linux-toradex.git/net/mac80211/tkip.h, branch v4.10 Linux kernel for Apalis and Colibri modules mac80211: move TKIP TX IVs to public part of key struct 2016-02-24T08:04:38+00:00 Eliad Peller eliad@wizery.com 2016-02-14T11:56:35+00:00 f8079d43cf0f1f0171606e75fcef6fe17bb183f2 Some drivers/devices might want to set the IVs by themselves (and still let mac80211 generate MMIC). Specifically, this is needed when the device does offloading at certain times, and the driver has to make sure that the IVs of new tx frames (from the host) are synchronized with IVs that were potentially used during the offloading. Similarly to CCMP, move the TX IVs of TKIP keys to the public part of the key struct, and export a function to add the IV right into the crypto header. The public tx_pn field is defined as atomic64, so define TKIP_PN_TO_IV16/32 helper macros to convert it to iv16/32 when needed. Since the iv32 used for the p1k cache is taken directly from the frame, we can safely remove iv16/32 from being protected by tkip.txlock. Signed-off-by: Eliad Peller <eliadx.peller@intel.com> Signed-off-by: Emmanuel Grumbach <emmanuel.grumbach@intel.com> Signed-off-by: Johannes Berg <johannes.berg@intel.com> 
Some drivers/devices might want to set the IVs by
themselves (and still let mac80211 generate MMIC).

Specifically, this is needed when the device does
offloading at certain times, and the driver has
to make sure that the IVs of new tx frames (from
the host) are synchronized with IVs that were
potentially used during the offloading.

Similarly to CCMP, move the TX IVs of TKIP keys to the
public part of the key struct, and export a function
to add the IV right into the crypto header.

The public tx_pn field is defined as atomic64, so define
TKIP_PN_TO_IV16/32 helper macros to convert it to iv16/32
when needed.

Since the iv32 used for the p1k cache is taken
directly from the frame, we can safely remove
iv16/32 from being protected by tkip.txlock.

Signed-off-by: Eliad Peller <eliadx.peller@intel.com>
Signed-off-by: Emmanuel Grumbach <emmanuel.grumbach@intel.com>
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
mac80211: fix TKIP races, make API easier to use 2011-07-08T15:11:19+00:00 Johannes Berg johannes.berg@intel.com 2011-07-07T20:28:01+00:00 523b02ea23b175dd3e46e3daf1bc9354376640a3 Our current TKIP code races against itself on TX since we can process multiple packets at the same time on different ACs, but they all share the TX context for TKIP. This can lead to bad IVs etc. Also, the crypto offload helper code just obtains the P1K/P2K from the cache, and can update it as well, but there's no guarantee that packets are really processed in order. To fix these issues, first introduce a spinlock that will protect the IV16/IV32 values in the TX context. This first step makes sure that we don't assign the same IV multiple times or get confused in other ways. Secondly, change the way the P1K cache works. I add a field "p1k_iv32" that stores the value of the IV32 when the P1K was last recomputed, and if different from the last time, then a new P1K is recomputed. This can cause the P1K computation to flip back and forth if packets are processed out of order. All this also happens under the new spinlock. Finally, because there are argument differences, split up the ieee80211_get_tkip_key() API into ieee80211_get_tkip_p1k() and ieee80211_get_tkip_p2k() and give them the correct arguments. Signed-off-by: Johannes Berg <johannes.berg@intel.com> Signed-off-by: John W. Linville <linville@tuxdriver.com> 
Our current TKIP code races against itself on TX
since we can process multiple packets at the same
time on different ACs, but they all share the TX
context for TKIP. This can lead to bad IVs etc.

Also, the crypto offload helper code just obtains
the P1K/P2K from the cache, and can update it as
well, but there's no guarantee that packets are
really processed in order.

To fix these issues, first introduce a spinlock
that will protect the IV16/IV32 values in the TX
context. This first step makes sure that we don't
assign the same IV multiple times or get confused
in other ways.

Secondly, change the way the P1K cache works. I
add a field "p1k_iv32" that stores the value of
the IV32 when the P1K was last recomputed, and
if different from the last time, then a new P1K
is recomputed. This can cause the P1K computation
to flip back and forth if packets are processed
out of order. All this also happens under the new
spinlock.

Finally, because there are argument differences,
split up the ieee80211_get_tkip_key() API into
ieee80211_get_tkip_p1k() and ieee80211_get_tkip_p2k()
and give them the correct arguments.

Signed-off-by: Johannes Berg <johannes.berg@intel.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
mac80211: remove the dependency on crypto_blkcipher 2011-04-04T20:20:00+00:00 Felix Fietkau nbd@openwrt.org 2011-03-25T20:39:19+00:00 5f9f1812b68a2979bc97399cd4954f1c191986af The only thing that using crypto_blkcipher with ecb does over just using arc4 directly is wrapping the encrypt/decrypt function into a for loop, looping over each individual character. To be able to do this, it pulls in around 40 kb worth of unnecessary kernel modules (at least on a MIPS embedded device). Using arc4 directly not only eliminates those dependencies, it also makes the code smaller. Signed-off-by: Felix Fietkau <nbd@openwrt.org> Signed-off-by: John W. Linville <linville@tuxdriver.com> 
The only thing that using crypto_blkcipher with ecb does over just using
arc4 directly is wrapping the encrypt/decrypt function into a for loop,
looping over each individual character.
To be able to do this, it pulls in around 40 kb worth of unnecessary
kernel modules (at least on a MIPS embedded device).
Using arc4 directly not only eliminates those dependencies, it also makes
the code smaller.

