1 // SPDX-License-Identifier: GPL-2.0 2 /****************************************************************************** 3 * 4 * Copyright(c) 2007 - 2011 Realtek Corporation. All rights reserved. 5 * 6 ******************************************************************************/ 7 #include <linux/crc32poly.h> 8 #include <drv_types.h> 9 #include <rtw_debug.h> 10 #include <crypto/aes.h> 11 12 static const char * const _security_type_str[] = { 13 "N/A", 14 "WEP40", 15 "TKIP", 16 "TKIP_WM", 17 "AES", 18 "WEP104", 19 "SMS4", 20 "WEP_WPA", 21 "BIP", 22 }; 23 24 const char *security_type_str(u8 value) 25 { 26 if (value <= _BIP_) 27 return _security_type_str[value]; 28 return NULL; 29 } 30 31 /* WEP related ===== */ 32 33 struct arc4context { 34 u32 x; 35 u32 y; 36 u8 state[256]; 37 }; 38 39 40 static void arcfour_init(struct arc4context *parc4ctx, u8 *key, u32 key_len) 41 { 42 u32 t, u; 43 u32 keyindex; 44 u32 stateindex; 45 u8 *state; 46 u32 counter; 47 48 state = parc4ctx->state; 49 parc4ctx->x = 0; 50 parc4ctx->y = 0; 51 for (counter = 0; counter < 256; counter++) 52 state[counter] = (u8)counter; 53 keyindex = 0; 54 stateindex = 0; 55 for (counter = 0; counter < 256; counter++) { 56 t = state[counter]; 57 stateindex = (stateindex + key[keyindex] + t) & 0xff; 58 u = state[stateindex]; 59 state[stateindex] = (u8)t; 60 state[counter] = (u8)u; 61 if (++keyindex >= key_len) 62 keyindex = 0; 63 } 64 } 65 66 static u32 arcfour_byte(struct arc4context *parc4ctx) 67 { 68 u32 x; 69 u32 y; 70 u32 sx, sy; 71 u8 *state; 72 73 state = parc4ctx->state; 74 x = (parc4ctx->x + 1) & 0xff; 75 sx = state[x]; 76 y = (sx + parc4ctx->y) & 0xff; 77 sy = state[y]; 78 parc4ctx->x = x; 79 parc4ctx->y = y; 80 state[y] = (u8)sx; 81 state[x] = (u8)sy; 82 return state[(sx + sy) & 0xff]; 83 } 84 85 static void arcfour_encrypt(struct arc4context *parc4ctx, u8 *dest, u8 *src, u32 len) 86 { 87 u32 i; 88 89 for (i = 0; i < len; i++) 90 dest[i] = src[i] ^ (unsigned char)arcfour_byte(parc4ctx); 91 } 92 93 static signed int bcrc32initialized; 94 static u32 crc32_table[256]; 95 96 97 static u8 crc32_reverseBit(u8 data) 98 { 99 return((u8)((data<<7)&0x80) | ((data<<5)&0x40) | ((data<<3)&0x20) | ((data<<1)&0x10) | ((data>>1)&0x08) | ((data>>3)&0x04) | ((data>>5)&0x02) | ((data>>7)&0x01)); 100 } 101 102 static void crc32_init(void) 103 { 104 if (bcrc32initialized == 1) 105 return; 106 else { 107 signed int i, j; 108 u32 c; 109 u8 *p = (u8 *)&c, *p1; 110 u8 k; 111 112 c = 0x12340000; 113 114 for (i = 0; i < 256; ++i) { 115 k = crc32_reverseBit((u8)i); 116 for (c = ((u32)k) << 24, j = 8; j > 0; --j) 117 c = c & 0x80000000 ? (c << 1) ^ CRC32_POLY_BE : (c << 1); 118 p1 = (u8 *)&crc32_table[i]; 119 120 p1[0] = crc32_reverseBit(p[3]); 121 p1[1] = crc32_reverseBit(p[2]); 122 p1[2] = crc32_reverseBit(p[1]); 123 p1[3] = crc32_reverseBit(p[0]); 124 } 125 bcrc32initialized = 1; 126 } 127 } 128 129 static __le32 getcrc32(u8 *buf, signed int len) 130 { 131 u8 *p; 132 u32 crc; 133 134 if (bcrc32initialized == 0) 135 crc32_init(); 136 137 crc = 0xffffffff; /* preload shift register, per CRC-32 spec */ 138 139 for (p = buf; len > 0; ++p, --len) 140 crc = crc32_table[(crc ^ *p) & 0xff] ^ (crc >> 8); 141 return cpu_to_le32(~crc); /* transmit complement, per CRC-32 spec */ 142 } 143 144 145 /* 146 Need to consider the fragment situation 147 */ 148 void rtw_wep_encrypt(struct adapter *padapter, u8 *pxmitframe) 149 { /* exclude ICV */ 150 151 unsigned char crc[4]; 152 struct arc4context mycontext; 153 154 signed int curfragnum, length; 155 u32 keylength; 156 157 u8 *pframe, *payload, *iv; /* wepkey */ 158 u8 wepkey[16]; 159 u8 hw_hdr_offset = 0; 160 struct pkt_attrib *pattrib = &((struct xmit_frame *)pxmitframe)->attrib; 161 struct security_priv *psecuritypriv = &padapter->securitypriv; 162 struct xmit_priv *pxmitpriv = &padapter->xmitpriv; 163 164 if (((struct xmit_frame *)pxmitframe)->buf_addr == NULL) 165 return; 166 167 hw_hdr_offset = TXDESC_OFFSET; 168 pframe = ((struct xmit_frame *)pxmitframe)->buf_addr + hw_hdr_offset; 169 170 /* start to encrypt each fragment */ 171 if ((pattrib->encrypt == _WEP40_) || (pattrib->encrypt == _WEP104_)) { 172 keylength = psecuritypriv->dot11DefKeylen[psecuritypriv->dot11PrivacyKeyIndex]; 173 174 for (curfragnum = 0; curfragnum < pattrib->nr_frags; curfragnum++) { 175 iv = pframe+pattrib->hdrlen; 176 memcpy(&wepkey[0], iv, 3); 177 memcpy(&wepkey[3], &psecuritypriv->dot11DefKey[psecuritypriv->dot11PrivacyKeyIndex].skey[0], keylength); 178 payload = pframe+pattrib->iv_len+pattrib->hdrlen; 179 180 if ((curfragnum+1) == pattrib->nr_frags) { /* the last fragment */ 181 182 length = pattrib->last_txcmdsz-pattrib->hdrlen-pattrib->iv_len-pattrib->icv_len; 183 184 *((__le32 *)crc) = getcrc32(payload, length); 185 186 arcfour_init(&mycontext, wepkey, 3+keylength); 187 arcfour_encrypt(&mycontext, payload, payload, length); 188 arcfour_encrypt(&mycontext, payload+length, crc, 4); 189 190 } else { 191 length = pxmitpriv->frag_len-pattrib->hdrlen-pattrib->iv_len-pattrib->icv_len; 192 *((__le32 *)crc) = getcrc32(payload, length); 193 arcfour_init(&mycontext, wepkey, 3+keylength); 194 arcfour_encrypt(&mycontext, payload, payload, length); 195 arcfour_encrypt(&mycontext, payload+length, crc, 4); 196 197 pframe += pxmitpriv->frag_len; 198 pframe = (u8 *)round_up((SIZE_PTR)(pframe), 4); 199 } 200 } 201 } 202 } 203 204 void rtw_wep_decrypt(struct adapter *padapter, u8 *precvframe) 205 { 206 /* exclude ICV */ 207 u8 crc[4]; 208 struct arc4context mycontext; 209 signed int length; 210 u32 keylength; 211 u8 *pframe, *payload, *iv, wepkey[16]; 212 u8 keyindex; 213 struct rx_pkt_attrib *prxattrib = &(((union recv_frame *)precvframe)->u.hdr.attrib); 214 struct security_priv *psecuritypriv = &padapter->securitypriv; 215 216 pframe = (unsigned char *)((union recv_frame *)precvframe)->u.hdr.rx_data; 217 218 /* start to decrypt recvframe */ 219 if ((prxattrib->encrypt == _WEP40_) || (prxattrib->encrypt == _WEP104_)) { 220 iv = pframe+prxattrib->hdrlen; 221 /* keyindex =(iv[3]&0x3); */ 222 keyindex = prxattrib->key_index; 223 keylength = psecuritypriv->dot11DefKeylen[keyindex]; 224 memcpy(&wepkey[0], iv, 3); 225 /* memcpy(&wepkey[3], &psecuritypriv->dot11DefKey[psecuritypriv->dot11PrivacyKeyIndex].skey[0], keylength); */ 226 memcpy(&wepkey[3], &psecuritypriv->dot11DefKey[keyindex].skey[0], keylength); 227 length = ((union recv_frame *)precvframe)->u.hdr.len-prxattrib->hdrlen-prxattrib->iv_len; 228 229 payload = pframe+prxattrib->iv_len+prxattrib->hdrlen; 230 231 /* decrypt payload include icv */ 232 arcfour_init(&mycontext, wepkey, 3+keylength); 233 arcfour_encrypt(&mycontext, payload, payload, length); 234 235 /* calculate icv and compare the icv */ 236 *((u32 *)crc) = le32_to_cpu(getcrc32(payload, length-4)); 237 238 } 239 } 240 241 /* 3 =====TKIP related ===== */ 242 243 static u32 secmicgetuint32(u8 *p) 244 /* Convert from Byte[] to Us3232 in a portable way */ 245 { 246 s32 i; 247 u32 res = 0; 248 249 for (i = 0; i < 4; i++) 250 res |= ((u32)(*p++)) << (8 * i); 251 252 return res; 253 } 254 255 static void secmicputuint32(u8 *p, u32 val) 256 /* Convert from Us3232 to Byte[] in a portable way */ 257 { 258 long i; 259 260 for (i = 0; i < 4; i++) { 261 *p++ = (u8) (val & 0xff); 262 val >>= 8; 263 } 264 } 265 266 static void secmicclear(struct mic_data *pmicdata) 267 { 268 /* Reset the state to the empty message. */ 269 pmicdata->L = pmicdata->K0; 270 pmicdata->R = pmicdata->K1; 271 pmicdata->nBytesInM = 0; 272 pmicdata->M = 0; 273 } 274 275 void rtw_secmicsetkey(struct mic_data *pmicdata, u8 *key) 276 { 277 /* Set the key */ 278 pmicdata->K0 = secmicgetuint32(key); 279 pmicdata->K1 = secmicgetuint32(key + 4); 280 /* and reset the message */ 281 secmicclear(pmicdata); 282 } 283 284 void rtw_secmicappendbyte(struct mic_data *pmicdata, u8 b) 285 { 286 /* Append the byte to our word-sized buffer */ 287 pmicdata->M |= ((unsigned long)b) << (8*pmicdata->nBytesInM); 288 pmicdata->nBytesInM++; 289 /* Process the word if it is full. */ 290 if (pmicdata->nBytesInM >= 4) { 291 pmicdata->L ^= pmicdata->M; 292 pmicdata->R ^= ROL32(pmicdata->L, 17); 293 pmicdata->L += pmicdata->R; 294 pmicdata->R ^= ((pmicdata->L & 0xff00ff00) >> 8) | ((pmicdata->L & 0x00ff00ff) << 8); 295 pmicdata->L += pmicdata->R; 296 pmicdata->R ^= ROL32(pmicdata->L, 3); 297 pmicdata->L += pmicdata->R; 298 pmicdata->R ^= ROR32(pmicdata->L, 2); 299 pmicdata->L += pmicdata->R; 300 /* Clear the buffer */ 301 pmicdata->M = 0; 302 pmicdata->nBytesInM = 0; 303 } 304 } 305 306 void rtw_secmicappend(struct mic_data *pmicdata, u8 *src, u32 nbytes) 307 { 308 /* This is simple */ 309 while (nbytes > 0) { 310 rtw_secmicappendbyte(pmicdata, *src++); 311 nbytes--; 312 } 313 } 314 315 void rtw_secgetmic(struct mic_data *pmicdata, u8 *dst) 316 { 317 /* Append the minimum padding */ 318 rtw_secmicappendbyte(pmicdata, 0x5a); 319 rtw_secmicappendbyte(pmicdata, 0); 320 rtw_secmicappendbyte(pmicdata, 0); 321 rtw_secmicappendbyte(pmicdata, 0); 322 rtw_secmicappendbyte(pmicdata, 0); 323 /* and then zeroes until the length is a multiple of 4 */ 324 while (pmicdata->nBytesInM != 0) 325 rtw_secmicappendbyte(pmicdata, 0); 326 /* The appendByte function has already computed the result. */ 327 secmicputuint32(dst, pmicdata->L); 328 secmicputuint32(dst + 4, pmicdata->R); 329 /* Reset to the empty message. */ 330 secmicclear(pmicdata); 331 } 332 333 334 void rtw_seccalctkipmic(u8 *key, u8 *header, u8 *data, u32 data_len, u8 *mic_code, u8 pri) 335 { 336 337 struct mic_data micdata; 338 u8 priority[4] = {0x0, 0x0, 0x0, 0x0}; 339 340 rtw_secmicsetkey(&micdata, key); 341 priority[0] = pri; 342 343 /* Michael MIC pseudo header: DA, SA, 3 x 0, Priority */ 344 if (header[1] & 1) { /* ToDS == 1 */ 345 rtw_secmicappend(&micdata, &header[16], 6); /* DA */ 346 if (header[1] & 2) /* From Ds == 1 */ 347 rtw_secmicappend(&micdata, &header[24], 6); 348 else 349 rtw_secmicappend(&micdata, &header[10], 6); 350 } else { /* ToDS == 0 */ 351 rtw_secmicappend(&micdata, &header[4], 6); /* DA */ 352 if (header[1] & 2) /* From Ds == 1 */ 353 rtw_secmicappend(&micdata, &header[16], 6); 354 else 355 rtw_secmicappend(&micdata, &header[10], 6); 356 } 357 rtw_secmicappend(&micdata, &priority[0], 4); 358 359 360 rtw_secmicappend(&micdata, data, data_len); 361 362 rtw_secgetmic(&micdata, mic_code); 363 } 364 365 /* macros for extraction/creation of unsigned char/unsigned short values */ 366 #define RotR1(v16) ((((v16) >> 1) & 0x7FFF) ^ (((v16) & 1) << 15)) 367 #define Lo8(v16) ((u8)((v16) & 0x00FF)) 368 #define Hi8(v16) ((u8)(((v16) >> 8) & 0x00FF)) 369 #define Lo16(v32) ((u16)((v32) & 0xFFFF)) 370 #define Hi16(v32) ((u16)(((v32) >> 16) & 0xFFFF)) 371 #define Mk16(hi, lo) ((lo) ^ (((u16)(hi)) << 8)) 372 373 /* select the Nth 16-bit word of the temporal key unsigned char array TK[] */ 374 #define TK16(N) Mk16(tk[2*(N)+1], tk[2*(N)]) 375 376 /* S-box lookup: 16 bits --> 16 bits */ 377 #define _S_(v16) (Sbox1[0][Lo8(v16)] ^ Sbox1[1][Hi8(v16)]) 378 379 /* fixed algorithm "parameters" */ 380 #define PHASE1_LOOP_CNT 8 /* this needs to be "big enough" */ 381 #define TA_SIZE 6 /* 48-bit transmitter address */ 382 #define TK_SIZE 16 /* 128-bit temporal key */ 383 #define P1K_SIZE 10 /* 80-bit Phase1 key */ 384 #define RC4_KEY_SIZE 16 /* 128-bit RC4KEY (104 bits unknown) */ 385 386 387 /* 2-unsigned char by 2-unsigned char subset of the full AES S-box table */ 388 static const unsigned short Sbox1[2][256] = { /* Sbox for hash (can be in ROM) */ 389 { 390 0xC6A5, 0xF884, 0xEE99, 0xF68D, 0xFF0D, 0xD6BD, 0xDEB1, 0x9154, 391 0x6050, 0x0203, 0xCEA9, 0x567D, 0xE719, 0xB562, 0x4DE6, 0xEC9A, 392 0x8F45, 0x1F9D, 0x8940, 0xFA87, 0xEF15, 0xB2EB, 0x8EC9, 0xFB0B, 393 0x41EC, 0xB367, 0x5FFD, 0x45EA, 0x23BF, 0x53F7, 0xE496, 0x9B5B, 394 0x75C2, 0xE11C, 0x3DAE, 0x4C6A, 0x6C5A, 0x7E41, 0xF502, 0x834F, 395 0x685C, 0x51F4, 0xD134, 0xF908, 0xE293, 0xAB73, 0x6253, 0x2A3F, 396 0x080C, 0x9552, 0x4665, 0x9D5E, 0x3028, 0x37A1, 0x0A0F, 0x2FB5, 397 0x0E09, 0x2436, 0x1B9B, 0xDF3D, 0xCD26, 0x4E69, 0x7FCD, 0xEA9F, 398 0x121B, 0x1D9E, 0x5874, 0x342E, 0x362D, 0xDCB2, 0xB4EE, 0x5BFB, 399 0xA4F6, 0x764D, 0xB761, 0x7DCE, 0x527B, 0xDD3E, 0x5E71, 0x1397, 400 0xA6F5, 0xB968, 0x0000, 0xC12C, 0x4060, 0xE31F, 0x79C8, 0xB6ED, 401 0xD4BE, 0x8D46, 0x67D9, 0x724B, 0x94DE, 0x98D4, 0xB0E8, 0x854A, 402 0xBB6B, 0xC52A, 0x4FE5, 0xED16, 0x86C5, 0x9AD7, 0x6655, 0x1194, 403 0x8ACF, 0xE910, 0x0406, 0xFE81, 0xA0F0, 0x7844, 0x25BA, 0x4BE3, 404 0xA2F3, 0x5DFE, 0x80C0, 0x058A, 0x3FAD, 0x21BC, 0x7048, 0xF104, 405 0x63DF, 0x77C1, 0xAF75, 0x4263, 0x2030, 0xE51A, 0xFD0E, 0xBF6D, 406 0x814C, 0x1814, 0x2635, 0xC32F, 0xBEE1, 0x35A2, 0x88CC, 0x2E39, 407 0x9357, 0x55F2, 0xFC82, 0x7A47, 0xC8AC, 0xBAE7, 0x322B, 0xE695, 408 0xC0A0, 0x1998, 0x9ED1, 0xA37F, 0x4466, 0x547E, 0x3BAB, 0x0B83, 409 0x8CCA, 0xC729, 0x6BD3, 0x283C, 0xA779, 0xBCE2, 0x161D, 0xAD76, 410 0xDB3B, 0x6456, 0x744E, 0x141E, 0x92DB, 0x0C0A, 0x486C, 0xB8E4, 411 0x9F5D, 0xBD6E, 0x43EF, 0xC4A6, 0x39A8, 0x31A4, 0xD337, 0xF28B, 412 0xD532, 0x8B43, 0x6E59, 0xDAB7, 0x018C, 0xB164, 0x9CD2, 0x49E0, 413 0xD8B4, 0xACFA, 0xF307, 0xCF25, 0xCAAF, 0xF48E, 0x47E9, 0x1018, 414 0x6FD5, 0xF088, 0x4A6F, 0x5C72, 0x3824, 0x57F1, 0x73C7, 0x9751, 415 0xCB23, 0xA17C, 0xE89C, 0x3E21, 0x96DD, 0x61DC, 0x0D86, 0x0F85, 416 0xE090, 0x7C42, 0x71C4, 0xCCAA, 0x90D8, 0x0605, 0xF701, 0x1C12, 417 0xC2A3, 0x6A5F, 0xAEF9, 0x69D0, 0x1791, 0x9958, 0x3A27, 0x27B9, 418 0xD938, 0xEB13, 0x2BB3, 0x2233, 0xD2BB, 0xA970, 0x0789, 0x33A7, 419 0x2DB6, 0x3C22, 0x1592, 0xC920, 0x8749, 0xAAFF, 0x5078, 0xA57A, 420 0x038F, 0x59F8, 0x0980, 0x1A17, 0x65DA, 0xD731, 0x84C6, 0xD0B8, 421 0x82C3, 0x29B0, 0x5A77, 0x1E11, 0x7BCB, 0xA8FC, 0x6DD6, 0x2C3A, 422 }, 423 424 425 { /* second half of table is unsigned char-reversed version of first! */ 426 0xA5C6, 0x84F8, 0x99EE, 0x8DF6, 0x0DFF, 0xBDD6, 0xB1DE, 0x5491, 427 0x5060, 0x0302, 0xA9CE, 0x7D56, 0x19E7, 0x62B5, 0xE64D, 0x9AEC, 428 0x458F, 0x9D1F, 0x4089, 0x87FA, 0x15EF, 0xEBB2, 0xC98E, 0x0BFB, 429 0xEC41, 0x67B3, 0xFD5F, 0xEA45, 0xBF23, 0xF753, 0x96E4, 0x5B9B, 430 0xC275, 0x1CE1, 0xAE3D, 0x6A4C, 0x5A6C, 0x417E, 0x02F5, 0x4F83, 431 0x5C68, 0xF451, 0x34D1, 0x08F9, 0x93E2, 0x73AB, 0x5362, 0x3F2A, 432 0x0C08, 0x5295, 0x6546, 0x5E9D, 0x2830, 0xA137, 0x0F0A, 0xB52F, 433 0x090E, 0x3624, 0x9B1B, 0x3DDF, 0x26CD, 0x694E, 0xCD7F, 0x9FEA, 434 0x1B12, 0x9E1D, 0x7458, 0x2E34, 0x2D36, 0xB2DC, 0xEEB4, 0xFB5B, 435 0xF6A4, 0x4D76, 0x61B7, 0xCE7D, 0x7B52, 0x3EDD, 0x715E, 0x9713, 436 0xF5A6, 0x68B9, 0x0000, 0x2CC1, 0x6040, 0x1FE3, 0xC879, 0xEDB6, 437 0xBED4, 0x468D, 0xD967, 0x4B72, 0xDE94, 0xD498, 0xE8B0, 0x4A85, 438 0x6BBB, 0x2AC5, 0xE54F, 0x16ED, 0xC586, 0xD79A, 0x5566, 0x9411, 439 0xCF8A, 0x10E9, 0x0604, 0x81FE, 0xF0A0, 0x4478, 0xBA25, 0xE34B, 440 0xF3A2, 0xFE5D, 0xC080, 0x8A05, 0xAD3F, 0xBC21, 0x4870, 0x04F1, 441 0xDF63, 0xC177, 0x75AF, 0x6342, 0x3020, 0x1AE5, 0x0EFD, 0x6DBF, 442 0x4C81, 0x1418, 0x3526, 0x2FC3, 0xE1BE, 0xA235, 0xCC88, 0x392E, 443 0x5793, 0xF255, 0x82FC, 0x477A, 0xACC8, 0xE7BA, 0x2B32, 0x95E6, 444 0xA0C0, 0x9819, 0xD19E, 0x7FA3, 0x6644, 0x7E54, 0xAB3B, 0x830B, 445 0xCA8C, 0x29C7, 0xD36B, 0x3C28, 0x79A7, 0xE2BC, 0x1D16, 0x76AD, 446 0x3BDB, 0x5664, 0x4E74, 0x1E14, 0xDB92, 0x0A0C, 0x6C48, 0xE4B8, 447 0x5D9F, 0x6EBD, 0xEF43, 0xA6C4, 0xA839, 0xA431, 0x37D3, 0x8BF2, 448 0x32D5, 0x438B, 0x596E, 0xB7DA, 0x8C01, 0x64B1, 0xD29C, 0xE049, 449 0xB4D8, 0xFAAC, 0x07F3, 0x25CF, 0xAFCA, 0x8EF4, 0xE947, 0x1810, 450 0xD56F, 0x88F0, 0x6F4A, 0x725C, 0x2438, 0xF157, 0xC773, 0x5197, 451 0x23CB, 0x7CA1, 0x9CE8, 0x213E, 0xDD96, 0xDC61, 0x860D, 0x850F, 452 0x90E0, 0x427C, 0xC471, 0xAACC, 0xD890, 0x0506, 0x01F7, 0x121C, 453 0xA3C2, 0x5F6A, 0xF9AE, 0xD069, 0x9117, 0x5899, 0x273A, 0xB927, 454 0x38D9, 0x13EB, 0xB32B, 0x3322, 0xBBD2, 0x70A9, 0x8907, 0xA733, 455 0xB62D, 0x223C, 0x9215, 0x20C9, 0x4987, 0xFFAA, 0x7850, 0x7AA5, 456 0x8F03, 0xF859, 0x8009, 0x171A, 0xDA65, 0x31D7, 0xC684, 0xB8D0, 457 0xC382, 0xB029, 0x775A, 0x111E, 0xCB7B, 0xFCA8, 0xD66D, 0x3A2C, 458 } 459 }; 460 461 /* 462 ********************************************************************** 463 * Routine: Phase 1 -- generate P1K, given TA, TK, IV32 464 * 465 * Inputs: 466 * tk[] = temporal key [128 bits] 467 * ta[] = transmitter's MAC address [ 48 bits] 468 * iv32 = upper 32 bits of IV [ 32 bits] 469 * Output: 470 * p1k[] = Phase 1 key [ 80 bits] 471 * 472 * Note: 473 * This function only needs to be called every 2**16 packets, 474 * although in theory it could be called every packet. 