![[BACK]](/cvsweb/icons/back.gif){kind=icon}
Return to wpa_tkip.c CVS log ![[TXT]](/cvsweb/icons/text.gif){kind=icon}
![[DIR]](/cvsweb/icons/dir.gif){kind=icon}
Up to [Qemu by Fabrice Bellard] / qemu / roms / ipxe / src / net / 80211|
Return to wpa_tkip.c CVS log | Up to [Qemu by Fabrice Bellard] / qemu / roms / ipxe / src / net / 80211 |
1.1 ! root 1: /* ! 2: * Copyright (c) 2009 Joshua Oreman <[email protected]>. ! 3: * ! 4: * This program is free software; you can redistribute it and/or ! 5: * modify it under the terms of the GNU General Public License as ! 6: * published by the Free Software Foundation; either version 2 of the ! 7: * License, or any later version. ! 8: * ! 9: * This program is distributed in the hope that it will be useful, but ! 10: * WITHOUT ANY WARRANTY; without even the implied warranty of ! 11: * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU ! 12: * General Public License for more details. ! 13: * ! 14: * You should have received a copy of the GNU General Public License ! 15: * along with this program; if not, write to the Free Software ! 16: * Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. ! 17: */ ! 18: ! 19: FILE_LICENCE ( GPL2_OR_LATER ); ! 20: ! 21: #include <ipxe/net80211.h> ! 22: #include <ipxe/crypto.h> ! 23: #include <ipxe/hmac.h> ! 24: #include <ipxe/sha1.h> ! 25: #include <ipxe/md5.h> ! 26: #include <ipxe/crc32.h> ! 27: #include <ipxe/arc4.h> ! 28: #include <ipxe/wpa.h> ! 29: #include <byteswap.h> ! 30: #include <errno.h> ! 31: ! 32: /** @file ! 33: * ! 34: * Backend for WPA using the TKIP encryption standard. ! 35: */ ! 36: ! 37: /** Context for one direction of TKIP, either encryption or decryption */ ! 38: struct tkip_dir_ctx ! 39: { ! 40: /** High 32 bits of last sequence counter value used */ ! 41: u32 tsc_hi; ! 42: ! 43: /** Low 32 bits of last sequence counter value used */ ! 44: u16 tsc_lo; ! 45: ! 46: /** MAC address used to derive TTAK */ ! 47: u8 mac[ETH_ALEN]; ! 48: ! 49: /** If TRUE, TTAK is valid */ ! 50: u16 ttak_ok; ! 51: ! 52: /** TKIP-mixed transmit address and key, depends on tsc_hi and MAC */ ! 53: u16 ttak[5]; ! 54: }; ! 55: ! 56: /** Context for TKIP encryption and decryption */ ! 57: struct tkip_ctx ! 58: { ! 59: /** Temporal key to use */ ! 60: struct tkip_tk tk; ! 61: ! 62: /** State for encryption */ ! 63: struct tkip_dir_ctx enc; ! 64: ! 65: /** State for decryption */ ! 66: struct tkip_dir_ctx dec; ! 67: }; ! 68: ! 69: /** Header structure at the beginning of TKIP frame data */ ! 70: struct tkip_head ! 71: { ! 