1 // SPDX-License-Identifier: GPL-2.0 2 /****************************************************************************** 3 * 4 * Copyright(c) 2007 - 2011 Realtek Corporation. All rights reserved. 5 * 6 ******************************************************************************/ 7 #define _RTW_SECURITY_C_ 8 9 #include <linux/crc32poly.h> 10 #include <drv_types.h> 11 #include <rtw_debug.h> 12 13 static const char * const _security_type_str[] = { 14 "N/A", 15 "WEP40", 16 "TKIP", 17 "TKIP_WM", 18 "AES", 19 "WEP104", 20 "SMS4", 21 "WEP_WPA", 22 "BIP", 23 }; 24 25 const char *security_type_str(u8 value) 26 { 27 if (value <= _BIP_) 28 return _security_type_str[value]; 29 return NULL; 30 } 31 32 #ifdef DBG_SW_SEC_CNT 33 #define WEP_SW_ENC_CNT_INC(sec, ra) \ 34 if (is_broadcast_mac_addr(ra)) \ 35 sec->wep_sw_enc_cnt_bc++; \ 36 else if (is_multicast_mac_addr(ra)) \ 37 sec->wep_sw_enc_cnt_mc++; \ 38 else \ 39 sec->wep_sw_enc_cnt_uc++; 40 41 #define WEP_SW_DEC_CNT_INC(sec, ra) \ 42 if (is_broadcast_mac_addr(ra)) \ 43 sec->wep_sw_dec_cnt_bc++; \ 44 else if (is_multicast_mac_addr(ra)) \ 45 sec->wep_sw_dec_cnt_mc++; \ 46 else \ 47 sec->wep_sw_dec_cnt_uc++; 48 49 #define TKIP_SW_ENC_CNT_INC(sec, ra) \ 50 if (is_broadcast_mac_addr(ra)) \ 51 sec->tkip_sw_enc_cnt_bc++; \ 52 else if (is_multicast_mac_addr(ra)) \ 53 sec->tkip_sw_enc_cnt_mc++; \ 54 else \ 55 sec->tkip_sw_enc_cnt_uc++; 56 57 #define TKIP_SW_DEC_CNT_INC(sec, ra) \ 58 if (is_broadcast_mac_addr(ra)) \ 59 sec->tkip_sw_dec_cnt_bc++; \ 60 else if (is_multicast_mac_addr(ra)) \ 61 sec->tkip_sw_dec_cnt_mc++; \ 62 else \ 63 sec->tkip_sw_dec_cnt_uc++; 64 65 #define AES_SW_ENC_CNT_INC(sec, ra) \ 66 if (is_broadcast_mac_addr(ra)) \ 67 sec->aes_sw_enc_cnt_bc++; \ 68 else if (is_multicast_mac_addr(ra)) \ 69 sec->aes_sw_enc_cnt_mc++; \ 70 else \ 71 sec->aes_sw_enc_cnt_uc++; 72 73 #define AES_SW_DEC_CNT_INC(sec, ra) \ 74 if (is_broadcast_mac_addr(ra)) \ 75 sec->aes_sw_dec_cnt_bc++; \ 76 else if (is_multicast_mac_addr(ra)) \ 77 sec->aes_sw_dec_cnt_mc++; \ 78 else \ 79 sec->aes_sw_dec_cnt_uc++; 80 #else 81 #define WEP_SW_ENC_CNT_INC(sec, ra) 82 #define WEP_SW_DEC_CNT_INC(sec, ra) 83 #define TKIP_SW_ENC_CNT_INC(sec, ra) 84 #define TKIP_SW_DEC_CNT_INC(sec, ra) 85 #define AES_SW_ENC_CNT_INC(sec, ra) 86 #define AES_SW_DEC_CNT_INC(sec, ra) 87 #endif /* DBG_SW_SEC_CNT */ 88 89 /* WEP related ===== */ 90 91 struct arc4context { 92 u32 x; 93 u32 y; 94 u8 state[256]; 95 }; 96 97 98 static void arcfour_init(struct arc4context *parc4ctx, u8 *key, u32 key_len) 99 { 100 u32 t, u; 101 u32 keyindex; 102 u32 stateindex; 103 u8 *state; 104 u32 counter; 105 106 state = parc4ctx->state; 107 parc4ctx->x = 0; 108 parc4ctx->y = 0; 109 for (counter = 0; counter < 256; counter++) 110 state[counter] = (u8)counter; 111 keyindex = 0; 112 stateindex = 0; 113 for (counter = 0; counter < 256; counter++) { 114 t = state[counter]; 115 stateindex = (stateindex + key[keyindex] + t) & 0xff; 116 u = state[stateindex]; 117 state[stateindex] = (u8)t; 118 state[counter] = (u8)u; 119 if (++keyindex >= key_len) 120 keyindex = 0; 121 } 122 } 123 124 static u32 arcfour_byte(struct arc4context *parc4ctx) 125 { 126 u32 x; 127 u32 y; 128 u32 sx, sy; 129 u8 *state; 130 131 state = parc4ctx->state; 132 x = (parc4ctx->x + 1) & 0xff; 133 sx = state[x]; 134 y = (sx + parc4ctx->y) & 0xff; 135 sy = state[y]; 136 parc4ctx->x = x; 137 parc4ctx->y = y; 138 state[y] = (u8)sx; 139 state[x] = (u8)sy; 140 return state[(sx + sy) & 0xff]; 141 } 142 143 static void arcfour_encrypt(struct arc4context *parc4ctx, u8 *dest, u8 *src, u32 len) 144 { 145 u32 i; 146 147 for (i = 0; i < len; i++) 148 dest[i] = src[i] ^ (unsigned char)arcfour_byte(parc4ctx); 149 } 150 151 static sint bcrc32initialized; 152 static u32 crc32_table[256]; 153 154 155 static u8 crc32_reverseBit(u8 data) 156 { 157 return((u8)((data<<7)&0x80) | ((data<<5)&0x40) | ((data<<3)&0x20) | ((data<<1)&0x10) | ((data>>1)&0x08) | ((data>>3)&0x04) | ((data>>5)&0x02) | ((data>>7)&0x01)); 158 } 159 160 static void crc32_init(void) 161 { 162 if (bcrc32initialized == 1) 163 return; 164 else { 165 sint i, j; 166 u32 c; 167 u8 *p = (u8 *)&c, *p1; 168 u8 k; 169 170 c = 0x12340000; 171 172 for (i = 0; i < 256; ++i) { 173 k = crc32_reverseBit((u8)i); 174 for (c = ((u32)k) << 24, j = 8; j > 0; --j) 175 c = c & 0x80000000 ? (c << 1) ^ CRC32_POLY_BE : (c << 1); 176 p1 = (u8 *)&crc32_table[i]; 177 178 p1[0] = crc32_reverseBit(p[3]); 179 p1[1] = crc32_reverseBit(p[2]); 180 p1[2] = crc32_reverseBit(p[1]); 181 p1[3] = crc32_reverseBit(p[0]); 182 } 183 bcrc32initialized = 1; 184 } 185 } 186 187 static __le32 getcrc32(u8 *buf, sint len) 188 { 189 u8 *p; 190 u32 crc; 191 192 if (bcrc32initialized == 0) 193 crc32_init(); 194 195 crc = 0xffffffff; /* preload shift register, per CRC-32 spec */ 196 197 for (p = buf; len > 0; ++p, --len) 198 crc = crc32_table[(crc ^ *p) & 0xff] ^ (crc >> 8); 199 return cpu_to_le32(~crc); /* transmit complement, per CRC-32 spec */ 200 } 201 202 203 /* 204 Need to consider the fragment situation 205 */ 206 void rtw_wep_encrypt(struct adapter *padapter, u8 *pxmitframe) 207 { /* exclude ICV */ 208 209 unsigned char crc[4]; 210 struct arc4context mycontext; 211 212 sint curfragnum, length; 213 u32 keylength; 214 215 u8 *pframe, *payload, *iv; /* wepkey */ 216 u8 wepkey[16]; 217 u8 hw_hdr_offset = 0; 218 struct pkt_attrib *pattrib = &((struct xmit_frame *)pxmitframe)->attrib; 219 struct security_priv *psecuritypriv = &padapter->securitypriv; 220 struct xmit_priv *pxmitpriv = &padapter->xmitpriv; 221 222 if (((struct xmit_frame *)pxmitframe)->buf_addr == NULL) 223 return; 224 225 hw_hdr_offset = TXDESC_OFFSET; 226 pframe = ((struct xmit_frame *)pxmitframe)->buf_addr + hw_hdr_offset; 227 228 /* start to encrypt each fragment */ 229 if ((pattrib->encrypt == _WEP40_) || (pattrib->encrypt == _WEP104_)) { 230 keylength = psecuritypriv->dot11DefKeylen[psecuritypriv->dot11PrivacyKeyIndex]; 231 232 for (curfragnum = 0; curfragnum < pattrib->nr_frags; curfragnum++) { 233 iv = pframe+pattrib->hdrlen; 234 memcpy(&wepkey[0], iv, 3); 235 memcpy(&wepkey[3], &psecuritypriv->dot11DefKey[psecuritypriv->dot11PrivacyKeyIndex].skey[0], keylength); 236 payload = pframe+pattrib->iv_len+pattrib->hdrlen; 237 238 if ((curfragnum+1) == pattrib->nr_frags) { /* the last fragment */ 239 240 length = pattrib->last_txcmdsz-pattrib->hdrlen-pattrib->iv_len-pattrib->icv_len; 241 242 *((__le32 *)crc) = getcrc32(payload, length); 243 244 arcfour_init(&mycontext, wepkey, 3+keylength); 245 arcfour_encrypt(&mycontext, payload, payload, length); 246 arcfour_encrypt(&mycontext, payload+length, crc, 4); 247 248 } else { 249 length = pxmitpriv->frag_len-pattrib->hdrlen-pattrib->iv_len-pattrib->icv_len; 250 *((__le32 *)crc) = getcrc32(payload, length); 251 arcfour_init(&mycontext, wepkey, 3+keylength); 252 arcfour_encrypt(&mycontext, payload, payload, length); 253 arcfour_encrypt(&mycontext, payload+length, crc, 4); 254 255 pframe += pxmitpriv->frag_len; 256 pframe = (u8 *)round_up((SIZE_PTR)(pframe), 4); 257 } 258 } 259 260 WEP_SW_ENC_CNT_INC(psecuritypriv, pattrib->ra); 261 } 262 } 263 264 void rtw_wep_decrypt(struct adapter *padapter, u8 *precvframe) 265 { 266 /* exclude ICV */ 267 u8 crc[4]; 268 struct arc4context mycontext; 269 sint length; 270 u32 keylength; 271 u8 *pframe, *payload, *iv, wepkey[16]; 272 u8 keyindex; 273 struct rx_pkt_attrib *prxattrib = &(((union recv_frame *)precvframe)->u.hdr.attrib); 274 struct security_priv *psecuritypriv = &padapter->securitypriv; 275 276 pframe = (unsigned char *)((union recv_frame *)precvframe)->u.hdr.rx_data; 277 278 /* start to decrypt recvframe */ 279 if ((prxattrib->encrypt == _WEP40_) || (prxattrib->encrypt == _WEP104_)) { 280 iv = pframe+prxattrib->hdrlen; 281 /* keyindex =(iv[3]&0x3); */ 282 keyindex = prxattrib->key_index; 283 keylength = psecuritypriv->dot11DefKeylen[keyindex]; 284 memcpy(&wepkey[0], iv, 3); 285 /* memcpy(&wepkey[3], &psecuritypriv->dot11DefKey[psecuritypriv->dot11PrivacyKeyIndex].skey[0], keylength); */ 286 memcpy(&wepkey[3], &psecuritypriv->dot11DefKey[keyindex].skey[0], keylength); 287 length = ((union recv_frame *)precvframe)->u.hdr.len-prxattrib->hdrlen-prxattrib->iv_len; 288 289 payload = pframe+prxattrib->iv_len+prxattrib->hdrlen; 290 291 /* decrypt payload include icv */ 292 arcfour_init(&mycontext, wepkey, 3+keylength); 293 arcfour_encrypt(&mycontext, payload, payload, length); 294 295 /* calculate icv and compare the icv */ 296 *((u32 *)crc) = le32_to_cpu(getcrc32(payload, length-4)); 297 298 if (crc[3] != payload[length-1] || crc[2] != payload[length-2] || crc[1] != payload[length-3] || crc[0] != payload[length-4]) { 299 RT_TRACE(_module_rtl871x_security_c_, 300 _drv_err_, 301 ("%s:icv error crc[3](%x)!=payload[length-1](%x) || crc[2](%x)!=payload[length-2](%x) || crc[1](%x)!=payload[length-3](%x) || crc[0](%x)!