DGNum/hostapd
6
0
Fork 0
Code Issues Pull requests 1 Projects Releases Packages Wiki Activity Actions

wlantest: Use AP MLD address in CCMP/GCMP AAD for A3

Browse source 
Commit b20991da69 ("wlantest: MLD MAC Address in CCMP/GCMP AAD/nonce")
updated AAD and nonce construction to use MLD addresses in AAD for A1
and A2. IEEE P802.11be has additional cases where A3 in AAD is set to
the AP MLD address, so cover those as well.

Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
This commit is contained in:
Jouni Malinen 2023-01-10 12:38:59 +02:00 committed by Jouni Malinen
parent 5c86622175
commit c1ce0c3587
7 changed files with 95 additions and 74 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

27
wlantest/ccmp.c
View file

@ -16,8 +16,8 @@
static void ccmp_aad_nonce(const struct ieee80211_hdr *hdr, const u8 *data,
const u8 *a1, const u8 *a2, u8 *aad, size_t *aad_len,
u8 *nonce)
const u8 *a1, const u8 *a2, const u8 *a3,
u8 *aad, size_t *aad_len, u8 *nonce)
{
u16 fc, stype, seq;
int qos = 0, addr4 = 0;
@ -54,6 +54,8 @@ static void ccmp_aad_nonce(const struct ieee80211_hdr *hdr, const u8 *data,
os_memcpy(pos, a1, ETH_ALEN);
if (a2)
os_memcpy(pos + ETH_ALEN, a2, ETH_ALEN);
if (a3)
os_memcpy(pos + 2 * ETH_ALEN, a3, ETH_ALEN);
pos += 3 * ETH_ALEN;
seq = le_to_host16(hdr->seq_ctrl);
seq &= ~0xfff0; /* Mask Seq#; do not modify Frag# */
@ -144,7 +146,8 @@ static void ccmp_aad_nonce_pv1(const u8 *hdr, const u8 *a1, const u8 *a2,
u8 * ccmp_decrypt(const u8 *tk, const struct ieee80211_hdr *hdr,
const u8 *a1, const u8 *a2, const u8 *data, size_t data_len,
const u8 *a1, const u8 *a2, const u8 *a3,
const u8 *data, size_t data_len,
size_t *decrypted_len)
{
u8 aad[30], nonce[13];
@ -162,7 +165,7 @@ u8 * ccmp_decrypt(const u8 *tk, const struct ieee80211_hdr *hdr,
mlen = data_len - 8 - 8;
os_memset(aad, 0, sizeof(aad));
ccmp_aad_nonce(hdr, data, a1, a2, aad, &aad_len, nonce);
ccmp_aad_nonce(hdr, data, a1, a2, a3, aad, &aad_len, nonce);
wpa_hexdump(MSG_EXCESSIVE, "CCMP AAD", aad, aad_len);
wpa_hexdump(MSG_EXCESSIVE, "CCMP nonce", nonce, 13);
@ -197,8 +200,8 @@ void ccmp_get_pn(u8 *pn, const u8 *data)
u8 * ccmp_encrypt(const u8 *tk, u8 *frame, size_t len, size_t hdrlen,