72: u8 tsc1; /**< High byte of low 16 bits of TSC */ ! 73: u8 seed1; /**< Second byte of WEP seed */ ! 74: u8 tsc0; /**< Low byte of TSC */ ! 75: u8 kid; /**< Key ID and ExtIV byte */ ! 76: u32 tsc_hi; /**< High 32 bits of TSC, as an ExtIV */ ! 77: } __attribute__ (( packed )); ! 78: ! 79: ! 80: /** TKIP header overhead (IV + KID + ExtIV) */ ! 81: #define TKIP_HEAD_LEN 8 ! 82: ! 83: /** TKIP trailer overhead (MIC + ICV) [assumes unfragmented] */ ! 84: #define TKIP_FOOT_LEN 12 ! 85: ! 86: /** TKIP MIC length */ ! 87: #define TKIP_MIC_LEN 8 ! 88: ! 89: /** TKIP ICV length */ ! 90: #define TKIP_ICV_LEN 4 ! 91: ! 92: ! 93: /** TKIP S-box */ ! 94: static const u16 Sbox[256] = { ! 95: 0xC6A5, 0xF884, 0xEE99, 0xF68D, 0xFF0D, 0xD6BD, 0xDEB1, 0x9154, ! 96: 0x6050, 0x0203, 0xCEA9, 0x567D, 0xE719, 0xB562, 0x4DE6, 0xEC9A, ! 97: 0x8F45, 0x1F9D, 0x8940, 0xFA87, 0xEF15, 0xB2EB, 0x8EC9, 0xFB0B, ! 98: 0x41EC, 0xB367, 0x5FFD, 0x45EA, 0x23BF, 0x53F7, 0xE496, 0x9B5B, ! 99: 0x75C2, 0xE11C, 0x3DAE, 0x4C6A, 0x6C5A, 0x7E41, 0xF502, 0x834F, ! 100: 0x685C, 0x51F4, 0xD134, 0xF908, 0xE293, 0xAB73, 0x6253, 0x2A3F, ! 101: 0x080C, 0x9552, 0x4665, 0x9D5E, 0x3028, 0x37A1, 0x0A0F, 0x2FB5, ! 102: 0x0E09, 0x2436, 0x1B9B, 0xDF3D, 0xCD26, 0x4E69, 0x7FCD, 0xEA9F, ! 103: 0x121B, 0x1D9E, 0x5874, 0x342E, 0x362D, 0xDCB2, 0xB4EE, 0x5BFB, ! 104: 0xA4F6, 0x764D, 0xB761, 0x7DCE, 0x527B, 0xDD3E, 0x5E71, 0x1397, ! 105: 0xA6F5, 0xB968, 0x0000, 0xC12C, 0x4060, 0xE31F, 0x79C8, 0xB6ED, ! 106: 0xD4BE, 0x8D46, 0x67D9, 0x724B, 0x94DE, 0x98D4, 0xB0E8, 0x854A, ! 107: 0xBB6B, 0xC52A, 0x4FE5, 0xED16, 0x86C5, 0x9AD7, 0x6655, 0x1194, ! 108: 0x8ACF, 0xE910, 0x0406, 0xFE81, 0xA0F0, 0x7844, 0x25BA, 0x4BE3, ! 109: 0xA2F3, 0x5DFE, 0x80C0, 0x058A, 0x3FAD, 0x21BC, 0x7048, 0xF104, ! 110: 0x63DF, 0x77C1, 0xAF75, 0x4263, 0x2030, 0xE51A, 0xFD0E, 0xBF6D, ! 111: 0x814C, 0x1814, 0x2635, 0xC32F, 0xBEE1, 0x35A2, 0x88CC, 0x2E39, ! 112: 0x9357, 0x55F2, 0xFC82, 0x7A47, 0xC8AC, 0xBAE7, 0x322B, 0xE695, ! 113: 0xC0A0, 0x1998, 0x9ED1, 0xA37F, 0x4466, 0x547E, 0x3BAB, 0x0B83, ! 114: 0x8CCA, 0xC729, 0x6BD3, 0x283C, 0xA779, 0xBCE2, 0x161D, 0xAD76, ! 115: 0xDB3B, 0x6456, 0x744E, 0x141E, 0x92DB, 0x0C0A, 0x486C, 0xB8E4, ! 116: 0x9F5D, 0xBD6E, 0x43EF, 0xC4A6, 0x39A8, 0x31A4, 0xD337, 0xF28B, ! 117: 0xD532, 0x8B43, 0x6E59, 0xDAB7, 0x018C, 0xB164, 0x9CD2, 0x49E0, ! 118: 0xD8B4, 0xACFA, 0xF307, 0xCF25, 0xCAAF, 0xF48E, 0x47E9, 0x1018, ! 119: 0x6FD5, 0xF088, 0x4A6F, 0x5C72, 0x3824, 0x57F1, 0x73C7, 0x9751, ! 120: 0xCB23, 0xA17C, 0xE89C, 0x3E21, 0x96DD, 0x61DC, 0x0D86, 0x0F85, ! 