1 // SPDX-License-Identifier: GPL-2.0 2 /****************************************************************************** 3 * 4 * Copyright(c) 2007 - 2011 Realtek Corporation. All rights reserved. 5 * 6 ******************************************************************************/ 7 #define _RTW_SECURITY_C_ 8 9 #include <linux/crc32poly.h> 10 #include <drv_types.h> 11 #include <rtw_debug.h> 12 13 static const char * const _security_type_str[] = { 14 "N/A", 15 "WEP40", 16 "TKIP", 17 "TKIP_WM", 18 "AES", 19 "WEP104", 20 "SMS4", 21 "WEP_WPA", 22 "BIP", 23 }; 24 25 const char *security_type_str(u8 value) 26 { 27 if (value <= _BIP_) 28 return _security_type_str[value]; 29 return NULL; 30 } 31 32 /* WEP related ===== */ 33 34 struct arc4context { 35 u32 x; 36 u32 y; 37 u8 state[256]; 38 }; 39 40 41 static void arcfour_init(struct arc4context *parc4ctx, u8 *key, u32 key_len) 42 { 43 u32 t, u; 44 u32 keyindex; 45 u32 stateindex; 46 u8 *state; 47 u32 counter; 48 49 state = parc4ctx->state; 50 parc4ctx->x = 0; 51 parc4ctx->y = 0; 52 for (counter = 0; counter < 256; counter++) 53 state[counter] = (u8)counter; 54 keyindex = 0; 55 stateindex = 0; 56 for (counter = 0; counter < 256; counter++) { 57 t = state[counter]; 58 stateindex = (stateindex + key[keyindex] + t) & 0xff; 59 u = state[stateindex]; 60 state[stateindex] = (u8)t; 61 state[counter] = (u8)u; 62 if (++keyindex >= key_len) 63 keyindex = 0; 64 } 65 } 66 67 static u32 arcfour_byte(struct arc4context *parc4ctx) 68 { 69 u32 x; 70 u32 y; 71 u32 sx, sy; 72 u8 *state; 73 74 state = parc4ctx->state; 75 x = (parc4ctx->x + 1) & 0xff; 76 sx = state[x]; 77 y = (sx + parc4ctx->y) & 0xff; 78 sy = state[y]; 79 parc4ctx->x = x; 80 parc4ctx->y = y; 81 state[y] = (u8)sx; 82 state[x] = (u8)sy; 83 return state[(sx + sy) & 0xff]; 84 } 85 86 static void arcfour_encrypt(struct arc4context *parc4ctx, u8 *dest, u8 *src, u32 len) 87 { 88 u32 i; 89 90 for (i = 0; i < len; i++) 91 dest[i] = src[i] ^ (unsigned char)arcfour_byte(parc4ctx); 92 } 93 94 static signed int bcrc32initialized; 95 static u32 crc32_table[256]; 96 97 98 static u8 crc32_reverseBit(u8 data) 99 { 100 return((u8)((data<<7)&0x80) | ((data<<5)&0x40) | ((data<<3)&0x20) | ((data<<1)&0x10) | ((data>>1)&0x08) | ((data>>3)&0x04) | ((data>>5)&0x02) | ((data>>7)&0x01)); 101 } 102 103 static void crc32_init(void) 104 { 105 if (bcrc32initialized == 1) 106 return; 107 else { 108 signed int i, j; 109 u32 c; 110 u8 *p = (u8 *)&c, *p1; 111 u8 k; 112 113 c = 0x12340000; 114 115 for (i = 0; i < 256; ++i) { 116 k = crc32_reverseBit((u8)i); 117 for (c = ((u32)k) << 24, j = 8; j > 0; --j) 118 c = c & 0x80000000 ? (c << 1) ^ CRC32_POLY_BE : (c << 1); 119 p1 = (u8 *)&crc32_table[i]; 120 121 p1[0] = crc32_reverseBit(p[3]); 122 p1[1] = crc32_reverseBit(p[2]); 123 p1[2] = crc32_reverseBit(p[1]); 124 p1[3] = crc32_reverseBit(p[0]); 125 } 126 bcrc32initialized = 1; 127 } 128 } 129 130 static __le32 getcrc32(u8 *buf, signed int len) 131 { 132 u8 *p; 133 u32 crc; 134 135 if (bcrc32initialized == 0) 136 crc32_init(); 137 138 crc = 0xffffffff; /* preload shift register, per CRC-32 spec */ 139 140 for (p = buf; len > 0; ++p, --len) 141 crc = crc32_table[(crc ^ *p) & 0xff] ^ (crc >> 8); 142 return cpu_to_le32(~crc); /* transmit complement, per CRC-32 spec */ 143 } 144 145 146 /* 147 Need to consider the fragment situation 148 */ 149 void rtw_wep_encrypt(struct adapter *padapter, u8 *pxmitframe) 150 { /* exclude ICV */ 151 152 unsigned char crc[4]; 153 struct arc4context mycontext; 154 155 signed int curfragnum, length; 156 u32 keylength; 157 158 u8 *pframe, *payload, *iv; /* wepkey */ 159 u8 wepkey[16]; 160 u8 hw_hdr_offset = 0; 161 struct pkt_attrib *pattrib = &((struct xmit_frame *)pxmitframe)->attrib; 162 struct security_priv *psecuritypriv = &padapter->securitypriv; 163 struct xmit_priv *pxmitpriv = &padapter->xmitpriv; 164 165 if (((struct xmit_frame *)pxmitframe)->buf_addr == NULL) 166 return; 167 168 hw_hdr_offset = TXDESC_OFFSET; 169 pframe = ((struct xmit_frame *)pxmitframe)->buf_addr + hw_hdr_offset; 170 171 /* start to encrypt each fragment */ 172 if ((pattrib->encrypt == _WEP40_) || (pattrib->encrypt == _WEP104_)) { 173 keylength = psecuritypriv->dot11DefKeylen[psecuritypriv->dot11PrivacyKeyIndex]; 174 175 for (curfragnum = 0; curfragnum < pattrib->nr_frags; curfragnum++) { 176 iv = pframe+pattrib->hdrlen; 177 memcpy(&wepkey[0], iv, 3); 178 memcpy(&wepkey[3], &psecuritypriv->dot11DefKey[psecuritypriv->dot11PrivacyKeyIndex].skey[0], keylength); 179 payload = pframe+pattrib->iv_len+pattrib->hdrlen; 180 181 if ((curfragnum+1) == pattrib->nr_frags) { /* the last fragment */ 182 183 length = pattrib->last_txcmdsz-pattrib->hdrlen-pattrib->iv_len-pattrib->icv_len; 184 185 *((__le32 *)crc) = getcrc32(payload, length); 186 187 arcfour_init(&mycontext, wepkey, 3+keylength); 188 arcfour_encrypt(&mycontext, payload, payload, length); 189 arcfour_encrypt(&mycontext, payload+length, crc, 4); 190 191 } else { 192 length = pxmitpriv->frag_len-pattrib->hdrlen-pattrib->iv_len-pattrib->icv_len; 193 *((__le32 *)crc) = getcrc32(payload, length); 194 arcfour_init(&mycontext, wepkey, 3+keylength); 195 arcfour_encrypt(&mycontext, payload, payload, length); 196 arcfour_encrypt(&mycontext, payload+length, crc, 4); 197 198 pframe += pxmitpriv->frag_len; 199 pframe = (u8 *)round_up((SIZE_PTR)(pframe), 4); 200 } 201 } 202 } 203 } 204 205 void rtw_wep_decrypt(struct adapter *padapter, u8 *precvframe) 206 { 207 /* exclude ICV */ 208 u8 crc[4]; 209 struct arc4context mycontext; 210 signed int length; 211 u32 keylength; 212 u8 *pframe, *payload, *iv, wepkey[16]; 213 u8 keyindex; 214 struct rx_pkt_attrib *prxattrib = &(((union recv_frame *)precvframe)->u.hdr.attrib); 215 struct security_priv *psecuritypriv = &padapter->securitypriv; 216 217 pframe = (unsigned char *)((union recv_frame *)precvframe)->u.hdr.rx_data; 218 219 /* start to decrypt recvframe */ 220 if ((prxattrib->encrypt == _WEP40_) || (prxattrib->encrypt == _WEP104_)) { 221 iv = pframe+prxattrib->hdrlen; 222 /* keyindex =(iv[3]&0x3); */ 223 keyindex = prxattrib->key_index; 224 keylength = psecuritypriv->dot11DefKeylen[keyindex]; 225 memcpy(&wepkey[0], iv, 3); 226 /* memcpy(&wepkey[3], &psecuritypriv->dot11DefKey[psecuritypriv->dot11PrivacyKeyIndex].skey[0], keylength); */ 227 memcpy(&wepkey[3], &psecuritypriv->dot11DefKey[keyindex].skey[0], keylength); 228 length = ((union recv_frame *)precvframe)->u.hdr.len-prxattrib->hdrlen-prxattrib->iv_len; 229 230 payload = pframe+prxattrib->iv_len+prxattrib->hdrlen; 231 232 /* decrypt payload include icv */ 233 arcfour_init(&mycontext, wepkey, 3+keylength); 234 arcfour_encrypt(&mycontext, payload, payload, length); 235 236 /* calculate icv and compare the icv */ 237 *((u32 *)crc) = le32_to_cpu(getcrc32(payload, length-4)); 238 239 } 240 } 241 242 /* 3 =====TKIP related ===== */ 243 244 static u32 secmicgetuint32(u8 *p) 245 /* Convert from Byte[] to Us3232 in a portable way */ 246 { 247 s32 i; 248 u32 res = 0; 249 250 for (i = 0; i < 4; i++) 251 res |= ((u32)(*p++)) << (8 * i); 252 253 return res; 254 } 255 256 static void secmicputuint32(u8 *p, u32 val) 257 /* Convert from Us3232 to Byte[] in a portable way */ 258 { 259 long i; 260 261 for (i = 0; i < 4; i++) { 262 *p++ = (u8) (val & 0xff); 263 val >>= 8; 264 } 265 } 266 267 static void secmicclear(struct mic_data *pmicdata) 268 { 269 /* Reset the state to the empty message. */ 270 pmicdata->L = pmicdata->K0; 271 pmicdata->R = pmicdata->K1; 272 pmicdata->nBytesInM = 0; 273 pmicdata->M = 0; 274 } 275 276 void rtw_secmicsetkey(struct mic_data *pmicdata, u8 *key) 277 { 278 /* Set the key */ 279 pmicdata->K0 = secmicgetuint32(key); 280 pmicdata->K1 = secmicgetuint32(key + 4); 281 /* and reset the message */ 282 secmicclear(pmicdata); 283 } 284 285 void rtw_secmicappendbyte(struct mic_data *pmicdata, u8 b) 286 { 287 /* Append the byte to our word-sized buffer */ 288 pmicdata->M |= ((unsigned long)b) << (8*pmicdata->nBytesInM); 289 pmicdata->nBytesInM++; 290 /* Process the word if it is full. */ 291 if (pmicdata->nBytesInM >= 4) { 292 pmicdata->L ^= pmicdata->M; 293 pmicdata->R ^= ROL32(pmicdata->L, 17); 294 pmicdata->L += pmicdata->R; 295 pmicdata->R ^= ((pmicdata->L & 0xff00ff00) >> 8) | ((pmicdata->L & 0x00ff00ff) << 8); 296 pmicdata->L += pmicdata->R; 297 pmicdata->R ^= ROL32(pmicdata->L, 3); 298 pmicdata->L += pmicdata->R; 299 pmicdata->R ^= ROR32(pmicdata->L, 2); 300 pmicdata->L += pmicdata->R; 301 /* Clear the buffer */ 302 pmicdata->M = 0; 303 pmicdata->nBytesInM = 0; 304 } 305 } 306 307 void rtw_secmicappend(struct mic_data *pmicdata, u8 *src, u32 nbytes) 308 { 309 /* This is simple */ 310 while (nbytes > 0) { 311 rtw_secmicappendbyte(pmicdata, *src++); 312 nbytes--; 313 } 314 } 315 316 void rtw_secgetmic(struct mic_data *pmicdata, u8 *dst) 317 { 318 /* Append the minimum padding */ 319 rtw_secmicappendbyte(pmicdata, 0x5a); 320 rtw_secmicappendbyte(pmicdata, 0); 321 rtw_secmicappendbyte(pmicdata, 0); 322 rtw_secmicappendbyte(pmicdata, 0); 323 rtw_secmicappendbyte(pmicdata, 0); 324 /* and then zeroes until the length is a multiple of 4 */ 325 while (pmicdata->nBytesInM != 0) 326 rtw_secmicappendbyte(pmicdata, 0); 327 /* The appendByte function has already computed the result. */ 328 secmicputuint32(dst, pmicdata->L); 329 secmicputuint32(dst + 4, pmicdata->R); 330 /* Reset to the empty message. */ 331 secmicclear(pmicdata); 332 } 333 334 335 void rtw_seccalctkipmic(u8 *key, u8 *header, u8 *data, u32 data_len, u8 *mic_code, u8 pri) 336 { 337 338 struct mic_data micdata; 339 u8 priority[4] = {0x0, 0x0, 0x0, 0x0}; 340 341 rtw_secmicsetkey(&micdata, key); 342 priority[0] = pri; 343 344 /* Michael MIC pseudo header: DA, SA, 3 x 0, Priority */ 345 if (header[1] & 1) { /* ToDS == 1 */ 346 rtw_secmicappend(&micdata, &header[16], 6); /* DA */ 347 if (header[1] & 2) /* From Ds == 1 */ 348 rtw_secmicappend(&micdata, &header[24], 6); 349 else 350 rtw_secmicappend(&micdata, &header[10], 6); 351 } else { /* ToDS == 0 */ 352 rtw_secmicappend(&micdata, &header[4], 6); /* DA */ 353 if (header[1] & 2) /* From Ds == 1 */ 354 rtw_secmicappend(&micdata, &header[16], 6); 355 else 356 rtw_secmicappend(&micdata, &header[10], 6); 357 } 358 rtw_secmicappend(&micdata, &priority[0], 4); 359 360 361 rtw_secmicappend(&micdata, data, data_len); 362 363 rtw_secgetmic(&micdata, mic_code); 364 } 365 366 /* macros for extraction/creation of unsigned char/unsigned short values */ 367 #define RotR1(v16) ((((v16) >> 1) & 0x7FFF) ^ (((v16) & 1) << 15)) 368 #define Lo8(v16) ((u8)((v16) & 0x00FF)) 369 #define Hi8(v16) ((u8)(((v16) >> 8) & 0x00FF)) 370 #define Lo16(v32) ((u16)((v32) & 0xFFFF)) 371 #define Hi16(v32) ((u16)(((v32) >> 16) & 0xFFFF)) 372 #define Mk16(hi, lo) ((lo) ^ (((u16)(hi)) << 8)) 373 374 /* select the Nth 16-bit word of the temporal key unsigned char array TK[] */ 375 #define TK16(N) Mk16(tk[2*(N)+1], tk[2*(N)]) 376 377 /* S-box lookup: 16 bits --> 16 bits */ 378 #define _S_(v16) (Sbox1[0][Lo8(v16)] ^ Sbox1[1][Hi8(v16)]) 379 380 /* fixed algorithm "parameters" */ 381 #define PHASE1_LOOP_CNT 8 /* this needs to be "big enough" */ 382 #define TA_SIZE 6 /* 48-bit transmitter address */ 383 #define TK_SIZE 16 /* 128-bit temporal key */ 384 #define P1K_SIZE 10 /* 80-bit Phase1 key */ 385 #define RC4_KEY_SIZE 16 /* 128-bit RC4KEY (104 bits unknown) */ 386 387 388 /* 2-unsigned char by 2-unsigned char subset of the full AES S-box table */ 389 static const unsigned short Sbox1[2][256] = { /* Sbox for hash (can be in ROM) */ 390 { 391 0xC6A5, 0xF884, 0xEE99, 0xF68D, 0xFF0D, 0xD6BD, 0xDEB1, 0x9154, 392 0x6050, 0x0203, 0xCEA9, 0x567D, 0xE719, 0xB562, 0x4DE6, 0xEC9A, 393 0x8F45, 0x1F9D, 0x8940, 0xFA87, 0xEF15, 0xB2EB, 0x8EC9, 0xFB0B, 394 0x41EC, 0xB367, 0x5FFD, 0x45EA, 0x23BF, 0x53F7, 0xE496, 0x9B5B, 395 0x75C2, 0xE11C, 0x3DAE, 0x4C6A, 0x6C5A, 0x7E41, 0xF502, 0x834F, 396 0x685C, 0x51F4, 0xD134, 0xF908, 0xE293, 0xAB73, 0x6253, 0x2A3F, 397 0x080C, 0x9552, 0x4665, 0x9D5E, 0x3028, 0x37A1, 0x0A0F, 0x2FB5, 398 0x0E09, 0x2436, 0x1B9B, 0xDF3D, 0xCD26, 0x4E69, 0x7FCD, 0xEA9F, 399 0x121B, 0x1D9E, 0x5874, 0x342E, 0x362D, 0xDCB2, 0xB4EE, 0x5BFB, 400 0xA4F6, 0x764D, 0xB761, 0x7DCE, 0x527B, 0xDD3E, 0x5E71, 0x1397, 401 0xA6F5, 0xB968, 0x0000, 0xC12C, 0x4060, 0xE31F, 0x79C8, 0xB6ED, 402 0xD4BE, 0x8D46, 0x67D9, 0x724B, 0x94DE, 0x98D4, 0xB0E8, 0x854A, 403 0xBB6B, 0xC52A, 0x4FE5, 0xED16, 0x86C5, 0x9AD7, 0x6655, 0x1194, 404 0x8ACF, 0xE910, 0x0406, 0xFE81, 0xA0F0, 0x7844, 0x25BA, 0x4BE3, 405 0xA2F3, 0x5DFE, 0x80C0, 0x058A, 0x3FAD, 0x21BC, 0x7048, 0xF104, 406 0x63DF, 0x77C1, 0xAF75, 0x4263, 0x2030, 0xE51A, 0xFD0E, 0xBF6D, 407 0x814C, 0x1814, 0x2635, 0xC32F, 0xBEE1, 0x35A2, 0x88CC, 0x2E39, 408 0x9357, 0x55F2, 0xFC82, 0x7A47, 0xC8AC, 0xBAE7, 0x322B, 0xE695, 409 0xC0A0, 0x1998, 0x9ED1, 0xA37F, 0x4466, 0x547E, 0x3BAB, 0x0B83, 410 0x8CCA, 0xC729, 0x6BD3, 0x283C, 0xA779, 0xBCE2, 0x161D, 0xAD76, 411 0xDB3B, 0x6456, 0x744E, 0x141E, 0x92DB, 0x0C0A, 0x486C, 0xB8E4, 412 0x9F5D, 0xBD6E, 0x43EF, 0xC4A6, 0x39A8, 0x31A4, 0xD337, 0xF28B, 413 0xD532, 0x8B43, 0x6E59, 0xDAB7, 0x018C, 0xB164, 0x9CD2, 0x49E0, 414 0xD8B4, 0xACFA, 0xF307, 0xCF25, 0xCAAF, 0xF48E, 0x47E9, 0x1018, 415 0x6FD5, 0xF088, 0x4A6F, 0x5C72, 0x3824, 0x57F1, 0x73C7, 0x9751, 416 0xCB23, 0xA17C, 0xE89C, 0x3E21, 0x96DD, 0x61DC, 0x0D86, 0x0F85, 417 0xE090, 0x7C42, 0x71C4, 0xCCAA, 0x90D8, 0x0605, 0xF701, 0x1C12, 418 0xC2A3, 0x6A5F, 0xAEF9, 0x69D0, 0x1791, 0x9958, 0x3A27, 0x27B9, 419 0xD938, 0xEB13, 0x2BB3, 0x2233, 0xD2BB, 0xA970, 0x0789, 0x33A7, 420 0x2DB6, 0x3C22, 0x1592, 0xC920, 0x8749, 0xAAFF, 0x5078, 0xA57A, 421 0x038F, 0x59F8, 0x0980, 0x1A17, 0x65DA, 0xD731, 0x84C6, 0xD0B8, 422 0x82C3, 0x29B0, 0x5A77, 0x1E11, 0x7BCB, 0xA8FC, 0x6DD6, 0x2C3A, 423 }, 424 425 426 { /* second half of table is unsigned char-reversed version of first! */ 427 0xA5C6, 0x84F8, 0x99EE, 0x8DF6, 0x0DFF, 0xBDD6, 0xB1DE, 0x5491, 428 0x5060, 0x0302, 0xA9CE, 0x7D56, 0x19E7, 0x62B5, 0xE64D, 0x9AEC, 429 0x458F, 0x9D1F, 0x4089, 0x87FA, 0x15EF, 0xEBB2, 0xC98E, 0x0BFB, 430 0xEC41, 0x67B3, 0xFD5F, 0xEA45, 0xBF23, 0xF753, 0x96E4, 0x5B9B, 431 0xC275, 0x1CE1, 0xAE3D, 0x6A4C, 0x5A6C, 0x417E, 0x02F5, 0x4F83, 432 0x5C68, 0xF451, 0x34D1, 0x08F9, 0x93E2, 0x73AB, 0x5362, 0x3F2A, 433 0x0C08, 0x5295, 0x6546, 0x5E9D, 0x2830, 0xA137, 0x0F0A, 0xB52F, 434 0x090E, 0x3624, 0x9B1B, 0x3DDF, 0x26CD, 0x694E, 0xCD7F, 0x9FEA, 435 0x1B12, 0x9E1D, 0x7458, 0x2E34, 0x2D36, 0xB2DC, 0xEEB4, 0xFB5B, 436 0xF6A4, 0x4D76, 0x61B7, 0xCE7D, 0x7B52, 0x3EDD, 0x715E, 0x9713, 437 0xF5A6, 0x68B9, 0x0000, 0x2CC1, 0x6040, 0x1FE3, 0xC879, 0xEDB6, 438 0xBED4, 0x468D, 0xD967, 0x4B72, 0xDE94, 0xD498, 0xE8B0, 0x4A85, 439 0x6BBB, 0x2AC5, 0xE54F, 0x16ED, 0xC586, 0xD79A, 0x5566, 0x9411, 440 0xCF8A, 0x10E9, 0x0604, 0x81FE, 0xF0A0, 0x4478, 0xBA25, 0xE34B, 441 0xF3A2, 0xFE5D, 0xC080, 0x8A05, 0xAD3F, 0xBC21, 0x4870, 0x04F1, 442 0xDF63, 0xC177, 0x75AF, 0x6342, 0x3020, 0x1AE5, 0x0EFD, 0x6DBF, 443 0x4C81, 0x1418, 0x3526, 0x2FC3, 0xE1BE, 0xA235, 0xCC88, 0x392E, 444 0x5793, 0xF255, 0x82FC, 0x477A, 0xACC8, 0xE7BA, 0x2B32, 0x95E6, 445 0xA0C0, 0x9819, 0xD19E, 0x7FA3, 0x6644, 0x7E54, 0xAB3B, 0x830B, 446 0xCA8C, 0x29C7, 0xD36B, 0x3C28, 0x79A7, 0xE2BC, 0x1D16, 0x76AD, 447 0x3BDB, 0x5664, 0x4E74, 0x1E14, 0xDB92, 0x0A0C, 0x6C48, 0xE4B8, 448 0x5D9F, 0x6EBD, 0xEF43, 0xA6C4, 0xA839, 0xA431, 0x37D3, 0x8BF2, 449 0x32D5, 0x438B, 0x596E, 0xB7DA, 0x8C01, 0x64B1, 0xD29C, 0xE049, 450 0xB4D8, 0xFAAC, 0x07F3, 0x25CF, 0xAFCA, 0x8EF4, 0xE947, 0x1810, 451 0xD56F, 0x88F0, 0x6F4A, 0x725C, 0x2438, 0xF157, 0xC773, 0x5197, 452 0x23CB, 0x7CA1, 0x9CE8, 0x213E, 0xDD96, 0xDC61, 0x860D, 0x850F, 453 0x90E0, 0x427C, 0xC471, 0xAACC, 0xD890, 0x0506, 0x01F7, 0x121C, 454 0xA3C2, 0x5F6A, 0xF9AE, 0xD069, 0x9117, 0x5899, 0x273A, 0xB927, 455 0x38D9, 0x13EB, 0xB32B, 0x3322, 0xBBD2, 0x70A9, 0x8907, 0xA733, 456 0xB62D, 0x223C, 0x9215, 0x20C9, 0x4987, 0xFFAA, 0x7850, 0x7AA5, 457 0x8F03, 0xF859, 0x8009, 0x171A, 0xDA65, 0x31D7, 0xC684, 0xB8D0, 458 0xC382, 0xB029, 0x775A, 0x111E, 0xCB7B, 0xFCA8, 0xD66D, 0x3A2C, 459 } 460 }; 461 462 /* 463 ********************************************************************** 464 * Routine: Phase 1 -- generate P1K, given TA, TK, IV32 465 * 466 * Inputs: 467 * tk[] = temporal key [128 bits] 468 * ta[] = transmitter's MAC address [ 48 bits] 469 * iv32 = upper 32 bits of IV [ 32 bits] 470 * Output: 471 * p1k[] = Phase 1 key [ 80 bits] 472 * 473 * Note: 474 * This function only needs to be called every 2**16 packets, 475 * although in theory it could be called every packet. 476 * 477 ********************************************************************** 478 */ 479 static void phase1(u16 *p1k, const u8 *tk, const u8 *ta, u32 iv32) 480 { 481 signed int i; 482 483 /* Initialize the 80 bits of P1K[] from IV32 and TA[0..5] */ 484 p1k[0] = Lo16(iv32); 485 p1k[1] = Hi16(iv32); 486 p1k[2] = Mk16(ta[1], ta[0]); /* use TA[] as little-endian */ 487 p1k[3] = Mk16(ta[3], ta[2]); 488 p1k[4] = Mk16(ta[5], ta[4]); 489 490 /* Now compute an unbalanced Feistel cipher with 80-bit block */ 491 /* size on the 80-bit block P1K[], using the 128-bit key TK[] */ 492 for (i = 0; i < PHASE1_LOOP_CNT; i++) { 493 /* Each add operation here is mod 2**16 */ 494 p1k[0] += _S_(p1k[4] ^ TK16((i&1)+0)); 495 p1k[1] += _S_(p1k[0] ^ TK16((i&1)+2)); 496 p1k[2] += _S_(p1k[1] ^ TK16((i&1)+4)); 497 p1k[3] += _S_(p1k[2] ^ TK16((i&1)+6)); 498 p1k[4] += _S_(p1k[3] ^ TK16((i&1)+0)); 499 p1k[4] += (unsigned short)i; /* avoid "slide attacks" */ 500 } 501 } 502 503 504 /* 505 ********************************************************************** 506 * Routine: Phase 2 -- generate RC4KEY, given TK, P1K, IV16 507 * 508 * Inputs: 509 * tk[] = Temporal key [128 bits] 510 * p1k[] = Phase 1 output key [ 80 bits] 511 * iv16 = low 16 bits of IV counter [ 16 bits] 512 * Output: 513 * rc4key[] = the key used to encrypt the packet [128 bits] 514 * 515 * Note: 516 * The value {TA, IV32, IV16} for Phase1/Phase2 must be unique 517 * across all packets using the same key TK value. Then, for a 518 * given value of TK[], this TKIP48 construction guarantees that 519 * the final RC4KEY value is unique across all packets. 520 * 521 * Suggested implementation optimization: if PPK[] is "overlaid" 522 * appropriately on RC4KEY[], there is no need for the final 523 * for loop below that copies the PPK[] result into RC4KEY[]. 