1 /* $NetBSD: ieee80211_crypto.c,v 1.23 2018/05/08 07:02:07 maxv Exp $ */
2
3 /*
4 * Copyright (c) 2001 Atsushi Onoe
5 * Copyright (c) 2002-2005 Sam Leffler, Errno Consulting
6 * All rights reserved.
7 *
8 * Redistribution and use in source and binary forms, with or without
9 * modification, are permitted provided that the following conditions
10 * are met:
11 * 1. Redistributions of source code must retain the above copyright
12 * notice, this list of conditions and the following disclaimer.
13 * 2. Redistributions in binary form must reproduce the above copyright
14 * notice, this list of conditions and the following disclaimer in the
15 * documentation and/or other materials provided with the distribution.
16 * 3. The name of the author may not be used to endorse or promote products
17 * derived from this software without specific prior written permission.
18 *
19 * Alternatively, this software may be distributed under the terms of the
20 * GNU General Public License ("GPL") version 2 as published by the Free
21 * Software Foundation.
22 *
23 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
24 * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
25 * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
26 * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
27 * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
28 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
29 * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
30 * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
31 * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
32 * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
33 */
34
35 #include <sys/cdefs.h>
36 #ifdef __FreeBSD__
37 __FBSDID("$FreeBSD: src/sys/net80211/ieee80211_crypto.c,v 1.12 2005/08/08 18:46:35 sam Exp $");
38 #endif
39 #ifdef __NetBSD__
40 __KERNEL_RCSID(0, "$NetBSD: ieee80211_crypto.c,v 1.23 2018/05/08 07:02:07 maxv Exp $");
41 #endif
42
43 #ifdef _KERNEL_OPT
44 #include "opt_inet.h"
45 #endif
46
47 /*
48 * IEEE 802.11 generic crypto support.
49 */
50 #include <sys/param.h>
51 #include <sys/mbuf.h>
52
53 #include <sys/socket.h>
54 #include <sys/sockio.h>
55 #include <sys/endian.h>
56 #include <sys/errno.h>
57 #include <sys/proc.h>
58 #include <sys/sysctl.h>
59
60 #include <net/if.h>
61 #include <net/if_media.h>
62 #include <net/if_arp.h>
63 #include <net/if_ether.h>
64 #include <net/if_llc.h>
65
66 #include <net80211/ieee80211_netbsd.h>
67 #include <net80211/ieee80211_var.h>
68
69 /*
70 * Table of registered cipher modules.
71 */
72 static const struct ieee80211_cipher *ciphers[IEEE80211_CIPHER_MAX];
73
74 #ifdef INET
75 #include <netinet/in.h>
76 #include <net/if_ether.h>
77 #endif
78
79 static int _ieee80211_crypto_delkey(struct ieee80211com *,
80 struct ieee80211_key *);
81
82 /*
83 * Default "null" key management routines.
84 */
85 static int
null_key_alloc(struct ieee80211com * ic,const struct ieee80211_key * k,ieee80211_keyix * keyix,ieee80211_keyix * rxkeyix)86 null_key_alloc(struct ieee80211com *ic, const struct ieee80211_key *k,
87 ieee80211_keyix *keyix, ieee80211_keyix *rxkeyix)
88 {
89 if (!(&ic->ic_nw_keys[0] <= k &&
90 k < &ic->ic_nw_keys[IEEE80211_WEP_NKID])) {
91 /*
92 * Not in the global key table, the driver should handle this
93 * by allocating a slot in the h/w key table/cache. In
94 * lieu of that return key slot 0 for any unicast key
95 * request. We disallow the request if this is a group key.
96 * This default policy does the right thing for legacy hardware
97 * with a 4 key table. It also handles devices that pass
98 * packets through untouched when marked with the WEP bit
99 * and key index 0.