121: 0xE090, 0x7C42, 0x71C4, 0xCCAA, 0x90D8, 0x0605, 0xF701, 0x1C12, ! 122: 0xC2A3, 0x6A5F, 0xAEF9, 0x69D0, 0x1791, 0x9958, 0x3A27, 0x27B9, ! 123: 0xD938, 0xEB13, 0x2BB3, 0x2233, 0xD2BB, 0xA970, 0x0789, 0x33A7, ! 124: 0x2DB6, 0x3C22, 0x1592, 0xC920, 0x8749, 0xAAFF, 0x5078, 0xA57A, ! 125: 0x038F, 0x59F8, 0x0980, 0x1A17, 0x65DA, 0xD731, 0x84C6, 0xD0B8, ! 126: 0x82C3, 0x29B0, 0x5A77, 0x1E11, 0x7BCB, 0xA8FC, 0x6DD6, 0x2C3A, ! 127: }; ! 128: ! 129: /** ! 130: * Perform S-box mapping on a 16-bit value ! 131: * ! 132: * @v v Value to perform S-box mapping on ! 133: * @ret Sv S-box mapped value ! 134: */ ! 135: static inline u16 S ( u16 v ) ! 136: { ! 137: return Sbox[v & 0xFF] ^ swap16 ( Sbox[v >> 8] ); ! 138: } ! 139: ! 140: /** ! 141: * Rotate 16-bit value right ! 142: * ! 143: * @v v Value to rotate ! 144: * @v bits Number of bits to rotate by ! 145: * @ret rotv Rotated value ! 146: */ ! 147: static inline u16 ror16 ( u16 v, int bits ) ! 148: { ! 149: return ( v >> bits ) | ( v << ( 16 - bits ) ); ! 150: } ! 151: ! 152: /** ! 153: * Rotate 32-bit value right ! 154: * ! 155: * @v v Value to rotate ! 156: * @v bits Number of bits to rotate by ! 157: * @ret rotv Rotated value ! 158: */ ! 159: static inline u32 ror32 ( u32 v, int bits ) ! 160: { ! 161: return ( v >> bits ) | ( v << ( 32 - bits ) ); ! 162: } ! 163: ! 164: /** ! 165: * Rotate 32-bit value left ! 166: * ! 167: * @v v Value to rotate ! 168: * @v bits Number of bits to rotate by ! 169: * @ret rotv Rotated value ! 170: */ ! 171: static inline u32 rol32 ( u32 v, int bits ) ! 172: { ! 173: return ( v << bits ) | ( v >> ( 32 - bits ) ); ! 174: } ! 175: ! 176: ! 177: /** ! 178: * Initialise TKIP state and install key ! 179: * ! 180: * @v crypto TKIP cryptosystem structure ! 181: * @v key Pointer to tkip_tk to install ! 182: * @v keylen Length of key (32 bytes) ! 183: * @v rsc Initial receive sequence counter ! 184: */ ! 185: static int tkip_init ( struct net80211_crypto *crypto, const void *key, ! 186: int keylen, const void *rsc ) ! 187: { ! 188: struct tkip_ctx *ctx = crypto->priv; ! 189: const u8 *rscb = rsc; ! 190: ! 191: if ( keylen != sizeof ( ctx->tk ) ) ! 192: return -EINVAL; ! 193: ! 194: if ( rscb ) { ! 195: ctx->dec.tsc_lo = ( rscb[1] << 8 ) | rscb[0]; ! 196: ctx->dec.tsc_hi = ( ( rscb[5] << 24 ) | ( rscb[4] << 16 ) | ! 197: ( rscb[3] << 8 ) | rscb[2] ); ! 198: } ! 199: ! 200: memcpy ( &ctx->tk, key, sizeof ( ctx->tk ) ); ! 201: ! 202: return 0; ! 203: } ! 204: ! 205: /** ! 206: * Perform TKIP key mixing, phase 1 ! 207: * ! 208: * @v dctx TKIP directional context ! 