524 * 525 ********************************************************************** 526 */ 527 static void phase2(u8 *rc4key, const u8 *tk, const u16 *p1k, u16 iv16) 528 { 529 signed int i; 530 u16 PPK[6]; /* temporary key for mixing */ 531 532 /* Note: all adds in the PPK[] equations below are mod 2**16 */ 533 for (i = 0; i < 5; i++) 534 PPK[i] = p1k[i]; /* first, copy P1K to PPK */ 535 536 PPK[5] = p1k[4]+iv16; /* next, add in IV16 */ 537 538 /* Bijective non-linear mixing of the 96 bits of PPK[0..5] */ 539 PPK[0] += _S_(PPK[5] ^ TK16(0)); /* Mix key in each "round" */ 540 PPK[1] += _S_(PPK[0] ^ TK16(1)); 541 PPK[2] += _S_(PPK[1] ^ TK16(2)); 542 PPK[3] += _S_(PPK[2] ^ TK16(3)); 543 PPK[4] += _S_(PPK[3] ^ TK16(4)); 544 PPK[5] += _S_(PPK[4] ^ TK16(5)); /* Total # S-box lookups == 6 */ 545 546 /* Final sweep: bijective, "linear". Rotates kill LSB correlations */ 547 PPK[0] += RotR1(PPK[5] ^ TK16(6)); 548 PPK[1] += RotR1(PPK[0] ^ TK16(7)); /* Use all of TK[] in Phase2 */ 549 PPK[2] += RotR1(PPK[1]); 550 PPK[3] += RotR1(PPK[2]); 551 PPK[4] += RotR1(PPK[3]); 552 PPK[5] += RotR1(PPK[4]); 553 /* Note: At this point, for a given key TK[0..15], the 96-bit output */ 554 /* value PPK[0..5] is guaranteed to be unique, as a function */ 555 /* of the 96-bit "input" value {TA, IV32, IV16}. That is, P1K */ 556 /* is now a keyed permutation of {TA, IV32, IV16}. */ 557 558 /* Set RC4KEY[0..3], which includes "cleartext" portion of RC4 key */ 559 rc4key[0] = Hi8(iv16); /* RC4KEY[0..2] is the WEP IV */ 560 rc4key[1] = (Hi8(iv16) | 0x20) & 0x7F; /* Help avoid weak (FMS) keys */ 561 rc4key[2] = Lo8(iv16); 562 rc4key[3] = Lo8((PPK[5] ^ TK16(0)) >> 1); 563 564 565 /* Copy 96 bits of PPK[0..5] to RC4KEY[4..15] (little-endian) */ 566 for (i = 0; i < 6; i++) { 567 rc4key[4+2*i] = Lo8(PPK[i]); 568 rc4key[5+2*i] = Hi8(PPK[i]); 569 } 570 } 571 572 573 /* The hlen isn't include the IV */ 574 u32 rtw_tkip_encrypt(struct adapter *padapter, u8 *pxmitframe) 575 { /* exclude ICV */ 576 u16 pnl; 577 u32 pnh; 578 u8 rc4key[16]; 579 u8 ttkey[16]; 580 u8 crc[4]; 581 u8 hw_hdr_offset = 0; 582 struct arc4context mycontext; 583 signed int curfragnum, length; 584 585 u8 *pframe, *payload, *iv, *prwskey; 586 union pn48 dot11txpn; 587 struct pkt_attrib *pattrib = &((struct xmit_frame *)pxmitframe)->attrib; 588 struct security_priv *psecuritypriv = &padapter->securitypriv; 589 struct xmit_priv *pxmitpriv = &padapter->xmitpriv; 590 u32 res = _SUCCESS; 591 592 if (((struct xmit_frame *)pxmitframe)->buf_addr == NULL) 593 return _FAIL; 594 595 hw_hdr_offset = TXDESC_OFFSET; 596 pframe = ((struct xmit_frame *)pxmitframe)->buf_addr + hw_hdr_offset; 597 598 /* 4 start to encrypt each fragment */ 599 if (pattrib->encrypt == _TKIP_) { 600 601 { 602 if (IS_MCAST(pattrib->ra)) 603 prwskey = psecuritypriv->dot118021XGrpKey[psecuritypriv->dot118021XGrpKeyid].skey; 604 else 605 prwskey = pattrib->dot118021x_UncstKey.skey; 606 607 for (curfragnum = 0; curfragnum < pattrib->nr_frags; curfragnum++) { 608 iv = pframe+pattrib->hdrlen; 609 payload = pframe+pattrib->iv_len+pattrib->hdrlen; 610 611 GET_TKIP_PN(iv, dot11txpn); 612 613 pnl = (u16)(dot11txpn.val); 614 pnh = (u32)(dot11txpn.val>>16); 615 616 phase1((u16 *)&ttkey[0], prwskey, &pattrib->ta[0], pnh); 617 618 phase2(&rc4key[0], prwskey, (u16 *)&ttkey[0], pnl); 619 620 if ((curfragnum+1) == pattrib->nr_frags) { /* 4 the last fragment */ 621 length = pattrib->last_txcmdsz-pattrib->hdrlen-pattrib->iv_len-pattrib->icv_len; 622 *((__le32 *)crc) = getcrc32(payload, length);/* modified by Amy*/ 623 624 arcfour_init(&mycontext, rc4key, 16); 625 arcfour_encrypt(&mycontext, payload, payload, length); 626 arcfour_encrypt(&mycontext, payload+length, crc, 4); 627 628 } else { 629 length = pxmitpriv->frag_len-pattrib->hdrlen-pattrib->iv_len-pattrib->icv_len; 630 *((__le32 *)crc) = getcrc32(payload, length);/* modified by Amy*/ 631 arcfour_init(&mycontext, rc4key, 16); 632 arcfour_encrypt(&mycontext, payload, payload, length); 633 arcfour_encrypt(&mycontext, payload+length, crc, 4); 634 635 pframe += pxmitpriv->frag_len; 636 pframe = (u8 *)round_up((SIZE_PTR)(pframe), 4); 637 } 638 } 639 } 640 } 641 return res; 642 } 643 644 645 /* The hlen isn't include the IV */ 646 u32 rtw_tkip_decrypt(struct adapter *padapter, u8 *precvframe) 647 { /* exclude ICV */ 648 u16 pnl; 649 u32 pnh; 650 u8 rc4key[16]; 651 u8 ttkey[16]; 652 u8 crc[4]; 653 struct arc4context mycontext; 654 signed int length; 655 656 u8 *pframe, *payload, *iv, *prwskey; 657 union pn48 dot11txpn; 658 struct sta_info *stainfo; 659 struct rx_pkt_attrib *prxattrib = &((union recv_frame *)precvframe)->u.hdr.attrib; 660 struct security_priv *psecuritypriv = &padapter->securitypriv; 661 u32 res = _SUCCESS; 662 663 pframe = (unsigned char *)((union recv_frame *)precvframe)->u.hdr.rx_data; 664 665 /* 4 start to decrypt recvframe */ 666 if (prxattrib->encrypt == _TKIP_) { 667 stainfo = rtw_get_stainfo(&padapter->stapriv, &prxattrib->ta[0]); 668 if (stainfo) { 669 if (IS_MCAST(prxattrib->ra)) { 670 static unsigned long start; 671 static u32 no_gkey_bc_cnt; 672 static u32 no_gkey_mc_cnt; 673 674 if (!psecuritypriv->binstallGrpkey) { 675 res = _FAIL; 676 677 if (start == 0) 678 start = jiffies; 679 680 if (is_broadcast_mac_addr(prxattrib->ra)) 681 no_gkey_bc_cnt++; 682 else 683 no_gkey_mc_cnt++; 684 685 if (jiffies_to_msecs(jiffies - start) > 1000) { 686 if (no_gkey_bc_cnt || no_gkey_mc_cnt) { 687 DBG_871X_LEVEL(_drv_always_, FUNC_ADPT_FMT" no_gkey_bc_cnt:%u, no_gkey_mc_cnt:%u\n", 688 FUNC_ADPT_ARG(padapter), no_gkey_bc_cnt, no_gkey_mc_cnt); 689 } 690 start = jiffies; 691 no_gkey_bc_cnt = 0; 692 no_gkey_mc_cnt = 0; 693 } 694 goto exit; 695 } 696 697 if (no_gkey_bc_cnt || no_gkey_mc_cnt) { 698 DBG_871X_LEVEL(_drv_always_, FUNC_ADPT_FMT" gkey installed. no_gkey_bc_cnt:%u, no_gkey_mc_cnt:%u\n", 699 FUNC_ADPT_ARG(padapter), no_gkey_bc_cnt, no_gkey_mc_cnt); 700 } 701 start = 0; 702 no_gkey_bc_cnt = 0; 703 no_gkey_mc_cnt = 0; 704 705 prwskey = psecuritypriv->dot118021XGrpKey[prxattrib->key_index].skey; 706 } else { 707 prwskey = &stainfo->dot118021x_UncstKey.skey[0]; 708 } 709 710 iv = pframe+prxattrib->hdrlen; 711 payload = pframe+prxattrib->iv_len+prxattrib->hdrlen; 712 length = ((union recv_frame *)precvframe)->u.hdr.len-prxattrib->hdrlen-prxattrib->iv_len; 713 714 GET_TKIP_PN(iv, dot11txpn); 715 716 pnl = (u16)(dot11txpn.val); 717 pnh = (u32)(dot11txpn.val>>16); 718 719 phase1((u16 *)&ttkey[0], prwskey, &prxattrib->ta[0], pnh); 720 phase2(&rc4key[0], prwskey, (unsigned short *)&ttkey[0], pnl); 721 722 /* 4 decrypt payload include icv */ 723 724 arcfour_init(&mycontext, rc4key, 16); 725 arcfour_encrypt(&mycontext, payload, payload, length); 726 727 *((u32 *)crc) = le32_to_cpu(getcrc32(payload, length-4)); 728 729 if (crc[3] != payload[length - 1] || crc[2] != payload[length - 2] || 730 crc[1] != payload[length - 3] || crc[0] != payload[length - 4]) 731 res = _FAIL; 732 } else { 733 res = _FAIL; 734 } 735 } 736 exit: 737 return res; 738 } 739 740 741 /* 3 =====AES related ===== */ 742 743 744 745 #define MAX_MSG_SIZE 2048 746 /*****************************/ 747 /******** SBOX Table *********/ 748 /*****************************/ 749 750 static const u8 sbox_table[256] = { 751 0x63, 0x7c, 0x77, 0x7b, 0xf2, 0x6b, 0x6f, 0xc5, 752 0x30, 0x01, 0x67, 0x2b, 0xfe, 0xd7, 0xab, 0x76, 753 0xca, 0x82, 0xc9, 0x7d, 0xfa, 0x59, 0x47, 0xf0, 754 0xad, 0xd4, 0xa2, 0xaf, 0x9c, 0xa4, 0x72, 0xc0, 755 0xb7, 0xfd, 0x93, 0x26, 0x36, 0x3f, 0xf7, 0xcc, 756 0x34, 0xa5, 0xe5, 0xf1, 0x71, 0xd8, 0x31, 0x15, 757 0x04, 0xc7, 0x23, 0xc3, 0x18, 0x96, 0x05, 0x9a, 758 0x07, 0x12, 0x80, 0xe2, 0xeb, 0x27, 0xb2, 0x75, 759 0x09, 0x83, 0x2c, 0x1a, 0x1b, 0x6e, 0x5a, 0xa0, 760 0x52, 0x3b, 0xd6, 0xb3, 0x29, 0xe3, 0x2f, 0x84, 761 0x53, 0xd1, 0x00, 0xed, 0x20, 0xfc, 0xb1, 0x5b, 762 0x6a, 0xcb, 0xbe, 0x39, 0x4a, 0x4c, 0x58, 0xcf, 763 0xd0, 0xef, 0xaa, 0xfb, 0x43, 0x4d, 0x33, 0x85, 764 0x45, 0xf9, 0x02, 0x7f, 0x50, 0x3c, 0x9f, 0xa8, 765 0x51, 0xa3, 0x40, 0x8f, 0x92, 0x9d, 0x38, 0xf5, 766 0xbc, 0xb6, 0xda, 0x21, 0x10, 0xff, 0xf3, 0xd2, 767 0xcd, 0x0c, 0x13, 0xec, 0x5f, 0x97, 0x44, 0x17, 768 0xc4, 0xa7, 0x7e, 0x3d, 0x64, 0x5d, 0x19, 0x73, 769 0x60, 0x81, 0x4f, 0xdc, 0x22, 0x2a, 0x90, 0x88, 770 0x46, 0xee, 0xb8, 0x14, 0xde, 0x5e, 0x0b, 0xdb, 771 0xe0, 0x32, 0x3a, 0x0a, 0x49, 0x06, 0x24, 0x5c, 772 0xc2, 0xd3, 0xac, 0x62, 0x91, 0x95, 0xe4, 0x79, 773 0xe7, 0xc8, 0x37, 0x6d, 0x8d, 0xd5, 0x4e, 0xa9, 774 0x6c, 0x56, 0xf4, 0xea, 0x65, 0x7a, 0xae, 0x08, 775 0xba, 0x78, 0x25, 0x2e, 0x1c, 0xa6, 0xb4, 0xc6, 776 0xe8, 0xdd, 0x74, 0x1f, 0x4b, 0xbd, 0x8b, 0x8a, 777 0x70, 0x3e, 0xb5, 0x66, 0x48, 0x03, 0xf6, 0x0e, 778 0x61, 0x35, 0x57, 0xb9, 0x86, 0xc1, 0x1d, 0x9e, 779 0xe1, 0xf8, 0x98, 0x11, 0x69, 0xd9, 0x8e, 0x94, 780 0x9b, 0x1e, 0x87, 0xe9, 0xce, 0x55, 0x28, 0xdf, 781 0x8c, 0xa1, 0x89, 0x0d, 0xbf, 0xe6, 0x42, 0x68, 782 0x41, 0x99, 0x2d, 0x0f, 0xb0, 0x54, 0xbb, 0x16 783 }; 784 785 /*****************************/ 786 /**** Function Prototypes ****/ 787 /*****************************/ 788 789 static void bitwise_xor(u8 *ina, u8 *inb, u8 *out); 790 static