rtl871x_security.c (44657B)
1// SPDX-License-Identifier: GPL-2.0 2/****************************************************************************** 3 * rtl871x_security.c 4 * 5 * Copyright(c) 2007 - 2010 Realtek Corporation. All rights reserved. 6 * Linux device driver for RTL8192SU 7 * 8 * Modifications for inclusion into the Linux staging tree are 9 * Copyright(c) 2010 Larry Finger. All rights reserved. 10 * 11 * Contact information: 12 * WLAN FAE <wlanfae@realtek.com> 13 * Larry Finger <Larry.Finger@lwfinger.net> 14 * 15 ******************************************************************************/ 16 17#define _RTL871X_SECURITY_C_ 18 19#include <linux/compiler.h> 20#include <linux/kernel.h> 21#include <linux/errno.h> 22#include <linux/slab.h> 23#include <linux/module.h> 24#include <linux/kref.h> 25#include <linux/netdevice.h> 26#include <linux/skbuff.h> 27#include <linux/circ_buf.h> 28#include <linux/uaccess.h> 29#include <asm/byteorder.h> 30#include <linux/atomic.h> 31#include <linux/crc32poly.h> 32#include <linux/semaphore.h> 33#include <linux/ieee80211.h> 34 35#include "osdep_service.h" 36#include "drv_types.h" 37#include "osdep_intf.h" 38 39/* =====WEP related===== */ 40 41struct arc4context { 42 u32 x; 43 u32 y; 44 u8 state[256]; 45}; 46 47static void arcfour_init(struct arc4context *parc4ctx, u8 *key, u32 key_len) 48{ 49 u32 t, u; 50 u32 keyindex; 51 u32 stateindex; 52 u8 *state; 53 u32 counter; 54 55 state = parc4ctx->state; 56 parc4ctx->x = 0; 57 parc4ctx->y = 0; 58 for (counter = 0; counter < 256; counter++) 59 state[counter] = (u8)counter; 60 keyindex = 0; 61 stateindex = 0; 62 for (counter = 0; counter < 256; counter++) { 63 t = state[counter]; 64 stateindex = (stateindex + key[keyindex] + t) & 0xff; 65 u = state[stateindex]; 66 state[stateindex] = (u8)t; 67 state[counter] = (u8)u; 68 if (++keyindex >= key_len) 69 keyindex = 0; 70 } 71} 72 73static u32 arcfour_byte(struct arc4context *parc4ctx) 74{ 75 u32 x; 76 u32 y; 77 u32 sx, sy; 78 u8 *state; 79 80 state = parc4ctx->state; 81 x = (parc4ctx->x + 1) & 0xff; 82 sx = state[x]; 83 y = (sx + parc4ctx->y) & 0xff; 84 sy = state[y]; 85 parc4ctx->x = x; 86 parc4ctx->y = y; 87 state[y] = (u8)sx; 88 state[x] = (u8)sy; 89 return state[(sx + sy) & 0xff]; 90} 91 92static void arcfour_encrypt(struct arc4context *parc4ctx, 93 u8 *dest, u8 *src, u32 len) 94{ 95 u32 i; 96 97 for (i = 0; i < len; i++) 98 dest[i] = src[i] ^ (unsigned char)arcfour_byte(parc4ctx); 99} 100 101static sint bcrc32initialized; 102static u32 crc32_table[256]; 103 104static u8 crc32_reverseBit(u8 data) 105{ 106 return ((u8)(data << 7) & 0x80) | ((data << 5) & 0x40) | ((data << 3) 107 & 0x20) | ((data << 1) & 0x10) | ((data >> 1) & 0x08) | 108 ((data >> 3) & 0x04) | ((data >> 5) & 0x02) | ((data >> 7) & 109 0x01); 110} 111 112static void crc32_init(void) 113{ 114 sint i, j; 115 u32 c; 116 u8 *p = (u8 *)&c, *p1; 117 u8 k; 118 119 if (bcrc32initialized == 1) 120 return; 121 122 for (i = 0; i < 256; ++i) { 123 k = crc32_reverseBit((u8)i); 124 for (c = ((u32)k) << 24, j = 8; j > 0; --j) 125 c = c & 0x80000000 ? (c << 1) ^ CRC32_POLY_BE : (c << 1); 126 p1 = (u8 *)&crc32_table[i]; 127 p1[0] = crc32_reverseBit(p[3]); 128 p1[1] = crc32_reverseBit(p[2]); 129 p1[2] = crc32_reverseBit(p[1]); 130 p1[3] = crc32_reverseBit(p[0]); 131 } 132 bcrc32initialized = 1; 133} 134 135static u32 getcrc32(u8 *buf, u32 len) 136{ 137 u8 *p; 138 u32 crc; 139 140 if (!bcrc32initialized) 141 crc32_init(); 142 crc = 0xffffffff; /* preload shift register, per CRC-32 spec */ 143 for (p = buf; len > 0; ++p, --len) 144 crc = crc32_table[(crc ^ *p) & 0xff] ^ (crc >> 8); 145 return ~crc; /* transmit complement, per CRC-32 spec */ 146} 147 148/* 149 * Need to consider the fragment situation 150 */ 151void r8712_wep_encrypt(struct _adapter *padapter, u8 *pxmitframe) 152{ /* exclude ICV */ 153 unsigned char crc[4]; 154 struct arc4context mycontext; 155 u32 curfragnum, length, keylength, pki; 156 u8 *pframe, *payload, *iv; /*,*wepkey*/ 157 u8 wepkey[16]; 158 struct pkt_attrib *pattrib = &((struct xmit_frame *) 159 pxmitframe)->attrib; 160 struct security_priv *psecuritypriv = &padapter->securitypriv; 161 struct xmit_priv *pxmitpriv = &padapter->xmitpriv; 162 163 if (((struct xmit_frame *)pxmitframe)->buf_addr == NULL) 164 return; 165 pframe = ((struct xmit_frame *)pxmitframe)->buf_addr + TXDESC_OFFSET; 166 /*start to encrypt each fragment*/ 167 if ((pattrib->encrypt == _WEP40_) || (pattrib->encrypt == _WEP104_)) { 168 pki = psecuritypriv->PrivacyKeyIndex; 169 keylength = psecuritypriv->DefKeylen[pki]; 170 for (curfragnum = 0; curfragnum < pattrib->nr_frags; 171 curfragnum++) { 172 iv = pframe + pattrib->hdrlen; 173 memcpy(&wepkey[0], iv, 3); 174 memcpy(&wepkey[3], &psecuritypriv->DefKey[ 175 psecuritypriv->PrivacyKeyIndex].skey[0], 176 keylength); 177 payload = pframe + pattrib->iv_len + pattrib->hdrlen; 178 if ((curfragnum + 1) == pattrib->nr_frags) { 179 length = pattrib->last_txcmdsz - 180 pattrib->hdrlen - 181 pattrib->iv_len - 182 pattrib->icv_len; 183 *((__le32 *)crc) = cpu_to_le32(getcrc32( 184 payload, length)); 185 arcfour_init(&mycontext, wepkey, 3 + keylength); 186 arcfour_encrypt(&mycontext, payload, payload, 187 length); 188 arcfour_encrypt(&mycontext, payload + length, 189 crc, 4); 190 } else { 191 length = pxmitpriv->frag_len - 192 pattrib->hdrlen - pattrib->iv_len - 193 pattrib->icv_len; 194 *((__le32 *)crc) = cpu_to_le32(getcrc32( 195 payload, length)); 196 arcfour_init(&mycontext, wepkey, 3 + keylength); 197 arcfour_encrypt(&mycontext, payload, payload, 198 length); 199 arcfour_encrypt(&mycontext, payload + length, 200 crc, 4); 201 pframe += pxmitpriv->frag_len; 202 pframe = (u8 *)RND4((addr_t)(pframe)); 203 } 204 } 205 } 206} 207 208void r8712_wep_decrypt(struct _adapter *padapter, u8 *precvframe) 209{ 210 /* exclude ICV */ 211 u8 crc[4]; 212 struct arc4context mycontext; 213 u32 length, keylength; 