[Bug 792] Fix WPA-PSK AES both for -Dipw and -Dwext.

Signed-off-by: Zhu Yi <yi.zhu@intel.com>
author: Zhu Yi <yi.zhu@intel.com> 2005-08-05 05:22:56 -0400
committer: James Ketrenos <jketreno@linux.intel.com> 2005-11-07 18:50:39 -0500
commit: 1fbfea549f07f1f7afd436f1e45b25437f0172c2 (patch)
tree: 96dced82fc405eab36695e1f7568c4c77fc77324 /drivers/net/wireless/ipw2200.c
parent: e402c9374112aaf1fc5796013dc3040ebb3954ca (diff)
1 files changed, 125 insertions, 16 deletions
diff --git a/drivers/net/wireless/ipw2200.c b/drivers/net/wireless/ipw2200.c
index f8dac52df93a..c6da5f534250 100644
--- a/drivers/net/wireless/ipw2200.c
+++ b/drivers/net/wireless/ipw2200.c
@@ -5557,6 +5557,55 @@ static void ipw_send_wep_keys(struct ipw_priv *priv, int type)
        }
 }
+static void ipw_set_hw_decrypt_unicast(struct ipw_priv *priv, int level)
+{
+        if (priv->ieee->host_encrypt)
+                return;
+        switch (level) {
+        case SEC_LEVEL_3:
+                priv->sys_config.disable_unicast_decryption = 0;
+                priv->ieee->host_decrypt = 0;
+                break;
+        case SEC_LEVEL_2:
+                priv->sys_config.disable_unicast_decryption = 1;
+                priv->ieee->host_decrypt = 1;
+                break;
+        case SEC_LEVEL_1:
+                priv->sys_config.disable_unicast_decryption = 0;
+                priv->ieee->host_decrypt = 0;
+                break;
+        case SEC_LEVEL_0:
+                priv->sys_config.disable_unicast_decryption = 1;
+                break;
+        default:
+                break;
+        }
+}
+static void ipw_set_hw_decrypt_multicast(struct ipw_priv *priv, int level)
+{
+        if (priv->ieee->host_encrypt)
+                return;
+        switch (level) {
+        case SEC_LEVEL_3:
+                priv->sys_config.disable_multicast_decryption = 0;
+                break;
+        case SEC_LEVEL_2:
+                priv->sys_config.disable_multicast_decryption = 1;
+                break;
+        case SEC_LEVEL_1:
+                priv->sys_config.disable_multicast_decryption = 0;
+                break;
+        case SEC_LEVEL_0:
+                priv->sys_config.disable_multicast_decryption = 1;
+                break;
+        default:
+                break;
+        }
+}
 static void ipw_set_hwcrypto_keys(struct ipw_priv *priv)
 {
        switch (priv->ieee->sec.level) {
@@ -5567,33 +5616,23 @@ static void ipw_set_hwcrypto_keys(struct ipw_priv *priv)
                                            priv->ieee->sec.active_key);
                ipw_send_wep_keys(priv, DCW_WEP_KEY_SEC_TYPE_CCM);
-                priv->sys_config.disable_unicast_decryption = 0;
-                priv->sys_config.disable_multicast_decryption = 0;
-                priv->ieee->host_decrypt = 0;
                break;
        case SEC_LEVEL_2:
                if (priv->ieee->sec.flags & SEC_ACTIVE_KEY)
                        ipw_send_tgi_tx_key(priv,
                                            DCT_FLAG_EXT_SECURITY_TKIP,
                                            priv->ieee->sec.active_key);
-                priv->sys_config.disable_unicast_decryption = 1;
-                priv->sys_config.disable_multicast_decryption = 1;
-                priv->ieee->host_decrypt = 1;
                break;
        case SEC_LEVEL_1:
                ipw_send_wep_keys(priv, DCW_WEP_KEY_SEC_TYPE_WEP);
-                priv->sys_config.disable_unicast_decryption = 0;