475 * 476 ********************************************************************** 477 */ 478 static void phase1(u16 *p1k, const u8 *tk, const u8 *ta, u32 iv32) 479 { 480 signed int i; 481 482 /* Initialize the 80 bits of P1K[] from IV32 and TA[0..5] */ 483 p1k[0] = Lo16(iv32); 484 p1k[1] = Hi16(iv32); 485 p1k[2] = Mk16(ta[1], ta[0]); /* use TA[] as little-endian */ 486 p1k[3] = Mk16(ta[3], ta[2]); 487 p1k[4] = Mk16(ta[5], ta[4]); 488 489 /* Now compute an unbalanced Feistel cipher with 80-bit block */ 490 /* size on the 80-bit block P1K[], using the 128-bit key TK[] */ 491 for (i = 0; i < PHASE1_LOOP_CNT; i++) { 492 /* Each add operation here is mod 2**16 */ 493 p1k[0] += _S_(p1k[4] ^ TK16((i&1)+0)); 494 p1k[1] += _S_(p1k[0] ^ TK16((i&1)+2)); 495 p1k[2] += _S_(p1k[1] ^ TK16((i&1)+4)); 496 p1k[3] += _S_(p1k[2] ^ TK16((i&1)+6)); 497 p1k[4] += _S_(p1k[3] ^ TK16((i&1)+0)); 498 p1k[4] += (unsigned short)i; /* avoid "slide attacks" */ 499 } 500 } 501 502 503 /* 504 ********************************************************************** 505 * Routine: Phase 2 -- generate RC4KEY, given TK, P1K, IV16 506 * 507 * Inputs: 508 * tk[] = Temporal key [128 bits] 509 * p1k[] = Phase 1 output key [ 80 bits] 510 * iv16 = low 16 bits of IV counter [ 16 bits] 511 * Output: 512 * rc4key[] = the key used to encrypt the packet [128 bits] 513 * 514 * Note: 515 * The value {TA, IV32, IV16} for Phase1/Phase2 must be unique 516 * across all packets using the same key TK value. Then, for a 517 * given value of TK[], this TKIP48 construction guarantees that 518 * the final RC4KEY value is unique across all packets. 519 * 520 * Suggested implementation optimization: if PPK[] is "overlaid" 521 * appropriately on RC4KEY[], there is no need for the final 522 * for loop below that copies the PPK[] result into RC4KEY[]. 523 * 524 ********************************************************************** 525 */ 526 static void phase2(u8 *rc4key, const u8 *tk, const u16 *p1k, u16 iv16) 527 { 528 signed int i; 529 u16 PPK[6]; /* temporary key for mixing */ 530 531 /* Note: all adds in the PPK[] equations below are mod 2**16 */ 532 for (i = 0; i < 5; i++) 533 PPK[i] = p1k[i]; /* first, copy P1K to PPK */ 534 535 PPK[5] = p1k[4]+iv16; /* next, add in IV16 */ 536 537 /* Bijective non-linear mixing of the 96 bits of PPK[0..5] */ 538 PPK[0] += _S_(PPK[5] ^ TK16(0)); /* Mix key in each "round" */ 539 PPK[1] += _S_(PPK[0] ^ TK16(1)); 540 PPK[2] += _S_(PPK[1] ^ TK16(2)); 541 PPK[3] += _S_(PPK[2] ^ TK16(3)); 542 PPK[4] += _S_(PPK[3] ^ TK16(4)); 543 PPK[5] += _S_(PPK[4] ^ TK16(5)); /* Total # S-box lookups == 6 */ 544 545 /* Final sweep: bijective, "linear". Rotates kill LSB correlations */ 546 PPK[0] += RotR1(PPK[5] ^ TK16(6)); 547 PPK[1] += RotR1(PPK[0] ^ TK16(7)); /* Use all of TK[] in Phase2 */ 548 PPK[2] += RotR1(PPK[1]); 549 PPK[3] += RotR1(PPK[2]); 550 PPK[4] += RotR1(PPK[3]); 551 PPK[5] += RotR1(PPK[4]); 552 /* Note: At this point, for a given key TK[0..15], the 96-bit output */ 553 /* value PPK[0..5] is guaranteed to be unique, as a function */ 554 /* of the 96-bit "input" value {TA, IV32, IV16}. That is, P1K */ 555 /* is now a keyed permutation of {TA, IV32, IV16}. */ 556 557 /* Set RC4KEY[0..3], which includes "cleartext" portion of RC4 key */ 558 rc4key[0] = Hi8(iv16); /* RC4KEY[0..2] is the WEP IV */ 559 rc4key[1] = (Hi8(iv16) | 0x20) & 0x7F; /* Help avoid weak (FMS) keys */ 560 rc4key[2] = Lo8(iv16); 561 rc4key[3] = Lo8((PPK[5] ^ TK16(0)) >> 1); 562 563 564 /* Copy 96 bits of PPK[0..5] to RC4KEY[4..15] (little-endian) */ 565 for (i = 0; i < 6; i++) { 566 rc4key[4+2*i] = Lo8(PPK[i]); 567 rc4key[5+2*i] = Hi8(PPK[i]); 568 } 569 } 570 571 572 /* The hlen isn't include the IV */ 573 u32 rtw_tkip_encrypt(struct adapter *padapter, u8 *pxmitframe) 574 { /* exclude ICV */ 575 u16 pnl; 576 u32 pnh; 577 u8 rc4key[16]; 578 u8 ttkey[16]; 579 u8 crc[4]; 580 u8 hw_hdr_offset = 0; 581 struct arc4context mycontext; 582 signed int curfragnum, length; 583 584 u8 *pframe, *payload, *iv, *prwskey; 585 union pn48 dot11txpn; 586 struct pkt_attrib *pattrib = &((struct xmit_frame *)pxmitframe)->attrib; 587 struct security_priv *psecuritypriv = &padapter->securitypriv; 588 struct xmit_priv *pxmitpriv = &padapter->xmitpriv; 589 u32 res = _SUCCESS; 590 591 if (((struct xmit_frame *)pxmitframe)->buf_addr == NULL) 592 return _FAIL; 593 594 hw_hdr_offset = TXDESC_OFFSET; 595 pframe = ((struct xmit_frame *)pxmitframe)->buf_addr + hw_hdr_offset; 596 597 /* 4 start to encrypt each fragment */ 598 if (pattrib->encrypt == _TKIP_) { 599 600 { 601 if (IS_MCAST(pattrib->ra)) 602 prwskey = psecuritypriv->dot118021XGrpKey[psecuritypriv->dot118021XGrpKeyid].skey; 603 else 604 prwskey = pattrib->dot118021x_UncstKey.skey; 605 606 for (curfragnum = 0; curfragnum < pattrib->nr_frags; curfragnum++) { 607 iv = pframe+pattrib->hdrlen; 608 payload = pframe+pattrib->iv_len+pattrib->hdrlen; 609 610 GET_TKIP_PN(iv, dot11txpn); 611 612 pnl = (u16)(dot11txpn.val); 613 pnh = (u32)(dot11txpn.val>>16); 614 615 phase1((u16 *)&ttkey[0], prwskey, &pattrib->ta[0], pnh); 616 617 phase2(&rc4key[0], prwskey, (u16 *)&ttkey[0], pnl); 618 619 if ((curfragnum+1) == pattrib->nr_frags) { /* 4 the last fragment */ 620 length = pattrib->last_txcmdsz-pattrib->hdrlen-pattrib->iv_len-pattrib->icv_len; 621 *((__le32 *)crc) = getcrc32(payload, length);/* modified by Amy*/ 622 623 arcfour_init(&mycontext, rc4key, 16); 624 arcfour_encrypt(&mycontext, payload, payload, length); 625 arcfour_encrypt(&mycontext, payload+length, crc, 4); 626 627 } else { 628 length = pxmitpriv->frag_len-pattrib->hdrlen-pattrib->iv_len-pattrib->icv_len; 629 *((__le32 *)crc) = getcrc32(payload, length);/* modified by Amy*/ 630 arcfour_init(&mycontext, rc4key, 16); 631 arcfour_encrypt(&mycontext, payload, payload, length); 632 arcfour_encrypt(&mycontext, payload+length, crc, 4); 633 634 pframe += pxmitpriv->frag_len; 635 pframe = (u8 *)round_up((SIZE_PTR)(pframe), 4); 636 } 637 } 638 } 639 } 640 return res; 641 } 642 643 644 /* The hlen isn't include the IV */ 645 u32 rtw_tkip_decrypt(struct adapter *padapter, u8 *precvframe) 646 { /* exclude ICV */ 647 u16 pnl; 648 u32 pnh; 649 u8 rc4key[16]; 650 u8 ttkey[16]; 651 u8 crc[4]; 652 struct arc4context mycontext; 653 signed int length; 654 655 u8 *pframe, *payload, *iv, *prwskey; 656 union pn48 dot11txpn; 657 struct sta_info *stainfo; 658 struct rx_pkt_attrib *prxattrib = &((union recv_frame *)precvframe)->u.hdr.attrib; 659 struct security_priv *psecuritypriv = &padapter->securitypriv; 660 u32 res = _SUCCESS; 661 662 pframe = (unsigned char *)((union recv_frame *)precvframe)->u.hdr.rx_data; 663 664 /* 4 start to decrypt recvframe */ 665 if (prxattrib->encrypt == _TKIP_) { 666 stainfo = rtw_get_stainfo(&padapter->stapriv, &prxattrib->ta[0]); 667 if (stainfo) { 668 if (IS_MCAST(prxattrib->ra)) { 669 static unsigned long start; 670 static u32 no_gkey_bc_cnt; 671 static u32 no_gkey_mc_cnt; 672 673 if (!psecuritypriv->binstallGrpkey) { 674 res = _FAIL; 675 676 if (start == 0) 677 start = jiffies; 678 679 if (is_broadcast_mac_addr(prxattrib->ra)) 680 no_gkey_bc_cnt++; 681 else 682 no_gkey_mc_cnt++; 683 684 if (jiffies_to_msecs(jiffies - start) > 1000) { 685 if (no_gkey_bc_cnt || no_gkey_mc_cnt) { 686 netdev_dbg(padapter->pnetdev, 687 FUNC_ADPT_FMT " no_gkey_bc_cnt:%u, no_gkey_mc_cnt:%u\n", 688 FUNC_ADPT_ARG(padapter), 689 no_gkey_bc_cnt, 690 no_gkey_mc_cnt); 691 } 692 start = jiffies; 693 no_gkey_bc_cnt = 0; 694 no_gkey_mc_cnt = 0; 695 } 696 goto exit; 697 } 698 699 if (no_gkey_bc_cnt || no_gkey_mc_cnt) { 700 netdev_dbg(padapter->pnetdev, 701 FUNC_ADPT_FMT " gkey installed. no_gkey_bc_cnt:%u, no_gkey_mc_cnt:%u\n", 702 FUNC_ADPT_ARG(padapter), 703 no_gkey_bc_cnt, 704 no_gkey_mc_cnt); 705 } 706 start = 0; 707 no_gkey_bc_cnt = 0; 708 no_gkey_mc_cnt = 0; 