1 // SPDX-License-Identifier: GPL-2.0
2 /******************************************************************************
3 *
4 * Copyright(c) 2007 - 2011 Realtek Corporation. All rights reserved.
5 *
6 ******************************************************************************/
7 #define _RTW_SECURITY_C_
8
9 #include <linux/crc32poly.h>
10 #include <drv_types.h>
11 #include <rtw_debug.h>
12
13 static const char * const _security_type_str[] = {
14 "N/A",
15 "WEP40",
16 "TKIP",
17 "TKIP_WM",
18 "AES",
19 "WEP104",
20 "SMS4",
21 "WEP_WPA",
22 "BIP",
23 };
24
security_type_str(u8 value)25 const char *security_type_str(u8 value)
26 {
27 if (value <= _BIP_)
28 return _security_type_str[value];
29 return NULL;
30 }
31
32 /* WEP related ===== */
33
34 struct arc4context {
35 u32 x;
36 u32 y;
37 u8 state[256];
38 };
39
40
arcfour_init(struct arc4context * parc4ctx,u8 * key,u32 key_len)41 static void arcfour_init(struct arc4context *parc4ctx, u8 *key, u32 key_len)
42 {
43 u32 t, u;
44 u32 keyindex;
45 u32 stateindex;
46 u8 *state;
47 u32 counter;
48
49 state = parc4ctx->state;
50 parc4ctx->x = 0;
51 parc4ctx->y = 0;
52 for (counter = 0; counter < 256; counter++)
53 state[counter] = (u8)counter;
54 keyindex = 0;
55 stateindex = 0;
56 for (counter = 0; counter < 256; counter++) {
57 t = state[counter];
58 stateindex = (stateindex + key[keyindex] + t) & 0xff;
59 u = state[stateindex];
60 state[stateindex] = (u8)t;
61 state[counter] = (u8)u;
62 if (++keyindex >= key_len)
63 keyindex = 0;
64 }
65 }
66
arcfour_byte(struct arc4context * parc4ctx)67 static u32 arcfour_byte(struct arc4context *parc4ctx)
68 {
69 u32 x;
70 u32 y;
71 u32 sx, sy;
72 u8 *state;
73
74 state = parc4ctx->state;
75 x = (parc4ctx->x + 1) & 0xff;
76 sx = state[x];
77 y = (sx + parc4ctx->y) & 0xff;
78 sy = state[y];
79 parc4ctx->x = x;
80 parc4ctx->y = y;
81 state[y] = (u8)sx;
82 state[x] = (u8)sy;
83 return state[(sx + sy) & 0xff];
84 }
85
arcfour_encrypt(struct arc4context * parc4ctx,u8 * dest,u8 * src,u32 len)86 static void arcfour_encrypt(struct arc4context *parc4ctx, u8 *dest, u8 *src, u32 len)
87 {
88 u32 i;
89
90 for (i = 0; i < len; i++)
91 dest[i] = src[i] ^ (unsigned char)arcfour_byte(parc4ctx);
92 }
93
94 static signed int bcrc32initialized;
95 static u32 crc32_table[256];
96
97
crc32_reverseBit(u8 data)98 static u8 crc32_reverseBit(u8 data)
99 {
100 return((u8)((data<<7)&0x80) | ((data<<5)&0x40) | ((data<<3)&0x20) | ((data<<1)&0x10) | ((data>>1)&0x08) | ((data>>3)&0x04) | ((data>>5)&0x02) | ((data>>7)&0x01));
101 }
102
crc32_init(void)103 static void crc32_init(void)
104 {
105 if (bcrc32initialized == 1)
106 return;
107 else {
108 signed int i, j;
109 u32 c;
110 u8 *p = (u8 *)&c, *p1;
111 u8 k;
112
113 c = 0x12340000;
114
115 for (i = 0; i < 256; ++i) {
116 k = crc32_reverseBit((u8)i);
117 for (c = ((u32)k) << 24, j = 8; j > 0; --j)
118 c = c & 0x80000000 ? (c << 1) ^ CRC32_POLY_BE : (c << 1);
119 p1 = (u8 *)&crc32_table[i];
120
121 p1[0] = crc32_reverseBit(p[3]);
122 p1[1] = crc32_reverseBit(p[2]);
123 p1[2] = crc32_reverseBit(p[1]);
124 p1[3] = crc32_reverseBit(p[0]);
125 }
126 bcrc32initialized = 1;
127 }
128 }
129
getcrc32(u8 * buf,signed int len)130 static __le32 getcrc32(u8 *buf, signed int len)
131 {
132 u8 *p;
133 u32 crc;
134
135 if (bcrc32initialized == 0)
136 crc32_init();
137
138 crc = 0xffffffff; /* preload shift register, per CRC-32 spec */
139
140 for (p = buf; len > 0; ++p, --len)
141 crc = crc32_table[(crc ^ *p) & 0xff] ^ (crc >> 8);
142 return cpu_to_le32(~crc); /* transmit complement, per CRC-32 spec */
143 }
144
145
146 /*
147 Need to consider the fragment situation
148 */
rtw_wep_encrypt(struct adapter * padapter,u8 * pxmitframe)149 void rtw_wep_encrypt(struct adapter *padapter, u8 *pxmitframe)
150 { /* exclude ICV */
151
152 unsigned char crc[4];
153 struct arc4context mycontext;
154
155 signed int curfragnum, length;
156 u32 keylength;
157
158 u8 *pframe, *payload, *iv; /* wepkey */
159 u8 wepkey[16];
160 u8 hw_hdr_offset = 0;
161 struct pkt_attrib *pattrib = &((struct xmit_frame *)pxmitframe)->attrib;
162 struct security_priv *psecuritypriv = &padapter->securitypriv;
163 struct xmit_priv *pxmitpriv = &padapter->xmitpriv;
164
165 if (((struct xmit_frame *)pxmitframe)->buf_addr == NULL)
166 return;
167
168 hw_hdr_offset = TXDESC_OFFSET;
169 pframe = ((struct xmit_frame *)pxmitframe)->buf_addr + hw_hdr_offset;
170
171 /* start to encrypt each fragment */
172 if ((pattrib->encrypt == _WEP40_) || (pattrib->encrypt == _WEP104_)) {
173 keylength = psecuritypriv->dot11DefKeylen[psecuritypriv->dot11PrivacyKeyIndex];
174
175 for (curfragnum = 0; curfragnum < pattrib->nr_frags; curfragnum++) {
176 iv = pframe+pattrib->hdrlen;
177 memcpy(&wepkey[0], iv, 3);
178 memcpy(&wepkey[3], &psecuritypriv->dot11DefKey[psecuritypriv->dot11PrivacyKeyIndex].skey[0], keylength);
179 payload = pframe+pattrib->iv_len+pattrib->hdrlen;
180
181 if ((curfragnum+1) == pattrib->nr_frags) { /* the last fragment */
182
183 length = pattrib->last_txcmdsz-pattrib->hdrlen-pattrib->iv_len-pattrib->icv_len;
184
185 *((__le32 *)crc) = getcrc32(payload, length);
186
187 arcfour_init(&mycontext, wepkey, 3+keylength);
188 arcfour_encrypt(&mycontext, payload, payload, length);
189 arcfour_encrypt(&mycontext, payload+length, crc, 4);
190
191 } else {
192 length = pxmitpriv->frag_len-pattrib->hdrlen-pattrib->iv_len-pattrib->icv_len;
193 *((__le32 *)crc) = getcrc32(payload, length);
194 arcfour_init(&mycontext, wepkey, 3+keylength);
195 arcfour_encrypt(&mycontext, payload, payload, length);
196 arcfour_encrypt(&mycontext, payload+length, crc, 4);
197
198 pframe += pxmitpriv->frag_len;
199 pframe = (u8 *)round_up((SIZE_PTR)(pframe), 4);
200 }
201 }
202 }
203 }
204
rtw_wep_decrypt(struct adapter * padapter,u8 * precvframe)205 void rtw_wep_decrypt(struct adapter *padapter, u8 *precvframe)
206 {
207 /* exclude ICV */
208 u8 crc[4];
209 struct arc4context mycontext;
210 signed int length;
211 u32 keylength;
212 u8 *pframe, *payload, *iv, wepkey[16];
213 u8 keyindex;
214 struct rx_pkt_attrib *prxattrib = &(((union recv_frame *)precvframe)->u.hdr.attrib);
215 struct security_priv *psecuritypriv = &padapter->securitypriv;
216
217 pframe = (unsigned char *)((union recv_frame *)precvframe)->u.hdr.rx_data;
218
219 /* start to decrypt recvframe */
220 if ((prxattrib->encrypt == _WEP40_) || (prxattrib->encrypt == _WEP104_)) {
221 iv = pframe+prxattrib->hdrlen;
222 /* keyindex =(iv[3]&0x3); */
223 keyindex = prxattrib->key_index;
224 keylength = psecuritypriv->dot11DefKeylen[keyindex];
225 memcpy(&wepkey[0], iv, 3);
226 /* memcpy(&wepkey[3], &psecuritypriv->dot11DefKey[psecuritypriv->dot11PrivacyKeyIndex].skey[0], keylength); */
227 memcpy(&wepkey[3], &psecuritypriv->dot11DefKey[keyindex].skey[0], keylength);
228 length = ((union recv_frame *)precvframe)->u.hdr.len-prxattrib->hdrlen-prxattrib->iv_len;
229
230 payload = pframe+prxattrib->iv_len+prxattrib->hdrlen;
231
232 /* decrypt payload include icv */
233 arcfour_init(&mycontext, wepkey, 3+keylength);
234 arcfour_encrypt(&mycontext, payload, payload, length);
235
236 /* calculate icv and compare the icv */
237 *((u32 *)crc) = le32_to_cpu(getcrc32(payload, length-4));
238
239 }
240 }
241
242 /* 3 =====TKIP related ===== */
243
secmicgetuint32(u8 * p)244 static u32 secmicgetuint32(u8 *p)
245 /* Convert from Byte[] to Us3232 in a portable way */
246 {
247 s32 i;
248 u32 res = 0;
249
250 for (i = 0; i < 4; i++)
251 res |= ((u32)(*p++)) << (8 * i);
252
253 return res;
254 }
255
secmicputuint32(u8 * p,u32 val)256 static void secmicputuint32(u8 *p, u32 val)
257 /* Convert from Us3232 to Byte[] in a portable way */
258 {
259 long i;
260
261 for (i = 0; i < 4; i++) {
262 *p++ = (u8) (val & 0xff);
263 val >>= 8;
264 }
265 }
266
secmicclear(struct mic_data * pmicdata)267 static void secmicclear(struct mic_data *pmicdata)
268 {
269 /* Reset the state to the empty message. */
270 pmicdata->L = pmicdata->K0;
271 pmicdata->R = pmicdata->K1;
272 pmicdata->nBytesInM = 0;
273 pmicdata->M = 0;
274 }
275
rtw_secmicsetkey(struct mic_data * pmicdata,u8 * key)276 void rtw_secmicsetkey(struct mic_data *pmicdata, u8 *key)
277 {
278 /* Set the key */
279 pmicdata->K0 = secmicgetuint32(key);
280 pmicdata->K1 = secmicgetuint32(key + 4);
281 /* and reset the message */
282 secmicclear(pmicdata);
283 }
284
rtw_secmicappendbyte(struct mic_data * pmicdata,u8 b)285 void rtw_secmicappendbyte(struct mic_data *pmicdata, u8 b)
286 {
287 /* Append the byte to our word-sized buffer */
288 pmicdata->M |= ((unsigned long)b) << (8*pmicdata->nBytesInM);
289 pmicdata->nBytesInM++;
290 /* Process the word if it is full. */
291 if (pmicdata->nBytesInM >= 4) {
292 pmicdata->L ^= pmicdata->M;
293 pmicdata->R ^= ROL32(pmicdata->L, 17);
294 pmicdata->L += pmicdata->R;
295 pmicdata->R ^= ((pmicdata->L & 0xff00ff00) >> 8) | ((pmicdata->L & 0x00ff00ff) << 8);
296 pmicdata->L += pmicdata->R;
297 pmicdata->R ^= ROL32(pmicdata->L, 3);
298 pmicdata->L += pmicdata->R;
299 pmicdata->R ^= ROR32(pmicdata->L, 2);
300 pmicdata->L += pmicdata->R;
301 /* Clear the buffer */
302 pmicdata->M = 0;
303 pmicdata->nBytesInM = 0;
304 }
305 }
306
rtw_secmicappend(struct mic_data * pmicdata,u8 * src,u32 nbytes)307 void rtw_secmicappend(struct mic_data *pmicdata, u8 *src, u32 nbytes)
308 {
309 /* This is simple */
310 while (nbytes > 0) {
311 rtw_secmicappendbyte(pmicdata, *src++);
312 nbytes--;
313 }
314 }
315
rtw_secgetmic(struct mic_data * pmicdata,u8 * dst)316 void rtw_secgetmic(struct mic_data *pmicdata, u8 *dst)
