83 #define TKIP_HEAD_LEN 8 86 #define TKIP_FOOT_LEN 12 89 #define TKIP_MIC_LEN 8 92 #define TKIP_ICV_LEN 4 97 0xC6A5, 0xF884, 0xEE99, 0xF68D, 0xFF0D, 0xD6BD, 0xDEB1, 0x9154,
98 0x6050, 0x0203, 0xCEA9, 0x567D, 0xE719, 0xB562, 0x4DE6, 0xEC9A,
99 0x8F45, 0x1F9D, 0x8940, 0xFA87, 0xEF15, 0xB2EB, 0x8EC9, 0xFB0B,
100 0x41EC, 0xB367, 0x5FFD, 0x45EA, 0x23BF, 0x53F7, 0xE496, 0x9B5B,
101 0x75C2, 0xE11C, 0x3DAE, 0x4C6A, 0x6C5A, 0x7E41, 0xF502, 0x834F,
102 0x685C, 0x51F4, 0xD134, 0xF908, 0xE293, 0xAB73, 0x6253, 0x2A3F,
103 0x080C, 0x9552, 0x4665, 0x9D5E, 0x3028, 0x37A1, 0x0A0F, 0x2FB5,
104 0x0E09, 0x2436, 0x1B9B, 0xDF3D, 0xCD26, 0x4E69, 0x7FCD, 0xEA9F,
105 0x121B, 0x1D9E, 0x5874, 0x342E, 0x362D, 0xDCB2, 0xB4EE, 0x5BFB,
106 0xA4F6, 0x764D, 0xB761, 0x7DCE, 0x527B, 0xDD3E, 0x5E71, 0x1397,
107 0xA6F5, 0xB968, 0x0000, 0xC12C, 0x4060, 0xE31F, 0x79C8, 0xB6ED,
108 0xD4BE, 0x8D46, 0x67D9, 0x724B, 0x94DE, 0x98D4, 0xB0E8, 0x854A,
109 0xBB6B, 0xC52A, 0x4FE5, 0xED16, 0x86C5, 0x9AD7, 0x6655, 0x1194,
110 0x8ACF, 0xE910, 0x0406, 0xFE81, 0xA0F0, 0x7844, 0x25BA, 0x4BE3,
111 0xA2F3, 0x5DFE, 0x80C0, 0x058A, 0x3FAD, 0x21BC, 0x7048, 0xF104,
112 0x63DF, 0x77C1, 0xAF75, 0x4263, 0x2030, 0xE51A, 0xFD0E, 0xBF6D,
113 0x814C, 0x1814, 0x2635, 0xC32F, 0xBEE1, 0x35A2, 0x88CC, 0x2E39,
114 0x9357, 0x55F2, 0xFC82, 0x7A47, 0xC8AC, 0xBAE7, 0x322B, 0xE695,
115 0xC0A0, 0x1998, 0x9ED1, 0xA37F, 0x4466, 0x547E, 0x3BAB, 0x0B83,
116 0x8CCA, 0xC729, 0x6BD3, 0x283C, 0xA779, 0xBCE2, 0x161D, 0xAD76,
117 0xDB3B, 0x6456, 0x744E, 0x141E, 0x92DB, 0x0C0A, 0x486C, 0xB8E4,
118 0x9F5D, 0xBD6E, 0x43EF, 0xC4A6, 0x39A8, 0x31A4, 0xD337, 0xF28B,
119 0xD532, 0x8B43, 0x6E59, 0xDAB7, 0x018C, 0xB164, 0x9CD2, 0x49E0,
120 0xD8B4, 0xACFA, 0xF307, 0xCF25, 0xCAAF, 0xF48E, 0x47E9, 0x1018,
121 0x6FD5, 0xF088, 0x4A6F, 0x5C72, 0x3824, 0x57F1, 0x73C7, 0x9751,
122 0xCB23, 0xA17C, 0xE89C, 0x3E21, 0x96DD, 0x61DC, 0x0D86, 0x0F85,
123 0xE090, 0x7C42, 0x71C4, 0xCCAA, 0x90D8, 0x0605, 0xF701, 0x1C12,
124 0xC2A3, 0x6A5F, 0xAEF9, 0x69D0, 0x1791, 0x9958, 0x3A27, 0x27B9,
125 0xD938, 0xEB13, 0x2BB3, 0x2233, 0xD2BB, 0xA970, 0x0789, 0x33A7,
126 0x2DB6, 0x3C22, 0x1592, 0xC920, 0x8749, 0xAAFF, 0x5078, 0xA57A,
127 0x038F, 0x59F8, 0x0980, 0x1A17, 0x65DA, 0xD731, 0x84C6, 0xD0B8,
128 0x82C3, 0x29B0, 0x5A77, 0x1E11, 0x7BCB, 0xA8FC, 0x6DD6, 0x2C3A,
151 return ( v >>
bits ) | ( v << ( 16 -
bits ) );
163 return ( v >>
bits ) | ( v << ( 32 -
bits ) );