=payload[length-4](%x)\n", 302 __func__, 303 crc[3], payload[length - 1], 304 crc[2], payload[length - 2], 305 crc[1], payload[length - 3], 306 crc[0], payload[length - 4])); 307 } 308 309 WEP_SW_DEC_CNT_INC(psecuritypriv, prxattrib->ra); 310 } 311 } 312 313 /* 3 =====TKIP related ===== */ 314 315 static u32 secmicgetuint32(u8 *p) 316 /* Convert from Byte[] to Us3232 in a portable way */ 317 { 318 s32 i; 319 u32 res = 0; 320 321 for (i = 0; i < 4; i++) 322 res |= ((u32)(*p++)) << (8*i); 323 324 return res; 325 } 326 327 static void secmicputuint32(u8 *p, u32 val) 328 /* Convert from Us3232 to Byte[] in a portable way */ 329 { 330 long i; 331 332 for (i = 0; i < 4; i++) { 333 *p++ = (u8) (val & 0xff); 334 val >>= 8; 335 } 336 } 337 338 static void secmicclear(struct mic_data *pmicdata) 339 { 340 /* Reset the state to the empty message. */ 341 pmicdata->L = pmicdata->K0; 342 pmicdata->R = pmicdata->K1; 343 pmicdata->nBytesInM = 0; 344 pmicdata->M = 0; 345 } 346 347 void rtw_secmicsetkey(struct mic_data *pmicdata, u8 *key) 348 { 349 /* Set the key */ 350 pmicdata->K0 = secmicgetuint32(key); 351 pmicdata->K1 = secmicgetuint32(key + 4); 352 /* and reset the message */ 353 secmicclear(pmicdata); 354 } 355 356 void rtw_secmicappendbyte(struct mic_data *pmicdata, u8 b) 357 { 358 /* Append the byte to our word-sized buffer */ 359 pmicdata->M |= ((unsigned long)b) << (8*pmicdata->nBytesInM); 360 pmicdata->nBytesInM++; 361 /* Process the word if it is full. */ 362 if (pmicdata->nBytesInM >= 4) { 363 pmicdata->L ^= pmicdata->M; 364 pmicdata->R ^= ROL32(pmicdata->L, 17); 365 pmicdata->L += pmicdata->R; 366 pmicdata->R ^= ((pmicdata->L & 0xff00ff00) >> 8) | ((pmicdata->L & 0x00ff00ff) << 8); 367 pmicdata->L += pmicdata->R; 368 pmicdata->R ^= ROL32(pmicdata->L, 3); 369 pmicdata->L += pmicdata->R; 370 pmicdata->R ^= ROR32(pmicdata->L, 2); 371 pmicdata->L += pmicdata->R; 372 /* Clear the buffer */ 373 pmicdata->M = 0; 374 pmicdata->nBytesInM = 0; 375 } 376 } 377 378 void rtw_secmicappend(struct mic_data *pmicdata, u8 *src, u32 nbytes) 379 { 380 /* This is simple */ 381 while (nbytes > 0) { 382 rtw_secmicappendbyte(pmicdata, *src++); 383 nbytes--; 384 } 385 } 386 387 void rtw_secgetmic(struct mic_data *pmicdata, u8 *dst) 388 { 389 /* Append the minimum padding */ 390 rtw_secmicappendbyte(pmicdata, 0x5a); 391 rtw_secmicappendbyte(pmicdata, 0); 392 rtw_secmicappendbyte(pmicdata, 0); 393 rtw_secmicappendbyte(pmicdata, 0); 394 rtw_secmicappendbyte(pmicdata, 0); 395 /* and then zeroes until the length is a multiple of 4 */ 396 while (pmicdata->nBytesInM != 0) 397 rtw_secmicappendbyte(pmicdata, 0); 398 /* The appendByte function has already computed the result. */ 399 secmicputuint32(dst, pmicdata->L); 400 secmicputuint32(dst+4, pmicdata->R); 401 /* Reset to the empty message. */ 402 secmicclear(pmicdata); 403 } 404 405 406 void rtw_seccalctkipmic(u8 *key, u8 *header, u8 *data, u32 data_len, u8 *mic_code, u8 pri) 407 { 408 409 struct mic_data micdata; 410 u8 priority[4] = {0x0, 0x0, 0x0, 0x0}; 411 412 rtw_secmicsetkey(&micdata, key); 413 priority[0] = pri; 414 415 /* Michael MIC pseudo header: DA, SA, 3 x 0, Priority */ 416 if (header[1]&1) { /* ToDS == 1 */ 417 rtw_secmicappend(&micdata, &header[16], 6); /* DA */ 418 if (header[1]&2) /* From Ds == 1 */ 419 rtw_secmicappend(&micdata, &header[24], 6); 420 else 421 rtw_secmicappend(&micdata, &header[10], 6); 422 } else { /* ToDS == 0 */ 423 rtw_secmicappend(&micdata, &header[4], 6); /* DA */ 424 if (header[1]&2) /* From Ds == 1 */ 425 rtw_secmicappend(&micdata, &header[16], 6); 426 else 427 rtw_secmicappend(&micdata, &header[10], 6); 428 } 429 rtw_secmicappend(&micdata, &priority[0], 4); 430 431 432 rtw_secmicappend(&micdata, data, data_len); 433 434 rtw_secgetmic(&micdata, mic_code); 435 } 436 437 /* macros for extraction/creation of unsigned char/unsigned short values */ 438 #define RotR1(v16) ((((v16) >> 1) & 0x7FFF) ^ (((v16) & 1) << 15)) 439 #define Lo8(v16) ((u8)((v16) & 0x00FF)) 440 #define Hi8(v16) ((u8)(((v16) >> 8) & 0x00FF)) 441 #define Lo16(v32) ((u16)((v32) & 0xFFFF)) 442 #define Hi16(v32) ((u16)(((v32) >> 16) & 0xFFFF)) 443 #define Mk16(hi, lo) ((lo) ^ (((u16)(hi)) << 8)) 444 445 /* select the Nth 16-bit word of the temporal key unsigned char array TK[] */ 446 #define TK16(N) Mk16(tk[2*(N)+1], tk[2*(N)]) 447 448 /* S-box lookup: 16 bits --> 16 bits */ 449 #define _S_(v16) (Sbox1[0][Lo8(v16)] ^ Sbox1[1][Hi8(v16)]) 450 451 /* fixed algorithm "parameters" */ 452 #define PHASE1_LOOP_CNT 8 /* this needs to be "big enough" */ 453 #define TA_SIZE 6 /* 48-bit transmitter address */ 454 #define TK_SIZE 16 /* 128-bit temporal key */ 455 #define P1K_SIZE 10 /* 80-bit Phase1 key */ 456 #define RC4_KEY_SIZE 16 /* 128-bit RC4KEY (104 bits unknown) */ 457 458 459 /* 2-unsigned char by 2-unsigned char subset of the full AES S-box table */ 460 static const unsigned short Sbox1[2][256] = { /* Sbox for hash (can be in ROM) */ 461 { 462 0xC6A5, 0xF884, 0xEE99, 0xF68D, 0xFF0D, 0xD6BD, 0xDEB1, 0x9154, 463 0x6050, 0x0203, 0xCEA9, 0x567D, 0xE719, 0xB562, 0x4DE6, 0xEC9A, 464 0x8F45, 0x1F9D, 0x8940, 0xFA87, 0xEF15, 0xB2EB, 0x8EC9, 0xFB0B, 465 0x41EC, 0xB367, 0x5FFD, 0x45EA, 0x23BF, 0x53F7, 0xE496, 0x9B5B, 466 0x75C2, 0xE11C, 0x3DAE, 0x4C6A, 0x6C5A, 0x7E41, 0xF502, 0x834F, 467 0x685C, 0x51F4, 0xD134, 0xF908, 0xE293, 0xAB73, 0x6253, 0x2A3F, 468 0x080C, 0x9552, 0x4665, 0x9D5E, 0x3028, 0x37A1, 0x0A0F, 0x2FB5, 469 0x0E09, 0x2436, 0x1B9B, 0xDF3D, 0xCD26, 0x4E69, 0x7FCD, 0xEA9F, 470 0x121B, 0x1D9E, 0x5874, 0x342E, 0x362D, 0xDCB2, 0xB4EE, 0x5BFB, 471 0xA4F6, 0x764D, 0xB761, 0x7DCE, 0x527B, 0xDD3E, 0x5E71, 0x1397, 472 0xA6F5, 0xB968, 0x0000, 0xC12C, 0x4060, 0xE31F, 0x79C8, 0xB6ED, 473 0xD4BE, 0x8D46, 0x67D9, 0x724B, 0x94DE, 0x98D4, 0xB0E8, 0x854A, 474 0xBB6B, 0xC52A, 0x4FE5, 0xED16, 0x86C5, 0x9AD7, 0x6655, 0x1194, 475 0x8ACF, 0xE910, 0x0406, 0xFE81, 0xA0F0, 0x7844, 0x25BA, 0x4BE3, 476 0xA2F3, 0x5DFE, 0x80C0, 0x058A, 0x3FAD, 0x21BC, 0x7048, 0xF104, 477 0x63DF, 0x77C1, 0xAF75, 0x4263, 0x2030, 0xE51A, 0xFD0E, 0xBF6D, 478 0x814C, 0x1814, 0x2635, 0xC32F, 0xBEE1, 0x35A2, 0x88CC, 0x2E39, 479 0x9357, 0x55F2, 0xFC82, 0x7A47, 0xC8AC, 0xBAE7, 0x322B, 0xE695, 480 0xC0A0, 0x1998, 0x9ED1, 0xA37F, 0x4466, 0x547E, 0x3BAB, 0x0B83, 481 0x8CCA, 0xC729, 0x6BD3, 0x283C, 0xA779, 0xBCE2, 0x161D, 0xAD76, 482 0xDB3B, 0x6456, 0x744E, 0x141E, 0x92DB, 0x0C0A, 0x486C, 0xB8E4, 483 0x9F5D, 0xBD6E, 0x43EF, 0xC4A6, 0x39A8, 0x31A4, 0xD337, 0xF28B, 484 0xD532, 0x8B43, 0x6E59, 0xDAB7, 0x018C, 0xB164, 0x9CD2, 0x49E0, 485 0xD8B4, 0xACFA, 0xF307, 0xCF25, 0xCAAF, 0xF48E, 0x47E9, 0x1018, 486 0x6FD5, 0xF088, 0x4A6F, 0x5C72, 0x3824, 0x57F1, 0x73C7, 0x9751, 487 0xCB23, 0xA17C, 0xE89C, 0x3E21, 0x96DD, 0x61DC, 0x0D86, 0x0F85, 488 0xE090, 0x7C42, 0x71C4, 0xCCAA, 0x90D8, 0x0605, 0xF701, 0x1C12, 489 0xC2A3, 0x6A5F, 0xAEF9, 0x69D0, 0x1791, 0x9958, 0x3A27, 0x27B9, 490 0xD938, 0xEB13, 0x2BB3, 0x2233, 0xD2BB, 0xA970, 0x0789, 0x33A7, 491 0x2DB6, 0x3C22, 0x1592, 0xC920, 0x8749, 0xAAFF, 0x5078, 0xA57A, 492 0x038F, 0x59F8, 0x0980, 0x1A17, 0x65DA, 0xD731, 0x84C6, 0xD0B8, 493 0x82C3, 0x29B0, 0x5A77, 0x1E11, 0x7BCB, 0xA8FC, 0x6DD6, 0x2C3A, 494 }, 495 496 497 { /* second half of table is unsigned char-reversed version of first! */ 498 0xA5C6, 0x84F8, 0x99EE, 0x8DF6, 0x0DFF, 0xBDD6, 0xB1DE, 0x5491, 499 0x5060, 0x0302, 0xA9CE, 0x7D56, 0x19E7, 0x62B5, 0xE64D, 0x9AEC, 500 0x458F, 0x9D1F, 0x4089, 0x87FA, 0x15EF, 0xEBB2, 0xC98E, 0x0BFB, 501 0xEC41, 0x67B3, 0xFD5F, 0xEA45, 0xBF23, 0xF753, 0x96E4, 0x5B9B, 502 0xC275, 0x1CE1, 0xAE3D, 0x6A4C, 0x5A6C, 0x417E, 0x02F5, 0x4F83, 503 0x5C68, 0xF451, 0x34D1, 0x08F9, 0x93E2, 0x73AB, 0x5362, 0x3F2A, 504 0x0C08, 0x5295, 0x6546, 0x5E9D, 0x2830, 0xA137, 0x0F0A, 0xB52F, 505 0x090E, 0x3624, 0x9B1B, 0x3DDF, 0x26CD, 0x694E, 0xCD7F, 0x9FEA, 506 0x1B12, 0x9E1D, 0x7458, 0x2E34, 0x2D36, 0xB2DC, 0xEEB4, 0xFB5B, 507 0xF6A4, 0x4D76, 0x61B7, 0xCE7D, 0x7B52, 0x3EDD, 0x715E, 0x9713, 508 0xF5A6, 0x68B9, 0x0000, 0x2CC1, 0x6040, 0x1FE3, 0xC879, 0xEDB6, 509 0xBED4, 0x468D, 0xD967, 0x4B72, 0xDE94, 0xD498, 0xE8B0, 0x4A85, 510 0x6BBB, 0x2AC5, 0xE54F, 0x16ED, 0xC586, 0xD79A, 0x5566, 0x9411, 511 0xCF8A, 0x10E9, 0x0604, 0x81FE, 0xF0A0, 0x4478, 0xBA25, 0xE34B, 512 0xF3A2, 0xFE5D, 0xC080, 0x8A05, 0xAD3F, 0xBC21, 0x4870, 0x04F1, 513 0xDF63, 0xC177, 0x75AF, 0x6342, 0x3020, 0x1AE5, 0x0EFD, 0x6DBF, 514 0x4C81, 0x1418, 0x3526, 0x2FC3, 0xE1BE, 0xA235, 0xCC88, 0x392E, 515 0x5793, 0xF255, 0x82FC, 0x477A, 0xACC8, 0xE7BA, 0x2B32, 0x95E6, 516 0xA0C0, 0x9819, 0xD19E, 0x7FA3, 0x6644, 0x7E54, 0xAB3B, 0x830B, 517 0xCA8C, 0x29C7, 0xD36B, 0x3C28, 0x79A7, 0xE2BC, 0x1D16, 0x76AD, 518 0x3BDB, 0x5664, 0x4E74, 0x1E14, 0xDB92, 0x0A0C, 0x6C48, 0xE4B8, 519 0x5D9F, 0x6EBD, 0xEF43, 0xA6C4, 0xA839, 0xA431, 0x37D3, 0x8BF2, 520 0x32D5, 0x438B, 0x596E, 0xB7DA, 0x8C01, 0x64B1, 0xD29C, 0xE049, 521 0xB4D8, 0xFAAC, 0x07F3, 0x25CF, 0xAFCA, 0x8EF4, 0xE947, 0x1810, 522 0xD56F, 0x88F0, 0x6F4A, 0x725C, 0x2438, 0xF157, 0xC773, 0x5197, 523 0x23CB, 0x7CA1, 0x9CE8, 0x213E, 0xDD96, 0xDC61, 0x860D, 0x850F, 524 0x90E0, 0x427C, 0xC471, 0xAACC, 0xD890, 0x0506, 0x01F7, 0x121C, 525 0xA3C2, 0x5F6A, 0xF9AE, 0xD069, 0x9117, 0x5899, 0x273A, 0xB927, 526 0x38D9, 0x13EB, 0xB32B, 0x3322, 0xBBD2, 0x70A9, 0x8907, 0xA733, 527 0xB62D, 0x223C, 0x9215, 0x20C9, 0x4987, 0xFFAA, 0x7850, 0x7AA5, 528 0x8F03, 0xF859, 0x8009, 0x171A, 0xDA65, 0x31D7, 0xC684, 0xB8D0, 529 0xC382, 0xB029, 0x775A, 0x111E, 0xCB7B, 0xFCA8, 0xD66D, 0x3A2C, 530 } 531 }; 532 533 /* 534 ********************************************************************** 535 * Routine: Phase 1 -- generate P1K, given TA, TK, IV32 536 * 537 * Inputs: 538 * tk[] = temporal key [128 bits] 539 * ta[] = transmitter's MAC address [ 48 bits] 540 * iv32 = upper 32 bits of IV [ 32 bits] 541 * Output: 542 * p1k[] = Phase 1 key [ 80 bits] 543 * 544 * Note: 545 * This function only needs to be called every 2**16 packets, 546 * although in theory it could be called every packet. 