static void cs_set_control(struct zd_mac *mac, struct zd_ctrlset *cs,
struct ieee80211_hdr_4addr *header)
{
struct ieee80211softmac_device *softmac = ieee80211_priv(mac->netdev);
unsigned int tx_length = le16_to_cpu(cs->tx_length);
u16 fctl = le16_to_cpu(header->frame_ctl);
u16 ftype = WLAN_FC_GET_TYPE(fctl);
u16 stype = WLAN_FC_GET_STYPE(fctl);
/*
* CONTROL TODO:
* - if backoff needed, enable bit 0
* - if burst (backoff not needed) disable bit 0
*/
cs->control = 0;
/* First fragment */
if (WLAN_GET_SEQ_FRAG(le16_to_cpu(header->seq_ctl)) == 0)
cs->control |= ZD_CS_NEED_RANDOM_BACKOFF;
/* Multicast */
if (is_multicast_ether_addr(header->addr1))
cs->control |= ZD_CS_MULTICAST;
/* PS-POLL */
if (stype == IEEE80211_STYPE_PSPOLL)
cs->control |= ZD_CS_PS_POLL_FRAME;
/* Unicast data frames over the threshold should have RTS */
if (!is_multicast_ether_addr(header->addr1) &&
ftype != IEEE80211_FTYPE_MGMT &&
tx_length > zd_netdev_ieee80211(mac->netdev)->rts)
cs->control |= ZD_CS_RTS;
/* Use CTS-to-self protection if required */
if (ZD_CS_TYPE(cs->modulation) == ZD_CS_OFDM &&
ieee80211softmac_protection_needed(softmac)) {
/* FIXME: avoid sending RTS *and* self-CTS, is that correct? */
cs->control &= ~ZD_CS_RTS;
cs->control |= ZD_CS_SELF_CTS;
}
/* FIXME: Management frame? */
}
u8 * ccmp_decrypt(const u8 *tk, const struct ieee80211_hdr *hdr,
const u8 *data, size_t data_len, size_t *decrypted_len)
{
u8 aad[30], nonce[13];
size_t aad_len;
size_t mlen;
u8 *plain;
if (data_len < 8 + 8)
return NULL;
plain = os_malloc(data_len + AES_BLOCK_SIZE);
if (plain == NULL)
return NULL;
mlen = data_len - 8 - 8;
os_memset(aad, 0, sizeof(aad));
ccmp_aad_nonce(hdr, data, aad, &aad_len, nonce);
wpa_hexdump(MSG_EXCESSIVE, "CCMP AAD", aad, aad_len);
wpa_hexdump(MSG_EXCESSIVE, "CCMP nonce", nonce, 13);
if (aes_ccm_ad(tk, 16, nonce, 8, data + 8, mlen, aad, aad_len,
data + 8 + mlen, plain) < 0) {
u16 seq_ctrl = le_to_host16(hdr->seq_ctrl);
wpa_printf(MSG_INFO, "Invalid CCMP MIC in frame: A1=" MACSTR
" A2=" MACSTR " A3=" MACSTR " seq=%u frag=%u",
MAC2STR(hdr->addr1), MAC2STR(hdr->addr2),
MAC2STR(hdr->addr3),
WLAN_GET_SEQ_SEQ(seq_ctrl),
WLAN_GET_SEQ_FRAG(seq_ctrl));
os_free(plain);
return NULL;
}
wpa_hexdump(MSG_EXCESSIVE, "CCMP decrypted", plain, mlen);
*decrypted_len = mlen;
return plain;
}
u8 * gcmp_decrypt(const u8 *tk, size_t tk_len, const struct ieee80211_hdr *hdr,
const u8 *data, size_t data_len, size_t *decrypted_len)
{
u8 aad[30], nonce[12], *plain;
size_t aad_len, mlen;
const u8 *m;
if (data_len < 8 + 16)
return NULL;
plain = os_malloc(data_len + AES_BLOCK_SIZE);
if (plain == NULL)
return NULL;
m = data + 8;
mlen = data_len - 8 - 16;
os_memset(aad, 0, sizeof(aad));
gcmp_aad_nonce(hdr, data, aad, &aad_len, nonce);
wpa_hexdump(MSG_EXCESSIVE, "GCMP AAD", aad, aad_len);
