summaryrefslogtreecommitdiff
path: root/package/mac80211/src/net/mac80211/wpa.c
diff options
context:
space:
mode:
Diffstat (limited to 'package/mac80211/src/net/mac80211/wpa.c')
-rw-r--r--package/mac80211/src/net/mac80211/wpa.c115
1 files changed, 55 insertions, 60 deletions
diff --git a/package/mac80211/src/net/mac80211/wpa.c b/package/mac80211/src/net/mac80211/wpa.c
index 0b32ab6..b35e51c 100644
--- a/package/mac80211/src/net/mac80211/wpa.c
+++ b/package/mac80211/src/net/mac80211/wpa.c
@@ -70,7 +70,7 @@ static int ieee80211_get_hdr_info(const struct sk_buff *skb, u8 **sa, u8 **da,
}
-ieee80211_txrx_result
+ieee80211_tx_result
ieee80211_tx_h_michael_mic_add(struct ieee80211_txrx_data *tx)
{
u8 *data, *sa, *da, *key, *mic, qos_tid;
@@ -84,10 +84,10 @@ ieee80211_tx_h_michael_mic_add(struct ieee80211_txrx_data *tx)
if (!tx->key || tx->key->conf.alg != ALG_TKIP || skb->len < 24 ||
!WLAN_FC_DATA_PRESENT(fc))
- return TXRX_CONTINUE;
+ return TX_CONTINUE;
if (ieee80211_get_hdr_info(skb, &sa, &da, &qos_tid, &data, &data_len))
- return TXRX_DROP;
+ return TX_DROP;
if ((tx->key->flags & KEY_FLAG_UPLOADED_TO_HARDWARE) &&
!(tx->flags & IEEE80211_TXRXD_FRAGMENTED) &&
@@ -95,7 +95,7 @@ ieee80211_tx_h_michael_mic_add(struct ieee80211_txrx_data *tx)
!wpa_test) {
/* hwaccel - with no need for preallocated room for Michael MIC
*/
- return TXRX_CONTINUE;
+ return TX_CONTINUE;
}
if (skb_tailroom(skb) < MICHAEL_MIC_LEN) {
@@ -105,7 +105,7 @@ ieee80211_tx_h_michael_mic_add(struct ieee80211_txrx_data *tx)
GFP_ATOMIC))) {
printk(KERN_DEBUG "%s: failed to allocate more memory "
"for Michael MIC\n", tx->dev->name);
- return TXRX_DROP;
+ return TX_DROP;
}
}
@@ -119,11 +119,11 @@ ieee80211_tx_h_michael_mic_add(struct ieee80211_txrx_data *tx)
mic = skb_put(skb, MICHAEL_MIC_LEN);
michael_mic(key, da, sa, qos_tid & 0x0f, data, data_len, mic);
- return TXRX_CONTINUE;
+ return TX_CONTINUE;
}
-ieee80211_txrx_result
+ieee80211_rx_result
ieee80211_rx_h_michael_mic_verify(struct ieee80211_txrx_data *rx)
{
u8 *data, *sa, *da, *key = NULL, qos_tid;
@@ -132,6 +132,7 @@ ieee80211_rx_h_michael_mic_verify(struct ieee80211_txrx_data *rx)
u8 mic[MICHAEL_MIC_LEN];
struct sk_buff *skb = rx->skb;
int authenticator = 1, wpa_test = 0;
+ DECLARE_MAC_BUF(mac);
fc = rx->fc;
@@ -139,15 +140,15 @@ ieee80211_rx_h_michael_mic_verify(struct ieee80211_txrx_data *rx)
* No way to verify the MIC if the hardware stripped it
*/
if (rx->u.rx.status->flag & RX_FLAG_MMIC_STRIPPED)
- return TXRX_CONTINUE;
+ return RX_CONTINUE;
if (!rx->key || rx->key->conf.alg != ALG_TKIP ||
!(rx->fc & IEEE80211_FCTL_PROTECTED) || !WLAN_FC_DATA_PRESENT(fc))
- return TXRX_CONTINUE;
+ return RX_CONTINUE;
if (ieee80211_get_hdr_info(skb, &sa, &da, &qos_tid, &data, &data_len)
|| data_len < MICHAEL_MIC_LEN)
- return TXRX_DROP;
+ return RX_DROP_UNUSABLE;
data_len -= MICHAEL_MIC_LEN;
@@ -161,14 +162,14 @@ ieee80211_rx_h_michael_mic_verify(struct ieee80211_txrx_data *rx)
