From: Hong Liu <hong.liu@intel.com>
To: Johannes Berg <johannes@sipsolutions.net>, Jiri Benc <jbenc@suse.cz>
Cc: "John W. Linville" <linville@tuxdriver.com>,
netdev <netdev@vger.kernel.org>, Michael Buesch <mb@bu3sch.de>
Subject: Re: [patch 1/2]d80211: hardware TKIP support for ipw3945
Date: Tue, 14 Nov 2006 10:22:58 +0800 [thread overview]
Message-ID: <1163470978.7789.31.camel@devlinux-hong> (raw)
In-Reply-To: <1161766245.2767.17.camel@ux156>
Resend the patch according to Johannes's comments.
Still put he tkip_key in tx_control structure.
Signed-off-by: Hong Liu <hong.liu@intel.com>
diff --git a/include/net/d80211.h b/include/net/d80211.h
index 812f2d1..cf87adc 100644
--- a/include/net/d80211.h
+++ b/include/net/d80211.h
@@ -159,6 +159,7 @@ #define IEEE80211_TXCTL_CLEAR_DST_MASK (
#define IEEE80211_TXCTL_REQUEUE (1<<7)
#define IEEE80211_TXCTL_FIRST_FRAGMENT (1<<8) /* this is a first fragment of
* the frame */
+#define IEEE80211_TXCTL_TKIP_NEW_PHASE1_KEY (1<<9)
u32 flags; /* tx control flags defined
* above */
u16 rts_cts_duration; /* duration field for RTS/CTS frame */
@@ -169,6 +170,7 @@ #define IEEE80211_TXCTL_FIRST_FRAGMENT (
* hw->set_key() */
u8 icv_len; /* length of the ICV/MIC field in octets */
u8 iv_len; /* length of the IV field in octets */
+ u8 tkip_key[16]; /* generated phase2/phase1 key for hw TKIP */
u8 queue; /* hardware queue to use for this frame;
* 0 = highest, hw->queues-1 = lowest */
u8 sw_retry_attempt; /* number of times hw has tried to
@@ -487,6 +489,15 @@ #define IEEE80211_HW_MONITOR_DURING_OPER
* i.e. more than one skb per frame */
#define IEEE80211_HW_FRAGLIST (1<<11)
+ /* calculate Michael MIC for an MSDU when doing hwcrypto */
+#define IEEE80211_HW_TKIP_INCLUDE_MMIC (1<<12)
+ /* Do TKIP phase1 key mixing in stack to support cards only do
+ * phase2 key mixing when doing hwcrypto */
+#define IEEE80211_HW_TKIP_REQ_PHASE1_KEY (1<<13)
+ /* Do TKIP phase1 and phase2 key mixing in stack and send the generated
+ * per-packet RC4 key with each TX frame when doing hwcrypto */
+#define IEEE80211_HW_TKIP_REQ_PHASE2_KEY (1<<14)
+
u32 flags; /* hardware flags defined above */
/* This is the time in us to change channels
diff --git a/net/d80211/tkip.c b/net/d80211/tkip.c
index 7e3665a..fd02449 100644
--- a/net/d80211/tkip.c
+++ b/net/d80211/tkip.c
@@ -190,17 +190,16 @@ u8 * ieee80211_tkip_add_iv(u8 *pos, stru
return pos;
}
-
-/* Encrypt packet payload with TKIP using @key. @pos is a pointer to the
- * beginning of the buffer containing payload. This payload must include
- * headroom of eight octets for IV and Ext. IV and taildroom of four octets
- * for ICV. @payload_len is the length of payload (_not_ including extra
- * headroom and tailroom). @ta is the transmitter addresses. */
-void ieee80211_tkip_encrypt_data(struct crypto_tfm *tfm, struct ieee80211_key *key,
- u8 *pos, size_t payload_len, u8 *ta)
+void ieee80211_tkip_gen_phase1key(struct ieee80211_key *key, u8 *ta,
+ u16 *phase1key)
{
- u8 rc4key[16];
+ tkip_mixing_phase1(ta, &key->key[ALG_TKIP_TEMP_ENCR_KEY],
+ key->u.tkip.iv32, phase1key);
+}
+void ieee80211_tkip_gen_rc4key(struct ieee80211_key *key, u8 *ta,
+ u8 *rc4key)
+{
/* Calculate per-packet key */
