123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348349350351352353354355356357358359360361362363364365366367368369370371372373374375376377378379380381382383384385386387388389390391392393394395396397398399400401402403404405406407408409410411412413414415416417418419420421422423424425426427428429430431432433434435436437438439440441442443444445446447448449450451452453454455456457458459460461462463464465466467468469470471472473474475476477478479480481482483484485486487488489490491492493494495496497498499500501502503504505506507508509510511512513514515516517518519520521522523524525526527528529530 |
-
-
- FILE_LICENCE ( GPL2_OR_LATER );
-
- #include <string.h>
- #include <ipxe/net80211.h>
- #include <ipxe/crypto.h>
- #include <ipxe/hmac.h>
- #include <ipxe/sha1.h>
- #include <ipxe/aes.h>
- #include <ipxe/wpa.h>
- #include <byteswap.h>
- #include <errno.h>
-
-
-
-
- struct ccmp_ctx
- {
-
- u8 aes_ctx[AES_CTX_SIZE];
-
-
- u64 tx_seq;
-
-
- u64 rx_seq;
- };
-
-
- struct ccmp_head
- {
- u8 pn_lo[2];
- u8 _rsvd;
- u8 kid;
- u8 pn_hi[4];
- } __attribute__ (( packed ));
-
-
-
- #define CCMP_HEAD_LEN 8
-
-
- #define CCMP_MIC_LEN 8
-
-
- #define CCMP_NONCE_LEN 13
-
-
- struct ccmp_nonce
- {
- u8 prio;
- u8 a2[ETH_ALEN];
- u8 pn[6];
- } __attribute__ (( packed ));
-
-
- #define CCMP_AAD_LEN 22
-
-
- struct ccmp_aad
- {
- u16 fc;
- u8 a1[6];
- u8 a2[6];
- u8 a3[6];
- u16 seq;
-
- } __attribute__ (( packed ));
-
-
- #define CCMP_AAD_FC_MASK 0xC38F
-
-
- #define CCMP_AAD_SEQ_MASK 0x000F
-
-
-
- static u64 pn_to_u64 ( const u8 *pn )
- {
- int i;
- u64 ret = 0;
-
- for ( i = 5; i >= 0; i-- ) {
- ret <<= 8;
- ret |= pn[i];
- }
-
- return ret;
- }
-
-
- static void u64_to_pn ( u64 v, u8 *pn, int msb )
- {
- int i;
- u8 *pnp = pn + ( msb ? 5 : 0 );
- int delta = ( msb ? -1 : +1 );
-
- for ( i = 0; i < 6; i++ ) {
- *pnp = v & 0xFF;
- pnp += delta;
- v >>= 8;
- }
- }
-
-
- #define PN_MSB 1
-
-
- #define PN_LSB 0
-
-
-
-
- static int ccmp_init ( struct net80211_crypto *crypto, const void *key,
- int keylen, const void *rsc )
- {
- struct ccmp_ctx *ctx = crypto->priv;
-
- if ( keylen != 16 )
- return -EINVAL;
-
- if ( rsc )
- ctx->rx_seq = pn_to_u64 ( rsc );
-
- cipher_setkey ( &aes_algorithm, ctx->aes_ctx, key, keylen );
-
- return 0;
- }
-
-
-
- static void ccmp_ctr_xor ( struct ccmp_ctx *ctx, const void *nonce,
- const void *srcv, void *destv, int len,
- const void *msrcv, void *mdestv )
- {
- u8 A[16], S[16];
- u16 ctr;
- int i;
- const u8 *src = srcv, *msrc = msrcv;
- u8 *dest = destv, *mdest = mdestv;
-
- A[0] = 0x01;
- memcpy ( A + 1, nonce, CCMP_NONCE_LEN );
-
- if ( msrcv ) {
- A[14] = A[15] = 0;
-
- cipher_encrypt ( &aes_algorithm, ctx->aes_ctx, A, S, 16 );
-
- for ( i = 0; i < 8; i++ ) {
- *mdest++ = *msrc++ ^ S[i];
- }
- }
-
- for ( ctr = 1 ;; ctr++ ) {
- A[14] = ctr >> 8;