547 * 548 ********************************************************************** 549 */ 550 static void phase1(u16 *p1k, const u8 *tk, const u8 *ta, u32 iv32) 551 { 552 sint i; 553 554 /* Initialize the 80 bits of P1K[] from IV32 and TA[0..5] */ 555 p1k[0] = Lo16(iv32); 556 p1k[1] = Hi16(iv32); 557 p1k[2] = Mk16(ta[1], ta[0]); /* use TA[] as little-endian */ 558 p1k[3] = Mk16(ta[3], ta[2]); 559 p1k[4] = Mk16(ta[5], ta[4]); 560 561 /* Now compute an unbalanced Feistel cipher with 80-bit block */ 562 /* size on the 80-bit block P1K[], using the 128-bit key TK[] */ 563 for (i = 0; i < PHASE1_LOOP_CNT; i++) { 564 /* Each add operation here is mod 2**16 */ 565 p1k[0] += _S_(p1k[4] ^ TK16((i&1)+0)); 566 p1k[1] += _S_(p1k[0] ^ TK16((i&1)+2)); 567 p1k[2] += _S_(p1k[1] ^ TK16((i&1)+4)); 568 p1k[3] += _S_(p1k[2] ^ TK16((i&1)+6)); 569 p1k[4] += _S_(p1k[3] ^ TK16((i&1)+0)); 570 p1k[4] += (unsigned short)i; /* avoid "slide attacks" */ 571 } 572 } 573 574 575 /* 576 ********************************************************************** 577 * Routine: Phase 2 -- generate RC4KEY, given TK, P1K, IV16 578 * 579 * Inputs: 580 * tk[] = Temporal key [128 bits] 581 * p1k[] = Phase 1 output key [ 80 bits] 582 * iv16 = low 16 bits of IV counter [ 16 bits] 583 * Output: 584 * rc4key[] = the key used to encrypt the packet [128 bits] 585 * 586 * Note: 587 * The value {TA, IV32, IV16} for Phase1/Phase2 must be unique 588 * across all packets using the same key TK value. Then, for a 589 * given value of TK[], this TKIP48 construction guarantees that 590 * the final RC4KEY value is unique across all packets. 591 * 592 * Suggested implementation optimization: if PPK[] is "overlaid" 593 * appropriately on RC4KEY[], there is no need for the final 594 * for loop below that copies the PPK[] result into RC4KEY[]. 595 * 596 ********************************************************************** 597 */ 598 static void phase2(u8 *rc4key, const u8 *tk, const u16 *p1k, u16 iv16) 599 { 600 sint i; 601 u16 PPK[6]; /* temporary key for mixing */ 602 603 /* Note: all adds in the PPK[] equations below are mod 2**16 */ 604 for (i = 0; i < 5; i++) 605 PPK[i] = p1k[i]; /* first, copy P1K to PPK */ 606 607 PPK[5] = p1k[4]+iv16; /* next, add in IV16 */ 608 609 /* Bijective non-linear mixing of the 96 bits of PPK[0..5] */ 610 PPK[0] += _S_(PPK[5] ^ TK16(0)); /* Mix key in each "round" */ 611 PPK[1] += _S_(PPK[0] ^ TK16(1)); 612 PPK[2] += _S_(PPK[1] ^ TK16(2)); 613 PPK[3] += _S_(PPK[2] ^ TK16(3)); 614 PPK[4] += _S_(PPK[3] ^ TK16(4)); 615 PPK[5] += _S_(PPK[4] ^ TK16(5)); /* Total # S-box lookups == 6 */ 616 617 /* Final sweep: bijective, "linear". Rotates kill LSB correlations */ 618 PPK[0] += RotR1(PPK[5] ^ TK16(6)); 619 PPK[1] += RotR1(PPK[0] ^ TK16(7)); /* Use all of TK[] in Phase2 */ 620 PPK[2] += RotR1(PPK[1]); 621 PPK[3] += RotR1(PPK[2]); 622 PPK[4] += RotR1(PPK[3]); 623 PPK[5] += RotR1(PPK[4]); 624 /* Note: At this point, for a given key TK[0..15], the 96-bit output */ 625 /* value PPK[0..5] is guaranteed to be unique, as a function */ 626 /* of the 96-bit "input" value {TA, IV32, IV16}. That is, P1K */ 627 /* is now a keyed permutation of {TA, IV32, IV16}. */ 628 629 /* Set RC4KEY[0..3], which includes "cleartext" portion of RC4 key */ 630 rc4key[0] = Hi8(iv16); /* RC4KEY[0..2] is the WEP IV */ 631 rc4key[1] = (Hi8(iv16) | 0x20) & 0x7F; /* Help avoid weak (FMS) keys */ 632 rc4key[2] = Lo8(iv16); 633 rc4key[3] = Lo8((PPK[5] ^ TK16(0)) >> 1); 634 635 636 /* Copy 96 bits of PPK[0..5] to RC4KEY[4..15] (little-endian) */ 637 for (i = 0; i < 6; i++) { 638 rc4key[4+2*i] = Lo8(PPK[i]); 639 rc4key[5+2*i] = Hi8(PPK[i]); 640 } 641 } 642 643 644 /* The hlen isn't include the IV */ 645 u32 rtw_tkip_encrypt(struct adapter *padapter, u8 *pxmitframe) 646 { /* exclude ICV */ 647 u16 pnl; 648 u32 pnh; 649 u8 rc4key[16]; 650 u8 ttkey[16]; 651 u8 crc[4]; 652 u8 hw_hdr_offset = 0; 653 struct arc4context mycontext; 654 sint curfragnum, length; 655 656 u8 *pframe, *payload, *iv, *prwskey; 657 union pn48 dot11txpn; 658 struct pkt_attrib *pattrib = &((struct xmit_frame *)pxmitframe)->attrib; 659 struct security_priv *psecuritypriv = &padapter->securitypriv; 660 struct xmit_priv *pxmitpriv = &padapter->xmitpriv; 661 u32 res = _SUCCESS; 662 663 if (((struct xmit_frame *)pxmitframe)->buf_addr == NULL) 664 return _FAIL; 665 666 hw_hdr_offset = TXDESC_OFFSET; 667 pframe = ((struct xmit_frame *)pxmitframe)->buf_addr + hw_hdr_offset; 668 669 /* 4 start to encrypt each fragment */ 670 if (pattrib->encrypt == _TKIP_) { 671 672 { 673 RT_TRACE(_module_rtl871x_security_c_, _drv_err_, ("%s: stainfo!= NULL!!!\n", __func__)); 674 675 if (IS_MCAST(pattrib->ra)) 676 prwskey = psecuritypriv->dot118021XGrpKey[psecuritypriv->dot118021XGrpKeyid].skey; 677 else 678 prwskey = pattrib->dot118021x_UncstKey.skey; 679 680 for (curfragnum = 0; curfragnum < pattrib->nr_frags; curfragnum++) { 681 iv = pframe+pattrib->hdrlen; 682 payload = pframe+pattrib->iv_len+pattrib->hdrlen; 683 684 GET_TKIP_PN(iv, dot11txpn); 685 686 pnl = (u16)(dot11txpn.val); 687 pnh = (u32)(dot11txpn.val>>16); 688 689 phase1((u16 *)&ttkey[0], prwskey, &pattrib->ta[0], pnh); 690 691 phase2(&rc4key[0], prwskey, (u16 *)&ttkey[0], pnl); 692 693 if ((curfragnum+1) == pattrib->nr_frags) { /* 4 the last fragment */ 694 length = pattrib->last_txcmdsz-pattrib->hdrlen-pattrib->iv_len-pattrib->icv_len; 695 RT_TRACE(_module_rtl871x_security_c_, _drv_info_, ("pattrib->iv_len =%x, pattrib->icv_len =%x\n", pattrib->iv_len, pattrib->icv_len)); 696 *((__le32 *)crc) = getcrc32(payload, length);/* modified by Amy*/ 697 698 arcfour_init(&mycontext, rc4key, 16); 699 arcfour_encrypt(&mycontext, payload, payload, length); 700 arcfour_encrypt(&mycontext, payload+length, crc, 4); 701 702 } else { 703 length = pxmitpriv->frag_len-pattrib->hdrlen-pattrib->iv_len-pattrib->icv_len; 704 *((__le32 *)crc) = getcrc32(payload, length);/* modified by Amy*/ 705 arcfour_init(&mycontext, rc4key, 16); 706 arcfour_encrypt(&mycontext, payload, payload, length); 707 arcfour_encrypt(&mycontext, payload+length, crc, 4); 708 709 pframe += pxmitpriv->frag_len; 710 pframe = (u8 *)round_up((SIZE_PTR)(pframe), 4); 711 } 712 } 713 714 TKIP_SW_ENC_CNT_INC(psecuritypriv, pattrib->ra); 715 } 716 } 717 return res; 718 } 719 720 721 /* The hlen isn't include the IV */ 722 u32 rtw_tkip_decrypt(struct adapter *padapter, u8 *precvframe) 723 { /* exclude ICV */ 724 u16 pnl; 725 u32 pnh; 726 u8 rc4key[16]; 727 u8 ttkey[16]; 728 u8 crc[4]; 729 struct arc4context mycontext; 730 sint length; 731 732 u8 *pframe, *payload, *iv, *prwskey; 733 union pn48 dot11txpn; 734 struct sta_info *stainfo; 735 struct rx_pkt_attrib *prxattrib = &((union recv_frame *)precvframe)->u.hdr.attrib; 736 struct security_priv *psecuritypriv = &padapter->securitypriv; 737 u32 res = _SUCCESS; 738 739 pframe = (unsigned char *)((union recv_frame *)precvframe)->u.hdr.rx_data; 740 741 /* 4 start to decrypt recvframe */ 742 if (prxattrib->encrypt == _TKIP_) { 743 stainfo = rtw_get_stainfo(&padapter->stapriv, &prxattrib->ta[0]); 744 if (stainfo) { 745 if (IS_MCAST(prxattrib->ra)) { 746 static unsigned long start; 747 static u32 no_gkey_bc_cnt; 748 static u32 no_gkey_mc_cnt; 749 750 if (!psecuritypriv->binstallGrpkey) { 751 res = _FAIL; 752 753 if (start == 0) 754 start = jiffies; 755 756 if (is_broadcast_mac_addr(prxattrib->ra)) 757 no_gkey_bc_cnt++; 758 else 759 no_gkey_mc_cnt++; 760 761 if (jiffies_to_msecs(jiffies - start) > 1000) { 762 if (no_gkey_bc_cnt || no_gkey_mc_cnt) { 763 DBG_871X_LEVEL(_drv_always_, FUNC_ADPT_FMT" no_gkey_bc_cnt:%u, no_gkey_mc_cnt:%u\n", 764 FUNC_ADPT_ARG(padapter), no_gkey_bc_cnt, no_gkey_mc_cnt); 765 } 766 start = jiffies; 767 no_gkey_bc_cnt = 0; 768 no_gkey_mc_cnt = 0; 769 } 770 goto exit; 771 } 772 773 if (no_gkey_bc_cnt || no_gkey_mc_cnt) { 774 DBG_871X_LEVEL(_drv_always_, FUNC_ADPT_FMT" gkey installed. no_gkey_bc_cnt:%u, no_gkey_mc_cnt:%u\n", 775 FUNC_ADPT_ARG(padapter), no_gkey_bc_cnt, no_gkey_mc_cnt); 776 } 777 start = 0; 778 no_gkey_bc_cnt = 0; 779 no_gkey_mc_cnt = 0; 780 781 prwskey = psecuritypriv->dot118021XGrpKey[prxattrib->key_index].skey; 782 } else { 783 prwskey = &stainfo->dot118021x_UncstKey.skey[0]; 784 } 785 786 iv = pframe+prxattrib->hdrlen; 787 payload = pframe+prxattrib->iv_len+prxattrib->hdrlen; 788 length = ((union recv_frame *)precvframe)->u.hdr.len-prxattrib->hdrlen-prxattrib->iv_len; 789 790 GET_TKIP_PN(iv, dot11txpn); 791 792 pnl = (u16)(dot11txpn.val); 793 pnh = (u32)(dot11txpn.val>>16); 794 795 phase1((u16 *)&ttkey[0], prwskey, &prxattrib->ta[0], pnh); 796 phase2(&rc4key[0], prwskey, (unsigned short *)&ttkey[0], pnl); 797 798 /* 4 decrypt payload include icv */ 799 800 arcfour_init(&mycontext, rc4key, 16); 801 arcfour_encrypt(&mycontext, payload, payload, length); 802 803 *((u32 *)crc) = le32_to_cpu(getcrc32(payload, length-4)); 804 805 if (crc[3] != payload[length-1] || crc[2] != payload[length-2] || crc[1] != payload[length-3] || crc[0] != payload[length-4]) { 806 RT_TRACE(_module_rtl871x_security_c_, 807 _drv_err_, 808 ("rtw_wep_decrypt:icv error crc[3](%x)!=payload[length-1](%x) || crc[2](%x)!=payload[length-2](%x) || crc[1](%x)!=payload[length-3](%x) || crc[0](%x)!=payload[length-4](%x)\n", 809 crc[3], payload[length - 1], 810 crc[2], payload[length - 2], 811 crc[1], payload[length - 3], 812 crc[0], payload[length - 4])); 813 res = _FAIL; 814 } 815 816 TKIP_SW_DEC_CNT_INC(psecuritypriv, prxattrib->ra); 817 } else { 818 RT_TRACE(_module_rtl871x_security_c_, _drv_err_, ("%s: stainfo == NULL!!!