diff --git a/sys/net80211/ieee80211_crypto.c b/sys/net80211/ieee80211_crypto.c index 0cfeeffc80a9..44c0933e1ad2 100644 --- a/sys/net80211/ieee80211_crypto.c +++ b/sys/net80211/ieee80211_crypto.c @@ -1,5 +1,6 @@ -/* $NetBSD: ieee80211_crypto.c,v 1.19 2018/01/16 09:04:30 maxv Exp $ */ -/*- +/* $NetBSD: ieee80211_crypto.c,v 1.20 2018/01/17 17:41:38 maxv Exp $ */ + +/* * Copyright (c) 2001 Atsushi Onoe * Copyright (c) 2002-2005 Sam Leffler, Errno Consulting * All rights reserved. @@ -36,7 +37,7 @@ __FBSDID("$FreeBSD: src/sys/net80211/ieee80211_crypto.c,v 1.12 2005/08/08 18:46:35 sam Exp $"); #endif #ifdef __NetBSD__ -__KERNEL_RCSID(0, "$NetBSD: ieee80211_crypto.c,v 1.19 2018/01/16 09:04:30 maxv Exp $"); +__KERNEL_RCSID(0, "$NetBSD: ieee80211_crypto.c,v 1.20 2018/01/17 17:41:38 maxv Exp $"); #endif #ifdef _KERNEL_OPT @@ -68,22 +69,22 @@ __KERNEL_RCSID(0, "$NetBSD: ieee80211_crypto.c,v 1.19 2018/01/16 09:04:30 maxv E /* * Table of registered cipher modules. */ -static const struct ieee80211_cipher *ciphers[IEEE80211_CIPHER_MAX]; +static const struct ieee80211_cipher *ciphers[IEEE80211_CIPHER_MAX]; #ifdef INET #include #include #endif -static int _ieee80211_crypto_delkey(struct ieee80211com *, - struct ieee80211_key *); +static int _ieee80211_crypto_delkey(struct ieee80211com *, + struct ieee80211_key *); /* * Default "null" key management routines. */ static int null_key_alloc(struct ieee80211com *ic, const struct ieee80211_key *k, - ieee80211_keyix *keyix, ieee80211_keyix *rxkeyix) + ieee80211_keyix *keyix, ieee80211_keyix *rxkeyix) { if (!(&ic->ic_nw_keys[0] <= k && k < &ic->ic_nw_keys[IEEE80211_WEP_NKID])) { @@ -106,20 +107,25 @@ null_key_alloc(struct ieee80211com *ic, const struct ieee80211_key *k, *rxkeyix = IEEE80211_KEYIX_NONE; /* XXX maybe *keyix? */ return 1; } + static int -null_key_delete(struct ieee80211com *ic, - const struct ieee80211_key *k) +null_key_delete(struct ieee80211com *ic, const struct ieee80211_key *k) { return 1; } -static int -null_key_set(struct ieee80211com *ic, - const struct ieee80211_key *k, + +static int +null_key_set(struct ieee80211com *ic, const struct ieee80211_key *k, const u_int8_t mac[IEEE80211_ADDR_LEN]) { return 1; } -static void null_key_update(struct ieee80211com *ic) {} + +static void +null_key_update(struct ieee80211com *ic) +{ + ; +} /* * Write-arounds for common operations. @@ -134,23 +140,21 @@ cipher_detach(struct ieee80211_key *key) * Wrappers for driver key management methods. */ static __inline int -dev_key_alloc(struct ieee80211com *ic, - const struct ieee80211_key *key, - ieee80211_keyix *keyix, ieee80211_keyix *rxkeyix) +dev_key_alloc(struct ieee80211com *ic, const struct ieee80211_key *key, + ieee80211_keyix *keyix, ieee80211_keyix *rxkeyix) { return ic->ic_crypto.cs_key_alloc(ic, key, keyix, rxkeyix); } static __inline int -dev_key_delete(struct ieee80211com *ic, - const struct ieee80211_key *key) +dev_key_delete(struct ieee80211com *ic, const struct ieee80211_key *key) { return ic->ic_crypto.cs_key_delete(ic, key); } static __inline int dev_key_set(struct ieee80211com *ic, const struct ieee80211_key *key, - const u_int8_t mac[IEEE80211_ADDR_LEN]) + const u_int8_t mac[IEEE80211_ADDR_LEN]) { return ic->ic_crypto.cs_key_set(ic, key, mac); } @@ -260,8 +264,8 @@ static const char *cipher_modnames[] = { * ieee80211_key_update_end(ic); */ int -ieee80211_crypto_newkey(struct ieee80211com *ic, - int cipher, int flags, struct ieee80211_key *key) +ieee80211_crypto_newkey(struct ieee80211com *ic, int cipher, int flags, + struct ieee80211_key *key) { #define N(a) (sizeof(a) / sizeof(a[0])) const struct ieee80211_cipher *cip; @@ -279,6 +283,7 @@ ieee80211_crypto_newkey(struct ieee80211com *ic, return 0; } cip = ciphers[cipher]; + if (cip == NULL) { /* * Auto-load cipher module if we have a well-known name @@ -311,9 +316,10 @@ ieee80211_crypto_newkey(struct ieee80211com *ic, oflags = key->wk_flags; flags &= IEEE80211_KEY_COMMON; + /* * If the hardware does not support the cipher then - * fallback to a host-based implementation. + * fall back to a host-based implementation. */ if ((ic->ic_caps & (1<ic_name); flags |= IEEE80211_KEY_SWCRYPT; } + /* * Hardware TKIP with software MIC is an important * combination; we handle it by flagging each key, @@ -473,7 +480,7 @@ ieee80211_crypto_delglobalkeys(struct ieee80211com *ic) ieee80211_key_update_begin(ic); for (i = 0; i < IEEE80211_WEP_NKID; i++) - (void) _ieee80211_crypto_delkey(ic, &ic->ic_nw_keys[i]); + (void)_ieee80211_crypto_delkey(ic, &ic->ic_nw_keys[i]); ieee80211_key_update_end(ic); } @@ -486,7 +493,7 @@ ieee80211_crypto_delglobalkeys(struct ieee80211com *ic) */ int ieee80211_crypto_setkey(struct ieee80211com *ic, struct ieee80211_key *key, - const u_int8_t macaddr[IEEE80211_ADDR_LEN]) + const u_int8_t macaddr[IEEE80211_ADDR_LEN]) { const struct ieee80211_cipher *cip = key->wk_cipher; @@ -524,13 +531,14 @@ ieee80211_crypto_setkey(struct ieee80211com *ic, struct ieee80211_key *key, * Add privacy headers appropriate for the specified key. */ struct ieee80211_key * -ieee80211_crypto_encap(struct ieee80211com *ic, - struct ieee80211_node *ni, struct mbuf *m) +ieee80211_crypto_encap(struct ieee80211com *ic, struct ieee80211_node *ni, + struct mbuf *m) { struct ieee80211_key *k; struct ieee80211_frame *wh; const struct ieee80211_cipher *cip; - u_int8_t keyid; + u_int8_t keyid, *hdr; + int hdrlen; /* * Multicast traffic always uses the multicast key. @@ -556,6 +564,25 @@ ieee80211_crypto_encap(struct ieee80211com *ic, k = &ni->ni_ucastkey; } cip = k->wk_cipher; + + /* + * The crypto header is added after the IEEE802.11 header. Prepend + * the size of the crypto header, and move the IEEE802.11 header back + * to the beginning of the mbuf. Ensure everything is contiguous. + */ + hdrlen = ieee80211_hdrspace(ic, mtod(m, void *)); + M_PREPEND(m, cip->ic_header, M_NOWAIT); + if (m && m->m_len < hdrlen + cip->ic_header) { + m = m_pullup(m, hdrlen + cip->ic_header); + } + if (m == NULL) { + return NULL; + } + hdr = mtod(m, u_int8_t *); + memmove(hdr, hdr + cip->ic_header, hdrlen); + + /* XXX pass the updated pointer back to the caller */ + return (cip->ic_encap(k, m, keyid<<6) ? k : NULL); } @@ -570,7 +597,7 @@ ieee80211_crypto_encap(struct ieee80211com *ic, */ struct ieee80211_key * ieee80211_crypto_decap(struct ieee80211com *ic, - struct ieee80211_node *ni, struct mbuf **mp, int hdrlen) + struct ieee80211_node *ni, struct mbuf **mp, int hdrlen) { const struct