317 {
318 /* Append the minimum padding */
319 rtw_secmicappendbyte(pmicdata, 0x5a);
320 rtw_secmicappendbyte(pmicdata, 0);
321 rtw_secmicappendbyte(pmicdata, 0);
322 rtw_secmicappendbyte(pmicdata, 0);
323 rtw_secmicappendbyte(pmicdata, 0);
324 /* and then zeroes until the length is a multiple of 4 */
325 while (pmicdata->nBytesInM != 0)
326 rtw_secmicappendbyte(pmicdata, 0);
327 /* The appendByte function has already computed the result. */
328 secmicputuint32(dst, pmicdata->L);
329 secmicputuint32(dst + 4, pmicdata->R);
330 /* Reset to the empty message. */
331 secmicclear(pmicdata);
332 }
333
334
rtw_seccalctkipmic(u8 * key,u8 * header,u8 * data,u32 data_len,u8 * mic_code,u8 pri)335 void rtw_seccalctkipmic(u8 *key, u8 *header, u8 *data, u32 data_len, u8 *mic_code, u8 pri)
336 {
337
338 struct mic_data micdata;
339 u8 priority[4] = {0x0, 0x0, 0x0, 0x0};
340
341 rtw_secmicsetkey(&micdata, key);
342 priority[0] = pri;
343
344 /* Michael MIC pseudo header: DA, SA, 3 x 0, Priority */
345 if (header[1] & 1) { /* ToDS == 1 */
346 rtw_secmicappend(&micdata, &header[16], 6); /* DA */
347 if (header[1] & 2) /* From Ds == 1 */
348 rtw_secmicappend(&micdata, &header[24], 6);
349 else
350 rtw_secmicappend(&micdata, &header[10], 6);
351 } else { /* ToDS == 0 */
352 rtw_secmicappend(&micdata, &header[4], 6); /* DA */
353 if (header[1] & 2) /* From Ds == 1 */
354 rtw_secmicappend(&micdata, &header[16], 6);
355 else
356 rtw_secmicappend(&micdata, &header[10], 6);
357 }
358 rtw_secmicappend(&micdata, &priority[0], 4);
359
360
361 rtw_secmicappend(&micdata, data, data_len);
362
363 rtw_secgetmic(&micdata, mic_code);
364 }
365
366 /* macros for extraction/creation of unsigned char/unsigned short values */
367 #define RotR1(v16) ((((v16) >> 1) & 0x7FFF) ^ (((v16) & 1) << 15))
368 #define Lo8(v16) ((u8)((v16) & 0x00FF))
369 #define Hi8(v16) ((u8)(((v16) >> 8) & 0x00FF))
370 #define Lo16(v32) ((u16)((v32) & 0xFFFF))
371 #define Hi16(v32) ((u16)(((v32) >> 16) & 0xFFFF))
372 #define Mk16(hi, lo) ((lo) ^ (((u16)(hi)) << 8))
373
374 /* select the Nth 16-bit word of the temporal key unsigned char array TK[] */
375 #define TK16(N) Mk16(tk[2*(N)+1], tk[2*(N)])
376
377 /* S-box lookup: 16 bits --> 16 bits */
378 #define _S_(v16) (Sbox1[0][Lo8(v16)] ^ Sbox1[1][Hi8(v16)])
379
380 /* fixed algorithm "parameters" */
381 #define PHASE1_LOOP_CNT 8 /* this needs to be "big enough" */
382 #define TA_SIZE 6 /* 48-bit transmitter address */
383 #define TK_SIZE 16 /* 128-bit temporal key */
384 #define P1K_SIZE 10 /* 80-bit Phase1 key */
385 #define RC4_KEY_SIZE 16 /* 128-bit RC4KEY (104 bits unknown) */
386
387
388 /* 2-unsigned char by 2-unsigned char subset of the full AES S-box table */
389 static const unsigned short Sbox1[2][256] = { /* Sbox for hash (can be in ROM) */
390 {
391 0xC6A5, 0xF884, 0xEE99, 0xF68D, 0xFF0D, 0xD6BD, 0xDEB1, 0x9154,
392 0x6050, 0x0203, 0xCEA9, 0x567D, 0xE719, 0xB562, 0x4DE6, 0xEC9A,
393 0x8F45, 0x1F9D, 0x8940, 0xFA87, 0xEF15, 0xB2EB, 0x8EC9, 0xFB0B,
394 0x41EC, 0xB367, 0x5FFD, 0x45EA, 0x23BF, 0x53F7, 0xE496, 0x9B5B,
395 0x75C2, 0xE11C, 0x3DAE, 0x4C6A, 0x6C5A, 0x7E41, 0xF502, 0x834F,
396 0x685C, 0x51F4, 0xD134, 0xF908, 0xE293, 0xAB73, 0x6253, 0x2A3F,
397 0x080C, 0x9552, 0x4665, 0x9D5E, 0x3028, 0x37A1, 0x0A0F, 0x2FB5,
398 0x0E09, 0x2436, 0x1B9B, 0xDF3D, 0xCD26, 0x4E69, 0x7FCD, 0xEA9F,
399 0x121B, 0x1D9E, 0x5874, 0x342E, 0x362D, 0xDCB2, 0xB4EE, 0x5BFB,
400 0xA4F6, 0x764D, 0xB761, 0x7DCE, 0x527B, 0xDD3E, 0x5E71, 0x1397,
401 0xA6F5, 0xB968, 0x0000, 0xC12C, 0x4060, 0xE31F, 0x79C8, 0xB6ED,
402 0xD4BE, 0x8D46, 0x67D9, 0x724B, 0x94DE, 0x98D4, 0xB0E8, 0x854A,
403 0xBB6B, 0xC52A, 0x4FE5, 0xED16, 0x86C5, 0x9AD7, 0x6655, 0x1194,
404 0x8ACF, 0xE910, 0x0406, 0xFE81, 0xA0F0, 0x7844, 0x25BA, 0x4BE3,
405 0xA2F3, 0x5DFE, 0x80C0, 0x058A, 0x3FAD, 0x21BC, 0x7048, 0xF104,
406 0x63DF, 0x77C1, 0xAF75, 0x4263, 0x2030, 0xE51A, 0xFD0E, 0xBF6D,
407 0x814C, 0x1814, 0x2635, 0xC32F, 0xBEE1, 0x35A2, 0x88CC, 0x2E39,
408 0x9357, 0x55F2, 0xFC82, 0x7A47, 0xC8AC, 0xBAE7, 0x322B, 0xE695,
409 0xC0A0, 0x1998, 0x9ED1, 0xA37F, 0x4466, 0x547E, 0x3BAB, 0x0B83,
410 0x8CCA, 0xC729, 0x6BD3, 0x283C, 0xA779, 0xBCE2, 0x161D, 0xAD76,
411 0xDB3B, 0x6456, 0x744E, 0x141E, 0x92DB, 0x0C0A, 0x486C, 0xB8E4,
412 0x9F5D, 0xBD6E, 0x43EF, 0xC4A6, 0x39A8, 0x31A4, 0xD337, 0xF28B,
413 0xD532, 0x8B43, 0x6E59, 0xDAB7, 0x018C, 0xB164, 0x9CD2, 0x49E0,
414 0xD8B4, 0xACFA, 0xF307, 0xCF25, 0xCAAF, 0xF48E, 0x47E9, 0x1018,
415 0x6FD5, 0xF088, 0x4A6F, 0x5C72, 0x3824, 0x57F1, 0x73C7, 0x9751,
416 0xCB23, 0xA17C, 0xE89C, 0x3E21, 0x96DD, 0x61DC, 0x0D86, 0x0F85,
417 0xE090, 0x7C42, 0x71C4, 0xCCAA, 0x90D8, 0x0605, 0xF701, 0x1C12,
418 0xC2A3, 0x6A5F, 0xAEF9, 0x69D0, 0x1791, 0x9958, 0x3A27, 0x27B9,
419 0xD938, 0xEB13, 0x2BB3, 0x2233, 0xD2BB, 0xA970, 0x0789, 0x33A7,
420 0x2DB6, 0x3C22, 0x1592, 0xC920, 0x8749, 0xAAFF, 0x5078, 0xA57A,
421 0x038F, 0x59F8, 0x0980, 0x1A17, 0x65DA, 0xD731, 0x84C6, 0xD0B8,
422 0x82C3, 0x29B0, 0x5A77, 0x1E11, 0x7BCB, 0xA8FC, 0x6DD6, 0x2C3A,
423 },
424
425
426 { /* second half of table is unsigned char-reversed version of first! */
427 0xA5C6, 0x84F8, 0x99EE, 0x8DF6, 0x0DFF, 0xBDD6, 0xB1DE, 0x5491,
428 0x5060, 0x0302, 0xA9CE, 0x7D56, 0x19E7, 0x62B5, 0xE64D, 0x9AEC,
429 0x458F, 0x9D1F, 0x4089, 0x87FA, 0x15EF, 0xEBB2, 0xC98E, 0x0BFB,
430 0xEC41, 0x67B3, 0xFD5F, 0xEA45, 0xBF23, 0xF753, 0x96E4, 0x5B9B,
431 0xC275, 0x1CE1, 0xAE3D, 0x6A4C, 0x5A6C, 0x417E, 0x02F5, 0x4F83,
432 0x5C68, 0xF451, 0x34D1, 0x08F9, 0x93E2, 0x73AB, 0x5362, 0x3F2A,
433 0x0C08, 0x5295, 0x6546, 0x5E9D, 0x2830, 0xA137, 0x0F0A, 0xB52F,
434 0x090E, 0x3624, 0x9B1B, 0x3DDF, 0x26CD, 0x694E, 0xCD7F, 0x9FEA,
435 0x1B12, 0x9E1D, 0x7458, 0x2E34, 0x2D36, 0xB2DC, 0xEEB4, 0xFB5B,
436 0xF6A4, 0x4D76, 0x61B7, 0xCE7D, 0x7B52, 0x3EDD, 0x715E, 0x9713,
437 0xF5A6, 0x68B9, 0x0000, 0x2CC1, 0x6040, 0x1FE3, 0xC879, 0xEDB6,
438 0xBED4, 0x468D, 0xD967, 0x4B72, 0xDE94, 0xD498, 0xE8B0, 0x4A85,
439 0x6BBB, 0x2AC5, 0xE54F, 0x16ED, 0xC586, 0xD79A, 0x5566, 0x9411,
440 0xCF8A, 0x10E9, 0x0604, 0x81FE, 0xF0A0, 0x4478, 0xBA25, 0xE34B,
441 0xF3A2, 0xFE5D, 0xC080, 0x8A05, 0xAD3F, 0xBC21, 0x4870, 0x04F1,
442 0xDF63, 0xC177, 0x75AF, 0x6342, 0x3020, 0x1AE5, 0x0EFD, 0x6DBF,
443 0x4C81, 0x1418, 0x3526, 0x2FC3, 0xE1BE, 0xA235, 0xCC88, 0x392E,
444 0x5793, 0xF255, 0x82FC, 0x477A, 0xACC8, 0xE7BA, 0x2B32, 0x95E6,
445 0xA0C0, 0x9819, 0xD19E, 0x7FA3, 0x6644, 0x7E54, 0xAB3B, 0x830B,
446 0xCA8C, 0x29C7, 0xD36B, 0x3C28, 0x79A7, 0xE2BC, 0x1D16, 0x76AD,
447 0x3BDB, 0x5664, 0x4E74, 0x1E14, 0xDB92, 0x0A0C, 0x6C48, 0xE4B8,
448 0x5D9F, 0x6EBD, 0xEF43, 0xA6C4, 0xA839, 0xA431, 0x37D3, 0x8BF2,
449 0x32D5, 0x438B, 0x596E, 0xB7DA, 0x8C01, 0x64B1, 0xD29C, 0xE049,
450 0xB4D8, 0xFAAC, 0x07F3, 0x25CF, 0xAFCA, 0x8EF4, 0xE947, 0x1810,
451 0xD56F, 0x88F0, 0x6F4A, 0x725C, 0x2438, 0xF157, 0xC773, 0x5197,
452 0x23CB, 0x7CA1, 0x9CE8, 0x213E, 0xDD96, 0xDC61, 0x860D, 0x850F,
453 0x90E0, 0x427C, 0xC471, 0xAACC, 0xD890, 0x0506, 0x01F7, 0x121C,
454 0xA3C2, 0x5F6A, 0xF9AE, 0xD069, 0x9117, 0x5899, 0x273A, 0xB927,
455 0x38D9, 0x13EB, 0xB32B, 0x3322, 0xBBD2, 0x70A9, 0x8907, 0xA733,
456 0xB62D, 0x223C, 0x9215, 0x20C9, 0x4987, 0xFFAA, 0x7850, 0x7AA5,
457 0x8F03, 0xF859, 0x8009, 0x171A, 0xDA65, 0x31D7, 0xC684, 0xB8D0,
458 0xC382, 0xB029, 0x775A, 0x111E, 0xCB7B, 0xFCA8, 0xD66D, 0x3A2C,
459 }
460 };
461
462 /*
463 **********************************************************************
464 * Routine: Phase 1 -- generate P1K, given TA, TK, IV32
465 *
466 * Inputs:
467 * tk[] = temporal key [128 bits]
468 * ta[] = transmitter's MAC address [ 48 bits]
469 * iv32 = upper 32 bits of IV [ 32 bits]
470 * Output:
471 * p1k[] = Phase 1 key [ 80 bits]
472 *
473 * Note:
474 * This function only needs to be called every 2**16 packets,
475 * although in theory it could be called every packet.
476 *
477 **********************************************************************
478 */
phase1(u16 * p1k,const u8 * tk,const u8 * ta,u32 iv32)479 static void phase1(u16 *p1k, const u8 *tk, const u8 *ta, u32 iv32)
480 {
481 signed int i;
482
483 /* Initialize the 80 bits of P1K[] from IV32 and TA[0..5] */
484 p1k[0] = Lo16(iv32);
485 p1k[1] = Hi16(iv32);
486 p1k[2] = Mk16(ta[1], ta[0]); /* use TA[] as little-endian */
487 p1k[3] = Mk16(ta[3], ta[2]);
488 p1k[4] = Mk16(ta[5], ta[4]);
489
490 /* Now compute an unbalanced Feistel cipher with 80-bit block */
491 /* size on the 80-bit block P1K[], using the 128-bit key TK[] */
492 for (i = 0; i < PHASE1_LOOP_CNT; i++) {
493 /* Each add operation here is mod 2**16 */
494 p1k[0] += _S_(p1k[4] ^ TK16((i&1)+0));
495 p1k[1] += _S_(p1k[0] ^ TK16((i&1)+2));
496 p1k[2] += _S_(p1k[1] ^ TK16((i&1)+4));
497 p1k[3] += _S_(p1k[2] ^ TK16((i&1)+6));
498 p1k[4] += _S_(p1k[3] ^ TK16((i&1)+0));
499 p1k[4] += (unsigned short)i; /* avoid "slide attacks" */
500 }
501 }
502
503
504 /*
505 **********************************************************************
506 * Routine: Phase 2 -- generate RC4KEY, given TK, P1K, IV16
507 *
508 * Inputs:
509 * tk[] = Temporal key [128 bits]
510 * p1k[] = Phase 1 output key [ 80 bits]
511 * iv16 = low 16 bits of IV counter [ 16 bits]
512 * Output:
513 * rc4key[] = the key used to encrypt the packet [128 bits]
514 *
515 * Note:
516 * The value {TA, IV32, IV16} for Phase1/Phase2 must be unique
517 * across all packets using the same key TK value. Then, for a
518 * given value of TK[], this TKIP48 construction guarantees that
519 * the final RC4KEY value is unique across all packets.
