Extend CCMP to support encryption and decryption of unicast management frames. Signed-off-by: Jouni Malinen <j@xxxxx> Index: wireless-testing/net/mac80211/wpa.c =================================================================== --- wireless-testing.orig/net/mac80211/wpa.c +++ wireless-testing/net/mac80211/wpa.c @@ -299,7 +299,7 @@ static void ccmp_special_blocks(struct s int encrypted) { u16 fc; - int a4_included, qos_included; + int a4_included, qos_included, mgmt; u8 qos_tid, *fc_pos, *data, *sa, *da; int len_a; size_t data_len; @@ -309,6 +309,7 @@ static void ccmp_special_blocks(struct s fc = fc_pos[0] ^ (fc_pos[1] << 8); a4_included = (fc & (IEEE80211_FCTL_TODS | IEEE80211_FCTL_FROMDS)) == (IEEE80211_FCTL_TODS | IEEE80211_FCTL_FROMDS); + mgmt = (fc & IEEE80211_FCTL_FTYPE) == IEEE80211_FTYPE_MGMT; ieee80211_get_hdr_info(skb, &sa, &da, &qos_tid, &data, &data_len); data_len -= CCMP_HDR_LEN + (encrypted ? CCMP_MIC_LEN : 0); @@ -320,8 +321,10 @@ static void ccmp_special_blocks(struct s /* First block, b_0 */ b_0[0] = 0x59; /* flags: Adata: 1, M: 011, L: 001 */ - /* Nonce: QoS Priority | A2 | PN */ - b_0[1] = qos_tid; + /* Nonce: Nonce Flags | A2 | PN + * Nonce Flags: Priority (b0..b3) | Management (b4) | Reserved (b5..b7) + */ + b_0[1] = qos_tid | (mgmt << 4); memcpy(&b_0[2], hdr->addr2, 6); memcpy(&b_0[8], pn, CCMP_PN_LEN); /* l(m) */ @@ -338,8 +341,11 @@ static void ccmp_special_blocks(struct s aad[0] = 0; /* (len_a >> 8) & 0xff; */ aad[1] = len_a & 0xff; - /* Mask FC: zero subtype b4 b5 b6 */ - aad[2] = fc_pos[0] & ~(BIT(4) | BIT(5) | BIT(6)); + aad[2] = fc_pos[0]; /* FC type/subtype */ + if (!mgmt) { + /* Mask FC: zero subtype b4 b5 b6 */ + aad[2] &= BIT(4) | BIT(5) | BIT(6); + } /* Retry, PwrMgt, MoreData; set Protected */ aad[3] = (fc_pos[1] & ~(BIT(3) | BIT(4) | BIT(5))) | BIT(6); memcpy(&aad[4], &hdr->addr1, 18); Index: wireless-testing/net/mac80211/tx.c =================================================================== --- wireless-testing.orig/net/mac80211/tx.c +++ wireless-testing/net/mac80211/tx.c @@ -446,6 +446,26 @@ ieee80211_tx_h_ps_buf(struct ieee80211_t return ieee80211_tx_h_multicast_ps_buf(tx); } +static int ieee80211_use_mfp(u16 fc, struct sta_info *sta, struct sk_buff *skb) +{ + u16 stype; + + if ((fc & IEEE80211_FCTL_FTYPE) != IEEE80211_FTYPE_MGMT) + return 0; + + if (sta == NULL || !test_sta_flags(sta, WLAN_STA_MFP)) + return 0; + + stype = fc & IEEE80211_FCTL_STYPE; + if (stype != IEEE80211_STYPE_DEAUTH && + stype != IEEE80211_STYPE_DISASSOC && + stype != IEEE80211_STYPE_ACTION) + return 0; + + return 1; +} + + static ieee80211_tx_result ieee80211_tx_h_select_key(struct ieee80211_tx_data *tx) { @@ -482,10 +502,14 @@ ieee80211_tx_h_select_key(struct ieee802 stype == IEEE80211_STYPE_AUTH) break; case ALG_TKIP: - case ALG_CCMP: if (!WLAN_FC_DATA_PRESENT(fc)) tx->key = NULL; break; + case ALG_CCMP: + if (!WLAN_FC_DATA_PRESENT(fc) && + !ieee80211_use_mfp(fc, tx->sta, tx->skb)) + tx->key = NULL; + break; } } -- -- Jouni Malinen PGP id EFC895FA -- To unsubscribe from this list: send the line "unsubscribe linux-wireless" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html