709 710 prwskey = psecuritypriv->dot118021XGrpKey[prxattrib->key_index].skey; 711 } else { 712 prwskey = &stainfo->dot118021x_UncstKey.skey[0]; 713 } 714 715 iv = pframe+prxattrib->hdrlen; 716 payload = pframe+prxattrib->iv_len+prxattrib->hdrlen; 717 length = ((union recv_frame *)precvframe)->u.hdr.len-prxattrib->hdrlen-prxattrib->iv_len; 718 719 GET_TKIP_PN(iv, dot11txpn); 720 721 pnl = (u16)(dot11txpn.val); 722 pnh = (u32)(dot11txpn.val>>16); 723 724 phase1((u16 *)&ttkey[0], prwskey, &prxattrib->ta[0], pnh); 725 phase2(&rc4key[0], prwskey, (unsigned short *)&ttkey[0], pnl); 726 727 /* 4 decrypt payload include icv */ 728 729 arcfour_init(&mycontext, rc4key, 16); 730 arcfour_encrypt(&mycontext, payload, payload, length); 731 732 *((u32 *)crc) = le32_to_cpu(getcrc32(payload, length-4)); 733 734 if (crc[3] != payload[length - 1] || crc[2] != payload[length - 2] || 735 crc[1] != payload[length - 3] || crc[0] != payload[length - 4]) 736 res = _FAIL; 737 } else { 738 res = _FAIL; 739 } 740 } 741 exit: 742 return res; 743 } 744 745 746 /* 3 =====AES related ===== */ 747 748 749 750 #define MAX_MSG_SIZE 2048 751 752 /*****************************/ 753 /**** Function Prototypes ****/ 754 /*****************************/ 755 756 static void bitwise_xor(u8 *ina, u8 *inb, u8 *out); 757 static void construct_mic_iv(u8 *mic_header1, 758 signed int qc_exists, 759 signed int a4_exists, 760 u8 *mpdu, 761 uint payload_length, 762 u8 *pn_vector, 763 uint frtype); /* add for CONFIG_IEEE80211W, none 11w also can use */ 764 static void construct_mic_header1(u8 *mic_header1, 765 signed int header_length, 766 u8 *mpdu, 767 uint frtype); /* for CONFIG_IEEE80211W, none 11w also can use */ 768 static void construct_mic_header2(u8 *mic_header2, 769 u8 *mpdu, 770 signed int a4_exists, 771 signed int qc_exists); 772 static void construct_ctr_preload(u8 *ctr_preload, 773 signed int a4_exists, 774 signed int qc_exists, 775 u8 *mpdu, 776 u8 *pn_vector, 777 signed int c, 778 uint frtype); /* for CONFIG_IEEE80211W, none 11w also can use */ 779 780 static void aes128k128d(u8 *key, u8 *data, u8 *ciphertext); 781 782 783 /****************************************/ 784 /* aes128k128d() */ 785 /* Performs a 128 bit AES encrypt with */ 786 /* 128 bit data. */ 787 /****************************************/ 788 static void aes128k128d(u8 *key, u8 *data, u8 *ciphertext) 789 { 790 struct crypto_aes_ctx ctx; 791 792 aes_expandkey(&ctx, key, 16); 793 aes_encrypt(&ctx, ciphertext, data); 794 memzero_explicit(&ctx, sizeof(ctx)); 795 } 796 797 /************************************************/ 798 /* construct_mic_iv() */ 799 /* Builds the MIC IV from header fields and PN */ 800 /* Baron think the function is construct CCM */ 801 /* nonce */ 802 /************************************************/ 803 static void construct_mic_iv(u8 *mic_iv, 804 signed int qc_exists, 805 signed int a4_exists, 806 u8 *mpdu, 807 uint payload_length, 808 u8 *pn_vector, 809 uint frtype) /* add for CONFIG_IEEE80211W, none 11w also can use */ 810 { 811 signed int i; 812 813 mic_iv[0] = 0x59; 814 815 if (qc_exists && a4_exists) 816 mic_iv[1] = mpdu[30] & 0x0f; /* QoS_TC */ 817 818 if (qc_exists && !a4_exists) 819 mic_iv[1] = mpdu[24] & 0x0f; /* mute bits 7-4 */ 820 821 if (!qc_exists) 822 mic_iv[1] = 0x00; 823 824 /* 802.11w management frame should set management bit(4) */ 825 if (frtype == WIFI_MGT_TYPE) 826 mic_iv[1] |= BIT(4); 827 828 for (i = 2; i < 8; i++) 829 mic_iv[i] = mpdu[i + 8]; /* mic_iv[2:7] = A2[0:5] = mpdu[10:15] */ 830 #ifdef CONSISTENT_PN_ORDER 831 for (i = 8; i < 14; i++) 832 mic_iv[i] = pn_vector[i - 8]; /* mic_iv[8:13] = PN[0:5] */ 833 #else 834 for (i = 8; i < 14; i++) 835 mic_iv[i] = pn_vector[13 - i]; /* mic_iv[8:13] = PN[5:0] */ 836 #endif 837 mic_iv[14] = (unsigned char) (payload_length / 256); 838 mic_iv[15] = (unsigned char) (payload_length % 256); 839 } 840 841 /************************************************/ 842 /* construct_mic_header1() */ 843 /* Builds the first MIC header block from */ 844 /* header fields. */ 845 /* Build AAD SC, A1, A2 */ 846 /************************************************/ 847 static void construct_mic_header1(u8 *mic_header1, 848 signed int header_length, 849 u8 *mpdu, 850 uint frtype) /* for CONFIG_IEEE80211W, none 11w also can use */ 851 { 852 mic_header1[0] = (u8)((header_length - 2) / 256); 853 mic_header1[1] = (u8)((header_length - 2) % 256); 854 855 /* 802.11w management frame don't AND subtype bits 4, 5, 6 of frame control field */ 856 if (frtype == WIFI_MGT_TYPE) 857 mic_header1[2] = mpdu[0]; 858 else 859 mic_header1[2] = mpdu[0] & 0xcf; /* Mute CF poll & CF ack bits */ 860 861 mic_header1[3] = mpdu[1] & 0xc7; /* Mute retry, more data and pwr mgt bits */ 862 mic_header1[4] = mpdu[4]; /* A1 */ 863 mic_header1[5] = mpdu[5]; 864 mic_header1[6] = mpdu[6]; 865 mic_header1[7] = mpdu[7]; 866 mic_header1[8] = mpdu[8]; 867 mic_header1[9] = mpdu[9]; 868 mic_header1[10] = mpdu[10]; /* A2 */ 869 mic_header1[11] = mpdu[11]; 870 mic_header1[12] = mpdu[12]; 871 mic_header1[13] = mpdu[13]; 872 mic_header1[14] = mpdu[14]; 873 mic_header1[15] = mpdu[15]; 874 } 875 876 /************************************************/ 877 /* construct_mic_header2() */ 878 /* Builds the last MIC header block from */ 879 /* header fields. */ 880 /************************************************/ 881 static void construct_mic_header2(u8 *mic_header2, 882 u8 *mpdu, 883 signed int a4_exists, 884 signed int qc_exists) 885 { 886 signed int i; 887 888 for (i = 0; i < 16; i++) 889 mic_header2[i] = 0x00; 890 891 mic_header2[0] = mpdu[16]; /* A3 */ 892 mic_header2[1] = mpdu[17]; 893 mic_header2[2] = mpdu[18]; 894 mic_header2[3] = mpdu[19]; 895 mic_header2[4] = mpdu[20]; 896 mic_header2[5] = mpdu[21]; 897 898 mic_header2[6] = 0x00; 899 mic_header2[7] = 0x00; /* mpdu[23]; */ 900 901 if (!qc_exists && a4_exists) { 902 for (i = 0; i < 6; i++) 903 mic_header2[8+i] = mpdu[24+i]; /* A4 */ 904 } 905 906 if (qc_exists && !a4_exists) { 907 mic_header2[8] = mpdu[24] & 0x0f; /* mute bits 15 - 4 */ 908 mic_header2[9] = mpdu[25] & 0x00; 909 } 910 911 if (qc_exists && a4_exists) { 912 for (i = 0; i < 6; i++) 913 mic_header2[8+i] = mpdu[24+i]; /* A4 */ 914 915 mic_header2[14] = mpdu[30] & 0x0f; 916 mic_header2[15] = mpdu[31] & 0x00; 917 } 918 } 919 920 /************************************************/ 921 /* construct_mic_header2() */ 922 /* Builds the last MIC header block from */ 923 /* header fields. */ 924 /* Baron think the function is construct CCM */ 925 /* nonce */ 926 /************************************************/ 927 static void construct_ctr_preload(u8 *ctr_preload, 928 signed int a4_exists, 929 signed int qc_exists, 930 u8 *mpdu, 931 u8 *pn_vector, 932 signed int c, 933 uint frtype) /* for CONFIG_IEEE80211W, none 11w also can use */ 934 { 935 signed int i = 0; 936 937 for (i = 0; i < 16; i++) 938 ctr_preload[i] = 0x00; 939 i = 0; 940 941 ctr_preload[0] = 0x01; /* flag */ 942 if (qc_exists && a4_exists) 943 ctr_preload[1] = mpdu[30] & 0x0f; /* QoC_Control */ 944 if (qc_exists && !a4_exists) 945 ctr_preload[1] = mpdu[24] & 0x0f; 946 947 /* 802.11w management frame should set management bit(4) */ 948 if (frtype == WIFI_MGT_TYPE) 949 ctr_preload[1] |= BIT(4); 950 951 for (i = 2; i < 8; i++) 952 ctr_preload[i] = mpdu[i + 8]; /* ctr_preload[2:7] = A2[0:5] = mpdu[10:15] */ 953 #ifdef CONSISTENT_PN_ORDER 954 for (i = 8; i < 14; i++) 955 ctr_preload[i] = pn_vector[i - 8]; /* ctr_preload[8:13] = PN[0:5] */ 956 #else 957 for (i = 8; i < 14; i++) 958 ctr_preload[i] = pn_vector[13 - i]; /* ctr_preload[8:13] = PN[5:0] */ 959 #endif 960 ctr_preload[14] = (unsigned char) (c / 256); /* Ctr */ 961 ctr_preload[15] = (unsigned char) (c % 256); 962 } 963 964 /************************************/ 965 /* bitwise_xor() */ 966 /* A 128 bit, bitwise exclusive or */ 967 /************************************/ 968 static void bitwise_xor(u8 *ina, u8 *inb, u8 *out) 969 { 970 signed int i; 971 972 for (i = 0; i < 16; i++) 973 out[i] = ina[i] ^ inb[i]; 974 } 975 976 static signed int aes_cipher(u8 *key, uint hdrlen, 