1 | /* $NetBSD: ieee80211_crypto.c,v 1.17 2015/08/24 22:21:26 pooka Exp $ */ |
2 | /*- |
3 | * Copyright (c) 2001 Atsushi Onoe |
4 | * Copyright (c) 2002-2005 Sam Leffler, Errno Consulting |
5 | * All rights reserved. |
6 | * |
7 | * Redistribution and use in source and binary forms, with or without |
8 | * modification, are permitted provided that the following conditions |
9 | * are met: |
10 | * 1. Redistributions of source code must retain the above copyright |
11 | * notice, this list of conditions and the following disclaimer. |
12 | * 2. Redistributions in binary form must reproduce the above copyright |
13 | * notice, this list of conditions and the following disclaimer in the |
14 | * documentation and/or other materials provided with the distribution. |
15 | * 3. The name of the author may not be used to endorse or promote products |
16 | * derived from this software without specific prior written permission. |
17 | * |
18 | * Alternatively, this software may be distributed under the terms of the |
19 | * GNU General Public License ("GPL") version 2 as published by the Free |
20 | * Software Foundation. |
21 | * |
22 | * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR |
23 | * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES |
24 | * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. |
25 | * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, |
26 | * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT |
27 | * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, |
28 | * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY |
29 | * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT |
30 | * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF |
31 | * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. |
32 | */ |
33 | |
34 | #include <sys/cdefs.h> |
35 | #ifdef __FreeBSD__ |
36 | __FBSDID("$FreeBSD: src/sys/net80211/ieee80211_crypto.c,v 1.12 2005/08/08 18:46:35 sam Exp $" ); |
37 | #endif |
38 | #ifdef __NetBSD__ |
39 | __KERNEL_RCSID(0, "$NetBSD: ieee80211_crypto.c,v 1.17 2015/08/24 22:21:26 pooka Exp $" ); |
40 | #endif |
41 | |
42 | #ifdef _KERNEL_OPT |
43 | #include "opt_inet.h" |
44 | #endif |
45 | |
46 | /* |
47 | * IEEE 802.11 generic crypto support. |
48 | */ |
49 | #include <sys/param.h> |
50 | #include <sys/mbuf.h> |
51 | |
52 | #include <sys/socket.h> |
53 | #include <sys/sockio.h> |
54 | #include <sys/endian.h> |
55 | #include <sys/errno.h> |
56 | #include <sys/proc.h> |
57 | #include <sys/sysctl.h> |
58 | |
59 | #include <net/if.h> |
60 | #include <net/if_media.h> |
61 | #include <net/if_arp.h> |
62 | #include <net/if_ether.h> |
63 | #include <net/if_llc.h> |
64 | |
65 | #include <net80211/ieee80211_netbsd.h> |
66 | #include <net80211/ieee80211_var.h> |
67 | |
68 | /* |
69 | * Table of registered cipher modules. |
70 | */ |
71 | static const struct ieee80211_cipher *ciphers[IEEE80211_CIPHER_MAX]; |
72 | |
73 | #ifdef INET |
74 | #include <netinet/in.h> |
75 | #include <net/if_ether.h> |
76 | #endif |
77 | |
78 | static int _ieee80211_crypto_delkey(struct ieee80211com *, |
79 | struct ieee80211_key *); |
80 | |
81 | /* |
