Lines Matching +full:mic +full:- +full:int
1 /*-
2 * SPDX-License-Identifier: BSD-2-Clause
4 * Copyright (c) 2002-2008 Sam Leffler, Errno Consulting
56 static int tkip_setkey(struct ieee80211_key *);
58 static int tkip_encap(struct ieee80211_key *, struct mbuf *);
59 static int tkip_enmic(struct ieee80211_key *, struct mbuf *, int);
60 static int tkip_decap(struct ieee80211_key *, struct mbuf *, int);
61 static int tkip_demic(struct ieee80211_key *, struct mbuf *, int);
92 int rx_phase1_done;
94 uint64_t rx_rsc; /* held until MIC verified */
99 u8 mic[IEEE80211_WEP_MICLEN]);
100 static int tkip_encrypt(struct tkip_ctx *, struct ieee80211_key *,
101 struct mbuf *, int hdr_len);
102 static int tkip_decrypt(struct tkip_ctx *, struct ieee80211_key *,
103 struct mbuf *, int hdr_len);
106 static int nrefs = 0;
116 vap->iv_stats.is_crypto_nomem++; in tkip_attach()
120 ctx->tc_vap = vap; in tkip_attach()
128 struct tkip_ctx *ctx = k->wk_private; in tkip_detach()
132 nrefs--; /* NB: we assume caller locking */ in tkip_detach()
135 static int
138 struct tkip_ctx *ctx = k->wk_private; in tkip_setkey()
140 if (k->wk_keylen != (128/NBBY)) { in tkip_setkey()
142 IEEE80211_DPRINTF(ctx->tc_vap, IEEE80211_MSG_CRYPTO, in tkip_setkey()
144 __func__, k->wk_keylen, 128/NBBY); in tkip_setkey()
147 ctx->rx_phase1_done = 0; in tkip_setkey()
154 struct tkip_ctx *ctx = k->wk_private; in tkip_setiv()
155 struct ieee80211vap *vap = ctx->tc_vap; in tkip_setiv()
160 k->wk_keytsc++; in tkip_setiv()
161 ivp[0] = k->wk_keytsc >> 8; /* TSC1 */ in tkip_setiv()
163 ivp[2] = k->wk_keytsc >> 0; /* TSC0 */ in tkip_setiv()
165 ivp[4] = k->wk_keytsc >> 16; /* TSC2 */ in tkip_setiv()
166 ivp[5] = k->wk_keytsc >> 24; /* TSC3 */ in tkip_setiv()
167 ivp[6] = k->wk_keytsc >> 32; /* TSC4 */ in tkip_setiv()
168 ivp[7] = k->wk_keytsc >> 40; /* TSC5 */ in tkip_setiv()
174 static int
177 struct tkip_ctx *ctx = k->wk_private; in tkip_encap()
178 struct ieee80211vap *vap = ctx->tc_vap; in tkip_encap()
179 struct ieee80211com *ic = vap->iv_ic; in tkip_encap()
182 int hdrlen; in tkip_encap()
183 int is_mgmt; in tkip_encap()
191 if (vap->iv_flags & IEEE80211_F_COUNTERM) { in tkip_encap()
196 IEEE80211_NOTE_MAC(vap, IEEE80211_MSG_CRYPTO, wh->i_addr2, in tkip_encap()
198 vap->iv_stats.is_crypto_tkipcm++; in tkip_encap()
205 if (is_mgmt && (k->wk_flags & IEEE80211_KEY_NOIVMGT)) in tkip_encap()
207 if ((! is_mgmt) && (k->wk_flags & IEEE80211_KEY_NOIV)) in tkip_encap()
227 if ((k->wk_flags & IEEE80211_KEY_SWENCRYPT) && in tkip_encap()
235 * Add MIC to the frame as needed.