void construct_mic_iv(u8 *mic_header1, 791 signed int qc_exists, 792 signed int a4_exists, 793 u8 *mpdu, 794 uint payload_length, 795 u8 *pn_vector, 796 uint frtype); /* add for CONFIG_IEEE80211W, none 11w also can use */ 797 static void construct_mic_header1(u8 *mic_header1, 798 signed int header_length, 799 u8 *mpdu, 800 uint frtype); /* for CONFIG_IEEE80211W, none 11w also can use */ 801 static void construct_mic_header2(u8 *mic_header2, 802 u8 *mpdu, 803 signed int a4_exists, 804 signed int qc_exists); 805 static void construct_ctr_preload(u8 *ctr_preload, 806 signed int a4_exists, 807 signed int qc_exists, 808 u8 *mpdu, 809 u8 *pn_vector, 810 signed int c, 811 uint frtype); /* for CONFIG_IEEE80211W, none 11w also can use */ 812 static void xor_128(u8 *a, u8 *b, u8 *out); 813 static void xor_32(u8 *a, u8 *b, u8 *out); 814 static u8 sbox(u8 a); 815 static void next_key(u8 *key, signed int round); 816 static void byte_sub(u8 *in, u8 *out); 817 static void shift_row(u8 *in, u8 *out); 818 static void mix_column(u8 *in, u8 *out); 819 static void aes128k128d(u8 *key, u8 *data, u8 *ciphertext); 820 821 822 /****************************************/ 823 /* aes128k128d() */ 824 /* Performs a 128 bit AES encrypt with */ 825 /* 128 bit data. */ 826 /****************************************/ 827 static void xor_128(u8 *a, u8 *b, u8 *out) 828 { 829 signed int i; 830 831 for (i = 0; i < 16; i++) 832 out[i] = a[i] ^ b[i]; 833 } 834 835 836 static void xor_32(u8 *a, u8 *b, u8 *out) 837 { 838 signed int i; 839 840 for (i = 0; i < 4; i++) 841 out[i] = a[i] ^ b[i]; 842 } 843 844 845 static u8 sbox(u8 a) 846 { 847 return sbox_table[(signed int)a]; 848 } 849 850 851 static void next_key(u8 *key, signed int round) 852 { 853 u8 rcon; 854 u8 sbox_key[4]; 855 static const u8 rcon_table[12] = { 856 0x01, 0x02, 0x04, 0x08, 857 0x10, 0x20, 0x40, 0x80, 858 0x1b, 0x36, 0x36, 0x36 859 }; 860 sbox_key[0] = sbox(key[13]); 861 sbox_key[1] = sbox(key[14]); 862 sbox_key[2] = sbox(key[15]); 863 sbox_key[3] = sbox(key[12]); 864 865 rcon = rcon_table[round]; 866 867 xor_32(&key[0], sbox_key, &key[0]); 868 key[0] = key[0] ^ rcon; 869 870 xor_32(&key[4], &key[0], &key[4]); 871 xor_32(&key[8], &key[4], &key[8]); 872 xor_32(&key[12], &key[8], &key[12]); 873 } 874 875 876 static void byte_sub(u8 *in, u8 *out) 877 { 878 signed int i; 879 880 for (i = 0; i < 16; i++) 881 out[i] = sbox(in[i]); 882 } 883 884 885 static void shift_row(u8 *in, u8 *out) 886 { 887 out[0] = in[0]; 888 out[1] = in[5]; 889 out[2] = in[10]; 890 out[3] = in[15]; 891 out[4] = in[4]; 892 out[5] = in[9]; 893 out[6] = in[14]; 894 out[7] = in[3]; 895 out[8] = in[8]; 896 out[9] = in[13]; 897 out[10] = in[2]; 898 out[11] = in[7]; 899 out[12] = in[12]; 900 out[13] = in[1]; 901 out[14] = in[6]; 902 out[15] = in[11]; 903 } 904 905 static void mix_column(u8 *in, u8 *out) 906 { 907 signed int i; 908 u8 add1b[4]; 909 u8 add1bf7[4]; 910 u8 rotl[4]; 911 u8 swap_halfs[4]; 912 u8 andf7[4]; 913 u8 rotr[4]; 914 u8 temp[4]; 915 u8 tempb[4]; 916 917 for (i = 0; i < 4; i++) { 918 if ((in[i] & 0x80) == 0x80) 919 add1b[i] = 0x1b; 920 else 921 add1b[i] = 0x00; 922 } 923 924 swap_halfs[0] = in[2]; /* Swap halfs */ 925 swap_halfs[1] = in[3]; 926 swap_halfs[2] = in[0]; 927 swap_halfs[3] = in[1]; 928 929 rotl[0] = in[3]; /* Rotate left 8 bits */ 930 rotl[1] = in[0]; 931 rotl[2] = in[1]; 932 rotl[3] = in[2]; 933 934 andf7[0] = in[0] & 0x7f; 935 andf7[1] = in[1] & 0x7f; 936 andf7[2] = in[2] & 0x7f; 937 andf7[3] = in[3] & 0x7f; 938 939 for (i = 3; i > 0; i--) { /* logical shift left 1 bit */ 940 andf7[i] = andf7[i] << 1; 941 if ((andf7[i-1] & 0x80) == 0x80) 942 andf7[i] = (andf7[i] | 0x01); 943 } 944 andf7[0] = andf7[0] << 1; 945 andf7[0] = andf7[0] & 0xfe; 946 947 xor_32(add1b, andf7, add1bf7); 948 949 xor_32(in, add1bf7, rotr); 950 951 temp[0] = rotr[0]; /* Rotate right 8 bits */ 952 rotr[0] = rotr[1]; 953 rotr[1] = rotr[2]; 954 rotr[2] = rotr[3]; 955 rotr[3] = temp[0]; 956 957 xor_32(add1bf7, rotr, temp); 958 xor_32(swap_halfs, rotl, tempb); 959 xor_32(temp, tempb, out); 960 } 961 962 static void aes128k128d(u8 *key, u8 *data, u8 *ciphertext) 963 { 964 signed int round; 965 signed int i; 966 u8 intermediatea[16]; 967 u8 intermediateb[16]; 968 u8 round_key[16]; 969 970 for (i = 0; i < 16; i++) 971 round_key[i] = key[i]; 972 973 for (round = 0; round < 11; round++) { 974 if (round == 0) { 975 xor_128(round_key, data, ciphertext); 976 next_key(round_key, round); 977 } else if (round == 10) { 978 byte_sub(ciphertext, intermediatea); 979 shift_row(intermediatea, intermediateb); 980 xor_128(intermediateb, round_key, ciphertext); 981 } else { /* 1 - 9 */ 982 byte_sub(ciphertext, intermediatea); 983 shift_row(intermediatea, intermediateb); 984 mix_column(&intermediateb[0], &intermediatea[0]); 985 mix_column(&intermediateb[4], &intermediatea[4]); 986 mix_column(&intermediateb[8], &intermediatea[8]); 987 mix_column(&intermediateb[12], &intermediatea[12]); 988 xor_128(intermediatea, round_key, ciphertext); 989 next_key(round_key, round); 990 } 991 } 992 } 993 994 /************************************************/ 995 /* construct_mic_iv() */ 996 /* Builds the MIC IV from header fields and PN */ 997 /* Baron think the function is construct CCM */ 998 /* nonce */ 999 /************************************************/ 1000 static void construct_mic_iv(u8 *mic_iv, 1001 signed int qc_exists, 1002 signed int a4_exists, 1003 u8 *mpdu, 1004 uint payload_length, 1005 u8 *pn_vector, 1006 uint frtype) /* add for CONFIG_IEEE80211W, none 11w also can use */ 1007 { 1008 signed int i; 1009 1010 mic_iv[0] = 0x59; 1011 1012 if (qc_exists && a4_exists) 1013 mic_iv[1] = mpdu[30] & 0x0f; /* QoS_TC */ 1014 1015 if (qc_exists && !a4_exists) 1016 mic_iv[1] = mpdu[24] & 0x0f; /* mute bits 7-4 */ 1017 1018 if (!qc_exists) 1019 mic_iv[1] = 0x00; 1020 1021 /* 802.11w management frame should set management bit(4) */ 1022 if (frtype == WIFI_MGT_TYPE) 1023 mic_iv[1] |= BIT(4); 1024 1025 for (i = 2; i < 8; i++) 1026 mic_iv[i] = mpdu[i + 8]; /* mic_iv[2:7] = A2[0:5] = mpdu[10:15] */ 1027 #ifdef CONSISTENT_PN_ORDER 1028 for (i = 8; i < 14; i++) 1029 mic_iv[i] = pn_vector[i - 8]; /* mic_iv[8:13] = PN[0:5] */ 1030 #else 1031 for (i = 8; i < 14; i++) 1032 mic_iv[i] = pn_vector[13 - i]; /* mic_iv[8:13] = PN[5:0] */ 1033 #endif 1034 mic_iv[14] = (unsigned char) (payload_length / 256); 1035 mic_iv[15] = (unsigned char) (payload_length % 256); 1036 } 1037 1038 /************************************************/ 1039 /* construct_mic_header1() */ 1040 /* Builds the first MIC header block from */ 1041 /* header fields. */ 1042 /* Build AAD SC, A1, A2 */ 1043 /************************************************/ 1044 static void construct_mic_header1(u8 *mic_header1, 1045 signed int header_length, 1046 u8 *mpdu, 1047 uint frtype) /* for CONFIG_IEEE80211W, none 11w also can use */ 1048 { 1049 mic_header1[0] = (u8)((header_length - 2) / 256); 1050 mic_header1[1] = (u8)((header_length - 2) % 256); 1051 1052 /* 802.11w management frame don't AND subtype bits 4, 5, 6 of frame control field */ 1053 if (frtype == WIFI_MGT_TYPE) 1054 mic_header1[2] = mpdu[0]; 1055 else 1056 mic_header1[2] = mpdu[0] & 0xcf; /* Mute CF poll & CF ack bits */ 1057 1058 mic_header1[3] = mpdu[1] & 0xc7; /* Mute retry, more data and pwr mgt bits */ 1059 mic_header1[4] = mpdu[4]; /* A1 */ 1060 mic_header1[5] = mpdu[5]; 1061 mic_header1[6] = mpdu[6]; 1062 mic_header1[7] = mpdu[7]; 1063 mic_header1[8] = mpdu[8]; 1064 mic_header1[9] = mpdu[9]; 1065 mic_header1[10] = mpdu[10]; /* A2 */ 1066 mic_header1[11] = mpdu[11]; 1067 mic_header1[12] = mpdu[12]; 1068 mic_header1[13] = mpdu[13]; 1069 mic_header1[14] = mpdu[14]; 1070 mic_header1[15] = mpdu[15]; 1071 } 1072 1073 /************************************************/ 1074 /* construct_mic_header2() */ 1075 /* Builds the last MIC header block from */ 1076 /* header fields. */ 1077 /************************************************/ 1078 static void construct_mic_header2(u8 *mic_header2, 1079 u8 *mpdu, 1080 signed int a4_exists, 1081 signed int qc_exists) 1082 { 1083 signed int i; 1084 1085 for (i = 0; i < 16; i++) 1086 mic_header2[i] = 0x00; 1087 1088 mic_header2[0] = mpdu[16]; /* A3 */ 1089 mic_header2[1] = mpdu[17]; 1090 mic_header2[2] = mpdu[18]; 1091 mic_header2[3] = mpdu[19]; 1092 mic_header2[4] = mpdu[20]; 1093 mic_header2[5] = mpdu[21]; 1094 1095 mic_header2[6] = 0x00; 1096 mic_header2[7] = 0x00; /* mpdu[23]; */ 1097 1098 if (!qc_exists && a4_exists) { 1099 for (i = 0; i < 6; i++) 1100 mic_header2[8+i] = mpdu[24+i]; /* A4 */ 1101 } 1102 1103 if (qc_exists && !a4_exists) { 1104 mic_header2[8] = mpdu[24] & 0x0f; /* mute bits 15 - 4 */ 1105 mic_header2[9] = mpdu[25] & 0x00; 1106 } 1107 1108 if (qc_exists && a4_exists) { 1109 for (i = 0; i < 6; i++) 1110 mic_header2[8+i] = mpdu[24+i]; /* A4 */ 1111 1112 mic_header2[14] = mpdu[30] & 0x0f; 1113 mic_header2[15] = mpdu[31] & 0x00; 1114 } 1115 } 1116 1117 /************************************************/ 1118 /* construct_mic_header2() */ 1119 /* Builds the last MIC header block from */ 1120 /* header fields. */ 1121 /* Baron think the