175 return ( v <<
bits ) | ( v >> ( 32 -
bits ) );
188 int keylen,
const void *
rsc )
191 const u8 *rscb =
rsc;
193 if ( keylen !=
sizeof (
ctx->tk ) )
197 ctx->dec.tsc_lo = ( rscb[1] << 8 ) | rscb[0];
198 ctx->dec.tsc_hi = ( ( rscb[5] << 24 ) | ( rscb[4] << 16 ) |
199 ( rscb[3] << 8 ) | rscb[2] );
232 for ( i = 0; i < 8; i++ ) {
235 dctx->
ttak[0] +=
S ( dctx->
ttak[4] ^ ( (
tk->key[1 + j] << 8 ) |
237 dctx->
ttak[1] +=
S ( dctx->
ttak[0] ^ ( (
tk->key[5 + j] << 8 ) |
239 dctx->
ttak[2] +=
S ( dctx->
ttak[1] ^ ( (
tk->key[9 + j] << 8 ) |
241 dctx->
ttak[3] +=
S ( dctx->
ttak[2] ^ ( (
tk->key[13+ j] << 8 ) |
243 dctx->
ttak[4] +=
S ( dctx->
ttak[3] ^ ( (
tk->key[1 + j] << 8 ) |
244 tk->key[0 + j] ) ) + i;
267 ppk[0] +=
S ( ppk[5] ^ ( (
tk->key[1] << 8 ) |
tk->key[0] ) );
268 ppk[1] +=
S ( ppk[0] ^ ( (
tk->key[3] << 8 ) |
tk->key[2] ) );
269 ppk[2] +=
S ( ppk[1] ^ ( (
tk->key[5] << 8 ) |
tk->key[4] ) );
270 ppk[3] +=
S ( ppk[2] ^ ( (
tk->key[7] << 8 ) |
tk->key[6] ) );
271 ppk[4] +=
S ( ppk[3] ^ ( (
tk->key[9] << 8 ) |
tk->key[8] ) );
272 ppk[5] +=
S ( ppk[4] ^ ( (
tk->key[11] << 8 ) |
tk->key[10] ) );
274 ppk[0] +=
ror16 ( ppk[5] ^ ( (
tk->key[13] << 8 ) |
tk->key[12] ), 1 );
275 ppk[1] +=
ror16 ( ppk[0] ^ ( (
tk->key[15] << 8 ) |
tk->key[14] ), 1 );
276 ppk[2] +=
ror16 ( ppk[1], 1 );
277 ppk[3] +=
ror16 ( ppk[2], 1 );
278 ppk[4] +=
ror16 ( ppk[3], 1 );
279 ppk[5] +=
ror16 ( ppk[4], 1 );
281 kb[0] = dctx->
tsc_lo >> 8;
282 kb[1] = ( ( dctx->
tsc_lo >> 8 ) | 0x20 ) & 0x7F;
283 kb[2] = dctx->
tsc_lo & 0xFF;
284 kb[3] = ( ( ppk[5] ^ ( (
tk->key[1] << 8 ) |
tk->key[0] ) ) >> 1 )
287 for ( i = 0; i < 6; i++ ) {
288 kb[4 + 2*i] = ppk[i] & 0xFF;
289 kb[5 + 2*i] = ppk[i] >> 8;
302 V[1] ^=
rol32 ( V[0], 17 );
304 V[1] ^= ( ( V[0] & 0xFF00FF00 ) >> 8 ) | ( ( V[0] & 0x00FF00FF ) << 8 );
306 V[1] ^=
rol32 ( V[0], 3 );
308 V[1] ^=
ror32 ( V[0], 2 );
347 while ( ptr + 4 <=
end ) {
353 for ( i = 0; ptr <
end; i++ )
354 cap.byte[i] = *ptr++;
355 cap.byte[i++] = 0x5a;
391 if (
ctx->enc.tsc_lo == 0 ) {
393 ctx->enc.ttak_ok = 0;
433 DBGC2 (
ctx,
"WPA-TKIP %p: encrypted packet %p -> %p\n",
ctx,
472 rx_tsc_lo = (
head->tsc1 << 8 ) |
head->tsc0;
475 (
head->tsc_hi ==
ctx->dec.tsc_hi &&
476 rx_tsc_lo <= ctx->dec.tsc_lo ) ) {
477 DBGC (
ctx,
"WPA-TKIP %p: packet received out of order " 478 "(%08x:%04x <= %08x:%04x)\n",
ctx,
head->tsc_hi,
479 rx_tsc_lo,
ctx->dec.tsc_hi,