977 u8 *pframe, uint plen) 978 { 979 uint qc_exists, a4_exists, i, j, payload_remainder, 980 num_blocks, payload_index; 981 982 u8 pn_vector[6]; 983 u8 mic_iv[16]; 984 u8 mic_header1[16]; 985 u8 mic_header2[16]; 986 u8 ctr_preload[16]; 987 988 /* Intermediate Buffers */ 989 u8 chain_buffer[16]; 990 u8 aes_out[16]; 991 u8 padded_buffer[16]; 992 u8 mic[8]; 993 uint frtype = GetFrameType(pframe); 994 uint frsubtype = GetFrameSubType(pframe); 995 996 frsubtype = frsubtype>>4; 997 998 memset((void *)mic_iv, 0, 16); 999 memset((void *)mic_header1, 0, 16); 1000 memset((void *)mic_header2, 0, 16); 1001 memset((void *)ctr_preload, 0, 16); 1002 memset((void *)chain_buffer, 0, 16); 1003 memset((void *)aes_out, 0, 16); 1004 memset((void *)padded_buffer, 0, 16); 1005 1006 if ((hdrlen == WLAN_HDR_A3_LEN) || (hdrlen == WLAN_HDR_A3_QOS_LEN)) 1007 a4_exists = 0; 1008 else 1009 a4_exists = 1; 1010 1011 if (((frtype|frsubtype) == WIFI_DATA_CFACK) || 1012 ((frtype|frsubtype) == WIFI_DATA_CFPOLL) || 1013 ((frtype|frsubtype) == WIFI_DATA_CFACKPOLL)) { 1014 qc_exists = 1; 1015 if (hdrlen != WLAN_HDR_A3_QOS_LEN) 1016 hdrlen += 2; 1017 1018 } else if ((frtype == WIFI_DATA) && /* add for CONFIG_IEEE80211W, none 11w also can use */ 1019 ((frsubtype == 0x08) || 1020 (frsubtype == 0x09) || 1021 (frsubtype == 0x0a) || 1022 (frsubtype == 0x0b))) { 1023 if (hdrlen != WLAN_HDR_A3_QOS_LEN) 1024 hdrlen += 2; 1025 1026 qc_exists = 1; 1027 } else { 1028 qc_exists = 0; 1029 } 1030 1031 pn_vector[0] = pframe[hdrlen]; 1032 pn_vector[1] = pframe[hdrlen+1]; 1033 pn_vector[2] = pframe[hdrlen+4]; 1034 pn_vector[3] = pframe[hdrlen+5]; 1035 pn_vector[4] = pframe[hdrlen+6]; 1036 pn_vector[5] = pframe[hdrlen+7]; 1037 1038 construct_mic_iv(mic_iv, 1039 qc_exists, 1040 a4_exists, 1041 pframe, /* message, */ 1042 plen, 1043 pn_vector, 1044 frtype); /* add for CONFIG_IEEE80211W, none 11w also can use */ 1045 1046 construct_mic_header1(mic_header1, 1047 hdrlen, 1048 pframe, /* message */ 1049 frtype); /* add for CONFIG_IEEE80211W, none 11w also can use */ 1050 1051 construct_mic_header2(mic_header2, 1052 pframe, /* message, */ 1053 a4_exists, 1054 qc_exists); 1055 1056 payload_remainder = plen % 16; 1057 num_blocks = plen / 16; 1058 1059 /* Find start of payload */ 1060 payload_index = (hdrlen + 8); 1061 1062 /* Calculate MIC */ 1063 aes128k128d(key, mic_iv, aes_out); 1064 bitwise_xor(aes_out, mic_header1, chain_buffer); 1065 aes128k128d(key, chain_buffer, aes_out); 1066 bitwise_xor(aes_out, mic_header2, chain_buffer); 1067 aes128k128d(key, chain_buffer, aes_out); 1068 1069 for (i = 0; i < num_blocks; i++) { 1070 bitwise_xor(aes_out, &pframe[payload_index], chain_buffer); 1071 1072 payload_index += 16; 1073 aes128k128d(key, chain_buffer, aes_out); 1074 } 1075 1076 /* Add on the final payload block if it needs padding */ 1077 if (payload_remainder > 0) { 1078 for (j = 0; j < 16; j++) 1079 padded_buffer[j] = 0x00; 1080 for (j = 0; j < payload_remainder; j++) 1081 padded_buffer[j] = pframe[payload_index++]; 1082 1083 bitwise_xor(aes_out, padded_buffer, chain_buffer); 1084 aes128k128d(key, chain_buffer, aes_out); 1085 } 1086 1087 for (j = 0 ; j < 8; j++) 1088 mic[j] = aes_out[j]; 1089 1090 /* Insert MIC into payload */ 1091 for (j = 0; j < 8; j++) 1092 pframe[payload_index+j] = mic[j]; 1093 1094 payload_index = hdrlen + 8; 1095 for (i = 0; i < num_blocks; i++) { 1096 construct_ctr_preload(ctr_preload, a4_exists, qc_exists, pframe, /* message, */ 1097 pn_vector, i+1, frtype); 1098 /* add for CONFIG_IEEE80211W, none 11w also can use */ 1099 aes128k128d(key, ctr_preload, aes_out); 1100 bitwise_xor(aes_out, &pframe[payload_index], chain_buffer); 1101 for (j = 0; j < 16; j++) 1102 pframe[payload_index++] = chain_buffer[j]; 1103 } 1104 1105 if (payload_remainder > 0) { 1106 /* If there is a short final block, then pad it,*/ 1107 /* encrypt it and copy the unpadded part back */ 1108 construct_ctr_preload(ctr_preload, a4_exists, qc_exists, pframe, /* message, */ 1109 pn_vector, num_blocks+1, frtype); 1110 /* add for CONFIG_IEEE80211W, none 11w also can use */ 1111 1112 for (j = 0; j < 16; j++) 1113 padded_buffer[j] = 0x00; 1114 for (j = 0; j < payload_remainder; j++) 1115 padded_buffer[j] = pframe[payload_index+j]; 1116 1117 aes128k128d(key, ctr_preload, aes_out); 1118 bitwise_xor(aes_out, padded_buffer, chain_buffer); 1119 for (j = 0; j < payload_remainder; j++) 1120 pframe[payload_index++] = chain_buffer[j]; 1121 } 1122 1123 /* Encrypt the MIC */ 1124 construct_ctr_preload(ctr_preload, a4_exists, qc_exists, pframe, /* message, */ 1125 pn_vector, 0, frtype); 1126 /* add for CONFIG_IEEE80211W, none 11w also can use */ 1127 1128 for (j = 0; j < 16; j++) 1129 padded_buffer[j] = 0x00; 1130 for (j = 0; j < 8; j++) 1131 padded_buffer[j] = pframe[j+hdrlen+8+plen]; 1132 1133 aes128k128d(key, ctr_preload, aes_out); 1134 bitwise_xor(aes_out, padded_buffer, chain_buffer); 1135 for (j = 0; j < 8; j++) 1136 pframe[payload_index++] = chain_buffer[j]; 1137 1138 return _SUCCESS; 1139 } 1140 1141 u32 rtw_aes_encrypt(struct adapter *padapter, u8 *pxmitframe) 1142 { /* exclude ICV */ 1143 1144 /*static*/ 1145 /* unsigned char message[MAX_MSG_SIZE]; */ 1146 1147 /* Intermediate Buffers */ 1148 signed int curfragnum, length; 1149 u8 *pframe, *prwskey; /* *payload,*iv */ 1150 u8 hw_hdr_offset = 0; 1151 struct pkt_attrib *pattrib = &((struct xmit_frame *)pxmitframe)->attrib; 1152 struct security_priv *psecuritypriv = &padapter->securitypriv; 1153 struct xmit_priv *pxmitpriv = &padapter->xmitpriv; 1154 1155 u32 res = _SUCCESS; 1156 1157 if (((struct xmit_frame *)pxmitframe)->buf_addr == NULL) 1158 return _FAIL; 1159 1160 hw_hdr_offset = TXDESC_OFFSET; 1161 pframe = ((struct xmit_frame *)pxmitframe)->buf_addr + hw_hdr_offset; 1162 1163 /* 4 start to encrypt each fragment */ 1164 if (pattrib->encrypt == _AES_) { 1165 if (IS_MCAST(pattrib->ra)) 1166 prwskey = psecuritypriv->dot118021XGrpKey[psecuritypriv->dot118021XGrpKeyid].skey; 1167 else 1168 prwskey = pattrib->dot118021x_UncstKey.skey; 1169 1170 for (curfragnum = 0; curfragnum < pattrib->nr_frags; curfragnum++) { 1171 if ((curfragnum+1) == pattrib->nr_frags) { /* 4 the last fragment */ 1172 length = pattrib->last_txcmdsz-pattrib->hdrlen-pattrib->iv_len-pattrib->icv_len; 1173 1174 aes_cipher(prwskey, pattrib->hdrlen, pframe, length); 1175 } else { 1176 length = pxmitpriv->frag_len-pattrib->hdrlen-pattrib->iv_len-pattrib->icv_len; 1177 1178 aes_cipher(prwskey, pattrib->hdrlen, pframe, length); 1179 pframe += pxmitpriv->frag_len; 1180 pframe = (u8 *)round_up((SIZE_PTR)(pframe), 4); 1181 } 1182 } 1183 } 1184 return res; 1185 } 1186 1187 static signed int aes_decipher(u8 *key, uint hdrlen, 1188 u8 *pframe, uint plen) 1189 { 1190 static u8 message[MAX_MSG_SIZE]; 1191 uint qc_exists, a4_exists, i, j, payload_remainder, 1192 num_blocks, payload_index; 1193 signed int res = _SUCCESS; 1194 u8 pn_vector[6]; 1195 u8 mic_iv[16]; 1196 u8 mic_header1[16]; 1197 u8 mic_header2[16]; 1198 u8 ctr_preload[16]; 1199 1200 /* Intermediate Buffers */ 1201 u8 chain_buffer[16]; 1202 u8 aes_out[16]; 1203 u8 padded_buffer[16]; 1204 u8 mic[8]; 1205 1206 uint frtype = GetFrameType(pframe); 1207 uint frsubtype = GetFrameSubType(pframe); 1208 1209 frsubtype = frsubtype>>4; 1210 1211 memset((void *)mic_iv, 0, 16); 1212 memset((void *)mic_header1, 0, 16); 1213 memset((void *)mic_header2, 0, 16); 1214 memset((void *)ctr_preload, 0, 16); 1215 memset((void *)chain_buffer, 0, 16); 1216 memset((void *)aes_out, 0, 16); 1217 memset((void *)padded_buffer, 0, 16); 1218 1219 /* start to decrypt the payload */ 1220 1221 num_blocks = (plen-8) / 16; /* plen including LLC, payload_length and mic) */ 1222 1223 payload_remainder = (plen-8) % 16; 1224 1225 pn_vector[0] = pframe[hdrlen]; 1226 pn_vector[1] = pframe[hdrlen + 1]; 1227 pn_vector[2] = pframe[hdrlen + 4]; 1228 pn_vector[3] = pframe[hdrlen + 5]; 1229 pn_vector[4] = pframe[hdrlen + 6]; 1230 pn_vector[5] = pframe[hdrlen + 7]; 1231 1232 if ((hdrlen == WLAN_HDR_A3_LEN) || (hdrlen == WLAN_HDR_A3_QOS_LEN)) 1233 a4_exists = 0; 1234 else 1235 a4_exists = 1; 