100 */
101 if (k->wk_flags & IEEE80211_KEY_GROUP)
102 return 0;
103 *keyix = 0; /* NB: use key index 0 for ucast key */
104 } else {
105 *keyix = k - ic->ic_nw_keys;
106 }
107 *rxkeyix = IEEE80211_KEYIX_NONE; /* XXX maybe *keyix? */
108 return 1;
109 }
110
111 static int
null_key_delete(struct ieee80211com * ic,const struct ieee80211_key * k)112 null_key_delete(struct ieee80211com *ic, const struct ieee80211_key *k)
113 {
114 return 1;
115 }
116
117 static int
null_key_set(struct ieee80211com * ic,const struct ieee80211_key * k,const u_int8_t mac[IEEE80211_ADDR_LEN])118 null_key_set(struct ieee80211com *ic, const struct ieee80211_key *k,
119 const u_int8_t mac[IEEE80211_ADDR_LEN])
120 {
121 return 1;
122 }
123
124 static void
null_key_update(struct ieee80211com * ic)125 null_key_update(struct ieee80211com *ic)
126 {
127 ;
128 }
129
130 /*
131 * Write-arounds for common operations.
132 */
133 static __inline void
cipher_detach(struct ieee80211_key * key)134 cipher_detach(struct ieee80211_key *key)
135 {
136 key->wk_cipher->ic_detach(key);
137 }
138
139 /*
140 * Wrappers for driver key management methods.
141 */
142 static __inline int
dev_key_alloc(struct ieee80211com * ic,const struct ieee80211_key * key,ieee80211_keyix * keyix,ieee80211_keyix * rxkeyix)143 dev_key_alloc(struct ieee80211com *ic, const struct ieee80211_key *key,
144 ieee80211_keyix *keyix, ieee80211_keyix *rxkeyix)
145 {
146 return ic->ic_crypto.cs_key_alloc(ic, key, keyix, rxkeyix);
147 }
148
149 static __inline int
dev_key_delete(struct ieee80211com * ic,const struct ieee80211_key * key)150 dev_key_delete(struct ieee80211com *ic, const struct ieee80211_key *key)
151 {
152 return ic->ic_crypto.cs_key_delete(ic, key);
153 }
154
155 static __inline int
dev_key_set(struct ieee80211com * ic,const struct ieee80211_key * key,const u_int8_t mac[IEEE80211_ADDR_LEN])156 dev_key_set(struct ieee80211com *ic, const struct ieee80211_key *key,
157 const u_int8_t mac[IEEE80211_ADDR_LEN])
158 {
159 return ic->ic_crypto.cs_key_set(ic, key, mac);
160 }
161
162 /*
163 * Setup crypto support.
164 */
165 void
ieee80211_crypto_attach(struct ieee80211com * ic)166 ieee80211_crypto_attach(struct ieee80211com *ic)
167 {
168 struct ieee80211_crypto_state *cs = &ic->ic_crypto;
169 int i;
170
171 /* NB: we assume everything is pre-zero'd */
172 cs->cs_def_txkey = IEEE80211_KEYIX_NONE;
173 cs->cs_max_keyix = IEEE80211_WEP_NKID;
174 ciphers[IEEE80211_CIPHER_NONE] = &ieee80211_cipher_none;
175 for (i = 0; i < IEEE80211_WEP_NKID; i++)
176 ieee80211_crypto_resetkey(ic, &cs->cs_nw_keys[i],
177 IEEE80211_KEYIX_NONE);
178 /*
179 * Initialize the driver key support routines to noop entries.
180 * This is useful especially for the cipher test modules.
181 */
182 cs->cs_key_alloc = null_key_alloc;
183 cs->cs_key_set = null_key_set;
184 cs->cs_key_delete = null_key_delete;
185 cs->cs_key_update_begin = null_key_update;
186 cs->cs_key_update_end = null_key_update;
187 }
188
189 /*
190 * Teardown crypto support.
191 */
192 void
ieee80211_crypto_detach(struct ieee80211com * ic)193 ieee80211_crypto_detach(struct ieee80211com *ic)
194 {
195 ieee80211_crypto_delglobalkeys(ic);
196 }
197
198 /*
199 * Register a crypto cipher module.
