1 // SPDX-License-Identifier: GPL-2.0
2 /******************************************************************************
3 *
4 * Copyright(c) 2007 - 2011 Realtek Corporation. All rights reserved.
5 *
6 ******************************************************************************/
7 #define _RTW_SECURITY_C_
8
9 #include <osdep_service.h>
10 #include <drv_types.h>
11 #include <wifi.h>
12 #include <osdep_intf.h>
13 #include <net/lib80211.h>
14
15 /* WEP related ===== */
16
17 #define CRC32_POLY 0x04c11db7
18
19 struct arc4context {
20 u32 x;
21 u32 y;
22 u8 state[256];
23 };
24
arcfour_init(struct arc4context * parc4ctx,u8 * key,u32 key_len)25 static void arcfour_init(struct arc4context *parc4ctx, u8 *key, u32 key_len)
26 {
27 u32 t, u;
28 u32 keyindex;
29 u32 stateindex;
30 u8 *state;
31 u32 counter;
32
33 state = parc4ctx->state;
34 parc4ctx->x = 0;
35 parc4ctx->y = 0;
36 for (counter = 0; counter < 256; counter++)
37 state[counter] = (u8)counter;
38 keyindex = 0;
39 stateindex = 0;
40 for (counter = 0; counter < 256; counter++) {
41 t = state[counter];
42 stateindex = (stateindex + key[keyindex] + t) & 0xff;
43 u = state[stateindex];
44 state[stateindex] = (u8)t;
45 state[counter] = (u8)u;
46 if (++keyindex >= key_len)
47 keyindex = 0;
48 }
49 }
50
arcfour_byte(struct arc4context * parc4ctx)51 static u32 arcfour_byte(struct arc4context *parc4ctx)
52 {
53 u32 x;
54 u32 y;
55 u32 sx, sy;
56 u8 *state;
57
58 state = parc4ctx->state;
59 x = (parc4ctx->x + 1) & 0xff;
60 sx = state[x];
61 y = (sx + parc4ctx->y) & 0xff;
62 sy = state[y];
63 parc4ctx->x = x;
64 parc4ctx->y = y;
65 state[y] = (u8)sx;
66 state[x] = (u8)sy;
67 return state[(sx + sy) & 0xff];
68 }
69
arcfour_encrypt(struct arc4context * parc4ctx,u8 * dest,u8 * src,u32 len)70 static void arcfour_encrypt(struct arc4context *parc4ctx, u8 *dest, u8 *src, u32 len)
71 {
72 u32 i;
73
74 for (i = 0; i < len; i++)
75 dest[i] = src[i] ^ (unsigned char)arcfour_byte(parc4ctx);
76 }
77
78 static int bcrc32initialized;
79 static u32 crc32_table[256];
80
crc32_reverseBit(u8 data)81 static u8 crc32_reverseBit(u8 data)
82 {
83 return (u8)((data << 7) & 0x80) | ((data << 5) & 0x40) | ((data << 3) & 0x20) |
84 ((data << 1) & 0x10) | ((data >> 1) & 0x08) | ((data >> 3) & 0x04) |
85 ((data >> 5) & 0x02) | ((data >> 7) & 0x01);
86 }
87
crc32_init(void)88 static void crc32_init(void)
89 {
90 int i, j;
91 u32 c;
92 u8 *p = (u8 *)&c, *p1;
93 u8 k;
94
95 if (bcrc32initialized == 1)
96 return;
97
98 c = 0x12340000;
99
100 for (i = 0; i < 256; ++i) {
101 k = crc32_reverseBit((u8)i);
102 for (c = ((u32)k) << 24, j = 8; j > 0; --j)
103 c = c & 0x80000000 ? (c << 1) ^ CRC32_POLY : (c << 1);
104 p1 = (u8 *)&crc32_table[i];
105
106 p1[0] = crc32_reverseBit(p[3]);
107 p1[1] = crc32_reverseBit(p[2]);
108 p1[2] = crc32_reverseBit(p[1]);
109 p1[3] = crc32_reverseBit(p[0]);
110 }
111 bcrc32initialized = 1;
112 }
113
getcrc32(u8 * buf,int len)114 static __le32 getcrc32(u8 *buf, int len)
115 {
116 u8 *p;
117 u32 crc;
118
119 if (bcrc32initialized == 0)
120 crc32_init();
121
122 crc = 0xffffffff; /* preload shift register, per CRC-32 spec */
123
124 for (p = buf; len > 0; ++p, --len)
125 crc = crc32_table[(crc ^ *p) & 0xff] ^ (crc >> 8);
126 return cpu_to_le32(~crc); /* transmit complement, per CRC-32 spec */
127 }
128
129 /* Need to consider the fragment situation */
rtw_wep_encrypt(struct adapter * padapter,struct xmit_frame * pxmitframe)130 void rtw_wep_encrypt(struct adapter *padapter, struct xmit_frame *pxmitframe)
131 {
132 int curfragnum, length;
133 u8 *pframe;
134 u8 hw_hdr_offset = 0;
135 struct pkt_attrib *pattrib = &pxmitframe->attrib;
136 struct security_priv *psecuritypriv = &padapter->securitypriv;