209: * @v tk TKIP temporal key ! 210: * @v mac MAC address of transmitter ! 211: * ! 212: * This recomputes the TTAK in @a dctx if necessary, and sets ! 213: * @c dctx->ttak_ok. ! 214: */ ! 215: static void tkip_mix_1 ( struct tkip_dir_ctx *dctx, struct tkip_tk *tk, u8 *mac ) ! 216: { ! 217: int i, j; ! 218: ! 219: if ( dctx->ttak_ok && ! memcmp ( mac, dctx->mac, ETH_ALEN ) ) ! 220: return; ! 221: ! 222: memcpy ( dctx->mac, mac, ETH_ALEN ); ! 223: ! 224: dctx->ttak[0] = dctx->tsc_hi & 0xFFFF; ! 225: dctx->ttak[1] = dctx->tsc_hi >> 16; ! 226: dctx->ttak[2] = ( mac[1] << 8 ) | mac[0]; ! 227: dctx->ttak[3] = ( mac[3] << 8 ) | mac[2]; ! 228: dctx->ttak[4] = ( mac[5] << 8 ) | mac[4]; ! 229: ! 230: for ( i = 0; i < 8; i++ ) { ! 231: j = 2 * ( i & 1 ); ! 232: ! 233: dctx->ttak[0] += S ( dctx->ttak[4] ^ ( ( tk->key[1 + j] << 8 ) | ! 234: tk->key[0 + j] ) ); ! 235: dctx->ttak[1] += S ( dctx->ttak[0] ^ ( ( tk->key[5 + j] << 8 ) | ! 236: tk->key[4 + j] ) ); ! 237: dctx->ttak[2] += S ( dctx->ttak[1] ^ ( ( tk->key[9 + j] << 8 ) | ! 238: tk->key[8 + j] ) ); ! 239: dctx->ttak[3] += S ( dctx->ttak[2] ^ ( ( tk->key[13+ j] << 8 ) | ! 240: tk->key[12+ j] ) ); ! 241: dctx->ttak[4] += S ( dctx->ttak[3] ^ ( ( tk->key[1 + j] << 8 ) | ! 242: tk->key[0 + j] ) ) + i; ! 243: } ! 244: ! 245: dctx->ttak_ok = 1; ! 246: } ! 247: ! 248: /** ! 249: * Perform TKIP key mixing, phase 2 ! 250: * ! 251: * @v dctx TKIP directional context ! 252: * @v tk TKIP temporal key ! 253: * @ret key ARC4 key, 16 bytes long ! 254: */ ! 255: static void tkip_mix_2 ( struct tkip_dir_ctx *dctx, struct tkip_tk *tk, ! 256: void *key ) ! 257: { ! 258: u8 *kb = key; ! 259: u16 ppk[6]; ! 260: int i; ! 261: ! 262: memcpy ( ppk, dctx->ttak, sizeof ( dctx->ttak ) ); ! 263: ppk[5] = dctx->ttak[4] + dctx->tsc_lo; ! 264: ! 265: ppk[0] += S ( ppk[5] ^ ( ( tk->key[1] << 8 ) | tk->key[0] ) ); ! 266: ppk[1] += S ( ppk[0] ^ ( ( tk->key[3] << 8 ) | tk->key[2] ) ); ! 267: ppk[2] += S ( ppk[1] ^ ( ( tk->key[5] << 8 ) | tk->key[4] ) ); ! 268: ppk[3] += S ( ppk[2] ^ ( ( tk->key[7] << 8 ) | tk->key[6] ) ); ! 269: ppk[4] += S ( ppk[3] ^ ( ( tk->key[9] << 8 ) | tk->key[8] ) ); ! 270: ppk[5] += S ( ppk[4] ^ ( ( tk->key[11] << 8 ) | tk->key[10] ) ); ! 271: ! 272: ppk[0] += ror16 ( ppk[5] ^ ( ( tk->key[13] << 8 ) | tk->key[12] ), 1 ); ! 273: ppk[1] += ror16 ( ppk[0] ^ ( ( tk->key[15] << 8 ) | tk->key[14] ), 1 ); ! 274: ppk[2] += ror16 ( ppk[1], 1 ); ! 275: ppk[3] += ror16 ( ppk[2], 1 ); ! 276: ppk[4] += ror16 ( ppk[3], 1 ); ! 277: ppk[5] += ror16 ( ppk[4], 1 ); ! 