MFP
[UMAC]
Structures and Helper functions of the UMAC's MFP Module. More...
|
Defines | |
| #define | S(a, s) sbox_t[(a >> s) & 0xff] |
| Apply Substitution. | |
| #define | SX2(a, s) x_time2_sbox_t[(a >> s) & 0xff] |
| apply substitution square | |
| #define | SX3(a, s) x_time3_sbox_t[(a >> s) & 0xff] |
| apply substitution cube | |
Enumerations | |
| enum | mfp_protection { MFP_NO_PROT, MFP_UNICAST_PROT, MFP_MULTICAST_PROT } |
list of MFP protection More... | |
Functions | |
| static bool | mfp_is_group_addressed_privacy (uint16_t frame_cntl, uint8_t action) |
| Check if it is an action frame indicated as "Group Addressed Privacy". | |
| static bool | mfp_check_mmic_ie (uint32_t frame, uint16_t length, uint16_t machdr_len, struct vif_info_tag *vif, struct sta_info_tag *sta) |
| Check validity of MGMT MIC IE. | |
| bool | mfp_is_robust_frame (uint16_t frame_cntl, uint8_t action) |
| Check if it is a robust management frame. | |
| bool | mfp_ignore_mgmt_frame (struct rx_cntrl_rx_status *rx_status, uint32_t *frame, uint16_t frmlen, bool *upload) |
| Check if the management frame must be ignored. | |
| enum mfp_protection | mfp_protect_mgmt_frame (struct txdesc *txdesc, uint16_t fctl, uint8_t action) |
| Check if the management frame must be protected. | |
| int | mfp_add_mgmt_mic (struct txdesc *txdesc, uint32_t frame, int length, uint32_t mmic) |
| Add the MGMT MIC IE at the end of the frame. | |
| __INLINE uint32_t | sched_core (uint32_t val, int r) |
| Key schedule core function. | |
| static void | aes_expand_key (uint32_t *key, uint32_t *rk) |
| expand AES key. | |
| __INLINE void | add_round_key (uint32_t *rk, uint32_t *data, int r) |
| AddRoundKey step of AES encryption. | |
| __INLINE void | shift_sub (uint32_t *data) |
| SubBytes and ShiftRows steps of AES encryption. | |
| __INLINE void | mix_shift_sub (uint32_t *data) |
| SubBytes, ShiftRows and MixColumns steps of AES encryption. | |
| static void | aes_encrypt_block (uint32_t *rk, uint32_t *data) |
| Encrypt a block of data inplace with AES. | |
| static void | aes_cmac_shift_sub_key (uint32_t *k) |
| Left shift by 1 bit and XOR CMAC subkey. | |
| __INLINE void | xor_block (uint32_t *a, uint32_t *b) |
| XOR two vectors of 16 bytes. | |
| static uint64_t | aes_cmac (uint32_t *key, int nb_elem, uint32_t addr[], int len[]) |
| Compute AES-CMAC on provided vectors. | |
| uint64_t | mfp_compute_bip (struct key_info_tag *key, uint32_t frame_addr, int frame_len, int machdr_len, uint32_t mmic_addr) |
| Compute MIC for BIP (Broadcast Integrity Protocol). | |
Variables | |
| static const uint8_t | sbox_t [256] |
| Substitution box. | |
| static const uint8_t | x_time2_sbox_t [256] |
| Substitution box (square). | |
| static const uint8_t | x_time3_sbox_t [256] |
| Substitution box (cube). | |
| const uint32_t | rcon_t [] |
| rcon: exponentiation of 2 to a user-specified value | |
| uint16_t | mfp_aad [10] |
| Additional Authentication Data vector for MIC computation Must be in SHARED RAM when HSU is used. | |
Detailed Description
Structures and Helper functions of the UMAC's MFP Module.
Enumeration Type Documentation
| enum mfp_protection |
Function Documentation
| __INLINE void add_round_key | ( | uint32_t * | rk, | |
| uint32_t * | data, | |||
| int | r | |||
| ) |
AddRoundKey step of AES encryption.
- Parameters:
-
[in] rk Expanded key [in,out] data Block of data (16 bytes) [in] r round index
Definition at line 158 of file mfp_bip.c.