wpa_hexdump(MSG_EXCESSIVE, "GCMP nonce", nonce, sizeof(nonce));
if (aes_gcm_ad(tk, tk_len, nonce, sizeof(nonce), m, mlen, aad, aad_len,
m + mlen, plain) < 0) {
u16 seq_ctrl = le_to_host16(hdr->seq_ctrl);
wpa_printf(MSG_INFO, "Invalid GCMP frame: A1=" MACSTR
" A2=" MACSTR " A3=" MACSTR " seq=%u frag=%u",
MAC2STR(hdr->addr1), MAC2STR(hdr->addr2),
MAC2STR(hdr->addr3),
WLAN_GET_SEQ_SEQ(seq_ctrl),
WLAN_GET_SEQ_FRAG(seq_ctrl));
os_free(plain);
return NULL;
}
*decrypted_len = mlen;
return plain;
}
int ABPS_extract_pkt_info(struct ieee80211_hdr *hdr)
{
struct ABPS_info *packet_info;
struct ieee80211_hdr_4addr *hdr4 = (struct ieee80211_hdr_4addr *)hdr;
size_t hdrlen;
u16 fc, type, stype, sc;
unsigned int frag;
u8 *payload;
u8 *IPdatagram;
u16 ethertype;
int flen;
IPdgramInfo *p_IPDGInfo;
fc = le16_to_cpu(hdr->frame_control) ;
stype = WLAN_FC_GET_STYPE(fc);
switch (WLAN_FC_GET_TYPE(fc)) {
case IEEE80211_FTYPE_DATA:
break;
return 0;
}
p_IPDGInfo = kmalloc(sizeof (IPdgramInfo), GFP_ATOMIC);
packet_info = kmalloc(sizeof(struct ABPS_info), GFP_ATOMIC);
packet_info->id = hdr->seq_ctrl;
fc = le16_to_cpu(hdr4->frame_ctl);
type = WLAN_FC_GET_TYPE(fc);
stype = WLAN_FC_GET_STYPE(fc);
sc = le16_to_cpu(hdr4->seq_ctl);
frag = WLAN_GET_SEQ_FRAG(sc);
/* OLD hdrlen = ieee80211_get_hdrlen(fc); */
hdrlen = ieee80211_hdrlen(fc);
stype &= ~IEEE80211_STYPE_QOS_DATA;
if (stype != IEEE80211_STYPE_DATA &&
stype != IEEE80211_STYPE_DATA_CFACK &&
stype != IEEE80211_STYPE_DATA_CFPOLL &&
stype != IEEE80211_STYPE_DATA_CFACKPOLL)
goto rx_dropped;
payload = ((u8*)(hdr4)) + hdrlen;
ethertype = (payload[6] << 8) | payload[7];
if (ethertype == ETH_P_IP) {
int ris;
IPdatagram = ((u8*)hdr4) + hdrlen + 8;
flen = sizeof(struct iphdr) + sizeof(struct udphdr);
ris = get_udp_info(IPdatagram, flen, &(p_IPDGInfo->saddr),
&(p_IPDGInfo->daddr), &(p_IPDGInfo->sport),
&(p_IPDGInfo->dport), &(p_IPDGInfo->ipdgramid),
&(p_IPDGInfo->fragment_data_len),
/* only data, not header */
&(p_IPDGInfo->fragment_offset),
&(p_IPDGInfo->more_fragment));
if (ris > 0) {
/* set the fields of the ABPS_info that will be put in the
* ABPS_info list*/
packet_info->datagram_info.ip_id = p_IPDGInfo->ipdgramid;
/* maybe ntohs, not sure */
packet_info->datagram_info.udp_sport = p_IPDGInfo->sport;
packet_info->datagram_info.fragment_data_len = p_IPDGInfo->fragment_data_len;
packet_info->datagram_info.fragment_offset = p_IPDGInfo->fragment_offset;
packet_info->datagram_info.more_fragment = p_IPDGInfo->more_fragment;
packet_info->tx_time = CURRENT_TIME;
ABPS_info_add(packet_info);
return(1);
}
return(0);
}
rx_dropped:
return 0;
}
static void rx_data_bss_prot(struct wlantest *wt,
const struct ieee80211_hdr *hdr, const u8 *qos,
const u8 *dst, const u8 *src, const u8 *data,
size_t len)
{
struct wlantest_bss *bss;
