iPXE
wpa_ccmp.c
Go to the documentation of this file.
1 /*
2  * Copyright (c) 2009 Joshua Oreman <oremanj@rwcr.net>.
3  *
4  * This program is free software; you can redistribute it and/or
5  * modify it under the terms of the GNU General Public License as
6  * published by the Free Software Foundation; either version 2 of the
7  * License, or any later version.
8  *
9  * This program is distributed in the hope that it will be useful, but
10  * WITHOUT ANY WARRANTY; without even the implied warranty of
11  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
12  * General Public License for more details.
13  *
14  * You should have received a copy of the GNU General Public License
15  * along with this program; if not, write to the Free Software
16  * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
17  * 02110-1301, USA.
18  */
19 
20 FILE_LICENCE ( GPL2_OR_LATER );
21 
22 #include <string.h>
23 #include <ipxe/net80211.h>
24 #include <ipxe/crypto.h>
25 #include <ipxe/hmac.h>
26 #include <ipxe/sha1.h>
27 #include <ipxe/aes.h>
28 #include <ipxe/wpa.h>
29 #include <byteswap.h>
30 #include <errno.h>
31 
32 /** @file
33  *
34  * Backend for WPA using the CCMP encryption method
35  */
36 
37 /** Context for CCMP encryption and decryption */
38 struct ccmp_ctx
39 {
40  /** AES context - only ever used for encryption */
42 
43  /** Most recently sent packet number */
45 
46  /** Most recently received packet number */
48 };
49 
50 /** Header structure at the beginning of CCMP frame data */
51 struct ccmp_head
52 {
53  u8 pn_lo[2]; /**< Bytes 0 and 1 of packet number */
54  u8 _rsvd; /**< Reserved byte */
55  u8 kid; /**< Key ID and ExtIV byte */
56  u8 pn_hi[4]; /**< Bytes 2-5 (2 first) of packet number */
57 } __attribute__ (( packed ));
58 
59 
60 /** CCMP header overhead */
61 #define CCMP_HEAD_LEN 8
62 
63 /** CCMP MIC trailer overhead */
64 #define CCMP_MIC_LEN 8
65 
66 /** CCMP nonce length */
67 #define CCMP_NONCE_LEN 13
68 
69 /** CCMP nonce structure */
70 struct ccmp_nonce
71 {
72  u8 prio; /**< Packet priority, 0 for non-QoS */
73  u8 a2[ETH_ALEN]; /**< Address 2 from packet header (sender) */
74  u8 pn[6]; /**< Packet number */
75 } __attribute__ (( packed ));
76 
77 /** CCMP additional authentication data length (for non-QoS, non-WDS frames) */
78 #define CCMP_AAD_LEN 22
79 
80 /** CCMP additional authentication data structure */
81 struct ccmp_aad
82 {
83  u16 fc; /**< Frame Control field */
84  u8 a1[6]; /**< Address 1 */
85  u8 a2[6]; /**< Address 2 */
86  u8 a3[6]; /**< Address 3 */
87  u16 seq; /**< Sequence Control field */
88  /* Address 4 and QoS Control are included if present */
89 } __attribute__ (( packed ));
90 
91 /** Mask for Frame Control field in AAD */
92 #define CCMP_AAD_FC_MASK 0xC38F
93 
94 /** Mask for Sequence Control field in AAD */
95 #define CCMP_AAD_SEQ_MASK 0x000F
96 
97 
98 /**
99  * Convert 6-byte LSB packet number to 64-bit integer
100  *
101  * @v pn Pointer to 6-byte packet number
102  * @ret v 64-bit integer value of @a pn
103  */
104 static u64 pn_to_u64 ( const u8 *pn )
105 {
106  int i;
107  u64 ret = 0;
108 
109  for ( i = 5; i >= 0; i-- ) {
110  ret <<= 8;
111  ret |= pn[i];
112  }
113 
114  return ret;
115 }
116 
117 /**
118  * Convert 64-bit integer to 6-byte packet number
119  *
120  * @v v 64-bit integer
121  * @v msb If TRUE, reverse the output PN to be in MSB order
122  * @ret pn 6-byte packet number
123  *
124  * The PN is stored in LSB order in the packet header and in MSB order
125  * in the nonce. WHYYYYY?