function is construct CCM */ 1122 /* nonce */ 1123 /************************************************/ 1124 static void construct_ctr_preload(u8 *ctr_preload, 1125 signed int a4_exists, 1126 signed int qc_exists, 1127 u8 *mpdu, 1128 u8 *pn_vector, 1129 signed int c, 1130 uint frtype) /* for CONFIG_IEEE80211W, none 11w also can use */ 1131 { 1132 signed int i = 0; 1133 1134 for (i = 0; i < 16; i++) 1135 ctr_preload[i] = 0x00; 1136 i = 0; 1137 1138 ctr_preload[0] = 0x01; /* flag */ 1139 if (qc_exists && a4_exists) 1140 ctr_preload[1] = mpdu[30] & 0x0f; /* QoC_Control */ 1141 if (qc_exists && !a4_exists) 1142 ctr_preload[1] = mpdu[24] & 0x0f; 1143 1144 /* 802.11w management frame should set management bit(4) */ 1145 if (frtype == WIFI_MGT_TYPE) 1146 ctr_preload[1] |= BIT(4); 1147 1148 for (i = 2; i < 8; i++) 1149 ctr_preload[i] = mpdu[i + 8]; /* ctr_preload[2:7] = A2[0:5] = mpdu[10:15] */ 1150 #ifdef CONSISTENT_PN_ORDER 1151 for (i = 8; i < 14; i++) 1152 ctr_preload[i] = pn_vector[i - 8]; /* ctr_preload[8:13] = PN[0:5] */ 1153 #else 1154 for (i = 8; i < 14; i++) 1155 ctr_preload[i] = pn_vector[13 - i]; /* ctr_preload[8:13] = PN[5:0] */ 1156 #endif 1157 ctr_preload[14] = (unsigned char) (c / 256); /* Ctr */ 1158 ctr_preload[15] = (unsigned char) (c % 256); 1159 } 1160 1161 /************************************/ 1162 /* bitwise_xor() */ 1163 /* A 128 bit, bitwise exclusive or */ 1164 /************************************/ 1165 static void bitwise_xor(u8 *ina, u8 *inb, u8 *out) 1166 { 1167 signed int i; 1168 1169 for (i = 0; i < 16; i++) 1170 out[i] = ina[i] ^ inb[i]; 1171 } 1172 1173 static signed int aes_cipher(u8 *key, uint hdrlen, 1174 u8 *pframe, uint plen) 1175 { 1176 uint qc_exists, a4_exists, i, j, payload_remainder, 1177 num_blocks, payload_index; 1178 1179 u8 pn_vector[6]; 1180 u8 mic_iv[16]; 1181 u8 mic_header1[16]; 1182 u8 mic_header2[16]; 1183 u8 ctr_preload[16]; 1184 1185 /* Intermediate Buffers */ 1186 u8 chain_buffer[16]; 1187 u8 aes_out[16]; 1188 u8 padded_buffer[16]; 1189 u8 mic[8]; 1190 uint frtype = GetFrameType(pframe); 1191 uint frsubtype = GetFrameSubType(pframe); 1192 1193 frsubtype = frsubtype>>4; 1194 1195 memset((void *)mic_iv, 0, 16); 1196 memset((void *)mic_header1, 0, 16); 1197 memset((void *)mic_header2, 0, 16); 1198 memset((void *)ctr_preload, 0, 16); 1199 memset((void *)chain_buffer, 0, 16); 1200 memset((void *)aes_out, 0, 16); 1201 memset((void *)padded_buffer, 0, 16); 1202 1203 if ((hdrlen == WLAN_HDR_A3_LEN) || (hdrlen == WLAN_HDR_A3_QOS_LEN)) 1204 a4_exists = 0; 1205 else 1206 a4_exists = 1; 1207 1208 if (((frtype|frsubtype) == WIFI_DATA_CFACK) || 1209 ((frtype|frsubtype) == WIFI_DATA_CFPOLL) || 1210 ((frtype|frsubtype) == WIFI_DATA_CFACKPOLL)) { 1211 qc_exists = 1; 1212 if (hdrlen != WLAN_HDR_A3_QOS_LEN) 1213 hdrlen += 2; 1214 1215 } else if ((frtype == WIFI_DATA) && /* add for CONFIG_IEEE80211W, none 11w also can use */ 1216 ((frsubtype == 0x08) || 1217 (frsubtype == 0x09) || 1218 (frsubtype == 0x0a) || 1219 (frsubtype == 0x0b))) { 1220 if (hdrlen != WLAN_HDR_A3_QOS_LEN) 1221 hdrlen += 2; 1222 1223 qc_exists = 1; 1224 } else { 1225 qc_exists = 0; 1226 } 1227 1228 pn_vector[0] = pframe[hdrlen]; 1229 pn_vector[1] = pframe[hdrlen+1]; 1230 pn_vector[2] = pframe[hdrlen+4]; 1231 pn_vector[3] = pframe[hdrlen+5]; 1232 pn_vector[4] = pframe[hdrlen+6]; 1233 pn_vector[5] = pframe[hdrlen+7]; 1234 1235 construct_mic_iv(mic_iv, 1236 qc_exists, 1237 a4_exists, 1238 pframe, /* message, */ 1239 plen, 1240 pn_vector, 1241 frtype); /* add for CONFIG_IEEE80211W, none 11w also can use */ 1242 1243 construct_mic_header1(mic_header1, 1244 hdrlen, 1245 pframe, /* message */ 1246 frtype); /* add for CONFIG_IEEE80211W, none 11w also can use */ 1247 1248 construct_mic_header2(mic_header2, 1249 pframe, /* message, */ 1250 a4_exists, 1251 qc_exists); 1252 1253 payload_remainder = plen % 16; 1254 num_blocks = plen / 16; 1255 1256 /* Find start of payload */ 1257 payload_index = (hdrlen + 8); 1258 1259 /* Calculate MIC */ 1260 aes128k128d(key, mic_iv, aes_out); 1261 bitwise_xor(aes_out, mic_header1, chain_buffer); 1262 aes128k128d(key, chain_buffer, aes_out); 1263 bitwise_xor(aes_out, mic_header2, chain_buffer); 1264 aes128k128d(key, chain_buffer, aes_out); 1265 1266 for (i = 0; i < num_blocks; i++) { 1267 bitwise_xor(aes_out, &pframe[payload_index], chain_buffer); 1268 1269 payload_index += 16; 1270 aes128k128d(key, chain_buffer, aes_out); 1271 } 1272 1273 /* Add on the final payload block if it needs padding */ 1274 if (payload_remainder > 0) { 1275 for (j = 0; j < 16; j++) 1276 padded_buffer[j] = 0x00; 1277 for (j = 0; j < payload_remainder; j++) 1278 padded_buffer[j] = pframe[payload_index++]; 1279 1280 bitwise_xor(aes_out, padded_buffer, chain_buffer); 1281 aes128k128d(key, chain_buffer, aes_out); 1282 } 1283 1284 for (j = 0 ; j < 8; j++) 1285 mic[j] = aes_out[j]; 1286 1287 /* Insert MIC into payload */ 1288 for (j = 0; j < 8; j++) 1289 pframe[payload_index+j] = mic[j]; 1290 1291 payload_index = hdrlen + 8; 1292 for (i = 0; i < num_blocks; i++) { 1293 construct_ctr_preload(ctr_preload, a4_exists, qc_exists, pframe, /* message, */ 1294 pn_vector, i+1, frtype); 1295 /* add for CONFIG_IEEE80211W, none 11w also can use */ 1296 aes128k128d(key, ctr_preload, aes_out); 1297 bitwise_xor(aes_out, &pframe[payload_index], chain_buffer); 1298 for (j = 0; j < 16; j++) 1299 pframe[payload_index++] = chain_buffer[j]; 1300 } 1301 1302 if (payload_remainder > 0) { 1303 /* If there is a short final block, then pad it,*/ 1304 /* encrypt it and copy the unpadded part back */ 1305 construct_ctr_preload(ctr_preload, a4_exists, qc_exists, pframe, /* message, */ 1306 pn_vector, num_blocks+1, frtype); 1307 /* add for CONFIG_IEEE80211W, none 11w also can use */ 1308 1309 for (j = 0; j < 16; j++) 1310 padded_buffer[j] = 0x00; 1311 for (j = 0; j < payload_remainder; j++) 1312 padded_buffer[j] = pframe[payload_index+j]; 1313 1314 aes128k128d(key, ctr_preload, aes_out); 1315 bitwise_xor(aes_out, padded_buffer, chain_buffer); 1316 for (j = 0; j < payload_remainder; j++) 1317 pframe[payload_index++] = chain_buffer[j]; 1318 } 1319 1320 /* Encrypt the MIC */ 1321 construct_ctr_preload(ctr_preload, a4_exists, qc_exists, pframe, /* message, */ 1322 pn_vector, 0, frtype); 1323 /* add for CONFIG_IEEE80211W, none 11w also can use */ 1324 1325 for (j = 0; j < 16; j++) 1326 padded_buffer[j] = 0x00; 1327 for (j = 0; j < 8; j++) 1328 padded_buffer[j] = pframe[j+hdrlen+8+plen]; 1329 1330 aes128k128d(key, ctr_preload, aes_out); 1331 bitwise_xor(aes_out, padded_buffer, chain_buffer); 1332 for (j = 0; j < 8; j++) 1333 pframe[payload_index++] = chain_buffer[j]; 1334 1335 return _SUCCESS; 1336 } 1337 1338 u32 rtw_aes_encrypt(struct adapter *padapter, u8 *pxmitframe) 1339 { /* exclude ICV */ 1340 1341 /*static*/ 1342 /* unsigned char message[MAX_MSG_SIZE]; */ 1343 1344 /* Intermediate Buffers */ 1345 signed int curfragnum, length; 1346 u8 *pframe, *prwskey; /* *payload,*iv */ 1347 u8 hw_hdr_offset = 0; 1348 struct pkt_attrib *pattrib = &((struct xmit_frame *)pxmitframe)->attrib; 1349 struct security_priv *psecuritypriv = &padapter->securitypriv; 1350 struct xmit_priv *pxmitpriv = &padapter->xmitpriv; 1351 1352 u32 res = _SUCCESS; 1353 1354 if (((struct xmit_frame *)pxmitframe)->buf_addr == NULL) 1355 return _FAIL; 1356 1357 hw_hdr_offset = TXDESC_OFFSET; 1358 pframe = ((struct xmit_frame *)pxmitframe)->buf_addr + hw_hdr_offset; 1359 1360 /* 4 start to encrypt each fragment */ 1361 if (pattrib->encrypt == _AES_) { 1362 if (IS_MCAST(pattrib->ra)) 1363 prwskey = psecuritypriv->dot118021XGrpKey[psecuritypriv->dot118021XGrpKeyid].skey; 1364 else 1365 prwskey = pattrib->dot118021x_UncstKey.skey; 1366 1367 for (curfragnum = 0; curfragnum < pattrib->nr_frags; curfragnum++) { 1368 if ((curfragnum+1) == pattrib->nr_frags) { /* 4 the last fragment */ 1369 length = pattrib->last_txcmdsz-pattrib->hdrlen-pattrib->iv_len-pattrib->icv_len; 1370 1371 aes_cipher(prwskey, pattrib->hdrlen, pframe, length); 1372 } else { 1373 length = pxmitpriv->frag_len-pattrib->hdrlen-pattrib->iv_len-pattrib->icv_len; 1374 1375 aes_cipher(prwskey, pattrib->hdrlen, pframe, length); 1376 pframe += pxmitpriv->frag_len; 1377 pframe = (u8 *)round_up((SIZE_PTR)(pframe), 4); 1378 } 1379 } 1380 } 1381 return res; 1382 } 1383 1384 static signed int aes_decipher(u8 *key, uint hdrlen, 1385 u8 *pframe, uint plen) 1386 { 1387 static u8 message[MAX_MSG_SIZE]; 1388 uint qc_exists, a4_exists, i, j, payload_remainder, 1389 num_blocks, payload_index; 1390 signed int res = _SUCCESS; 1391 u8 pn_vector[6]; 1392 u8 mic_iv[16]; 1393 u8 mic_header1[16]; 1394 u8 mic_header2[16]; 1395 u8 ctr_preload[16]; 1396 1397 /* Intermediate Buffers */ 1398 u8 chain_buffer[16]; 1399 u8 aes_out[16]; 1400 u8 padded_buffer[16]; 1401 u8 mic[8]; 1402 1403 uint frtype = GetFrameType(pframe); 1404 uint frsubtype = GetFrameSubType(pframe); 1405 1406 frsubtype = frsubtype>>4; 1407 1408 memset((void *)mic_iv, 0, 16); 1409 memset((void *)mic_header1, 0, 16); 1410 memset((void *)mic_header2, 0, 16); 1411 memset((void *)ctr_preload, 0, 16); 1412 memset((void *)chain_buffer, 