Referenced by aes_encrypt_block().
| static uint64_t aes_cmac | ( | uint32_t * | key, | |
| int | nb_elem, | |||
| uint32_t | addr[], | |||
| int | len[] | |||
| ) | [static] |
Compute AES-CMAC on provided vectors.
Software implementation for AES-CMAC.
- Parameters:
-
[in] key Key (16 bytes) [in] nb_elem Number of element in addrandlentables.[in] addr Table of input vector addresses (HW address) [in] len Table of input vector length (in bytes)
- Returns:
- AES_CMAC value of all input vectors concatenated.
Definition at line 315 of file mfp_bip.c.
References aes_cmac_shift_sub_key(), aes_encrypt_block(), aes_expand_key(), co_read32p(), co_read8p(), co_write8p(), CPU2HW, and xor_block().
| static void aes_cmac_shift_sub_key | ( | uint32_t * | k | ) | [static] |
Left shift by 1 bit and XOR CMAC subkey.
- Parameters:
-
[in,out] k Subkey to shift (16 bytes)
Definition at line 261 of file mfp_bip.c.
Referenced by aes_cmac().
| static void aes_encrypt_block | ( | uint32_t * | rk, | |
| uint32_t * | data | |||
| ) | [static] |
Encrypt a block of data inplace with AES.
- Parameters:
-
[in] rk Expanded key [in,out] data Block of data to encrypt in place (16 bytes)
Definition at line 236 of file mfp_bip.c.
References add_round_key(), mix_shift_sub(), and shift_sub().
Referenced by aes_cmac().
| static void aes_expand_key | ( | uint32_t * | key, | |
| uint32_t * | rk | |||
| ) | [static] |
expand AES key.
- Parameters:
-
[in] key Key to expand (16 bytes) [out] rk Buffer to store expanded key (11 rounds: 11*16 bytes)
Definition at line 128 of file mfp_bip.c.
References sched_core().
Referenced by aes_cmac().
| int mfp_add_mgmt_mic | ( | struct txdesc * | txdesc, | |
| uint32_t | frame, | |||
| int | length, | |||
| uint32_t | mmic | |||
| ) |
Add the MGMT MIC IE at the end of the frame.
- Parameters:
-
[in] txdesc TX descriptor for the frame (need updated vif id) [in] frame Address of frame must be an HW address [in] length Size in bytes of the frame (Does NOT include MGMT MIC IE) [in] mmic Address of the MGMT MIC element (HW address). Can be set to 0 if there is enough space in the buffer pointed by frame.
- Returns:
- Size of the MGMT MIC IE added
Referenced by txl_hwdesc_config_post().
| static bool mfp_check_mmic_ie | ( | uint32_t | frame, | |
| uint16_t | length, | |||
| uint16_t | machdr_len, | |||
| struct vif_info_tag * | vif, | |||
| struct sta_info_tag * | sta | |||
| ) | [static] |
Check validity of MGMT MIC IE.
- Parameters:
-
[in] frame Pointer to the frame buffer [in] length Size, in bytes, of the frames [in] machdr_len Size, in bytes, of the mac header in the frame [in] vif Poiner to VIF structure [in] sta Pointer to STA structure (only if MESH is enabled)
- Returns:
- True if the frame contains a valid MGMT MIC IE, false otherwise.
Definition at line 58 of file mfp.c.
References co_read16p(), co_read64p(), co_write8p(), vif_info_tag::key_info, sta_mgmt_sec_info::key_mfp_mesh_info, MAC_DEFAULT_KEY_COUNT, mac_ie_mgmt_mic_find(), MAC_MGMT_MIC_IPN_OFT, MAC_MGMT_MIC_KEYID_OFT, MAC_MGMT_MIC_LEN, MAC_MGMT_MIC_MIC_LEN, MAC_MGMT_MIC_MIC_OFT, mfp_compute_bip(), key_info_tag::rx_pn, sta_info_tag::sta_sec_info, vif_info_tag::type, key_info_tag::valid, and VIF_MESH_POINT.
| uint64_t mfp_compute_bip | ( | struct key_info_tag * | key, | |
| uint32_t | frame_addr, | |||
| int | frame_len, | |||
| int | machdr_len, | |||
| uint32_t | mmic_addr | |||
| ) |
Compute MIC for BIP (Broadcast Integrity Protocol).
