1 // SPDX-License-Identifier: GPL-2.0 2 /****************************************************************************** 3 * 4 * Copyright(c) 2007 - 2011 Realtek Corporation. All rights reserved. 5 * 6 ******************************************************************************/ 7 #include <linux/crc32poly.h> 8 #include <drv_types.h> 9 #include <rtw_debug.h> 10 #include <crypto/aes.h> 11 12 static const char * const _security_type_str[] = { 13 "N/A", 14 "WEP40", 15 "TKIP", 16 "TKIP_WM", 17 "AES", 18 "WEP104", 19 "SMS4", 20 "WEP_WPA", 21 "BIP", 22 }; 23 24 const char *security_type_str(u8 value) 25 { 26 if (value <= _BIP_) 27 return _security_type_str[value]; 28 return NULL; 29 } 30 31 /* WEP related ===== */ 32 33 struct arc4context { 34 u32 x; 35 u32 y; 36 u8 state[256]; 37 }; 38 39 40 static void arcfour_init(struct arc4context *parc4ctx, u8 *key, u32 key_len) 41 { 42 u32 t, u; 43 u32 keyindex; 44 u32 stateindex; 45 u8 *state; 46 u32 counter; 47 48 state = parc4ctx->state; 49 parc4ctx->x = 0; 50 parc4ctx->y = 0; 51 for (counter = 0; counter < 256; counter++) 52 state[counter] = (u8)counter; 53 keyindex = 0; 54 stateindex = 0; 55 for (counter = 0; counter < 256; counter++) { 56 t = state[counter]; 57 stateindex = (stateindex + key[keyindex] + t) & 0xff; 58 u = state[stateindex]; 59 state[stateindex] = (u8)t; 60 state[counter] = (u8)u; 61 if (++keyindex >= key_len) 62 keyindex = 0; 63 } 64 } 65 66 static u32 arcfour_byte(struct arc4context *parc4ctx) 67 { 68 u32 x; 69 u32 y; 70 u32 sx, sy; 71 u8 *state; 72 73 state = parc4ctx->state; 74 x = (parc4ctx->x + 1) & 0xff; 75 sx = state[x]; 76 y = (sx + parc4ctx->y) & 0xff; 77 sy = state[y]; 78 parc4ctx->x = x; 79 parc4ctx->y = y; 80 state[y] = (u8)sx; 81 state[x] = (u8)sy; 82 return state[(sx + sy) & 0xff]; 83 } 84 85 static void arcfour_encrypt(struct arc4context *parc4ctx, u8 *dest, u8 *src, u32 len) 86 { 87 u32 i; 88 89 for (i = 0; i < len; i++) 90 dest[i] = src[i] ^ (unsigned char)arcfour_byte(parc4ctx); 91 } 92 93 static signed int bcrc32initialized; 94 static u32 crc32_table[256]; 95 96 97 static u8 crc32_reverseBit(u8 data) 98 { 99 return((u8)((data<<7)&0x80) | ((data<<5)&0x40) | ((data<<3)&0x20) | ((data<<1)&0x10) | ((data>>1)&0x08) | ((data>>3)&0x04) | ((data>>5)&0x02) | ((data>>7)&0x01)); 100 } 101 102 static void crc32_init(void) 103 { 104 if (bcrc32initialized == 1) 105 return; 106 else { 107 signed int i, j; 108 u32 c; 109 u8 *p = (u8 *)&c, *p1; 110 u8 k; 111 112 c = 0x12340000; 113 114 for (i = 0; i < 256; ++i) { 115 k = crc32_reverseBit((u8)i); 116 for (c = ((u32)k) << 24, j = 8; j > 0; --j) 117 c = c & 0x80000000 ? (c << 1) ^ CRC32_POLY_BE : (c << 1); 118 p1 = (u8 *)&crc32_table[i]; 119 120 p1[0] = crc32_reverseBit(p[3]); 121 p1[1] = crc32_reverseBit(p[2]); 122 p1[2] = crc32_reverseBit(p[1]); 123 p1[3] = crc32_reverseBit(p[0]); 124 } 125 bcrc32initialized = 1; 126 } 127 } 128 129 static __le32 getcrc32(u8 *buf, signed int len) 130 { 131 u8 *p; 132 u32 crc; 133 134 if (bcrc32initialized == 0) 135 crc32_init(); 136 137 crc = 0xffffffff; /* preload shift register, per CRC-32 spec */ 138 139 for (p = buf; len > 0; ++p, --len) 140 crc = crc32_table[(crc ^ *p) & 0xff] ^ (crc >> 8); 141 return cpu_to_le32(~crc); /* transmit complement, per CRC-32 spec */ 142 } 143 144 145 /* 146 Need to consider the fragment situation 147 */ 148 void rtw_wep_encrypt(struct adapter *padapter, u8 *pxmitframe) 149 { /* exclude ICV */ 150 151 unsigned char crc[4]; 152 struct arc4context mycontext; 153 154 signed int curfragnum, length; 155 u32 keylength; 156 157 u8 *pframe, *payload, *iv; /* wepkey */ 158 u8 wepkey[16]; 159 u8 hw_hdr_offset = 0; 160 struct pkt_attrib *pattrib = &((struct xmit_frame *)pxmitframe)->attrib; 161 struct security_priv *psecuritypriv = &padapter->securitypriv; 162 struct xmit_priv *pxmitpriv = &padapter->xmitpriv; 163 164 if (((struct xmit_frame *)pxmitframe)->buf_addr == NULL) 165 return; 166 167 hw_hdr_offset = TXDESC_OFFSET; 168 pframe = ((struct xmit_frame *)pxmitframe)->buf_addr + hw_hdr_offset; 169 170 /* start to encrypt each fragment */ 171 if ((pattrib->encrypt == _WEP40_) || (pattrib->encrypt == _WEP104_)) { 172 keylength = psecuritypriv->dot11DefKeylen[psecuritypriv->dot11PrivacyKeyIndex]; 173 174 for (curfragnum = 0; curfragnum < pattrib->nr_frags; curfragnum++) { 175 iv = pframe+pattrib->hdrlen; 176 memcpy(&wepkey[0], iv, 3); 177 memcpy(&wepkey[3], &psecuritypriv->dot11DefKey[psecuritypriv->dot11PrivacyKeyIndex].skey[0], keylength); 178 payload = pframe+pattrib->iv_len+pattrib->hdrlen; 179 180 if ((curfragnum+1) == pattrib->nr_frags) { /* the last fragment */ 181 182 length = pattrib->last_txcmdsz-pattrib->hdrlen-pattrib->iv_len-pattrib->icv_len; 183 184 *((__le32 *)crc) = getcrc32(payload, length); 185 186 arcfour_init(&mycontext, wepkey, 3+keylength); 187 arcfour_encrypt(&mycontext, payload, payload, length); 188 arcfour_encrypt(&mycontext, payload+length, crc, 4); 189 190 } else { 191 length = pxmitpriv->frag_len-pattrib->hdrlen-pattrib->iv_len-pattrib->icv_len; 192 *((__le32 *)crc) = getcrc32(payload, length); 193 arcfour_init(&mycontext, wepkey, 3+keylength); 194 arcfour_encrypt(&mycontext, payload, payload, length); 195 arcfour_encrypt(&mycontext, payload+length, crc, 4); 196 197 pframe += pxmitpriv->frag_len; 198 pframe = (u8 *)round_up((SIZE_PTR)(pframe), 4); 199 } 200 } 201 } 202 } 203 204 void rtw_wep_decrypt(struct adapter *padapter, u8 *precvframe) 205 { 206 /* exclude ICV */ 207 u8 crc[4]; 208 struct arc4context mycontext; 209 signed int length; 210 u32 keylength; 211 u8 *pframe, *payload, *iv, wepkey[16]; 212 u8 keyindex; 213 struct rx_pkt_attrib *prxattrib = &(((union recv_frame *)precvframe)->u.hdr.attrib); 214 struct security_priv *psecuritypriv = &padapter->securitypriv; 215 216 pframe = (unsigned char *)((union recv_frame *)precvframe)->u.hdr.rx_data; 217 218 /* start to decrypt recvframe */ 219 if ((prxattrib->encrypt == _WEP40_) || (prxattrib->encrypt == _WEP104_)) { 220 iv = pframe+prxattrib->hdrlen; 221 /* keyindex =(iv[3]&0x3); */ 222 keyindex = prxattrib->key_index; 223 keylength = psecuritypriv->dot11DefKeylen[keyindex]; 224 memcpy(&wepkey[0], iv, 3); 225 /* memcpy(&wepkey[3], &psecuritypriv->dot11DefKey[psecuritypriv->dot11PrivacyKeyIndex].skey[0], keylength); */ 226 memcpy(&wepkey[3], &psecuritypriv->dot11DefKey[keyindex].skey[0], keylength); 227 length = ((union recv_frame *)precvframe)->u.hdr.len-prxattrib->hdrlen-prxattrib->iv_len; 228 229 payload = pframe+prxattrib->iv_len+prxattrib->hdrlen; 230 231 /* decrypt payload include icv */ 232 arcfour_init(&mycontext, wepkey, 3+keylength); 233 arcfour_encrypt(&mycontext, payload, payload, length); 234 235 /* calculate icv and compare the icv */ 236 *((u32 *)crc) = le32_to_cpu(getcrc32(payload, length-4)); 237 238 } 239 } 240 241 /* 3 =====TKIP related ===== */ 242 243 static u32 secmicgetuint32(u8 *p) 244 /* Convert from Byte[] to Us3232 in a portable way */ 245 { 246 s32 i; 247 u32 res = 0; 248 249 for (i = 0; i < 4; i++) 250 res |= ((u32)(*p++)) << (8 * i); 251 252 return res; 253 } 254 255 static void secmicputuint32(u8 *p, u32 val) 256 /* Convert from Us3232 to Byte[] in a portable way */ 257 { 258 long i; 259 260 for (i = 0; i < 4; i++) { 261 *p++ = (u8) (val & 0xff); 262 val >>= 8; 263 } 264 } 265 266 static void secmicclear(struct mic_data *pmicdata) 267 { 268 /* Reset the state to the empty message. */ 269 pmicdata->L = pmicdata->K0; 270 pmicdata->R = pmicdata->K1; 271 pmicdata->nBytesInM = 0; 272 pmicdata->M = 0; 273 } 274 275 void rtw_secmicsetkey(struct mic_data *pmicdata, u8 *key) 276 { 277 /* Set the key */ 278 pmicdata->K0 = secmicgetuint32(key); 279 pmicdata->K1 = secmicgetuint32(key + 4); 280 /* and reset the message */ 281 secmicclear(pmicdata); 282 } 283 284 void rtw_secmicappendbyte(struct mic_data *pmicdata, u8 b) 285 { 286 /* Append the byte to our word-sized buffer */ 287 pmicdata->M |= ((unsigned long)b) << (8*pmicdata->nBytesInM); 288 pmicdata->nBytesInM++; 289 /* Process the word if it is full. */ 290 if (pmicdata->nBytesInM >= 4) { 291 pmicdata->L ^= pmicdata->M; 292 pmicdata->R ^= ROL32(pmicdata->L, 17); 293 pmicdata->L += pmicdata->R; 294 pmicdata->R ^= ((pmicdata->L & 0xff00ff00) >> 8) | ((pmicdata->L & 0x00ff00ff) << 8); 295 pmicdata->L += pmicdata->R; 296 pmicdata->R ^= ROL32(pmicdata->L, 3); 297 pmicdata->L += pmicdata->R; 298 pmicdata->R ^= ROR32(pmicdata->L, 2); 299 pmicdata->L += pmicdata->R; 300 /* Clear the buffer */ 301 pmicdata->M = 0; 302 pmicdata->nBytesInM = 0; 303 } 304 } 305 306 void rtw_secmicappend(struct mic_data *pmicdata, u8 *src, u32 nbytes) 307 { 308 /* This is simple */ 309 while (nbytes > 0) { 310 rtw_secmicappendbyte(pmicdata, *src++); 311 nbytes--; 312 } 313 } 314 315 void rtw_secgetmic(struct mic_data *pmicdata, u8 *dst) 316 { 317 /* Append