200 */
201 void
ieee80211_crypto_register(const struct ieee80211_cipher * cip)202 ieee80211_crypto_register(const struct ieee80211_cipher *cip)
203 {
204 if (cip->ic_cipher >= IEEE80211_CIPHER_MAX) {
205 printf("%s: cipher %s has an invalid cipher index %u\n",
206 __func__, cip->ic_name, cip->ic_cipher);
207 return;
208 }
209 if (ciphers[cip->ic_cipher] != NULL && ciphers[cip->ic_cipher] != cip) {
210 printf("%s: cipher %s registered with a different template\n",
211 __func__, cip->ic_name);
212 return;
213 }
214 ciphers[cip->ic_cipher] = cip;
215 }
216
217 /*
218 * Unregister a crypto cipher module.
219 */
220 void
ieee80211_crypto_unregister(const struct ieee80211_cipher * cip)221 ieee80211_crypto_unregister(const struct ieee80211_cipher *cip)
222 {
223 if (cip->ic_cipher >= IEEE80211_CIPHER_MAX) {
224 printf("%s: cipher %s has an invalid cipher index %u\n",
225 __func__, cip->ic_name, cip->ic_cipher);
226 return;
227 }
228 if (ciphers[cip->ic_cipher] != NULL && ciphers[cip->ic_cipher] != cip) {
229 printf("%s: cipher %s registered with a different template\n",
230 __func__, cip->ic_name);
231 return;
232 }
233 /* NB: don't complain about not being registered */
234 /* XXX disallow if references */
235 ciphers[cip->ic_cipher] = NULL;
236 }
237
238 int
ieee80211_crypto_available(u_int cipher)239 ieee80211_crypto_available(u_int cipher)
240 {
241 return cipher < IEEE80211_CIPHER_MAX && ciphers[cipher] != NULL;
242 }
243
244 /* XXX well-known names! */
245 static const char *cipher_modnames[] = {
246 "wlan_wep", /* IEEE80211_CIPHER_WEP */
247 "wlan_tkip", /* IEEE80211_CIPHER_TKIP */
248 "wlan_aes_ocb", /* IEEE80211_CIPHER_AES_OCB */
249 "wlan_ccmp", /* IEEE80211_CIPHER_AES_CCM */
250 "wlan_ckip", /* IEEE80211_CIPHER_CKIP */
251 };
252
253 /*
254 * Establish a relationship between the specified key and cipher
255 * and, if necessary, allocate a hardware index from the driver.
256 * Note that when a fixed key index is required it must be specified
257 * and we blindly assign it w/o consulting the driver (XXX).
258 *
259 * This must be the first call applied to a key; all the other key
260 * routines assume wk_cipher is setup.
261 *
262 * Locking must be handled by the caller using:
263 * ieee80211_key_update_begin(ic);
264 * ieee80211_key_update_end(ic);
265 */
266 int
ieee80211_crypto_newkey(struct ieee80211com * ic,int cipher,int flags,struct ieee80211_key * key)267 ieee80211_crypto_newkey(struct ieee80211com *ic, int cipher, int flags,
268 struct ieee80211_key *key)
269 {
270 #define N(a) (sizeof(a) / sizeof(a[0]))
271 const struct ieee80211_cipher *cip;
272 ieee80211_keyix keyix, rxkeyix;
273 void *keyctx;
274 int oflags;
275
276 /*
277 * Validate cipher and set reference to cipher routines.
278 */
279 if (cipher >= IEEE80211_CIPHER_MAX) {
280 IEEE80211_DPRINTF(ic, IEEE80211_MSG_CRYPTO,
281 "%s: invalid cipher %u\n", __func__, cipher);
282 ic->ic_stats.is_crypto_badcipher++;
283 return 0;
284 }
285 cip = ciphers[cipher];
286
287 if (cip == NULL) {
288 /*
289 * Auto-load cipher module if we have a well-known name
290 * for it. It might be better to use string names rather
291 * than numbers and craft a module name based on the cipher
292 * name; e.g. wlan_cipher_<cipher-name>.
