From b20991da6936a1baae9f2239ee127610a6f5335d Mon Sep 17 00:00:00 2001 From: Jouni Malinen Date: Mon, 5 Sep 2022 23:08:43 +0300 Subject: [PATCH] wlantest: MLD MAC Address in CCMP/GCMP AAD/nonce Use the MLD MAC Address instead of link address in CCMP/GCMP AAD/nonce construction when processing an individually addressed Data frame with FromDS=1 or ToDS=1 between an AP MLD and non-AP MLD. Signed-off-by: Jouni Malinen --- wlantest/ccmp.c | 32 +++++++++++------ wlantest/gcmp.c | 21 +++++++---- wlantest/inject.c | 6 ++-- wlantest/rx_data.c | 80 ++++++++++++++++++++++++++++------------- wlantest/rx_mgmt.c | 25 ++++++------- wlantest/test_vectors.c | 24 +++++++------ wlantest/wlantest.h | 17 +++++---- 7 files changed, 134 insertions(+), 71 deletions(-) diff --git a/wlantest/ccmp.c b/wlantest/ccmp.c index 5d393d43d..265de18df 100644 --- a/wlantest/ccmp.c +++ b/wlantest/ccmp.c @@ -16,7 +16,8 @@ static void ccmp_aad_nonce(const struct ieee80211_hdr *hdr, const u8 *data, - u8 *aad, size_t *aad_len, u8 *nonce) + const u8 *a1, const u8 *a2, u8 *aad, size_t *aad_len, + u8 *nonce) { u16 fc, stype, seq; int qos = 0, addr4 = 0; @@ -49,6 +50,10 @@ static void ccmp_aad_nonce(const struct ieee80211_hdr *hdr, const u8 *data, WPA_PUT_LE16(aad, fc); pos = aad + 2; os_memcpy(pos, hdr->addr1, 3 * ETH_ALEN); + if (a1) + os_memcpy(pos, a1, ETH_ALEN); + if (a2) + os_memcpy(pos + ETH_ALEN, a2, ETH_ALEN); pos += 3 * ETH_ALEN; seq = le_to_host16(hdr->seq_ctrl); seq &= ~0xfff0; /* Mask Seq#; do not modify Frag# */ @@ -67,7 +72,10 @@ static void ccmp_aad_nonce(const struct ieee80211_hdr *hdr, const u8 *data, *aad_len = pos - aad; - os_memcpy(nonce + 1, hdr->addr2, ETH_ALEN); + if (a2) + os_memcpy(nonce + 1, a2, ETH_ALEN); + else + os_memcpy(nonce + 1, hdr->addr2, ETH_ALEN); nonce[7] = data[7]; /* PN5 */ nonce[8] = data[6]; /* PN4 */ nonce[9] = data[5]; /* PN3 */ @@ -136,7 +144,8 @@ static void ccmp_aad_nonce_pv1(const u8 *hdr, const u8 *a1, const u8 *a2, u8 * ccmp_decrypt(const u8 *tk, const struct ieee80211_hdr *hdr, - const u8 *data, size_t data_len, size_t *decrypted_len) + const u8 *a1, const u8 *a2, const u8 *data, size_t data_len, + size_t *decrypted_len) { u8 aad[30], nonce[13]; size_t aad_len; @@ -153,7 +162,7 @@ u8 * ccmp_decrypt(const u8 *tk, const struct ieee80211_hdr *hdr, mlen = data_len - 8 - 8; os_memset(aad, 0, sizeof(aad)); - ccmp_aad_nonce(hdr, data, aad, &aad_len, nonce); + ccmp_aad_nonce(hdr, data, a1, a2, aad, &aad_len, nonce); wpa_hexdump(MSG_EXCESSIVE, "CCMP AAD", aad, aad_len); wpa_hexdump(MSG_EXCESSIVE, "CCMP nonce", nonce, 13); @@ -187,8 +196,9 @@ void ccmp_get_pn(u8 *pn, const u8 *data) } -u8 * ccmp_encrypt(const u8 *tk, u8 *frame, size_t len, size_t hdrlen, u8 *qos, - u8 *pn, int keyid, size_t *encrypted_len) +u8 * ccmp_encrypt(const u8 *tk, u8 *frame, size_t len, size_t hdrlen, + const u8 *qos, const u8 *a1, const