126  */
127 static void u64_to_pn ( u64 v, u8 *pn, int msb )
128 {
129  int i;
130  u8 *pnp = pn + ( msb ? 5 : 0 );
131  int delta = ( msb ? -1 : +1 );
132 
133  for ( i = 0; i < 6; i++ ) {
134  *pnp = v & 0xFF;
135  pnp += delta;
136  v >>= 8;
137  }
138 }
139 
140 /** Value for @a msb argument of u64_to_pn() for MSB output */
141 #define PN_MSB 1
142 
143 /** Value for @a msb argument of u64_to_pn() for LSB output */
144 #define PN_LSB 0
145 
146 
147 
148 /**
149  * Initialise CCMP state and install key
150  *
151  * @v crypto CCMP cryptosystem structure
152  * @v key Pointer to 16-byte temporal key to install
153  * @v keylen Length of key (16 bytes)
154  * @v rsc Initial receive sequence counter
155  */
156 static int ccmp_init ( struct net80211_crypto *crypto, const void *key,
157  int keylen, const void *rsc )
158 {
159  struct ccmp_ctx *ctx = crypto->priv;
160 
161  if ( keylen != 16 )
162  return -EINVAL;
163 
164  if ( rsc )
165  ctx->rx_seq = pn_to_u64 ( rsc );
166 
167  cipher_setkey ( &aes_algorithm, ctx->aes_ctx, key, keylen );
168 
169  return 0;
170 }
171 
172 
173 /**
174  * Encrypt or decrypt data stream using AES in Counter mode
175  *
176  * @v ctx CCMP cryptosystem context
177  * @v nonce Nonce value, 13 bytes
178  * @v srcv Data to encrypt or decrypt
179  * @v len Number of bytes pointed to by @a src
180  * @v msrcv MIC value to encrypt or decrypt (may be NULL)
181  * @ret destv Encrypted or decrypted data
182  * @ret mdestv Encrypted or decrypted MIC value
183  *
184  * This assumes CCMP parameters of L=2 and M=8. The algorithm is
185  * defined in RFC 3610.
186  */
187 static void ccmp_ctr_xor ( struct ccmp_ctx *ctx, const void *nonce,
188  const void *srcv, void *destv, int len,
189  const void *msrcv, void *mdestv )
190 {
191  u8 A[16], S[16];
192  u16 ctr;
193  int i;
194  const u8 *src = srcv, *msrc = msrcv;
195  u8 *dest = destv, *mdest = mdestv;
196 
197  A[0] = 0x01; /* flags, L' = L - 1 = 1, other bits rsvd */
198  memcpy ( A + 1, nonce, CCMP_NONCE_LEN );
199 
200  if ( msrcv ) {
201  A[14] = A[15] = 0;
202 
203  cipher_encrypt ( &aes_algorithm, ctx->aes_ctx, A, S, 16 );
204 
205  for ( i = 0; i < 8; i++ ) {
206  *mdest++ = *msrc++ ^ S[i];
207  }
208  }
209 
210  for ( ctr = 1 ;; ctr++ ) {
211  A[14] = ctr >> 8;
212  A[15] = ctr & 0xFF;
213 
214  cipher_encrypt ( &aes_algorithm, ctx->aes_ctx, A, S, 16 );
215 
216  for ( i = 0; i < len && i < 16; i++ )
217  *dest++ = *src++ ^ S[i];
218 
219  if ( len <= 16 )
220  break; /* we're done */
221 
222  len -= 16;
223  }
224 }
225 
226 
227 /**
228  * Advance one block in CBC-MAC calculation
229  *
230  * @v aes_ctx AES encryption context with key set
231  * @v B Cleartext block to incorporate (16 bytes)
232  * @v X Previous ciphertext block (16 bytes)
233  * @ret B Clobbered
234  * @ret X New ciphertext block (16 bytes)
235  *
236  * This function does X := E[key] ( X ^ B ).