michael_mic(key, da, sa, qos_tid & 0x0f, data, data_len, mic);
if (memcmp(mic, data + data_len, MICHAEL_MIC_LEN) != 0 || wpa_test) {
if (!(rx->flags & IEEE80211_TXRXD_RXRA_MATCH))
- return TXRX_DROP;
+ return RX_DROP_UNUSABLE;
printk(KERN_DEBUG "%s: invalid Michael MIC in data frame from "
- MAC_FMT "\n", rx->dev->name, MAC_ARG(sa));
+ "%s\n", rx->dev->name, print_mac(mac, sa));
mac80211_ev_michael_mic_failure(rx->dev, rx->key->conf.keyidx,
(void *) skb->data);
- return TXRX_DROP;
+ return RX_DROP_UNUSABLE;
}
/* remove Michael MIC from payload */
@@ -178,7 +179,7 @@ ieee80211_rx_h_michael_mic_verify(struct ieee80211_txrx_data *rx)
rx->key->u.tkip.iv32_rx[rx->u.rx.queue] = rx->u.rx.tkip_iv32;
rx->key->u.tkip.iv16_rx[rx->u.rx.queue] = rx->u.rx.tkip_iv16;
- return TXRX_CONTINUE;
+ return RX_CONTINUE;
}
@@ -241,19 +242,12 @@ static int tkip_encrypt_skb(struct ieee80211_txrx_data *tx,
}
-ieee80211_txrx_result
+ieee80211_tx_result
ieee80211_crypto_tkip_encrypt(struct ieee80211_txrx_data *tx)
{
- struct ieee80211_hdr *hdr = (struct ieee80211_hdr *) tx->skb->data;
- u16 fc;
struct sk_buff *skb = tx->skb;
int wpa_test = 0, test = 0;
- fc = le16_to_cpu(hdr->frame_control);
-
- if (!WLAN_FC_DATA_PRESENT(fc))
- return TXRX_CONTINUE;
-
tx->u.tx.control->icv_len = TKIP_ICV_LEN;
tx->u.tx.control->iv_len = TKIP_IV_LEN;
ieee80211_tx_set_iswep(tx);
@@ -263,26 +257,26 @@ ieee80211_crypto_tkip_encrypt(struct ieee80211_txrx_data *tx)
!wpa_test) {
/* hwaccel - with no need for preallocated room for IV/ICV */
tx->u.tx.control->key_idx = tx->key->conf.hw_key_idx;
- return TXRX_CONTINUE;
+ return TX_CONTINUE;
}
if (tkip_encrypt_skb(tx, skb, test) < 0)
- return TXRX_DROP;
+ return TX_DROP;
if (tx->u.tx.extra_frag) {
int i;
for (i = 0; i < tx->u.tx.num_extra_frag; i++) {
if (tkip_encrypt_skb(tx, tx->u.tx.extra_frag[i], test)
< 0)
- return TXRX_DROP;
+ return TX_DROP;
}
}
- return TXRX_CONTINUE;
+ return TX_CONTINUE;
}
-ieee80211_txrx_result
+ieee80211_rx_result
ieee80211_crypto_tkip_decrypt(struct ieee80211_txrx_data *rx)
{
struct ieee80211_hdr *hdr = (struct ieee80211_hdr *) rx->skb->data;
@@ -290,15 +284,16 @@ ieee80211_crypto_tkip_decrypt(struct ieee80211_txrx_data *rx)
int hdrlen, res, hwaccel = 0, wpa_test = 0;
struct ieee80211_key *key = rx->key;
struct sk_buff *skb = rx->skb;
+ DECLARE_MAC_BUF(mac);
fc = le16_to_cpu(hdr->frame_control);
hdrlen = ieee80211_get_hdrlen(fc);
if ((rx->fc & IEEE80211_FCTL_FTYPE) != IEEE80211_FTYPE_DATA)
- return TXRX_CONTINUE;
+ return RX_CONTINUE;
if (!rx->sta || skb->len - hdrlen < 12)
- return TXRX_DROP;
+ return RX_DROP_UNUSABLE;
if (rx->u.rx.status->flag & RX_FLAG_DECRYPTED) {
if (rx->u.rx.status->flag & RX_FLAG_IV_STRIPPED) {
@@ -307,7 +302,7 @@ ieee80211_crypto_tkip_decrypt(struct ieee80211_txrx_data *rx)
* replay protection, and stripped the ICV/IV so
* we cannot do any checks here.