the minimum padding */ 318 rtw_secmicappendbyte(pmicdata, 0x5a); 319 rtw_secmicappendbyte(pmicdata, 0); 320 rtw_secmicappendbyte(pmicdata, 0); 321 rtw_secmicappendbyte(pmicdata, 0); 322 rtw_secmicappendbyte(pmicdata, 0); 323 /* and then zeroes until the length is a multiple of 4 */ 324 while (pmicdata->nBytesInM != 0) 325 rtw_secmicappendbyte(pmicdata, 0); 326 /* The appendByte function has already computed the result. */ 327 secmicputuint32(dst, pmicdata->L); 328 secmicputuint32(dst + 4, pmicdata->R); 329 /* Reset to the empty message. */ 330 secmicclear(pmicdata); 331 } 332 333 334 void rtw_seccalctkipmic(u8 *key, u8 *header, u8 *data, u32 data_len, u8 *mic_code, u8 pri) 335 { 336 337 struct mic_data micdata; 338 u8 priority[4] = {0x0, 0x0, 0x0, 0x0}; 339 340 rtw_secmicsetkey(&micdata, key); 341 priority[0] = pri; 342 343 /* Michael MIC pseudo header: DA, SA, 3 x 0, Priority */ 344 if (header[1] & 1) { /* ToDS == 1 */ 345 rtw_secmicappend(&micdata, &header[16], 6); /* DA */ 346 if (header[1] & 2) /* From Ds == 1 */ 347 rtw_secmicappend(&micdata, &header[24], 6); 348 else 349 rtw_secmicappend(&micdata, &header[10], 6); 350 } else { /* ToDS == 0 */ 351 rtw_secmicappend(&micdata, &header[4], 6); /* DA */ 352 if (header[1] & 2) /* From Ds == 1 */ 353 rtw_secmicappend(&micdata, &header[16], 6); 354 else 355 rtw_secmicappend(&micdata, &header[10], 6); 356 } 357 rtw_secmicappend(&micdata, &priority[0], 4); 358 359 360 rtw_secmicappend(&micdata, data, data_len); 361 362 rtw_secgetmic(&micdata, mic_code); 363 } 364 365 /* macros for extraction/creation of unsigned char/unsigned short values */ 366 #define RotR1(v16) ((((v16) >> 1) & 0x7FFF) ^ (((v16) & 1) << 15)) 367 #define Lo8(v16) ((u8)((v16) & 0x00FF)) 368 #define Hi8(v16) ((u8)(((v16) >> 8) & 0x00FF)) 369 #define Lo16(v32) ((u16)((v32) & 0xFFFF)) 370 #define Hi16(v32) ((u16)(((v32) >> 16) & 0xFFFF)) 371 #define Mk16(hi, lo) ((lo) ^ (((u16)(hi)) << 8)) 372 373 /* select the Nth 16-bit word of the temporal key unsigned char array TK[] */ 374 #define TK16(N) Mk16(tk[2*(N)+1], tk[2*(N)]) 375 376 /* S-box lookup: 16 bits --> 16 bits */ 377 #define _S_(v16) (Sbox1[0][Lo8(v16)] ^ Sbox1[1][Hi8(v16)]) 378 379 /* fixed algorithm "parameters" */ 380 #define PHASE1_LOOP_CNT 8 /* this needs to be "big enough" */ 381 #define TA_SIZE 6 /* 48-bit transmitter address */ 382 #define TK_SIZE 16 /* 128-bit temporal key */ 383 #define P1K_SIZE 10 /* 80-bit Phase1 key */ 384 #define RC4_KEY_SIZE 16 /* 128-bit RC4KEY (104 bits unknown) */ 385 386 387 /* 2-unsigned char by 2-unsigned char subset of the full AES S-box table */ 388 static const unsigned short Sbox1[2][256] = { /* Sbox for hash (can be in ROM) */ 389 { 390 0xC6A5, 0xF884, 0xEE99, 0xF68D, 0xFF0D, 0xD6BD, 0xDEB1, 0x9154, 391 0x6050, 0x0203, 0xCEA9, 0x567D, 0xE719, 0xB562, 0x4DE6, 0xEC9A, 392 0x8F45, 0x1F9D, 0x8940, 0xFA87, 0xEF15, 0xB2EB, 0x8EC9, 0xFB0B, 393 0x41EC, 0xB367, 0x5FFD, 0x45EA, 0x23BF, 0x53F7, 0xE496, 0x9B5B, 394 0x75C2, 0xE11C, 0x3DAE, 0x4C6A, 0x6C5A, 0x7E41, 0xF502, 0x834F, 395 0x685C, 0x51F4, 0xD134, 0xF908, 0xE293, 0xAB73, 0x6253, 0x2A3F, 396 0x080C, 0x9552, 0x4665, 0x9D5E, 0x3028, 0x37A1, 0x0A0F, 0x2FB5, 397 0x0E09, 0x2436, 0x1B9B, 0xDF3D, 0xCD26, 0x4E69, 0x7FCD, 0xEA9F, 398 0x121B, 0x1D9E, 0x5874, 0x342E, 0x362D, 0xDCB2, 0xB4EE, 0x5BFB, 399 0xA4F6, 0x764D, 0xB761, 0x7DCE, 0x527B, 0xDD3E, 0x5E71, 0x1397, 400 0xA6F5, 0xB968, 0x0000, 0xC12C, 0x4060, 0xE31F, 0x79C8, 0xB6ED, 401 0xD4BE, 0x8D46, 0x67D9, 0x724B, 0x94DE, 0x98D4, 0xB0E8, 0x854A, 402 0xBB6B, 0xC52A, 0x4FE5, 0xED16, 0x86C5, 0x9AD7, 0x6655, 0x1194, 403 0x8ACF, 0xE910, 0x0406, 0xFE81, 0xA0F0, 0x7844, 0x25BA, 0x4BE3, 404 0xA2F3, 0x5DFE, 0x80C0, 0x058A, 0x3FAD, 0x21BC, 0x7048, 0xF104, 405 0x63DF, 0x77C1, 0xAF75, 0x4263, 0x2030, 0xE51A, 0xFD0E, 0xBF6D, 406 0x814C, 0x1814, 0x2635, 0xC32F, 0xBEE1, 0x35A2, 0x88CC, 0x2E39, 407 0x9357, 0x55F2, 0xFC82, 0x7A47, 0xC8AC, 0xBAE7, 0x322B, 0xE695, 408 0xC0A0, 0x1998, 0x9ED1, 0xA37F, 0x4466, 0x547E, 0x3BAB, 0x0B83, 409 0x8CCA, 0xC729, 0x6BD3, 0x283C, 0xA779, 0xBCE2, 0x161D, 0xAD76, 410 0xDB3B, 0x6456, 0x744E, 0x141E, 0x92DB, 0x0C0A, 0x486C, 0xB8E4, 411 0x9F5D, 0xBD6E, 0x43EF, 0xC4A6, 0x39A8, 0x31A4, 0xD337, 0xF28B, 412 0xD532, 0x8B43, 0x6E59, 0xDAB7, 0x018C, 0xB164, 0x9CD2, 0x49E0, 413 0xD8B4, 0xACFA, 0xF307, 0xCF25, 0xCAAF, 0xF48E, 0x47E9, 0x1018, 414 0x6FD5, 0xF088, 0x4A6F, 0x5C72, 0x3824, 0x57F1, 0x73C7, 0x9751, 415 0xCB23, 0xA17C, 0xE89C, 0x3E21, 0x96DD, 0x61DC, 0x0D86, 0x0F85, 416 0xE090, 0x7C42, 0x71C4, 0xCCAA, 0x90D8, 0x0605, 0xF701, 0x1C12, 417 0xC2A3, 0x6A5F, 0xAEF9, 0x69D0, 0x1791, 0x9958, 0x3A27, 0x27B9, 418 0xD938, 0xEB13, 0x2BB3, 0x2233, 0xD2BB, 0xA970, 0x0789, 0x33A7, 419 0x2DB6, 0x3C22, 0x1592, 0xC920, 0x8749, 0xAAFF, 0x5078, 0xA57A, 420 0x038F, 0x59F8, 0x0980, 0x1A17, 0x65DA, 0xD731, 0x84C6, 0xD0B8, 421 0x82C3, 0x29B0, 0x5A77, 0x1E11, 0x7BCB, 0xA8FC, 0x6DD6, 0x2C3A, 422 }, 423 424 425 { /* second half of table is unsigned char-reversed version of first! */ 426 0xA5C6, 0x84F8, 0x99EE, 0x8DF6, 0x0DFF, 0xBDD6, 0xB1DE, 0x5491, 427 0x5060, 0x0302, 0xA9CE, 0x7D56, 0x19E7, 0x62B5, 0xE64D, 0x9AEC, 428 0x458F, 0x9D1F, 0x4089, 0x87FA, 0x15EF, 0xEBB2, 0xC98E, 0x0BFB, 429 0xEC41, 0x67B3, 0xFD5F, 0xEA45, 0xBF23, 0xF753, 0x96E4, 0x5B9B, 430 0xC275, 0x1CE1, 0xAE3D, 0x6A4C, 0x5A6C, 0x417E, 0x02F5, 0x4F83, 431 0x5C68, 0xF451, 0x34D1, 0x08F9, 0x93E2, 0x73AB, 0x5362, 0x3F2A, 432 0x0C08, 0x5295, 0x6546, 0x5E9D, 0x2830, 0xA137, 0x0F0A, 0xB52F, 433 0x090E, 0x3624, 0x9B1B, 0x3DDF, 0x26CD, 0x694E, 0xCD7F, 0x9FEA, 434 0x1B12, 0x9E1D, 0x7458, 0x2E34, 0x2D36, 0xB2DC, 0xEEB4, 0xFB5B, 435 0xF6A4, 0x4D76, 0x61B7, 0xCE7D, 0x7B52, 0x3EDD, 0x715E, 0x9713, 436 0xF5A6, 0x68B9, 0x0000, 0x2CC1, 0x6040, 0x1FE3, 0xC879, 0xEDB6, 437 0xBED4, 0x468D, 0xD967, 0x4B72, 0xDE94, 0xD498, 0xE8B0, 0x4A85, 438 0x6BBB, 0x2AC5, 0xE54F, 0x16ED, 0xC586, 0xD79A, 0x5566, 0x9411, 439 0xCF8A, 0x10E9, 0x0604, 0x81FE, 0xF0A0, 0x4478, 0xBA25, 0xE34B, 440 0xF3A2, 0xFE5D, 0xC080, 0x8A05, 0xAD3F, 0xBC21, 0x4870, 0x04F1, 441 0xDF63, 0xC177, 0x75AF, 0x6342, 0x3020, 0x1AE5, 0x0EFD, 0x6DBF, 442 0x4C81, 0x1418, 0x3526, 0x2FC3, 0xE1BE, 0xA235, 0xCC88, 0x392E, 443 0x5793, 0xF255, 0x82FC, 0x477A, 0xACC8, 0xE7BA, 0x2B32, 0x95E6, 444 0xA0C0, 0x9819, 0xD19E, 0x7FA3, 0x6644, 0x7E54, 0xAB3B, 0x830B, 445 0xCA8C, 0x29C7, 0xD36B, 0x3C28, 0x79A7, 0xE2BC, 0x1D16, 0x76AD, 446 0x3BDB, 0x5664, 0x4E74, 0x1E14, 0xDB92, 0x0A0C, 0x6C48, 0xE4B8, 447 0x5D9F, 0x6EBD, 0xEF43, 0xA6C4, 0xA839, 0xA431, 0x37D3, 0x8BF2, 448 0x32D5, 0x438B, 0x596E, 0xB7DA, 0x8C01, 0x64B1, 0xD29C, 0xE049, 449 0xB4D8, 0xFAAC, 0x07F3, 0x25CF, 0xAFCA, 0x8EF4, 0xE947, 0x1810, 450 0xD56F, 0x88F0, 0x6F4A, 0x725C, 0x2438, 0xF157, 0xC773, 0x5197, 451 0x23CB, 0x7CA1, 0x9CE8, 0x213E, 0xDD96, 0xDC61, 0x860D, 0x850F, 452 0x90E0, 0x427C, 0xC471, 0xAACC, 0xD890, 0x0506, 0x01F7, 0x121C, 453 0xA3C2, 0x5F6A, 0xF9AE, 0xD069, 0x9117, 0x5899, 0x273A, 0xB927, 454 0x38D9, 0x13EB, 0xB32B, 0x3322, 0xBBD2, 0x70A9, 0x8907, 0xA733, 455 0xB62D, 0x223C, 0x9215, 0x20C9, 0x4987, 0xFFAA, 0x7850, 0x7AA5, 456 0x8F03, 0xF859, 0x8009, 0x171A, 0xDA65, 0x31D7, 0xC684, 0xB8D0, 457 0xC382, 0xB029, 0x775A, 0x111E, 0xCB7B, 0xFCA8, 0xD66D, 0x3A2C, 458 } 459 }; 460 461 /* 462 ********************************************************************** 463 * Routine: Phase 1 -- generate P1K, given TA, TK, IV32 464 * 465 * Inputs: 466 * tk[] = temporal key [128 bits] 467 * ta[] = transmitter's MAC address [ 48 bits] 468 * iv32 = upper 32 bits of IV [ 32 bits] 469 * Output: 470 * p1k[] = Phase 1 key [ 80 bits] 471 * 472 * Note: 473 * This function only needs to be called every 2**16 packets, 474 * although in theory it could be called every packet. 475 * 476 ********************************************************************** 477 */ 478 static void phase1(u16 *p1k, const u8 *tk, const u8 *ta, u32 iv32) 479 { 480 signed int i; 481 482 /* Initialize the 80 bits of P1K[] from IV32 and TA[0..5] */ 483 p1k[0] = Lo16(iv32); 484 p1k[1] = Hi16(iv32); 485 p1k[2] = Mk16(ta[1], ta[0]); /* use TA[] as little-endian */ 486 p1k[3] = Mk16(ta[3], ta[2]); 487 p1k[4] = Mk16(ta[5], ta[4]); 488 489 /* Now compute an unbalanced Feistel cipher with 80-bit block */ 490 /* size on the 80-bit block P1K[], using the 128-bit key TK[] */ 491 for (i = 0; i < PHASE1_LOOP_CNT; i++) { 492 /* Each add operation here is mod 2**16 */ 493 p1k[0] += _S_(p1k[4] ^ TK16((i&1)+0)); 494 p1k[1] += _S_(p1k[0] ^ TK16((i&1)+2)); 495 p1k[2] += _S_(p1k[1] ^ TK16((i&1)+4)); 496 p1k[3] += _S_(p1k[2] ^ TK16((i&1)+6)); 497 p1k[4] += _S_(p1k[3] ^ TK16((i&1)+0)); 498 p1k[4] += (unsigned short)i; /* avoid "slide attacks" */ 499 } 500 } 501 502 503 /* 504 ********************************************************************** 505 * Routine: Phase 2 -- generate RC4KEY, given TK, P1K, IV16 506 * 507 * Inputs: 508 * tk[] = Temporal key [128 bits] 509 * p1k[] = Phase 1 output key [ 80 bits] 510 * iv16 = low 16 bits of IV counter [ 16 bits] 511 * Output: 512 * rc4key[] = the key used to encrypt the packet [128 bits] 513 * 514 * Note: 515 * The value {TA, IV32, IV16} for Phase1/Phase2 must be unique 516 * across all packets using the same key TK value. Then, for a 517 * given value of TK[], this TKIP48 construction guarantees that 518 * the final RC4KEY value is unique across all packets. 