293 */
294 if (cipher < N(cipher_modnames)) {
295 IEEE80211_DPRINTF(ic, IEEE80211_MSG_CRYPTO,
296 "%s: unregistered cipher %u, load module %s\n",
297 __func__, cipher, cipher_modnames[cipher]);
298 ieee80211_load_module(cipher_modnames[cipher]);
299 /*
300 * If cipher module loaded it should immediately
301 * call ieee80211_crypto_register which will fill
302 * in the entry in the ciphers array.
303 */
304 cip = ciphers[cipher];
305 }
306 if (cip == NULL) {
307 IEEE80211_DPRINTF(ic, IEEE80211_MSG_CRYPTO,
308 "%s: unable to load cipher %u, module %s\n",
309 __func__, cipher,
310 cipher < N(cipher_modnames) ?
311 cipher_modnames[cipher] : "<unknown>");
312 ic->ic_stats.is_crypto_nocipher++;
313 return 0;
314 }
315 }
316
317 oflags = key->wk_flags;
318 flags &= IEEE80211_KEY_COMMON;
319
320 /*
321 * If the hardware does not support the cipher then
322 * fall back to a host-based implementation.
323 */
324 if ((ic->ic_caps & (1<<cipher)) == 0) {
325 IEEE80211_DPRINTF(ic, IEEE80211_MSG_CRYPTO,
326 "%s: no h/w support for cipher %s, falling back to s/w\n",
327 __func__, cip->ic_name);
328 flags |= IEEE80211_KEY_SWCRYPT;
329 }
330
331 /*
332 * Hardware TKIP with software MIC is an important
333 * combination; we handle it by flagging each key,
334 * the cipher modules honor it.
335 */
336 if (cipher == IEEE80211_CIPHER_TKIP &&
337 (ic->ic_caps & IEEE80211_C_TKIPMIC) == 0) {
338 IEEE80211_DPRINTF(ic, IEEE80211_MSG_CRYPTO,
339 "%s: no h/w support for TKIP MIC, falling back to s/w\n",
340 __func__);
341 flags |= IEEE80211_KEY_SWMIC;
342 }
343
344 /*
345 * Bind cipher to key instance. Note we do this
346 * after checking the device capabilities so the
347 * cipher module can optimize space usage based on
348 * whether or not it needs to do the cipher work.
349 */
350 if (key->wk_cipher != cip || key->wk_flags != flags) {
351 again:
352 /*
353 * Fillin the flags so cipher modules can see s/w
354 * crypto requirements and potentially allocate
355 * different state and/or attach different method
356 * pointers.
357 *
358 * XXX this is not right when s/w crypto fallback
359 * fails and we try to restore previous state.
360 */
361 key->wk_flags = flags;
362 keyctx = cip->ic_attach(ic, key);
363 if (keyctx == NULL) {
364 IEEE80211_DPRINTF(ic, IEEE80211_MSG_CRYPTO,
365 "%s: unable to attach cipher %s\n",
366 __func__, cip->ic_name);
367 key->wk_flags = oflags; /* restore old flags */
368 ic->ic_stats.is_crypto_attachfail++;
369 return 0;
370 }
371 cipher_detach(key);
372 key->wk_cipher = cip; /* XXX refcnt? */
373 key->wk_private = keyctx;
374 }
375 /*
376 * Commit to requested usage so driver can see the flags.
377 */
378 key->wk_flags = flags;
379
380 /*
381 * Ask the driver for a key index if we don't have one.
382 * Note that entries in the global key table always have
383 * an index; this means it's safe to call this routine
384 * for these entries just to setup the reference to the
385 * cipher template. Note also that when using software
386 * crypto we also call the driver to give us a key index.
387 */
388 if (key->wk_keyix == IEEE80211_KEYIX_NONE) {
389 if (!dev_key_alloc(ic, key, &keyix, &rxkeyix)) {
390 /*
391 * Driver has no room; fallback to doing crypto
392 * in the host. We change the flags and start the
393 * procedure over. If we get back here then there's
394 * no hope and we bail. Note that this can leave
395 * the key in a inconsistent state if the caller
396 * continues to use it.