const u8 *qos, const u8 *a1, const u8 *a2, const u8 *pn,
int keyid, size_t *encrypted_len)
const u8 *qos, const u8 *a1, const u8 *a2, const u8 *a3,
const u8 *pn, int keyid, size_t *encrypted_len)
{
u8 aad[30], nonce[13];
size_t aad_len, plen;
@ -227,7 +230,7 @@ u8 * ccmp_encrypt(const u8 *tk, u8 *frame, size_t len, size_t hdrlen,
*pos++ = pn[0]; /* PN5 */
os_memset(aad, 0, sizeof(aad));
ccmp_aad_nonce(hdr, crypt + hdrlen, a1, a2, aad, &aad_len, nonce);
ccmp_aad_nonce(hdr, crypt + hdrlen, a1, a2, a3, aad, &aad_len, nonce);
wpa_hexdump(MSG_EXCESSIVE, "CCMP AAD", aad, aad_len);
wpa_hexdump(MSG_EXCESSIVE, "CCMP nonce", nonce, 13);
@ -288,7 +291,7 @@ u8 * ccmp_encrypt_pv1(const u8 *tk, const u8 *a1, const u8 *a2, const u8 *a3,
u8 * ccmp_256_decrypt(const u8 *tk, const struct ieee80211_hdr *hdr,
const u8 *a1, const u8 *a2,
const u8 *a1, const u8 *a2, const u8 *a3,
const u8 *data, size_t data_len, size_t *decrypted_len)
{
u8 aad[30], nonce[13];
@ -306,7 +309,7 @@ u8 * ccmp_256_decrypt(const u8 *tk, const struct ieee80211_hdr *hdr,
mlen = data_len - 8 - 16;
os_memset(aad, 0, sizeof(aad));
ccmp_aad_nonce(hdr, data, a1, a2, aad, &aad_len, nonce);
ccmp_aad_nonce(hdr, data, a1, a2, a3, aad, &aad_len, nonce);
wpa_hexdump(MSG_EXCESSIVE, "CCMP-256 AAD", aad, aad_len);
wpa_hexdump(MSG_EXCESSIVE, "CCMP-256 nonce", nonce, 13);
@ -330,8 +333,8 @@ u8 * ccmp_256_decrypt(const u8 *tk, const struct ieee80211_hdr *hdr,
u8 * ccmp_256_encrypt(const u8 *tk, u8 *frame, size_t len, size_t hdrlen,
const u8 *qos, const u8 *a1, const u8 *a2, const u8 *pn,
int keyid, size_t *encrypted_len)
const u8 *qos, const u8 *a1, const u8 *a2, const u8 *a3,
const u8 *pn, int keyid, size_t *encrypted_len)
{
u8 aad[30], nonce[13];
size_t aad_len, plen;
@ -360,7 +363,7 @@ u8 * ccmp_256_encrypt(const u8 *tk, u8 *frame, size_t len, size_t hdrlen,
*pos++ = pn[0]; /* PN5 */
os_memset(aad, 0, sizeof(aad));
ccmp_aad_nonce(hdr, crypt + hdrlen, a1, a2, aad, &aad_len, nonce);
ccmp_aad_nonce(hdr, crypt + hdrlen, a1, a2, a3, aad, &aad_len, nonce);
wpa_hexdump(MSG_EXCESSIVE, "CCMP-256 AAD", aad, aad_len);
wpa_hexdump(MSG_EXCESSIVE, "CCMP-256 nonce", nonce, 13);