if (key->u.tkip.iv16 == 0 || !key->u.tkip.tx_initialized) {
/* IV16 wrapped around - perform TKIP phase 1 */
@@ -211,7 +210,19 @@ void ieee80211_tkip_encrypt_data(struct
tkip_mixing_phase2(key->u.tkip.p1k, &key->key[ALG_TKIP_TEMP_ENCR_KEY],
key->u.tkip.iv16, rc4key);
+}
+
+/* Encrypt packet payload with TKIP using @key. @pos is a pointer to the
+ * beginning of the buffer containing payload. This payload must include
+ * headroom of eight octets for IV and Ext. IV and taildroom of four octets
+ * for ICV. @payload_len is the length of payload (_not_ including extra
+ * headroom and tailroom). @ta is the transmitter addresses. */
+void ieee80211_tkip_encrypt_data(struct crypto_tfm *tfm, struct ieee80211_key *key,
+ u8 *pos, size_t payload_len, u8 *ta)
+{
+ u8 rc4key[16];
+ ieee80211_tkip_gen_rc4key(key, ta, rc4key);
pos = ieee80211_tkip_add_iv(pos, key, rc4key[0], rc4key[1], rc4key[2]);
ieee80211_wep_encrypt_data(tfm, rc4key, 16, pos, payload_len);
}
diff --git a/net/d80211/tkip.h b/net/d80211/tkip.h
index e36b85c..9b22717 100644
--- a/net/d80211/tkip.h
+++ b/net/d80211/tkip.h
@@ -15,6 +15,10 @@ #include "ieee80211_key.h"
u8 * ieee80211_tkip_add_iv(u8 *pos, struct ieee80211_key *key,
u8 iv0, u8 iv1, u8 iv2);
+void ieee80211_tkip_gen_phase1key(struct ieee80211_key *key, u8 *ta,
+ u16 *phase1key);
+void ieee80211_tkip_gen_rc4key(struct ieee80211_key *key, u8 *ta,
+ u8 *rc4key);
void ieee80211_tkip_encrypt_data(struct crypto_tfm *tfm, struct ieee80211_key *key,
u8 *pos, size_t payload_len, u8 *ta);
enum {
diff --git a/net/d80211/wpa.c b/net/d80211/wpa.c
index e6ea53e..7484575 100644
--- a/net/d80211/wpa.c
+++ b/net/d80211/wpa.c
@@ -105,7 +105,9 @@ #endif /* CONFIG_HOSTAPD_WPA_TESTING */
if (!tx->key->force_sw_encrypt &&
!(tx->local->conf.flags & IEEE80211_CONF_SW_DECRYPT) &&
- !tx->fragmented && !wpa_test) {
+ !tx->fragmented &&
+ !(tx->local->hw->flags & IEEE80211_HW_TKIP_INCLUDE_MMIC) &&
+ !wpa_test) {
/* hwaccel - with no need for preallocated room for Michael MIC
*/
return TXRX_CONTINUE;
@@ -332,14 +334,32 @@ #ifdef CONFIG_HOSTAPD_WPA_TESTING
&& !tx->wpa_test
#endif /* CONFIG_HOSTAPD_WPA_TESTING */
) {
- /* hwaccel - with preallocated room for IV */
+ u32 flags = tx->local->hw->flags;
+ hdr = (struct ieee80211_hdr *)skb->data;
+ /* hwaccel - with preallocated room for IV */
ieee80211_tkip_add_iv(pos, key,
(u8) (key->u.tkip.iv16 >> 8),
(u8) (((key->u.tkip.iv16 >> 8) | 0x20) &
0x7f),
(u8) key->u.tkip.iv16);
+ if (flags & IEEE80211_HW_TKIP_REQ_PHASE2_KEY)
+ ieee80211_tkip_gen_rc4key(key, hdr->addr2,
+ tx->u.tx.control->tkip_key);
+ else if (flags & IEEE80211_HW_TKIP_REQ_PHASE1_KEY) {
+ if (key->u.tkip.iv16 == 0 ||
+ !key->u.tkip.tx_initialized) {
+ ieee80211_tkip_gen_phase1key(key, hdr->addr2,
+ (u16 *)tx->u.tx.control->tkip_key);
+ key->u.tkip.tx_initialized = 1;
+ tx->u.tx.control->flags |=
+ IEEE80211_TXCTL_TKIP_NEW_PHASE1_KEY;
+ } else
+ tx->u.tx.control->flags &=
+ ~IEEE80211_TXCTL_TKIP_NEW_PHASE1_KEY;
+ }
+
tx->u.tx.control->key_idx = tx->key->hw_key_idx;
return 0;
}
On Wed, 2006-10-25 at 16:50, Johannes Berg wrote:
> On Wed, 2006-10-25 at 16:28 +0800, Hong Liu wrote:
>
> > I'd prefer to let the stack tell the driver when there is new phase1 key
> > generated.