137 struct xmit_priv *pxmitpriv = &padapter->xmitpriv;
138 const int keyindex = psecuritypriv->dot11PrivacyKeyIndex;
139 void *crypto_private;
140 struct sk_buff *skb;
141 struct lib80211_crypto_ops *crypto_ops;
142
143 if (!pxmitframe->buf_addr)
144 return;
145
146 if ((pattrib->encrypt != _WEP40_) && (pattrib->encrypt != _WEP104_))
147 return;
148
149 hw_hdr_offset = TXDESC_SIZE +
150 (pxmitframe->pkt_offset * PACKET_OFFSET_SZ);
151
152 pframe = pxmitframe->buf_addr + hw_hdr_offset;
153
154 crypto_ops = lib80211_get_crypto_ops("WEP");
155
156 if (!crypto_ops)
157 return;
158
159 crypto_private = crypto_ops->init(keyindex);
160 if (!crypto_private)
161 return;
162
163 if (crypto_ops->set_key(psecuritypriv->dot11DefKey[keyindex].skey,
164 psecuritypriv->dot11DefKeylen[keyindex], NULL, crypto_private) < 0)
165 goto free_crypto_private;
166
167 for (curfragnum = 0; curfragnum < pattrib->nr_frags; curfragnum++) {
168 if (curfragnum + 1 == pattrib->nr_frags)
169 length = pattrib->last_txcmdsz;
170 else
171 length = pxmitpriv->frag_len;
172 skb = dev_alloc_skb(length);
173 if (!skb)
174 goto free_crypto_private;
175
176 skb_put_data(skb, pframe, length);
177
178 memmove(skb->data + 4, skb->data, pattrib->hdrlen);
179 skb_pull(skb, 4);
180 skb_trim(skb, skb->len - 4);
181
182 if (crypto_ops->encrypt_mpdu(skb, pattrib->hdrlen, crypto_private)) {
183 kfree_skb(skb);
184 goto free_crypto_private;
185 }
186
187 memcpy(pframe, skb->data, skb->len);
188
189 pframe += skb->len;
190 pframe = (u8 *)round_up((size_t)(pframe), 4);
191
192 kfree_skb(skb);
193 }
194
195 free_crypto_private:
196 crypto_ops->deinit(crypto_private);
197 }
198
rtw_wep_decrypt(struct adapter * padapter,struct recv_frame * precvframe)199 int rtw_wep_decrypt(struct adapter *padapter, struct recv_frame *precvframe)
200 {
201 struct rx_pkt_attrib *prxattrib = &precvframe->attrib;
202
203 if ((prxattrib->encrypt == _WEP40_) || (prxattrib->encrypt == _WEP104_)) {
204 struct security_priv *psecuritypriv = &padapter->securitypriv;
205 struct sk_buff *skb = precvframe->pkt;
206 u8 *pframe = skb->data;
207 void *crypto_private = NULL;
208 int status = _SUCCESS;
209 const int keyindex = prxattrib->key_index;
210 struct lib80211_crypto_ops *crypto_ops = lib80211_get_crypto_ops("WEP");
211 char iv[4], icv[4];
212
213 if (!crypto_ops) {
214 status = _FAIL;
215 goto exit;
216 }
217
218 memcpy(iv, pframe + prxattrib->hdrlen, 4);
219 memcpy(icv, pframe + skb->len - 4, 4);
220
221 crypto_private = crypto_ops->init(keyindex);
222 if (!crypto_private) {
223 status = _FAIL;
224 goto exit;
225 }
226 if (crypto_ops->set_key(psecuritypriv->dot11DefKey[keyindex].skey,
227 psecuritypriv->dot11DefKeylen[keyindex], NULL, crypto_private) < 0) {
228 status = _FAIL;
229 goto exit;
230 }
231 if (crypto_ops->decrypt_mpdu(skb, prxattrib->hdrlen, crypto_private)) {
232 status = _FAIL;
233 goto exit;
234 }
235
236 memmove(pframe, pframe + 4, prxattrib->hdrlen);
237 skb_push(skb, 4);
238 skb_put(skb, 4);
239
240 memcpy(pframe + prxattrib->hdrlen, iv, 4);
241 memcpy(pframe + skb->len - 4, icv, 4);
242
243 exit:
244 if (crypto_ops && crypto_private)
245 crypto_ops->deinit(crypto_private);
246 return status;
247 }
248
249 return _FAIL;
250 }
251
252 /* 3 ===== TKIP related ===== */
253
secmicgetuint32(u8 * p)254 static u32 secmicgetuint32(u8 *p)
255 /* Convert from Byte[] to Us3232 in a portable way */
256 {
257 s32 i;
258 u32 res = 0;
259
260 for (i = 0; i < 4; i++)
261 res |= ((u32)(*p++)) << (8 * i);
262 return res;
263 }
264
secmicputuint32(u8 * p,u32 val)265 static void secmicputuint32(u8 *p, u32 val)
266 /* Convert from Us3232 to Byte[] in a portable way */
267 {
268 long i;
269