16
wlantest/gcmp.c
View file

@ -16,8 +16,8 @@
static void gcmp_aad_nonce(const struct ieee80211_hdr *hdr, const u8 *data,
const u8 *a1, const u8 *a2, u8 *aad, size_t *aad_len,
u8 *nonce)
const u8 *a1, const u8 *a2, const u8 *a3,
u8 *aad, size_t *aad_len, u8 *nonce)
{
u16 fc, stype, seq;
int qos = 0, addr4 = 0;
@ -49,6 +49,8 @@ static void gcmp_aad_nonce(const struct ieee80211_hdr *hdr, const u8 *data,
os_memcpy(pos, a1, ETH_ALEN);
if (a2)
os_memcpy(pos + ETH_ALEN, a2, ETH_ALEN);
if (a3)
os_memcpy(pos + 2 * ETH_ALEN, a3, ETH_ALEN);
pos += 3 * ETH_ALEN;
seq = le_to_host16(hdr->seq_ctrl);
seq &= ~0xfff0; /* Mask Seq#; do not modify Frag# */
@ -81,8 +83,8 @@ static void gcmp_aad_nonce(const struct ieee80211_hdr *hdr, const u8 *data,
u8 * gcmp_decrypt(const u8 *tk, size_t tk_len, const struct ieee80211_hdr *hdr,
const u8 *a1, const u8 *a2, const u8 *data, size_t data_len,
size_t *decrypted_len)
const u8 *a1, const u8 *a2, const u8 *a3,
const u8 *data, size_t data_len, size_t *decrypted_len)
{
u8 aad[30], nonce[12], *plain;
size_t aad_len, mlen;
@ -99,7 +101,7 @@ u8 * gcmp_decrypt(const u8 *tk, size_t tk_len, const struct ieee80211_hdr *hdr,
mlen = data_len - 8 - 16;
os_memset(aad, 0, sizeof(aad));
gcmp_aad_nonce(hdr, data, a1, a2, aad, &aad_len, nonce);
gcmp_aad_nonce(hdr, data, a1, a2, a3, aad, &aad_len, nonce);
wpa_hexdump(MSG_EXCESSIVE, "GCMP AAD", aad, aad_len);
wpa_hexdump(MSG_EXCESSIVE, "GCMP nonce", nonce, sizeof(nonce));
@ -123,7 +125,7 @@ u8 * gcmp_decrypt(const u8 *tk, size_t tk_len, const struct ieee80211_hdr *hdr,
u8 * gcmp_encrypt(const u8 *tk, size_t tk_len, const u8 *frame, size_t len,
size_t hdrlen, const u8 *qos, const u8 *a1, const u8 *a2,
const u8 *pn, int keyid, size_t *encrypted_len)
const u8 *a3, const u8 *pn, int keyid, size_t *encrypted_len)
{
u8 aad[30], nonce[12], *crypt, *pos;
size_t aad_len, plen;
@ -150,7 +152,7 @@ u8 * gcmp_encrypt(const u8 *tk, size_t tk_len, const u8 *frame, size_t len,
*pos++ = pn[0]; /* PN5 */
os_memset(aad, 0, sizeof(aad));
gcmp_aad_nonce(hdr, crypt + hdrlen, a1, a2, aad, &aad_len, nonce);
gcmp_aad_nonce(hdr, crypt + hdrlen, a1, a2, a3, aad, &aad_len, nonce);
wpa_hexdump(MSG_EXCESSIVE, "GCMP AAD", aad, aad_len);
wpa_hexdump(MSG_EXCESSIVE, "GCMP nonce", nonce, sizeof(nonce));

12
wlantest/inject.c
View file

@ -143,8 +143,8 @@ static int wlantest_inject_prot_bc(struct wlantest *wt,
else
crypt = ccmp_encrypt(incorrect_key ? stub :
bss->gtk[bss->gtk_idx],
frame, len, hdrlen, NULL, NULL, NULL, pn,
bss->gtk_idx, &crypt_len);
frame, len, hdrlen, NULL, NULL, NULL, NULL,
pn, bss->gtk_idx, &crypt_len);
if (crypt == NULL)
return -1;
@ -246,16 +246,16 @@ static int wlantest_inject_prot(struct wlantest *wt, struct wlantest_bss *bss,
os_memset(stub, 0x11, sizeof(stub));
if (tk)
crypt = ccmp_encrypt(incorrect_key ? stub : tk,
frame, len, hdrlen, qos, NULL, NULL, pn, 0,
&crypt_len);
frame, len, hdrlen, qos, NULL, NULL, NULL,
pn, 0, &crypt_len);
else if (sta->pairwise_cipher == WPA_CIPHER_TKIP)
crypt = tkip_encrypt(incorrect_key ? stub : sta->ptk.tk,
frame, len, hdrlen, qos, pn, 0,
&crypt_len);
else
crypt = ccmp_encrypt(incorrect_key ? stub : sta->ptk.tk,
frame, len, hdrlen, qos, NULL, NULL, pn, 0,
&crypt_len);
frame, len, hdrlen, qos, NULL, NULL, NULL,
pn, 0, &crypt_len);
if (crypt == NULL) {
wpa_printf(MSG_DEBUG, "Frame encryption failed");

