aboutsummaryrefslogtreecommitdiffstats
path: root/net/mac80211/rx.c
diff options
context:
space:
mode:
Diffstat (limited to 'net/mac80211/rx.c')
-rw-r--r--net/mac80211/rx.c404
1 files changed, 202 insertions, 202 deletions
diff --git a/net/mac80211/rx.c b/net/mac80211/rx.c
index 0ac75127b7d2..ffad155316a9 100644
--- a/net/mac80211/rx.c
+++ b/net/mac80211/rx.c
@@ -1049,207 +1049,6 @@ ieee80211_rx_h_check(struct ieee80211_rx_data *rx)
1049 1049
1050 1050
1051static ieee80211_rx_result debug_noinline 1051static ieee80211_rx_result debug_noinline
1052ieee80211_rx_h_decrypt(struct ieee80211_rx_data *rx)
1053{
1054 struct sk_buff *skb = rx->skb;
1055 struct ieee80211_rx_status *status = IEEE80211_SKB_RXCB(skb);
1056 struct ieee80211_hdr *hdr = (struct ieee80211_hdr *)skb->data;
1057 int keyidx;
1058 int hdrlen;
1059 ieee80211_rx_result result = RX_DROP_UNUSABLE;
1060 struct ieee80211_key *sta_ptk = NULL;
1061 int mmie_keyidx = -1;
1062 __le16 fc;
1063
1064 /*
1065 * Key selection 101
1066 *
1067 * There are four types of keys:
1068 * - GTK (group keys)
1069 * - IGTK (group keys for management frames)
1070 * - PTK (pairwise keys)
1071 * - STK (station-to-station pairwise keys)
1072 *
1073 * When selecting a key, we have to distinguish between multicast
1074 * (including broadcast) and unicast frames, the latter can only
1075 * use PTKs and STKs while the former always use GTKs and IGTKs.
1076 * Unless, of course, actual WEP keys ("pre-RSNA") are used, then
1077 * unicast frames can also use key indices like GTKs. Hence, if we
1078 * don't have a PTK/STK we check the key index for a WEP key.
1079 *
1080 * Note that in a regular BSS, multicast frames are sent by the
1081 * AP only, associated stations unicast the frame to the AP first
1082 * which then multicasts it on their behalf.
1083 *
1084 * There is also a slight problem in IBSS mode: GTKs are negotiated
1085 * with each station, that is something we don't currently handle.
1086 * The spec seems to expect that one negotiates the same key with
1087 * every station but there's no such requirement; VLANs could be
1088 * possible.
1089 */
1090
1091 /*
1092 * No point in finding a key and decrypting if the frame is neither
1093 * addressed to us nor a multicast frame.
1094 */
1095 if (!(status->rx_flags & IEEE80211_RX_RA_MATCH))
1096 return RX_CONTINUE;
1097
1098 /* start without a key */
1099 rx->key = NULL;
1100
1101 if (rx->sta)
1102 sta_ptk = rcu_dereference(rx->sta->ptk);
1103
1104 fc = hdr->frame_control;
1105
1106 if (!ieee80211_has_protected(fc))
1107 mmie_keyidx = ieee80211_get_mmie_keyidx(rx->skb);
1108
1109 if (!is_multicast_ether_addr(hdr->addr1) && sta_ptk) {
1110 rx->key = sta_ptk;
1111 if ((status->flag & RX_FLAG_DECRYPTED) &&
1112 (status->flag & RX_FLAG_IV_STRIPPED))
1113 return RX_CONTINUE;
1114 /* Skip decryption if the frame is not protected. */
1115 if (!ieee80211_has_protected(fc))
1116 return RX_CONTINUE;
1117 } else if (mmie_keyidx >= 0) {
1118 /* Broadcast/multicast robust management frame / BIP */
1119 if ((status->flag & RX_FLAG_DECRYPTED) &&
1120 (status->flag & RX_FLAG_IV_STRIPPED))
1121 return RX_CONTINUE;
1122
1123 if (mmie_keyidx < NUM_DEFAULT_KEYS ||
1124 mmie_keyidx >= NUM_DEFAULT_KEYS + NUM_DEFAULT_MGMT_KEYS)
1125 return RX_DROP_MONITOR; /* unexpected BIP keyidx */
1126 if (rx->sta)
1127 rx->key = rcu_dereference(rx->sta->gtk[mmie_keyidx]);
1128 if (!rx->key)
1129 rx->key = rcu_dereference(rx->sdata->keys[mmie_keyidx]);
1130 } else if (!ieee80211_has_protected(fc)) {
1131 /*
1132 * The frame was not protected, so skip decryption. However, we
1133 * need to set rx->key if there is a key that could have been
1134 * used so that the frame may be dropped if encryption would
1135 * have been expected.