519 * 520 * Suggested implementation optimization: if PPK[] is "overlaid" 521 * appropriately on RC4KEY[], there is no need for the final 522 * for loop below that copies the PPK[] result into RC4KEY[]. 523 * 524 ********************************************************************** 525 */ 526 static void phase2(u8 *rc4key, const u8 *tk, const u16 *p1k, u16 iv16) 527 { 528 signed int i; 529 u16 PPK[6]; /* temporary key for mixing */ 530 531 /* Note: all adds in the PPK[] equations below are mod 2**16 */ 532 for (i = 0; i < 5; i++) 533 PPK[i] = p1k[i]; /* first, copy P1K to PPK */ 534 535 PPK[5] = p1k[4]+iv16; /* next, add in IV16 */ 536 537 /* Bijective non-linear mixing of the 96 bits of PPK[0..5] */ 538 PPK[0] += _S_(PPK[5] ^ TK16(0)); /* Mix key in each "round" */ 539 PPK[1] += _S_(PPK[0] ^ TK16(1)); 540 PPK[2] += _S_(PPK[1] ^ TK16(2)); 541 PPK[3] += _S_(PPK[2] ^ TK16(3)); 542 PPK[4] += _S_(PPK[3] ^ TK16(4)); 543 PPK[5] += _S_(PPK[4] ^ TK16(5)); /* Total # S-box lookups == 6 */ 544 545 /* Final sweep: bijective, "linear". Rotates kill LSB correlations */ 546 PPK[0] += RotR1(PPK[5] ^ TK16(6)); 547 PPK[1] += RotR1(PPK[0] ^ TK16(7)); /* Use all of TK[] in Phase2 */ 548 PPK[2] += RotR1(PPK[1]); 549 PPK[3] += RotR1(PPK[2]); 550 PPK[4] += RotR1(PPK[3]); 551 PPK[5] += RotR1(PPK[4]); 552 /* Note: At this point, for a given key TK[0..15], the 96-bit output */ 553 /* value PPK[0..5] is guaranteed to be unique, as a function */ 554 /* of the 96-bit "input" value {TA, IV32, IV16}. That is, P1K */ 555 /* is now a keyed permutation of {TA, IV32, IV16}. */ 556 557 /* Set RC4KEY[0..3], which includes "cleartext" portion of RC4 key */ 558 rc4key[0] = Hi8(iv16); /* RC4KEY[0..2] is the WEP IV */ 559 rc4key[1] = (Hi8(iv16) | 0x20) & 0x7F; /* Help avoid weak (FMS) keys */ 560 rc4key[2] = Lo8(iv16); 561 rc4key[3] = Lo8((PPK[5] ^ TK16(0)) >> 1); 562 563 564 /* Copy 96 bits of PPK[0..5] to RC4KEY[4..15] (little-endian) */ 565 for (i = 0; i < 6; i++) { 566 rc4key[4+2*i] = Lo8(PPK[i]); 567 rc4key[5+2*i] = Hi8(PPK[i]); 568 } 569 } 570 571 572 /* The hlen isn't include the IV */ 573 u32 rtw_tkip_encrypt(struct adapter *padapter, u8 *pxmitframe) 574 { /* exclude ICV */ 575 u16 pnl; 576 u32 pnh; 577 u8 rc4key[16]; 578 u8 ttkey[16]; 579 u8 crc[4]; 580 u8 hw_hdr_offset = 0; 581 struct arc4context mycontext; 582 signed int curfragnum, length; 583 584 u8 *pframe, *payload, *iv, *prwskey; 585 union pn48 dot11txpn; 586 struct pkt_attrib *pattrib = &((struct xmit_frame *)pxmitframe)->attrib; 587 struct security_priv *psecuritypriv = &padapter->securitypriv; 588 struct xmit_priv *pxmitpriv = &padapter->xmitpriv; 589 u32 res = _SUCCESS; 590 591 if (((struct xmit_frame *)pxmitframe)->buf_addr == NULL) 592 return _FAIL; 593 594 hw_hdr_offset = TXDESC_OFFSET; 595 pframe = ((struct xmit_frame *)pxmitframe)->buf_addr + hw_hdr_offset; 596 597 /* 4 start to encrypt each fragment */ 598 if (pattrib->encrypt == _TKIP_) { 599 600 { 601 if (IS_MCAST(pattrib->ra)) 602 prwskey = psecuritypriv->dot118021XGrpKey[psecuritypriv->dot118021XGrpKeyid].skey; 603 else 604 prwskey = pattrib->dot118021x_UncstKey.skey; 605 606 for (curfragnum = 0; curfragnum < pattrib->nr_frags; curfragnum++) { 607 iv = pframe+pattrib->hdrlen; 608 payload = pframe+pattrib->iv_len+pattrib->hdrlen; 609 610 GET_TKIP_PN(iv, dot11txpn); 611 612 pnl = (u16)(dot11txpn.val); 613 pnh = (u32)(dot11txpn.val>>16); 614 615 phase1((u16 *)&ttkey[0], prwskey, &pattrib->ta[0], pnh); 616 617 phase2(&rc4key[0], prwskey, (u16 *)&ttkey[0], pnl); 618 619 if ((curfragnum+1) == pattrib->nr_frags) { /* 4 the last fragment */ 620 length = pattrib->last_txcmdsz-pattrib->hdrlen-pattrib->iv_len-pattrib->icv_len; 621 *((__le32 *)crc) = getcrc32(payload, length);/* modified by Amy*/ 622 623 arcfour_init(&mycontext, rc4key, 16); 624 arcfour_encrypt(&mycontext, payload, payload, length); 625 arcfour_encrypt(&mycontext, payload+length, crc, 4); 626 627 } else { 628 length = pxmitpriv->frag_len-pattrib->hdrlen-pattrib->iv_len-pattrib->icv_len; 629 *((__le32 *)crc) = getcrc32(payload, length);/* modified by Amy*/ 630 arcfour_init(&mycontext, rc4key, 16); 631 arcfour_encrypt(&mycontext, payload, payload, length); 632 arcfour_encrypt(&mycontext, payload+length, crc, 4); 633 634 pframe += pxmitpriv->frag_len; 635 pframe = (u8 *)round_up((SIZE_PTR)(pframe), 4); 636 } 637 } 638 } 639 } 640 return res; 641 } 642 643 644 /* The hlen isn't include the IV */ 645 u32 rtw_tkip_decrypt(struct adapter *padapter, u8 *precvframe) 646 { /* exclude ICV */ 647 u16 pnl; 648 u32 pnh; 649 u8 rc4key[16]; 650 u8 ttkey[16]; 651 u8 crc[4]; 652 struct arc4context mycontext; 653 signed int length; 654 655 u8 *pframe, *payload, *iv, *prwskey; 656 union pn48 dot11txpn; 657 struct sta_info *stainfo; 658 struct rx_pkt_attrib *prxattrib = &((union recv_frame *)precvframe)->u.hdr.attrib; 659 struct security_priv *psecuritypriv = &padapter->securitypriv; 660 u32 res = _SUCCESS; 661 662 pframe = (unsigned char *)((union recv_frame *)precvframe)->u.hdr.rx_data; 663 664 /* 4 start to decrypt recvframe */ 665 if (prxattrib->encrypt == _TKIP_) { 666 stainfo = rtw_get_stainfo(&padapter->stapriv, &prxattrib->ta[0]); 667 if (stainfo) { 668 if (IS_MCAST(prxattrib->ra)) { 669 static unsigned long start; 670 static u32 no_gkey_bc_cnt; 671 static u32 no_gkey_mc_cnt; 672 673 if (!psecuritypriv->binstallGrpkey) { 674 res = _FAIL; 675 676 if (start == 0) 677 start = jiffies; 678 679 if (is_broadcast_mac_addr(prxattrib->ra)) 680 no_gkey_bc_cnt++; 681 else 682 no_gkey_mc_cnt++; 683 684 if (jiffies_to_msecs(jiffies - start) > 1000) { 685 if (no_gkey_bc_cnt || no_gkey_mc_cnt) { 686 netdev_dbg(padapter->pnetdev, 687 FUNC_ADPT_FMT " no_gkey_bc_cnt:%u, no_gkey_mc_cnt:%u\n", 688 FUNC_ADPT_ARG(padapter), 689 no_gkey_bc_cnt, 690 no_gkey_mc_cnt); 691 } 692 start = jiffies; 693 no_gkey_bc_cnt = 0; 694 no_gkey_mc_cnt = 0; 695 } 696 goto exit; 697 } 698 699 if (no_gkey_bc_cnt || no_gkey_mc_cnt) { 700 netdev_dbg(padapter->pnetdev, 701 FUNC_ADPT_FMT " gkey installed. no_gkey_bc_cnt:%u, no_gkey_mc_cnt:%u\n", 702 FUNC_ADPT_ARG(padapter), 703 no_gkey_bc_cnt, 704 no_gkey_mc_cnt); 705 } 706 start = 0; 707 no_gkey_bc_cnt = 0; 708 no_gkey_mc_cnt = 0; 709 710 prwskey = psecuritypriv->dot118021XGrpKey[prxattrib->key_index].skey; 711 } else { 712 prwskey = &stainfo->dot118021x_UncstKey.skey[0]; 713 } 714 715 iv = pframe+prxattrib->hdrlen; 716 payload = pframe+prxattrib->iv_len+prxattrib->hdrlen; 717 length = ((union recv_frame *)precvframe)->u.hdr.len-prxattrib->hdrlen-prxattrib->iv_len; 718 719 GET_TKIP_PN(iv, dot11txpn); 720 721 pnl = (u16)(dot11txpn.val); 722 pnh = (u32)(dot11txpn.val>>16); 723 724 phase1((u16 *)&ttkey[0], prwskey, &prxattrib->ta[0], pnh); 725 phase2(&rc4key[0], prwskey, (unsigned short *)&ttkey[0], pnl); 726 727 /* 4 decrypt payload include icv */ 728 729 arcfour_init(&mycontext, rc4key, 16); 730 arcfour_encrypt(&mycontext, payload, payload, length); 731 732 *((u32 *)crc) = le32_to_cpu(getcrc32(payload, length-4)); 733 734 if (crc[3] != payload[length - 1] || crc[2] != payload[length - 2] || 735 crc[1] != payload[length - 3] || crc[0] != payload[length - 4]) 736 res = _FAIL; 737 } else { 738 res = _FAIL; 739 } 740 } 741 exit: 742 return res; 743 } 744 745 746 /* 3 =====AES related ===== */ 747 748 749 750 #define MAX_MSG_SIZE 2048 751 /*****************************/ 752 /******** SBOX Table *********/ 753 /*****************************/ 754 755 static const u8 sbox_table[256] = { 756 0x63, 0x7c, 0x77, 0x7b, 0xf2, 0x6b, 0x6f, 0xc5, 757 0x30, 0x01, 0x67, 0x2b, 0xfe, 0xd7, 0xab, 0x76, 758 0xca, 0x82, 0xc9, 0x7d, 0xfa, 0x59, 0x47, 0xf0, 759 0xad, 0xd4, 0xa2, 0xaf, 0x9c, 0xa4, 0x72, 0xc0, 760 0xb7, 0xfd, 0x93, 0x26, 0x36, 0x3f, 0xf7, 0xcc, 761 0x34, 0xa5, 0xe5, 0xf1, 0x71, 0xd8, 0x31, 0x15, 762 0x04, 0xc7, 0x23, 0xc3, 0x18, 0x96, 0x05, 0x9a, 763 0x07, 0x12, 0x80, 0xe2, 0xeb, 0x27, 0xb2, 0x75, 764 0x09, 0x83, 0x2c, 0x1a, 0x1b, 0x6e, 0x5a, 0xa0, 765 0x52, 0x3b, 0xd6, 0xb3, 0x29, 0xe3, 0x2f, 0x84, 766 0x53, 0xd1, 0x00, 0xed, 0x20, 0xfc, 0xb1, 0x5b, 767 0x6a, 0xcb, 0xbe, 0x39, 0x4a, 0x4c, 0x58, 0xcf, 768 0xd0, 0xef, 0xaa, 0xfb, 0x43, 0x4d, 0x33, 0x85, 769 0x45, 0xf9, 0x02, 0x7f, 0x50, 0x3c, 0x9f, 0xa8, 770 0x51, 0xa3, 0x40, 0x8f, 0x92, 0x9d, 0x38, 0xf5, 771 0xbc, 0xb6, 0xda, 0x21, 0x10, 0xff, 0xf3, 0xd2, 772 0xcd, 0x0c, 0x13, 0xec, 0x5f, 0x97, 0x44, 0x17, 773 0xc4, 0xa7, 0x7e, 0x3d, 0x64, 