27 void mac802154_llsec_init(struct mac802154_llsec *sec)
29 	memset(sec, 0, sizeof(*sec));
31 	memset(&sec->params.default_key_source, 0xFF, IEEE802154_ADDR_LEN);
33 	INIT_LIST_HEAD(&sec->table.security_levels);
34 	INIT_LIST_HEAD(&sec->table.devices);
35 	INIT_LIST_HEAD(&sec->table.keys);
36 	hash_init(sec->devices_short);
37 	hash_init(sec->devices_hw);
38 	rwlock_init(&sec->lock);
41 void mac802154_llsec_destroy(struct mac802154_llsec *sec)
47 	list_for_each_entry_safe(sl, sn, &sec->table.security_levels, list) {
55 	list_for_each_entry_safe(dev, dn, &sec->table.devices, list) {
63 	list_for_each_entry_safe(key, kn, &sec->table.keys, list) {
73 int mac802154_llsec_get_params(struct mac802154_llsec *sec,
76 	read_lock_bh(&sec->lock);
77 	*params = sec->params;
78 	read_unlock_bh(&sec->lock);
83 int mac802154_llsec_set_params(struct mac802154_llsec *sec,
87 	write_lock_bh(&sec->lock);
90 		sec->params.enabled = params->enabled;
92 		sec->params.frame_counter = params->frame_counter;
94 		sec->params.out_level = params->out_level;
96 		sec->params.out_key = params->out_key;
98 		sec->params.default_key_source = params->default_key_source;
100 		sec->params.pan_id = params->pan_id;
102 		sec->params.hwaddr = params->hwaddr;
104 		sec->params.coord_hwaddr = params->coord_hwaddr;
106 		sec->params.coord_shortaddr = params->coord_shortaddr;
108 	write_unlock_bh(&sec->lock);
212 int mac802154_llsec_key_add(struct mac802154_llsec *sec,
223 	list_for_each_entry(pos, &sec->table.keys, list) {
259 	list_add_rcu(&new->list, &sec->table.keys);
280 int mac802154_llsec_key_del(struct mac802154_llsec *sec,
285 	list_for_each_entry(pos, &sec->table.keys, list) {
313 llsec_dev_find_short(struct mac802154_llsec *sec, __le16 short_addr,
319 	hash_for_each_possible_rcu(sec->devices_short, dev, bucket_s, key) {
329 llsec_dev_find_long(struct mac802154_llsec *sec, __le64 hwaddr)
334 	hash_for_each_possible_rcu(sec->devices_hw, dev, bucket_hw, key) {
358 int mac802154_llsec_dev_add(struct mac802154_llsec *sec,
368 	     llsec_dev_find_short(sec, dev->short_addr, dev->pan_id)) ||
369 	     llsec_dev_find_long(sec, dev->hwaddr))
381 		hash_add_rcu(sec->devices_short, &entry->bucket_s, skey);
385 	hash_add_rcu(sec->devices_hw, &entry->bucket_hw, hwkey);
386 	list_add_tail_rcu(&entry->dev.list, &sec->table.devices);
396 int mac802154_llsec_dev_del(struct mac802154_llsec *sec, __le64 device_addr)
400 	pos = llsec_dev_find_long(sec, device_addr);
429 int mac802154_llsec_devkey_add(struct mac802154_llsec *sec,
436 	dev = llsec_dev_find_long(sec, dev_addr);
453 int mac802154_llsec_devkey_del(struct mac802154_llsec *sec,
460 	dev = llsec_dev_find_long(sec, dev_addr);
475 llsec_find_seclevel(const struct mac802154_llsec *sec,
480 	list_for_each_entry(pos, &sec->table.security_levels, list) {
495 int mac802154_llsec_seclevel_add(struct mac802154_llsec *sec,
500 	if (llsec_find_seclevel(sec, sl))
509 	list_add_tail_rcu(&entry->level.list, &sec->table.security_levels);
514 int mac802154_llsec_seclevel_del(struct mac802154_llsec *sec,
519 	pos = llsec_find_seclevel(sec, sl);
529 static int llsec_recover_addr(struct mac802154_llsec *sec,
532 	__le16 caddr = sec->params.coord_shortaddr;
534 	addr->pan_id = sec->params.pan_id;
539 		addr->extended_addr = sec->params.coord_hwaddr;
542 		addr->short_addr = sec->params.coord_shortaddr;
550 llsec_lookup_key(struct mac802154_llsec *sec,
556 	u8 key_id_mode = hdr->sec.key_id_mode;