0, 16); 1413 memset((void *)aes_out, 0, 16); 1414 memset((void *)padded_buffer, 0, 16); 1415 1416 /* start to decrypt the payload */ 1417 1418 num_blocks = (plen-8) / 16; /* plen including LLC, payload_length and mic) */ 1419 1420 payload_remainder = (plen-8) % 16; 1421 1422 pn_vector[0] = pframe[hdrlen]; 1423 pn_vector[1] = pframe[hdrlen + 1]; 1424 pn_vector[2] = pframe[hdrlen + 4]; 1425 pn_vector[3] = pframe[hdrlen + 5]; 1426 pn_vector[4] = pframe[hdrlen + 6]; 1427 pn_vector[5] = pframe[hdrlen + 7]; 1428 1429 if ((hdrlen == WLAN_HDR_A3_LEN) || (hdrlen == WLAN_HDR_A3_QOS_LEN)) 1430 a4_exists = 0; 1431 else 1432 a4_exists = 1; 1433 1434 if (((frtype|frsubtype) == WIFI_DATA_CFACK) || 1435 ((frtype|frsubtype) == WIFI_DATA_CFPOLL) || 1436 ((frtype|frsubtype) == WIFI_DATA_CFACKPOLL)) { 1437 qc_exists = 1; 1438 if (hdrlen != WLAN_HDR_A3_QOS_LEN) 1439 hdrlen += 2; 1440 1441 } else if ((frtype == WIFI_DATA) && /* only for data packet . add for CONFIG_IEEE80211W, none 11w also can use */ 1442 ((frsubtype == 0x08) || 1443 (frsubtype == 0x09) || 1444 (frsubtype == 0x0a) || 1445 (frsubtype == 0x0b))) { 1446 if (hdrlen != WLAN_HDR_A3_QOS_LEN) 1447 hdrlen += 2; 1448 1449 qc_exists = 1; 1450 } else { 1451 qc_exists = 0; 1452 } 1453 1454 /* now, decrypt pframe with hdrlen offset and plen long */ 1455 1456 payload_index = hdrlen + 8; /* 8 is for extiv */ 1457 1458 for (i = 0; i < num_blocks; i++) { 1459 construct_ctr_preload(ctr_preload, a4_exists, 1460 qc_exists, pframe, 1461 pn_vector, i + 1, 1462 frtype); /* add for CONFIG_IEEE80211W, none 11w also can use */ 1463 1464 aes128k128d(key, ctr_preload, aes_out); 1465 bitwise_xor(aes_out, &pframe[payload_index], chain_buffer); 1466 1467 for (j = 0; j < 16; j++) 1468 pframe[payload_index++] = chain_buffer[j]; 1469 } 1470 1471 if (payload_remainder > 0) { 1472 /* If there is a short final block, then pad it,*/ 1473 /* encrypt it and copy the unpadded part back */ 1474 construct_ctr_preload(ctr_preload, a4_exists, qc_exists, pframe, pn_vector, 1475 num_blocks+1, frtype); 1476 /* add for CONFIG_IEEE80211W, none 11w also can use */ 1477 1478 for (j = 0; j < 16; j++) 1479 padded_buffer[j] = 0x00; 1480 for (j = 0; j < payload_remainder; j++) 1481 padded_buffer[j] = pframe[payload_index+j]; 1482 1483 aes128k128d(key, ctr_preload, aes_out); 1484 bitwise_xor(aes_out, padded_buffer, chain_buffer); 1485 for (j = 0; j < payload_remainder; j++) 1486 pframe[payload_index++] = chain_buffer[j]; 1487 } 1488 1489 /* start to calculate the mic */ 1490 if ((hdrlen + plen+8) <= MAX_MSG_SIZE) 1491 memcpy((void *)message, pframe, (hdrlen + plen+8)); /* 8 is for ext iv len */ 1492 1493 pn_vector[0] = pframe[hdrlen]; 1494 pn_vector[1] = pframe[hdrlen+1]; 1495 pn_vector[2] = pframe[hdrlen+4]; 1496 pn_vector[3] = pframe[hdrlen+5]; 1497 pn_vector[4] = pframe[hdrlen+6]; 1498 pn_vector[5] = pframe[hdrlen+7]; 1499 1500 construct_mic_iv(mic_iv, qc_exists, a4_exists, message, plen-8, pn_vector, frtype); 1501 /* add for CONFIG_IEEE80211W, none 11w also can use */ 1502 1503 construct_mic_header1(mic_header1, hdrlen, message, frtype); 1504 /* add for CONFIG_IEEE80211W, none 11w also can use */ 1505 construct_mic_header2(mic_header2, message, a4_exists, qc_exists); 1506 1507 payload_remainder = (plen-8) % 16; 1508 num_blocks = (plen-8) / 16; 1509 1510 /* Find start of payload */ 1511 payload_index = (hdrlen + 8); 1512 1513 /* Calculate MIC */ 1514 aes128k128d(key, mic_iv, aes_out); 1515 bitwise_xor(aes_out, mic_header1, chain_buffer); 1516 aes128k128d(key, chain_buffer, aes_out); 1517 bitwise_xor(aes_out, mic_header2, chain_buffer); 1518 aes128k128d(key, chain_buffer, aes_out); 1519 1520 for (i = 0; i < num_blocks; i++) { 1521 bitwise_xor(aes_out, &message[payload_index], chain_buffer); 1522 1523 payload_index += 16; 1524 aes128k128d(key, chain_buffer, aes_out); 1525 } 1526 1527 /* Add on the final payload block if it needs padding */ 1528 if (payload_remainder > 0) { 1529 for (j = 0; j < 16; j++) 1530 padded_buffer[j] = 0x00; 1531 for (j = 0; j < payload_remainder; j++) 1532 padded_buffer[j] = message[payload_index++]; 1533 1534 bitwise_xor(aes_out, padded_buffer, chain_buffer); 1535 aes128k128d(key, chain_buffer, aes_out); 1536 } 1537 1538 for (j = 0; j < 8; j++) 1539 mic[j] = aes_out[j]; 1540 1541 /* Insert MIC into payload */ 1542 for (j = 0; j < 8; j++) 1543 message[payload_index+j] = mic[j]; 1544 1545 payload_index = hdrlen + 8; 1546 for (i = 0; i < num_blocks; i++) { 1547 construct_ctr_preload(ctr_preload, a4_exists, qc_exists, message, pn_vector, i+1, 1548 frtype); 1549 /* add for CONFIG_IEEE80211W, none 11w also can use */ 1550 aes128k128d(key, ctr_preload, aes_out); 1551 bitwise_xor(aes_out, &message[payload_index], chain_buffer); 1552 for (j = 0; j < 16; j++) 1553 message[payload_index++] = chain_buffer[j]; 1554 } 1555 1556 if (payload_remainder > 0) { 1557 /* If there is a short final block, then pad it,*/ 1558 /* encrypt it and copy the unpadded part back */ 1559 construct_ctr_preload(ctr_preload, a4_exists, qc_exists, message, pn_vector, 1560 num_blocks+1, frtype); 1561 /* add for CONFIG_IEEE80211W, none 11w also can use */ 1562 1563 for (j = 0; j < 16; j++) 1564 padded_buffer[j] = 0x00; 1565 for (j = 0; j < payload_remainder; j++) 1566 padded_buffer[j] = message[payload_index+j]; 1567 1568 aes128k128d(key, ctr_preload, aes_out); 1569 bitwise_xor(aes_out, padded_buffer, chain_buffer); 1570 for (j = 0; j < payload_remainder; j++) 1571 message[payload_index++] = chain_buffer[j]; 1572 } 1573 1574 /* Encrypt the MIC */ 1575 construct_ctr_preload(ctr_preload, a4_exists, qc_exists, message, pn_vector, 0, frtype); 1576 /* add for CONFIG_IEEE80211W, none 11w also can use */ 1577 1578 for (j = 0; j < 16; j++) 1579 padded_buffer[j] = 0x00; 1580 for (j = 0; j < 8; j++) 1581 padded_buffer[j] = message[j+hdrlen+8+plen-8]; 1582 1583 aes128k128d(key, ctr_preload, aes_out); 1584 bitwise_xor(aes_out, padded_buffer, chain_buffer); 1585 for (j = 0; j < 8; j++) 1586 message[payload_index++] = chain_buffer[j]; 1587 1588 /* compare the mic */ 1589 for (i = 0; i < 8; i++) { 1590 if (pframe[hdrlen+8+plen-8+i] != message[hdrlen+8+plen-8+i]) { 1591 res = _FAIL; 1592 } 1593 } 1594 return res; 1595 } 1596 1597 u32 rtw_aes_decrypt(struct adapter *padapter, u8 *precvframe) 1598 { /* exclude ICV */ 1599 1600 /*static*/ 1601 /* unsigned char message[MAX_MSG_SIZE]; */ 1602 1603 /* Intermediate Buffers */ 1604 1605 signed int length; 1606 u8 *pframe, *prwskey; /* *payload,*iv */ 1607 struct sta_info *stainfo; 1608 struct rx_pkt_attrib *prxattrib = &((union recv_frame *)precvframe)->u.hdr.attrib; 1609 struct security_priv *psecuritypriv = &padapter->securitypriv; 1610 u32 res = _SUCCESS; 1611 1612 pframe = (unsigned char *)((union recv_frame *)precvframe)->u.hdr.rx_data; 1613 /* 4 start to encrypt each fragment */ 1614 if (prxattrib->encrypt == _AES_) { 1615 stainfo = rtw_get_stainfo(&padapter->stapriv, &prxattrib->ta[0]); 1616 if (stainfo) { 1617 if (IS_MCAST(prxattrib->ra)) { 1618 static unsigned long start; 1619 static u32 no_gkey_bc_cnt; 1620 static u32 no_gkey_mc_cnt; 1621 1622 if (!psecuritypriv->binstallGrpkey) { 1623 res = _FAIL; 1624 1625 if (start == 0) 1626 start = jiffies; 1627 1628 if (is_broadcast_mac_addr(prxattrib->ra)) 1629 no_gkey_bc_cnt++; 1630 else 1631 no_gkey_mc_cnt++; 1632 1633 if (jiffies_to_msecs(jiffies - start) > 1000) { 1634 if (no_gkey_bc_cnt || no_gkey_mc_cnt) { 1635 DBG_871X_LEVEL(_drv_always_, FUNC_ADPT_FMT" no_gkey_bc_cnt:%u, no_gkey_mc_cnt:%u\n", 1636 FUNC_ADPT_ARG(padapter), no_gkey_bc_cnt, no_gkey_mc_cnt); 1637 } 1638 start = jiffies; 1639 no_gkey_bc_cnt = 0; 1640 no_gkey_mc_cnt = 0; 1641 } 1642 1643 goto exit; 1644 } 1645 1646 if (no_gkey_bc_cnt || no_gkey_mc_cnt) { 1647 DBG_871X_LEVEL(_drv_always_, FUNC_ADPT_FMT" gkey installed. no_gkey_bc_cnt:%u, no_gkey_mc_cnt:%u\n", 1648 FUNC_ADPT_ARG(padapter), no_gkey_bc_cnt, no_gkey_mc_cnt); 1649 } 1650 start = 0; 1651 no_gkey_bc_cnt = 0; 1652 no_gkey_mc_cnt = 0; 1653 1654 prwskey = psecuritypriv->dot118021XGrpKey[prxattrib->key_index].skey; 1655 if (psecuritypriv->dot118021XGrpKeyid != prxattrib->key_index) { 1656 res = _FAIL; 1657 goto exit; 1658 } 1659 } else { 1660 prwskey = &stainfo->dot118021x_UncstKey.skey[0]; 1661 } 1662 1663 length = ((union recv_frame *)precvframe)->u.hdr.len-prxattrib->hdrlen-prxattrib->iv_len; 1664 1665 res = aes_decipher(prwskey, prxattrib->hdrlen, pframe, length); 1666 1667 } else { 1668 res = _FAIL; 1669 } 1670 } 1671 exit: 1672 return res; 1673 } 1674 1675 u32 rtw_BIP_verify(struct adapter *padapter, u8 *precvframe) 1676 { 1677 struct rx_pkt_attrib *pattrib = &((union recv_frame *)precvframe)->u.hdr.attrib; 1678 u8 *pframe; 1679 u8 *BIP_AAD, *p; 1680 u32 res = _FAIL; 1681 uint len, ori_len; 1682 struct ieee80211_hdr *pwlanhdr; 1683 u8 mic[16]; 1684 struct mlme_ext_priv *pmlmeext = &padapter->mlmeextpriv; 1685 __le16 le_tmp; 1686 __le64 le_tmp64; 1687 1688 ori_len = pattrib->pkt_len-WLAN_HDR_A3_LEN+BIP_AAD_SIZE; 1689 BIP_AAD = rtw_zmalloc(ori_len); 1690 1691 if (BIP_AAD == NULL) { 1692 return _FAIL; 1693 } 1694 /* PKT start */ 1695 pframe = (unsigned char *)((union recv_frame *)precvframe)->u.hdr.rx_data; 1696 /* mapping to wlan header */ 1697 pwlanhdr = (struct ieee80211_hdr *)pframe; 1698 /* save the frame body + MME */ 1699 memcpy(BIP_AAD+BIP_AAD_SIZE, pframe+WLAN_HDR_A3_LEN, pattrib->pkt_len-WLAN_HDR_A3_LEN); 1700 /* find MME IE pointer */ 1701 p = rtw_get_ie(BIP_AAD+BIP_AAD_SIZE, WLAN_EID_MMIE, &len, pattrib->pkt_len-WLAN_HDR_A3_LEN); 1702 /* Baron */ 1703 if (p) { 1704 u16 keyid = 0; 1705 u64 temp_ipn = 0; 1706 /* save packet number */ 1707 memcpy(&le_tmp64, p+4, 6); 1708 temp_ipn = le64_to_cpu(le_tmp64); 1709 /* BIP packet number should bigger than previous BIP packet */ 1710 if (temp_ipn <= pmlmeext->mgnt_80211w_IPN_rx) { 1711 goto BIP_exit; 1712 } 1713 /* copy key index */ 1714 memcpy(&le_tmp, p+2, 2); 1715 keyid = le16_to_cpu(le_tmp); 1716 if (keyid != padapter->securitypriv.dot11wBIPKeyid) { 1717 goto BIP_exit; 1718 } 1719 /* clear the MIC field of MME to zero */ 1720 memset(p+2+len-8, 0, 8); 1721 1722 /* conscruct AAD, copy frame control field */ 1723 memcpy(BIP_AAD, &pwlanhdr->frame_control, 2); 1724 ClearRetry(BIP_AAD); 1725 ClearPwrMgt(BIP_AAD); 1726 ClearMData(BIP_AAD); 1727 /* conscruct AAD, copy address 1 to address 3 */ 1728 memcpy(BIP_AAD+2, pwlanhdr->addr1, 18); 1729 1730 if (omac1_aes_128(padapter->securitypriv.dot11wBIPKey[padapter->securitypriv.dot11wBIPKeyid].skey 1731 , BIP_AAD, ori_len, mic)) 1732 goto BIP_exit; 1733 1734 /* MIC field should be last 8 bytes of packet (packet without FCS) */ 1735 if (!memcmp(mic, pframe+pattrib->pkt_len-8, 8)) { 1736 pmlmeext->mgnt_80211w_IPN_rx = temp_ipn; 1737 res = _SUCCESS; 1738 } else { 1739 } 1740 1741 } else { 1742 res = RTW_RX_HANDLED; 1743 } 1744 BIP_exit: 1745 1746 kfree(BIP_AAD); 1747 return res; 1748 } 1749 1750 /* AES tables*/ 1751 const u32 Te0[256] = { 1752 0xc66363a5U, 0xf87c7c84U, 0xee777799U, 0xf67b7b8dU, 1753 0xfff2f20dU, 0xd66b6bbdU, 0xde6f6fb1U, 0x91c5c554U, 1754 0x60303050U, 0x02010103U, 0xce6767a9U, 0x562b2b7dU, 1755 0xe7fefe19U, 0xb5d7d762U, 0x4dababe6U, 0xec76769aU, 1756 0x8fcaca45U, 0x1f82829dU, 0x89c9c940U, 0xfa7d7d87U, 1757 0xeffafa15U, 0xb25959ebU, 0x8e4747c9U, 0xfbf0f00bU, 1758 0x41adadecU, 0xb3d4d467U, 0x5fa2a2fdU, 0x45afafeaU, 1759 0x239c9cbfU, 0x53a4a4f7U, 0xe4727296U, 0x9bc0c05bU, 1760 0x75b7b7c2U, 0xe1fdfd1cU, 0x3d9393aeU, 0x4c26266aU, 1761 0x6c36365aU, 0x7e3f3f41U, 0xf5f7f702U, 0x83cccc4fU, 1762 0x6834345cU, 0x51a5a5f4U, 0xd1e5e534U, 0xf9f1f108U, 1763 0xe2717193U, 0xabd8d873U, 0x62313153U, 0x2a15153fU, 1764 0x0804040cU, 0x95c7c752U, 0x46232365U, 0x9dc3c35eU, 1765 0x30181828U, 0x379696a1U, 0x0a05050fU, 0x2f9a9ab5U, 1766 0x0e070709U, 0x24121236U, 0x1b80809bU, 0xdfe2e23dU, 1767 0xcdebeb26U, 0x4e272769U, 0x7fb2b2cdU, 0xea75759fU, 1768 0x1209091bU, 0x1d83839eU, 0x582c2c74U, 0x341a1a2eU, 1769 0x361b1b2dU, 0xdc6e6eb2U, 0xb45a5aeeU, 0x5ba0a0fbU, 1770 0xa45252f6U, 0x763b3b4dU, 0xb7d6d661U, 0x7db3b3ceU, 1771 0x5229297bU, 0xdde3e33eU, 0x5e2f2f71U, 0x13848497U, 1772 0xa65353f5U, 0xb9d1d168U, 0x00000000U, 0xc1eded2cU, 1773 0x40202060U, 0xe3fcfc1fU, 0x79b1b1c8U, 0xb65b5bedU, 1774 0xd46a6abeU, 0x8dcbcb46U, 0x67bebed9U, 0x7239394bU, 1775 0x944a4adeU, 0x984c4cd4U, 0xb05858e8U, 0x85cfcf4aU, 1776 0xbbd0d06bU, 0xc5efef2aU, 0x4faaaae5U, 0xedfbfb16U, 1777 0x864343c5U, 0x9a4d4dd7U, 0x66333355U, 0x11858594U, 1778 0x8a4545cfU, 0xe9f9f910U, 0x04020206U, 0xfe7f7f81U, 1779 0xa05050f0U, 0x783c3c44U, 0x259f9fbaU, 0x4ba8a8e3U, 1780 0xa25151f3U, 0x5da3a3feU, 0x804040c0U, 0x058f8f8aU, 1781 0x3f9292adU, 0x219d9dbcU, 0x70383848U, 0xf1f5f504U, 1782 0x63bcbcdfU, 0x77b6b6c1U, 0xafdada75U, 0x42212163U, 1783 0x20101030U, 0xe5ffff1aU, 0xfdf3f30eU, 0xbfd2d26dU, 1784 0x81cdcd4cU, 0x180c0c14U, 0x26131335U, 0xc3ecec2fU, 1785 0xbe5f5fe1U, 0x359797a2U, 0x884444ccU, 0x2e171739U, 1786 0x93c4c457U, 0x55a7a7f2U, 0xfc7e7e82U, 0x7a3d3d47U, 1787 0xc86464acU, 0xba5d5de7U, 0x3219192bU, 0xe6737395U, 1788 0xc06060a0U, 0x19818198U, 0x9e4f4fd1U, 0xa3dcdc7fU, 1789 0x44222266U, 0x542a2a7eU, 0x3b9090abU, 0x0b888883U, 1790 0x8c4646caU, 0xc7eeee29U, 0x6bb8b8d3U, 0x2814143cU, 1791 0xa7dede79U, 0xbc5e5ee2U, 0x160b0b1dU, 0xaddbdb76U, 1792 0xdbe0e03bU, 0x64323256U, 0x743a3a4eU, 0x140a0a1eU, 1793 0x924949dbU, 0x0c06060aU, 0x4824246cU, 0xb85c5ce4U, 1794 0x9fc2c25dU, 0xbdd3d36eU, 0x43acacefU, 0xc46262a6U, 1795 0x399191a8U, 0x319595a4U, 0xd3e4e437U, 0xf279798bU, 1796 0xd5e7e732U, 0x8bc8c843U, 0x6e373759U, 0xda6d6db7U, 1797 0x018d8d8cU, 0xb1d5d564U, 0x9c4e4ed2U, 0x49a9a9e0U, 1798 0xd86c6cb4U, 0xac5656faU, 0xf3f4f407U, 0xcfeaea25U, 1799 0xca6565afU, 0xf47a7a8eU, 0x47aeaee9U, 0x10080818U, 1800 0x6fbabad5U, 0xf0787888U, 0x4a25256fU, 0x5c2e2e72U, 1801 0x381c1c24U, 0x57a6a6f1U, 0x73b4b4c7U, 0x97c6c651U, 1802 0xcbe8e823U, 0xa1dddd7cU, 0xe874749cU, 0x3e1f1f21U, 1803 0x964b4bddU, 0x61bdbddcU, 0x0d8b8b86U, 0x0f8a8a85U, 1804 0xe0707090U, 0x7c3e3e42U, 0x71b5b5c4U, 0xcc6666aaU, 1805 0x904848d8U, 0x06030305U, 0xf7f6f601U, 0x1c0e0e12U, 1806 0xc26161a3U, 0x6a35355fU, 0xae5757f9U, 0x69b9b9d0U, 1807 0x17868691U, 0x99c1c158U, 0x3a1d1d27U, 0x279e9eb9U, 1808 0xd9e1e138U, 0xebf8f813U, 0x2b9898b3U, 0x22111133U, 1809 0xd26969bbU, 0xa9d9d970U, 0x078e8e89U, 0x339494a7U, 1810 0x2d9b9bb6U, 0x3c1e1e22U, 0x15878792U, 0xc9e9e920U, 1811 0x87cece49U, 0xaa5555ffU, 0x50282878U, 0xa5dfdf7aU, 1812 0x038c8c8fU, 0x59a1a1f8U, 0x09898980U, 0x1a0d0d17U, 1813 0x65bfbfdaU, 0xd7e6e631U, 0x844242c6U, 0xd06868b8U, 1814 0x824141c3U, 0x299999b0U, 0x5a2d2d77U, 0x1e0f0f11U, 1815 0x7bb0b0cbU, 0xa85454fcU, 0x6dbbbbd6U, 0x2c16163aU, 1816 }; 1817 1818 const u32 Td0[256] = { 1819 0x51f4a750U, 0x7e416553U, 0x1a17a4c3U, 0x3a275e96U, 1820 0x3bab6bcbU, 0x1f9d45f1U, 0xacfa58abU, 0x4be30393U, 1821 0x2030fa55U, 0xad766df6U, 0x88cc7691U, 0xf5024c25U, 1822 0x4fe5d7fcU, 0xc52acbd7U, 0x26354480U, 0xb562a38fU, 1823 0xdeb15a49U, 0x25ba1b67U, 0x45ea0e98U, 0x5dfec0e1U, 1824 0xc32f7502U, 0x814cf012U, 0x8d4697a3U, 0x6bd3f9c6U, 1825 0x038f5fe7U, 0x15929c95U, 0xbf6d7aebU, 0x955259daU, 1826 0xd4be832dU, 0x587421d3U, 0x49e06929U, 0x8ec9c844U, 1827 0x75c2896aU, 0xf48e7978U, 0x99583e6bU, 0x27b971ddU, 1828 0xbee14fb6U, 0xf088ad17U, 0xc920ac66U, 0x7dce3ab4U, 1829 0x63df4a18U, 0xe51a3182U, 0x97513360U, 0x62537f45U, 1830 0xb16477e0U, 0xbb6bae84U, 0xfe81a01cU, 0xf9082b94U, 1831 0x70486858U, 0x8f45fd19U, 0x94de6c87U, 0x527bf8b7U, 1832 0xab73d323U, 0x724b02e2U, 0xe31f8f57U, 0x6655ab2aU, 1833 0xb2eb2807U, 0x2fb5c203U, 0x86c57b9aU, 0xd33708a5U, 1834 0x302887f2U, 0x23bfa5b2U, 0x02036abaU, 0xed16825cU, 1835 0x8acf1c2bU, 0xa779b492U, 0xf307f2f0U, 0x4e69e2a1U, 1836 0x65daf4cdU, 0x0605bed5U, 0xd134621fU, 0xc4a6fe8aU, 1837 0x342e539dU, 0xa2f355a0U, 0x058ae132U, 0xa4f6eb75U, 1838 0x0b83ec39U, 0x4060efaaU, 0x5e719f06U, 0xbd6e1051U, 1839 0x3e218af9U, 0x96dd063dU, 0xdd3e05aeU, 0x4de6bd46U, 1840 0x91548db5U, 0x71c45d05U, 0x0406d46fU, 0x605015ffU, 1841 0x1998fb24U, 0xd6bde997U, 0x894043ccU, 0x67d99e77U, 1842 0xb0e842bdU, 0x07898b88U, 0xe7195b38U, 0x79c8eedbU, 1843 0xa17c0a47U, 0x7c420fe9U, 0xf8841ec9U, 0x00000000U, 1844 0x09808683U, 0x322bed48U, 0x1e1170acU, 0x6c5a724eU, 1845 0xfd0efffbU, 0x0f853856U, 0x3daed51eU, 0x362d3927U, 1846 0x0a0fd964U, 0x685ca621U, 0x9b5b54d1U, 0x24362e3aU, 1847 0x0c0a67b1U, 0x9357e70fU, 0xb4ee96d2U, 0x1b9b919eU, 1848 0x80c0c54fU, 0x61dc20a2U, 0x5a774b69U, 0x1c121a16U, 1849 0xe293ba0aU, 0xc0a02ae5U, 0x3c22e043U, 0x121b171dU, 1850 0x0e090d0bU, 0xf28bc7adU, 0x2db6a8b9U, 0x141ea9c8U, 1851 0x57f11985U, 0xaf75074cU, 0xee99ddbbU, 0xa37f60fdU, 1852 0xf701269fU, 0x5c72f5bcU, 0x44663bc5U, 0x5bfb7e34U, 1853 0x8b432976U, 0xcb23c6dcU, 0xb6edfc68U, 0xb8e4f163U, 1854 0xd731dccaU, 0x42638510U, 0x13972240U, 0x84c61120U, 1855 0x854a247dU, 0xd2bb3df8U, 0xaef93211U, 0xc729a16dU, 1856 0x1d9e2f4bU, 0xdcb230f3U, 0x0d8652ecU, 0x77c1e3d0U, 1857 0x2bb3166cU, 0xa970b999U, 0x119448faU, 0x47e96422U, 1858 0xa8fc8cc4U, 0xa0f03f1aU, 0x567d2cd8U, 0x223390efU, 1859 0x87494ec7U, 0xd938d1c1U, 0x8ccaa2feU, 0x98d40b36U, 1860 0xa6f581cfU, 0xa57ade28U, 0xdab78e26U, 0x3fadbfa4U, 1861 0x2c3a9de4U, 0x5078920dU, 0x6a5fcc9bU, 0x547e4662U, 1862 0xf68d13c2U, 0x90d8b8e8U, 0x2e39f75eU, 0x82c3aff5U, 1863 0x9f5d80beU, 0x69d0937cU, 0x6fd52da9U, 0xcf2512b3U, 1864 0xc8ac993bU, 0x10187da7U, 0xe89c636eU, 0xdb3bbb7bU, 1865 0xcd267809U, 0x6e5918f4U, 0xec9ab701U, 0x834f9aa8U, 1866 0xe6956e65U, 0xaaffe67eU, 0x21bccf08U, 0xef15e8e6U, 1867 0xbae79bd9U, 0x4a6f36ceU, 0xea9f09d4U, 0x29b07cd6U, 1868 0x31a4b2afU, 0x2a3f2331U, 0xc6a59430U, 0x35a266c0U, 1869 0x744ebc37U, 0xfc82caa6U, 0xe090d0b0U, 0x33a7d815U, 1870 0xf104984aU, 0x41ecdaf7U, 0x7fcd500eU, 0x1791f62fU, 1871 0x764dd68dU, 0x43efb04dU, 0xccaa4d54U, 0xe49604dfU, 1872 0x9ed1b5e3U, 0x4c6a881bU, 0xc12c1fb8U, 0x4665517fU, 1873 0x9d5eea04U, 0x018c355dU, 0xfa877473U, 0xfb0b412eU, 1874 0xb3671d5aU, 0x92dbd252U, 0xe9105633U, 0x6dd64713U, 1875 0x9ad7618cU, 0x37a10c7aU, 0x59f8148eU, 0xeb133c89U, 1876 0xcea927eeU, 0xb761c935U, 0xe11ce5edU, 0x7a47b13cU, 1877 0x9cd2df59U, 0x55f2733fU, 0x1814ce79U, 0x73c737bfU, 1878 0x53f7cdeaU, 0x5ffdaa5bU, 0xdf3d6f14U, 0x7844db86U, 1879 0xcaaff381U, 0xb968c43eU, 0x3824342cU, 0xc2a3405fU, 1880 0x161dc372U, 0xbce2250cU, 0x283c498bU, 0xff0d9541U, 1881 0x39a80171U, 0x080cb3deU, 0xd8b4e49cU, 0x6456c190U, 1882 0x7bcb8461U, 0xd532b670U, 