0x5d, 0x19, 0x73, 774 0x60, 0x81, 0x4f, 0xdc, 0x22, 0x2a, 0x90, 0x88, 775 0x46, 0xee, 0xb8, 0x14, 0xde, 0x5e, 0x0b, 0xdb, 776 0xe0, 0x32, 0x3a, 0x0a, 0x49, 0x06, 0x24, 0x5c, 777 0xc2, 0xd3, 0xac, 0x62, 0x91, 0x95, 0xe4, 0x79, 778 0xe7, 0xc8, 0x37, 0x6d, 0x8d, 0xd5, 0x4e, 0xa9, 779 0x6c, 0x56, 0xf4, 0xea, 0x65, 0x7a, 0xae, 0x08, 780 0xba, 0x78, 0x25, 0x2e, 0x1c, 0xa6, 0xb4, 0xc6, 781 0xe8, 0xdd, 0x74, 0x1f, 0x4b, 0xbd, 0x8b, 0x8a, 782 0x70, 0x3e, 0xb5, 0x66, 0x48, 0x03, 0xf6, 0x0e, 783 0x61, 0x35, 0x57, 0xb9, 0x86, 0xc1, 0x1d, 0x9e, 784 0xe1, 0xf8, 0x98, 0x11, 0x69, 0xd9, 0x8e, 0x94, 785 0x9b, 0x1e, 0x87, 0xe9, 0xce, 0x55, 0x28, 0xdf, 786 0x8c, 0xa1, 0x89, 0x0d, 0xbf, 0xe6, 0x42, 0x68, 787 0x41, 0x99, 0x2d, 0x0f, 0xb0, 0x54, 0xbb, 0x16 788 }; 789 790 /*****************************/ 791 /**** Function Prototypes ****/ 792 /*****************************/ 793 794 static void bitwise_xor(u8 *ina, u8 *inb, u8 *out); 795 static void construct_mic_iv(u8 *mic_header1, 796 signed int qc_exists, 797 signed int a4_exists, 798 u8 *mpdu, 799 uint payload_length, 800 u8 *pn_vector, 801 uint frtype); /* add for CONFIG_IEEE80211W, none 11w also can use */ 802 static void construct_mic_header1(u8 *mic_header1, 803 signed int header_length, 804 u8 *mpdu, 805 uint frtype); /* for CONFIG_IEEE80211W, none 11w also can use */ 806 static void construct_mic_header2(u8 *mic_header2, 807 u8 *mpdu, 808 signed int a4_exists, 809 signed int qc_exists); 810 static void construct_ctr_preload(u8 *ctr_preload, 811 signed int a4_exists, 812 signed int qc_exists, 813 u8 *mpdu, 814 u8 *pn_vector, 815 signed int c, 816 uint frtype); /* for CONFIG_IEEE80211W, none 11w also can use */ 817 static void xor_128(u8 *a, u8 *b, u8 *out); 818 static void xor_32(u8 *a, u8 *b, u8 *out); 819 static u8 sbox(u8 a); 820 static void next_key(u8 *key, signed int round); 821 static void byte_sub(u8 *in, u8 *out); 822 static void shift_row(u8 *in, u8 *out); 823 static void mix_column(u8 *in, u8 *out); 824 static void aes128k128d(u8 *key, u8 *data, u8 *ciphertext); 825 826 827 /****************************************/ 828 /* aes128k128d() */ 829 /* Performs a 128 bit AES encrypt with */ 830 /* 128 bit data. */ 831 /****************************************/ 832 static void xor_128(u8 *a, u8 *b, u8 *out) 833 { 834 signed int i; 835 836 for (i = 0; i < 16; i++) 837 out[i] = a[i] ^ b[i]; 838 } 839 840 841 static void xor_32(u8 *a, u8 *b, u8 *out) 842 { 843 signed int i; 844 845 for (i = 0; i < 4; i++) 846 out[i] = a[i] ^ b[i]; 847 } 848 849 850 static u8 sbox(u8 a) 851 { 852 return sbox_table[(signed int)a]; 853 } 854 855 856 static void next_key(u8 *key, signed int round) 857 { 858 u8 rcon; 859 u8 sbox_key[4]; 860 static const u8 rcon_table[12] = { 861 0x01, 0x02, 0x04, 0x08, 862 0x10, 0x20, 0x40, 0x80, 863 0x1b, 0x36, 0x36, 0x36 864 }; 865 sbox_key[0] = sbox(key[13]); 866 sbox_key[1] = sbox(key[14]); 867 sbox_key[2] = sbox(key[15]); 868 sbox_key[3] = sbox(key[12]); 869 870 rcon = rcon_table[round]; 871 872 xor_32(&key[0], sbox_key, &key[0]); 873 key[0] = key[0] ^ rcon; 874 875 xor_32(&key[4], &key[0], &key[4]); 876 xor_32(&key[8], &key[4], &key[8]); 877 xor_32(&key[12], &key[8], &key[12]); 878 } 879 880 881 static void byte_sub(u8 *in, u8 *out) 882 { 883 signed int i; 884 885 for (i = 0; i < 16; i++) 886 out[i] = sbox(in[i]); 887 } 888 889 890 static void shift_row(u8 *in, u8 *out) 891 { 892 out[0] = in[0]; 893 out[1] = in[5]; 894 out[2] = in[10]; 895 out[3] = in[15]; 896 out[4] = in[4]; 897 out[5] = in[9]; 898 out[6] = in[14]; 899 out[7] = in[3]; 900 out[8] = in[8]; 901 out[9] = in[13]; 902 out[10] = in[2]; 903 out[11] = in[7]; 904 out[12] = in[12]; 905 out[13] = in[1]; 906 out[14] = in[6]; 907 out[15] = in[11]; 908 } 909 910 static void mix_column(u8 *in, u8 *out) 911 { 912 signed int i; 913 u8 add1b[4]; 914 u8 add1bf7[4]; 915 u8 rotl[4]; 916 u8 swap_halfs[4]; 917 u8 andf7[4]; 918 u8 rotr[4]; 919 u8 temp[4]; 920 u8 tempb[4]; 921 922 for (i = 0; i < 4; i++) { 923 if ((in[i] & 0x80) == 0x80) 924 add1b[i] = 0x1b; 925 else 926 add1b[i] = 0x00; 927 } 928 929 swap_halfs[0] = in[2]; /* Swap halfs */ 930 swap_halfs[1] = in[3]; 931 swap_halfs[2] = in[0]; 932 swap_halfs[3] = in[1]; 933 934 rotl[0] = in[3]; /* Rotate left 8 bits */ 935 rotl[1] = in[0]; 936 rotl[2] = in[1]; 937 rotl[3] = in[2]; 938 939 andf7[0] = in[0] & 0x7f; 940 andf7[1] = in[1] & 0x7f; 941 andf7[2] = in[2] & 0x7f; 942 andf7[3] = in[3] & 0x7f; 943 944 for (i = 3; i > 0; i--) { /* logical shift left 1 bit */ 945 andf7[i] = andf7[i] << 1; 946 if ((andf7[i-1] & 0x80) == 0x80) 947 andf7[i] = (andf7[i] | 0x01); 948 } 949 andf7[0] = andf7[0] << 1; 950 andf7[0] = andf7[0] & 0xfe; 951 952 xor_32(add1b, andf7, add1bf7); 953 954 xor_32(in, add1bf7, rotr); 955 956 temp[0] = rotr[0]; /* Rotate right 8 bits */ 957 rotr[0] = rotr[1]; 958 rotr[1] = rotr[2]; 959 rotr[2] = rotr[3]; 960 rotr[3] = temp[0]; 961 962 xor_32(add1bf7, rotr, temp); 963 xor_32(swap_halfs, rotl, tempb); 964 xor_32(temp, tempb, out); 965 } 966 967 static void aes128k128d(u8 *key, u8 *data, u8 *ciphertext) 968 { 969 signed int round; 970 signed int i; 971 u8 intermediatea[16]; 972 u8 intermediateb[16]; 973 u8 round_key[16]; 974 975 for (i = 0; i < 16; i++) 976 round_key[i] = key[i]; 977 978 for (round = 0; round < 11; round++) { 979 if (round == 0) { 980 xor_128(round_key, data, ciphertext); 981 next_key(round_key, round); 982 } else if (round == 10) { 983 byte_sub(ciphertext, intermediatea); 984 shift_row(intermediatea, intermediateb); 985 xor_128(intermediateb, round_key, ciphertext); 986 } else { /* 1 - 9 */ 987 byte_sub(ciphertext, intermediatea); 988 shift_row(intermediatea, intermediateb); 989 mix_column(&intermediateb[0], &intermediatea[0]); 990 mix_column(&intermediateb[4], &intermediatea[4]); 991 mix_column(&intermediateb[8], &intermediatea[8]); 992 mix_column(&intermediateb[12], &intermediatea[12]); 993 xor_128(intermediatea, round_key, ciphertext); 994 next_key(round_key, round); 995 } 996 } 997 } 998 999 /************************************************/ 1000 /* construct_mic_iv() */ 1001 /* Builds the MIC IV from header fields and PN */ 1002 /* Baron think the function is construct CCM */ 1003 /* nonce */ 1004 /************************************************/ 1005 static void construct_mic_iv(u8 *mic_iv, 1006 signed int qc_exists, 1007 signed int a4_exists, 1008 u8 *mpdu, 1009 uint payload_length, 1010 u8 *pn_vector, 1011 uint frtype) /* add for CONFIG_IEEE80211W, none 11w also can use */ 1012 { 1013 signed int i; 1014 1015 mic_iv[0] = 0x59; 1016 1017 if (qc_exists && a4_exists) 1018 mic_iv[1] = mpdu[30] & 0x0f; /* QoS_TC */ 1019 1020 if (qc_exists && !a4_exists) 1021 mic_iv[1] = mpdu[24] & 0x0f; /* mute bits 7-4 */ 1022 1023 if (!qc_exists) 1024 mic_iv[1] = 0x00; 1025 1026 /* 802.11w management frame should set management bit(4) */ 1027 if (frtype == WIFI_MGT_TYPE) 1028 mic_iv[1] |= BIT(4); 1029 1030 for (i = 2; i < 8; i++) 1031 mic_iv[i] = mpdu[i + 8]; /* mic_iv[2:7] = A2[0:5] = mpdu[10:15] */ 1032 #ifdef CONSISTENT_PN_ORDER 1033 for (i = 8; i < 14; i++) 1034 mic_iv[i] = pn_vector[i - 8]; /* mic_iv[8:13] = PN[0:5] */ 1035 #else 1036 for (i = 8; i < 14; i++) 1037 mic_iv[i] = pn_vector[13 - i]; /* mic_iv[8:13] = PN[5:0] */ 1038 #endif 1039 mic_iv[14] = (unsigned char) (payload_length / 256); 1040 mic_iv[15] = (unsigned char) (payload_length % 256); 1041 } 1042 1043 /************************************************/ 1044 /* construct_mic_header1() */ 1045 /* Builds the first MIC header block from */ 1046 /* header fields. */ 1047 /* Build AAD SC, A1, A2 */ 1048 /************************************************/ 1049 static void construct_mic_header1(u8 *mic_header1, 1050 signed int header_length, 1051 u8 *mpdu, 1052 uint frtype) /* for CONFIG_IEEE80211W, none 11w also can use */ 1053 { 1054 mic_header1[0] = (u8)((header_length - 2) / 256); 1055 mic_header1[1] = (u8)((header_length - 2) % 256); 1056 1057 /* 802.11w management frame don't AND subtype bits 4, 5, 6 of frame control field */ 1058 if (frtype == WIFI_MGT_TYPE) 1059 mic_header1[2] = mpdu[0]; 1060 else 1061 mic_header1[2] = mpdu[0] & 0xcf; /* Mute CF poll & CF ack bits */ 1062 1063 mic_header1[3] = mpdu[1] & 0xc7; /* Mute retry, more data and pwr mgt bits */ 1064 mic_header1[4] = mpdu[4]; /* A1 */ 1065 mic_header1[5] = mpdu[5]; 1066 mic_header1[6] = mpdu[6]; 1067 mic_header1[7] = mpdu[7]; 1068 mic_header1[8] = mpdu[8]; 1069 mic_header1[9] = mpdu[9]; 1070 mic_header1[10] = mpdu[10]; /* A2 */ 1071 mic_header1[11] = mpdu[11]; 1072 mic_header1[12] = mpdu[12]; 1073 mic_header1[13] = mpdu[13]; 1074 mic_header1[14] = mpdu[14]; 1075 mic_header1[15] = mpdu[15]; 1076 } 1077 1078 /************************************************/ 1079 /* construct_mic_header2() */ 1080 /* Builds the last MIC header block from */ 1081 /* header