- A[15] = ctr & 0xFF;
-
- cipher_encrypt ( &aes_algorithm, ctx->aes_ctx, A, S, 16 );
-
- for ( i = 0; i < len && i < 16; i++ )
- *dest++ = *src++ ^ S[i];
-
- if ( len <= 16 )
- break;
-
- len -= 16;
- }
- }
-
-
-
- static void ccmp_feed_cbc_mac ( void *aes_ctx, u8 *B, u8 *X )
- {
- int i;
- for ( i = 0; i < 16; i++ )
- B[i] ^= X[i];
- cipher_encrypt ( &aes_algorithm, aes_ctx, B, X, 16 );
- }
-
-
-
- static void ccmp_cbc_mac ( struct ccmp_ctx *ctx, const void *nonce,
- const void *data, u16 datalen,
- const void *aad, void *mic )
- {
- u8 X[16], B[16];
-
-
-
-
-
- B[0] = 0x59;
- memcpy ( B + 1, nonce, CCMP_NONCE_LEN );
- B[14] = datalen >> 8;
- B[15] = datalen & 0xFF;
-
- cipher_encrypt ( &aes_algorithm, ctx->aes_ctx, B, X, 16 );
-
-
- B[0] = 0;
- B[1] = CCMP_AAD_LEN;
- memcpy ( B + 2, aad, 14 );
-
- ccmp_feed_cbc_mac ( ctx->aes_ctx, B, X );
-
-
- memcpy ( B, aad + 14, 8 );
- memset ( B + 8, 0, 8 );
-
- ccmp_feed_cbc_mac ( ctx->aes_ctx, B, X );
-
-
- while ( datalen ) {
- if ( datalen >= 16 ) {
- memcpy ( B, data, 16 );
- datalen -= 16;
- } else {
- memcpy ( B, data, datalen );
- memset ( B + datalen, 0, 16 - datalen );
- datalen = 0;
- }
-
- ccmp_feed_cbc_mac ( ctx->aes_ctx, B, X );
-
- data += 16;
- }
-
-
- memcpy ( mic, X, 8 );
- }
-
-
-
- struct io_buffer * ccmp_encrypt ( struct net80211_crypto *crypto,
- struct io_buffer *iob )
- {
- struct ccmp_ctx *ctx = crypto->priv;
- struct ieee80211_frame *hdr = iob->data;
- struct io_buffer *eiob;
- const int hdrlen = IEEE80211_TYP_FRAME_HEADER_LEN;
- int datalen = iob_len ( iob ) - hdrlen;
- struct ccmp_head head;
- struct ccmp_nonce nonce;
- struct ccmp_aad aad;
- u8 mic[8], tx_pn[6];
- void *edata, *emic;
-
- ctx->tx_seq++;
- u64_to_pn ( ctx->tx_seq, tx_pn, PN_LSB );
-
-
- eiob = alloc_iob ( iob_len ( iob ) + CCMP_HEAD_LEN + CCMP_MIC_LEN );
- if ( ! eiob )
- return NULL;
-
-
- memcpy ( iob_put ( eiob, hdrlen ), iob->data, hdrlen );
- hdr = eiob->data;
- hdr->fc |= IEEE80211_FC_PROTECTED;
-
-
- memcpy ( head.pn_lo, tx_pn, 2 );
- memcpy ( head.pn_hi, tx_pn + 2, 4 );
- head.kid = 0x20;
- head._rsvd = 0;
- memcpy ( iob_put ( eiob, sizeof ( head ) ), &head, sizeof ( head ) );
-
-
- nonce.prio = 0;
- memcpy ( nonce.a2, hdr->addr2, ETH_ALEN );
- u64_to_pn ( ctx->tx_seq, nonce.pn, PN_MSB );
-
-
- aad.fc = hdr->fc & CCMP_AAD_FC_MASK;
- memcpy ( aad.a1, hdr->addr1, 3 * ETH_ALEN );
- aad.seq = hdr->seq & CCMP_AAD_SEQ_MASK;
-
-
- ccmp_cbc_mac ( ctx, &nonce, iob->data + hdrlen, datalen, &aad, mic );
-
-
- edata = iob_put ( eiob, datalen );
- emic = iob_put ( eiob, CCMP_MIC_LEN );
- ccmp_ctr_xor ( ctx, &nonce,
- iob->data + hdrlen, edata, datalen,
- mic, emic );
-
-
- DBGC2 ( ctx, "WPA-CCMP %p: encrypted packet %p -> %p\n", ctx,
- iob, eiob );
-
- return eiob;
- }
-
-
- static struct io_buffer * ccmp_decrypt ( struct net80211_crypto *crypto,