1236 1237 if (((frtype|frsubtype) == WIFI_DATA_CFACK) || 1238 ((frtype|frsubtype) == WIFI_DATA_CFPOLL) || 1239 ((frtype|frsubtype) == WIFI_DATA_CFACKPOLL)) { 1240 qc_exists = 1; 1241 if (hdrlen != WLAN_HDR_A3_QOS_LEN) 1242 hdrlen += 2; 1243 1244 } else if ((frtype == WIFI_DATA) && /* only for data packet . add for CONFIG_IEEE80211W, none 11w also can use */ 1245 ((frsubtype == 0x08) || 1246 (frsubtype == 0x09) || 1247 (frsubtype == 0x0a) || 1248 (frsubtype == 0x0b))) { 1249 if (hdrlen != WLAN_HDR_A3_QOS_LEN) 1250 hdrlen += 2; 1251 1252 qc_exists = 1; 1253 } else { 1254 qc_exists = 0; 1255 } 1256 1257 /* now, decrypt pframe with hdrlen offset and plen long */ 1258 1259 payload_index = hdrlen + 8; /* 8 is for extiv */ 1260 1261 for (i = 0; i < num_blocks; i++) { 1262 construct_ctr_preload(ctr_preload, a4_exists, 1263 qc_exists, pframe, 1264 pn_vector, i + 1, 1265 frtype); /* add for CONFIG_IEEE80211W, none 11w also can use */ 1266 1267 aes128k128d(key, ctr_preload, aes_out); 1268 bitwise_xor(aes_out, &pframe[payload_index], chain_buffer); 1269 1270 for (j = 0; j < 16; j++) 1271 pframe[payload_index++] = chain_buffer[j]; 1272 } 1273 1274 if (payload_remainder > 0) { 1275 /* If there is a short final block, then pad it,*/ 1276 /* encrypt it and copy the unpadded part back */ 1277 construct_ctr_preload(ctr_preload, a4_exists, qc_exists, pframe, pn_vector, 1278 num_blocks+1, frtype); 1279 /* add for CONFIG_IEEE80211W, none 11w also can use */ 1280 1281 for (j = 0; j < 16; j++) 1282 padded_buffer[j] = 0x00; 1283 for (j = 0; j < payload_remainder; j++) 1284 padded_buffer[j] = pframe[payload_index+j]; 1285 1286 aes128k128d(key, ctr_preload, aes_out); 1287 bitwise_xor(aes_out, padded_buffer, chain_buffer); 1288 for (j = 0; j < payload_remainder; j++) 1289 pframe[payload_index++] = chain_buffer[j]; 1290 } 1291 1292 /* start to calculate the mic */ 1293 if ((hdrlen + plen+8) <= MAX_MSG_SIZE) 1294 memcpy((void *)message, pframe, (hdrlen + plen+8)); /* 8 is for ext iv len */ 1295 1296 pn_vector[0] = pframe[hdrlen]; 1297 pn_vector[1] = pframe[hdrlen+1]; 1298 pn_vector[2] = pframe[hdrlen+4]; 1299 pn_vector[3] = pframe[hdrlen+5]; 1300 pn_vector[4] = pframe[hdrlen+6]; 1301 pn_vector[5] = pframe[hdrlen+7]; 1302 1303 construct_mic_iv(mic_iv, qc_exists, a4_exists, message, plen-8, pn_vector, frtype); 1304 /* add for CONFIG_IEEE80211W, none 11w also can use */ 1305 1306 construct_mic_header1(mic_header1, hdrlen, message, frtype); 1307 /* add for CONFIG_IEEE80211W, none 11w also can use */ 1308 construct_mic_header2(mic_header2, message, a4_exists, qc_exists); 1309 1310 payload_remainder = (plen-8) % 16; 1311 num_blocks = (plen-8) / 16; 1312 1313 /* Find start of payload */ 1314 payload_index = (hdrlen + 8); 1315 1316 /* Calculate MIC */ 1317 aes128k128d(key, mic_iv, aes_out); 1318 bitwise_xor(aes_out, mic_header1, chain_buffer); 1319 aes128k128d(key, chain_buffer, aes_out); 1320 bitwise_xor(aes_out, mic_header2, chain_buffer); 1321 aes128k128d(key, chain_buffer, aes_out); 1322 1323 for (i = 0; i < num_blocks; i++) { 1324 bitwise_xor(aes_out, &message[payload_index], chain_buffer); 1325 1326 payload_index += 16; 1327 aes128k128d(key, chain_buffer, aes_out); 1328 } 1329 1330 /* Add on the final payload block if it needs padding */ 1331 if (payload_remainder > 0) { 1332 for (j = 0; j < 16; j++) 1333 padded_buffer[j] = 0x00; 1334 for (j = 0; j < payload_remainder; j++) 1335 padded_buffer[j] = message[payload_index++]; 1336 1337 bitwise_xor(aes_out, padded_buffer, chain_buffer); 1338 aes128k128d(key, chain_buffer, aes_out); 1339 } 1340 1341 for (j = 0; j < 8; j++) 1342 mic[j] = aes_out[j]; 1343 1344 /* Insert MIC into payload */ 1345 for (j = 0; j < 8; j++) 1346 message[payload_index+j] = mic[j]; 1347 1348 payload_index = hdrlen + 8; 1349 for (i = 0; i < num_blocks; i++) { 1350 construct_ctr_preload(ctr_preload, a4_exists, qc_exists, message, pn_vector, i+1, 1351 frtype); 1352 /* add for CONFIG_IEEE80211W, none 11w also can use */ 1353 aes128k128d(key, ctr_preload, aes_out); 1354 bitwise_xor(aes_out, &message[payload_index], chain_buffer); 1355 for (j = 0; j < 16; j++) 1356 message[payload_index++] = chain_buffer[j]; 1357 } 1358 1359 if (payload_remainder > 0) { 1360 /* If there is a short final block, then pad it,*/ 1361 /* encrypt it and copy the unpadded part back */ 1362 construct_ctr_preload(ctr_preload, a4_exists, qc_exists, message, pn_vector, 1363 num_blocks+1, frtype); 1364 /* add for CONFIG_IEEE80211W, none 11w also can use */ 1365 1366 for (j = 0; j < 16; j++) 1367 padded_buffer[j] = 0x00; 1368 for (j = 0; j < payload_remainder; j++) 1369 padded_buffer[j] = message[payload_index+j]; 1370 1371 aes128k128d(key, ctr_preload, aes_out); 1372 bitwise_xor(aes_out, padded_buffer, chain_buffer); 1373 for (j = 0; j < payload_remainder; j++) 1374 message[payload_index++] = chain_buffer[j]; 1375 } 1376 1377 /* Encrypt the MIC */ 1378 construct_ctr_preload(ctr_preload, a4_exists, qc_exists, message, pn_vector, 0, frtype); 1379 /* add for CONFIG_IEEE80211W, none 11w also can use */ 1380 1381 for (j = 0; j < 16; j++) 1382 padded_buffer[j] = 0x00; 1383 for (j = 0; j < 8; j++) 1384 padded_buffer[j] = message[j+hdrlen+8+plen-8]; 1385 1386 aes128k128d(key, ctr_preload, aes_out); 1387 bitwise_xor(aes_out, padded_buffer, chain_buffer); 1388 for (j = 0; j < 8; j++) 1389 message[payload_index++] = chain_buffer[j]; 1390 1391 /* compare the mic */ 1392 for (i = 0; i < 8; i++) { 1393 if (pframe[hdrlen + 8 + plen - 8 + i] != message[hdrlen + 8 + plen - 8 + i]) 1394 res = _FAIL; 1395 } 1396 return res; 1397 } 1398 1399 u32 rtw_aes_decrypt(struct adapter *padapter, u8 *precvframe) 1400 { /* exclude ICV */ 1401 1402 /*static*/ 1403 /* unsigned char message[MAX_MSG_SIZE]; */ 1404 1405 /* Intermediate Buffers */ 1406 1407 signed int length; 1408 u8 *pframe, *prwskey; /* *payload,*iv */ 1409 struct sta_info *stainfo; 1410 struct rx_pkt_attrib *prxattrib = &((union recv_frame *)precvframe)->u.hdr.attrib; 1411 struct security_priv *psecuritypriv = &padapter->securitypriv; 1412 u32 res = _SUCCESS; 1413 1414 pframe = (unsigned char *)((union recv_frame *)precvframe)->u.hdr.rx_data; 1415 /* 4 start to encrypt each fragment */ 1416 if (prxattrib->encrypt == _AES_) { 1417 stainfo = rtw_get_stainfo(&padapter->stapriv, &prxattrib->ta[0]); 1418 if (stainfo) { 1419 if (IS_MCAST(prxattrib->ra)) { 1420 static unsigned long start; 1421 static u32 no_gkey_bc_cnt; 1422 static u32 no_gkey_mc_cnt; 1423 1424 if (!psecuritypriv->binstallGrpkey) { 1425 res = _FAIL; 1426 1427 if (start == 0) 1428 start = jiffies; 1429 1430 if (is_broadcast_mac_addr(prxattrib->ra)) 1431 no_gkey_bc_cnt++; 1432 else 1433 no_gkey_mc_cnt++; 1434 1435 if (jiffies_to_msecs(jiffies - start) > 1000) { 1436 if (no_gkey_bc_cnt || no_gkey_mc_cnt) { 1437 netdev_dbg(padapter->pnetdev, 1438 FUNC_ADPT_FMT " no_gkey_bc_cnt:%u, no_gkey_mc_cnt:%u\n", 1439 FUNC_ADPT_ARG(padapter), 1440 no_gkey_bc_cnt, 1441 no_gkey_mc_cnt); 1442 } 1443 start = jiffies; 1444 no_gkey_bc_cnt = 0; 1445 no_gkey_mc_cnt = 0; 1446 } 1447 1448 goto exit; 1449 } 1450 1451 if (no_gkey_bc_cnt || no_gkey_mc_cnt) { 1452 netdev_dbg(padapter->pnetdev, 1453 FUNC_ADPT_FMT " gkey installed. no_gkey_bc_cnt:%u, no_gkey_mc_cnt:%u\n", 1454 FUNC_ADPT_ARG(padapter), 1455 no_gkey_bc_cnt, 1456 no_gkey_mc_cnt); 1457 } 1458 start = 0; 1459 no_gkey_bc_cnt = 0; 1460 no_gkey_mc_cnt = 0; 1461 1462 prwskey = psecuritypriv->dot118021XGrpKey[prxattrib->key_index].skey; 1463 if (psecuritypriv->dot118021XGrpKeyid != prxattrib->key_index) { 1464 res = _FAIL; 1465 goto exit; 1466 } 1467 } else { 1468 prwskey = &stainfo->dot118021x_UncstKey.skey[0]; 1469 } 1470 1471 length = ((union recv_frame *)precvframe)->u.hdr.len-prxattrib->hdrlen-prxattrib->iv_len; 1472 1473 res = aes_decipher(prwskey, prxattrib->hdrlen, pframe, length); 1474 1475 } else { 1476 res = _FAIL; 1477 } 1478 } 1479 exit: 1480 return res; 1481 } 1482 1483 u32 rtw_BIP_verify(struct adapter *padapter, u8 *precvframe) 1484 { 1485 struct rx_pkt_attrib *pattrib = &((union recv_frame *)precvframe)->u.hdr.attrib; 1486 u8 *pframe; 1487 