fields. */ 1082 /************************************************/ 1083 static void construct_mic_header2(u8 *mic_header2, 1084 u8 *mpdu, 1085 signed int a4_exists, 1086 signed int qc_exists) 1087 { 1088 signed int i; 1089 1090 for (i = 0; i < 16; i++) 1091 mic_header2[i] = 0x00; 1092 1093 mic_header2[0] = mpdu[16]; /* A3 */ 1094 mic_header2[1] = mpdu[17]; 1095 mic_header2[2] = mpdu[18]; 1096 mic_header2[3] = mpdu[19]; 1097 mic_header2[4] = mpdu[20]; 1098 mic_header2[5] = mpdu[21]; 1099 1100 mic_header2[6] = 0x00; 1101 mic_header2[7] = 0x00; /* mpdu[23]; */ 1102 1103 if (!qc_exists && a4_exists) { 1104 for (i = 0; i < 6; i++) 1105 mic_header2[8+i] = mpdu[24+i]; /* A4 */ 1106 } 1107 1108 if (qc_exists && !a4_exists) { 1109 mic_header2[8] = mpdu[24] & 0x0f; /* mute bits 15 - 4 */ 1110 mic_header2[9] = mpdu[25] & 0x00; 1111 } 1112 1113 if (qc_exists && a4_exists) { 1114 for (i = 0; i < 6; i++) 1115 mic_header2[8+i] = mpdu[24+i]; /* A4 */ 1116 1117 mic_header2[14] = mpdu[30] & 0x0f; 1118 mic_header2[15] = mpdu[31] & 0x00; 1119 } 1120 } 1121 1122 /************************************************/ 1123 /* construct_mic_header2() */ 1124 /* Builds the last MIC header block from */ 1125 /* header fields. */ 1126 /* Baron think the function is construct CCM */ 1127 /* nonce */ 1128 /************************************************/ 1129 static void construct_ctr_preload(u8 *ctr_preload, 1130 signed int a4_exists, 1131 signed int qc_exists, 1132 u8 *mpdu, 1133 u8 *pn_vector, 1134 signed int c, 1135 uint frtype) /* for CONFIG_IEEE80211W, none 11w also can use */ 1136 { 1137 signed int i = 0; 1138 1139 for (i = 0; i < 16; i++) 1140 ctr_preload[i] = 0x00; 1141 i = 0; 1142 1143 ctr_preload[0] = 0x01; /* flag */ 1144 if (qc_exists && a4_exists) 1145 ctr_preload[1] = mpdu[30] & 0x0f; /* QoC_Control */ 1146 if (qc_exists && !a4_exists) 1147 ctr_preload[1] = mpdu[24] & 0x0f; 1148 1149 /* 802.11w management frame should set management bit(4) */ 1150 if (frtype == WIFI_MGT_TYPE) 1151 ctr_preload[1] |= BIT(4); 1152 1153 for (i = 2; i < 8; i++) 1154 ctr_preload[i] = mpdu[i + 8]; /* ctr_preload[2:7] = A2[0:5] = mpdu[10:15] */ 1155 #ifdef CONSISTENT_PN_ORDER 1156 for (i = 8; i < 14; i++) 1157 ctr_preload[i] = pn_vector[i - 8]; /* ctr_preload[8:13] = PN[0:5] */ 1158 #else 1159 for (i = 8; i < 14; i++) 1160 ctr_preload[i] = pn_vector[13 - i]; /* ctr_preload[8:13] = PN[5:0] */ 1161 #endif 1162 ctr_preload[14] = (unsigned char) (c / 256); /* Ctr */ 1163 ctr_preload[15] = (unsigned char) (c % 256); 1164 } 1165 1166 /************************************/ 1167 /* bitwise_xor() */ 1168 /* A 128 bit, bitwise exclusive or */ 1169 /************************************/ 1170 static void bitwise_xor(u8 *ina, u8 *inb, u8 *out) 1171 { 1172 signed int i; 1173 1174 for (i = 0; i < 16; i++) 1175 out[i] = ina[i] ^ inb[i]; 1176 } 1177 1178 static signed int aes_cipher(u8 *key, uint hdrlen, 1179 u8 *pframe, uint plen) 1180 { 1181 uint qc_exists, a4_exists, i, j, payload_remainder, 1182 num_blocks, payload_index; 1183 1184 u8 pn_vector[6]; 1185 u8 mic_iv[16]; 1186 u8 mic_header1[16]; 1187 u8 mic_header2[16]; 1188 u8 ctr_preload[16]; 1189 1190 /* Intermediate Buffers */ 1191 u8 chain_buffer[16]; 1192 u8 aes_out[16]; 1193 u8 padded_buffer[16]; 1194 u8 mic[8]; 1195 uint frtype = GetFrameType(pframe); 1196 uint frsubtype = GetFrameSubType(pframe); 1197 1198 frsubtype = frsubtype>>4; 1199 1200 memset((void *)mic_iv, 0, 16); 1201 memset((void *)mic_header1, 0, 16); 1202 memset((void *)mic_header2, 0, 16); 1203 memset((void *)ctr_preload, 0, 16); 1204 memset((void *)chain_buffer, 0, 16); 1205 memset((void *)aes_out, 0, 16); 1206 memset((void *)padded_buffer, 0, 16); 1207 1208 if ((hdrlen == WLAN_HDR_A3_LEN) || (hdrlen == WLAN_HDR_A3_QOS_LEN)) 1209 a4_exists = 0; 1210 else 1211 a4_exists = 1; 1212 1213 if (((frtype|frsubtype) == WIFI_DATA_CFACK) || 1214 ((frtype|frsubtype) == WIFI_DATA_CFPOLL) || 1215 ((frtype|frsubtype) == WIFI_DATA_CFACKPOLL)) { 1216 qc_exists = 1; 1217 if (hdrlen != WLAN_HDR_A3_QOS_LEN) 1218 hdrlen += 2; 1219 1220 } else if ((frtype == WIFI_DATA) && /* add for CONFIG_IEEE80211W, none 11w also can use */ 1221 ((frsubtype == 0x08) || 1222 (frsubtype == 0x09) || 1223 (frsubtype == 0x0a) || 1224 (frsubtype == 0x0b))) { 1225 if (hdrlen != WLAN_HDR_A3_QOS_LEN) 1226 hdrlen += 2; 1227 1228 qc_exists = 1; 1229 } else { 1230 qc_exists = 0; 1231 } 1232 1233 pn_vector[0] = pframe[hdrlen]; 1234 pn_vector[1] = pframe[hdrlen+1]; 1235 pn_vector[2] = pframe[hdrlen+4]; 1236 pn_vector[3] = pframe[hdrlen+5]; 1237 pn_vector[4] = pframe[hdrlen+6]; 1238 pn_vector[5] = pframe[hdrlen+7]; 1239 1240 construct_mic_iv(mic_iv, 1241 qc_exists, 1242 a4_exists, 1243 pframe, /* message, */ 1244 plen, 1245 pn_vector, 1246 frtype); /* add for CONFIG_IEEE80211W, none 11w also can use */ 1247 1248 construct_mic_header1(mic_header1, 1249 hdrlen, 1250 pframe, /* message */ 1251 frtype); /* add for CONFIG_IEEE80211W, none 11w also can use */ 1252 1253 construct_mic_header2(mic_header2, 1254 pframe, /* message, */ 1255 a4_exists, 1256 qc_exists); 1257 1258 payload_remainder = plen % 16; 1259 num_blocks = plen / 16; 1260 1261 /* Find start of payload */ 1262 payload_index = (hdrlen + 8); 1263 1264 /* Calculate MIC */ 1265 aes128k128d(key, mic_iv, aes_out); 1266 bitwise_xor(aes_out, mic_header1, chain_buffer); 1267 aes128k128d(key, chain_buffer, aes_out); 1268 bitwise_xor(aes_out, mic_header2, chain_buffer); 1269 aes128k128d(key, chain_buffer, aes_out); 1270 1271 for (i = 0; i < num_blocks; i++) { 1272 bitwise_xor(aes_out, &pframe[payload_index], chain_buffer); 1273 1274 payload_index += 16; 1275 aes128k128d(key, chain_buffer, aes_out); 1276 } 1277 1278 /* Add on the final payload block if it needs padding */ 1279 if (payload_remainder > 0) { 1280 for (j = 0; j < 16; j++) 1281 padded_buffer[j] = 0x00; 1282 for (j = 0; j < payload_remainder; j++) 1283 padded_buffer[j] = pframe[payload_index++]; 1284 1285 bitwise_xor(aes_out, padded_buffer, chain_buffer); 1286 aes128k128d(key, chain_buffer, aes_out); 1287 } 1288 1289 for (j = 0 ; j < 8; j++) 1290 mic[j] = aes_out[j]; 1291 1292 /* Insert MIC into payload */ 1293 for (j = 0; j < 8; j++) 1294 pframe[payload_index+j] = mic[j]; 1295 1296 payload_index = hdrlen + 8; 1297 for (i = 0; i < num_blocks; i++) { 1298 construct_ctr_preload(ctr_preload, a4_exists, qc_exists, pframe, /* message, */ 1299 pn_vector, i+1, frtype); 1300 /* add for CONFIG_IEEE80211W, none 11w also can use */ 1301 aes128k128d(key, ctr_preload, aes_out); 1302 bitwise_xor(aes_out, &pframe[payload_index], chain_buffer); 1303 for (j = 0; j < 16; j++) 1304 pframe[payload_index++] = chain_buffer[j]; 1305 } 1306 1307 if (payload_remainder > 0) { 1308 /* If there is a short final block, then pad it,*/ 1309 /* encrypt it and copy the unpadded part back */ 1310 construct_ctr_preload(ctr_preload, a4_exists, qc_exists, pframe, /* message, */ 1311 pn_vector, num_blocks+1, frtype); 1312 /* add for CONFIG_IEEE80211W, none 11w also can use */ 1313 1314 for (j = 0; j < 16; j++) 1315 padded_buffer[j] = 0x00; 1316 for (j = 0; j < payload_remainder; j++) 1317 padded_buffer[j] = pframe[payload_index+j]; 1318 1319 aes128k128d(key, ctr_preload, aes_out); 1320 bitwise_xor(aes_out, padded_buffer, chain_buffer); 1321 for (j = 0; j < payload_remainder; j++) 1322 pframe[payload_index++] = chain_buffer[j]; 1323 } 1324 1325 /* Encrypt the MIC */ 1326 construct_ctr_preload(ctr_preload, a4_exists, qc_exists, pframe, /* message, */ 1327 pn_vector, 0, frtype); 1328 /* add for CONFIG_IEEE80211W, none 11w also can use */ 1329 1330 for (j = 0; j < 16; j++) 1331 padded_buffer[j] = 0x00; 1332 for (j = 0; j < 8; j++) 1333 padded_buffer[j] = pframe[j+hdrlen+8+plen]; 1334 1335 aes128k128d(key, ctr_preload, aes_out); 1336 bitwise_xor(aes_out, padded_buffer, chain_buffer); 1337 for (j = 0; j < 8; j++) 1338 pframe[payload_index++] = chain_buffer[j]; 1339 1340 return _SUCCESS; 1341 } 1342 1343 u32 rtw_aes_encrypt(struct adapter *padapter, u8 *pxmitframe) 1344 { /* exclude ICV */ 1345 1346 /*static*/ 1347 /* unsigned char message[MAX_MSG_SIZE]; */ 1348 1349 /* Intermediate Buffers */ 1350 signed int curfragnum, length; 1351 u8 *pframe, *prwskey; /* *payload,*iv */ 1352 u8 hw_hdr_offset = 0; 1353 struct pkt_attrib *pattrib = &((struct xmit_frame *)pxmitframe)->attrib; 1354 struct security_priv *psecuritypriv = &padapter->securitypriv; 1355 struct xmit_priv *pxmitpriv = &padapter->xmitpriv; 1356 1357 u32 res = _SUCCESS; 1358 1359 if (((struct xmit_frame *)pxmitframe)->buf_addr == NULL) 1360 return _FAIL; 1361 1362 hw_hdr_offset = TXDESC_OFFSET; 1363 pframe = ((struct xmit_frame *)pxmitframe)->buf_addr + hw_hdr_offset; 1364 1365 /* 4 start to encrypt each fragment */ 1366 if (pattrib->encrypt == _AES_) { 1367 if (IS_MCAST(pattrib->ra)) 1368 prwskey = psecuritypriv->dot118021XGrpKey[psecuritypriv->dot118021XGrpKeyid].skey; 1369 else 1370 prwskey = pattrib->dot118021x_UncstKey.skey; 1371 1372 for (curfragnum = 0; curfragnum < pattrib->nr_frags; curfragnum++) { 1373 if ((curfragnum+1) == pattrib->nr_frags) { /* 4 the last fragment */ 1374 length = pattrib->last_txcmdsz-pattrib->hdrlen-pattrib->iv_len-pattrib->icv_len; 1375 1376 aes_cipher(prwskey, pattrib->hdrlen, pframe, length); 1377 } else { 1378 length = pxmitpriv->frag_len-pattrib->hdrlen-pattrib->iv_len-pattrib->icv_len; 1379 1380 aes_cipher(prwskey, pattrib->hdrlen, pframe, length); 1381 pframe += pxmitpriv->frag_len; 1382 pframe = (u8 *)round_up((SIZE_PTR)(pframe), 4); 1383 } 1384 } 1385 } 1386 return res; 1387 } 1388 1389 static signed int aes_decipher(u8 *key, uint hdrlen, 1390 u8 *pframe, uint plen) 1391 { 1392 static u8 message[MAX_MSG_SIZE]; 1393 uint qc_exists, a4_exists, i, j, payload_remainder, 1394 num_blocks, payload_index; 1395 signed int res = _SUCCESS; 1396 u8 pn_vector[6]; 1397 u8 mic_iv[16]; 1398 u8 mic_header1[16]; 1399 u8 mic_header2[16]; 1400 u8 ctr_preload[16]; 1401 1402 /* Intermediate Buffers */ 1403 u8 chain_buffer[16]; 1404 u8 aes_out[16]; 1405 u8 padded_buffer[16]; 1406 u8 mic[8]; 1407 1408 uint frtype = GetFrameType(pframe); 1409 uint frsubtype = GetFrameSubType(pframe); 1410 1411 frsubtype = frsubtype>>4; 1412 1413 memset((void *)mic_iv, 0, 16); 1414 memset((void *)mic_header1, 0, 16); 1415 memset((void *)mic_header2, 0, 16); 1416 memset((void *)ctr_preload, 0, 16); 1417 memset((void *)chain_buffer, 0, 16); 1418 memset((void *)aes_out, 0, 16); 1419 memset((void *)padded_buffer, 0, 16); 1420 1421 /* start to decrypt the payload */ 1422 1423 num_blocks = (plen-8) / 16; /* plen including LLC, payload_length and mic) */ 1424 1425 payload_remainder = (plen-8) % 16; 1426 1427 pn_vector[0] = pframe[hdrlen]; 1428 pn_vector[1] = pframe[hdrlen + 1]; 1429 pn_vector[2] = pframe[hdrlen + 4]; 1430 pn_vector[3] = pframe[hdrlen + 5]; 1431 pn_vector[4] = pframe[hdrlen + 6]; 1432 pn_vector[5] = pframe[hdrlen + 7]; 1433 1434 if ((hdrlen == WLAN_HDR_A3_LEN) || (hdrlen == WLAN_HDR_A3_QOS_LEN)) 1435 a4_exists = 0; 1436 else 1437 a4_exists = 1; 1438 1439 if (((frtype|frsubtype) == WIFI_DATA_CFACK) || 1440 ((frtype|frsubtype) == WIFI_DATA_CFPOLL) || 1441 ((frtype|frsubtype) == WIFI_DATA_CFACKPOLL)) { 1442 qc_exists = 1; 1443 if (hdrlen != WLAN_HDR_A3_QOS_LEN) 1444 hdrlen += 2; 1445 1446 } else if ((frtype == WIFI_DATA) && /* only for data packet . add for CONFIG_IEEE80211W, none 11w also can use */ 1447 ((frsubtype == 0x08) || 1448 (frsubtype == 0x09) || 1449 (frsubtype == 0x0a) || 1450 (frsubtype == 0x0b))) { 1451 if (hdrlen != WLAN_HDR_A3_QOS_LEN) 1452 hdrlen += 2; 1453 1454 qc_exists = 1; 1455 } else { 1456 qc_exists = 0; 1457 } 1458 1459 /* now, decrypt pframe with hdrlen offset and plen long */ 1460 1461 payload_index = hdrlen + 8; /* 8 is for extiv */ 1462 1463 for (i = 0; i < num_blocks; i++) { 1464 construct_ctr_preload(ctr_preload, a4_exists, 1465 qc_exists, pframe, 1466 pn_vector, i + 1, 1467 frtype); /* add for CONFIG_IEEE80211W, none 11w also can use */ 1468 1469 aes128k128d(key, ctr_preload, aes_out); 1470 bitwise_xor(aes_out, &pframe[payload_index], chain_buffer); 1471 1472 for (j = 0; j < 16; j++) 1473 pframe[payload_index++] = chain_buffer[j]; 1474 } 1475 1476 if (payload_remainder > 0) { 1477 /* If there is a short final block, then pad it,*/ 1478 /* encrypt it and copy the unpadded part back */ 1479 construct_ctr_preload(ctr_preload, a4_exists, qc_exists, pframe, pn_vector, 1480 num_blocks+1, frtype); 1481 /* add for CONFIG_IEEE80211W, none 11w also can use */ 1482 1483 for (j = 0; j < 16; j++) 1484 padded_buffer[j] = 0x00; 1485 for (j = 0; j < payload_remainder; j++) 1486 padded_buffer[j] = pframe[payload_index+j]; 1487 1488 aes128k128d(key, ctr_preload, aes_out); 1489 bitwise_xor(aes_out, padded_buffer, chain_buffer); 1490 for (j = 0; j < payload_remainder; j++) 1491 pframe[payload_index++] = chain_buffer[j]; 1492 } 1493 1494 /* start to calculate the mic */ 1495 if ((hdrlen + plen+8) <= MAX_MSG_SIZE) 1496 memcpy((void *)message, pframe, (hdrlen + plen+8)); /* 8 is for ext iv len */ 1497 1498 pn_vector[0] = pframe[hdrlen]; 1499 pn_vector[1] = pframe[hdrlen+1]; 1500 pn_vector[2] = pframe[hdrlen+4]; 1501 pn_vector[3] = pframe[hdrlen+5]; 1502 pn_vector[4] = pframe[hdrlen+6]; 1503 pn_vector[5] = pframe[hdrlen+7]; 1504 1505 construct_mic_iv(mic_iv, qc_exists, a4_exists, message, plen-8, pn_vector, frtype); 1506 /* add for CONFIG_IEEE80211W, none 11w also can use */ 1507 1508 construct_mic_header1(mic_header1, hdrlen, message, frtype); 1509 /* add for CONFIG_IEEE80211W, none 11w also can use */ 1510 construct_mic_header2(mic_header2, message, a4_exists, qc_exists); 1511 1512 payload_remainder = (plen-8) % 16; 1513 num_blocks = (plen-8) / 16; 1514 1515 /* Find start of payload */ 1516 payload_index = (hdrlen + 8); 1517 1518 /* Calculate MIC */ 1519 aes128k128d(key, mic_iv, aes_out); 1520 bitwise_xor(aes_out, mic_header1, chain_buffer); 1521 aes128k128d(key, chain_buffer, aes_out); 1522 bitwise_xor(aes_out, mic_header2, chain_buffer); 1523 aes128k128d(key, chain_buffer, aes_out); 1524 1525 for (i = 0; i < num_blocks; i++) { 1526 bitwise_xor(aes_out, &message[payload_index], chain_buffer); 1527 1528 payload_index += 16; 1529 aes128k128d(key, chain_buffer, aes_out); 1530 } 1531 1532 /* Add on the final payload block if it needs padding */ 1533 if (payload_remainder > 0) { 1534 for (j = 0; j < 16; j++) 1535 padded_buffer[j] = 0x00; 1536 for (j = 0; j < payload_remainder; j++) 1537 padded_buffer[j] = message[payload_index++]; 1538 1539 bitwise_xor(aes_out, padded_buffer, chain_buffer); 1540 aes128k128d(key, chain_buffer, aes_out); 1541 } 1542 1543 for (j = 0; j < 8; j++) 1544 mic[j] = aes_out[j]; 1545 1546 /* Insert MIC into payload */ 1547 for (j = 0; j < 8; j++) 1548 message[payload_index+j] = mic[j]; 1549 1550 payload_index = hdrlen + 8; 1551 for (i = 0; i < num_blocks; i++) { 1552 construct_ctr_preload(ctr_preload, a4_exists, qc_exists, message, pn_vector, i+1, 1553 frtype); 1554 /* add for CONFIG_IEEE80211W, none 11w also can use */ 1555 aes128k128d(key, ctr_preload, aes_out); 1556 bitwise_xor(aes_out, &message[payload_index], chain_buffer); 1557 for (j = 0; j < 16; j++) 1558 message[payload_index++] = chain_buffer[j]; 1559 } 1560 1561 if (payload_remainder > 0) { 1562 /* If there is a short final block, then pad it,*/ 1563 /* encrypt it and copy the unpadded part back */ 1564 construct_ctr_preload(ctr_preload, a4_exists, qc_exists, message, pn_vector, 1565 num_blocks+1, frtype); 1566 /* add for CONFIG_IEEE80211W, none 11w also can use */ 1567 1568 for (j = 0; j < 16; j++) 1569 padded_buffer[j] = 0x00; 1570 for (j = 0; j < payload_remainder; j++) 1571 padded_buffer[j] = message[payload_index+j]; 1572 1573 aes128k128d(key, ctr_preload, aes_out); 1574 bitwise_xor(aes_out, padded_buffer, chain_buffer); 1575 for (j = 0; j < payload_remainder; j++) 1576 message[payload_index++] = chain_buffer[j]; 1577 } 1578 1579 /* Encrypt the MIC */ 1580 construct_ctr_preload(ctr_preload, a4_exists, qc_exists, message, pn_vector, 0, frtype); 1581 /* add for CONFIG_IEEE80211W, none 11w also can use */ 1582 1583 for (j = 0; j < 16; j++) 1584 padded_buffer[j] = 0x00; 1585 for (j = 0; j < 8; j++) 1586 padded_buffer[j] = message[j+hdrlen+8+plen-8]; 1587 1588 aes128k128d(key, ctr_preload, aes_out); 1589 bitwise_xor(aes_out, padded_buffer, chain_buffer); 1590 for (j = 0; j < 8; j++) 1591 message[payload_index++] = chain_buffer[j]; 1592 1593 /* compare the mic */ 1594 for (i = 0; i < 8; i++) { 1595 if (pframe[hdrlen + 8 + plen - 8 + i] != message[hdrlen + 8 + plen - 8 + i]) 1596 res = _FAIL; 1597 } 1598 return res; 1599 } 1600 1601 u32 rtw_aes_decrypt(struct adapter *padapter, u8 *precvframe) 1602 { /* exclude ICV */ 1603 1604 /*static*/ 1605 /* unsigned char message[MAX_MSG_SIZE]; */ 1606 1607 /* Intermediate Buffers */ 1608 1609 signed int length; 1610 u8 *pframe, *prwskey; /* *payload,*iv */ 1611 struct sta_info *stainfo; 1612 struct rx_pkt_attrib *prxattrib = &((union recv_frame *)precvframe)->u.hdr.attrib; 1613 struct security_priv *psecuritypriv = &padapter->securitypriv; 1614 u32 res = _SUCCESS; 1615 1616 pframe = (unsigned char *)((union recv_frame *)precvframe)->u.hdr.rx_data; 1617 /* 4 start to encrypt each fragment */ 1618 if (prxattrib->encrypt == _AES_) { 1619 stainfo = rtw_get_stainfo(&padapter->stapriv, &prxattrib->ta[0]); 1620 if (stainfo) { 1621 if (IS_MCAST(prxattrib->ra)) { 1622 static unsigned long start; 1623 static u32 no_gkey_bc_cnt; 1624 static u32 no_gkey_mc_cnt; 1625 1626 if (!psecuritypriv->binstallGrpkey) { 1627 res = _FAIL; 1628 1629 if (start == 0) 1630 start = jiffies; 1631 1632 if (is_broadcast_mac_addr(prxattrib->ra)) 1633 