82 | * Default "null" key management routines. |
83 | */ |
84 | static int |
85 | null_key_alloc(struct ieee80211com *ic, const struct ieee80211_key *k, |
86 | ieee80211_keyix *keyix, ieee80211_keyix *rxkeyix) |
87 | { |
88 | if (!(&ic->ic_nw_keys[0] <= k && |
89 | k < &ic->ic_nw_keys[IEEE80211_WEP_NKID])) { |
90 | /* |
91 | * Not in the global key table, the driver should handle this |
92 | * by allocating a slot in the h/w key table/cache. In |
93 | * lieu of that return key slot 0 for any unicast key |
94 | * request. We disallow the request if this is a group key. |
95 | * This default policy does the right thing for legacy hardware |
96 | * with a 4 key table. It also handles devices that pass |
97 | * packets through untouched when marked with the WEP bit |
98 | * and key index 0. |
99 | */ |
100 | if (k->wk_flags & IEEE80211_KEY_GROUP) |
101 | return 0; |
102 | *keyix = 0; /* NB: use key index 0 for ucast key */ |
103 | } else { |
104 | *keyix = k - ic->ic_nw_keys; |
105 | } |
106 | *rxkeyix = IEEE80211_KEYIX_NONE; /* XXX maybe *keyix? */ |
107 | return 1; |
108 | } |
109 | static int |
110 | null_key_delete(struct ieee80211com *ic, |
111 | const struct ieee80211_key *k) |
112 | { |
113 | return 1; |
114 | } |
115 | static int |
116 | null_key_set(struct ieee80211com *ic, |
117 | const struct ieee80211_key *k, |
118 | const u_int8_t mac[IEEE80211_ADDR_LEN]) |
119 | { |
120 | return 1; |
121 | } |
122 | static void null_key_update(struct ieee80211com *ic) {} |
123 | |
124 | /* |
125 | * Write-arounds for common operations. |
126 | */ |
127 | static __inline void |
128 | cipher_detach(struct ieee80211_key *key) |
129 | { |
130 | key->wk_cipher->ic_detach(key); |
131 | } |
132 | |
133 | /* |
134 | * Wrappers for driver key management methods. |
135 | */ |
136 | static __inline int |
137 | dev_key_alloc(struct ieee80211com *ic, |
138 | const struct ieee80211_key *key, |
139 | ieee80211_keyix *keyix, ieee80211_keyix *rxkeyix) |
140 | { |
141 | return ic->ic_crypto.cs_key_alloc(ic, key, keyix, rxkeyix); |
142 | } |
143 | |
144 | static __inline int |
145 | dev_key_delete(struct ieee80211com *ic, |
146 | const struct ieee80211_key *key) |
147 | { |
148 | return ic->ic_crypto.cs_key_delete(ic, key); |
149 | } |
150 | |
151 | static __inline int |
152 | dev_key_set(struct ieee80211com *ic, const struct ieee80211_key *key, |
153 | const u_int8_t mac[IEEE80211_ADDR_LEN]) |
154 | { |
155 | return ic->ic_crypto.cs_key_set(ic, key, mac); |
156 | } |
157 | |
158 | /* |
159 | * Setup crypto support. |
160 | */ |
161 | void |
162 | ieee80211_crypto_attach(struct ieee80211com *ic) |
163 | { |
164 | struct ieee80211_crypto_state *cs = &ic->ic_crypto; |
165 | int i; |
166 | |
167 | /* NB: we assume everything is pre-zero'd */ |
168 | cs->cs_def_txkey = IEEE80211_KEYIX_NONE; |
169 | cs->cs_max_keyix = IEEE80211_WEP_NKID; |
170 | ciphers[IEEE80211_CIPHER_NONE] = &ieee80211_cipher_none; |
171 | for (i = 0; i < IEEE80211_WEP_NKID; i++) |
172 | ieee80211_crypto_resetkey(ic, &cs->cs_nw_keys[i], |
173 | IEEE80211_KEYIX_NONE); |
174 | /* |
175 | * Initialize the driver key support routines to noop entries. |
