static void test_vector_ccmp(void)
{
u8 tk[] = { 0xc9, 0x7c, 0x1f, 0x67, 0xce, 0x37, 0x11, 0x85,
0x51, 0x4a, 0x8a, 0x19, 0xf2, 0xbd, 0xd5, 0x2f };
u8 pn[] = { 0xB5, 0x03, 0x97, 0x76, 0xE7, 0x0C };
u8 frame[] = {
0x08, 0x48, 0xc3, 0x2c, 0x0f, 0xd2, 0xe1, 0x28,
0xa5, 0x7c, 0x50, 0x30, 0xf1, 0x84, 0x44, 0x08,
0xab, 0xae, 0xa5, 0xb8, 0xfc, 0xba, 0x80, 0x33,
0xf8, 0xba, 0x1a, 0x55, 0xd0, 0x2f, 0x85, 0xae,
0x96, 0x7b, 0xb6, 0x2f, 0xb6, 0xcd, 0xa8, 0xeb,
0x7e, 0x78, 0xa0, 0x50
};
u8 *enc, *plain;
size_t enc_len, plain_len;
u8 fcs[4];
wpa_printf(MSG_INFO, "\nIEEE Std 802.11-2012, M.6.4 CCMP test "
"vector\n");
wpa_hexdump(MSG_INFO, "TK", tk, sizeof(tk));
wpa_hexdump(MSG_INFO, "PN", pn, sizeof(pn));
wpa_hexdump(MSG_INFO, "802.11 Header", frame, 24);
wpa_hexdump(MSG_INFO, "Plaintext Data", frame + 24, sizeof(frame) - 24);
enc = ccmp_encrypt(tk, frame, sizeof(frame), 24, NULL, pn, 0, &enc_len);
if (enc == NULL) {
wpa_printf(MSG_ERROR, "Failed to encrypt CCMP frame");
return;
}
wpa_hexdump(MSG_INFO, "Encrypted MPDU (without FCS)", enc, enc_len);
WPA_PUT_LE32(fcs, crc32(enc, enc_len));
wpa_hexdump(MSG_INFO, "FCS", fcs, sizeof(fcs));
wpa_debug_level = MSG_INFO;
plain = ccmp_decrypt(tk, (const struct ieee80211_hdr *) enc,
enc + 24, enc_len - 24, &plain_len);
wpa_debug_level = MSG_EXCESSIVE;
os_free(enc);
if (plain == NULL) {
wpa_printf(MSG_ERROR, "Failed to decrypt CCMP frame");
return;
}
if (plain_len != sizeof(frame) - 24 ||
os_memcmp(plain, frame + 24, plain_len) != 0) {
wpa_hexdump(MSG_ERROR, "Decryption result did not match",
plain, plain_len);
}
os_free(plain);
}
static void test_vector_ccmp_mgmt(void)
{
u8 tk[] = { 0x66, 0xed, 0x21, 0x04, 0x2f, 0x9f, 0x26, 0xd7,
0x11, 0x57, 0x06, 0xe4, 0x04, 0x14, 0xcf, 0x2e };
u8 pn[] = { 0x00, 0x00, 0x00, 0x00, 0x00, 0x01 };
u8 frame[] = {
0xc0, 0x00, 0x00, 0x00, 0x02, 0x00, 0x00, 0x00,
0x01, 0x00, 0x02, 0x00, 0x00, 0x00, 0x00, 0x00,
0x02, 0x00, 0x00, 0x00, 0x00, 0x00, 0x60, 0x00,
0x02, 0x00
};
u8 *enc, *plain;
size_t enc_len, plain_len;
wpa_printf(MSG_INFO, "\nIEEE Std 802.11-2012, M.9.2 CCMP with unicast "
"Deauthentication frame\n");
wpa_hexdump(MSG_INFO, "TK", tk, sizeof(tk));
wpa_hexdump(MSG_INFO, "PN", pn, sizeof(pn));
wpa_hexdump(MSG_INFO, "802.11 Header", frame, 24);
wpa_hexdump(MSG_INFO, "Plaintext Data", frame + 24, sizeof(frame) - 24);
enc = ccmp_encrypt(tk, frame, sizeof(frame), 24, NULL, pn, 0, &enc_len);
if (enc == NULL) {
wpa_printf(MSG_ERROR, "Failed to encrypt CCMP frame");
return;
}
wpa_hexdump(MSG_INFO, "Encrypted MPDU (without FCS)", enc, enc_len);
wpa_debug_level = MSG_INFO;
plain = ccmp_decrypt(tk, (const struct ieee80211_hdr *) enc,
enc + 24, enc_len - 24, &plain_len);
wpa_debug_level = MSG_EXCESSIVE;
os_free(enc);
if (plain == NULL) {
wpa_printf(MSG_ERROR, "Failed to decrypt CCMP frame");
return;
}
if (plain_len != sizeof(frame) - 24 ||
os_memcmp(plain, frame + 24, plain_len) != 0) {
wpa_hexdump(MSG_ERROR, "Decryption result did not match",
plain, plain_len);
}
os_free(plain);
}
/*
* Add privacy headers appropriate for the specified key.