ieee80211_cipher *cip; struct ieee80211_key *k; diff --git a/sys/net80211/ieee80211_crypto_ccmp.c b/sys/net80211/ieee80211_crypto_ccmp.c index 6375a45e999f..ec29bd49b40f 100644 --- a/sys/net80211/ieee80211_crypto_ccmp.c +++ b/sys/net80211/ieee80211_crypto_ccmp.c @@ -34,7 +34,7 @@ __FBSDID("$FreeBSD: src/sys/net80211/ieee80211_crypto_ccmp.c,v 1.7 2005/07/11 03:06:23 sam Exp $"); #endif #ifdef __NetBSD__ -__KERNEL_RCSID(0, "$NetBSD: ieee80211_crypto_ccmp.c,v 1.11 2014/10/18 08:33:29 snj Exp $"); +__KERNEL_RCSID(0, "$NetBSD: ieee80211_crypto_ccmp.c,v 1.12 2018/01/17 17:41:38 maxv Exp $"); #endif /* @@ -148,16 +148,7 @@ ccmp_encap(struct ieee80211_key *k, struct mbuf *m, u_int8_t keyid) int hdrlen; hdrlen = ieee80211_hdrspace(ic, mtod(m, void *)); - - /* - * Copy down 802.11 header and add the IV, KeyID, and ExtIV. - */ - M_PREPEND(m, ccmp.ic_header, M_NOWAIT); - if (m == NULL) - return 0; - ivp = mtod(m, u_int8_t *); - ovbcopy(ivp + ccmp.ic_header, ivp, hdrlen); - ivp += hdrlen; + ivp = mtod(m, u_int8_t *) + hdrlen; k->wk_keytsc++; /* XXX wrap at 48 bits */ ivp[0] = k->wk_keytsc >> 0; /* PN0 */ diff --git a/sys/net80211/ieee80211_crypto_tkip.c b/sys/net80211/ieee80211_crypto_tkip.c index 8cc1133d4789..775c4bac78dd 100644 --- a/sys/net80211/ieee80211_crypto_tkip.c +++ b/sys/net80211/ieee80211_crypto_tkip.c @@ -34,7 +34,7 @@ __FBSDID("$FreeBSD: src/sys/net80211/ieee80211_crypto_tkip.c,v 1.10 2005/08/08 18:46:35 sam Exp $"); #endif #ifdef __NetBSD__ -__KERNEL_RCSID(0, "$NetBSD: ieee80211_crypto_tkip.c,v 1.12 2014/10/18 08:33:29 snj Exp $"); +__KERNEL_RCSID(0, "$NetBSD: ieee80211_crypto_tkip.c,v 1.13 2018/01/17 17:41:38 maxv Exp $"); #endif /* @@ -175,17 +175,9 @@ tkip_encap(struct ieee80211_key *k, struct mbuf *m, u_int8_t keyid) ic->ic_stats.is_crypto_tkipcm++; return 0; } - hdrlen = ieee80211_hdrspace(ic, mtod(m, void *)); - /* - * Copy down 802.11 header and add the IV, KeyID, and ExtIV. - */ - M_PREPEND(m, tkip.ic_header, M_NOWAIT); - if (m == NULL) - return 0; - ivp = mtod(m, u_int8_t *); - memmove(ivp, ivp + tkip.ic_header, hdrlen); - ivp += hdrlen; + hdrlen = ieee80211_hdrspace(ic, mtod(m, void *)); + ivp = mtod(m, u_int8_t *) + hdrlen; ivp[0] = k->wk_keytsc >> 8; /* TSC1 */ ivp[1] = (ivp[0] | 0x20) & 0x7f; /* WEP seed */ diff --git a/sys/net80211/ieee80211_crypto_wep.c b/sys/net80211/ieee80211_crypto_wep.c index 63061778036a..2dce08059edd 100644 --- a/sys/net80211/ieee80211_crypto_wep.c +++ b/sys/net80211/ieee80211_crypto_wep.c @@ -34,7 +34,7 @@ __FBSDID("$FreeBSD: src/sys/net80211/ieee80211_crypto_wep.c,v 1.7 2005/06/10 16:11:24 sam Exp $"); #endif #ifdef __NetBSD__ -__KERNEL_RCSID(0, "$NetBSD: ieee80211_crypto_wep.c,v 1.9 2016/10/09 14:50:20 christos Exp $"); +__KERNEL_RCSID(0, "$NetBSD: ieee80211_crypto_wep.c,v 1.10 2018/01/17 17:41:38 maxv Exp $"); #endif /* @@ -132,16 +132,7 @@ wep_encap(struct ieee80211_key *k, struct mbuf *m, u_int8_t keyid) int hdrlen; hdrlen = ieee80211_hdrspace(ic, mtod(m, void *)); - - /* - * Copy down 802.11 header and add the IV + KeyID. - */ - M_PREPEND(m, wep.ic_header, M_NOWAIT); - if (m == NULL) - return 0; - ivp = mtod(m, u_int8_t *); - ovbcopy(ivp + wep.ic_header, ivp, hdrlen); - ivp += hdrlen; + ivp = mtod(m, u_int8_t *) + hdrlen; /* * XXX