diff options
author | Damien Bergamini <damien@cvs.openbsd.org> | 2008-08-12 16:45:45 +0000 |
---|---|---|
committer | Damien Bergamini <damien@cvs.openbsd.org> | 2008-08-12 16:45:45 +0000 |
commit | b50ed8931445f809a6b42e4e8ab7a788e447f76d (patch) | |
tree | 24b56d4bb296ebfe5f98fa6716f120932bdf54ac | |
parent | 5c33c883d895ed9bd0359ca2c4ca110a3bb6c6a2 (diff) |
maintain a count of TKIP and CCMP replayed frames.
some cleanup while i'm here.
-rw-r--r-- | sys/net80211/ieee80211_crypto_ccmp.c | 17 | ||||
-rw-r--r-- | sys/net80211/ieee80211_crypto_tkip.c | 18 | ||||
-rw-r--r-- | sys/net80211/ieee80211_crypto_wep.c | 8 | ||||
-rw-r--r-- | sys/net80211/ieee80211_ioctl.h | 6 |
4 files changed, 31 insertions, 18 deletions
diff --git a/sys/net80211/ieee80211_crypto_ccmp.c b/sys/net80211/ieee80211_crypto_ccmp.c index 61be6c7168e..2dab94a1949 100644 --- a/sys/net80211/ieee80211_crypto_ccmp.c +++ b/sys/net80211/ieee80211_crypto_ccmp.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ieee80211_crypto_ccmp.c,v 1.4 2008/08/12 16:21:46 damien Exp $ */ +/* $OpenBSD: ieee80211_crypto_ccmp.c,v 1.5 2008/08/12 16:45:44 damien Exp $ */ /*- * Copyright (c) 2008 Damien Bergamini <damien.bergamini@free.fr> @@ -16,13 +16,17 @@ * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. */ +/* + * This code implements the CTR with CBC-MAC protocol (CCMP) defined in + * IEEE Std 802.11-2007 section 8.3.3. + */ + #include <sys/param.h> #include <sys/systm.h> #include <sys/mbuf.h> #include <sys/malloc.h> #include <sys/kernel.h> #include <sys/socket.h> -#include <sys/sockio.h> #include <sys/endian.h> #include <net/if.h> @@ -84,7 +88,7 @@ ieee80211_ccmp_phase1(rijndael_ctx *ctx, const struct ieee80211_frame *wh, u_int8_t tid = 0; int la, i; - /* construct AAD (additional authentication data) */ + /* construct AAD (additional authenticated data) */ aad = &auth[2]; /* skip l(a), will be filled later */ *aad = wh->i_fc[0]; /* 11w: conditionnally mask subtype field */ @@ -367,6 +371,7 @@ ieee80211_ccmp_decrypt(struct ieee80211com *ic, struct mbuf *m0, (u_int64_t)ivp[7] << 40; if (pn <= *prsc) { /* replayed frame, discard */ + ic->ic_stats.is_ccmp_replays++; m_freem(m0); return NULL; } @@ -464,15 +469,13 @@ ieee80211_ccmp_decrypt(struct ieee80211com *ic, struct mbuf *m0, /* check that it matches the MIC in received frame */ m_copydata(m, moff, IEEE80211_CCMP_MICLEN, mic0); if (memcmp(mic0, b, IEEE80211_CCMP_MICLEN) != 0) { + ic->ic_stats.is_ccmp_dec_errs++; m_freem(m0); m_freem(n0); return NULL; } - /* - * Update last seen packet number (note that it must be done - * after MIC is validated.) - */ + /* update last seen packet number (MIC is validated) */ *prsc = pn; m_freem(m0); diff --git a/sys/net80211/ieee80211_crypto_tkip.c b/sys/net80211/ieee80211_crypto_tkip.c index 80db449f563..4f1fdde18e9 100644 --- a/sys/net80211/ieee80211_crypto_tkip.c +++ b/sys/net80211/ieee80211_crypto_tkip.