From: Jouni Malinen <j@w1.fi>
To: "John W. Linville" <linville@tuxdriver.com>,
Johannes Berg <johannes@sipsolutions.net>
Cc: linux-wireless@vger.kernel.org, Jouni Malinen <j@w1.fi>
Subject: [PATCHv2 06/16] mac80211: 802.11w - WEXT configuration for IGTK
Date: Thu, 08 Jan 2009 13:32:04 +0200 [thread overview]
Message-ID: <20090108113340.903414148@atheros.com> (raw)
In-Reply-To: 20090108113158.681894124@atheros.com
Added new SIOCSIWENCODEEXT algorithm for configuring BIP (AES-CMAC)
keys (IGTK).
Signed-off-by: Jouni Malinen <j@w1.fi>
---
include/linux/wireless.h | 1
net/mac80211/wext.c | 62 ++++++++++++++++++++++++++++++++++++-----------
2 files changed, 49 insertions(+), 14 deletions(-)
--- wireless-testing.orig/include/linux/wireless.h 2009-01-08 13:06:29.000000000 +0200
+++ wireless-testing/include/linux/wireless.h 2009-01-08 13:06:33.000000000 +0200
@@ -615,6 +615,7 @@
#define IW_ENCODE_ALG_TKIP 2
#define IW_ENCODE_ALG_CCMP 3
#define IW_ENCODE_ALG_PMK 4
+#define IW_ENCODE_ALG_AES_CMAC 5
/* struct iw_encode_ext ->ext_flags */
#define IW_ENCODE_EXT_TX_SEQ_VALID 0x00000001
#define IW_ENCODE_EXT_RX_SEQ_VALID 0x00000002
--- wireless-testing.orig/net/mac80211/wext.c 2009-01-08 13:06:29.000000000 +0200
+++ wireless-testing/net/mac80211/wext.c 2009-01-08 13:06:33.000000000 +0200
@@ -37,7 +37,14 @@ static int ieee80211_set_encryption(stru
struct ieee80211_key *key;
int err;
- if (idx < 0 || idx >= NUM_DEFAULT_KEYS) {
+ if (alg == ALG_AES_CMAC) {
+ if (idx < NUM_DEFAULT_KEYS ||
+ idx >= NUM_DEFAULT_KEYS + NUM_DEFAULT_MGMT_KEYS) {
+ printk(KERN_DEBUG "%s: set_encrypt - invalid idx=%d "
+ "(BIP)\n", sdata->dev->name, idx);
+ return -EINVAL;
+ }
+ } else if (idx < 0 || idx >= NUM_DEFAULT_KEYS) {
printk(KERN_DEBUG "%s: set_encrypt - invalid idx=%d\n",
sdata->dev->name, idx);
return -EINVAL;
@@ -103,6 +110,9 @@ static int ieee80211_set_encryption(stru
if (set_tx_key || (!sta && !sdata->default_key && key))
ieee80211_set_default_key(sdata, idx);
+ if (alg == ALG_AES_CMAC &&
+ (set_tx_key || (!sta && !sdata->default_mgmt_key && key)))
+ ieee80211_set_default_mgmt_key(sdata, idx);
}
out_unlock:
@@ -1043,6 +1053,9 @@ static int ieee80211_ioctl_siwencodeext(
case IW_ENCODE_ALG_CCMP:
alg = ALG_CCMP;
break;
+ case IW_ENCODE_ALG_AES_CMAC:
+ alg = ALG_AES_CMAC;
+ break;
default:
return -EOPNOTSUPP;
}
@@ -1051,20 +1064,41 @@ static int ieee80211_ioctl_siwencodeext(
remove = 1;
idx = erq->flags & IW_ENCODE_INDEX;
- if (idx < 1 || idx > 4) {
- idx = -1;
- if (!sdata->default_key)
- idx = 0;
- else for (i = 0; i < NUM_DEFAULT_KEYS; i++) {
- if (sdata->default_key == sdata->keys[i]) {
- idx = i;
- break;
+ if (alg == ALG_AES_CMAC) {
+ if (idx < NUM_DEFAULT_KEYS + 1 ||
+ idx > NUM_DEFAULT_KEYS + NUM_DEFAULT_MGMT_KEYS) {
+ idx = -1;
+ if (!sdata->default_mgmt_key)
+ idx = 0;