struct wlantest_sta *sta, *sta2;
int keyid;
u16 fc = le_to_host16(hdr->frame_control);
u8 *decrypted;
size_t dlen;
int tid;
u8 pn[6], *rsc;
struct wlantest_tdls *tdls = NULL, *found;
const u8 *tk = NULL;
int ptk_iter_done = 0;
int try_ptk_iter = 0;
if (hdr->addr1[0] & 0x01) {
rx_data_bss_prot_group(wt, hdr, qos, dst, src, data, len);
return;
}
if (fc & WLAN_FC_TODS) {
bss = bss_get(wt, hdr->addr1);
if (bss == NULL)
return;
sta = sta_get(bss, hdr->addr2);
if (sta)
sta->counters[WLANTEST_STA_COUNTER_PROT_DATA_TX]++;
} else if (fc & WLAN_FC_FROMDS) {
bss = bss_get(wt, hdr->addr2);
if (bss == NULL)
return;
sta = sta_get(bss, hdr->addr1);
} else {
bss = bss_get(wt, hdr->addr3);
if (bss == NULL)
return;
sta = sta_find(bss, hdr->addr2);
sta2 = sta_find(bss, hdr->addr1);
if (sta == NULL || sta2 == NULL)
return;
found = NULL;
dl_list_for_each(tdls, &bss->tdls, struct wlantest_tdls, list)
{
if ((tdls->init == sta && tdls->resp == sta2) ||
(tdls->init == sta2 && tdls->resp == sta)) {
found = tdls;
if (tdls->link_up)
break;
}
}
if (found) {
if (!found->link_up)
add_note(wt, MSG_DEBUG,
"TDLS: Link not up, but Data "
"frame seen");
tk = found->tpk.tk;
tdls = found;
}
}
if ((sta == NULL ||
(!sta->ptk_set && sta->pairwise_cipher != WPA_CIPHER_WEP40)) &&
tk == NULL) {
add_note(wt, MSG_MSGDUMP, "No PTK known to decrypt the frame");
if (dl_list_empty(&wt->ptk))
return;
try_ptk_iter = 1;
}
if (len < 4) {
add_note(wt, MSG_INFO, "Too short encrypted data frame");
return;
}
if (sta == NULL)
return;
if (sta->pairwise_cipher & (WPA_CIPHER_TKIP | WPA_CIPHER_CCMP) &&
!(data[3] & 0x20)) {
add_note(wt, MSG_INFO, "Expected TKIP/CCMP frame from "
MACSTR " did not have ExtIV bit set to 1",
MAC2STR(src));
return;
}
if (tk == NULL && sta->pairwise_cipher == WPA_CIPHER_TKIP) {
if (data[3] & 0x1f) {
add_note(wt, MSG_INFO, "TKIP frame from " MACSTR
" used non-zero reserved bit",
MAC2STR(hdr->addr2));
}
if (data[1] != ((data[0] | 0x20) & 0x7f)) {
add_note(wt, MSG_INFO, "TKIP frame from " MACSTR
" used incorrect WEPSeed[1] (was 0x%x, "
"expected 0x%x)",
MAC2STR(hdr->addr2), data[1],
(data[0] | 0x20) & 0x7f);
}
} else if (tk || sta->pairwise_cipher == WPA_CIPHER_CCMP) {
if (data[2] != 0 || (data[3] & 0x1f) != 0) {
add_note(wt, MSG_INFO, "CCMP frame from " MACSTR
" used non-zero reserved bit",
MAC2STR(hdr->addr2));
}
}
keyid = data[3] >> 6;
if (keyid != 0) {
add_note(wt, MSG_INFO, "Unexpected non-zero KeyID %d in "
"individually addressed Data frame from " MACSTR,
keyid, MAC2STR(hdr->addr2));
}
if (qos) {
tid = qos[0] & 0x0f;
if (fc & WLAN_FC_TODS)
sta->tx_tid[tid]++;
else
sta->rx_tid[tid]++;
} else {
tid = 0;
if (fc & WLAN_FC_TODS)
sta->tx_tid[16]++;
else
sta->rx_tid[16]++;
}
if (tk) {
if (os_memcmp(hdr->addr2, tdls->init->addr, ETH_ALEN) == 0)
rsc = tdls->rsc_init[tid];
else
rsc = tdls->rsc_resp[tid];
