ieee80211_crypto_ccmp.c.svn-base

最新之atheros芯片driver source code, 基于linux操作系统,內含atheros芯片HAL全部代码

 * This program is free software; you can redistribute it and/or modify
 * it under the terms of the GNU General Public License version 2 as
 * published by the Free Software Foundation. See README and COPYING for
 * more details.
 *
 * Alternatively, this software may be distributed under the terms of BSD
 * license.
 */

static void
ccmp_init_blocks(struct crypto_cipher *tfm, struct ieee80211_frame *wh,
	u_int64_t pn, size_t dlen,
	uint8_t b0[AES_BLOCK_LEN], uint8_t aad[2 * AES_BLOCK_LEN],
	uint8_t auth[AES_BLOCK_LEN], uint8_t s0[AES_BLOCK_LEN])
{
#define	IS_4ADDRESS(wh) \
	((wh->i_fc[1] & IEEE80211_FC1_DIR_MASK) == IEEE80211_FC1_DIR_DSTODS)
#define	IS_QOS_DATA(wh)	IEEE80211_QOS_HAS_SEQ(wh)

	/* CCM Initial Block:
	 * Flag (Include authentication header, M=3 (8-octet MIC),
	 *       L=1 (2-octet Dlen))
	 * Nonce: 0x00 | A2 | PN
	 * Dlen */
	b0[0] = 0x59;
	/* NB: b0[1] set below */
	IEEE80211_ADDR_COPY(b0 + 2, wh->i_addr2);
	b0[8] = pn >> 40;
	b0[9] = pn >> 32;
	b0[10] = pn >> 24;
	b0[11] = pn >> 16;
	b0[12] = pn >> 8;
	b0[13] = pn >> 0;
	b0[14] = (dlen >> 8) & 0xff;
	b0[15] = dlen & 0xff;

	/* AAD:
	 * FC with bits 4..6 and 11..13 masked to zero; 14 is always one
	 * A1 | A2 | A3
	 * SC with bits 4..15 (seq#) masked to zero
	 * A4 (if present)
	 * QC (if present)
	 */
	aad[0] = 0;	/* AAD length >> 8 */
	/* NB: aad[1] set below */
	aad[2] = wh->i_fc[0] & 0x8f;	/* XXX magic #s */
	aad[3] = wh->i_fc[1] & 0xc7;	/* XXX magic #s */
	/* NB: we know 3 addresses are contiguous */
	memcpy(aad + 4, wh->i_addr1, 3 * IEEE80211_ADDR_LEN);
	aad[22] = wh->i_seq[0] & IEEE80211_SEQ_FRAG_MASK;
	aad[23] = 0; /* all bits masked */
	/*
	 * Construct variable-length portion of AAD based
	 * on whether this is a 4-address frame/QOS frame.
	 * We always zero-pad to 32 bytes before running it
	 * through the cipher.
	 *
	 * We also fill in the priority bits of the CCM
	 * initial block as we know whether or not we have
	 * a QOS frame.
	 */
	if (IS_4ADDRESS(wh)) {
		IEEE80211_ADDR_COPY(aad + 24,
			((struct ieee80211_frame_addr4 *)wh)->i_addr4);
		if (IS_QOS_DATA(wh)) {
			struct ieee80211_qosframe_addr4 *qwh4 =
				(struct ieee80211_qosframe_addr4 *)wh;
			aad[30] = qwh4->i_qos[0] & 0x0f;/* just priority bits */
			aad[31] = 0;
			b0[1] = aad[30];
			aad[1] = 22 + IEEE80211_ADDR_LEN + 2;
		} else {
			*(u_int16_t *)&aad[30] = 0;
			b0[1] = 0;
			aad[1] = 22 + IEEE80211_ADDR_LEN;
		}
	} else {
		if (IS_QOS_DATA(wh)) {
			struct ieee80211_qosframe *qwh =
				(struct ieee80211_qosframe *)wh;
			aad[24] = qwh->i_qos[0] & 0x0f;	/* just priority bits */
			aad[25] = 0;
			b0[1] = aad[24];
			aad[1] = 22 + 2;
		} else {
			*(u_int16_t *)&aad[24] = 0;
			b0[1] = 0;
			aad[1] = 22;
		}
		*(u_int16_t *)&aad[26] = 0;
		*(u_int32_t *)&aad[28] = 0;
	}