397 */
398 if ((key->wk_flags & IEEE80211_KEY_SWCRYPT) == 0) {
399 ic->ic_stats.is_crypto_swfallback++;
400 IEEE80211_DPRINTF(ic, IEEE80211_MSG_CRYPTO,
401 "%s: no h/w resources for cipher %s, "
402 "falling back to s/w\n", __func__,
403 cip->ic_name);
404 oflags = key->wk_flags;
405 flags |= IEEE80211_KEY_SWCRYPT;
406 if (cipher == IEEE80211_CIPHER_TKIP)
407 flags |= IEEE80211_KEY_SWMIC;
408 goto again;
409 }
410 ic->ic_stats.is_crypto_keyfail++;
411 IEEE80211_DPRINTF(ic, IEEE80211_MSG_CRYPTO,
412 "%s: unable to setup cipher %s\n",
413 __func__, cip->ic_name);
414 return 0;
415 }
416 key->wk_keyix = keyix;
417 key->wk_rxkeyix = rxkeyix;
418 }
419 return 1;
420 #undef N
421 }
422
423 /*
424 * Remove the key (no locking, for internal use).
425 */
426 static int
_ieee80211_crypto_delkey(struct ieee80211com * ic,struct ieee80211_key * key)427 _ieee80211_crypto_delkey(struct ieee80211com *ic, struct ieee80211_key *key)
428 {
429 ieee80211_keyix keyix;
430
431 IASSERT(key->wk_cipher != NULL, ("No cipher!"));
432
433 IEEE80211_DPRINTF(ic, IEEE80211_MSG_CRYPTO,
434 "%s: %s keyix %u flags 0x%x rsc %ju tsc %ju len %u\n",
435 __func__, key->wk_cipher->ic_name,
436 key->wk_keyix, key->wk_flags,
437 key->wk_keyrsc, key->wk_keytsc, key->wk_keylen);
438
439 keyix = key->wk_keyix;
440 if (keyix != IEEE80211_KEYIX_NONE) {
441 /*
442 * Remove hardware entry.
443 */
444 /* XXX key cache */
445 if (!dev_key_delete(ic, key)) {
446 IEEE80211_DPRINTF(ic, IEEE80211_MSG_CRYPTO,
447 "%s: driver did not delete key index %u\n",
448 __func__, keyix);
449 ic->ic_stats.is_crypto_delkey++;
450 /* XXX recovery? */
451 }
452 }
453 cipher_detach(key);
454 memset(key, 0, sizeof(*key));
455 ieee80211_crypto_resetkey(ic, key, IEEE80211_KEYIX_NONE);
456 return 1;
457 }
458
459 /*
460 * Remove the specified key.
461 */
462 int
ieee80211_crypto_delkey(struct ieee80211com * ic,struct ieee80211_key * key)463 ieee80211_crypto_delkey(struct ieee80211com *ic, struct ieee80211_key *key)
464 {
465 int status;
466
467 ieee80211_key_update_begin(ic);
468 status = _ieee80211_crypto_delkey(ic, key);
469 ieee80211_key_update_end(ic);
470 return status;
471 }
472
473 /*
474 * Clear the global key table.
475 */
476 void
ieee80211_crypto_delglobalkeys(struct ieee80211com * ic)477 ieee80211_crypto_delglobalkeys(struct ieee80211com *ic)
478 {
479 int i;
480
481 ieee80211_key_update_begin(ic);
482 for (i = 0; i < IEEE80211_WEP_NKID; i++)
483 (void)_ieee80211_crypto_delkey(ic, &ic->ic_nw_keys[i]);
484 ieee80211_key_update_end(ic);
485 }
486
487 /*
488 * Set the contents of the specified key.