278: ! 279: kb[0] = dctx->tsc_lo >> 8; ! 280: kb[1] = ( ( dctx->tsc_lo >> 8 ) | 0x20 ) & 0x7F; ! 281: kb[2] = dctx->tsc_lo & 0xFF; ! 282: kb[3] = ( ( ppk[5] ^ ( ( tk->key[1] << 8 ) | tk->key[0] ) ) >> 1 ) ! 283: & 0xFF; ! 284: ! 285: for ( i = 0; i < 6; i++ ) { ! 286: kb[4 + 2*i] = ppk[i] & 0xFF; ! 287: kb[5 + 2*i] = ppk[i] >> 8; ! 288: } ! 289: } ! 290: ! 291: /** ! 292: * Update Michael message integrity code based on next 32-bit word of data ! 293: * ! 294: * @v V Michael code state (two 32-bit words) ! 295: * @v word Next 32-bit word of data ! 296: */ ! 297: static void tkip_feed_michael ( u32 *V, u32 word ) ! 298: { ! 299: V[0] ^= word; ! 300: V[1] ^= rol32 ( V[0], 17 ); ! 301: V[0] += V[1]; ! 302: V[1] ^= ( ( V[0] & 0xFF00FF00 ) >> 8 ) | ( ( V[0] & 0x00FF00FF ) << 8 ); ! 303: V[0] += V[1]; ! 304: V[1] ^= rol32 ( V[0], 3 ); ! 305: V[0] += V[1]; ! 306: V[1] ^= ror32 ( V[0], 2 ); ! 307: V[0] += V[1]; ! 308: } ! 309: ! 310: /** ! 311: * Calculate Michael message integrity code ! 312: * ! 313: * @v key MIC key to use (8 bytes) ! 314: * @v da Destination link-layer address ! 315: * @v sa Source link-layer address ! 316: * @v data Start of data to calculate over ! 317: * @v len Length of header + data ! 318: * @ret mic Calculated Michael MIC (8 bytes) ! 319: */ ! 320: static void tkip_michael ( const void *key, const void *da, const void *sa, ! 321: const void *data, size_t len, void *mic ) ! 322: { ! 323: u32 V[2]; /* V[0] = "l", V[1] = "r" in 802.11 */ ! 324: union { ! 325: u8 byte[12]; ! 326: u32 word[3]; ! 327: } cap; ! 328: const u8 *ptr = data; ! 329: const u8 *end = ptr + len; ! 330: int i; ! 331: ! 332: memcpy ( V, key, sizeof ( V ) ); ! 333: V[0] = le32_to_cpu ( V[0] ); ! 334: V[1] = le32_to_cpu ( V[1] ); ! 335: ! 336: /* Feed in header (we assume non-QoS, so Priority = 0) */ ! 337: memcpy ( &cap.byte[0], da, ETH_ALEN ); ! 338: memcpy ( &cap.byte[6], sa, ETH_ALEN ); ! 339: tkip_feed_michael ( V, le32_to_cpu ( cap.word[0] ) ); ! 340: tkip_feed_michael ( V, le32_to_cpu ( cap.word[1] ) ); ! 341: tkip_feed_michael ( V, le32_to_cpu ( cap.word[2] ) ); ! 342: tkip_feed_michael ( V, 0 ); ! 343: ! 344: /* Feed in data */ ! 345: while ( ptr + 4 <= end ) { ! 346: tkip_feed_michael ( V, le32_to_cpu ( *( u32 * ) ptr ) ); ! 347: ptr += 4; ! 348: } ! 349: ! 350: /* Add unaligned part and padding */ ! 351: for ( i = 0; ptr < end; i++ ) ! 352: cap.byte[i] = *ptr++; ! 353: cap.byte[i++] = 0x5a; ! 354: for ( ; i < 8; i++ ) ! 355: cap.byte[i] = 0; ! 356: ! 357: /* Feed in padding */ ! 