1 // SPDX-License-Identifier: GPL-2.0 2 /****************************************************************************** 3 * 4 * Copyright(c) 2007 - 2011 Realtek Corporation. All rights reserved. 5 * 6 ******************************************************************************/ 7 #define _RTW_SECURITY_C_ 8 9 #include <linux/crc32poly.h> 10 #include <drv_types.h> 11 #include <rtw_debug.h> 12 13 static const char * const _security_type_str[] = { 14 "N/A", 15 "WEP40", 16 "TKIP", 17 "TKIP_WM", 18 "AES", 19 "WEP104", 20 "SMS4", 21 "WEP_WPA", 22 "BIP", 23 }; 24 25 const char *security_type_str(u8 value) 26 { 27 if (value <= _BIP_) 28 return _security_type_str[value]; 29 return NULL; 30 } 31 32 #ifdef DBG_SW_SEC_CNT 33 #define WEP_SW_ENC_CNT_INC(sec, ra) \ 34 if (is_broadcast_mac_addr(ra)) \ 35 sec->wep_sw_enc_cnt_bc++; \ 36 else if (is_multicast_mac_addr(ra)) \ 37 sec->wep_sw_enc_cnt_mc++; \ 38 else \ 39 sec->wep_sw_enc_cnt_uc++; 40 41 #define WEP_SW_DEC_CNT_INC(sec, ra) \ 42 if (is_broadcast_mac_addr(ra)) \ 43 sec->wep_sw_dec_cnt_bc++; \ 44 else if (is_multicast_mac_addr(ra)) \ 45 sec->wep_sw_dec_cnt_mc++; \ 46 else \ 47 sec->wep_sw_dec_cnt_uc++; 48 49 #define TKIP_SW_ENC_CNT_INC(sec, ra) \ 50 if (is_broadcast_mac_addr(ra)) \ 51 sec->tkip_sw_enc_cnt_bc++; \ 52 else if (is_multicast_mac_addr(ra)) \ 53 sec->tkip_sw_enc_cnt_mc++; \ 54 else \ 55 sec->tkip_sw_enc_cnt_uc++; 56 57 #define TKIP_SW_DEC_CNT_INC(sec, ra) \ 58 if (is_broadcast_mac_addr(ra)) \ 59 sec->tkip_sw_dec_cnt_bc++; \ 60 else if (is_multicast_mac_addr(ra)) \ 61 sec->tkip_sw_dec_cnt_mc++; \ 62 else \ 63 sec->tkip_sw_dec_cnt_uc++; 64 65 #define AES_SW_ENC_CNT_INC(sec, ra) \ 66 if (is_broadcast_mac_addr(ra)) \ 67 sec->aes_sw_enc_cnt_bc++; \ 68 else if (is_multicast_mac_addr(ra)) \ 69 sec->aes_sw_enc_cnt_mc++; \ 70 else \ 71 sec->aes_sw_enc_cnt_uc++; 72 73 #define AES_SW_DEC_CNT_INC(sec, ra) \ 74 if (is_broadcast_mac_addr(ra)) \ 75 sec->aes_sw_dec_cnt_bc++; \ 76 else if (is_multicast_mac_addr(ra)) \ 77 sec->aes_sw_dec_cnt_mc++; \ 78 else \ 79 sec->aes_sw_dec_cnt_uc++; 80 #else 81 #define WEP_SW_ENC_CNT_INC(sec, ra) 82 #define WEP_SW_DEC_CNT_INC(sec, ra) 83 #define TKIP_SW_ENC_CNT_INC(sec, ra) 84 #define TKIP_SW_DEC_CNT_INC(sec, ra) 85 #define AES_SW_ENC_CNT_INC(sec, ra) 86 #define AES_SW_DEC_CNT_INC(sec, ra) 87 #endif /* DBG_SW_SEC_CNT */ 88 89 /* WEP related ===== */ 90 91 struct arc4context { 92 u32 x; 93 u32 y; 94 u8 state[256]; 95 }; 96 97 98 static void arcfour_init(struct arc4context *parc4ctx, u8 *key, u32 key_len) 99 { 100 u32 t, u; 101 u32 keyindex; 102 u32 stateindex; 103 u8 *state; 104 u32 counter; 105 106 state = parc4ctx->state; 107 parc4ctx->x = 0; 108 parc4ctx->y = 0; 109 for (counter = 0; counter < 256; counter++) 110 state[counter] = (u8)counter; 111 keyindex = 0; 112 stateindex = 0; 113 for (counter = 0; counter < 256; counter++) { 114 t = state[counter]; 115 stateindex = (stateindex + key[keyindex] + t) & 0xff; 116 u = state[stateindex]; 117 state[stateindex] = (u8)t; 118 state[counter] = (u8)u; 119 if (++keyindex >= key_len) 120 keyindex = 0; 121 } 122 } 123 124 static u32 arcfour_byte(struct arc4context *parc4ctx) 125 { 126 u32 x; 127 u32 y; 128 u32 sx, sy; 129 u8 *state; 130 131 state = parc4ctx->state; 132 x = (parc4ctx->x + 1) & 0xff; 133 sx = state[x]; 134 y = (sx + parc4ctx->y) & 0xff; 135 sy = state[y]; 136 parc4ctx->x = x; 137 parc4ctx->y = y; 138 state[y] = (u8)sx; 139 state[x] = (u8)sy; 140 return state[(sx + sy) & 0xff]; 141 } 142 143 static void arcfour_encrypt(struct arc4context *parc4ctx, u8 *dest, u8 *src, u32 len) 144 { 145 u32 i; 146 147 for (i = 0; i < len; i++) 148 dest[i] = src[i] ^ (unsigned char)arcfour_byte(parc4ctx); 149 } 150 151 static sint bcrc32initialized; 152 static u32 crc32_table[256]; 153 154 155 static u8 crc32_reverseBit(u8 data) 156 { 157 return((u8)((data<<7)&0x80) | ((data<<5)&0x40) | ((data<<3)&0x20) | ((data<<1)&0x10) | ((data>>1)&0x08) | ((data>>3)&0x04) | ((data>>5)&0x02) | ((data>>7)&0x01)); 158 } 159 160 static void crc32_init(void) 161 { 162 if (bcrc32initialized == 1) 163 return; 164 else { 165 sint i, j; 166 u32 c; 167 u8 *p = (u8 *)&c, *p1; 168 u8 k; 169 170 c = 0x12340000; 171 172 for (i = 0; i < 256; ++i) { 173 k = crc32_reverseBit((u8)i); 174 for (c = ((u32)k) << 24, j = 8; j > 0; --j) { 175 c = c & 0x80000000 ? (c << 1) ^ CRC32_POLY_BE : (c << 1); 176 } 177 p1 = (u8 *)&crc32_table[i]; 178 179 p1[0] = crc32_reverseBit(p[3]); 180 p1[1] = crc32_reverseBit(p[2]); 181 p1[2] = crc32_reverseBit(p[1]); 182 p1[3] = crc32_reverseBit(p[0]); 183 } 184 bcrc32initialized = 1; 185 } 186 } 187 188 static __le32 getcrc32(u8 *buf, sint len) 189 { 190 u8 *p; 191 u32 crc; 192 193 if (bcrc32initialized == 0) 194 crc32_init(); 195 196 crc = 0xffffffff; /* preload shift register, per CRC-32 spec */ 197 198 for (p = buf; len > 0; ++p, --len) { 199 crc = crc32_table[(crc ^ *p) & 0xff] ^ (crc >> 8); 200 } 201 return cpu_to_le32(~crc); /* transmit complement, per CRC-32 spec */ 202 } 203 204 205 /* 206 Need to consider the fragment situation 207 */ 208 void rtw_wep_encrypt(struct adapter *padapter, u8 *pxmitframe) 209 { /* exclude ICV */ 210 211 unsigned char crc[4]; 212 struct arc4context mycontext; 213 214 sint curfragnum, length; 215 u32 keylength; 216 217 u8 *pframe, *payload, *iv; /* wepkey */ 218 u8 wepkey[16]; 219 u8 hw_hdr_offset = 0; 220 struct pkt_attrib *pattrib = &((struct xmit_frame *)pxmitframe)->attrib; 221 struct security_priv *psecuritypriv = &padapter->securitypriv; 222 struct xmit_priv *pxmitpriv = &padapter->xmitpriv; 223 224 if (((struct xmit_frame *)pxmitframe)->buf_addr == NULL) 225 return; 226 227 hw_hdr_offset = TXDESC_OFFSET; 228 pframe = ((struct xmit_frame *)pxmitframe)->buf_addr + hw_hdr_offset; 229 230 /* start to encrypt each fragment */ 231 if ((pattrib->encrypt == _WEP40_) || (pattrib->encrypt == _WEP104_)) { 232 keylength = psecuritypriv->dot11DefKeylen[psecuritypriv->dot11PrivacyKeyIndex]; 233 234 for (curfragnum = 0; curfragnum < pattrib->nr_frags; curfragnum++) { 235 iv = pframe+pattrib->hdrlen; 236 memcpy(&wepkey[0], iv, 3); 237 memcpy(&wepkey[3], &psecuritypriv->dot11DefKey[psecuritypriv->dot11PrivacyKeyIndex].skey[0], keylength); 238 payload = pframe+pattrib->iv_len+pattrib->hdrlen; 239 240 if ((curfragnum+1) == pattrib->nr_frags) { /* the last fragment */ 241 242 length = pattrib->last_txcmdsz-pattrib->hdrlen-pattrib->iv_len-pattrib->icv_len; 243 244 *((__le32 *)crc) = getcrc32(payload, length); 245 246 arcfour_init(&mycontext, wepkey, 3+keylength); 247 arcfour_encrypt(&mycontext, payload, payload, length); 248 arcfour_encrypt(&mycontext, payload+length, crc, 4); 249 250 } else { 251 length = pxmitpriv->frag_len-pattrib->hdrlen-pattrib->iv_len-pattrib->icv_len; 252 *((__le32 *)crc) = getcrc32(payload, length); 253 arcfour_init(&mycontext, wepkey, 3+keylength); 254 arcfour_encrypt(&mycontext, payload, payload, length); 255 arcfour_encrypt(&mycontext, payload+length, crc, 4); 256 257 pframe += pxmitpriv->frag_len; 258 pframe = (u8 *)round_up((SIZE_PTR)(pframe), 4); 259 } 260 } 261 262 WEP_SW_ENC_CNT_INC(psecuritypriv, pattrib->ra); 263 } 264 } 265 266 void rtw_wep_decrypt(struct adapter *padapter, u8 *precvframe) 267 { 268 /* exclude ICV */ 269 u8 crc[4]; 270 struct arc4context mycontext; 271 sint length; 272 u32 keylength; 273 u8 *pframe, *payload, *iv, wepkey[16]; 274 u8 keyindex; 275 struct rx_pkt_attrib *prxattrib = &(((union recv_frame *)precvframe)->u.hdr.attrib); 276 struct security_priv *psecuritypriv = &padapter->securitypriv; 277 278 pframe = (unsigned char *)((union recv_frame *)precvframe)->u.hdr.rx_data; 279 280 /* start to decrypt recvframe */ 281 if ((prxattrib->encrypt == _WEP40_) || (prxattrib->encrypt == _WEP104_)) { 282 iv = pframe+prxattrib->hdrlen; 283 /* keyindex =(iv[3]&0x3); */ 284 keyindex = prxattrib->key_index; 285 keylength = psecuritypriv->dot11DefKeylen[keyindex]; 286 memcpy(&wepkey[0], iv, 3); 287 /* memcpy(&wepkey[3], &psecuritypriv->dot11DefKey[psecuritypriv->dot11PrivacyKeyIndex].skey[0], keylength); */ 288 memcpy(&wepkey[3], &psecuritypriv->dot11DefKey[keyindex].skey[0], keylength); 289 length = ((union recv_frame *)precvframe)->u.hdr.len-prxattrib->hdrlen-prxattrib->iv_len; 290 291 payload = pframe+prxattrib->iv_len+prxattrib->hdrlen; 292 293 /* decrypt payload include icv */ 294 arcfour_init(&mycontext, wepkey, 3+keylength); 295 arcfour_encrypt(&mycontext, payload, payload, length); 296 297 /* calculate icv and compare the icv */ 298 *((u32 *)crc) = le32_to_cpu(getcrc32(payload, length-4)); 299 300 if (crc[3] != payload[length-1] || crc[2] != payload[length-2] || crc[1] != payload[length-3] || crc[0] != payload[length-4]) { 301 RT_TRACE(_module_rtl871x_security_c_, 302 _drv_err_, 303 ("%s:icv error crc[3](%x)!=payload[length-1](%x) || crc[2](%x)!=payload[length-2](%x) || crc[1](%x)!=payload[length-3](%x) || crc[0](%x)!