-                priv->sys_config.disable_multicast_decryption = 0;
-                priv->ieee->host_decrypt = 0;
                break;
        case SEC_LEVEL_0:
-                priv->sys_config.disable_unicast_decryption = 1;
-                priv->sys_config.disable_multicast_decryption = 1;
-                break;
        default:
                break;
        }
+        ipw_set_hw_decrypt_unicast(priv, priv->ieee->sec.level);
+        ipw_set_hw_decrypt_multicast(priv, priv->ieee->sec.level);
 }
 static void ipw_adhoc_check(void *data)
@@ -6185,12 +6224,31 @@ static int ipw_wpa_mlme(struct net_device *dev, int command, int reason)
        return ret;
 }
+static int ipw_wpa_ie_cipher2level(u8 cipher)
+{
+        switch (cipher) {
+        case 4:         /* CCMP */
+                return SEC_LEVEL_3;
+        case 2:         /* TKIP */
+                return SEC_LEVEL_2;
+        case 5:         /* WEP104 */
+        case 1:         /* WEP40 */
+                return SEC_LEVEL_1;
+        case 0:         /* NONE */
+                return SEC_LEVEL_0;
+        default:
+                return -1;
+        }
+}
 static int ipw_wpa_set_wpa_ie(struct net_device *dev,
                              struct ipw_param *param, int plen)
 {
        struct ipw_priv *priv = ieee80211_priv(dev);
        struct ieee80211_device *ieee = priv->ieee;
        u8 *buf;
+        u8 *ptk, *gtk;
+        int level;
        if (param->u.wpa_ie.len > MAX_WPA_IE_LEN ||
            (param->u.wpa_ie.len && param->u.wpa_ie.data == NULL))
@@ -6209,8 +6267,35 @@ static int ipw_wpa_set_wpa_ie(struct net_device *dev,
                kfree(ieee->wpa_ie);
                ieee->wpa_ie = NULL;
                ieee->wpa_ie_len = 0;
+                goto done;
+        }
+        if (priv->ieee->host_encrypt)
+                goto done;
+        /* HACK: Parse wpa_ie here to get pairwise suite, otherwise
+         * we need to change driver_ipw.c from wpa_supplicant. This
+         * is OK since -Dipw is deprecated. The -Dwext driver has a
+         * clean way to handle this. */
+        gtk = ptk = (u8 *) ieee->wpa_ie;
+        if (ieee->wpa_ie[0] == 0x30) {  /* RSN IE */
+                gtk += 4 + 3;
+                ptk += 4 + 4 + 2 + 3;
+        } else {                /* WPA IE */
+                gtk += 8 + 3;
+                ptk += 8 + 4 + 2 + 3;
        }
+        if (ptk - (u8 *) ieee->wpa_ie > ieee->wpa_ie_len)
+                return -EINVAL;
+        level = ipw_wpa_ie_cipher2level(*gtk);
+        ipw_set_hw_decrypt_multicast(priv, level);
+        level = ipw_wpa_ie_cipher2level(*ptk);
+        ipw_set_hw_decrypt_unicast(priv, level);
+      done:
        ipw_wpa_assoc_frame(priv, ieee->wpa_ie, ieee->wpa_ie_len);
        return 0;
 }
@@ -6510,6 +6595,23 @@ static int ipw_wx_get_genie(struct net_device *dev,
        return err;
 }
+static int wext_cipher2level(int cipher)
+{
+        switch (cipher) {
+        case IW_AUTH_CIPHER_NONE:
+                return SEC_LEVEL_0;
+        case IW_AUTH_CIPHER_WEP40:
+        case IW_AUTH_CIPHER_WEP104:
+                return SEC_LEVEL_1;
+        case IW_AUTH_CIPHER_TKIP:
+                return SEC_LEVEL_2;
+        case IW_AUTH_CIPHER_CCMP:
+                return SEC_LEVEL_3;
+        default:
+                return -1;
+        }
+}
 /* SIOCSIWAUTH */
 static int ipw_wx_set_auth(struct net_device *dev,
                           struct iw_request_info *info,