214 u8 *pframe, *payload, *iv, wepkey[16]; 215 u8 keyindex; 216 struct rx_pkt_attrib *prxattrib = &(((union recv_frame *) 217 precvframe)->u.hdr.attrib); 218 struct security_priv *psecuritypriv = &padapter->securitypriv; 219 220 pframe = (unsigned char *)((union recv_frame *)precvframe)-> 221 u.hdr.rx_data; 222 /* start to decrypt recvframe */ 223 if ((prxattrib->encrypt == _WEP40_) || (prxattrib->encrypt == 224 _WEP104_)) { 225 iv = pframe + prxattrib->hdrlen; 226 keyindex = (iv[3] & 0x3); 227 keylength = psecuritypriv->DefKeylen[keyindex]; 228 memcpy(&wepkey[0], iv, 3); 229 memcpy(&wepkey[3], &psecuritypriv->DefKey[ 230 psecuritypriv->PrivacyKeyIndex].skey[0], 231 keylength); 232 length = ((union recv_frame *)precvframe)-> 233 u.hdr.len - prxattrib->hdrlen - prxattrib->iv_len; 234 payload = pframe + prxattrib->iv_len + prxattrib->hdrlen; 235 /* decrypt payload include icv */ 236 arcfour_init(&mycontext, wepkey, 3 + keylength); 237 arcfour_encrypt(&mycontext, payload, payload, length); 238 /* calculate icv and compare the icv */ 239 *((__le32 *)crc) = cpu_to_le32(getcrc32(payload, length - 4)); 240 } 241} 242 243/* 3 =====TKIP related===== */ 244 245static u32 secmicgetuint32(u8 *p) 246/* Convert from Byte[] to Us4Byte32 in a portable way */ 247{ 248 s32 i; 249 u32 res = 0; 250 251 for (i = 0; i < 4; i++) 252 res |= ((u32)(*p++)) << (8 * i); 253 return res; 254} 255 256static void secmicputuint32(u8 *p, u32 val) 257/* Convert from Us4Byte32 to Byte[] in a portable way */ 258{ 259 long i; 260 261 for (i = 0; i < 4; i++) { 262 *p++ = (u8)(val & 0xff); 263 val >>= 8; 264 } 265} 266 267static void secmicclear(struct mic_data *pmicdata) 268{ 269/* Reset the state to the empty message. */ 270 pmicdata->L = pmicdata->K0; 271 pmicdata->R = pmicdata->K1; 272 pmicdata->nBytesInM = 0; 273 pmicdata->M = 0; 274} 275 276void r8712_secmicsetkey(struct mic_data *pmicdata, u8 *key) 277{ 278 /* Set the key */ 279 pmicdata->K0 = secmicgetuint32(key); 280 pmicdata->K1 = secmicgetuint32(key + 4); 281 /* and reset the message */ 282 secmicclear(pmicdata); 283} 284 285static void secmicappendbyte(struct mic_data *pmicdata, u8 b) 286{ 287 /* Append the byte to our word-sized buffer */ 288 pmicdata->M |= ((u32)b) << (8 * pmicdata->nBytesInM); 289 pmicdata->nBytesInM++; 290 /* Process the word if it is full. */ 291 if (pmicdata->nBytesInM >= 4) { 292 pmicdata->L ^= pmicdata->M; 293 pmicdata->R ^= ROL32(pmicdata->L, 17); 294 pmicdata->L += pmicdata->R; 295 pmicdata->R ^= ((pmicdata->L & 0xff00ff00) >> 8) | 296 ((pmicdata->L & 0x00ff00ff) << 8); 297 pmicdata->L += pmicdata->R; 298 pmicdata->R ^= ROL32(pmicdata->L, 3); 299 pmicdata->L += pmicdata->R; 300 pmicdata->R ^= ROR32(pmicdata->L, 2); 301 pmicdata->L += pmicdata->R; 302 /* Clear the buffer */ 303 pmicdata->M = 0; 304 pmicdata->nBytesInM = 0; 305 } 306} 307 308void r8712_secmicappend(struct mic_data *pmicdata, u8 *src, u32 nbytes) 309{ 310 /* This is simple */ 311 while (nbytes > 0) { 312 secmicappendbyte(pmicdata, *src++); 313 nbytes--; 314 } 315} 316 317void r8712_secgetmic(struct mic_data *pmicdata, u8 *dst) 318{ 319 /* Append the minimum padding */ 320 secmicappendbyte(pmicdata, 0x5a); 321 secmicappendbyte(pmicdata, 0); 322 secmicappendbyte(pmicdata, 0); 323 secmicappendbyte(pmicdata, 0); 324 secmicappendbyte(pmicdata, 0); 325 /* and then zeroes until the length is a multiple of 4 */ 326 while (pmicdata->nBytesInM != 0) 327 secmicappendbyte(pmicdata, 0); 328 /* The appendByte function has already computed the result. */ 329 secmicputuint32(dst, pmicdata->L); 330 secmicputuint32(dst + 4, pmicdata->R); 331 /* Reset to the empty message. */ 332 secmicclear(pmicdata); 333} 334 335void seccalctkipmic(u8 *key, u8 *header, u8 *data, u32 data_len, u8 *mic_code, 336 u8 pri) 337{ 338 339 struct mic_data micdata; 340 u8 priority[4] = {0x0, 0x0, 0x0, 0x0}; 341 342 r8712_secmicsetkey(&micdata, key); 343 priority[0] = pri; 344 /* Michael MIC pseudo header: DA, SA, 3 x 0, Priority */ 345 if (header[1] & 1) { /* ToDS==1 */ 346 r8712_secmicappend(&micdata, &header[16], 6); /* DA */ 347 if (header[1] & 2) /* From Ds==1 */ 348 r8712_secmicappend(&micdata, &header[24], 6); 349 else 350 r8712_secmicappend(&micdata, &header[10], 6); 351 } else { /* ToDS==0 */ 352 r8712_secmicappend(&micdata, &header[4], 6); /* DA */ 353 if (header[1] & 2) /* From Ds==1 */ 354 r8712_secmicappend(&micdata, &header[16], 6); 355 else 356 r8712_secmicappend(&micdata, &header[10], 6); 357 } 358 r8712_secmicappend(&micdata, &priority[0], 4); 359 r8712_secmicappend(&micdata, data, data_len); 360 r8712_secgetmic(&micdata, mic_code); 361} 362 363/* macros for extraction/creation of unsigned char/unsigned short values */ 364#define RotR1(v16) ((((v16) >> 1) & 0x7FFF) ^ (((v16) & 1) << 15)) 365#define Lo8(v16) ((u8)((v16) & 0x00FF)) 366#define Hi8(v16) ((u8)(((v16) >> 8) & 0x00FF)) 367#define Lo16(v32) ((u16)((v32) & 0xFFFF)) 368#define Hi16(v32) ((u16)(((v32) >> 16) & 0xFFFF)) 369#define Mk16(hi, lo) ((lo) ^ (((u16)(hi)) << 8)) 370 371/* select the Nth 16-bit word of the temporal key unsigned char array TK[] */ 372#define TK16(N) Mk16(tk[2 * (N) + 1], tk[2 * (N)]) 373 374/* S-box lookup: 16 bits --> 16 bits */ 375#define _S_(v16) (Sbox1[0][Lo8(v16)] ^ Sbox1[1][Hi8(v16)]) 376 377/* fixed algorithm "parameters" */ 378#define PHASE1_LOOP_CNT 8 /* this needs to be "big enough" */ 379#define TA_SIZE 6 /* 48-bit transmitter address */ 380#define TK_SIZE 16 /* 128-bit temporal key */ 381#define P1K_SIZE 10 /* 80-bit Phase1 key */ 382#define RC4_KEY_SIZE 16 /* 128-bit RC4KEY (104 bits unknown) */ 383 384/* 2-unsigned char by 2-unsigned char subset of the full AES S-box table */ 385static const unsigned short Sbox1[2][256] = {/* Sbox for hash (can be in ROM) */ 386 { 387 0xC6A5, 0xF884, 0xEE99, 0xF68D, 0xFF0D, 0xD6BD, 0xDEB1, 0x9154, 388 0x6050, 0x0203, 0xCEA9, 0x567D, 0xE719, 0xB562, 0x4DE6, 0xEC9A, 389 0x8F45, 