mac80211: Update BIP to support Beacon frames

When BIP is used to protect Beacon frames, the Timestamp field is masked
to zero. Otherwise, the BIP processing is identical to the way it was
already used with group-addressed Robust Management frames.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
Link: https://lore.kernel.org/r/20200222132548.20835-4-jouni@codeaurora.org
Signed-off-by: Johannes Berg <johannes.berg@intel.com>

diff --git a/net/mac80211/aes_cmac.c b/net/mac80211/aes_cmac.c
index 57748cab0e2886bcd4560d59a21584889484f557..b31f1021ad9c47c70d3db43086d6a394b29a7ac5 100644 (file)
--- a/net/mac80211/aes_cmac.c
+++ b/net/mac80211/aes_cmac.c
@@ -26,12 +26,20 @@ void ieee80211_aes_cmac(struct crypto_shash *tfm, const u8 *aad,
 {
        SHASH_DESC_ON_STACK(desc, tfm);
        u8 out[AES_BLOCK_SIZE];
+       const __le16 *fc;
 
        desc->tfm = tfm;
 
        crypto_shash_init(desc);
        crypto_shash_update(desc, aad, AAD_LEN);
-       crypto_shash_update(desc, data, data_len - CMAC_TLEN);
+       fc = (const __le16 *)aad;
+       if (ieee80211_is_beacon(*fc)) {
+               /* mask Timestamp field to zero */
+               crypto_shash_update(desc, zero, 8);
+               crypto_shash_update(desc, data + 8, data_len - 8 - CMAC_TLEN);
+       } else {
+               crypto_shash_update(desc, data, data_len - CMAC_TLEN);
+       }
        crypto_shash_finup(desc, zero, CMAC_TLEN, out);
 
        memcpy(mic, out, CMAC_TLEN);
@@ -41,12 +49,21 @@ void ieee80211_aes_cmac_256(struct crypto_shash *tfm, const u8 *aad,
                            const u8 *data, size_t data_len, u8 *mic)
 {
        SHASH_DESC_ON_STACK(desc, tfm);
+       const __le16 *fc;
 
        desc->tfm = tfm;
 
        crypto_shash_init(desc);
        crypto_shash_update(desc, aad, AAD_LEN);
-       crypto_shash_update(desc, data, data_len - CMAC_TLEN_256);
+       fc = (const __le16 *)aad;
+       if (ieee80211_is_beacon(*fc)) {
+               /* mask Timestamp field to zero */
+               crypto_shash_update(desc, zero, 8);
+               crypto_shash_update(desc, data + 8,
+                                   data_len - 8 - CMAC_TLEN_256);
+       } else {
+               crypto_shash_update(desc, data, data_len - CMAC_TLEN_256);
+       }
        crypto_shash_finup(desc, zero, CMAC_TLEN_256, mic);
 }
 

diff --git a/net/mac80211/aes_gmac.c b/net/mac80211/aes_gmac.c
index 363ad1c1dc0cfeeeb254e7d38fff689a12252a40..16ba09cb5defbc8eaf725c57e61753ac7b7d37a3 100644 (file)
--- a/net/mac80211/aes_gmac.c
+++ b/net/mac80211/aes_gmac.c
@@ -17,10 +17,11 @@
 int ieee80211_aes_gmac(struct crypto_aead *tfm, const u8 *aad, u8 *nonce,
                       const u8 *data, size_t data_len, u8 *mic)
 {
-       struct scatterlist sg[4];
+       struct scatterlist sg[5];
        u8 *zero, *__aad, iv[AES_BLOCK_SIZE];
        struct aead_request *aead_req;
        int reqsize = sizeof(*aead_req) + crypto_aead_reqsize(tfm);
+       const __le16 *fc;
 
        if (data_len < GMAC_MIC_LEN)
                return -EINVAL;
@@ -33,11 +34,22 @@ int ieee80211_aes_gmac(struct crypto_aead *tfm, const u8 *aad, u8 *nonce,
        __aad = zero + GMAC_MIC_LEN;
        memcpy(__aad, aad, GMAC_AAD_LEN);
 
-       sg_init_table(sg, 4);
-       sg_set_buf(&sg[0], __aad, GMAC_AAD_LEN);
-       sg_set_buf(&sg[1], data, data_len - GMAC_MIC_LEN);
-       sg_set_buf(&sg[2], zero, GMAC_MIC_LEN);
-       sg_set_buf(&sg[3], mic, GMAC_MIC_LEN);
+       fc = (const __le16 *)aad;
+       if (ieee80211_is_beacon(*fc)) {
+               /* mask Timestamp field to zero */
+               sg_init_table(sg, 5);
+               sg_set_buf(&sg[0], __aad, GMAC_AAD_LEN);
+               sg_set_buf(&sg[1], zero, 8);
+               sg_set_buf(&sg[2], data + 8, data_len - 8 - GMAC_MIC_LEN);
+               sg_set_buf(&sg[3], zero, GMAC_MIC_LEN);
+               sg_set_buf(&sg[4], mic, GMAC_MIC_LEN);
+       } else {
+               sg_init_table(sg, 4);
+               sg_set_buf(&sg[0], __aad, GMAC_AAD_LEN);
+               sg_set_buf(&sg[1], data, data_len - GMAC_MIC_LEN);
+               sg_set_buf(&sg[2], zero, GMAC_MIC_LEN);
+               sg_set_buf(&sg[3], mic, GMAC_MIC_LEN);
+       }
 
        memcpy(iv, nonce, GMAC_NONCE_LEN);
        memset(iv + GMAC_NONCE_LEN, 0, sizeof(iv) - GMAC_NONCE_LEN);