1 /****************************************************************************** 2 * rtl871x_security.c 3 * 4 * Copyright(c) 2007 - 2010 Realtek Corporation. All rights reserved. 5 * Linux device driver for RTL8192SU 6 * 7 * This program is free software; you can redistribute it and/or modify it 8 * under the terms of version 2 of the GNU General Public License as 9 * published by the Free Software Foundation. 10 * 11 * This program is distributed in the hope that it will be useful, but WITHOUT 12 * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or 13 * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for 14 * more details. 15 * 16 * You should have received a copy of the GNU General Public License along with 17 * this program; if not, write to the Free Software Foundation, Inc., 18 * 51 Franklin Street, Fifth Floor, Boston, MA 02110, USA 19 * 20 * Modifications for inclusion into the Linux staging tree are 21 * Copyright(c) 2010 Larry Finger. All rights reserved. 22 * 23 * Contact information: 24 * WLAN FAE <wlanfae@realtek.com> 25 * Larry Finger <Larry.Finger@lwfinger.net> 26 * 27 ******************************************************************************/ 28 29 #define _RTL871X_SECURITY_C_ 30 31 #include <linux/compiler.h> 32 #include <linux/kernel.h> 33 #include <linux/errno.h> 34 #include <linux/init.h> 35 #include <linux/slab.h> 36 #include <linux/module.h> 37 #include <linux/kref.h> 38 #include <linux/netdevice.h> 39 #include <linux/skbuff.h> 40 #include <linux/circ_buf.h> 41 #include <linux/uaccess.h> 42 #include <asm/byteorder.h> 43 #include <linux/atomic.h> 44 #include <linux/semaphore.h> 45 46 #include "osdep_service.h" 47 #include "drv_types.h" 48 #include "wifi.h" 49 #include "osdep_intf.h" 50 51 /* =====WEP related===== */ 52 53 #define CRC32_POLY 0x04c11db7 54 55 struct arc4context { 56 u32 x; 57 u32 y; 58 u8 state[256]; 59 }; 60 61 static void arcfour_init(struct arc4context *parc4ctx, u8 *key, u32 key_len) 62 { 63 u32 t, u; 64 u32 keyindex; 65 u32 stateindex; 66 u8 *state; 67 u32 counter; 68 69 state = parc4ctx->state; 70 parc4ctx->x = 0; 71 parc4ctx->y = 0; 72 for (counter = 0; counter < 256; counter++) 73 state[counter] = (u8)counter; 74 keyindex = 0; 75 stateindex = 0; 76 for (counter = 0; counter < 256; counter++) { 77 t = state[counter]; 78 stateindex = (stateindex + key[keyindex] + t) & 0xff; 79 u = state[stateindex]; 80 state[stateindex] = (u8)t; 81 state[counter] = (u8)u; 82 if (++keyindex >= key_len) 83 keyindex = 0; 84 } 85 } 86 87 static u32 arcfour_byte(struct arc4context *parc4ctx) 88 { 89 u32 x; 90 u32 y; 91 u32 sx, sy; 92 u8 *state; 93 94 state = parc4ctx->state; 95 x = (parc4ctx->x + 1) & 0xff; 96 sx = state[x]; 97 y = (sx + parc4ctx->y) & 0xff; 98 sy = state[y]; 99 parc4ctx->x = x; 100 parc4ctx->y = y; 101 state[y] = (u8)sx; 102 state[x] = (u8)sy; 103 return state[(sx + sy) & 0xff]; 104 } 105 106 static void arcfour_encrypt(struct arc4context *parc4ctx, 107 u8 *dest, u8 *src, u32 len) 108 { 109 u32 i; 110 111 for (i = 0; i < len; i++) 112 dest[i] = src[i] ^ (unsigned char)arcfour_byte(parc4ctx); 113 } 114 115 static sint bcrc32initialized; 116 static u32 crc32_table[256]; 117 118 static u8 crc32_reverseBit(u8 data) 119 { 120 return ((u8)(data << 7) & 0x80) | ((data << 5) & 0x40) | ((data << 3) 121 & 0x20) | ((data << 1) & 0x10) | ((data >> 1) & 0x08) | 122 ((data >> 3) & 0x04) | ((data >> 5) & 0x02) | ((data >> 7) & 123 0x01); 124 } 125 126 static void crc32_init(void) 127 { 128 if (bcrc32initialized == 1) 129 return; 130 else { 131 sint i, j; 132 u32 c; 133 u8 *p = (u8 *)&c, *p1; 134 u8 k; 135 136 c = 0x12340000; 137 for (i = 0; i < 256; ++i) { 138 k = crc32_reverseBit((u8)i); 139 for (c = ((u32)k) << 24, j = 8; j > 0; --j) 140 c = c & 0x80000000 ? (c << 1) ^ CRC32_POLY : 141 (c << 1); 142 p1 = (u8 *)&crc32_table[i]; 143 p1[0] = crc32_reverseBit(p[3]); 144 p1[1] = crc32_reverseBit(p[2]); 145 p1[2] = crc32_reverseBit(p[1]); 146 p1[3] = crc32_reverseBit(p[0]); 147 } 148 bcrc32initialized = 1; 149 } 150 } 151 152 static u32 getcrc32(u8 *buf, u32 len) 153 { 154 u8 *p; 155 u32 crc; 156 157 if (bcrc32initialized == 0) 158 crc32_init(); 159 crc = 0xffffffff; /* preload shift register, per CRC-32 spec */ 160 for (p = buf; len > 0; ++p, --len) 161 crc = crc32_table[(crc ^ *p) & 0xff] ^ (crc >> 8); 162 return ~crc; /* transmit complement, per CRC-32 spec */ 163 } 164 165 /* 166 Need to consider the fragment situation 167 */ 168 void r8712_wep_encrypt(struct _adapter *padapter, u8 *pxmitframe) 169 { /* exclude ICV */ 170 unsigned char crc[4]; 171 struct arc4context mycontext; 172 u32 curfragnum, length, keylength; 173 u8 *pframe, *payload, *iv; /*,*wepkey*/ 174 u8 wepkey[16]; 175 struct pkt_attrib *pattrib = &((struct xmit_frame *) 176 pxmitframe)->attrib; 177 struct security_priv *psecuritypriv = &padapter->securitypriv; 178 struct xmit_priv *pxmitpriv = &padapter->xmitpriv; 179 180 if (((struct xmit_frame *)pxmitframe)->buf_addr == NULL) 181 return; 182 pframe = ((struct xmit_frame *)pxmitframe)->buf_addr+TXDESC_OFFSET; 183 /*start to encrypt each fragment*/ 184 if ((pattrib->encrypt == _WEP40_) || (pattrib->encrypt == _WEP104_)) { 185 keylength = psecuritypriv->DefKeylen[psecuritypriv-> 186 PrivacyKeyIndex]; 187 for (curfragnum = 0; curfragnum < pattrib->nr_frags; 188 curfragnum++) { 189 iv = pframe+pattrib->hdrlen; 190 memcpy(&wepkey[0], iv, 3); 191 memcpy(&wepkey[3], &psecuritypriv->DefKey[ 192 psecuritypriv->PrivacyKeyIndex].skey[0], 193 keylength); 194 payload = pframe+pattrib->iv_len+pattrib->hdrlen; 195 if ((curfragnum + 1) == pattrib->nr_frags) { 196 length = pattrib->last_txcmdsz-pattrib-> 197 hdrlen-pattrib->iv_len - 198 pattrib->icv_len; 199 *((u32 *)crc) = cpu_to_le32(getcrc32( 200 payload, length)); 201 arcfour_init(&mycontext, wepkey, 3 + keylength); 202 arcfour_encrypt(&mycontext, payload, payload, 203 length); 204 arcfour_encrypt(&mycontext, payload + length, 205 crc, 4); 206 } else { 207 length = pxmitpriv->frag_len-pattrib->hdrlen - 208 