237  */
238 static void ccmp_feed_cbc_mac ( void *aes_ctx, u8 *B, u8 *X )
239 {
240  int i;
241  for ( i = 0; i < 16; i++ )
242  B[i] ^= X[i];
243  cipher_encrypt ( &aes_algorithm, aes_ctx, B, X, 16 );
244 }
245 
246 
247 /**
248  * Calculate MIC on plaintext data using CBC-MAC
249  *
250  * @v ctx CCMP cryptosystem context
251  * @v nonce Nonce value, 13 bytes
252  * @v data Data to calculate MIC over
253  * @v datalen Length of @a data
254  * @v aad Additional authentication data, for MIC but not encryption
255  * @ret mic MIC value (unencrypted), 8 bytes
256  *
257  * @a aadlen is assumed to be 22 bytes long, as it always is for
258  * 802.11 use when transmitting non-QoS, not-between-APs frames (the
259  * only type we deal with).
260  */
261 static void ccmp_cbc_mac ( struct ccmp_ctx *ctx, const void *nonce,
262  const void *data, u16 datalen,
263  const void *aad, void *mic )
264 {
265  u8 X[16], B[16];
266 
267  /* Zeroth block: flags, nonce, length */
268 
269  /* Rsv AAD - M'- - L'-
270  * 0 1 0 1 1 0 0 1 for an 8-byte MAC and 2-byte message length
271  */
272  B[0] = 0x59;
273  memcpy ( B + 1, nonce, CCMP_NONCE_LEN );
274  B[14] = datalen >> 8;
275  B[15] = datalen & 0xFF;
276 
277  cipher_encrypt ( &aes_algorithm, ctx->aes_ctx, B, X, 16 );
278 
279  /* First block: AAD length field and 14 bytes of AAD */
280  B[0] = 0;
281  B[1] = CCMP_AAD_LEN;
282  memcpy ( B + 2, aad, 14 );
283 
284  ccmp_feed_cbc_mac ( ctx->aes_ctx, B, X );
285 
286  /* Second block: Remaining 8 bytes of AAD, 8 bytes zero pad */
287  memcpy ( B, aad + 14, 8 );
288  memset ( B + 8, 0, 8 );
289 
290  ccmp_feed_cbc_mac ( ctx->aes_ctx, B, X );
291 
292  /* Message blocks */
293  while ( datalen ) {
294  if ( datalen >= 16 ) {
295  memcpy ( B, data, 16 );
296  datalen -= 16;
297  } else {
298  memcpy ( B, data, datalen );
299  memset ( B + datalen, 0, 16 - datalen );
300  datalen = 0;
301  }
302 
303  ccmp_feed_cbc_mac ( ctx->aes_ctx, B, X );
304 
305  data += 16;
306  }
307 
308  /* Get MIC from final value of X */
309  memcpy ( mic, X, 8 );
310 }
311 
312 
313 /**
314  * Encapsulate and encrypt a packet using CCMP
315  *
316  * @v crypto CCMP cryptosystem
317  * @v iob I/O buffer containing cleartext packet
318  * @ret eiob I/O buffer containing encrypted packet
319  */
320 struct io_buffer * ccmp_encrypt ( struct net80211_crypto *crypto,
321  struct io_buffer *iob )
322 {
323  struct ccmp_ctx *ctx = crypto->priv;
324  struct ieee80211_frame *hdr = iob->data;
325  struct io_buffer *eiob;
326  const int hdrlen = IEEE80211_TYP_FRAME_HEADER_LEN;
327  int datalen = iob_len ( iob ) - hdrlen;
328  struct ccmp_head head;
329  struct ccmp_nonce nonce;
330  struct ccmp_aad aad;