1136 */
1137 struct ieee80211_key *key = NULL;
1138 struct ieee80211_sub_if_data *sdata = rx->sdata;
1139 int i;
1140
1141 if (ieee80211_is_mgmt(fc) &&
1142 is_multicast_ether_addr(hdr->addr1) &&
1143 (key = rcu_dereference(rx->sdata->default_mgmt_key)))
1144 rx->key = key;
1145 else {
1146 if (rx->sta) {
1147 for (i = 0; i < NUM_DEFAULT_KEYS; i++) {
1148 key = rcu_dereference(rx->sta->gtk[i]);
1149 if (key)
1150 break;
1151 }
1152 }
1153 if (!key) {
1154 for (i = 0; i < NUM_DEFAULT_KEYS; i++) {
1155 key = rcu_dereference(sdata->keys[i]);
1156 if (key)
1157 break;
1158 }
1159 }
1160 if (key)
1161 rx->key = key;
1162 }
1163 return RX_CONTINUE;
1164 } else {
1165 u8 keyid;
1166 /*
1167 * The device doesn't give us the IV so we won't be
1168 * able to look up the key. That's ok though, we
1169 * don't need to decrypt the frame, we just won't
1170 * be able to keep statistics accurate.
1171 * Except for key threshold notifications, should
1172 * we somehow allow the driver to tell us which key
1173 * the hardware used if this flag is set?
1174 */
1175 if ((status->flag & RX_FLAG_DECRYPTED) &&
1176 (status->flag & RX_FLAG_IV_STRIPPED))
1177 return RX_CONTINUE;
1178
1179 hdrlen = ieee80211_hdrlen(fc);
1180
1181 if (rx->skb->len < 8 + hdrlen)
1182 return RX_DROP_UNUSABLE; /* TODO: count this? */
1183
1184 /*
1185 * no need to call ieee80211_wep_get_keyidx,
1186 * it verifies a bunch of things we've done already
1187 */
1188 skb_copy_bits(rx->skb, hdrlen + 3, &keyid, 1);
1189 keyidx = keyid >> 6;
1190
1191 /* check per-station GTK first, if multicast packet */
1192 if (is_multicast_ether_addr(hdr->addr1) && rx->sta)
1193 rx->key = rcu_dereference(rx->sta->gtk[keyidx]);
1194
1195 /* if not found, try default key */
1196 if (!rx->key) {
1197 rx->key = rcu_dereference(rx->sdata->keys[keyidx]);
1198
1199 /*
1200 * RSNA-protected unicast frames should always be
1201 * sent with pairwise or station-to-station keys,
1202 * but for WEP we allow using a key index as well.