no_gkey_bc_cnt++; 1634 else 1635 no_gkey_mc_cnt++; 1636 1637 if (jiffies_to_msecs(jiffies - start) > 1000) { 1638 if (no_gkey_bc_cnt || no_gkey_mc_cnt) { 1639 netdev_dbg(padapter->pnetdev, 1640 FUNC_ADPT_FMT " no_gkey_bc_cnt:%u, no_gkey_mc_cnt:%u\n", 1641 FUNC_ADPT_ARG(padapter), 1642 no_gkey_bc_cnt, 1643 no_gkey_mc_cnt); 1644 } 1645 start = jiffies; 1646 no_gkey_bc_cnt = 0; 1647 no_gkey_mc_cnt = 0; 1648 } 1649 1650 goto exit; 1651 } 1652 1653 if (no_gkey_bc_cnt || no_gkey_mc_cnt) { 1654 netdev_dbg(padapter->pnetdev, 1655 FUNC_ADPT_FMT " gkey installed. no_gkey_bc_cnt:%u, no_gkey_mc_cnt:%u\n", 1656 FUNC_ADPT_ARG(padapter), 1657 no_gkey_bc_cnt, 1658 no_gkey_mc_cnt); 1659 } 1660 start = 0; 1661 no_gkey_bc_cnt = 0; 1662 no_gkey_mc_cnt = 0; 1663 1664 prwskey = psecuritypriv->dot118021XGrpKey[prxattrib->key_index].skey; 1665 if (psecuritypriv->dot118021XGrpKeyid != prxattrib->key_index) { 1666 res = _FAIL; 1667 goto exit; 1668 } 1669 } else { 1670 prwskey = &stainfo->dot118021x_UncstKey.skey[0]; 1671 } 1672 1673 length = ((union recv_frame *)precvframe)->u.hdr.len-prxattrib->hdrlen-prxattrib->iv_len; 1674 1675 res = aes_decipher(prwskey, prxattrib->hdrlen, pframe, length); 1676 1677 } else { 1678 res = _FAIL; 1679 } 1680 } 1681 exit: 1682 return res; 1683 } 1684 1685 u32 rtw_BIP_verify(struct adapter *padapter, u8 *precvframe) 1686 { 1687 struct rx_pkt_attrib *pattrib = &((union recv_frame *)precvframe)->u.hdr.attrib; 1688 u8 *pframe; 1689 u8 *BIP_AAD, *p; 1690 u32 res = _FAIL; 1691 uint len, ori_len; 1692 struct ieee80211_hdr *pwlanhdr; 1693 u8 mic[16]; 1694 struct mlme_ext_priv *pmlmeext = &padapter->mlmeextpriv; 1695 __le16 le_tmp; 1696 __le64 le_tmp64; 1697 1698 ori_len = pattrib->pkt_len-WLAN_HDR_A3_LEN+BIP_AAD_SIZE; 1699 BIP_AAD = rtw_zmalloc(ori_len); 1700 1701 if (!BIP_AAD) 1702 return _FAIL; 1703 1704 /* PKT start */ 1705 pframe = (unsigned char *)((union recv_frame *)precvframe)->u.hdr.rx_data; 1706 /* mapping to wlan header */ 1707 pwlanhdr = (struct ieee80211_hdr *)pframe; 1708 /* save the frame body + MME */ 1709 memcpy(BIP_AAD+BIP_AAD_SIZE, pframe+WLAN_HDR_A3_LEN, pattrib->pkt_len-WLAN_HDR_A3_LEN); 1710 /* find MME IE pointer */ 1711 p = rtw_get_ie(BIP_AAD+BIP_AAD_SIZE, WLAN_EID_MMIE, &len, pattrib->pkt_len-WLAN_HDR_A3_LEN); 1712 /* Baron */ 1713 if (p) { 1714 u16 keyid = 0; 1715 u64 temp_ipn = 0; 1716 /* save packet number */ 1717 memcpy(&le_tmp64, p+4, 6); 1718 temp_ipn = le64_to_cpu(le_tmp64); 1719 /* BIP packet number should bigger than previous BIP packet */ 1720 if (temp_ipn <= pmlmeext->mgnt_80211w_IPN_rx) 1721 goto BIP_exit; 1722 1723 /* copy key index */ 1724 memcpy(&le_tmp, p+2, 2); 1725 keyid = le16_to_cpu(le_tmp); 1726 if (keyid != padapter->securitypriv.dot11wBIPKeyid) 1727 goto BIP_exit; 1728 1729 /* clear the MIC field of MME to zero */ 1730 memset(p+2+len-8, 0, 8); 1731 1732 /* conscruct AAD, copy frame control field */ 1733 memcpy(BIP_AAD, &pwlanhdr->frame_control, 2); 1734 ClearRetry(BIP_AAD); 1735 ClearPwrMgt(BIP_AAD); 1736 ClearMData(BIP_AAD); 1737 /* conscruct AAD, copy address 1 to address 3 */ 1738 memcpy(BIP_AAD+2, pwlanhdr->addr1, 18); 1739 1740 if (omac1_aes_128(padapter->securitypriv.dot11wBIPKey[padapter->securitypriv.dot11wBIPKeyid].skey 1741 , BIP_AAD, ori_len, mic)) 1742 goto BIP_exit; 1743 1744 /* MIC field should be last 8 bytes of packet (packet without FCS) */ 1745 if (!memcmp(mic, pframe+pattrib->pkt_len-8, 8)) { 1746 pmlmeext->mgnt_80211w_IPN_rx = temp_ipn; 1747 res = _SUCCESS; 1748 } else { 1749 } 1750 1751 } else { 1752 res = RTW_RX_HANDLED; 1753 } 1754 BIP_exit: 1755 1756 kfree(BIP_AAD); 1757 return res; 1758 } 1759 1760 /* AES tables*/ 1761 const u32 Te0[256] = { 1762 0xc66363a5U, 0xf87c7c84U, 0xee777799U, 0xf67b7b8dU, 1763 0xfff2f20dU, 0xd66b6bbdU, 0xde6f6fb1U, 0x91c5c554U, 1764 0x60303050U, 0x02010103U, 0xce6767a9U, 0x562b2b7dU, 1765 0xe7fefe19U, 0xb5d7d762U, 0x4dababe6U, 0xec76769aU, 1766 0x8fcaca45U, 0x1f82829dU, 0x89c9c940U, 0xfa7d7d87U, 1767 0xeffafa15U, 0xb25959ebU, 0x8e4747c9U, 0xfbf0f00bU, 1768 0x41adadecU, 0xb3d4d467U, 0x5fa2a2fdU, 0x45afafeaU, 1769 0x239c9cbfU, 0x53a4a4f7U, 0xe4727296U, 0x9bc0c05bU, 1770 0x75b7b7c2U, 0xe1fdfd1cU, 0x3d9393aeU, 0x4c26266aU, 1771 0x6c36365aU, 0x7e3f3f41U, 0xf5f7f702U, 0x83cccc4fU, 1772 0x6834345cU, 0x51a5a5f4U, 0xd1e5e534U, 0xf9f1f108U, 1773 0xe2717193U, 0xabd8d873U, 0x62313153U, 0x2a15153fU, 1774 0x0804040cU, 0x95c7c752U, 0x46232365U, 0x9dc3c35eU, 1775 0x30181828U, 0x379696a1U, 0x0a05050fU, 0x2f9a9ab5U, 1776 0x0e070709U, 0x24121236U, 0x1b80809bU, 0xdfe2e23dU, 1777 0xcdebeb26U, 0x4e272769U, 0x7fb2b2cdU, 0xea75759fU, 1778 0x1209091bU, 0x1d83839eU, 0x582c2c74U, 0x341a1a2eU, 1779 0x361b1b2dU, 0xdc6e6eb2U, 0xb45a5aeeU, 0x5ba0a0fbU, 1780 0xa45252f6U, 0x763b3b4dU, 0xb7d6d661U, 0x7db3b3ceU, 1781 0x5229297bU, 0xdde3e33eU, 0x5e2f2f71U, 0x13848497U, 1782 0xa65353f5U, 0xb9d1d168U, 0x00000000U, 0xc1eded2cU, 1783 0x40202060U, 0xe3fcfc1fU, 0x79b1b1c8U, 0xb65b5bedU, 1784 0xd46a6abeU, 0x8dcbcb46U, 0x67bebed9U, 0x7239394bU, 1785 0x944a4adeU, 0x984c4cd4U, 0xb05858e8U, 0x85cfcf4aU, 1786 0xbbd0d06bU, 0xc5efef2aU, 0x4faaaae5U, 0xedfbfb16U, 1787 0x864343c5U, 0x9a4d4dd7U, 0x66333355U, 0x11858594U, 1788 0x8a4545cfU, 0xe9f9f910U, 0x04020206U, 0xfe7f7f81U, 1789 0xa05050f0U, 0x783c3c44U, 0x259f9fbaU, 0x4ba8a8e3U, 1790 0xa25151f3U, 0x5da3a3feU, 0x804040c0U, 0x058f8f8aU, 1791 0x3f9292adU, 0x219d9dbcU, 0x70383848U, 0xf1f5f504U, 1792 0x63bcbcdfU, 0x77b6b6c1U, 0xafdada75U, 0x42212163U, 1793 0x20101030U, 0xe5ffff1aU, 0xfdf3f30eU, 0xbfd2d26dU, 1794 0x81cdcd4cU, 0x180c0c14U, 0x26131335U, 0xc3ecec2fU, 1795 0xbe5f5fe1U, 0x359797a2U, 0x884444ccU, 0x2e171739U, 1796 0x93c4c457U, 0x55a7a7f2U, 0xfc7e7e82U, 0x7a3d3d47U, 1797 0xc86464acU, 0xba5d5de7U, 0x3219192bU, 0xe6737395U, 1798 0xc06060a0U, 0x19818198U, 0x9e4f4fd1U, 0xa3dcdc7fU, 1799 0x44222266U, 0x542a2a7eU, 0x3b9090abU, 0x0b888883U, 1800 0x8c4646caU, 0xc7eeee29U, 0x6bb8b8d3U, 0x2814143cU, 1801 0xa7dede79U, 0xbc5e5ee2U, 0x160b0b1dU, 0xaddbdb76U, 1802 0xdbe0e03bU, 0x64323256U, 0x743a3a4eU, 0x140a0a1eU, 1803 0x924949dbU, 0x0c06060aU, 0x4824246cU, 0xb85c5ce4U, 1804 0x9fc2c25dU, 0xbdd3d36eU, 0x43acacefU, 0xc46262a6U, 1805 0x399191a8U, 0x319595a4U, 0xd3e4e437U, 0xf279798bU, 1806 0xd5e7e732U, 0x8bc8c843U, 0x6e373759U, 0xda6d6db7U, 1807 0x018d8d8cU, 0xb1d5d564U, 0x9c4e4ed2U, 0x49a9a9e0U, 1808 0xd86c6cb4U, 0xac5656faU, 0xf3f4f407U, 0xcfeaea25U, 1809 0xca6565afU, 0xf47a7a8eU, 0x47aeaee9U, 0x10080818U, 1810 0x6fbabad5U, 0xf0787888U, 0x4a25256fU, 0x5c2e2e72U, 1811 0x381c1c24U, 0x57a6a6f1U, 0x73b4b4c7U, 0x97c6c651U, 1812 0xcbe8e823U, 0xa1dddd7cU, 0xe874749cU, 0x3e1f1f21U, 1813 0x964b4bddU, 0x61bdbddcU, 0x0d8b8b86U, 0x0f8a8a85U, 1814 0xe0707090U, 0x7c3e3e42U, 0x71b5b5c4U, 0xcc6666aaU, 1815 0x904848d8U, 0x06030305U, 0xf7f6f601U, 0x1c0e0e12U, 1816 0xc26161a3U, 0x6a35355fU, 0xae5757f9U, 0x69b9b9d0U, 1817 0x17868691U, 0x99c1c158U, 0x3a1d1d27U, 0x279e9eb9U, 1818 0xd9e1e138U, 0xebf8f813U, 0x2b9898b3U, 0x22111133U, 1819 0xd26969bbU, 0xa9d9d970U, 0x078e8e89U, 0x339494a7U, 1820 0x2d9b9bb6U, 0x3c1e1e22U, 0x15878792U, 0xc9e9e920U, 1821 0x87cece49U, 0xaa5555ffU, 0x50282878U, 0xa5dfdf7aU, 1822 0x038c8c8fU, 0x59a1a1f8U, 0x09898980U, 0x1a0d0d17U, 1823 0x65bfbfdaU, 0xd7e6e631U, 0x844242c6U, 0xd06868b8U, 1824 0x824141c3U, 0x299999b0U, 0x5a2d2d77U, 0x1e0f0f11U, 1825 0x7bb0b0cbU, 0xa85454fcU, 0x6dbbbbd6U, 0x2c16163aU, 1826 }; 1827 1828 const u32 Td0[256] = { 1829 0x51f4a750U, 0x7e416553U, 0x1a17a4c3U, 0x3a275e96U, 1830 0x3bab6bcbU, 0x1f9d45f1U, 0xacfa58abU, 0x4be30393U, 1831 0x2030fa55U, 0xad766df6U, 0x88cc7691U, 0xf5024c25U, 1832 0x4fe5d7fcU, 0xc52acbd7U, 0x26354480U, 0xb562a38fU, 1833 0xdeb15a49U, 0x25ba1b67U, 0x45ea0e98U, 0x5dfec0e1U, 1834 0xc32f7502U, 0x814cf012U, 0x8d4697a3U, 0x6bd3f9c6U, 1835 0x038f5fe7U, 0x15929c95U, 0xbf6d7aebU, 0x955259daU, 1836 0xd4be832dU, 0x587421d3U, 0x49e06929U, 0x8ec9c844U, 1837 0x75c2896aU, 0xf48e7978U, 0x99583e6bU, 0x27b971ddU, 1838 0xbee14fb6U, 0xf088ad17U, 0xc920ac66U, 0x7dce3ab4U, 1839 0x63df4a18U, 0xe51a3182U, 0x97513360U, 0x62537f45U, 1840 0xb16477e0U, 0xbb6bae84U, 0xfe81a01cU, 0xf9082b94U, 1841 0x70486858U, 0x8f45fd19U, 0x94de6c87U, 0x527bf8b7U, 1842 0xab73d323U, 0x724b02e2U, 0xe31f8f57U, 0x6655ab2aU, 1843 0xb2eb2807U, 0x2fb5c203U, 0x86c57b9aU, 0xd33708a5U, 1844 0x302887f2U, 0x23bfa5b2U, 0x02036abaU, 0xed16825cU, 1845 0x8acf1c2bU, 0xa779b492U, 0xf307f2f0U, 0x4e69e2a1U, 1846 0x65daf4cdU, 0x0605bed5U, 0xd134621fU, 0xc4a6fe8aU, 1847 0x342e539dU, 0xa2f355a0U, 0x058ae132U, 0xa4f6eb75U, 1848 0x0b83ec39U, 0x4060efaaU, 0x5e719f06U, 0xbd6e1051U, 1849 0x3e218af9U, 0x96dd063dU, 0xdd3e05aeU, 0x4de6bd46U, 1850 0x91548db5U, 0x71c45d05U, 0x0406d46fU, 0x605015ffU, 1851 0x1998fb24U, 0xd6bde997U, 0x894043ccU, 0x67d99e77U, 1852 0xb0e842bdU, 0x07898b88U, 0xe7195b38U, 0x79c8eedbU, 1853 0xa17c0a47U, 0x7c420fe9U, 0xf8841ec9U, 0x00000000U, 1854 0x09808683U, 