55
wlantest/rx_data.c
View file

@ -152,7 +152,7 @@ static void rx_data_process(struct wlantest *wt, struct wlantest_bss *bss,
static u8 * try_ptk(struct wlantest *wt, int pairwise_cipher,
struct wpa_ptk *ptk, const struct ieee80211_hdr *hdr,
const u8 *a1, const u8 *a2,
const u8 *a1, const u8 *a2, const u8 *a3,
const u8 *data, size_t data_len, size_t *decrypted_len)
{
u8 *decrypted;
@ -161,17 +161,17 @@ static u8 * try_ptk(struct wlantest *wt, int pairwise_cipher,
decrypted = NULL;
if ((pairwise_cipher == WPA_CIPHER_CCMP ||
pairwise_cipher == 0) && tk_len == 16) {
decrypted = ccmp_decrypt(ptk->tk, hdr, a1, a2, data,
decrypted = ccmp_decrypt(ptk->tk, hdr, a1, a2, a3, data,
data_len, decrypted_len);
} else if ((pairwise_cipher == WPA_CIPHER_CCMP_256 ||
pairwise_cipher == 0) && tk_len == 32) {
decrypted = ccmp_256_decrypt(ptk->tk, hdr, a1, a2, data,
decrypted = ccmp_256_decrypt(ptk->tk, hdr, a1, a2, a3, data,
data_len, decrypted_len);
} else if ((pairwise_cipher == WPA_CIPHER_GCMP ||
pairwise_cipher == WPA_CIPHER_GCMP_256 ||
pairwise_cipher == 0) &&
(tk_len == 16 || tk_len == 32)) {
decrypted = gcmp_decrypt(ptk->tk, tk_len, hdr, a1, a2,
decrypted = gcmp_decrypt(ptk->tk, tk_len, hdr, a1, a2, a3,
data, data_len, decrypted_len);
} else if ((pairwise_cipher == WPA_CIPHER_TKIP ||
pairwise_cipher == 0) && tk_len == 32) {
@ -192,7 +192,7 @@ static u8 * try_ptk(struct wlantest *wt, int pairwise_cipher,
static u8 * try_all_ptk(struct wlantest *wt, int pairwise_cipher,
const struct ieee80211_hdr *hdr,
const u8 *a1, const u8 *a2, int keyid,
const u8 *a1, const u8 *a2, const u8 *a3, int keyid,
const u8 *data, size_t data_len, size_t *decrypted_len)
{
struct wlantest_ptk *ptk;
@ -202,7 +202,7 @@ static u8 * try_all_ptk(struct wlantest *wt, int pairwise_cipher,
wpa_debug_level = MSG_WARNING;
dl_list_for_each(ptk, &wt->ptk, struct wlantest_ptk, list) {
decrypted = try_ptk(wt, pairwise_cipher, &ptk->ptk, hdr, a1, a2,
data, data_len, decrypted_len);
a3, data, data_len, decrypted_len);
if (decrypted) {
wpa_debug_level = prev_level;
add_note(wt, MSG_DEBUG,
@ -291,7 +291,7 @@ static void rx_data_bss_prot_group(struct wlantest *wt,
(bss->group_cipher != WPA_CIPHER_WEP40 ||
dl_list_empty(&wt->wep))) {
decrypted = try_all_ptk(wt, bss->group_cipher, hdr, NULL, NULL,
keyid, data, len, &dlen);
NULL, keyid, data, len, &dlen);
if (decrypted)
goto process;
add_note(wt, MSG_MSGDUMP,
@ -339,15 +339,17 @@ skip_replay_det:
} else if (bss->group_cipher == WPA_CIPHER_WEP40) {
decrypted = wep_decrypt(wt, hdr, data, len, &dlen);
} else if (bss->group_cipher == WPA_CIPHER_CCMP) {
decrypted = ccmp_decrypt(bss->gtk[keyid], hdr, NULL, NULL,
decrypted = ccmp_decrypt(bss->gtk[keyid], hdr, NULL, NULL, NULL,
data, len, &dlen);
} else if (bss->group_cipher == WPA_CIPHER_CCMP_256) {
decrypted = ccmp_256_decrypt(bss->gtk[keyid], hdr, NULL, NULL,
decrypted = ccmp_256_decrypt(bss->gtk[keyid], hdr,
NULL, NULL, NULL,
data, len, &dlen);
} else if (bss->group_cipher == WPA_CIPHER_GCMP ||
bss->group_cipher == WPA_CIPHER_GCMP_256) {
decrypted = gcmp_decrypt(bss->gtk[keyid], bss->gtk_len[keyid],
hdr, NULL, NULL, data, len, &dlen);
hdr, NULL, NULL, NULL,
data, len, &dlen);
}
if (decrypted) {