\n", __func__)); 819 res = _FAIL; 820 } 821 } 822 exit: 823 return res; 824 } 825 826 827 /* 3 =====AES related ===== */ 828 829 830 831 #define MAX_MSG_SIZE 2048 832 /*****************************/ 833 /******** SBOX Table *********/ 834 /*****************************/ 835 836 static const u8 sbox_table[256] = { 837 0x63, 0x7c, 0x77, 0x7b, 0xf2, 0x6b, 0x6f, 0xc5, 838 0x30, 0x01, 0x67, 0x2b, 0xfe, 0xd7, 0xab, 0x76, 839 0xca, 0x82, 0xc9, 0x7d, 0xfa, 0x59, 0x47, 0xf0, 840 0xad, 0xd4, 0xa2, 0xaf, 0x9c, 0xa4, 0x72, 0xc0, 841 0xb7, 0xfd, 0x93, 0x26, 0x36, 0x3f, 0xf7, 0xcc, 842 0x34, 0xa5, 0xe5, 0xf1, 0x71, 0xd8, 0x31, 0x15, 843 0x04, 0xc7, 0x23, 0xc3, 0x18, 0x96, 0x05, 0x9a, 844 0x07, 0x12, 0x80, 0xe2, 0xeb, 0x27, 0xb2, 0x75, 845 0x09, 0x83, 0x2c, 0x1a, 0x1b, 0x6e, 0x5a, 0xa0, 846 0x52, 0x3b, 0xd6, 0xb3, 0x29, 0xe3, 0x2f, 0x84, 847 0x53, 0xd1, 0x00, 0xed, 0x20, 0xfc, 0xb1, 0x5b, 848 0x6a, 0xcb, 0xbe, 0x39, 0x4a, 0x4c, 0x58, 0xcf, 849 0xd0, 0xef, 0xaa, 0xfb, 0x43, 0x4d, 0x33, 0x85, 850 0x45, 0xf9, 0x02, 0x7f, 0x50, 0x3c, 0x9f, 0xa8, 851 0x51, 0xa3, 0x40, 0x8f, 0x92, 0x9d, 0x38, 0xf5, 852 0xbc, 0xb6, 0xda, 0x21, 0x10, 0xff, 0xf3, 0xd2, 853 0xcd, 0x0c, 0x13, 0xec, 0x5f, 0x97, 0x44, 0x17, 854 0xc4, 0xa7, 0x7e, 0x3d, 0x64, 0x5d, 0x19, 0x73, 855 0x60, 0x81, 0x4f, 0xdc, 0x22, 0x2a, 0x90, 0x88, 856 0x46, 0xee, 0xb8, 0x14, 0xde, 0x5e, 0x0b, 0xdb, 857 0xe0, 0x32, 0x3a, 0x0a, 0x49, 0x06, 0x24, 0x5c, 858 0xc2, 0xd3, 0xac, 0x62, 0x91, 0x95, 0xe4, 0x79, 859 0xe7, 0xc8, 0x37, 0x6d, 0x8d, 0xd5, 0x4e, 0xa9, 860 0x6c, 0x56, 0xf4, 0xea, 0x65, 0x7a, 0xae, 0x08, 861 0xba, 0x78, 0x25, 0x2e, 0x1c, 0xa6, 0xb4, 0xc6, 862 0xe8, 0xdd, 0x74, 0x1f, 0x4b, 0xbd, 0x8b, 0x8a, 863 0x70, 0x3e, 0xb5, 0x66, 0x48, 0x03, 0xf6, 0x0e, 864 0x61, 0x35, 0x57, 0xb9, 0x86, 0xc1, 0x1d, 0x9e, 865 0xe1, 0xf8, 0x98, 0x11, 0x69, 0xd9, 0x8e, 0x94, 866 0x9b, 0x1e, 0x87, 0xe9, 0xce, 0x55, 0x28, 0xdf, 867 0x8c, 0xa1, 0x89, 0x0d, 0xbf, 0xe6, 0x42, 0x68, 868 0x41, 0x99, 0x2d, 0x0f, 0xb0, 0x54, 0xbb, 0x16 869 }; 870 871 /*****************************/ 872 /**** Function Prototypes ****/ 873 /*****************************/ 874 875 static void bitwise_xor(u8 *ina, u8 *inb, u8 *out); 876 static void construct_mic_iv(u8 *mic_header1, 877 sint qc_exists, 878 sint a4_exists, 879 u8 *mpdu, 880 uint payload_length, 881 u8 *pn_vector, 882 uint frtype); /* add for CONFIG_IEEE80211W, none 11w also can use */ 883 static void construct_mic_header1(u8 *mic_header1, 884 sint header_length, 885 u8 *mpdu, 886 uint frtype); /* for CONFIG_IEEE80211W, none 11w also can use */ 887 static void construct_mic_header2(u8 *mic_header2, 888 u8 *mpdu, 889 sint a4_exists, 890 sint qc_exists); 891 static void construct_ctr_preload(u8 *ctr_preload, 892 sint a4_exists, 893 sint qc_exists, 894 u8 *mpdu, 895 u8 *pn_vector, 896 sint c, 897 uint frtype); /* for CONFIG_IEEE80211W, none 11w also can use */ 898 static void xor_128(u8 *a, u8 *b, u8 *out); 899 static void xor_32(u8 *a, u8 *b, u8 *out); 900 static u8 sbox(u8 a); 901 static void next_key(u8 *key, sint round); 902 static void byte_sub(u8 *in, u8 *out); 903 static void shift_row(u8 *in, u8 *out); 904 static void mix_column(u8 *in, u8 *out); 905 static void aes128k128d(u8 *key, u8 *data, u8 *ciphertext); 906 907 908 /****************************************/ 909 /* aes128k128d() */ 910 /* Performs a 128 bit AES encrypt with */ 911 /* 128 bit data. */ 912 /****************************************/ 913 static void xor_128(u8 *a, u8 *b, u8 *out) 914 { 915 sint i; 916 917 for (i = 0; i < 16; i++) 918 out[i] = a[i] ^ b[i]; 919 } 920 921 922 static void xor_32(u8 *a, u8 *b, u8 *out) 923 { 924 sint i; 925 926 for (i = 0; i < 4; i++) 927 out[i] = a[i] ^ b[i]; 928 } 929 930 931 static u8 sbox(u8 a) 932 { 933 return sbox_table[(sint)a]; 934 } 935 936 937 static void next_key(u8 *key, sint round) 938 { 939 u8 rcon; 940 u8 sbox_key[4]; 941 static const u8 rcon_table[12] = { 942 0x01, 0x02, 0x04, 0x08, 943 0x10, 0x20, 0x40, 0x80, 944 0x1b, 0x36, 0x36, 0x36 945 }; 946 sbox_key[0] = sbox(key[13]); 947 sbox_key[1] = sbox(key[14]); 948 sbox_key[2] = sbox(key[15]); 949 sbox_key[3] = sbox(key[12]); 950 951 rcon = rcon_table[round]; 952 953 xor_32(&key[0], sbox_key, &key[0]); 954 key[0] = key[0] ^ rcon; 955 956 xor_32(&key[4], &key[0], &key[4]); 957 xor_32(&key[8], &key[4], &key[8]); 958 xor_32(&key[12], &key[8], &key[12]); 959 } 960 961 962 static void byte_sub(u8 *in, u8 *out) 963 { 964 sint i; 965 966 for (i = 0; i < 16; i++) 967 out[i] = sbox(in[i]); 968 } 969 970 971 static void shift_row(u8 *in, u8 *out) 972 { 973 out[0] = in[0]; 974 out[1] = in[5]; 975 out[2] = in[10]; 976 out[3] = in[15]; 977 out[4] = in[4]; 978 out[5] = in[9]; 979 out[6] = in[14]; 980 out[7] = in[3]; 981 out[8] = in[8]; 982 out[9] = in[13]; 983 out[10] = in[2]; 984 out[11] = in[7]; 985 out[12] = in[12]; 986 out[13] = in[1]; 987 out[14] = in[6]; 988 out[15] = in[11]; 989 } 990 991 static void mix_column(u8 *in, u8 *out) 992 { 993 sint i; 994 u8 add1b[4]; 995 u8 add1bf7[4]; 996 u8 rotl[4]; 997 u8 swap_halfs[4]; 998 u8 andf7[4]; 999 u8 rotr[4]; 1000 u8 temp[4]; 1001 u8 tempb[4]; 1002 1003 for (i = 0; i < 4; i++) { 1004 if ((in[i] & 0x80) == 0x80) 1005 add1b[i] = 0x1b; 1006 else 1007 add1b[i] = 0x00; 1008 } 1009 1010 swap_halfs[0] = in[2]; /* Swap halfs */ 1011 swap_halfs[1] = in[3]; 1012 swap_halfs[2] = in[0]; 1013 swap_halfs[3] = in[1]; 1014 1015 rotl[0] = in[3]; /* Rotate left 8 bits */ 1016 rotl[1] = in[0]; 1017 rotl[2] = in[1]; 1018 rotl[3] = in[2]; 1019 1020 andf7[0] = in[0] & 0x7f; 1021 andf7[1] = in[1] & 0x7f; 1022 andf7[2] = in[2] & 0x7f; 1023 andf7[3] = in[3] & 0x7f; 1024 1025 for (i = 3; i > 0; i--) { /* logical shift left 1 bit */ 1026 andf7[i] = andf7[i] << 1; 1027 if ((andf7[i-1] & 0x80) == 0x80) 1028 andf7[i] = (andf7[i] | 0x01); 1029 } 1030 andf7[0] = andf7[0] << 1; 1031 andf7[0] = andf7[0] & 0xfe; 1032 1033 xor_32(add1b, andf7, add1bf7); 1034 1035 xor_32(in, add1bf7, rotr); 1036 1037 temp[0] = rotr[0]; /* Rotate right 8 bits */ 1038 rotr[0] = rotr[1]; 1039 rotr[1] = rotr[2]; 1040 rotr[2] = rotr[3]; 1041 rotr[3] = temp[0]; 1042 1043 xor_32(add1bf7, rotr, temp); 1044 xor_32(swap_halfs, rotl, tempb); 1045 xor_32(temp, tempb, out); 1046 } 1047 1048 static void aes128k128d(u8 *key, u8 *data, u8 *ciphertext) 1049 { 1050 sint round; 1051 sint i; 1052 u8 intermediatea[16]; 1053 u8 intermediateb[16]; 1054 u8 round_key[16]; 1055 1056 for (i = 0; i < 16; i++) 1057 round_key[i] = key[i]; 1058 1059 for (round = 0; round < 11; round++) { 1060 if (round == 0) { 1061 xor_128(round_key, data, ciphertext); 1062 next_key(round_key, round); 1063 } else if (round == 10) { 1064 byte_sub(ciphertext, intermediatea); 1065 shift_row(intermediatea, intermediateb); 1066 xor_128(intermediateb, round_key, ciphertext); 1067 } else { /* 1 - 9 */ 1068 byte_sub(ciphertext, intermediatea); 1069 shift_row(intermediatea, intermediateb); 1070 mix_column(&intermediateb[0], &intermediatea[0]); 1071 mix_column(&intermediateb[4], &intermediatea[4]); 1072 mix_column(&intermediateb[8], &intermediatea[8]); 1073 mix_column(&intermediateb[12], &intermediatea[12]); 1074 xor_128(intermediatea, round_key, ciphertext); 1075 next_key(round_key, round); 1076 } 1077 } 1078 } 1079 1080 /************************************************/ 1081 /* construct_mic_iv() */ 1082 /* Builds the MIC IV from header fields and PN */ 1083 /* Baron think the function is construct CCM */ 1084 /* nonce */ 1085 /************************************************/ 1086 static void construct_mic_iv(u8 *mic_iv, 1087 sint qc_exists, 1088 sint a4_exists, 1089 u8 *mpdu, 1090 uint payload_length, 1091 u8 *pn_vector, 1092 uint frtype) /* add for CONFIG_IEEE80211W, none 11w also can use */ 1093 { 1094 sint i; 1095 1096 mic_iv[0] = 0x59; 1097 1098 if (qc_exists && a4_exists) 1099 mic_iv[1] = mpdu[30] & 0x0f; /* QoS_TC */ 1100 1101 if (qc_exists && !a4_exists) 1102 mic_iv[1] = mpdu[24] & 0x0f; /* mute bits 7-4 */ 1103 1104 if (!qc_exists) 1105 mic_iv[1] = 0x00; 1106 1107 /* 802.11w management frame should set management bit(4) */ 1108 if (frtype == WIFI_MGT_TYPE) 1109 mic_iv[1] |= BIT(4); 1110 1111 for (i = 2; i < 8; i++) 1112 mic_iv[i] = mpdu[i + 8]; /* mic_iv[2:7] = A2[0:5] = mpdu[10:15] */ 1113 #ifdef CONSISTENT_PN_ORDER 1114 for (i = 8; i < 14; i++) 1115 mic_iv[i] = pn_vector[i - 8]; /* mic_iv[8:13] = PN[0:5] */ 1116 #else 1117 for (i = 8; i < 14; i++) 1118 mic_iv[i] = pn_vector[13 - i]; /* mic_iv[8:13] = PN[5:0] */ 1119 #endif 1120 mic_iv[14] = (unsigned char) (payload_length / 256); 1121 mic_iv[15] = (unsigned char) (payload_length % 256); 1122 } 1123 1124 /************************************************/ 1125 /* construct_mic_header1() */ 1126 /* Builds the first MIC header block from */ 1127 /* header fields. */ 1128 /* Build AAD SC, A1, A2 */ 1129 /************************************************/ 1130 static void construct_mic_header1(u8 *mic_header1, 1131 sint header_length, 1132 u8 *mpdu, 1133 uint frtype) /* for CONFIG_IEEE80211W, none 11w also can use */ 1134 { 1135 mic_header1[0] = (u8)((header_length - 2) / 256); 1136 mic_header1[1] = (u8)((header_length - 2) % 256); 1137 1138 /* 802.11w management frame don't AND subtype bits 4, 5, 6 of frame control field */ 1139 if (frtype == WIFI_MGT_TYPE) 1140 mic_header1[2] = mpdu[0]; 1141 else 1142 mic_header1[2] = mpdu[0] & 0xcf; /* Mute CF poll & CF ack bits */ 1143 1144 mic_header1[3] = mpdu[1] & 0xc7; /* Mute retry, more data and pwr mgt bits */ 1145 mic_header1[4] = mpdu[4]; /* A1 */ 1146 mic_header1[5] = mpdu[5]; 1147 mic_header1[6] = mpdu[6]; 1148 mic_header1[7] = mpdu[7]; 1149 mic_header1[8] = mpdu[8]; 1150 mic_header1[9] = mpdu[9]; 1151 mic_header1[10] = mpdu[10]; /* A2 */ 1152 mic_header1[11] = mpdu[11]; 1153 mic_header1[12] = mpdu[12]; 1154 mic_header1[13] = mpdu[13]; 1155 mic_header1[14] = mpdu[14]; 1156 mic_header1[15] = mpdu[15]; 1157 } 1158 1159 /************************************************/ 1160 /* construct_mic_header2() */ 1161 /* Builds the last MIC header block from */ 1162 /* header fields. */ 1163 /************************************************/ 1164 static void construct_mic_header2(u8 *mic_header2, 1165 u8 *mpdu, 1166 sint a4_exists, 1167 sint qc_exists) 1168 { 1169 sint i; 1170 1171 for (i = 0; i < 