489 *
490 * Locking must be handled by the caller using:
491 * ieee80211_key_update_begin(ic);
492 * ieee80211_key_update_end(ic);
493 */
494 int
ieee80211_crypto_setkey(struct ieee80211com * ic,struct ieee80211_key * key,const u_int8_t macaddr[IEEE80211_ADDR_LEN])495 ieee80211_crypto_setkey(struct ieee80211com *ic, struct ieee80211_key *key,
496 const u_int8_t macaddr[IEEE80211_ADDR_LEN])
497 {
498 const struct ieee80211_cipher *cip = key->wk_cipher;
499
500 IASSERT(cip != NULL, ("No cipher!"));
501
502 IEEE80211_DPRINTF(ic, IEEE80211_MSG_CRYPTO,
503 "%s: %s keyix %u flags 0x%x mac %s rsc %ju tsc %ju len %u\n",
504 __func__, cip->ic_name, key->wk_keyix,
505 key->wk_flags, ether_sprintf(macaddr),
506 key->wk_keyrsc, key->wk_keytsc, key->wk_keylen);
507
508 /*
509 * Give cipher a chance to validate key contents.
510 * XXX should happen before modifying state.
511 */
512 if (!cip->ic_setkey(key)) {
513 IEEE80211_DPRINTF(ic, IEEE80211_MSG_CRYPTO,
514 "%s: cipher %s rejected key index %u len %u flags 0x%x\n",
515 __func__, cip->ic_name, key->wk_keyix,
516 key->wk_keylen, key->wk_flags);
517 ic->ic_stats.is_crypto_setkey_cipher++;
518 return 0;
519 }
520 if (key->wk_keyix == IEEE80211_KEYIX_NONE) {
521 /* XXX nothing allocated, should not happen */
522 IEEE80211_DPRINTF(ic, IEEE80211_MSG_CRYPTO,
523 "%s: no key index; should not happen!\n", __func__);
524 ic->ic_stats.is_crypto_setkey_nokey++;
525 return 0;
526 }
527 return dev_key_set(ic, key, macaddr);
528 }
529
530 /*
531 * Add privacy headers appropriate for the specified key.
532 *
533 * XXX XXX XXX: Here we modify 'm', and potentially reallocate it. We
534 * should pass back to the caller the updated pointer to avoid
535 * use-after-frees. This can be done by changing the argument to be **m,
536 * but many drivers will have to be changed accordingly.
537 */
538 struct ieee80211_key *
ieee80211_crypto_encap(struct ieee80211com * ic,struct ieee80211_node * ni,struct mbuf * m)539 ieee80211_crypto_encap(struct ieee80211com *ic, struct ieee80211_node *ni,
540 struct mbuf *m)
541 {
542 struct ieee80211_key *k;
543 struct ieee80211_frame *wh;
544 const struct ieee80211_cipher *cip;
545 u_int8_t keyid, *hdr;
546 int hdrlen;
547
548 /*
549 * Multicast traffic always uses the multicast key.
550 * Otherwise if a unicast key is set we use that and
551 * it is always key index 0. When no unicast key is
552 * set we fall back to the default transmit key.
553 */
554 wh = mtod(m, struct ieee80211_frame *);
555 if (IEEE80211_IS_MULTICAST(wh->i_addr1) ||
556 ni->ni_ucastkey.wk_cipher == &ieee80211_cipher_none) {
557 if (ic->ic_def_txkey == IEEE80211_KEYIX_NONE) {
558 IEEE80211_DPRINTF(ic, IEEE80211_MSG_CRYPTO,
559 "[%s] no default transmit key (%s) deftxkey %u\n",
560 ether_sprintf(wh->i_addr1), __func__,
561 ic->ic_def_txkey);
562 ic->ic_stats.is_tx_nodefkey++;
563 return NULL;
564 }
565 keyid = ic->ic_def_txkey;
566 k = &ic->ic_nw_keys[ic->ic_def_txkey];
567 } else {
568 keyid = 0;
569 k = &ni->ni_ucastkey;
570 }
571 cip = k->wk_cipher;
572
573 /*
574 * The crypto header is added after the IEEE802.11 header. Prepend
575 * the size of the crypto header, and move the IEEE802.11 header back
576 * to the beginning of the mbuf. Ensure everything is contiguous.