	/* Start with the first block and AAD */
	rijndael_encrypt(tfm, b0, auth);
	xor_block(auth, aad, AES_BLOCK_LEN);
	rijndael_encrypt(tfm, auth, auth);
	xor_block(auth, &aad[AES_BLOCK_LEN], AES_BLOCK_LEN);
	rijndael_encrypt(tfm, auth, auth);
	b0[0] &= 0x07;
	b0[14] = b0[15] = 0;
	rijndael_encrypt(tfm, b0, s0);
#undef	IS_QOS_DATA
#undef	IS_4ADDRESS
}

#define	CCMP_ENCRYPT(_i, _b, _b0, _pos, _e, _len) do {	\
	/* Authentication */				\
	xor_block(_b, _pos, _len);			\
	rijndael_encrypt(ctx->cc_tfm, _b, _b);		\
	/* Encryption, with counter */			\
	_b0[14] = (_i >> 8) & 0xff;			\
	_b0[15] = _i & 0xff;				\
	rijndael_encrypt(ctx->cc_tfm, _b0, _e);		\
	xor_block(_pos, _e, _len);			\
} while (0)

static int
ccmp_encrypt(struct ieee80211_key *key, struct sk_buff *skb0, int hdrlen)
{
	struct ccmp_ctx *ctx = key->wk_private;
	struct ieee80211_frame *wh = (struct ieee80211_frame *)skb0->data;
	struct sk_buff *skb;
	int data_len, i;
	uint8_t aad[2 * AES_BLOCK_LEN], b0[AES_BLOCK_LEN], b[AES_BLOCK_LEN];
	uint8_t e[AES_BLOCK_LEN], s0[AES_BLOCK_LEN];
	uint8_t *mic, *pos;
	u_int space;

	ctx->cc_vap->iv_stats.is_crypto_ccmp++;

	skb = skb0;
	data_len = skb->len;
	while (skb->next != NULL) {
		skb = skb->next;
		data_len += skb->len;
	}
	data_len -= hdrlen + ccmp.ic_header;
	if (skb_tailroom(skb) < ccmp.ic_trailer) {
		/* NB: should not happen */
		IEEE80211_NOTE_MAC(ctx->cc_vap, IEEE80211_MSG_CRYPTO,
			wh->i_addr1, "No room for %s MIC, tailroom %u",
			ccmp.ic_name, skb_tailroom(skb));
		/* XXX statistic */
		return 0;
	}
	ccmp_init_blocks(ctx->cc_tfm, wh, key->wk_keytsc,
		data_len, b0, aad, b, s0);

	i = 1;
	skb = skb0;
	pos = skb->data + hdrlen + ccmp.ic_header;
	/* NB: assumes header is entirely in first skbuf */
	space = skb->len - (hdrlen + ccmp.ic_header);
	for (;;) {
		if (space > data_len)
			space = data_len;
		/*
		 * Do full blocks.
		 */
		while (space >= AES_BLOCK_LEN) {
			CCMP_ENCRYPT(i, b, b0, pos, e, AES_BLOCK_LEN);
			pos += AES_BLOCK_LEN, space -= AES_BLOCK_LEN;
			data_len -= AES_BLOCK_LEN;
			i++;
		}
		if (data_len <= 0)		/* no more data */
			break;
		if (skb->next == NULL) {	/* last buffer */
			if (space != 0) {
				/*
				 * Short last block.
				 */
				CCMP_ENCRYPT(i, b, b0, pos, e, space);
			}
			break;
		}
		skb = skb->next;
		if (space != 0) {
			uint8_t *pos_next;
			u_int space_next;
			u_int len;

			/*
			 * Block straddles buffers, split references.  We
			 * do not handle splits that require >2 buffers.
			 */
			pos_next = skb->data;
			len = min(data_len, AES_BLOCK_LEN);
			space_next = len > space ? len - space : 0;
			KASSERT(skb->len >= space_next,
				("not enough data in following buffer, "
				"skb len %u need %u", skb->len, space_next));

			xor_block(b + space, pos_next, space_next);
			CCMP_ENCRYPT(i, b, b0, pos, e, space);
			xor_block(pos_next, e + space, space_next);
			data_len -= len;
			/* XXX could check for data_len <= 0 */
			i++;

			pos = pos_next + space_next;
			space = skb->len - space_next;
		} else {
			/*
			 * Setup for next buffer.
			 */
			pos = skb->data;
			space = skb->len;
		}
	}
	/* tack on MIC */
	mic = skb_put(skb, ccmp.ic_trailer);
	for (i = 0; i < ccmp.ic_trailer; i++)
		mic[i] = b[i] ^ s0[i];
	return 1;
}
#undef CCMP_ENCRYPT