237 static int
238 tkip_enmic(struct ieee80211_key *k, struct mbuf *m, int force) in tkip_enmic()
240 struct tkip_ctx *ctx = k->wk_private; in tkip_enmic()
242 int is_mgmt; in tkip_enmic()
248 * Check to see whether MIC needs to be included. in tkip_enmic()
250 if (is_mgmt && (k->wk_flags & IEEE80211_KEY_NOMICMGT)) in tkip_enmic()
252 if ((! is_mgmt) && (k->wk_flags & IEEE80211_KEY_NOMIC)) in tkip_enmic()
255 if (force || (k->wk_flags & IEEE80211_KEY_SWENMIC)) { in tkip_enmic()
257 struct ieee80211vap *vap = ctx->tc_vap; in tkip_enmic()
258 struct ieee80211com *ic = vap->iv_ic; in tkip_enmic()
259 int hdrlen; in tkip_enmic()
260 uint8_t mic[IEEE80211_WEP_MICLEN]; in tkip_enmic() local
262 vap->iv_stats.is_crypto_tkipenmic++; in tkip_enmic()
266 michael_mic(ctx, k->wk_txmic, in tkip_enmic()
267 m, hdrlen, m->m_pkthdr.len - hdrlen, mic); in tkip_enmic()
268 return m_append(m, tkip.ic_miclen, mic); in tkip_enmic()
286 static int
287 tkip_decap(struct ieee80211_key *k, struct mbuf *m, int hdrlen) in tkip_decap()
290 struct tkip_ctx *ctx = k->wk_private; in tkip_decap()
291 struct ieee80211vap *vap = ctx->tc_vap; in tkip_decap()
300 if ((rxs != NULL) && (rxs->c_pktflags & IEEE80211_RX_F_IV_STRIP)) in tkip_decap()
313 IEEE80211_NOTE_MAC(vap, IEEE80211_MSG_CRYPTO, wh->i_addr2, in tkip_decap()
315 vap->iv_stats.is_rx_tkipformat++; in tkip_decap()
321 if (vap->iv_flags & IEEE80211_F_COUNTERM) { in tkip_decap()
322 IEEE80211_NOTE_MAC(vap, IEEE80211_MSG_CRYPTO, wh->i_addr2, in tkip_decap()
324 vap->iv_stats.is_crypto_tkipcm++; in tkip_decap()
329 ctx->rx_rsc = READ_6(ivp[2], ivp[0], ivp[4], ivp[5], ivp[6], ivp[7]); in tkip_decap()
330 if (ctx->rx_rsc <= k->wk_keyrsc[tid] && in tkip_decap()
331 (k->wk_flags & IEEE80211_KEY_NOREPLAY) == 0) { in tkip_decap()
335 ieee80211_notify_replay_failure(vap, wh, k, ctx->rx_rsc, tid); in tkip_decap()
336 vap->iv_stats.is_rx_tkipreplay++; in tkip_decap()
340 * NB: We can't update the rsc in the key until MIC is verified. in tkip_decap()
343 * and updating wk_keyrsc when stripping the MIC in tkip_demic. in tkip_decap()
353 if ((k->wk_flags & IEEE80211_KEY_SWDECRYPT) && in tkip_decap()
360 * Copy up 802.11 header and strip crypto bits - but only if we in tkip_decap()
363 if (! ((rxs != NULL) && (rxs->c_pktflags & IEEE80211_RX_F_IV_STRIP))) { in tkip_decap()
373 m_adj(m, -tkip.ic_trailer); in tkip_decap()
379 * Verify and strip MIC from the frame.