520 *
521 * Suggested implementation optimization: if PPK[] is "overlaid"
522 * appropriately on RC4KEY[], there is no need for the final
523 * for loop below that copies the PPK[] result into RC4KEY[].
524 *
525 **********************************************************************
526 */
phase2(u8 * rc4key,const u8 * tk,const u16 * p1k,u16 iv16)527 static void phase2(u8 *rc4key, const u8 *tk, const u16 *p1k, u16 iv16)
528 {
529 signed int i;
530 u16 PPK[6]; /* temporary key for mixing */
531
532 /* Note: all adds in the PPK[] equations below are mod 2**16 */
533 for (i = 0; i < 5; i++)
534 PPK[i] = p1k[i]; /* first, copy P1K to PPK */
535
536 PPK[5] = p1k[4]+iv16; /* next, add in IV16 */
537
538 /* Bijective non-linear mixing of the 96 bits of PPK[0..5] */
539 PPK[0] += _S_(PPK[5] ^ TK16(0)); /* Mix key in each "round" */
540 PPK[1] += _S_(PPK[0] ^ TK16(1));
541 PPK[2] += _S_(PPK[1] ^ TK16(2));
542 PPK[3] += _S_(PPK[2] ^ TK16(3));
543 PPK[4] += _S_(PPK[3] ^ TK16(4));
544 PPK[5] += _S_(PPK[4] ^ TK16(5)); /* Total # S-box lookups == 6 */
545
546 /* Final sweep: bijective, "linear". Rotates kill LSB correlations */
547 PPK[0] += RotR1(PPK[5] ^ TK16(6));
548 PPK[1] += RotR1(PPK[0] ^ TK16(7)); /* Use all of TK[] in Phase2 */
549 PPK[2] += RotR1(PPK[1]);
550 PPK[3] += RotR1(PPK[2]);
551 PPK[4] += RotR1(PPK[3]);
552 PPK[5] += RotR1(PPK[4]);
553 /* Note: At this point, for a given key TK[0..15], the 96-bit output */
554 /* value PPK[0..5] is guaranteed to be unique, as a function */
555 /* of the 96-bit "input" value {TA, IV32, IV16}. That is, P1K */
556 /* is now a keyed permutation of {TA, IV32, IV16}. */
557
558 /* Set RC4KEY[0..3], which includes "cleartext" portion of RC4 key */
559 rc4key[0] = Hi8(iv16); /* RC4KEY[0..2] is the WEP IV */
560 rc4key[1] = (Hi8(iv16) | 0x20) & 0x7F; /* Help avoid weak (FMS) keys */
561 rc4key[2] = Lo8(iv16);
562 rc4key[3] = Lo8((PPK[5] ^ TK16(0)) >> 1);
563
564
565 /* Copy 96 bits of PPK[0..5] to RC4KEY[4..15] (little-endian) */
566 for (i = 0; i < 6; i++) {
567 rc4key[4+2*i] = Lo8(PPK[i]);
568 rc4key[5+2*i] = Hi8(PPK[i]);
569 }
570 }
571
572
573 /* The hlen isn't include the IV */
rtw_tkip_encrypt(struct adapter * padapter,u8 * pxmitframe)574 u32 rtw_tkip_encrypt(struct adapter *padapter, u8 *pxmitframe)
575 { /* exclude ICV */
576 u16 pnl;
577 u32 pnh;
578 u8 rc4key[16];
579 u8 ttkey[16];
580 u8 crc[4];
581 u8 hw_hdr_offset = 0;
582 struct arc4context mycontext;
583 signed int curfragnum, length;
584
585 u8 *pframe, *payload, *iv, *prwskey;
586 union pn48 dot11txpn;
587 struct pkt_attrib *pattrib = &((struct xmit_frame *)pxmitframe)->attrib;
588 struct security_priv *psecuritypriv = &padapter->securitypriv;
589 struct xmit_priv *pxmitpriv = &padapter->xmitpriv;
590 u32 res = _SUCCESS;
591
592 if (((struct xmit_frame *)pxmitframe)->buf_addr == NULL)
593 return _FAIL;
594
595 hw_hdr_offset = TXDESC_OFFSET;
596 pframe = ((struct xmit_frame *)pxmitframe)->buf_addr + hw_hdr_offset;
597
598 /* 4 start to encrypt each fragment */
599 if (pattrib->encrypt == _TKIP_) {
600
601 {
602 if (IS_MCAST(pattrib->ra))
603 prwskey = psecuritypriv->dot118021XGrpKey[psecuritypriv->dot118021XGrpKeyid].skey;
604 else
605 prwskey = pattrib->dot118021x_UncstKey.skey;
606
607 for (curfragnum = 0; curfragnum < pattrib->nr_frags; curfragnum++) {
608 iv = pframe+pattrib->hdrlen;
609 payload = pframe+pattrib->iv_len+pattrib->hdrlen;
610
611 GET_TKIP_PN(iv, dot11txpn);
612
613 pnl = (u16)(dot11txpn.val);
614 pnh = (u32)(dot11txpn.val>>16);
615
616 phase1((u16 *)&ttkey[0], prwskey, &pattrib->ta[0], pnh);
617
618 phase2(&rc4key[0], prwskey, (u16 *)&ttkey[0], pnl);
619
620 if ((curfragnum+1) == pattrib->nr_frags) { /* 4 the last fragment */
621 length = pattrib->last_txcmdsz-pattrib->hdrlen-pattrib->iv_len-pattrib->icv_len;
622 *((__le32 *)crc) = getcrc32(payload, length);/* modified by Amy*/
623
624 arcfour_init(&mycontext, rc4key, 16);
625 arcfour_encrypt(&mycontext, payload, payload, length);
626 arcfour_encrypt(&mycontext, payload+length, crc, 4);
627
628 } else {
629 length = pxmitpriv->frag_len-pattrib->hdrlen-pattrib->iv_len-pattrib->icv_len;
630 *((__le32 *)crc) = getcrc32(payload, length);/* modified by Amy*/
631 arcfour_init(&mycontext, rc4key, 16);
632 arcfour_encrypt(&mycontext, payload, payload, length);
633 arcfour_encrypt(&mycontext, payload+length, crc, 4);
634
635 pframe += pxmitpriv->frag_len;
636 pframe = (u8 *)round_up((SIZE_PTR)(pframe), 4);
637 }
638 }
639 }
640 }
641 return res;
642 }
643
644
645 /* The hlen isn't include the IV */
rtw_tkip_decrypt(struct adapter * padapter,u8 * precvframe)646 u32 rtw_tkip_decrypt(struct adapter *padapter, u8 *precvframe)
647 { /* exclude ICV */
648 u16 pnl;
649 u32 pnh;
650 u8 rc4key[16];
651 u8 ttkey[16];
652 u8 crc[4];
653 struct arc4context mycontext;
654 signed int length;
655
656 u8 *pframe, *payload, *iv, *prwskey;
657 union pn48 dot11txpn;
658 struct sta_info *stainfo;
659 struct rx_pkt_attrib *prxattrib = &((union recv_frame *)precvframe)->u.hdr.attrib;
660 struct security_priv *psecuritypriv = &padapter->securitypriv;
661 u32 res = _SUCCESS;
662
663 pframe = (unsigned char *)((union recv_frame *)precvframe)->u.hdr.rx_data;
664
665 /* 4 start to decrypt recvframe */
666 if (prxattrib->encrypt == _TKIP_) {
667 stainfo = rtw_get_stainfo(&padapter->stapriv, &prxattrib->ta[0]);
668 if (stainfo) {
669 if (IS_MCAST(prxattrib->ra)) {
670 static unsigned long start;
671 static u32 no_gkey_bc_cnt;
672 static u32 no_gkey_mc_cnt;
673
674 if (!psecuritypriv->binstallGrpkey) {
675 res = _FAIL;
676
677 if (start == 0)
678 start = jiffies;
679
680 if (is_broadcast_mac_addr(prxattrib->ra))
681 no_gkey_bc_cnt++;
682 else
683 no_gkey_mc_cnt++;
684
685 if (jiffies_to_msecs(jiffies - start) > 1000) {
686 if (no_gkey_bc_cnt || no_gkey_mc_cnt) {
687 netdev_dbg(padapter->pnetdev,
688 FUNC_ADPT_FMT " no_gkey_bc_cnt:%u, no_gkey_mc_cnt:%u\n",
689 FUNC_ADPT_ARG(padapter),
690 no_gkey_bc_cnt,
691 no_gkey_mc_cnt);
692 }
693 start = jiffies;
694 no_gkey_bc_cnt = 0;
695 no_gkey_mc_cnt = 0;
696 }
697 goto exit;
698 }
699
700 if (no_gkey_bc_cnt || no_gkey_mc_cnt) {
701 netdev_dbg(padapter->pnetdev,
702 FUNC_ADPT_FMT " gkey installed. no_gkey_bc_cnt:%u, no_gkey_mc_cnt:%u\n",
703 FUNC_ADPT_ARG(padapter),
704 no_gkey_bc_cnt,
705 no_gkey_mc_cnt);
706 }
707 start = 0;
708 no_gkey_bc_cnt = 0;
709 no_gkey_mc_cnt = 0;
710
711 prwskey = psecuritypriv->dot118021XGrpKey[prxattrib->key_index].skey;
712 } else {
713 prwskey = &stainfo->dot118021x_UncstKey.skey[0];
714 }
715
716 iv = pframe+prxattrib->hdrlen;
717 payload = pframe+prxattrib->iv_len+prxattrib->hdrlen;
718 length = ((union recv_frame *)precvframe)->u.hdr.len-prxattrib->hdrlen-prxattrib->iv_len;
719
720 GET_TKIP_PN(iv, dot11txpn);
721
722 pnl = (u16)(dot11txpn.val);
723 pnh = (u32)(dot11txpn.val>>16);
724
725 phase1((u16 *)&ttkey[0], prwskey, &prxattrib->ta[0], pnh);
726 phase2(&rc4key[0], prwskey, (unsigned short *)&ttkey[0], pnl);
727
728 /* 4 decrypt payload include icv */
729
730 arcfour_init(&mycontext, rc4key, 16);
731 arcfour_encrypt(&mycontext, payload, payload, length);
732
733 *((u32 *)crc) = le32_to_cpu(getcrc32(payload, length-4));
734
735 if (crc[3] != payload[length - 1] || crc[2] != payload[length - 2] ||
736 crc[1] != payload[length - 3] || crc[0] != payload[length - 4])
737 res = _FAIL;
738 } else {
739 res = _FAIL;
740 }
741 }
742 exit:
743 return res;
744 }
745
746
747 /* 3 =====AES related ===== */
748
749
750
751 #define MAX_MSG_SIZE 2048
752 /*****************************/
753 /******** SBOX Table *********/
754 /*****************************/
755
756 static const u8 sbox_table[256] = {
757 0x63, 0x7c, 0x77, 0x7b, 0xf2, 0x6b, 0x6f, 0xc5,
758 0x30, 0x01, 0x67, 0x2b, 0xfe, 0xd7, 0xab, 0x76,
759 0xca, 0x82, 0xc9, 0x7d, 0xfa, 0x59, 0x47, 0xf0,
760 0xad, 0xd4, 0xa2, 0xaf, 0x9c, 0xa4, 0x72, 0xc0,
761 0xb7, 0xfd, 0x93, 0x26, 0x36, 0x3f, 0xf7, 0xcc,
762 0x34, 0xa5, 0xe5, 0xf1, 0x71, 0xd8, 0x31, 0x15,
763 0x04, 0xc7, 0x23, 0xc3, 0x18, 0x96, 0x05, 0x9a,
764 0x07, 0x12, 0x80, 0xe2, 0xeb, 0x27, 0xb2, 0x75,
765 0x09, 0x83, 0x2c, 0x1a, 0x1b, 0x6e, 0x5a, 0xa0,
766 0x52, 0x3b, 0xd6, 0xb3, 0x29, 0xe3, 0x2f, 0x84,
767 0x53, 0xd1, 0x00, 0xed, 0x20, 0xfc, 0xb1, 0x5b,
768 0x6a, 0xcb, 0xbe, 0x39, 0x4a, 0x4c, 0x58, 0xcf,
769 0xd0, 0xef, 0xaa, 0xfb, 0x43, 0x4d, 0x33, 0x85,
770 0x45, 0xf9, 0x02, 0x7f, 0x50, 0x3c, 0x9f, 0xa8,
771 0x51, 0xa3, 0x40, 0x8f, 0x92, 0x9d, 0x38, 0xf5,
772 0xbc, 0xb6, 0xda, 0x21, 0x10, 0xff, 0xf3, 0xd2,
773 0xcd, 0x0c, 0x13, 0xec, 0x5f, 0x97, 0x44, 0x17,
774 0xc4, 0xa7, 0x7e, 0x3d, 0x64, 0x5d, 0x19, 0x73,
775 0x60, 0x81, 0x4f, 0xdc, 0x22, 0x2a, 0x90, 0x88,
776 0x46, 0xee, 0xb8, 0x14, 0xde, 0x5e, 0x0b, 0xdb,
777 0xe0, 0x32, 0x3a, 0x0a, 0x49, 0x06, 0x24, 0x5c,
778 0xc2, 0xd3, 0xac, 0x62, 0x91, 0x95, 0xe4, 0x79,
779 0xe7, 0xc8, 0x37, 0x6d, 0x8d, 0xd5, 0x4e, 0xa9,
780 0x6c, 0x56, 0xf4, 0xea, 0x65, 0x7a, 0xae, 0x08,
781 0xba, 0x78, 0x25, 0x2e, 0x1c, 0xa6, 0xb4, 0xc6,
782 0xe8, 0xdd, 0x74, 0x1f, 0x4b, 0xbd, 0x8b, 0x8a,
783 0x70, 0x3e, 0xb5, 0x66, 0x48, 0x03, 0xf6, 0x0e,
784 0x61, 0x35, 0x57, 0xb9, 0x86, 0xc1, 0x1d, 0x9e,
785 0xe1, 0xf8, 0x98, 0x11, 0x69, 0xd9, 0x8e, 0x94,
786 0x9b, 0x1e, 0x87, 0xe9, 0xce, 0x55, 0x28, 0xdf,
787 0x8c, 0xa1, 0x89, 0x0d, 0xbf, 0xe6, 0x42, 0x68,
788 0x41, 0x99, 0x2d, 0x0f, 0xb0, 0x54, 0xbb, 0x16
789 };
790
791 /*****************************/
792 /**** Function Prototypes ****/
793 /*****************************/
794
795 static void bitwise_xor(u8 *ina, u8 *inb, u8 *out);
796 static void construct_mic_iv(u8 *mic_header1,
797 signed int qc_exists,
798 signed int a4_exists,
799 u8 *mpdu,
800 uint payload_length,
801 u8 *pn_vector,
802 uint frtype); /* add for CONFIG_IEEE80211W, none 11w also can use */
803 static void construct_mic_header1(u8 *mic_header1,
804 signed int header_length,
805 u8 *mpdu,
806 uint frtype); /* for CONFIG_IEEE80211W, none 11w also can use */