=payload[length-4](%x)\n", 304 __func__, 305 crc[3], payload[length - 1], 306 crc[2], payload[length - 2], 307 crc[1], payload[length - 3], 308 crc[0], payload[length - 4])); 309 } 310 311 WEP_SW_DEC_CNT_INC(psecuritypriv, prxattrib->ra); 312 } 313 } 314 315 /* 3 =====TKIP related ===== */ 316 317 static u32 secmicgetuint32(u8 *p) 318 /* Convert from Byte[] to Us3232 in a portable way */ 319 { 320 s32 i; 321 u32 res = 0; 322 323 for (i = 0; i < 4; i++) { 324 res |= ((u32)(*p++)) << (8*i); 325 } 326 327 return res; 328 } 329 330 static void secmicputuint32(u8 *p, u32 val) 331 /* Convert from Us3232 to Byte[] in a portable way */ 332 { 333 long i; 334 335 for (i = 0; i < 4; i++) { 336 *p++ = (u8) (val & 0xff); 337 val >>= 8; 338 } 339 } 340 341 static void secmicclear(struct mic_data *pmicdata) 342 { 343 /* Reset the state to the empty message. */ 344 pmicdata->L = pmicdata->K0; 345 pmicdata->R = pmicdata->K1; 346 pmicdata->nBytesInM = 0; 347 pmicdata->M = 0; 348 } 349 350 void rtw_secmicsetkey(struct mic_data *pmicdata, u8 *key) 351 { 352 /* Set the key */ 353 pmicdata->K0 = secmicgetuint32(key); 354 pmicdata->K1 = secmicgetuint32(key + 4); 355 /* and reset the message */ 356 secmicclear(pmicdata); 357 } 358 359 void rtw_secmicappendbyte(struct mic_data *pmicdata, u8 b) 360 { 361 /* Append the byte to our word-sized buffer */ 362 pmicdata->M |= ((unsigned long)b) << (8*pmicdata->nBytesInM); 363 pmicdata->nBytesInM++; 364 /* Process the word if it is full. */ 365 if (pmicdata->nBytesInM >= 4) { 366 pmicdata->L ^= pmicdata->M; 367 pmicdata->R ^= ROL32(pmicdata->L, 17); 368 pmicdata->L += pmicdata->R; 369 pmicdata->R ^= ((pmicdata->L & 0xff00ff00) >> 8) | ((pmicdata->L & 0x00ff00ff) << 8); 370 pmicdata->L += pmicdata->R; 371 pmicdata->R ^= ROL32(pmicdata->L, 3); 372 pmicdata->L += pmicdata->R; 373 pmicdata->R ^= ROR32(pmicdata->L, 2); 374 pmicdata->L += pmicdata->R; 375 /* Clear the buffer */ 376 pmicdata->M = 0; 377 pmicdata->nBytesInM = 0; 378 } 379 } 380 381 void rtw_secmicappend(struct mic_data *pmicdata, u8 *src, u32 nbytes) 382 { 383 /* This is simple */ 384 while (nbytes > 0) { 385 rtw_secmicappendbyte(pmicdata, *src++); 386 nbytes--; 387 } 388 } 389 390 void rtw_secgetmic(struct mic_data *pmicdata, u8 *dst) 391 { 392 /* Append the minimum padding */ 393 rtw_secmicappendbyte(pmicdata, 0x5a); 394 rtw_secmicappendbyte(pmicdata, 0); 395 rtw_secmicappendbyte(pmicdata, 0); 396 rtw_secmicappendbyte(pmicdata, 0); 397 rtw_secmicappendbyte(pmicdata, 0); 398 /* and then zeroes until the length is a multiple of 4 */ 399 while (pmicdata->nBytesInM != 0) { 400 rtw_secmicappendbyte(pmicdata, 0); 401 } 402 /* The appendByte function has already computed the result. */ 403 secmicputuint32(dst, pmicdata->L); 404 secmicputuint32(dst+4, pmicdata->R); 405 /* Reset to the empty message. */ 406 secmicclear(pmicdata); 407 } 408 409 410 void rtw_seccalctkipmic(u8 *key, u8 *header, u8 *data, u32 data_len, u8 *mic_code, u8 pri) 411 { 412 413 struct mic_data micdata; 414 u8 priority[4] = {0x0, 0x0, 0x0, 0x0}; 415 416 rtw_secmicsetkey(&micdata, key); 417 priority[0] = pri; 418 419 /* Michael MIC pseudo header: DA, SA, 3 x 0, Priority */ 420 if (header[1]&1) { /* ToDS == 1 */ 421 rtw_secmicappend(&micdata, &header[16], 6); /* DA */ 422 if (header[1]&2) /* From Ds == 1 */ 423 rtw_secmicappend(&micdata, &header[24], 6); 424 else 425 rtw_secmicappend(&micdata, &header[10], 6); 426 } else { /* ToDS == 0 */ 427 rtw_secmicappend(&micdata, &header[4], 6); /* DA */ 428 if (header[1]&2) /* From Ds == 1 */ 429 rtw_secmicappend(&micdata, &header[16], 6); 430 else 431 rtw_secmicappend(&micdata, &header[10], 6); 432 } 433 rtw_secmicappend(&micdata, &priority[0], 4); 434 435 436 rtw_secmicappend(&micdata, data, data_len); 437 438 rtw_secgetmic(&micdata, mic_code); 439 } 440 441 /* macros for extraction/creation of unsigned char/unsigned short values */ 442 #define RotR1(v16) ((((v16) >> 1) & 0x7FFF) ^ (((v16) & 1) << 15)) 443 #define Lo8(v16) ((u8)((v16) & 0x00FF)) 444 #define Hi8(v16) ((u8)(((v16) >> 8) & 0x00FF)) 445 #define Lo16(v32) ((u16)((v32) & 0xFFFF)) 446 #define Hi16(v32) ((u16)(((v32) >> 16) & 0xFFFF)) 447 #define Mk16(hi, lo) ((lo) ^ (((u16)(hi)) << 8)) 448 449 /* select the Nth 16-bit word of the temporal key unsigned char array TK[] */ 450 #define TK16(N) Mk16(tk[2*(N)+1], tk[2*(N)]) 451 452 /* S-box lookup: 16 bits --> 16 bits */ 453 #define _S_(v16) (Sbox1[0][Lo8(v16)] ^ Sbox1[1][Hi8(v16)]) 454 455 /* fixed algorithm "parameters" */ 456 #define PHASE1_LOOP_CNT 8 /* this needs to be "big enough" */ 457 #define TA_SIZE 6 /* 48-bit transmitter address */ 458 #define TK_SIZE 16 /* 128-bit temporal key */ 459 #define P1K_SIZE 10 /* 80-bit Phase1 key */ 460 #define RC4_KEY_SIZE 16 /* 128-bit RC4KEY (104 bits unknown) */ 461 462 463 /* 2-unsigned char by 2-unsigned char subset of the full AES S-box table */ 464 static const unsigned short Sbox1[2][256] = { /* Sbox for hash (can be in ROM) */ 465 { 466 0xC6A5, 0xF884, 0xEE99, 0xF68D, 0xFF0D, 0xD6BD, 0xDEB1, 0x9154, 467 0x6050, 0x0203, 0xCEA9, 0x567D, 0xE719, 0xB562, 0x4DE6, 0xEC9A, 468 0x8F45, 0x1F9D, 0x8940, 0xFA87, 0xEF15, 0xB2EB, 0x8EC9, 0xFB0B, 469 0x41EC, 0xB367, 0x5FFD, 0x45EA, 0x23BF, 0x53F7, 0xE496, 0x9B5B, 470 0x75C2, 0xE11C, 0x3DAE, 0x4C6A, 0x6C5A, 0x7E41, 0xF502, 0x834F, 471 0x685C, 0x51F4, 0xD134, 0xF908, 0xE293, 0xAB73, 0x6253, 0x2A3F, 472 0x080C, 0x9552, 0x4665, 0x9D5E, 0x3028, 0x37A1, 0x0A0F, 0x2FB5, 473 0x0E09, 0x2436, 0x1B9B, 0xDF3D, 0xCD26, 0x4E69, 0x7FCD, 0xEA9F, 474 0x121B, 0x1D9E, 0x5874, 0x342E, 0x362D, 0xDCB2, 0xB4EE, 0x5BFB, 475 0xA4F6, 0x764D, 0xB761, 0x7DCE, 0x527B, 0xDD3E, 0x5E71, 0x1397, 476 0xA6F5, 0xB968, 0x0000, 0xC12C, 0x4060, 0xE31F, 0x79C8, 0xB6ED, 477 0xD4BE, 0x8D46, 0x67D9, 0x724B, 0x94DE, 0x98D4, 0xB0E8, 0x854A, 478 0xBB6B, 0xC52A, 0x4FE5, 0xED16, 0x86C5, 0x9AD7, 0x6655, 0x1194, 479 0x8ACF, 0xE910, 0x0406, 0xFE81, 0xA0F0, 0x7844, 0x25BA, 0x4BE3, 480 0xA2F3, 0x5DFE, 0x80C0, 0x058A, 0x3FAD, 0x21BC, 0x7048, 0xF104, 481 0x63DF, 0x77C1, 0xAF75, 0x4263, 0x2030, 0xE51A, 0xFD0E, 0xBF6D, 482 0x814C, 0x1814, 0x2635, 0xC32F, 0xBEE1, 0x35A2, 0x88CC, 0x2E39, 483 0x9357, 0x55F2, 0xFC82, 0x7A47, 0xC8AC, 0xBAE7, 0x322B, 0xE695, 484 0xC0A0, 0x1998, 0x9ED1, 0xA37F, 0x4466, 0x547E, 0x3BAB, 0x0B83, 485 0x8CCA, 0xC729, 0x6BD3, 0x283C, 0xA779, 0xBCE2, 0x161D, 0xAD76, 486 0xDB3B, 0x6456, 0x744E, 0x141E, 0x92DB, 0x0C0A, 0x486C, 0xB8E4, 487 0x9F5D, 0xBD6E, 0x43EF, 0xC4A6, 0x39A8, 0x31A4, 0xD337, 0xF28B, 488 0xD532, 0x8B43, 0x6E59, 0xDAB7, 0x018C, 0xB164, 0x9CD2, 0x49E0, 489 0xD8B4, 0xACFA, 0xF307, 0xCF25, 0xCAAF, 0xF48E, 0x47E9, 0x1018, 490 0x6FD5, 0xF088, 0x4A6F, 0x5C72, 0x3824, 0x57F1, 0x73C7, 0x9751, 491 0xCB23, 0xA17C, 0xE89C, 0x3E21, 0x96DD, 0x61DC, 0x0D86, 0x0F85, 492 0xE090, 0x7C42, 0x71C4, 0xCCAA, 0x90D8, 0x0605, 0xF701, 0x1C12, 493 0xC2A3, 0x6A5F, 0xAEF9, 0x69D0, 0x1791, 0x9958, 0x3A27, 0x27B9, 494 0xD938, 0xEB13, 0x2BB3, 0x2233, 0xD2BB, 0xA970, 0x0789, 0x33A7, 495 0x2DB6, 0x3C22, 0x1592, 0xC920, 0x8749, 0xAAFF, 0x5078, 0xA57A, 496 0x038F, 0x59F8, 0x0980, 0x1A17, 0x65DA, 0xD731, 0x84C6, 0xD0B8, 497 0x82C3, 0x29B0, 0x5A77, 0x1E11, 0x7BCB, 0xA8FC, 0x6DD6, 0x2C3A, 498 }, 499 500 501 { /* second half of table is unsigned char-reversed version of first! */ 502 0xA5C6, 0x84F8, 0x99EE, 0x8DF6, 0x0DFF, 0xBDD6, 0xB1DE, 0x5491, 503 0x5060, 0x0302, 0xA9CE, 0x7D56, 0x19E7, 0x62B5, 0xE64D, 0x9AEC, 504 0x458F, 0x9D1F, 0x4089, 0x87FA, 0x15EF, 0xEBB2, 0xC98E, 0x0BFB, 505 0xEC41, 0x67B3, 0xFD5F, 0xEA45, 0xBF23, 0xF753, 0x96E4, 0x5B9B, 506 0xC275, 0x1CE1, 0xAE3D, 0x6A4C, 0x5A6C, 0x417E, 0x02F5, 0x4F83, 507 0x5C68, 0xF451, 0x34D1, 0x08F9, 0x93E2, 0x73AB, 0x5362, 0x3F2A, 508 0x0C08, 0x5295, 0x6546, 0x5E9D, 0x2830, 0xA137, 0x0F0A, 0xB52F, 509 0x090E, 0x3624, 0x9B1B, 0x3DDF, 0x26CD, 0x694E, 0xCD7F, 0x9FEA, 510 0x1B12, 0x9E1D, 0x7458, 0x2E34, 0x2D36, 0xB2DC, 0xEEB4, 0xFB5B, 511 0xF6A4, 0x4D76, 0x61B7, 0xCE7D, 0x7B52, 0x3EDD, 0x715E, 0x9713, 512 0xF5A6, 0x68B9, 0x0000, 0x2CC1, 0x6040, 0x1FE3, 0xC879, 0xEDB6, 513 0xBED4, 0x468D, 0xD967, 0x4B72, 0xDE94, 0xD498, 0xE8B0, 0x4A85, 514 0x6BBB, 0x2AC5, 0xE54F, 0x16ED, 0xC586, 0xD79A, 0x5566, 0x9411, 515 0xCF8A, 0x10E9, 0x0604, 0x81FE, 0xF0A0, 0x4478, 0xBA25, 0xE34B, 516 0xF3A2, 0xFE5D, 0xC080, 0x8A05, 0xAD3F, 0xBC21, 0x4870, 0x04F1, 517 0xDF63, 0xC177, 0x75AF, 0x6342, 0x3020, 0x1AE5, 0x0EFD, 0x6DBF, 518 0x4C81, 0x1418, 0x3526, 0x2FC3, 0xE1BE, 0xA235, 0xCC88, 0x392E, 519 0x5793, 0xF255, 0x82FC, 0x477A, 0xACC8, 0xE7BA, 0x2B32, 0x95E6, 520 0xA0C0, 0x9819, 0xD19E, 0x7FA3, 0x6644, 0x7E54, 0xAB3B, 0x830B, 521 0xCA8C, 0x29C7, 0xD36B, 0x3C28, 0x79A7, 0xE2BC, 0x1D16, 0x76AD, 522 0x3BDB, 0x5664, 0x4E74, 0x1E14, 0xDB92, 0x0A0C, 0x6C48, 0xE4B8, 523 0x5D9F, 0x6EBD, 0xEF43, 0xA6C4, 0xA839, 0xA431, 0x37D3, 0x8BF2, 524 0x32D5, 0x438B, 0x596E, 0xB7DA, 0x8C01, 0x64B1, 0xD29C, 0xE049, 525 0xB4D8, 0xFAAC, 0x07F3, 0x25CF, 0xAFCA, 0x8EF4, 0xE947, 0x1810, 526 0xD56F, 0x88F0, 0x6F4A, 0x725C, 0x2438, 0xF157, 0xC773, 0x5197, 527 0x23CB, 0x7CA1, 0x9CE8, 0x213E, 0xDD96, 0xDC61, 0x860D, 0x850F, 528 0x90E0, 0x427C, 0xC471, 0xAACC, 0xD890, 0x0506, 0x01F7, 0x121C, 529 0xA3C2, 0x5F6A, 0xF9AE, 0xD069, 0x9117, 0x5899, 0x273A, 0xB927, 530 0x38D9, 0x13EB, 0xB32B, 0x3322, 0xBBD2, 0x70A9, 0x8907, 0xA733, 531 0xB62D, 0x223C, 0x9215, 0x20C9, 0x4987, 0xFFAA, 0x7850, 0x7AA5, 532 0x8F03, 0xF859, 0x8009, 0x171A, 0xDA65, 0x31D7, 0xC684, 0xB8D0, 533 0xC382, 0xB029, 0x775A, 0x111E, 0xCB7B, 0xFCA8, 0xD66D, 0x3A2C, 534 } 535 }; 536 537 /* 538 ********************************************************************** 539 * Routine: Phase 1 -- generate P1K, given TA, TK, IV32 540 * 541 * Inputs: 542 * tk[] = temporal key [128 bits] 543 * ta[] = transmitter's MAC address [ 48 bits] 544 * iv32 = upper 32 bits of IV [ 32 bits] 545 * Output: 546 * p1k[] = Phase 1 key [ 80 bits] 547 * 548 * Note: 549 * This function only needs to be called every 2**16 packets, 550 * although in theory it could be called every packet. 