176 | * This is useful especially for the cipher test modules. |
177 | */ |
178 | cs->cs_key_alloc = null_key_alloc; |
179 | cs->cs_key_set = null_key_set; |
180 | cs->cs_key_delete = null_key_delete; |
181 | cs->cs_key_update_begin = null_key_update; |
182 | cs->cs_key_update_end = null_key_update; |
183 | } |
184 | |
185 | /* |
186 | * Teardown crypto support. |
187 | */ |
188 | void |
189 | ieee80211_crypto_detach(struct ieee80211com *ic) |
190 | { |
191 | ieee80211_crypto_delglobalkeys(ic); |
192 | } |
193 | |
194 | /* |
195 | * Register a crypto cipher module. |
196 | */ |
197 | void |
198 | ieee80211_crypto_register(const struct ieee80211_cipher *cip) |
199 | { |
200 | if (cip->ic_cipher >= IEEE80211_CIPHER_MAX) { |
201 | printf("%s: cipher %s has an invalid cipher index %u\n" , |
202 | __func__, cip->ic_name, cip->ic_cipher); |
203 | return; |
204 | } |
205 | if (ciphers[cip->ic_cipher] != NULL && ciphers[cip->ic_cipher] != cip) { |
206 | printf("%s: cipher %s registered with a different template\n" , |
207 | __func__, cip->ic_name); |
208 | return; |
209 | } |
210 | ciphers[cip->ic_cipher] = cip; |
211 | } |
212 | |
213 | /* |
214 | * Unregister a crypto cipher module. |
215 | */ |
216 | void |
217 | ieee80211_crypto_unregister(const struct ieee80211_cipher *cip) |
218 | { |
219 | if (cip->ic_cipher >= IEEE80211_CIPHER_MAX) { |
220 | printf("%s: cipher %s has an invalid cipher index %u\n" , |
221 | __func__, cip->ic_name, cip->ic_cipher); |
222 | return; |
223 | } |
224 | if (ciphers[cip->ic_cipher] != NULL && ciphers[cip->ic_cipher] != cip) { |
225 | printf("%s: cipher %s registered with a different template\n" , |
226 | __func__, cip->ic_name); |
227 | return; |
228 | } |
229 | /* NB: don't complain about not being registered */ |
230 | /* XXX disallow if references */ |
231 | ciphers[cip->ic_cipher] = NULL; |
232 | } |
233 | |
234 | int |
235 | ieee80211_crypto_available(u_int cipher) |
236 | { |
237 | return cipher < IEEE80211_CIPHER_MAX && ciphers[cipher] != NULL; |
238 | } |
239 | |
240 | /* XXX well-known names! */ |
241 | static const char *cipher_modnames[] = { |
242 | "wlan_wep" , /* IEEE80211_CIPHER_WEP */ |
243 | "wlan_tkip" , /* IEEE80211_CIPHER_TKIP */ |
244 | "wlan_aes_ocb" , /* IEEE80211_CIPHER_AES_OCB */ |
245 | "wlan_ccmp" , /* IEEE80211_CIPHER_AES_CCM */ |
246 | "wlan_ckip" , /* IEEE80211_CIPHER_CKIP */ |
247 | }; |
248 | |
249 | /* |
250 | * Establish a relationship between the specified key and cipher |
251 | * and, if necessary, allocate a hardware index from the driver. |
252 | * Note that when a fixed key index is required it must be specified |
253 | * and we blindly assign it w/o consulting the driver (XXX). |
254 | * |
255 | * This must be the first call applied to a key; all the other key |
256 | * routines assume wk_cipher is setup. |
257 | * |
258 | * Locking must be handled by the caller using: |
259 | * ieee80211_key_update_begin(ic); |
260 | * ieee80211_key_update_end(ic); |
261 | */ |
262 | int |
263 | ieee80211_crypto_newkey(struct ieee80211com *ic, |
264 | int cipher, int flags, struct ieee80211_key *key) |
265 | { |
