From ef0d8f6351ef193da64ddcc50f012140d89c66c5 Mon Sep 17 00:00:00 2001 From: Adrian Chadd Date: Fri, 2 Oct 2015 21:25:48 +0000 Subject: [PATCH] net80211: separate ieee80211_crypto_get_keyid() from ieee80211_crypto_encap() Tested: * rum(4), STA mode * rsu(4), STA mode * urtwn(4), STA mode Submitted by: Differential Revision: https://reviews.freebsd.org/D3637 --- sys/net80211/ieee80211_crypto.c | 19 +++++++++++++------ sys/net80211/ieee80211_crypto.h | 5 +++-- sys/net80211/ieee80211_crypto_ccmp.c | 8 ++++++-- sys/net80211/ieee80211_crypto_none.c | 9 ++++++--- sys/net80211/ieee80211_crypto_tkip.c | 7 +++++-- sys/net80211/ieee80211_crypto_wep.c | 8 ++++++-- 6 files changed, 39 insertions(+), 17 deletions(-) diff --git a/sys/net80211/ieee80211_crypto.c b/sys/net80211/ieee80211_crypto.c index d338506edafd..5864d2829a95 100644 --- a/sys/net80211/ieee80211_crypto.c +++ b/sys/net80211/ieee80211_crypto.c @@ -521,6 +521,16 @@ ieee80211_crypto_setkey(struct ieee80211vap *vap, struct ieee80211_key *key) return dev_key_set(vap, key); } +uint8_t +ieee80211_crypto_get_keyid(struct ieee80211vap *vap, struct ieee80211_key *k) +{ + if (k >= &vap->iv_nw_keys[0] && + k < &vap->iv_nw_keys[IEEE80211_WEP_NKID]) + return (k - vap->iv_nw_keys); + else + return (0); +} + /* * Add privacy headers appropriate for the specified key. */ @@ -531,7 +541,6 @@ ieee80211_crypto_encap(struct ieee80211_node *ni, struct mbuf *m) struct ieee80211_key *k; struct ieee80211_frame *wh; const struct ieee80211_cipher *cip; - uint8_t keyid; /* * Multicast traffic always uses the multicast key. @@ -550,14 +559,12 @@ ieee80211_crypto_encap(struct ieee80211_node *ni, struct mbuf *m) vap->iv_stats.is_tx_nodefkey++; return NULL; } - keyid = vap->iv_def_txkey; k = &vap->iv_nw_keys[vap->iv_def_txkey]; - } else { - keyid = 0; + } else k = &ni->ni_ucastkey; - } + cip = k->wk_cipher; - return (cip->ic_encap(k, m, keyid<<6) ? k : NULL); + return (cip->ic_encap(k, m) ? k : NULL); } /* diff --git a/sys/net80211/ieee80211_crypto.h b/sys/net80211/ieee80211_crypto.h index d7ac436f9bf5..7d6aee46a53e 100644 --- a/sys/net80211/ieee80211_crypto.h +++ b/sys/net80211/ieee80211_crypto.h @@ -178,8 +178,7 @@ struct ieee80211_cipher { void* (*ic_attach)(struct ieee80211vap *, struct ieee80211_key *); void (*ic_detach)(struct ieee80211_key *); int (*ic_setkey)(struct ieee80211_key *); - int (*ic_encap)(struct ieee80211_key *, struct mbuf *, - uint8_t keyid); + int (*ic_encap)(struct ieee80211_key *, struct mbuf *); int (*ic_decap)(struct ieee80211_key *, struct mbuf *, int); int (*ic_enmic)(struct ieee80211_key *, struct mbuf *, int); int (*ic_demic)(struct ieee80211_key *, struct mbuf *, int); @@ -193,6 +192,8 @@ void ieee80211_crypto_register(const struct ieee80211_cipher *); void ieee80211_crypto_unregister(const struct ieee80211_cipher *); int ieee80211_crypto_available(u_int cipher); +uint8_t ieee80211_crypto_get_keyid(struct ieee80211vap *vap, + struct ieee80211_key *k); struct ieee80211_key *ieee80211_crypto_encap(struct ieee80211_node *, struct