pattrib->iv_len-pattrib->icv_len; 209 *((u32 *)crc) = cpu_to_le32(getcrc32( 210 payload, length)); 211 arcfour_init(&mycontext, wepkey, 3 + keylength); 212 arcfour_encrypt(&mycontext, payload, payload, 213 length); 214 arcfour_encrypt(&mycontext, payload+length, 215 crc, 4); 216 pframe += pxmitpriv->frag_len; 217 pframe = (u8 *)RND4((addr_t)(pframe)); 218 } 219 } 220 } 221 } 222 223 void r8712_wep_decrypt(struct _adapter *padapter, u8 *precvframe) 224 { 225 /* exclude ICV */ 226 u8 crc[4]; 227 struct arc4context mycontext; 228 u32 length, keylength; 229 u8 *pframe, *payload, *iv, wepkey[16]; 230 u8 keyindex; 231 struct rx_pkt_attrib *prxattrib = &(((union recv_frame *) 232 precvframe)->u.hdr.attrib); 233 struct security_priv *psecuritypriv = &padapter->securitypriv; 234 235 pframe = (unsigned char *)((union recv_frame *)precvframe)-> 236 u.hdr.rx_data; 237 /* start to decrypt recvframe */ 238 if ((prxattrib->encrypt == _WEP40_) || (prxattrib->encrypt == 239 _WEP104_)) { 240 iv = pframe + prxattrib->hdrlen; 241 keyindex = (iv[3] & 0x3); 242 keylength = psecuritypriv->DefKeylen[keyindex]; 243 memcpy(&wepkey[0], iv, 3); 244 memcpy(&wepkey[3], &psecuritypriv->DefKey[ 245 psecuritypriv->PrivacyKeyIndex].skey[0], 246 keylength); 247 length = ((union recv_frame *)precvframe)-> 248 u.hdr.len-prxattrib->hdrlen-prxattrib->iv_len; 249 payload = pframe+prxattrib->iv_len+prxattrib->hdrlen; 250 /* decrypt payload include icv */ 251 arcfour_init(&mycontext, wepkey, 3 + keylength); 252 arcfour_encrypt(&mycontext, payload, payload, length); 253 /* calculate icv and compare the icv */ 254 *((u32 *)crc) = cpu_to_le32(getcrc32(payload, length - 4)); 255 } 256 return; 257 } 258 259 /* 3 =====TKIP related===== */ 260 261 static u32 secmicgetuint32(u8 *p) 262 /* Convert from Byte[] to Us4Byte32 in a portable way */ 263 { 264 s32 i; 265 u32 res = 0; 266 267 for (i = 0; i < 4; i++) 268 res |= ((u32)(*p++)) << (8 * i); 269 return res; 270 } 271 272 static void secmicputuint32(u8 *p, u32 val) 273 /* Convert from Us4Byte32 to Byte[] in a portable way */ 274 { 275 long i; 276 for (i = 0; i < 4; i++) { 277 *p++ = (u8) (val & 0xff); 278 val >>= 8; 279 } 280 } 281 282 static void secmicclear(struct mic_data *pmicdata) 283 { 284 /* Reset the state to the empty message. */ 285 pmicdata->L = pmicdata->K0; 286 pmicdata->R = pmicdata->K1; 287 pmicdata->nBytesInM = 0; 288 pmicdata->M = 0; 289 } 290 291 void r8712_secmicsetkey(struct mic_data *pmicdata, u8 *key) 292 { 293 /* Set the key */ 294 pmicdata->K0 = secmicgetuint32(key); 295 pmicdata->K1 = secmicgetuint32(key + 4); 296 /* and reset the message */ 297 secmicclear(pmicdata); 298 } 299 300 static void secmicappendbyte(struct mic_data *pmicdata, u8 b) 301 { 302 /* Append the byte to our word-sized buffer */ 303 pmicdata->M |= ((u32)b) << (8 * pmicdata->nBytesInM); 304 pmicdata->nBytesInM++; 305 /* Process the word if it is full. */ 306 if (pmicdata->nBytesInM >= 4) { 307 pmicdata->L ^= pmicdata->M; 308 pmicdata->R ^= ROL32(pmicdata->L, 17); 309 pmicdata->L += pmicdata->R; 310 pmicdata->R ^= ((pmicdata->L & 0xff00ff00) >> 8) | 311 ((pmicdata->L & 0x00ff00ff) << 8); 312 pmicdata->L += pmicdata->R; 313 pmicdata->R ^= ROL32(pmicdata->L, 3); 314 pmicdata->L += pmicdata->R; 315 pmicdata->R ^= ROR32(pmicdata->L, 2); 316 pmicdata->L += pmicdata->R; 317 /* Clear the buffer */ 318 pmicdata->M = 0; 319 pmicdata->nBytesInM = 0; 320 } 321 } 322 323 void r8712_secmicappend(struct mic_data *pmicdata, u8 *src, u32 nbytes) 324 { 325 /* This is simple */ 326 while (nbytes > 0) { 327 secmicappendbyte(pmicdata, *src++); 328 nbytes--; 329 } 330 } 331 332 void r8712_secgetmic(struct mic_data *pmicdata, u8 *dst) 333 { 334 /* Append the minimum padding */ 335 secmicappendbyte(pmicdata, 0x5a); 336 secmicappendbyte(pmicdata, 0); 337 secmicappendbyte(pmicdata, 0); 338 secmicappendbyte(pmicdata, 0); 339 secmicappendbyte(pmicdata, 0); 340 /* and then zeroes until the length is a multiple of 4 */ 341 while (pmicdata->nBytesInM != 0) 342 secmicappendbyte(pmicdata, 0); 343 /* The appendByte function has already computed the result. */ 344 secmicputuint32(dst, pmicdata->L); 345 secmicputuint32(dst + 4, pmicdata->R); 346 /* Reset to the empty message. */ 347 secmicclear(pmicdata); 348 } 349 350 void seccalctkipmic(u8 *key, u8 *header, u8 *data, u32 data_len, u8 *mic_code, 351 u8 pri) 352 { 353 354 struct mic_data micdata; 355 u8 priority[4] = {0x0, 0x0, 0x0, 0x0}; 356 357 r8712_secmicsetkey(&micdata, key); 358 priority[0] = pri; 359 /* Michael MIC pseudo header: DA, SA, 3 x 0, Priority */ 360 if (header[1] & 1) { /* ToDS==1 */ 361 r8712_secmicappend(&micdata, &header[16], 6); /* DA */ 362 if (header[1] & 2) /* From Ds==1 */ 363 r8712_secmicappend(&micdata, &header[24], 6); 364 else 365 r8712_secmicappend(&micdata, &header[10], 6); 366 } else { /* ToDS==0 */ 367 r8712_secmicappend(&micdata, &header[4], 6); /* DA */ 368 if (header[1] & 2) /* From Ds==1 */ 369 r8712_secmicappend(&micdata, &header[16], 6); 370 else 371 r8712_secmicappend(&micdata, &header[10], 6); 372 } 373 r8712_secmicappend(&micdata, &priority[0], 4); 374 r8712_secmicappend(&micdata, data, data_len); 375 r8712_secgetmic(&micdata, mic_code); 376 } 377 378 /* macros for extraction/creation of unsigned char/unsigned short values */ 379 #define RotR1(v16) ((((v16) >> 1) & 0x7FFF) ^ (((v16) & 1) << 15)) 380 #define Lo8(v16) ((u8)((v16) & 0x00FF)) 381 #define Hi8(v16) ((u8)(((v16) >> 8) & 0x00FF)) 382 #define Lo16(v32) ((u16)((v32) & 0xFFFF)) 383 #define Hi16(v32) ((u16)(((v32) >> 16) & 0xFFFF)) 384 #define Mk16(hi, lo) ((lo) ^ (((u16)(hi)) << 8)) 385 386 /* select the Nth 16-bit word of the temporal key unsigned char array TK[] */ 387 #define TK16(N) Mk16(tk[2 * (N) + 1], tk[2 * (N)]) 388 389 /* S-box lookup: 16 bits --> 16 bits */ 390 #define _S_(v16) (Sbox1[0][Lo8(v16)] ^ Sbox1[1][Hi8(v16)]) 391 392 /* fixed algorithm "parameters" */ 393 #define PHASE1_LOOP_CNT 8 /* this needs to be "big enough" */ 394 #define TA_SIZE 6 /* 48-bit transmitter address */ 395 #define TK_SIZE 16 /* 128-bit temporal key */ 396 #define P1K_SIZE 10 /* 80-bit Phase1 key */ 397 #define RC4_KEY_SIZE 16 /* 128-bit RC4KEY (104 bits unknown) */ 398 399 400 /* 2-unsigned char by 2-unsigned char subset of the full AES S-box table */ 401 static const unsigned short Sbox1[2][256] = {/* Sbox for hash (can be in ROM) */ 402 { 403 0xC6A5, 0xF884, 0xEE99, 0xF68D, 0xFF0D, 0xD6BD, 0xDEB1, 0x9154, 404 0x6050, 0x0203, 0xCEA9, 0x567D, 0xE719, 0xB562, 0x4DE6, 0xEC9A, 405 0x8F45, 0x1F9D, 0x8940, 0xFA87, 0xEF15, 0xB2EB, 0x8EC9, 0xFB0B, 406 0x41EC, 0xB367, 0x5FFD, 0x45EA, 0x23BF, 0x53F7, 0xE496, 0x9B5B, 407 0x75C2, 0xE11C, 0x3DAE, 0x4C6A, 0x6C5A, 0x7E41, 0xF502, 0x834F, 408 0x685C, 0x51F4, 0xD134, 0xF908, 0xE293, 0xAB73, 0x6253, 0x2A3F, 409 0x080C, 0x9552, 0x4665, 0x9D5E, 0x3028, 0x37A1, 0x0A0F, 0x2FB5, 410 0x0E09, 0x2436, 0x1B9B, 0xDF3D, 0xCD26, 0x4E69, 0x7FCD, 0xEA9F, 411 0x121B, 0x1D9E, 0x5874, 0x342E, 0x362D, 0xDCB2, 0xB4EE, 0x5BFB, 412 0xA4F6, 0x764D, 0xB761, 0x7DCE, 0x527B, 0xDD3E, 0x5E71, 0x1397, 413 0xA6F5, 0xB968, 0x0000, 0xC12C, 0x4060, 0xE31F, 0x79C8, 0xB6ED, 414 0xD4BE, 0x8D46, 0x67D9, 0x724B, 0x94DE, 0x98D4, 0xB0E8, 0x854A, 415 0xBB6B, 0xC52A, 0x4FE5, 0xED16, 0x86C5, 0x9AD7, 0x6655, 0x1194, 416 0x8ACF, 0xE910, 0x0406, 0xFE81, 0xA0F0, 0x7844, 0x25BA, 0x4BE3, 417 0xA2F3, 0x5DFE, 0x80C0, 0x058A, 0x3FAD, 0x21BC, 0x7048, 0xF104, 418 0x63DF, 0x77C1, 0xAF75, 0x4263, 0x2030, 0xE51A, 0xFD0E, 0xBF6D, 419 0x814C, 0x1814, 0x2635, 0xC32F, 0xBEE1, 0x35A2, 0x88CC, 0x2E39, 420 0x9357, 0x55F2, 0xFC82, 0x7A47, 0xC8AC, 0xBAE7, 0x322B, 0xE695, 421 0xC0A0, 0x1998, 0x9ED1, 0xA37F, 0x4466, 0x547E, 0x3BAB, 0x0B83, 422 0x8CCA, 0xC729, 0x6BD3, 0x283C, 0xA779, 0xBCE2, 0x161D, 0xAD76, 423 0xDB3B, 0x6456, 0x744E, 0x141E, 0x92DB, 0x0C0A, 0x486C, 0xB8E4, 424 0x9F5D, 0xBD6E, 0x43EF, 0xC4A6, 0x39A8, 0x31A4, 0xD337, 0xF28B, 425 0xD532, 0x8B43, 0x6E59, 0xDAB7, 0x018C, 0xB164, 0x9CD2, 0x49E0, 426 0xD8B4, 0xACFA, 0xF307, 0xCF25, 0xCAAF, 0xF48E, 0x47E9, 0x1018, 427 0x6FD5, 0xF088, 0x4A6F, 0x5C72, 0x3824, 0x57F1, 0x73C7, 0x9751, 428 0xCB23, 0xA17C, 0xE89C, 0x3E21, 0x96DD, 0x61DC, 0x0D86, 0x0F85, 429 0xE090, 0x7C42, 0x71C4, 0xCCAA, 0x90D8, 0x0605, 0xF701, 0x1C12, 430 0xC2A3, 0x6A5F, 0xAEF9, 0x69D0, 0x1791, 0x9958, 0x3A27, 0x27B9, 431 0xD938, 0xEB13, 0x2BB3, 0x2233, 0xD2BB, 0xA970, 0x0789, 0x33A7, 432 0x2DB6, 0x3C22, 0x1592, 0xC920, 0x8749, 0xAAFF, 0x5078, 0xA57A, 433 0x038F, 0x59F8, 0x0980, 0x1A17, 0x65DA, 0xD731, 0x84C6, 0xD0B8, 434 0x82C3, 0x29B0, 0x5A77, 0x1E11, 0x7BCB, 0xA8FC, 0x6DD6, 0x2C3A, 435 }, 436 { /* second half is unsigned char-reversed version of first! */ 437 0xA5C6, 0x84F8, 0x99EE, 0x8DF6, 0x0DFF, 0xBDD6, 0xB1DE, 0x5491, 438 0x5060, 0x0302, 0xA9CE, 0x7D56, 0x19E7, 0x62B5, 0xE64D, 0x9AEC, 439 0x458F, 0x9D1F, 0x4089, 0x87FA, 0x15EF, 0xEBB2, 0xC98E, 0x0BFB, 440 0xEC41, 0x67B3, 0xFD5F, 0xEA45, 0xBF23, 0xF753, 0x96E4, 0x5B9B, 441 0xC275, 0x1CE1, 0xAE3D, 0x6A4C, 0x5A6C, 0x417E, 0x02F5, 0x4F83, 442 0x5C68, 0xF451, 0x34D1, 0x08F9, 0x93E2, 0x73AB, 0x5362, 0x3F2A, 443 0x0C08, 0x5295, 0x6546, 0x5E9D, 0x2830, 0xA137, 0x0F0A, 0xB52F, 444 0x090E, 0x3624, 0x9B1B, 0x3DDF, 0x26CD, 0x694E, 0xCD7F, 0x9FEA, 445 0x1B12, 0x9E1D, 0x7458, 0x2E34, 0x2D36, 0xB2DC, 0xEEB4, 0xFB5B, 446 0xF6A4, 0x4D76, 0x61B7, 0xCE7D, 0x7B52, 0x3EDD, 0x715E, 0x9713, 447 0xF5A6, 0x68B9, 0x0000, 0x2CC1, 0x6040, 0x1FE3, 0xC879, 0xEDB6, 448 0xBED4, 0x468D, 0xD967, 0x4B72, 0xDE94, 0xD498, 0xE8B0, 0x4A85, 449 0x6BBB, 0x2AC5, 0xE54F, 0x16ED, 0xC586, 0xD79A, 0x5566, 0x9411, 450 0xCF8A, 0x10E9, 0x0604, 0x81FE, 0xF0A0, 0x4478, 0xBA25, 0xE34B, 451 0xF3A2, 0xFE5D, 0xC080, 0x8A05, 0xAD3F, 0xBC21, 0x4870, 0x04F1, 452 0xDF63, 0xC177, 0x75AF, 0x6342, 0x3020, 0x1AE5, 0x0EFD, 0x6DBF, 453 0x4C81, 0x1418, 0x3526, 0x2FC3, 0xE1BE, 0xA235, 0xCC88, 0x392E, 454 0x5793, 0xF255, 0x82FC, 0x477A, 0xACC8, 0xE7BA, 0x2B32, 0x95E6, 455 0xA0C0, 0x9819, 0xD19E, 0x7FA3, 0x6644, 0x7E54, 0xAB3B, 0x830B, 456 0xCA8C, 0x29C7, 0xD36B, 0x3C28, 0x79A7, 0xE2BC, 0x1D16, 0x76AD, 457 0x3BDB, 0x5664, 0x4E74, 0x1E14, 0xDB92, 0x0A0C, 0x6C48, 0xE4B8, 458 0x5D9F, 0x6EBD, 0xEF43, 0xA6C4, 0xA839, 0xA431, 0x37D3, 0x8BF2, 459 0x32D5, 0x438B, 0x596E, 0xB7DA, 0x8C01, 0x64B1, 0xD29C, 0xE049, 460 0xB4D8, 0xFAAC, 0x07F3, 0x25CF, 0xAFCA, 0x8EF4, 0xE947, 0x1810, 461 0xD56F, 0x88F0, 0x6F4A, 0x725C, 0x2438, 0xF157, 0xC773, 0x5197, 462 0x23CB, 0x7CA1, 0x9CE8, 0x213E, 0xDD96, 0xDC61, 0x860D, 0x850F, 463 0x90E0, 0x427C, 0xC471, 0xAACC, 0xD890, 0x0506, 0x01F7, 0x121C, 464 0xA3C2, 0x5F6A, 0xF9AE, 0xD069, 0x9117, 0x5899, 0x273A, 0xB927, 465 0x38D9, 0x13EB, 0xB32B, 0x3322, 0xBBD2, 0x70A9, 0x8907, 0xA733, 466 0xB62D, 0x223C, 0x9215, 0x20C9, 0x4987, 0xFFAA, 0x7850, 0x7AA5, 467 0x8F03, 0xF859, 0x8009, 0x171A, 0xDA65, 0x31D7, 0xC684, 0xB8D0, 468 0xC382, 0xB029, 0x775A, 0x111E, 0xCB7B, 0xFCA8, 0xD66D, 0x3A2C, 469 } 470 }; 471 472 /* 473 ********************************************************************** 474 * Routine: Phase 1 -- generate P1K, given TA, TK, IV32 475 * 476 * Inputs: 477 * tk[] = temporal key [128 bits] 478 * ta[] = transmitter's MAC address [ 48 bits] 479 * iv32 = upper 32 bits of IV [ 32 bits] 480 * Output: 481 * p1k[] = Phase 1 key [ 80 bits] 482 * 483 * Note: 484 * This function only needs to be called every 2**16 packets, 485 * although in theory it could be called every packet. 