16; i++) 1172 mic_header2[i] = 0x00; 1173 1174 mic_header2[0] = mpdu[16]; /* A3 */ 1175 mic_header2[1] = mpdu[17]; 1176 mic_header2[2] = mpdu[18]; 1177 mic_header2[3] = mpdu[19]; 1178 mic_header2[4] = mpdu[20]; 1179 mic_header2[5] = mpdu[21]; 1180 1181 mic_header2[6] = 0x00; 1182 mic_header2[7] = 0x00; /* mpdu[23]; */ 1183 1184 if (!qc_exists && a4_exists) { 1185 for (i = 0; i < 6; i++) 1186 mic_header2[8+i] = mpdu[24+i]; /* A4 */ 1187 } 1188 1189 if (qc_exists && !a4_exists) { 1190 mic_header2[8] = mpdu[24] & 0x0f; /* mute bits 15 - 4 */ 1191 mic_header2[9] = mpdu[25] & 0x00; 1192 } 1193 1194 if (qc_exists && a4_exists) { 1195 for (i = 0; i < 6; i++) 1196 mic_header2[8+i] = mpdu[24+i]; /* A4 */ 1197 1198 mic_header2[14] = mpdu[30] & 0x0f; 1199 mic_header2[15] = mpdu[31] & 0x00; 1200 } 1201 } 1202 1203 /************************************************/ 1204 /* construct_mic_header2() */ 1205 /* Builds the last MIC header block from */ 1206 /* header fields. */ 1207 /* Baron think the function is construct CCM */ 1208 /* nonce */ 1209 /************************************************/ 1210 static void construct_ctr_preload(u8 *ctr_preload, 1211 sint a4_exists, 1212 sint qc_exists, 1213 u8 *mpdu, 1214 u8 *pn_vector, 1215 sint c, 1216 uint frtype) /* for CONFIG_IEEE80211W, none 11w also can use */ 1217 { 1218 sint i = 0; 1219 1220 for (i = 0; i < 16; i++) 1221 ctr_preload[i] = 0x00; 1222 i = 0; 1223 1224 ctr_preload[0] = 0x01; /* flag */ 1225 if (qc_exists && a4_exists) 1226 ctr_preload[1] = mpdu[30] & 0x0f; /* QoC_Control */ 1227 if (qc_exists && !a4_exists) 1228 ctr_preload[1] = mpdu[24] & 0x0f; 1229 1230 /* 802.11w management frame should set management bit(4) */ 1231 if (frtype == WIFI_MGT_TYPE) 1232 ctr_preload[1] |= BIT(4); 1233 1234 for (i = 2; i < 8; i++) 1235 ctr_preload[i] = mpdu[i + 8]; /* ctr_preload[2:7] = A2[0:5] = mpdu[10:15] */ 1236 #ifdef CONSISTENT_PN_ORDER 1237 for (i = 8; i < 14; i++) 1238 ctr_preload[i] = pn_vector[i - 8]; /* ctr_preload[8:13] = PN[0:5] */ 1239 #else 1240 for (i = 8; i < 14; i++) 1241 ctr_preload[i] = pn_vector[13 - i]; /* ctr_preload[8:13] = PN[5:0] */ 1242 #endif 1243 ctr_preload[14] = (unsigned char) (c / 256); /* Ctr */ 1244 ctr_preload[15] = (unsigned char) (c % 256); 1245 } 1246 1247 /************************************/ 1248 /* bitwise_xor() */ 1249 /* A 128 bit, bitwise exclusive or */ 1250 /************************************/ 1251 static void bitwise_xor(u8 *ina, u8 *inb, u8 *out) 1252 { 1253 sint i; 1254 1255 for (i = 0; i < 16; i++) 1256 out[i] = ina[i] ^ inb[i]; 1257 } 1258 1259 static sint aes_cipher(u8 *key, uint hdrlen, 1260 u8 *pframe, uint plen) 1261 { 1262 uint qc_exists, a4_exists, i, j, payload_remainder, 1263 num_blocks, payload_index; 1264 1265 u8 pn_vector[6]; 1266 u8 mic_iv[16]; 1267 u8 mic_header1[16]; 1268 u8 mic_header2[16]; 1269 u8 ctr_preload[16]; 1270 1271 /* Intermediate Buffers */ 1272 u8 chain_buffer[16]; 1273 u8 aes_out[16]; 1274 u8 padded_buffer[16]; 1275 u8 mic[8]; 1276 uint frtype = GetFrameType(pframe); 1277 uint frsubtype = GetFrameSubType(pframe); 1278 1279 frsubtype = frsubtype>>4; 1280 1281 memset((void *)mic_iv, 0, 16); 1282 memset((void *)mic_header1, 0, 16); 1283 memset((void *)mic_header2, 0, 16); 1284 memset((void *)ctr_preload, 0, 16); 1285 memset((void *)chain_buffer, 0, 16); 1286 memset((void *)aes_out, 0, 16); 1287 memset((void *)padded_buffer, 0, 16); 1288 1289 if ((hdrlen == WLAN_HDR_A3_LEN) || (hdrlen == WLAN_HDR_A3_QOS_LEN)) 1290 a4_exists = 0; 1291 else 1292 a4_exists = 1; 1293 1294 if (((frtype|frsubtype) == WIFI_DATA_CFACK) || 1295 ((frtype|frsubtype) == WIFI_DATA_CFPOLL) || 1296 ((frtype|frsubtype) == WIFI_DATA_CFACKPOLL)) { 1297 qc_exists = 1; 1298 if (hdrlen != WLAN_HDR_A3_QOS_LEN) 1299 hdrlen += 2; 1300 1301 } else if ((frtype == WIFI_DATA) && /* add for CONFIG_IEEE80211W, none 11w also can use */ 1302 ((frsubtype == 0x08) || 1303 (frsubtype == 0x09) || 1304 (frsubtype == 0x0a) || 1305 (frsubtype == 0x0b))) { 1306 if (hdrlen != WLAN_HDR_A3_QOS_LEN) 1307 hdrlen += 2; 1308 1309 qc_exists = 1; 1310 } else { 1311 qc_exists = 0; 1312 } 1313 1314 pn_vector[0] = pframe[hdrlen]; 1315 pn_vector[1] = pframe[hdrlen+1]; 1316 pn_vector[2] = pframe[hdrlen+4]; 1317 pn_vector[3] = pframe[hdrlen+5]; 1318 pn_vector[4] = pframe[hdrlen+6]; 1319 pn_vector[5] = pframe[hdrlen+7]; 1320 1321 construct_mic_iv(mic_iv, 1322 qc_exists, 1323 a4_exists, 1324 pframe, /* message, */ 1325 plen, 1326 pn_vector, 1327 frtype); /* add for CONFIG_IEEE80211W, none 11w also can use */ 1328 1329 construct_mic_header1(mic_header1, 1330 hdrlen, 1331 pframe, /* message */ 1332 frtype); /* add for CONFIG_IEEE80211W, none 11w also can use */ 1333 1334 construct_mic_header2(mic_header2, 1335 pframe, /* message, */ 1336 a4_exists, 1337 qc_exists); 1338 1339 payload_remainder = plen % 16; 1340 num_blocks = plen / 16; 1341 1342 /* Find start of payload */ 1343 payload_index = (hdrlen + 8); 1344 1345 /* Calculate MIC */ 1346 aes128k128d(key, mic_iv, aes_out); 1347 bitwise_xor(aes_out, mic_header1, chain_buffer); 1348 aes128k128d(key, chain_buffer, aes_out); 1349 bitwise_xor(aes_out, mic_header2, chain_buffer); 1350 aes128k128d(key, chain_buffer, aes_out); 1351 1352 for (i = 0; i < num_blocks; i++) { 1353 bitwise_xor(aes_out, &pframe[payload_index], chain_buffer); 1354 1355 payload_index += 16; 1356 aes128k128d(key, chain_buffer, aes_out); 1357 } 1358 1359 /* Add on the final payload block if it needs padding */ 1360 if (payload_remainder > 0) { 1361 for (j = 0; j < 16; j++) 1362 padded_buffer[j] = 0x00; 1363 for (j = 0; j < payload_remainder; j++) 1364 padded_buffer[j] = pframe[payload_index++]; 1365 1366 bitwise_xor(aes_out, padded_buffer, chain_buffer); 1367 aes128k128d(key, chain_buffer, aes_out); 1368 } 1369 1370 for (j = 0 ; j < 8; j++) 1371 mic[j] = aes_out[j]; 1372 1373 /* Insert MIC into payload */ 1374 for (j = 0; j < 8; j++) 1375 pframe[payload_index+j] = mic[j]; 1376 1377 payload_index = hdrlen + 8; 1378 for (i = 0; i < num_blocks; i++) { 1379 construct_ctr_preload(ctr_preload, a4_exists, qc_exists, pframe, /* message, */ 1380 pn_vector, i+1, frtype); 1381 /* add for CONFIG_IEEE80211W, none 11w also can use */ 1382 aes128k128d(key, ctr_preload, aes_out); 1383 bitwise_xor(aes_out, &pframe[payload_index], chain_buffer); 1384 for (j = 0; j < 16; j++) 1385 pframe[payload_index++] = chain_buffer[j]; 1386 } 1387 1388 if (payload_remainder > 0) { 1389 /* If there is a short final block, then pad it,*/ 1390 /* encrypt it and copy the unpadded part back */ 1391 construct_ctr_preload(ctr_preload, a4_exists, qc_exists, pframe, /* message, */ 1392 pn_vector, num_blocks+1, frtype); 1393 /* add for CONFIG_IEEE80211W, none 11w also can use */ 1394 1395 for (j = 0; j < 16; j++) 1396 padded_buffer[j] = 0x00; 1397 for (j = 0; j < payload_remainder; j++) 1398 padded_buffer[j] = pframe[payload_index+j]; 1399 1400 aes128k128d(key, ctr_preload, aes_out); 1401 bitwise_xor(aes_out, padded_buffer, chain_buffer); 1402 for (j = 0; j < payload_remainder; j++) 1403 pframe[payload_index++] = chain_buffer[j]; 1404 } 1405 1406 /* Encrypt the MIC */ 1407 construct_ctr_preload(ctr_preload, a4_exists, qc_exists, pframe, /* message, */ 1408 pn_vector, 0, frtype); 1409 /* add for CONFIG_IEEE80211W, none 11w also can use */ 1410 1411 for (j = 0; j < 16; j++) 1412 padded_buffer[j] = 0x00; 1413 for (j = 0; j < 8; j++) 1414 padded_buffer[j] = pframe[j+hdrlen+8+plen]; 1415 1416 aes128k128d(key, ctr_preload, aes_out); 1417 bitwise_xor(aes_out, padded_buffer, chain_buffer); 1418 for (j = 0; j < 8; j++) 1419 pframe[payload_index++] = chain_buffer[j]; 1420 1421 return _SUCCESS; 1422 } 1423 1424 u32 rtw_aes_encrypt(struct adapter *padapter, u8 *pxmitframe) 1425 { /* exclude ICV */ 1426 1427 /*static*/ 1428 /* unsigned char message[MAX_MSG_SIZE]; */ 1429 1430 /* Intermediate Buffers */ 1431 sint curfragnum, length; 1432 u8 *pframe, *prwskey; /* *payload,*iv */ 1433 u8 hw_hdr_offset = 0; 1434 struct pkt_attrib *pattrib = &((struct xmit_frame *)pxmitframe)->attrib; 1435 struct security_priv *psecuritypriv = &padapter->securitypriv; 1436 struct xmit_priv *pxmitpriv = &padapter->xmitpriv; 1437 1438 u32 res = _SUCCESS; 1439 1440 if (((struct xmit_frame *)pxmitframe)->buf_addr == NULL) 1441 return _FAIL; 1442 1443 hw_hdr_offset = TXDESC_OFFSET; 1444 pframe = ((struct xmit_frame *)pxmitframe)->buf_addr + hw_hdr_offset; 1445 1446 /* 4 start to encrypt each fragment */ 1447 if (pattrib->encrypt == _AES_) { 1448 RT_TRACE(_module_rtl871x_security_c_, _drv_err_, ("%s: stainfo!= NULL!!!