#include "./vsf_wifi_cfg.h"
#include "kernel/vsf_kernel.h"

Macros
#define	VSF_WIFI_PMK_LEN 32 /* pairwise master key */

#define	VSF_WIFI_PTK_LEN 48 /* CCMP PTK = KCK(16)+KEK(16)+TK(16) */

#define	VSF_WIFI_KCK_LEN 16 /* EAPOL-Key MIC key */

#define	VSF_WIFI_KEK_LEN 16 /* EAPOL-Key encryption (GTK) key */

#define	VSF_WIFI_TK_LEN 16 /* CCMP temporal key */

#define	VSF_WIFI_NONCE_LEN 32 /* ANonce / SNonce */

#define	VSF_WIFI_MIC_LEN 16 /* EAPOL-Key MIC (HMAC-SHA1 truncated) */

#define	VSF_WIFI_CCMP_NONCE_LEN 13 /* CCM nonce: flag(1)+A2(6)+PN(6) */

#define	VSF_WIFI_CCMP_MIC_LEN 8 /* CCMP MIC */

Functions
vsf_err_t	vsf_wifi_pbkdf2_pmk (const char passphrase, const uint8_t ssid, uint16_t ssid_len, uint8_t pmk[32])
	Derive the PMK from a passphrase using PBKDF2-HMAC-SHA1 (4096 rounds). salt = SSID, dkLen = 32. (IEEE 802.11i WPA-PSK)

vsf_err_t	vsf_wifi_prf_ptk (const uint8_t pmk[32], const uint8_t aa[6], const uint8_t spa[6], const uint8_t anonce[32], const uint8_t snonce[32], uint8_t ptk[48])
	Derive the 384-bit PTK using PRF-384 (HMAC-SHA1). label = "Pairwise key expansion", data = Min(AA,SPA)\|\|Max(AA,SPA)\|\|Min(ANonce,SNonce)\|\|Max(ANonce,SNonce). ptk layout: KCK[0:16] \| KEK[16:32] \| TK[32:48].

vsf_err_t	vsf_wifi_eapol_mic (const uint8_t kck[16], const uint8_t *eapol, uint16_t eapol_len, uint8_t mic[16])
	Compute the EAPOL-Key MIC (key descriptor version 2 = HMAC-SHA1 truncated to 16 bytes). The caller must zero the MIC field of the EAPOL frame before calling.

vsf_err_t	vsf_wifi_aes_unwrap (const uint8_t kek, uint16_t kek_len, const uint8_t in, uint16_t in_len, uint8_t *out)
	AES key unwrap (RFC 3394), used to recover the GTK from EAPOL-Key M3. in_len must be a multiple of 8 and >= 24; out_len = in_len - 8.

vsf_err_t	vsf_wifi_ccmp_encrypt (const uint8_t tk[16], const uint8_t aad, uint16_t aad_len, const uint8_t nonce[13], const uint8_t plain, uint16_t plain_len, uint8_t *cipher, uint8_t mic[8])
	CCMP encrypt: AES-CCM with L=2, M=8. Produces cipher (== plain_len) and an 8-byte MIC. nonce = flag\|\|A2\|\|PN (13 bytes); aad = 802.11 AAD.

vsf_err_t	vsf_wifi_ccmp_decrypt (const uint8_t tk[16], const uint8_t aad, uint16_t aad_len, const uint8_t nonce[13], const uint8_t cipher, uint16_t cipher_len, uint8_t *plain, const uint8_t mic[8])
	CCMP decrypt + authenticate. Returns VSF_ERR_FAIL if the MIC check fails (forged / corrupted frame).

vsf_err_t	vsf_wifi_crypto_selftest (void)
	Run the built-in crypto self-test against IEEE 802.11i / RFC test vectors. Returns VSF_ERR_NONE if all vectors pass.

Macro Definition Documentation

◆ VSF_WIFI_PMK_LEN

#define VSF_WIFI_PMK_LEN 32 /* pairwise master key */

◆ VSF_WIFI_PTK_LEN

#define VSF_WIFI_PTK_LEN 48 /* CCMP PTK = KCK(16)+KEK(16)+TK(16) */

◆ VSF_WIFI_KCK_LEN

#define VSF_WIFI_KCK_LEN 16 /* EAPOL-Key MIC key */

◆ VSF_WIFI_KEK_LEN

#define VSF_WIFI_KEK_LEN 16 /* EAPOL-Key encryption (GTK) key */

◆ VSF_WIFI_TK_LEN

#define VSF_WIFI_TK_LEN 16 /* CCMP temporal key */

◆ VSF_WIFI_NONCE_LEN

#define VSF_WIFI_NONCE_LEN 32 /* ANonce / SNonce */

◆ VSF_WIFI_MIC_LEN

#define VSF_WIFI_MIC_LEN 16 /* EAPOL-Key MIC (HMAC-SHA1 truncated) */

◆ VSF_WIFI_CCMP_NONCE_LEN

#define VSF_WIFI_CCMP_NONCE_LEN 13 /* CCM nonce: flag(1)+A2(6)+PN(6) */

◆ VSF_WIFI_CCMP_MIC_LEN

#define VSF_WIFI_CCMP_MIC_LEN 8 /* CCMP MIC */

Function Documentation

◆ vsf_wifi_pbkdf2_pmk()