551 * 552 ********************************************************************** 553 */ 554 static void phase1(u16 *p1k, const u8 *tk, const u8 *ta, u32 iv32) 555 { 556 sint i; 557 558 /* Initialize the 80 bits of P1K[] from IV32 and TA[0..5] */ 559 p1k[0] = Lo16(iv32); 560 p1k[1] = Hi16(iv32); 561 p1k[2] = Mk16(ta[1], ta[0]); /* use TA[] as little-endian */ 562 p1k[3] = Mk16(ta[3], ta[2]); 563 p1k[4] = Mk16(ta[5], ta[4]); 564 565 /* Now compute an unbalanced Feistel cipher with 80-bit block */ 566 /* size on the 80-bit block P1K[], using the 128-bit key TK[] */ 567 for (i = 0; i < PHASE1_LOOP_CNT; i++) { 568 /* Each add operation here is mod 2**16 */ 569 p1k[0] += _S_(p1k[4] ^ TK16((i&1)+0)); 570 p1k[1] += _S_(p1k[0] ^ TK16((i&1)+2)); 571 p1k[2] += _S_(p1k[1] ^ TK16((i&1)+4)); 572 p1k[3] += _S_(p1k[2] ^ TK16((i&1)+6)); 573 p1k[4] += _S_(p1k[3] ^ TK16((i&1)+0)); 574 p1k[4] += (unsigned short)i; /* avoid "slide attacks" */ 575 } 576 } 577 578 579 /* 580 ********************************************************************** 581 * Routine: Phase 2 -- generate RC4KEY, given TK, P1K, IV16 582 * 583 * Inputs: 584 * tk[] = Temporal key [128 bits] 585 * p1k[] = Phase 1 output key [ 80 bits] 586 * iv16 = low 16 bits of IV counter [ 16 bits] 587 * Output: 588 * rc4key[] = the key used to encrypt the packet [128 bits] 589 * 590 * Note: 591 * The value {TA, IV32, IV16} for Phase1/Phase2 must be unique 592 * across all packets using the same key TK value. Then, for a 593 * given value of TK[], this TKIP48 construction guarantees that 594 * the final RC4KEY value is unique across all packets. 595 * 596 * Suggested implementation optimization: if PPK[] is "overlaid" 597 * appropriately on RC4KEY[], there is no need for the final 598 * for loop below that copies the PPK[] result into RC4KEY[]. 599 * 600 ********************************************************************** 601 */ 602 static void phase2(u8 *rc4key, const u8 *tk, const u16 *p1k, u16 iv16) 603 { 604 sint i; 605 u16 PPK[6]; /* temporary key for mixing */ 606 607 /* Note: all adds in the PPK[] equations below are mod 2**16 */ 608 for (i = 0; i < 5; i++) 609 PPK[i] = p1k[i]; /* first, copy P1K to PPK */ 610 611 PPK[5] = p1k[4]+iv16; /* next, add in IV16 */ 612 613 /* Bijective non-linear mixing of the 96 bits of PPK[0..5] */ 614 PPK[0] += _S_(PPK[5] ^ TK16(0)); /* Mix key in each "round" */ 615 PPK[1] += _S_(PPK[0] ^ TK16(1)); 616 PPK[2] += _S_(PPK[1] ^ TK16(2)); 617 PPK[3] += _S_(PPK[2] ^ TK16(3)); 618 PPK[4] += _S_(PPK[3] ^ TK16(4)); 619 PPK[5] += _S_(PPK[4] ^ TK16(5)); /* Total # S-box lookups == 6 */ 620 621 /* Final sweep: bijective, "linear". Rotates kill LSB correlations */ 622 PPK[0] += RotR1(PPK[5] ^ TK16(6)); 623 PPK[1] += RotR1(PPK[0] ^ TK16(7)); /* Use all of TK[] in Phase2 */ 624 PPK[2] += RotR1(PPK[1]); 625 PPK[3] += RotR1(PPK[2]); 626 PPK[4] += RotR1(PPK[3]); 627 PPK[5] += RotR1(PPK[4]); 628 /* Note: At this point, for a given key TK[0..15], the 96-bit output */ 629 /* value PPK[0..5] is guaranteed to be unique, as a function */ 630 /* of the 96-bit "input" value {TA, IV32, IV16}. That is, P1K */ 631 /* is now a keyed permutation of {TA, IV32, IV16}. */ 632 633 /* Set RC4KEY[0..3], which includes "cleartext" portion of RC4 key */ 634 rc4key[0] = Hi8(iv16); /* RC4KEY[0..2] is the WEP IV */ 635 rc4key[1] = (Hi8(iv16) | 0x20) & 0x7F; /* Help avoid weak (FMS) keys */ 636 rc4key[2] = Lo8(iv16); 637 rc4key[3] = Lo8((PPK[5] ^ TK16(0)) >> 1); 638 639 640 /* Copy 96 bits of PPK[0..5] to RC4KEY[4..15] (little-endian) */ 641 for (i = 0; i < 6; i++) { 642 rc4key[4+2*i] = Lo8(PPK[i]); 643 rc4key[5+2*i] = Hi8(PPK[i]); 644 } 645 } 646 647 648 /* The hlen isn't include the IV */ 649 u32 rtw_tkip_encrypt(struct adapter *padapter, u8 *pxmitframe) 650 { /* exclude ICV */ 651 u16 pnl; 652 u32 pnh; 653 u8 rc4key[16]; 654 u8 ttkey[16]; 655 u8 crc[4]; 656 u8 hw_hdr_offset = 0; 657 struct arc4context mycontext; 658 sint curfragnum, length; 659 660 u8 *pframe, *payload, *iv, *prwskey; 661 union pn48 dot11txpn; 662 struct pkt_attrib *pattrib = &((struct xmit_frame *)pxmitframe)->attrib; 663 struct security_priv *psecuritypriv = &padapter->securitypriv; 664 struct xmit_priv *pxmitpriv = &padapter->xmitpriv; 665 u32 res = _SUCCESS; 666 667 if (((struct xmit_frame *)pxmitframe)->buf_addr == NULL) 668 return _FAIL; 669 670 hw_hdr_offset = TXDESC_OFFSET; 671 pframe = ((struct xmit_frame *)pxmitframe)->buf_addr + hw_hdr_offset; 672 673 /* 4 start to encrypt each fragment */ 674 if (pattrib->encrypt == _TKIP_) { 675 676 { 677 RT_TRACE(_module_rtl871x_security_c_, _drv_err_, ("%s: stainfo!= NULL!!!\n", __func__)); 678 679 if (IS_MCAST(pattrib->ra)) 680 prwskey = psecuritypriv->dot118021XGrpKey[psecuritypriv->dot118021XGrpKeyid].skey; 681 else 682 prwskey = pattrib->dot118021x_UncstKey.skey; 683 684 for (curfragnum = 0; curfragnum < pattrib->nr_frags; curfragnum++) { 685 iv = pframe+pattrib->hdrlen; 686 payload = pframe+pattrib->iv_len+pattrib->hdrlen; 687 688 GET_TKIP_PN(iv, dot11txpn); 689 690 pnl = (u16)(dot11txpn.val); 691 pnh = (u32)(dot11txpn.val>>16); 692 693 phase1((u16 *)&ttkey[0], prwskey, &pattrib->ta[0], pnh); 694 695 phase2(&rc4key[0], prwskey, (u16 *)&ttkey[0], pnl); 696 697 if ((curfragnum+1) == pattrib->nr_frags) { /* 4 the last fragment */ 698 length = pattrib->last_txcmdsz-pattrib->hdrlen-pattrib->iv_len-pattrib->icv_len; 699 RT_TRACE(_module_rtl871x_security_c_, _drv_info_, ("pattrib->iv_len =%x, pattrib->icv_len =%x\n", pattrib->iv_len, pattrib->icv_len)); 700 *((__le32 *)crc) = getcrc32(payload, length);/* modified by Amy*/ 701 702 arcfour_init(&mycontext, rc4key, 16); 703 arcfour_encrypt(&mycontext, payload, payload, length); 704 arcfour_encrypt(&mycontext, payload+length, crc, 4); 705 706 } else { 707 length = pxmitpriv->frag_len-pattrib->hdrlen-pattrib->iv_len-pattrib->icv_len; 708 *((__le32 *)crc) = getcrc32(payload, length);/* modified by Amy*/ 709 arcfour_init(&mycontext, rc4key, 16); 710 arcfour_encrypt(&mycontext, payload, payload, length); 711 arcfour_encrypt(&mycontext, payload+length, crc, 4); 712 713 pframe += pxmitpriv->frag_len; 714 pframe = (u8 *)round_up((SIZE_PTR)(pframe), 4); 715 } 716 } 717 718 TKIP_SW_ENC_CNT_INC(psecuritypriv, pattrib->ra); 719 } 720 } 721 return res; 722 } 723 724 725 /* The hlen isn't include the IV */ 726 u32 rtw_tkip_decrypt(struct adapter *padapter, u8 *precvframe) 727 { /* exclude ICV */ 728 u16 pnl; 729 u32 pnh; 730 u8 rc4key[16]; 731 u8 ttkey[16]; 732 u8 crc[4]; 733 struct arc4context mycontext; 734 sint length; 735 736 u8 *pframe, *payload, *iv, *prwskey; 737 union pn48 dot11txpn; 738 struct sta_info *stainfo; 739 struct rx_pkt_attrib *prxattrib = &((union recv_frame *)precvframe)->u.hdr.attrib; 740 struct security_priv *psecuritypriv = &padapter->securitypriv; 741 u32 res = _SUCCESS; 742 743 pframe = (unsigned char *)((union recv_frame *)precvframe)->u.hdr.rx_data; 744 745 /* 4 start to decrypt recvframe */ 746 if (prxattrib->encrypt == _TKIP_) { 747 stainfo = rtw_get_stainfo(&padapter->stapriv, &prxattrib->ta[0]); 748 if (stainfo) { 749 if (IS_MCAST(prxattrib->ra)) { 750 static unsigned long start; 751 static u32 no_gkey_bc_cnt; 752 static u32 no_gkey_mc_cnt; 753 754 if (!psecuritypriv->binstallGrpkey) { 755 res = _FAIL; 756 757 if (start == 0) 758 start = jiffies; 759 760 if (is_broadcast_mac_addr(prxattrib->ra)) 761 no_gkey_bc_cnt++; 762 else 763 no_gkey_mc_cnt++; 764 765 if (jiffies_to_msecs(jiffies - start) > 1000) { 766 if (no_gkey_bc_cnt || no_gkey_mc_cnt) { 767 DBG_871X_LEVEL(_drv_always_, FUNC_ADPT_FMT" no_gkey_bc_cnt:%u, no_gkey_mc_cnt:%u\n", 768 FUNC_ADPT_ARG(padapter), no_gkey_bc_cnt, no_gkey_mc_cnt); 769 } 770 start = jiffies; 771 no_gkey_bc_cnt = 0; 772 no_gkey_mc_cnt = 0; 773 } 774 goto exit; 775 } 776 777 if (no_gkey_bc_cnt || no_gkey_mc_cnt) { 778 DBG_871X_LEVEL(_drv_always_, FUNC_ADPT_FMT" gkey installed. no_gkey_bc_cnt:%u, no_gkey_mc_cnt:%u\n", 779 FUNC_ADPT_ARG(padapter), no_gkey_bc_cnt, no_gkey_mc_cnt); 780 } 781 start = 0; 782 no_gkey_bc_cnt = 0; 783 no_gkey_mc_cnt = 0; 784 785 prwskey = psecuritypriv->dot118021XGrpKey[prxattrib->key_index].skey; 786 } else { 787 prwskey = &stainfo->dot118021x_UncstKey.skey[0]; 788 } 789 790 iv = pframe+prxattrib->hdrlen; 791 payload = pframe+prxattrib->iv_len+prxattrib->hdrlen; 792 length = ((union recv_frame *)precvframe)->u.hdr.len-prxattrib->hdrlen-prxattrib->iv_len; 793 794 GET_TKIP_PN(iv, dot11txpn); 795 796 pnl = (u16)(dot11txpn.val); 797 pnh = (u32)(dot11txpn.val>>16); 798 799 phase1((u16 *)&ttkey[0], prwskey, &prxattrib->ta[0], pnh); 800 phase2(&rc4key[0], prwskey, (unsigned short *)&ttkey[0], pnl); 801 802 /* 4 decrypt payload include icv */ 803 804 arcfour_init(&mycontext, rc4key, 16); 805 arcfour_encrypt(&mycontext, payload, payload, length); 806 807 *((u32 *)crc) = le32_to_cpu(getcrc32(payload, length-4)); 808 809 if (crc[3] != payload[length-1] || crc[2] != payload[length-2] || crc[1] != payload[length-3] || crc[0] != payload[length-4]) { 810 RT_TRACE(_module_rtl871x_security_c_, 811 _drv_err_, 812 ("rtw_wep_decrypt:icv error crc[3](%x)!=payload[length-1](%x) || crc[2](%x)!=payload[length-2](%x) || crc[1](%x)!=payload[length-3](%x) || crc[0](%x)!=payload[length-4](%x)\n", 813 crc[3], payload[length - 1], 814 crc[2], payload[length - 2], 815 crc[1], payload[length - 3], 816 crc[0], payload[length - 4])); 817 res = _FAIL; 818 } 819 820 TKIP_SW_DEC_CNT_INC(psecuritypriv, prxattrib->ra); 821 } else { 822 RT_TRACE(_module_rtl871x_security_c_, _drv_err_, ("%s: stainfo == NULL!!!