mbuf *); struct ieee80211_key *ieee80211_crypto_decap(struct ieee80211_node *, diff --git a/sys/net80211/ieee80211_crypto_ccmp.c b/sys/net80211/ieee80211_crypto_ccmp.c index 485a9cd9dcea..80c489725f6f 100644 --- a/sys/net80211/ieee80211_crypto_ccmp.c +++ b/sys/net80211/ieee80211_crypto_ccmp.c @@ -63,7 +63,7 @@ struct ccmp_ctx { static void *ccmp_attach(struct ieee80211vap *, struct ieee80211_key *); static void ccmp_detach(struct ieee80211_key *); static int ccmp_setkey(struct ieee80211_key *); -static int ccmp_encap(struct ieee80211_key *k, struct mbuf *, uint8_t keyid); +static int ccmp_encap(struct ieee80211_key *, struct mbuf *); static int ccmp_decap(struct ieee80211_key *, struct mbuf *, int); static int ccmp_enmic(struct ieee80211_key *, struct mbuf *, int); static int ccmp_demic(struct ieee80211_key *, struct mbuf *, int); @@ -138,11 +138,13 @@ ccmp_setkey(struct ieee80211_key *k) * Add privacy headers appropriate for the specified key. */ static int -ccmp_encap(struct ieee80211_key *k, struct mbuf *m, uint8_t keyid) +ccmp_encap(struct ieee80211_key *k, struct mbuf *m) { struct ccmp_ctx *ctx = k->wk_private; struct ieee80211com *ic = ctx->cc_ic; + struct ieee80211vap *vap = ctx->cc_vap; uint8_t *ivp; + uint8_t keyid; int hdrlen; hdrlen = ieee80211_hdrspace(ic, mtod(m, void *)); @@ -157,6 +159,8 @@ ccmp_encap(struct ieee80211_key *k, struct mbuf *m, uint8_t keyid) ovbcopy(ivp + ccmp.ic_header, ivp, hdrlen); ivp += hdrlen; + keyid = ieee80211_crypto_get_keyid(vap, k) << 6; + k->wk_keytsc++; /* XXX wrap at 48 bits */ ivp[0] = k->wk_keytsc >> 0; /* PN0 */ ivp[1] = k->wk_keytsc >> 8; /* PN1 */ diff --git a/sys/net80211/ieee80211_crypto_none.c b/sys/net80211/ieee80211_crypto_none.c index b1ffbb48aa48..84e6651e69dc 100644 --- a/sys/net80211/ieee80211_crypto_none.c +++ b/sys/net80211/ieee80211_crypto_none.c @@ -48,7 +48,7 @@ __FBSDID("$FreeBSD$"); static void *none_attach(struct ieee80211vap *, struct ieee80211_key *); static void none_detach(struct ieee80211_key *); static int none_setkey(struct ieee80211_key *); -static int none_encap(struct ieee80211_key *, struct mbuf *, uint8_t); +static int none_encap(struct ieee80211_key *, struct mbuf *); static int none_decap(struct ieee80211_key *, struct mbuf *, int); static int none_enmic(struct ieee80211_key *, struct mbuf *, int); static int none_demic(struct ieee80211_key *, struct mbuf *, int); @@ -88,19 +88,22 @@ none_setkey(struct ieee80211_key *k) } static int -none_encap(struct ieee80211_key *k, struct mbuf *m, uint8_t keyid) +none_encap(struct ieee80211_key *k, struct mbuf *m) { struct ieee80211vap *vap = k->wk_private; #ifdef IEEE80211_DEBUG struct ieee80211_frame *wh = mtod(m, struct ieee80211_frame *); #endif + uint8_t keyid; + + keyid = ieee80211_crypto_get_keyid(vap, k); /* * The specified key is not setup; this can * happen, at least, when changing keys. */ IEEE80211_NOTE_MAC(vap, IEEE80211_MSG_CRYPTO, wh->i_addr1, - "key id %u is not set (encap)", keyid>>6); + "key id %u is not set (encap)", keyid); vap->iv_stats.is_tx_badcipher++; return 