cbc = scratch;
+        pad = scratch + AES_BLOCK_SIZE;
+        memset(cbc, 0, AES_BLOCK_SIZE);
+        total_len = 0;
+        for (e = 0; e < num_elem; e++)
+                total_len += len[e];
+        left = total_len;
+        e = 0;
+        pos = addr[0];
+        end = pos + len[0];
+        while (left >= AES_BLOCK_SIZE) {
+                for (i = 0; i < AES_BLOCK_SIZE; i++) {
+                        cbc[i] ^= *pos++;
+                        if (pos >= end) {
+                                e++;
+                                pos = addr[e];
+                                end = pos + len[e];
+                        }
+                }
+                if (left > AES_BLOCK_SIZE)
+                        crypto_cipher_encrypt_one(tfm, cbc, cbc);
+                left -= AES_BLOCK_SIZE;
+        }
+        memset(pad, 0, AES_BLOCK_SIZE);
+        crypto_cipher_encrypt_one(tfm, pad, pad);
+        gf_mulx(pad);
+        if (left || total_len == 0) {
+                for (i = 0; i < left; i++) {
+                        cbc[i] ^= *pos++;
+                        if (pos >= end) {
+                                e++;
+                                pos = addr[e];
+                                end = pos + len[e];
+                        }
+                }
+                cbc[left] ^= 0x80;
+                gf_mulx(pad);
+        }
+        for (i = 0; i < AES_BLOCK_SIZE; i++)
+                pad[i] ^= cbc[i];
+        crypto_cipher_encrypt_one(tfm, pad, pad);
+        memcpy(mac, pad, CMAC_TLEN);
+}
+void ieee80211_aes_cmac(struct crypto_cipher *tfm, u8 *scratch, const u8 *aad,
+                        const u8 *data, size_t data_len, u8 *mic)
+{
+        const u8 *addr[3];
+        size_t len[3];
+        u8 zero[CMAC_TLEN];
+        memset(zero, 0, CMAC_TLEN);
+        addr[0] = aad;
+        len[0] = AAD_LEN;
+        addr[1] = data;
+        len[1] = data_len - CMAC_TLEN;
+        addr[2] = zero;
+        len[2] = CMAC_TLEN;
+        aes_128_cmac_vector(tfm, scratch, 3, addr, len, mic);
+}
+struct crypto_cipher * ieee80211_aes_cmac_key_setup(const u8 key[])
+{
+        struct crypto_cipher *tfm;
+        tfm = crypto_alloc_cipher("aes", 0, CRYPTO_ALG_ASYNC);
+        if (IS_ERR(tfm))
+                return NULL;
+        crypto_cipher_setkey(tfm, key, AES_CMAC_KEY_LEN);
+        return tfm;
+}
+void ieee80211_aes_cmac_key_free(struct crypto_cipher *tfm)
+{
+        if (tfm)
+                crypto_free_cipher(tfm);
+}
diff --git a/net/mac80211/aes_cmac.h b/net/mac80211/aes_cmac.h
new file mode 100644
index 000000000000..0eb9a4831508
--- /dev/null
+++ b/net/mac80211/aes_cmac.h
@@ -0,0 +1,19 @@
+/*
+ * Copyright 2008, Jouni Malinen <j@w1.fi>
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License version 2 as
+ * published by the Free Software Foundation.