577 */
578 hdrlen = ieee80211_hdrspace(ic, mtod(m, void *));
579 M_PREPEND(m, cip->ic_header, M_NOWAIT);
580 if (m && m->m_len < hdrlen + cip->ic_header) {
581 m = m_pullup(m, hdrlen + cip->ic_header);
582 }
583 if (m == NULL) {
584 return NULL;
585 }
586 hdr = mtod(m, u_int8_t *);
587 memmove(hdr, hdr + cip->ic_header, hdrlen);
588
589 return (cip->ic_encap(k, m, keyid<<6) ? k : NULL);
590 }
591
592 #define IEEE80211_WEP_HDRLEN (IEEE80211_WEP_IVLEN + IEEE80211_WEP_KIDLEN)
593 #define IEEE80211_WEP_MINLEN \
594 (sizeof(struct ieee80211_frame) + \
595 IEEE80211_WEP_HDRLEN + IEEE80211_WEP_CRCLEN)
596
597 /*
598 * Validate and strip privacy headers (and trailer) for a
599 * received frame that has the WEP/Privacy bit set.
600 */
601 struct ieee80211_key *
ieee80211_crypto_decap(struct ieee80211com * ic,struct ieee80211_node * ni,struct mbuf ** mp,int hdrlen)602 ieee80211_crypto_decap(struct ieee80211com *ic,
603 struct ieee80211_node *ni, struct mbuf **mp, int hdrlen)
604 {
605 const struct ieee80211_cipher *cip;
606 struct ieee80211_key *k;
607 struct ieee80211_frame *wh;
608 struct mbuf *m = *mp;
609 u_int8_t keyid;
610
611 KASSERT((m->m_flags & M_PKTHDR) != 0);
612
613 /*
614 * This minimum size data frame could be bigger. It is re-checked
615 * below.
616 */
617 if (m->m_pkthdr.len < IEEE80211_WEP_MINLEN) {
618 IEEE80211_DPRINTF(ic, IEEE80211_MSG_ANY,
619 "%s: WEP data frame too short, len %u\n",
620 __func__, m->m_pkthdr.len);
621 ic->ic_stats.is_rx_tooshort++;
622 return NULL;
623 }
624
625 /*
626 * Locate the key. If unicast and there is no unicast
627 * key then we fall back to the key id in the header.
628 * This assumes unicast keys are only configured when
629 * the key id in the header is meaningless (typically 0).
630 */
631 wh = mtod(m, struct ieee80211_frame *);
632 m_copydata(m, hdrlen + IEEE80211_WEP_IVLEN, sizeof(keyid), &keyid);
633 if (IEEE80211_IS_MULTICAST(wh->i_addr1) ||
634 ni->ni_ucastkey.wk_cipher == &ieee80211_cipher_none) {
635 k = &ic->ic_nw_keys[keyid >> 6];
636 } else {
637 k = &ni->ni_ucastkey;
638 }
639
640 /*
641 * Insure crypto header is contiguous for all decap work.
642 */
643 cip = k->wk_cipher;
644 if (m->m_len < hdrlen + cip->ic_header) {
645 m = m_pullup(m, hdrlen + cip->ic_header);
646 *mp = m;
647 }
648
649 if (m == NULL) {
650 ic->ic_stats.is_rx_tooshort++;
651 return NULL;
652 }
653
654 /*
655 * Ensure there is a header+trailer included.
656 */
657 if (m->m_pkthdr.len < hdrlen + cip->ic_header + cip->ic_trailer) {
658 IEEE80211_DPRINTF(ic, IEEE80211_MSG_ANY,
659 "%s: WEP data frame too short, len %u\n",
660 __func__, m->m_pkthdr.len);
661 ic->ic_stats.is_rx_tooshort++;
662 return NULL;
663 }
664
665 return (cip->ic_decap(k, m, hdrlen) ? k : NULL);
666 }
667