aboutsummaryrefslogtreecommitdiffstats
path: root/include
diff options
context:
space:
mode:
authorJohannes Berg <johannes@sipsolutions.net>2007-08-28 17:01:53 -0400
committerDavid S. Miller <davem@sunset.davemloft.net>2007-10-10 19:48:44 -0400
commit3017b80bf0c4d6a44ccf0d35db9dadf01092b54e (patch)
treec08a6688469f857276d59bf69ef19d1d37440245 /include
parent82f716056fb1c214289fe6c284b0316858c1b70c (diff)
[MAC80211]: fix software decryption
When doing key selection for software decryption, mac80211 gets a few things wrong: it always uses pairwise keys if configured, even if the frame is addressed to a multicast address. Also, it doesn't allow using a key index of zero if a pairwise key has also been found. This patch changes the key selection code to be (more) in line with the 802.11 specification. I have confirmed that with this, multicast frames are correctly decrypted and I've tested with WEP as well. While at it, I've cleaned up the semantics of the hardware flags IEEE80211_HW_WEP_INCLUDE_IV and IEEE80211_HW_DEVICE_HIDES_WEP and clarified them in the mac80211.h header; it is also now allowed to set the IEEE80211_HW_DEVICE_HIDES_WEP option even if it only applies to frames that have been decrypted by the hw, unencrypted frames must be dropped but encrypted frames that the hardware couldn't handle can be passed up unmodified. Signed-off-by: Johannes Berg <johannes@sipsolutions.net> Acked-by: Michael Wu <flamingice@sourmilk.net> Signed-off-by: John W. Linville <linville@tuxdriver.com>
Diffstat (limited to 'include')
-rw-r--r--include/net/mac80211.h37
1 files changed, 29 insertions, 8 deletions
diff --git a/include/net/mac80211.h b/include/net/mac80211.h
index 000b8e3133ba..6a2a0c3e7255 100644
--- a/include/net/mac80211.h
+++ b/include/net/mac80211.h
@@ -1,7 +1,9 @@
1/* 1/*
2 * Low-level hardware driver -- IEEE 802.11 driver (80211.o) interface 2 * mac80211 <-> driver interface
3 *
3 * Copyright 2002-2005, Devicescape Software, Inc. 4 * Copyright 2002-2005, Devicescape Software, Inc.
4 * Copyright 2006-2007 Jiri Benc <jbenc@suse.cz> 5 * Copyright 2006-2007 Jiri Benc <jbenc@suse.cz>
6 * Copyright 2007 Johannes Berg <johannes@sipsolutions.net>
5 * 7 *
6 * This program is free software; you can redistribute it and/or modify 8 * This program is free software; you can redistribute it and/or modify
7 * it under the terms of the GNU General Public License version 2 as 9 * it under the terms of the GNU General Public License version 2 as
@@ -472,10 +474,16 @@ struct ieee80211_hw {
472 */ 474 */
473#define IEEE80211_HW_HOST_GEN_BEACON_TEMPLATE (1<<1) 475#define IEEE80211_HW_HOST_GEN_BEACON_TEMPLATE (1<<1)
474 476
475 /* Some devices handle decryption internally and do not 477 /*
478 * Some devices handle decryption internally and do not
476 * indicate whether the frame was encrypted (unencrypted frames 479 * indicate whether the frame was encrypted (unencrypted frames
477 * will be dropped by the hardware, unless specifically allowed 480 * will be dropped by the hardware, unless specifically allowed
478 * through) */ 481 * through.)
482 * It is permissible to not handle all encrypted frames and fall
483 * back to software encryption; however, if this flag is set
484 * unencrypted frames must be dropped unless the driver is told
485 * otherwise via the set_ieee8021x() callback.
486 */
479#define IEEE80211_HW_DEVICE_HIDES_WEP (1<<2) 487#define IEEE80211_HW_DEVICE_HIDES_WEP (1<<2)
480 488
481 /* Whether RX frames passed to ieee80211_rx() include FCS in the end */ 489 /* Whether RX frames passed to ieee80211_rx() include FCS in the end */
@@ -489,6 +497,18 @@ struct ieee80211_hw {
489 * can fetch them with ieee80211_get_buffered_bc(). */ 497 * can fetch them with ieee80211_get_buffered_bc(). */
490#define IEEE80211_HW_HOST_BROADCAST_PS_BUFFERING (1<<4) 498#define IEEE80211_HW_HOST_BROADCAST_PS_BUFFERING (1<<4)
491 499
500 /*
501 * This flag is only relevant if hardware encryption is used.
502 * If set, it has two meanings:
503 * 1) the IV and ICV are present in received frames that have
504 * been decrypted (unless IEEE80211_HW_DEVICE_HIDES_WEP is
505 * also set)
506 * 2) on transmission, the IV should be generated in software.
507 *
508 * Please let us know if you *don't* use this flag, the stack would
509 * really like to be able to get the IV to keep key statistics
510 * accurate.
511 */
492#define IEEE80211_HW_WEP_INCLUDE_IV (1<<5) 512#define IEEE80211_HW_WEP_INCLUDE_IV (1<<5)
493 513
494/* hole at 6 */ 514/* hole at 6 */
@@ -496,11 +516,12 @@ struct ieee80211_hw {
496 /* Force software encryption for TKIP packets if WMM is enabled. */ 516 /* Force software encryption for TKIP packets if WMM is enabled. */
497#define IEEE80211_HW_NO_TKIP_WMM_HWACCEL (1<<7) 517#define IEEE80211_HW_NO_TKIP_WMM_HWACCEL (1<<7)
498 518
499 /* Some devices handle Michael MIC internally and do not include MIC in 519 /*
500 * the received packets passed up. device_strips_mic must be set 520 * Some devices handle Michael MIC internally and do not include MIC in
501 * for such devices. The 'encryption' frame control bit is expected to 521 * the received packets passed up. This flag must be set for such
502 * be still set in the IEEE 802.11 header with this option unlike with 522 * devices. The 'encryption' frame control bit is expected to be still
503 * the device_hides_wep configuration option. 523 * set in the IEEE 802.11 header with this option unlike with the
524 * IEEE80211_HW_DEVICE_HIDES_WEP flag.
504 */ 525 */
505#define IEEE80211_HW_DEVICE_STRIPS_MIC (1<<8) 526#define IEEE80211_HW_DEVICE_STRIPS_MIC (1<<8)
506 527