@ -381,7 +383,7 @@ static u8 * try_ptk_decrypt(struct wlantest *wt, struct wlantest_sta *sta,
{
u8 *decrypted = NULL;
u16 fc = le_to_host16(hdr->frame_control);
const u8 *a1 = NULL, *a2 = NULL;
const u8 *a1 = NULL, *a2 = NULL, *a3 = NULL;
if ((fc & (WLAN_FC_TODS | WLAN_FC_FROMDS)) &&
!is_zero_ether_addr(sta->mld_mac_addr) &&
@ -393,16 +395,20 @@ static u8 * try_ptk_decrypt(struct wlantest *wt, struct wlantest_sta *sta,
a1 = sta->bss->mld_mac_addr;
a2 = sta->mld_mac_addr;
}
if (os_memcmp(hdr->addr3, sta->bss->bssid, ETH_ALEN) == 0)
a3 = sta->bss->mld_mac_addr;
}
if (sta->pairwise_cipher == WPA_CIPHER_CCMP_256)
decrypted = ccmp_256_decrypt(tk, hdr, a1, a2, data, len, dlen);
decrypted = ccmp_256_decrypt(tk, hdr, a1, a2, a3,
data, len, dlen);
else if (sta->pairwise_cipher == WPA_CIPHER_GCMP ||
sta->pairwise_cipher == WPA_CIPHER_GCMP_256)
decrypted = gcmp_decrypt(tk, tk_len, hdr, a1, a2,
decrypted = gcmp_decrypt(tk, tk_len, hdr, a1, a2, a3,
data, len, dlen);
else
decrypted = ccmp_decrypt(tk, hdr, a1, a2, data, len, dlen);
decrypted = ccmp_decrypt(tk, hdr, a1, a2, a3, data, len, dlen);
write_decrypted_note(wt, decrypted, tk, tk_len, keyid);
return decrypted;
@ -429,7 +435,7 @@ static void rx_data_bss_prot(struct wlantest *wt,
int replay = 0;
int only_zero_tk = 0;
u16 seq_ctrl = le_to_host16(hdr->seq_ctrl);
const u8 *a1 = NULL, *a2 = NULL;
const u8 *a1 = NULL, *a2 = NULL, *a3 = NULL;
if (hdr->addr1[0] & 0x01) {
rx_data_bss_prot_group(wt, hdr, hdrlen, qos, dst, src,
@ -639,21 +645,24 @@ skip_replay_det:
a1 = bss->mld_mac_addr;
a2 = sta->mld_mac_addr;
}
if (os_memcmp(hdr->addr3, bss->bssid, ETH_ALEN) == 0)
a3 = bss->mld_mac_addr;
}
if (tk) {
if (sta->pairwise_cipher == WPA_CIPHER_CCMP_256) {
decrypted = ccmp_256_decrypt(tk, hdr, a1, a2, data, len,
&dlen);
decrypted = ccmp_256_decrypt(tk, hdr, a1, a2, a3,
data, len, &dlen);
write_decrypted_note(wt, decrypted, tk, 32, keyid);
} else if (sta->pairwise_cipher == WPA_CIPHER_GCMP ||
sta->pairwise_cipher == WPA_CIPHER_GCMP_256) {
decrypted = gcmp_decrypt(tk, sta->ptk.tk_len, hdr,
a1, a2, data, len, &dlen);
a1, a2, a3, data, len, &dlen);
write_decrypted_note(wt, decrypted, tk, sta->ptk.tk_len,
keyid);
} else {
decrypted = ccmp_decrypt(tk, hdr, a1, a2, data, len,
decrypted = ccmp_decrypt(tk, hdr, a1, a2, a3, data, len,
&dlen);
write_decrypted_note(wt, decrypted, tk, 16, keyid);
}
@ -674,12 +683,14 @@ skip_replay_det:
sta->ptk.tk, sta->ptk.tk_len,
&dlen);
} else {
decrypted = try_all_ptk(wt, sta->pairwise_cipher, hdr, a1, a2,
decrypted = try_all_ptk(wt, sta->pairwise_cipher, hdr,
a1, a2, a3,
keyid, data, len, &dlen);
ptk_iter_done = 1;
}
if (!decrypted && !ptk_iter_done) {
decrypted = try_all_ptk(wt, sta->pairwise_cipher, hdr, a1, a2,
decrypted = try_all_ptk(wt, sta->pairwise_cipher, hdr,
a1, a2, a3,
keyid, data, len, &dlen);
if (decrypted) {
add_note(wt, MSG_DEBUG, "Current PTK did not work, but found a match from all known PTKs");
@ -694,7 +705,7 @@ check_zero_tk:
zero_ptk.tk_len = wpa_cipher_key_len(sta->pairwise_cipher);
wpa_debug_level = MSG_ERROR;
decrypted = try_ptk(wt, sta->pairwise_cipher, &zero_ptk, hdr,
a1, a2, data, len, &dlen);
a1, a2, a3, data, len, &dlen);
wpa_debug_level = old_debug_level;
if (decrypted) {
add_note(wt, MSG_DEBUG,