807 static void construct_mic_header2(u8 *mic_header2,
808 u8 *mpdu,
809 signed int a4_exists,
810 signed int qc_exists);
811 static void construct_ctr_preload(u8 *ctr_preload,
812 signed int a4_exists,
813 signed int qc_exists,
814 u8 *mpdu,
815 u8 *pn_vector,
816 signed int c,
817 uint frtype); /* for CONFIG_IEEE80211W, none 11w also can use */
818 static void xor_128(u8 *a, u8 *b, u8 *out);
819 static void xor_32(u8 *a, u8 *b, u8 *out);
820 static u8 sbox(u8 a);
821 static void next_key(u8 *key, signed int round);
822 static void byte_sub(u8 *in, u8 *out);
823 static void shift_row(u8 *in, u8 *out);
824 static void mix_column(u8 *in, u8 *out);
825 static void aes128k128d(u8 *key, u8 *data, u8 *ciphertext);
826
827
828 /****************************************/
829 /* aes128k128d() */
830 /* Performs a 128 bit AES encrypt with */
831 /* 128 bit data. */
832 /****************************************/
xor_128(u8 * a,u8 * b,u8 * out)833 static void xor_128(u8 *a, u8 *b, u8 *out)
834 {
835 signed int i;
836
837 for (i = 0; i < 16; i++)
838 out[i] = a[i] ^ b[i];
839 }
840
841
xor_32(u8 * a,u8 * b,u8 * out)842 static void xor_32(u8 *a, u8 *b, u8 *out)
843 {
844 signed int i;
845
846 for (i = 0; i < 4; i++)
847 out[i] = a[i] ^ b[i];
848 }
849
850
sbox(u8 a)851 static u8 sbox(u8 a)
852 {
853 return sbox_table[(signed int)a];
854 }
855
856
next_key(u8 * key,signed int round)857 static void next_key(u8 *key, signed int round)
858 {
859 u8 rcon;
860 u8 sbox_key[4];
861 static const u8 rcon_table[12] = {
862 0x01, 0x02, 0x04, 0x08,
863 0x10, 0x20, 0x40, 0x80,
864 0x1b, 0x36, 0x36, 0x36
865 };
866 sbox_key[0] = sbox(key[13]);
867 sbox_key[1] = sbox(key[14]);
868 sbox_key[2] = sbox(key[15]);
869 sbox_key[3] = sbox(key[12]);
870
871 rcon = rcon_table[round];
872
873 xor_32(&key[0], sbox_key, &key[0]);
874 key[0] = key[0] ^ rcon;
875
876 xor_32(&key[4], &key[0], &key[4]);
877 xor_32(&key[8], &key[4], &key[8]);
878 xor_32(&key[12], &key[8], &key[12]);
879 }
880
881
byte_sub(u8 * in,u8 * out)882 static void byte_sub(u8 *in, u8 *out)
883 {
884 signed int i;
885
886 for (i = 0; i < 16; i++)
887 out[i] = sbox(in[i]);
888 }
889
890
shift_row(u8 * in,u8 * out)891 static void shift_row(u8 *in, u8 *out)
892 {
893 out[0] = in[0];
894 out[1] = in[5];
895 out[2] = in[10];
896 out[3] = in[15];
897 out[4] = in[4];
898 out[5] = in[9];
899 out[6] = in[14];
900 out[7] = in[3];
901 out[8] = in[8];
902 out[9] = in[13];
903 out[10] = in[2];
904 out[11] = in[7];
905 out[12] = in[12];
906 out[13] = in[1];
907 out[14] = in[6];
908 out[15] = in[11];
909 }
910
mix_column(u8 * in,u8 * out)911 static void mix_column(u8 *in, u8 *out)
912 {
913 signed int i;
914 u8 add1b[4];
915 u8 add1bf7[4];
916 u8 rotl[4];
917 u8 swap_halfs[4];
918 u8 andf7[4];
919 u8 rotr[4];
920 u8 temp[4];
921 u8 tempb[4];
922
923 for (i = 0; i < 4; i++) {
924 if ((in[i] & 0x80) == 0x80)
925 add1b[i] = 0x1b;
926 else
927 add1b[i] = 0x00;
928 }
929
930 swap_halfs[0] = in[2]; /* Swap halfs */
931 swap_halfs[1] = in[3];
932 swap_halfs[2] = in[0];
933 swap_halfs[3] = in[1];
934
935 rotl[0] = in[3]; /* Rotate left 8 bits */
936 rotl[1] = in[0];
937 rotl[2] = in[1];
938 rotl[3] = in[2];
939
940 andf7[0] = in[0] & 0x7f;
941 andf7[1] = in[1] & 0x7f;
942 andf7[2] = in[2] & 0x7f;
943 andf7[3] = in[3] & 0x7f;
944
945 for (i = 3; i > 0; i--) { /* logical shift left 1 bit */
946 andf7[i] = andf7[i] << 1;
947 if ((andf7[i-1] & 0x80) == 0x80)
948 andf7[i] = (andf7[i] | 0x01);
949 }
950 andf7[0] = andf7[0] << 1;
951 andf7[0] = andf7[0] & 0xfe;
952
953 xor_32(add1b, andf7, add1bf7);
954
955 xor_32(in, add1bf7, rotr);
956
957 temp[0] = rotr[0]; /* Rotate right 8 bits */
958 rotr[0] = rotr[1];
959 rotr[1] = rotr[2];
960 rotr[2] = rotr[3];
961 rotr[3] = temp[0];
962
963 xor_32(add1bf7, rotr, temp);
964 xor_32(swap_halfs, rotl, tempb);
965 xor_32(temp, tempb, out);
966 }
967
aes128k128d(u8 * key,u8 * data,u8 * ciphertext)968 static void aes128k128d(u8 *key, u8 *data, u8 *ciphertext)
969 {
970 signed int round;
971 signed int i;
972 u8 intermediatea[16];
973 u8 intermediateb[16];
974 u8 round_key[16];
975
976 for (i = 0; i < 16; i++)
977 round_key[i] = key[i];
978
979 for (round = 0; round < 11; round++) {
980 if (round == 0) {
981 xor_128(round_key, data, ciphertext);
982 next_key(round_key, round);
983 } else if (round == 10) {
984 byte_sub(ciphertext, intermediatea);
985 shift_row(intermediatea, intermediateb);
986 xor_128(intermediateb, round_key, ciphertext);
987 } else { /* 1 - 9 */
988 byte_sub(ciphertext, intermediatea);
989 shift_row(intermediatea, intermediateb);
990 mix_column(&intermediateb[0], &intermediatea[0]);
991 mix_column(&intermediateb[4], &intermediatea[4]);
992 mix_column(&intermediateb[8], &intermediatea[8]);
993 mix_column(&intermediateb[12], &intermediatea[12]);
994 xor_128(intermediatea, round_key, ciphertext);
995 next_key(round_key, round);
996 }
997 }
998 }
999
1000 /************************************************/
1001 /* construct_mic_iv() */
1002 /* Builds the MIC IV from header fields and PN */
1003 /* Baron think the function is construct CCM */
1004 /* nonce */
1005 /************************************************/
construct_mic_iv(u8 * mic_iv,signed int qc_exists,signed int a4_exists,u8 * mpdu,uint payload_length,u8 * pn_vector,uint frtype)1006 static void construct_mic_iv(u8 *mic_iv,
1007 signed int qc_exists,
1008 signed int a4_exists,
1009 u8 *mpdu,
1010 uint payload_length,
1011 u8 *pn_vector,
1012 uint frtype) /* add for CONFIG_IEEE80211W, none 11w also can use */
1013 {
1014 signed int i;
1015
1016 mic_iv[0] = 0x59;
1017
1018 if (qc_exists && a4_exists)
1019 mic_iv[1] = mpdu[30] & 0x0f; /* QoS_TC */
1020
1021 if (qc_exists && !a4_exists)
1022 mic_iv[1] = mpdu[24] & 0x0f; /* mute bits 7-4 */
1023
1024 if (!qc_exists)
1025 mic_iv[1] = 0x00;
1026
1027 /* 802.11w management frame should set management bit(4) */
1028 if (frtype == WIFI_MGT_TYPE)
1029 mic_iv[1] |= BIT(4);
1030
1031 for (i = 2; i < 8; i++)
1032 mic_iv[i] = mpdu[i + 8]; /* mic_iv[2:7] = A2[0:5] = mpdu[10:15] */
1033 #ifdef CONSISTENT_PN_ORDER
1034 for (i = 8; i < 14; i++)
1035 mic_iv[i] = pn_vector[i - 8]; /* mic_iv[8:13] = PN[0:5] */
1036 #else
1037 for (i = 8; i < 14; i++)
1038 mic_iv[i] = pn_vector[13 - i]; /* mic_iv[8:13] = PN[5:0] */
1039 #endif
1040 mic_iv[14] = (unsigned char) (payload_length / 256);
1041 mic_iv[15] = (unsigned char) (payload_length % 256);
1042 }
1043
1044 /************************************************/
1045 /* construct_mic_header1() */
1046 /* Builds the first MIC header block from */
1047 /* header fields. */
1048 /* Build AAD SC, A1, A2 */
1049 /************************************************/
construct_mic_header1(u8 * mic_header1,signed int header_length,u8 * mpdu,uint frtype)1050 static void construct_mic_header1(u8 *mic_header1,
1051 signed int header_length,
1052 u8 *mpdu,
1053 uint frtype) /* for CONFIG_IEEE80211W, none 11w also can use */
1054 {
1055 mic_header1[0] = (u8)((header_length - 2) / 256);
1056 mic_header1[1] = (u8)((header_length - 2) % 256);
1057
1058 /* 802.11w management frame don't AND subtype bits 4, 5, 6 of frame control field */
1059 if (frtype == WIFI_MGT_TYPE)
1060 mic_header1[2] = mpdu[0];
1061 else
1062 mic_header1[2] = mpdu[0] & 0xcf; /* Mute CF poll & CF ack bits */
1063
1064 mic_header1[3] = mpdu[1] & 0xc7; /* Mute retry, more data and pwr mgt bits */
1065 mic_header1[4] = mpdu[4]; /* A1 */
1066 mic_header1[5] = mpdu[5];
1067 mic_header1[6] = mpdu[6];
1068 mic_header1[7] = mpdu[7];
1069 mic_header1[8] = mpdu[8];
1070 mic_header1[9] = mpdu[9];
1071 mic_header1[10] = mpdu[10]; /* A2 */
1072 mic_header1[11] = mpdu[11];
1073 mic_header1[12] = mpdu[12];
1074 mic_header1[13] = mpdu[13];
1075 mic_header1[14] = mpdu[14];
1076 mic_header1[15] = mpdu[15];
1077 }
1078
1079 /************************************************/
1080 /* construct_mic_header2() */
1081 /* Builds the last MIC header block from */
1082 /* header fields. */
1083 /************************************************/
construct_mic_header2(u8 * mic_header2,u8 * mpdu,signed int a4_exists,signed int qc_exists)1084 static void construct_mic_header2(u8 *mic_header2,
1085 u8 *mpdu,
1086 signed int a4_exists,
1087 signed int qc_exists)
1088 {
1089 signed int i;
1090
1091 for (i = 0; i < 16; i++)
1092 mic_header2[i] = 0x00;
1093
1094 mic_header2[0] = mpdu[16]; /* A3 */
1095 mic_header2[1] = mpdu[17];
1096 mic_header2[2] = mpdu[18];
1097 mic_header2[3] = mpdu[19];
1098 mic_header2[4] = mpdu[20];
1099 mic_header2[5] = mpdu[21];
1100
1101 mic_header2[6] = 0x00;
1102 mic_header2[7] = 0x00; /* mpdu[23]; */
1103
1104 if (!qc_exists && a4_exists) {
1105 for (i = 0; i < 6; i++)
1106 mic_header2[8+i] = mpdu[24+i]; /* A4 */
1107 }
1108
1109 if (qc_exists && !a4_exists) {
1110 mic_header2[8] = mpdu[24] & 0x0f; /* mute bits 15 - 4 */
1111 mic_header2[9] = mpdu[25] & 0x00;
1112 }
1113
1114 if (qc_exists && a4_exists) {
1115 for (i = 0; i < 6; i++)
1116 mic_header2[8+i] = mpdu[24+i]; /* A4 */
1117
1118 mic_header2[14] = mpdu[30] & 0x0f;
1119 mic_header2[15] = mpdu[31] & 0x00;
1120 }
1121 }
1122
1123 /************************************************/
1124 /* construct_mic_header2() */
1125 /* Builds the last MIC header block from */
1126 /* header fields. */
1127 /* Baron think the function is construct CCM */
1128 /* nonce */
1129 /************************************************/
construct_ctr_preload(u8 * ctr_preload,signed int a4_exists,signed int qc_exists,u8 * mpdu,u8 * pn_vector,signed int c,uint frtype)1130 static void construct_ctr_preload(u8 *ctr_preload,
1131 signed int a4_exists,
1132 signed int qc_exists,
1133 u8 *mpdu,
1134 u8 *pn_vector,
1135 signed int c,
1136 uint frtype) /* for CONFIG_IEEE80211W, none 11w also can use */
1137 {
1138 signed int i = 0;
1139
1140 for (i = 0; i < 16; i++)
1141 ctr_preload[i] = 0x00;
