summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorDamien Bergamini <damien@cvs.openbsd.org>2008-08-12 16:45:45 +0000
committerDamien Bergamini <damien@cvs.openbsd.org>2008-08-12 16:45:45 +0000
commitb50ed8931445f809a6b42e4e8ab7a788e447f76d (patch)
tree24b56d4bb296ebfe5f98fa6716f120932bdf54ac
parent5c33c883d895ed9bd0359ca2c4ca110a3bb6c6a2 (diff)
maintain a count of TKIP and CCMP replayed frames.
some cleanup while i'm here.
-rw-r--r--sys/net80211/ieee80211_crypto_ccmp.c17
-rw-r--r--sys/net80211/ieee80211_crypto_tkip.c18
-rw-r--r--sys/net80211/ieee80211_crypto_wep.c8
-rw-r--r--sys/net80211/ieee80211_ioctl.h6
4 files changed, 31 insertions, 18 deletions
diff --git a/sys/net80211/ieee80211_crypto_ccmp.c b/sys/net80211/ieee80211_crypto_ccmp.c
index 61be6c7168e..2dab94a1949 100644
--- a/sys/net80211/ieee80211_crypto_ccmp.c
+++ b/sys/net80211/ieee80211_crypto_ccmp.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ieee80211_crypto_ccmp.c,v 1.4 2008/08/12 16:21:46 damien Exp $ */
+/* $OpenBSD: ieee80211_crypto_ccmp.c,v 1.5 2008/08/12 16:45:44 damien Exp $ */
/*-
* Copyright (c) 2008 Damien Bergamini <damien.bergamini@free.fr>
@@ -16,13 +16,17 @@
* OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
*/
+/*
+ * This code implements the CTR with CBC-MAC protocol (CCMP) defined in
+ * IEEE Std 802.11-2007 section 8.3.3.
+ */
+
#include <sys/param.h>
#include <sys/systm.h>
#include <sys/mbuf.h>
#include <sys/malloc.h>
#include <sys/kernel.h>
#include <sys/socket.h>
-#include <sys/sockio.h>
#include <sys/endian.h>
#include <net/if.h>
@@ -84,7 +88,7 @@ ieee80211_ccmp_phase1(rijndael_ctx *ctx, const struct ieee80211_frame *wh,
u_int8_t tid = 0;
int la, i;
- /* construct AAD (additional authentication data) */
+ /* construct AAD (additional authenticated data) */
aad = &auth[2]; /* skip l(a), will be filled later */
*aad = wh->i_fc[0];
/* 11w: conditionnally mask subtype field */
@@ -367,6 +371,7 @@ ieee80211_ccmp_decrypt(struct ieee80211com *ic, struct mbuf *m0,
(u_int64_t)ivp[7] << 40;
if (pn <= *prsc) {
/* replayed frame, discard */
+ ic->ic_stats.is_ccmp_replays++;
m_freem(m0);
return NULL;
}
@@ -464,15 +469,13 @@ ieee80211_ccmp_decrypt(struct ieee80211com *ic, struct mbuf *m0,
/* check that it matches the MIC in received frame */
m_copydata(m, moff, IEEE80211_CCMP_MICLEN, mic0);
if (memcmp(mic0, b, IEEE80211_CCMP_MICLEN) != 0) {
+ ic->ic_stats.is_ccmp_dec_errs++;
m_freem(m0);
m_freem(n0);
return NULL;
}
- /*
- * Update last seen packet number (note that it must be done
- * after MIC is validated.)
- */
+ /* update last seen packet number (MIC is validated) */
*prsc = pn;
m_freem(m0);
diff --git a/sys/net80211/ieee80211_crypto_tkip.c b/sys/net80211/ieee80211_crypto_tkip.c
index 80db449f563..4f1fdde18e9 100644
--- a/sys/net80211/ieee80211_crypto_tkip.c
+++ b/sys/net80211/ieee80211_crypto_tkip.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ieee80211_crypto_tkip.c,v 1.6 2008/08/12 16:21:46 damien Exp $ */
+/* $OpenBSD: ieee80211_crypto_tkip.c,v 1.7 2008/08/12 16:45:44 damien Exp $ */
/*-
* Copyright (c) 2008 Damien Bergamini <damien.bergamini@free.fr>
@@ -16,6 +16,11 @@
* OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
*/
+/*
+ * This code implements the Temporal Key Integrity Protocol (TKIP) defined
+ * in IEEE Std 802.11-2007 section 8.3.2.