270 for (i = 0; i < 4; i++) {
271 *p++ = (u8)(val & 0xff);
272 val >>= 8;
273 }
274 }
275
secmicclear(struct mic_data * pmicdata)276 static void secmicclear(struct mic_data *pmicdata)
277 {
278 /* Reset the state to the empty message. */
279 pmicdata->L = pmicdata->K0;
280 pmicdata->R = pmicdata->K1;
281 pmicdata->nBytesInM = 0;
282 pmicdata->M = 0;
283 }
284
rtw_secmicsetkey(struct mic_data * pmicdata,u8 * key)285 void rtw_secmicsetkey(struct mic_data *pmicdata, u8 *key)
286 {
287 /* Set the key */
288 pmicdata->K0 = secmicgetuint32(key);
289 pmicdata->K1 = secmicgetuint32(key + 4);
290 /* and reset the message */
291 secmicclear(pmicdata);
292 }
293
rtw_secmicappendbyte(struct mic_data * pmicdata,u8 b)294 void rtw_secmicappendbyte(struct mic_data *pmicdata, u8 b)
295 {
296 /* Append the byte to our word-sized buffer */
297 pmicdata->M |= ((unsigned long)b) << (8 * pmicdata->nBytesInM);
298 pmicdata->nBytesInM++;
299 /* Process the word if it is full. */
300 if (pmicdata->nBytesInM >= 4) {
301 pmicdata->L ^= pmicdata->M;
302 pmicdata->R ^= ROL32(pmicdata->L, 17);
303 pmicdata->L += pmicdata->R;
304 pmicdata->R ^= ((pmicdata->L & 0xff00ff00) >> 8) | ((pmicdata->L & 0x00ff00ff) << 8);
305 pmicdata->L += pmicdata->R;
306 pmicdata->R ^= ROL32(pmicdata->L, 3);
307 pmicdata->L += pmicdata->R;
308 pmicdata->R ^= ROR32(pmicdata->L, 2);
309 pmicdata->L += pmicdata->R;
310 /* Clear the buffer */
311 pmicdata->M = 0;
312 pmicdata->nBytesInM = 0;
313 }
314 }
315
rtw_secmicappend(struct mic_data * pmicdata,u8 * src,u32 nbytes)316 void rtw_secmicappend(struct mic_data *pmicdata, u8 *src, u32 nbytes)
317 {
318 /* This is simple */
319 while (nbytes > 0) {
320 rtw_secmicappendbyte(pmicdata, *src++);
321 nbytes--;
322 }
323 }
324
rtw_secgetmic(struct mic_data * pmicdata,u8 * dst)325 void rtw_secgetmic(struct mic_data *pmicdata, u8 *dst)
326 {
327 /* Append the minimum padding */
328 rtw_secmicappendbyte(pmicdata, 0x5a);
329 rtw_secmicappendbyte(pmicdata, 0);
330 rtw_secmicappendbyte(pmicdata, 0);
331 rtw_secmicappendbyte(pmicdata, 0);
332 rtw_secmicappendbyte(pmicdata, 0);
333 /* and then zeroes until the length is a multiple of 4 */
334 while (pmicdata->nBytesInM != 0)
335 rtw_secmicappendbyte(pmicdata, 0);
336 /* The appendByte function has already computed the result. */
337 secmicputuint32(dst, pmicdata->L);
338 secmicputuint32(dst + 4, pmicdata->R);
339 /* Reset to the empty message. */
340 secmicclear(pmicdata);
341 }
342
rtw_seccalctkipmic(u8 * key,u8 * header,u8 * data,u32 data_len,u8 * mic_code,u8 pri)343 void rtw_seccalctkipmic(u8 *key, u8 *header, u8 *data, u32 data_len, u8 *mic_code, u8 pri)
344 {
345 struct mic_data micdata;
346 u8 priority[4] = {0x0, 0x0, 0x0, 0x0};
347
348 rtw_secmicsetkey(&micdata, key);
349 priority[0] = pri;
350
351 /* Michael MIC pseudo header: DA, SA, 3 x 0, Priority */
352 if (header[1] & 1) { /* ToDS == 1 */
353 rtw_secmicappend(&micdata, &header[16], 6); /* DA */
354 if (header[1] & 2) /* From Ds == 1 */
355 rtw_secmicappend(&micdata, &header[24], 6);
356 else
357 rtw_secmicappend(&micdata, &header[10], 6);
358 } else { /* ToDS == 0 */
359 rtw_secmicappend(&micdata, &header[4], 6); /* DA */
360 if (header[1] & 2) /* From Ds == 1 */
361 rtw_secmicappend(&micdata, &header[16], 6);
362 else
363 rtw_secmicappend(&micdata, &header[10], 6);
364 }
365 rtw_secmicappend(&micdata, &priority[0], 4);
366
367 rtw_secmicappend(&micdata, data, data_len);
368
369 rtw_secgetmic(&micdata, mic_code);
370 }
371
372 /* macros for extraction/creation of unsigned char/unsigned short values */
373 #define RotR1(v16) ((((v16) >> 1) & 0x7FFF) ^ (((v16) & 1) << 15))
374 #define Lo8(v16) ((u8)((v16) & 0x00FF))