*/
- return TXRX_CONTINUE;
+ return RX_CONTINUE;
}
/* let TKIP code verify IV, but skip decryption */
@@ -321,10 +316,13 @@ ieee80211_crypto_tkip_decrypt(struct ieee80211_txrx_data *rx)
&rx->u.rx.tkip_iv32,
&rx->u.rx.tkip_iv16);
if (res != TKIP_DECRYPT_OK || wpa_test) {
- printk(KERN_DEBUG "%s: TKIP decrypt failed for RX frame from "
- MAC_FMT " (res=%d)\n",
- rx->dev->name, MAC_ARG(rx->sta->addr), res);
- return TXRX_DROP;
+#ifdef CONFIG_MAC80211_DEBUG
+ if (net_ratelimit())
+ printk(KERN_DEBUG "%s: TKIP decrypt failed for RX "
+ "frame from %s (res=%d)\n", rx->dev->name,
+ print_mac(mac, rx->sta->addr), res);
+#endif /* CONFIG_MAC80211_DEBUG */
+ return RX_DROP_UNUSABLE;
}
/* Trim ICV */
@@ -334,7 +332,7 @@ ieee80211_crypto_tkip_decrypt(struct ieee80211_txrx_data *rx)
memmove(skb->data + TKIP_IV_LEN, skb->data, hdrlen);
skb_pull(skb, TKIP_IV_LEN);
- return TXRX_CONTINUE;
+ return RX_CONTINUE;
}
@@ -493,19 +491,12 @@ static int ccmp_encrypt_skb(struct ieee80211_txrx_data *tx,
}
-ieee80211_txrx_result
+ieee80211_tx_result
ieee80211_crypto_ccmp_encrypt(struct ieee80211_txrx_data *tx)
{
- struct ieee80211_hdr *hdr = (struct ieee80211_hdr *) tx->skb->data;
- u16 fc;
struct sk_buff *skb = tx->skb;
int test = 0;
- fc = le16_to_cpu(hdr->frame_control);
-
- if (!WLAN_FC_DATA_PRESENT(fc))
- return TXRX_CONTINUE;
-
tx->u.tx.control->icv_len = CCMP_MIC_LEN;
tx->u.tx.control->iv_len = CCMP_HDR_LEN;
ieee80211_tx_set_iswep(tx);
@@ -515,26 +506,26 @@ ieee80211_crypto_ccmp_encrypt(struct ieee80211_txrx_data *tx)
/* hwaccel - with no need for preallocated room for CCMP "
* header or MIC fields */
tx->u.tx.control->key_idx = tx->key->conf.hw_key_idx;
- return TXRX_CONTINUE;
+ return TX_CONTINUE;
}
if (ccmp_encrypt_skb(tx, skb, test) < 0)
- return TXRX_DROP;
+ return TX_DROP;
if (tx->u.tx.extra_frag) {
int i;
for (i = 0; i < tx->u.tx.num_extra_frag; i++) {
if (ccmp_encrypt_skb(tx, tx->u.tx.extra_frag[i], test)
< 0)
- return TXRX_DROP;
+ return TX_DROP;
}
}
- return TXRX_CONTINUE;
+ return TX_CONTINUE;
}
-ieee80211_txrx_result
+ieee80211_rx_result
ieee80211_crypto_ccmp_decrypt(struct ieee80211_txrx_data *rx)
{
struct ieee80211_hdr *hdr = (struct ieee80211_hdr *) rx->skb->data;