0; } diff --git a/sys/net80211/ieee80211_crypto_tkip.c b/sys/net80211/ieee80211_crypto_tkip.c index 16673def6fe1..d5f316ae8d5b 100644 --- a/sys/net80211/ieee80211_crypto_tkip.c +++ b/sys/net80211/ieee80211_crypto_tkip.c @@ -54,7 +54,7 @@ __FBSDID("$FreeBSD$"); static void *tkip_attach(struct ieee80211vap *, struct ieee80211_key *); static void tkip_detach(struct ieee80211_key *); static int tkip_setkey(struct ieee80211_key *); -static int tkip_encap(struct ieee80211_key *, struct mbuf *m, uint8_t keyid); +static int tkip_encap(struct ieee80211_key *, struct mbuf *); static int tkip_enmic(struct ieee80211_key *, struct mbuf *, int); static int tkip_decap(struct ieee80211_key *, struct mbuf *, int); static int tkip_demic(struct ieee80211_key *, struct mbuf *, int); @@ -152,12 +152,13 @@ tkip_setkey(struct ieee80211_key *k) * Add privacy headers and do any s/w encryption required. */ static int -tkip_encap(struct ieee80211_key *k, struct mbuf *m, uint8_t keyid) +tkip_encap(struct ieee80211_key *k, struct mbuf *m) { struct tkip_ctx *ctx = k->wk_private; struct ieee80211vap *vap = ctx->tc_vap; struct ieee80211com *ic = vap->iv_ic; uint8_t *ivp; + uint8_t keyid; int hdrlen; /* @@ -185,6 +186,8 @@ tkip_encap(struct ieee80211_key *k, struct mbuf *m, uint8_t keyid) memmove(ivp, ivp + tkip.ic_header, hdrlen); ivp += hdrlen; + keyid = ieee80211_crypto_get_keyid(vap, k) << 6; + ivp[0] = k->wk_keytsc >> 8; /* TSC1 */ ivp[1] = (ivp[0] | 0x20) & 0x7f; /* WEP seed */ ivp[2] = k->wk_keytsc >> 0; /* TSC0 */ diff --git a/sys/net80211/ieee80211_crypto_wep.c b/sys/net80211/ieee80211_crypto_wep.c index 2e84dd0fdf0d..b99af5dd1ddc 100644 --- a/sys/net80211/ieee80211_crypto_wep.c +++ b/sys/net80211/ieee80211_crypto_wep.c @@ -50,7 +50,7 @@ __FBSDID("$FreeBSD$"); static void *wep_attach(struct ieee80211vap *, struct ieee80211_key *); static void wep_detach(struct ieee80211_key *); static int wep_setkey(struct ieee80211_key *); -static int wep_encap(struct ieee80211_key *, struct mbuf *, uint8_t keyid); +static int wep_encap(struct ieee80211_key *, struct mbuf *); static int wep_decap(struct ieee80211_key *, struct mbuf *, int hdrlen); static int wep_enmic(struct ieee80211_key *, struct mbuf *, int); static int wep_demic(struct ieee80211_key *, struct mbuf *, int); @@ -121,12 +121,14 @@ wep_setkey(struct ieee80211_key *k) * Add privacy headers appropriate for the specified key. */ static int -wep_encap(struct ieee80211_key *k, struct mbuf *m, uint8_t keyid) +wep_encap(struct ieee80211_key *k, struct mbuf *m) { struct wep_ctx *ctx = k->wk_private; + struct ieee80211vap *vap = ctx->wc_vap; struct ieee80211com *ic = ctx->wc_ic; uint32_t iv; uint8_t *ivp; + uint8_t keyid; int hdrlen; hdrlen = ieee80211_hdrspace(ic, mtod(m, void *)); @@ -141,6 +143,8 @@ wep_encap(struct ieee80211_key *k, struct mbuf *m, uint8_t keyid) ovbcopy(ivp + wep.ic_header, ivp, hdrlen); ivp += hdrlen; + keyid = ieee80211_crypto_get_keyid(vap, k) << 6; + /* * XXX * IV must not duplicate during the lifetime of the key.