12
wlantest/rx_mgmt.c
View file

@ -2307,16 +2307,18 @@ static u8 * try_tk(struct wpa_ptk *ptk, size_t ptk_len,
hdr = (const struct ieee80211_hdr *) data;
if (ptk_len == 16) {
decrypted = ccmp_decrypt(ptk->tk, hdr, NULL, NULL,
decrypted = ccmp_decrypt(ptk->tk, hdr, NULL, NULL, NULL,
data + 24, len - 24, dlen);
if (!decrypted)
decrypted = gcmp_decrypt(ptk->tk, 16, hdr, NULL, NULL,
NULL,
data + 24, len - 24, dlen);
} else if (ptk_len == 32) {
decrypted = ccmp_256_decrypt(ptk->tk, hdr, NULL, NULL,
decrypted = ccmp_256_decrypt(ptk->tk, hdr, NULL, NULL, NULL,
data + 24, len - 24, dlen);
if (!decrypted)
decrypted = gcmp_decrypt(ptk->tk, 32, hdr, NULL, NULL,
NULL,
data + 24, len - 24, dlen);
} else {
decrypted = NULL;
@ -2445,18 +2447,18 @@ static u8 * mgmt_decrypt(struct wlantest *wt, const u8 *data, size_t len,
}
if (sta->pairwise_cipher == WPA_CIPHER_CCMP_256) {
decrypted = ccmp_256_decrypt(sta->ptk.tk, hdr, NULL, NULL,
decrypted = ccmp_256_decrypt(sta->ptk.tk, hdr, NULL, NULL, NULL,
data + 24, len - 24, dlen);
write_decrypted_note(wt, decrypted, sta->ptk.tk, 32, keyid);
} else if (sta->pairwise_cipher == WPA_CIPHER_GCMP ||
sta->pairwise_cipher == WPA_CIPHER_GCMP_256) {
decrypted = gcmp_decrypt(sta->ptk.tk, sta->ptk.tk_len, hdr,
NULL, NULL,
NULL, NULL, NULL,
data + 24, len - 24, dlen);
write_decrypted_note(wt, decrypted, sta->ptk.tk,
sta->ptk.tk_len, keyid);
} else {
decrypted = ccmp_decrypt(sta->ptk.tk, hdr, NULL, NULL,
decrypted = ccmp_decrypt(sta->ptk.tk, hdr, NULL, NULL, NULL,
data + 24, len - 24, dlen);
write_decrypted_note(wt, decrypted, sta->ptk.tk, 16, keyid);
}