\n", __func__)); 1449 1450 if (IS_MCAST(pattrib->ra)) 1451 prwskey = psecuritypriv->dot118021XGrpKey[psecuritypriv->dot118021XGrpKeyid].skey; 1452 else 1453 prwskey = pattrib->dot118021x_UncstKey.skey; 1454 1455 for (curfragnum = 0; curfragnum < pattrib->nr_frags; curfragnum++) { 1456 if ((curfragnum+1) == pattrib->nr_frags) { /* 4 the last fragment */ 1457 length = pattrib->last_txcmdsz-pattrib->hdrlen-pattrib->iv_len-pattrib->icv_len; 1458 1459 aes_cipher(prwskey, pattrib->hdrlen, pframe, length); 1460 } else { 1461 length = pxmitpriv->frag_len-pattrib->hdrlen-pattrib->iv_len-pattrib->icv_len; 1462 1463 aes_cipher(prwskey, pattrib->hdrlen, pframe, length); 1464 pframe += pxmitpriv->frag_len; 1465 pframe = (u8 *)round_up((SIZE_PTR)(pframe), 4); 1466 } 1467 } 1468 1469 AES_SW_ENC_CNT_INC(psecuritypriv, pattrib->ra); 1470 } 1471 return res; 1472 } 1473 1474 static sint aes_decipher(u8 *key, uint hdrlen, 1475 u8 *pframe, uint plen) 1476 { 1477 static u8 message[MAX_MSG_SIZE]; 1478 uint qc_exists, a4_exists, i, j, payload_remainder, 1479 num_blocks, payload_index; 1480 sint res = _SUCCESS; 1481 u8 pn_vector[6]; 1482 u8 mic_iv[16]; 1483 u8 mic_header1[16]; 1484 u8 mic_header2[16]; 1485 u8 ctr_preload[16]; 1486 1487 /* Intermediate Buffers */ 1488 u8 chain_buffer[16]; 1489 u8 aes_out[16]; 1490 u8 padded_buffer[16]; 1491 u8 mic[8]; 1492 1493 uint frtype = GetFrameType(pframe); 1494 uint frsubtype = GetFrameSubType(pframe); 1495 1496 frsubtype = frsubtype>>4; 1497 1498 memset((void *)mic_iv, 0, 16); 1499 memset((void *)mic_header1, 0, 16); 1500 memset((void *)mic_header2, 0, 16); 1501 memset((void *)ctr_preload, 0, 16); 1502 memset((void *)chain_buffer, 0, 16); 1503 memset((void *)aes_out, 0, 16); 1504 memset((void *)padded_buffer, 0, 16); 1505 1506 /* start to decrypt the payload */ 1507 1508 num_blocks = (plen-8) / 16; /* plen including LLC, payload_length and mic) */ 1509 1510 payload_remainder = (plen-8) % 16; 1511 1512 pn_vector[0] = pframe[hdrlen]; 1513 pn_vector[1] = pframe[hdrlen + 1]; 1514 pn_vector[2] = pframe[hdrlen + 4]; 1515 pn_vector[3] = pframe[hdrlen + 5]; 1516 pn_vector[4] = pframe[hdrlen + 6]; 1517 pn_vector[5] = pframe[hdrlen + 7]; 1518 1519 if ((hdrlen == WLAN_HDR_A3_LEN) || (hdrlen == WLAN_HDR_A3_QOS_LEN)) 1520 a4_exists = 0; 1521 else 1522 a4_exists = 1; 1523 1524 if (((frtype|frsubtype) == WIFI_DATA_CFACK) || 1525 ((frtype|frsubtype) == WIFI_DATA_CFPOLL) || 1526 ((frtype|frsubtype) == WIFI_DATA_CFACKPOLL)) { 1527 qc_exists = 1; 1528 if (hdrlen != WLAN_HDR_A3_QOS_LEN) 1529 hdrlen += 2; 1530 1531 } else if ((frtype == WIFI_DATA) && /* only for data packet . add for CONFIG_IEEE80211W, none 11w also can use */ 1532 ((frsubtype == 0x08) || 1533 (frsubtype == 0x09) || 1534 (frsubtype == 0x0a) || 1535 (frsubtype == 0x0b))) { 1536 if (hdrlen != WLAN_HDR_A3_QOS_LEN) 1537 hdrlen += 2; 1538 1539 qc_exists = 1; 1540 } else { 1541 qc_exists = 0; 1542 } 1543 1544 /* now, decrypt pframe with hdrlen offset and plen long */ 1545 1546 payload_index = hdrlen + 8; /* 8 is for extiv */ 1547 1548 for (i = 0; i < num_blocks; i++) { 1549 construct_ctr_preload(ctr_preload, a4_exists, 1550 qc_exists, pframe, 1551 pn_vector, i + 1, 1552 frtype); /* add for CONFIG_IEEE80211W, none 11w also can use */ 1553 1554 aes128k128d(key, ctr_preload, aes_out); 1555 bitwise_xor(aes_out, &pframe[payload_index], chain_buffer); 1556 1557 for (j = 0; j < 16; j++) 1558 pframe[payload_index++] = chain_buffer[j]; 1559 } 1560 1561 if (payload_remainder > 0) { 1562 /* If there is a short final block, then pad it,*/ 1563 /* encrypt it and copy the unpadded part back */ 1564 construct_ctr_preload(ctr_preload, a4_exists, qc_exists, pframe, pn_vector, 1565 num_blocks+1, frtype); 1566 /* add for CONFIG_IEEE80211W, none 11w also can use */ 1567 1568 for (j = 0; j < 16; j++) 1569 padded_buffer[j] = 0x00; 1570 for (j = 0; j < payload_remainder; j++) 1571 padded_buffer[j] = pframe[payload_index+j]; 1572 1573 aes128k128d(key, ctr_preload, aes_out); 1574 bitwise_xor(aes_out, padded_buffer, chain_buffer); 1575 for (j = 0; j < payload_remainder; j++) 1576 pframe[payload_index++] = chain_buffer[j]; 1577 } 1578 1579 /* start to calculate the mic */ 1580 if ((hdrlen + plen+8) <= MAX_MSG_SIZE) 1581 memcpy((void *)message, pframe, (hdrlen + plen+8)); /* 8 is for ext iv len */ 1582 1583 pn_vector[0] = pframe[hdrlen]; 1584 pn_vector[1] = pframe[hdrlen+1]; 1585 pn_vector[2] = pframe[hdrlen+4]; 1586 pn_vector[3] = pframe[hdrlen+5]; 1587 pn_vector[4] = pframe[hdrlen+6]; 1588 pn_vector[5] = pframe[hdrlen+7]; 1589 1590 construct_mic_iv(mic_iv, qc_exists, a4_exists, message, plen-8, pn_vector, frtype); 1591 /* add for CONFIG_IEEE80211W, none 11w also can use */ 1592 1593 construct_mic_header1(mic_header1, hdrlen, message, frtype); 1594 /* add for CONFIG_IEEE80211W, none 11w also can use */ 1595 construct_mic_header2(mic_header2, message, a4_exists, qc_exists); 1596 1597 payload_remainder = (plen-8) % 16; 1598 num_blocks = (plen-8) / 16; 1599 1600 /* Find start of payload */ 1601 payload_index = (hdrlen + 8); 1602 1603 /* Calculate MIC */ 1604 aes128k128d(key, mic_iv, aes_out); 1605 bitwise_xor(aes_out, mic_header1, chain_buffer); 1606 aes128k128d(key, chain_buffer, aes_out); 1607 bitwise_xor(aes_out, mic_header2, chain_buffer); 1608 aes128k128d(key, chain_buffer, aes_out); 1609 1610 for (i = 0; i < num_blocks; i++) { 1611 bitwise_xor(aes_out, &message[payload_index], chain_buffer); 1612 1613 payload_index += 16; 1614 aes128k128d(key, chain_buffer, aes_out); 1615 } 1616 1617 /* Add on the final payload block if it needs padding */ 1618 if (payload_remainder > 0) { 1619 for (j = 0; j < 16; j++) 1620 padded_buffer[j] = 0x00; 1621 for (j = 0; j < payload_remainder; j++) 1622 padded_buffer[j] = message[payload_index++]; 1623 1624 bitwise_xor(aes_out, padded_buffer, chain_buffer); 1625 aes128k128d(key, chain_buffer, aes_out); 1626 } 1627 1628 for (j = 0; j < 8; j++) 1629 mic[j] = aes_out[j]; 1630 1631 /* Insert MIC into payload */ 1632 for (j = 0; j < 8; j++) 1633 message[payload_index+j] = mic[j]; 1634 1635 payload_index = hdrlen + 8; 1636 for (i = 0; i < num_blocks; i++) { 1637 construct_ctr_preload(ctr_preload, a4_exists, qc_exists, message, pn_vector, i+1, 1638 frtype); 1639 /* add for CONFIG_IEEE80211W, none 11w also can use */ 1640 aes128k128d(key, ctr_preload, aes_out); 1641 bitwise_xor(aes_out, &message[payload_index], chain_buffer); 1642 for (j = 0; j < 16; j++) 1643 message[payload_index++] = chain_buffer[j]; 1644 } 1645 1646 if (payload_remainder > 0) { 1647 /* If there is a short final block, then pad it,*/ 1648 /* encrypt it and copy the unpadded part back */ 1649 construct_ctr_preload(ctr_preload, a4_exists, qc_exists, message, pn_vector, 1650 num_blocks+1, frtype); 1651 /* add for CONFIG_IEEE80211W, none 11w also can use */ 1652 1653 for (j = 0; j < 16; j++) 1654 padded_buffer[j] = 0x00; 1655 for (j = 0; j < payload_remainder; j++) 1656 padded_buffer[j] = message[payload_index+j]; 1657 1658 aes128k128d(key, ctr_preload, aes_out); 1659 bitwise_xor(aes_out, padded_buffer, chain_buffer); 1660 for (j = 0; j < payload_remainder; j++) 1661 message[payload_index++] = chain_buffer[j]; 1662 } 1663 1664 /* Encrypt the MIC */ 1665 construct_ctr_preload(ctr_preload, a4_exists, qc_exists, message, pn_vector, 0, frtype); 1666 /* add for CONFIG_IEEE80211W, none 11w also can use */ 1667 1668 for (j = 0; j < 16; j++) 1669 padded_buffer[j] = 0x00; 1670 for (j = 0; j < 8; j++) 1671 padded_buffer[j] = message[j+hdrlen+8+plen-8]; 1672 1673 aes128k128d(key, ctr_preload, aes_out); 1674 bitwise_xor(aes_out, padded_buffer, chain_buffer); 1675 for (j = 0; j < 8; j++) 1676 message[payload_index++] = chain_buffer[j]; 1677 1678 /* compare the mic */ 1679 for (i = 0; i < 8; i++) { 1680 if (pframe[hdrlen+8+plen-8+i] != message[hdrlen+8+plen-8+i]) { 1681 RT_TRACE(_module_rtl871x_security_c_, 1682 _drv_err_, 1683 ("%s:mic check error mic[%d]: pframe(%x) != message(%x)\n", 1684 __func__, 1685 i, 1686 pframe[hdrlen + 8 + plen - 8 + i], 1687 message[hdrlen + 8 + plen - 8 + i])); 1688 DBG_871X("%s:mic check error mic[%d]: pframe(%x) != message(%x)\n", 1689 __func__, 1690 i, 1691 pframe[hdrlen + 8 + plen - 8 + i], 1692 message[hdrlen + 8 + plen - 8 + i]); 1693 res = _FAIL; 1694 } 1695 } 1696 return res; 1697 } 1698 1699 u32 rtw_aes_decrypt(struct adapter *padapter, u8 *precvframe) 1700 { /* exclude ICV */ 1701 1702 /*static*/ 1703 /* unsigned char message[MAX_MSG_SIZE]; */ 1704 1705 /* Intermediate Buffers */ 1706 1707 sint length; 1708 u8 *pframe, *prwskey; /* *payload,*iv */ 1709 struct sta_info *stainfo; 1710 struct rx_pkt_attrib *prxattrib = &((union recv_frame *)precvframe)->u.hdr.attrib; 1711 struct security_priv *psecuritypriv = &padapter->securitypriv; 1712 u32 res = _SUCCESS; 1713 1714 pframe = (unsigned char *)((union recv_frame *)precvframe)->u.hdr.rx_data; 1715 /* 4 start to encrypt each fragment */ 1716 if (prxattrib->encrypt == _AES_) { 1717 stainfo = rtw_get_stainfo(&padapter->stapriv, &prxattrib->ta[0]); 1718 if (stainfo) { 1719 RT_TRACE(_module_rtl871x_security_c_, 1720 _drv_err_, 1721 ("%s: stainfo!= NULL!!!\n", __func__)); 1722 1723 if (IS_MCAST(prxattrib->ra)) { 1724 static unsigned long start; 1725 static u32 no_gkey_bc_cnt; 1726 static u32 no_gkey_mc_cnt; 1727 1728 if (!psecuritypriv->binstallGrpkey) { 1729 res = _FAIL; 1730 1731 if (start == 0) 1732 start = jiffies; 1733 1734 if (is_broadcast_mac_addr(prxattrib->ra)) 1735 no_gkey_bc_cnt++; 1736 else 1737 no_gkey_mc_cnt++; 1738 1739 if (jiffies_to_msecs(jiffies - start) > 1000) { 1740 if (no_gkey_bc_cnt || no_gkey_mc_cnt) { 1741 DBG_871X_LEVEL(_drv_always_, FUNC_ADPT_FMT" no_gkey_bc_cnt:%u, no_gkey_mc_cnt:%u\n", 1742 FUNC_ADPT_ARG(padapter), no_gkey_bc_cnt, no_gkey_mc_cnt); 1743 } 1744 start = jiffies; 1745 no_gkey_bc_cnt = 0; 1746 no_gkey_mc_cnt = 0; 1747 } 1748 1749 goto exit; 1750 } 1751 1752 if (no_gkey_bc_cnt || no_gkey_mc_cnt) { 1753 DBG_871X_LEVEL(_drv_always_, FUNC_ADPT_FMT" gkey installed. no_gkey_bc_cnt:%u, no_gkey_mc_cnt:%u\n", 1754 FUNC_ADPT_ARG(padapter), no_gkey_bc_cnt, no_gkey_mc_cnt); 1755 } 1756 start = 0; 1757 no_gkey_bc_cnt = 0; 1758 no_gkey_mc_cnt = 0; 1759 1760 prwskey = psecuritypriv->dot118021XGrpKey[prxattrib->key_index].skey; 1761 if (psecuritypriv->dot118021XGrpKeyid != prxattrib->key_index) { 1762 DBG_871X("not match packet_index =%d, install_index =%d\n" 1763 , prxattrib->key_index, psecuritypriv->dot118021XGrpKeyid); 1764 res = _FAIL; 1765 goto exit; 1766 } 1767 } else { 1768 prwskey = &stainfo->dot118021x_UncstKey.skey[0]; 1769 } 1770 1771 length = ((union recv_frame *)precvframe)->u.hdr.len-prxattrib->hdrlen-prxattrib->iv_len; 1772 1773 res = aes_decipher(prwskey, prxattrib->hdrlen, pframe, length); 1774 1775 AES_SW_DEC_CNT_INC(psecuritypriv, prxattrib->ra); 1776 } else { 1777 RT_TRACE(_module_rtl871x_security_c_, 1778 _drv_err_, 1779 ("%s: stainfo == NULL!!!