+ */
+#ifndef AES_CMAC_H
+#define AES_CMAC_H
+#include <linux/crypto.h>
+struct crypto_cipher * ieee80211_aes_cmac_key_setup(const u8 key[]);
+void ieee80211_aes_cmac(struct crypto_cipher *tfm, u8 *scratch, const u8 *aad,
+                        const u8 *data, size_t data_len, u8 *mic);
+void ieee80211_aes_cmac_key_free(struct crypto_cipher *tfm);
+#endif /* AES_CMAC_H */
diff --git a/net/mac80211/ieee80211_i.h b/net/mac80211/ieee80211_i.h
index b5f86cb17630..20af92abd61d 100644
--- a/net/mac80211/ieee80211_i.h
+++ b/net/mac80211/ieee80211_i.h
@@ -43,7 +43,7 @@ struct ieee80211_local;
 /* Required encryption head and tailroom */
 #define IEEE80211_ENCRYPT_HEADROOM 8
-#define IEEE80211_ENCRYPT_TAILROOM 12
+#define IEEE80211_ENCRYPT_TAILROOM 18
 /* IEEE 802.11 (Ch. 9.5 Defragmentation) requires support for concurrent
 * reception of at least three fragmented frames. This limit can be increased
diff --git a/net/mac80211/key.h b/net/mac80211/key.h
index 425816e0996c..73ac28ca2ede 100644
--- a/net/mac80211/key.h
+++ b/net/mac80211/key.h
@@ -96,6 +96,16 @@ struct ieee80211_key {
                        u8 tx_crypto_buf[6 * AES_BLOCK_LEN];
                        u8 rx_crypto_buf[6 * AES_BLOCK_LEN];
                } ccmp;
+                struct {
+                        u8 tx_pn[6];
+                        u8 rx_pn[6];
+                        struct crypto_cipher *tfm;
+                        u32 replays; /* dot11RSNAStatsCMACReplays */
+                        u32 icverrors; /* dot11RSNAStatsCMACICVErrors */
+                        /* scratch buffers for virt_to_page() (crypto API) */
+                        u8 tx_crypto_buf[2 * AES_BLOCK_LEN];
+                        u8 rx_crypto_buf[2 * AES_BLOCK_LEN];
+                } aes_cmac;
        } u;
        /* number of times this key has been used */
diff --git a/net/mac80211/wpa.c b/net/mac80211/wpa.c
index aff46adde3f0..53e11e6ff66e 100644
--- a/net/mac80211/wpa.c
+++ b/net/mac80211/wpa.c
@@ -1,5 +1,6 @@
 /*
 * Copyright 2002-2004, Instant802 Networks, Inc.
+ * Copyright 2008, Jouni Malinen <j@w1.fi>
 *
 * This program is free software; you can redistribute it and/or modify
 * it under the terms of the GNU General Public License version 2 as
@@ -19,6 +20,7 @@
 #include "michael.h"
 #include "tkip.h"
 #include "aes_ccm.h"
+#include "aes_cmac.h"
 #include "wpa.h"
 ieee80211_tx_result
@@ -491,3 +493,126 @@ ieee80211_crypto_ccmp_decrypt(struct ieee80211_rx_data *rx)
        return RX_CONTINUE;
 }
+static void bip_aad(struct sk_buff *skb, u8 *aad)
+{
+        /* BIP AAD: FC(masked) || A1 || A2 || A3 */
+        /* FC type/subtype */
+        aad[0] = skb->data[0];
+        /* Mask FC Retry, PwrMgt, MoreData flags to zero */
+        aad[1] = skb->data[1] & ~(BIT(4) | BIT(5) | BIT(6));
+        /* A1 || A2 || A3 */
+        memcpy(aad + 2, skb->data + 4, 3 * ETH_ALEN);
+}
+static inline void bip_ipn_swap(u8 *d, const u8 *s)
+{
+        *d++ = s[5];
+        *d++ = s[4];
+        *d++ = s[3];
+        *d++ = s[2];
+        *d++ = s[1];
+        *d = s[0];