266 | #define N(a) (sizeof(a) / sizeof(a[0])) |
267 | const struct ieee80211_cipher *cip; |
268 | ieee80211_keyix keyix, rxkeyix; |
269 | void *keyctx; |
270 | int oflags; |
271 | |
272 | /* |
273 | * Validate cipher and set reference to cipher routines. |
274 | */ |
275 | if (cipher >= IEEE80211_CIPHER_MAX) { |
276 | IEEE80211_DPRINTF(ic, IEEE80211_MSG_CRYPTO, |
277 | "%s: invalid cipher %u\n" , __func__, cipher); |
278 | ic->ic_stats.is_crypto_badcipher++; |
279 | return 0; |
280 | } |
281 | cip = ciphers[cipher]; |
282 | if (cip == NULL) { |
283 | /* |
284 | * Auto-load cipher module if we have a well-known name |
285 | * for it. It might be better to use string names rather |
286 | * than numbers and craft a module name based on the cipher |
287 | * name; e.g. wlan_cipher_<cipher-name>. |
288 | */ |
289 | if (cipher < N(cipher_modnames)) { |
290 | IEEE80211_DPRINTF(ic, IEEE80211_MSG_CRYPTO, |
291 | "%s: unregistered cipher %u, load module %s\n" , |
292 | __func__, cipher, cipher_modnames[cipher]); |
293 | ieee80211_load_module(cipher_modnames[cipher]); |
294 | /* |
295 | * If cipher module loaded it should immediately |
296 | * call ieee80211_crypto_register which will fill |
297 | * in the entry in the ciphers array. |
298 | */ |
299 | cip = ciphers[cipher]; |
300 | } |
301 | if (cip == NULL) { |
302 | IEEE80211_DPRINTF(ic, IEEE80211_MSG_CRYPTO, |
303 | "%s: unable to load cipher %u, module %s\n" , |
304 | __func__, cipher, |
305 | cipher < N(cipher_modnames) ? |
306 | cipher_modnames[cipher] : "<unknown>" ); |
307 | ic->ic_stats.is_crypto_nocipher++; |
308 | return 0; |
309 | } |
310 | } |
311 | |
312 | oflags = key->wk_flags; |
313 | flags &= IEEE80211_KEY_COMMON; |
314 | /* |
315 | * If the hardware does not support the cipher then |
316 | * fallback to a host-based implementation. |
317 | */ |
318 | if ((ic->ic_caps & (1<<cipher)) == 0) { |
319 | IEEE80211_DPRINTF(ic, IEEE80211_MSG_CRYPTO, |
320 | "%s: no h/w support for cipher %s, falling back to s/w\n" , |
321 | __func__, cip->ic_name); |
322 | flags |= IEEE80211_KEY_SWCRYPT; |
323 | } |
324 | /* |
325 | * Hardware TKIP with software MIC is an important |
326 | * combination; we handle it by flagging each key, |
327 | * the cipher modules honor it. |
328 | */ |
329 | if (cipher == IEEE80211_CIPHER_TKIP && |
330 | (ic->ic_caps & IEEE80211_C_TKIPMIC) == 0) { |
331 | IEEE80211_DPRINTF(ic, IEEE80211_MSG_CRYPTO, |
332 | "%s: no h/w support for TKIP MIC, falling back to s/w\n" , |
333 | __func__); |
334 | flags |= IEEE80211_KEY_SWMIC; |
335 | } |
336 | |
337 | /* |
338 | * Bind cipher to key instance. Note we do this |
339 | * after checking the device capabilities so the |
340 | * cipher module can optimize space usage based on |
341 | * whether or not it needs to do the cipher work. |
342 | */ |
343 | if (key->wk_cipher != cip || key->wk_flags != flags) { |
344 | again: |
345 | /* |
346 | * Fillin the flags so cipher modules can see s/w |
347 | * crypto requirements and potentially allocate |
348 | * different state and/or attach different method |
349 | * pointers. |
350 | * |
351 | * XXX this is not right when s/w crypto fallback |