@@ -6524,8 +6626,15 @@ static int ipw_wx_set_auth(struct net_device *dev,
        switch (param->flags & IW_AUTH_INDEX) {
        case IW_AUTH_WPA_VERSION:
+                break;
        case IW_AUTH_CIPHER_PAIRWISE:
+                ipw_set_hw_decrypt_unicast(priv,
+                                           wext_cipher2level(param->value));
+                break;
        case IW_AUTH_CIPHER_GROUP:
+                ipw_set_hw_decrypt_multicast(priv,
+                                             wext_cipher2level(param->value));
+                break;
        case IW_AUTH_KEY_MGMT:
                /*
                 * ipw2200 does not use these parameters
@@ -10256,11 +10365,11 @@ static void shim__set_security(struct net_device *dev,
                priv->ieee->sec.level = sec->level;
                priv->ieee->sec.flags |= SEC_LEVEL;
                priv->status |= STATUS_SECURITY_UPDATED;
-                if (!priv->ieee->host_encrypt && (sec->flags & SEC_ENCRYPT))
-                        ipw_set_hwcrypto_keys(priv);
        }
+        if (!priv->ieee->host_encrypt && (sec->flags & SEC_ENCRYPT))
+                ipw_set_hwcrypto_keys(priv);
        /* To match current functionality of ipw2100 (which works well w/
         * various supplicants, we don't force a disassociate if the
         * privacy capability changes ... */
author	Zhu Yi <yi.zhu@intel.com>	2005-08-05 05:22:56 -0400
committer	James Ketrenos <jketreno@linux.intel.com>	2005-11-07 18:50:39 -0500
commit	1fbfea549f07f1f7afd436f1e45b25437f0172c2 (patch)
tree	96dced82fc405eab36695e1f7568c4c77fc77324 /drivers/net/wireless/ipw2200.c
parent	e402c9374112aaf1fc5796013dc3040ebb3954ca (diff)

diff --git a/drivers/net/wireless/ipw2200.c b/drivers/net/wireless/ipw2200.c index f8dac52df93a..c6da5f534250 100644 --- a/drivers/net/wireless/ipw2200.c +++ b/drivers/net/wireless/ipw2200.c
@@ -5557,6 +5557,55 @@ static void ipw_send_wep_keys(struct ipw_priv *priv, int type)
5557	}	5557	}
5558	}	5558	}
5559		5559
		5560	static void ipw_set_hw_decrypt_unicast(struct ipw_priv *priv, int level)
		5561	{
		5562	if (priv->ieee->host_encrypt)
		5563	return;
		5564
		5565	switch (level) {
		5566	case SEC_LEVEL_3:
		5567	priv->sys_config.disable_unicast_decryption = 0;
		5568	priv->ieee->host_decrypt = 0;
		5569	break;
		5570	case SEC_LEVEL_2:
		5571	priv->sys_config.disable_unicast_decryption = 1;
		5572	priv->ieee->host_decrypt = 1;
		5573	break;
		5574	case SEC_LEVEL_1:
		5575	priv->sys_config.disable_unicast_decryption = 0;
		5576	priv->ieee->host_decrypt = 0;
		5577	break;
		5578	case SEC_LEVEL_0:
		5579	priv->sys_config.disable_unicast_decryption = 1;
		5580	break;
		5581	default:
		5582	break;
		5583	}
		5584	}
		5585
		5586	static void ipw_set_hw_decrypt_multicast(struct ipw_priv *priv, int level)
		5587	{
		5588	if (priv->ieee->host_encrypt)
		5589	return;
		5590
		5591	switch (level) {
		5592	case SEC_LEVEL_3:
		5593	priv->sys_config.disable_multicast_decryption = 0;
		5594	break;
		5595	case SEC_LEVEL_2:
		5596	priv->sys_config.disable_multicast_decryption = 1;
		5597	break;
		5598	case SEC_LEVEL_1:
		5599	priv->sys_config.disable_multicast_decryption = 0;
		5600	break;
		5601	case SEC_LEVEL_0:
		5602	priv->sys_config.disable_multicast_decryption = 1;
		5603	break;
		5604	default:
		5605	break;
		5606	}
		5607	}
		5608
5560	static void ipw_set_hwcrypto_keys(struct ipw_priv *priv)	5609	static void ipw_set_hwcrypto_keys(struct ipw_priv *priv)