+}
+ieee80211_tx_result
+ieee80211_crypto_aes_cmac_encrypt(struct ieee80211_tx_data *tx)
+{
+        struct sk_buff *skb = tx->skb;
+        struct ieee80211_tx_info *info = IEEE80211_SKB_CB(skb);
+        struct ieee80211_key *key = tx->key;
+        struct ieee80211_mmie *mmie;
+        u8 *pn, aad[20];
+        int i;
+        if (tx->key->flags & KEY_FLAG_UPLOADED_TO_HARDWARE) {
+                /* hwaccel */
+                info->control.hw_key = &tx->key->conf;
+                return 0;
+        }
+        if (WARN_ON(skb_tailroom(skb) < sizeof(*mmie)))
+                return TX_DROP;
+        mmie = (struct ieee80211_mmie *) skb_put(skb, sizeof(*mmie));
+        mmie->element_id = WLAN_EID_MMIE;
+        mmie->length = sizeof(*mmie) - 2;
+        mmie->key_id = cpu_to_le16(key->conf.keyidx);
+        /* PN = PN + 1 */
+        pn = key->u.aes_cmac.tx_pn;
+        for (i = sizeof(key->u.aes_cmac.tx_pn) - 1; i >= 0; i--) {
+                pn[i]++;
+                if (pn[i])
+                        break;
+        }
+        bip_ipn_swap(mmie->sequence_number, pn);
+        bip_aad(skb, aad);
+        /*
+         * MIC = AES-128-CMAC(IGTK, AAD || Management Frame Body || MMIE, 64)
+         */
+        ieee80211_aes_cmac(key->u.aes_cmac.tfm, key->u.aes_cmac.tx_crypto_buf,
+                           aad, skb->data + 24, skb->len - 24, mmie->mic);
+        return TX_CONTINUE;
+}
+ieee80211_rx_result
+ieee80211_crypto_aes_cmac_decrypt(struct ieee80211_rx_data *rx)
+{
+        struct sk_buff *skb = rx->skb;
+        struct ieee80211_key *key = rx->key;
+        struct ieee80211_mmie *mmie;
+        u8 aad[20], mic[8], ipn[6];
+        struct ieee80211_hdr *hdr = (struct ieee80211_hdr *) skb->data;
+        if (!ieee80211_is_mgmt(hdr->frame_control))
+                return RX_CONTINUE;
+        if ((rx->status->flag & RX_FLAG_DECRYPTED) &&
+            (rx->status->flag & RX_FLAG_IV_STRIPPED))
+                return RX_CONTINUE;
+        if (skb->len < 24 + sizeof(*mmie))
+                return RX_DROP_UNUSABLE;
+        mmie = (struct ieee80211_mmie *)
+                (skb->data + skb->len - sizeof(*mmie));
+        if (mmie->element_id != WLAN_EID_MMIE ||
+            mmie->length != sizeof(*mmie) - 2)
+                return RX_DROP_UNUSABLE; /* Invalid MMIE */
+        bip_ipn_swap(ipn, mmie->sequence_number);
+        if (memcmp(ipn, key->u.aes_cmac.rx_pn, 6) <= 0) {
+                key->u.aes_cmac.replays++;
+                return RX_DROP_UNUSABLE;
+        }
+        if (!(rx->status->flag & RX_FLAG_DECRYPTED)) {
+                /* hardware didn't decrypt/verify MIC */
+                bip_aad(skb, aad);
+                ieee80211_aes_cmac(key->u.aes_cmac.tfm,
+                                   key->u.aes_cmac.rx_crypto_buf, aad,
+                                   skb->data + 24, skb->len - 24, mic);
+                if (memcmp(mic, mmie->mic, sizeof(mmie->mic)) != 0) {
+                        key->u.aes_cmac.icverrors++;
+                        return RX_DROP_UNUSABLE;