+ else for (i = NUM_DEFAULT_KEYS;
+ i < NUM_DEFAULT_KEYS + NUM_DEFAULT_MGMT_KEYS;
+ i++) {
+ if (sdata->default_mgmt_key == sdata->keys[i])
+ {
+ idx = i;
+ break;
+ }
}
- }
- if (idx < 0)
- return -EINVAL;
- } else
- idx--;
+ if (idx < 0)
+ return -EINVAL;
+ } else
+ idx--;
+ } else {
+ if (idx < 1 || idx > 4) {
+ idx = -1;
+ if (!sdata->default_key)
+ idx = 0;
+ else for (i = 0; i < NUM_DEFAULT_KEYS; i++) {
+ if (sdata->default_key == sdata->keys[i]) {
+ idx = i;
+ break;
+ }
+ }
+ if (idx < 0)
+ return -EINVAL;
+ } else
+ idx--;
+ }
return ieee80211_set_encryption(sdata, ext->addr.sa_data, idx, alg,
remove,
--
--
Jouni Malinen PGP id EFC895FA
next prev parent reply other threads:[~2009-01-08 11:33 UTC|newest]
Thread overview: 18+ messages / expand[flat|nested] mbox.gz Atom feed top
2009-01-08 11:31 [PATCHv2 00/16] mac80211: IEEE 802.11w (management frame protection) Jouni Malinen
2009-01-08 11:31 ` [PATCHv2 01/16] mac80211: 802.11w - STA flag for MFP Jouni Malinen
2009-01-08 11:32 ` [PATCHv2 02/16] mac80211: 802.11w - CCMP for management frames Jouni Malinen
2009-01-08 11:32 ` [PATCHv2 03/16] mac80211: 802.11w - Add BIP (AES-128-CMAC) Jouni Malinen
2009-01-08 11:32 ` [PATCHv2 04/16] mac80211: 802.11w - Use " Jouni Malinen
2009-01-08 11:32 ` [PATCHv2 05/16] mac80211: 802.11w - WEXT parameter for setting mgmt cipher Jouni Malinen
2009-01-08 11:32 ` Jouni Malinen [this message]
2009-01-08 11:32 ` [PATCHv2 07/16] mac80211: 802.11w - Configuration of MFP disabled/optional/required Jouni Malinen
2009-01-08 11:32 ` [PATCHv2 08/16] mac80211: 802.11w - SA Query processing Jouni Malinen
2009-01-08 11:32 ` [PATCHv2 09/16] mac80211: 802.11w - Do not force Action frames to disable encryption Jouni Malinen
2009-01-08 11:32 ` [PATCHv2 10/16] mac80211: 802.11w - Drop unprotected robust management frames if MFP is used Jouni Malinen
2009-01-08 11:32 ` [PATCHv2 11/16] mac80211: 802.11w - Implement Association Comeback processing Jouni Malinen
2009-01-08 11:32 ` [PATCHv2 12/16] mac80211: 802.11w - Optional software CCMP for management frames Jouni Malinen
2009-01-08 11:32 ` [PATCHv2 13/16] mac80211: 802.11w - Add driver capability flag for MFP Jouni Malinen
2009-01-08 11:32 ` [PATCHv2 14/16] ath9k: Fix set_key error codes Jouni Malinen
2009-01-08 11:32 ` [PATCHv2 15/16] ath9k: Setup MFP options for CCMP Jouni Malinen
2009-01-08 11:32 ` [PATCHv2 16/16] mac80211_hwsim: Report driver as MFP capable Jouni Malinen
2009-01-08 12:07 ` [PATCHv2 00/16] mac80211: IEEE 802.11w (management frame protection) Johannes Berg
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20090108113340.903414148@atheros.com \
--to=j@w1.fi \
--cc=johannes@sipsolutions.net \
--cc=linux-wireless@vger.kernel.org \
--cc=linville@tuxdriver.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).