375 #define Hi8(v16) ((u8)(((v16) >> 8) & 0x00FF))
376 #define Lo16(v32) ((u16)((v32) & 0xFFFF))
377 #define Hi16(v32) ((u16)(((v32) >> 16) & 0xFFFF))
378 #define Mk16(hi, lo) ((lo) ^ (((u16)(hi)) << 8))
379
380 /* select the Nth 16-bit word of the temporal key unsigned char array TK[] */
381 #define TK16(N) Mk16(tk[2 * (N) + 1], tk[2 * (N)])
382
383 /* S-box lookup: 16 bits --> 16 bits */
384 #define _S_(v16) (Sbox1[0][Lo8(v16)] ^ Sbox1[1][Hi8(v16)])
385
386 /* fixed algorithm "parameters" */
387 #define PHASE1_LOOP_CNT 8 /* this needs to be "big enough" */
388 #define TA_SIZE 6 /* 48-bit transmitter address */
389 #define TK_SIZE 16 /* 128-bit temporal key */
390 #define P1K_SIZE 10 /* 80-bit Phase1 key */
391 #define RC4_KEY_SIZE 16 /* 128-bit RC4KEY (104 bits unknown) */
392
393 /* 2-unsigned char by 2-unsigned char subset of the full AES S-box table */
394 static const unsigned short Sbox1[2][256] = { /* Sbox for hash (can be in ROM) */
395 {
396 0xC6A5, 0xF884, 0xEE99, 0xF68D, 0xFF0D, 0xD6BD, 0xDEB1, 0x9154,
397 0x6050, 0x0203, 0xCEA9, 0x567D, 0xE719, 0xB562, 0x4DE6, 0xEC9A,
398 0x8F45, 0x1F9D, 0x8940, 0xFA87, 0xEF15, 0xB2EB, 0x8EC9, 0xFB0B,
399 0x41EC, 0xB367, 0x5FFD, 0x45EA, 0x23BF, 0x53F7, 0xE496, 0x9B5B,
400 0x75C2, 0xE11C, 0x3DAE, 0x4C6A, 0x6C5A, 0x7E41, 0xF502, 0x834F,
401 0x685C, 0x51F4, 0xD134, 0xF908, 0xE293, 0xAB73, 0x6253, 0x2A3F,
402 0x080C, 0x9552, 0x4665, 0x9D5E, 0x3028, 0x37A1, 0x0A0F, 0x2FB5,
403 0x0E09, 0x2436, 0x1B9B, 0xDF3D, 0xCD26, 0x4E69, 0x7FCD, 0xEA9F,
404 0x121B, 0x1D9E, 0x5874, 0x342E, 0x362D, 0xDCB2, 0xB4EE, 0x5BFB,
405 0xA4F6, 0x764D, 0xB761, 0x7DCE, 0x527B, 0xDD3E, 0x5E71, 0x1397,
406 0xA6F5, 0xB968, 0x0000, 0xC12C, 0x4060, 0xE31F, 0x79C8, 0xB6ED,
407 0xD4BE, 0x8D46, 0x67D9, 0x724B, 0x94DE, 0x98D4, 0xB0E8, 0x854A,
408 0xBB6B, 0xC52A, 0x4FE5, 0xED16, 0x86C5, 0x9AD7, 0x6655, 0x1194,
409 0x8ACF, 0xE910, 0x0406, 0xFE81, 0xA0F0, 0x7844, 0x25BA, 0x4BE3,
410 0xA2F3, 0x5DFE, 0x80C0, 0x058A, 0x3FAD, 0x21BC, 0x7048, 0xF104,
411 0x63DF, 0x77C1, 0xAF75, 0x4263, 0x2030, 0xE51A, 0xFD0E, 0xBF6D,
412 0x814C, 0x1814, 0x2635, 0xC32F, 0xBEE1, 0x35A2, 0x88CC, 0x2E39,
413 0x9357, 0x55F2, 0xFC82, 0x7A47, 0xC8AC, 0xBAE7, 0x322B, 0xE695,
414 0xC0A0, 0x1998, 0x9ED1, 0xA37F, 0x4466, 0x547E, 0x3BAB, 0x0B83,
415 0x8CCA, 0xC729, 0x6BD3, 0x283C, 0xA779, 0xBCE2, 0x161D, 0xAD76,
416 0xDB3B, 0x6456, 0x744E, 0x141E, 0x92DB, 0x0C0A, 0x486C, 0xB8E4,
417 0x9F5D, 0xBD6E, 0x43EF, 0xC4A6, 0x39A8, 0x31A4, 0xD337, 0xF28B,
418 0xD532, 0x8B43, 0x6E59, 0xDAB7, 0x018C, 0xB164, 0x9CD2, 0x49E0,
419 0xD8B4, 0xACFA, 0xF307, 0xCF25, 0xCAAF, 0xF48E, 0x47E9, 0x1018,
420 0x6FD5, 0xF088, 0x4A6F, 0x5C72, 0x3824, 0x57F1, 0x73C7, 0x9751,
421 0xCB23, 0xA17C, 0xE89C, 0x3E21, 0x96DD, 0x61DC, 0x0D86, 0x0F85,
422 0xE090, 0x7C42, 0x71C4, 0xCCAA, 0x90D8, 0x0605, 0xF701, 0x1C12,
423 0xC2A3, 0x6A5F, 0xAEF9, 0x69D0, 0x1791, 0x9958, 0x3A27, 0x27B9,
424 0xD938, 0xEB13, 0x2BB3, 0x2233, 0xD2BB, 0xA970, 0x0789, 0x33A7,
425 0x2DB6, 0x3C22, 0x1592, 0xC920, 0x8749, 0xAAFF, 0x5078, 0xA57A,
426 0x038F, 0x59F8, 0x0980, 0x1A17, 0x65DA, 0xD731, 0x84C6, 0xD0B8,
427 0x82C3, 0x29B0, 0x5A77, 0x1E11, 0x7BCB, 0xA8FC, 0x6DD6, 0x2C3A,
428 },
429
430 { /* second half of table is unsigned char-reversed version of first! */
431 0xA5C6, 0x84F8, 0x99EE, 0x8DF6, 0x0DFF, 0xBDD6, 0xB1DE, 0x5491,
432 0x5060, 0x0302, 0xA9CE, 0x7D56, 0x19E7, 0x62B5, 0xE64D, 0x9AEC,
433 0x458F, 0x9D1F, 0x4089, 0x87FA, 0x15EF, 0xEBB2, 0xC98E, 0x0BFB,
434 0xEC41, 0x67B3, 0xFD5F, 0xEA45, 0xBF23, 0xF753, 0x96E4, 0x5B9B,
435 0xC275, 0x1CE1, 0xAE3D, 0x6A4C, 0x5A6C, 0x417E, 0x02F5, 0x4F83,
436 0x5C68, 0xF451, 0x34D1, 0x08F9, 0x93E2, 0x73AB, 0x5362, 0x3F2A,
437 0x0C08, 0x5295, 0x6546, 0x5E9D, 0x2830, 0xA137, 0x0F0A, 0xB52F,