+                }
+        }
+        memcpy(key->u.aes_cmac.rx_pn, ipn, 6);
+        /* Remove MMIE */
+        skb_trim(skb, skb->len - sizeof(*mmie));
+        return RX_CONTINUE;
+}
diff --git a/net/mac80211/wpa.h b/net/mac80211/wpa.h
index d42d221d8a1d..baba0608313e 100644
--- a/net/mac80211/wpa.h
+++ b/net/mac80211/wpa.h
@@ -28,4 +28,9 @@ ieee80211_crypto_ccmp_encrypt(struct ieee80211_tx_data *tx);
 ieee80211_rx_result
 ieee80211_crypto_ccmp_decrypt(struct ieee80211_rx_data *rx);
+ieee80211_tx_result
+ieee80211_crypto_aes_cmac_encrypt(struct ieee80211_tx_data *tx);
+ieee80211_rx_result
+ieee80211_crypto_aes_cmac_decrypt(struct ieee80211_rx_data *rx);
 #endif /* WPA_H */
author	Jouni Malinen <j@w1.fi>	2009-01-08 06:32:01 -0500
committer	John W. Linville <linville@tuxdriver.com>	2009-01-29 16:00:02 -0500
commit	765cb46a3fc856245ea68a7c961ac87c77e4ae2d (patch)
tree	210cb9cd260430221ddb3be9620ee8ae90ecee34
parent	fb7333367632c67d8b6b06fb8d906cdabb11b02a (diff)

diff --git a/include/linux/ieee80211.h b/include/linux/ieee80211.h index d5165895f316..cceb9e86c744 100644 --- a/include/linux/ieee80211.h +++ b/include/linux/ieee80211.h
@@ -655,6 +655,15 @@ struct ieee80211_mgmt {
655	#define IEEE80211_MIN_ACTION_SIZE offsetof(struct ieee80211_mgmt, u.action.u)	655	#define IEEE80211_MIN_ACTION_SIZE offsetof(struct ieee80211_mgmt, u.action.u)
656		656
657		657
		658	/* Management MIC information element (IEEE 802.11w) */
		659	struct ieee80211_mmie {
		660	u8 element_id;
		661	u8 length;
		662	__le16 key_id;
		663	u8 sequence_number[6];
		664	u8 mic[8];
		665	} __attribute__ ((packed));
		666
658	/* Control frames */	667	/* Control frames */
659	struct ieee80211_rts {	668	struct ieee80211_rts {
660	__le16 frame_control;	669	__le16 frame_control;
@@ -1018,6 +1027,7 @@ enum ieee80211_eid {
1018	WLAN_EID_HT_INFORMATION = 61,	1027	WLAN_EID_HT_INFORMATION = 61,
1019	/* 802.11i */	1028	/* 802.11i */
1020	WLAN_EID_RSN = 48,	1029	WLAN_EID_RSN = 48,
		1030	WLAN_EID_MMIE = 76 /* 802.11w */,
1021	WLAN_EID_WPA = 221,	1031	WLAN_EID_WPA = 221,
1022	WLAN_EID_GENERIC = 221,	1032	WLAN_EID_GENERIC = 221,
1023	WLAN_EID_VENDOR_SPECIFIC = 221,	1033	WLAN_EID_VENDOR_SPECIFIC = 221,


diff --git a/net/mac80211/Makefile b/net/mac80211/Makefile index 7d4971aa443f..5c6fadfb6a00 100644 --- a/net/mac80211/Makefile +++ b/net/mac80211/Makefile
@@ -15,6 +15,7 @@ mac80211-y := \
15	michael.o \	15	michael.o \
16	tkip.o \	16	tkip.o \
17	aes_ccm.o \	17	aes_ccm.o \
		18	aes_cmac.o \
18	cfg.o \	19	cfg.o \
19	rx.o \	20	rx.o \
20	spectmgmt.o \	21	spectmgmt.o \


diff --git a/net/mac80211/aes_cmac.c b/net/mac80211/aes_cmac.c new file mode 100644 index 000000000000..3d097b3d7b62 --- /dev/null +++ b/net/mac80211/aes_cmac.c
@@ -0,0 +1,135 @@
		1	/*
		2	* AES-128-CMAC with TLen 16 for IEEE 802.11w BIP
		3	* Copyright 2008, Jouni Malinen <j@w1.fi>
		4	*
		5	* This program is free software; you can redistribute it and/or modify
		6	* it under the terms of the GNU General Public License version 2 as
		7	* published by the Free Software Foundation.