5561	{	5610	{
5562	switch (priv->ieee->sec.level) {	5611	switch (priv->ieee->sec.level) {
@@ -5567,33 +5616,23 @@ static void ipw_set_hwcrypto_keys(struct ipw_priv *priv)
5567	priv->ieee->sec.active_key);	5616	priv->ieee->sec.active_key);
5568		5617
5569	ipw_send_wep_keys(priv, DCW_WEP_KEY_SEC_TYPE_CCM);	5618	ipw_send_wep_keys(priv, DCW_WEP_KEY_SEC_TYPE_CCM);
5570	priv->sys_config.disable_unicast_decryption = 0;
5571	priv->sys_config.disable_multicast_decryption = 0;
5572	priv->ieee->host_decrypt = 0;
5573	break;	5619	break;
5574	case SEC_LEVEL_2:	5620	case SEC_LEVEL_2:
5575	if (priv->ieee->sec.flags & SEC_ACTIVE_KEY)	5621	if (priv->ieee->sec.flags & SEC_ACTIVE_KEY)
5576	ipw_send_tgi_tx_key(priv,	5622	ipw_send_tgi_tx_key(priv,
5577	DCT_FLAG_EXT_SECURITY_TKIP,	5623	DCT_FLAG_EXT_SECURITY_TKIP,
5578	priv->ieee->sec.active_key);	5624	priv->ieee->sec.active_key);
5579
5580	priv->sys_config.disable_unicast_decryption = 1;
5581	priv->sys_config.disable_multicast_decryption = 1;
5582	priv->ieee->host_decrypt = 1;
5583	break;	5625	break;
5584	case SEC_LEVEL_1:	5626	case SEC_LEVEL_1:
5585	ipw_send_wep_keys(priv, DCW_WEP_KEY_SEC_TYPE_WEP);	5627	ipw_send_wep_keys(priv, DCW_WEP_KEY_SEC_TYPE_WEP);
5586	priv->sys_config.disable_unicast_decryption = 0;
5587	priv->sys_config.disable_multicast_decryption = 0;
5588	priv->ieee->host_decrypt = 0;
5589	break;	5628	break;
5590	case SEC_LEVEL_0:	5629	case SEC_LEVEL_0:
5591	priv->sys_config.disable_unicast_decryption = 1;
5592	priv->sys_config.disable_multicast_decryption = 1;
5593	break;
5594	default:	5630	default:
5595	break;	5631	break;
5596	}	5632	}
		5633
		5634	ipw_set_hw_decrypt_unicast(priv, priv->ieee->sec.level);
		5635	ipw_set_hw_decrypt_multicast(priv, priv->ieee->sec.level);
5597	}	5636	}
5598		5637
5599	static void ipw_adhoc_check(void *data)	5638	static void ipw_adhoc_check(void *data)
@@ -6185,12 +6224,31 @@ static int ipw_wpa_mlme(struct net_device *dev, int command, int reason)
6185	return ret;	6224	return ret;
6186	}	6225	}
6187		6226
		6227	static int ipw_wpa_ie_cipher2level(u8 cipher)
		6228	{
		6229	switch (cipher) {
		6230	case 4: /* CCMP */
		6231	return SEC_LEVEL_3;
		6232	case 2: /* TKIP */
		6233	return SEC_LEVEL_2;
		6234	case 5: /* WEP104 */
		6235	case 1: /* WEP40 */
		6236	return SEC_LEVEL_1;
		6237	case 0: /* NONE */
		6238	return SEC_LEVEL_0;
		6239	default:
		6240	return -1;
		6241	}
		6242	}
		6243
6188	static int ipw_wpa_set_wpa_ie(struct net_device *dev,	6244	static int ipw_wpa_set_wpa_ie(struct net_device *dev,
6189	struct ipw_param *param, int plen)	6245	struct ipw_param *param, int plen)
6190	{	6246	{
6191	struct ipw_priv *priv = ieee80211_priv(dev);	6247	struct ipw_priv *priv = ieee80211_priv(dev);
6192	struct ieee80211_device *ieee = priv->ieee;	6248	struct ieee80211_device *ieee = priv->ieee;
6193	u8 *buf;	6249	u8 *buf;
		6250	u8 ptk, gtk;
		6251	int level;
6194		6252
6195	if (param->u.wpa_ie.len > MAX_WPA_IE_LEN \|\|	6253	if (param->u.wpa_ie.len > MAX_WPA_IE_LEN \|\|
6196	(param->u.wpa_ie.len && param->u.wpa_ie.data == NULL))	6254	(param->u.wpa_ie.len && param->u.wpa_ie.data == NULL))
@@ -6209,8 +6267,35 @@ static int ipw_wpa_set_wpa_ie(struct net_device *dev,
6209	kfree(ieee->wpa_ie);	6267	kfree(ieee->wpa_ie);
6210	ieee->wpa_ie = NULL;	6268	ieee->wpa_ie = NULL;
6211	ieee->wpa_ie_len = 0;	6269	ieee->wpa_ie_len = 0;
		6270	goto done;
		6271	}
		6272
		6273	if (priv->ieee->host_encrypt)