358: tkip_feed_michael ( V, le32_to_cpu ( cap.word[0] ) ); ! 359: tkip_feed_michael ( V, le32_to_cpu ( cap.word[1] ) ); ! 360: ! 361: /* Output MIC */ ! 362: V[0] = cpu_to_le32 ( V[0] ); ! 363: V[1] = cpu_to_le32 ( V[1] ); ! 364: memcpy ( mic, V, sizeof ( V ) ); ! 365: } ! 366: ! 367: /** ! 368: * Encrypt a packet using TKIP ! 369: * ! 370: * @v crypto TKIP cryptosystem ! 371: * @v iob I/O buffer containing cleartext packet ! 372: * @ret eiob I/O buffer containing encrypted packet ! 373: */ ! 374: static struct io_buffer * tkip_encrypt ( struct net80211_crypto *crypto, ! 375: struct io_buffer *iob ) ! 376: { ! 377: struct tkip_ctx *ctx = crypto->priv; ! 378: struct ieee80211_frame *hdr = iob->data; ! 379: struct io_buffer *eiob; ! 380: struct arc4_ctx arc4; ! 381: u8 key[16]; ! 382: struct tkip_head head; ! 383: u8 mic[8]; ! 384: u32 icv; ! 385: const int hdrlen = IEEE80211_TYP_FRAME_HEADER_LEN; ! 386: int datalen = iob_len ( iob ) - hdrlen; ! 387: ! 388: ctx->enc.tsc_lo++; ! 389: if ( ctx->enc.tsc_lo == 0 ) { ! 390: ctx->enc.tsc_hi++; ! 391: ctx->enc.ttak_ok = 0; ! 392: } ! 393: ! 394: tkip_mix_1 ( &ctx->enc, &ctx->tk, hdr->addr2 ); ! 395: tkip_mix_2 ( &ctx->enc, &ctx->tk, key ); ! 396: ! 397: eiob = alloc_iob ( iob_len ( iob ) + TKIP_HEAD_LEN + TKIP_FOOT_LEN ); ! 398: if ( ! eiob ) ! 399: return NULL; ! 400: ! 401: /* Copy frame header */ ! 402: memcpy ( iob_put ( eiob, hdrlen ), iob->data, hdrlen ); ! 403: hdr = eiob->data; ! 404: hdr->fc |= IEEE80211_FC_PROTECTED; ! 405: ! 406: /* Fill in IV and key ID byte, and extended IV */ ! 407: memcpy ( &head, key, 3 ); ! 408: head.kid = 0x20; /* have Extended IV, key ID 0 */ ! 409: head.tsc_hi = cpu_to_le32 ( ctx->enc.tsc_hi ); ! 410: memcpy ( iob_put ( eiob, sizeof ( head ) ), &head, sizeof ( head ) ); ! 411: ! 412: /* Copy and encrypt the data */ ! 413: cipher_setkey ( &arc4_algorithm, &arc4, key, 16 ); ! 414: cipher_encrypt ( &arc4_algorithm, &arc4, iob->data + hdrlen, ! 415: iob_put ( eiob, datalen ), datalen ); ! 416: ! 417: /* Add MIC */ ! 418: hdr = iob->data; ! 419: tkip_michael ( &ctx->tk.mic.tx, hdr->addr3, hdr->addr2, ! 420: iob->data + hdrlen, datalen, mic ); ! 421: cipher_encrypt ( &arc4_algorithm, &arc4, mic, ! 422: iob_put ( eiob, sizeof ( mic ) ), sizeof ( mic ) ); ! 423: ! 424: /* Add ICV */ ! 425: icv = crc32_le ( ~0, iob->data + hdrlen, datalen ); ! 426: icv = crc32_le ( icv, mic, sizeof ( mic ) ); ! 427: icv = cpu_to_le32 ( ~icv ); ! 428: cipher_encrypt ( &arc4_algorithm, &arc4, &icv, ! 429: iob_put ( eiob, TKIP_ICV_LEN ), TKIP_ICV_LEN ); ! 430: ! 