		8	*/
		9
		10	#include <linux/kernel.h>
		11	#include <linux/types.h>
		12	#include <linux/crypto.h>
		13	#include <linux/err.h>
		14
		15	#include <net/mac80211.h>
		16	#include "key.h"
		17	#include "aes_cmac.h"
		18
		19	#define AES_BLOCK_SIZE 16
		20	#define AES_CMAC_KEY_LEN 16
		21	#define CMAC_TLEN 8 /* CMAC TLen = 64 bits (8 octets) */
		22	#define AAD_LEN 20
		23
		24
		25	static void gf_mulx(u8 *pad)
		26	{
		27	int i, carry;
		28
		29	carry = pad[0] & 0x80;
		30	for (i = 0; i < AES_BLOCK_SIZE - 1; i++)
		31	pad[i] = (pad[i] << 1) \| (pad[i + 1] >> 7);
		32	pad[AES_BLOCK_SIZE - 1] <<= 1;
		33	if (carry)
		34	pad[AES_BLOCK_SIZE - 1] ^= 0x87;
		35	}
		36
		37
		38	static void aes_128_cmac_vector(struct crypto_cipher tfm, u8 scratch,
		39	size_t num_elem,
		40	const u8 addr[], const size_t len, u8 *mac)
		41	{
		42	u8 cbc, pad;
		43	const u8 pos, end;
		44	size_t i, e, left, total_len;
		45
		46	cbc = scratch;
		47	pad = scratch + AES_BLOCK_SIZE;
		48
		49	memset(cbc, 0, AES_BLOCK_SIZE);
		50
		51	total_len = 0;
		52	for (e = 0; e < num_elem; e++)
		53	total_len += len[e];
		54	left = total_len;
		55
		56	e = 0;
		57	pos = addr[0];
		58	end = pos + len[0];
		59
		60	while (left >= AES_BLOCK_SIZE) {
		61	for (i = 0; i < AES_BLOCK_SIZE; i++) {
		62	cbc[i] ^= *pos++;
		63	if (pos >= end) {
		64	e++;
		65	pos = addr[e];
		66	end = pos + len[e];
		67	}
		68	}
		69	if (left > AES_BLOCK_SIZE)
		70	crypto_cipher_encrypt_one(tfm, cbc, cbc);
		71	left -= AES_BLOCK_SIZE;
		72	}
		73
		74	memset(pad, 0, AES_BLOCK_SIZE);
		75	crypto_cipher_encrypt_one(tfm, pad, pad);
		76	gf_mulx(pad);
		77
		78	if (left \|\| total_len == 0) {
		79	for (i = 0; i < left; i++) {
		80	cbc[i] ^= *pos++;
		81	if (pos >= end) {
		82	e++;
		83	pos = addr[e];
		84	end = pos + len[e];
		85	}
		86	}
		87	cbc[left] ^= 0x80;
		88	gf_mulx(pad);
		89	}
		90
		91	for (i = 0; i < AES_BLOCK_SIZE; i++)
		92	pad[i] ^= cbc[i];
		93	crypto_cipher_encrypt_one(tfm, pad, pad);
		94	memcpy(mac, pad, CMAC_TLEN);
		95	}
		96
		97
		98	void ieee80211_aes_cmac(struct crypto_cipher tfm, u8 scratch, const u8 *aad,
		99	const u8 data, size_t data_len, u8 mic)
		100	{
		101	const u8 *addr[3];
		102	size_t len[3];
		103	u8 zero[CMAC_TLEN];
		104
		105	memset(zero, 0, CMAC_TLEN);
		106	addr[0] = aad;
		107	len[0] = AAD_LEN;
		108	addr[1] = data;
		109	len[1] = data_len - CMAC_TLEN;
		110	addr[2] = zero;
		111	len[2] = CMAC_TLEN;
		112
		113	aes_128_cmac_vector(tfm, scratch, 3, addr, len, mic);
		114	}
		115
		116
		117	struct crypto_cipher * ieee80211_aes_cmac_key_setup(const u8 key[])
		118	{
		119	struct crypto_cipher *tfm;
		120
		121	tfm = crypto_alloc_cipher("aes", 0, CRYPTO_ALG_ASYNC);
		122	if (IS_ERR(tfm))
		123	return NULL;
		124
		125	crypto_cipher_setkey(tfm, key, AES_CMAC_KEY_LEN);
		126
		127	return tfm;
		128	}
		129
		130
		131	void ieee80211_aes_cmac_key_free(struct crypto_cipher *tfm)
		132	{
		133	if (tfm)
		134	crypto_free_cipher(tfm);
		135	}


diff --git a/net/mac80211/aes_cmac.h b/net/mac80211/aes_cmac.h new file mode 100644 index 000000000000..0eb9a4831508 --- /dev/null +++ b/net/mac80211/aes_cmac.h
@@ -0,0 +1,19 @@
		1	/*
		2	* Copyright 2008, Jouni Malinen <j@w1.fi>
		3	*
		4	* This program is free software; you can redistribute it and/or modify
		5	* it under the terms of the GNU General Public License version 2 as
		6	* published by the Free Software Foundation.