331  u8 mic[8], tx_pn[6];
332  void *edata, *emic;
333 
334  ctx->tx_seq++;
335  u64_to_pn ( ctx->tx_seq, tx_pn, PN_LSB );
336 
337  /* Allocate memory */
338  eiob = alloc_iob ( iob_len ( iob ) + CCMP_HEAD_LEN + CCMP_MIC_LEN );
339  if ( ! eiob )
340  return NULL;
341 
342  /* Copy frame header */
343  memcpy ( iob_put ( eiob, hdrlen ), iob->data, hdrlen );
344  hdr = eiob->data;
346 
347  /* Fill in packet number and extended IV */
348  memcpy ( head.pn_lo, tx_pn, 2 );
349  memcpy ( head.pn_hi, tx_pn + 2, 4 );
350  head.kid = 0x20; /* have Extended IV, key ID 0 */
351  head._rsvd = 0;
352  memcpy ( iob_put ( eiob, sizeof ( head ) ), &head, sizeof ( head ) );
353 
354  /* Form nonce */
355  nonce.prio = 0;
356  memcpy ( nonce.a2, hdr->addr2, ETH_ALEN );
357  u64_to_pn ( ctx->tx_seq, nonce.pn, PN_MSB );
358 
359  /* Form additional authentication data */
360  aad.fc = hdr->fc & CCMP_AAD_FC_MASK;
361  memcpy ( aad.a1, hdr->addr1, 3 * ETH_ALEN ); /* all 3 at once */
362  aad.seq = hdr->seq & CCMP_AAD_SEQ_MASK;
363 
364  /* Calculate MIC over the data */
365  ccmp_cbc_mac ( ctx, &nonce, iob->data + hdrlen, datalen, &aad, mic );
366 
367  /* Copy and encrypt data and MIC */
368  edata = iob_put ( eiob, datalen );
369  emic = iob_put ( eiob, CCMP_MIC_LEN );
370  ccmp_ctr_xor ( ctx, &nonce,
371  iob->data + hdrlen, edata, datalen,
372  mic, emic );
373 
374  /* Done! */
375  DBGC2 ( ctx, "WPA-CCMP %p: encrypted packet %p -> %p\n", ctx,
376  iob, eiob );
377 
378  return eiob;
379 }
380 
381 /**
382  * Decrypt a packet using CCMP
383  *
384  * @v crypto CCMP cryptosystem
385  * @v eiob I/O buffer containing encrypted packet
386  * @ret iob I/O buffer containing cleartext packet
387  */
388 static struct io_buffer * ccmp_decrypt ( struct net80211_crypto *crypto,
389  struct io_buffer *eiob )
390 {
391  struct ccmp_ctx *ctx = crypto->priv;
392  struct ieee80211_frame *hdr;
393  struct io_buffer *iob;
394  const int hdrlen = IEEE80211_TYP_FRAME_HEADER_LEN;
395  int datalen = iob_len ( eiob ) - hdrlen - CCMP_HEAD_LEN - CCMP_MIC_LEN;
396  struct ccmp_head *head;
397  struct ccmp_nonce nonce;
398  struct ccmp_aad aad;
399  u8 rx_pn[6], their_mic[8], our_mic[8];
400 
401  iob = alloc_iob ( hdrlen + datalen );
402  if ( ! iob )
403  return NULL;
404 
405  /* Copy frame header */
406  memcpy ( iob_put ( iob, hdrlen ), eiob->data, hdrlen );
407  hdr = iob->data;
408  hdr->fc &= ~IEEE80211_FC_PROTECTED;
409 
410  /* Check and update RX packet number */
411  head = eiob->data + hdrlen;
412  memcpy ( rx_pn, head->pn_lo, 2 );
413  memcpy ( rx_pn + 2, head->pn_hi, 4 );
414 
415  if ( pn_to_u64 ( rx_pn ) <= ctx->rx_seq ) {
416  DBGC ( ctx, "WPA-CCMP %p: packet received out of order "