- struct io_buffer *eiob )
- {
- struct ccmp_ctx *ctx = crypto->priv;
- struct ieee80211_frame *hdr;
- struct io_buffer *iob;
- const int hdrlen = IEEE80211_TYP_FRAME_HEADER_LEN;
- int datalen = iob_len ( eiob ) - hdrlen - CCMP_HEAD_LEN - CCMP_MIC_LEN;
- struct ccmp_head *head;
- struct ccmp_nonce nonce;
- struct ccmp_aad aad;
- u8 rx_pn[6], their_mic[8], our_mic[8];
-
- iob = alloc_iob ( hdrlen + datalen );
- if ( ! iob )
- return NULL;
-
-
- memcpy ( iob_put ( iob, hdrlen ), eiob->data, hdrlen );
- hdr = iob->data;
- hdr->fc &= ~IEEE80211_FC_PROTECTED;
-
-
- head = eiob->data + hdrlen;
- memcpy ( rx_pn, head->pn_lo, 2 );
- memcpy ( rx_pn + 2, head->pn_hi, 4 );
-
- if ( pn_to_u64 ( rx_pn ) <= ctx->rx_seq ) {
- DBGC ( ctx, "WPA-CCMP %p: packet received out of order "
- "(%012llx <= %012llx)\n", ctx, pn_to_u64 ( rx_pn ),
- ctx->rx_seq );
- free_iob ( iob );
- return NULL;
- }
-
- ctx->rx_seq = pn_to_u64 ( rx_pn );
- DBGC2 ( ctx, "WPA-CCMP %p: RX packet number %012llx\n", ctx, ctx->rx_seq );
-
-
- nonce.prio = 0;
- memcpy ( nonce.a2, hdr->addr2, ETH_ALEN );
- u64_to_pn ( ctx->rx_seq, nonce.pn, PN_MSB );
-
-
- aad.fc = ( hdr->fc & CCMP_AAD_FC_MASK ) | IEEE80211_FC_PROTECTED;
- memcpy ( aad.a1, hdr->addr1, 3 * ETH_ALEN );
- aad.seq = hdr->seq & CCMP_AAD_SEQ_MASK;
-
-
- ccmp_ctr_xor ( ctx, &nonce, eiob->data + hdrlen + sizeof ( *head ),
- iob_put ( iob, datalen ), datalen,
- eiob->tail - CCMP_MIC_LEN, their_mic );
-
-
- ccmp_cbc_mac ( ctx, &nonce, iob->data + hdrlen, datalen, &aad,
- our_mic );
-
- if ( memcmp ( their_mic, our_mic, CCMP_MIC_LEN ) != 0 ) {
- DBGC2 ( ctx, "WPA-CCMP %p: MIC failure\n", ctx );
- free_iob ( iob );
- return NULL;
- }
-
- DBGC2 ( ctx, "WPA-CCMP %p: decrypted packet %p -> %p\n", ctx,
- eiob, iob );
-
- return iob;
- }
-
-
-
- struct net80211_crypto ccmp_crypto __net80211_crypto = {
- .algorithm = NET80211_CRYPT_CCMP,
- .init = ccmp_init,
- .encrypt = ccmp_encrypt,
- .decrypt = ccmp_decrypt,
- .priv_len = sizeof ( struct ccmp_ctx ),
- };
-
-
-
-
-
- static void ccmp_kie_mic ( const void *kck, const void *msg, size_t len,
- void *mic )
- {
- u8 sha1_ctx[SHA1_CTX_SIZE];
- u8 kckb[16];
- u8 hash[SHA1_SIZE];
- size_t kck_len = 16;
-
- memcpy ( kckb, kck, kck_len );
-
- hmac_init ( &sha1_algorithm, sha1_ctx, kckb, &kck_len );
- hmac_update ( &sha1_algorithm, sha1_ctx, msg, len );
- hmac_final ( &sha1_algorithm, sha1_ctx, kckb, &kck_len, hash );
-
- memcpy ( mic, hash, 16 );
- }
-
-
- static int ccmp_kie_decrypt ( const void *kek, const void *iv __unused,
- void *msg, u16 *len )
- {
- if ( *len % 8 != 0 )
- return -EINVAL;
-
- if ( aes_unwrap ( kek, msg, msg, *len / 8 - 1 ) != 0 )
- return -EINVAL;
-
- *len -= 8;
-
- return 0;
- }
-
-
- struct wpa_kie ccmp_kie __wpa_kie = {
- .version = EAPOL_KEY_VERSION_WPA2,
- .mic = ccmp_kie_mic,
- .decrypt = ccmp_kie_decrypt,
- };
|