486 * 487 ********************************************************************** 488 */ 489 static void phase1(u16 *p1k, const u8 *tk, const u8 *ta, u32 iv32) 490 { 491 sint i; 492 493 /* Initialize the 80 bits of P1K[] from IV32 and TA[0..5] */ 494 p1k[0] = Lo16(iv32); 495 p1k[1] = Hi16(iv32); 496 p1k[2] = Mk16(ta[1], ta[0]); /* use TA[] as little-endian */ 497 p1k[3] = Mk16(ta[3], ta[2]); 498 p1k[4] = Mk16(ta[5], ta[4]); 499 /* Now compute an unbalanced Feistel cipher with 80-bit block */ 500 /* size on the 80-bit block P1K[], using the 128-bit key TK[] */ 501 for (i = 0; i < PHASE1_LOOP_CNT; i++) { /* Each add is mod 2**16 */ 502 p1k[0] += _S_(p1k[4] ^ TK16((i&1) + 0)); 503 p1k[1] += _S_(p1k[0] ^ TK16((i&1) + 2)); 504 p1k[2] += _S_(p1k[1] ^ TK16((i&1) + 4)); 505 p1k[3] += _S_(p1k[2] ^ TK16((i&1) + 6)); 506 p1k[4] += _S_(p1k[3] ^ TK16((i&1) + 0)); 507 p1k[4] += (unsigned short)i; /* avoid "slide attacks" */ 508 } 509 } 510 511 /* 512 ********************************************************************** 513 * Routine: Phase 2 -- generate RC4KEY, given TK, P1K, IV16 514 * 515 * Inputs: 516 * tk[] = Temporal key [128 bits] 517 * p1k[] = Phase 1 output key [ 80 bits] 518 * iv16 = low 16 bits of IV counter [ 16 bits] 519 * Output: 520 * rc4key[] = the key used to encrypt the packet [128 bits] 521 * 522 * Note: 523 * The value {TA,IV32,IV16} for Phase1/Phase2 must be unique 524 * across all packets using the same key TK value. Then, for a 525 * given value of TK[], this TKIP48 construction guarantees that 526 * the final RC4KEY value is unique across all packets. 527 * 528 * Suggested implementation optimization: if PPK[] is "overlaid" 529 * appropriately on RC4KEY[], there is no need for the final 530 * for loop below that copies the PPK[] result into RC4KEY[]. 531 * 532 ********************************************************************** 533 */ 534 static void phase2(u8 *rc4key, const u8 *tk, const u16 *p1k, u16 iv16) 535 { 536 sint i; 537 u16 PPK[6]; /* temporary key for mixing */ 538 539 /* Note: all adds in the PPK[] equations below are mod 2**16 */ 540 for (i = 0; i < 5; i++) 541 PPK[i] = p1k[i]; /* first, copy P1K to PPK */ 542 PPK[5] = p1k[4] + iv16; /* next, add in IV16 */ 543 /* Bijective non-linear mixing of the 96 bits of PPK[0..5] */ 544 PPK[0] += _S_(PPK[5] ^ TK16(0)); /* Mix key in each "round" */ 545 PPK[1] += _S_(PPK[0] ^ TK16(1)); 546 PPK[2] += _S_(PPK[1] ^ TK16(2)); 547 PPK[3] += _S_(PPK[2] ^ TK16(3)); 548 PPK[4] += _S_(PPK[3] ^ TK16(4)); 549 PPK[5] += _S_(PPK[4] ^ TK16(5)); /* Total # S-box lookups == 6 */ 550 /* Final sweep: bijective, "linear". Rotates kill LSB correlations */ 551 PPK[0] += RotR1(PPK[5] ^ TK16(6)); 552 PPK[1] += RotR1(PPK[0] ^ TK16(7)); /* Use all of TK[] in Phase2 */ 553 PPK[2] += RotR1(PPK[1]); 554 PPK[3] += RotR1(PPK[2]); 555 PPK[4] += RotR1(PPK[3]); 556 PPK[5] += RotR1(PPK[4]); 557 /* Note: At this point, for a given key TK[0..15], the 96-bit output */ 558 /* value PPK[0..5] is guaranteed to be unique, as a function */ 559 /* of the 96-bit "input" value {TA,IV32,IV16}. That is, P1K */ 560 /* is now a keyed permutation of {TA,IV32,IV16}. */ 561 /* Set RC4KEY[0..3], which includes "cleartext" portion of RC4 key */ 562 rc4key[0] = Hi8(iv16); /* RC4KEY[0..2] is the WEP IV */ 563 rc4key[1] = (Hi8(iv16) | 0x20) & 0x7F; /* Help avoid weak (FMS) keys */ 564 rc4key[2] = Lo8(iv16); 565 rc4key[3] = Lo8((PPK[5] ^ TK16(0)) >> 1); 566 /* Copy 96 bits of PPK[0..5] to RC4KEY[4..15] (little-endian) */ 567 for (i = 0; i < 6; i++) { 568 rc4key[4 + 2 * i] = Lo8(PPK[i]); 569 rc4key[5 + 2 * i] = Hi8(PPK[i]); 570 } 571 } 572 573 /*The hlen isn't include the IV*/ 574 u32 r8712_tkip_encrypt(struct _adapter *padapter, u8 *pxmitframe) 575 { /* exclude ICV */ 576 u16 pnl; 577 u32 pnh; 578 u8 rc4key[16]; 579 u8 ttkey[16]; 580 u8 crc[4]; 581 struct arc4context mycontext; 582 u32 curfragnum, length, prwskeylen; 583 584 u8 *pframe, *payload, *iv, *prwskey; 585 union pn48 txpn; 586 struct sta_info *stainfo; 587 struct pkt_attrib *pattrib = &((struct xmit_frame *)pxmitframe)->attrib; 588 struct xmit_priv *pxmitpriv = &padapter->xmitpriv; 589 u32 res = _SUCCESS; 590 591 if (((struct xmit_frame *)pxmitframe)->buf_addr == NULL) 592 return _FAIL; 593 594 pframe = ((struct xmit_frame *)pxmitframe)->buf_addr+TXDESC_OFFSET; 595 /* 4 start to encrypt each fragment */ 596 if (pattrib->encrypt == _TKIP_) { 597 if (pattrib->psta) 598 stainfo = pattrib->psta; 599 else 600 stainfo = r8712_get_stainfo(&padapter->stapriv, 601 &pattrib->ra[0]); 602 if (stainfo != NULL) { 603 prwskey = &stainfo->x_UncstKey.skey[0]; 604 prwskeylen = 16; 605 for (curfragnum = 0; curfragnum < pattrib->nr_frags; 606 curfragnum++) { 607 iv = pframe + pattrib->hdrlen; 608 payload = pframe+pattrib->iv_len + 609 pattrib->hdrlen; 610 GET_TKIP_PN(iv, txpn); 611 pnl = (u16)(txpn.val); 612 pnh = (u32)(txpn.val >> 16); 613 phase1((u16 *)&ttkey[0], prwskey, &pattrib-> 614 ta[0], pnh); 615 phase2(&rc4key[0], prwskey, (u16 *)&ttkey[0], 616 pnl); 617 if ((curfragnum + 1) == pattrib->nr_frags) { 618 /* 4 the last fragment */ 619 length = pattrib->last_txcmdsz - 620 pattrib->hdrlen-pattrib->iv_len - 621 pattrib->icv_len; 622 *((u32 *)crc) = cpu_to_le32( 623 getcrc32(payload, length)); 624 arcfour_init(&mycontext, rc4key, 16); 625 arcfour_encrypt(&mycontext, payload, 626 payload, length); 627 arcfour_encrypt(&mycontext, payload + 628 length, crc, 4); 629 } else { 630 length = pxmitpriv->frag_len-pattrib-> 631 hdrlen-pattrib-> 632 iv_len-pattrib->icv_len; 633 *((u32 *)crc) = cpu_to_le32(getcrc32( 634 payload, length)); 635 arcfour_init(&mycontext, rc4key, 16); 636 arcfour_encrypt(&mycontext, payload, 637 payload, length); 638 arcfour_encrypt(&mycontext, 639 payload+length, crc, 4); 640 pframe += pxmitpriv->frag_len; 641 pframe = (u8 *)RND4((addr_t)(pframe)); 642 } 643 } 644 } else 645 res = _FAIL; 646 } 647 return res; 648 } 649 650 /* The hlen doesn't include the IV */ 651 u32 r8712_tkip_decrypt(struct _adapter *padapter, u8 *precvframe) 652 { /* exclude ICV */ 653 u16 pnl; 654 u32 pnh; 655 u8 rc4key[16]; 656 u8 ttkey[16]; 657 u8 crc[4]; 658 struct arc4context mycontext; 659 u32 length, prwskeylen; 660 u8 *pframe, *payload, *iv, *prwskey, idx = 0; 661 union pn48 txpn; 662 struct sta_info *stainfo; 663 struct rx_pkt_attrib *prxattrib = &((union recv_frame *) 664 precvframe)->u.hdr.attrib; 665 struct security_priv *psecuritypriv = &padapter->securitypriv; 666 667 pframe = (unsigned char *)((union recv_frame *) 668 precvframe)->u.hdr.rx_data; 669 /* 4 start to decrypt recvframe */ 670 if (prxattrib->encrypt == _TKIP_) { 671 stainfo = r8712_get_stainfo(&padapter->stapriv, 672 &prxattrib->ta[0]); 673 if (stainfo != NULL) { 674 iv = pframe+prxattrib->hdrlen; 675 payload = pframe+prxattrib->iv_len + prxattrib->hdrlen; 