Lines Matching +full:mic +full:- +full:offset
1 /*-
2 * SPDX-License-Identifier: BSD-2-Clause
4 * Copyright (c) 2002-2008 Sam Leffler, Errno Consulting
30 * IEEE 802.11i AES-CCMP crypto support.
76 .ic_name = "AES-CCM",
93 .ic_name = "AES-CCM-256",
124 vap->iv_stats.is_crypto_nomem++; in ccmp_attach()
127 ctx->cc_vap = vap; in ccmp_attach()
128 ctx->cc_ic = vap->iv_ic; in ccmp_attach()
136 struct ccmp_ctx *ctx = k->wk_private; in ccmp_detach()
140 nrefs--; /* NB: we assume caller locking */ in ccmp_detach()
146 return (k->wk_cipher->ic_trailer); in ccmp_get_trailer_len()
152 return (k->wk_cipher->ic_header); in ccmp_get_header_len()
164 * The MIC size is defined in 802.11-2020 12.5.3
165 * (CTR with CBC-MAC Protocol (CCMP)).
167 * CCM-128 - M=8, MIC is 8 octets.
168 * CCM-256 - M=16, MIC is 16 octets.
176 if (k->wk_cipher->ic_cipher == IEEE80211_CIPHER_AES_CCM) in ccmp_get_ccm_m()
178 if (k->wk_cipher->ic_cipher == IEEE80211_CIPHER_AES_CCM_256) in ccmp_get_ccm_m()
187 struct ccmp_ctx *ctx = k->wk_private; in ccmp_setkey()
189 switch (k->wk_cipher->ic_cipher) { in ccmp_setkey()
197 IEEE80211_DPRINTF(ctx->cc_vap, IEEE80211_MSG_CRYPTO, in ccmp_setkey()
199 __func__, k->wk_cipher->ic_cipher); in ccmp_setkey()
203 if (k->wk_keylen != (keylen/NBBY)) { in ccmp_setkey()
204 IEEE80211_DPRINTF(ctx->cc_vap, IEEE80211_MSG_CRYPTO, in ccmp_setkey()
206 __func__, k->wk_keylen, keylen/NBBY); in ccmp_setkey()
209 if (k->wk_flags & IEEE80211_KEY_SWENCRYPT) in ccmp_setkey()
210 rijndael_set_key(&ctx->cc_aes, k->wk_key, k->wk_keylen*NBBY); in ccmp_setkey()
217 struct ccmp_ctx *ctx = k->wk_private; in ccmp_setiv()
218 struct ieee80211vap *vap = ctx->cc_vap; in ccmp_setiv()
223 k->wk_keytsc++; in ccmp_setiv()
224 ivp[0] = k->wk_keytsc >> 0; /* PN0 */ in ccmp_setiv()
225 ivp[1] = k->wk_keytsc >> 8; /* PN1 */ in ccmp_setiv()
228 ivp[4] = k->wk_keytsc >> 16; /* PN2 */ in ccmp_setiv()
229 ivp[5] = k->wk_keytsc >> 24; /* PN3 */ in ccmp_setiv()
230 ivp[6] = k->wk_keytsc >> 32; /* PN4 */ in ccmp_setiv()
231 ivp[7] = k->wk_keytsc >> 40; /* PN5 */ in ccmp_setiv()
241 struct ccmp_ctx *ctx = k->wk_private; in ccmp_encap()
242 struct ieee80211com *ic = ctx->cc_ic; in ccmp_encap()
252 * Check to see if we need to insert IV/MIC. in ccmp_encap()
257 if (is_mgmt && (k->wk_flags & IEEE80211_KEY_NOIVMGT)) in ccmp_encap()
259 if ((! is_mgmt) && (k->wk_flags & IEEE80211_KEY_NOIV)) in ccmp_encap()
277 if ((k->wk_flags & IEEE80211_KEY_SWENCRYPT) && in ccmp_encap()
285 * Add MIC to the frame as needed.