vsf_err_t vsf_wifi_pbkdf2_pmk	(	const char *	passphrase,
		const uint8_t *	ssid,
		uint16_t	ssid_len,
		uint8_t	pmk[32] )

extern

Derive the PMK from a passphrase using PBKDF2-HMAC-SHA1 (4096 rounds). salt = SSID, dkLen = 32. (IEEE 802.11i WPA-PSK)

◆ vsf_wifi_prf_ptk()

vsf_err_t vsf_wifi_prf_ptk	(	const uint8_t	pmk[32],
		const uint8_t	aa[6],
		const uint8_t	spa[6],
		const uint8_t	anonce[32],
		const uint8_t	snonce[32],
		uint8_t	ptk[48] )

extern

Derive the 384-bit PTK using PRF-384 (HMAC-SHA1). label = "Pairwise key expansion", data = Min(AA,SPA)||Max(AA,SPA)||Min(ANonce,SNonce)||Max(ANonce,SNonce). ptk layout: KCK[0:16] | KEK[16:32] | TK[32:48].

◆ vsf_wifi_eapol_mic()

vsf_err_t vsf_wifi_eapol_mic	(	const uint8_t	kck[16],
		const uint8_t *	eapol,
		uint16_t	eapol_len,
		uint8_t	mic[16] )

extern

Compute the EAPOL-Key MIC (key descriptor version 2 = HMAC-SHA1 truncated to 16 bytes). The caller must zero the MIC field of the EAPOL frame before calling.

◆ vsf_wifi_aes_unwrap()

vsf_err_t vsf_wifi_aes_unwrap	(	const uint8_t *	kek,
		uint16_t	kek_len,
		const uint8_t *	in,
		uint16_t	in_len,
		uint8_t *	out )

extern

AES key unwrap (RFC 3394), used to recover the GTK from EAPOL-Key M3. in_len must be a multiple of 8 and >= 24; out_len = in_len - 8.

◆ vsf_wifi_ccmp_encrypt()

vsf_err_t vsf_wifi_ccmp_encrypt	(	const uint8_t	tk[16],
		const uint8_t *	aad,
		uint16_t	aad_len,
		const uint8_t	nonce[13],
		const uint8_t *	plain,
		uint16_t	plain_len,
		uint8_t *	cipher,
		uint8_t	mic[8] )

extern

CCMP encrypt: AES-CCM with L=2, M=8. Produces cipher (== plain_len) and an 8-byte MIC. nonce = flag||A2||PN (13 bytes); aad = 802.11 AAD.

◆ vsf_wifi_ccmp_decrypt()

vsf_err_t vsf_wifi_ccmp_decrypt	(	const uint8_t	tk[16],
		const uint8_t *	aad,
		uint16_t	aad_len,
		const uint8_t	nonce[13],
		const uint8_t *	cipher,
		uint16_t	cipher_len,
		uint8_t *	plain,
		const uint8_t	mic[8] )

extern

CCMP decrypt + authenticate. Returns VSF_ERR_FAIL if the MIC check fails (forged / corrupted frame).

◆ vsf_wifi_crypto_selftest()

vsf_err_t vsf_wifi_crypto_selftest ( void )

extern

Run the built-in crypto self-test against IEEE 802.11i / RFC test vectors. Returns VSF_ERR_NONE if all vectors pass.

Macros

Functions

Macro Definition Documentation

◆ VSF_WIFI_PMK_LEN

◆ VSF_WIFI_PTK_LEN

◆ VSF_WIFI_KCK_LEN

◆ VSF_WIFI_KEK_LEN

◆ VSF_WIFI_TK_LEN

◆ VSF_WIFI_NONCE_LEN

◆ VSF_WIFI_MIC_LEN

◆ VSF_WIFI_CCMP_NONCE_LEN

◆ VSF_WIFI_CCMP_MIC_LEN

Function Documentation

◆ vsf_wifi_pbkdf2_pmk()

◆ vsf_wifi_prf_ptk()

◆ vsf_wifi_eapol_mic()

◆ vsf_wifi_aes_unwrap()

◆ vsf_wifi_ccmp_encrypt()

◆ vsf_wifi_ccmp_decrypt()

◆ vsf_wifi_crypto_selftest()