*/
static int
ccmp_encap(struct ieee80211_key *k, wbuf_t wbuf, u_int8_t keyid)
{
struct ccmp_ctx *ctx = k->wk_private;
struct ieee80211com *ic = ctx->cc_ic;
u_int8_t *ivp;
int hdrlen;
int is4addr, isqos, owl_wdswar;
struct ieee80211_frame *wh;
struct ieee80211_node *ni = wbuf_get_node(wbuf);
wh = (struct ieee80211_frame *)wbuf_header(wbuf);
is4addr = ((wh->i_fc[1] & IEEE80211_FC1_DIR_MASK) == IEEE80211_FC1_DIR_DSTODS) ? 1 : 0;
isqos = IEEE80211_QOS_HAS_SEQ(wh);
owl_wdswar = (ni->ni_flags & IEEE80211_NODE_OWL_WDSWAR);
hdrlen = ieee80211_hdrspace(ic, wbuf_header(wbuf));
/*
* Copy down 802.11 header and add the IV, KeyID, and ExtIV.
*/
#ifndef __CARRIER_PLATFORM__
ivp = (u_int8_t *)wbuf_push(wbuf, ccmp.ic_header);
/*
* refresh the wh pointer,
* wbuf header pointer is changed with wbuf_push.
*/
wh = (struct ieee80211_frame *) wbuf_header(wbuf); /* recompute wh */
memmove(ivp, ivp + ccmp.ic_header, hdrlen);
#else
if (wbuf_is_encap_done(wbuf)) {
ivp = (u_int8_t *)wbuf_header(wbuf);
}
else {
ivp = (u_int8_t *)wbuf_push(wbuf, ccmp.ic_header);
memmove(ivp, ivp + ccmp.ic_header, hdrlen);
/*
* refresh the wh pointer,
* wbuf header pointer is changed with wbuf_push.
*/
wh = (struct ieee80211_frame *) wbuf_header(wbuf); /* recompute wh */
}
#endif
ivp += hdrlen;
/*
* Due to OWL specific HW bug, increment key tsc by 16, since
* we're copying the TID into bits [3:0] of IV0.
* XXX: Need logic to not implement workaround for SOWL or greater.
*/
if (is4addr && isqos && owl_wdswar)
k->wk_keytsc += 16;
else
k->wk_keytsc++; /* XXX wrap at 48 bits */
ivp[0] = k->wk_keytsc >> 0; /* PN0 */
ivp[1] = k->wk_keytsc >> 8; /* PN1 */
ivp[2] = 0; /* Reserved */
ivp[3] = keyid | IEEE80211_WEP_EXTIV; /* KeyID | ExtID */
ivp[4] = k->wk_keytsc >> 16; /* PN2 */
ivp[5] = k->wk_keytsc >> 24; /* PN3 */
ivp[6] = k->wk_keytsc >> 32; /* PN4 */
ivp[7] = k->wk_keytsc >> 40; /* PN5 */
/*
* Finally, do software encrypt if neeed.
*/
if (k->wk_flags & IEEE80211_KEY_SWCRYPT) {
if (!ccmp_encrypt(k, wbuf, hdrlen, 0)) {
return 0;
}
}
if ((k->wk_flags & IEEE80211_KEY_MFP) && IEEE80211_IS_MFP_FRAME(wh)) {
if (ic->ic_get_mfpsupport(ic) != IEEE80211_MFP_HW_CRYPTO) {
/* HW MFP is not enabled - do software encrypt */
if (!ccmp_encrypt(k, wbuf, hdrlen, 1)) {
return 0;
}
}
}
return 1;
}
