static void cs_set_control(struct zd_mac *mac, struct zd_ctrlset *cs, struct ieee80211_hdr_4addr *header) { struct ieee80211softmac_device *softmac = ieee80211_priv(mac->netdev); unsigned int tx_length = le16_to_cpu(cs->tx_length); u16 fctl = le16_to_cpu(header->frame_ctl); u16 ftype = WLAN_FC_GET_TYPE(fctl); u16 stype = WLAN_FC_GET_STYPE(fctl); /* * CONTROL TODO: * - if backoff needed, enable bit 0 * - if burst (backoff not needed) disable bit 0 */ cs->control = 0; /* First fragment */ if (WLAN_GET_SEQ_FRAG(le16_to_cpu(header->seq_ctl)) == 0) cs->control |= ZD_CS_NEED_RANDOM_BACKOFF; /* Multicast */ if (is_multicast_ether_addr(header->addr1)) cs->control |= ZD_CS_MULTICAST; /* PS-POLL */ if (stype == IEEE80211_STYPE_PSPOLL) cs->control |= ZD_CS_PS_POLL_FRAME; /* Unicast data frames over the threshold should have RTS */ if (!is_multicast_ether_addr(header->addr1) && ftype != IEEE80211_FTYPE_MGMT && tx_length > zd_netdev_ieee80211(mac->netdev)->rts) cs->control |= ZD_CS_RTS; /* Use CTS-to-self protection if required */ if (ZD_CS_TYPE(cs->modulation) == ZD_CS_OFDM && ieee80211softmac_protection_needed(softmac)) { /* FIXME: avoid sending RTS *and* self-CTS, is that correct? */ cs->control &= ~ZD_CS_RTS; cs->control |= ZD_CS_SELF_CTS; } /* FIXME: Management frame? */ }
u8 * ccmp_decrypt(const u8 *tk, const struct ieee80211_hdr *hdr, const u8 *data, size_t data_len, size_t *decrypted_len) { u8 aad[30], nonce[13]; size_t aad_len; size_t mlen; u8 *plain; if (data_len < 8 + 8) return NULL; plain = os_malloc(data_len + AES_BLOCK_SIZE); if (plain == NULL) return NULL; mlen = data_len - 8 - 8; os_memset(aad, 0, sizeof(aad)); ccmp_aad_nonce(hdr, data, aad, &aad_len, nonce); wpa_hexdump(MSG_EXCESSIVE, "CCMP AAD", aad, aad_len); wpa_hexdump(MSG_EXCESSIVE, "CCMP nonce", nonce, 13); if (aes_ccm_ad(tk, 16, nonce, 8, data + 8, mlen, aad, aad_len, data + 8 + mlen, plain) < 0) { u16 seq_ctrl = le_to_host16(hdr->seq_ctrl); wpa_printf(MSG_INFO, "Invalid CCMP MIC in frame: A1=" MACSTR " A2=" MACSTR " A3=" MACSTR " seq=%u frag=%u", MAC2STR(hdr->addr1), MAC2STR(hdr->addr2), MAC2STR(hdr->addr3), WLAN_GET_SEQ_SEQ(seq_ctrl), WLAN_GET_SEQ_FRAG(seq_ctrl)); os_free(plain); return NULL; } wpa_hexdump(MSG_EXCESSIVE, "CCMP decrypted", plain, mlen); *decrypted_len = mlen; return plain; }
u8 * gcmp_decrypt(const u8 *tk, size_t tk_len, const struct ieee80211_hdr *hdr, const u8 *data, size_t data_len, size_t *decrypted_len) { u8 aad[30], nonce[12], *plain; size_t aad_len, mlen; const u8 *m; if (data_len < 8 + 16) return NULL; plain = os_malloc(data_len + AES_BLOCK_SIZE); if (plain == NULL) return NULL; m = data + 8; mlen = data_len - 8 - 16; os_memset(aad, 0, sizeof(aad)); gcmp_aad_nonce(hdr, data, aad, &aad_len, nonce); wpa_hexdump(MSG_EXCESSIVE, "GCMP