\n", __func__)); 1780 res = _FAIL; 1781 } 1782 } 1783 exit: 1784 return res; 1785 } 1786 1787 u32 rtw_BIP_verify(struct adapter *padapter, u8 *precvframe) 1788 { 1789 struct rx_pkt_attrib *pattrib = &((union recv_frame *)precvframe)->u.hdr.attrib; 1790 u8 *pframe; 1791 u8 *BIP_AAD, *p; 1792 u32 res = _FAIL; 1793 uint len, ori_len; 1794 struct ieee80211_hdr *pwlanhdr; 1795 u8 mic[16]; 1796 struct mlme_ext_priv *pmlmeext = &padapter->mlmeextpriv; 1797 __le16 le_tmp; 1798 __le64 le_tmp64; 1799 1800 ori_len = pattrib->pkt_len-WLAN_HDR_A3_LEN+BIP_AAD_SIZE; 1801 BIP_AAD = rtw_zmalloc(ori_len); 1802 1803 if (BIP_AAD == NULL) { 1804 DBG_871X("BIP AAD allocate fail\n"); 1805 return _FAIL; 1806 } 1807 /* PKT start */ 1808 pframe = (unsigned char *)((union recv_frame *)precvframe)->u.hdr.rx_data; 1809 /* mapping to wlan header */ 1810 pwlanhdr = (struct ieee80211_hdr *)pframe; 1811 /* save the frame body + MME */ 1812 memcpy(BIP_AAD+BIP_AAD_SIZE, pframe+WLAN_HDR_A3_LEN, pattrib->pkt_len-WLAN_HDR_A3_LEN); 1813 /* find MME IE pointer */ 1814 p = rtw_get_ie(BIP_AAD+BIP_AAD_SIZE, WLAN_EID_MMIE, &len, pattrib->pkt_len-WLAN_HDR_A3_LEN); 1815 /* Baron */ 1816 if (p) { 1817 u16 keyid = 0; 1818 u64 temp_ipn = 0; 1819 /* save packet number */ 1820 memcpy(&le_tmp64, p+4, 6); 1821 temp_ipn = le64_to_cpu(le_tmp64); 1822 /* BIP packet number should bigger than previous BIP packet */ 1823 if (temp_ipn <= pmlmeext->mgnt_80211w_IPN_rx) { 1824 DBG_871X("replay BIP packet\n"); 1825 goto BIP_exit; 1826 } 1827 /* copy key index */ 1828 memcpy(&le_tmp, p+2, 2); 1829 keyid = le16_to_cpu(le_tmp); 1830 if (keyid != padapter->securitypriv.dot11wBIPKeyid) { 1831 DBG_871X("BIP key index error!\n"); 1832 goto BIP_exit; 1833 } 1834 /* clear the MIC field of MME to zero */ 1835 memset(p+2+len-8, 0, 8); 1836 1837 /* conscruct AAD, copy frame control field */ 1838 memcpy(BIP_AAD, &pwlanhdr->frame_control, 2); 1839 ClearRetry(BIP_AAD); 1840 ClearPwrMgt(BIP_AAD); 1841 ClearMData(BIP_AAD); 1842 /* conscruct AAD, copy address 1 to address 3 */ 1843 memcpy(BIP_AAD+2, pwlanhdr->addr1, 18); 1844 1845 if (omac1_aes_128(padapter->securitypriv.dot11wBIPKey[padapter->securitypriv.dot11wBIPKeyid].skey 1846 , BIP_AAD, ori_len, mic)) 1847 goto BIP_exit; 1848 1849 /* MIC field should be last 8 bytes of packet (packet without FCS) */ 1850 if (!memcmp(mic, pframe+pattrib->pkt_len-8, 8)) { 1851 pmlmeext->mgnt_80211w_IPN_rx = temp_ipn; 1852 res = _SUCCESS; 1853 } else { 1854 DBG_871X("BIP MIC error!\n"); 1855 } 1856 1857 } else { 1858 res = RTW_RX_HANDLED; 1859 } 1860 BIP_exit: 1861 1862 kfree(BIP_AAD); 1863 return res; 1864 } 1865 1866 /* AES tables*/ 1867 const u32 Te0[256] = { 1868 0xc66363a5U, 0xf87c7c84U, 0xee777799U, 0xf67b7b8dU, 1869 0xfff2f20dU, 0xd66b6bbdU, 0xde6f6fb1U, 0x91c5c554U, 1870 0x60303050U, 0x02010103U, 0xce6767a9U, 0x562b2b7dU, 1871 0xe7fefe19U, 0xb5d7d762U, 0x4dababe6U, 0xec76769aU, 1872 0x8fcaca45U, 0x1f82829dU, 0x89c9c940U, 0xfa7d7d87U, 1873 0xeffafa15U, 0xb25959ebU, 0x8e4747c9U, 0xfbf0f00bU, 1874 0x41adadecU, 0xb3d4d467U, 0x5fa2a2fdU, 0x45afafeaU, 1875 0x239c9cbfU, 0x53a4a4f7U, 0xe4727296U, 0x9bc0c05bU, 1876 0x75b7b7c2U, 0xe1fdfd1cU, 0x3d9393aeU, 0x4c26266aU, 1877 0x6c36365aU, 0x7e3f3f41U, 0xf5f7f702U, 0x83cccc4fU, 1878 0x6834345cU, 0x51a5a5f4U, 0xd1e5e534U, 0xf9f1f108U, 1879 0xe2717193U, 0xabd8d873U, 0x62313153U, 0x2a15153fU, 1880 0x0804040cU, 0x95c7c752U, 0x46232365U, 0x9dc3c35eU, 1881 0x30181828U, 0x379696a1U, 0x0a05050fU, 0x2f9a9ab5U, 1882 0x0e070709U, 0x24121236U, 0x1b80809bU, 0xdfe2e23dU, 1883 0xcdebeb26U, 0x4e272769U, 0x7fb2b2cdU, 0xea75759fU, 1884 0x1209091bU, 0x1d83839eU, 0x582c2c74U, 0x341a1a2eU, 1885 0x361b1b2dU, 0xdc6e6eb2U, 0xb45a5aeeU, 0x5ba0a0fbU, 1886 0xa45252f6U, 0x763b3b4dU, 0xb7d6d661U, 0x7db3b3ceU, 1887 0x5229297bU, 0xdde3e33eU, 0x5e2f2f71U, 0x13848497U, 1888 0xa65353f5U, 0xb9d1d168U, 0x00000000U, 0xc1eded2cU, 1889 0x40202060U, 0xe3fcfc1fU, 0x79b1b1c8U, 0xb65b5bedU, 1890 0xd46a6abeU, 0x8dcbcb46U, 0x67bebed9U, 0x7239394bU, 1891 0x944a4adeU, 0x984c4cd4U, 0xb05858e8U, 0x85cfcf4aU, 1892 0xbbd0d06bU, 0xc5efef2aU, 0x4faaaae5U, 0xedfbfb16U, 1893 0x864343c5U, 0x9a4d4dd7U, 0x66333355U, 0x11858594U, 1894 0x8a4545cfU, 0xe9f9f910U, 0x04020206U, 0xfe7f7f81U, 1895 0xa05050f0U, 0x783c3c44U, 0x259f9fbaU, 0x4ba8a8e3U, 1896 0xa25151f3U, 0x5da3a3feU, 0x804040c0U, 0x058f8f8aU, 1897 0x3f9292adU, 0x219d9dbcU, 0x70383848U, 0xf1f5f504U, 1898 0x63bcbcdfU, 0x77b6b6c1U, 0xafdada75U, 0x42212163U, 1899 0x20101030U, 0xe5ffff1aU, 0xfdf3f30eU, 0xbfd2d26dU, 1900 0x81cdcd4cU, 0x180c0c14U, 0x26131335U, 0xc3ecec2fU, 1901 0xbe5f5fe1U, 0x359797a2U, 0x884444ccU, 0x2e171739U, 1902 0x93c4c457U, 0x55a7a7f2U, 0xfc7e7e82U, 0x7a3d3d47U, 1903 0xc86464acU, 0xba5d5de7U, 0x3219192bU, 0xe6737395U, 1904 0xc06060a0U, 0x19818198U, 0x9e4f4fd1U, 0xa3dcdc7fU, 1905 0x44222266U, 0x542a2a7eU, 0x3b9090abU, 0x0b888883U, 1906 0x8c4646caU, 0xc7eeee29U, 0x6bb8b8d3U, 0x2814143cU, 1907 0xa7dede79U, 0xbc5e5ee2U, 0x160b0b1dU, 0xaddbdb76U, 1908 0xdbe0e03bU, 0x64323256U, 0x743a3a4eU, 0x140a0a1eU, 1909 0x924949dbU, 0x0c06060aU, 0x4824246cU, 0xb85c5ce4U, 1910 0x9fc2c25dU, 0xbdd3d36eU, 0x43acacefU, 0xc46262a6U, 1911 0x399191a8U, 0x319595a4U, 0xd3e4e437U, 0xf279798bU, 1912 0xd5e7e732U, 0x8bc8c843U, 0x6e373759U, 0xda6d6db7U, 1913 0x018d8d8cU, 0xb1d5d564U, 0x9c4e4ed2U, 0x49a9a9e0U, 1914 0xd86c6cb4U, 0xac5656faU, 0xf3f4f407U, 0xcfeaea25U, 1915 0xca6565afU, 0xf47a7a8eU, 0x47aeaee9U, 0x10080818U, 1916 0x6fbabad5U, 0xf0787888U, 0x4a25256fU, 0x5c2e2e72U, 1917 0x381c1c24U, 0x57a6a6f1U, 0x73b4b4c7U, 0x97c6c651U, 1918 0xcbe8e823U, 0xa1dddd7cU, 0xe874749cU, 0x3e1f1f21U, 1919 0x964b4bddU, 0x61bdbddcU, 0x0d8b8b86U, 0x0f8a8a85U, 1920 0xe0707090U, 0x7c3e3e42U, 0x71b5b5c4U, 0xcc6666aaU, 1921 0x904848d8U, 0x06030305U, 0xf7f6f601U, 0x1c0e0e12U, 1922 0xc26161a3U, 0x6a35355fU, 0xae5757f9U, 0x69b9b9d0U, 1923 0x17868691U, 0x99c1c158U, 0x3a1d1d27U, 0x279e9eb9U, 1924 0xd9e1e138U, 0xebf8f813U, 0x2b9898b3U, 0x22111133U, 1925 0xd26969bbU, 0xa9d9d970U, 0x078e8e89U, 0x339494a7U, 1926 0x2d9b9bb6U, 0x3c1e1e22U, 0x15878792U, 0xc9e9e920U, 1927 0x87cece49U, 0xaa5555ffU, 0x50282878U, 0xa5dfdf7aU, 1928 0x038c8c8fU, 0x59a1a1f8U, 0x09898980U, 0x1a0d0d17U, 1929 0x65bfbfdaU, 0xd7e6e631U, 0x844242c6U, 0xd06868b8U, 1930 0x824141c3U, 0x299999b0U, 0x5a2d2d77U, 0x1e0f0f11U, 1931 0x7bb0b0cbU, 0xa85454fcU, 0x6dbbbbd6U, 0x2c16163aU, 1932 }; 1933 1934 const u32 Td0[256] = { 1935 0x51f4a750U, 0x7e416553U, 0x1a17a4c3U, 0x3a275e96U, 1936 0x3bab6bcbU, 0x1f9d45f1U, 0xacfa58abU, 0x4be30393U, 1937 0x2030fa55U, 0xad766df6U, 0x88cc7691U, 0xf5024c25U, 1938 0x4fe5d7fcU, 0xc52acbd7U, 0x26354480U, 0xb562a38fU, 1939 0xdeb15a49U, 0x25ba1b67U, 0x45ea0e98U, 0x5dfec0e1U, 1940 0xc32f7502U, 0x814cf012U, 0x8d4697a3U, 0x6bd3f9c6U, 1941 0x038f5fe7U, 0x15929c95U, 0xbf6d7aebU, 0x955259daU, 1942 0xd4be832dU, 0x587421d3U, 0x49e06929U, 0x8ec9c844U, 1943 0x75c2896aU, 0xf48e7978U, 0x99583e6bU, 0x27b971ddU, 1944 0xbee14fb6U, 0xf088ad17U, 0xc920ac66U, 0x7dce3ab4U, 1945 0x63df4a18U, 0xe51a3182U, 0x97513360U, 0x62537f45U, 1946 0xb16477e0U, 0xbb6bae84U, 0xfe81a01cU, 0xf9082b94U, 1947 0x70486858U, 0x8f45fd19U, 0x94de6c87U, 0x527bf8b7U, 1948 0xab73d323U, 0x724b02e2U, 0xe31f8f57U, 0x6655ab2aU, 1949 0xb2eb2807U, 0x2fb5c203U, 0x86c57b9aU, 0xd33708a5U, 1950 0x302887f2U, 0x23bfa5b2U, 0x02036abaU, 0xed16825cU, 1951 0x8acf1c2bU, 0xa779b492U, 0xf307f2f0U, 0x4e69e2a1U, 1952 0x65daf4cdU, 0x0605bed5U, 0xd134621fU, 0xc4a6fe8aU, 1953 0x342e539dU, 0xa2f355a0U, 0x058ae132U, 0xa4f6eb75U, 1954 0x0b83ec39U, 0x4060efaaU, 0x5e719f06U, 0xbd6e1051U, 1955 0x3e218af9U, 0x96dd063dU, 0xdd3e05aeU, 0x4de6bd46U, 1956 0x91548db5U, 0x71c45d05U, 0x0406d46fU, 0x605015ffU, 1957 0x1998fb24U, 0xd6bde997U, 0x894043ccU, 0x67d99e77U, 1958 0xb0e842bdU, 0x07898b88U, 0xe7195b38U, 0x79c8eedbU, 1959 0xa17c0a47U, 0x7c420fe9U, 0xf8841ec9U, 0x00000000U, 1960 0x09808683U, 0x322bed48U, 0x1e1170acU, 0x6c5a724eU, 1961 0xfd0efffbU, 0x0f853856U, 0x3daed51eU, 0x362d3927U, 1962 0x0a0fd964U, 0x685ca621U, 0x9b5b54d1U, 0x24362e3aU, 1963 0x0c0a67b1U, 0x9357e70fU, 0xb4ee96d2U, 0x1b9b919eU, 1964 0x80c0c54fU, 0x61dc20a2U, 0x5a774b69U, 0x1c121a16U, 1965 0xe293ba0aU, 0xc0a02ae5U, 0x3c22e043U, 0x121b171dU, 1966 0x0e090d0bU, 0xf28bc7adU, 0x2db6a8b9U, 0x141ea9c8U, 1967 0x57f11985U, 0xaf75074cU, 0xee99ddbbU, 0xa37f60fdU, 1968 0xf701269fU, 0x5c72f5bcU, 0x44663bc5U, 0x5bfb7e34U, 1969 0x8b432976U, 0xcb23c6dcU, 0xb6edfc68U, 0xb8e4f163U, 1970 0xd731dccaU, 0x42638510U, 0x13972240U, 0x84c61120U, 1971 0x854a247dU, 0xd2bb3df8U, 0xaef93211U, 0xc729a16dU, 1972 0x1d9e2f4bU, 0xdcb230f3U, 0x0d8652ecU, 0x77c1e3d0U, 1973 0x2bb3166cU, 0xa970b999U, 0x119448faU, 0x47e96422U, 1974 0xa8fc8cc4U, 0xa0f03f1aU, 0x567d2cd8U, 0x223390efU, 1975 0x87494ec7U, 0xd938d1c1U, 0x8ccaa2feU, 0x98d40b36U, 1976 0xa6f581cfU, 0xa57ade28U, 0xdab78e26U, 0x3fadbfa4U, 1977 0x2c3a9de4U, 0x5078920dU, 0x6a5fcc9bU, 0x547e4662U, 1978 0xf68d13c2U, 0x90d8b8e8U, 0x2e39f75eU, 0x82c3aff5U, 1979 0x9f5d80beU, 0x69d0937cU, 0x6fd52da9U, 0xcf2512b3U, 1980 0xc8ac993bU, 0x10187da7U, 0xe89c636eU, 0xdb3bbb7bU, 1981 0xcd267809U, 0x6e5918f4U, 0xec9ab701U, 0x834f9aa8U, 1982 0xe6956e65U, 0xaaffe67eU, 0x21bccf08U, 0xef15e8e6U, 1983 0xbae79bd9U, 0x4a6f36ceU, 0xea9f09d4U, 0x29b07cd6U, 1984 0x31a4b2afU, 0x2a3f2331U, 0xc6a59430U, 0x35a266c0U, 1985 0x744ebc37U, 0xfc82caa6U, 0xe090d0b0U, 0x33a7d815U, 1986 0xf104984aU, 0x41ecdaf7U, 0x7fcd500eU, 0x1791f62fU, 1987 0x764dd68dU, 0x43efb04dU, 0xccaa4d54U, 0xe49604dfU, 1988 0x9ed1b5e3U, 0x4c6a881bU, 0xc12c1fb8U, 0x4665517fU, 