The function takes a complete frame as parameter, with a MGMT MIC Element whose MIC field has been set to zero. If the MGMT MIC element is already located at the end of the frame then the parameter mmic_addr can be set to 0. It does not update MIC field in MGMT MIC Element.
- Parameters:
-
[in] key Key for BIP (aka IGTK) [in] frame_addr Address of frame (HW address) [in] frame_len Size in bytes of the frame (excluding MGMT MIC elt) [in] machdr_len Size in bytes on MAC header in the frame [in] mmic_addr Optional address of the MGMT MIC element if not included in the frame buffer (HW address)
- Returns:
- MIC value for this frame
Referenced by mfp_check_mmic_ie().
| bool mfp_ignore_mgmt_frame | ( | struct rx_cntrl_rx_status * | rx_status, | |
| uint32_t * | frame, | |||
| uint16_t | frmlen, | |||
| bool * | upload | |||
| ) |
Check if the management frame must be ignored.
To be called when a management frame is received. The function will ignore a robust management frame if:
- It is is received from unknown STA
- It is a unicast frame from a STA with MFP enabled and it is not protected
- It is a multicast frame, MFP is enabled on the vif and it doesn't have a valid MGMT MIC IE
- It is a "Group Adressed Privacy" Action frame not protected (whatever the MFP status of the VIF)
Even if a frame is ignored, it may be needed to report it to upper layer (e.g. to start SA query procedure). In this case, if a frame is ignored
- Parameters:
-
upload is used to indicate if it must be reported to host.
- Note:
- In case of multicast frame with MGMT MIC IE, the function will clear the mic value.
- Parameters:
-
[in] rx_status Information on received frame [in] frame Address of frame (must be an HW address) [in] frmlen Size in bytes of the frame (including MGMT MIC IE) [out] upload Updated only if it returns true
- Returns:
- True is the frame must be discarded, false otherwise.
Referenced by rxu_mgt_frame_check().
| static bool mfp_is_group_addressed_privacy | ( | uint16_t | frame_cntl, | |
| uint8_t | action | |||
| ) | [static] |
Check if it is an action frame indicated as "Group Addressed Privacy".
"Group Addressed Privacy" action frame are sent encrypted using the group key. So far it is only used for MESH and MultiHop action frames.
- Parameters:
-
[in] frame_cntl The Frame Control field of the Frame [in] action Action field if the frame is an Action frame
- Returns:
- true for "group Addressed privacy" action frame and false otherwise.
Definition at line 37 of file mfp.c.
References MAC_FCTRL_ACTION_ST, MAC_FCTRL_MGT_T, MAC_FCTRL_SUBT_MASK, MAC_FCTRL_TYPE_MASK, MAC_MESH_ACTION_CATEGORY, and MAC_MULTIHOP_ACTION_CATEGORY.
| bool mfp_is_robust_frame | ( | uint16_t | frame_cntl, | |
| uint8_t | action | |||
| ) |
Check if it is a robust management frame.
- Parameters:
-
[in] frame_cntl The Frame Control field of the Frame [in] action Action field if the frame is an Action frame
- Returns:
- true if it is a robust management frame, false otherwise.
| enum mfp_protection mfp_protect_mgmt_frame | ( | struct txdesc * | txdesc, | |
| uint16_t | fctl, | |||
| uint8_t | action | |||
| ) |
Check if the management frame must be protected.
Return if the frame must be protected or not. A frame may need unicast protection (i.e. encrypted with pairwise key) or multicast protection (i.e. adding a MGMT MIC IE at the end). See txu_cntrl_protect_mgmt_frame and mfp_add_mgmt_mic for adding the protection to the frame.
- Note:
- Some management frames must sometimes be protected even if MFP is not enabled for the connection (e.g. "Group Addresses Privacy" action frame).
- Parameters:
-
[in] txdesc TX descriptor for the frame (need updated vif and sta id) [in] fctl Frame control field of the frame [in] action First byte on the MPDU body (i.e. action category for Action frame)
- Returns:
- The type of protection to apply on the frame.