27
wlantest/test_vectors.c
View file

@ -107,8 +107,8 @@ static void test_vector_ccmp(void)
wpa_hexdump(MSG_INFO, "802.11 Header", frame, 24);
wpa_hexdump(MSG_INFO, "Plaintext Data", frame + 24, sizeof(frame) - 24);
enc = ccmp_encrypt(tk, frame, sizeof(frame), 24, NULL, NULL, NULL, pn,
0, &enc_len);
enc = ccmp_encrypt(tk, frame, sizeof(frame), 24, NULL, NULL, NULL, NULL,
pn, 0, &enc_len);
if (enc == NULL) {
wpa_printf(MSG_ERROR, "Failed to encrypt CCMP frame");
return;
@ -120,7 +120,8 @@ static void test_vector_ccmp(void)
wpa_debug_level = MSG_INFO;
plain = ccmp_decrypt(tk, (const struct ieee80211_hdr *) enc,
enc + 24, NULL, NULL, enc_len - 24, &plain_len);
enc + 24, NULL, NULL, NULL, enc_len - 24,
&plain_len);
wpa_debug_level = MSG_EXCESSIVE;
os_free(enc);
@ -402,8 +403,8 @@ static void test_vector_ccmp_mgmt(void)
wpa_hexdump(MSG_INFO, "802.11 Header", frame, 24);
wpa_hexdump(MSG_INFO, "Plaintext Data", frame + 24, sizeof(frame) - 24);
enc = ccmp_encrypt(tk, frame, sizeof(frame), 24, NULL, NULL, NULL, pn,
0, &enc_len);
enc = ccmp_encrypt(tk, frame, sizeof(frame), 24, NULL, NULL, NULL, NULL,
pn, 0, &enc_len);
if (enc == NULL) {
wpa_printf(MSG_ERROR, "Failed to encrypt CCMP frame");
return;
@ -413,7 +414,8 @@ static void test_vector_ccmp_mgmt(void)
wpa_debug_level = MSG_INFO;
plain = ccmp_decrypt(tk, (const struct ieee80211_hdr *) enc,
enc + 24, NULL, NULL, enc_len - 24, &plain_len);
enc + 24, NULL, NULL, NULL, enc_len - 24,
&plain_len);
wpa_debug_level = MSG_EXCESSIVE;
os_free(enc);
@ -582,7 +584,7 @@ static int run_gcmp(int idx, const struct gcmp_test *vector)
vector->hdr_len,
vector->hdr_len == 26 ?
vector->frame + vector->hdr_len - 2 : NULL,
NULL, NULL,
NULL, NULL, NULL,
vector->pn, 0, &enc_len);
if (enc == NULL) {
wpa_printf(MSG_ERROR, "Failed to encrypt GCMP frame");
@ -607,7 +609,7 @@ static int run_gcmp(int idx, const struct gcmp_test *vector)
wpa_debug_level = MSG_INFO;
plain = gcmp_decrypt(vector->tk, sizeof(vector->tk),
(const struct ieee80211_hdr *) enc, NULL, NULL,
enc + vector->hdr_len,
NULL, enc + vector->hdr_len,
enc_len - vector->hdr_len, &plain_len);
wpa_debug_level = MSG_EXCESSIVE;
os_free(enc);
@ -692,7 +694,7 @@ static int test_vector_gcmp_256(void)
wpa_hexdump(MSG_INFO, "Plaintext Data", frame + 26, sizeof(frame) - 26);
enc = gcmp_encrypt(tk, sizeof(tk), frame, sizeof(frame), 26, frame + 24,
NULL, NULL, pn, 0, &enc_len);
NULL, NULL, NULL, pn, 0, &enc_len);
if (enc == NULL) {
wpa_printf(MSG_ERROR, "Failed to encrypt GCMP frame");
return 1;
@ -708,7 +710,8 @@ static int test_vector_gcmp_256(void)
wpa_debug_level = MSG_INFO;
plain = gcmp_decrypt(tk, sizeof(tk), (const struct ieee80211_hdr *) enc,
NULL, NULL, enc + 26, enc_len - 26, &plain_len);
NULL, NULL, NULL, enc + 26, enc_len - 26,
&plain_len);
wpa_debug_level = MSG_EXCESSIVE;
os_free(enc);
@ -770,7 +773,7 @@ static int test_vector_ccmp_256(void)
wpa_hexdump(MSG_INFO, "Plaintext Data", frame + 24, sizeof(frame) - 24);
enc = ccmp_256_encrypt(tk, frame, sizeof(frame), 24, NULL, NULL, NULL,
pn, 0, &enc_len);
NULL, pn, 0, &enc_len);
if (enc == NULL) {
wpa_printf(MSG_ERROR, "Failed to encrypt CCMP frame");
return 1;
@ -786,7 +789,7 @@ static int test_vector_ccmp_256(void)
wpa_debug_level = MSG_INFO;
plain = ccmp_256_decrypt(tk, (const struct ieee80211_hdr *) enc,
enc + 24, NULL, NULL, enc_len - 24,
enc + 24, NULL, NULL, NULL, enc_len - 24,
&plain_len);
wpa_debug_level = MSG_EXCESSIVE;
os_free(enc);