311 struct ccmp_ctx *ctx = k->wk_private; in ccmp_decap()
312 struct ieee80211vap *vap = ctx->cc_vap; in ccmp_decap()
320 if ((rxs != NULL) && (rxs->c_pktflags & IEEE80211_RX_F_IV_STRIP) != 0) in ccmp_decap()
333 IEEE80211_NOTE_MAC(vap, IEEE80211_MSG_CRYPTO, wh->i_addr2, in ccmp_decap()
334 "%s", "missing ExtIV for AES-CCM cipher"); in ccmp_decap()
335 vap->iv_stats.is_rx_ccmpformat++; in ccmp_decap()
341 noreplaycheck = (k->wk_flags & IEEE80211_KEY_NOREPLAY) != 0; in ccmp_decap()
342 noreplaycheck |= (rxs != NULL) && (rxs->c_pktflags & IEEE80211_RX_F_PN_VALIDATED) != 0; in ccmp_decap()
343 if (pn <= k->wk_keyrsc[tid] && !noreplaycheck) { in ccmp_decap()
348 vap->iv_stats.is_rx_ccmpreplay++; in ccmp_decap()
359 if ((k->wk_flags & IEEE80211_KEY_SWDECRYPT) && in ccmp_decap()
367 if (! ((rxs != NULL) && (rxs->c_pktflags & IEEE80211_RX_F_IV_STRIP))) { in ccmp_decap()
374 if ((rxs == NULL) || (rxs->c_pktflags & IEEE80211_RX_F_MIC_STRIP) == 0) in ccmp_decap()
375 m_adj(m, -ccmp_get_trailer_len(k)); in ccmp_decap()
380 if ((rxs == NULL) || (rxs->c_pktflags & IEEE80211_RX_F_IV_STRIP) == 0) { in ccmp_decap()
387 if (pn > k->wk_keyrsc[tid]) in ccmp_decap()
388 k->wk_keyrsc[tid] = pn; in ccmp_decap()
395 * Verify and strip MIC from the frame.
412 * @brief Initialise the AES-CCM nonce flag field in the b0 CCMP block.
416 * b0[1]. Amusingly, b0[1] is also flags, but it's the 802.11 AES-CCM
419 * The AES-CCM nonce flags field is defined in 802.11-2020 12.5.3.3.4
429 * nonce flags, and b0[1] is the AES-CCM nonce flags).
437 * 802.11-2020 12.5.33.3.4 (Construct CCM nonce) mentions in ieee80211_crypto_ccmp_init_nonce_flags()
468 b0[1] = qwh4->i_qos[0] & 0x0f; /* prio bits */ in ieee80211_crypto_ccmp_init_nonce_flags()
476 b0[1] = qwh->i_qos[0] & 0x0f; /* prio bits */ in ieee80211_crypto_ccmp_init_nonce_flags()
485 * Host AP crypt: host-based CCMP encryption implementation for Host AP driver
487 * Copyright (c) 2003-2004, Jouni Malinen <jkmaline@cc.hut.fi>
508 m = (m - 2) / 2; in ccmp_init_blocks()
514 * L=1 (2-octet Dlen)) in ccmp_init_blocks()
522 IEEE80211_ADDR_COPY(b0 + 2, wh->i_addr2); in ccmp_init_blocks()
549 rijndael_encrypt(&ctx->cc_aes, _b, _b); \
553 rijndael_encrypt(&ctx->cc_aes, _b0, _e); \
560 struct ccmp_ctx *ctx = key->wk_private; in ccmp_encrypt()
568 ctx->cc_vap->iv_stats.is_crypto_ccmp++; in ccmp_encrypt()
571 data_len = m->m_pkthdr.len - (hdrlen + ccmp_get_header_len(key)); in ccmp_encrypt()
572 ccmp_init_blocks(&ctx->cc_aes, wh, ccmp_get_ccm_m(key), in ccmp_encrypt()
573 key->wk_keytsc, data_len, b0, aad, b, s0); in ccmp_encrypt()
578 space = m->m_len - (hdrlen + ccmp_get_header_len(key)); in ccmp_encrypt()