Referenced by txu_cntrl_umacdesc_mgmt_prep().
| __INLINE void mix_shift_sub | ( | uint32_t * | data | ) |
| __INLINE uint32_t sched_core | ( | uint32_t | val, | |
| int | r | |||
| ) |
Key schedule core function.
- Parameters:
-
[in] val Input value [in] r round index
- Returns:
- val after rotate, rcon and sbox steps
Definition at line 112 of file mfp_bip.c.
Referenced by aes_expand_key().
| __INLINE void shift_sub | ( | uint32_t * | data | ) |
SubBytes and ShiftRows steps of AES encryption.
- Parameters:
-
[in,out] data Block of data (16 bytes)
Definition at line 174 of file mfp_bip.c.
References S.
Referenced by aes_encrypt_block().
| __INLINE void xor_block | ( | uint32_t * | a, | |
| uint32_t * | b | |||
| ) |
XOR two vectors of 16 bytes.
It is assumed that both vectors are aligned on 32bits
- Parameters:
-
[in,out] a First input and output vector [in] b Second input vector
Definition at line 292 of file mfp_bip.c.
Referenced by aes_cmac().
Variable Documentation
| uint16_t mfp_aad[10] |
| const uint32_t rcon_t[] |
{
0x01, 0x02, 0x04, 0x08, 0x10, 0x20, 0x40, 0x80, 0x1b, 0x36,
}
rcon: exponentiation of 2 to a user-specified value
Definition at line 98 of file mfp_bip.c.
Referenced by sched_core().
const uint8_t sbox_t[256] [static] |
{
0x63, 0x7c, 0x77, 0x7b, 0xf2, 0x6b, 0x6f, 0xc5, 0x30, 0x01, 0x67, 0x2b, 0xfe, 0xd7, 0xab, 0x76,
0xca, 0x82, 0xc9, 0x7d, 0xfa, 0x59, 0x47, 0xf0, 0xad, 0xd4, 0xa2, 0xaf, 0x9c, 0xa4, 0x72, 0xc0,
0xb7, 0xfd, 0x93, 0x26, 0x36, 0x3f, 0xf7, 0xcc, 0x34, 0xa5, 0xe5, 0xf1, 0x71, 0xd8, 0x31, 0x15,
0x04, 0xc7, 0x23, 0xc3, 0x18, 0x96, 0x05, 0x9a, 0x07, 0x12, 0x80, 0xe2, 0xeb, 0x27, 0xb2, 0x75,
0x09, 0x83, 0x2c, 0x1a, 0x1b, 0x6e, 0x5a, 0xa0, 0x52, 0x3b, 0xd6, 0xb3, 0x29, 0xe3, 0x2f, 0x84,
0x53, 0xd1, 0x00, 0xed, 0x20, 0xfc, 0xb1, 0x5b, 0x6a, 0xcb, 0xbe, 0x39, 0x4a, 0x4c, 0x58, 0xcf,
0xd0, 0xef, 0xaa, 0xfb, 0x43, 0x4d, 0x33, 0x85, 0x45, 0xf9, 0x02, 0x7f, 0x50, 0x3c, 0x9f, 0xa8,
0x51, 0xa3, 0x40, 0x8f, 0x92, 0x9d, 0x38, 0xf5, 0xbc, 0xb6, 0xda, 0x21, 0x10, 0xff, 0xf3, 0xd2,
0xcd, 0x0c, 0x13, 0xec, 0x5f, 0x97, 0x44, 0x17, 0xc4, 0xa7, 0x7e, 0x3d, 0x64, 0x5d, 0x19, 0x73,
0x60, 0x81, 0x4f, 0xdc, 0x22, 0x2a, 0x90, 0x88, 0x46, 0xee, 0xb8, 0x14, 0xde, 0x5e, 0x0b, 0xdb,
0xe0, 0x32, 0x3a, 0x0a, 0x49, 0x06, 0x24, 0x5c, 0xc2, 0xd3, 0xac, 0x62, 0x91, 0x95, 0xe4, 0x79,
0xe7, 0xc8, 0x37, 0x6d, 0x8d, 0xd5, 0x4e, 0xa9, 0x6c, 0x56, 0xf4, 0xea, 0x65, 0x7a, 0xae, 0x08,
0xba, 0x78, 0x25, 0x2e, 0x1c, 0xa6, 0xb4, 0xc6, 0xe8, 0xdd, 0x74, 0x1f, 0x4b, 0xbd, 0x8b, 0x8a,
0x70, 0x3e, 0xb5, 0x66, 0x48, 0x03, 0xf6, 0x0e, 0x61, 0x35, 0x57, 0xb9, 0x86, 0xc1, 0x1d, 0x9e,
0xe1, 0xf8, 0x98, 0x11, 0x69, 0xd9, 0x8e, 0x94, 0x9b, 0x1e, 0x87, 0xe9, 0xce, 0x55, 0x28, 0xdf,
0x8c, 0xa1, 0x89, 0x0d, 0xbf, 0xe6, 0x42, 0x68, 0x41, 0x99, 0x2d, 0x0f, 0xb0, 0x54, 0xbb, 0x16
}
Substitution box.