417  "(%012llx <= %012llx)\n", ctx, pn_to_u64 ( rx_pn ),
418  ctx->rx_seq );
419  free_iob ( iob );
420  return NULL;
421  }
422 
423  ctx->rx_seq = pn_to_u64 ( rx_pn );
424  DBGC2 ( ctx, "WPA-CCMP %p: RX packet number %012llx\n", ctx, ctx->rx_seq );
425 
426  /* Form nonce */
427  nonce.prio = 0;
428  memcpy ( nonce.a2, hdr->addr2, ETH_ALEN );
429  u64_to_pn ( ctx->rx_seq, nonce.pn, PN_MSB );
430 
431  /* Form additional authentication data */
432  aad.fc = ( hdr->fc & CCMP_AAD_FC_MASK ) | IEEE80211_FC_PROTECTED;
433  memcpy ( aad.a1, hdr->addr1, 3 * ETH_ALEN ); /* all 3 at once */
434  aad.seq = hdr->seq & CCMP_AAD_SEQ_MASK;
435 
436  /* Copy-decrypt data and MIC */
437  ccmp_ctr_xor ( ctx, &nonce, eiob->data + hdrlen + sizeof ( *head ),
438  iob_put ( iob, datalen ), datalen,
439  eiob->tail - CCMP_MIC_LEN, their_mic );
440 
441  /* Check MIC */
442  ccmp_cbc_mac ( ctx, &nonce, iob->data + hdrlen, datalen, &aad,
443  our_mic );
444 
445  if ( memcmp ( their_mic, our_mic, CCMP_MIC_LEN ) != 0 ) {
446  DBGC2 ( ctx, "WPA-CCMP %p: MIC failure\n", ctx );
447  free_iob ( iob );
448  return NULL;
449  }
450 
451  DBGC2 ( ctx, "WPA-CCMP %p: decrypted packet %p -> %p\n", ctx,
452  eiob, iob );
453 
454  return iob;
455 }
456 
457 
458 /** CCMP cryptosystem */
459 struct net80211_crypto ccmp_crypto __net80211_crypto = {
461  .init = ccmp_init,
462  .encrypt = ccmp_encrypt,
463  .decrypt = ccmp_decrypt,
464  .priv_len = sizeof ( struct ccmp_ctx ),
465 };
466 
467 
468 
469 
470 /**
471  * Calculate HMAC-SHA1 MIC for EAPOL-Key frame
472  *
473  * @v kck Key Confirmation Key, 16 bytes
474  * @v msg Message to calculate MIC over
475  * @v len Number of bytes to calculate MIC over
476  * @ret mic Calculated MIC, 16 bytes long
477  */
478 static void ccmp_kie_mic ( const void *kck, const void *msg, size_t len,
479  void *mic )
480 {
482  u8 kckb[16];
484 
485  memcpy ( kckb, kck, sizeof ( kckb ) );
486 
487  hmac_init ( &sha1_algorithm, ctx, kckb, sizeof ( kckb ) );
490 
491  memcpy ( mic, hash, 16 );
492 }
493 
494 /**
495  * Decrypt key data in EAPOL-Key frame
496  *
497  * @v kek Key Encryption Key, 16 bytes
498  * @v iv Initialisation vector, 16 bytes (unused)
499  * @v msg Message to decrypt
500  * @v len Length of message
501  * @ret msg Decrypted message in place of original
502  * @ret len Adjusted downward for 8 bytes of overhead
503  * @ret rc Return status code
504  *
505  * The returned message may still contain padding of 0xDD followed by
506  * zero or more 0x00 octets. It is impossible to remove the padding
507  * without parsing the IEs in the packet (another design decision that
508  * tends to make one question the 802.11i committee's intelligence...)