1203 */
1204 if (rx->key &&
1205 rx->key->conf.cipher != WLAN_CIPHER_SUITE_WEP40 &&
1206 rx->key->conf.cipher != WLAN_CIPHER_SUITE_WEP104 &&
1207 !is_multicast_ether_addr(hdr->addr1))
1208 rx->key = NULL;
1209 }
1210 }
1211
1212 if (rx->key) {
1213 if (unlikely(rx->key->flags & KEY_FLAG_TAINTED))
1214 return RX_DROP_MONITOR;
1215
1216 rx->key->tx_rx_count++;
1217 /* TODO: add threshold stuff again */
1218 } else {
1219 return RX_DROP_MONITOR;
1220 }
1221
1222 switch (rx->key->conf.cipher) {
1223 case WLAN_CIPHER_SUITE_WEP40:
1224 case WLAN_CIPHER_SUITE_WEP104:
1225 result = ieee80211_crypto_wep_decrypt(rx);
1226 break;
1227 case WLAN_CIPHER_SUITE_TKIP:
1228 result = ieee80211_crypto_tkip_decrypt(rx);
1229 break;
1230 case WLAN_CIPHER_SUITE_CCMP:
1231 result = ieee80211_crypto_ccmp_decrypt(rx);
1232 break;
1233 case WLAN_CIPHER_SUITE_AES_CMAC:
1234 result = ieee80211_crypto_aes_cmac_decrypt(rx);
1235 break;
1236 default:
1237 /*
1238 * We can reach here only with HW-only algorithms
1239 * but why didn't it decrypt the frame?!
1240 */
1241 return RX_DROP_UNUSABLE;
1242 }
1243
1244 /* the hdr variable is invalid after the decrypt handlers */
1245
1246 /* either the frame has been decrypted or will be dropped */
1247 status->flag |= RX_FLAG_DECRYPTED;
1248
1249 return result;
1250}
1251
1252static ieee80211_rx_result debug_noinline
1253ieee80211_rx_h_check_more_data(struct ieee80211_rx_data *rx) 1052ieee80211_rx_h_check_more_data(struct ieee80211_rx_data *rx)
1254{ 1053{
1255 struct ieee80211_local *local; 1054 struct ieee80211_local *local;
@@ -1550,6 +1349,207 @@ ieee80211_rx_h_sta_process(struct ieee80211_rx_data *rx)
1550 return RX_CONTINUE; 1349 return RX_CONTINUE;
1551} /* ieee80211_rx_h_sta_process */ 1350} /* ieee80211_rx_h_sta_process */
1552 1351
1352static ieee80211_rx_result debug_noinline
1353ieee80211_rx_h_decrypt(struct ieee80211_rx_data *rx)
1354{
1355 struct sk_buff *skb = rx->skb;
1356 struct ieee80211_rx_status *status = IEEE80211_SKB_RXCB(skb);
1357 struct ieee80211_hdr *hdr = (struct ieee80211_hdr *)skb->data;
1358 int keyidx;
1359 int hdrlen;
1360 ieee80211_rx_result result = RX_DROP_UNUSABLE;
1361 struct ieee80211_key *sta_ptk = NULL;
1362 int mmie_keyidx = -1;
1363 __le16 fc;
1364
1365 /*
1366 * Key selection 101
1367 *
1368 * There are four types of keys:
1369 * - GTK (group keys)
1370 * - IGTK (group keys for management frames)
1371 * - PTK (pairwise keys)
1372 * - STK (station-to-station pairwise keys)
1373 *
1374 * When selecting a key, we have to distinguish between multicast
1375 * (including broadcast) and unicast frames, the latter can only
1376 * use PTKs and STKs while the former always use GTKs and IGTKs.
1377 * Unless, of course, actual WEP keys ("pre-RSNA") are used, then
1378 * unicast frames can also use key indices like GTKs. Hence, if we
1379 * don't have a PTK/STK we check the key index for a WEP key.
1380 *
1381 * Note that in a regular BSS, multicast frames are sent by the
1382 * AP only, associated stations unicast the frame to the AP first
1383 * which then multicasts it on their behalf.
1384 *
1385 * There is also a slight problem in IBSS mode: GTKs are negotiated
1386 * with each station, that is something we don't currently handle.
1387 * The spec seems to expect that one negotiates the same key with
1388 * every station but there's no such requirement; VLANs could be
1389 * possible.
1390 */
1391
1392 /*
1393 * No point in finding a key and decrypting if the frame is neither
1394 * addressed to us nor a multicast frame.