+ */
+
#include <sys/param.h>
#include <sys/systm.h>
#include <sys/mbuf.h>
@@ -155,7 +160,7 @@ ieee80211_tkip_mic(struct mbuf *m0, int off, const u_int8_t *key,
(const struct ieee80211_qosframe *)wh;
wht.i_pri = qwh->i_qos[0] & 0xf;
}
- } else
+ } else
wht.i_pri = 0;
wht.i_pad[0] = wht.i_pad[1] = wht.i_pad[2] = 0;
@@ -370,9 +375,9 @@ ieee80211_tkip_decrypt(struct ieee80211com *ic, struct mbuf *m0,
(u_int64_t)ivp[5] << 24 |
(u_int64_t)ivp[6] << 32 |
(u_int64_t)ivp[7] << 40;
- /* NB: the keys are refreshed, we'll never overflow the 48 bits */
if (tsc <= *prsc) {
/* replayed frame, discard */
+ ic->ic_stats.is_tkip_replays++;
m_freem(m0);
return NULL;
}
@@ -456,7 +461,7 @@ ieee80211_tkip_decrypt(struct ieee80211com *ic, struct mbuf *m0,
/* decrypt ICV and compare it with calculated ICV */
crc0 = *(u_int32_t *)(buf + IEEE80211_TKIP_MICLEN);
if (crc != letoh32(crc0)) {
- ic->ic_stats.is_rx_decryptcrc++;
+ ic->ic_stats.is_tkip_icv_errs++;
m_freem(m0);
m_freem(n0);
return NULL;
@@ -473,10 +478,7 @@ ieee80211_tkip_decrypt(struct ieee80211com *ic, struct mbuf *m0,
return NULL;
}
- /*
- * Update last seen packet number (note that it must be done
- * after MIC is validated.)
- */
+ /* update last seen packet number (MIC is validated) */
*prsc = tsc;
m_freem(m0);
diff --git a/sys/net80211/ieee80211_crypto_wep.c b/sys/net80211/ieee80211_crypto_wep.c
index f94dcfc8673..ccd08067f4a 100644
--- a/sys/net80211/ieee80211_crypto_wep.c
+++ b/sys/net80211/ieee80211_crypto_wep.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ieee80211_crypto_wep.c,v 1.4 2008/08/12 16:14:45 henning Exp $ */
+/* $OpenBSD: ieee80211_crypto_wep.c,v 1.5 2008/08/12 16:45:44 damien Exp $ */
/*-
* Copyright (c) 2008 Damien Bergamini <damien.bergamini@free.fr>
@@ -16,13 +16,17 @@
* OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
*/
+/*
+ * This code implements Wired Equivalent Privacy (WEP) defined in
+ * IEEE Std 802.11-2007 section 8.2.1.
+ */
+
#include <sys/param.h>
#include <sys/systm.h>
#include <sys/mbuf.h>
#include <sys/malloc.h>
#include <sys/kernel.h>
#include <sys/socket.h>
-#include <sys/sockio.h>
#include <sys/endian.h>
#include <net/if.h>
diff --git a/sys/net80211/ieee80211_ioctl.h b/sys/net80211/ieee80211_ioctl.h
index 8541ac556a0..b9e16728e49 100644
--- a/sys/net80211/ieee80211_ioctl.h
+++ b/sys/net80211/ieee80211_ioctl.h
@@ -1,4 +1,4 @@
-/* $OpenBSD: ieee80211_ioctl.h,v 1.11 2008/04/16 18:32:15 damien Exp $ */
+/* $OpenBSD: ieee80211_ioctl.h,v 1.12 2008/08/12 16:45:44 damien Exp $ */
/* $NetBSD: ieee80211_ioctl.h,v 1.7 2004/04/30 22:51:04 dyoung Exp $ */
/*-
@@ -89,6 +89,10 @@ struct ieee80211_stats {
u_int32_t is_rx_eapol_badmic; /* rx eapol frames w/ bad mic */
u_int32_t is_rx_remmicfail; /* rx tkip remote mic fails */
u_int32_t is_rx_locmicfail; /* rx tkip local mic fails */
+ u_int32_t is_tkip_replays;
+ u_int32_t is_tkip_icv_errs;
+ u_int32_t is_ccmp_replays;
+ u_int32_t is_ccmp_dec_errs;
};
#define SIOCG80211STATS _IOWR('i', 242, struct ifreq)