381 static int
382 tkip_demic(struct ieee80211_key *k, struct mbuf *m, int force) in tkip_demic()
385 struct tkip_ctx *ctx = k->wk_private; in tkip_demic()
393 * If we are told about a MIC failure from the driver, in tkip_demic()
397 if ((rxs != NULL) && (rxs->c_pktflags & IEEE80211_RX_F_FAIL_MMIC)) { in tkip_demic()
398 struct ieee80211vap *vap = ctx->tc_vap; in tkip_demic()
400 k->wk_rxkeyix != IEEE80211_KEYIX_NONE ? in tkip_demic()
401 k->wk_rxkeyix : k->wk_keyix); in tkip_demic()
408 if ((rxs != NULL) && (rxs->c_pktflags & IEEE80211_RX_F_MMIC_STRIP)) in tkip_demic()
411 if ((k->wk_flags & IEEE80211_KEY_SWDEMIC) || force) { in tkip_demic()
412 struct ieee80211vap *vap = ctx->tc_vap; in tkip_demic()
413 int hdrlen = ieee80211_hdrspace(vap->iv_ic, wh); in tkip_demic()
414 u8 mic[IEEE80211_WEP_MICLEN]; in tkip_demic() local
417 vap->iv_stats.is_crypto_tkipdemic++; in tkip_demic()
419 michael_mic(ctx, k->wk_rxmic, in tkip_demic()
420 m, hdrlen, m->m_pkthdr.len - (hdrlen + tkip.ic_miclen), in tkip_demic()
421 mic); in tkip_demic()
422 m_copydata(m, m->m_pkthdr.len - tkip.ic_miclen, in tkip_demic()
424 if (memcmp(mic, mic0, tkip.ic_miclen)) { in tkip_demic()
427 k->wk_rxkeyix != IEEE80211_KEYIX_NONE ? in tkip_demic()
428 k->wk_rxkeyix : k->wk_keyix); in tkip_demic()
433 * Strip MIC from the tail. in tkip_demic()
435 m_adj(m, -tkip.ic_miclen); in tkip_demic()
438 * Ok to update rsc now that MIC has been verified. in tkip_demic()
441 k->wk_keyrsc[tid] = ctx->rx_rsc; in tkip_demic()
448 * Host AP crypt: host-based TKIP encryption implementation for Host AP driver
450 * Copyright (c) 2003-2004, Jouni Malinen <jkmaline@cc.hut.fi>
596 int i, j; in tkip_mixing_phase1()
598 /* Initialize the 80-bit TTAK from TSC (IV32) and TA[0..5] */ in tkip_mixing_phase1()
626 /* Step 1 - make copy of TTAK and bring in TSC */ in tkip_mixing_phase2()
634 /* Step 2 - 96-bit bijective mixing using S-box */ in tkip_mixing_phase2()
649 /* Step 3 - bring in last of TK bits, assign 24-bit WEP IV value in tkip_mixing_phase2()
658 int i; in tkip_mixing_phase2()
690 buflen = m->m_len - off; in wep_encrypt()
694 data_len -= buflen; in wep_encrypt()
702 m = m->m_next; in wep_encrypt()
709 buflen = m->m_len; in wep_encrypt()
713 /* Append little-endian CRC32 and encrypt it to produce ICV */ in wep_encrypt()
726 static int
747 buflen = m->m_len - off; in wep_decrypt()
751 data_len -= buflen; in wep_decrypt()
760 m = m->m_next; in wep_decrypt()
767 buflen = m->m_len; in wep_decrypt()
771 /* Encrypt little-endian CRC32 and verify that it matches with the in wep_decrypt()
782 /* ICV mismatch - drop frame */ in wep_decrypt()
783 return -1; in wep_decrypt()
790 static __inline u32 rotl(u32 val, int bits) in rotl()
792 return (val << bits) | (val >> (32 - bits)); in rotl()
795 static __inline u32 rotr(u32 val, int bits) in rotr()
797 return (val >> bits) | (val << (32 - bits)); in rotr()
836 * Craft pseudo header used to calculate the MIC.