AAD", aad, aad_len); wpa_hexdump(MSG_EXCESSIVE, "GCMP nonce", nonce, sizeof(nonce)); if (aes_gcm_ad(tk, tk_len, nonce, sizeof(nonce), m, mlen, aad, aad_len, m + mlen, plain) < 0) { u16 seq_ctrl = le_to_host16(hdr->seq_ctrl); wpa_printf(MSG_INFO, "Invalid GCMP frame: A1=" MACSTR " A2=" MACSTR " A3=" MACSTR " seq=%u frag=%u", MAC2STR(hdr->addr1), MAC2STR(hdr->addr2), MAC2STR(hdr->addr3), WLAN_GET_SEQ_SEQ(seq_ctrl), WLAN_GET_SEQ_FRAG(seq_ctrl)); os_free(plain); return NULL; } *decrypted_len = mlen; return plain; }
int ABPS_extract_pkt_info(struct ieee80211_hdr *hdr) { struct ABPS_info *packet_info; struct ieee80211_hdr_4addr *hdr4 = (struct ieee80211_hdr_4addr *)hdr; size_t hdrlen; u16 fc, type, stype, sc; unsigned int frag; u8 *payload; u8 *IPdatagram; u16 ethertype; int flen; IPdgramInfo *p_IPDGInfo; fc = le16_to_cpu(hdr->frame_control) ; stype = WLAN_FC_GET_STYPE(fc); switch (WLAN_FC_GET_TYPE(fc)) { case IEEE80211_FTYPE_DATA: break; return 0; } p_IPDGInfo = kmalloc(sizeof (IPdgramInfo), GFP_ATOMIC); packet_info = kmalloc(sizeof(struct ABPS_info), GFP_ATOMIC); packet_info->id = hdr->seq_ctrl; fc = le16_to_cpu(hdr4->frame_ctl); type = WLAN_FC_GET_TYPE(fc); stype = WLAN_FC_GET_STYPE(fc); sc = le16_to_cpu(hdr4->seq_ctl); frag = WLAN_GET_SEQ_FRAG(sc); /* OLD hdrlen = ieee80211_get_hdrlen(fc); */ hdrlen = ieee80211_hdrlen(fc); stype &= ~IEEE80211_STYPE_QOS_DATA; if (stype != IEEE80211_STYPE_DATA && stype != IEEE80211_STYPE_DATA_CFACK && stype != IEEE80211_STYPE_DATA_CFPOLL && stype != IEEE80211_STYPE_DATA_CFACKPOLL) goto rx_dropped; payload = ((u8*)(hdr4)) + hdrlen; ethertype = (payload[6] << 8) | payload[7]; if (ethertype == ETH_P_IP) { int ris; IPdatagram = ((u8*)hdr4) + hdrlen + 8; flen = sizeof(struct iphdr) + sizeof(struct udphdr); ris = get_udp_info(IPdatagram, flen, &(p_IPDGInfo->saddr), &(p_IPDGInfo->daddr), &(p_IPDGInfo->sport), &(p_IPDGInfo->dport), &(p_IPDGInfo->ipdgramid), &(p_IPDGInfo->fragment_data_len), /* only data, not header */ &(p_IPDGInfo->fragment_offset), &(p_IPDGInfo->more_fragment)); if (ris > 0) { /* set the fields of the ABPS_info that will be put in the * ABPS_info list*/ packet_info->datagram_info.ip_id = p_IPDGInfo->ipdgramid; /* maybe ntohs, not sure */ packet_info->datagram_info.udp_sport = p_IPDGInfo->sport; packet_info->datagram_info.fragment_data_len = p_IPDGInfo->fragment_data_len; packet_info->datagram_info.fragment_offset = p_IPDGInfo->fragment_offset; packet_info->datagram_info.more_fragment = p_IPDGInfo->more_fragment; packet_info->tx_time = CURRENT_TIME; ABPS_info_add(packet_info); return(1); } return(0); } rx_dropped: return 0; }
