aboutsummaryrefslogtreecommitdiffstats
path: root/net/mac80211/wpa.c
diff options
context:
space:
mode:
authorDavid S. Miller <davem@davemloft.net>2013-11-08 13:15:39 -0500
committerDavid S. Miller <davem@davemloft.net>2013-11-08 13:15:39 -0500
commit74ecd3d1dd26f54ff36a0392f10e50fa8e256bd3 (patch)
tree878833c714ddcb35f1574f2b11e1f69d1130d206 /net/mac80211/wpa.c
parentdcd607718385d02ce3741de225927a57f528f93b (diff)
parentc1f3bb6bd317994beb3af7bbec4bf54ed0035509 (diff)
Merge branch 'for-davem' of git://git.kernel.org/pub/scm/linux/kernel/git/linville/wireless-next
John W. Linville says: ==================== Here is one more pull request for the 3.13 window. This is primarily composed of downstream pull requests that were posted while I was traveling during the last part of the 3.12 release. For the mac80211 bits, Johannes says: "I have two DFS fixes (ath9k already supports DFS) and a fix for a pointer race." And... "In this round for mac80211-next I have: * mesh channel switch support * a CCM rewrite, using potential hardware offloads * SMPS for AP mode * RF-kill GPIO driver updates to make it usable as an ACPI driver * regulatory improvements * documentation fixes * DFS for IBSS mode * and a few small other fixes/improvements" For the TI driver bits, Luca says: "Some patches intended for 3.13. Eliad continues upstreaming pending patches from the internal tree." For the iwlwifi bits, Emmanuel says: "There are a few fixes from Johannes mostly clean up patches. We have also a few other fixes that are relevant for the new firmware that has not been released yet." For the Bluetooth bits, Gustavo says: "A last fix to the 3.12. I ended forgetting to send it before, I hope we can still make the way to 3.12. It is a revert and it fixes an issue with bluetooth suspend/hibernate that had many bug reports. Please pull or let me know of any problems. Thanks!" (Obviously, that one didn't make 3.12...) Also... "One more big pull request for 3.13. These are the patches we queued during last week. Here you will find a lot of improvements to the HCI and L2CAP and MGMT layers with the main ones being a better debugfs support and end of work of splitting L2CAP into Core and Socket parts." Additionally, there is one ath9k patch to enable DFS in IBSS mode for that driver. I appreciate your consideration for taking this extra pull request this cycle. Please let me know if there are problems! ==================== Signed-off-by: David S. Miller <davem@davemloft.net>
Diffstat (limited to 'net/mac80211/wpa.c')
-rw-r--r--net/mac80211/wpa.c44
1 files changed, 20 insertions, 24 deletions
diff --git a/net/mac80211/wpa.c b/net/mac80211/wpa.c
index c9edfcb7a13b..d65728220763 100644
--- a/net/mac80211/wpa.c
+++ b/net/mac80211/wpa.c
@@ -301,22 +301,16 @@ ieee80211_crypto_tkip_decrypt(struct ieee80211_rx_data *rx)
301} 301}
302 302
303 303
304static void ccmp_special_blocks(struct sk_buff *skb, u8 *pn, u8 *scratch, 304static void ccmp_special_blocks(struct sk_buff *skb, u8 *pn, u8 *b_0, u8 *aad,
305 int encrypted) 305 int encrypted)
306{ 306{
307 __le16 mask_fc; 307 __le16 mask_fc;
308 int a4_included, mgmt; 308 int a4_included, mgmt;
309 u8 qos_tid; 309 u8 qos_tid;
310 u8 *b_0, *aad; 310 u16 len_a;
311 u16 data_len, len_a;
312 unsigned int hdrlen; 311 unsigned int hdrlen;
313 struct ieee80211_hdr *hdr = (struct ieee80211_hdr *)skb->data; 312 struct ieee80211_hdr *hdr = (struct ieee80211_hdr *)skb->data;
314 313
315 memset(scratch, 0, 6 * AES_BLOCK_SIZE);
316
317 b_0 = scratch + 3 * AES_BLOCK_SIZE;
318 aad = scratch + 4 * AES_BLOCK_SIZE;
319
320 /* 314 /*
321 * Mask FC: zero subtype b4 b5 b6 (if not mgmt) 315 * Mask FC: zero subtype b4 b5 b6 (if not mgmt)
322 * Retry, PwrMgt, MoreData; set Protected 316 * Retry, PwrMgt, MoreData; set Protected
@@ -338,20 +332,21 @@ static void ccmp_special_blocks(struct sk_buff *skb, u8 *pn, u8 *scratch,
338 else 332 else
339 qos_tid = 0; 333 qos_tid = 0;
340 334
341 data_len = skb->len - hdrlen - IEEE80211_CCMP_HDR_LEN; 335 /* In CCM, the initial vectors (IV) used for CTR mode encryption and CBC
342 if (encrypted) 336 * mode authentication are not allowed to collide, yet both are derived
343 data_len -= IEEE80211_CCMP_MIC_LEN; 337 * from this vector b_0. We only set L := 1 here to indicate that the
338 * data size can be represented in (L+1) bytes. The CCM layer will take
339 * care of storing the data length in the top (L+1) bytes and setting
340 * and clearing the other bits as is required to derive the two IVs.