509  */
510 static int ccmp_kie_decrypt ( const void *kek, const void *iv __unused,
511  void *msg, u16 *len )
512 {
513  if ( *len % 8 != 0 )
514  return -EINVAL;
515 
516  if ( aes_unwrap ( kek, msg, msg, *len / 8 - 1 ) != 0 )
517  return -EINVAL;
518 
519  *len -= 8;
520 
521  return 0;
522 }
523 
524 /** CCMP-style key integrity and encryption handler */
525 struct wpa_kie ccmp_kie __wpa_kie = {
527  .mic = ccmp_kie_mic,
528  .decrypt = ccmp_kie_decrypt,
529 };
uint16_t u16
Definition: stdint.h:21
void hmac_init(struct digest_algorithm *digest, void *ctx, const void *key, size_t key_len)
Initialise HMAC.
Definition: hmac.c:57
u16 fc
Frame Control field.
Definition: wpa_ccmp.c:83
#define __attribute__(x)
Definition: compiler.h:10
#define EINVAL
Invalid argument.
Definition: errno.h:428
u8 pn[6]
Packet number.
Definition: wpa_ccmp.c:74
static const void * src
Definition: string.h:47
pseudo_bit_t hash[0x00010]
Definition: arbel.h:13
Network protected with CCMP (AES-based system)
Definition: net80211.h:174
u8 kid
Key ID and ExtIV byte.
Definition: wpa_ccmp.c:55
#define iob_put(iobuf, len)
Definition: iobuf.h:120
#define SHA1_BLOCK_SIZE
Definition: Tpm20.h:26
void msg(unsigned int row, const char *fmt,...)
Print message centred on specified row.
Definition: message.c:61
static u64 pn_to_u64(const u8 *pn)
Convert 6-byte LSB packet number to 64-bit integer.
Definition: wpa_ccmp.c:104
FILE_LICENCE(GPL2_OR_LATER)
Error codes.
struct golan_inbox_hdr hdr
Message header.
Definition: CIB_PRM.h:28
void free_iob(struct io_buffer *iobuf)
Free I/O buffer.
Definition: iobuf.c:146
WPA handshake key integrity and encryption handler.
Definition: wpa.h:371
u8 kck[WPA_KCK_LEN]
EAPOL-Key Key Confirmation Key (KCK)
Definition: wpa.h:28
#define DBGC(...)
Definition: compiler.h:505
An 802.11 data or management frame without QoS or WDS header fields.
Definition: ieee80211.h:300
#define AES_CTX_SIZE
AES context size.
Definition: aes.h:45
Cryptographic API.
u8 _rsvd
Reserved byte.
Definition: wpa_ccmp.c:54
uint8_t head
Head number.
Definition: int13.h:34
struct golan_eq_context ctx
Definition: CIB_PRM.h:28
struct cipher_algorithm aes_algorithm
Basic AES algorithm.
Definition: aes.c:783
struct io_buffer * alloc_iob(size_t len)
Allocate I/O buffer.
Definition: iobuf.c:129
static void u64_to_pn(u64 v, u8 *pn, int msb)
Convert 64-bit integer to 6-byte packet number.
Definition: wpa_ccmp.c:127
static void ccmp_kie_mic(const void *kck, const void *msg, size_t len, void *mic)
Calculate HMAC-SHA1 MIC for EAPOL-Key frame.
Definition: wpa_ccmp.c:478
u8 iv[16]
Initialization vector.
Definition: wpa.h:60
static void ccmp_cbc_mac(struct ccmp_ctx *ctx, const void *nonce, const void *data, u16 datalen, const void *aad, void *mic)
Calculate MIC on plaintext data using CBC-MAC.
Definition: wpa_ccmp.c:261
struct io_buffer * ccmp_encrypt(struct net80211_crypto *crypto, struct io_buffer *iob)
Encapsulate and encrypt a packet using CCMP.
Definition: wpa_ccmp.c:320
#define PN_MSB
Value for msb argument of u64_to_pn() for MSB output.