431: DBGC2 ( ctx, "WPA-TKIP %p: encrypted packet %p -> %p\n", ctx, ! 432: iob, eiob ); ! 433: ! 434: return eiob; ! 435: } ! 436: ! 437: /** ! 438: * Decrypt a packet using TKIP ! 439: * ! 440: * @v crypto TKIP cryptosystem ! 441: * @v eiob I/O buffer containing encrypted packet ! 442: * @ret iob I/O buffer containing cleartext packet ! 443: */ ! 444: static struct io_buffer * tkip_decrypt ( struct net80211_crypto *crypto, ! 445: struct io_buffer *eiob ) ! 446: { ! 447: struct tkip_ctx *ctx = crypto->priv; ! 448: struct ieee80211_frame *hdr; ! 449: struct io_buffer *iob; ! 450: const int hdrlen = IEEE80211_TYP_FRAME_HEADER_LEN; ! 451: int datalen = iob_len ( eiob ) - hdrlen - TKIP_HEAD_LEN - TKIP_FOOT_LEN; ! 452: struct tkip_head *head; ! 453: struct arc4_ctx arc4; ! 454: u16 rx_tsc_lo; ! 455: u8 key[16]; ! 456: u8 mic[8]; ! 457: u32 icv, crc; ! 458: ! 459: iob = alloc_iob ( hdrlen + datalen + TKIP_FOOT_LEN ); ! 460: if ( ! iob ) ! 461: return NULL; ! 462: ! 463: /* Copy frame header */ ! 464: memcpy ( iob_put ( iob, hdrlen ), eiob->data, hdrlen ); ! 465: hdr = iob->data; ! 466: hdr->fc &= ~IEEE80211_FC_PROTECTED; ! 467: ! 468: /* Check and update TSC */ ! 469: head = eiob->data + hdrlen; ! 470: rx_tsc_lo = ( head->tsc1 << 8 ) | head->tsc0; ! 471: ! 472: if ( head->tsc_hi < ctx->dec.tsc_hi || ! 473: ( head->tsc_hi == ctx->dec.tsc_hi && ! 474: rx_tsc_lo <= ctx->dec.tsc_lo ) ) { ! 475: DBGC ( ctx, "WPA-TKIP %p: packet received out of order " ! 476: "(%08x:%04x <= %08x:%04x)\n", ctx, head->tsc_hi, ! 477: rx_tsc_lo, ctx->dec.tsc_hi, ctx->dec.tsc_lo ); ! 478: free_iob ( iob ); ! 479: return NULL; ! 480: } ! 481: ctx->dec.tsc_lo = rx_tsc_lo; ! 482: if ( ctx->dec.tsc_hi != head->tsc_hi ) { ! 483: ctx->dec.ttak_ok = 0; ! 484: ctx->dec.tsc_hi = head->tsc_hi; ! 485: } ! 486: ! 487: /* Calculate key */ ! 488: tkip_mix_1 ( &ctx->dec, &ctx->tk, hdr->addr2 ); ! 489: tkip_mix_2 ( &ctx->dec, &ctx->tk, key ); ! 490: ! 491: /* Copy-decrypt data, MIC, ICV */ ! 492: cipher_setkey ( &arc4_algorithm, &arc4, key, 16 ); ! 493: cipher_decrypt ( &arc4_algorithm, &arc4, ! 494: eiob->data + hdrlen + TKIP_HEAD_LEN, ! 495: iob_put ( iob, datalen ), datalen + TKIP_FOOT_LEN ); ! 496: ! 497: /* Check ICV */ ! 498: icv = le32_to_cpu ( *( u32 * ) ( iob->tail + TKIP_MIC_LEN ) ); ! 499: crc = ~crc32_le ( ~0, iob->data + hdrlen, datalen + TKIP_MIC_LEN ); ! 500: if ( crc != icv ) { ! 501: DBGC ( ctx, "WPA-TKIP %p CRC mismatch: expect %08x, get %08x\n", ! 502: ctx, icv, crc ); ! 503: free_iob ( iob ); ! 504: return NULL; ! 505: } ! 