1142 i = 0;
1143
1144 ctr_preload[0] = 0x01; /* flag */
1145 if (qc_exists && a4_exists)
1146 ctr_preload[1] = mpdu[30] & 0x0f; /* QoC_Control */
1147 if (qc_exists && !a4_exists)
1148 ctr_preload[1] = mpdu[24] & 0x0f;
1149
1150 /* 802.11w management frame should set management bit(4) */
1151 if (frtype == WIFI_MGT_TYPE)
1152 ctr_preload[1] |= BIT(4);
1153
1154 for (i = 2; i < 8; i++)
1155 ctr_preload[i] = mpdu[i + 8]; /* ctr_preload[2:7] = A2[0:5] = mpdu[10:15] */
1156 #ifdef CONSISTENT_PN_ORDER
1157 for (i = 8; i < 14; i++)
1158 ctr_preload[i] = pn_vector[i - 8]; /* ctr_preload[8:13] = PN[0:5] */
1159 #else
1160 for (i = 8; i < 14; i++)
1161 ctr_preload[i] = pn_vector[13 - i]; /* ctr_preload[8:13] = PN[5:0] */
1162 #endif
1163 ctr_preload[14] = (unsigned char) (c / 256); /* Ctr */
1164 ctr_preload[15] = (unsigned char) (c % 256);
1165 }
1166
1167 /************************************/
1168 /* bitwise_xor() */
1169 /* A 128 bit, bitwise exclusive or */
1170 /************************************/
bitwise_xor(u8 * ina,u8 * inb,u8 * out)1171 static void bitwise_xor(u8 *ina, u8 *inb, u8 *out)
1172 {
1173 signed int i;
1174
1175 for (i = 0; i < 16; i++)
1176 out[i] = ina[i] ^ inb[i];
1177 }
1178
aes_cipher(u8 * key,uint hdrlen,u8 * pframe,uint plen)1179 static signed int aes_cipher(u8 *key, uint hdrlen,
1180 u8 *pframe, uint plen)
1181 {
1182 uint qc_exists, a4_exists, i, j, payload_remainder,
1183 num_blocks, payload_index;
1184
1185 u8 pn_vector[6];
1186 u8 mic_iv[16];
1187 u8 mic_header1[16];
1188 u8 mic_header2[16];
1189 u8 ctr_preload[16];
1190
1191 /* Intermediate Buffers */
1192 u8 chain_buffer[16];
1193 u8 aes_out[16];
1194 u8 padded_buffer[16];
1195 u8 mic[8];
1196 uint frtype = GetFrameType(pframe);
1197 uint frsubtype = GetFrameSubType(pframe);
1198
1199 frsubtype = frsubtype>>4;
1200
1201 memset((void *)mic_iv, 0, 16);
1202 memset((void *)mic_header1, 0, 16);
1203 memset((void *)mic_header2, 0, 16);
1204 memset((void *)ctr_preload, 0, 16);
1205 memset((void *)chain_buffer, 0, 16);
1206 memset((void *)aes_out, 0, 16);
1207 memset((void *)padded_buffer, 0, 16);
1208
1209 if ((hdrlen == WLAN_HDR_A3_LEN) || (hdrlen == WLAN_HDR_A3_QOS_LEN))
1210 a4_exists = 0;
1211 else
1212 a4_exists = 1;
1213
1214 if (((frtype|frsubtype) == WIFI_DATA_CFACK) ||
1215 ((frtype|frsubtype) == WIFI_DATA_CFPOLL) ||
1216 ((frtype|frsubtype) == WIFI_DATA_CFACKPOLL)) {
1217 qc_exists = 1;
1218 if (hdrlen != WLAN_HDR_A3_QOS_LEN)
1219 hdrlen += 2;
1220
1221 } else if ((frtype == WIFI_DATA) && /* add for CONFIG_IEEE80211W, none 11w also can use */
1222 ((frsubtype == 0x08) ||
1223 (frsubtype == 0x09) ||
1224 (frsubtype == 0x0a) ||
1225 (frsubtype == 0x0b))) {
1226 if (hdrlen != WLAN_HDR_A3_QOS_LEN)
1227 hdrlen += 2;
1228
1229 qc_exists = 1;
1230 } else {
1231 qc_exists = 0;
1232 }
1233
1234 pn_vector[0] = pframe[hdrlen];
1235 pn_vector[1] = pframe[hdrlen+1];
1236 pn_vector[2] = pframe[hdrlen+4];
1237 pn_vector[3] = pframe[hdrlen+5];
1238 pn_vector[4] = pframe[hdrlen+6];
1239 pn_vector[5] = pframe[hdrlen+7];
1240
1241 construct_mic_iv(mic_iv,
1242 qc_exists,
1243 a4_exists,
1244 pframe, /* message, */
1245 plen,
1246 pn_vector,
1247 frtype); /* add for CONFIG_IEEE80211W, none 11w also can use */
1248
1249 construct_mic_header1(mic_header1,
1250 hdrlen,
1251 pframe, /* message */
1252 frtype); /* add for CONFIG_IEEE80211W, none 11w also can use */
1253
1254 construct_mic_header2(mic_header2,
1255 pframe, /* message, */
1256 a4_exists,
1257 qc_exists);
1258
1259 payload_remainder = plen % 16;
1260 num_blocks = plen / 16;
1261
1262 /* Find start of payload */
1263 payload_index = (hdrlen + 8);
1264
1265 /* Calculate MIC */
1266 aes128k128d(key, mic_iv, aes_out);
1267 bitwise_xor(aes_out, mic_header1, chain_buffer);
1268 aes128k128d(key, chain_buffer, aes_out);
1269 bitwise_xor(aes_out, mic_header2, chain_buffer);
1270 aes128k128d(key, chain_buffer, aes_out);
1271
1272 for (i = 0; i < num_blocks; i++) {
1273 bitwise_xor(aes_out, &pframe[payload_index], chain_buffer);
1274
1275 payload_index += 16;
1276 aes128k128d(key, chain_buffer, aes_out);
1277 }
1278
1279 /* Add on the final payload block if it needs padding */
1280 if (payload_remainder > 0) {
1281 for (j = 0; j < 16; j++)
1282 padded_buffer[j] = 0x00;
1283 for (j = 0; j < payload_remainder; j++)
1284 padded_buffer[j] = pframe[payload_index++];
1285
1286 bitwise_xor(aes_out, padded_buffer, chain_buffer);
1287 aes128k128d(key, chain_buffer, aes_out);
1288 }
1289
1290 for (j = 0 ; j < 8; j++)
1291 mic[j] = aes_out[j];
1292
1293 /* Insert MIC into payload */
1294 for (j = 0; j < 8; j++)
1295 pframe[payload_index+j] = mic[j];
1296
1297 payload_index = hdrlen + 8;
1298 for (i = 0; i < num_blocks; i++) {
1299 construct_ctr_preload(ctr_preload, a4_exists, qc_exists, pframe, /* message, */
1300 pn_vector, i+1, frtype);
1301 /* add for CONFIG_IEEE80211W, none 11w also can use */
1302 aes128k128d(key, ctr_preload, aes_out);
1303 bitwise_xor(aes_out, &pframe[payload_index], chain_buffer);
1304 for (j = 0; j < 16; j++)
1305 pframe[payload_index++] = chain_buffer[j];
1306 }
1307
1308 if (payload_remainder > 0) {
1309 /* If there is a short final block, then pad it,*/
1310 /* encrypt it and copy the unpadded part back */
1311 construct_ctr_preload(ctr_preload, a4_exists, qc_exists, pframe, /* message, */
1312 pn_vector, num_blocks+1, frtype);
1313 /* add for CONFIG_IEEE80211W, none 11w also can use */
1314
1315 for (j = 0; j < 16; j++)
1316 padded_buffer[j] = 0x00;
1317 for (j = 0; j < payload_remainder; j++)
1318 padded_buffer[j] = pframe[payload_index+j];
1319
1320 aes128k128d(key, ctr_preload, aes_out);
1321 bitwise_xor(aes_out, padded_buffer, chain_buffer);
1322 for (j = 0; j < payload_remainder; j++)
1323 pframe[payload_index++] = chain_buffer[j];
1324 }
1325
1326 /* Encrypt the MIC */
1327 construct_ctr_preload(ctr_preload, a4_exists, qc_exists, pframe, /* message, */
1328 pn_vector, 0, frtype);
1329 /* add for CONFIG_IEEE80211W, none 11w also can use */
1330
1331 for (j = 0; j < 16; j++)
1332 padded_buffer[j] = 0x00;
1333 for (j = 0; j < 8; j++)
1334 padded_buffer[j] = pframe[j+hdrlen+8+plen];
1335
1336 aes128k128d(key, ctr_preload, aes_out);
1337 bitwise_xor(aes_out, padded_buffer, chain_buffer);
1338 for (j = 0; j < 8; j++)
1339 pframe[payload_index++] = chain_buffer[j];
1340
1341 return _SUCCESS;
1342 }
1343
rtw_aes_encrypt(struct adapter * padapter,u8 * pxmitframe)1344 u32 rtw_aes_encrypt(struct adapter *padapter, u8 *pxmitframe)
1345 { /* exclude ICV */
1346
1347 /*static*/
1348 /* unsigned char message[MAX_MSG_SIZE]; */
1349
1350 /* Intermediate Buffers */
1351 signed int curfragnum, length;
1352 u8 *pframe, *prwskey; /* *payload,*iv */
1353 u8 hw_hdr_offset = 0;
1354 struct pkt_attrib *pattrib = &((struct xmit_frame *)pxmitframe)->attrib;
1355 struct security_priv *psecuritypriv = &padapter->securitypriv;
1356 struct xmit_priv *pxmitpriv = &padapter->xmitpriv;
1357
1358 u32 res = _SUCCESS;
1359
1360 if (((struct xmit_frame *)pxmitframe)->buf_addr == NULL)
1361 return _FAIL;
1362
1363 hw_hdr_offset = TXDESC_OFFSET;
1364 pframe = ((struct xmit_frame *)pxmitframe)->buf_addr + hw_hdr_offset;
1365
1366 /* 4 start to encrypt each fragment */
1367 if (pattrib->encrypt == _AES_) {
1368 if (IS_MCAST(pattrib->ra))
1369 prwskey = psecuritypriv->dot118021XGrpKey[psecuritypriv->dot118021XGrpKeyid].skey;
1370 else
1371 prwskey = pattrib->dot118021x_UncstKey.skey;
1372
1373 for (curfragnum = 0; curfragnum < pattrib->nr_frags; curfragnum++) {
1374 if ((curfragnum+1) == pattrib->nr_frags) { /* 4 the last fragment */
1375 length = pattrib->last_txcmdsz-pattrib->hdrlen-pattrib->iv_len-pattrib->icv_len;
1376
1377 aes_cipher(prwskey, pattrib->hdrlen, pframe, length);
1378 } else {
1379 length = pxmitpriv->frag_len-pattrib->hdrlen-pattrib->iv_len-pattrib->icv_len;
1380
1381 aes_cipher(prwskey, pattrib->hdrlen, pframe, length);
1382 pframe += pxmitpriv->frag_len;
1383 pframe = (u8 *)round_up((SIZE_PTR)(pframe), 4);
1384 }
1385 }
1386 }
1387 return res;
1388 }
1389
aes_decipher(u8 * key,uint hdrlen,u8 * pframe,uint plen)1390 static signed int aes_decipher(u8 *key, uint hdrlen,
1391 u8 *pframe, uint plen)
1392 {
1393 static u8 message[MAX_MSG_SIZE];
1394 uint qc_exists, a4_exists, i, j, payload_remainder,
1395 num_blocks, payload_index;
1396 signed int res = _SUCCESS;
1397 u8 pn_vector[6];
1398 u8 mic_iv[16];
1399 u8 mic_header1[16];
1400 u8 mic_header2[16];
1401 u8 ctr_preload[16];
1402
1403 /* Intermediate Buffers */
1404 u8 chain_buffer[16];
1405 u8 aes_out[16];
1406 u8 padded_buffer[16];
1407 u8 mic[8];
1408
1409 uint frtype = GetFrameType(pframe);
1410 uint frsubtype = GetFrameSubType(pframe);
1411
1412 frsubtype = frsubtype>>4;
1413
1414 memset((void *)mic_iv, 0, 16);
1415 memset((void *)mic_header1, 0, 16);
1416 memset((void *)mic_header2, 0, 16);
1417 memset((void *)ctr_preload, 0, 16);
1418 memset((void *)chain_buffer, 0, 16);
1419 memset((void *)aes_out, 0, 16);
1420 memset((void *)padded_buffer, 0, 16);
1421
1422 /* start to decrypt the payload */
1423
1424 num_blocks = (plen-8) / 16; /* plen including LLC, payload_length and mic) */
1425
1426 payload_remainder = (plen-8) % 16;
1427
1428 pn_vector[0] = pframe[hdrlen];
1429 pn_vector[1] = pframe[hdrlen + 1];
1430 pn_vector[2] = pframe[hdrlen + 4];
1431 pn_vector[3] = pframe[hdrlen + 5];
1432 pn_vector[4] = pframe[hdrlen + 6];
1433 pn_vector[5] = pframe[hdrlen + 7];
1434
1435 if ((hdrlen == WLAN_HDR_A3_LEN) || (hdrlen == WLAN_HDR_A3_QOS_LEN))
1436 a4_exists = 0;
1437 else
1438 a4_exists = 1;
1439
1440 if (((frtype|frsubtype) == WIFI_DATA_CFACK) ||
1441 ((frtype|frsubtype) == WIFI_DATA_CFPOLL) ||
1442 ((frtype|frsubtype) == WIFI_DATA_CFACKPOLL)) {
1443 qc_exists = 1;
1444 if (hdrlen != WLAN_HDR_A3_QOS_LEN)
1445 hdrlen += 2;
1446
1447 } else if ((frtype == WIFI_DATA) && /* only for data packet . add for CONFIG_IEEE80211W, none 11w also can use */