438 0x090E, 0x3624, 0x9B1B, 0x3DDF, 0x26CD, 0x694E, 0xCD7F, 0x9FEA,
439 0x1B12, 0x9E1D, 0x7458, 0x2E34, 0x2D36, 0xB2DC, 0xEEB4, 0xFB5B,
440 0xF6A4, 0x4D76, 0x61B7, 0xCE7D, 0x7B52, 0x3EDD, 0x715E, 0x9713,
441 0xF5A6, 0x68B9, 0x0000, 0x2CC1, 0x6040, 0x1FE3, 0xC879, 0xEDB6,
442 0xBED4, 0x468D, 0xD967, 0x4B72, 0xDE94, 0xD498, 0xE8B0, 0x4A85,
443 0x6BBB, 0x2AC5, 0xE54F, 0x16ED, 0xC586, 0xD79A, 0x5566, 0x9411,
444 0xCF8A, 0x10E9, 0x0604, 0x81FE, 0xF0A0, 0x4478, 0xBA25, 0xE34B,
445 0xF3A2, 0xFE5D, 0xC080, 0x8A05, 0xAD3F, 0xBC21, 0x4870, 0x04F1,
446 0xDF63, 0xC177, 0x75AF, 0x6342, 0x3020, 0x1AE5, 0x0EFD, 0x6DBF,
447 0x4C81, 0x1418, 0x3526, 0x2FC3, 0xE1BE, 0xA235, 0xCC88, 0x392E,
448 0x5793, 0xF255, 0x82FC, 0x477A, 0xACC8, 0xE7BA, 0x2B32, 0x95E6,
449 0xA0C0, 0x9819, 0xD19E, 0x7FA3, 0x6644, 0x7E54, 0xAB3B, 0x830B,
450 0xCA8C, 0x29C7, 0xD36B, 0x3C28, 0x79A7, 0xE2BC, 0x1D16, 0x76AD,
451 0x3BDB, 0x5664, 0x4E74, 0x1E14, 0xDB92, 0x0A0C, 0x6C48, 0xE4B8,
452 0x5D9F, 0x6EBD, 0xEF43, 0xA6C4, 0xA839, 0xA431, 0x37D3, 0x8BF2,
453 0x32D5, 0x438B, 0x596E, 0xB7DA, 0x8C01, 0x64B1, 0xD29C, 0xE049,
454 0xB4D8, 0xFAAC, 0x07F3, 0x25CF, 0xAFCA, 0x8EF4, 0xE947, 0x1810,
455 0xD56F, 0x88F0, 0x6F4A, 0x725C, 0x2438, 0xF157, 0xC773, 0x5197,
456 0x23CB, 0x7CA1, 0x9CE8, 0x213E, 0xDD96, 0xDC61, 0x860D, 0x850F,
457 0x90E0, 0x427C, 0xC471, 0xAACC, 0xD890, 0x0506, 0x01F7, 0x121C,
458 0xA3C2, 0x5F6A, 0xF9AE, 0xD069, 0x9117, 0x5899, 0x273A, 0xB927,
459 0x38D9, 0x13EB, 0xB32B, 0x3322, 0xBBD2, 0x70A9, 0x8907, 0xA733,
460 0xB62D, 0x223C, 0x9215, 0x20C9, 0x4987, 0xFFAA, 0x7850, 0x7AA5,
461 0x8F03, 0xF859, 0x8009, 0x171A, 0xDA65, 0x31D7, 0xC684, 0xB8D0,
462 0xC382, 0xB029, 0x775A, 0x111E, 0xCB7B, 0xFCA8, 0xD66D, 0x3A2C,
463 }
464 };
465
466 /**
467 * phase1() - generate P1K, given TA, TK, IV32
468 * @tk[]: temporal key [128 bits]
469 * @ta[]: transmitter's MAC address [ 48 bits]
470 * @iv32: upper 32 bits of IV [ 32 bits]
471 *
472 * This function only needs to be called every 2**16 packets,
473 * although in theory it could be called every packet.
474 *
475 * Return: p1k[] - Phase 1 key [ 80 bits]
476 */
phase1(u16 * p1k,const u8 * tk,const u8 * ta,u32 iv32)477 static void phase1(u16 *p1k, const u8 *tk, const u8 *ta, u32 iv32)
478 {
479 int i;
480 /* Initialize the 80 bits of P1K[] from IV32 and TA[0..5] */
481 p1k[0] = Lo16(iv32);
482 p1k[1] = Hi16(iv32);
483 p1k[2] = Mk16(ta[1], ta[0]); /* use TA[] as little-endian */
484 p1k[3] = Mk16(ta[3], ta[2]);
485 p1k[4] = Mk16(ta[5], ta[4]);
486
487 /* Now compute an unbalanced Feistel cipher with 80-bit block */
488 /* size on the 80-bit block P1K[], using the 128-bit key TK[] */
489 for (i = 0; i < PHASE1_LOOP_CNT; i++) { /* Each add operation here is mod 2**16 */
490 p1k[0] += _S_(p1k[4] ^ TK16((i & 1) + 0));
491 p1k[1] += _S_(p1k[0] ^ TK16((i & 1) + 2));
492 p1k[2] += _S_(p1k[1] ^ TK16((i & 1) + 4));
493 p1k[3] += _S_(p1k[2] ^ TK16((i & 1) + 6));
494 p1k[4] += _S_(p1k[3] ^ TK16((i & 1) + 0));
495 p1k[4] += (unsigned short)i; /* avoid "slide attacks" */
496 }
497 }
498
499 /**
500 * phase2() - generate RC4KEY, given TK, P1K, IV16
501 * @tk[]: Temporal key [128 bits]
502 * @p1k[]: Phase 1 output key [ 80 bits]
503 * @iv16: low 16 bits of IV counter [ 16 bits]
504 *
505 * The value {TA, IV32, IV16} for Phase1/Phase2 must be unique
506 * across all packets using the same key TK value. Then, for a
507 * given value of TK[], this TKIP48 construction guarantees that
508 * the final RC4KEY value is unique across all packets.
509 *
510 * Suggested implementation optimization: if PPK[] is "overlaid"
511 * appropriately on RC4KEY[], there is no need for the final
512 * for loop below that copies the PPK[] result into RC4KEY[].