		7	*/
		8
		9	#ifndef AES_CMAC_H
		10	#define AES_CMAC_H
		11
		12	#include <linux/crypto.h>
		13
		14	struct crypto_cipher * ieee80211_aes_cmac_key_setup(const u8 key[]);
		15	void ieee80211_aes_cmac(struct crypto_cipher tfm, u8 scratch, const u8 *aad,
		16	const u8 data, size_t data_len, u8 mic);
		17	void ieee80211_aes_cmac_key_free(struct crypto_cipher *tfm);
		18
		19	#endif /* AES_CMAC_H */


diff --git a/net/mac80211/ieee80211_i.h b/net/mac80211/ieee80211_i.h index b5f86cb17630..20af92abd61d 100644 --- a/net/mac80211/ieee80211_i.h +++ b/net/mac80211/ieee80211_i.h
@@ -43,7 +43,7 @@ struct ieee80211_local;
43		43
44	/* Required encryption head and tailroom */	44	/* Required encryption head and tailroom */
45	#define IEEE80211_ENCRYPT_HEADROOM 8	45	#define IEEE80211_ENCRYPT_HEADROOM 8
46	#define IEEE80211_ENCRYPT_TAILROOM 12	46	#define IEEE80211_ENCRYPT_TAILROOM 18
47		47
48	/* IEEE 802.11 (Ch. 9.5 Defragmentation) requires support for concurrent	48	/* IEEE 802.11 (Ch. 9.5 Defragmentation) requires support for concurrent
49	* reception of at least three fragmented frames. This limit can be increased	49	* reception of at least three fragmented frames. This limit can be increased


diff --git a/net/mac80211/key.h b/net/mac80211/key.h index 425816e0996c..73ac28ca2ede 100644 --- a/net/mac80211/key.h +++ b/net/mac80211/key.h
@@ -96,6 +96,16 @@ struct ieee80211_key {
96	u8 tx_crypto_buf[6 * AES_BLOCK_LEN];	96	u8 tx_crypto_buf[6 * AES_BLOCK_LEN];
97	u8 rx_crypto_buf[6 * AES_BLOCK_LEN];	97	u8 rx_crypto_buf[6 * AES_BLOCK_LEN];
98	} ccmp;	98	} ccmp;
		99	struct {
		100	u8 tx_pn[6];
		101	u8 rx_pn[6];
		102	struct crypto_cipher *tfm;
		103	u32 replays; /* dot11RSNAStatsCMACReplays */
		104	u32 icverrors; /* dot11RSNAStatsCMACICVErrors */
		105	/* scratch buffers for virt_to_page() (crypto API) */
		106	u8 tx_crypto_buf[2 * AES_BLOCK_LEN];
		107	u8 rx_crypto_buf[2 * AES_BLOCK_LEN];
		108	} aes_cmac;
99	} u;	109	} u;
100		110
101	/* number of times this key has been used */	111	/* number of times this key has been used */


diff --git a/net/mac80211/wpa.c b/net/mac80211/wpa.c index aff46adde3f0..53e11e6ff66e 100644 --- a/net/mac80211/wpa.c +++ b/net/mac80211/wpa.c
@@ -1,5 +1,6 @@
1	/*	1	/*
2	* Copyright 2002-2004, Instant802 Networks, Inc.	2	* Copyright 2002-2004, Instant802 Networks, Inc.