352 | * fails and we try to restore previous state. |
353 | */ |
354 | key->wk_flags = flags; |
355 | keyctx = cip->ic_attach(ic, key); |
356 | if (keyctx == NULL) { |
357 | IEEE80211_DPRINTF(ic, IEEE80211_MSG_CRYPTO, |
358 | "%s: unable to attach cipher %s\n" , |
359 | __func__, cip->ic_name); |
360 | key->wk_flags = oflags; /* restore old flags */ |
361 | ic->ic_stats.is_crypto_attachfail++; |
362 | return 0; |
363 | } |
364 | cipher_detach(key); |
365 | key->wk_cipher = cip; /* XXX refcnt? */ |
366 | key->wk_private = keyctx; |
367 | } |
368 | /* |
369 | * Commit to requested usage so driver can see the flags. |
370 | */ |
371 | key->wk_flags = flags; |
372 | |
373 | /* |
374 | * Ask the driver for a key index if we don't have one. |
375 | * Note that entries in the global key table always have |
376 | * an index; this means it's safe to call this routine |
377 | * for these entries just to setup the reference to the |
378 | * cipher template. Note also that when using software |
379 | * crypto we also call the driver to give us a key index. |
380 | */ |
381 | if (key->wk_keyix == IEEE80211_KEYIX_NONE) { |
382 | if (!dev_key_alloc(ic, key, &keyix, &rxkeyix)) { |
383 | /* |
384 | * Driver has no room; fallback to doing crypto |
385 | * in the host. We change the flags and start the |
386 | * procedure over. If we get back here then there's |
387 | * no hope and we bail. Note that this can leave |
388 | * the key in a inconsistent state if the caller |
389 | * continues to use it. |
390 | */ |
391 | if ((key->wk_flags & IEEE80211_KEY_SWCRYPT) == 0) { |
392 | ic->ic_stats.is_crypto_swfallback++; |
393 | IEEE80211_DPRINTF(ic, IEEE80211_MSG_CRYPTO, |
394 | "%s: no h/w resources for cipher %s, " |
395 | "falling back to s/w\n" , __func__, |
396 | cip->ic_name); |
397 | oflags = key->wk_flags; |
398 | flags |= IEEE80211_KEY_SWCRYPT; |
399 | if (cipher == IEEE80211_CIPHER_TKIP) |
400 | flags |= IEEE80211_KEY_SWMIC; |
401 | goto again; |
402 | } |
403 | ic->ic_stats.is_crypto_keyfail++; |
404 | IEEE80211_DPRINTF(ic, IEEE80211_MSG_CRYPTO, |
405 | "%s: unable to setup cipher %s\n" , |
406 | __func__, cip->ic_name); |
407 | return 0; |
408 | } |
409 | key->wk_keyix = keyix; |
410 | key->wk_rxkeyix = rxkeyix; |
411 | } |
412 | return 1; |
413 | #undef N |
414 | } |
415 | |
416 | /* |
417 | * Remove the key (no locking, for internal use). |
418 | */ |
419 | static int |
420 | _ieee80211_crypto_delkey(struct ieee80211com *ic, struct ieee80211_key *key) |
421 | { |
422 | ieee80211_keyix keyix; |
423 | |
424 | IASSERT(key->wk_cipher != NULL, ("No cipher!" )); |
425 | |
426 | IEEE80211_DPRINTF(ic, IEEE80211_MSG_CRYPTO, |
427 | "%s: %s keyix %u flags 0x%x rsc %ju tsc %ju len %u\n" , |
428 | __func__, key->wk_cipher->ic_name, |
429 | key->wk_keyix, key->wk_flags, |
430 | key->wk_keyrsc, key->wk_keytsc, key->wk_keylen); |
431 | |
432 | keyix = key->wk_keyix; |
433 | if (keyix != IEEE80211_KEYIX_NONE) { |
434 | /* |
435 | * Remove hardware entry. |
436 | */ |
437 | /* XXX key cache */ |
438 | if (!dev_key_delete(ic, key)) { |
439 | IEEE80211_DPRINTF(ic, IEEE80211_MSG_CRYPTO, |