1395 */
1396 if (!(status->rx_flags & IEEE80211_RX_RA_MATCH))
1397 return RX_CONTINUE;
1398
1399 /* start without a key */
1400 rx->key = NULL;
1401
1402 if (rx->sta)
1403 sta_ptk = rcu_dereference(rx->sta->ptk);
1404
1405 fc = hdr->frame_control;
1406
1407 if (!ieee80211_has_protected(fc))
1408 mmie_keyidx = ieee80211_get_mmie_keyidx(rx->skb);
1409
1410 if (!is_multicast_ether_addr(hdr->addr1) && sta_ptk) {
1411 rx->key = sta_ptk;
1412 if ((status->flag & RX_FLAG_DECRYPTED) &&
1413 (status->flag & RX_FLAG_IV_STRIPPED))
1414 return RX_CONTINUE;
1415 /* Skip decryption if the frame is not protected. */
1416 if (!ieee80211_has_protected(fc))
1417 return RX_CONTINUE;
1418 } else if (mmie_keyidx >= 0) {
1419 /* Broadcast/multicast robust management frame / BIP */
1420 if ((status->flag & RX_FLAG_DECRYPTED) &&
1421 (status->flag & RX_FLAG_IV_STRIPPED))
1422 return RX_CONTINUE;
1423
1424 if (mmie_keyidx < NUM_DEFAULT_KEYS ||
1425 mmie_keyidx >= NUM_DEFAULT_KEYS + NUM_DEFAULT_MGMT_KEYS)
1426 return RX_DROP_MONITOR; /* unexpected BIP keyidx */
1427 if (rx->sta)
1428 rx->key = rcu_dereference(rx->sta->gtk[mmie_keyidx]);
1429 if (!rx->key)
1430 rx->key = rcu_dereference(rx->sdata->keys[mmie_keyidx]);
1431 } else if (!ieee80211_has_protected(fc)) {
1432 /*
1433 * The frame was not protected, so skip decryption. However, we
1434 * need to set rx->key if there is a key that could have been
1435 * used so that the frame may be dropped if encryption would
1436 * have been expected.
1437 */
1438 struct ieee80211_key *key = NULL;
1439 struct ieee80211_sub_if_data *sdata = rx->sdata;
1440 int i;
1441
1442 if (ieee80211_is_mgmt(fc) &&
1443 is_multicast_ether_addr(hdr->addr1) &&
1444 (key = rcu_dereference(rx->sdata->default_mgmt_key)))
1445 rx->key = key;
1446 else {
1447 if (rx->sta) {
1448 for (i = 0; i < NUM_DEFAULT_KEYS; i++) {
1449 key = rcu_dereference(rx->sta->gtk[i]);
1450 if (key)
1451 break;
1452 }
1453 }
1454 if (!key) {
1455 for (i = 0; i < NUM_DEFAULT_KEYS; i++) {
1456 key = rcu_dereference(sdata->keys[i]);
1457 if (key)
1458 break;
1459 }
1460 }
1461 if (key)
1462 rx->key = key;
1463 }
1464 return RX_CONTINUE;
1465 } else {
1466 u8 keyid;
1467 /*
1468 * The device doesn't give us the IV so we won't be
1469 * able to look up the key. That's ok though, we
1470 * don't need to decrypt the frame, we just won't
1471 * be able to keep statistics accurate.
1472 * Except for key threshold notifications, should
1473 * we somehow allow the driver to tell us which key
1474 * the hardware used if this flag is set?
1475 */
1476 if ((status->flag & RX_FLAG_DECRYPTED) &&
1477 (status->flag & RX_FLAG_IV_STRIPPED))
1478 return RX_CONTINUE;
1479
1480 hdrlen = ieee80211_hdrlen(fc);
1481
1482 if (rx->skb->len < 8 + hdrlen)
1483 return RX_DROP_UNUSABLE; /* TODO: count this? */
1484
1485 /*
1486 * no need to call ieee80211_wep_get_keyidx,
1487 * it verifies a bunch of things we've done already
1488 */
1489 skb_copy_bits(rx->skb, hdrlen + 3, &keyid, 1);
1490 keyidx = keyid >> 6;
1491
1492 /* check per-station GTK first, if multicast packet */
1493 if (is_multicast_ether_addr(hdr->addr1) && rx->sta)
1494 rx->key = rcu_dereference(rx->sta->gtk[keyidx]);
1495
1496 /* if not found, try default key */
1497 if (!rx->key) {
1498 rx->key = rcu_dereference(rx->sdata->keys[keyidx]);
1499
1500 /*
1501 * RSNA-protected unicast frames should always be
1502 * sent with pairwise or station-to-station keys,
1503 * but for WEP we allow using a key index as well.