0x322bed48U, 0x1e1170acU, 0x6c5a724eU, 1855 0xfd0efffbU, 0x0f853856U, 0x3daed51eU, 0x362d3927U, 1856 0x0a0fd964U, 0x685ca621U, 0x9b5b54d1U, 0x24362e3aU, 1857 0x0c0a67b1U, 0x9357e70fU, 0xb4ee96d2U, 0x1b9b919eU, 1858 0x80c0c54fU, 0x61dc20a2U, 0x5a774b69U, 0x1c121a16U, 1859 0xe293ba0aU, 0xc0a02ae5U, 0x3c22e043U, 0x121b171dU, 1860 0x0e090d0bU, 0xf28bc7adU, 0x2db6a8b9U, 0x141ea9c8U, 1861 0x57f11985U, 0xaf75074cU, 0xee99ddbbU, 0xa37f60fdU, 1862 0xf701269fU, 0x5c72f5bcU, 0x44663bc5U, 0x5bfb7e34U, 1863 0x8b432976U, 0xcb23c6dcU, 0xb6edfc68U, 0xb8e4f163U, 1864 0xd731dccaU, 0x42638510U, 0x13972240U, 0x84c61120U, 1865 0x854a247dU, 0xd2bb3df8U, 0xaef93211U, 0xc729a16dU, 1866 0x1d9e2f4bU, 0xdcb230f3U, 0x0d8652ecU, 0x77c1e3d0U, 1867 0x2bb3166cU, 0xa970b999U, 0x119448faU, 0x47e96422U, 1868 0xa8fc8cc4U, 0xa0f03f1aU, 0x567d2cd8U, 0x223390efU, 1869 0x87494ec7U, 0xd938d1c1U, 0x8ccaa2feU, 0x98d40b36U, 1870 0xa6f581cfU, 0xa57ade28U, 0xdab78e26U, 0x3fadbfa4U, 1871 0x2c3a9de4U, 0x5078920dU, 0x6a5fcc9bU, 0x547e4662U, 1872 0xf68d13c2U, 0x90d8b8e8U, 0x2e39f75eU, 0x82c3aff5U, 1873 0x9f5d80beU, 0x69d0937cU, 0x6fd52da9U, 0xcf2512b3U, 1874 0xc8ac993bU, 0x10187da7U, 0xe89c636eU, 0xdb3bbb7bU, 1875 0xcd267809U, 0x6e5918f4U, 0xec9ab701U, 0x834f9aa8U, 1876 0xe6956e65U, 0xaaffe67eU, 0x21bccf08U, 0xef15e8e6U, 1877 0xbae79bd9U, 0x4a6f36ceU, 0xea9f09d4U, 0x29b07cd6U, 1878 0x31a4b2afU, 0x2a3f2331U, 0xc6a59430U, 0x35a266c0U, 1879 0x744ebc37U, 0xfc82caa6U, 0xe090d0b0U, 0x33a7d815U, 1880 0xf104984aU, 0x41ecdaf7U, 0x7fcd500eU, 0x1791f62fU, 1881 0x764dd68dU, 0x43efb04dU, 0xccaa4d54U, 0xe49604dfU, 1882 0x9ed1b5e3U, 0x4c6a881bU, 0xc12c1fb8U, 0x4665517fU, 1883 0x9d5eea04U, 0x018c355dU, 0xfa877473U, 0xfb0b412eU, 1884 0xb3671d5aU, 0x92dbd252U, 0xe9105633U, 0x6dd64713U, 1885 0x9ad7618cU, 0x37a10c7aU, 0x59f8148eU, 0xeb133c89U, 1886 0xcea927eeU, 0xb761c935U, 0xe11ce5edU, 0x7a47b13cU, 1887 0x9cd2df59U, 0x55f2733fU, 0x1814ce79U, 0x73c737bfU, 1888 0x53f7cdeaU, 0x5ffdaa5bU, 0xdf3d6f14U, 0x7844db86U, 1889 0xcaaff381U, 0xb968c43eU, 0x3824342cU, 0xc2a3405fU, 1890 0x161dc372U, 0xbce2250cU, 0x283c498bU, 0xff0d9541U, 1891 0x39a80171U, 0x080cb3deU, 0xd8b4e49cU, 0x6456c190U, 1892 0x7bcb8461U, 0xd532b670U, 0x486c5c74U, 0xd0b85742U, 1893 }; 1894 1895 const u8 Td4s[256] = { 1896 0x52U, 0x09U, 0x6aU, 0xd5U, 0x30U, 0x36U, 0xa5U, 0x38U, 1897 0xbfU, 0x40U, 0xa3U, 0x9eU, 0x81U, 0xf3U, 0xd7U, 0xfbU, 1898 0x7cU, 0xe3U, 0x39U, 0x82U, 0x9bU, 0x2fU, 0xffU, 0x87U, 1899 0x34U, 0x8eU, 0x43U, 0x44U, 0xc4U, 0xdeU, 0xe9U, 0xcbU, 1900 0x54U, 0x7bU, 0x94U, 0x32U, 0xa6U, 0xc2U, 0x23U, 0x3dU, 1901 0xeeU, 0x4cU, 0x95U, 0x0bU, 0x42U, 0xfaU, 0xc3U, 0x4eU, 1902 0x08U, 0x2eU, 0xa1U, 0x66U, 0x28U, 0xd9U, 0x24U, 0xb2U, 1903 0x76U, 0x5bU, 0xa2U, 0x49U, 0x6dU, 0x8bU, 0xd1U, 0x25U, 1904 0x72U, 0xf8U, 0xf6U, 0x64U, 0x86U, 0x68U, 0x98U, 0x16U, 1905 0xd4U, 0xa4U, 0x5cU, 0xccU, 0x5dU, 0x65U, 0xb6U, 0x92U, 1906 0x6cU, 0x70U, 0x48U, 0x50U, 0xfdU, 0xedU, 0xb9U, 0xdaU, 1907 0x5eU, 0x15U, 0x46U, 0x57U, 0xa7U, 0x8dU, 0x9dU, 0x84U, 1908 0x90U, 0xd8U, 0xabU, 0x00U, 0x8cU, 0xbcU, 0xd3U, 0x0aU, 1909 0xf7U, 0xe4U, 0x58U, 0x05U, 0xb8U, 0xb3U, 0x45U, 0x06U, 1910 0xd0U, 0x2cU, 0x1eU, 0x8fU, 0xcaU, 0x3fU, 0x0fU, 0x02U, 1911 0xc1U, 0xafU, 0xbdU, 0x03U, 0x01U, 0x13U, 0x8aU, 0x6bU, 1912 0x3aU, 0x91U, 0x11U, 0x41U, 0x4fU, 0x67U, 0xdcU, 0xeaU, 1913 0x97U, 0xf2U, 0xcfU, 0xceU, 0xf0U, 0xb4U, 0xe6U, 0x73U, 1914 0x96U, 0xacU, 0x74U, 0x22U, 0xe7U, 0xadU, 0x35U, 0x85U, 1915 0xe2U, 0xf9U, 0x37U, 0xe8U, 0x1cU, 0x75U, 0xdfU, 0x6eU, 1916 0x47U, 0xf1U, 0x1aU, 0x71U, 0x1dU, 0x29U, 0xc5U, 0x89U, 1917 0x6fU, 0xb7U, 0x62U, 0x0eU, 0xaaU, 0x18U, 0xbeU, 0x1bU, 1918 0xfcU, 0x56U, 0x3eU, 0x4bU, 0xc6U, 0xd2U, 0x79U, 0x20U, 1919 0x9aU, 0xdbU, 0xc0U, 0xfeU, 0x78U, 0xcdU, 0x5aU, 0xf4U, 1920 0x1fU, 0xddU, 0xa8U, 0x33U, 0x88U, 0x07U, 0xc7U, 0x31U, 1921 0xb1U, 0x12U, 0x10U, 0x59U, 0x27U, 0x80U, 0xecU, 0x5fU, 1922 0x60U, 0x51U, 0x7fU, 0xa9U, 0x19U, 0xb5U, 0x4aU, 0x0dU, 1923 0x2dU, 0xe5U, 0x7aU, 0x9fU, 0x93U, 0xc9U, 0x9cU, 0xefU, 1924 0xa0U, 0xe0U, 0x3bU, 0x4dU, 0xaeU, 0x2aU, 0xf5U, 0xb0U, 1925 0xc8U, 0xebU, 0xbbU, 0x3cU, 0x83U, 0x53U, 0x99U, 0x61U, 1926 0x17U, 0x2bU, 0x04U, 0x7eU, 0xbaU, 0x77U, 0xd6U, 0x26U, 1927 0xe1U, 0x69U, 0x14U, 0x63U, 0x55U, 0x21U, 0x0cU, 0x7dU, 1928 }; 1929 1930 const u8 rcons[] = { 1931 0x01, 0x02, 0x04, 0x08, 0x10, 0x20, 0x40, 0x80, 0x1B, 0x36 1932 /* for 128-bit blocks, Rijndael never uses more than 10 rcon values */ 1933 }; 1934 1935 static void gf_mulx(u8 *pad) 1936 { 1937 int i, carry; 1938 1939 carry = pad[0] & 0x80; 1940 for (i = 0; i < AES_BLOCK_SIZE - 1; i++) 1941 pad[i] = (pad[i] << 1) | (pad[i + 1] >> 7); 1942 1943 pad[AES_BLOCK_SIZE - 1] <<= 1; 1944 if (carry) 1945 pad[AES_BLOCK_SIZE - 1] ^= 0x87; 1946 } 1947 1948 /** 1949 * omac1_aes_128_vector - One-Key CBC MAC (OMAC1) hash with AES-128 1950 * @key: 128-bit key for the hash operation 1951 * @num_elem: Number of elements in the data vector 1952 * @addr: Pointers to the data areas 1953 * @len: Lengths of the data blocks 1954 * @mac: Buffer for MAC (128 bits, i.e., 16 bytes) 1955 * Returns: 0 on success, -1 on failure 1956 * 1957 * This is a mode for using block cipher (AES in this case) for authentication. 1958 * OMAC1 was standardized with the name CMAC by NIST in a Special Publication 1959 * (SP) 800-38B. 1960 */ 1961 static int omac1_aes_128_vector(u8 *key, size_t num_elem, 1962 u8 *addr[], size_t *len, u8 *mac) 1963 { 1964 struct crypto_aes_ctx ctx; 1965 u8 cbc[AES_BLOCK_SIZE], pad[AES_BLOCK_SIZE]; 1966 u8 *pos, *end; 1967 size_t i, e, left, total_len; 1968 int ret; 1969 1970 ret = aes_expandkey(&ctx, key, 16); 1971 if (ret) 1972 return -1; 1973 memset(cbc, 0, AES_BLOCK_SIZE); 1974 1975 total_len = 0; 1976 for (e = 0; e < num_elem; e++) 1977 total_len += len[e]; 1978 left = total_len; 1979 1980 e = 0; 1981 pos = addr[0]; 1982 end = pos + len[0]; 1983 1984 while (left >= AES_BLOCK_SIZE) { 1985 for (i = 0; i < AES_BLOCK_SIZE; i++) { 1986 cbc[i] ^= *pos++; 1987 if (pos >= end) { 1988 e++; 1989 pos = addr[e]; 1990 end = pos + len[e]; 1991 } 1992 } 1993 if (left > AES_BLOCK_SIZE) 1994 aes_encrypt(&ctx, cbc, cbc); 1995 left -= AES_BLOCK_SIZE; 1996 } 1997 1998 memset(pad, 0, AES_BLOCK_SIZE); 1999 aes_encrypt(&ctx, pad, pad); 2000 gf_mulx(pad); 2001 2002 if (left || total_len == 0) { 2003 for (i = 0; i < left; i++) { 2004 cbc[i] ^= *pos++; 2005 if (pos >= end) { 2006 e++; 2007 pos = addr[e]; 2008 end = pos + len[e]; 2009 } 2010 } 2011 cbc[left] ^= 0x80; 2012 gf_mulx(pad); 2013 } 2014 2015 for (i = 0; i < AES_BLOCK_SIZE; i++) 2016 pad[i] ^= cbc[i]; 2017 aes_encrypt(&ctx, pad, mac); 2018 memzero_explicit(&ctx, sizeof(ctx)); 2019 return 0; 2020 } 2021 2022 /** 2023 * omac1_aes_128 - One-Key CBC MAC (OMAC1) hash with AES-128 (aka AES-CMAC) 2024 * @key: 128-bit key for the hash operation 2025 * @data: Data buffer for which a MAC is determined 2026 * @data_len: Length of data buffer in bytes 2027 * @mac: Buffer for MAC (128 bits, i.e., 16 bytes) 2028 * Returns: 0 on success, -1 on failure 2029 * 2030 * This is a mode for using block cipher (AES in this case) for authentication. 2031 * OMAC1 was standardized with the name CMAC by NIST in a Special Publication 2032 * (SP) 800-38B. 2033 * modify for CONFIG_IEEE80211W */ 2034 int omac1_aes_128(u8 *key, u8 *data, size_t data_len, u8 *mac) 2035 { 2036 return omac1_aes_128_vector(key, 1, &data, &data_len, mac); 2037 } 2038 2039 /* Restore HW wep key setting according to key_mask */ 2040 void rtw_sec_restore_wep_key(struct adapter *adapter) 2041 { 2042 struct security_priv *securitypriv = &(adapter->securitypriv); 2043 signed int keyid; 2044 2045 if ((_WEP40_ == securitypriv->dot11PrivacyAlgrthm) || (_WEP104_ == securitypriv->dot11PrivacyAlgrthm)) { 2046 for (keyid = 0; keyid < 4; keyid++) { 2047 if (securitypriv->key_mask & BIT(keyid)) { 2048 if (keyid == securitypriv->dot11PrivacyKeyIndex) 2049 rtw_set_key(adapter, securitypriv, keyid, 1, false); 2050 else 2051 rtw_set_key(adapter, securitypriv, keyid, 0, false); 2052 } 2053 } 2054 } 2055 } 2056 2057 u8 rtw_handle_tkip_countermeasure(struct adapter *adapter, const char *caller) 2058 { 2059 struct security_priv *securitypriv = &(adapter->securitypriv); 2060 u8 status = _SUCCESS; 2061 2062 if (securitypriv->btkip_countermeasure) { 2063 unsigned long passing_ms = jiffies_to_msecs(jiffies - securitypriv->btkip_countermeasure_time); 2064 2065 if (passing_ms > 60*1000) { 2066 netdev_dbg(adapter->pnetdev, 2067 "%s(%s) countermeasure time:%lus > 60s\n", 2068 caller, ADPT_ARG(adapter), 2069 passing_ms / 1000); 2070 securitypriv->btkip_countermeasure = false; 2071 securitypriv->btkip_countermeasure_time = 0; 2072 } else { 2073 netdev_dbg(adapter->pnetdev, 2074 "%s(%s) countermeasure time:%lus < 60s\n", 2075 caller, ADPT_ARG(adapter), 2076 passing_ms / 1000); 2077 status = _FAIL; 2078 } 2079 } 2080 2081 return status; 2082 } 2083