diff --git a/sys/net80211/ieee80211_crypto.h b/sys/net80211/ieee80211_crypto.h index ffb85254103..2d09c1b8a20 100644 --- a/sys/net80211/ieee80211_crypto.h +++ b/sys/net80211/ieee80211_crypto.h @@ -161,8 +161,8 @@ struct ieee80211_cipher { int (*ic_encap)(struct ieee80211_key *, struct mbuf *, u_int8_t keyid); int (*ic_decap)(struct ieee80211_key *, struct mbuf *); - int (*ic_enmic)(struct ieee80211_key *, struct mbuf *); - int (*ic_demic)(struct ieee80211_key *, struct mbuf *); + int (*ic_enmic)(struct ieee80211_key *, struct mbuf *, int); + int (*ic_demic)(struct ieee80211_key *, struct mbuf *, int); }; extern const struct ieee80211_cipher ieee80211_cipher_none; @@ -180,10 +180,10 @@ struct ieee80211_key *ieee80211_crypto_decap(struct ieee80211com *, */ static __inline int ieee80211_crypto_demic(struct ieee80211com *ic, struct ieee80211_key *k, - struct mbuf *m) + struct mbuf *m, int force) { const struct ieee80211_cipher *cip = k->wk_cipher; - return (cip->ic_miclen > 0 ? cip->ic_demic(k, m) : 1); + return (cip->ic_miclen > 0 ? cip->ic_demic(k, m, force) : 1); } /* @@ -191,10 +191,10 @@ ieee80211_crypto_demic(struct ieee80211com *ic, struct ieee80211_key *k, */ static __inline int ieee80211_crypto_enmic(struct ieee80211com *ic, - struct ieee80211_key *k, struct mbuf *m) + struct ieee80211_key *k, struct mbuf *m, int force) { const struct ieee80211_cipher *cip = k->wk_cipher; - return (cip->ic_miclen > 0 ? cip->ic_enmic(k, m) : 1); + return (cip->ic_miclen > 0 ? cip->ic_enmic(k, m, force) : 1); } /* diff --git a/sys/net80211/ieee80211_crypto_ccmp.c b/sys/net80211/ieee80211_crypto_ccmp.c index ad7bc9e7e2b..7f95966bf60 100644 --- a/sys/net80211/ieee80211_crypto_ccmp.c +++ b/sys/net80211/ieee80211_crypto_ccmp.c @@ -68,8 +68,8 @@ static void ccmp_detach(struct ieee80211_key *); static int ccmp_setkey(struct ieee80211_key *); static int ccmp_encap(struct ieee80211_key *k, struct mbuf *, u_int8_t keyid); static int ccmp_decap(struct ieee80211_key *, struct mbuf *); -static int ccmp_enmic(struct ieee80211_key *, struct mbuf *); -static int ccmp_demic(struct ieee80211_key *, struct mbuf *); +static int ccmp_enmic(struct ieee80211_key *, struct mbuf *, int); +static int ccmp_demic(struct ieee80211_key *, struct mbuf *, int); static const struct ieee80211_cipher ccmp = { .ic_name = "AES-CCM", @@ -177,7 +177,7 @@ ccmp_encap(struct ieee80211_key *k, struct mbuf *m, u_int8_t keyid) * Add MIC to the frame as needed. */ static int -ccmp_enmic(struct ieee80211_key *k, struct mbuf *m) +ccmp_enmic(struct ieee80211_key *k, struct mbuf *m, int force) { return 1; @@ -262,7 +262,7 @@ ccmp_decap(struct ieee80211_key *k, struct mbuf *m) * Verify and strip MIC from the frame. */ static int -ccmp_demic(struct ieee80211_key *k, struct mbuf *m) +ccmp_demic(struct ieee80211_key *k, struct mbuf *m, int force) { return 1; } diff --git a/sys/net80211/ieee80211_crypto_none.c b/sys/net80211/ieee80211_crypto_none.c index 24cd21d0c5a..c8ce7242a78 100644 --- a/sys/net80211/ieee80211_crypto_none.c +++ b/sys/net80211/ieee80211_crypto_none.c @@ -53,8 +53,8 @@ static void none_detach(struct ieee80211_key *); static int none_setkey(struct ieee80211_key *); static int none_encap(struct ieee80211_key *, struct mbuf *, u_int8_t); static int none_decap(struct ieee80211_key *, struct mbuf *); -static int none_enmic(struct ieee80211_key *, struct mbuf *); -static int none_demic(struct ieee80211_key *, struct mbuf *); +static int none_enmic(struct ieee80211_key *, struct mbuf *, int); +static int none_demic(struct ieee80211_key *, struct mbuf *, int); const struct ieee80211_cipher ieee80211_cipher_none = { .ic_name = "NONE", @@ -131,7 +131,7 @@ none_decap(struct ieee80211_key *k, struct mbuf *m) } static int -none_enmic(struct ieee80211_key *k, struct mbuf *m) +none_enmic(struct ieee80211_key *k, struct mbuf *m, int force) { struct ieee80211com *ic = k->wk_private; @@ -140,7 +140,7 @@ none_enmic(struct ieee80211_key *k, struct mbuf *m) } static int -none_demic(struct ieee80211_key *k, struct mbuf *m) +none_demic(struct ieee80211_key *k, struct mbuf *m, int force) { struct ieee80211com *ic = k->wk_private; diff --git a/sys/net80211/ieee80211_crypto_tkip.c b/sys/net80211/ieee80211_crypto_tkip.c index 