0x486c5c74U, 0xd0b85742U, 1883 }; 1884 1885 const u8 Td4s[256] = { 1886 0x52U, 0x09U, 0x6aU, 0xd5U, 0x30U, 0x36U, 0xa5U, 0x38U, 1887 0xbfU, 0x40U, 0xa3U, 0x9eU, 0x81U, 0xf3U, 0xd7U, 0xfbU, 1888 0x7cU, 0xe3U, 0x39U, 0x82U, 0x9bU, 0x2fU, 0xffU, 0x87U, 1889 0x34U, 0x8eU, 0x43U, 0x44U, 0xc4U, 0xdeU, 0xe9U, 0xcbU, 1890 0x54U, 0x7bU, 0x94U, 0x32U, 0xa6U, 0xc2U, 0x23U, 0x3dU, 1891 0xeeU, 0x4cU, 0x95U, 0x0bU, 0x42U, 0xfaU, 0xc3U, 0x4eU, 1892 0x08U, 0x2eU, 0xa1U, 0x66U, 0x28U, 0xd9U, 0x24U, 0xb2U, 1893 0x76U, 0x5bU, 0xa2U, 0x49U, 0x6dU, 0x8bU, 0xd1U, 0x25U, 1894 0x72U, 0xf8U, 0xf6U, 0x64U, 0x86U, 0x68U, 0x98U, 0x16U, 1895 0xd4U, 0xa4U, 0x5cU, 0xccU, 0x5dU, 0x65U, 0xb6U, 0x92U, 1896 0x6cU, 0x70U, 0x48U, 0x50U, 0xfdU, 0xedU, 0xb9U, 0xdaU, 1897 0x5eU, 0x15U, 0x46U, 0x57U, 0xa7U, 0x8dU, 0x9dU, 0x84U, 1898 0x90U, 0xd8U, 0xabU, 0x00U, 0x8cU, 0xbcU, 0xd3U, 0x0aU, 1899 0xf7U, 0xe4U, 0x58U, 0x05U, 0xb8U, 0xb3U, 0x45U, 0x06U, 1900 0xd0U, 0x2cU, 0x1eU, 0x8fU, 0xcaU, 0x3fU, 0x0fU, 0x02U, 1901 0xc1U, 0xafU, 0xbdU, 0x03U, 0x01U, 0x13U, 0x8aU, 0x6bU, 1902 0x3aU, 0x91U, 0x11U, 0x41U, 0x4fU, 0x67U, 0xdcU, 0xeaU, 1903 0x97U, 0xf2U, 0xcfU, 0xceU, 0xf0U, 0xb4U, 0xe6U, 0x73U, 1904 0x96U, 0xacU, 0x74U, 0x22U, 0xe7U, 0xadU, 0x35U, 0x85U, 1905 0xe2U, 0xf9U, 0x37U, 0xe8U, 0x1cU, 0x75U, 0xdfU, 0x6eU, 1906 0x47U, 0xf1U, 0x1aU, 0x71U, 0x1dU, 0x29U, 0xc5U, 0x89U, 1907 0x6fU, 0xb7U, 0x62U, 0x0eU, 0xaaU, 0x18U, 0xbeU, 0x1bU, 1908 0xfcU, 0x56U, 0x3eU, 0x4bU, 0xc6U, 0xd2U, 0x79U, 0x20U, 1909 0x9aU, 0xdbU, 0xc0U, 0xfeU, 0x78U, 0xcdU, 0x5aU, 0xf4U, 1910 0x1fU, 0xddU, 0xa8U, 0x33U, 0x88U, 0x07U, 0xc7U, 0x31U, 1911 0xb1U, 0x12U, 0x10U, 0x59U, 0x27U, 0x80U, 0xecU, 0x5fU, 1912 0x60U, 0x51U, 0x7fU, 0xa9U, 0x19U, 0xb5U, 0x4aU, 0x0dU, 1913 0x2dU, 0xe5U, 0x7aU, 0x9fU, 0x93U, 0xc9U, 0x9cU, 0xefU, 1914 0xa0U, 0xe0U, 0x3bU, 0x4dU, 0xaeU, 0x2aU, 0xf5U, 0xb0U, 1915 0xc8U, 0xebU, 0xbbU, 0x3cU, 0x83U, 0x53U, 0x99U, 0x61U, 1916 0x17U, 0x2bU, 0x04U, 0x7eU, 0xbaU, 0x77U, 0xd6U, 0x26U, 1917 0xe1U, 0x69U, 0x14U, 0x63U, 0x55U, 0x21U, 0x0cU, 0x7dU, 1918 }; 1919 1920 const u8 rcons[] = { 1921 0x01, 0x02, 0x04, 0x08, 0x10, 0x20, 0x40, 0x80, 0x1B, 0x36 1922 /* for 128-bit blocks, Rijndael never uses more than 10 rcon values */ 1923 }; 1924 1925 /** 1926 * Expand the cipher key into the encryption key schedule. 1927 * 1928 * @return the number of rounds for the given cipher key size. 1929 */ 1930 static void rijndaelKeySetupEnc(u32 rk[/*44*/], const u8 cipherKey[]) 1931 { 1932 int i; 1933 u32 temp; 1934 1935 rk[0] = GETU32(cipherKey); 1936 rk[1] = GETU32(cipherKey + 4); 1937 rk[2] = GETU32(cipherKey + 8); 1938 rk[3] = GETU32(cipherKey + 12); 1939 for (i = 0; i < 10; i++) { 1940 temp = rk[3]; 1941 rk[4] = rk[0] ^ 1942 TE421(temp) ^ TE432(temp) ^ TE443(temp) ^ TE414(temp) ^ 1943 RCON(i); 1944 rk[5] = rk[1] ^ rk[4]; 1945 rk[6] = rk[2] ^ rk[5]; 1946 rk[7] = rk[3] ^ rk[6]; 1947 rk += 4; 1948 } 1949 } 1950 1951 static void rijndaelEncrypt(u32 rk[/*44*/], u8 pt[16], u8 ct[16]) 1952 { 1953 u32 s0, s1, s2, s3, t0, t1, t2, t3; 1954 int Nr = 10; 1955 int r; 1956 1957 /* 1958 * map byte array block to cipher state 1959 * and add initial round key: 1960 */ 1961 s0 = GETU32(pt) ^ rk[0]; 1962 s1 = GETU32(pt + 4) ^ rk[1]; 1963 s2 = GETU32(pt + 8) ^ rk[2]; 1964 s3 = GETU32(pt + 12) ^ rk[3]; 1965 1966 #define ROUND(i, d, s) \ 1967 do { \ 1968 d##0 = TE0(s##0) ^ TE1(s##1) ^ TE2(s##2) ^ TE3(s##3) ^ rk[4 * i]; \ 1969 d##1 = TE0(s##1) ^ TE1(s##2) ^ TE2(s##3) ^ TE3(s##0) ^ rk[4 * i + 1]; \ 1970 d##2 = TE0(s##2) ^ TE1(s##3) ^ TE2(s##0) ^ TE3(s##1) ^ rk[4 * i + 2]; \ 1971 d##3 = TE0(s##3) ^ TE1(s##0) ^ TE2(s##1) ^ TE3(s##2) ^ rk[4 * i + 3]; \ 1972 } while (0) 1973 1974 /* Nr - 1 full rounds: */ 1975 r = Nr >> 1; 1976 for (;;) { 1977 ROUND(1, t, s); 1978 rk += 8; 1979 if (--r == 0) 1980 break; 1981 ROUND(0, s, t); 1982 } 1983 1984 #undef ROUND 1985 1986 /* 1987 * apply last round and 1988 * map cipher state to byte array block: 1989 */ 1990 s0 = TE41(t0) ^ TE42(t1) ^ TE43(t2) ^ TE44(t3) ^ rk[0]; 1991 PUTU32(ct, s0); 1992 s1 = TE41(t1) ^ TE42(t2) ^ TE43(t3) ^ TE44(t0) ^ rk[1]; 1993 PUTU32(ct + 4, s1); 1994 s2 = TE41(t2) ^ TE42(t3) ^ TE43(t0) ^ TE44(t1) ^ rk[2]; 1995 PUTU32(ct + 8, s2); 1996 s3 = TE41(t3) ^ TE42(t0) ^ TE43(t1) ^ TE44(t2) ^ rk[3]; 1997 PUTU32(ct + 12, s3); 1998 } 1999 2000 static void *aes_encrypt_init(u8 *key, size_t len) 2001 { 2002 u32 *rk; 2003 2004 if (len != 16) 2005 return NULL; 2006 rk = rtw_malloc(AES_PRIV_SIZE); 2007 if (rk == NULL) 2008 return NULL; 2009 rijndaelKeySetupEnc(rk, key); 2010 return rk; 2011 } 2012 2013 static void aes_128_encrypt(void *ctx, u8 *plain, u8 *crypt) 2014 { 2015 rijndaelEncrypt(ctx, plain, crypt); 2016 } 2017 2018 static void gf_mulx(u8 *pad) 2019 { 2020 int i, carry; 2021 2022 carry = pad[0] & 0x80; 2023 for (i = 0; i < AES_BLOCK_SIZE - 1; i++) 2024 pad[i] = (pad[i] << 1) | (pad[i + 1] >> 7); 2025 2026 pad[AES_BLOCK_SIZE - 1] <<= 1; 2027 if (carry) 2028 pad[AES_BLOCK_SIZE - 1] ^= 0x87; 2029 } 2030 2031 static void aes_encrypt_deinit(void *ctx) 2032 { 2033 kfree_sensitive(ctx); 2034 } 2035 2036 /** 2037 * omac1_aes_128_vector - One-Key CBC MAC (OMAC1) hash with AES-128 2038 * @key: 128-bit key for the hash operation 2039 * @num_elem: Number of elements in the data vector 2040 * @addr: Pointers to the data areas 2041 * @len: Lengths of the data blocks 2042 * @mac: Buffer for MAC (128 bits, i.e., 16 bytes) 2043 * Returns: 0 on success, -1 on failure 2044 * 2045 * This is a mode for using block cipher (AES in this case) for authentication. 2046 * OMAC1 was standardized with the name CMAC by NIST in a Special Publication 2047 * (SP) 800-38B. 2048 */ 2049 static int omac1_aes_128_vector(u8 *key, size_t num_elem, 2050 u8 *addr[], size_t *len, u8 *mac) 2051 { 2052 void *ctx; 2053 u8 cbc[AES_BLOCK_SIZE], pad[AES_BLOCK_SIZE]; 2054 u8 *pos, *end; 2055 size_t i, e, left, total_len; 2056 2057 ctx = aes_encrypt_init(key, 16); 2058 if (ctx == NULL) 2059 return -1; 2060 memset(cbc, 0, AES_BLOCK_SIZE); 2061 2062 total_len = 0; 2063 for (e = 0; e < num_elem; e++) 2064 total_len += len[e]; 2065 left = total_len; 2066 2067 e = 0; 2068 pos = addr[0]; 2069 end = pos + len[0]; 2070 2071 while (left >= AES_BLOCK_SIZE) { 2072 for (i = 0; i < AES_BLOCK_SIZE; i++) { 2073 cbc[i] ^= *pos++; 2074 if (pos >= end) { 2075 e++; 2076 pos = addr[e]; 2077 end = pos + len[e]; 2078 } 2079 } 2080 if (left > AES_BLOCK_SIZE) 2081 aes_128_encrypt(ctx, cbc, cbc); 2082 left -= AES_BLOCK_SIZE; 2083 } 2084 2085 memset(pad, 0, AES_BLOCK_SIZE); 2086 aes_128_encrypt(ctx, pad, pad); 2087 gf_mulx(pad); 2088 2089 if (left || total_len == 0) { 2090 for (i = 0; i < left; i++) { 2091 cbc[i] ^= *pos++; 2092 if (pos >= end) { 2093 e++; 2094 pos = addr[e]; 2095 end = pos + len[e]; 2096 } 2097 } 2098 cbc[left] ^= 0x80; 2099 gf_mulx(pad); 2100 } 2101 2102 for (i = 0; i < AES_BLOCK_SIZE; i++) 2103 pad[i] ^= cbc[i]; 2104 aes_128_encrypt(ctx, pad, mac); 2105 aes_encrypt_deinit(ctx); 2106 return 0; 2107 } 2108 2109 /** 2110 * omac1_aes_128 - One-Key CBC MAC (OMAC1) hash with AES-128 (aka AES-CMAC) 2111 * @key: 128-bit key for the hash operation 2112 * @data: Data buffer for which a MAC is determined 2113 * @data_len: Length of data buffer in bytes 2114 * @mac: Buffer for MAC (128 bits, i.e., 16 bytes) 2115 * Returns: 0 on success, -1 on failure 2116 * 2117 * This is a mode for using block cipher (AES in this case) for authentication. 2118 * OMAC1 was standardized with the name CMAC by NIST in a Special Publication 2119 * (SP) 800-38B. 2120 * modify for CONFIG_IEEE80211W */ 2121 int omac1_aes_128(u8 *key, u8 *data, size_t data_len, u8 *mac) 2122 { 2123 return omac1_aes_128_vector(key, 1, &data, &data_len, mac); 2124 } 2125 2126 /* Restore HW wep key setting according to key_mask */ 2127 void rtw_sec_restore_wep_key(struct adapter *adapter) 2128 { 2129 struct security_priv *securitypriv = &(adapter->securitypriv); 2130 signed int keyid; 2131 2132 if ((_WEP40_ == securitypriv->dot11PrivacyAlgrthm) || (_WEP104_ == securitypriv->dot11PrivacyAlgrthm)) { 2133 for (keyid = 0; keyid < 4; keyid++) { 2134 if (securitypriv->key_mask & BIT(keyid)) { 2135 if (keyid == securitypriv->dot11PrivacyKeyIndex) 2136 rtw_set_key(adapter, securitypriv, keyid, 1, false); 2137 else 2138 rtw_set_key(adapter, securitypriv, keyid, 0, false); 2139 } 2140 } 2141 } 2142 } 2143 2144 u8 rtw_handle_tkip_countermeasure(struct adapter *adapter, const char *caller) 2145 { 2146 struct security_priv *securitypriv = &(adapter->securitypriv); 2147 u8 status = _SUCCESS; 2148 2149 if (securitypriv->btkip_countermeasure) { 2150 unsigned long passing_ms = jiffies_to_msecs(jiffies - securitypriv->btkip_countermeasure_time); 2151 2152 if (passing_ms > 60*1000) { 2153 DBG_871X_LEVEL(_drv_always_, "%s(%s) countermeasure time:%lus > 60s\n", 2154 caller, ADPT_ARG(adapter), passing_ms/1000); 2155 securitypriv->btkip_countermeasure = false; 2156 securitypriv->btkip_countermeasure_time = 0; 2157 } else { 2158 DBG_871X_LEVEL(_drv_always_, "%s(%s) countermeasure time:%lus < 60s\n", 2159 caller, ADPT_ARG(adapter), passing_ms/1000); 2160 status = _FAIL; 2161 } 2162 } 2163 2164 return status; 2165 } 2166