static void rx_data_bss_prot(struct wlantest *wt, const struct ieee80211_hdr *hdr, const u8 *qos, const u8 *dst, const u8 *src, const u8 *data, size_t len) { struct wlantest_bss *bss; struct wlantest_sta *sta, *sta2; int keyid; u16 fc = le_to_host16(hdr->frame_control); u8 *decrypted; size_t dlen; int tid; u8 pn[6], *rsc; struct wlantest_tdls *tdls = NULL, *found; const u8 *tk = NULL; int ptk_iter_done = 0; int try_ptk_iter = 0; if (hdr->addr1[0] & 0x01) { rx_data_bss_prot_group(wt, hdr, qos, dst, src, data, len); return; } if (fc & WLAN_FC_TODS) { bss = bss_get(wt, hdr->addr1); if (bss == NULL) return; sta = sta_get(bss, hdr->addr2); if (sta) sta->counters[WLANTEST_STA_COUNTER_PROT_DATA_TX]++; } else if (fc & WLAN_FC_FROMDS) { bss = bss_get(wt, hdr->addr2); if (bss == NULL) return; sta = sta_get(bss, hdr->addr1); } else { bss = bss_get(wt, hdr->addr3); if (bss == NULL) return; sta = sta_find(bss, hdr->addr2); sta2 = sta_find(bss, hdr->addr1); if (sta == NULL || sta2 == NULL) return; found = NULL; dl_list_for_each(tdls, &bss->tdls, struct wlantest_tdls, list) { if ((tdls->init == sta && tdls->resp == sta2) || (tdls->init == sta2 && tdls->resp == sta)) { found = tdls; if (tdls->link_up) break; } } if (found) { if (!found->link_up) add_note(wt, MSG_DEBUG, "TDLS: Link not up, but Data " "frame seen"); tk = found->tpk.tk; tdls = found; } } if ((sta == NULL || (!sta->ptk_set && sta->pairwise_cipher != WPA_CIPHER_WEP40)) && tk == NULL) { add_note(wt, MSG_MSGDUMP, "No PTK known to decrypt the frame"); if (dl_list_empty(&wt->ptk)) return; try_ptk_iter = 1; } if (len < 4) { add_note(wt, MSG_INFO, "Too short encrypted data frame"); return; } if (sta == NULL) return; if (sta->pairwise_cipher & (WPA_CIPHER_TKIP | WPA_CIPHER_CCMP) && !(data[3] & 0x20)) { add_note(wt, MSG_INFO, "Expected TKIP/CCMP frame from " MACSTR " did not have ExtIV bit set to 1", MAC2STR(src)); return; } if (tk == NULL && sta->pairwise_cipher == WPA_CIPHER_TKIP) { if (data[3] & 0x1f) { add_note(wt, MSG_INFO, "TKIP frame from " MACSTR " used non-zero reserved bit", MAC2STR(hdr->addr2)); } if (data[1] != ((data[0] | 0x20) & 0x7f)) { add_note(wt, MSG_INFO, "TKIP frame from " MACSTR " used incorrect WEPSeed[1] (was 0x%x, " "expected 0x%x)", MAC2STR(hdr->addr2), data[1], (data[0] | 0x20) & 0x7f); } } else if (tk || sta->pairwise_cipher == WPA_CIPHER_CCMP) { if (data[2] != 0 || (data[3] & 0x1f) != 0) { add_note(wt, MSG_INFO, "CCMP frame from " MACSTR " used non-zero reserved bit", MAC2STR(hdr->addr2)); } } keyid = data[3] >> 6; if (keyid != 0) { add_note(wt, MSG_INFO, "Unexpected non-zero KeyID %d in " "individually addressed Data frame from " MACSTR, keyid, MAC2STR(hdr->addr2)); } if (qos) { tid = qos[0] & 0x0f; if (fc & WLAN_FC_TODS) sta->tx_tid[tid]++; else sta->rx_tid[tid]++; } else { tid = 0; if (fc & WLAN_FC_TODS) sta->tx_tid[16]++; else sta->rx_tid[16]++; } if (tk) { if (os_memcmp(hdr->addr2, tdls->init->addr, ETH_ALEN) == 0) rsc = tdls->rsc_init[tid]; else rsc = tdls->rsc_resp[tid]; } else if (fc & WLAN_FC_TODS) rsc = sta->rsc_tods[tid]; else rsc = sta->rsc_fromds[tid]; if (tk == NULL && sta->pairwise_cipher == WPA_CIPHER_TKIP) tkip_get_pn(pn, data); else if (sta->pairwise_cipher == WPA_CIPHER_WEP40) goto skip_replay_det; else ccmp_get_pn(pn, data); if (os_memcmp(pn, rsc, 6) <= 0) { u16 seq_ctrl = le_to_host16(hdr->seq_ctrl); add_note(wt, MSG_INFO, "CCMP/TKIP replay detected: A1=" MACSTR " A2=" MACSTR " A3=" MACSTR " seq=%u frag=%u", MAC2STR(hdr->addr1), MAC2STR(hdr->addr2), MAC2STR(hdr->addr3), WLAN_GET_SEQ_SEQ(seq_ctrl), WLAN_GET_SEQ_FRAG(seq_ctrl)); wpa_hexdump(MSG_INFO, "RX PN", pn, 6); wpa_hexdump(MSG_INFO, "RSC", rsc, 6); } skip_replay_det: if (tk) decrypted = ccmp_decrypt(tk, hdr, data, len, &dlen); else if (sta->pairwise_cipher == WPA_CIPHER_TKIP) decrypted = tkip_decrypt(sta->ptk.tk1, hdr, data, len, &dlen); else if (sta->pairwise_cipher == WPA_CIPHER_WEP40) decrypted = wep_decrypt(wt, hdr, data, len, &dlen); else if (sta->ptk_set) decrypted = ccmp_decrypt(sta->ptk.tk1, hdr, data, len, &dlen); else { decrypted = try_all_ptk(wt, sta->pairwise_cipher, hdr, data, len, &dlen); ptk_iter_done = 1; } if (!decrypted && !ptk_iter_done) { decrypted = try_all_ptk(wt, sta->pairwise_cipher, hdr, data, len, &dlen); if (decrypted) { add_note(wt, MSG_DEBUG, "Current PTK did not work, but found a match from all known PTKs"); } } if (decrypted) { u16 fc = le_to_host16(hdr->frame_control); const u8 *peer_addr = NULL; if (!(fc & (WLAN_FC_FROMDS | WLAN_FC_TODS))) peer_addr = hdr->addr1; os_memcpy(rsc, pn, 6); rx_data_process(wt, bss->bssid, sta->addr, dst, src, decrypted, dlen, 1, peer_addr); write_pcap_decrypted(wt, (const u8 *) hdr, 24 + (qos ? 2 : 0), decrypted, dlen); } else if (!try_ptk_iter) add_note(wt, MSG_DEBUG, "Failed to decrypt frame"); os_free(decrypted); }
static void rx_data_bss_prot_group(struct wlantest *wt, const struct ieee80211_hdr *hdr, const u8 *qos, const u8 *dst, const u8 *src, const u8 *data, size_t len) { struct wlantest_bss *bss; int keyid; u8 *decrypted; size_t dlen; u8 pn[6]; bss = bss_get(wt, hdr->addr2); if (bss == NULL) return; if (len < 4) { add_note(wt, MSG_INFO, "Too short group addressed data frame"); return; } if (bss->group_cipher & (WPA_CIPHER_TKIP | WPA_CIPHER_CCMP) && !(data[3] & 0x20)) { add_note(wt, MSG_INFO, "Expected TKIP/CCMP frame from " MACSTR " did not have ExtIV bit set to 1", MAC2STR(bss->bssid)); return; } if (bss->group_cipher == WPA_CIPHER_TKIP) { if (data[3] & 0x1f) { add_note(wt, MSG_INFO, "TKIP frame from " MACSTR " used non-zero reserved bit", MAC2STR(bss->bssid)); } if (data[1] != ((data[0] | 0x20) & 0x7f)) { add_note(wt, MSG_INFO, "TKIP frame from " MACSTR " used incorrect WEPSeed[1] (was 0x%x, " "expected 0x%x)", MAC2STR(bss->bssid), data[1], (data[0] | 