676 length = ((union recv_frame *)precvframe)-> 677 u.hdr.len - prxattrib->hdrlen - 678 prxattrib->iv_len; 679 if (IS_MCAST(prxattrib->ra)) { 680 idx = iv[3]; 681 prwskey = &psecuritypriv->XGrpKey[ 682 ((idx >> 6) & 0x3) - 1].skey[0]; 683 if (psecuritypriv->binstallGrpkey == false) 684 return _FAIL; 685 } else 686 prwskey = &stainfo->x_UncstKey.skey[0]; 687 prwskeylen = 16; 688 GET_TKIP_PN(iv, txpn); 689 pnl = (u16)(txpn.val); 690 pnh = (u32)(txpn.val >> 16); 691 phase1((u16 *)&ttkey[0], prwskey, &prxattrib->ta[0], 692 pnh); 693 phase2(&rc4key[0], prwskey, (unsigned short *) 694 &ttkey[0], pnl); 695 /* 4 decrypt payload include icv */ 696 arcfour_init(&mycontext, rc4key, 16); 697 arcfour_encrypt(&mycontext, payload, payload, length); 698 *((u32 *)crc) = cpu_to_le32(getcrc32(payload, 699 length - 4)); 700 if (crc[3] != payload[length - 1] || 701 crc[2] != payload[length - 2] || 702 crc[1] != payload[length - 3] || 703 crc[0] != payload[length - 4]) 704 return _FAIL; 705 } else 706 return _FAIL; 707 } 708 return _SUCCESS; 709 } 710 711 /* 3 =====AES related===== */ 712 713 #define MAX_MSG_SIZE 2048 714 /*****************************/ 715 /******** SBOX Table *********/ 716 /*****************************/ 717 718 static const u8 sbox_table[256] = { 719 0x63, 0x7c, 0x77, 0x7b, 0xf2, 0x6b, 0x6f, 0xc5, 720 0x30, 0x01, 0x67, 0x2b, 0xfe, 0xd7, 0xab, 0x76, 721 0xca, 0x82, 0xc9, 0x7d, 0xfa, 0x59, 0x47, 0xf0, 722 0xad, 0xd4, 0xa2, 0xaf, 0x9c, 0xa4, 0x72, 0xc0, 723 0xb7, 0xfd, 0x93, 0x26, 0x36, 0x3f, 0xf7, 0xcc, 724 0x34, 0xa5, 0xe5, 0xf1, 0x71, 0xd8, 0x31, 0x15, 725 0x04, 0xc7, 0x23, 0xc3, 0x18, 0x96, 0x05, 0x9a, 726 0x07, 0x12, 0x80, 0xe2, 0xeb, 0x27, 0xb2, 0x75, 727 0x09, 0x83, 0x2c, 0x1a, 0x1b, 0x6e, 0x5a, 0xa0, 728 0x52, 0x3b, 0xd6, 0xb3, 0x29, 0xe3, 0x2f, 0x84, 729 0x53, 0xd1, 0x00, 0xed, 0x20, 0xfc, 0xb1, 0x5b, 730 0x6a, 0xcb, 0xbe, 0x39, 0x4a, 0x4c, 0x58, 0xcf, 731 0xd0, 0xef, 0xaa, 0xfb, 0x43, 0x4d, 0x33, 0x85, 732 0x45, 0xf9, 0x02, 0x7f, 0x50, 0x3c, 0x9f, 0xa8, 733 0x51, 0xa3, 0x40, 0x8f, 0x92, 0x9d, 0x38, 0xf5, 734 0xbc, 0xb6, 0xda, 0x21, 0x10, 0xff, 0xf3, 0xd2, 735 0xcd, 0x0c, 0x13, 0xec, 0x5f, 0x97, 0x44, 0x17, 736 0xc4, 0xa7, 0x7e, 0x3d, 0x64, 0x5d, 0x19, 0x73, 737 0x60, 0x81, 0x4f, 0xdc, 0x22, 0x2a, 0x90, 0x88, 738 0x46, 0xee, 0xb8, 0x14, 0xde, 0x5e, 0x0b, 0xdb, 739 0xe0, 0x32, 0x3a, 0x0a, 0x49, 0x06, 0x24, 0x5c, 740 0xc2, 0xd3, 0xac, 0x62, 0x91, 0x95, 0xe4, 0x79, 741 0xe7, 0xc8, 0x37, 0x6d, 0x8d, 0xd5, 0x4e, 0xa9, 742 0x6c, 0x56, 0xf4, 0xea, 0x65, 0x7a, 0xae, 0x08, 743 0xba, 0x78, 0x25, 0x2e, 0x1c, 0xa6, 0xb4, 0xc6, 744 0xe8, 0xdd, 0x74, 0x1f, 0x4b, 0xbd, 0x8b, 0x8a, 745 0x70, 0x3e, 0xb5, 0x66, 0x48, 0x03, 0xf6, 0x0e, 746 0x61, 0x35, 0x57, 0xb9, 0x86, 0xc1, 0x1d, 0x9e, 747 0xe1, 0xf8, 0x98, 0x11, 0x69, 0xd9, 0x8e, 0x94, 748 0x9b, 0x1e, 0x87, 0xe9, 0xce, 0x55, 0x28, 0xdf, 749 0x8c, 0xa1, 0x89, 0x0d, 0xbf, 0xe6, 0x42, 0x68, 750 0x41, 0x99, 0x2d, 0x0f, 0xb0, 0x54, 0xbb, 0x16 751 }; 752 753 /****************************************/ 754 /* aes128k128d() */ 755 /* Performs a 128 bit AES encrypt with */ 756 /* 128 bit data. */ 757 /****************************************/ 758 static void xor_128(u8 *a, u8 *b, u8 *out) 759 { 760 sint i; 761 762 for (i = 0; i < 16; i++) 763 out[i] = a[i] ^ b[i]; 764 } 765 766 static void xor_32(u8 *a, u8 *b, u8 *out) 767 { 768 sint i; 769 for (i = 0; i < 4; i++) 770 out[i] = a[i] ^ b[i]; 771 } 772 773 static u8 sbox(u8 a) 774 { 775 return sbox_table[(sint)a]; 776 } 777 778 static void next_key(u8 *key, sint round) 779 { 780 u8 rcon; 781 u8 sbox_key[4]; 782 u8 rcon_table[12] = { 783 0x01, 0x02, 0x04, 0x08, 0x10, 0x20, 0x40, 0x80, 784 0x1b, 0x36, 0x36, 0x36 785 }; 786 787 sbox_key[0] = sbox(key[13]); 788 sbox_key[1] = sbox(key[14]); 789 sbox_key[2] = sbox(key[15]); 790 sbox_key[3] = sbox(key[12]); 791 rcon = rcon_table[round]; 792 xor_32(&key[0], sbox_key, &key[0]); 793 key[0] = key[0] ^ rcon; 794 xor_32(&key[4], &key[0], &key[4]); 795 xor_32(&key[8], &key[4], &key[8]); 796 xor_32(&key[12], &key[8], &key[12]); 797 } 798 799 static void byte_sub(u8 *in, u8 *out) 800 { 801 sint i; 802 for (i = 0; i < 16; i++) 803 out[i] = sbox(in[i]); 804 } 805 806 static void shift_row(u8 *in, u8 *out) 807 { 808 out[0] = in[0]; 809 out[1] = in[5]; 810 out[2] = in[10]; 811 out[3] = in[15]; 812 out[4] = in[4]; 813 out[5] = in[9]; 814 out[6] = in[14]; 815 out[7] = in[3]; 816 out[8] = in[8]; 817 out[9] = in[13]; 818 out[10] = in[2]; 819 out[11] = in[7]; 820 out[12] = in[12]; 821 out[13] = in[1]; 822 out[14] = in[6]; 823 out[15] = in[11]; 824 } 825 826 static void mix_column(u8 *in, u8 *out) 827 { 828 sint i; 829 u8 add1b[4]; 830 u8 add1bf7[4]; 831 u8 rotl[4]; 832 u8 swap_halfs[4]; 833 u8 andf7[4]; 834 u8 rotr[4]; 835 u8 temp[4]; 836 u8 tempb[4]; 837 838 for (i = 0 ; i < 4; i++) { 839 if ((in[i] & 0x80) == 0x80) 840 add1b[i] = 0x1b; 841 else 842 add1b[i] = 0x00; 843 } 844 swap_halfs[0] = in[2]; /* Swap halves */ 845 swap_halfs[1] = in[3]; 846 swap_halfs[2] = in[0]; 847 swap_halfs[3] = in[1]; 848 rotl[0] = in[3]; /* Rotate left 8 bits */ 849 rotl[1] = in[0]; 850 rotl[2] = in[1]; 851 rotl[3] = in[2]; 852 andf7[0] = in[0] & 0x7f; 853 andf7[1] = in[1] & 0x7f; 854 andf7[2] = in[2] & 0x7f; 855 andf7[3] = in[3] & 0x7f; 856 for (i = 3; i > 0; i--) { /* logical shift left 1 bit */ 857 andf7[i] = andf7[i] << 1; 858 if ((andf7[i-1] & 0x80) == 0x80) 859 andf7[i] = (andf7[i] | 0x01); 860 } 861 andf7[0] = andf7[0] << 1; 862 andf7[0] = andf7[0] & 0xfe; 863 xor_32(add1b, andf7, add1bf7); 864 xor_32(in, add1bf7, rotr); 865 temp[0] = rotr[0]; /* Rotate right 8 bits */ 866 rotr[0] = rotr[1]; 867 rotr[1] = rotr[2]; 868 rotr[2] = rotr[3]; 869 rotr[3] = temp[0]; 870 xor_32(add1bf7, rotr, temp); 871 xor_32(swap_halfs, rotl, tempb); 872 xor_32(temp, tempb, out); 873 } 874 875 static void aes128k128d(u8 *key, u8 *data, u8 *ciphertext) 876 { 877 sint round; 878 sint i; 879 u8 intermediatea[16]; 880 u8 intermediateb[16]; 881 u8 round_key[16]; 882 883 for (i = 0; i < 16; i++) 884 round_key[i] = key[i]; 885 for (round = 0; round < 11; round++) { 886 if (round == 0) { 887 xor_128(round_key, data, ciphertext); 888 next_key(round_key, round); 889 } else if (round == 10) { 890 byte_sub(ciphertext, intermediatea); 891 shift_row(intermediatea, intermediateb); 892 xor_128(intermediateb, round_key, ciphertext); 893 } else { /* 1 - 9 */ 894 byte_sub(ciphertext, intermediatea); 895 shift_row(intermediatea, intermediateb); 896 mix_column(&intermediateb[0], &intermediatea[0]); 897 mix_column(&intermediateb[4], &intermediatea[4]); 898 mix_column(&intermediateb[8], &intermediatea[8]); 899 mix_column(&intermediateb[12], &intermediatea[12]); 900 xor_128(intermediatea, round_key, ciphertext); 901 next_key(round_key, round); 902 } 903 } 904 } 905 906 /************************************************/ 907 /* construct_mic_iv() */ 908 /* Builds the MIC IV from header fields and PN */ 909 /************************************************/ 910 static void construct_mic_iv(u8 *mic_iv, sint qc_exists, sint a4_exists, 911 u8 *mpdu, uint payload_length, u8 *pn_vector) 912 { 913 sint i; 914 915 mic_iv[0] = 0x59; 916 if (qc_exists && a4_exists) 917 mic_iv[1] = mpdu[30] & 0x0f; /* QoS_TC */ 918 if (qc_exists && !a4_exists) 919 mic_iv[1] = mpdu[24] & 0x0f; /* mute bits 7-4 */ 920 if (!qc_exists) 921 mic_iv[1] = 0x00; 922 for (i = 2; i < 8; i++) 923 mic_iv[i] = mpdu[i + 8]; 924 for (i = 8; i < 14; i++) 925 mic_iv[i] = pn_vector[13 - i]; /* mic_iv[8:13] = PN[5:0] */ 926 mic_iv[14] = (unsigned char) (payload_length / 256); 927 mic_iv[15] = (unsigned char) (payload_length % 256); 928 } 929 930 /************************************************/ 931 /* construct_mic_header1() */ 932 /* Builds the first MIC header block from */ 933 /* header fields. */ 934 /************************************************/ 935 static void construct_mic_header1(u8 *mic_header1, sint header_length, u8 *mpdu) 936 { 937 mic_header1[0] = (u8)((header_length - 2) / 256); 938 mic_header1[1] = (u8)((header_length - 2) % 256); 939 mic_header1[2] = mpdu[0] & 0xcf; /* Mute CF poll & CF ack bits */ 940 /* Mute retry, more data and pwr mgt bits */ 941 mic_header1[3] = mpdu[1] & 0xc7; 942 mic_header1[4] = mpdu[4]; /* A1 */ 943 mic_header1[5] = mpdu[5]; 944 mic_header1[6] = mpdu[6]; 945 mic_header1[7] = mpdu[7]; 946 mic_header1[8] = mpdu[8]; 947 mic_header1[9] = mpdu[9]; 948 mic_header1[10] = mpdu[10]; /* A2 */ 949 mic_header1[11] = mpdu[11]; 950 mic_header1[12] = mpdu[12]; 951 mic_header1[13] = mpdu[13]; 952 mic_header1[14] = mpdu[14]; 953 mic_header1[15] = mpdu[15]; 954 } 955 956 /************************************************/ 957 /* construct_mic_header2() */ 958 /* Builds the last MIC header block from */ 959 /* header fields. */ 960 /************************************************/ 961 static void construct_mic_header2(u8 *mic_header2, u8 *mpdu, sint a4_exists, 962 sint qc_exists) 963 { 964 sint i; 965 966 for (i = 0; i < 16; i++) 967 mic_header2[i] = 0x00; 968 mic_header2[0] = mpdu[16]; /* A3 */ 969 mic_header2[1] = mpdu[17]; 970 mic_header2[2] = mpdu[18]; 971 mic_header2[3] = mpdu[19]; 972 mic_header2[4] = mpdu[20]; 973 mic_header2[5] = mpdu[21]; 974 mic_header2[6] = 0x00; 975 mic_header2[7] = 0x00; /* mpdu[23]; */ 976 if (!qc_exists && a4_exists) 977 for (i = 0; i < 6; i++) 978 mic_header2[8 + i] = mpdu[24 + i]; /* A4 */ 979 if (qc_exists && !a4_exists) { 980 mic_header2[8] = mpdu[24] & 0x0f; /* mute bits 15 - 4 */ 981 mic_header2[9] = mpdu[25] & 0x00; 982 } 983 if (qc_exists && a4_exists) { 984 for (i = 0; i < 6; i++) 985 mic_header2[8 + i] = mpdu[24 + i]; /* A4 */ 986 mic_header2[14] = mpdu[30] & 0x0f; 987 mic_header2[15] = mpdu[31] & 0x00; 988 } 989 } 990 991 /************************************************/ 992 /* construct_mic_header2() */ 993 /* Builds the last MIC header block from */ 994 /* header fields. */ 995 /************************************************/ 996 static void construct_ctr_preload(u8 *ctr_preload, sint a4_exists, sint qc_exists, 997 u8 *mpdu, u8 *pn_vector, sint c) 998 { 999 sint i; 1000 1001 for (i = 0; i < 16; i++) 1002 ctr_preload[i] = 0x00; 1003 i = 0; 1004 ctr_preload[0] = 0x01; /* flag */ 1005 if (qc_exists && a4_exists) 1006 ctr_preload[1] = mpdu[30] & 0x0f; 1007 if (qc_exists && !a4_exists) 1008 ctr_preload[1] = mpdu[24] & 0x0f; 1009 for (i = 2; i < 8; i++) 1010 ctr_preload[i] = mpdu[i + 8]; 1011 for (i = 8; i < 14; i++) 1012 ctr_preload[i] = pn_vector[13 - i]; 1013 ctr_preload[14] = (unsigned char) (c / 256); /* Ctr */ 1014 ctr_preload[15] = (unsigned char) (c % 256); 1015 } 1016 1017 /************************************/ 1018 /* bitwise_xor() */ 1019 /* A 128 bit, bitwise exclusive or */ 1020 /************************************/ 1021 static void bitwise_xor(u8 *ina, u8 *inb, u8 *out) 1022 { 1023 sint i; 1024 1025 for (i = 0; i < 16; i++) 1026 out[i] = ina[i] ^ inb[i]; 1027 } 1028 1029 static sint aes_cipher(u8 *key, uint hdrlen, 1030 u8 *pframe, uint plen) 1031 { 1032 uint qc_exists, a4_exists, i, j, payload_remainder; 1033 uint num_blocks, payload_index; 1034 1035 u8 pn_vector[6]; 1036 u8 mic_iv[16]; 1037 u8 mic_header1[16]; 1038 u8 mic_header2[16]; 1039 u8 ctr_preload[16]; 1040 1041 /* Intermediate Buffers */ 1042 u8 chain_buffer[16]; 1043 u8 aes_out[16]; 1044 u8 padded_buffer[16]; 1045 u8 mic[8]; 1046 uint frtype = GetFrameType(pframe); 1047 uint frsubtype = GetFrameSubType(pframe); 1048 1049 frsubtype = frsubtype >> 4; 1050 memset((void *)mic_iv, 0, 16); 1051 memset((void *)mic_header1, 0, 16); 1052 memset((void *)mic_header2, 0, 16); 1053 memset((void *)ctr_preload, 0, 16); 1054 memset((void *)chain_buffer, 0, 16); 1055 memset((void *)aes_out, 0, 16); 1056 memset((void *)padded_buffer, 0, 16); 1057 1058 if ((hdrlen == WLAN_HDR_A3_LEN) || (hdrlen == WLAN_HDR_A3_QOS_LEN)) 1059 a4_exists = 0; 1060 else 1061 a4_exists = 1; 1062 1063 if ((frtype == WIFI_DATA_CFACK) || 1064 (frtype == WIFI_DATA_CFPOLL) || 1065 (frtype == WIFI_DATA_CFACKPOLL)) { 1066 qc_exists = 1; 1067 if (hdrlen != WLAN_HDR_A3_QOS_LEN) 1068 hdrlen += 2; 1069 } else if ((frsubtype == 0x08) || 1070 (frsubtype == 0x09) || 1071 (frsubtype == 0x0a) || 1072 (frsubtype == 0x0b)) { 1073 if (hdrlen != WLAN_HDR_A3_QOS_LEN) 1074 hdrlen += 2; 1075 qc_exists = 1; 1076 } else 1077 qc_exists = 0; 1078 pn_vector[0] = pframe[hdrlen]; 1079 pn_vector[1] = pframe[hdrlen+1]; 1080 pn_vector[2] = pframe[hdrlen+4]; 1081 pn_vector[3] = pframe[hdrlen+5]; 1082 pn_vector[4] = pframe[hdrlen+6]; 1083 pn_vector[5] = pframe[hdrlen+7]; 1084 construct_mic_iv(mic_iv, qc_exists, a4_exists, pframe, plen, pn_vector); 1085 construct_mic_header1(mic_header1, hdrlen, pframe); 1086 construct_mic_header2(mic_header2, pframe, a4_exists, qc_exists); 1087 payload_remainder = plen % 16; 1088 num_blocks = plen / 16; 1089 /* Find start of payload */ 1090 payload_index = (hdrlen + 8); 1091 /* Calculate MIC */ 1092 aes128k128d(key, mic_iv, aes_out); 1093 bitwise_xor(aes_out, mic_header1, chain_buffer); 1094 aes128k128d(key, chain_buffer, aes_out); 1095 bitwise_xor(aes_out, mic_header2, chain_buffer); 1096 aes128k128d(key, chain_buffer, aes_out); 1097 for (i = 0; i < num_blocks; i++) { 1098 bitwise_xor(aes_out, &pframe[payload_index], chain_buffer); 1099 payload_index += 16; 1100 aes128k128d(key, chain_buffer, aes_out); 1101 } 1102 /* Add on the final payload block if it needs padding */ 1103 if (payload_remainder > 0) { 1104 for (j = 0; j < 16; j++) 1105 padded_buffer[j] = 0x00; 1106 for (j = 0; j < payload_remainder; j++) 1107 padded_buffer[j] = pframe[payload_index++]; 1108 bitwise_xor(aes_out, padded_buffer, chain_buffer); 1109 aes128k128d(key, chain_buffer, aes_out); 1110 } 1111 for (j = 0; j < 8; j++) 1112 mic[j] = aes_out[j]; 1113 /* Insert MIC into payload */ 1114 for (j = 0; j < 8; j++) 1115 pframe[payload_index+j] = mic[j]; 1116 payload_index = hdrlen + 8; 1117 for (i = 0; i < num_blocks; i++) { 1118 construct_ctr_preload(ctr_preload, a4_exists, qc_exists, 1119 pframe, pn_vector, i + 1); 1120 aes128k128d(key, ctr_preload, aes_out); 1121 bitwise_xor(aes_out, &pframe[payload_index], chain_buffer); 1122 for (j = 0; j < 16; j++) 1123 pframe[payload_index++] = chain_buffer[j]; 1124 } 1125 if (payload_remainder > 0) { /* If short final block, then pad it,*/ 1126 /* encrypt and copy unpadded part back */ 1127 construct_ctr_preload(ctr_preload, a4_exists, qc_exists, 1128 pframe, pn_vector, num_blocks+1); 1129 for (j = 0; j < 16; j++) 1130 padded_buffer[j] = 0x00; 1131 for (j = 0; j < payload_remainder; j++) 1132 padded_buffer[j] = pframe[payload_index+j]; 1133 aes128k128d(key, ctr_preload, aes_out); 1134 bitwise_xor(aes_out, padded_buffer, chain_buffer); 1135 for (j = 0; j < payload_remainder; j++) 1136 pframe[payload_index++] = chain_buffer[j]; 1137 } 1138 /* Encrypt the MIC */ 1139 construct_ctr_preload(ctr_preload, a4_exists, qc_exists, 1140 pframe, pn_vector, 0); 1141 for (j = 0; j < 16; j++) 1142 padded_buffer[j] = 0x00; 1143 for (j = 0; j < 8; j++) 1144 padded_buffer[j] = pframe[j+hdrlen+8+plen]; 1145 aes128k128d(key, ctr_preload, aes_out); 1146 bitwise_xor(aes_out, padded_buffer, chain_buffer); 1147 for (j = 0; j < 8; j++) 1148 pframe[payload_index++] = chain_buffer[j]; 1149 return _SUCCESS; 1150 } 1151 1152 u32 r8712_aes_encrypt(struct _adapter *padapter, u8 *pxmitframe) 1153 { /* exclude ICV */ 1154 /* Intermediate Buffers */ 1155 sint curfragnum, length; 1156 u32 prwskeylen; 1157 u8 *pframe, *prwskey; 1158 struct sta_info *stainfo; 1159 struct pkt_attrib *pattrib = &((struct xmit_frame *) 1160 pxmitframe)->attrib; 1161 struct xmit_priv *pxmitpriv = &padapter->xmitpriv; 1162 u32 res = _SUCCESS; 1163 1164 if (((struct xmit_frame *)pxmitframe)->buf_addr == NULL) 1165 return _FAIL; 1166 pframe = ((struct xmit_frame *)pxmitframe)->buf_addr + TXDESC_OFFSET; 1167 /* 4 start to encrypt each fragment */ 1168 if ((pattrib->encrypt == _AES_)) { 1169 if (pattrib->psta) 1170 stainfo = pattrib->psta; 1171 else 1172 stainfo = r8712_get_stainfo(&padapter->stapriv, 1173 &pattrib->ra[0]); 1174 if (stainfo != NULL) { 1175 prwskey = &stainfo->x_UncstKey.skey[0]; 1176 prwskeylen = 16; 1177 for (curfragnum = 0; curfragnum < pattrib->nr_frags; 1178 curfragnum++) { 1179 if ((curfragnum + 1) == pattrib->nr_frags) {\ 1180 length = pattrib->last_txcmdsz - 1181 pattrib->hdrlen - 1182 pattrib->iv_len - 1183 pattrib->icv_len; 1184 aes_cipher(prwskey, pattrib-> 1185 hdrlen, pframe, length); 1186 } else { 1187 length = pxmitpriv->frag_len - 1188 pattrib->hdrlen - 1189 pattrib->iv_len - 1190 pattrib->icv_len ; 1191 aes_cipher(prwskey, pattrib-> 1192 hdrlen, pframe, length); 1193 pframe += pxmitpriv->frag_len; 1194 pframe = (u8 *)RND4((addr_t)(pframe)); 1195 } 1196 } 1197 } else 1198 res = _FAIL; 1199 } 1200 return res; 1201 } 1202 1203 static sint aes_decipher(u8 *key, uint hdrlen, 1204 u8 *pframe, uint plen) 1205 { 1206 static u8 message[MAX_MSG_SIZE]; 1207 uint qc_exists, a4_exists, i, j, payload_remainder; 1208 uint num_blocks, payload_index; 1209 u8 pn_vector[6]; 1210 u8 mic_iv[16]; 1211 u8 mic_header1[16]; 1212 u8 mic_header2[16]; 1213 u8 ctr_preload[16]; 1214 /* Intermediate Buffers */ 1215 u8 chain_buffer[16]; 1216 u8 aes_out[16]; 1217 u8 padded_buffer[16]; 1218 u8 mic[8]; 1219 uint frtype = GetFrameType(pframe); 1220 uint frsubtype = GetFrameSubType(pframe); 1221 1222 frsubtype = frsubtype >> 4; 1223 memset((void *)mic_iv, 0, 16); 1224 memset((void *)mic_header1, 0, 16); 1225 memset((void *)mic_header2, 0, 16); 1226 memset((void *)ctr_preload, 0, 16); 1227 memset((void *)chain_buffer, 0, 16); 1228 memset((void *)aes_out, 0, 16); 1229 memset((void *)padded_buffer, 0, 16); 1230 /* start to decrypt the payload */ 1231 /*(plen including llc, payload and mic) */ 1232 num_blocks = (plen - 8) / 16; 1233 payload_remainder = (plen-8) % 16; 1234 pn_vector[0] = pframe[hdrlen]; 1235 pn_vector[1] = pframe[hdrlen+1]; 1236 pn_vector[2] = pframe[hdrlen+4]; 1237 pn_vector[3] = pframe[hdrlen+5]; 1238 pn_vector[4] = pframe[hdrlen+6]; 1239 pn_vector[5] = pframe[hdrlen+7]; 1240 if ((hdrlen == WLAN_HDR_A3_LEN) || (hdrlen == WLAN_HDR_A3_QOS_LEN)) 1241 a4_exists = 0; 