ctx->dec.tsc_lo );
483 ctx->dec.tsc_lo = rx_tsc_lo;
484 if (
ctx->dec.tsc_hi !=
head->tsc_hi ) {
485 ctx->dec.ttak_ok = 0;
486 ctx->dec.tsc_hi =
head->tsc_hi;
503 DBGC (
ctx,
"WPA-TKIP %p CRC mismatch: expect %08x, get %08x\n",
513 DBGC (
ctx,
"WPA-TKIP %p ALERT! MIC failure\n",
ctx );
519 DBGC2 (
ctx,
"WPA-TKIP %p: decrypted packet %p -> %p\n",
ctx,
531 .priv_len =
sizeof (
struct tkip_ctx ),
#define EAPOL_KEY_VERSION_WPA
Key descriptor version field value for WPA (TKIP)
void hmac_init(struct digest_algorithm *digest, void *ctx, const void *key, size_t key_len)
Initialise HMAC.
#define EINVAL
Invalid argument.
static void tkip_feed_michael(u32 *V, u32 word)
Update Michael message integrity code based on next 32-bit word of data.
#define iob_put(iobuf, len)
void msg(unsigned int row, const char *fmt,...)
Print message centred on specified row.
Context for one direction of TKIP, either encryption or decryption.
u8 mac[ETH_ALEN]
MAC address used to derive TTAK.
static int tkip_kie_decrypt(const void *kek, const void *iv, void *msg, u16 *len)
Decrypt key data in EAPOL-Key frame.
u8 tsc1
High byte of low 16 bits of TSC.
static u32 rol32(u32 v, int bits)
Rotate 32-bit value left.
#define le32_to_cpu(value)
u8 seed1
Second byte of WEP seed.
struct golan_inbox_hdr hdr
Message header.
void free_iob(struct io_buffer *iobuf)
Free I/O buffer.
WPA handshake key integrity and encryption handler.
u8 kck[WPA_KCK_LEN]
EAPOL-Key Key Confirmation Key (KCK)
An 802.11 data or management frame without QoS or WDS header fields.
uint8_t mac[ETH_ALEN]
MAC address.
struct golan_eq_context ctx
Header structure at the beginning of TKIP frame data.
u32 tsc_hi
High 32 bits of TSC, as an ExtIV.
static u32 ror32(u32 v, int bits)
Rotate 32-bit value right.
struct io_buffer * alloc_iob(size_t len)
Allocate I/O buffer.
u8 iv[16]
Initialization vector.
#define TKIP_MIC_LEN
TKIP MIC length.
u32 crc32_le(u32 seed, const void *data, size_t len)
Calculate 32-bit little-endian CRC checksum.
FILE_LICENCE(GPL2_OR_LATER)
static u16 S(u16 v)
Perform S-box mapping on a 16-bit value.
#define cipher_encrypt(cipher, ctx, src, dst, len)
enum net80211_crypto_alg algorithm
The cryptographic algorithm implemented.
void * memcpy(void *dest, const void *src, size_t len) __nonnull
union wpa_tk tk
Temporal key.
Common definitions for all types of WPA-protected networks.
static const u16 Sbox[256]
TKIP S-box.