1448 ((frsubtype == 0x08) ||
1449 (frsubtype == 0x09) ||
1450 (frsubtype == 0x0a) ||
1451 (frsubtype == 0x0b))) {
1452 if (hdrlen != WLAN_HDR_A3_QOS_LEN)
1453 hdrlen += 2;
1454
1455 qc_exists = 1;
1456 } else {
1457 qc_exists = 0;
1458 }
1459
1460 /* now, decrypt pframe with hdrlen offset and plen long */
1461
1462 payload_index = hdrlen + 8; /* 8 is for extiv */
1463
1464 for (i = 0; i < num_blocks; i++) {
1465 construct_ctr_preload(ctr_preload, a4_exists,
1466 qc_exists, pframe,
1467 pn_vector, i + 1,
1468 frtype); /* add for CONFIG_IEEE80211W, none 11w also can use */
1469
1470 aes128k128d(key, ctr_preload, aes_out);
1471 bitwise_xor(aes_out, &pframe[payload_index], chain_buffer);
1472
1473 for (j = 0; j < 16; j++)
1474 pframe[payload_index++] = chain_buffer[j];
1475 }
1476
1477 if (payload_remainder > 0) {
1478 /* If there is a short final block, then pad it,*/
1479 /* encrypt it and copy the unpadded part back */
1480 construct_ctr_preload(ctr_preload, a4_exists, qc_exists, pframe, pn_vector,
1481 num_blocks+1, frtype);
1482 /* add for CONFIG_IEEE80211W, none 11w also can use */
1483
1484 for (j = 0; j < 16; j++)
1485 padded_buffer[j] = 0x00;
1486 for (j = 0; j < payload_remainder; j++)
1487 padded_buffer[j] = pframe[payload_index+j];
1488
1489 aes128k128d(key, ctr_preload, aes_out);
1490 bitwise_xor(aes_out, padded_buffer, chain_buffer);
1491 for (j = 0; j < payload_remainder; j++)
1492 pframe[payload_index++] = chain_buffer[j];
1493 }
1494
1495 /* start to calculate the mic */
1496 if ((hdrlen + plen+8) <= MAX_MSG_SIZE)
1497 memcpy((void *)message, pframe, (hdrlen + plen+8)); /* 8 is for ext iv len */
1498
1499 pn_vector[0] = pframe[hdrlen];
1500 pn_vector[1] = pframe[hdrlen+1];
1501 pn_vector[2] = pframe[hdrlen+4];
1502 pn_vector[3] = pframe[hdrlen+5];
1503 pn_vector[4] = pframe[hdrlen+6];
1504 pn_vector[5] = pframe[hdrlen+7];
1505
1506 construct_mic_iv(mic_iv, qc_exists, a4_exists, message, plen-8, pn_vector, frtype);
1507 /* add for CONFIG_IEEE80211W, none 11w also can use */
1508
1509 construct_mic_header1(mic_header1, hdrlen, message, frtype);
1510 /* add for CONFIG_IEEE80211W, none 11w also can use */
1511 construct_mic_header2(mic_header2, message, a4_exists, qc_exists);
1512
1513 payload_remainder = (plen-8) % 16;
1514 num_blocks = (plen-8) / 16;
1515
1516 /* Find start of payload */
1517 payload_index = (hdrlen + 8);
1518
1519 /* Calculate MIC */
1520 aes128k128d(key, mic_iv, aes_out);
1521 bitwise_xor(aes_out, mic_header1, chain_buffer);
1522 aes128k128d(key, chain_buffer, aes_out);
1523 bitwise_xor(aes_out, mic_header2, chain_buffer);
1524 aes128k128d(key, chain_buffer, aes_out);
1525
1526 for (i = 0; i < num_blocks; i++) {
1527 bitwise_xor(aes_out, &message[payload_index], chain_buffer);
1528
1529 payload_index += 16;
1530 aes128k128d(key, chain_buffer, aes_out);
1531 }
1532
1533 /* Add on the final payload block if it needs padding */
1534 if (payload_remainder > 0) {
1535 for (j = 0; j < 16; j++)
1536 padded_buffer[j] = 0x00;
1537 for (j = 0; j < payload_remainder; j++)
1538 padded_buffer[j] = message[payload_index++];
1539
1540 bitwise_xor(aes_out, padded_buffer, chain_buffer);
1541 aes128k128d(key, chain_buffer, aes_out);
1542 }
1543
1544 for (j = 0; j < 8; j++)
1545 mic[j] = aes_out[j];
1546
1547 /* Insert MIC into payload */
1548 for (j = 0; j < 8; j++)
1549 message[payload_index+j] = mic[j];
1550
1551 payload_index = hdrlen + 8;
1552 for (i = 0; i < num_blocks; i++) {
1553 construct_ctr_preload(ctr_preload, a4_exists, qc_exists, message, pn_vector, i+1,
1554 frtype);
1555 /* add for CONFIG_IEEE80211W, none 11w also can use */
1556 aes128k128d(key, ctr_preload, aes_out);
1557 bitwise_xor(aes_out, &message[payload_index], chain_buffer);
1558 for (j = 0; j < 16; j++)
1559 message[payload_index++] = chain_buffer[j];
1560 }
1561
1562 if (payload_remainder > 0) {
1563 /* If there is a short final block, then pad it,*/
1564 /* encrypt it and copy the unpadded part back */
1565 construct_ctr_preload(ctr_preload, a4_exists, qc_exists, message, pn_vector,
1566 num_blocks+1, frtype);
1567 /* add for CONFIG_IEEE80211W, none 11w also can use */
1568
1569 for (j = 0; j < 16; j++)
1570 padded_buffer[j] = 0x00;
1571 for (j = 0; j < payload_remainder; j++)
1572 padded_buffer[j] = message[payload_index+j];
1573
1574 aes128k128d(key, ctr_preload, aes_out);
1575 bitwise_xor(aes_out, padded_buffer, chain_buffer);
1576 for (j = 0; j < payload_remainder; j++)
1577 message[payload_index++] = chain_buffer[j];
1578 }
1579
1580 /* Encrypt the MIC */
1581 construct_ctr_preload(ctr_preload, a4_exists, qc_exists, message, pn_vector, 0, frtype);
1582 /* add for CONFIG_IEEE80211W, none 11w also can use */
1583
1584 for (j = 0; j < 16; j++)
1585 padded_buffer[j] = 0x00;
1586 for (j = 0; j < 8; j++)
1587 padded_buffer[j] = message[j+hdrlen+8+plen-8];
1588
1589 aes128k128d(key, ctr_preload, aes_out);
1590 bitwise_xor(aes_out, padded_buffer, chain_buffer);
1591 for (j = 0; j < 8; j++)
1592 message[payload_index++] = chain_buffer[j];
1593
1594 /* compare the mic */
1595 for (i = 0; i < 8; i++) {
1596 if (pframe[hdrlen + 8 + plen - 8 + i] != message[hdrlen + 8 + plen - 8 + i])
1597 res = _FAIL;
1598 }
1599 return res;
1600 }
1601
rtw_aes_decrypt(struct adapter * padapter,u8 * precvframe)1602 u32 rtw_aes_decrypt(struct adapter *padapter, u8 *precvframe)
1603 { /* exclude ICV */
1604
1605 /*static*/
1606 /* unsigned char message[MAX_MSG_SIZE]; */
1607
1608 /* Intermediate Buffers */
1609
1610 signed int length;
1611 u8 *pframe, *prwskey; /* *payload,*iv */
1612 struct sta_info *stainfo;
1613 struct rx_pkt_attrib *prxattrib = &((union recv_frame *)precvframe)->u.hdr.attrib;
1614 struct security_priv *psecuritypriv = &padapter->securitypriv;
1615 u32 res = _SUCCESS;
1616
1617 pframe = (unsigned char *)((union recv_frame *)precvframe)->u.hdr.rx_data;
1618 /* 4 start to encrypt each fragment */
1619 if (prxattrib->encrypt == _AES_) {
1620 stainfo = rtw_get_stainfo(&padapter->stapriv, &prxattrib->ta[0]);
1621 if (stainfo) {
1622 if (IS_MCAST(prxattrib->ra)) {
1623 static unsigned long start;
1624 static u32 no_gkey_bc_cnt;
1625 static u32 no_gkey_mc_cnt;
1626
1627 if (!psecuritypriv->binstallGrpkey) {
1628 res = _FAIL;
1629
1630 if (start == 0)
1631 start = jiffies;
1632
1633 if (is_broadcast_mac_addr(prxattrib->ra))
1634 no_gkey_bc_cnt++;
1635 else
1636 no_gkey_mc_cnt++;
1637
1638 if (jiffies_to_msecs(jiffies - start) > 1000) {
1639 if (no_gkey_bc_cnt || no_gkey_mc_cnt) {
1640 netdev_dbg(padapter->pnetdev,
1641 FUNC_ADPT_FMT " no_gkey_bc_cnt:%u, no_gkey_mc_cnt:%u\n",
1642 FUNC_ADPT_ARG(padapter),
1643 no_gkey_bc_cnt,
1644 no_gkey_mc_cnt);
1645 }
1646 start = jiffies;
1647 no_gkey_bc_cnt = 0;
1648 no_gkey_mc_cnt = 0;
1649 }
1650
1651 goto exit;
1652 }
1653
1654 if (no_gkey_bc_cnt || no_gkey_mc_cnt) {
1655 netdev_dbg(padapter->pnetdev,
1656 FUNC_ADPT_FMT " gkey installed. no_gkey_bc_cnt:%u, no_gkey_mc_cnt:%u\n",
1657 FUNC_ADPT_ARG(padapter),
1658 no_gkey_bc_cnt,
1659 no_gkey_mc_cnt);
1660 }
1661 start = 0;
1662 no_gkey_bc_cnt = 0;
1663 no_gkey_mc_cnt = 0;
1664
1665 prwskey = psecuritypriv->dot118021XGrpKey[prxattrib->key_index].skey;
1666 if (psecuritypriv->dot118021XGrpKeyid != prxattrib->key_index) {
1667 res = _FAIL;
1668 goto exit;
1669 }
1670 } else {
1671 prwskey = &stainfo->dot118021x_UncstKey.skey[0];
1672 }
1673
1674 length = ((union recv_frame *)precvframe)->u.hdr.len-prxattrib->hdrlen-prxattrib->iv_len;
1675
1676 res = aes_decipher(prwskey, prxattrib->hdrlen, pframe, length);
1677
1678 } else {
1679 res = _FAIL;
1680 }
1681 }
1682 exit:
1683 return res;
1684 }
1685
rtw_BIP_verify(struct adapter * padapter,u8 * precvframe)1686 u32 rtw_BIP_verify(struct adapter *padapter, u8 *precvframe)
1687 {
1688 struct rx_pkt_attrib *pattrib = &((union recv_frame *)precvframe)->u.hdr.attrib;
1689 u8 *pframe;
1690 u8 *BIP_AAD, *p;
1691 u32 res = _FAIL;
1692 uint len, ori_len;
1693 struct ieee80211_hdr *pwlanhdr;
1694 u8 mic[16];
1695 struct mlme_ext_priv *pmlmeext = &padapter->mlmeextpriv;
1696 __le16 le_tmp;
1697 __le64 le_tmp64;
1698
1699 ori_len = pattrib->pkt_len-WLAN_HDR_A3_LEN+BIP_AAD_SIZE;
1700 BIP_AAD = rtw_zmalloc(ori_len);
1701
1702 if (!BIP_AAD)
1703 return _FAIL;
1704
1705 /* PKT start */
1706 pframe = (unsigned char *)((union recv_frame *)precvframe)->u.hdr.rx_data;
1707 /* mapping to wlan header */
1708 pwlanhdr = (struct ieee80211_hdr *)pframe;
1709 /* save the frame body + MME */
1710 memcpy(BIP_AAD+BIP_AAD_SIZE, pframe+WLAN_HDR_A3_LEN, pattrib->pkt_len-WLAN_HDR_A3_LEN);
1711 /* find MME IE pointer */
1712 p = rtw_get_ie(BIP_AAD+BIP_AAD_SIZE, WLAN_EID_MMIE, &len, pattrib->pkt_len-WLAN_HDR_A3_LEN);
1713 /* Baron */
1714 if (p) {
1715 u16 keyid = 0;
1716 u64 temp_ipn = 0;
1717 /* save packet number */
1718 memcpy(&le_tmp64, p+4, 6);
1719 temp_ipn = le64_to_cpu(le_tmp64);
1720 /* BIP packet number should bigger than previous BIP packet */
1721 if (temp_ipn <= pmlmeext->mgnt_80211w_IPN_rx)
1722 goto BIP_exit;
1723
1724 /* copy key index */
1725 memcpy(&le_tmp, p+2, 2);
1726 keyid = le16_to_cpu(le_tmp);
1727 if (keyid != padapter->securitypriv.dot11wBIPKeyid)
1728 goto BIP_exit;
1729
1730 /* clear the MIC field of MME to zero */
1731 memset(p+2+len-8, 0, 8);
1732
1733 /* conscruct AAD, copy frame control field */
1734 memcpy(BIP_AAD, &pwlanhdr->frame_control, 2);
1735 ClearRetry(BIP_AAD);
1736 ClearPwrMgt(BIP_AAD);
1737 ClearMData(BIP_AAD);
1738 /* conscruct AAD, copy address 1 to address 3 */
1739 memcpy(BIP_AAD+2, pwlanhdr->addr1, 18);
1740
1741 if (omac1_aes_128(padapter->securitypriv.dot11wBIPKey[padapter->securitypriv.dot11wBIPKeyid].skey
1742 , BIP_AAD, ori_len, mic))
1743 goto BIP_exit;
1744
1745 /* MIC field should be last 8 bytes of packet (packet without FCS) */
1746 if (!memcmp(mic, pframe+pattrib->pkt_len-8, 8)) {