		3	* Copyright 2008, Jouni Malinen <j@w1.fi>
3	*	4	*
4	* This program is free software; you can redistribute it and/or modify	5	* This program is free software; you can redistribute it and/or modify
5	* it under the terms of the GNU General Public License version 2 as	6	* it under the terms of the GNU General Public License version 2 as
@@ -19,6 +20,7 @@
19	#include "michael.h"	20	#include "michael.h"
20	#include "tkip.h"	21	#include "tkip.h"
21	#include "aes_ccm.h"	22	#include "aes_ccm.h"
		23	#include "aes_cmac.h"
22	#include "wpa.h"	24	#include "wpa.h"
23		25
24	ieee80211_tx_result	26	ieee80211_tx_result
@@ -491,3 +493,126 @@ ieee80211_crypto_ccmp_decrypt(struct ieee80211_rx_data *rx)
491		493
492	return RX_CONTINUE;	494	return RX_CONTINUE;
493	}	495	}
		496
		497
		498	static void bip_aad(struct sk_buff skb, u8 aad)
		499	{
		500	/* BIP AAD: FC(masked) \|\| A1 \|\| A2 \|\| A3 */
		501
		502	/* FC type/subtype */
		503	aad[0] = skb->data[0];
		504	/* Mask FC Retry, PwrMgt, MoreData flags to zero */
		505	aad[1] = skb->data[1] & ~(BIT(4) \| BIT(5) \| BIT(6));
		506	/* A1 \|\| A2 \|\| A3 */
		507	memcpy(aad + 2, skb->data + 4, 3 * ETH_ALEN);
		508	}
		509
		510
		511	static inline void bip_ipn_swap(u8 d, const u8 s)
		512	{
		513	*d++ = s[5];
		514	*d++ = s[4];
		515	*d++ = s[3];
		516	*d++ = s[2];
		517	*d++ = s[1];
		518	*d = s[0];
		519	}
		520
		521
		522	ieee80211_tx_result
		523	ieee80211_crypto_aes_cmac_encrypt(struct ieee80211_tx_data *tx)
		524	{
		525	struct sk_buff *skb = tx->skb;
		526	struct ieee80211_tx_info *info = IEEE80211_SKB_CB(skb);
		527	struct ieee80211_key *key = tx->key;
		528	struct ieee80211_mmie *mmie;
		529	u8 *pn, aad[20];
		530	int i;
		531
		532	if (tx->key->flags & KEY_FLAG_UPLOADED_TO_HARDWARE) {
		533	/* hwaccel */
		534	info->control.hw_key = &tx->key->conf;
		535	return 0;
		536	}
		537
		538	if (WARN_ON(skb_tailroom(skb) < sizeof(*mmie)))
		539	return TX_DROP;
		540
		541	mmie = (struct ieee80211_mmie ) skb_put(skb, sizeof(mmie));
		542	mmie->element_id = WLAN_EID_MMIE;
		543	mmie->length = sizeof(*mmie) - 2;
		544	mmie->key_id = cpu_to_le16(key->conf.keyidx);
		545
		546	/* PN = PN + 1 */
		547	pn = key->u.aes_cmac.tx_pn;
		548
		549	for (i = sizeof(key->u.aes_cmac.tx_pn) - 1; i >= 0; i--) {
		550	pn[i]++;
		551	if (pn[i])
		552	break;
		553	}
		554	bip_ipn_swap(mmie->sequence_number, pn);
		555
		556	bip_aad(skb, aad);
		557
		558	/*
		559	* MIC = AES-128-CMAC(IGTK, AAD \|\| Management Frame Body \|\| MMIE, 64)