@@ -544,35 +535,37 @@ ieee80211_crypto_ccmp_decrypt(struct ieee80211_txrx_data *rx)
struct sk_buff *skb = rx->skb;
u8 pn[CCMP_PN_LEN];
int data_len;
+ DECLARE_MAC_BUF(mac);
fc = le16_to_cpu(hdr->frame_control);
hdrlen = ieee80211_get_hdrlen(fc);
if ((rx->fc & IEEE80211_FCTL_FTYPE) != IEEE80211_FTYPE_DATA)
- return TXRX_CONTINUE;
+ return RX_CONTINUE;
data_len = skb->len - hdrlen - CCMP_HDR_LEN - CCMP_MIC_LEN;
if (!rx->sta || data_len < 0)
- return TXRX_DROP;
+ return RX_DROP_UNUSABLE;
if ((rx->u.rx.status->flag & RX_FLAG_DECRYPTED) &&
(rx->u.rx.status->flag & RX_FLAG_IV_STRIPPED))
- return TXRX_CONTINUE;
+ return RX_CONTINUE;
(void) ccmp_hdr2pn(pn, skb->data + hdrlen);
if (memcmp(pn, key->u.ccmp.rx_pn[rx->u.rx.queue], CCMP_PN_LEN) <= 0) {
#ifdef CONFIG_MAC80211_DEBUG
u8 *ppn = key->u.ccmp.rx_pn[rx->u.rx.queue];
+
printk(KERN_DEBUG "%s: CCMP replay detected for RX frame from "
- MAC_FMT " (RX PN %02x%02x%02x%02x%02x%02x <= prev. PN "
+ "%s (RX PN %02x%02x%02x%02x%02x%02x <= prev. PN "
"%02x%02x%02x%02x%02x%02x)\n", rx->dev->name,
- MAC_ARG(rx->sta->addr),
+ print_mac(mac, rx->sta->addr),
pn[0], pn[1], pn[2], pn[3], pn[4], pn[5],
ppn[0], ppn[1], ppn[2], ppn[3], ppn[4], ppn[5]);
#endif /* CONFIG_MAC80211_DEBUG */
key->u.ccmp.replays++;
- return TXRX_DROP;
+ return RX_DROP_UNUSABLE;
}
if (!(rx->u.rx.status->flag & RX_FLAG_DECRYPTED)) {
@@ -590,10 +583,13 @@ ieee80211_crypto_ccmp_decrypt(struct ieee80211_txrx_data *rx)
skb->data + hdrlen + CCMP_HDR_LEN, data_len,
skb->data + skb->len - CCMP_MIC_LEN,
skb->data + hdrlen + CCMP_HDR_LEN)) {
- printk(KERN_DEBUG "%s: CCMP decrypt failed for RX "
- "frame from " MAC_FMT "\n", rx->dev->name,
- MAC_ARG(rx->sta->addr));
- return TXRX_DROP;
+#ifdef CONFIG_MAC80211_DEBUG
+ if (net_ratelimit())
+ printk(KERN_DEBUG "%s: CCMP decrypt failed "
+ "for RX frame from %s\n", rx->dev->name,
+ print_mac(mac, rx->sta->addr));
+#endif /* CONFIG_MAC80211_DEBUG */
+ return RX_DROP_UNUSABLE;
}
}
@@ -604,6 +600,5 @@ ieee80211_crypto_ccmp_decrypt(struct ieee80211_txrx_data *rx)
memmove(skb->data + CCMP_HDR_LEN, skb->data, hdrlen);
skb_pull(skb, CCMP_HDR_LEN);
- return TXRX_CONTINUE;
+ return RX_CONTINUE;
}
-
generated by cgit v1.1 at 2025-03-25 13:58:23 +0000