513 *
514 * Return: rc4key[] - the key used to encrypt the packet [128 bits]
515 */
phase2(u8 * rc4key,const u8 * tk,const u16 * p1k,u16 iv16)516 static void phase2(u8 *rc4key, const u8 *tk, const u16 *p1k, u16 iv16)
517 {
518 int i;
519 u16 PPK[6]; /* temporary key for mixing */
520 /* Note: all adds in the PPK[] equations below are mod 2**16 */
521 for (i = 0; i < 5; i++)
522 PPK[i] = p1k[i]; /* first, copy P1K to PPK */
523 PPK[5] = p1k[4] + iv16; /* next, add in IV16 */
524
525 /* Bijective non-linear mixing of the 96 bits of PPK[0..5] */
526 PPK[0] += _S_(PPK[5] ^ TK16(0)); /* Mix key in each "round" */
527 PPK[1] += _S_(PPK[0] ^ TK16(1));
528 PPK[2] += _S_(PPK[1] ^ TK16(2));
529 PPK[3] += _S_(PPK[2] ^ TK16(3));
530 PPK[4] += _S_(PPK[3] ^ TK16(4));
531 PPK[5] += _S_(PPK[4] ^ TK16(5)); /* Total # S-box lookups == 6 */
532
533 /* Final sweep: bijective, "linear". Rotates kill LSB correlations */
534 PPK[0] += RotR1(PPK[5] ^ TK16(6));
535 PPK[1] += RotR1(PPK[0] ^ TK16(7)); /* Use all of TK[] in Phase2 */
536 PPK[2] += RotR1(PPK[1]);
537 PPK[3] += RotR1(PPK[2]);
538 PPK[4] += RotR1(PPK[3]);
539 PPK[5] += RotR1(PPK[4]);
540 /* Note: At this point, for a given key TK[0..15], the 96-bit output */
541 /* value PPK[0..5] is guaranteed to be unique, as a function */
542 /* of the 96-bit "input" value {TA, IV32, IV16}. That is, P1K */
543 /* is now a keyed permutation of {TA, IV32, IV16}. */
544
545 /* Set RC4KEY[0..3], which includes "cleartext" portion of RC4 key */
546 rc4key[0] = Hi8(iv16); /* RC4KEY[0..2] is the WEP IV */
547 rc4key[1] = (Hi8(iv16) | 0x20) & 0x7F; /* Help avoid weak (FMS) keys */
548 rc4key[2] = Lo8(iv16);
549 rc4key[3] = Lo8((PPK[5] ^ TK16(0)) >> 1);
550
551 /* Copy 96 bits of PPK[0..5] to RC4KEY[4..15] (little-endian) */
552 for (i = 0; i < 6; i++) {
553 rc4key[4 + 2 * i] = Lo8(PPK[i]);
554 rc4key[5 + 2 * i] = Hi8(PPK[i]);
555 }
556 }
557
558 /* The hlen isn't include the IV */
rtw_tkip_encrypt(struct adapter * padapter,struct xmit_frame * pxmitframe)559 u32 rtw_tkip_encrypt(struct adapter *padapter, struct xmit_frame *pxmitframe)
560 { /* exclude ICV */
561 u16 pnl;
562 u32 pnh;
563 u8 rc4key[16];
564 u8 ttkey[16];
565 u8 crc[4];
566 u8 hw_hdr_offset = 0;
567 struct arc4context mycontext;
568 int curfragnum, length;
569
570 u8 *pframe, *payload, *iv, *prwskey;
571 union pn48 dot11txpn;
572 struct sta_info *stainfo;
573 struct pkt_attrib *pattrib = &pxmitframe->attrib;
574 struct security_priv *psecuritypriv = &padapter->securitypriv;
575 struct xmit_priv *pxmitpriv = &padapter->xmitpriv;
576 u32 res = _SUCCESS;
577
578 if (!pxmitframe->buf_addr)
579 return _FAIL;
580
581 hw_hdr_offset = TXDESC_SIZE +
582 (pxmitframe->pkt_offset * PACKET_OFFSET_SZ);
583 pframe = pxmitframe->buf_addr + hw_hdr_offset;
584 /* 4 start to encrypt each fragment */
585 if (pattrib->encrypt == _TKIP_) {
586 if (pattrib->psta)
587 stainfo = pattrib->psta;
588 else
589 stainfo = rtw_get_stainfo(&padapter->stapriv, &pattrib->ra[0]);
590
591 if (stainfo) {
592 RT_TRACE(_module_rtl871x_security_c_, _drv_err_, ("%s: stainfo!= NULL!!!\n", __func__));
593
594 if (is_multicast_ether_addr(pattrib->ra))
595 prwskey = psecuritypriv->dot118021XGrpKey[psecuritypriv->dot118021XGrpKeyid].skey;
596 else
597 prwskey = &stainfo->dot118021x_UncstKey.skey[0];
598
599 for (curfragnum = 0; curfragnum < pattrib->nr_frags; curfragnum++) {
600 iv = pframe + pattrib->hdrlen;
601 payload = pframe + pattrib->iv_len + pattrib->hdrlen;
602
603 GET_TKIP_PN(iv, dot11txpn);
604
605 pnl = (u16)(dot11txpn.val);
606 pnh = (u32)(dot11txpn.val >> 16);
607 phase1((u16 *)&ttkey[0], prwskey, &pattrib->ta[0], pnh);
608 phase2(&rc4key[0], prwskey, (u16 *)&ttkey[0], pnl);
609
610 if ((curfragnum + 1) == pattrib->nr_frags) { /* 4 the last fragment */
611 length = pattrib->last_txcmdsz - pattrib->hdrlen - pattrib->iv_len - pattrib->icv_len;
612 RT_TRACE(_module_rtl871x_security_c_, _drv_info_,
613 ("pattrib->iv_len=%x, pattrib->icv_len=%x\n",
614 pattrib->iv_len, pattrib->icv_len));
615 *((__le32 *)crc) = getcrc32(payload, length);/* modified by Amy*/
616
617 arcfour_init(&mycontext, rc4key, 16);
618 arcfour_encrypt(&mycontext, payload, payload, length);