0x20) & 0x7f); } } else if (bss->group_cipher == WPA_CIPHER_CCMP) { if (data[2] != 0 || (data[3] & 0x1f) != 0) { add_note(wt, MSG_INFO, "CCMP frame from " MACSTR " used non-zero reserved bit", MAC2STR(bss->bssid)); } } keyid = data[3] >> 6; if (bss->gtk_len[keyid] == 0 && bss->group_cipher != WPA_CIPHER_WEP40) { add_note(wt, MSG_MSGDUMP, "No GTK known to decrypt the frame " "(A2=" MACSTR " KeyID=%d)", MAC2STR(hdr->addr2), keyid); return; } if (bss->group_cipher == WPA_CIPHER_TKIP) tkip_get_pn(pn, data); else if (bss->group_cipher == WPA_CIPHER_WEP40) goto skip_replay_det; else ccmp_get_pn(pn, data); if (os_memcmp(pn, bss->rsc[keyid], 6) <= 0) { u16 seq_ctrl = le_to_host16(hdr->seq_ctrl); add_note(wt, MSG_INFO, "CCMP/TKIP replay detected: A1=" MACSTR " A2=" MACSTR " A3=" MACSTR " seq=%u frag=%u", MAC2STR(hdr->addr1), MAC2STR(hdr->addr2), MAC2STR(hdr->addr3), WLAN_GET_SEQ_SEQ(seq_ctrl), WLAN_GET_SEQ_FRAG(seq_ctrl)); wpa_hexdump(MSG_INFO, "RX PN", pn, 6); wpa_hexdump(MSG_INFO, "RSC", bss->rsc[keyid], 6); } skip_replay_det: if (bss->group_cipher == WPA_CIPHER_TKIP) decrypted = tkip_decrypt(bss->gtk[keyid], hdr, data, len, &dlen); else if (bss->group_cipher == WPA_CIPHER_WEP40) decrypted = wep_decrypt(wt, hdr, data, len, &dlen); else decrypted = ccmp_decrypt(bss->gtk[keyid], hdr, data, len, &dlen); if (decrypted) { rx_data_process(wt, bss->bssid, NULL, dst, src, decrypted, dlen, 1, NULL); os_memcpy(bss->rsc[keyid], pn, 6); write_pcap_decrypted(wt, (const u8 *) hdr, 24 + (qos ? 2 : 0), decrypted, dlen); } else add_note(wt, MSG_DEBUG, "Failed to decrypt frame"); os_free(decrypted); }
int CVE_2007_4997_linux2_6_16_ieee80211_rx(struct ieee80211_device *ieee, struct sk_buff *skb, struct CVE_2007_4997_linux2_6_16_ieee80211_rx_stats *rx_stats) { struct net_device *dev = ieee->dev; struct ieee80211_hdr_4addr *hdr; size_t hdrlen; u16 fc, type, stype, sc; struct net_device_stats *stats; unsigned int frag; u8 *payload; u16 ethertype; #ifdef NOT_YET struct net_device *wds = NULL; struct sk_buff *skb2 = NULL; struct net_device *wds = NULL; int frame_authorized = 0; int from_assoc_ap = 0; void *sta = NULL; #endif u8 dst[ETH_ALEN]; u8 src[ETH_ALEN]; struct ieee80211_crypt_data *crypt = NULL; int keyidx = 0; int can_be_decrypted = 0; hdr = (struct ieee80211_hdr_4addr *)skb->data; stats = &ieee->stats; if (skb->len < 10) { printk(KERN_INFO "%s: SKB length < 10\n", dev->name); goto rx_dropped; } fc = le16_to_cpu(hdr->frame_ctl); type = WLAN_FC_GET_TYPE(fc); stype = WLAN_FC_GET_STYPE(fc); sc = le16_to_cpu(hdr->seq_ctl); frag = WLAN_GET_SEQ_FRAG(sc); hdrlen = ieee80211_get_hdrlen(fc); /* Put this code here so that we avoid duplicating it in all * Rx paths. - Jean II */ #ifdef IW_WIRELESS_SPY /* defined in iw_handler.h */ #ifdef CONFIG_NET_RADIO /* If spy monitoring