Definition: wpa_ccmp.c:141
u8 a1[6]
Address 1.
Definition: wpa_ccmp.c:84
static u16 S(u16 v)
Perform S-box mapping on a 16-bit value.
Definition: wpa_tkip.c:137
#define cipher_encrypt(cipher, ctx, src, dst, len)
Definition: crypto.h:233
void * tail
End of data.
Definition: iobuf.h:50
enum net80211_crypto_alg algorithm
The cryptographic algorithm implemented.
Definition: net80211.h:692
void * memcpy(void *dest, const void *src, size_t len) __nonnull
#define __unused
Declare a variable or data structure as unused.
Definition: compiler.h:573
Common definitions for all types of WPA-protected networks.
Keyed-Hashing for Message Authentication.
#define IEEE80211_TYP_FRAME_HEADER_LEN
Frame header length for frames we might work with.
Definition: ieee80211.h:60
u8 rsc[8]
Receive sequence counter for GTK.
Definition: wpa.h:69
u16 datalen
Length of the data field in bytes, network byte order.
Definition: wpa.h:84
uint64_t u64
Definition: stdint.h:25
static int ccmp_init(struct net80211_crypto *crypto, const void *key, int keylen, const void *rsc)
Initialise CCMP state and install key.
Definition: wpa_ccmp.c:156
int version
Value of version bits in EAPOL-Key info field for which to use.
Definition: wpa.h:376
static void ccmp_feed_cbc_mac(void *aes_ctx, u8 *B, u8 *X)
Advance one block in CBC-MAC calculation.
Definition: wpa_ccmp.c:238
#define CCMP_NONCE_LEN
CCMP nonce length.
Definition: wpa_ccmp.c:67
AES algorithm.
u8 a3[6]
Address 3.
Definition: wpa_ccmp.c:86
#define IEEE80211_FC_PROTECTED
802.11 Frame Control field: Protected flag
Definition: ieee80211.h:264
#define CCMP_AAD_SEQ_MASK
Mask for Sequence Control field in AAD.
Definition: wpa_ccmp.c:95
static void hmac_update(struct digest_algorithm *digest, void *ctx, const void *data, size_t len)
Update HMAC.
Definition: hmac.h:42
The iPXE 802.11 MAC layer.
Header structure at the beginning of CCMP frame data.
Definition: wpa_ccmp.c:51
static size_t iob_len(struct io_buffer *iobuf)
Calculate length of data in an I/O buffer.
Definition: iobuf.h:155
u8 kek[WPA_KEK_LEN]
EAPOL-Key Key Encryption Key (KEK)
Definition: wpa.h:31
#define CCMP_AAD_LEN
CCMP additional authentication data length (for non-QoS, non-WDS frames)
Definition: wpa_ccmp.c:78
u64 rx_seq
Most recently received packet number.
Definition: wpa_ccmp.c:47
u64 tx_seq
Most recently sent packet number.
Definition: wpa_ccmp.c:44
#define CCMP_MIC_LEN
CCMP MIC trailer overhead.
Definition: wpa_ccmp.c:64
static void ccmp_ctr_xor(struct ccmp_ctx *ctx, const void *nonce, const void *srcv, void *destv, int len, const void *msrcv, void *mdestv)
Encrypt or decrypt data stream using AES in Counter mode.
Definition: wpa_ccmp.c:187
#define ETH_ALEN
Definition: if_ether.h:8
u8 a2[ETH_ALEN]
Address 2 from packet header (sender)
Definition: wpa_ccmp.c:73
u8 nonce[32]
Nonce value.
Definition: wpa.h:52
u8 aes_ctx[AES_CTX_SIZE]
AES context - only ever used for encryption.
Definition: wpa_ccmp.c:41
u8 pn_lo[2]
Bytes 0 and 1 of packet number.
Definition: wpa_ccmp.c:53
#define EAPOL_KEY_VERSION_WPA2
Key descriptor version field value for WPA2 (CCMP)
Definition: wpa.h:81
void * priv
Private data for the algorithm to store key and state info.