} else if (fc & WLAN_FC_TODS)
rsc = sta->rsc_tods[tid];
else
rsc = sta->rsc_fromds[tid];
if (tk == NULL && sta->pairwise_cipher == WPA_CIPHER_TKIP)
tkip_get_pn(pn, data);
else if (sta->pairwise_cipher == WPA_CIPHER_WEP40)
goto skip_replay_det;
else
ccmp_get_pn(pn, data);
if (os_memcmp(pn, rsc, 6) <= 0) {
u16 seq_ctrl = le_to_host16(hdr->seq_ctrl);
add_note(wt, MSG_INFO, "CCMP/TKIP replay detected: A1=" MACSTR
" A2=" MACSTR " A3=" MACSTR " seq=%u frag=%u",
MAC2STR(hdr->addr1), MAC2STR(hdr->addr2),
MAC2STR(hdr->addr3),
WLAN_GET_SEQ_SEQ(seq_ctrl),
WLAN_GET_SEQ_FRAG(seq_ctrl));
wpa_hexdump(MSG_INFO, "RX PN", pn, 6);
wpa_hexdump(MSG_INFO, "RSC", rsc, 6);
}
skip_replay_det:
if (tk)
decrypted = ccmp_decrypt(tk, hdr, data, len, &dlen);
else if (sta->pairwise_cipher == WPA_CIPHER_TKIP)
decrypted = tkip_decrypt(sta->ptk.tk1, hdr, data, len, &dlen);
else if (sta->pairwise_cipher == WPA_CIPHER_WEP40)
decrypted = wep_decrypt(wt, hdr, data, len, &dlen);
else if (sta->ptk_set)
decrypted = ccmp_decrypt(sta->ptk.tk1, hdr, data, len, &dlen);
else {
decrypted = try_all_ptk(wt, sta->pairwise_cipher, hdr, data,
len, &dlen);
ptk_iter_done = 1;
}
if (!decrypted && !ptk_iter_done) {
decrypted = try_all_ptk(wt, sta->pairwise_cipher, hdr, data,
len, &dlen);
if (decrypted) {
add_note(wt, MSG_DEBUG, "Current PTK did not work, but found a match from all known PTKs");
}
}
if (decrypted) {
u16 fc = le_to_host16(hdr->frame_control);
const u8 *peer_addr = NULL;
if (!(fc & (WLAN_FC_FROMDS | WLAN_FC_TODS)))
peer_addr = hdr->addr1;
os_memcpy(rsc, pn, 6);
rx_data_process(wt, bss->bssid, sta->addr, dst, src, decrypted,
dlen, 1, peer_addr);
write_pcap_decrypted(wt, (const u8 *) hdr, 24 + (qos ? 2 : 0),
decrypted, dlen);
} else if (!try_ptk_iter)
add_note(wt, MSG_DEBUG, "Failed to decrypt frame");
os_free(decrypted);
}
static void rx_data_bss_prot_group(struct wlantest *wt,
const struct ieee80211_hdr *hdr,
const u8 *qos, const u8 *dst, const u8 *src,
const u8 *data, size_t len)
{
struct wlantest_bss *bss;
int keyid;
u8 *decrypted;
size_t dlen;
u8 pn[6];
bss = bss_get(wt, hdr->addr2);
if (bss == NULL)
return;
if (len < 4) {
add_note(wt, MSG_INFO, "Too short group addressed data frame");
return;
}
if (bss->group_cipher & (WPA_CIPHER_TKIP | WPA_CIPHER_CCMP) &&
!(data[3] & 0x20)) {
add_note(wt, MSG_INFO, "Expected TKIP/CCMP frame from "
MACSTR " did not have ExtIV bit set to 1",
MAC2STR(bss->bssid));
return;
}
if (bss->group_cipher == WPA_CIPHER_TKIP) {
if (data[3] & 0x1f) {
add_note(wt, MSG_INFO, "TKIP frame from " MACSTR
" used non-zero reserved bit",
MAC2STR(bss->bssid));
}
if (data[1] != ((data[0] | 0x20) & 0x7f)) {
add_note(wt, MSG_INFO, "TKIP frame from " MACSTR
" used incorrect WEPSeed[1] (was 0x%x, "
"expected 0x%x)",
MAC2STR(bss->bssid), data[1],