on */ if (ieee->spy_data.spy_number > 0) { struct iw_quality wstats; wstats.updated = 0; if (rx_stats->mask & IEEE80211_STATMASK_RSSI) { wstats.level = rx_stats->rssi; wstats.updated |= IW_QUAL_LEVEL_UPDATED; } else wstats.updated |= IW_QUAL_LEVEL_INVALID; if (rx_stats->mask & IEEE80211_STATMASK_NOISE) { wstats.noise = rx_stats->noise; wstats.updated |= IW_QUAL_NOISE_UPDATED; } else wstats.updated |= IW_QUAL_NOISE_INVALID; if (rx_stats->mask & IEEE80211_STATMASK_SIGNAL) { wstats.qual = rx_stats->signal; wstats.updated |= IW_QUAL_QUAL_UPDATED; } else wstats.updated |= IW_QUAL_QUAL_INVALID; /* Update spy records */ wireless_spy_update(ieee->dev, hdr->addr2, &wstats); } #endif /* CONFIG_NET_RADIO */ #endif /* IW_WIRELESS_SPY */ #ifdef NOT_YET hostap_update_rx_stats(local->ap, hdr, rx_stats); #endif if (ieee->iw_mode == IW_MODE_MONITOR) { ieee80211_monitor_rx(ieee, skb, rx_stats); stats->rx_packets++; stats->rx_bytes += skb->len; return 1; } can_be_decrypted = (is_multicast_ether_addr(hdr->addr1) || is_broadcast_ether_addr(hdr->addr2)) ? ieee->host_mc_decrypt : ieee->host_decrypt; if (can_be_decrypted) { int idx = 0; if (skb->len >= hdrlen + 3) { /* Top two-bits of byte 3 are the key index */ idx = skb->data[hdrlen + 3] >> 6; } /* ieee->crypt[] is WEP_KEY (4) in length. Given that idx * is only allowed 2-bits of storage, no value of idx can * be provided via above code that would result in idx * being out of range */ crypt = ieee->crypt[idx]; #ifdef NOT_YET sta = NULL; /* Use station specific key to override default keys if the * receiver address is a unicast address ("individual RA"). If * bcrx_sta_key parameter is set, station specific key is used * even with broad/multicast targets (this is against IEEE * 802.11, but makes it easier to use different keys with * stations that do not support WEP key mapping). */ if (!(hdr->addr1[0] & 0x01) || local->bcrx_sta_key) (void)hostap_handle_sta_crypto(local, hdr, &crypt, &sta); #endif /* allow NULL decrypt to indicate an station specific override * for default encryption */ if (crypt && (crypt->ops == NULL || crypt->ops->decrypt_mpdu == NULL)) crypt = NULL; if (!crypt && (fc & IEEE80211_FCTL_PROTECTED)) { /* This seems to be triggered by some (multicast?) * frames from other than current BSS, so just drop the * frames silently instead of filling system log with * these reports. */ IEEE80211_DEBUG_DROP("Decryption failed (not set)" " (SA=" MAC_FMT ")\n", MAC_ARG(hdr->addr2)); ieee->ieee_stats.rx_discards_undecryptable++; goto rx_dropped; } }