const uint8_t x_time2_sbox_t[256] [static] |
{
0xc6, 0xf8, 0xee, 0xf6, 0xff, 0xd6, 0xde, 0x91, 0x60, 0x02, 0xce, 0x56, 0xe7, 0xb5, 0x4d, 0xec,
0x8f, 0x1f, 0x89, 0xfa, 0xef, 0xb2, 0x8e, 0xfb, 0x41, 0xb3, 0x5f, 0x45, 0x23, 0x53, 0xe4, 0x9b,
0x75, 0xe1, 0x3d, 0x4c, 0x6c, 0x7e, 0xf5, 0x83, 0x68, 0x51, 0xd1, 0xf9, 0xe2, 0xab, 0x62, 0x2a,
0x08, 0x95, 0x46, 0x9d, 0x30, 0x37, 0x0a, 0x2f, 0x0e, 0x24, 0x1b, 0xdf, 0xcd, 0x4e, 0x7f, 0xea,
0x12, 0x1d, 0x58, 0x34, 0x36, 0xdc, 0xb4, 0x5b, 0xa4, 0x76, 0xb7, 0x7d, 0x52, 0xdd, 0x5e, 0x13,
0xa6, 0xb9, 0x00, 0xc1, 0x40, 0xe3, 0x79, 0xb6, 0xd4, 0x8d, 0x67, 0x72, 0x94, 0x98, 0xb0, 0x85,
0xbb, 0xc5, 0x4f, 0xed, 0x86, 0x9a, 0x66, 0x11, 0x8a, 0xe9, 0x04, 0xfe, 0xa0, 0x78, 0x25, 0x4b,
0xa2, 0x5d, 0x80, 0x05, 0x3f, 0x21, 0x70, 0xf1, 0x63, 0x77, 0xaf, 0x42, 0x20, 0xe5, 0xfd, 0xbf,
0x81, 0x18, 0x26, 0xc3, 0xbe, 0x35, 0x88, 0x2e, 0x93, 0x55, 0xfc, 0x7a, 0xc8, 0xba, 0x32, 0xe6,
0xc0, 0x19, 0x9e, 0xa3, 0x44, 0x54, 0x3b, 0x0b, 0x8c, 0xc7, 0x6b, 0x28, 0xa7, 0xbc, 0x16, 0xad,
0xdb, 0x64, 0x74, 0x14, 0x92, 0x0c, 0x48, 0xb8, 0x9f, 0xbd, 0x43, 0xc4, 0x39, 0x31, 0xd3, 0xf2,
0xd5, 0x8b, 0x6e, 0xda, 0x01, 0xb1, 0x9c, 0x49, 0xd8, 0xac, 0xf3, 0xcf, 0xca, 0xf4, 0x47, 0x10,
0x6f, 0xf0, 0x4a, 0x5c, 0x38, 0x57, 0x73, 0x97, 0xcb, 0xa1, 0xe8, 0x3e, 0x96, 0x61, 0x0d, 0x0f,
0xe0, 0x7c, 0x71, 0xcc, 0x90, 0x06, 0xf7, 0x1c, 0xc2, 0x6a, 0xae, 0x69, 0x17, 0x99, 0x3a, 0x27,
0xd9, 0xeb, 0x2b, 0x22, 0xd2, 0xa9, 0x07, 0x33, 0x2d, 0x3c, 0x15, 0xc9, 0x87, 0xaa, 0x50, 0xa5,
0x03, 0x59, 0x09, 0x1a, 0x65, 0xd7, 0x84, 0xd0, 0x82, 0x29, 0x5a, 0x1e, 0x7b, 0xa8, 0x6d, 0x2c
}
Substitution box (square).