u8 *BIP_AAD, *p; 1488 u32 res = _FAIL; 1489 uint len, ori_len; 1490 struct ieee80211_hdr *pwlanhdr; 1491 u8 mic[16]; 1492 struct mlme_ext_priv *pmlmeext = &padapter->mlmeextpriv; 1493 __le16 le_tmp; 1494 __le64 le_tmp64; 1495 1496 ori_len = pattrib->pkt_len-WLAN_HDR_A3_LEN+BIP_AAD_SIZE; 1497 BIP_AAD = rtw_zmalloc(ori_len); 1498 1499 if (!BIP_AAD) 1500 return _FAIL; 1501 1502 /* PKT start */ 1503 pframe = (unsigned char *)((union recv_frame *)precvframe)->u.hdr.rx_data; 1504 /* mapping to wlan header */ 1505 pwlanhdr = (struct ieee80211_hdr *)pframe; 1506 /* save the frame body + MME */ 1507 memcpy(BIP_AAD+BIP_AAD_SIZE, pframe+WLAN_HDR_A3_LEN, pattrib->pkt_len-WLAN_HDR_A3_LEN); 1508 /* find MME IE pointer */ 1509 p = rtw_get_ie(BIP_AAD+BIP_AAD_SIZE, WLAN_EID_MMIE, &len, pattrib->pkt_len-WLAN_HDR_A3_LEN); 1510 /* Baron */ 1511 if (p) { 1512 u16 keyid = 0; 1513 u64 temp_ipn = 0; 1514 /* save packet number */ 1515 memcpy(&le_tmp64, p+4, 6); 1516 temp_ipn = le64_to_cpu(le_tmp64); 1517 /* BIP packet number should bigger than previous BIP packet */ 1518 if (temp_ipn <= pmlmeext->mgnt_80211w_IPN_rx) 1519 goto BIP_exit; 1520 1521 /* copy key index */ 1522 memcpy(&le_tmp, p+2, 2); 1523 keyid = le16_to_cpu(le_tmp); 1524 if (keyid != padapter->securitypriv.dot11wBIPKeyid) 1525 goto BIP_exit; 1526 1527 /* clear the MIC field of MME to zero */ 1528 memset(p+2+len-8, 0, 8); 1529 1530 /* conscruct AAD, copy frame control field */ 1531 memcpy(BIP_AAD, &pwlanhdr->frame_control, 2); 1532 ClearRetry(BIP_AAD); 1533 ClearPwrMgt(BIP_AAD); 1534 ClearMData(BIP_AAD); 1535 /* conscruct AAD, copy address 1 to address 3 */ 1536 memcpy(BIP_AAD+2, pwlanhdr->addr1, 18); 1537 1538 if (omac1_aes_128(padapter->securitypriv.dot11wBIPKey[padapter->securitypriv.dot11wBIPKeyid].skey 1539 , BIP_AAD, ori_len, mic)) 1540 goto BIP_exit; 1541 1542 /* MIC field should be last 8 bytes of packet (packet without FCS) */ 1543 if (!memcmp(mic, pframe+pattrib->pkt_len-8, 8)) { 1544 pmlmeext->mgnt_80211w_IPN_rx = temp_ipn; 1545 res = _SUCCESS; 1546 } else { 1547 } 1548 1549 } else { 1550 res = RTW_RX_HANDLED; 1551 } 1552 BIP_exit: 1553 1554 kfree(BIP_AAD); 1555 return res; 1556 } 1557 1558 /* AES tables*/ 1559 const u32 Te0[256] = { 1560 0xc66363a5U, 0xf87c7c84U, 0xee777799U, 0xf67b7b8dU, 1561 0xfff2f20dU, 0xd66b6bbdU, 0xde6f6fb1U, 0x91c5c554U, 1562 0x60303050U, 0x02010103U, 0xce6767a9U, 0x562b2b7dU, 1563 0xe7fefe19U, 0xb5d7d762U, 0x4dababe6U, 0xec76769aU, 1564 0x8fcaca45U, 0x1f82829dU, 0x89c9c940U, 0xfa7d7d87U, 1565 0xeffafa15U, 0xb25959ebU, 0x8e4747c9U, 0xfbf0f00bU, 1566 0x41adadecU, 0xb3d4d467U, 0x5fa2a2fdU, 0x45afafeaU, 1567 0x239c9cbfU, 0x53a4a4f7U, 0xe4727296U, 0x9bc0c05bU, 1568 0x75b7b7c2U, 0xe1fdfd1cU, 0x3d9393aeU, 0x4c26266aU, 1569 0x6c36365aU, 0x7e3f3f41U, 0xf5f7f702U, 0x83cccc4fU, 1570 0x6834345cU, 0x51a5a5f4U, 0xd1e5e534U, 0xf9f1f108U, 1571 0xe2717193U, 0xabd8d873U, 0x62313153U, 0x2a15153fU, 1572 0x0804040cU, 0x95c7c752U, 0x46232365U, 0x9dc3c35eU, 1573 0x30181828U, 0x379696a1U, 0x0a05050fU, 0x2f9a9ab5U, 1574 0x0e070709U, 0x24121236U, 0x1b80809bU, 0xdfe2e23dU, 1575 0xcdebeb26U, 0x4e272769U, 0x7fb2b2cdU, 0xea75759fU, 1576 0x1209091bU, 0x1d83839eU, 0x582c2c74U, 0x341a1a2eU, 1577 0x361b1b2dU, 0xdc6e6eb2U, 0xb45a5aeeU, 0x5ba0a0fbU, 1578 0xa45252f6U, 0x763b3b4dU, 0xb7d6d661U, 0x7db3b3ceU, 1579 0x5229297bU, 0xdde3e33eU, 0x5e2f2f71U, 0x13848497U, 1580 0xa65353f5U, 0xb9d1d168U, 0x00000000U, 0xc1eded2cU, 1581 0x40202060U, 0xe3fcfc1fU, 0x79b1b1c8U, 0xb65b5bedU, 1582 0xd46a6abeU, 0x8dcbcb46U, 0x67bebed9U, 0x7239394bU, 1583 0x944a4adeU, 0x984c4cd4U, 0xb05858e8U, 0x85cfcf4aU, 1584 0xbbd0d06bU, 0xc5efef2aU, 0x4faaaae5U, 0xedfbfb16U, 1585 0x864343c5U, 0x9a4d4dd7U, 0x66333355U, 0x11858594U, 1586 0x8a4545cfU, 0xe9f9f910U, 0x04020206U, 0xfe7f7f81U, 1587 0xa05050f0U, 0x783c3c44U, 0x259f9fbaU, 0x4ba8a8e3U, 1588 0xa25151f3U, 0x5da3a3feU, 0x804040c0U, 0x058f8f8aU, 1589 0x3f9292adU, 0x219d9dbcU, 0x70383848U, 0xf1f5f504U, 1590 0x63bcbcdfU, 0x77b6b6c1U, 0xafdada75U, 0x42212163U, 1591 0x20101030U, 0xe5ffff1aU, 0xfdf3f30eU, 0xbfd2d26dU, 1592 0x81cdcd4cU, 0x180c0c14U, 0x26131335U, 0xc3ecec2fU, 1593 0xbe5f5fe1U, 0x359797a2U, 0x884444ccU, 0x2e171739U, 1594 0x93c4c457U, 0x55a7a7f2U, 0xfc7e7e82U, 0x7a3d3d47U, 1595 0xc86464acU, 0xba5d5de7U, 0x3219192bU, 0xe6737395U, 1596 0xc06060a0U, 0x19818198U, 0x9e4f4fd1U, 0xa3dcdc7fU, 1597 0x44222266U, 0x542a2a7eU, 0x3b9090abU, 0x0b888883U, 1598 0x8c4646caU, 0xc7eeee29U, 0x6bb8b8d3U, 0x2814143cU, 1599 0xa7dede79U, 0xbc5e5ee2U, 0x160b0b1dU, 0xaddbdb76U, 1600 0xdbe0e03bU, 0x64323256U, 0x743a3a4eU, 0x140a0a1eU, 1601 0x924949dbU, 0x0c06060aU, 0x4824246cU, 0xb85c5ce4U, 1602 0x9fc2c25dU, 0xbdd3d36eU, 0x43acacefU, 0xc46262a6U, 1603 0x399191a8U, 0x319595a4U, 0xd3e4e437U, 0xf279798bU, 1604 0xd5e7e732U, 0x8bc8c843U, 0x6e373759U, 0xda6d6db7U, 1605 0x018d8d8cU, 0xb1d5d564U, 0x9c4e4ed2U, 0x49a9a9e0U, 1606 0xd86c6cb4U, 0xac5656faU, 0xf3f4f407U, 0xcfeaea25U, 1607 0xca6565afU, 0xf47a7a8eU, 0x47aeaee9U, 0x10080818U, 1608 0x6fbabad5U, 0xf0787888U, 0x4a25256fU, 0x5c2e2e72U, 1609 0x381c1c24U, 0x57a6a6f1U, 0x73b4b4c7U, 0x97c6c651U, 1610 0xcbe8e823U, 0xa1dddd7cU, 0xe874749cU, 0x3e1f1f21U, 1611 0x964b4bddU, 0x61bdbddcU, 0x0d8b8b86U, 0x0f8a8a85U, 1612 0xe0707090U, 0x7c3e3e42U, 0x71b5b5c4U, 0xcc6666aaU, 1613 0x904848d8U, 0x06030305U, 0xf7f6f601U, 0x1c0e0e12U, 1614 0xc26161a3U, 0x6a35355fU, 0xae5757f9U, 0x69b9b9d0U, 1615 0x17868691U, 0x99c1c158U, 0x3a1d1d27U, 0x279e9eb9U, 1616 0xd9e1e138U, 0xebf8f813U, 0x2b9898b3U, 0x22111133U, 1617 0xd26969bbU, 0xa9d9d970U, 0x078e8e89U, 0x339494a7U, 1618 0x2d9b9bb6U, 0x3c1e1e22U, 0x15878792U, 0xc9e9e920U, 1619 0x87cece49U, 0xaa5555ffU, 0x50282878U, 0xa5dfdf7aU, 1620 0x038c8c8fU, 0x59a1a1f8U, 0x09898980U, 0x1a0d0d17U, 1621 0x65bfbfdaU, 0xd7e6e631U, 0x844242c6U, 0xd06868b8U, 1622 0x824141c3U, 0x299999b0U, 0x5a2d2d77U, 0x1e0f0f11U, 1623 0x7bb0b0cbU, 0xa85454fcU, 0x6dbbbbd6U, 0x2c16163aU, 1624 }; 1625 1626 const u32 Td0[256] = { 1627 0x51f4a750U, 0x7e416553U, 0x1a17a4c3U, 0x3a275e96U, 1628 0x3bab6bcbU, 0x1f9d45f1U, 0xacfa58abU, 0x4be30393U, 1629 0x2030fa55U, 0xad766df6U, 0x88cc7691U, 0xf5024c25U, 1630 0x4fe5d7fcU, 0xc52acbd7U, 0x26354480U, 0xb562a38fU, 1631 0xdeb15a49U, 0x25ba1b67U, 0x45ea0e98U, 0x5dfec0e1U, 1632 0xc32f7502U, 0x814cf012U, 0x8d4697a3U, 0x6bd3f9c6U, 1633 0x038f5fe7U, 0x15929c95U, 0xbf6d7aebU, 0x955259daU, 1634 0xd4be832dU, 0x587421d3U, 0x49e06929U, 0x8ec9c844U, 1635 0x75c2896aU, 0xf48e7978U, 0x99583e6bU, 0x27b971ddU, 1636 0xbee14fb6U, 0xf088ad17U, 0xc920ac66U, 0x7dce3ab4U, 1637 0x63df4a18U, 0xe51a3182U, 0x97513360U, 0x62537f45U, 1638 0xb16477e0U, 0xbb6bae84U, 0xfe81a01cU, 0xf9082b94U, 1639 0x70486858U, 0x8f45fd19U, 0x94de6c87U, 0x527bf8b7U, 1640 0xab73d323U, 0x724b02e2U, 0xe31f8f57U, 0x6655ab2aU, 1641 0xb2eb2807U, 0x2fb5c203U, 0x86c57b9aU, 0xd33708a5U, 1642 0x302887f2U, 0x23bfa5b2U, 0x02036abaU, 0xed16825cU, 1643 0x8acf1c2bU, 0xa779b492U, 0xf307f2f0U, 0x4e69e2a1U, 1644 0x65daf4cdU, 0x0605bed5U, 0xd134621fU, 0xc4a6fe8aU, 1645 0x342e539dU, 0xa2f355a0U, 0x058ae132U, 0xa4f6eb75U, 1646 0x0b83ec39U, 0x4060efaaU, 0x5e719f06U, 0xbd6e1051U, 1647 0x3e218af9U, 0x96dd063dU, 0xdd3e05aeU, 0x4de6bd46U, 1648 0x91548db5U, 0x71c45d05U, 0x0406d46fU, 0x605015ffU, 1649 0x1998fb24U, 0xd6bde997U, 0x894043ccU, 0x67d99e77U, 1650 0xb0e842bdU, 0x07898b88U, 0xe7195b38U, 0x79c8eedbU, 1651 0xa17c0a47U, 0x7c420fe9U, 0xf8841ec9U, 0x00000000U, 1652 0x09808683U, 0x322bed48U, 0x1e1170acU, 0x6c5a724eU, 1653 0xfd0efffbU, 0x0f853856U, 0x3daed51eU, 0x362d3927U, 1654 0x0a0fd964U, 0x685ca621U, 0x9b5b54d1U, 0x24362e3aU, 1655 0x0c0a67b1U, 0x9357e70fU, 0xb4ee96d2U, 0x1b9b919eU, 1656 0x80c0c54fU, 0x61dc20a2U, 0x5a774b69U, 0x1c121a16U, 1657 0xe293ba0aU, 0xc0a02ae5U, 0x3c22e043U, 0x121b171dU, 1658 0x0e090d0bU, 0xf28bc7adU, 0x2db6a8b9U, 0x141ea9c8U, 1659 0x57f11985U, 0xaf75074cU, 0xee99ddbbU, 0xa37f60fdU, 1660 0xf701269fU, 0x5c72f5bcU, 0x44663bc5U, 0x5bfb7e34U, 1661 0x8b432976U, 0xcb23c6dcU, 0xb6edfc68U, 0xb8e4f163U, 1662 0xd731dccaU, 0x42638510U, 0x13972240U, 0x84c61120U, 1663 0x854a247dU, 0xd2bb3df8U, 0xaef93211U, 0xc729a16dU, 1664 0x1d9e2f4bU, 0xdcb230f3U, 0x0d8652ecU, 0x77c1e3d0U, 1665 