>
> Fine too, I guess.
>
> > + u8 tkip_keylen;
>
> What do you need that for? The driver should know whether it requested a
> phase 1 or phase 2 key.
>
> > + u8 tkip_key[16];/* generated RC4/phase1 key for hw TKIP */
>
> Do we really have to stick this into this structure? But I'll let Jiri
> figure out how to remove the structure bloat :)
>
> > + /* calculate Michael MIC for an MSDU when doing hwcrypto */
> > +#define IEEE80211_HW_TKIP_INCLUDE_MMIC (1<<12)
> > + /* Do TKIP phase1 key mixing in stack to support cards only do
> > + * phase2 key mixing when doing hwcrypto */
> > +#define IEEE80211_HW_TKIP_REQ_PHASE1_KEY (1<<13)
> > + /* Do TKIP phase1 and phase2 key mixing in stack and send the generated
> > + * per-packet RC4 key with each TX frame when doing hwcrypto */
> > +#define IEEE80211_HW_TKIP_REQ_PHASE2_KEY (1<<14)
>
> Maybe a comment indicating that you must not set both of these flags
> would be good. Or (see below)
>
> Should there be some flag indicating if the hw/firmware checked the MIC
> on reception? The current code has bad assumptions there:
>
> (from the pre-flags version)
>
> /* Some devices handle Michael MIC internally and do not include MIC in
> * the received packets passed up. device_strips_mic must be set
> * for such devices. The 'encryption' frame control bit is expected to
> * be still set in the IEEE 802.11 header with this option unlike with
> * the device_hides_wep configuration option.
> */
> unsigned int device_strips_mic:1;
>
> What if the devices leaves the MIC there but indicates if it was checked?
>
> > + if (flags & IEEE80211_HW_TKIP_REQ_PHASE1_KEY) {
> ...
> > + } else if (flags & IEEE80211_HW_TKIP_REQ_PHASE2_KEY) {
> ...
>
> if you change the order of these tests then setting both flags will be
> fine.
>
> johannes
>
>
next prev parent reply other threads:[~2006-11-14 2:31 UTC|newest]
Thread overview: 22+ messages / expand[flat|nested] mbox.gz Atom feed top
2006-10-20 9:19 [patch 1/2]d80211: hardware TKIP support for ipw3945 Hong Liu
2006-10-21 21:10 ` Matthieu CASTET
2006-10-23 12:40 ` Jiri Benc
2006-10-23 12:48 ` Johannes Berg
2006-10-23 12:56 ` Jiri Benc
2006-10-24 8:20 ` Hong Liu
2006-10-24 8:35 ` Johannes Berg
2006-10-24 8:38 ` Hong Liu
2006-10-24 9:10 ` Johannes Berg
2006-10-24 9:12 ` Johannes Berg
2006-10-25 8:28 ` Hong Liu
2006-10-25 8:50 ` Johannes Berg
2006-11-14 2:22 ` Hong Liu [this message]
2006-11-15 16:25 ` Johannes Berg
2006-11-16 9:52 ` Johannes Berg
2006-11-16 17:21 ` Jouni Malinen
2006-11-16 17:38 ` Johannes Berg
2006-11-16 17:40 ` Jouni Malinen
2006-11-16 17:49 ` Johannes Berg
2006-10-23 13:04 ` Stuffed Crust
2006-10-23 15:29 ` David Kimdon
2006-10-23 16:31 ` Jiri Benc
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1163470978.7789.31.camel@devlinux-hong \
--to=hong.liu@intel.com \
--cc=jbenc@suse.cz \
--cc=johannes@sipsolutions.net \
--cc=linville@tuxdriver.com \
--cc=mb@bu3sch.de \
--cc=netdev@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.