1747 pmlmeext->mgnt_80211w_IPN_rx = temp_ipn;
1748 res = _SUCCESS;
1749 } else {
1750 }
1751
1752 } else {
1753 res = RTW_RX_HANDLED;
1754 }
1755 BIP_exit:
1756
1757 kfree(BIP_AAD);
1758 return res;
1759 }
1760
1761 /* AES tables*/
1762 const u32 Te0[256] = {
1763 0xc66363a5U, 0xf87c7c84U, 0xee777799U, 0xf67b7b8dU,
1764 0xfff2f20dU, 0xd66b6bbdU, 0xde6f6fb1U, 0x91c5c554U,
1765 0x60303050U, 0x02010103U, 0xce6767a9U, 0x562b2b7dU,
1766 0xe7fefe19U, 0xb5d7d762U, 0x4dababe6U, 0xec76769aU,
1767 0x8fcaca45U, 0x1f82829dU, 0x89c9c940U, 0xfa7d7d87U,
1768 0xeffafa15U, 0xb25959ebU, 0x8e4747c9U, 0xfbf0f00bU,
1769 0x41adadecU, 0xb3d4d467U, 0x5fa2a2fdU, 0x45afafeaU,
1770 0x239c9cbfU, 0x53a4a4f7U, 0xe4727296U, 0x9bc0c05bU,
1771 0x75b7b7c2U, 0xe1fdfd1cU, 0x3d9393aeU, 0x4c26266aU,
1772 0x6c36365aU, 0x7e3f3f41U, 0xf5f7f702U, 0x83cccc4fU,
1773 0x6834345cU, 0x51a5a5f4U, 0xd1e5e534U, 0xf9f1f108U,
1774 0xe2717193U, 0xabd8d873U, 0x62313153U, 0x2a15153fU,
1775 0x0804040cU, 0x95c7c752U, 0x46232365U, 0x9dc3c35eU,
1776 0x30181828U, 0x379696a1U, 0x0a05050fU, 0x2f9a9ab5U,
1777 0x0e070709U, 0x24121236U, 0x1b80809bU, 0xdfe2e23dU,
1778 0xcdebeb26U, 0x4e272769U, 0x7fb2b2cdU, 0xea75759fU,
1779 0x1209091bU, 0x1d83839eU, 0x582c2c74U, 0x341a1a2eU,
1780 0x361b1b2dU, 0xdc6e6eb2U, 0xb45a5aeeU, 0x5ba0a0fbU,
1781 0xa45252f6U, 0x763b3b4dU, 0xb7d6d661U, 0x7db3b3ceU,
1782 0x5229297bU, 0xdde3e33eU, 0x5e2f2f71U, 0x13848497U,
1783 0xa65353f5U, 0xb9d1d168U, 0x00000000U, 0xc1eded2cU,
1784 0x40202060U, 0xe3fcfc1fU, 0x79b1b1c8U, 0xb65b5bedU,
1785 0xd46a6abeU, 0x8dcbcb46U, 0x67bebed9U, 0x7239394bU,
1786 0x944a4adeU, 0x984c4cd4U, 0xb05858e8U, 0x85cfcf4aU,
1787 0xbbd0d06bU, 0xc5efef2aU, 0x4faaaae5U, 0xedfbfb16U,
1788 0x864343c5U, 0x9a4d4dd7U, 0x66333355U, 0x11858594U,
1789 0x8a4545cfU, 0xe9f9f910U, 0x04020206U, 0xfe7f7f81U,
1790 0xa05050f0U, 0x783c3c44U, 0x259f9fbaU, 0x4ba8a8e3U,
1791 0xa25151f3U, 0x5da3a3feU, 0x804040c0U, 0x058f8f8aU,
1792 0x3f9292adU, 0x219d9dbcU, 0x70383848U, 0xf1f5f504U,
1793 0x63bcbcdfU, 0x77b6b6c1U, 0xafdada75U, 0x42212163U,
1794 0x20101030U, 0xe5ffff1aU, 0xfdf3f30eU, 0xbfd2d26dU,
1795 0x81cdcd4cU, 0x180c0c14U, 0x26131335U, 0xc3ecec2fU,
1796 0xbe5f5fe1U, 0x359797a2U, 0x884444ccU, 0x2e171739U,
1797 0x93c4c457U, 0x55a7a7f2U, 0xfc7e7e82U, 0x7a3d3d47U,
1798 0xc86464acU, 0xba5d5de7U, 0x3219192bU, 0xe6737395U,
1799 0xc06060a0U, 0x19818198U, 0x9e4f4fd1U, 0xa3dcdc7fU,
1800 0x44222266U, 0x542a2a7eU, 0x3b9090abU, 0x0b888883U,
1801 0x8c4646caU, 0xc7eeee29U, 0x6bb8b8d3U, 0x2814143cU,
1802 0xa7dede79U, 0xbc5e5ee2U, 0x160b0b1dU, 0xaddbdb76U,
1803 0xdbe0e03bU, 0x64323256U, 0x743a3a4eU, 0x140a0a1eU,
1804 0x924949dbU, 0x0c06060aU, 0x4824246cU, 0xb85c5ce4U,
1805 0x9fc2c25dU, 0xbdd3d36eU, 0x43acacefU, 0xc46262a6U,
1806 0x399191a8U, 0x319595a4U, 0xd3e4e437U, 0xf279798bU,
1807 0xd5e7e732U, 0x8bc8c843U, 0x6e373759U, 0xda6d6db7U,
1808 0x018d8d8cU, 0xb1d5d564U, 0x9c4e4ed2U, 0x49a9a9e0U,
1809 0xd86c6cb4U, 0xac5656faU, 0xf3f4f407U, 0xcfeaea25U,
1810 0xca6565afU, 0xf47a7a8eU, 0x47aeaee9U, 0x10080818U,
1811 0x6fbabad5U, 0xf0787888U, 0x4a25256fU, 0x5c2e2e72U,
1812 0x381c1c24U, 0x57a6a6f1U, 0x73b4b4c7U, 0x97c6c651U,
1813 0xcbe8e823U, 0xa1dddd7cU, 0xe874749cU, 0x3e1f1f21U,
1814 0x964b4bddU, 0x61bdbddcU, 0x0d8b8b86U, 0x0f8a8a85U,
1815 0xe0707090U, 0x7c3e3e42U, 0x71b5b5c4U, 0xcc6666aaU,
1816 0x904848d8U, 0x06030305U, 0xf7f6f601U, 0x1c0e0e12U,
1817 0xc26161a3U, 0x6a35355fU, 0xae5757f9U, 0x69b9b9d0U,
1818 0x17868691U, 0x99c1c158U, 0x3a1d1d27U, 0x279e9eb9U,
1819 0xd9e1e138U, 0xebf8f813U, 0x2b9898b3U, 0x22111133U,
1820 0xd26969bbU, 0xa9d9d970U, 0x078e8e89U, 0x339494a7U,
1821 0x2d9b9bb6U, 0x3c1e1e22U, 0x15878792U, 0xc9e9e920U,
1822 0x87cece49U, 0xaa5555ffU, 0x50282878U, 0xa5dfdf7aU,
1823 0x038c8c8fU, 0x59a1a1f8U, 0x09898980U, 0x1a0d0d17U,
1824 0x65bfbfdaU, 0xd7e6e631U, 0x844242c6U, 0xd06868b8U,
1825 0x824141c3U, 0x299999b0U, 0x5a2d2d77U, 0x1e0f0f11U,
1826 0x7bb0b0cbU, 0xa85454fcU, 0x6dbbbbd6U, 0x2c16163aU,
1827 };
1828
1829 const u32 Td0[256] = {
1830 0x51f4a750U, 0x7e416553U, 0x1a17a4c3U, 0x3a275e96U,
1831 0x3bab6bcbU, 0x1f9d45f1U, 0xacfa58abU, 0x4be30393U,
1832 0x2030fa55U, 0xad766df6U, 0x88cc7691U, 0xf5024c25U,
1833 0x4fe5d7fcU, 0xc52acbd7U, 0x26354480U, 0xb562a38fU,
1834 0xdeb15a49U, 0x25ba1b67U, 0x45ea0e98U, 0x5dfec0e1U,
1835 0xc32f7502U, 0x814cf012U, 0x8d4697a3U, 0x6bd3f9c6U,
1836 0x038f5fe7U, 0x15929c95U, 0xbf6d7aebU, 0x955259daU,
1837 0xd4be832dU, 0x587421d3U, 0x49e06929U, 0x8ec9c844U,
1838 0x75c2896aU, 0xf48e7978U, 0x99583e6bU, 0x27b971ddU,
1839 0xbee14fb6U, 0xf088ad17U, 0xc920ac66U, 0x7dce3ab4U,
1840 0x63df4a18U, 0xe51a3182U, 0x97513360U, 0x62537f45U,
1841 0xb16477e0U, 0xbb6bae84U, 0xfe81a01cU, 0xf9082b94U,
1842 0x70486858U, 0x8f45fd19U, 0x94de6c87U, 0x527bf8b7U,
1843 0xab73d323U, 0x724b02e2U, 0xe31f8f57U, 0x6655ab2aU,
1844 0xb2eb2807U, 0x2fb5c203U, 0x86c57b9aU, 0xd33708a5U,
1845 0x302887f2U, 0x23bfa5b2U, 0x02036abaU, 0xed16825cU,
1846 0x8acf1c2bU, 0xa779b492U, 0xf307f2f0U, 0x4e69e2a1U,
1847 0x65daf4cdU, 0x0605bed5U, 0xd134621fU, 0xc4a6fe8aU,
1848 0x342e539dU, 0xa2f355a0U, 0x058ae132U, 0xa4f6eb75U,
1849 0x0b83ec39U, 0x4060efaaU, 0x5e719f06U, 0xbd6e1051U,
1850 0x3e218af9U, 0x96dd063dU, 0xdd3e05aeU, 0x4de6bd46U,
1851 0x91548db5U, 0x71c45d05U, 0x0406d46fU, 0x605015ffU,
1852 0x1998fb24U, 0xd6bde997U, 0x894043ccU, 0x67d99e77U,
1853 0xb0e842bdU, 0x07898b88U, 0xe7195b38U, 0x79c8eedbU,
1854 0xa17c0a47U, 0x7c420fe9U, 0xf8841ec9U, 0x00000000U,
1855 0x09808683U, 0x322bed48U, 0x1e1170acU, 0x6c5a724eU,
1856 0xfd0efffbU, 0x0f853856U, 0x3daed51eU, 0x362d3927U,
1857 0x0a0fd964U, 0x685ca621U, 0x9b5b54d1U, 0x24362e3aU,
1858 0x0c0a67b1U, 0x9357e70fU, 0xb4ee96d2U, 0x1b9b919eU,
1859 0x80c0c54fU, 0x61dc20a2U, 0x5a774b69U, 0x1c121a16U,
1860 0xe293ba0aU, 0xc0a02ae5U, 0x3c22e043U, 0x121b171dU,
1861 0x0e090d0bU, 0xf28bc7adU, 0x2db6a8b9U, 0x141ea9c8U,
1862 0x57f11985U, 0xaf75074cU, 0xee99ddbbU, 0xa37f60fdU,
1863 0xf701269fU, 0x5c72f5bcU, 0x44663bc5U, 0x5bfb7e34U,
1864 0x8b432976U, 0xcb23c6dcU, 0xb6edfc68U, 0xb8e4f163U,
1865 0xd731dccaU, 0x42638510U, 0x13972240U, 0x84c61120U,
1866 0x854a247dU, 0xd2bb3df8U, 0xaef93211U, 0xc729a16dU,
1867 0x1d9e2f4bU, 0xdcb230f3U, 0x0d8652ecU, 0x77c1e3d0U,
1868 0x2bb3166cU, 0xa970b999U, 0x119448faU, 0x47e96422U,
1869 0xa8fc8cc4U, 0xa0f03f1aU, 0x567d2cd8U, 0x223390efU,
1870 0x87494ec7U, 0xd938d1c1U, 0x8ccaa2feU, 0x98d40b36U,
1871 0xa6f581cfU, 0xa57ade28U, 0xdab78e26U, 0x3fadbfa4U,
1872 0x2c3a9de4U, 0x5078920dU, 0x6a5fcc9bU, 0x547e4662U,
1873 0xf68d13c2U, 0x90d8b8e8U, 0x2e39f75eU, 0x82c3aff5U,
1874 0x9f5d80beU, 0x69d0937cU, 0x6fd52da9U, 0xcf2512b3U,
1875 0xc8ac993bU, 0x10187da7U, 0xe89c636eU, 0xdb3bbb7bU,
1876 0xcd267809U, 0x6e5918f4U, 0xec9ab701U, 0x834f9aa8U,
1877 0xe6956e65U, 0xaaffe67eU, 0x21bccf08U, 0xef15e8e6U,
1878 0xbae79bd9U, 0x4a6f36ceU, 0xea9f09d4U, 0x29b07cd6U,
1879 0x31a4b2afU, 0x2a3f2331U, 0xc6a59430U, 0x35a266c0U,
1880 0x744ebc37U, 0xfc82caa6U, 0xe090d0b0U, 0x33a7d815U,
1881 0xf104984aU, 0x41ecdaf7U, 0x7fcd500eU, 0x1791f62fU,
1882 0x764dd68dU, 0x43efb04dU, 0xccaa4d54U, 0xe49604dfU,
1883 0x9ed1b5e3U, 0x4c6a881bU, 0xc12c1fb8U, 0x4665517fU,
1884 0x9d5eea04U, 0x018c355dU, 0xfa877473U, 0xfb0b412eU,
1885 0xb3671d5aU, 0x92dbd252U, 0xe9105633U, 0x6dd64713U,
1886 0x9ad7618cU, 0x37a10c7aU, 0x59f8148eU, 0xeb133c89U,
1887 0xcea927eeU, 0xb761c935U, 0xe11ce5edU, 0x7a47b13cU,
1888 0x9cd2df59U, 0x55f2733fU, 0x1814ce79U, 0x73c737bfU,
1889 0x53f7cdeaU, 0x5ffdaa5bU, 0xdf3d6f14U, 0x7844db86U,
1890 0xcaaff381U, 0xb968c43eU, 0x3824342cU, 0xc2a3405fU,
1891 0x161dc372U, 0xbce2250cU, 0x283c498bU, 0xff0d9541U,
1892 0x39a80171U, 0x080cb3deU, 0xd8b4e49cU, 0x6456c190U,
1893 0x7bcb8461U, 0xd532b670U, 0x486c5c74U, 0xd0b85742U,
1894 };
1895
1896 const u8 Td4s[256] = {
1897 0x52U, 0x09U, 0x6aU, 0xd5U, 0x30U, 0x36U, 0xa5U, 0x38U,
1898 0xbfU, 0x40U, 0xa3U, 0x9eU, 0x81U, 0xf3U, 0xd7U, 0xfbU,
1899 0x7cU, 0xe3U, 0x39U, 0x82U, 0x9bU, 0x2fU, 0xffU, 0x87U,
1900 0x34U, 0x8eU, 0x43U, 0x44U, 0xc4U, 0xdeU, 0xe9U, 0xcbU,
1901 0x54U, 0x7bU, 0x94U, 0x32U, 0xa6U, 0xc2U, 0x23U, 0x3dU,
1902 0xeeU, 0x4cU, 0x95U, 0x0bU, 0x42U, 0xfaU, 0xc3U, 0x4eU,
1903 0x08U, 0x2eU, 0xa1U, 0x66U, 0x28U, 0xd9U, 0x24U, 0xb2U,
1904 0x76U, 0x5bU, 0xa2U, 0x49U, 0x6dU, 0x8bU, 0xd1U, 0x25U,
1905 0x72U, 0xf8U, 0xf6U, 0x64U, 0x86U, 0x68U, 0x98U, 0x16U,
1906 0xd4U, 0xa4U, 0x5cU, 0xccU, 0x5dU, 0x65U, 0xb6U, 0x92U,
1907 0x6cU, 0x70U, 0x48U, 0x50U, 0xfdU, 0xedU, 0xb9U, 0xdaU,
1908 0x5eU, 0x15U, 0x46U, 0x57U, 0xa7U, 0x8dU, 0x9dU, 0x84U,
1909 0x90U, 0xd8U, 0xabU, 0x00U, 0x8cU, 0xbcU, 0xd3U, 0x0aU,
1910 0xf7U, 0xe4U, 0x58U, 0x05U, 0xb8U, 0xb3U, 0x45U, 0x06U,
1911 0xd0U, 0x2cU, 0x1eU, 0x8fU, 0xcaU, 0x3fU, 0x0fU, 0x02U,
1912 0xc1U, 0xafU, 0xbdU, 0x03U, 0x01U, 0x13U, 0x8aU, 0x6bU,
1913 0x3aU, 0x91U, 0x11U, 0x41U, 0x4fU, 0x67U, 0xdcU, 0xeaU,
1914 0x97U, 0xf2U, 0xcfU, 0xceU, 0xf0U, 0xb4U, 0xe6U, 0x73U,
1915 0x96U, 0xacU, 0x74U, 0x22U, 0xe7U, 0xadU, 0x35U, 0x85U,
1916 0xe2U, 0xf9U, 0x37U, 0xe8U, 0x1cU, 0x75U, 0xdfU, 0x6eU,
1917 0x47U, 0xf1U, 0x1aU, 0x71U, 0x1dU, 0x29U, 0xc5U, 0x89U,
1918 0x6fU, 0xb7U, 0x62U, 0x0eU, 0xaaU, 0x18U, 0xbeU, 0x1bU,
1919 0xfcU, 0x56U, 0x3eU, 0x4bU, 0xc6U, 0xd2U, 0x79U, 0x20U,
1920 0x9aU, 0xdbU, 0xc0U, 0xfeU, 0x78U, 0xcdU, 0x5aU, 0xf4U,
1921 0x1fU, 0xddU, 0xa8U, 0x33U, 0x88U, 0x07U, 0xc7U, 0x31U,
1922 0xb1U, 0x12U, 0x10U, 0x59U, 0x27U, 0x80U, 0xecU, 0x5fU,
1923 0x60U, 0x51U, 0x7fU, 0xa9U, 0x19U, 0xb5U, 0x4aU, 0x0dU,
1924 0x2dU, 0xe5U, 0x7aU, 0x9fU, 0x93U, 0xc9U, 0x9cU, 0xefU,
1925 0xa0U, 0xe0U, 0x3bU, 0x4dU, 0xaeU, 0x2aU, 0xf5U, 0xb0U,
1926 0xc8U, 0xebU, 0xbbU, 0x3cU, 0x83U, 0x53U, 0x99U, 0x61U,
1927 0x17U, 0x2bU, 0x04U, 0x7eU, 0xbaU, 0x77U, 0xd6U, 0x26U,
1928 0xe1U, 0x69U, 0x14U, 0x63U, 0x55U, 0x21U, 0x0cU, 0x7dU,
1929 };
1930
1931 const u8 rcons[] = {
1932 0x01, 0x02, 0x04, 0x08, 0x10, 0x20, 0x40, 0x80, 0x1B, 0x36
1933 /* for 128-bit blocks, Rijndael never uses more than 10 rcon values */
1934 };
1935
1936 /**
1937 * Expand the cipher key into the encryption key schedule.