(data[0] | 0x20) & 0x7f);
}
} else if (bss->group_cipher == WPA_CIPHER_CCMP) {
if (data[2] != 0 || (data[3] & 0x1f) != 0) {
add_note(wt, MSG_INFO, "CCMP frame from " MACSTR
" used non-zero reserved bit",
MAC2STR(bss->bssid));
}
}
keyid = data[3] >> 6;
if (bss->gtk_len[keyid] == 0 && bss->group_cipher != WPA_CIPHER_WEP40)
{
add_note(wt, MSG_MSGDUMP, "No GTK known to decrypt the frame "
"(A2=" MACSTR " KeyID=%d)",
MAC2STR(hdr->addr2), keyid);
return;
}
if (bss->group_cipher == WPA_CIPHER_TKIP)
tkip_get_pn(pn, data);
else if (bss->group_cipher == WPA_CIPHER_WEP40)
goto skip_replay_det;
else
ccmp_get_pn(pn, data);
if (os_memcmp(pn, bss->rsc[keyid], 6) <= 0) {
u16 seq_ctrl = le_to_host16(hdr->seq_ctrl);
add_note(wt, MSG_INFO, "CCMP/TKIP replay detected: A1=" MACSTR
" A2=" MACSTR " A3=" MACSTR " seq=%u frag=%u",
MAC2STR(hdr->addr1), MAC2STR(hdr->addr2),
MAC2STR(hdr->addr3),
WLAN_GET_SEQ_SEQ(seq_ctrl),
WLAN_GET_SEQ_FRAG(seq_ctrl));
wpa_hexdump(MSG_INFO, "RX PN", pn, 6);
wpa_hexdump(MSG_INFO, "RSC", bss->rsc[keyid], 6);
}
skip_replay_det:
if (bss->group_cipher == WPA_CIPHER_TKIP)
decrypted = tkip_decrypt(bss->gtk[keyid], hdr, data, len,
&dlen);
else if (bss->group_cipher == WPA_CIPHER_WEP40)
decrypted = wep_decrypt(wt, hdr, data, len, &dlen);
else
decrypted = ccmp_decrypt(bss->gtk[keyid], hdr, data, len,
&dlen);
if (decrypted) {
rx_data_process(wt, bss->bssid, NULL, dst, src, decrypted,
dlen, 1, NULL);
os_memcpy(bss->rsc[keyid], pn, 6);
write_pcap_decrypted(wt, (const u8 *) hdr, 24 + (qos ? 2 : 0),
decrypted, dlen);
} else
add_note(wt, MSG_DEBUG, "Failed to decrypt frame");
os_free(decrypted);
}
int CVE_2007_4997_linux2_6_16_ieee80211_rx(struct ieee80211_device *ieee, struct sk_buff *skb,
struct CVE_2007_4997_linux2_6_16_ieee80211_rx_stats *rx_stats)
{
struct net_device *dev = ieee->dev;
struct ieee80211_hdr_4addr *hdr;
size_t hdrlen;
u16 fc, type, stype, sc;
struct net_device_stats *stats;
unsigned int frag;
u8 *payload;
u16 ethertype;
#ifdef NOT_YET
struct net_device *wds = NULL;
struct sk_buff *skb2 = NULL;
struct net_device *wds = NULL;
int frame_authorized = 0;
int from_assoc_ap = 0;
void *sta = NULL;
#endif
u8 dst[ETH_ALEN];
u8 src[ETH_ALEN];
struct ieee80211_crypt_data *crypt = NULL;
int keyidx = 0;
int can_be_decrypted = 0;
hdr = (struct ieee80211_hdr_4addr *)skb->data;
stats = &ieee->stats;
if (skb->len < 10) {
printk(KERN_INFO "%s: SKB length < 10\n", dev->name);
goto rx_dropped;
}
fc = le16_to_cpu(hdr->frame_ctl);
type = WLAN_FC_GET_TYPE(fc);
stype = WLAN_FC_GET_STYPE(fc);
sc = le16_to_cpu(hdr->seq_ctl);
frag = WLAN_GET_SEQ_FRAG(sc);
hdrlen = ieee80211_get_hdrlen(fc);
/* Put this code here so that we avoid duplicating it in all
* Rx paths. - Jean II */
#ifdef IW_WIRELESS_SPY /* defined in iw_handler.h */
#ifdef CONFIG_NET_RADIO
/* If spy monitoring on */