506: ! 507: /* Check MIC */ ! 508: tkip_michael ( &ctx->tk.mic.rx, hdr->addr1, hdr->addr3, ! 509: iob->data + hdrlen, datalen, mic ); ! 510: if ( memcmp ( mic, iob->tail, TKIP_MIC_LEN ) != 0 ) { ! 511: DBGC ( ctx, "WPA-TKIP %p ALERT! MIC failure\n", ctx ); ! 512: /* XXX we should do the countermeasures here */ ! 513: free_iob ( iob ); ! 514: return NULL; ! 515: } ! 516: ! 517: DBGC2 ( ctx, "WPA-TKIP %p: decrypted packet %p -> %p\n", ctx, ! 518: eiob, iob ); ! 519: ! 520: return iob; ! 521: } ! 522: ! 523: /** TKIP cryptosystem */ ! 524: struct net80211_crypto tkip_crypto __net80211_crypto = { ! 525: .algorithm = NET80211_CRYPT_TKIP, ! 526: .init = tkip_init, ! 527: .encrypt = tkip_encrypt, ! 528: .decrypt = tkip_decrypt, ! 529: .priv_len = sizeof ( struct tkip_ctx ), ! 530: }; ! 531: ! 532: ! 533: ! 534: ! 535: /** ! 536: * Calculate HMAC-MD5 MIC for EAPOL-Key frame ! 537: * ! 538: * @v kck Key Confirmation Key, 16 bytes ! 539: * @v msg Message to calculate MIC over ! 540: * @v len Number of bytes to calculate MIC over ! 541: * @ret mic Calculated MIC, 16 bytes long ! 542: */ ! 543: static void tkip_kie_mic ( const void *kck, const void *msg, size_t len, ! 544: void *mic ) ! 545: { ! 546: struct md5_ctx md5; ! 547: u8 kckb[16]; ! 548: size_t kck_len = 16; ! 549: ! 550: memcpy ( kckb, kck, kck_len ); ! 551: ! 552: hmac_init ( &md5_algorithm, &md5, kckb, &kck_len ); ! 553: hmac_update ( &md5_algorithm, &md5, msg, len ); ! 554: hmac_final ( &md5_algorithm, &md5, kckb, &kck_len, mic ); ! 555: } ! 556: ! 557: /** ! 558: * Decrypt key data in EAPOL-Key frame ! 559: * ! 560: * @v kek Key Encryption Key, 16 bytes ! 561: * @v iv Initialisation vector, 16 bytes ! 562: * @v msg Message to decrypt ! 563: * @v len Length of message ! 564: * @ret msg Decrypted message in place of original ! 565: * @ret len Unchanged ! 566: * @ret rc Always 0 for success ! 567: */ ! 568: static int tkip_kie_decrypt ( const void *kek, const void *iv, ! 569: void *msg, u16 *len ) ! 570: { ! 571: u8 key[32]; ! 572: memcpy ( key, iv, 16 ); ! 573: memcpy ( key + 16, kek, 16 ); ! 574: ! 575: arc4_skip ( key, 32, 256, msg, msg, *len ); ! 576: ! 577: return 0; ! 578: } ! 579: ! 580: ! 581: /** TKIP-style key integrity and encryption handler */ ! 582: struct wpa_kie tkip_kie __wpa_kie = { ! 583: .version = EAPOL_KEY_VERSION_WPA, ! 584: .mic = tkip_kie_mic, ! 585: .decrypt = tkip_kie_decrypt, ! 586: };
This archive runs on limited infrastructure. Preserving old code on modern bandwidth. Automated agents are requested to crawl responsibly.