const uint8_t x_time3_sbox_t[256] [static] |
{
0xa5, 0x84, 0x99, 0x8d, 0x0d, 0xbd, 0xb1, 0x54, 0x50, 0x03, 0xa9, 0x7d, 0x19, 0x62, 0xe6, 0x9a,
0x45, 0x9d, 0x40, 0x87, 0x15, 0xeb, 0xc9, 0x0b, 0xec, 0x67, 0xfd, 0xea, 0xbf, 0xf7, 0x96, 0x5b,
0xc2, 0x1c, 0xae, 0x6a, 0x5a, 0x41, 0x02, 0x4f, 0x5c, 0xf4, 0x34, 0x08, 0x93, 0x73, 0x53, 0x3f,
0x0c, 0x52, 0x65, 0x5e, 0x28, 0xa1, 0x0f, 0xb5, 0x09, 0x36, 0x9b, 0x3d, 0x26, 0x69, 0xcd, 0x9f,
0x1b, 0x9e, 0x74, 0x2e, 0x2d, 0xb2, 0xee, 0xfb, 0xf6, 0x4d, 0x61, 0xce, 0x7b, 0x3e, 0x71, 0x97,
0xf5, 0x68, 0x00, 0x2c, 0x60, 0x1f, 0xc8, 0xed, 0xbe, 0x46, 0xd9, 0x4b, 0xde, 0xd4, 0xe8, 0x4a,
0x6b, 0x2a, 0xe5, 0x16, 0xc5, 0xd7, 0x55, 0x94, 0xcf, 0x10, 0x06, 0x81, 0xf0, 0x44, 0xba, 0xe3,
0xf3, 0xfe, 0xc0, 0x8a, 0xad, 0xbc, 0x48, 0x04, 0xdf, 0xc1, 0x75, 0x63, 0x30, 0x1a, 0x0e, 0x6d,
0x4c, 0x14, 0x35, 0x2f, 0xe1, 0xa2, 0xcc, 0x39, 0x57, 0xf2, 0x82, 0x47, 0xac, 0xe7, 0x2b, 0x95,
0xa0, 0x98, 0xd1, 0x7f, 0x66, 0x7e, 0xab, 0x83, 0xca, 0x29, 0xd3, 0x3c, 0x79, 0xe2, 0x1d, 0x76,
0x3b, 0x56, 0x4e, 0x1e, 0xdb, 0x0a, 0x6c, 0xe4, 0x5d, 0x6e, 0xef, 0xa6, 0xa8, 0xa4, 0x37, 0x8b,
0x32, 0x43, 0x59, 0xb7, 0x8c, 0x64, 0xd2, 0xe0, 0xb4, 0xfa, 0x07, 0x25, 0xaf, 0x8e, 0xe9, 0x18,
0xd5, 0x88, 0x6f, 0x72, 0x24, 0xf1, 0xc7, 0x51, 0x23, 0x7c, 0x9c, 0x21, 0xdd, 0xdc, 0x86, 0x85,
0x90, 0x42, 0xc4, 0xaa, 0xd8, 0x05, 0x01, 0x12, 0xa3, 0x5f, 0xf9, 0xd0, 0x91, 0x58, 0x27, 0xb9,
0x38, 0x13, 0xb3, 0x33, 0xbb, 0x70, 0x89, 0xa7, 0xb6, 0x22, 0x92, 0x20, 0x49, 0xff, 0x78, 0x7a,
0x8f, 0xf8, 0x80, 0x17, 0xda, 0x31, 0xc6, 0xb8, 0xc3, 0xb0, 0x77, 0x11, 0xcb, 0xfc, 0xd6, 0x3a
}
Substitution box (cube).