if (ieee->spy_data.spy_number > 0) {
struct iw_quality wstats;
wstats.updated = 0;
if (rx_stats->mask & IEEE80211_STATMASK_RSSI) {
wstats.level = rx_stats->rssi;
wstats.updated |= IW_QUAL_LEVEL_UPDATED;
} else
wstats.updated |= IW_QUAL_LEVEL_INVALID;
if (rx_stats->mask & IEEE80211_STATMASK_NOISE) {
wstats.noise = rx_stats->noise;
wstats.updated |= IW_QUAL_NOISE_UPDATED;
} else
wstats.updated |= IW_QUAL_NOISE_INVALID;
if (rx_stats->mask & IEEE80211_STATMASK_SIGNAL) {
wstats.qual = rx_stats->signal;
wstats.updated |= IW_QUAL_QUAL_UPDATED;
} else
wstats.updated |= IW_QUAL_QUAL_INVALID;
/* Update spy records */
wireless_spy_update(ieee->dev, hdr->addr2, &wstats);
}
#endif /* CONFIG_NET_RADIO */
#endif /* IW_WIRELESS_SPY */
#ifdef NOT_YET
hostap_update_rx_stats(local->ap, hdr, rx_stats);
#endif
if (ieee->iw_mode == IW_MODE_MONITOR) {
ieee80211_monitor_rx(ieee, skb, rx_stats);
stats->rx_packets++;
stats->rx_bytes += skb->len;
return 1;
}
can_be_decrypted = (is_multicast_ether_addr(hdr->addr1) ||
is_broadcast_ether_addr(hdr->addr2)) ?
ieee->host_mc_decrypt : ieee->host_decrypt;
if (can_be_decrypted) {
int idx = 0;
if (skb->len >= hdrlen + 3) {
/* Top two-bits of byte 3 are the key index */
idx = skb->data[hdrlen + 3] >> 6;
}
/* ieee->crypt[] is WEP_KEY (4) in length. Given that idx
* is only allowed 2-bits of storage, no value of idx can
* be provided via above code that would result in idx
* being out of range */
crypt = ieee->crypt[idx];
#ifdef NOT_YET
sta = NULL;
/* Use station specific key to override default keys if the
* receiver address is a unicast address ("individual RA"). If
* bcrx_sta_key parameter is set, station specific key is used
* even with broad/multicast targets (this is against IEEE
* 802.11, but makes it easier to use different keys with
* stations that do not support WEP key mapping). */
if (!(hdr->addr1[0] & 0x01) || local->bcrx_sta_key)
(void)hostap_handle_sta_crypto(local, hdr, &crypt,
&sta);
#endif
/* allow NULL decrypt to indicate an station specific override
* for default encryption */
if (crypt && (crypt->ops == NULL ||
crypt->ops->decrypt_mpdu == NULL))
crypt = NULL;
if (!crypt && (fc & IEEE80211_FCTL_PROTECTED)) {
/* This seems to be triggered by some (multicast?)
* frames from other than current BSS, so just drop the
* frames silently instead of filling system log with
* these reports. */
IEEE80211_DEBUG_DROP("Decryption failed (not set)"
" (SA=" MAC_FMT ")\n",
MAC_ARG(hdr->addr2));
ieee->ieee_stats.rx_discards_undecryptable++;
goto rx_dropped;
}
}
u8 * ccmp_decrypt(const u8 *tk, const struct ieee80211_hdr *hdr,
const u8 *data, size_t data_len, size_t *decrypted_len)
{
u8 aad[2 + 30], nonce[13];
size_t aad_len;
u8 b[AES_BLOCK_SIZE], x[AES_BLOCK_SIZE], a[AES_BLOCK_SIZE];
void *aes;
const u8 *m, *mpos, *mic;