\n", __func__)); 823 res = _FAIL; 824 } 825 } 826 exit: 827 return res; 828 } 829 830 831 /* 3 =====AES related ===== */ 832 833 834 835 #define MAX_MSG_SIZE 2048 836 /*****************************/ 837 /******** SBOX Table *********/ 838 /*****************************/ 839 840 static const u8 sbox_table[256] = { 841 0x63, 0x7c, 0x77, 0x7b, 0xf2, 0x6b, 0x6f, 0xc5, 842 0x30, 0x01, 0x67, 0x2b, 0xfe, 0xd7, 0xab, 0x76, 843 0xca, 0x82, 0xc9, 0x7d, 0xfa, 0x59, 0x47, 0xf0, 844 0xad, 0xd4, 0xa2, 0xaf, 0x9c, 0xa4, 0x72, 0xc0, 845 0xb7, 0xfd, 0x93, 0x26, 0x36, 0x3f, 0xf7, 0xcc, 846 0x34, 0xa5, 0xe5, 0xf1, 0x71, 0xd8, 0x31, 0x15, 847 0x04, 0xc7, 0x23, 0xc3, 0x18, 0x96, 0x05, 0x9a, 848 0x07, 0x12, 0x80, 0xe2, 0xeb, 0x27, 0xb2, 0x75, 849 0x09, 0x83, 0x2c, 0x1a, 0x1b, 0x6e, 0x5a, 0xa0, 850 0x52, 0x3b, 0xd6, 0xb3, 0x29, 0xe3, 0x2f, 0x84, 851 0x53, 0xd1, 0x00, 0xed, 0x20, 0xfc, 0xb1, 0x5b, 852 0x6a, 0xcb, 0xbe, 0x39, 0x4a, 0x4c, 0x58, 0xcf, 853 0xd0, 0xef, 0xaa, 0xfb, 0x43, 0x4d, 0x33, 0x85, 854 0x45, 0xf9, 0x02, 0x7f, 0x50, 0x3c, 0x9f, 0xa8, 855 0x51, 0xa3, 0x40, 0x8f, 0x92, 0x9d, 0x38, 0xf5, 856 0xbc, 0xb6, 0xda, 0x21, 0x10, 0xff, 0xf3, 0xd2, 857 0xcd, 0x0c, 0x13, 0xec, 0x5f, 0x97, 0x44, 0x17, 858 0xc4, 0xa7, 0x7e, 0x3d, 0x64, 0x5d, 0x19, 0x73, 859 0x60, 0x81, 0x4f, 0xdc, 0x22, 0x2a, 0x90, 0x88, 860 0x46, 0xee, 0xb8, 0x14, 0xde, 0x5e, 0x0b, 0xdb, 861 0xe0, 0x32, 0x3a, 0x0a, 0x49, 0x06, 0x24, 0x5c, 862 0xc2, 0xd3, 0xac, 0x62, 0x91, 0x95, 0xe4, 0x79, 863 0xe7, 0xc8, 0x37, 0x6d, 0x8d, 0xd5, 0x4e, 0xa9, 864 0x6c, 0x56, 0xf4, 0xea, 0x65, 0x7a, 0xae, 0x08, 865 0xba, 0x78, 0x25, 0x2e, 0x1c, 0xa6, 0xb4, 0xc6, 866 0xe8, 0xdd, 0x74, 0x1f, 0x4b, 0xbd, 0x8b, 0x8a, 867 0x70, 0x3e, 0xb5, 0x66, 0x48, 0x03, 0xf6, 0x0e, 868 0x61, 0x35, 0x57, 0xb9, 0x86, 0xc1, 0x1d, 0x9e, 869 0xe1, 0xf8, 0x98, 0x11, 0x69, 0xd9, 0x8e, 0x94, 870 0x9b, 0x1e, 0x87, 0xe9, 0xce, 0x55, 0x28, 0xdf, 871 0x8c, 0xa1, 0x89, 0x0d, 0xbf, 0xe6, 0x42, 0x68, 872 0x41, 0x99, 0x2d, 0x0f, 0xb0, 0x54, 0xbb, 0x16 873 }; 874 875 /*****************************/ 876 /**** Function Prototypes ****/ 877 /*****************************/ 878 879 static void bitwise_xor(u8 *ina, u8 *inb, u8 *out); 880 static void construct_mic_iv(u8 *mic_header1, 881 sint qc_exists, 882 sint a4_exists, 883 u8 *mpdu, 884 uint payload_length, 885 u8 *pn_vector, 886 uint frtype); /* add for CONFIG_IEEE80211W, none 11w also can use */ 887 static void construct_mic_header1(u8 *mic_header1, 888 sint header_length, 889 u8 *mpdu, 890 uint frtype); /* for CONFIG_IEEE80211W, none 11w also can use */ 891 static void construct_mic_header2(u8 *mic_header2, 892 u8 *mpdu, 893 sint a4_exists, 894 sint qc_exists); 895 static void construct_ctr_preload(u8 *ctr_preload, 896 sint a4_exists, 897 sint qc_exists, 898 u8 *mpdu, 899 u8 *pn_vector, 900 sint c, 901 uint frtype); /* for CONFIG_IEEE80211W, none 11w also can use */ 902 static void xor_128(u8 *a, u8 *b, u8 *out); 903 static void xor_32(u8 *a, u8 *b, u8 *out); 904 static u8 sbox(u8 a); 905 static void next_key(u8 *key, sint round); 906 static void byte_sub(u8 *in, u8 *out); 907 static void shift_row(u8 *in, u8 *out); 908 static void mix_column(u8 *in, u8 *out); 909 static void aes128k128d(u8 *key, u8 *data, u8 *ciphertext); 910 911 912 /****************************************/ 913 /* aes128k128d() */ 914 /* Performs a 128 bit AES encrypt with */ 915 /* 128 bit data. */ 916 /****************************************/ 917 static void xor_128(u8 *a, u8 *b, u8 *out) 918 { 919 sint i; 920 921 for (i = 0; i < 16; i++) { 922 out[i] = a[i] ^ b[i]; 923 } 924 } 925 926 927 static void xor_32(u8 *a, u8 *b, u8 *out) 928 { 929 sint i; 930 931 for (i = 0; i < 4; i++) { 932 out[i] = a[i] ^ b[i]; 933 } 934 } 935 936 937 static u8 sbox(u8 a) 938 { 939 return sbox_table[(sint)a]; 940 } 941 942 943 static void next_key(u8 *key, sint round) 944 { 945 u8 rcon; 946 u8 sbox_key[4]; 947 static const u8 rcon_table[12] = { 948 0x01, 0x02, 0x04, 0x08, 949 0x10, 0x20, 0x40, 0x80, 950 0x1b, 0x36, 0x36, 0x36 951 }; 952 sbox_key[0] = sbox(key[13]); 953 sbox_key[1] = sbox(key[14]); 954 sbox_key[2] = sbox(key[15]); 955 sbox_key[3] = sbox(key[12]); 956 957 rcon = rcon_table[round]; 958 959 xor_32(&key[0], sbox_key, &key[0]); 960 key[0] = key[0] ^ rcon; 961 962 xor_32(&key[4], &key[0], &key[4]); 963 xor_32(&key[8], &key[4], &key[8]); 964 xor_32(&key[12], &key[8], &key[12]); 965 } 966 967 968 static void byte_sub(u8 *in, u8 *out) 969 { 970 sint i; 971 972 for (i = 0; i < 16; i++) { 973 out[i] = sbox(in[i]); 974 } 975 } 976 977 978 static void shift_row(u8 *in, u8 *out) 979 { 980 out[0] = in[0]; 981 out[1] = in[5]; 982 out[2] = in[10]; 983 out[3] = in[15]; 984 out[4] = in[4]; 985 out[5] = in[9]; 986 out[6] = in[14]; 987 out[7] = in[3]; 988 out[8] = in[8]; 989 out[9] = in[13]; 990 out[10] = in[2]; 991 out[11] = in[7]; 992 out[12] = in[12]; 993 out[13] = in[1]; 994 out[14] = in[6]; 995 out[15] = in[11]; 996 } 997 998 static void mix_column(u8 *in, u8 *out) 999 { 1000 sint i; 1001 u8 add1b[4]; 1002 u8 add1bf7[4]; 1003 u8 rotl[4]; 1004 u8 swap_halfs[4]; 1005 u8 andf7[4]; 1006 u8 rotr[4]; 1007 u8 temp[4]; 1008 u8 tempb[4]; 1009 1010 for (i = 0; i < 4; i++) { 1011 if ((in[i] & 0x80) == 0x80) 1012 add1b[i] = 0x1b; 1013 else 1014 add1b[i] = 0x00; 1015 } 1016 1017 swap_halfs[0] = in[2]; /* Swap halfs */ 1018 swap_halfs[1] = in[3]; 1019 swap_halfs[2] = in[0]; 1020 swap_halfs[3] = in[1]; 1021 1022 rotl[0] = in[3]; /* Rotate left 8 bits */ 1023 rotl[1] = in[0]; 1024 rotl[2] = in[1]; 1025 rotl[3] = in[2]; 1026 1027 andf7[0] = in[0] & 0x7f; 1028 andf7[1] = in[1] & 0x7f; 1029 andf7[2] = in[2] & 0x7f; 1030 andf7[3] = in[3] & 0x7f; 1031 1032 for (i = 3; i > 0; i--) { /* logical shift left 1 bit */ 1033 andf7[i] = andf7[i] << 1; 1034 if ((andf7[i-1] & 0x80) == 0x80) 1035 andf7[i] = (andf7[i] | 0x01); 1036 } 1037 andf7[0] = andf7[0] << 1; 1038 andf7[0] = andf7[0] & 0xfe; 1039 1040 xor_32(add1b, andf7, add1bf7); 1041 1042 xor_32(in, add1bf7, rotr); 1043 1044 temp[0] = rotr[0]; /* Rotate right 8 bits */ 1045 rotr[0] = rotr[1]; 1046 rotr[1] = rotr[2]; 1047 rotr[2] = rotr[3]; 1048 rotr[3] = temp[0]; 1049 1050 xor_32(add1bf7, rotr, temp); 1051 xor_32(swap_halfs, rotl, tempb); 1052 xor_32(temp, tempb, out); 1053 } 1054 1055 static void aes128k128d(u8 *key, u8 *data, u8 *ciphertext) 1056 { 1057 sint round; 1058 sint i; 1059 u8 intermediatea[16]; 1060 u8 intermediateb[16]; 1061 u8 round_key[16]; 1062 1063 for (i = 0; i < 16; i++) 1064 round_key[i] = key[i]; 1065 1066 for (round = 0; round < 11; round++) { 1067 if (round == 0) { 1068 xor_128(round_key, data, ciphertext); 1069 next_key(round_key, round); 1070 } else if (round == 10) { 1071 byte_sub(ciphertext, intermediatea); 1072 shift_row(intermediatea, intermediateb); 1073 xor_128(intermediateb, round_key, ciphertext); 1074 } else { /* 1 - 9 */ 1075 byte_sub(ciphertext, intermediatea); 1076 shift_row(intermediatea, intermediateb); 1077 mix_column(&intermediateb[0], &intermediatea[0]); 1078 mix_column(&intermediateb[4], &intermediatea[4]); 1079 mix_column(&intermediateb[8], &intermediatea[8]); 1080 mix_column(&intermediateb[12], &intermediatea[12]); 1081 xor_128(intermediatea, round_key, ciphertext); 1082 next_key(round_key, round); 1083 } 1084 } 1085 } 1086 1087 /************************************************/ 1088 /* construct_mic_iv() */ 1089 /* Builds the MIC IV from header fields and PN */ 1090 /* Baron think the function is construct CCM */ 1091 /* nonce */ 1092 /************************************************/ 1093 static void construct_mic_iv(u8 *mic_iv, 1094 sint qc_exists, 1095 sint a4_exists, 1096 u8 *mpdu, 1097 uint payload_length, 1098 u8 *pn_vector, 1099 uint frtype) /* add for CONFIG_IEEE80211W, none 11w also can use */ 1100 { 1101 sint i; 1102 1103 mic_iv[0] = 0x59; 1104 1105 if (qc_exists && a4_exists) 1106 mic_iv[1] = mpdu[30] & 0x0f; /* QoS_TC */ 1107 1108 if (qc_exists && !a4_exists) 1109 mic_iv[1] = mpdu[24] & 0x0f; /* mute bits 7-4 */ 1110 1111 if (!qc_exists) 1112 mic_iv[1] = 0x00; 1113 1114 /* 802.11w management frame should set management bit(4) */ 1115 if (frtype == WIFI_MGT_TYPE) 1116 mic_iv[1] |= BIT(4); 1117 1118 for (i = 2; i < 8; i++) 1119 mic_iv[i] = mpdu[i + 8]; /* mic_iv[2:7] = A2[0:5] = mpdu[10:15] */ 1120 #ifdef CONSISTENT_PN_ORDER 1121 for (i = 8; i < 14; i++) 1122 mic_iv[i] = pn_vector[i - 8]; /* mic_iv[8:13] = PN[0:5] */ 1123 #else 1124 for (i = 8; i < 14; i++) 1125 mic_iv[i] = pn_vector[13 - i]; /* mic_iv[8:13] = PN[5:0] */ 1126 #endif 1127 mic_iv[14] = (unsigned char) (payload_length / 256); 1128 mic_iv[15] = (unsigned char) (payload_length % 256); 1129 } 1130 1131 /************************************************/ 1132 /* construct_mic_header1() */ 1133 /* Builds the first MIC header block from */ 1134 /* header fields. */ 1135 /* Build AAD SC, A1, A2 */ 1136 /************************************************/ 1137 static void construct_mic_header1(u8 *mic_header1, 1138 sint header_length, 1139 u8 *mpdu, 1140 uint frtype) /* for CONFIG_IEEE80211W, none 11w also can use */ 1141 { 1142 mic_header1[0] = (u8)((header_length - 2) / 256); 1143 mic_header1[1] = (u8)((header_length - 2) % 256); 1144 1145 /* 802.11w management frame don't AND subtype bits 4, 5, 6 of frame control field */ 1146 if (frtype == WIFI_MGT_TYPE) 1147 mic_header1[2] = mpdu[0]; 1148 else 1149 mic_header1[2] = mpdu[0] & 0xcf; /* Mute CF poll & CF ack bits */ 1150 1151 mic_header1[3] = mpdu[1] & 0xc7; /* Mute retry, more data and pwr mgt bits */ 1152 mic_header1[4] = mpdu[4]; /* A1 */ 1153 mic_header1[5] = mpdu[5]; 1154 mic_header1[6] = mpdu[6]; 1155 mic_header1[7] = mpdu[7]; 1156 mic_header1[8] = mpdu[8]; 1157 mic_header1[9] = mpdu[9]; 1158 mic_header1[10] = mpdu[10]; /* A2 */ 1159 mic_header1[11] = mpdu[11]; 1160 mic_header1[12] = mpdu[12]; 1161 mic_header1[13] = mpdu[13]; 1162 mic_header1[14] = mpdu[14]; 1163 mic_header1[15] = mpdu[15]; 1164 } 1165 1166 /************************************************/ 1167 /* construct_mic_header2() */ 1168 /* Builds the last MIC header block from */ 1169 /* header fields. */ 1170 /************************************************/ 1171 static void construct_mic_header2(u8 *mic_header2, 1172 u8 *mpdu, 1173 sint a4_exists, 1174 sint qc_exists) 1175 { 1176 sint i; 