1242 else 1243 a4_exists = 1; 1244 if ((frtype == WIFI_DATA_CFACK) || 1245 (frtype == WIFI_DATA_CFPOLL) || 1246 (frtype == WIFI_DATA_CFACKPOLL)) { 1247 qc_exists = 1; 1248 if (hdrlen != WLAN_HDR_A3_QOS_LEN) 1249 hdrlen += 2; 1250 } else if ((frsubtype == 0x08) || 1251 (frsubtype == 0x09) || 1252 (frsubtype == 0x0a) || 1253 (frsubtype == 0x0b)) { 1254 if (hdrlen != WLAN_HDR_A3_QOS_LEN) 1255 hdrlen += 2; 1256 qc_exists = 1; 1257 } else 1258 qc_exists = 0; 1259 /* now, decrypt pframe with hdrlen offset and plen long */ 1260 payload_index = hdrlen + 8; /* 8 is for extiv */ 1261 for (i = 0; i < num_blocks; i++) { 1262 construct_ctr_preload(ctr_preload, a4_exists, qc_exists, 1263 pframe, pn_vector, i + 1); 1264 aes128k128d(key, ctr_preload, aes_out); 1265 bitwise_xor(aes_out, &pframe[payload_index], chain_buffer); 1266 for (j = 0; j < 16; j++) 1267 pframe[payload_index++] = chain_buffer[j]; 1268 } 1269 if (payload_remainder > 0) { /* If short final block, pad it,*/ 1270 /* encrypt it and copy the unpadded part back */ 1271 construct_ctr_preload(ctr_preload, a4_exists, qc_exists, 1272 pframe, pn_vector, num_blocks+1); 1273 for (j = 0; j < 16; j++) 1274 padded_buffer[j] = 0x00; 1275 for (j = 0; j < payload_remainder; j++) 1276 padded_buffer[j] = pframe[payload_index + j]; 1277 aes128k128d(key, ctr_preload, aes_out); 1278 bitwise_xor(aes_out, padded_buffer, chain_buffer); 1279 for (j = 0; j < payload_remainder; j++) 1280 pframe[payload_index++] = chain_buffer[j]; 1281 } 1282 /* start to calculate the mic */ 1283 memcpy((void *)message, pframe, (hdrlen + plen + 8)); 1284 pn_vector[0] = pframe[hdrlen]; 1285 pn_vector[1] = pframe[hdrlen+1]; 1286 pn_vector[2] = pframe[hdrlen+4]; 1287 pn_vector[3] = pframe[hdrlen+5]; 1288 pn_vector[4] = pframe[hdrlen+6]; 1289 pn_vector[5] = pframe[hdrlen+7]; 1290 construct_mic_iv(mic_iv, qc_exists, a4_exists, message, plen-8, 1291 pn_vector); 1292 construct_mic_header1(mic_header1, hdrlen, message); 1293 construct_mic_header2(mic_header2, message, a4_exists, qc_exists); 1294 payload_remainder = (plen - 8) % 16; 1295 num_blocks = (plen - 8) / 16; 1296 /* Find start of payload */ 1297 payload_index = (hdrlen + 8); 1298 /* Calculate MIC */ 1299 aes128k128d(key, mic_iv, aes_out); 1300 bitwise_xor(aes_out, mic_header1, chain_buffer); 1301 aes128k128d(key, chain_buffer, aes_out); 1302 bitwise_xor(aes_out, mic_header2, chain_buffer); 1303 aes128k128d(key, chain_buffer, aes_out); 1304 for (i = 0; i < num_blocks; i++) { 1305 bitwise_xor(aes_out, &message[payload_index], chain_buffer); 1306 payload_index += 16; 1307 aes128k128d(key, chain_buffer, aes_out); 1308 } 1309 /* Add on the final payload block if it needs padding */ 1310 if (payload_remainder > 0) { 1311 for (j = 0; j < 16; j++) 1312 padded_buffer[j] = 0x00; 1313 for (j = 0; j < payload_remainder; j++) 1314 padded_buffer[j] = message[payload_index++]; 1315 bitwise_xor(aes_out, padded_buffer, chain_buffer); 1316 aes128k128d(key, chain_buffer, aes_out); 1317 } 1318 for (j = 0 ; j < 8; j++) 1319 mic[j] = aes_out[j]; 1320 /* Insert MIC into payload */ 1321 for (j = 0; j < 8; j++) 1322 message[payload_index+j] = mic[j]; 1323 payload_index = hdrlen + 8; 1324 for (i = 0; i < num_blocks; i++) { 1325 construct_ctr_preload(ctr_preload, a4_exists, qc_exists, 1326 message, pn_vector, i + 1); 1327 aes128k128d(key, ctr_preload, aes_out); 1328 bitwise_xor(aes_out, &message[payload_index], chain_buffer); 1329 for (j = 0; j < 16; j++) 1330 message[payload_index++] = chain_buffer[j]; 1331 } 1332 if (payload_remainder > 0) { /* If short final block, pad it,*/ 1333 /* encrypt and copy unpadded part back */ 1334 construct_ctr_preload(ctr_preload, a4_exists, qc_exists, 1335 message, pn_vector, num_blocks+1); 1336 for (j = 0; j < 16; j++) 1337 padded_buffer[j] = 0x00; 1338 for (j = 0; j < payload_remainder; j++) 1339 padded_buffer[j] = message[payload_index + j]; 1340 aes128k128d(key, ctr_preload, aes_out); 1341 bitwise_xor(aes_out, padded_buffer, chain_buffer); 1342 for (j = 0; j < payload_remainder; j++) 1343 message[payload_index++] = chain_buffer[j]; 1344 } 1345 /* Encrypt the MIC */ 1346 construct_ctr_preload(ctr_preload, a4_exists, qc_exists, message, 1347 pn_vector, 0); 1348 for (j = 0; j < 16; j++) 1349 padded_buffer[j] = 0x00; 1350 for (j = 0; j < 8; j++) 1351 padded_buffer[j] = message[j + hdrlen + plen]; 1352 aes128k128d(key, ctr_preload, aes_out); 1353 bitwise_xor(aes_out, padded_buffer, chain_buffer); 1354 for (j = 0; j < 8; j++) 1355 message[payload_index++] = chain_buffer[j]; 1356 /* compare the mic */ 1357 return _SUCCESS; 1358 } 1359 1360 u32 r8712_aes_decrypt(struct _adapter *padapter, u8 *precvframe) 1361 { /* exclude ICV */ 1362 /* Intermediate Buffers */ 1363 sint length; 1364 u32 prwskeylen; 1365 u8 *pframe, *prwskey, *iv, idx; 1366 struct sta_info *stainfo; 1367 struct rx_pkt_attrib *prxattrib = &((union recv_frame *) 1368 precvframe)->u.hdr.attrib; 1369 struct security_priv *psecuritypriv = &padapter->securitypriv; 1370 1371 pframe = (unsigned char *)((union recv_frame *)precvframe)-> 1372 u.hdr.rx_data; 1373 /* 4 start to encrypt each fragment */ 1374 if ((prxattrib->encrypt == _AES_)) { 1375 stainfo = r8712_get_stainfo(&padapter->stapriv, 1376 &prxattrib->ta[0]); 1377 if (stainfo != NULL) { 1378 if (IS_MCAST(prxattrib->ra)) { 1379 iv = pframe+prxattrib->hdrlen; 1380 idx = iv[3]; 1381 prwskey = &psecuritypriv->XGrpKey[ 1382 ((idx >> 6) & 0x3) - 1].skey[0]; 1383 if (psecuritypriv->binstallGrpkey == false) 1384 return _FAIL; 1385 1386 } else 1387 prwskey = &stainfo->x_UncstKey.skey[0]; 1388 prwskeylen = 16; 1389 length = ((union recv_frame *)precvframe)-> 1390 u.hdr.len-prxattrib->hdrlen-prxattrib->iv_len; 1391 aes_decipher(prwskey, prxattrib->hdrlen, pframe, 1392 length); 1393 } else 1394 return _FAIL; 1395 } 1396 return _SUCCESS; 1397 } 1398 1399 void r8712_use_tkipkey_handler(void *FunctionContext) 1400 { 1401 struct _adapter *padapter = (struct _adapter *)FunctionContext; 1402 1403 padapter->securitypriv.busetkipkey = true; 1404 } 1405