u8 * ccmp_decrypt(const u8 *tk, const struct ieee80211_hdr *hdr, const u8 *data, size_t data_len, size_t *decrypted_len) { u8 aad[2 + 30], nonce[13]; size_t aad_len; u8 b[AES_BLOCK_SIZE], x[AES_BLOCK_SIZE], a[AES_BLOCK_SIZE]; void *aes; const u8 *m, *mpos, *mic; size_t mlen, last; int i; u8 *plain, *ppos; u8 t[8]; if (data_len < 8 + 8) return NULL; plain = os_malloc(data_len + AES_BLOCK_SIZE); if (plain == NULL) return NULL; aes = aes_encrypt_init(tk, 16); if (aes == NULL) { os_free(plain); return NULL; } m = data + 8; mlen = data_len - 8 - 8; last = mlen % AES_BLOCK_SIZE; os_memset(aad, 0, sizeof(aad)); ccmp_aad_nonce(hdr, data, &aad[2], &aad_len, nonce); WPA_PUT_BE16(aad, aad_len); wpa_hexdump(MSG_EXCESSIVE, "CCMP AAD", &aad[2], aad_len); wpa_hexdump(MSG_EXCESSIVE, "CCMP nonce", nonce, 13); /* CCM: M=8 L=2, Adata=1, M' = (M-2)/2 = 3, L' = L-1 = 1 */ /* A_i = Flags | Nonce N | Counter i */ a[0] = 0x01; /* Flags = L' */ os_memcpy(&a[1], nonce, 13); /* Decryption */ mic = data + data_len - 8; wpa_hexdump(MSG_EXCESSIVE, "CCMP U", mic, 8); /* U = T XOR S_0; S_0 = E(K, A_0) */ WPA_PUT_BE16(&a[14], 0); aes_encrypt(aes, a, x); for (i = 0; i < 8; i++) t[i] = mic[i] ^ x[i]; wpa_hexdump(MSG_EXCESSIVE, "CCMP T", t, 8); /* plaintext = msg XOR (S_1 | S_2 | ... | S_n) */ ppos = plain; mpos = m; for (i = 1; i <= mlen / AES_BLOCK_SIZE; i++) { WPA_PUT_BE16(&a[14], i); /* S_i = E(K, A_i) */ aes_encrypt(aes, a, ppos); xor_aes_block(ppos, mpos); ppos += AES_BLOCK_SIZE; mpos += AES_BLOCK_SIZE; } if (last) { WPA_PUT_BE16(&a[14], i); aes_encrypt(aes, a, ppos); /* XOR zero-padded last block */ for (i = 0; i < last; i++) *ppos++ ^= *mpos++; } wpa_hexdump(MSG_EXCESSIVE, "CCMP decrypted", plain, mlen); /* Authentication */ /* B_0: Flags | Nonce N | l(m) */ b[0] = 0x40 /* Adata */ | (3 /* M' */ << 3) | 1 /* L' */; os_memcpy(&b[1], nonce, 13); WPA_PUT_BE16(&b[14], mlen); wpa_hexdump(MSG_EXCESSIVE, "CCMP B_0", b, AES_BLOCK_SIZE); aes_encrypt(aes, b, x); /* X_1 = E(K, B_0) */ wpa_hexdump(MSG_EXCESSIVE, "CCMP B_1", aad, AES_BLOCK_SIZE); xor_aes_block(aad, x); aes_encrypt(aes, aad, x); /* X_2 = E(K, X_1 XOR B_1) */ wpa_hexdump(MSG_EXCESSIVE, "CCMP B_2", &aad[AES_BLOCK_SIZE], AES_BLOCK_SIZE); xor_aes_block(&aad[AES_BLOCK_SIZE], x); aes_encrypt(aes, &aad[AES_BLOCK_SIZE], x); /* X_3 = E(K, X_2 XOR B_2) */ ppos = plain; for (i = 0; i < mlen / AES_BLOCK_SIZE; i++) { /* X_i+1 = E(K, X_i XOR B_i) */ xor_aes_block(x, ppos); ppos += AES_BLOCK_SIZE; aes_encrypt(aes, x, x); } if (last) { /* XOR zero-padded last block */ for (i = 0; i < last; i++) x[i] ^= *ppos++; aes_encrypt(aes, x, x); } aes_encrypt_deinit(aes); if (os_memcmp(x, t, 8) != 0) { u16 seq_ctrl = le_to_host16(hdr->seq_ctrl); wpa_printf(MSG_INFO, "Invalid CCMP MIC in frame: A1=" MACSTR " A2=" MACSTR " A3=" MACSTR " seq=%u frag=%u", MAC2STR(hdr->addr1), MAC2STR(hdr->addr2), MAC2STR(hdr->addr3), WLAN_GET_SEQ_SEQ(seq_ctrl), WLAN_GET_SEQ_FRAG(seq_ctrl)); wpa_hexdump(MSG_DEBUG, "CCMP decrypted", plain, mlen); os_free(plain); return NULL; } *decrypted_len = mlen; return plain; }