619 arcfour_encrypt(&mycontext, payload + length, crc, 4);
620 } else {
621 length = pxmitpriv->frag_len - pattrib->hdrlen - pattrib->iv_len - pattrib->icv_len;
622 *((__le32 *)crc) = getcrc32(payload, length);/* modified by Amy*/
623 arcfour_init(&mycontext, rc4key, 16);
624 arcfour_encrypt(&mycontext, payload, payload, length);
625 arcfour_encrypt(&mycontext, payload + length, crc, 4);
626
627 pframe += pxmitpriv->frag_len;
628 pframe = (u8 *)round_up((size_t)(pframe), 4);
629 }
630 }
631 } else {
632 RT_TRACE(_module_rtl871x_security_c_, _drv_err_, ("%s: stainfo==NULL!!!\n", __func__));
633 res = _FAIL;
634 }
635 }
636 return res;
637 }
638
639 /* The hlen isn't include the IV */
rtw_tkip_decrypt(struct adapter * padapter,struct recv_frame * precvframe)640 u32 rtw_tkip_decrypt(struct adapter *padapter, struct recv_frame *precvframe)
641 { /* exclude ICV */
642 u16 pnl;
643 u32 pnh;
644 u8 rc4key[16];
645 u8 ttkey[16];
646 u8 crc[4];
647 struct arc4context mycontext;
648 int length;
649 u8 *pframe, *payload, *iv, *prwskey;
650 union pn48 dot11txpn;
651 struct sta_info *stainfo;
652 struct rx_pkt_attrib *prxattrib = &precvframe->attrib;
653 struct security_priv *psecuritypriv = &padapter->securitypriv;
654 u32 res = _SUCCESS;
655
656 pframe = (unsigned char *)precvframe->pkt->data;
657
658 /* 4 start to decrypt recvframe */
659 if (prxattrib->encrypt == _TKIP_) {
660 stainfo = rtw_get_stainfo(&padapter->stapriv, &prxattrib->ta[0]);
661 if (stainfo) {
662 if (is_multicast_ether_addr(prxattrib->ra)) {
663 if (!psecuritypriv->binstallGrpkey) {
664 res = _FAIL;
665 DBG_88E("%s:rx bc/mc packets, but didn't install group key!!!!!!!!!!\n", __func__);
666 goto exit;
667 }
668 prwskey = psecuritypriv->dot118021XGrpKey[prxattrib->key_index].skey;
669 } else {
670 RT_TRACE(_module_rtl871x_security_c_, _drv_err_, ("%s: stainfo!= NULL!!!\n", __func__));
671 prwskey = &stainfo->dot118021x_UncstKey.skey[0];
672 }
673
674 iv = pframe + prxattrib->hdrlen;
675 payload = pframe + prxattrib->iv_len + prxattrib->hdrlen;
676 length = precvframe->pkt->len - prxattrib->hdrlen - prxattrib->iv_len;
677
678 GET_TKIP_PN(iv, dot11txpn);
679
680 pnl = (u16)(dot11txpn.val);
681 pnh = (u32)(dot11txpn.val >> 16);
682
683 phase1((u16 *)&ttkey[0], prwskey, &prxattrib->ta[0], pnh);
684 phase2(&rc4key[0], prwskey, (unsigned short *)&ttkey[0], pnl);
685
686 /* 4 decrypt payload include icv */
687
688 arcfour_init(&mycontext, rc4key, 16);
689 arcfour_encrypt(&mycontext, payload, payload, length);
690
691 *((__le32 *)crc) = getcrc32(payload, length - 4);
692
693 if (crc[3] != payload[length - 1] ||
694 crc[2] != payload[length - 2] ||
695 crc[1] != payload[length - 3] ||
696 crc[0] != payload[length - 4]) {
697 RT_TRACE(_module_rtl871x_security_c_, _drv_err_,
698 ("rtw_wep_decrypt:icv error crc (%4ph)!=payload (%4ph)\n",
699 &crc, &payload[length - 4]));
700 res = _FAIL;
701 }
702 } else {
703 RT_TRACE(_module_rtl871x_security_c_, _drv_err_, ("%s: stainfo==NULL!!!\n", __func__));
704 res = _FAIL;
705 }
706 }
707 exit:
708 return res;
709 }
710
rtw_aes_encrypt(struct adapter * padapter,struct xmit_frame * pxmitframe)711 u32 rtw_aes_encrypt(struct adapter *padapter, struct xmit_frame *pxmitframe)
712 {
713 int curfragnum, length;
714 u8 *pframe; /* *payload,*iv */
715 u8 hw_hdr_offset = 0;
716 struct sta_info *stainfo;
717 struct pkt_attrib *pattrib = &pxmitframe->attrib;
718 struct security_priv *psecuritypriv = &padapter->securitypriv;
719 struct xmit_priv *pxmitpriv = &padapter->xmitpriv;
720 u32 res = _SUCCESS;
721 void *crypto_private;
722 struct sk_buff *skb;
723 struct lib80211_crypto_ops *crypto_ops;
724 const int key_idx = is_multicast_ether_addr(pattrib->ra) ? psecuritypriv->dot118021XGrpKeyid : 0;
725 const int key_length = 16;
726 u8 *key;
727
728 if (!pxmitframe->buf_addr)
729 return _FAIL;
730
731 hw_hdr_offset = TXDESC_SIZE +
732 (pxmitframe->pkt_offset * PACKET_OFFSET_SZ);
733
734 pframe = pxmitframe->buf_addr + hw_hdr_offset;
735
736 /* 4 start to encrypt each fragment */
737 if (pattrib->encrypt != _AES_)
738 return res;
739
740 if (pattrib->psta)
741 stainfo = pattrib->psta;