1938 *
1939 * @return the number of rounds for the given cipher key size.
1940 */
rijndaelKeySetupEnc(u32 rk[],const u8 cipherKey[])1941 static void rijndaelKeySetupEnc(u32 rk[/*44*/], const u8 cipherKey[])
1942 {
1943 int i;
1944 u32 temp;
1945
1946 rk[0] = GETU32(cipherKey);
1947 rk[1] = GETU32(cipherKey + 4);
1948 rk[2] = GETU32(cipherKey + 8);
1949 rk[3] = GETU32(cipherKey + 12);
1950 for (i = 0; i < 10; i++) {
1951 temp = rk[3];
1952 rk[4] = rk[0] ^
1953 TE421(temp) ^ TE432(temp) ^ TE443(temp) ^ TE414(temp) ^
1954 RCON(i);
1955 rk[5] = rk[1] ^ rk[4];
1956 rk[6] = rk[2] ^ rk[5];
1957 rk[7] = rk[3] ^ rk[6];
1958 rk += 4;
1959 }
1960 }
1961
rijndaelEncrypt(u32 rk[],u8 pt[16],u8 ct[16])1962 static void rijndaelEncrypt(u32 rk[/*44*/], u8 pt[16], u8 ct[16])
1963 {
1964 u32 s0, s1, s2, s3, t0, t1, t2, t3;
1965 int Nr = 10;
1966 int r;
1967
1968 /*
1969 * map byte array block to cipher state
1970 * and add initial round key:
1971 */
1972 s0 = GETU32(pt) ^ rk[0];
1973 s1 = GETU32(pt + 4) ^ rk[1];
1974 s2 = GETU32(pt + 8) ^ rk[2];
1975 s3 = GETU32(pt + 12) ^ rk[3];
1976
1977 #define ROUND(i, d, s) \
1978 do { \
1979 d##0 = TE0(s##0) ^ TE1(s##1) ^ TE2(s##2) ^ TE3(s##3) ^ rk[4 * i]; \
1980 d##1 = TE0(s##1) ^ TE1(s##2) ^ TE2(s##3) ^ TE3(s##0) ^ rk[4 * i + 1]; \
1981 d##2 = TE0(s##2) ^ TE1(s##3) ^ TE2(s##0) ^ TE3(s##1) ^ rk[4 * i + 2]; \
1982 d##3 = TE0(s##3) ^ TE1(s##0) ^ TE2(s##1) ^ TE3(s##2) ^ rk[4 * i + 3]; \
1983 } while (0)
1984
1985 /* Nr - 1 full rounds: */
1986 r = Nr >> 1;
1987 for (;;) {
1988 ROUND(1, t, s);
1989 rk += 8;
1990 if (--r == 0)
1991 break;
1992 ROUND(0, s, t);
1993 }
1994
1995 #undef ROUND
1996
1997 /*
1998 * apply last round and
1999 * map cipher state to byte array block:
2000 */
2001 s0 = TE41(t0) ^ TE42(t1) ^ TE43(t2) ^ TE44(t3) ^ rk[0];
2002 PUTU32(ct, s0);
2003 s1 = TE41(t1) ^ TE42(t2) ^ TE43(t3) ^ TE44(t0) ^ rk[1];
2004 PUTU32(ct + 4, s1);
2005 s2 = TE41(t2) ^ TE42(t3) ^ TE43(t0) ^ TE44(t1) ^ rk[2];
2006 PUTU32(ct + 8, s2);
2007 s3 = TE41(t3) ^ TE42(t0) ^ TE43(t1) ^ TE44(t2) ^ rk[3];
2008 PUTU32(ct + 12, s3);
2009 }
2010
aes_encrypt_init(u8 * key,size_t len)2011 static void *aes_encrypt_init(u8 *key, size_t len)
2012 {
2013 u32 *rk;
2014
2015 if (len != 16)
2016 return NULL;
2017 rk = rtw_malloc(AES_PRIV_SIZE);
2018 if (rk == NULL)
2019 return NULL;
2020 rijndaelKeySetupEnc(rk, key);
2021 return rk;
2022 }
2023
aes_128_encrypt(void * ctx,u8 * plain,u8 * crypt)2024 static void aes_128_encrypt(void *ctx, u8 *plain, u8 *crypt)
2025 {
2026 rijndaelEncrypt(ctx, plain, crypt);
2027 }
2028
gf_mulx(u8 * pad)2029 static void gf_mulx(u8 *pad)
2030 {
2031 int i, carry;
2032
2033 carry = pad[0] & 0x80;
2034 for (i = 0; i < AES_BLOCK_SIZE - 1; i++)
2035 pad[i] = (pad[i] << 1) | (pad[i + 1] >> 7);
2036
2037 pad[AES_BLOCK_SIZE - 1] <<= 1;
2038 if (carry)
2039 pad[AES_BLOCK_SIZE - 1] ^= 0x87;
2040 }
2041
aes_encrypt_deinit(void * ctx)2042 static void aes_encrypt_deinit(void *ctx)
2043 {
2044 kfree_sensitive(ctx);
2045 }
2046
2047 /**
2048 * omac1_aes_128_vector - One-Key CBC MAC (OMAC1) hash with AES-128
2049 * @key: 128-bit key for the hash operation
2050 * @num_elem: Number of elements in the data vector
2051 * @addr: Pointers to the data areas
2052 * @len: Lengths of the data blocks
2053 * @mac: Buffer for MAC (128 bits, i.e., 16 bytes)
2054 * Returns: 0 on success, -1 on failure
2055 *
2056 * This is a mode for using block cipher (AES in this case) for authentication.
2057 * OMAC1 was standardized with the name CMAC by NIST in a Special Publication
2058 * (SP) 800-38B.
2059 */
omac1_aes_128_vector(u8 * key,size_t num_elem,u8 * addr[],size_t * len,u8 * mac)2060 static int omac1_aes_128_vector(u8 *key, size_t num_elem,
2061 u8 *addr[], size_t *len, u8 *mac)
2062 {
2063 void *ctx;
2064 u8 cbc[AES_BLOCK_SIZE], pad[AES_BLOCK_SIZE];
2065 u8 *pos, *end;
2066 size_t i, e, left, total_len;
2067
2068 ctx = aes_encrypt_init(key, 16);
2069 if (ctx == NULL)
2070 return -1;
2071 memset(cbc, 0, AES_BLOCK_SIZE);
2072
2073 total_len = 0;
2074 for (e = 0; e < num_elem; e++)
2075 total_len += len[e];
2076 left = total_len;
2077
2078 e = 0;
2079 pos = addr[0];
2080 end = pos + len[0];
2081
2082 while (left >= AES_BLOCK_SIZE) {
2083 for (i = 0; i < AES_BLOCK_SIZE; i++) {
2084 cbc[i] ^= *pos++;
2085 if (pos >= end) {
2086 e++;
2087 pos = addr[e];
2088 end = pos + len[e];
2089 }
2090 }
2091 if (left > AES_BLOCK_SIZE)
2092 aes_128_encrypt(ctx, cbc, cbc);
2093 left -= AES_BLOCK_SIZE;
2094 }
2095
2096 memset(pad, 0, AES_BLOCK_SIZE);
2097 aes_128_encrypt(ctx, pad, pad);
2098 gf_mulx(pad);
2099
2100 if (left || total_len == 0) {
2101 for (i = 0; i < left; i++) {
2102 cbc[i] ^= *pos++;
2103 if (pos >= end) {
2104 e++;
2105 pos = addr[e];
2106 end = pos + len[e];
2107 }
2108 }
2109 cbc[left] ^= 0x80;
2110 gf_mulx(pad);
2111 }
2112
2113 for (i = 0; i < AES_BLOCK_SIZE; i++)
2114 pad[i] ^= cbc[i];
2115 aes_128_encrypt(ctx, pad, mac);
2116 aes_encrypt_deinit(ctx);
2117 return 0;
2118 }
2119
2120 /**
2121 * omac1_aes_128 - One-Key CBC MAC (OMAC1) hash with AES-128 (aka AES-CMAC)
2122 * @key: 128-bit key for the hash operation
2123 * @data: Data buffer for which a MAC is determined
2124 * @data_len: Length of data buffer in bytes
2125 * @mac: Buffer for MAC (128 bits, i.e., 16 bytes)
2126 * Returns: 0 on success, -1 on failure
2127 *
2128 * This is a mode for using block cipher (AES in this case) for authentication.
2129 * OMAC1 was standardized with the name CMAC by NIST in a Special Publication
2130 * (SP) 800-38B.
2131 * modify for CONFIG_IEEE80211W */
omac1_aes_128(u8 * key,u8 * data,size_t data_len,u8 * mac)2132 int omac1_aes_128(u8 *key, u8 *data, size_t data_len, u8 *mac)
2133 {
2134 return omac1_aes_128_vector(key, 1, &data, &data_len, mac);
2135 }
2136
2137 /* Restore HW wep key setting according to key_mask */
rtw_sec_restore_wep_key(struct adapter * adapter)2138 void rtw_sec_restore_wep_key(struct adapter *adapter)
2139 {
2140 struct security_priv *securitypriv = &(adapter->securitypriv);
2141 signed int keyid;
2142
2143 if ((_WEP40_ == securitypriv->dot11PrivacyAlgrthm) || (_WEP104_ == securitypriv->dot11PrivacyAlgrthm)) {
2144 for (keyid = 0; keyid < 4; keyid++) {
2145 if (securitypriv->key_mask & BIT(keyid)) {
2146 if (keyid == securitypriv->dot11PrivacyKeyIndex)
2147 rtw_set_key(adapter, securitypriv, keyid, 1, false);
2148 else
2149 rtw_set_key(adapter, securitypriv, keyid, 0, false);
2150 }
2151 }
2152 }
2153 }
2154
rtw_handle_tkip_countermeasure(struct adapter * adapter,const char * caller)2155 u8 rtw_handle_tkip_countermeasure(struct adapter *adapter, const char *caller)
2156 {
2157 struct security_priv *securitypriv = &(adapter->securitypriv);
2158 u8 status = _SUCCESS;
2159
2160 if (securitypriv->btkip_countermeasure) {
2161 unsigned long passing_ms = jiffies_to_msecs(jiffies - securitypriv->btkip_countermeasure_time);
2162
2163 if (passing_ms > 60*1000) {
2164 netdev_dbg(adapter->pnetdev,
2165 "%s(%s) countermeasure time:%lus > 60s\n",
2166 caller, ADPT_ARG(adapter),
2167 passing_ms / 1000);
2168 securitypriv->btkip_countermeasure = false;
2169 securitypriv->btkip_countermeasure_time = 0;
2170 } else {
2171 netdev_dbg(adapter->pnetdev,
2172 "%s(%s) countermeasure time:%lus < 60s\n",
2173 caller, ADPT_ARG(adapter),
2174 passing_ms / 1000);
2175 status = _FAIL;
2176 }
2177 }
2178
2179 return status;
2180 }
2181