Signed-off-by: Felix Fietkau <nbd@openwrt.org>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
mac80211: remove wep dependency 2010-07-08T20:35:50+00:00 John W. Linville linville@tuxdriver.com 2010-07-07T19:07:49+00:00 3473187d2459a078e00e5fac8aafc30af69c57fa The current mac80211 code assumes that WEP is always available. If WEP fails to initialize, ieee80211_register_hw will always fail. In some cases (e.g. FIPS certification), the cryptography used by WEP is unavailable. However, in such cases there is no good reason why CCMP encryption (or even no link level encryption) cannot be used. So, this patch removes mac80211's assumption that WEP (and TKIP) will always be available for use. Signed-off-by: John W. Linville <linville@tuxdriver.com> 
The current mac80211 code assumes that WEP is always available.  If WEP
fails to initialize, ieee80211_register_hw will always fail.

In some cases (e.g. FIPS certification), the cryptography used by WEP is
unavailable.  However, in such cases there is no good reason why CCMP
encryption (or even no link level encryption) cannot be used.  So, this
patch removes mac80211's assumption that WEP (and TKIP) will always be
available for use.

Signed-off-by: John W. Linville <linville@tuxdriver.com>
mac80211: tkip.c consolidate tkip IV writing in helper 2008-06-14T16:18:13+00:00 Harvey Harrison harvey.harrison@gmail.com 2008-06-11T21:22:00+00:00 c801242c38de247d82f12f6bf28bd19a280a12ae Signed-off-by: Harvey Harrison <harvey.harrison@gmail.com> Signed-off-by: John W. Linville <linville@tuxdriver.com> 
Signed-off-by: Harvey Harrison <harvey.harrison@gmail.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
mac80211: add const, remove unused function, make one function static 2008-05-22T01:47:48+00:00 Harvey Harrison harvey.harrison@gmail.com 2008-05-14T23:26:18+00:00 a7b6f0c5558ad03281b8064d6a4ab2e124dea991 Signed-off-by: Harvey Harrison <harvey.harrison@gmail.com> Cc: "John W. Linville" <linville@tuxdriver.com> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: John W. Linville <linville@tuxdriver.com> 
Signed-off-by: Harvey Harrison <harvey.harrison@gmail.com>
Cc: "John W. Linville" <linville@tuxdriver.com>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
mac80211: a few code cleanups 2008-05-07T19:02:11+00:00 Johannes Berg johannes@sipsolutions.net 2008-04-17T17:21:22+00:00 988c0f723d0b1abb399e6e71d8bf3f8bf1949a70 This has some code cleanups (some inspired by checkpatch), I got bored at probably a third of the output though so if somebody else wants to... Signed-off-by: Johannes Berg <johannes@sipsolutions.net Signed-off-by: John W. Linville <linville@tuxdriver.com> 
This has some code cleanups (some inspired by checkpatch), I got
bored at probably a third of the output though so if somebody
else wants to...

Signed-off-by: Johannes Berg <johannes@sipsolutions.net
Signed-off-by: John W. Linville <linville@tuxdriver.com>
mac80211: rename files 2008-04-08T20:44:45+00:00 Johannes Berg johannes@sipsolutions.net 2008-04-08T19:14:40+00:00 2c8dccc77420fb7433da5674818959d3499d35be This patch renames all mac80211 files (except ieee80211_i.h) to get rid of the useless ieee80211_ prefix. Signed-off-by: Johannes Berg <johannes@sipsolutions.net> Signed-off-by: John W. Linville <linville@tuxdriver.com> 
This patch renames all mac80211 files (except ieee80211_i.h) to get rid
of the useless ieee80211_ prefix.

Signed-off-by: Johannes Berg <johannes@sipsolutions.net>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
mac80211: allows driver to request a Phase 1 RX key 2008-03-25T20:41:53+00:00 Emmanuel Grumbach emmanuel.grumbach@intel.com 2008-03-20T13:06:42+00:00 9ae4fda332df616ef47d5bb710c39681641d4303 This patch makes mac80211 able to send a phase1 key for TKIP decryption. This is needed for drivers that don't do the rekeying by themselves (i.e. iwlwifi). Upon IV16 wrap around, the packet is decrypted in SW, if decryption is ok, mac80211 calls to update_tkip_key with a new phase 1 RX key. Signed-off-by: Emmanuel Grumbach <emmanuel.grumbach@intel.com> Signed-off-by: Tomas Winkler <tomas.winkler@intel.com> Signed-off-by: John W. Linville <linville@tuxdriver.com> 
This patch makes mac80211 able to send a phase1 key for TKIP
decryption.
This is needed for drivers that don't do the rekeying by themselves
(i.e. iwlwifi). Upon IV16 wrap around, the packet is decrypted in SW,
if decryption is ok, mac80211 calls to update_tkip_key  with a new
phase 1 RX key.

Signed-off-by: Emmanuel Grumbach <emmanuel.grumbach@intel.com>
Signed-off-by: Tomas Winkler <tomas.winkler@intel.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
[PATCH] mac80211: fix TKIP IV update 2007-10-10T23:53:16+00:00 Johannes Berg johannes@sipsolutions.net 2007-09-26T13:19:45+00:00 50741ae05a4742cae99361f57d84b5f8d33822a4 The TKIP IV should be updated only after MMIC verification, this patch changes it to be at that spot. Signed-off-by: Johannes Berg <johannes@sipsolutions.net> Signed-off-by: John W. Linville <linville@tuxdriver.com> 
The TKIP IV should be updated only after MMIC verification,
this patch changes it to be at that spot.

Signed-off-by: Johannes Berg <johannes@sipsolutions.net>
Signed-off-by: John W. Linville <linville@tuxdriver.com>