1177 1178 for (i = 0; i < 16; i++) 1179 mic_header2[i] = 0x00; 1180 1181 mic_header2[0] = mpdu[16]; /* A3 */ 1182 mic_header2[1] = mpdu[17]; 1183 mic_header2[2] = mpdu[18]; 1184 mic_header2[3] = mpdu[19]; 1185 mic_header2[4] = mpdu[20]; 1186 mic_header2[5] = mpdu[21]; 1187 1188 mic_header2[6] = 0x00; 1189 mic_header2[7] = 0x00; /* mpdu[23]; */ 1190 1191 if (!qc_exists && a4_exists) { 1192 for (i = 0; i < 6; i++) 1193 mic_header2[8+i] = mpdu[24+i]; /* A4 */ 1194 } 1195 1196 if (qc_exists && !a4_exists) { 1197 mic_header2[8] = mpdu[24] & 0x0f; /* mute bits 15 - 4 */ 1198 mic_header2[9] = mpdu[25] & 0x00; 1199 } 1200 1201 if (qc_exists && a4_exists) { 1202 for (i = 0; i < 6; i++) 1203 mic_header2[8+i] = mpdu[24+i]; /* A4 */ 1204 1205 mic_header2[14] = mpdu[30] & 0x0f; 1206 mic_header2[15] = mpdu[31] & 0x00; 1207 } 1208 } 1209 1210 /************************************************/ 1211 /* construct_mic_header2() */ 1212 /* Builds the last MIC header block from */ 1213 /* header fields. */ 1214 /* Baron think the function is construct CCM */ 1215 /* nonce */ 1216 /************************************************/ 1217 static void construct_ctr_preload(u8 *ctr_preload, 1218 sint a4_exists, 1219 sint qc_exists, 1220 u8 *mpdu, 1221 u8 *pn_vector, 1222 sint c, 1223 uint frtype) /* for CONFIG_IEEE80211W, none 11w also can use */ 1224 { 1225 sint i = 0; 1226 1227 for (i = 0; i < 16; i++) 1228 ctr_preload[i] = 0x00; 1229 i = 0; 1230 1231 ctr_preload[0] = 0x01; /* flag */ 1232 if (qc_exists && a4_exists) 1233 ctr_preload[1] = mpdu[30] & 0x0f; /* QoC_Control */ 1234 if (qc_exists && !a4_exists) 1235 ctr_preload[1] = mpdu[24] & 0x0f; 1236 1237 /* 802.11w management frame should set management bit(4) */ 1238 if (frtype == WIFI_MGT_TYPE) 1239 ctr_preload[1] |= BIT(4); 1240 1241 for (i = 2; i < 8; i++) 1242 ctr_preload[i] = mpdu[i + 8]; /* ctr_preload[2:7] = A2[0:5] = mpdu[10:15] */ 1243 #ifdef CONSISTENT_PN_ORDER 1244 for (i = 8; i < 14; i++) 1245 ctr_preload[i] = pn_vector[i - 8]; /* ctr_preload[8:13] = PN[0:5] */ 1246 #else 1247 for (i = 8; i < 14; i++) 1248 ctr_preload[i] = pn_vector[13 - i]; /* ctr_preload[8:13] = PN[5:0] */ 1249 #endif 1250 ctr_preload[14] = (unsigned char) (c / 256); /* Ctr */ 1251 ctr_preload[15] = (unsigned char) (c % 256); 1252 } 1253 1254 /************************************/ 1255 /* bitwise_xor() */ 1256 /* A 128 bit, bitwise exclusive or */ 1257 /************************************/ 1258 static void bitwise_xor(u8 *ina, u8 *inb, u8 *out) 1259 { 1260 sint i; 1261 1262 for (i = 0; i < 16; i++) { 1263 out[i] = ina[i] ^ inb[i]; 1264 } 1265 } 1266 1267 static sint aes_cipher(u8 *key, uint hdrlen, 1268 u8 *pframe, uint plen) 1269 { 1270 uint qc_exists, a4_exists, i, j, payload_remainder, 1271 num_blocks, payload_index; 1272 1273 u8 pn_vector[6]; 1274 u8 mic_iv[16]; 1275 u8 mic_header1[16]; 1276 u8 mic_header2[16]; 1277 u8 ctr_preload[16]; 1278 1279 /* Intermediate Buffers */ 1280 u8 chain_buffer[16]; 1281 u8 aes_out[16]; 1282 u8 padded_buffer[16]; 1283 u8 mic[8]; 1284 uint frtype = GetFrameType(pframe); 1285 uint frsubtype = GetFrameSubType(pframe); 1286 1287 frsubtype = frsubtype>>4; 1288 1289 memset((void *)mic_iv, 0, 16); 1290 memset((void *)mic_header1, 0, 16); 1291 memset((void *)mic_header2, 0, 16); 1292 memset((void *)ctr_preload, 0, 16); 1293 memset((void *)chain_buffer, 0, 16); 1294 memset((void *)aes_out, 0, 16); 1295 memset((void *)padded_buffer, 0, 16); 1296 1297 if ((hdrlen == WLAN_HDR_A3_LEN) || (hdrlen == WLAN_HDR_A3_QOS_LEN)) 1298 a4_exists = 0; 1299 else 1300 a4_exists = 1; 1301 1302 if (((frtype|frsubtype) == WIFI_DATA_CFACK) || 1303 ((frtype|frsubtype) == WIFI_DATA_CFPOLL) || 1304 ((frtype|frsubtype) == WIFI_DATA_CFACKPOLL)) { 1305 qc_exists = 1; 1306 if (hdrlen != WLAN_HDR_A3_QOS_LEN) 1307 hdrlen += 2; 1308 1309 } else if ((frtype == WIFI_DATA) && /* add for CONFIG_IEEE80211W, none 11w also can use */ 1310 ((frsubtype == 0x08) || 1311 (frsubtype == 0x09) || 1312 (frsubtype == 0x0a) || 1313 (frsubtype == 0x0b))) { 1314 if (hdrlen != WLAN_HDR_A3_QOS_LEN) 1315 hdrlen += 2; 1316 1317 qc_exists = 1; 1318 } else { 1319 qc_exists = 0; 1320 } 1321 1322 pn_vector[0] = pframe[hdrlen]; 1323 pn_vector[1] = pframe[hdrlen+1]; 1324 pn_vector[2] = pframe[hdrlen+4]; 1325 pn_vector[3] = pframe[hdrlen+5]; 1326 pn_vector[4] = pframe[hdrlen+6]; 1327 pn_vector[5] = pframe[hdrlen+7]; 1328 1329 construct_mic_iv(mic_iv, 1330 qc_exists, 1331 a4_exists, 1332 pframe, /* message, */ 1333 plen, 1334 pn_vector, 1335 frtype); /* add for CONFIG_IEEE80211W, none 11w also can use */ 1336 1337 construct_mic_header1(mic_header1, 1338 hdrlen, 1339 pframe, /* message */ 1340 frtype); /* add for CONFIG_IEEE80211W, none 11w also can use */ 1341 1342 construct_mic_header2(mic_header2, 1343 pframe, /* message, */ 1344 a4_exists, 1345 qc_exists); 1346 1347 payload_remainder = plen % 16; 1348 num_blocks = plen / 16; 1349 1350 /* Find start of payload */ 1351 payload_index = (hdrlen + 8); 1352 1353 /* Calculate MIC */ 1354 aes128k128d(key, mic_iv, aes_out); 1355 bitwise_xor(aes_out, mic_header1, chain_buffer); 1356 aes128k128d(key, chain_buffer, aes_out); 1357 bitwise_xor(aes_out, mic_header2, chain_buffer); 1358 aes128k128d(key, chain_buffer, aes_out); 1359 1360 for (i = 0; i < num_blocks; i++) { 1361 bitwise_xor(aes_out, &pframe[payload_index], chain_buffer); 1362 1363 payload_index += 16; 1364 aes128k128d(key, chain_buffer, aes_out); 1365 } 1366 1367 /* Add on the final payload block if it needs padding */ 1368 if (payload_remainder > 0) { 1369 for (j = 0; j < 16; j++) 1370 padded_buffer[j] = 0x00; 1371 for (j = 0; j < payload_remainder; j++) 1372 padded_buffer[j] = pframe[payload_index++]; 1373 1374 bitwise_xor(aes_out, padded_buffer, chain_buffer); 1375 aes128k128d(key, chain_buffer, aes_out); 1376 } 1377 1378 for (j = 0 ; j < 8; j++) 1379 mic[j] = aes_out[j]; 1380 1381 /* Insert MIC into payload */ 1382 for (j = 0; j < 8; j++) 1383 pframe[payload_index+j] = mic[j]; 1384 1385 payload_index = hdrlen + 8; 1386 for (i = 0; i < num_blocks; i++) { 1387 construct_ctr_preload(ctr_preload, a4_exists, qc_exists, pframe, /* message, */ 1388 pn_vector, i+1, frtype); 1389 /* add for CONFIG_IEEE80211W, none 11w also can use */ 1390 aes128k128d(key, ctr_preload, aes_out); 1391 bitwise_xor(aes_out, &pframe[payload_index], chain_buffer); 1392 for (j = 0; j < 16; j++) 1393 pframe[payload_index++] = chain_buffer[j]; 1394 } 1395 1396 if (payload_remainder > 0) { 1397 /* If there is a short final block, then pad it,*/ 1398 /* encrypt it and copy the unpadded part back */ 1399 construct_ctr_preload(ctr_preload, a4_exists, qc_exists, pframe, /* message, */ 1400 pn_vector, num_blocks+1, frtype); 1401 /* add for CONFIG_IEEE80211W, none 11w also can use */ 1402 1403 for (j = 0; j < 16; j++) 1404 padded_buffer[j] = 0x00; 1405 for (j = 0; j < payload_remainder; j++) 1406 padded_buffer[j] = pframe[payload_index+j]; 1407 1408 aes128k128d(key, ctr_preload, aes_out); 1409 bitwise_xor(aes_out, padded_buffer, chain_buffer); 1410 for (j = 0; j < payload_remainder; j++) 1411 pframe[payload_index++] = chain_buffer[j]; 1412 } 1413 1414 /* Encrypt the MIC */ 1415 construct_ctr_preload(ctr_preload, a4_exists, qc_exists, pframe, /* message, */ 1416 pn_vector, 0, frtype); 1417 /* add for CONFIG_IEEE80211W, none 11w also can use */ 1418 1419 for (j = 0; j < 16; j++) 1420 padded_buffer[j] = 0x00; 1421 for (j = 0; j < 8; j++) 1422 padded_buffer[j] = pframe[j+hdrlen+8+plen]; 1423 1424 aes128k128d(key, ctr_preload, aes_out); 1425 bitwise_xor(aes_out, padded_buffer, chain_buffer); 1426 for (j = 0; j < 8; j++) 1427 pframe[payload_index++] = chain_buffer[j]; 1428 1429 return _SUCCESS; 1430 } 1431 1432 u32 rtw_aes_encrypt(struct adapter *padapter, u8 *pxmitframe) 1433 { /* exclude ICV */ 1434 1435 /*static*/ 1436 /* unsigned char message[MAX_MSG_SIZE]; */ 1437 1438 /* Intermediate Buffers */ 1439 sint curfragnum, length; 1440 u8 *pframe, *prwskey; /* *payload,*iv */ 1441 u8 hw_hdr_offset = 0; 1442 struct pkt_attrib *pattrib = &((struct xmit_frame *)pxmitframe)->attrib; 1443 struct security_priv *psecuritypriv = &padapter->securitypriv; 1444 struct xmit_priv *pxmitpriv = &padapter->xmitpriv; 1445 1446 u32 res = _SUCCESS; 1447 1448 if (((struct xmit_frame *)pxmitframe)->buf_addr == NULL) 1449 return _FAIL; 1450 1451 hw_hdr_offset = TXDESC_OFFSET; 1452 pframe = ((struct xmit_frame *)pxmitframe)->buf_addr + hw_hdr_offset; 1453 1454 /* 4 start to encrypt each fragment */ 1455 if (pattrib->encrypt == _AES_) { 1456 RT_TRACE(_module_rtl871x_security_c_, _drv_err_, ("%s: stainfo!= NULL!!!