		560	*/
		561	ieee80211_aes_cmac(key->u.aes_cmac.tfm, key->u.aes_cmac.tx_crypto_buf,
		562	aad, skb->data + 24, skb->len - 24, mmie->mic);
		563
		564	return TX_CONTINUE;
		565	}
		566
		567
		568	ieee80211_rx_result
		569	ieee80211_crypto_aes_cmac_decrypt(struct ieee80211_rx_data *rx)
		570	{
		571	struct sk_buff *skb = rx->skb;
		572	struct ieee80211_key *key = rx->key;
		573	struct ieee80211_mmie *mmie;
		574	u8 aad[20], mic[8], ipn[6];
		575	struct ieee80211_hdr hdr = (struct ieee80211_hdr ) skb->data;
		576
		577	if (!ieee80211_is_mgmt(hdr->frame_control))
		578	return RX_CONTINUE;
		579
		580	if ((rx->status->flag & RX_FLAG_DECRYPTED) &&
		581	(rx->status->flag & RX_FLAG_IV_STRIPPED))
		582	return RX_CONTINUE;
		583
		584	if (skb->len < 24 + sizeof(*mmie))
		585	return RX_DROP_UNUSABLE;
		586
		587	mmie = (struct ieee80211_mmie *)
		588	(skb->data + skb->len - sizeof(*mmie));
		589	if (mmie->element_id != WLAN_EID_MMIE \|\|
		590	mmie->length != sizeof(*mmie) - 2)
		591	return RX_DROP_UNUSABLE; /* Invalid MMIE */
		592
		593	bip_ipn_swap(ipn, mmie->sequence_number);
		594
		595	if (memcmp(ipn, key->u.aes_cmac.rx_pn, 6) <= 0) {
		596	key->u.aes_cmac.replays++;
		597	return RX_DROP_UNUSABLE;
		598	}
		599
		600	if (!(rx->status->flag & RX_FLAG_DECRYPTED)) {
		601	/* hardware didn't decrypt/verify MIC */
		602	bip_aad(skb, aad);
		603	ieee80211_aes_cmac(key->u.aes_cmac.tfm,
		604	key->u.aes_cmac.rx_crypto_buf, aad,
		605	skb->data + 24, skb->len - 24, mic);
		606	if (memcmp(mic, mmie->mic, sizeof(mmie->mic)) != 0) {
		607	key->u.aes_cmac.icverrors++;
		608	return RX_DROP_UNUSABLE;
		609	}
		610	}
		611
		612	memcpy(key->u.aes_cmac.rx_pn, ipn, 6);
		613
		614	/* Remove MMIE */
		615	skb_trim(skb, skb->len - sizeof(*mmie));
		616
		617	return RX_CONTINUE;
		618	}


diff --git a/net/mac80211/wpa.h b/net/mac80211/wpa.h index d42d221d8a1d..baba0608313e 100644 --- a/net/mac80211/wpa.h +++ b/net/mac80211/wpa.h
@@ -28,4 +28,9 @@ ieee80211_crypto_ccmp_encrypt(struct ieee80211_tx_data *tx);
28	ieee80211_rx_result	28	ieee80211_rx_result
29	ieee80211_crypto_ccmp_decrypt(struct ieee80211_rx_data *rx);	29	ieee80211_crypto_ccmp_decrypt(struct ieee80211_rx_data *rx);
30		30
		31	ieee80211_tx_result
		32	ieee80211_crypto_aes_cmac_encrypt(struct ieee80211_tx_data *tx);
		33	ieee80211_rx_result
		34	ieee80211_crypto_aes_cmac_decrypt(struct ieee80211_rx_data *rx);
		35
31	#endif /* WPA_H */	36	#endif /* WPA_H */