1989 0x9d5eea04U, 0x018c355dU, 0xfa877473U, 0xfb0b412eU, 1990 0xb3671d5aU, 0x92dbd252U, 0xe9105633U, 0x6dd64713U, 1991 0x9ad7618cU, 0x37a10c7aU, 0x59f8148eU, 0xeb133c89U, 1992 0xcea927eeU, 0xb761c935U, 0xe11ce5edU, 0x7a47b13cU, 1993 0x9cd2df59U, 0x55f2733fU, 0x1814ce79U, 0x73c737bfU, 1994 0x53f7cdeaU, 0x5ffdaa5bU, 0xdf3d6f14U, 0x7844db86U, 1995 0xcaaff381U, 0xb968c43eU, 0x3824342cU, 0xc2a3405fU, 1996 0x161dc372U, 0xbce2250cU, 0x283c498bU, 0xff0d9541U, 1997 0x39a80171U, 0x080cb3deU, 0xd8b4e49cU, 0x6456c190U, 1998 0x7bcb8461U, 0xd532b670U, 0x486c5c74U, 0xd0b85742U, 1999 }; 2000 2001 const u8 Td4s[256] = { 2002 0x52U, 0x09U, 0x6aU, 0xd5U, 0x30U, 0x36U, 0xa5U, 0x38U, 2003 0xbfU, 0x40U, 0xa3U, 0x9eU, 0x81U, 0xf3U, 0xd7U, 0xfbU, 2004 0x7cU, 0xe3U, 0x39U, 0x82U, 0x9bU, 0x2fU, 0xffU, 0x87U, 2005 0x34U, 0x8eU, 0x43U, 0x44U, 0xc4U, 0xdeU, 0xe9U, 0xcbU, 2006 0x54U, 0x7bU, 0x94U, 0x32U, 0xa6U, 0xc2U, 0x23U, 0x3dU, 2007 0xeeU, 0x4cU, 0x95U, 0x0bU, 0x42U, 0xfaU, 0xc3U, 0x4eU, 2008 0x08U, 0x2eU, 0xa1U, 0x66U, 0x28U, 0xd9U, 0x24U, 0xb2U, 2009 0x76U, 0x5bU, 0xa2U, 0x49U, 0x6dU, 0x8bU, 0xd1U, 0x25U, 2010 0x72U, 0xf8U, 0xf6U, 0x64U, 0x86U, 0x68U, 0x98U, 0x16U, 2011 0xd4U, 0xa4U, 0x5cU, 0xccU, 0x5dU, 0x65U, 0xb6U, 0x92U, 2012 0x6cU, 0x70U, 0x48U, 0x50U, 0xfdU, 0xedU, 0xb9U, 0xdaU, 2013 0x5eU, 0x15U, 0x46U, 0x57U, 0xa7U, 0x8dU, 0x9dU, 0x84U, 2014 0x90U, 0xd8U, 0xabU, 0x00U, 0x8cU, 0xbcU, 0xd3U, 0x0aU, 2015 0xf7U, 0xe4U, 0x58U, 0x05U, 0xb8U, 0xb3U, 0x45U, 0x06U, 2016 0xd0U, 0x2cU, 0x1eU, 0x8fU, 0xcaU, 0x3fU, 0x0fU, 0x02U, 2017 0xc1U, 0xafU, 0xbdU, 0x03U, 0x01U, 0x13U, 0x8aU, 0x6bU, 2018 0x3aU, 0x91U, 0x11U, 0x41U, 0x4fU, 0x67U, 0xdcU, 0xeaU, 2019 0x97U, 0xf2U, 0xcfU, 0xceU, 0xf0U, 0xb4U, 0xe6U, 0x73U, 2020 0x96U, 0xacU, 0x74U, 0x22U, 0xe7U, 0xadU, 0x35U, 0x85U, 2021 0xe2U, 0xf9U, 0x37U, 0xe8U, 0x1cU, 0x75U, 0xdfU, 0x6eU, 2022 0x47U, 0xf1U, 0x1aU, 0x71U, 0x1dU, 0x29U, 0xc5U, 0x89U, 2023 0x6fU, 0xb7U, 0x62U, 0x0eU, 0xaaU, 0x18U, 0xbeU, 0x1bU, 2024 0xfcU, 0x56U, 0x3eU, 0x4bU, 0xc6U, 0xd2U, 0x79U, 0x20U, 2025 0x9aU, 0xdbU, 0xc0U, 0xfeU, 0x78U, 0xcdU, 0x5aU, 0xf4U, 2026 0x1fU, 0xddU, 0xa8U, 0x33U, 0x88U, 0x07U, 0xc7U, 0x31U, 2027 0xb1U, 0x12U, 0x10U, 0x59U, 0x27U, 0x80U, 0xecU, 0x5fU, 2028 0x60U, 0x51U, 0x7fU, 0xa9U, 0x19U, 0xb5U, 0x4aU, 0x0dU, 2029 0x2dU, 0xe5U, 0x7aU, 0x9fU, 0x93U, 0xc9U, 0x9cU, 0xefU, 2030 0xa0U, 0xe0U, 0x3bU, 0x4dU, 0xaeU, 0x2aU, 0xf5U, 0xb0U, 2031 0xc8U, 0xebU, 0xbbU, 0x3cU, 0x83U, 0x53U, 0x99U, 0x61U, 2032 0x17U, 0x2bU, 0x04U, 0x7eU, 0xbaU, 0x77U, 0xd6U, 0x26U, 2033 0xe1U, 0x69U, 0x14U, 0x63U, 0x55U, 0x21U, 0x0cU, 0x7dU, 2034 }; 2035 2036 const u8 rcons[] = { 2037 0x01, 0x02, 0x04, 0x08, 0x10, 0x20, 0x40, 0x80, 0x1B, 0x36 2038 /* for 128-bit blocks, Rijndael never uses more than 10 rcon values */ 2039 }; 2040 2041 /** 2042 * Expand the cipher key into the encryption key schedule. 2043 * 2044 * @return the number of rounds for the given cipher key size. 2045 */ 2046 static void rijndaelKeySetupEnc(u32 rk[/*44*/], const u8 cipherKey[]) 2047 { 2048 int i; 2049 u32 temp; 2050 2051 rk[0] = GETU32(cipherKey); 2052 rk[1] = GETU32(cipherKey + 4); 2053 rk[2] = GETU32(cipherKey + 8); 2054 rk[3] = GETU32(cipherKey + 12); 2055 for (i = 0; i < 10; i++) { 2056 temp = rk[3]; 2057 rk[4] = rk[0] ^ 2058 TE421(temp) ^ TE432(temp) ^ TE443(temp) ^ TE414(temp) ^ 2059 RCON(i); 2060 rk[5] = rk[1] ^ rk[4]; 2061 rk[6] = rk[2] ^ rk[5]; 2062 rk[7] = rk[3] ^ rk[6]; 2063 rk += 4; 2064 } 2065 } 2066 2067 static void rijndaelEncrypt(u32 rk[/*44*/], u8 pt[16], u8 ct[16]) 2068 { 2069 u32 s0, s1, s2, s3, t0, t1, t2, t3; 2070 int Nr = 10; 2071 int r; 2072 2073 /* 2074 * map byte array block to cipher state 2075 * and add initial round key: 2076 */ 2077 s0 = GETU32(pt) ^ rk[0]; 2078 s1 = GETU32(pt + 4) ^ rk[1]; 2079 s2 = GETU32(pt + 8) ^ rk[2]; 2080 s3 = GETU32(pt + 12) ^ rk[3]; 2081 2082 #define ROUND(i, d, s) \ 2083 d##0 = TE0(s##0) ^ TE1(s##1) ^ TE2(s##2) ^ TE3(s##3) ^ rk[4 * i]; \ 2084 d##1 = TE0(s##1) ^ TE1(s##2) ^ TE2(s##3) ^ TE3(s##0) ^ rk[4 * i + 1]; \ 2085 d##2 = TE0(s##2) ^ TE1(s##3) ^ TE2(s##0) ^ TE3(s##1) ^ rk[4 * i + 2]; \ 2086 d##3 = TE0(s##3) ^ TE1(s##0) ^ TE2(s##1) ^ TE3(s##2) ^ rk[4 * i + 3] 2087 2088 /* Nr - 1 full rounds: */ 2089 r = Nr >> 1; 2090 for (;;) { 2091 ROUND(1, t, s); 2092 rk += 8; 2093 if (--r == 0) 2094 break; 2095 ROUND(0, s, t); 2096 } 2097 2098 #undef ROUND 2099 2100 /* 2101 * apply last round and 2102 * map cipher state to byte array block: 2103 */ 2104 s0 = TE41(t0) ^ TE42(t1) ^ TE43(t2) ^ TE44(t3) ^ rk[0]; 2105 PUTU32(ct, s0); 2106 s1 = TE41(t1) ^ TE42(t2) ^ TE43(t3) ^ TE44(t0) ^ rk[1]; 2107 PUTU32(ct + 4, s1); 2108 s2 = TE41(t2) ^ TE42(t3) ^ TE43(t0) ^ TE44(t1) ^ rk[2]; 2109 PUTU32(ct + 8, s2); 2110 s3 = TE41(t3) ^ TE42(t0) ^ TE43(t1) ^ TE44(t2) ^ rk[3]; 2111 PUTU32(ct + 12, s3); 2112 } 2113 2114 static void *aes_encrypt_init(u8 *key, size_t len) 2115 { 2116 u32 *rk; 2117 2118 if (len != 16) 2119 return NULL; 2120 rk = rtw_malloc(AES_PRIV_SIZE); 2121 if (rk == NULL) 2122 return NULL; 2123 rijndaelKeySetupEnc(rk, key); 2124 return rk; 2125 } 2126 2127 static void aes_128_encrypt(void *ctx, u8 *plain, u8 *crypt) 2128 { 2129 rijndaelEncrypt(ctx, plain, crypt); 2130 } 2131 2132 static void gf_mulx(u8 *pad) 2133 { 2134 int i, carry; 2135 2136 carry = pad[0] & 0x80; 2137 for (i = 0; i < AES_BLOCK_SIZE - 1; i++) 2138 pad[i] = (pad[i] << 1) | (pad[i + 1] >> 7); 2139 2140 pad[AES_BLOCK_SIZE - 1] <<= 1; 2141 if (carry) 2142 pad[AES_BLOCK_SIZE - 1] ^= 0x87; 2143 } 2144 2145 static void aes_encrypt_deinit(void *ctx) 2146 { 2147 kfree_sensitive(ctx); 2148 } 2149 2150 /** 2151 * omac1_aes_128_vector - One-Key CBC MAC (OMAC1) hash with AES-128 2152 * @key: 128-bit key for the hash operation 2153 * @num_elem: Number of elements in the data vector 2154 * @addr: Pointers to the data areas 2155 * @len: Lengths of the data blocks 2156 * @mac: Buffer for MAC (128 bits, i.e., 16 bytes) 2157 * Returns: 0 on success, -1 on failure 2158 * 2159 * This is a mode for using block cipher (AES in this case) for authentication. 2160 * OMAC1 was standardized with the name CMAC by NIST in a Special Publication 2161 * (SP) 800-38B. 2162 */ 2163 static int omac1_aes_128_vector(u8 *key, size_t num_elem, 2164 u8 *addr[], size_t *len, u8 *mac) 2165 { 2166 void *ctx; 2167 u8 cbc[AES_BLOCK_SIZE], pad[AES_BLOCK_SIZE]; 2168 u8 *pos, *end; 2169 size_t i, e, left, total_len; 2170 2171 ctx = aes_encrypt_init(key, 16); 2172 if (ctx == NULL) 2173 return -1; 2174 memset(cbc, 0, AES_BLOCK_SIZE); 2175 2176 total_len = 0; 2177 for (e = 0; e < num_elem; e++) 2178 total_len += len[e]; 2179 left = total_len; 2180 2181 e = 0; 2182 pos = addr[0]; 2183 end = pos + len[0]; 2184 2185 while (left >= AES_BLOCK_SIZE) { 2186 for (i = 0; i < AES_BLOCK_SIZE; i++) { 2187 cbc[i] ^= *pos++; 2188 if (pos >= end) { 2189 e++; 2190 pos = addr[e]; 2191 end = pos + len[e]; 2192 } 2193 } 2194 if (left > AES_BLOCK_SIZE) 2195 aes_128_encrypt(ctx, cbc, cbc); 2196 left -= AES_BLOCK_SIZE; 2197 } 2198 2199 memset(pad, 0, AES_BLOCK_SIZE); 2200 aes_128_encrypt(ctx, pad, pad); 2201 gf_mulx(pad); 2202 2203 if (left || total_len == 0) { 2204 for (i = 0; i < left; i++) { 2205 cbc[i] ^= *pos++; 2206 if (pos >= end) { 2207 e++; 2208 pos = addr[e]; 2209 end = pos + len[e]; 2210 } 2211 } 2212 cbc[left] ^= 0x80; 2213 gf_mulx(pad); 2214 } 2215 2216 for (i = 0; i < AES_BLOCK_SIZE; i++) 2217 pad[i] ^= cbc[i]; 2218 aes_128_encrypt(ctx, pad, mac); 2219 aes_encrypt_deinit(ctx); 2220 return 0; 2221 } 2222 2223 /** 2224 * omac1_aes_128 - One-Key CBC MAC (OMAC1) hash with AES-128 (aka AES-CMAC) 2225 * @key: 128-bit key for the hash operation 2226 * @data: Data buffer for which a MAC is determined 2227 * @data_len: Length of data buffer in bytes 2228 * @mac: Buffer for MAC (128 bits, i.e., 16 bytes) 2229 * Returns: 0 on success, -1 on failure 2230 * 2231 * This is a mode for using block cipher (AES in this case) for authentication. 2232 * OMAC1 was standardized with the name CMAC by NIST in a Special Publication 2233 * (SP) 800-38B. 2234 * modify for CONFIG_IEEE80211W */ 2235 int omac1_aes_128(u8 *key, u8 *data, size_t data_len, u8 *mac) 2236 { 2237 return omac1_aes_128_vector(key, 1, &data, &data_len, mac); 2238 } 2239 2240 /* Restore HW wep key setting according to key_mask */ 2241 void rtw_sec_restore_wep_key(struct adapter *adapter) 2242 { 2243 struct security_priv *securitypriv = &(adapter->securitypriv); 2244 sint keyid; 2245 2246 if ((_WEP40_ == securitypriv->dot11PrivacyAlgrthm) || (_WEP104_ == securitypriv->dot11PrivacyAlgrthm)) { 2247 for (keyid = 0; keyid < 4; keyid++) { 2248 if (securitypriv->key_mask & BIT(keyid)) { 2249 if (keyid == securitypriv->dot11PrivacyKeyIndex) 2250 rtw_set_key(adapter, securitypriv, keyid, 1, false); 2251 else 2252 rtw_set_key(adapter, securitypriv, keyid, 0, false); 2253 } 2254 } 2255 } 2256 } 2257 2258 u8 rtw_handle_tkip_countermeasure(struct adapter *adapter, const char *caller) 2259 { 2260 struct security_priv *securitypriv = &(adapter->securitypriv); 2261 u8 status = _SUCCESS; 2262 2263 if (securitypriv->btkip_countermeasure) { 2264 unsigned long passing_ms = jiffies_to_msecs(jiffies - securitypriv->btkip_countermeasure_time); 2265 2266 if (passing_ms > 60*1000) { 2267 DBG_871X_LEVEL(_drv_always_, "%s(%s) countermeasure time:%lus > 60s\n", 2268 caller, ADPT_ARG(adapter), passing_ms/1000); 2269 securitypriv->btkip_countermeasure = false; 2270 securitypriv->btkip_countermeasure_time = 0; 2271 } else { 2272 DBG_871X_LEVEL(_drv_always_, "%s(%s) countermeasure time:%lus < 60s\n", 2273 caller, ADPT_ARG(adapter), passing_ms/1000); 2274 status = _FAIL; 2275 } 2276 } 2277 2278 return status; 2279 } 2280