projects / deliverable / linux.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
Merge tag 'usb-3.16-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh...
[deliverable/linux.git] / drivers / staging / rtl8712 / rtl871x_security.c
1 /******************************************************************************
2 * rtl871x_security.c
3 *
4 * Copyright(c) 2007 - 2010 Realtek Corporation. All rights reserved.
5 * Linux device driver for RTL8192SU
6 *
7 * This program is free software; you can redistribute it and/or modify it
8 * under the terms of version 2 of the GNU General Public License as
9 * published by the Free Software Foundation.
10 *
11 * This program is distributed in the hope that it will be useful, but WITHOUT
12 * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
13 * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for
14 * more details.
15 *
16 * You should have received a copy of the GNU General Public License along with
17 * this program; if not, write to the Free Software Foundation, Inc.,
18 * 51 Franklin Street, Fifth Floor, Boston, MA 02110, USA
19 *
20 * Modifications for inclusion into the Linux staging tree are
21 * Copyright(c) 2010 Larry Finger. All rights reserved.
22 *
23 * Contact information:
24 * WLAN FAE <wlanfae@realtek.com>
25 * Larry Finger <Larry.Finger@lwfinger.net>
26 *
27 ******************************************************************************/
28
29 #define _RTL871X_SECURITY_C_
30
31 #include <linux/compiler.h>
32 #include <linux/kernel.h>
33 #include <linux/errno.h>
34 #include <linux/slab.h>
35 #include <linux/module.h>
36 #include <linux/kref.h>
37 #include <linux/netdevice.h>
38 #include <linux/skbuff.h>
39 #include <linux/circ_buf.h>
40 #include <linux/uaccess.h>
41 #include <asm/byteorder.h>
42 #include <linux/atomic.h>
43 #include <linux/semaphore.h>
44
45 #include "osdep_service.h"
46 #include "drv_types.h"
47 #include "wifi.h"
48 #include "osdep_intf.h"
49
50 /* =====WEP related===== */
51
52 #define CRC32_POLY 0x04c11db7
53
54 struct arc4context {
55 u32 x;
56 u32 y;
57 u8 state[256];
58 };
59
60 static void arcfour_init(struct arc4context *parc4ctx, u8 *key, u32 key_len)
61 {
62 u32 t, u;
63 u32 keyindex;
64 u32 stateindex;
65 u8 *state;
66 u32 counter;
67
68 state = parc4ctx->state;
69 parc4ctx->x = 0;
70 parc4ctx->y = 0;
71 for (counter = 0; counter < 256; counter++)
72 state[counter] = (u8)counter;
73 keyindex = 0;
74 stateindex = 0;
75 for (counter = 0; counter < 256; counter++) {
76 t = state[counter];
77 stateindex = (stateindex + key[keyindex] + t) & 0xff;
78 u = state[stateindex];
79 state[stateindex] = (u8)t;
80 state[counter] = (u8)u;
81 if (++keyindex >= key_len)
82 keyindex = 0;
83 }
84 }
85
86 static u32 arcfour_byte(struct arc4context *parc4ctx)
87 {
88 u32 x;
89 u32 y;
90 u32 sx, sy;
91 u8 *state;
92
93 state = parc4ctx->state;
94 x = (parc4ctx->x + 1) & 0xff;
95 sx = state[x];
96 y = (sx + parc4ctx->y) & 0xff;
97 sy = state[y];
98 parc4ctx->x = x;
99 parc4ctx->y = y;
100 state[y] = (u8)sx;
101 state[x] = (u8)sy;
102 return state[(sx + sy) & 0xff];
103 }
104
105 static void arcfour_encrypt(struct arc4context *parc4ctx,
106 u8 *dest, u8 *src, u32 len)
107 {
108 u32 i;
109
110 for (i = 0; i < len; i++)
111 dest[i] = src[i] ^ (unsigned char)arcfour_byte(parc4ctx);
112 }
113
114 static sint bcrc32initialized;
115 static u32 crc32_table[256];
116
117 static u8 crc32_reverseBit(u8 data)
118 {
119 return ((u8)(data << 7) & 0x80) | ((data << 5) & 0x40) | ((data << 3)
120 & 0x20) | ((data << 1) & 0x10) | ((data >> 1) & 0x08) |
121 ((data >> 3) & 0x04) | ((data >> 5) & 0x02) | ((data >> 7) &
122 0x01);
123 }
124
125 static void crc32_init(void)
126 {
127 if (bcrc32initialized == 1)
128 return;
129 else {
130 sint i, j;