1504 */
1505 if (rx->key &&
1506 rx->key->conf.cipher != WLAN_CIPHER_SUITE_WEP40 &&
1507 rx->key->conf.cipher != WLAN_CIPHER_SUITE_WEP104 &&
1508 !is_multicast_ether_addr(hdr->addr1))
1509 rx->key = NULL;
1510 }
1511 }
1512
1513 if (rx->key) {
1514 if (unlikely(rx->key->flags & KEY_FLAG_TAINTED))
1515 return RX_DROP_MONITOR;
1516
1517 rx->key->tx_rx_count++;
1518 /* TODO: add threshold stuff again */
1519 } else {
1520 return RX_DROP_MONITOR;
1521 }
1522
1523 switch (rx->key->conf.cipher) {
1524 case WLAN_CIPHER_SUITE_WEP40:
1525 case WLAN_CIPHER_SUITE_WEP104:
1526 result = ieee80211_crypto_wep_decrypt(rx);
1527 break;
1528 case WLAN_CIPHER_SUITE_TKIP:
1529 result = ieee80211_crypto_tkip_decrypt(rx);
1530 break;
1531 case WLAN_CIPHER_SUITE_CCMP:
1532 result = ieee80211_crypto_ccmp_decrypt(rx);
1533 break;
1534 case WLAN_CIPHER_SUITE_AES_CMAC:
1535 result = ieee80211_crypto_aes_cmac_decrypt(rx);
1536 break;
1537 default:
1538 /*
1539 * We can reach here only with HW-only algorithms
1540 * but why didn't it decrypt the frame?!
1541 */
1542 return RX_DROP_UNUSABLE;
1543 }
1544
1545 /* the hdr variable is invalid after the decrypt handlers */
1546
1547 /* either the frame has been decrypted or will be dropped */
1548 status->flag |= RX_FLAG_DECRYPTED;
1549
1550 return result;
1551}
1552
1553static inline struct ieee80211_fragment_entry * 1553static inline struct ieee80211_fragment_entry *
1554ieee80211_reassemble_add(struct ieee80211_sub_if_data *sdata, 1554ieee80211_reassemble_add(struct ieee80211_sub_if_data *sdata,
1555 unsigned int frag, unsigned int seq, int rx_queue, 1555 unsigned int frag, unsigned int seq, int rx_queue,
@@ -2933,10 +2933,10 @@ static void ieee80211_rx_handlers(struct ieee80211_rx_data *rx,
2933 */ 2933 */
2934 rx->skb = skb; 2934 rx->skb = skb;
2935 2935
2936 CALL_RXH(ieee80211_rx_h_decrypt)
2937 CALL_RXH(ieee80211_rx_h_check_more_data) 2936 CALL_RXH(ieee80211_rx_h_check_more_data)
2938 CALL_RXH(ieee80211_rx_h_uapsd_and_pspoll) 2937 CALL_RXH(ieee80211_rx_h_uapsd_and_pspoll)
2939 CALL_RXH(ieee80211_rx_h_sta_process) 2938 CALL_RXH(ieee80211_rx_h_sta_process)
2939 CALL_RXH(ieee80211_rx_h_decrypt)
2940 CALL_RXH(ieee80211_rx_h_defragment) 2940 CALL_RXH(ieee80211_rx_h_defragment)
2941 CALL_RXH(ieee80211_rx_h_michael_mic_verify) 2941 CALL_RXH(ieee80211_rx_h_michael_mic_verify)
2942 /* must be after MMIC verify so header is counted in MPDU mic */ 2942 /* must be after MMIC verify so header is counted in MPDU mic */
generated by cgit v1.2.2 (git 2.25.0) at 2025-03-12 22:41:09 -0400