0x1F9D, 0x8940, 0xFA87, 0xEF15, 0xB2EB, 0x8EC9, 0xFB0B, 390 0x41EC, 0xB367, 0x5FFD, 0x45EA, 0x23BF, 0x53F7, 0xE496, 0x9B5B, 391 0x75C2, 0xE11C, 0x3DAE, 0x4C6A, 0x6C5A, 0x7E41, 0xF502, 0x834F, 392 0x685C, 0x51F4, 0xD134, 0xF908, 0xE293, 0xAB73, 0x6253, 0x2A3F, 393 0x080C, 0x9552, 0x4665, 0x9D5E, 0x3028, 0x37A1, 0x0A0F, 0x2FB5, 394 0x0E09, 0x2436, 0x1B9B, 0xDF3D, 0xCD26, 0x4E69, 0x7FCD, 0xEA9F, 395 0x121B, 0x1D9E, 0x5874, 0x342E, 0x362D, 0xDCB2, 0xB4EE, 0x5BFB, 396 0xA4F6, 0x764D, 0xB761, 0x7DCE, 0x527B, 0xDD3E, 0x5E71, 0x1397, 397 0xA6F5, 0xB968, 0x0000, 0xC12C, 0x4060, 0xE31F, 0x79C8, 0xB6ED, 398 0xD4BE, 0x8D46, 0x67D9, 0x724B, 0x94DE, 0x98D4, 0xB0E8, 0x854A, 399 0xBB6B, 0xC52A, 0x4FE5, 0xED16, 0x86C5, 0x9AD7, 0x6655, 0x1194, 400 0x8ACF, 0xE910, 0x0406, 0xFE81, 0xA0F0, 0x7844, 0x25BA, 0x4BE3, 401 0xA2F3, 0x5DFE, 0x80C0, 0x058A, 0x3FAD, 0x21BC, 0x7048, 0xF104, 402 0x63DF, 0x77C1, 0xAF75, 0x4263, 0x2030, 0xE51A, 0xFD0E, 0xBF6D, 403 0x814C, 0x1814, 0x2635, 0xC32F, 0xBEE1, 0x35A2, 0x88CC, 0x2E39, 404 0x9357, 0x55F2, 0xFC82, 0x7A47, 0xC8AC, 0xBAE7, 0x322B, 0xE695, 405 0xC0A0, 0x1998, 0x9ED1, 0xA37F, 0x4466, 0x547E, 0x3BAB, 0x0B83, 406 0x8CCA, 0xC729, 0x6BD3, 0x283C, 0xA779, 0xBCE2, 0x161D, 0xAD76, 407 0xDB3B, 0x6456, 0x744E, 0x141E, 0x92DB, 0x0C0A, 0x486C, 0xB8E4, 408 0x9F5D, 0xBD6E, 0x43EF, 0xC4A6, 0x39A8, 0x31A4, 0xD337, 0xF28B, 409 0xD532, 0x8B43, 0x6E59, 0xDAB7, 0x018C, 0xB164, 0x9CD2, 0x49E0, 410 0xD8B4, 0xACFA, 0xF307, 0xCF25, 0xCAAF, 0xF48E, 0x47E9, 0x1018, 411 0x6FD5, 0xF088, 0x4A6F, 0x5C72, 0x3824, 0x57F1, 0x73C7, 0x9751, 412 0xCB23, 0xA17C, 0xE89C, 0x3E21, 0x96DD, 0x61DC, 0x0D86, 0x0F85, 413 0xE090, 0x7C42, 0x71C4, 0xCCAA, 0x90D8, 0x0605, 0xF701, 0x1C12, 414 0xC2A3, 0x6A5F, 0xAEF9, 0x69D0, 0x1791, 0x9958, 0x3A27, 0x27B9, 415 0xD938, 0xEB13, 0x2BB3, 0x2233, 0xD2BB, 0xA970, 0x0789, 0x33A7, 416 0x2DB6, 0x3C22, 0x1592, 0xC920, 0x8749, 0xAAFF, 0x5078, 0xA57A, 417 0x038F, 0x59F8, 0x0980, 0x1A17, 0x65DA, 0xD731, 0x84C6, 0xD0B8, 418 0x82C3, 0x29B0, 0x5A77, 0x1E11, 0x7BCB, 0xA8FC, 0x6DD6, 0x2C3A, 419 }, 420 { /* second half is unsigned char-reversed version of first! */ 421 0xA5C6, 0x84F8, 0x99EE, 0x8DF6, 0x0DFF, 0xBDD6, 0xB1DE, 0x5491, 422 0x5060, 0x0302, 0xA9CE, 0x7D56, 0x19E7, 0x62B5, 0xE64D, 0x9AEC, 423 0x458F, 0x9D1F, 0x4089, 0x87FA, 0x15EF, 0xEBB2, 0xC98E, 0x0BFB, 424 0xEC41, 0x67B3, 0xFD5F, 0xEA45, 0xBF23, 0xF753, 0x96E4, 0x5B9B, 425 0xC275, 0x1CE1, 0xAE3D, 0x6A4C, 0x5A6C, 0x417E, 0x02F5, 0x4F83, 426 0x5C68, 0xF451, 0x34D1, 0x08F9, 0x93E2, 0x73AB, 0x5362, 0x3F2A, 427 0x0C08, 0x5295, 0x6546, 0x5E9D, 0x2830, 0xA137, 0x0F0A, 0xB52F, 428 0x090E, 0x3624, 0x9B1B, 0x3DDF, 0x26CD, 0x694E, 0xCD7F, 0x9FEA, 429 0x1B12, 0x9E1D, 0x7458, 0x2E34, 0x2D36, 0xB2DC, 0xEEB4, 0xFB5B, 430 0xF6A4, 0x4D76, 0x61B7, 0xCE7D, 0x7B52, 0x3EDD, 0x715E, 0x9713, 431 0xF5A6, 0x68B9, 0x0000, 0x2CC1, 0x6040, 0x1FE3, 0xC879, 0xEDB6, 432 0xBED4, 0x468D, 0xD967, 0x4B72, 0xDE94, 0xD498, 0xE8B0, 0x4A85, 433 0x6BBB, 0x2AC5, 0xE54F, 0x16ED, 0xC586, 0xD79A, 0x5566, 0x9411, 434 0xCF8A, 0x10E9, 0x0604, 0x81FE, 0xF0A0, 0x4478, 0xBA25, 0xE34B, 435 0xF3A2, 0xFE5D, 0xC080, 0x8A05, 0xAD3F, 0xBC21, 0x4870, 0x04F1, 436 0xDF63, 0xC177, 0x75AF, 0x6342, 0x3020, 0x1AE5, 0x0EFD, 0x6DBF, 437 0x4C81, 0x1418, 0x3526, 0x2FC3, 0xE1BE, 0xA235, 0xCC88, 0x392E, 438 0x5793, 0xF255, 0x82FC, 0x477A, 0xACC8, 0xE7BA, 0x2B32, 0x95E6, 439 0xA0C0, 0x9819, 0xD19E, 0x7FA3, 0x6644, 0x7E54, 0xAB3B, 0x830B, 440 0xCA8C, 0x29C7, 0xD36B, 0x3C28, 0x79A7, 0xE2BC, 0x1D16, 0x76AD, 441 0x3BDB, 0x5664, 0x4E74, 0x1E14, 0xDB92, 0x0A0C, 0x6C48, 0xE4B8, 442 0x5D9F, 0x6EBD, 0xEF43, 0xA6C4, 0xA839, 0xA431, 0x37D3, 0x8BF2, 443 0x32D5, 0x438B, 0x596E, 0xB7DA, 0x8C01, 0x64B1, 0xD29C, 0xE049, 444 0xB4D8, 0xFAAC, 0x07F3, 0x25CF, 0xAFCA, 0x8EF4, 0xE947, 0x1810, 445 0xD56F, 0x88F0, 0x6F4A, 0x725C, 0x2438, 0xF157, 0xC773, 0x5197, 446 0x23CB, 0x7CA1, 0x9CE8, 0x213E, 0xDD96, 0xDC61, 0x860D, 0x850F, 447 0x90E0, 0x427C, 0xC471, 0xAACC, 0xD890, 0x0506, 0x01F7, 0x121C, 448 0xA3C2, 0x5F6A, 0xF9AE, 0xD069, 0x9117, 0x5899, 0x273A, 0xB927, 449 0x38D9, 0x13EB, 0xB32B, 0x3322, 0xBBD2, 0x70A9, 0x8907, 0xA733, 450 0xB62D, 0x223C, 0x9215, 0x20C9, 0x4987, 0xFFAA, 0x7850, 0x7AA5, 451 0x8F03, 0xF859, 0x8009, 0x171A, 0xDA65, 0x31D7, 0xC684, 0xB8D0, 452 0xC382, 0xB029, 0x775A, 0x111E, 0xCB7B, 0xFCA8, 0xD66D, 0x3A2C, 453 } 454}; 455 456/* 457 ********************************************************************** 458 * Routine: Phase 1 -- generate P1K, given TA, TK, IV32 459 * 460 * Inputs: 461 * tk[] = temporal key [128 bits] 462 * ta[] = transmitter's MAC address [ 48 bits] 463 * iv32 = upper 32 bits of IV [ 32 bits] 464 * Output: 465 * p1k[] = Phase 1 key [ 80 bits] 466 * 467 * Note: 468 * This function only needs to be called every 2**16 packets, 469 * although in theory it could be called every packet. 470 * 471 ********************************************************************** 472 */ 473static void phase1(u16 *p1k, const u8 *tk, const u8 *ta, u32 iv32) 474{ 475 sint i; 476 477 /* Initialize the 80 bits of P1K[] from IV32 and TA[0..5] */ 478 p1k[0] = Lo16(iv32); 479 p1k[1] = Hi16(iv32); 480 p1k[2] = Mk16(ta[1], ta[0]); /* use TA[] as little-endian */ 481 p1k[3] = Mk16(ta[3], ta[2]); 482 p1k[4] = Mk16(ta[5], ta[4]); 483 /* Now compute an unbalanced Feistel cipher with 80-bit block */ 484 /* size on the 80-bit block P1K[], using the 128-bit key TK[] */ 485 for (i = 0; i < PHASE1_LOOP_CNT; i++) { /* Each add is mod 2**16 */ 486 p1k[0] += _S_(p1k[4] ^ TK16((i & 1) + 0)); 487 p1k[1] += _S_(p1k[0] ^ TK16((i & 1) + 2)); 488 p1k[2] += _S_(p1k[1] ^ TK16((i & 1) + 4)); 489 p1k[3] += _S_(p1k[2] ^ TK16((i & 1) + 6)); 490 p1k[4] += _S_(p1k[3] ^ TK16((i & 1) + 0)); 491 p1k[4] += (unsigned short)i; /* avoid "slide attacks" */ 492 } 493} 494 495/* 496 ********************************************************************** 497 * Routine: Phase 2 -- generate RC4KEY, given TK, P1K, IV16 498 * 499 * Inputs: 500 * tk[] = Temporal key [128 bits] 501 * p1k[] = Phase 1 output key [ 80 bits] 502 * iv16 = low 16 bits of IV counter [ 16 bits] 503 * Output: 504 * rc4key[] = the key used to encrypt the packet [128 bits] 505 * 506 * Note: 507 * The value {TA,IV32,IV16} for Phase1/Phase2 must be unique 508 * across all packets using the same key TK value. Then, for a 509 * given value of TK[], this TKIP48 construction guarantees that 510 * the final RC4KEY value is unique across all packets. 