131 u32 c;
132 u8 *p = (u8 *)&c, *p1;
133 u8 k;
134
135 c = 0x12340000;
136 for (i = 0; i < 256; ++i) {
137 k = crc32_reverseBit((u8)i);
138 for (c = ((u32)k) << 24, j = 8; j > 0; --j)
139 c = c & 0x80000000 ? (c << 1) ^ CRC32_POLY :
140 (c << 1);
141 p1 = (u8 *)&crc32_table[i];
142 p1[0] = crc32_reverseBit(p[3]);
143 p1[1] = crc32_reverseBit(p[2]);
144 p1[2] = crc32_reverseBit(p[1]);
145 p1[3] = crc32_reverseBit(p[0]);
146 }
147 bcrc32initialized = 1;
148 }
149 }
150
151 static u32 getcrc32(u8 *buf, u32 len)
152 {
153 u8 *p;
154 u32 crc;
155
156 if (bcrc32initialized == 0)
157 crc32_init();
158 crc = 0xffffffff; /* preload shift register, per CRC-32 spec */
159 for (p = buf; len > 0; ++p, --len)
160 crc = crc32_table[(crc ^ *p) & 0xff] ^ (crc >> 8);
161 return ~crc; /* transmit complement, per CRC-32 spec */
162 }
163
164 /*
165 Need to consider the fragment situation
166 */
167 void r8712_wep_encrypt(struct _adapter *padapter, u8 *pxmitframe)
168 { /* exclude ICV */
169 unsigned char crc[4];
170 struct arc4context mycontext;
171 u32 curfragnum, length, keylength;
172 u8 *pframe, *payload, *iv; /*,*wepkey*/
173 u8 wepkey[16];
174 struct pkt_attrib *pattrib = &((struct xmit_frame *)
175 pxmitframe)->attrib;
176 struct security_priv *psecuritypriv = &padapter->securitypriv;
177 struct xmit_priv *pxmitpriv = &padapter->xmitpriv;
178
179 if (((struct xmit_frame *)pxmitframe)->buf_addr == NULL)
180 return;
181 pframe = ((struct xmit_frame *)pxmitframe)->buf_addr+TXDESC_OFFSET;
182 /*start to encrypt each fragment*/
183 if ((pattrib->encrypt == _WEP40_) || (pattrib->encrypt == _WEP104_)) {
184 keylength = psecuritypriv->DefKeylen[psecuritypriv->
185 PrivacyKeyIndex];
186 for (curfragnum = 0; curfragnum < pattrib->nr_frags;
187 curfragnum++) {
188 iv = pframe+pattrib->hdrlen;
189 memcpy(&wepkey[0], iv, 3);
190 memcpy(&wepkey[3], &psecuritypriv->DefKey[
191 psecuritypriv->PrivacyKeyIndex].skey[0],
192 keylength);
193 payload = pframe+pattrib->iv_len+pattrib->hdrlen;
194 if ((curfragnum + 1) == pattrib->nr_frags) {
195 length = pattrib->last_txcmdsz-pattrib->
196 hdrlen-pattrib->iv_len -
197 pattrib->icv_len;
198 *((u32 *)crc) = cpu_to_le32(getcrc32(
199 payload, length));
200 arcfour_init(&mycontext, wepkey, 3 + keylength);
201 arcfour_encrypt(&mycontext, payload, payload,
202 length);
203 arcfour_encrypt(&mycontext, payload + length,
204 crc, 4);
205 } else {
206 length = pxmitpriv->frag_len-pattrib->hdrlen -
207 pattrib->iv_len-pattrib->icv_len;
208 *((u32 *)crc) = cpu_to_le32(getcrc32(
209 payload, length));
210 arcfour_init(&mycontext, wepkey, 3 + keylength);
211 arcfour_encrypt(&mycontext, payload, payload,
212 length);
213 arcfour_encrypt(&mycontext, payload+length,
214 crc, 4);
215 pframe += pxmitpriv->frag_len;
216 pframe = (u8 *)RND4((addr_t)(pframe));
217 }
218 }
219 }
220 }
221
222 void r8712_wep_decrypt(struct _adapter *padapter, u8 *precvframe)
223 {
224 /* exclude ICV */
225 u8 crc[4];
226 struct arc4context mycontext;
227 u32 length, keylength;
228 u8 *pframe, *payload, *iv, wepkey[16];
229 u8 keyindex;
230 struct rx_pkt_attrib *prxattrib = &(((union recv_frame *)
231 precvframe)->u.hdr.attrib);
232 struct security_priv *psecuritypriv = &padapter->securitypriv;
233
234 pframe = (unsigned char *)((union recv_frame *)precvframe)->
235 u.hdr.rx_data;
236 /* start to decrypt recvframe */
237 if ((prxattrib->encrypt == _WEP40_) || (prxattrib->encrypt ==
238 _WEP104_)) {
239 iv = pframe + prxattrib->hdrlen;
240 keyindex = (iv[3] & 0x3);
241 keylength = psecuritypriv->DefKeylen[keyindex];
242 memcpy(&wepkey[0], iv, 3);
243 memcpy(&wepkey[3], &psecuritypriv->DefKey[
244 psecuritypriv->PrivacyKeyIndex].skey[0],
245 keylength);
246 length = ((union recv_frame *)precvframe)->