440 | "%s: driver did not delete key index %u\n" , |
441 | __func__, keyix); |
442 | ic->ic_stats.is_crypto_delkey++; |
443 | /* XXX recovery? */ |
444 | } |
445 | } |
446 | cipher_detach(key); |
447 | memset(key, 0, sizeof(*key)); |
448 | ieee80211_crypto_resetkey(ic, key, IEEE80211_KEYIX_NONE); |
449 | return 1; |
450 | } |
451 | |
452 | /* |
453 | * Remove the specified key. |
454 | */ |
455 | int |
456 | ieee80211_crypto_delkey(struct ieee80211com *ic, struct ieee80211_key *key) |
457 | { |
458 | int status; |
459 | |
460 | ieee80211_key_update_begin(ic); |
461 | status = _ieee80211_crypto_delkey(ic, key); |
462 | ieee80211_key_update_end(ic); |
463 | return status; |
464 | } |
465 | |
466 | /* |
467 | * Clear the global key table. |
468 | */ |
469 | void |
470 | ieee80211_crypto_delglobalkeys(struct ieee80211com *ic) |
471 | { |
472 | int i; |
473 | |
474 | ieee80211_key_update_begin(ic); |
475 | for (i = 0; i < IEEE80211_WEP_NKID; i++) |
476 | (void) _ieee80211_crypto_delkey(ic, &ic->ic_nw_keys[i]); |
477 | ieee80211_key_update_end(ic); |
478 | } |
479 | |
480 | /* |
481 | * Set the contents of the specified key. |
482 | * |
483 | * Locking must be handled by the caller using: |
484 | * ieee80211_key_update_begin(ic); |
485 | * ieee80211_key_update_end(ic); |
486 | */ |
487 | int |
488 | ieee80211_crypto_setkey(struct ieee80211com *ic, struct ieee80211_key *key, |
489 | const u_int8_t macaddr[IEEE80211_ADDR_LEN]) |
490 | { |
491 | const struct ieee80211_cipher *cip = key->wk_cipher; |
492 | |
493 | IASSERT(cip != NULL, ("No cipher!" )); |
494 | |
495 | IEEE80211_DPRINTF(ic, IEEE80211_MSG_CRYPTO, |
496 | "%s: %s keyix %u flags 0x%x mac %s rsc %ju tsc %ju len %u\n" , |
497 | __func__, cip->ic_name, key->wk_keyix, |
498 | key->wk_flags, ether_sprintf(macaddr), |
499 | key->wk_keyrsc, key->wk_keytsc, key->wk_keylen); |
500 | |
501 | /* |
502 | * Give cipher a chance to validate key contents. |
503 | * XXX should happen before modifying state. |
504 | */ |
505 | if (!cip->ic_setkey(key)) { |
506 | IEEE80211_DPRINTF(ic, IEEE80211_MSG_CRYPTO, |
507 | "%s: cipher %s rejected key index %u len %u flags 0x%x\n" , |
508 | __func__, cip->ic_name, key->wk_keyix, |
509 | key->wk_keylen, key->wk_flags); |
510 | ic->ic_stats.is_crypto_setkey_cipher++; |
511 | return 0; |
512 | } |
513 | if (key->wk_keyix == IEEE80211_KEYIX_NONE) { |
514 | /* XXX nothing allocated, should not happen */ |
515 | IEEE80211_DPRINTF(ic, IEEE80211_MSG_CRYPTO, |
516 | "%s: no key index; should not happen!\n" , __func__); |
517 | ic->ic_stats.is_crypto_setkey_nokey++; |
518 | return 0; |
519 | } |
520 | return dev_key_set(ic, key, macaddr); |
521 | } |
522 | |
523 | /* |
524 | * Add privacy headers appropriate for the specified key. |
525 | */ |
526 | struct ieee80211_key * |
527 | ieee80211_crypto_encap(struct ieee80211com *ic, |
528 | struct ieee80211_node *ni, struct mbuf *m) |
529 | { |
530 | struct ieee80211_key *k; |
531 | struct ieee80211_frame *wh; |
532 | const struct ieee80211_cipher *cip; |
533 | u_int8_t keyid; |
534 | |
535 | /* |
536 | * Multicast traffic always uses the multicast key. |