563 			devaddr.extended_addr = sec->params.coord_hwaddr;
565 		} else if (llsec_recover_addr(sec, &devaddr) < 0) {
570 	list_for_each_entry_rcu(key_entry, &sec->table.keys, list) {
583 			if (id->id != hdr->sec.key_id)
588 			     id->short_source == hdr->sec.short_src) ||
590 			     id->extended_source == hdr->sec.extended_src))
605 			const struct ieee802154_sechdr *sec)
608 	__be32 frame_counter = (__force __be32) swab32((__force u32) sec->frame_counter);
613 	iv[13] = sec->level;
619 llsec_do_encrypt_unauth(struct sk_buff *skb, const struct mac802154_llsec *sec,
629 	llsec_geniv(iv, sec->params.hwaddr, &hdr->sec);
656 llsec_do_encrypt_auth(struct sk_buff *skb, const struct mac802154_llsec *sec,
666 	authlen = ieee802154_sechdr_authtag_len(&hdr->sec);
667 	llsec_geniv(iv, sec->params.hwaddr, &hdr->sec);
682 	if (!(hdr->sec.level & IEEE802154_SCF_SECLEVEL_ENC)) {
699 			    const struct mac802154_llsec *sec,
703 	if (hdr->sec.level == IEEE802154_SCF_SECLEVEL_ENC)
704 		return llsec_do_encrypt_unauth(skb, sec, hdr, key);
706 		return llsec_do_encrypt_auth(skb, sec, hdr, key);
709 int mac802154_llsec_encrypt(struct mac802154_llsec *sec, struct sk_buff *skb)
725 	    (hdr.sec.level == IEEE802154_SCF_SECLEVEL_NONE)) {
730 	authlen = ieee802154_sechdr_authtag_len(&hdr.sec);
737 	read_lock_bh(&sec->lock);
739 	if (!sec->params.enabled) {
744 	key = llsec_lookup_key(sec, &hdr, &hdr.dest, NULL);
750 	read_unlock_bh(&sec->lock);
752 	write_lock_bh(&sec->lock);
754 	frame_ctr = be32_to_cpu(sec->params.frame_counter);
755 	hdr.sec.frame_counter = cpu_to_le32(frame_ctr);
757 		write_unlock_bh(&sec->lock);
763 	sec->params.frame_counter = cpu_to_be32(frame_ctr + 1);
765 	write_unlock_bh(&sec->lock);
772 	rc = llsec_do_encrypt(skb, sec, &hdr, key);
778 	read_unlock_bh(&sec->lock);
785 llsec_lookup_dev(struct mac802154_llsec *sec,
792 	    llsec_recover_addr(sec, &devaddr) < 0)
799 		hash_for_each_possible_rcu(sec->devices_short, dev,
808 		hash_for_each_possible_rcu(sec->devices_hw, dev,
819 llsec_lookup_seclevel(const struct mac802154_llsec *sec,
825 	list_for_each_entry_rcu(level, &sec->table.security_levels, list) {
838 llsec_do_decrypt_unauth(struct sk_buff *skb, const struct mac802154_llsec *sec,
849 	llsec_geniv(iv, dev_addr, &hdr->sec);
865 llsec_do_decrypt_auth(struct sk_buff *skb, const struct mac802154_llsec *sec,
875 	authlen = ieee802154_sechdr_authtag_len(&hdr->sec);
876 	llsec_geniv(iv, dev_addr, &hdr->sec);
889 	if (!(hdr->sec.level & IEEE802154_SCF_SECLEVEL_ENC)) {
907 llsec_do_decrypt(struct sk_buff *skb, const struct mac802154_llsec *sec,
911 	if (hdr->sec.level == IEEE802154_SCF_SECLEVEL_ENC)
912 		return llsec_do_decrypt_unauth(skb, sec, hdr, key, dev_addr);
914 		return llsec_do_decrypt_auth(skb, sec, hdr, key, dev_addr);
986 int mac802154_llsec_decrypt(struct mac802154_llsec *sec, struct sk_buff *skb)
1004 	read_lock_bh(&sec->lock);
1005 	if (!sec->params.enabled) {
1006 		read_unlock_bh(&sec->lock);
1009 	read_unlock_bh(&sec->lock);
1013 	key = llsec_lookup_key(sec, &hdr, &hdr.source, &key_id);
1019 	dev = llsec_lookup_dev(sec, &hdr.source);
1025 	if (llsec_lookup_seclevel(sec, hdr.fc.type, 0, &seclevel) < 0) {
1030 	if (!(seclevel.sec_levels & BIT(hdr.sec.level)) &&
1031 	    (hdr.sec.level == 0 && seclevel.device_override &&
1037 	frame_ctr = le32_to_cpu(hdr.sec.frame_counter);
1052 	err = llsec_do_decrypt(skb, sec, &hdr, key, dev_addr);

Indexes created Thu May 02 11:06:28 MDT 2024