Definition: net80211.h:766
CCMP additional authentication data structure.
Definition: wpa_ccmp.c:81
u8 a2[6]
Address 2.
Definition: wpa_ccmp.c:85
#define SHA1_DIGEST_SIZE
Definition: Tpm20.h:25
#define DBGC2(...)
Definition: compiler.h:522
#define CCMP_HEAD_LEN
CCMP header overhead.
Definition: wpa_ccmp.c:61
Context for CCMP encryption and decryption.
Definition: wpa_ccmp.c:38
SHA-1 algorithm.
static struct io_buffer * ccmp_decrypt(struct net80211_crypto *crypto, struct io_buffer *eiob)
Decrypt a packet using CCMP.
Definition: wpa_ccmp.c:388
void * data
Start of data.
Definition: iobuf.h:48
struct wpa_kie ccmp_kie __wpa_kie
CCMP-style key integrity and encryption handler.
Definition: wpa_ccmp.c:525
#define SHA1_CTX_SIZE
SHA-1 context size.
Definition: sha1.h:66
if(len >=6 *4) __asm__ __volatile__("movsl" if(len >=5 *4) __asm__ __volatile__("movsl" if(len >=4 *4) __asm__ __volatile__("movsl" if(len >=3 *4) __asm__ __volatile__("movsl" if(len >=2 *4) __asm__ __volatile__("movsl" if(len >=1 *4) __asm__ __volatile__("movsl" if((len % 4) >=2) __asm__ __volatile__("movsw" if((len % 2) >=1) __asm__ __volatile__("movsb" return dest
Definition: string.h:150
u16 seq
Sequence Control field.
Definition: wpa_ccmp.c:87
uint8_t data[48]
Additional event data.
Definition: ena.h:22
CCMP nonce structure.
Definition: wpa_ccmp.c:70
void hmac_final(struct digest_algorithm *digest, void *ctx, void *hmac)
Finalise HMAC.
Definition: hmac.c:87
#define CCMP_AAD_FC_MASK
Mask for Frame Control field in AAD.
Definition: wpa_ccmp.c:92
static int ccmp_kie_decrypt(const void *kek, const void *iv __unused, void *msg, u16 *len)
Decrypt key data in EAPOL-Key frame.
Definition: wpa_ccmp.c:510
u8 prio
Packet priority, 0 for non-QoS.
Definition: wpa_ccmp.c:72
int aes_unwrap(const void *kek, const void *src, void *dest, int nblk)
Unwrap a key or other data using AES Key Wrap (RFC 3394)
Definition: aes_wrap.c:85
Interface to an 802.11 cryptosystem.
Definition: net80211.h:689
struct net80211_crypto ccmp_crypto __net80211_crypto
CCMP cryptosystem.
Definition: wpa_ccmp.c:459
int memcmp(const void *first, const void *second, size_t len)
Compare memory regions.
Definition: string.c:114
u8 mic[16]
Message integrity code over the entire EAPOL frame.
Definition: wpa.h:81
uint32_t len
Length.
Definition: ena.h:14
#define NULL
NULL pointer (VOID *)
Definition: Base.h:321
String functions.
uint8_t u8
Definition: stdint.h:19
union @383 key
Sense key.
Definition: scsi.h:18
static int cipher_setkey(struct cipher_algorithm *cipher, void *ctx, const void *key, size_t keylen)
Definition: crypto.h:217
struct digest_algorithm sha1_algorithm
SHA-1 algorithm.
Definition: sha1.c:257
#define PN_LSB
Value for msb argument of u64_to_pn() for LSB output.
Definition: wpa_ccmp.c:144
void * memset(void *dest, int character, size_t len) __nonnull
A persistent I/O buffer.
Definition: iobuf.h:33
u8 pn_hi[4]
Bytes 2-5 (2 first) of packet number.
Definition: wpa_ccmp.c:56