537 | * Otherwise if a unicast key is set we use that and |
538 | * it is always key index 0. When no unicast key is |
539 | * set we fall back to the default transmit key. |
540 | */ |
541 | wh = mtod(m, struct ieee80211_frame *); |
542 | if (IEEE80211_IS_MULTICAST(wh->i_addr1) || |
543 | ni->ni_ucastkey.wk_cipher == &ieee80211_cipher_none) { |
544 | if (ic->ic_def_txkey == IEEE80211_KEYIX_NONE) { |
545 | IEEE80211_DPRINTF(ic, IEEE80211_MSG_CRYPTO, |
546 | "[%s] no default transmit key (%s) deftxkey %u\n" , |
547 | ether_sprintf(wh->i_addr1), __func__, |
548 | ic->ic_def_txkey); |
549 | ic->ic_stats.is_tx_nodefkey++; |
550 | return NULL; |
551 | } |
552 | keyid = ic->ic_def_txkey; |
553 | k = &ic->ic_nw_keys[ic->ic_def_txkey]; |
554 | } else { |
555 | keyid = 0; |
556 | k = &ni->ni_ucastkey; |
557 | } |
558 | cip = k->wk_cipher; |
559 | return (cip->ic_encap(k, m, keyid<<6) ? k : NULL); |
560 | } |
561 | |
562 | /* |
563 | * Validate and strip privacy headers (and trailer) for a |
564 | * received frame that has the WEP/Privacy bit set. |
565 | */ |
566 | struct ieee80211_key * |
567 | ieee80211_crypto_decap(struct ieee80211com *ic, |
568 | struct ieee80211_node *ni, struct mbuf *m, int hdrlen) |
569 | { |
570 | #define IEEE80211_WEP_HDRLEN (IEEE80211_WEP_IVLEN + IEEE80211_WEP_KIDLEN) |
571 | #define IEEE80211_WEP_MINLEN \ |
572 | (sizeof(struct ieee80211_frame) + \ |
573 | IEEE80211_WEP_HDRLEN + IEEE80211_WEP_CRCLEN) |
574 | struct ieee80211_key *k; |
575 | struct ieee80211_frame *wh; |
576 | const struct ieee80211_cipher *cip; |
577 | u_int8_t keyid; |
578 | |
579 | /* NB: this minimum size data frame could be bigger */ |
580 | if (m->m_pkthdr.len < IEEE80211_WEP_MINLEN) { |
581 | IEEE80211_DPRINTF(ic, IEEE80211_MSG_ANY, |
582 | "%s: WEP data frame too short, len %u\n" , |
583 | __func__, m->m_pkthdr.len); |
584 | ic->ic_stats.is_rx_tooshort++; /* XXX need unique stat? */ |
585 | return NULL; |
586 | } |
587 | |
588 | /* |
589 | * Locate the key. If unicast and there is no unicast |
590 | * key then we fall back to the key id in the header. |
591 | * This assumes unicast keys are only configured when |
592 | * the key id in the header is meaningless (typically 0). |
593 | */ |
594 | wh = mtod(m, struct ieee80211_frame *); |
595 | m_copydata(m, hdrlen + IEEE80211_WEP_IVLEN, sizeof(keyid), &keyid); |
596 | if (IEEE80211_IS_MULTICAST(wh->i_addr1) || |
597 | ni->ni_ucastkey.wk_cipher == &ieee80211_cipher_none) |
598 | k = &ic->ic_nw_keys[keyid >> 6]; |
599 | else |
600 | k = &ni->ni_ucastkey; |
601 | |
602 | /* |
603 | * Insure crypto header is contiguous for all decap work. |
604 | */ |
605 | cip = k->wk_cipher; |
606 | if (m->m_len < hdrlen + cip->ic_header && |
607 | (m = m_pullup(m, hdrlen + cip->ic_header)) == NULL) { |
608 | IEEE80211_DPRINTF(ic, IEEE80211_MSG_CRYPTO, |
609 | "[%s] unable to pullup %s header\n" , |
610 | ether_sprintf(wh->i_addr2), cip->ic_name); |
611 | ic->ic_stats.is_rx_wepfail++; /* XXX */ |
612 | return NULL; |
613 | } |
614 | |
615 | return (cip->ic_decap(k, m, hdrlen) ? k : NULL); |
616 | #undef IEEE80211_WEP_MINLEN |
617 | #undef IEEE80211_WEP_HDRLEN |
618 | } |
619 | |