742 else
743 stainfo = rtw_get_stainfo(&padapter->stapriv, &pattrib->ra[0]);
744
745 if (!stainfo) {
746 RT_TRACE(_module_rtl871x_security_c_, _drv_err_, ("%s: stainfo==NULL!!!\n", __func__));
747 return _FAIL;
748 }
749
750 crypto_ops = lib80211_get_crypto_ops("CCMP");
751
752 if (is_multicast_ether_addr(pattrib->ra))
753 key = psecuritypriv->dot118021XGrpKey[key_idx].skey;
754 else
755 key = stainfo->dot118021x_UncstKey.skey;
756
757 if (!crypto_ops) {
758 res = _FAIL;
759 goto exit;
760 }
761
762 crypto_private = crypto_ops->init(key_idx);
763 if (!crypto_private) {
764 res = _FAIL;
765 goto exit;
766 }
767
768 if (crypto_ops->set_key(key, key_length, NULL, crypto_private) < 0) {
769 res = _FAIL;
770 goto exit_crypto_ops_deinit;
771 }
772
773 RT_TRACE(_module_rtl871x_security_c_, _drv_err_, ("%s: stainfo!= NULL!!!\n", __func__));
774
775 for (curfragnum = 0; curfragnum < pattrib->nr_frags; curfragnum++) {
776 if (curfragnum + 1 == pattrib->nr_frags)
777 length = pattrib->last_txcmdsz;
778 else
779 length = pxmitpriv->frag_len;
780
781 skb = dev_alloc_skb(length);
782 if (!skb) {
783 res = _FAIL;
784 goto exit_crypto_ops_deinit;
785 }
786
787 skb_put_data(skb, pframe, length);
788
789 memmove(skb->data + pattrib->iv_len, skb->data, pattrib->hdrlen);
790 skb_pull(skb, pattrib->iv_len);
791 skb_trim(skb, skb->len - pattrib->icv_len);
792
793 if (crypto_ops->encrypt_mpdu(skb, pattrib->hdrlen, crypto_private)) {
794 kfree_skb(skb);
795 res = _FAIL;
796 goto exit_crypto_ops_deinit;
797 }
798
799 memcpy(pframe, skb->data, skb->len);
800
801 pframe += skb->len;
802 pframe = (u8 *)round_up((size_t)(pframe), 8);
803
804 kfree_skb(skb);
805 }
806
807 exit_crypto_ops_deinit:
808 crypto_ops->deinit(crypto_private);
809
810 exit:
811 return res;
812 }
813
rtw_aes_decrypt(struct adapter * padapter,struct recv_frame * precvframe)814 u32 rtw_aes_decrypt(struct adapter *padapter, struct recv_frame *precvframe)
815 {
816 struct rx_pkt_attrib *prxattrib = &precvframe->attrib;
817 u32 res = _SUCCESS;
818
819 /* 4 start to encrypt each fragment */
820 if (prxattrib->encrypt == _AES_) {
821 struct sta_info *stainfo = rtw_get_stainfo(&padapter->stapriv, &prxattrib->ta[0]);
822
823 if (stainfo) {
824 int key_idx;
825 const int key_length = 16, iv_len = 8, icv_len = 8;
826 struct sk_buff *skb = precvframe->pkt;
827 void *crypto_private = NULL;
828 u8 *key, *pframe = skb->data;
829 struct lib80211_crypto_ops *crypto_ops = lib80211_get_crypto_ops("CCMP");
830 struct security_priv *psecuritypriv = &padapter->securitypriv;
831 char iv[8], icv[8];
832
833 if (is_multicast_ether_addr(prxattrib->ra)) {
834 /* in concurrent we should use sw descrypt in group key, so we remove this message */
835 if (!psecuritypriv->binstallGrpkey) {
836 res = _FAIL;
837 DBG_88E("%s:rx bc/mc packets, but didn't install group key!!!!!!!!!!\n", __func__);
838 goto exit;
839 }
840 key_idx = psecuritypriv->dot118021XGrpKeyid;
841 key = psecuritypriv->dot118021XGrpKey[key_idx].skey;
842 } else {
843 key_idx = 0;
844 key = stainfo->dot118021x_UncstKey.skey;
845 }
846
847 if (!crypto_ops) {
848 res = _FAIL;
849 goto exit_lib80211_ccmp;
850 }
851
852 memcpy(iv, pframe + prxattrib->hdrlen, iv_len);
853 memcpy(icv, pframe + skb->len - icv_len, icv_len);
854
855 crypto_private = crypto_ops->init(key_idx);
856 if (!crypto_private) {
857 res = _FAIL;
858 goto exit_lib80211_ccmp;
859 }
860 if (crypto_ops->set_key(key, key_length, NULL, crypto_private) < 0) {
861 res = _FAIL;
862 goto exit_lib80211_ccmp;
863 }
864 if (crypto_ops->decrypt_mpdu(skb, prxattrib->hdrlen, crypto_private)) {
865 res = _FAIL;
866 goto exit_lib80211_ccmp;
867 }
868
869 memmove(pframe, pframe + iv_len, prxattrib->hdrlen);
870 skb_push(skb, iv_len);
871 skb_put(skb, icv_len);
872
873 memcpy(pframe + prxattrib->hdrlen, iv, iv_len);
874 memcpy(pframe + skb->len - icv_len, icv, icv_len);
875
876 exit_lib80211_ccmp:
877 if (crypto_ops && crypto_private)
878 crypto_ops->deinit(crypto_private);
879 } else {
880 RT_TRACE(_module_rtl871x_security_c_, _drv_err_, ("rtw_aes_encrypt: stainfo==NULL!!!\n"));
881 res = _FAIL;
882 }
883 }
884 exit:
885 return res;
886 }
887