u8 *a2, const u8 *pn, + int keyid, size_t *encrypted_len) { u8 aad[30], nonce[13]; size_t aad_len, plen; @@ -217,7 +227,7 @@ u8 * ccmp_encrypt(const u8 *tk, u8 *frame, size_t len, size_t hdrlen, u8 *qos, *pos++ = pn[0]; /* PN5 */ os_memset(aad, 0, sizeof(aad)); - ccmp_aad_nonce(hdr, crypt + hdrlen, aad, &aad_len, nonce); + ccmp_aad_nonce(hdr, crypt + hdrlen, a1, a2, aad, &aad_len, nonce); wpa_hexdump(MSG_EXCESSIVE, "CCMP AAD", aad, aad_len); wpa_hexdump(MSG_EXCESSIVE, "CCMP nonce", nonce, 13); @@ -278,6 +288,7 @@ u8 * ccmp_encrypt_pv1(const u8 *tk, const u8 *a1, const u8 *a2, const u8 *a3, u8 * ccmp_256_decrypt(const u8 *tk, const struct ieee80211_hdr *hdr, + const u8 *a1, const u8 *a2, const u8 *data, size_t data_len, size_t *decrypted_len) { u8 aad[30], nonce[13]; @@ -295,7 +306,7 @@ u8 * ccmp_256_decrypt(const u8 *tk, const struct ieee80211_hdr *hdr, mlen = data_len - 8 - 16; os_memset(aad, 0, sizeof(aad)); - ccmp_aad_nonce(hdr, data, aad, &aad_len, nonce); + ccmp_aad_nonce(hdr, data, a1, a2, aad, &aad_len, nonce); wpa_hexdump(MSG_EXCESSIVE, "CCMP-256 AAD", aad, aad_len); wpa_hexdump(MSG_EXCESSIVE, "CCMP-256 nonce", nonce, 13); @@ -319,7 +330,8 @@ u8 * ccmp_256_decrypt(const u8 *tk, const struct ieee80211_hdr *hdr, u8 * ccmp_256_encrypt(const u8 *tk, u8 *frame, size_t len, size_t hdrlen, - u8 *qos, u8 *pn, int keyid, size_t *encrypted_len) + const u8 *qos, const u8 *a1, const u8 *a2, const u8 *pn, + int keyid, size_t *encrypted_len) { u8 aad[30], nonce[13]; size_t aad_len, plen; @@ -348,7 +360,7 @@ u8 * ccmp_256_encrypt(const u8 *tk, u8 *frame, size_t len, size_t hdrlen, *pos++ = pn[0]; /* PN5 */ os_memset(aad, 0, sizeof(aad)); - ccmp_aad_nonce(hdr, crypt + hdrlen, aad, &aad_len, nonce); + ccmp_aad_nonce(hdr, crypt + hdrlen, a1, a2, aad, &aad_len, nonce); wpa_hexdump(MSG_EXCESSIVE, "CCMP-256 AAD", aad, aad_len); wpa_hexdump(MSG_EXCESSIVE, "CCMP-256 nonce", nonce, 13); diff --git a/wlantest/gcmp.c b/wlantest/gcmp.c index f9f95b23d..da723dd82 100644 --- a/wlantest/gcmp.c +++ b/wlantest/gcmp.c @@ -16,7 +16,8 @@ static void gcmp_aad_nonce(const struct ieee80211_hdr *hdr, const u8 *data, - u8 *aad, size_t *aad_len, u8 *nonce) + const u8 *a1, const u8 *a2, u8 *aad, size_t *aad_len, + u8 *nonce) { u16 fc, stype, seq; int qos = 0, addr4 = 0; @@ -44,6 +45,10 @@ static void gcmp_aad_nonce(const struct ieee80211_hdr *hdr, const u8 *data, WPA_PUT_LE16(aad, fc); pos = aad + 2; os_memcpy(pos, hdr->addr1, 3 * ETH_ALEN); + if (a1) + os_memcpy(pos, a1, ETH_ALEN); + if (a2) + os_memcpy(pos + ETH_ALEN, a2, ETH_ALEN); pos += 3 * ETH_ALEN; seq = le_to_host16(hdr->seq_ctrl); seq &= ~0xfff0; /* Mask Seq#; do not modify Frag# */ @@ -62,7 +67,10 @@ static void gcmp_aad_nonce(const struct ieee80211_hdr *hdr, const u8 *data, *aad_len = pos - aad; - os_memcpy(nonce, hdr->addr2, ETH_ALEN); + if (a2) + os_memcpy(nonce, a2, ETH_ALEN); + else + os_memcpy(nonce, hdr->addr2, ETH_ALEN); nonce[6] = data[7]; /* PN5 */ nonce[7] = data[6]; /* PN4 */ nonce[8] = data[5]; /* PN3 */ @@ -73,7 +81,8 @@ static void gcmp_aad_nonce(const struct ieee80211_hdr *hdr, const u8 *data, u8 * gcmp_decrypt(const u8 *tk, size_t tk_len, const struct ieee80211_hdr *hdr, - const u8 *data, size_t data_len, size_t *decrypted_len) + const u8 *a1, const u8 *a2, const u8 *data, size_t data_len, + size_t *decrypted_len) { u8 aad[30], nonce[12], *plain; size_t aad_len, mlen; @@ -90,7 +99,7 @@ u8 * gcmp_decrypt(const u8 *tk, size_t tk_len, const struct ieee80211_hdr *hdr, mlen = data_len - 8 - 16; os_memset(aad, 0, sizeof(aad)); - gcmp_aad_nonce(hdr, data, aad, &aad_len, nonce); + gcmp_aad_nonce(hdr, data, a1, a2, aad, &aad_len, nonce); wpa_hexdump(MSG_EXCESSIVE, "GCMP AAD", aad, aad_len); wpa_hexdump(MSG_EXCESSIVE, "GCMP nonce", nonce, sizeof(nonce)); @@ -113,7 +122,7 @@ u8 * gcmp_decrypt(const u8 *tk, size_t tk_len, const struct ieee80211_hdr *hdr, u8 * gcmp_encrypt(const u8 *tk, size_t tk_len, const u8 *frame, size_t len, - size_t hdrlen, const u8 *qos, + size_t hdrlen, const u8 *qos, const u8 *a1, const u8 *a2, const u8 *pn, int keyid, size_t *encrypted_len) { u8 aad[30], nonce[12], *crypt, *pos; @@ -141,7 +150,7 @@ u8 * gcmp_encrypt(const u8 *tk, size_t tk_len, const u8 *frame, size_t len, *pos++ = pn[0]; /* PN5 */ os_memset(aad, 0, sizeof(aad)); - gcmp_aad_nonce(hdr, crypt + hdrlen, aad, &aad_len, nonce); + gcmp_aad_nonce(hdr, crypt + hdrlen, a1, a2, aad, &aad_len, nonce); wpa_hexdump(MSG_EXCESSIVE, "GCMP AAD", aad, aad_len); wpa_hexdump(MSG_EXCESSIVE, "GCMP nonce", nonce, sizeof(nonce)); diff --git a/wlantest/inject.c b/wlantest/inject.c index b177bcfd9..bc6078cf7 100644 --- a/wlantest/inject.c +++ b/wlantest/inject.c @@ -143,7 +143,7 @@ static int wlantest_inject_prot_bc(struct wlantest *wt, else crypt = ccmp_encrypt(incorrect_key ? stub : bss->gtk[bss->gtk_idx], - frame, len, hdrlen, NULL, pn, + frame, len, hdrlen, NULL, NULL, NULL, pn, bss->gtk_idx, &crypt_len); if (crypt == NULL) @@ -246,7 +246,7 @@ static int wlantest_inject_prot(struct wlantest *wt, struct wlantest_bss *bss, os_memset(stub, 0x11, sizeof(stub)); if (tk) crypt = ccmp_encrypt(incorrect_key ? stub : tk, - frame, len, hdrlen, qos, pn, 0, + frame, len, hdrlen, qos, NULL, NULL, pn, 0, &crypt_len); else if (sta->pairwise_cipher == WPA_CIPHER_TKIP) crypt = tkip_encrypt(incorrect_key ? stub : sta->ptk.tk, @@ -254,7 +254,7 @@ static int wlantest_inject_prot(struct wlantest *wt, struct wlantest_bss *bss, &crypt_len); else crypt = ccmp_encrypt(incorrect_key ? stub : sta->ptk.tk, - frame, len, hdrlen, qos, pn, 0, + frame, len, hdrlen, qos, NULL, NULL, pn, 0, &crypt_len); if (crypt == NULL) { diff --git a/wlantest/rx_data.c b/wlantest/rx_data.c index 14220f273..fc3dee49c 100644 --- a/wlantest/rx_data.c +++ b/wlantest/rx_data.c @@ -152,6 +152,7 @@ static void rx_data_process(struct wlantest *wt, struct wlantest_bss *bss, static u8 * try_ptk(struct wlantest *wt, int pairwise_cipher, struct wpa_ptk *ptk, const struct ieee80211_hdr *hdr, + const u8 *a1, const u8 *a2, const u8 *data, size_t data_len, size_t *decrypted_len) { u8 *decrypted; @@ -160,17 +161,17 @@ static u8 * try_ptk(struct wlantest *wt, int pairwise_cipher, decrypted = NULL; if ((pairwise_cipher == WPA_CIPHER_CCMP || pairwise_cipher == 0) && tk_len == 16) { - decrypted = ccmp_decrypt(ptk->tk, hdr, data, + decrypted = ccmp_decrypt(ptk->tk, hdr, a1, a2, data, data_len, decrypted_len); } else if ((pairwise_cipher == WPA_CIPHER_CCMP_256 || pairwise_cipher == 0) && tk_len == 32) { - decrypted = ccmp_256_decrypt(ptk->tk, hdr, data, + decrypted = ccmp_256_decrypt(ptk->tk, hdr, a1, a2, data, data_len, decrypted_len); } else if ((pairwise_cipher == WPA_CIPHER_GCMP || pairwise_cipher == WPA_CIPHER_GCMP_256 || pairwise_cipher == 0) && (tk_len == 16 || tk_len == 32)) { - decrypted = gcmp_decrypt(ptk->tk, tk_len, hdr, + decrypted = gcmp_decrypt(ptk->tk, tk_len, hdr, a1, a2, data, data_len, decrypted_len); } else if ((pairwise_cipher == WPA_CIPHER_TKIP || pairwise_cipher == 0) && tk_len == 32) { @@ -190,7 +191,8 @@ static u8 * try_ptk(struct wlantest *wt, int pairwise_cipher, static u8 * try_all_ptk(struct wlantest *wt, int pairwise_cipher, - const struct ieee80211_hdr *hdr, int keyid, + const struct ieee80211_hdr *hdr, + const u8 *a1, const u8 *a2, int keyid, const u8 *data, size_t data_len, size_t *decrypted_len) { struct wlantest_ptk *ptk; @@ -199,7 +201,7 @@ static u8 * try_all_ptk(struct wlantest *wt, int pairwise_cipher, wpa_debug_level = MSG_WARNING; dl_list_for_each(ptk, &wt->ptk, struct wlantest_ptk, list) { - decrypted = try_ptk(wt, pairwise_cipher, &ptk->ptk, hdr, + decrypted = try_ptk(wt, pairwise_cipher, &ptk->ptk, hdr, a1, a2, data, data_len, decrypted_len); if (decrypted) { wpa_debug_level = prev_level; @@ -288,8 +290,8 @@ static void rx_data_bss_prot_group(struct wlantest *wt, if (bss->gtk_len[keyid] == 0 && (bss->group_cipher != WPA_CIPHER_WEP40 || dl_list_empty(&wt->wep))) { - decrypted = try_all_ptk(wt, bss->group_cipher, hdr, keyid, - data, len, &dlen); + decrypted = try_all_ptk(wt, bss->group_cipher, hdr, NULL, NULL, + keyid, data, len, &dlen); if (decrypted) goto process; add_note(wt, MSG_MSGDUMP, @@ -337,15 +339,15 @@ skip_replay_det: } else if (bss->group_cipher == WPA_CIPHER_WEP40) { decrypted = wep_decrypt(wt, hdr, data, len, &dlen); } else if (bss->group_cipher == WPA_CIPHER_CCMP) { - decrypted = ccmp_decrypt(bss->gtk[keyid], hdr, data, len, - &dlen); + decrypted = ccmp_decrypt(bss->gtk[keyid], hdr, NULL, NULL, + data, len, &dlen); } else if (bss->group_cipher == WPA_CIPHER_CCMP_256) { - decrypted = ccmp_256_decrypt(bss->gtk[keyid], hdr, data, len, - &dlen); + decrypted = ccmp_256_decrypt(bss->gtk[keyid], hdr, NULL, NULL, + data, len, &dlen); } else if (bss->group_cipher == WPA_CIPHER_GCMP || bss->group_cipher == WPA_CIPHER_GCMP_256) { decrypted = gcmp_decrypt(bss->gtk[keyid], bss->gtk_len[keyid], - hdr, data, len, &dlen); + hdr, NULL, NULL, data, len, &dlen); } if (decrypted) { @@ -378,14 +380,29 @@ static u8 * try_ptk_decrypt(struct wlantest *wt, struct wlantest_sta *sta, const u8 *tk, size_t tk_len, size_t *dlen) { u8 *decrypted = NULL; + u16 fc = le_to_host16(hdr->frame_control); + const u8 *a1 = NULL, *a2 = NULL; + + if ((fc & (WLAN_FC_TODS | WLAN_FC_FROMDS)) && + !is_zero_ether_addr(sta->mld_mac_addr) && + !is_zero_ether_addr(sta->bss->mld_mac_addr)) { + if (os_memcmp(hdr->addr1, sta->addr, ETH_ALEN) == 0) { + a1 = sta->mld_mac_addr; + a2 = sta->bss->mld_mac_addr; + } else { + a1 = sta->bss->mld_mac_addr; + a2 = sta->mld_mac_addr; + } + } if (sta->pairwise_cipher == WPA_CIPHER_CCMP_256) - decrypted = ccmp_256_decrypt(tk, hdr, data, len, dlen); + decrypted = ccmp_256_decrypt(tk, hdr, a1, a2, data, len, dlen); else if (sta->pairwise_cipher == WPA_CIPHER_GCMP || sta->pairwise_cipher == WPA_CIPHER_GCMP_256) - decrypted = gcmp_decrypt(tk, tk_len, hdr, data, len, dlen); + decrypted = gcmp_decrypt(tk, tk_len, hdr, a1, a2, + data, len, dlen); else - decrypted = ccmp_decrypt(tk, hdr, data, len, dlen); + decrypted = ccmp_decrypt(tk, hdr, a1, a2, data, len, dlen); write_decrypted_note(wt, decrypted, tk, tk_len, keyid); return decrypted; @@ -412,6 +429,7 @@ static void rx_data_bss_prot(struct wlantest *wt, int replay = 0; int only_zero_tk = 0; u16 seq_ctrl = le_to_host16(hdr->seq_ctrl); + const u8 *a1 = NULL, *a2 = NULL; if (hdr->addr1[0] & 0x01) { rx_data_bss_prot_group(wt, hdr, hdrlen, qos, dst, src, @@ -607,18 +625,32 @@ static void rx_data_bss_prot(struct wlantest *wt, } skip_replay_det: + if ((fc & (WLAN_FC_TODS | WLAN_FC_FROMDS)) && + !is_zero_ether_addr(sta->mld_mac_addr) && + !is_zero_ether_addr(bss->mld_mac_addr)) { + if (os_memcmp(hdr->addr1, sta->addr, ETH_ALEN) == 0) { + a1 = sta->mld_mac_addr; + a2 = bss->mld_mac_addr; + } else { + a1 = bss->mld_mac_addr; + a2 = sta->mld_mac_addr; + } + } + if (tk) { if (sta->pairwise_cipher == WPA_CIPHER_CCMP_256) { - decrypted = ccmp_256_decrypt(tk, hdr, data, len, &dlen); + decrypted = ccmp_256_decrypt(tk, hdr, a1, a2, data, len, + &dlen); write_decrypted_note(wt, decrypted, tk, 32, keyid); } else if (sta->pairwise_cipher == WPA_CIPHER_GCMP || sta->pairwise_cipher == WPA_CIPHER_GCMP_256) { - decrypted = gcmp_decrypt(tk, sta->ptk.tk_len, hdr, data, - len, &dlen); + decrypted = gcmp_decrypt(tk, sta->ptk.tk_len, hdr, + a1, a2, data, len, &dlen); write_decrypted_note(wt, decrypted, tk, sta->ptk.tk_len, keyid); } else { - decrypted = ccmp_decrypt(tk, hdr, data, len, &dlen); + decrypted = ccmp_decrypt(tk, hdr, a1, a2, data, len, + &dlen); write_decrypted_note(wt, decrypted, tk, 16, keyid); } } else if (sta->pairwise_cipher == WPA_CIPHER_TKIP) { @@ -638,13 +670,13 @@ skip_replay_det: sta->ptk.tk, sta->ptk.tk_len, &dlen); } else { - decrypted = try_all_ptk(wt, sta->pairwise_cipher, hdr, keyid, - data, len, &dlen); + decrypted = try_all_ptk(wt, sta->pairwise_cipher, hdr, a1, a2, + keyid, data, len, &dlen); ptk_iter_done = 1; } if (!decrypted && !ptk_iter_done) { - decrypted = try_all_ptk(wt, sta->pairwise_cipher, hdr, keyid, - data, len, &dlen); + decrypted = try_all_ptk(wt, sta->pairwise_cipher, hdr, a1, a2, + keyid, data, len, &dlen); if (decrypted) { add_note(wt, MSG_DEBUG, "Current PTK did not work, but found a match from all known PTKs"); } @@ -658,7 +690,7 @@ check_zero_tk: zero_ptk.tk_len = wpa_cipher_key_len(sta->pairwise_cipher); wpa_debug_level = MSG_ERROR; decrypted = try_ptk(wt, sta->pairwise_cipher, &zero_ptk, hdr, - data, len, &dlen); + a1, a2, data, len, &dlen); wpa_debug_level = old_debug_level; if (decrypted) { add_note(wt, MSG_DEBUG, diff --git a/wlantest/rx_mgmt.c b/wlantest/rx_mgmt.c index 50c250726..1d0aef6ab 100644 --- a/wlantest/rx_mgmt.c +++ b/wlantest/rx_mgmt.c @@ -2274,17 +2274,17 @@ static u8 * try_tk(struct wpa_ptk *ptk, size_t ptk_len, hdr = (const struct ieee80211_hdr *) data; if (ptk_len == 16) { - decrypted = ccmp_decrypt(ptk->tk, hdr, data + 24, len - 24, - dlen); + decrypted = ccmp_decrypt(ptk->tk, hdr, NULL, NULL, + data + 24, len - 24, dlen); if (!decrypted) - decrypted = gcmp_decrypt(ptk->tk, 16, hdr, data + 24, - len - 24, dlen); + decrypted = gcmp_decrypt(ptk->tk, 16, hdr, NULL, NULL, + data + 24, len - 24, dlen); } else if (ptk_len == 32) { - decrypted = ccmp_256_decrypt(ptk->tk, hdr, data + 24, len - 24, - dlen); + decrypted = ccmp_256_decrypt(ptk->tk, hdr, NULL, NULL, + data + 24, len - 24, dlen); if (!decrypted) - decrypted = gcmp_decrypt(ptk->tk, 32, hdr, data + 24, - len - 24, dlen); + decrypted = gcmp_decrypt(ptk->tk, 32, hdr, NULL, NULL, + data + 24, len - 24, dlen); } else { decrypted = NULL; } @@ -2407,18 +2407,19 @@ static u8 * mgmt_decrypt(struct wlantest *wt, const u8 *data, size_t len, } if (sta->pairwise_cipher == WPA_CIPHER_CCMP_256) { - decrypted = ccmp_256_decrypt(sta->ptk.tk, hdr, data + 24, - len - 24, dlen); + decrypted = ccmp_256_decrypt(sta->ptk.tk, hdr, NULL, NULL, + data + 24, len - 24, dlen); write_decrypted_note(wt, decrypted, sta->ptk.tk, 32, keyid); } else if (sta->pairwise_cipher == WPA_CIPHER_GCMP || sta->pairwise_cipher == WPA_CIPHER_GCMP_256) { decrypted = gcmp_decrypt(sta->ptk.tk, sta->ptk.tk_len, hdr, + NULL, NULL, data + 24, len - 24, dlen); write_decrypted_note(wt, decrypted, sta->ptk.tk, sta->ptk.tk_len, keyid); } else { - decrypted = ccmp_decrypt(sta->ptk.tk, hdr, data + 24, len - 24, - dlen); + decrypted = ccmp_decrypt(sta->ptk.tk, hdr, NULL, NULL, + data + 24, len - 24, dlen); write_decrypted_note(wt, decrypted, sta->ptk.tk, 16, keyid); } if (decrypted) { diff --git a/wlantest/test_vectors.c b/wlantest/test_vectors.c index 7f39c4264..800d36557 100644 --- a/wlantest/test_vectors.c +++ b/wlantest/test_vectors.c @@ -107,7 +107,8 @@ static void test_vector_ccmp(void) wpa_hexdump(MSG_INFO, "802.11 Header", frame, 24); wpa_hexdump(MSG_INFO, "Plaintext Data", frame + 24, sizeof(frame) - 24); - enc = ccmp_encrypt(tk, frame, sizeof(frame), 24, NULL, pn, 0, &enc_len); + enc = ccmp_encrypt(tk, frame, sizeof(frame), 24, NULL, NULL, NULL, pn, + 0, &enc_len); if (enc == NULL) { wpa_printf(MSG_ERROR, "Failed to encrypt CCMP frame"); return; @@ -119,7 +120,7 @@ static void test_vector_ccmp(void) wpa_debug_level = MSG_INFO; plain = ccmp_decrypt(tk, (const struct ieee80211_hdr *) enc, - enc + 24, enc_len - 24, &plain_len); + enc + 24, NULL, NULL, enc_len - 24, &plain_len); wpa_debug_level = MSG_EXCESSIVE; os_free(enc); @@ -401,7 +402,8 @@ static void test_vector_ccmp_mgmt(void) wpa_hexdump(MSG_INFO, "802.11 Header", frame, 24); wpa_hexdump(MSG_INFO, "Plaintext Data", frame + 24, sizeof(frame) - 24); - enc = ccmp_encrypt(tk, frame, sizeof(frame), 24, NULL, pn, 0, &enc_len); + enc = ccmp_encrypt(tk, frame, sizeof(frame), 24, NULL, NULL, NULL, pn, + 0, &enc_len); if (enc == NULL) { wpa_printf(MSG_ERROR, "Failed to encrypt CCMP frame"); return; @@ -411,7 +413,7 @@ static void test_vector_ccmp_mgmt(void) wpa_debug_level = MSG_INFO; plain = ccmp_decrypt(tk, (const struct ieee80211_hdr *) enc, - enc + 24, enc_len - 24, &plain_len); + enc + 24, NULL, NULL, enc_len - 24, &plain_len); wpa_debug_level = MSG_EXCESSIVE; os_free(enc); @@ -580,6 +582,7 @@ static int run_gcmp(int idx, const struct gcmp_test *vector) vector->hdr_len, vector->hdr_len == 26 ? vector->frame + vector->hdr_len - 2 : NULL, + NULL, NULL, vector->pn, 0, &enc_len); if (enc == NULL) { wpa_printf(MSG_ERROR, "Failed to encrypt GCMP frame"); @@ -603,7 +606,7 @@ static int run_gcmp(int idx, const struct gcmp_test *vector) wpa_debug_level = MSG_INFO; plain = gcmp_decrypt(vector->tk, sizeof(vector->tk), - (const struct ieee80211_hdr *) enc, + (const struct ieee80211_hdr *) enc, NULL, NULL, enc + vector->hdr_len, enc_len - vector->hdr_len, &plain_len); wpa_debug_level = MSG_EXCESSIVE; @@ -689,7 +692,7 @@ static int test_vector_gcmp_256(void) wpa_hexdump(MSG_INFO, "Plaintext Data", frame + 26, sizeof(frame) - 26); enc = gcmp_encrypt(tk, sizeof(tk), frame, sizeof(frame), 26, frame + 24, - pn, 0, &enc_len); + NULL, NULL, pn, 0, &enc_len); if (enc == NULL) { wpa_printf(MSG_ERROR, "Failed to encrypt GCMP frame"); return 1; @@ -705,7 +708,7 @@ static int test_vector_gcmp_256(void) wpa_debug_level = MSG_INFO; plain = gcmp_decrypt(tk, sizeof(tk), (const struct ieee80211_hdr *) enc, - enc + 