aboutsummaryrefslogtreecommitdiff
path: root/sys/net80211/ieee80211_crypto_ccmp.c
diff options
context:
space:
mode:
Diffstat (limited to 'sys/net80211/ieee80211_crypto_ccmp.c')
-rw-r--r--sys/net80211/ieee80211_crypto_ccmp.c40
1 files changed, 36 insertions, 4 deletions
diff --git a/sys/net80211/ieee80211_crypto_ccmp.c b/sys/net80211/ieee80211_crypto_ccmp.c
index 9fdd5e08ee90..90e1c0733d09 100644
--- a/sys/net80211/ieee80211_crypto_ccmp.c
+++ b/sys/net80211/ieee80211_crypto_ccmp.c
@@ -162,12 +162,27 @@ ccmp_setiv(struct ieee80211_key *k, uint8_t *ivp)
static int
ccmp_encap(struct ieee80211_key *k, struct mbuf *m)
{
+ const struct ieee80211_frame *wh;
struct ccmp_ctx *ctx = k->wk_private;
struct ieee80211com *ic = ctx->cc_ic;
uint8_t *ivp;
int hdrlen;
+ int is_mgmt;
hdrlen = ieee80211_hdrspace(ic, mtod(m, void *));
+ wh = mtod(m, const struct ieee80211_frame *);
+ is_mgmt = IEEE80211_IS_MGMT(wh);
+
+ /*
+ * Check to see if we need to insert IV/MIC.
+ *
+ * Some offload devices don't require the IV to be inserted
+ * as part of the hardware encryption.
+ */
+ if (is_mgmt && (k->wk_flags & IEEE80211_KEY_NOIVMGT))
+ return 1;
+ if ((! is_mgmt) && (k->wk_flags & IEEE80211_KEY_NOIV))
+ return 1;
/*
* Copy down 802.11 header and add the IV, KeyID, and ExtIV.
@@ -217,12 +232,18 @@ READ_6(uint8_t b0, uint8_t b1, uint8_t b2, uint8_t b3, uint8_t b4, uint8_t b5)
static int
ccmp_decap(struct ieee80211_key *k, struct mbuf *m, int hdrlen)
{
+ const struct ieee80211_rx_stats *rxs;
struct ccmp_ctx *ctx = k->wk_private;
struct ieee80211vap *vap = ctx->cc_vap;
struct ieee80211_frame *wh;
uint8_t *ivp, tid;
uint64_t pn;
+ rxs = ieee80211_get_rx_params_ptr(m);
+
+ if ((rxs != NULL) & (rxs->c_pktflags & IEEE80211_RX_F_IV_STRIP))
+ goto finish;
+
/*
* Header should have extended IV and sequence number;
* verify the former and validate the latter.
@@ -261,17 +282,28 @@ ccmp_decap(struct ieee80211_key *k, struct mbuf *m, int hdrlen)
!ccmp_decrypt(k, pn, m, hdrlen))
return 0;
+finish:
/*
* Copy up 802.11 header and strip crypto bits.
*/
- ovbcopy(mtod(m, void *), mtod(m, uint8_t *) + ccmp.ic_header, hdrlen);
- m_adj(m, ccmp.ic_header);
- m_adj(m, -ccmp.ic_trailer);
+ if (! ((rxs != NULL) & (rxs->c_pktflags & IEEE80211_RX_F_IV_STRIP))) {
+ ovbcopy(mtod(m, void *), mtod(m, uint8_t *) + ccmp.ic_header,
+ hdrlen);
+ m_adj(m, ccmp.ic_header);
+ }
+
+ /*
+ * XXX TODO: see if MMIC_STRIP also covers CCMP MIC trailer.
+ */
+ if (! ((rxs != NULL) & (rxs->c_pktflags & IEEE80211_RX_F_MMIC_STRIP)))
+ m_adj(m, -ccmp.ic_trailer);
/*
* Ok to update rsc now.
*/
- k->wk_keyrsc[tid] = pn;
+ if (! ((rxs != NULL) & (rxs->c_pktflags & IEEE80211_RX_F_IV_STRIP))) {
+ k->wk_keyrsc[tid] = pn;
+ }
return 1;
}
generated by cgit v1.2.3 (git 2.25.1) at 2025-02-26 12:37:56 +0000