		6274	goto done;
		6275
		6276	/* HACK: Parse wpa_ie here to get pairwise suite, otherwise
		6277	* we need to change driver_ipw.c from wpa_supplicant. This
		6278	* is OK since -Dipw is deprecated. The -Dwext driver has a
		6279	* clean way to handle this. */
		6280	gtk = ptk = (u8 *) ieee->wpa_ie;
		6281	if (ieee->wpa_ie[0] == 0x30) { /* RSN IE */
		6282	gtk += 4 + 3;
		6283	ptk += 4 + 4 + 2 + 3;
		6284	} else { /* WPA IE */
		6285	gtk += 8 + 3;
		6286	ptk += 8 + 4 + 2 + 3;
6212	}	6287	}
6213		6288
		6289	if (ptk - (u8 *) ieee->wpa_ie > ieee->wpa_ie_len)
		6290	return -EINVAL;
		6291
		6292	level = ipw_wpa_ie_cipher2level(*gtk);
		6293	ipw_set_hw_decrypt_multicast(priv, level);
		6294
		6295	level = ipw_wpa_ie_cipher2level(*ptk);
		6296	ipw_set_hw_decrypt_unicast(priv, level);
		6297
		6298	done:
6214	ipw_wpa_assoc_frame(priv, ieee->wpa_ie, ieee->wpa_ie_len);	6299	ipw_wpa_assoc_frame(priv, ieee->wpa_ie, ieee->wpa_ie_len);
6215	return 0;	6300	return 0;
6216	}	6301	}
@@ -6510,6 +6595,23 @@ static int ipw_wx_get_genie(struct net_device *dev,
6510	return err;	6595	return err;
6511	}	6596	}
6512		6597
		6598	static int wext_cipher2level(int cipher)
		6599	{
		6600	switch (cipher) {
		6601	case IW_AUTH_CIPHER_NONE:
		6602	return SEC_LEVEL_0;
		6603	case IW_AUTH_CIPHER_WEP40:
		6604	case IW_AUTH_CIPHER_WEP104:
		6605	return SEC_LEVEL_1;
		6606	case IW_AUTH_CIPHER_TKIP:
		6607	return SEC_LEVEL_2;
		6608	case IW_AUTH_CIPHER_CCMP:
		6609	return SEC_LEVEL_3;
		6610	default:
		6611	return -1;
		6612	}
		6613	}
		6614
6513	/* SIOCSIWAUTH */	6615	/* SIOCSIWAUTH */
6514	static int ipw_wx_set_auth(struct net_device *dev,	6616	static int ipw_wx_set_auth(struct net_device *dev,
6515	struct iw_request_info *info,	6617	struct iw_request_info *info,
@@ -6524,8 +6626,15 @@ static int ipw_wx_set_auth(struct net_device *dev,
6524		6626
6525	switch (param->flags & IW_AUTH_INDEX) {	6627	switch (param->flags & IW_AUTH_INDEX) {
6526	case IW_AUTH_WPA_VERSION:	6628	case IW_AUTH_WPA_VERSION:
		6629	break;
6527	case IW_AUTH_CIPHER_PAIRWISE:	6630	case IW_AUTH_CIPHER_PAIRWISE:
		6631	ipw_set_hw_decrypt_unicast(priv,
		6632	wext_cipher2level(param->value));
		6633	break;
6528	case IW_AUTH_CIPHER_GROUP:	6634	case IW_AUTH_CIPHER_GROUP:
		6635	ipw_set_hw_decrypt_multicast(priv,
		6636	wext_cipher2level(param->value));
		6637	break;
6529	case IW_AUTH_KEY_MGMT:	6638	case IW_AUTH_KEY_MGMT:
6530	/*	6639	/*
6531	* ipw2200 does not use these parameters	6640	* ipw2200 does not use these parameters
@@ -10256,11 +10365,11 @@ static void shim__set_security(struct net_device *dev,
10256	priv->ieee->sec.level = sec->level;	10365	priv->ieee->sec.level = sec->level;
10257	priv->ieee->sec.flags \|= SEC_LEVEL;	10366	priv->ieee->sec.flags \|= SEC_LEVEL;
10258	priv->status \|= STATUS_SECURITY_UPDATED;	10367	priv->status \|= STATUS_SECURITY_UPDATED;
10259
10260	if (!priv->ieee->host_encrypt && (sec->flags & SEC_ENCRYPT))
10261	ipw_set_hwcrypto_keys(priv);
10262	}	10368	}
10263		10369
		10370	if (!priv->ieee->host_encrypt && (sec->flags & SEC_ENCRYPT))
		10371	ipw_set_hwcrypto_keys(priv);
		10372
10264	/* To match current functionality of ipw2100 (which works well w/	10373	/* To match current functionality of ipw2100 (which works well w/
10265	* various supplicants, we don't force a disassociate if the	10374	* various supplicants, we don't force a disassociate if the
10266	* privacy capability changes ... */	10375	* privacy capability changes ... */