511 * 512 * Suggested implementation optimization: if PPK[] is "overlaid" 513 * appropriately on RC4KEY[], there is no need for the final 514 * for loop below that copies the PPK[] result into RC4KEY[]. 515 * 516 ********************************************************************** 517 */ 518static void phase2(u8 *rc4key, const u8 *tk, const u16 *p1k, u16 iv16) 519{ 520 sint i; 521 u16 PPK[6]; /* temporary key for mixing */ 522 523 /* Note: all adds in the PPK[] equations below are mod 2**16 */ 524 for (i = 0; i < 5; i++) 525 PPK[i] = p1k[i]; /* first, copy P1K to PPK */ 526 PPK[5] = p1k[4] + iv16; /* next, add in IV16 */ 527 /* Bijective non-linear mixing of the 96 bits of PPK[0..5] */ 528 PPK[0] += _S_(PPK[5] ^ TK16(0)); /* Mix key in each "round" */ 529 PPK[1] += _S_(PPK[0] ^ TK16(1)); 530 PPK[2] += _S_(PPK[1] ^ TK16(2)); 531 PPK[3] += _S_(PPK[2] ^ TK16(3)); 532 PPK[4] += _S_(PPK[3] ^ TK16(4)); 533 PPK[5] += _S_(PPK[4] ^ TK16(5)); /* Total # S-box lookups == 6 */ 534 /* Final sweep: bijective, "linear". Rotates kill LSB correlations */ 535 PPK[0] += RotR1(PPK[5] ^ TK16(6)); 536 PPK[1] += RotR1(PPK[0] ^ TK16(7)); /* Use all of TK[] in Phase2 */ 537 PPK[2] += RotR1(PPK[1]); 538 PPK[3] += RotR1(PPK[2]); 539 PPK[4] += RotR1(PPK[3]); 540 PPK[5] += RotR1(PPK[4]); 541 /* Note: At this point, for a given key TK[0..15], the 96-bit output */ 542 /* value PPK[0..5] is guaranteed to be unique, as a function */ 543 /* of the 96-bit "input" value {TA,IV32,IV16}. That is, P1K */ 544 /* is now a keyed permutation of {TA,IV32,IV16}. */ 545 /* Set RC4KEY[0..3], which includes "cleartext" portion of RC4 key */ 546 rc4key[0] = Hi8(iv16); /* RC4KEY[0..2] is the WEP IV */ 547 rc4key[1] = (Hi8(iv16) | 0x20) & 0x7F; /* Help avoid weak (FMS) keys */ 548 rc4key[2] = Lo8(iv16); 549 rc4key[3] = Lo8((PPK[5] ^ TK16(0)) >> 1); 550 /* Copy 96 bits of PPK[0..5] to RC4KEY[4..15] (little-endian) */ 551 for (i = 0; i < 6; i++) { 552 rc4key[4 + 2 * i] = Lo8(PPK[i]); 553 rc4key[5 + 2 * i] = Hi8(PPK[i]); 554 } 555} 556 557/*The hlen isn't include the IV*/ 558u32 r8712_tkip_encrypt(struct _adapter *padapter, u8 *pxmitframe) 559{ /* exclude ICV */ 560 u16 pnl; 561 u32 pnh; 562 u8 rc4key[16]; 563 u8 ttkey[16]; 564 u8 crc[4]; 565 struct arc4context mycontext; 566 u32 curfragnum, length; 567 568 u8 *pframe, *payload, *iv, *prwskey; 569 union pn48 txpn; 570 struct sta_info *stainfo; 571 struct pkt_attrib *pattrib = &((struct xmit_frame *)pxmitframe)->attrib; 572 struct xmit_priv *pxmitpriv = &padapter->xmitpriv; 573 u32 res = _SUCCESS; 574 575 if (((struct xmit_frame *)pxmitframe)->buf_addr == NULL) 576 return _FAIL; 577 578 pframe = ((struct xmit_frame *)pxmitframe)->buf_addr + TXDESC_OFFSET; 579 /* 4 start to encrypt each fragment */ 580 if (pattrib->encrypt == _TKIP_) { 581 if (pattrib->psta) 582 stainfo = pattrib->psta; 583 else 584 stainfo = r8712_get_stainfo(&padapter->stapriv, 585 &pattrib->ra[0]); 586 if (stainfo) { 587 prwskey = &stainfo->x_UncstKey.skey[0]; 588 for (curfragnum = 0; curfragnum < pattrib->nr_frags; 589 curfragnum++) { 590 iv = pframe + pattrib->hdrlen; 591 payload = pframe + pattrib->iv_len + 592 pattrib->hdrlen; 593 GET_TKIP_PN(iv, txpn); 594 pnl = (u16)(txpn.val); 595 pnh = (u32)(txpn.val >> 16); 596 phase1((u16 *)&ttkey[0], prwskey, 597 &pattrib->ta[0], pnh); 598 phase2(&rc4key[0], prwskey, (u16 *)&ttkey[0], 599 pnl); 600 if ((curfragnum + 1) == pattrib->nr_frags) { 601 /* 4 the last fragment */ 602 length = pattrib->last_txcmdsz - 603 pattrib->hdrlen - 604 pattrib->iv_len - 605 pattrib->icv_len; 606 *((__le32 *)crc) = cpu_to_le32( 607 getcrc32(payload, length)); 608 arcfour_init(&mycontext, rc4key, 16); 609 arcfour_encrypt(&mycontext, payload, 610 payload, length); 611 arcfour_encrypt(&mycontext, payload + 612 length, crc, 4); 613 } else { 614 length = pxmitpriv->frag_len - 615 pattrib->hdrlen - 616 pattrib->iv_len - 617 pattrib->icv_len; 618 *((__le32 *)crc) = cpu_to_le32(getcrc32( 619 payload, length)); 620 arcfour_init(&mycontext, rc4key, 16); 621 arcfour_encrypt(&mycontext, payload, 622 payload, length); 623 arcfour_encrypt(&mycontext, 624 payload + length, crc, 625 4); 626 pframe += pxmitpriv->frag_len; 627 pframe = (u8 *)RND4((addr_t)(pframe)); 628 } 629 } 630 } else { 631 res = _FAIL; 632 } 633 } 634 return res; 635} 636 637/* The hlen doesn't include the IV */ 638void r8712_tkip_decrypt(struct _adapter *padapter, u8 *precvframe) 639{ /* exclude ICV */ 640 u16 pnl; 641 u32 pnh; 642 u8 rc4key[16]; 643 u8 ttkey[16]; 644 u8 crc[4]; 645 struct arc4context mycontext; 646 u32 length; 647 u8 *pframe, *payload, *iv, *prwskey, idx = 0; 648 union pn48 txpn; 649 struct sta_info *stainfo; 650 struct rx_pkt_attrib *prxattrib = &((union recv_frame *) 651 precvframe)->u.hdr.attrib; 652 struct security_priv *psecuritypriv = &padapter->securitypriv; 653 654 pframe = (unsigned char *)((union recv_frame *) 655 precvframe)->u.hdr.rx_data; 656 /* 4 start to decrypt recvframe */ 657 if (prxattrib->encrypt == _TKIP_) { 658 stainfo = r8712_get_stainfo(&padapter->stapriv, 659 &prxattrib->ta[0]); 660 if (stainfo) { 661 iv = pframe + prxattrib->hdrlen; 662 payload = pframe + prxattrib->iv_len + 663 prxattrib->hdrlen; 664 length = ((union recv_frame *)precvframe)-> 665 u.hdr.len - prxattrib->hdrlen - 666 prxattrib->iv_len; 667 if (is_multicast_ether_addr(prxattrib->ra)) { 668 idx = iv[3]; 669 prwskey = &psecuritypriv->XGrpKey[ 670 ((idx >> 6) & 0x3) - 1].skey[0]; 671 if (!psecuritypriv->binstallGrpkey) 672 return; 673 } else { 674 prwskey = &stainfo->x_UncstKey.skey[0]; 675 } 676 GET_TKIP_PN(iv, txpn); 677 pnl = (u16)(txpn.val); 678 pnh = (u32)(txpn.val >> 16); 679 phase1((u16 *)&ttkey[0], prwskey, &prxattrib->ta[0], 680 pnh); 681 phase2(&rc4key[0], prwskey, (unsigned short *) 682 &ttkey[0], pnl); 683 /* 4 decrypt payload include icv */ 684 arcfour_init(&mycontext, rc4key, 16); 685 arcfour_encrypt(&mycontext, payload, payload, length); 686 *((__le32 *)crc) = cpu_to_le32(getcrc32(payload, 687 length - 4)); 688 } 689 } 690} 691 692/* 3 =====AES related===== */ 693 694#define MAX_MSG_SIZE 2048 695/*****************************/ 696/******** SBOX Table *********/ 697/*****************************/ 698 699static const u8 sbox_table[256] = { 700 0x63, 0x7c, 0x77, 0x7b, 0xf2, 0x6b, 0x6f, 0xc5, 701 0x30, 0x01, 0x67, 0x2b, 0xfe, 0xd7, 0xab, 0x76, 702 0xca, 0x82, 0xc9, 0x7d, 0xfa, 0x59, 0x47, 0xf0, 703 0xad, 0xd4, 0xa2, 0xaf, 0x9c, 0xa4, 0x72, 0xc0, 704 0xb7, 0xfd, 0x93, 0x26, 0x36, 0x3f, 0xf7, 0xcc, 705 0x34, 0xa5, 0xe5, 0xf1, 0x71, 0xd8, 0x31, 0x15, 706 0x04, 0xc7, 0x23, 0xc3, 0x18, 0x96, 0x05, 0x9a, 707 0x07, 0x12, 0x80, 0xe2, 0xeb, 0x27, 0xb2, 0x75, 708 0x09, 0x83, 0x2c, 0x1a, 0x1b, 0x6e, 0x5a, 0xa0, 709 0x52, 0x3b, 0xd6, 0xb3, 0x29, 0xe3, 0x2f, 0x84, 710 0x53, 0xd1, 0x00, 0xed, 0x20, 0xfc, 0xb1, 0x5b, 711 0x6a, 0xcb, 0xbe, 0x39, 0x4a, 0x4c, 0x58, 0xcf, 712 0xd0, 0xef, 0xaa, 0xfb, 0x43, 0x4d, 0x33, 0x85, 713 0x45, 0xf9, 0x02, 0x7f, 0x50, 0x3c, 0x9f, 0xa8, 714 0x51, 0xa3, 0x40, 0x8f, 0x92, 0x9d, 0x38, 0xf5, 715 0xbc, 0xb6, 0xda, 0x21, 0x10, 0xff, 0xf3, 0xd2, 716 0xcd, 0x0c, 0x13, 0xec, 0x5f, 0x97, 0x44, 0x17, 717 0xc4, 0xa7, 0x7e, 0x3d, 0x64, 0x5d, 0x19, 0x73, 718 0x60, 0x81, 0x4f, 0xdc, 0x22, 0x2a, 0x90, 0x88, 719 0x46, 0xee, 0xb8, 0x14, 0xde, 0x5e, 0x0b, 0xdb, 720 0xe0, 0x32, 0x3a, 0x0a, 0x49, 0x06, 0x24, 0x5c, 721 0xc2, 0xd3, 0xac, 0x62, 0x91, 0x95, 0xe4, 0x79, 722 0xe7, 0xc8, 0x37, 0x6d, 0x8d, 0xd5, 0x4e, 0xa9, 723 0x6c, 0x56, 0xf4, 0xea, 0x65, 0x7a, 0xae, 0x08, 724 0xba, 0x78, 0x25, 0x2e, 0x1c, 0xa6, 0xb4, 0xc6, 725 0xe8, 0xdd, 0x74, 0x1f, 0x4b, 0xbd, 0x8b, 0x8a, 726 0x70, 0x3e, 0xb5, 0x66, 0x48, 0x03, 0xf6, 0x0e, 727 0x61, 0x35, 0x57, 0xb9, 0x86, 0xc1, 0x1d, 0x9e, 728 0xe1, 0xf8, 0x98, 0x11, 0x69, 0xd9, 0x8e, 0x94, 729 0x9b, 0x1e, 0x87, 0xe9, 0xce, 0x55, 0x28, 0xdf, 730 0x8c, 0xa1, 0x89, 0x0d, 0xbf, 0xe6, 0x42, 0x68, 731 0x41, 0x99, 0x2d, 0x0f, 0xb0, 0x54, 0xbb, 0x16 732}; 733 734/****************************************/ 735/* aes128k128d() */ 736/* Performs a 128 bit AES encrypt with */ 737/* 128 bit data. */ 738/****************************************/ 739static void xor_128(u8 *a, u8 *b, u8 *out) 740{ 741 sint i; 742 743 for (i = 0; i < 16; i++) 744 out[i] = a[i] ^ b[i]; 745} 746 747static void xor_32(u8 *a, u8 *b, u8 *out) 748{ 749 sint i; 750 751 for (i = 0; i < 4; i++) 752 out[i] = a[i] ^ b[i]; 753} 754 755static u8 sbox(u8 a) 756{ 757 return sbox_table[(sint)a]; 758} 759 760static void next_key(u8 *key, sint round) 761{ 762 u8 rcon; 763 u8 sbox_key[4]; 764 static const u8 rcon_table[12] = { 765 0x01, 0x02, 0x04, 0x08, 0x10, 0x20, 0x40, 0x80, 766 0x1b, 0x36, 0x36, 0x36 767 }; 768 769 sbox_key[0] = sbox(key[13]); 770 sbox_key[1] = sbox(key[14]); 771 sbox_key[2] = sbox(key[15]); 772 sbox_key[3] = sbox(key[12]); 773 rcon = rcon_table[round]; 774 xor_32(&key[0], sbox_key, &key[0]); 775 key[0] = key[0] ^ rcon; 776 xor_32(&key[4], &key[0], &key[4]); 777 xor_32(&key[8], &key[4], &key[8]); 778 xor_32(&key[12], &key[8], &key[12]); 779} 780 781static void byte_sub(u8 *in, u8 *out) 782{ 783 sint i; 784 785 for (i = 0; i < 16; i++) 786 out[i] = sbox(in[i]); 787} 788 789static void shift_row(u8 *in, u8 *out) 790{ 791 out[0] = in[0]; 792 out[1] = in[5]; 793 out[2] = in[10]; 794 out[3] = in[15]; 795 out[4] = in[4]; 796 out[5] = in[9]; 797 out[6] = in[14]; 798 out[7] = in[3]; 799 out[8] = in[8]; 800 out[9] = in[13]; 801 out[10] = in[2]; 802 out[11] = in[7]; 803 out[12] = in[12]; 804 out[13] = in[1]; 805 out[14] = in[6]; 806 out[15] = in[11]; 807} 808 809static void mix_column(u8 *in, u8 *out) 810{ 811 sint i; 812 u8 add1b[4]; 813 u8 add1bf7[4]; 814 u8 rotl[4]; 815 u8 swap_halves[4]; 816 u8 andf7[4]; 817 u8 rotr[4]; 818 u8 temp[4]; 819 u8 tempb[4]; 820 821 for (i = 0; i < 4; i++) { 822 if ((in[i] & 0x80) == 0x80) 823 add1b[i] = 0x1b; 824 else 825 add1b[i] = 0x00; 826 } 827 swap_halves[0] = in[2]; /* Swap halves */ 828 swap_halves[1] = in[3]; 829 swap_halves[2] = in[0]; 830 swap_halves[3] = in[1]; 831 rotl[0] = in[3]; /* Rotate left 8 bits */ 832 rotl[1] = in[0]; 833 rotl[2] = in[1]; 834 rotl[3] = in[2]; 835 andf7[0] = in[0] & 0x7f; 836 andf7[1] = in[1] & 0x7f; 837 andf7[2] = in[2] & 0x7f; 838 andf7[3] = in[3] & 0x7f; 839 for (i = 3; i > 0; i--) { /* logical shift left 1 bit */ 840 andf7[i] = andf7[i] << 1; 841 if ((andf7[i - 1] & 0x80) == 0x80) 842 andf7[i] = (andf7[i] | 0x01); 843 } 844 andf7[0] = andf7[0] << 1; 845 andf7[0] = andf7[0] & 0xfe; 846 xor_32(add1b, andf7, add1bf7); 847 xor_32(in, add1bf7, rotr); 848 temp[0] = rotr[0]; /* Rotate right 8 bits */ 849 rotr[0] = rotr[1]; 850 rotr[1] = rotr[2]; 851 rotr[2] = rotr[3]; 852 rotr[3] = temp[0]; 853 xor_32(add1bf7, rotr, temp); 854 xor_32(swap_halves, rotl, tempb); 855 xor_32(temp, tempb, out); 856} 857 858static void aes128k128d(u8 *key, u8 *data, u8 *ciphertext) 859{ 860 sint round; 861 sint i; 862 u8 intermediatea[16]; 863 u8 intermediateb[16]; 864 u8 round_key[16]; 865 866 for (i = 0; i < 16; i++) 867 round_key[i] = key[i]; 868 for (round = 0; round < 11; round++) { 869 if (round == 0) { 870 xor_128(round_key, data, ciphertext); 871 next_key(round_key, round); 872 } else if (round == 10) { 873 byte_sub(ciphertext, intermediatea); 874 shift_row(intermediatea, intermediateb); 875 xor_128(intermediateb, round_key, ciphertext); 876 } else { /* 1 - 9 */ 877 byte_sub(ciphertext, intermediatea); 878 shift_row(intermediatea, intermediateb); 