26, enc_len - 26, &plain_len); + NULL, NULL, enc + 26, enc_len - 26, &plain_len); wpa_debug_level = MSG_EXCESSIVE; os_free(enc); @@ -766,8 +769,8 @@ static int test_vector_ccmp_256(void) wpa_hexdump(MSG_INFO, "802.11 Header", frame, 24); wpa_hexdump(MSG_INFO, "Plaintext Data", frame + 24, sizeof(frame) - 24); - enc = ccmp_256_encrypt(tk, frame, sizeof(frame), 24, NULL, pn, 0, - &enc_len); + enc = ccmp_256_encrypt(tk, frame, sizeof(frame), 24, NULL, NULL, NULL, + pn, 0, &enc_len); if (enc == NULL) { wpa_printf(MSG_ERROR, "Failed to encrypt CCMP frame"); return 1; @@ -783,7 +786,8 @@ static int test_vector_ccmp_256(void) wpa_debug_level = MSG_INFO; plain = ccmp_256_decrypt(tk, (const struct ieee80211_hdr *) enc, - enc + 24, enc_len - 24, &plain_len); + enc + 24, NULL, NULL, enc_len - 24, + &plain_len); wpa_debug_level = MSG_EXCESSIVE; os_free(enc); diff --git a/wlantest/wlantest.h b/wlantest/wlantest.h index 88f1e140f..9731e7e6b 100644 --- a/wlantest/wlantest.h +++ b/wlantest/wlantest.h @@ -303,18 +303,22 @@ void sta_update_assoc(struct wlantest_sta *sta, struct ieee802_11_elems *elems); u8 * ccmp_decrypt(const u8 *tk, const struct ieee80211_hdr *hdr, - const u8 *data, size_t data_len, size_t *decrypted_len); -u8 * ccmp_encrypt(const u8 *tk, u8 *frame, size_t len, size_t hdrlen, u8 *qos, - u8 *pn, int keyid, size_t *encrypted_len); + const u8 *a1, const u8 *a2, const u8 *data, size_t data_len, + size_t *decrypted_len); +u8 * ccmp_encrypt(const u8 *tk, u8 *frame, size_t len, size_t hdrlen, + const u8 *qos, const u8 *a1, const u8 *a2, const u8 *pn, + int keyid, size_t *encrypted_len); u8 * ccmp_encrypt_pv1(const u8 *tk, const u8 *a1, const u8 *a2, const u8 *a3, const u8 *frame, size_t len, size_t hdrlen, const u8 *pn, int keyid, size_t *encrypted_len); void ccmp_get_pn(u8 *pn, const u8 *data); u8 * ccmp_256_decrypt(const u8 *tk, const struct ieee80211_hdr *hdr, + const u8 *a1, const u8 *a2, const u8 *data, size_t data_len, size_t *decrypted_len); u8 * ccmp_256_encrypt(const u8 *tk, u8 *frame, size_t len, size_t hdrlen, - u8 *qos, u8 *pn, int keyid, size_t *encrypted_len); + const u8 *qos, const u8 *a1, const u8 *a2, const u8 *pn, + int keyid, size_t *encrypted_len); enum michael_mic_result { MICHAEL_MIC_OK, @@ -337,9 +341,10 @@ u8 * bip_gmac_protect(const u8 *igtk, size_t igtk_len, u8 *frame, size_t len, u8 *ipn, int keyid, size_t *prot_len); u8 * gcmp_decrypt(const u8 *tk, size_t tk_len, const struct ieee80211_hdr *hdr, - const u8 *data, size_t data_len, size_t *decrypted_len); + const u8 *a1, const u8 *a2, const u8 *data, size_t data_len, + size_t *decrypted_len); u8 * gcmp_encrypt(const u8 *tk, size_t tk_len, const u8 *frame, size_t len, - size_t hdrlen, const u8 *qos, + size_t hdrlen, const u8 *qos, const u8 *a1, const u8 *a2, const u8 *pn, int keyid, size_t *encrypted_len); int ctrl_init(struct wlantest *wt);