size_t mlen, last;
int i;
u8 *plain, *ppos;
u8 t[8];
if (data_len < 8 + 8)
return NULL;
plain = os_malloc(data_len + AES_BLOCK_SIZE);
if (plain == NULL)
return NULL;
aes = aes_encrypt_init(tk, 16);
if (aes == NULL) {
os_free(plain);
return NULL;
}
m = data + 8;
mlen = data_len - 8 - 8;
last = mlen % AES_BLOCK_SIZE;
os_memset(aad, 0, sizeof(aad));
ccmp_aad_nonce(hdr, data, &aad[2], &aad_len, nonce);
WPA_PUT_BE16(aad, aad_len);
wpa_hexdump(MSG_EXCESSIVE, "CCMP AAD", &aad[2], aad_len);
wpa_hexdump(MSG_EXCESSIVE, "CCMP nonce", nonce, 13);
/* CCM: M=8 L=2, Adata=1, M' = (M-2)/2 = 3, L' = L-1 = 1 */
/* A_i = Flags | Nonce N | Counter i */
a[0] = 0x01; /* Flags = L' */
os_memcpy(&a[1], nonce, 13);
/* Decryption */
mic = data + data_len - 8;
wpa_hexdump(MSG_EXCESSIVE, "CCMP U", mic, 8);
/* U = T XOR S_0; S_0 = E(K, A_0) */
WPA_PUT_BE16(&a[14], 0);
aes_encrypt(aes, a, x);
for (i = 0; i < 8; i++)
t[i] = mic[i] ^ x[i];
wpa_hexdump(MSG_EXCESSIVE, "CCMP T", t, 8);
/* plaintext = msg XOR (S_1 | S_2 | ... | S_n) */
ppos = plain;
mpos = m;
for (i = 1; i <= mlen / AES_BLOCK_SIZE; i++) {
WPA_PUT_BE16(&a[14], i);
/* S_i = E(K, A_i) */
aes_encrypt(aes, a, ppos);
xor_aes_block(ppos, mpos);
ppos += AES_BLOCK_SIZE;
mpos += AES_BLOCK_SIZE;
}
if (last) {
WPA_PUT_BE16(&a[14], i);
aes_encrypt(aes, a, ppos);
/* XOR zero-padded last block */
for (i = 0; i < last; i++)
*ppos++ ^= *mpos++;
}
wpa_hexdump(MSG_EXCESSIVE, "CCMP decrypted", plain, mlen);
/* Authentication */
/* B_0: Flags | Nonce N | l(m) */
b[0] = 0x40 /* Adata */ | (3 /* M' */ << 3) | 1 /* L' */;
os_memcpy(&b[1], nonce, 13);
WPA_PUT_BE16(&b[14], mlen);
wpa_hexdump(MSG_EXCESSIVE, "CCMP B_0", b, AES_BLOCK_SIZE);
aes_encrypt(aes, b, x); /* X_1 = E(K, B_0) */
wpa_hexdump(MSG_EXCESSIVE, "CCMP B_1", aad, AES_BLOCK_SIZE);
xor_aes_block(aad, x);
aes_encrypt(aes, aad, x); /* X_2 = E(K, X_1 XOR B_1) */
wpa_hexdump(MSG_EXCESSIVE, "CCMP B_2", &aad[AES_BLOCK_SIZE],
AES_BLOCK_SIZE);
xor_aes_block(&aad[AES_BLOCK_SIZE], x);
aes_encrypt(aes, &aad[AES_BLOCK_SIZE], x); /* X_3 = E(K, X_2 XOR B_2)
*/
ppos = plain;
for (i = 0; i < mlen / AES_BLOCK_SIZE; i++) {
/* X_i+1 = E(K, X_i XOR B_i) */
xor_aes_block(x, ppos);
ppos += AES_BLOCK_SIZE;
aes_encrypt(aes, x, x);
}
if (last) {
/* XOR zero-padded last block */
for (i = 0; i < last; i++)
x[i] ^= *ppos++;
aes_encrypt(aes, x, x);
}
aes_encrypt_deinit(aes);
if (os_memcmp(x, t, 8) != 0) {
u16 seq_ctrl = le_to_host16(hdr->seq_ctrl);
wpa_printf(MSG_INFO, "Invalid CCMP MIC in frame: A1=" MACSTR
" A2=" MACSTR " A3=" MACSTR " seq=%u frag=%u",
MAC2STR(hdr->addr1), MAC2STR(hdr->addr2),
MAC2STR(hdr->addr3),
WLAN_GET_SEQ_SEQ(seq_ctrl),
WLAN_GET_SEQ_FRAG(seq_ctrl));
wpa_hexdump(MSG_DEBUG, "CCMP decrypted", plain, mlen);
os_free(plain);
return NULL;
}
*decrypted_len = mlen;
return plain;
}