879 mix_column(&intermediateb[0], &intermediatea[0]); 880 mix_column(&intermediateb[4], &intermediatea[4]); 881 mix_column(&intermediateb[8], &intermediatea[8]); 882 mix_column(&intermediateb[12], &intermediatea[12]); 883 xor_128(intermediatea, round_key, ciphertext); 884 next_key(round_key, round); 885 } 886 } 887} 888 889/************************************************/ 890/* construct_mic_iv() */ 891/* Builds the MIC IV from header fields and PN */ 892/************************************************/ 893static void construct_mic_iv(u8 *mic_iv, sint qc_exists, sint a4_exists, 894 u8 *mpdu, uint payload_length, u8 *pn_vector) 895{ 896 sint i; 897 898 mic_iv[0] = 0x59; 899 if (qc_exists && a4_exists) 900 mic_iv[1] = mpdu[30] & 0x0f; /* QoS_TC */ 901 if (qc_exists && !a4_exists) 902 mic_iv[1] = mpdu[24] & 0x0f; /* mute bits 7-4 */ 903 if (!qc_exists) 904 mic_iv[1] = 0x00; 905 for (i = 2; i < 8; i++) 906 mic_iv[i] = mpdu[i + 8]; 907 for (i = 8; i < 14; i++) 908 mic_iv[i] = pn_vector[13 - i]; /* mic_iv[8:13] = PN[5:0] */ 909 mic_iv[14] = (unsigned char)(payload_length / 256); 910 mic_iv[15] = (unsigned char)(payload_length % 256); 911} 912 913/************************************************/ 914/* construct_mic_header1() */ 915/* Builds the first MIC header block from */ 916/* header fields. */ 917/************************************************/ 918static void construct_mic_header1(u8 *mic_header1, sint header_length, u8 *mpdu) 919{ 920 mic_header1[0] = (u8)((header_length - 2) / 256); 921 mic_header1[1] = (u8)((header_length - 2) % 256); 922 mic_header1[2] = mpdu[0] & 0xcf; /* Mute CF poll & CF ack bits */ 923 /* Mute retry, more data and pwr mgt bits */ 924 mic_header1[3] = mpdu[1] & 0xc7; 925 mic_header1[4] = mpdu[4]; /* A1 */ 926 mic_header1[5] = mpdu[5]; 927 mic_header1[6] = mpdu[6]; 928 mic_header1[7] = mpdu[7]; 929 mic_header1[8] = mpdu[8]; 930 mic_header1[9] = mpdu[9]; 931 mic_header1[10] = mpdu[10]; /* A2 */ 932 mic_header1[11] = mpdu[11]; 933 mic_header1[12] = mpdu[12]; 934 mic_header1[13] = mpdu[13]; 935 mic_header1[14] = mpdu[14]; 936 mic_header1[15] = mpdu[15]; 937} 938 939/************************************************/ 940/* construct_mic_header2() */ 941/* Builds the last MIC header block from */ 942/* header fields. */ 943/************************************************/ 944static void construct_mic_header2(u8 *mic_header2, u8 *mpdu, sint a4_exists, 945 sint qc_exists) 946{ 947 sint i; 948 949 for (i = 0; i < 16; i++) 950 mic_header2[i] = 0x00; 951 mic_header2[0] = mpdu[16]; /* A3 */ 952 mic_header2[1] = mpdu[17]; 953 mic_header2[2] = mpdu[18]; 954 mic_header2[3] = mpdu[19]; 955 mic_header2[4] = mpdu[20]; 956 mic_header2[5] = mpdu[21]; 957 mic_header2[6] = 0x00; 958 mic_header2[7] = 0x00; /* mpdu[23]; */ 959 if (!qc_exists && a4_exists) 960 for (i = 0; i < 6; i++) 961 mic_header2[8 + i] = mpdu[24 + i]; /* A4 */ 962 if (qc_exists && !a4_exists) { 963 mic_header2[8] = mpdu[24] & 0x0f; /* mute bits 15 - 4 */ 964 mic_header2[9] = mpdu[25] & 0x00; 965 } 966 if (qc_exists && a4_exists) { 967 for (i = 0; i < 6; i++) 968 mic_header2[8 + i] = mpdu[24 + i]; /* A4 */ 969 mic_header2[14] = mpdu[30] & 0x0f; 970 mic_header2[15] = mpdu[31] & 0x00; 971 } 972} 973 974/************************************************/ 975/* construct_mic_header2() */ 976/* Builds the last MIC header block from */ 977/* header fields. */ 978/************************************************/ 979static void construct_ctr_preload(u8 *ctr_preload, 980 sint a4_exists, sint qc_exists, 981 u8 *mpdu, u8 *pn_vector, sint c) 982{ 983 sint i; 984 985 for (i = 0; i < 16; i++) 986 ctr_preload[i] = 0x00; 987 i = 0; 988 ctr_preload[0] = 0x01; /* flag */ 989 if (qc_exists && a4_exists) 990 ctr_preload[1] = mpdu[30] & 0x0f; 991 if (qc_exists && !a4_exists) 992 ctr_preload[1] = mpdu[24] & 0x0f; 993 for (i = 2; i < 8; i++) 994 ctr_preload[i] = mpdu[i + 8]; 995 for (i = 8; i < 14; i++) 996 ctr_preload[i] = pn_vector[13 - i]; 997 ctr_preload[14] = (unsigned char)(c / 256); /* Ctr */ 998 ctr_preload[15] = (unsigned char)(c % 256); 999} 1000 1001/************************************/ 1002/* bitwise_xor() */ 1003/* A 128 bit, bitwise exclusive or */ 1004/************************************/ 1005static void bitwise_xor(u8 *ina, u8 *inb, u8 *out) 1006{ 1007 sint i; 1008 1009 for (i = 0; i < 16; i++) 1010 out[i] = ina[i] ^ inb[i]; 1011} 1012 1013static void aes_cipher(u8 *key, uint hdrlen, 1014 u8 *pframe, uint plen) 1015{ 1016 uint qc_exists, a4_exists, i, j, payload_remainder; 1017 uint num_blocks, payload_index; 1018 1019 u8 pn_vector[6]; 1020 u8 mic_iv[16]; 1021 u8 mic_header1[16]; 1022 u8 mic_header2[16]; 1023 u8 ctr_preload[16]; 1024 1025 /* Intermediate Buffers */ 1026 u8 chain_buffer[16]; 1027 u8 aes_out[16]; 1028 u8 padded_buffer[16]; 1029 u8 mic[8]; 1030 u16 frtype = GetFrameType(pframe); 1031 u16 frsubtype = GetFrameSubType(pframe); 1032 1033 frsubtype >>= 4; 1034 memset((void *)mic_iv, 0, 16); 1035 memset((void *)mic_header1, 0, 16); 1036 memset((void *)mic_header2, 0, 16); 1037 memset((void *)ctr_preload, 0, 16); 1038 memset((void *)chain_buffer, 0, 16); 1039 memset((void *)aes_out, 0, 16); 1040 memset((void *)padded_buffer, 0, 16); 1041 1042 if ((hdrlen == WLAN_HDR_A3_LEN) || (hdrlen == WLAN_HDR_A3_QOS_LEN)) 1043 a4_exists = 0; 1044 else 1045 a4_exists = 1; 1046 1047 if ((frtype == (IEEE80211_FTYPE_DATA | IEEE80211_STYPE_DATA_CFACK)) || 1048 (frtype == (IEEE80211_FTYPE_DATA | IEEE80211_STYPE_DATA_CFPOLL)) || 1049 (frtype == (IEEE80211_FTYPE_DATA | IEEE80211_STYPE_DATA_CFACKPOLL))) { 1050 qc_exists = 1; 1051 if (hdrlen != WLAN_HDR_A3_QOS_LEN) 1052 hdrlen += 2; 1053 } else if ((frsubtype == 0x08) || 1054 (frsubtype == 0x09) || 1055 (frsubtype == 0x0a) || 1056 (frsubtype == 0x0b)) { 1057 if (hdrlen != WLAN_HDR_A3_QOS_LEN) 1058 hdrlen += 2; 1059 qc_exists = 1; 1060 } else { 1061 qc_exists = 0; 1062 } 1063 