\n", __func__)); 1457 1458 if (IS_MCAST(pattrib->ra)) 1459 prwskey = psecuritypriv->dot118021XGrpKey[psecuritypriv->dot118021XGrpKeyid].skey; 1460 else 1461 prwskey = pattrib->dot118021x_UncstKey.skey; 1462 1463 for (curfragnum = 0; curfragnum < pattrib->nr_frags; curfragnum++) { 1464 if ((curfragnum+1) == pattrib->nr_frags) { /* 4 the last fragment */ 1465 length = pattrib->last_txcmdsz-pattrib->hdrlen-pattrib->iv_len-pattrib->icv_len; 1466 1467 aes_cipher(prwskey, pattrib->hdrlen, pframe, length); 1468 } else { 1469 length = pxmitpriv->frag_len-pattrib->hdrlen-pattrib->iv_len-pattrib->icv_len; 1470 1471 aes_cipher(prwskey, pattrib->hdrlen, pframe, length); 1472 pframe += pxmitpriv->frag_len; 1473 pframe = (u8 *)round_up((SIZE_PTR)(pframe), 4); 1474 } 1475 } 1476 1477 AES_SW_ENC_CNT_INC(psecuritypriv, pattrib->ra); 1478 } 1479 return res; 1480 } 1481 1482 static sint aes_decipher(u8 *key, uint hdrlen, 1483 u8 *pframe, uint plen) 1484 { 1485 static u8 message[MAX_MSG_SIZE]; 1486 uint qc_exists, a4_exists, i, j, payload_remainder, 1487 num_blocks, payload_index; 1488 sint res = _SUCCESS; 1489 u8 pn_vector[6]; 1490 u8 mic_iv[16]; 1491 u8 mic_header1[16]; 1492 u8 mic_header2[16]; 1493 u8 ctr_preload[16]; 1494 1495 /* Intermediate Buffers */ 1496 u8 chain_buffer[16]; 1497 u8 aes_out[16]; 1498 u8 padded_buffer[16]; 1499 u8 mic[8]; 1500 1501 uint frtype = GetFrameType(pframe); 1502 uint frsubtype = GetFrameSubType(pframe); 1503 1504 frsubtype = frsubtype>>4; 1505 1506 memset((void *)mic_iv, 0, 16); 1507 memset((void *)mic_header1, 0, 16); 1508 memset((void *)mic_header2, 0, 16); 1509 memset((void *)ctr_preload, 0, 16); 1510 memset((void *)chain_buffer, 0, 16); 1511 memset((void *)aes_out, 0, 16); 1512 memset((void *)padded_buffer, 0, 16); 1513 1514 /* start to decrypt the payload */ 1515 1516 num_blocks = (plen-8) / 16; /* plen including LLC, payload_length and mic) */ 1517 1518 payload_remainder = (plen-8) % 16; 1519 1520 pn_vector[0] = pframe[hdrlen]; 1521 pn_vector[1] = pframe[hdrlen + 1]; 1522 pn_vector[2] = pframe[hdrlen + 4]; 1523 pn_vector[3] = pframe[hdrlen + 5]; 1524 pn_vector[4] = pframe[hdrlen + 6]; 1525 pn_vector[5] = pframe[hdrlen + 7]; 1526 1527 if ((hdrlen == WLAN_HDR_A3_LEN) || (hdrlen == WLAN_HDR_A3_QOS_LEN)) 1528 a4_exists = 0; 1529 else 1530 a4_exists = 1; 1531 1532 if (((frtype|frsubtype) == WIFI_DATA_CFACK) || 1533 ((frtype|frsubtype) == WIFI_DATA_CFPOLL) || 1534 ((frtype|frsubtype) == WIFI_DATA_CFACKPOLL)) { 1535 qc_exists = 1; 1536 if (hdrlen != WLAN_HDR_A3_QOS_LEN) 1537 hdrlen += 2; 1538 1539 } else if ((frtype == WIFI_DATA) && /* only for data packet . add for CONFIG_IEEE80211W, none 11w also can use */ 1540 ((frsubtype == 0x08) || 1541 (frsubtype == 0x09) || 1542 (frsubtype == 0x0a) || 1543 (frsubtype == 0x0b))) { 1544 if (hdrlen != WLAN_HDR_A3_QOS_LEN) 1545 hdrlen += 2; 1546 1547 qc_exists = 1; 1548 } else { 1549 qc_exists = 0; 1550 } 1551 1552 /* now, decrypt pframe with hdrlen offset and plen long */ 1553 1554 payload_index = hdrlen + 8; /* 8 is for extiv */ 1555 1556 for (i = 0; i < num_blocks; i++) { 1557 construct_ctr_preload(ctr_preload, a4_exists, 1558 qc_exists, pframe, 1559 pn_vector, i + 1, 1560 frtype); /* add for CONFIG_IEEE80211W, none 11w also can use */ 1561 1562 aes128k128d(key, ctr_preload, aes_out); 1563 bitwise_xor(aes_out, &pframe[payload_index], chain_buffer); 1564 1565 for (j = 0; j < 16; j++) 1566 pframe[payload_index++] = chain_buffer[j]; 1567 } 1568 1569 if (payload_remainder > 0) { 1570 /* If there is a short final block, then pad it,*/ 1571 /* encrypt it and copy the unpadded part back */ 1572 construct_ctr_preload(ctr_preload, a4_exists, qc_exists, pframe, pn_vector, 1573 num_blocks+1, frtype); 1574 /* add for CONFIG_IEEE80211W, none 11w also can use */ 1575 1576 for (j = 0; j < 16; j++) 1577 padded_buffer[j] = 0x00; 1578 for (j = 0; j < payload_remainder; j++) 1579 padded_buffer[j] = pframe[payload_index+j]; 1580 1581 aes128k128d(key, ctr_preload, aes_out); 1582 bitwise_xor(aes_out, padded_buffer, chain_buffer); 1583 for (j = 0; j < payload_remainder; j++) 1584 pframe[payload_index++] = chain_buffer[j]; 1585 } 1586 1587 /* start to calculate the mic */ 1588 if ((hdrlen + plen+8) <= MAX_MSG_SIZE) 1589 memcpy((void *)message, pframe, (hdrlen + plen+8)); /* 8 is for ext iv len */ 1590 1591 pn_vector[0] = pframe[hdrlen]; 1592 pn_vector[1] = pframe[hdrlen+1]; 1593 pn_vector[2] = pframe[hdrlen+4]; 1594 pn_vector[3] = pframe[hdrlen+5]; 1595 pn_vector[4] = pframe[hdrlen+6]; 1596 pn_vector[5] = pframe[hdrlen+7]; 1597 1598 construct_mic_iv(mic_iv, qc_exists, a4_exists, message, plen-8, pn_vector, frtype); 1599 /* add for CONFIG_IEEE80211W, none 11w also can use */ 1600 1601 construct_mic_header1(mic_header1, hdrlen, message, frtype); 1602 /* add for CONFIG_IEEE80211W, none 11w also can use */ 1603 construct_mic_header2(mic_header2, message, a4_exists, qc_exists); 1604 1605 payload_remainder = (plen-8) % 16; 1606 num_blocks = (plen-8) / 16; 1607 1608 /* Find start of payload */ 1609 payload_index = (hdrlen + 8); 1610 1611 /* Calculate MIC */ 1612 aes128k128d(key, mic_iv, aes_out); 1613 bitwise_xor(aes_out, mic_header1, chain_buffer); 1614 aes128k128d(key, chain_buffer, aes_out); 1615 bitwise_xor(aes_out, mic_header2, chain_buffer); 1616 aes128k128d(key, chain_buffer, aes_out); 1617 1618 for (i = 0; i < num_blocks; i++) { 1619 bitwise_xor(aes_out, &message[payload_index], chain_buffer); 1620 1621 payload_index += 16; 1622 aes128k128d(key, chain_buffer, aes_out); 1623 } 1624 1625 /* Add on the final payload block if it needs padding */ 1626 if (payload_remainder > 0) { 1627 for (j = 0; j < 16; j++) 1628 padded_buffer[j] = 0x00; 1629 for (j = 0; j < payload_remainder; j++) 1630 padded_buffer[j] = message[payload_index++]; 1631 1632 bitwise_xor(aes_out, padded_buffer, chain_buffer); 1633 aes128k128d(key, chain_buffer, aes_out); 1634 } 1635 1636 for (j = 0; j < 8; j++) 1637 mic[j] = aes_out[j]; 1638 1639 /* Insert MIC into payload */ 1640 for (j = 0; j < 8; j++) 1641 message[payload_index+j] = mic[j]; 1642 1643 payload_index = hdrlen + 8; 1644 for (i = 0; i < num_blocks; i++) { 1645 construct_ctr_preload(ctr_preload, a4_exists, qc_exists, message, pn_vector, i+1, 1646 frtype); 1647 /* add for CONFIG_IEEE80211W, none 11w also can use */ 1648 aes128k128d(key, ctr_preload, aes_out); 1649 bitwise_xor(aes_out, &message[payload_index], chain_buffer); 1650 for (j = 0; j < 16; j++) 1651 message[payload_index++] = chain_buffer[j]; 1652 } 1653 1654 if (payload_remainder > 0) { 1655 /* If there is a short final block, then pad it,*/ 1656 /* encrypt it and copy the unpadded part back */ 1657 construct_ctr_preload(ctr_preload, a4_exists, qc_exists, message, pn_vector, 1658 num_blocks+1, frtype); 1659 /* add for CONFIG_IEEE80211W, none 11w also can use */ 1660 1661 for (j = 0; j < 16; j++) 1662 padded_buffer[j] = 0x00; 1663 for (j = 0; j < payload_remainder; j++) 1664 padded_buffer[j] = message[payload_index+j]; 1665 1666 aes128k128d(key, ctr_preload, aes_out); 1667 bitwise_xor(aes_out, padded_buffer, chain_buffer); 1668 for (j = 0; j < payload_remainder; j++) 1669 message[payload_index++] = chain_buffer[j]; 1670 } 1671 1672 /* Encrypt the MIC */ 1673 construct_ctr_preload(ctr_preload, a4_exists, qc_exists, message, pn_vector, 0, frtype); 1674 /* add for CONFIG_IEEE80211W, none 11w also can use */ 1675 1676 for (j = 0; j < 16; j++) 1677 padded_buffer[j] = 0x00; 1678 for (j = 0; j < 8; j++) 1679 padded_buffer[j] = message[j+hdrlen+8+plen-8]; 1680 1681 aes128k128d(key, ctr_preload, aes_out); 1682 bitwise_xor(aes_out, padded_buffer, chain_buffer); 1683 for (j = 0; j < 8; j++) 1684 message[payload_index++] = chain_buffer[j]; 1685 1686 /* compare the mic */ 1687 for (i = 0; i < 8; i++) { 1688 if (pframe[hdrlen+8+plen-8+i] != message[hdrlen+8+plen-8+i]) { 1689 RT_TRACE(_module_rtl871x_security_c_, 1690 _drv_err_, 1691 ("%s:mic check error mic[%d]: pframe(%x) != message(%x)\n", 1692 __func__, 1693 i, 1694 pframe[hdrlen + 8 + plen - 8 + i], 1695 message[hdrlen + 8 + plen - 8 + i])); 1696 DBG_871X("%s:mic check error mic[%d]: pframe(%x) != message(%x)\n", 1697 __func__, 1698 i, 1699 pframe[hdrlen + 8 + plen - 8 + i], 1700 message[hdrlen + 8 + plen - 8 + i]); 1701 res = _FAIL; 1702 } 1703 } 1704 return res; 1705 } 1706 1707 u32 rtw_aes_decrypt(struct adapter *padapter, u8 *precvframe) 1708 { /* exclude ICV */ 1709 1710 /*static*/ 1711 /* unsigned char message[MAX_MSG_SIZE]; */ 1712 1713 /* Intermediate Buffers */ 1714 1715 sint length; 1716 u8 *pframe, *prwskey; /* *payload,*iv */ 1717 struct sta_info *stainfo; 1718 struct rx_pkt_attrib *prxattrib = &((union recv_frame *)precvframe)->u.hdr.attrib; 1719 struct security_priv *psecuritypriv = &padapter->securitypriv; 1720 u32 res = _SUCCESS; 1721 1722 pframe = (unsigned char *)((union recv_frame *)precvframe)->u.hdr.rx_data; 1723 /* 4 start to encrypt each fragment */ 1724 if (prxattrib->encrypt == _AES_) { 1725 stainfo = rtw_get_stainfo(&padapter->stapriv, &prxattrib->ta[0]); 1726 if (stainfo) { 1727 RT_TRACE(_module_rtl871x_security_c_, 1728 _drv_err_, 1729 ("%s: stainfo!= NULL!!!\n", __func__)); 1730 1731 if (IS_MCAST(prxattrib->ra)) { 1732 static unsigned long start; 1733 static u32 no_gkey_bc_cnt; 1734 static u32 no_gkey_mc_cnt; 1735 1736 if (!psecuritypriv->binstallGrpkey) { 1737 res = _FAIL; 1738 1739 if (start == 0) 1740 start = jiffies; 1741 1742 if (is_broadcast_mac_addr(prxattrib->ra)) 1743 no_gkey_bc_cnt++; 1744 else 1745 no_gkey_mc_cnt++; 1746 1747 if (jiffies_to_msecs(jiffies - start) > 1000) { 1748 if (no_gkey_bc_cnt || no_gkey_mc_cnt) { 1749 DBG_871X_LEVEL(_drv_always_, FUNC_ADPT_FMT" no_gkey_bc_cnt:%u, no_gkey_mc_cnt:%u\n", 1750 FUNC_ADPT_ARG(padapter), no_gkey_bc_cnt, no_gkey_mc_cnt); 1751 } 1752 start = jiffies; 1753 no_gkey_bc_cnt = 0; 1754 no_gkey_mc_cnt = 0; 1755 } 1756 1757 goto exit; 1758 } 1759 1760 if (no_gkey_bc_cnt || no_gkey_mc_cnt) { 1761 DBG_871X_LEVEL(_drv_always_, FUNC_ADPT_FMT" gkey installed. no_gkey_bc_cnt:%u, no_gkey_mc_cnt:%u\n", 1762 FUNC_ADPT_ARG(padapter), no_gkey_bc_cnt, no_gkey_mc_cnt); 1763 } 1764 start = 0; 1765 no_gkey_bc_cnt = 0; 1766 no_gkey_mc_cnt = 0; 1767 1768 prwskey = psecuritypriv->dot118021XGrpKey[prxattrib->key_index].skey; 1769 if (psecuritypriv->dot118021XGrpKeyid != prxattrib->key_index) { 1770 DBG_871X("not match packet_index =%d, install_index =%d\n" 1771 , prxattrib->key_index, psecuritypriv->dot118021XGrpKeyid); 1772 res = _FAIL; 1773 goto exit; 1774 } 1775 } else { 1776 prwskey = &stainfo->dot118021x_UncstKey.skey[0]; 1777 } 1778 1779 length = ((union recv_frame *)precvframe)->u.hdr.len-prxattrib->hdrlen-prxattrib->iv_len; 1780 1781 res = aes_decipher(prwskey, prxattrib->hdrlen, pframe, length); 1782 1783 AES_SW_DEC_CNT_INC(psecuritypriv, prxattrib->ra); 1784 } else { 1785 RT_TRACE(_module_rtl871x_security_c_, 1786 _drv_err_, 1787 ("%s: stainfo == NULL!!!