587 pos += AES_BLOCK_LEN, space -= AES_BLOCK_LEN; in ccmp_encrypt()
588 data_len -= AES_BLOCK_LEN; in ccmp_encrypt()
593 m = m->m_next; in ccmp_encrypt()
614 * of data at offset 0 copied in+out by the in ccmp_encrypt()
624 space_next = len > sp ? len - sp : 0; in ccmp_encrypt()
625 if (n->m_len >= space_next) { in ccmp_encrypt()
638 xor_block(b+sp, pos_next, n->m_len); in ccmp_encrypt()
639 sp += n->m_len, dl -= n->m_len; in ccmp_encrypt()
640 n = n->m_next; in ccmp_encrypt()
653 space_next = len > sp ? len - sp : 0; in ccmp_encrypt()
654 if (m->m_len >= space_next) { in ccmp_encrypt()
658 xor_block(pos_next, e+sp, m->m_len); in ccmp_encrypt()
659 sp += m->m_len, dl -= m->m_len; in ccmp_encrypt()
660 m = m->m_next; in ccmp_encrypt()
672 data_len -= AES_BLOCK_LEN; in ccmp_encrypt()
675 space = m->m_len - space_next; in ccmp_encrypt()
681 space = m->m_len; in ccmp_encrypt()
685 /* tack on MIC */ in ccmp_encrypt()
695 rijndael_encrypt(&ctx->cc_aes, _b0, _b); \
699 rijndael_encrypt(&ctx->cc_aes, _a, _a); \
706 struct ccmp_ctx *ctx = key->wk_private; in ccmp_decrypt()
707 struct ieee80211vap *vap = ctx->cc_vap; in ccmp_decrypt()
711 uint8_t mic[AES_BLOCK_LEN]; in ccmp_decrypt() local
718 if ((rxs != NULL) && (rxs->c_pktflags & IEEE80211_RX_F_DECRYPTED) != 0) in ccmp_decrypt()
721 ctx->cc_vap->iv_stats.is_crypto_ccmp++; in ccmp_decrypt()
724 data_len = m->m_pkthdr.len - in ccmp_decrypt()
726 ccmp_init_blocks(&ctx->cc_aes, wh, ccmp_get_ccm_m(key), pn, in ccmp_decrypt()
728 m_copydata(m, m->m_pkthdr.len - ccmp_get_trailer_len(key), in ccmp_decrypt()
729 ccmp_get_trailer_len(key), mic); in ccmp_decrypt()
730 xor_block(mic, b, ccmp_get_trailer_len(key)); in ccmp_decrypt()
734 space = m->m_len - (hdrlen + ccmp_get_header_len(key)); in ccmp_decrypt()
740 pos += AES_BLOCK_LEN, space -= AES_BLOCK_LEN; in ccmp_decrypt()
741 data_len -= AES_BLOCK_LEN; in ccmp_decrypt()
746 m = m->m_next; in ccmp_decrypt()
765 space_next = len > space ? len - space : 0; in ccmp_decrypt()
766 KASSERT(m->m_len >= space_next, in ccmp_decrypt()
768 "m_len %u need %u\n", m->m_len, space_next)); in ccmp_decrypt()
773 data_len -= len; in ccmp_decrypt()
777 space = m->m_len - space_next; in ccmp_decrypt()
783 space = m->m_len; in ccmp_decrypt()
788 * If the MIC was stripped by HW/driver we are done. in ccmp_decrypt()
790 if ((rxs != NULL) && (rxs->c_pktflags & IEEE80211_RX_F_MIC_STRIP) != 0) in ccmp_decrypt()
793 if (memcmp(mic, a, ccmp_get_trailer_len(key)) != 0) { in ccmp_decrypt()
794 IEEE80211_NOTE_MAC(vap, IEEE80211_MSG_CRYPTO, wh->i_addr2, in ccmp_decrypt()
795 "%s", "AES-CCM decrypt failed; MIC mismatch"); in ccmp_decrypt()
796 vap->iv_stats.is_rx_ccmpmic++; in ccmp_decrypt()