Keyed-Hashing for Message Authentication.
void arc4_skip(const void *key, size_t keylen, size_t skip, const void *src, void *dst, size_t msglen)
Perform ARC4 encryption or decryption, skipping initial keystream bytes.
#define IEEE80211_TYP_FRAME_HEADER_LEN
Frame header length for frames we might work with.
u8 rsc[8]
Receive sequence counter for GTK.
u16 datalen
Length of the data field in bytes, network byte order.
int version
Value of version bits in EAPOL-Key info field for which to use.
static void tkip_michael(const void *key, const void *da, const void *sa, const void *data, size_t len, void *mic)
Calculate Michael message integrity code.
#define cpu_to_le32(value)
#define TKIP_HEAD_LEN
TKIP header overhead (IV + KID + ExtIV)
#define IEEE80211_FC_PROTECTED
802.11 Frame Control field: Protected flag
static void hmac_update(struct digest_algorithm *digest, void *ctx, const void *data, size_t len)
Update HMAC.
Context for TKIP encryption and decryption.
The iPXE 802.11 MAC layer.
static size_t iob_len(struct io_buffer *iobuf)
Calculate length of data in an I/O buffer.
u8 kek[WPA_KEK_LEN]
EAPOL-Key Key Encryption Key (KEK)
struct net80211_crypto tkip_crypto __net80211_crypto
TKIP cryptosystem.
struct tkip_dir_ctx enc
State for encryption.
#define MD5_CTX_SIZE
MD5 context size.
static int tkip_init(struct net80211_crypto *crypto, const void *key, int keylen, const void *rsc)
Initialise TKIP state and install key.
static struct io_buffer * tkip_encrypt(struct net80211_crypto *crypto, struct io_buffer *iob)
Encrypt a packet using TKIP.
u8 kid
Key ID and ExtIV byte.
#define MD5_BLOCK_SIZE
MD5 block size.
u16 tsc_lo
Low 32 bits of last sequence counter value used.
#define cipher_decrypt(cipher, ctx, src, dst, len)
static void tkip_mix_1(struct tkip_dir_ctx *dctx, struct tkip_tk *tk, u8 *mac)
Perform TKIP key mixing, phase 1.
void * priv
Private data for the algorithm to store key and state info.
static void tkip_mix_2(struct tkip_dir_ctx *dctx, struct tkip_tk *tk, void *key)
Perform TKIP key mixing, phase 2.
struct cipher_algorithm arc4_algorithm
u16 ttak_ok
If TRUE, TTAK is valid.
static struct io_buffer * tkip_decrypt(struct net80211_crypto *crypto, struct io_buffer *eiob)
Decrypt a packet using TKIP.
static volatile void * bits
Structure of the Temporal Key for TKIP encryption.
#define TKIP_ICV_LEN
TKIP ICV length.
struct wpa_kie tkip_kie __wpa_kie
TKIP-style key integrity and encryption handler.
struct tkip_tk tk
Temporal key to use.
void * data
Start of data.
u16 ttak[5]
TKIP-mixed transmit address and key, depends on tsc_hi and MAC.
uint32_t end
Ending offset.
uint8_t data[48]
Additional event data.
void hmac_final(struct digest_algorithm *digest, void *ctx, void *hmac)
Finalise HMAC.
static u16 ror16(u16 v, int bits)
Rotate 16-bit value right.
struct tkip_dir_ctx dec
State for decryption.
Network protected with TKIP (better RC4-based system)
u32 tsc_hi
High 32 bits of last sequence counter value used.
Interface to an 802.11 cryptosystem.
int memcmp(const void *first, const void *second, size_t len)
Compare memory regions.
u8 mic[16]
Message integrity code over the entire EAPOL frame.
#define NULL
NULL pointer (VOID *)
static void tkip_kie_mic(const void *kck, const void *msg, size_t len, void *mic)
Calculate HMAC-MD5 MIC for EAPOL-Key frame.
#define TKIP_FOOT_LEN
TKIP trailer overhead (MIC + ICV) [assumes unfragmented].
struct digest_algorithm md5_algorithm
MD5 algorithm.
static int cipher_setkey(struct cipher_algorithm *cipher, void *ctx, const void *key, size_t keylen)
if(natsemi->flags &NATSEMI_64BIT) return 1