844 switch (wh->i_fc[1] & IEEE80211_FC1_DIR_MASK) { in michael_mic_hdr()
846 IEEE80211_ADDR_COPY(hdr, wh->i_addr1); /* DA */ in michael_mic_hdr()
847 IEEE80211_ADDR_COPY(hdr + IEEE80211_ADDR_LEN, wh->i_addr2); in michael_mic_hdr()
850 IEEE80211_ADDR_COPY(hdr, wh->i_addr3); /* DA */ in michael_mic_hdr()
851 IEEE80211_ADDR_COPY(hdr + IEEE80211_ADDR_LEN, wh->i_addr2); in michael_mic_hdr()
854 IEEE80211_ADDR_COPY(hdr, wh->i_addr1); /* DA */ in michael_mic_hdr()
855 IEEE80211_ADDR_COPY(hdr + IEEE80211_ADDR_LEN, wh->i_addr3); in michael_mic_hdr()
858 IEEE80211_ADDR_COPY(hdr, wh->i_addr3); /* DA */ in michael_mic_hdr()
859 IEEE80211_ADDR_COPY(hdr + IEEE80211_ADDR_LEN, wh->i_addr4); in michael_mic_hdr()
867 hdr[12] = qwh->i_qos[0] & IEEE80211_QOS_TID; in michael_mic_hdr()
876 u8 mic[IEEE80211_WEP_MICLEN]) in michael_mic()
888 /* Michael MIC pseudo header: DA, SA, 3 x 0, Priority */ in michael_mic()
900 space = m->m_len - off; in michael_mic()
904 /* collect 32-bit blocks from current buffer */ in michael_mic()
908 data += sizeof(uint32_t), space -= sizeof(uint32_t); in michael_mic()
909 data_len -= sizeof(uint32_t); in michael_mic()
923 m = m->m_next; in michael_mic()
934 KASSERT(m->m_len >= sizeof(uint32_t) - space, in michael_mic()
936 "m_len %u need %zu\n", m->m_len, in michael_mic()
937 sizeof(uint32_t) - space)); in michael_mic()
943 space = m->m_len - 3; in michael_mic()
949 space = m->m_len - 2; in michael_mic()
955 space = m->m_len - 1; in michael_mic()
959 data_len -= sizeof(uint32_t); in michael_mic()
965 space = m->m_len; in michael_mic()
995 put_le32(mic, l); in michael_mic()
996 put_le32(mic + 4, r); in michael_mic()
999 static int
1001 struct mbuf *m, int hdrlen) in tkip_encrypt()
1006 ctx->tc_vap->iv_stats.is_crypto_tkip++; in tkip_encrypt()
1009 if ((u16)(key->wk_keytsc) == 0 || key->wk_keytsc == 1) { in tkip_encrypt()
1010 tkip_mixing_phase1(ctx->tx_ttak, key->wk_key, wh->i_addr2, in tkip_encrypt()
1011 (u32)(key->wk_keytsc >> 16)); in tkip_encrypt()
1013 tkip_mixing_phase2(ctx->tx_rc4key, key->wk_key, ctx->tx_ttak, in tkip_encrypt()
1014 (u16) key->wk_keytsc); in tkip_encrypt()
1016 wep_encrypt(ctx->tx_rc4key, in tkip_encrypt()
1018 m->m_pkthdr.len - (hdrlen + tkip.ic_header), in tkip_encrypt()
1025 static int
1027 struct mbuf *m, int hdrlen) in tkip_decrypt()
1030 struct ieee80211vap *vap = ctx->tc_vap; in tkip_decrypt()
1035 vap->iv_stats.is_crypto_tkip++; in tkip_decrypt()
1039 iv16 = (u16) ctx->rx_rsc; in tkip_decrypt()
1040 iv32 = (u32) (ctx->rx_rsc >> 16); in tkip_decrypt()
1043 if (iv32 != (u32)(key->wk_keyrsc[tid] >> 16) || !ctx->rx_phase1_done) { in tkip_decrypt()
1044 tkip_mixing_phase1(ctx->rx_ttak, key->wk_key, in tkip_decrypt()
1045 wh->i_addr2, iv32); in tkip_decrypt()
1046 ctx->rx_phase1_done = 1; in tkip_decrypt()
1048 tkip_mixing_phase2(ctx->rx_rc4key, key->wk_key, ctx->rx_ttak, iv16); in tkip_decrypt()
1051 if (wep_decrypt(ctx->rx_rc4key, in tkip_decrypt()
1053 m->m_pkthdr.len - (hdrlen + tkip.ic_header + tkip.ic_trailer))) { in tkip_decrypt()
1054 if (iv32 != (u32)(key->wk_keyrsc[tid] >> 16)) { in tkip_decrypt()
1057 ctx->rx_phase1_done = 0; in tkip_decrypt()
1059 IEEE80211_NOTE_MAC(vap, IEEE80211_MSG_CRYPTO, wh->i_addr2, in tkip_decrypt()
1061 vap->iv_stats.is_rx_tkipicv++; in tkip_decrypt()