20
wlantest/wlantest.h
View file

@ -310,22 +310,22 @@ void sta_new_ptk(struct wlantest *wt, struct wlantest_sta *sta,
struct wpa_ptk *ptk);
u8 * ccmp_decrypt(const u8 *tk, const struct ieee80211_hdr *hdr,
const u8 *a1, const u8 *a2, const u8 *data, size_t data_len,
size_t *decrypted_len);
const u8 *a1, const u8 *a2, const u8 *a3,
const u8 *data, size_t data_len, size_t *decrypted_len);
u8 * ccmp_encrypt(const u8 *tk, u8 *frame, size_t len, size_t hdrlen,
const u8 *qos, const u8 *a1, const u8 *a2, const u8 *pn,
int keyid, size_t *encrypted_len);
const u8 *qos, const u8 *a1, const u8 *a2, const u8 *a3,
const u8 *pn, int keyid, size_t *encrypted_len);
u8 * ccmp_encrypt_pv1(const u8 *tk, const u8 *a1, const u8 *a2, const u8 *a3,
const u8 *frame, size_t len,
size_t hdrlen, const u8 *pn, int keyid,
size_t *encrypted_len);
void ccmp_get_pn(u8 *pn, const u8 *data);
u8 * ccmp_256_decrypt(const u8 *tk, const struct ieee80211_hdr *hdr,
const u8 *a1, const u8 *a2,
const u8 *a1, const u8 *a2, const u8 *a3,
const u8 *data, size_t data_len, size_t *decrypted_len);
u8 * ccmp_256_encrypt(const u8 *tk, u8 *frame, size_t len, size_t hdrlen,
const u8 *qos, const u8 *a1, const u8 *a2, const u8 *pn,
int keyid, size_t *encrypted_len);
const u8 *qos, const u8 *a1, const u8 *a2, const u8 *a3,
const u8 *pn, int keyid, size_t *encrypted_len);
enum michael_mic_result {
MICHAEL_MIC_OK,
@ -348,11 +348,11 @@ u8 * bip_gmac_protect(const u8 *igtk, size_t igtk_len, u8 *frame, size_t len,
u8 *ipn, int keyid, size_t *prot_len);
u8 * gcmp_decrypt(const u8 *tk, size_t tk_len, const struct ieee80211_hdr *hdr,
const u8 *a1, const u8 *a2, const u8 *data, size_t data_len,
size_t *decrypted_len);
const u8 *a1, const u8 *a2, const u8 *a3,
const u8 *data, size_t data_len, size_t *decrypted_len);
u8 * gcmp_encrypt(const u8 *tk, size_t tk_len, const u8 *frame, size_t len,
size_t hdrlen, const u8 *qos, const u8 *a1, const u8 *a2,
const u8 *pn, int keyid, size_t *encrypted_len);
const u8 *a3, const u8 *pn, int keyid, size_t *encrypted_len);
int ctrl_init(struct wlantest *wt);
void ctrl_deinit(struct wlantest *wt);