303d88c496f..ebafda8074a 100644 --- a/sys/net80211/ieee80211_crypto_tkip.c +++ b/sys/net80211/ieee80211_crypto_tkip.c @@ -59,9 +59,9 @@ static void *tkip_attach(struct ieee80211com *, struct ieee80211_key *); static void tkip_detach(struct ieee80211_key *); static int tkip_setkey(struct ieee80211_key *); static int tkip_encap(struct ieee80211_key *, struct mbuf *m, u_int8_t keyid); -static int tkip_enmic(struct ieee80211_key *, struct mbuf *); +static int tkip_enmic(struct ieee80211_key *, struct mbuf *, int); static int tkip_decap(struct ieee80211_key *, struct mbuf *); -static int tkip_demic(struct ieee80211_key *, struct mbuf *); +static int tkip_demic(struct ieee80211_key *, struct mbuf *, int); static const struct ieee80211_cipher tkip = { .ic_name = "TKIP", @@ -209,11 +209,11 @@ tkip_encap(struct ieee80211_key *k, struct mbuf *m, u_int8_t keyid) * Add MIC to the frame as needed. */ static int -tkip_enmic(struct ieee80211_key *k, struct mbuf *m) +tkip_enmic(struct ieee80211_key *k, struct mbuf *m, int force) { struct tkip_ctx *ctx = k->wk_private; - if (k->wk_flags & IEEE80211_KEY_SWMIC) { + if (force || (k->wk_flags & IEEE80211_KEY_SWMIC)) { struct ieee80211_frame *wh = mtod(m, struct ieee80211_frame *); struct ieee80211com *ic = ctx->tc_ic; int hdrlen; @@ -321,11 +321,11 @@ tkip_decap(struct ieee80211_key *k, struct mbuf *m) * Verify and strip MIC from the frame. */ static int -tkip_demic(struct ieee80211_key *k, struct mbuf *m) +tkip_demic(struct ieee80211_key *k, struct mbuf *m, int force) { struct tkip_ctx *ctx = k->wk_private; - if (k->wk_flags & IEEE80211_KEY_SWMIC) { + if (force || (k->wk_flags & IEEE80211_KEY_SWMIC)) { struct ieee80211_frame *wh = mtod(m, struct ieee80211_frame *); int hdrlen = ieee80211_hdrsize(wh); u8 mic[IEEE80211_WEP_MICLEN]; diff --git a/sys/net80211/ieee80211_crypto_wep.c b/sys/net80211/ieee80211_crypto_wep.c index d532a2e4d9d..f392886996f 100644 --- a/sys/net80211/ieee80211_crypto_wep.c +++ b/sys/net80211/ieee80211_crypto_wep.c @@ -56,8 +56,8 @@ static void wep_detach(struct ieee80211_key *); static int wep_setkey(struct ieee80211_key *); static int wep_encap(struct ieee80211_key *, struct mbuf *, u_int8_t keyid); static int wep_decap(struct ieee80211_key *, struct mbuf *); -static int wep_enmic(struct ieee80211_key *, struct mbuf *); -static int wep_demic(struct ieee80211_key *, struct mbuf *); +static int wep_enmic(struct ieee80211_key *, struct mbuf *, int); +static int wep_demic(struct ieee80211_key *, struct mbuf *, int); static const struct ieee80211_cipher wep = { .ic_name = "WEP", @@ -193,7 +193,7 @@ wep_encap(struct ieee80211_key *k, struct mbuf *m, u_int8_t keyid) * Add MIC to the frame as needed. */ static int -wep_enmic(struct ieee80211_key *k, struct mbuf *m) +wep_enmic(struct ieee80211_key *k, struct mbuf *m, int force) { return 1; @@ -242,7 +242,7 @@ wep_decap(struct ieee80211_key *k, struct mbuf *m) * Verify and strip MIC from the frame. */ static int -wep_demic(struct ieee80211_key *k, struct mbuf *skb) +wep_demic(struct ieee80211_key *k, struct mbuf *skb, int force) { return 1; } diff --git a/sys/net80211/ieee80211_input.c b/sys/net80211/ieee80211_input.c index 50a44d79a56..e1aaa4b03ed 100644 --- a/sys/net80211/ieee80211_input.c +++ b/sys/net80211/ieee80211_input.c @@ -429,7 +429,7 @@ ieee80211_input(struct ieee80211com *ic, struct mbuf *m, /* * Next strip any MSDU crypto bits. */ - if (key != NULL && !ieee80211_crypto_demic(ic, key, m)) { + if (key != NULL && !ieee80211_crypto_demic(ic, key, m, 0)) { IEEE80211_DISCARD_MAC(ic, IEEE80211_MSG_INPUT, ni->ni_macaddr, "data", "%s", "demic error"); IEEE80211_NODE_STAT(ni, rx_demicfail); diff --git a/sys/net80211/ieee80211_output.c b/sys/net80211/ieee80211_output.c index 919b413b8ff..3f7bfeb6c10 100644 --- a/sys/net80211/ieee80211_output.c +++ b/sys/net80211/ieee80211_output.c @@ -567,7 +567,7 @@ ieee80211_encap(struct ieee80211com *ic, struct mbuf *m, !KEY_UNDEFINED(*key) : !KEY_UNDEFINED(ni->ni_ucastkey)))) { wh->i_fc[1] |= IEEE80211_FC1_WEP; /* XXX do fragmentation */ - if (!ieee80211_crypto_enmic(ic, key, m)) { + if (!ieee80211_crypto_enmic(ic, key, m, 0)) { IEEE80211_DPRINTF(ic, IEEE80211_MSG_OUTPUT, "[%s] enmic failed, discard frame\n", ether_sprintf(eh.ether_dhost));