0x2bb3166cU, 0xa970b999U, 0x119448faU, 0x47e96422U, 1666 0xa8fc8cc4U, 0xa0f03f1aU, 0x567d2cd8U, 0x223390efU, 1667 0x87494ec7U, 0xd938d1c1U, 0x8ccaa2feU, 0x98d40b36U, 1668 0xa6f581cfU, 0xa57ade28U, 0xdab78e26U, 0x3fadbfa4U, 1669 0x2c3a9de4U, 0x5078920dU, 0x6a5fcc9bU, 0x547e4662U, 1670 0xf68d13c2U, 0x90d8b8e8U, 0x2e39f75eU, 0x82c3aff5U, 1671 0x9f5d80beU, 0x69d0937cU, 0x6fd52da9U, 0xcf2512b3U, 1672 0xc8ac993bU, 0x10187da7U, 0xe89c636eU, 0xdb3bbb7bU, 1673 0xcd267809U, 0x6e5918f4U, 0xec9ab701U, 0x834f9aa8U, 1674 0xe6956e65U, 0xaaffe67eU, 0x21bccf08U, 0xef15e8e6U, 1675 0xbae79bd9U, 0x4a6f36ceU, 0xea9f09d4U, 0x29b07cd6U, 1676 0x31a4b2afU, 0x2a3f2331U, 0xc6a59430U, 0x35a266c0U, 1677 0x744ebc37U, 0xfc82caa6U, 0xe090d0b0U, 0x33a7d815U, 1678 0xf104984aU, 0x41ecdaf7U, 0x7fcd500eU, 0x1791f62fU, 1679 0x764dd68dU, 0x43efb04dU, 0xccaa4d54U, 0xe49604dfU, 1680 0x9ed1b5e3U, 0x4c6a881bU, 0xc12c1fb8U, 0x4665517fU, 1681 0x9d5eea04U, 0x018c355dU, 0xfa877473U, 0xfb0b412eU, 1682 0xb3671d5aU, 0x92dbd252U, 0xe9105633U, 0x6dd64713U, 1683 0x9ad7618cU, 0x37a10c7aU, 0x59f8148eU, 0xeb133c89U, 1684 0xcea927eeU, 0xb761c935U, 0xe11ce5edU, 0x7a47b13cU, 1685 0x9cd2df59U, 0x55f2733fU, 0x1814ce79U, 0x73c737bfU, 1686 0x53f7cdeaU, 0x5ffdaa5bU, 0xdf3d6f14U, 0x7844db86U, 1687 0xcaaff381U, 0xb968c43eU, 0x3824342cU, 0xc2a3405fU, 1688 0x161dc372U, 0xbce2250cU, 0x283c498bU, 0xff0d9541U, 1689 0x39a80171U, 0x080cb3deU, 0xd8b4e49cU, 0x6456c190U, 1690 0x7bcb8461U, 0xd532b670U, 0x486c5c74U, 0xd0b85742U, 1691 }; 1692 1693 const u8 Td4s[256] = { 1694 0x52U, 0x09U, 0x6aU, 0xd5U, 0x30U, 0x36U, 0xa5U, 0x38U, 1695 0xbfU, 0x40U, 0xa3U, 0x9eU, 0x81U, 0xf3U, 0xd7U, 0xfbU, 1696 0x7cU, 0xe3U, 0x39U, 0x82U, 0x9bU, 0x2fU, 0xffU, 0x87U, 1697 0x34U, 0x8eU, 0x43U, 0x44U, 0xc4U, 0xdeU, 0xe9U, 0xcbU, 1698 0x54U, 0x7bU, 0x94U, 0x32U, 0xa6U, 0xc2U, 0x23U, 0x3dU, 1699 0xeeU, 0x4cU, 0x95U, 0x0bU, 0x42U, 0xfaU, 0xc3U, 0x4eU, 1700 0x08U, 0x2eU, 0xa1U, 0x66U, 0x28U, 0xd9U, 0x24U, 0xb2U, 1701 0x76U, 0x5bU, 0xa2U, 0x49U, 0x6dU, 0x8bU, 0xd1U, 0x25U, 1702 0x72U, 0xf8U, 0xf6U, 0x64U, 0x86U, 0x68U, 0x98U, 0x16U, 1703 0xd4U, 0xa4U, 0x5cU, 0xccU, 0x5dU, 0x65U, 0xb6U, 0x92U, 1704 0x6cU, 0x70U, 0x48U, 0x50U, 0xfdU, 0xedU, 0xb9U, 0xdaU, 1705 0x5eU, 0x15U, 0x46U, 0x57U, 0xa7U, 0x8dU, 0x9dU, 0x84U, 1706 0x90U, 0xd8U, 0xabU, 0x00U, 0x8cU, 0xbcU, 0xd3U, 0x0aU, 1707 0xf7U, 0xe4U, 0x58U, 0x05U, 0xb8U, 0xb3U, 0x45U, 0x06U, 1708 0xd0U, 0x2cU, 0x1eU, 0x8fU, 0xcaU, 0x3fU, 0x0fU, 0x02U, 1709 0xc1U, 0xafU, 0xbdU, 0x03U, 0x01U, 0x13U, 0x8aU, 0x6bU, 1710 0x3aU, 0x91U, 0x11U, 0x41U, 0x4fU, 0x67U, 0xdcU, 0xeaU, 1711 0x97U, 0xf2U, 0xcfU, 0xceU, 0xf0U, 0xb4U, 0xe6U, 0x73U, 1712 0x96U, 0xacU, 0x74U, 0x22U, 0xe7U, 0xadU, 0x35U, 0x85U, 1713 0xe2U, 0xf9U, 0x37U, 0xe8U, 0x1cU, 0x75U, 0xdfU, 0x6eU, 1714 0x47U, 0xf1U, 0x1aU, 0x71U, 0x1dU, 0x29U, 0xc5U, 0x89U, 1715 0x6fU, 0xb7U, 0x62U, 0x0eU, 0xaaU, 0x18U, 0xbeU, 0x1bU, 1716 0xfcU, 0x56U, 0x3eU, 0x4bU, 0xc6U, 0xd2U, 0x79U, 0x20U, 1717 0x9aU, 0xdbU, 0xc0U, 0xfeU, 0x78U, 0xcdU, 0x5aU, 0xf4U, 1718 0x1fU, 0xddU, 0xa8U, 0x33U, 0x88U, 0x07U, 0xc7U, 0x31U, 1719 0xb1U, 0x12U, 0x10U, 0x59U, 0x27U, 0x80U, 0xecU, 0x5fU, 1720 0x60U, 0x51U, 0x7fU, 0xa9U, 0x19U, 0xb5U, 0x4aU, 0x0dU, 1721 0x2dU, 0xe5U, 0x7aU, 0x9fU, 0x93U, 0xc9U, 0x9cU, 0xefU, 1722 0xa0U, 0xe0U, 0x3bU, 0x4dU, 0xaeU, 0x2aU, 0xf5U, 0xb0U, 1723 0xc8U, 0xebU, 0xbbU, 0x3cU, 0x83U, 0x53U, 0x99U, 0x61U, 1724 0x17U, 0x2bU, 0x04U, 0x7eU, 0xbaU, 0x77U, 0xd6U, 0x26U, 1725 0xe1U, 0x69U, 0x14U, 0x63U, 0x55U, 0x21U, 0x0cU, 0x7dU, 1726 }; 1727 1728 const u8 rcons[] = { 1729 0x01, 0x02, 0x04, 0x08, 0x10, 0x20, 0x40, 0x80, 0x1B, 0x36 1730 /* for 128-bit blocks, Rijndael never uses more than 10 rcon values */ 1731 }; 1732 1733 static void gf_mulx(u8 *pad) 1734 { 1735 int i, carry; 1736 1737 carry = pad[0] & 0x80; 1738 for (i = 0; i < AES_BLOCK_SIZE - 1; i++) 1739 pad[i] = (pad[i] << 1) | (pad[i + 1] >> 7); 1740 1741 pad[AES_BLOCK_SIZE - 1] <<= 1; 1742 if (carry) 1743 pad[AES_BLOCK_SIZE - 1] ^= 0x87; 1744 } 1745 1746 /** 1747 * omac1_aes_128_vector - One-Key CBC MAC (OMAC1) hash with AES-128 1748 * @key: 128-bit key for the hash operation 1749 * @num_elem: Number of elements in the data vector 1750 * @addr: Pointers to the data areas 1751 * @len: Lengths of the data blocks 1752 * @mac: Buffer for MAC (128 bits, i.e., 16 bytes) 1753 * Returns: 0 on success, -1 on failure 1754 * 1755 * This is a mode for using block cipher (AES in this case) for authentication. 1756 * OMAC1 was standardized with the name CMAC by NIST in a Special Publication 1757 * (SP) 800-38B. 1758 */ 1759 static int omac1_aes_128_vector(u8 *key, size_t num_elem, 1760 u8 *addr[], size_t *len, u8 *mac) 1761 { 1762 struct crypto_aes_ctx ctx; 1763 u8 cbc[AES_BLOCK_SIZE], pad[AES_BLOCK_SIZE]; 1764 u8 *pos, *end; 1765 size_t i, e, left, total_len; 1766 int ret; 1767 1768 ret = aes_expandkey(&ctx, key, 16); 1769 if (ret) 1770 return -1; 1771 memset(cbc, 0, AES_BLOCK_SIZE); 1772 1773 total_len = 0; 1774 for (e = 0; e < num_elem; e++) 1775 total_len += len[e]; 1776 left = total_len; 1777 1778 e = 0; 1779 pos = addr[0]; 1780 end = pos + len[0]; 1781 1782 while (left >= AES_BLOCK_SIZE) { 1783 for (i = 0; i < AES_BLOCK_SIZE; i++) { 1784 cbc[i] ^= *pos++; 1785 if (pos >= end) { 1786 e++; 1787 pos = addr[e]; 1788 end = pos + len[e]; 1789 } 1790 } 1791 if (left > AES_BLOCK_SIZE) 1792 aes_encrypt(&ctx, cbc, cbc); 1793 left -= AES_BLOCK_SIZE; 1794 } 1795 1796 memset(pad, 0, AES_BLOCK_SIZE); 1797 aes_encrypt(&ctx, pad, pad); 1798 gf_mulx(pad); 1799 1800 if (left || total_len == 0) { 1801 for (i = 0; i < left; i++) { 1802 cbc[i] ^= *pos++; 1803 if (pos >= end) { 1804 e++; 1805 pos = addr[e]; 1806 end = pos + len[e]; 1807 } 1808 } 1809 cbc[left] ^= 0x80; 1810 gf_mulx(pad); 1811 } 1812 1813 for (i = 0; i < AES_BLOCK_SIZE; i++) 1814 pad[i] ^= cbc[i]; 1815 aes_encrypt(&ctx, pad, mac); 1816 memzero_explicit(&ctx, sizeof(ctx)); 1817 return 0; 1818 } 1819 1820 /** 1821 * omac1_aes_128 - One-Key CBC MAC (OMAC1) hash with AES-128 (aka AES-CMAC) 1822 * @key: 128-bit key for the hash operation 1823 * @data: Data buffer for which a MAC is determined 1824 * @data_len: Length of data buffer in bytes 1825 * @mac: Buffer for MAC (128 bits, i.e., 16 bytes) 1826 * Returns: 0 on success, -1 on failure 1827 * 1828 * This is a mode for using block cipher (AES in this case) for authentication. 1829 * OMAC1 was standardized with the name CMAC by NIST in a Special Publication 1830 * (SP) 800-38B. 1831 * modify for CONFIG_IEEE80211W */ 1832 int omac1_aes_128(u8 *key, u8 *data, size_t data_len, u8 *mac) 1833 { 1834 return omac1_aes_128_vector(key, 1, &data, &data_len, mac); 1835 } 1836 1837 /* Restore HW wep key setting according to key_mask */ 1838 void rtw_sec_restore_wep_key(struct adapter *adapter) 1839 { 1840 struct security_priv *securitypriv = &(adapter->securitypriv); 1841 signed int keyid; 1842 1843 if ((_WEP40_ == securitypriv->dot11PrivacyAlgrthm) || (_WEP104_ == securitypriv->dot11PrivacyAlgrthm)) { 1844 for (keyid = 0; keyid < 4; keyid++) { 1845 if (securitypriv->key_mask & BIT(keyid)) { 1846 if (keyid == securitypriv->dot11PrivacyKeyIndex) 1847 rtw_set_key(adapter, securitypriv, keyid, 1, false); 1848 else 1849 rtw_set_key(adapter, securitypriv, keyid, 0, false); 1850 } 1851 } 1852 } 1853 } 1854 1855 u8 rtw_handle_tkip_countermeasure(struct adapter *adapter, const char *caller) 1856 { 1857 struct security_priv *securitypriv = &(adapter->securitypriv); 1858 u8 status = _SUCCESS; 1859 1860 if (securitypriv->btkip_countermeasure) { 1861 unsigned long passing_ms = jiffies_to_msecs(jiffies - securitypriv->btkip_countermeasure_time); 1862 1863 if (passing_ms > 60*1000) { 1864 netdev_dbg(adapter->pnetdev, 1865 "%s(%s) countermeasure time:%lus > 60s\n", 1866 caller, ADPT_ARG(adapter), 1867 passing_ms / 1000); 1868 securitypriv->btkip_countermeasure = false; 1869 securitypriv->btkip_countermeasure_time = 0; 1870 } else { 1871 netdev_dbg(adapter->pnetdev, 1872 "%s(%s) countermeasure time:%lus < 60s\n", 1873 caller, ADPT_ARG(adapter), 1874 passing_ms / 1000); 1875 status = _FAIL; 1876 } 1877 } 1878 1879 return status; 1880 } 1881