\n", __func__)); 1788 res = _FAIL; 1789 } 1790 } 1791 exit: 1792 return res; 1793 } 1794 1795 u32 rtw_BIP_verify(struct adapter *padapter, u8 *precvframe) 1796 { 1797 struct rx_pkt_attrib *pattrib = &((union recv_frame *)precvframe)->u.hdr.attrib; 1798 u8 *pframe; 1799 u8 *BIP_AAD, *p; 1800 u32 res = _FAIL; 1801 uint len, ori_len; 1802 struct ieee80211_hdr *pwlanhdr; 1803 u8 mic[16]; 1804 struct mlme_ext_priv *pmlmeext = &padapter->mlmeextpriv; 1805 __le16 le_tmp; 1806 __le64 le_tmp64; 1807 1808 ori_len = pattrib->pkt_len-WLAN_HDR_A3_LEN+BIP_AAD_SIZE; 1809 BIP_AAD = rtw_zmalloc(ori_len); 1810 1811 if (BIP_AAD == NULL) { 1812 DBG_871X("BIP AAD allocate fail\n"); 1813 return _FAIL; 1814 } 1815 /* PKT start */ 1816 pframe = (unsigned char *)((union recv_frame *)precvframe)->u.hdr.rx_data; 1817 /* mapping to wlan header */ 1818 pwlanhdr = (struct ieee80211_hdr *)pframe; 1819 /* save the frame body + MME */ 1820 memcpy(BIP_AAD+BIP_AAD_SIZE, pframe+WLAN_HDR_A3_LEN, pattrib->pkt_len-WLAN_HDR_A3_LEN); 1821 /* find MME IE pointer */ 1822 p = rtw_get_ie(BIP_AAD+BIP_AAD_SIZE, WLAN_EID_MMIE, &len, pattrib->pkt_len-WLAN_HDR_A3_LEN); 1823 /* Baron */ 1824 if (p) { 1825 u16 keyid = 0; 1826 u64 temp_ipn = 0; 1827 /* save packet number */ 1828 memcpy(&le_tmp64, p+4, 6); 1829 temp_ipn = le64_to_cpu(le_tmp64); 1830 /* BIP packet number should bigger than previous BIP packet */ 1831 if (temp_ipn <= pmlmeext->mgnt_80211w_IPN_rx) { 1832 DBG_871X("replay BIP packet\n"); 1833 goto BIP_exit; 1834 } 1835 /* copy key index */ 1836 memcpy(&le_tmp, p+2, 2); 1837 keyid = le16_to_cpu(le_tmp); 1838 if (keyid != padapter->securitypriv.dot11wBIPKeyid) { 1839 DBG_871X("BIP key index error!\n"); 1840 goto BIP_exit; 1841 } 1842 /* clear the MIC field of MME to zero */ 1843 memset(p+2+len-8, 0, 8); 1844 1845 /* conscruct AAD, copy frame control field */ 1846 memcpy(BIP_AAD, &pwlanhdr->frame_control, 2); 1847 ClearRetry(BIP_AAD); 1848 ClearPwrMgt(BIP_AAD); 1849 ClearMData(BIP_AAD); 1850 /* conscruct AAD, copy address 1 to address 3 */ 1851 memcpy(BIP_AAD+2, pwlanhdr->addr1, 18); 1852 1853 if (omac1_aes_128(padapter->securitypriv.dot11wBIPKey[padapter->securitypriv.dot11wBIPKeyid].skey 1854 , BIP_AAD, ori_len, mic)) 1855 goto BIP_exit; 1856 1857 /* MIC field should be last 8 bytes of packet (packet without FCS) */ 1858 if (!memcmp(mic, pframe+pattrib->pkt_len-8, 8)) { 1859 pmlmeext->mgnt_80211w_IPN_rx = temp_ipn; 1860 res = _SUCCESS; 1861 } else { 1862 DBG_871X("BIP MIC error!\n"); 1863 } 1864 1865 } else { 1866 res = RTW_RX_HANDLED; 1867 } 1868 BIP_exit: 1869 1870 kfree(BIP_AAD); 1871 return res; 1872 } 1873 1874 /* AES tables*/ 1875 const u32 Te0[256] = { 1876 0xc66363a5U, 0xf87c7c84U, 0xee777799U, 0xf67b7b8dU, 1877 0xfff2f20dU, 0xd66b6bbdU, 0xde6f6fb1U, 0x91c5c554U, 1878 0x60303050U, 0x02010103U, 0xce6767a9U, 0x562b2b7dU, 1879 0xe7fefe19U, 0xb5d7d762U, 0x4dababe6U, 0xec76769aU, 1880 0x8fcaca45U, 0x1f82829dU, 0x89c9c940U, 0xfa7d7d87U, 1881 0xeffafa15U, 0xb25959ebU, 0x8e4747c9U, 0xfbf0f00bU, 1882 0x41adadecU, 0xb3d4d467U, 0x5fa2a2fdU, 0x45afafeaU, 1883 0x239c9cbfU, 0x53a4a4f7U, 0xe4727296U, 0x9bc0c05bU, 1884 0x75b7b7c2U, 0xe1fdfd1cU, 0x3d9393aeU, 0x4c26266aU, 1885 0x6c36365aU, 0x7e3f3f41U, 0xf5f7f702U, 0x83cccc4fU, 1886 0x6834345cU, 0x51a5a5f4U, 0xd1e5e534U, 0xf9f1f108U, 1887 0xe2717193U, 0xabd8d873U, 0x62313153U, 0x2a15153fU, 1888 0x0804040cU, 0x95c7c752U, 0x46232365U, 0x9dc3c35eU, 1889 0x30181828U, 0x379696a1U, 0x0a05050fU, 0x2f9a9ab5U, 1890 0x0e070709U, 0x24121236U, 0x1b80809bU, 0xdfe2e23dU, 1891 0xcdebeb26U, 0x4e272769U, 0x7fb2b2cdU, 0xea75759fU, 1892 0x1209091bU, 0x1d83839eU, 0x582c2c74U, 0x341a1a2eU, 1893 0x361b1b2dU, 0xdc6e6eb2U, 0xb45a5aeeU, 0x5ba0a0fbU, 1894 0xa45252f6U, 0x763b3b4dU, 0xb7d6d661U, 0x7db3b3ceU, 1895 0x5229297bU, 0xdde3e33eU, 0x5e2f2f71U, 0x13848497U, 1896 0xa65353f5U, 0xb9d1d168U, 0x00000000U, 0xc1eded2cU, 1897 0x40202060U, 0xe3fcfc1fU, 0x79b1b1c8U, 0xb65b5bedU, 1898 0xd46a6abeU, 0x8dcbcb46U, 0x67bebed9U, 0x7239394bU, 1899 0x944a4adeU, 0x984c4cd4U, 0xb05858e8U, 0x85cfcf4aU, 1900 0xbbd0d06bU, 0xc5efef2aU, 0x4faaaae5U, 0xedfbfb16U, 1901 0x864343c5U, 0x9a4d4dd7U, 0x66333355U, 0x11858594U, 1902 0x8a4545cfU, 0xe9f9f910U, 0x04020206U, 0xfe7f7f81U, 1903 0xa05050f0U, 0x783c3c44U, 0x259f9fbaU, 0x4ba8a8e3U, 1904 0xa25151f3U, 0x5da3a3feU, 0x804040c0U, 0x058f8f8aU, 1905 0x3f9292adU, 0x219d9dbcU, 0x70383848U, 0xf1f5f504U, 1906 0x63bcbcdfU, 0x77b6b6c1U, 0xafdada75U, 0x42212163U, 1907 0x20101030U, 0xe5ffff1aU, 0xfdf3f30eU, 0xbfd2d26dU, 1908 0x81cdcd4cU, 0x180c0c14U, 0x26131335U, 0xc3ecec2fU, 1909 0xbe5f5fe1U, 0x359797a2U, 0x884444ccU, 0x2e171739U, 1910 0x93c4c457U, 0x55a7a7f2U, 0xfc7e7e82U, 0x7a3d3d47U, 1911 0xc86464acU, 0xba5d5de7U, 0x3219192bU, 0xe6737395U, 1912 0xc06060a0U, 0x19818198U, 0x9e4f4fd1U, 0xa3dcdc7fU, 1913 0x44222266U, 0x542a2a7eU, 0x3b9090abU, 0x0b888883U, 1914 0x8c4646caU, 0xc7eeee29U, 0x6bb8b8d3U, 0x2814143cU, 1915 0xa7dede79U, 0xbc5e5ee2U, 0x160b0b1dU, 0xaddbdb76U, 1916 0xdbe0e03bU, 0x64323256U, 0x743a3a4eU, 0x140a0a1eU, 1917 0x924949dbU, 0x0c06060aU, 0x4824246cU, 0xb85c5ce4U, 1918 0x9fc2c25dU, 0xbdd3d36eU, 0x43acacefU, 0xc46262a6U, 1919 0x399191a8U, 0x319595a4U, 0xd3e4e437U, 0xf279798bU, 1920 0xd5e7e732U, 0x8bc8c843U, 0x6e373759U, 0xda6d6db7U, 1921 0x018d8d8cU, 0xb1d5d564U, 0x9c4e4ed2U, 0x49a9a9e0U, 1922 0xd86c6cb4U, 0xac5656faU, 0xf3f4f407U, 0xcfeaea25U, 1923 0xca6565afU, 0xf47a7a8eU, 0x47aeaee9U, 0x10080818U, 1924 0x6fbabad5U, 0xf0787888U, 0x4a25256fU, 0x5c2e2e72U, 1925 0x381c1c24U, 0x57a6a6f1U, 0x73b4b4c7U, 0x97c6c651U, 1926 0xcbe8e823U, 0xa1dddd7cU, 0xe874749cU, 0x3e1f1f21U, 1927 0x964b4bddU, 0x61bdbddcU, 0x0d8b8b86U, 0x0f8a8a85U, 1928 0xe0707090U, 0x7c3e3e42U, 0x71b5b5c4U, 0xcc6666aaU, 1929 0x904848d8U, 0x06030305U, 0xf7f6f601U, 0x1c0e0e12U, 1930 0xc26161a3U, 0x6a35355fU, 0xae5757f9U, 0x69b9b9d0U, 1931 0x17868691U, 0x99c1c158U, 0x3a1d1d27U, 0x279e9eb9U, 1932 0xd9e1e138U, 0xebf8f813U, 0x2b9898b3U, 0x22111133U, 1933 0xd26969bbU, 0xa9d9d970U, 0x078e8e89U, 0x339494a7U, 1934 0x2d9b9bb6U, 0x3c1e1e22U, 0x15878792U, 0xc9e9e920U, 1935 0x87cece49U, 0xaa5555ffU, 0x50282878U, 0xa5dfdf7aU, 1936 0x038c8c8fU, 0x59a1a1f8U, 0x09898980U, 0x1a0d0d17U, 1937 0x65bfbfdaU, 0xd7e6e631U, 0x844242c6U, 0xd06868b8U, 1938 0x824141c3U, 0x299999b0U, 0x5a2d2d77U, 0x1e0f0f11U, 1939 0x7bb0b0cbU, 0xa85454fcU, 0x6dbbbbd6U, 0x2c16163aU, 1940 }; 1941 1942 const u32 Td0[256] = { 1943 0x51f4a750U, 0x7e416553U, 0x1a17a4c3U, 0x3a275e96U, 1944 0x3bab6bcbU, 0x1f9d45f1U, 0xacfa58abU, 0x4be30393U, 1945 0x2030fa55U, 0xad766df6U, 0x88cc7691U, 0xf5024c25U, 1946 0x4fe5d7fcU, 0xc52acbd7U, 0x26354480U, 0xb562a38fU, 1947 0xdeb15a49U, 0x25ba1b67U, 0x45ea0e98U, 0x5dfec0e1U, 1948 0xc32f7502U, 0x814cf012U, 0x8d4697a3U, 0x6bd3f9c6U, 1949 0x038f5fe7U, 0x15929c95U, 0xbf6d7aebU, 0x955259daU, 1950 0xd4be832dU, 0x587421d3U, 0x49e06929U, 0x8ec9c844U, 1951 0x75c2896aU, 0xf48e7978U, 0x99583e6bU, 0x27b971ddU, 1952 0xbee14fb6U, 0xf088ad17U, 0xc920ac66U, 0x7dce3ab4U, 1953 0x63df4a18U, 0xe51a3182U, 0x97513360U, 0x62537f45U, 1954 0xb16477e0U, 0xbb6bae84U, 0xfe81a01cU, 0xf9082b94U, 1955 0x70486858U, 0x8f45fd19U, 0x94de6c87U, 0x527bf8b7U, 1956 0xab73d323U, 0x724b02e2U, 0xe31f8f57U, 0x6655ab2aU, 1957 0xb2eb2807U, 0x2fb5c203U, 0x86c57b9aU, 0xd33708a5U, 1958 0x302887f2U, 0x23bfa5b2U, 0x02036abaU, 0xed16825cU, 1959 0x8acf1c2bU, 0xa779b492U, 0xf307f2f0U, 0x4e69e2a1U, 1960 0x65daf4cdU, 0x0605bed5U, 0xd134621fU, 0xc4a6fe8aU, 1961 0x342e539dU, 0xa2f355a0U, 0x058ae132U, 0xa4f6eb75U, 1962 0x0b83ec39U, 0x4060efaaU, 0x5e719f06U, 0xbd6e1051U, 1963 0x3e218af9U, 0x96dd063dU, 0xdd3e05aeU, 0x4de6bd46U, 1964 0x91548db5U, 0x71c45d05U, 0x0406d46fU, 0x605015ffU, 1965 0x1998fb24U, 0xd6bde997U, 0x894043ccU, 0x67d99e77U, 1966 0xb0e842bdU, 0x07898b88U, 0xe7195b38U, 0x79c8eedbU, 1967 0xa17c0a47U, 0x7c420fe9U, 0xf8841ec9U, 0x00000000U, 1968 0x09808683U, 0x322bed48U, 0x1e1170acU, 0x6c5a724eU, 1969 0xfd0efffbU, 0x0f853856U, 0x3daed51eU, 0x362d3927U, 1970 0x0a0fd964U, 0x685ca621U, 0x9b5b54d1U, 0x24362e3aU, 1971 0x0c0a67b1U, 0x9357e70fU, 0xb4ee96d2U, 0x1b9b919eU, 1972 0x80c0c54fU, 0x61dc20a2U, 0x5a774b69U, 0x1c121a16U, 1973 0xe293ba0aU, 0xc0a02ae5U, 0x3c22e043U, 0x121b171dU, 1974 0x0e090d0bU, 0xf28bc7adU, 0x2db6a8b9U, 0x141ea9c8U, 1975 0x57f11985U, 0xaf75074cU, 0xee99ddbbU, 0xa37f60fdU, 1976 0xf701269fU, 0x5c72f5bcU, 0x44663bc5U, 0x5bfb7e34U, 1977 0x8b432976U, 0xcb23c6dcU, 0xb6edfc68U, 0xb8e4f163U, 1978 0xd731dccaU, 0x42638510U, 0x13972240U, 0x84c61120U, 1979 0x854a247dU, 0xd2bb3df8U, 0xaef93211U, 0xc729a16dU, 1980 0x1d9e2f4bU, 0xdcb230f3U, 0x0d8652ecU, 0x77c1e3d0U, 1981 0x2bb3166cU, 0xa970b999U, 0x119448faU, 0x47e96422U, 1982 0xa8fc8cc4U, 0xa0f03f1aU, 0x567d2cd8U, 0x223390efU, 1983 0x87494ec7U, 0xd938d1c1U, 0x8ccaa2feU, 0x98d40b36U, 1984 0xa6f581cfU, 0xa57ade28U, 0xdab78e26U, 0x3fadbfa4U, 1985 0x2c3a9de4U, 0x5078920dU, 0x6a5fcc9bU, 0x547e4662U, 1986 0xf68d13c2U, 0x90d8b8e8U, 0x2e39f75eU, 0x82c3aff5U, 1987 0x9f5d80beU, 0x69d0937cU, 0x6fd52da9U, 0xcf2512b3U, 1988 0xc8ac993bU, 0x10187da7U, 0xe89c636eU, 0xdb3bbb7bU, 1989 0xcd267809U, 0x6e5918f4U, 0xec9ab701U, 0x834f9aa8U, 1990 0xe6956e65U, 0xaaffe67eU, 0x21bccf08U, 0xef15e8e6U, 1991 0xbae79bd9U, 0x4a6f36ceU, 0xea9f09d4U, 0x29b07cd6U, 1992 0x31a4b2afU, 0x2a3f2331U, 0xc6a59430U, 0x35a266c0U, 1993 0x744ebc37U, 0xfc82caa6U, 0xe090d0b0U, 0x33a7d815U, 1994 0xf104984aU, 0x41ecdaf7U, 0x7fcd500eU, 0x1791f62fU, 1995 0x764dd68dU, 0x43efb04dU, 0xccaa4d54U, 0xe49604dfU, 1996 0x9ed1b5e3U, 0x4c6a881bU, 0xc12c1fb8U, 