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ieee80211_crypto_tkip.c,v 1.6 2008/08/12 16:21:46 damien Exp $ */ +/* $OpenBSD: ieee80211_crypto_tkip.c,v 1.7 2008/08/12 16:45:44 damien Exp $ */ /*- * Copyright (c) 2008 Damien Bergamini <damien.bergamini@free.fr> @@ -16,6 +16,11 @@ * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. */ +/* + * This code implements the Temporal Key Integrity Protocol (TKIP) defined + * in IEEE Std 802.11-2007 section 8.3.2. + */ + #include <sys/param.h> #include <sys/systm.h> #include <sys/mbuf.h> @@ -155,7 +160,7 @@ ieee80211_tkip_mic(struct mbuf *m0, int off, const u_int8_t *key, (const struct ieee80211_qosframe *)wh; wht.i_pri = qwh->i_qos[0] & 0xf; } - } else + } else wht.i_pri = 0; wht.i_pad[0] = wht.i_pad[1] = wht.i_pad[2] = 0; @@ -370,9 +375,9 @@ ieee80211_tkip_decrypt(struct ieee80211com *ic, struct mbuf *m0, (u_int64_t)ivp[5] << 24 | (u_int64_t)ivp[6] << 32 | (u_int64_t)ivp[7] << 40; - /* NB: the keys are refreshed, we'll never overflow the 48 bits */ if (tsc <= *prsc) { /* replayed frame, discard */ + ic->ic_stats.is_tkip_replays++; m_freem(m0); return NULL; } @@ -456,7 +461,7 @@ ieee80211_tkip_decrypt(struct ieee80211com *ic, struct mbuf *m0, /* decrypt ICV and compare it with calculated ICV */ crc0 = *(u_int32_t *)(buf + IEEE80211_TKIP_MICLEN); if (crc != letoh32(crc0)) { - ic->ic_stats.is_rx_decryptcrc++; + ic->ic_stats.is_tkip_icv_errs++; m_freem(m0); m_freem(n0); return NULL; @@ -473,10 +478,7 @@ ieee80211_tkip_decrypt(struct ieee80211com *ic, struct mbuf *m0, return NULL; } - /* - * Update last seen packet number (note that it must be done - * after MIC is validated.) - */ + /* update last seen packet number (MIC is validated) */ *prsc = tsc; m_freem(m0); diff --git a/sys/net80211/ieee80211_crypto_wep.c b/sys/net80211/ieee80211_crypto_wep.c index f94dcfc8673..ccd08067f4a 100644 --- a/sys/net80211/ieee80211_crypto_wep.c +++ b/sys/net80211/ieee80211_crypto_wep.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ieee80211_crypto_wep.c,v 1.4 2008/08/12 16:14:45 henning Exp $ */ +/* $OpenBSD: ieee80211_crypto_wep.c,v 1.5 2008/08/12 16:45:44 damien Exp $ */ /*- * Copyright (c) 2008 Damien Bergamini <damien.bergamini@free.fr> @@ -16,13 +16,17 @@ * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. */ +/* + * This code implements Wired Equivalent Privacy (WEP) defined in + * IEEE Std 802.11-2007 section 8.2.1. + */ + #include <sys/param.h> #include <sys/systm.h> #include <sys/mbuf.h> #include <sys/malloc.h> #include <sys/kernel.h> #include <sys/socket.h> -#include <sys/sockio.h> #include <sys/endian.h> #include <net/if.h> diff --git a/sys/net80211/ieee80211_ioctl.h b/sys/net80211/ieee80211_ioctl.h index 8541ac556a0..b9e16728e49 100644 --- a/sys/net80211/ieee80211_ioctl.h +++ b/sys/net80211/ieee80211_ioctl.h @@ -1,4 +1,4 @@ -/* $OpenBSD: ieee80211_ioctl.h,v 1.11 2008/04/16 18:32:15 damien Exp $ */ +/* $OpenBSD: ieee80211_ioctl.h,v 1.12 2008/08/12 16:45:44 damien Exp $ */ /* $NetBSD: ieee80211_ioctl.h,v 1.7 2004/04/30 22:51:04 dyoung Exp $ */ /*- @@ -89,6 +89,10 @@ struct ieee80211_stats { u_int32_t is_rx_eapol_badmic; /* rx eapol frames w/ bad mic */ u_int32_t is_rx_remmicfail; /* rx tkip remote mic fails */ u_int32_t is_rx_locmicfail; /* rx tkip local mic fails */ + u_int32_t is_tkip_replays; + u_int32_t is_tkip_icv_errs; + u_int32_t is_ccmp_replays; + u_int32_t is_ccmp_dec_errs; }; #define SIOCG80211STATS _IOWR('i', 242, struct ifreq) |