341 */
342 b_0[0] = 0x1;
344 343
345 /* First block, b_0 */
346 b_0[0] = 0x59; /* flags: Adata: 1, M: 011, L: 001 */
347 /* Nonce: Nonce Flags | A2 | PN 344 /* Nonce: Nonce Flags | A2 | PN
348 * Nonce Flags: Priority (b0..b3) | Management (b4) | Reserved (b5..b7) 345 * Nonce Flags: Priority (b0..b3) | Management (b4) | Reserved (b5..b7)
349 */ 346 */
350 b_0[1] = qos_tid | (mgmt << 4); 347 b_0[1] = qos_tid | (mgmt << 4);
351 memcpy(&b_0[2], hdr->addr2, ETH_ALEN); 348 memcpy(&b_0[2], hdr->addr2, ETH_ALEN);
352 memcpy(&b_0[8], pn, IEEE80211_CCMP_PN_LEN); 349 memcpy(&b_0[8], pn, IEEE80211_CCMP_PN_LEN);
353 /* l(m) */
354 put_unaligned_be16(data_len, &b_0[14]);
355 350
356 /* AAD (extra authenticate-only data) / masked 802.11 header 351 /* AAD (extra authenticate-only data) / masked 802.11 header
357 * FC | A1 | A2 | A3 | SC | [A4] | [QC] */ 352 * FC | A1 | A2 | A3 | SC | [A4] | [QC] */
@@ -407,7 +402,8 @@ static int ccmp_encrypt_skb(struct ieee80211_tx_data *tx, struct sk_buff *skb)
407 u8 *pos; 402 u8 *pos;
408 u8 pn[6]; 403 u8 pn[6];
409 u64 pn64; 404 u64 pn64;
410 u8 scratch[6 * AES_BLOCK_SIZE]; 405 u8 aad[2 * AES_BLOCK_SIZE];
406 u8 b_0[AES_BLOCK_SIZE];
411 407
412 if (info->control.hw_key && 408 if (info->control.hw_key &&
413 !(info->control.hw_key->flags & IEEE80211_KEY_FLAG_GENERATE_IV) && 409 !(info->control.hw_key->flags & IEEE80211_KEY_FLAG_GENERATE_IV) &&
@@ -460,9 +456,9 @@ static int ccmp_encrypt_skb(struct ieee80211_tx_data *tx, struct sk_buff *skb)
460 return 0; 456 return 0;
461 457
462 pos += IEEE80211_CCMP_HDR_LEN; 458 pos += IEEE80211_CCMP_HDR_LEN;
463 ccmp_special_blocks(skb, pn, scratch, 0); 459 ccmp_special_blocks(skb, pn, b_0, aad, 0);
464 ieee80211_aes_ccm_encrypt(key->u.ccmp.tfm, scratch, pos, len, 460 ieee80211_aes_ccm_encrypt(key->u.ccmp.tfm, b_0, aad, pos, len,
465 pos, skb_put(skb, IEEE80211_CCMP_MIC_LEN)); 461 skb_put(skb, IEEE80211_CCMP_MIC_LEN));
466 462
467 return 0; 463 return 0;
468} 464}
@@ -525,16 +521,16 @@ ieee80211_crypto_ccmp_decrypt(struct ieee80211_rx_data *rx)
525 } 521 }
526 522
527 if (!(status->flag & RX_FLAG_DECRYPTED)) { 523 if (!(status->flag & RX_FLAG_DECRYPTED)) {
528 u8 scratch[6 * AES_BLOCK_SIZE]; 524 u8 aad[2 * AES_BLOCK_SIZE];
525 u8 b_0[AES_BLOCK_SIZE];
529 /* hardware didn't decrypt/verify MIC */ 526 /* hardware didn't decrypt/verify MIC */
530 ccmp_special_blocks(skb, pn, scratch, 1); 527 ccmp_special_blocks(skb, pn, b_0, aad, 1);
531 528
532 if (ieee80211_aes_ccm_decrypt( 529 if (ieee80211_aes_ccm_decrypt(
533 key->u.ccmp.tfm, scratch, 530 key->u.ccmp.tfm, b_0, aad,
534 skb->data + hdrlen + IEEE80211_CCMP_HDR_LEN, 531 skb->data + hdrlen + IEEE80211_CCMP_HDR_LEN,
535 data_len, 532 data_len,
536 skb->data + skb->len - IEEE80211_CCMP_MIC_LEN, 533 skb->data + skb->len - IEEE80211_CCMP_MIC_LEN))
537 skb->data + hdrlen + IEEE80211_CCMP_HDR_LEN))
538 return RX_DROP_UNUSABLE; 534 return RX_DROP_UNUSABLE;
539 } 535 }
540 536
generated by cgit v1.2.2 (git 2.25.0) at 2025-02-02 13:55:30 -0500