0x4665517fU, 1997 0x9d5eea04U, 0x018c355dU, 0xfa877473U, 0xfb0b412eU, 1998 0xb3671d5aU, 0x92dbd252U, 0xe9105633U, 0x6dd64713U, 1999 0x9ad7618cU, 0x37a10c7aU, 0x59f8148eU, 0xeb133c89U, 2000 0xcea927eeU, 0xb761c935U, 0xe11ce5edU, 0x7a47b13cU, 2001 0x9cd2df59U, 0x55f2733fU, 0x1814ce79U, 0x73c737bfU, 2002 0x53f7cdeaU, 0x5ffdaa5bU, 0xdf3d6f14U, 0x7844db86U, 2003 0xcaaff381U, 0xb968c43eU, 0x3824342cU, 0xc2a3405fU, 2004 0x161dc372U, 0xbce2250cU, 0x283c498bU, 0xff0d9541U, 2005 0x39a80171U, 0x080cb3deU, 0xd8b4e49cU, 0x6456c190U, 2006 0x7bcb8461U, 0xd532b670U, 0x486c5c74U, 0xd0b85742U, 2007 }; 2008 2009 const u8 Td4s[256] = { 2010 0x52U, 0x09U, 0x6aU, 0xd5U, 0x30U, 0x36U, 0xa5U, 0x38U, 2011 0xbfU, 0x40U, 0xa3U, 0x9eU, 0x81U, 0xf3U, 0xd7U, 0xfbU, 2012 0x7cU, 0xe3U, 0x39U, 0x82U, 0x9bU, 0x2fU, 0xffU, 0x87U, 2013 0x34U, 0x8eU, 0x43U, 0x44U, 0xc4U, 0xdeU, 0xe9U, 0xcbU, 2014 0x54U, 0x7bU, 0x94U, 0x32U, 0xa6U, 0xc2U, 0x23U, 0x3dU, 2015 0xeeU, 0x4cU, 0x95U, 0x0bU, 0x42U, 0xfaU, 0xc3U, 0x4eU, 2016 0x08U, 0x2eU, 0xa1U, 0x66U, 0x28U, 0xd9U, 0x24U, 0xb2U, 2017 0x76U, 0x5bU, 0xa2U, 0x49U, 0x6dU, 0x8bU, 0xd1U, 0x25U, 2018 0x72U, 0xf8U, 0xf6U, 0x64U, 0x86U, 0x68U, 0x98U, 0x16U, 2019 0xd4U, 0xa4U, 0x5cU, 0xccU, 0x5dU, 0x65U, 0xb6U, 0x92U, 2020 0x6cU, 0x70U, 0x48U, 0x50U, 0xfdU, 0xedU, 0xb9U, 0xdaU, 2021 0x5eU, 0x15U, 0x46U, 0x57U, 0xa7U, 0x8dU, 0x9dU, 0x84U, 2022 0x90U, 0xd8U, 0xabU, 0x00U, 0x8cU, 0xbcU, 0xd3U, 0x0aU, 2023 0xf7U, 0xe4U, 0x58U, 0x05U, 0xb8U, 0xb3U, 0x45U, 0x06U, 2024 0xd0U, 0x2cU, 0x1eU, 0x8fU, 0xcaU, 0x3fU, 0x0fU, 0x02U, 2025 0xc1U, 0xafU, 0xbdU, 0x03U, 0x01U, 0x13U, 0x8aU, 0x6bU, 2026 0x3aU, 0x91U, 0x11U, 0x41U, 0x4fU, 0x67U, 0xdcU, 0xeaU, 2027 0x97U, 0xf2U, 0xcfU, 0xceU, 0xf0U, 0xb4U, 0xe6U, 0x73U, 2028 0x96U, 0xacU, 0x74U, 0x22U, 0xe7U, 0xadU, 0x35U, 0x85U, 2029 0xe2U, 0xf9U, 0x37U, 0xe8U, 0x1cU, 0x75U, 0xdfU, 0x6eU, 2030 0x47U, 0xf1U, 0x1aU, 0x71U, 0x1dU, 0x29U, 0xc5U, 0x89U, 2031 0x6fU, 0xb7U, 0x62U, 0x0eU, 0xaaU, 0x18U, 0xbeU, 0x1bU, 2032 0xfcU, 0x56U, 0x3eU, 0x4bU, 0xc6U, 0xd2U, 0x79U, 0x20U, 2033 0x9aU, 0xdbU, 0xc0U, 0xfeU, 0x78U, 0xcdU, 0x5aU, 0xf4U, 2034 0x1fU, 0xddU, 0xa8U, 0x33U, 0x88U, 0x07U, 0xc7U, 0x31U, 2035 0xb1U, 0x12U, 0x10U, 0x59U, 0x27U, 0x80U, 0xecU, 0x5fU, 2036 0x60U, 0x51U, 0x7fU, 0xa9U, 0x19U, 0xb5U, 0x4aU, 0x0dU, 2037 0x2dU, 0xe5U, 0x7aU, 0x9fU, 0x93U, 0xc9U, 0x9cU, 0xefU, 2038 0xa0U, 0xe0U, 0x3bU, 0x4dU, 0xaeU, 0x2aU, 0xf5U, 0xb0U, 2039 0xc8U, 0xebU, 0xbbU, 0x3cU, 0x83U, 0x53U, 0x99U, 0x61U, 2040 0x17U, 0x2bU, 0x04U, 0x7eU, 0xbaU, 0x77U, 0xd6U, 0x26U, 2041 0xe1U, 0x69U, 0x14U, 0x63U, 0x55U, 0x21U, 0x0cU, 0x7dU, 2042 }; 2043 2044 const u8 rcons[] = { 2045 0x01, 0x02, 0x04, 0x08, 0x10, 0x20, 0x40, 0x80, 0x1B, 0x36 2046 /* for 128-bit blocks, Rijndael never uses more than 10 rcon values */ 2047 }; 2048 2049 /** 2050 * Expand the cipher key into the encryption key schedule. 2051 * 2052 * @return the number of rounds for the given cipher key size. 2053 */ 2054 static void rijndaelKeySetupEnc(u32 rk[/*44*/], const u8 cipherKey[]) 2055 { 2056 int i; 2057 u32 temp; 2058 2059 rk[0] = GETU32(cipherKey); 2060 rk[1] = GETU32(cipherKey + 4); 2061 rk[2] = GETU32(cipherKey + 8); 2062 rk[3] = GETU32(cipherKey + 12); 2063 for (i = 0; i < 10; i++) { 2064 temp = rk[3]; 2065 rk[4] = rk[0] ^ 2066 TE421(temp) ^ TE432(temp) ^ TE443(temp) ^ TE414(temp) ^ 2067 RCON(i); 2068 rk[5] = rk[1] ^ rk[4]; 2069 rk[6] = rk[2] ^ rk[5]; 2070 rk[7] = rk[3] ^ rk[6]; 2071 rk += 4; 2072 } 2073 } 2074 2075 static void rijndaelEncrypt(u32 rk[/*44*/], u8 pt[16], u8 ct[16]) 2076 { 2077 u32 s0, s1, s2, s3, t0, t1, t2, t3; 2078 int Nr = 10; 2079 int r; 2080 2081 /* 2082 * map byte array block to cipher state 2083 * and add initial round key: 2084 */ 2085 s0 = GETU32(pt) ^ rk[0]; 2086 s1 = GETU32(pt + 4) ^ rk[1]; 2087 s2 = GETU32(pt + 8) ^ rk[2]; 2088 s3 = GETU32(pt + 12) ^ rk[3]; 2089 2090 #define ROUND(i, d, s) \ 2091 d##0 = TE0(s##0) ^ TE1(s##1) ^ TE2(s##2) ^ TE3(s##3) ^ rk[4 * i]; \ 2092 d##1 = TE0(s##1) ^ TE1(s##2) ^ TE2(s##3) ^ TE3(s##0) ^ rk[4 * i + 1]; \ 2093 d##2 = TE0(s##2) ^ TE1(s##3) ^ TE2(s##0) ^ TE3(s##1) ^ rk[4 * i + 2]; \ 2094 d##3 = TE0(s##3) ^ TE1(s##0) ^ TE2(s##1) ^ TE3(s##2) ^ rk[4 * i + 3] 2095 2096 /* Nr - 1 full rounds: */ 2097 r = Nr >> 1; 2098 for (;;) { 2099 ROUND(1, t, s); 2100 rk += 8; 2101 if (--r == 0) 2102 break; 2103 ROUND(0, s, t); 2104 } 2105 2106 #undef ROUND 2107 2108 /* 2109 * apply last round and 2110 * map cipher state to byte array block: 2111 */ 2112 s0 = TE41(t0) ^ TE42(t1) ^ TE43(t2) ^ TE44(t3) ^ rk[0]; 2113 PUTU32(ct, s0); 2114 s1 = TE41(t1) ^ TE42(t2) ^ TE43(t3) ^ TE44(t0) ^ rk[1]; 2115 PUTU32(ct + 4, s1); 2116 s2 = TE41(t2) ^ TE42(t3) ^ TE43(t0) ^ TE44(t1) ^ rk[2]; 2117 PUTU32(ct + 8, s2); 2118 s3 = TE41(t3) ^ TE42(t0) ^ TE43(t1) ^ TE44(t2) ^ rk[3]; 2119 PUTU32(ct + 12, s3); 2120 } 2121 2122 static void *aes_encrypt_init(u8 *key, size_t len) 2123 { 2124 u32 *rk; 2125 2126 if (len != 16) 2127 return NULL; 2128 rk = rtw_malloc(AES_PRIV_SIZE); 2129 if (rk == NULL) 2130 return NULL; 2131 rijndaelKeySetupEnc(rk, key); 2132 return rk; 2133 } 2134 2135 static void aes_128_encrypt(void *ctx, u8 *plain, u8 *crypt) 2136 { 2137 rijndaelEncrypt(ctx, plain, crypt); 2138 } 2139 2140 static void gf_mulx(u8 *pad) 2141 { 2142 int i, carry; 2143 2144 carry = pad[0] & 0x80; 2145 for (i = 0; i < AES_BLOCK_SIZE - 1; i++) 2146 pad[i] = (pad[i] << 1) | (pad[i + 1] >> 7); 2147 2148 pad[AES_BLOCK_SIZE - 1] <<= 1; 2149 if (carry) 2150 pad[AES_BLOCK_SIZE - 1] ^= 0x87; 2151 } 2152 2153 static void aes_encrypt_deinit(void *ctx) 2154 { 2155 kfree_sensitive(ctx); 2156 } 2157 2158 /** 2159 * omac1_aes_128_vector - One-Key CBC MAC (OMAC1) hash with AES-128 2160 * @key: 128-bit key for the hash operation 2161 * @num_elem: Number of elements in the data vector 2162 * @addr: Pointers to the data areas 2163 * @len: Lengths of the data blocks 2164 * @mac: Buffer for MAC (128 bits, i.e., 16 bytes) 2165 * Returns: 0 on success, -1 on failure 2166 * 2167 * This is a mode for using block cipher (AES in this case) for authentication. 2168 * OMAC1 was standardized with the name CMAC by NIST in a Special Publication 2169 * (SP) 800-38B. 2170 */ 2171 static int omac1_aes_128_vector(u8 *key, size_t num_elem, 2172 u8 *addr[], size_t *len, u8 *mac) 2173 { 2174 void *ctx; 2175 u8 cbc[AES_BLOCK_SIZE], pad[AES_BLOCK_SIZE]; 2176 u8 *pos, *end; 2177 size_t i, e, left, total_len; 2178 2179 ctx = aes_encrypt_init(key, 16); 2180 if (ctx == NULL) 2181 return -1; 2182 memset(cbc, 0, AES_BLOCK_SIZE); 2183 2184 total_len = 0; 2185 for (e = 0; e < num_elem; e++) 2186 total_len += len[e]; 2187 left = total_len; 2188 2189 e = 0; 2190 pos = addr[0]; 2191 end = pos + len[0]; 2192 2193 while (left >= AES_BLOCK_SIZE) { 2194 for (i = 0; i < AES_BLOCK_SIZE; i++) { 2195 cbc[i] ^= *pos++; 2196 if (pos >= end) { 2197 e++; 2198 pos = addr[e]; 2199 end = pos + len[e]; 2200 } 2201 } 2202 if (left > AES_BLOCK_SIZE) 2203 aes_128_encrypt(ctx, cbc, cbc); 2204 left -= AES_BLOCK_SIZE; 2205 } 2206 2207 memset(pad, 0, AES_BLOCK_SIZE); 2208 aes_128_encrypt(ctx, pad, pad); 2209 gf_mulx(pad); 2210 2211 if (left || total_len == 0) { 2212 for (i = 0; i < left; i++) { 2213 cbc[i] ^= *pos++; 2214 if (pos >= end) { 2215 e++; 2216 pos = addr[e]; 2217 end = pos + len[e]; 2218 } 2219 } 2220 cbc[left] ^= 0x80; 2221 gf_mulx(pad); 2222 } 2223 2224 for (i = 0; i < AES_BLOCK_SIZE; i++) 2225 pad[i] ^= cbc[i]; 2226 aes_128_encrypt(ctx, pad, mac); 2227 aes_encrypt_deinit(ctx); 2228 return 0; 2229 } 2230 2231 /** 2232 * omac1_aes_128 - One-Key CBC MAC (OMAC1) hash with AES-128 (aka AES-CMAC) 2233 * @key: 128-bit key for the hash operation 2234 * @data: Data buffer for which a MAC is determined 2235 * @data_len: Length of data buffer in bytes 2236 * @mac: Buffer for MAC (128 bits, i.e., 16 bytes) 2237 * Returns: 0 on success, -1 on failure 2238 * 2239 * This is a mode for using block cipher (AES in this case) for authentication. 2240 * OMAC1 was standardized with the name CMAC by NIST in a Special Publication 2241 * (SP) 800-38B. 2242 * modify for CONFIG_IEEE80211W */ 2243 int omac1_aes_128(u8 *key, u8 *data, size_t data_len, u8 *mac) 2244 { 2245 return omac1_aes_128_vector(key, 1, &data, &data_len, mac); 2246 } 2247 2248 /* Restore HW wep key setting according to key_mask */ 2249 void rtw_sec_restore_wep_key(struct adapter *adapter) 2250 { 2251 struct security_priv *securitypriv = &(adapter->securitypriv); 2252 sint keyid; 2253 2254 if ((_WEP40_ == securitypriv->dot11PrivacyAlgrthm) || (_WEP104_ == securitypriv->dot11PrivacyAlgrthm)) { 2255 for (keyid = 0; keyid < 4; keyid++) { 2256 if (securitypriv->key_mask & BIT(keyid)) { 2257 if (keyid == securitypriv->dot11PrivacyKeyIndex) 2258 rtw_set_key(adapter, securitypriv, keyid, 1, false); 2259 else 2260 rtw_set_key(adapter, securitypriv, keyid, 0, false); 2261 } 2262 } 2263 } 2264 } 2265 2266 u8 rtw_handle_tkip_countermeasure(struct adapter *adapter, const char *caller) 2267 { 2268 struct security_priv *securitypriv = &(adapter->securitypriv); 2269 u8 status = _SUCCESS; 2270 2271 if (securitypriv->btkip_countermeasure) { 2272 unsigned long passing_ms = jiffies_to_msecs(jiffies - securitypriv->btkip_countermeasure_time); 2273 2274 if (passing_ms > 60*1000) { 2275 DBG_871X_LEVEL(_drv_always_, "%s(%s) countermeasure time:%lus > 60s\n", 2276 caller, ADPT_ARG(adapter), passing_ms/1000); 2277 securitypriv->btkip_countermeasure = false; 2278 securitypriv->btkip_countermeasure_time = 0; 2279 } else { 2280 DBG_871X_LEVEL(_drv_always_, "%s(%s) countermeasure time:%lus < 60s\n", 2281 caller, ADPT_ARG(adapter), passing_ms/1000); 2282 status = _FAIL; 2283 } 2284 } 2285 2286 return status; 2287 } 2288