pn_vector[0] = pframe[hdrlen]; 1064 pn_vector[1] = pframe[hdrlen + 1]; 1065 pn_vector[2] = pframe[hdrlen + 4]; 1066 pn_vector[3] = pframe[hdrlen + 5]; 1067 pn_vector[4] = pframe[hdrlen + 6]; 1068 pn_vector[5] = pframe[hdrlen + 7]; 1069 construct_mic_iv(mic_iv, qc_exists, a4_exists, pframe, plen, pn_vector); 1070 construct_mic_header1(mic_header1, hdrlen, pframe); 1071 construct_mic_header2(mic_header2, pframe, a4_exists, qc_exists); 1072 payload_remainder = plen % 16; 1073 num_blocks = plen / 16; 1074 /* Find start of payload */ 1075 payload_index = hdrlen + 8; 1076 /* Calculate MIC */ 1077 aes128k128d(key, mic_iv, aes_out); 1078 bitwise_xor(aes_out, mic_header1, chain_buffer); 1079 aes128k128d(key, chain_buffer, aes_out); 1080 bitwise_xor(aes_out, mic_header2, chain_buffer); 1081 aes128k128d(key, chain_buffer, aes_out); 1082 for (i = 0; i < num_blocks; i++) { 1083 bitwise_xor(aes_out, &pframe[payload_index], chain_buffer); 1084 payload_index += 16; 1085 aes128k128d(key, chain_buffer, aes_out); 1086 } 1087 /* Add on the final payload block if it needs padding */ 1088 if (payload_remainder > 0) { 1089 for (j = 0; j < 16; j++) 1090 padded_buffer[j] = 0x00; 1091 for (j = 0; j < payload_remainder; j++) 1092 padded_buffer[j] = pframe[payload_index++]; 1093 bitwise_xor(aes_out, padded_buffer, chain_buffer); 1094 aes128k128d(key, chain_buffer, aes_out); 1095 } 1096 for (j = 0; j < 8; j++) 1097 mic[j] = aes_out[j]; 1098 /* Insert MIC into payload */ 1099 for (j = 0; j < 8; j++) 1100 pframe[payload_index + j] = mic[j]; 1101 payload_index = hdrlen + 8; 1102 for (i = 0; i < num_blocks; i++) { 1103 construct_ctr_preload(ctr_preload, a4_exists, qc_exists, 1104 pframe, pn_vector, i + 1); 1105 aes128k128d(key, ctr_preload, aes_out); 1106 bitwise_xor(aes_out, &pframe[payload_index], chain_buffer); 1107 for (j = 0; j < 16; j++) 1108 pframe[payload_index++] = chain_buffer[j]; 1109 } 1110 if (payload_remainder > 0) { /* If short final block, then pad it,*/ 1111 /* encrypt and copy unpadded part back */ 1112 construct_ctr_preload(ctr_preload, a4_exists, qc_exists, 1113 pframe, pn_vector, num_blocks + 1); 1114 for (j = 0; j < 16; j++) 1115 padded_buffer[j] = 0x00; 1116 for (j = 0; j < payload_remainder; j++) 1117 padded_buffer[j] = pframe[payload_index + j]; 1118 aes128k128d(key, ctr_preload, aes_out); 1119 bitwise_xor(aes_out, padded_buffer, chain_buffer); 1120 for (j = 0; j < payload_remainder; j++) 1121 pframe[payload_index++] = chain_buffer[j]; 1122 } 1123 /* Encrypt the MIC */ 1124 construct_ctr_preload(ctr_preload, a4_exists, qc_exists, 1125 pframe, pn_vector, 0); 1126 for (j = 0; j < 16; j++) 1127 padded_buffer[j] = 0x00; 1128 for (j = 0; j < 8; j++) 1129 padded_buffer[j] = pframe[j + hdrlen + 8 + plen]; 1130 aes128k128d(key, ctr_preload, aes_out); 1131 bitwise_xor(aes_out, padded_buffer, chain_buffer); 1132 for (j = 0; j < 8; j++) 1133 pframe[payload_index++] = chain_buffer[j]; 1134} 1135 1136u32 r8712_aes_encrypt(struct _adapter *padapter, u8 *pxmitframe) 1137{ /* exclude ICV */ 1138 /* Intermediate Buffers */ 1139 sint curfragnum, length; 1140 u8 *pframe, *prwskey; 1141 struct sta_info *stainfo; 1142 struct pkt_attrib *pattrib = &((struct xmit_frame *) 1143 pxmitframe)->attrib; 1144 struct xmit_priv *pxmitpriv = &padapter->xmitpriv; 1145 u32 res = _SUCCESS; 1146 1147 if (((struct xmit_frame *)pxmitframe)->buf_addr == NULL) 1148 return _FAIL; 1149 pframe = ((struct xmit_frame *)pxmitframe)->buf_addr + TXDESC_OFFSET; 1150 /* 4 start to encrypt each fragment */ 1151 if (pattrib->encrypt == _AES_) { 1152 if (pattrib->psta) 1153 stainfo = pattrib->psta; 1154 else 1155 stainfo = r8712_get_stainfo(&padapter->stapriv, 1156 &pattrib->ra[0]); 1157 if (stainfo) { 1158 prwskey = &stainfo->x_UncstKey.skey[0]; 1159 for (curfragnum = 0; curfragnum < pattrib->nr_frags; 1160 curfragnum++) { 1161 if ((curfragnum + 1) == pattrib->nr_frags) { 1162 length = pattrib->last_txcmdsz - 1163 pattrib->hdrlen - 1164 pattrib->iv_len - 1165 pattrib->icv_len; 1166 aes_cipher(prwskey, pattrib->hdrlen, 1167 pframe, length); 1168 } else { 1169 length = pxmitpriv->frag_len - 1170 pattrib->hdrlen - 1171 pattrib->iv_len - 1172 pattrib->icv_len; 1173 aes_cipher(prwskey, pattrib->hdrlen, 1174 pframe, length); 1175 pframe += pxmitpriv->frag_len; 1176 pframe = (u8 *)RND4((addr_t)(pframe)); 1177 } 1178 } 1179 } else { 1180 res = _FAIL; 1181 } 1182 } 1183 return res; 1184} 1185 1186static void aes_decipher(u8 *key, uint hdrlen, 1187 u8 *pframe, uint plen) 1188{ 1189 static u8 message[MAX_MSG_SIZE]; 1190 uint qc_exists, a4_exists, i, j, payload_remainder; 1191 uint num_blocks, payload_index; 1192 u8 pn_vector[6]; 1193 u8 mic_iv[16]; 1194 u8 mic_header1[16]; 1195 u8 mic_header2[16]; 1196 u8 ctr_preload[16]; 1197 /* Intermediate Buffers */ 1198 u8 chain_buffer[16]; 1199 u8 aes_out[16]; 1200 u8 padded_buffer[16]; 1201 u8 mic[8]; 1202 uint frtype = GetFrameType(pframe); 1203 uint frsubtype = GetFrameSubType(pframe); 1204 1205 frsubtype >>= 4; 1206 memset((void *)mic_iv, 0, 16); 1207 memset((void *)mic_header1, 0, 16); 1208 memset((void *)mic_header2, 0, 16); 1209 memset((void *)ctr_preload, 0, 16); 1210 memset((void *)chain_buffer, 0, 16); 1211 memset((void *)aes_out, 0, 16); 1212 memset((void *)padded_buffer, 0, 16); 1213 /* start to decrypt the payload */ 1214 /*(plen including llc, payload and mic) */ 1215 num_blocks = (plen - 8) / 16; 1216 payload_remainder = (plen - 8) % 16; 1217 pn_vector[0] = pframe[hdrlen]; 1218 pn_vector[1] = pframe[hdrlen + 1]; 1219 pn_vector[2] = pframe[hdrlen + 4]; 1220 pn_vector[3] = pframe[hdrlen + 5]; 1221 pn_vector[4] = pframe[hdrlen + 6]; 1222 pn_vector[5] = pframe[hdrlen + 7]; 1223 if ((hdrlen == WLAN_HDR_A3_LEN) || (hdrlen == WLAN_HDR_A3_QOS_LEN)) 1224 a4_exists = 0; 1225 else 1226 a4_exists = 1; 1227 if ((frtype == (IEEE80211_FTYPE_DATA | IEEE80211_STYPE_DATA_CFACK)) || 1228 (frtype == (IEEE80211_FTYPE_DATA | IEEE80211_STYPE_DATA_CFPOLL)) || 1229 (frtype == (IEEE80211_FTYPE_DATA | IEEE80211_STYPE_DATA_CFACKPOLL))) { 1230 qc_exists = 1; 1231 if (hdrlen != WLAN_HDR_A3_QOS_LEN) 1232 hdrlen += 2; 1233 } else if ((frsubtype == 0x08) || 1234 (frsubtype == 0x09) || 1235 (frsubtype == 0x0a) || 1236 (frsubtype == 0x0b)) { 1237 if (hdrlen != WLAN_HDR_A3_QOS_LEN) 1238 hdrlen += 2; 1239 qc_exists = 1; 1240 } else { 1241 qc_exists = 0; 1242 } 1243 /* now, decrypt pframe with hdrlen offset and plen long */ 1244 payload_index = hdrlen + 8; /* 8 is for extiv */ 1245 for (i = 0; i < num_blocks; i++) { 1246 construct_ctr_preload(ctr_preload, a4_exists, qc_exists, 1247 pframe, pn_vector, i + 1); 1248 aes128k128d(key, ctr_preload, aes_out); 1249 bitwise_xor(aes_out, &pframe[payload_index], chain_buffer); 1250 for (j = 0; j < 16; j++) 1251 pframe[payload_index++] = chain_buffer[j]; 1252 } 1253 if (payload_remainder > 0) { /* If short final block, pad it,*/ 1254 /* encrypt it and copy the unpadded part back */ 1255 construct_ctr_preload(ctr_preload, a4_exists, qc_exists, 1256 pframe, pn_vector, num_blocks + 1); 1257 for (j = 0; j < 16; j++) 1258 padded_buffer[j] = 0x00; 1259 for (j = 0; j < payload_remainder; j++) 1260 padded_buffer[j] = pframe[payload_index + j]; 1261 aes128k128d(key, ctr_preload, aes_out); 1262 bitwise_xor(aes_out, padded_buffer, chain_buffer); 1263 for (j = 0; j < payload_remainder; j++) 1264 pframe[payload_index++] = chain_buffer[j]; 1265 } 1266 /* start to calculate the mic */ 1267 memcpy((void *)message, pframe, (hdrlen + plen + 8)); 1268 pn_vector[0] = pframe[hdrlen]; 1269 pn_vector[1] = pframe[hdrlen + 1]; 1270 pn_vector[2] = pframe[hdrlen + 4]; 1271 pn_vector[3] = pframe[hdrlen + 5]; 1272 pn_vector[4] = pframe[hdrlen + 6]; 1273 pn_vector[5] = pframe[hdrlen + 7]; 1274 construct_mic_iv(mic_iv, qc_exists, a4_exists, message, plen - 8, 1275 pn_vector); 1276 construct_mic_header1(mic_header1, hdrlen, message); 1277 construct_mic_header2(mic_header2, message, a4_exists, qc_exists); 1278 payload_remainder = (plen - 8) % 16; 1279 num_blocks = (plen - 8) / 16; 1280 /* Find start of payload */ 1281 payload_index = hdrlen + 8; 1282 /* Calculate MIC */ 1283 aes128k128d(key, mic_iv, aes_out); 1284 bitwise_xor(aes_out, mic_header1, chain_buffer); 1285 aes128k128d(key, chain_buffer, aes_out); 1286 bitwise_xor(aes_out, mic_header2, chain_buffer); 1287 aes128k128d(key, chain_buffer, aes_out); 1288 for (i = 0; i < num_blocks; i++) { 1289 bitwise_xor(aes_out, &message[payload_index], chain_buffer); 1290 payload_index += 16; 1291 aes128k128d(key, chain_buffer, aes_out); 1292 } 1293 /* Add on the final payload block if it needs padding */ 1294 if (payload_remainder > 0) { 1295 for (j = 0; j < 16; j++) 1296 padded_buffer[j] = 0x00; 1297 for (j = 0; j < payload_remainder; j++) 1298 padded_buffer[j] = message[payload_index++]; 1299 bitwise_xor(aes_out, padded_buffer, chain_buffer); 1300 aes128k128d(key, chain_buffer, aes_out); 1301 } 1302 for (j = 0; j < 8; j++) 1303 mic[j] = aes_out[j]; 1304 /* Insert MIC into payload */ 1305 for (j = 0; j < 8; j++) 1306 message[payload_index + j] = mic[j]; 1307 payload_index = hdrlen + 8; 1308 for (i = 0; i < num_blocks; i++) { 1309 construct_ctr_preload(ctr_preload, a4_exists, qc_exists, 1310 message, pn_vector, i + 1); 1311 aes128k128d(key, ctr_preload, aes_out); 1312 bitwise_xor(aes_out, &message[payload_index], chain_buffer); 1313 for (j = 0; j < 16; j++) 1314 message[payload_index++] = chain_buffer[j]; 1315 } 1316 if (payload_remainder > 0) { /* If short final block, pad it,*/ 1317 /* encrypt and copy unpadded part back */ 1318 construct_ctr_preload(ctr_preload, a4_exists, qc_exists, 1319 message, pn_vector, num_blocks + 1); 1320 for (j = 0; j < 16; j++) 1321 padded_buffer[j] = 0x00; 1322 for (j = 0; j < payload_remainder; j++) 1323 padded_buffer[j] = message[payload_index + j]; 1324 aes128k128d(key, ctr_preload, aes_out); 1325 bitwise_xor(aes_out, padded_buffer, chain_buffer); 1326 for (j = 0; j < payload_remainder; j++) 1327 message[payload_index++] = chain_buffer[j]; 1328 } 1329 /* Encrypt the MIC */ 1330 construct_ctr_preload(ctr_preload, a4_exists, qc_exists, message, 1331 pn_vector, 0); 1332 for (j = 0; j < 16; j++) 1333 padded_buffer[j] = 0x00; 1334 for (j = 0; j < 8; j++) 1335 padded_buffer[j] = message[j + hdrlen + plen]; 1336 aes128k128d(key, ctr_preload, aes_out); 1337 bitwise_xor(aes_out, padded_buffer, chain_buffer); 1338 for (j = 0; j < 8; j++) 1339 message[payload_index++] = chain_buffer[j]; 1340 /* compare the mic */ 1341} 1342 1343void r8712_aes_decrypt(struct _adapter *padapter, u8 *precvframe) 1344{ /* exclude ICV */ 1345 /* Intermediate Buffers */ 1346 sint length; 1347 u8 *pframe, *prwskey, *iv, idx; 1348 struct sta_info *stainfo; 1349 struct rx_pkt_attrib *prxattrib = &((union recv_frame *) 1350 precvframe)->u.hdr.attrib; 1351 struct security_priv *psecuritypriv = &padapter->securitypriv; 1352 1353 pframe = (unsigned char *)((union recv_frame *)precvframe)-> 1354 u.hdr.rx_data; 1355 /* 4 start to encrypt each fragment */ 1356 if (prxattrib->encrypt == _AES_) { 1357 stainfo = r8712_get_stainfo(&padapter->stapriv, 1358 &prxattrib->ta[0]); 1359 if (stainfo) { 1360 if (is_multicast_ether_addr(prxattrib->ra)) { 1361 iv = pframe + prxattrib->hdrlen; 1362 idx = iv[3]; 1363 prwskey = &psecuritypriv->XGrpKey[ 1364 ((idx >> 6) & 0x3) - 1].skey[0]; 1365 if (!psecuritypriv->binstallGrpkey) 1366 return; 1367 1368 } else { 1369 prwskey = &stainfo->x_UncstKey.skey[0]; 1370 } 1371 length = ((union recv_frame *)precvframe)-> 1372 u.hdr.len - prxattrib->hdrlen - 1373 prxattrib->iv_len; 1374 aes_decipher(prwskey, prxattrib->hdrlen, pframe, 1375 length); 1376 } 1377 } 1378} 1379 1380void r8712_use_tkipkey_handler(struct timer_list *t) 1381{ 1382 struct _adapter *padapter = 1383 from_timer(padapter, t, securitypriv.tkip_timer); 1384 1385 padapter->securitypriv.busetkipkey = true; 1386}