#define	CCMP_DECRYPT(_i, _b, _b0, _pos, _a, _len) do {	\
	/* Decrypt, with counter */			\
	_b0[14] = (_i >> 8) & 0xff;			\
	_b0[15] = _i & 0xff;				\
	rijndael_encrypt(ctx->cc_tfm, _b0, _b);		\
	xor_block(_pos, _b, _len);			\
	/* Authentication */				\
	xor_block(_a, _pos, _len);			\
	rijndael_encrypt(ctx->cc_tfm, _a, _a);		\
} while (0)

static int
ccmp_decrypt(struct ieee80211_key *key, u_int64_t pn, struct sk_buff *skb0, int hdrlen)
{
	struct ccmp_ctx *ctx = key->wk_private;
	struct ieee80211_frame *wh = (struct ieee80211_frame *)skb0->data;
	struct sk_buff *skb;
	uint8_t aad[2 * AES_BLOCK_LEN];
	uint8_t b0[AES_BLOCK_LEN], b[AES_BLOCK_LEN], a[AES_BLOCK_LEN];
	size_t data_len;
	int i;
	uint8_t *pos, *mic;
	u_int space;

	ctx->cc_vap->iv_stats.is_crypto_ccmp++;

	skb = skb0;
	data_len = skb->len;
	while (skb->next != NULL) {
		skb = skb->next;
		data_len += skb->len;
	}
	data_len -= hdrlen + ccmp.ic_header + ccmp.ic_trailer;
	/* NB: skb left pointing at last in chain */
	ccmp_init_blocks(ctx->cc_tfm, wh, pn, data_len, b0, aad, a, b);
	/* NB: this is the last in the chain */
	/* XXX assert skb->len >= ccmp.ic_trailer */
	mic = skb->data + skb->len - ccmp.ic_trailer;
	xor_block(mic, b, ccmp.ic_trailer);

	i = 1;
	skb = skb0;
	pos = skb->data + hdrlen + ccmp.ic_header;
	space = skb->len - (hdrlen + ccmp.ic_header);
	for (;;) {
		if (space > data_len)
			space = data_len;
		while (space >= AES_BLOCK_LEN) {
			CCMP_DECRYPT(i, b, b0, pos, a, AES_BLOCK_LEN);
			pos += AES_BLOCK_LEN;
			space -= AES_BLOCK_LEN;
			data_len -= AES_BLOCK_LEN;
			i++;
		}
		if (data_len <= 0)		/* no more data */
			break;
		skb = skb->next;
		if (skb == NULL) {		/* last buffer */
			if (space != 0)		/* short last block */
				CCMP_DECRYPT(i, b, b0, pos, a, space);
			break;
		}
		if (space != 0) {
			uint8_t *pos_next;
			u_int space_next;
			u_int len;

			/*
			 * Block straddles buffers, split references.  We
			 * do not handle splits that require >2 buffers.
			 */
			pos_next = skb->data;
			len = min(data_len, (size_t) AES_BLOCK_LEN);
			space_next = len > space ? len - space : 0;
			KASSERT(skb->len >= space_next,
				("not enough data in following buffer, "
				"skb len %u need %u", skb->len, space_next));

			xor_block(b+space, pos_next, space_next);
			CCMP_DECRYPT(i, b, b0, pos, a, space);
			xor_block(pos_next, b+space, space_next);
			data_len -= len;
			i++;

			pos = pos_next + space_next;
			space = skb->len - space_next;
		} else {
			/*
			 * Setup for next buffer.
			 */
			pos = skb->data;
			space = skb->len;
		}
	}

	if (memcmp(mic, a, ccmp.ic_trailer) != 0) {
		IEEE80211_NOTE_MAC(ctx->cc_vap, IEEE80211_MSG_CRYPTO,
			wh->i_addr2,
			"AES-CCM decrypt failed; MIC mismatch (keyix %u, rsc %llu)",
			key->wk_keyix, (unsigned long long)pn);
		ctx->cc_vap->iv_stats.is_rx_ccmpmic++;
		return 0;
	}
	return 1;
}
#undef CCMP_DECRYPT

/*
 * Module glue.
 */

MODULE_AUTHOR("Errno Consulting, Sam Leffler");
MODULE_DESCRIPTION("802.11 wireless support: AES-CCM cipher");
#ifdef MODULE_LICENSE
MODULE_LICENSE("Dual BSD/GPL");
#endif

static int __init
init_crypto_ccmp(void)
{
	ieee80211_crypto_register(&ccmp);
	return 0;
}
module_init(init_crypto_ccmp);

static void __exit
exit_crypto_ccmp(void)
{
	ieee80211_crypto_unregister(&ccmp);
}
module_exit(exit_crypto_ccmp);