247 u.hdr.len-prxattrib->hdrlen-prxattrib->iv_len;
248 payload = pframe+prxattrib->iv_len+prxattrib->hdrlen;
249 /* decrypt payload include icv */
250 arcfour_init(&mycontext, wepkey, 3 + keylength);
251 arcfour_encrypt(&mycontext, payload, payload, length);
252 /* calculate icv and compare the icv */
253 *((u32 *)crc) = cpu_to_le32(getcrc32(payload, length - 4));
254 }
255 return;
256 }
257
258 /* 3 =====TKIP related===== */
259
260 static u32 secmicgetuint32(u8 *p)
261 /* Convert from Byte[] to Us4Byte32 in a portable way */
262 {
263 s32 i;
264 u32 res = 0;
265
266 for (i = 0; i < 4; i++)
267 res |= ((u32)(*p++)) << (8 * i);
268 return res;
269 }
270
271 static void secmicputuint32(u8 *p, u32 val)
272 /* Convert from Us4Byte32 to Byte[] in a portable way */
273 {
274 long i;
275
276 for (i = 0; i < 4; i++) {
277 *p++ = (u8) (val & 0xff);
278 val >>= 8;
279 }
280 }
281
282 static void secmicclear(struct mic_data *pmicdata)
283 {
284 /* Reset the state to the empty message. */
285 pmicdata->L = pmicdata->K0;
286 pmicdata->R = pmicdata->K1;
287 pmicdata->nBytesInM = 0;
288 pmicdata->M = 0;
289 }
290
291 void r8712_secmicsetkey(struct mic_data *pmicdata, u8 *key)
292 {
293 /* Set the key */
294 pmicdata->K0 = secmicgetuint32(key);
295 pmicdata->K1 = secmicgetuint32(key + 4);
296 /* and reset the message */
297 secmicclear(pmicdata);
298 }
299
300 static void secmicappendbyte(struct mic_data *pmicdata, u8 b)
301 {
302 /* Append the byte to our word-sized buffer */
303 pmicdata->M |= ((u32)b) << (8 * pmicdata->nBytesInM);
304 pmicdata->nBytesInM++;
305 /* Process the word if it is full. */
306 if (pmicdata->nBytesInM >= 4) {
307 pmicdata->L ^= pmicdata->M;
308 pmicdata->R ^= ROL32(pmicdata->L, 17);
309 pmicdata->L += pmicdata->R;
310 pmicdata->R ^= ((pmicdata->L & 0xff00ff00) >> 8) |
311 ((pmicdata->L & 0x00ff00ff) << 8);
312 pmicdata->L += pmicdata->R;
313 pmicdata->R ^= ROL32(pmicdata->L, 3);
314 pmicdata->L += pmicdata->R;
315 pmicdata->R ^= ROR32(pmicdata->L, 2);
316 pmicdata->L += pmicdata->R;
317 /* Clear the buffer */
318 pmicdata->M = 0;
319 pmicdata->nBytesInM = 0;
320 }
321 }
322
323 void r8712_secmicappend(struct mic_data *pmicdata, u8 *src, u32 nbytes)
324 {
325 /* This is simple */
326 while (nbytes > 0) {
327 secmicappendbyte(pmicdata, *src++);
328 nbytes--;
329 }
330 }
331
332 void r8712_secgetmic(struct mic_data *pmicdata, u8 *dst)
333 {
334 /* Append the minimum padding */
335 secmicappendbyte(pmicdata, 0x5a);
336 secmicappendbyte(pmicdata, 0);
337 secmicappendbyte(pmicdata, 0);
338 secmicappendbyte(pmicdata, 0);
339 secmicappendbyte(pmicdata, 0);
340 /* and then zeroes until the length is a multiple of 4 */
341 while (pmicdata->nBytesInM != 0)
342 secmicappendbyte(pmicdata, 0);
343 /* The appendByte function has already computed the result. */
344 secmicputuint32(dst, pmicdata->L);
345 secmicputuint32(dst + 4, pmicdata->R);
346 /* Reset to the empty message. */
347 secmicclear(pmicdata);
348 }
349
350 void seccalctkipmic(u8 *key, u8 *header, u8 *data, u32 data_len, u8 *mic_code,
351 u8 pri)
352 {
353
354 struct mic_data micdata;
355 u8 priority[4] = {0x0, 0x0, 0x0, 0x0};
356
357 r8712_secmicsetkey(&micdata, key);
358 priority[0] = pri;
359 /* Michael MIC pseudo header: DA, SA, 3 x 0, Priority */
360 if (header[1] & 1) { /* ToDS==1 */
361 r8712_secmicappend(&micdata, &header[16], 6); /* DA */
362 if (header[1] & 2) /* From Ds==1 */
363 r8712_secmicappend(&micdata, &header[24], 6);
364 else
365 r8712_secmicappend(&micdata, &header[10], 6);
366 } else { /* ToDS==0 */
367 r8712_secmicappend(&micdata, &header[4], 6); /* DA */
368 if (header[1] & 2) /* From Ds==1 */
369 r8712_secmicappend(&micdata, &header[16], 6);
370 else
371 r8712_secmicappend(&micdata, &header[10], 6);
372 }
373 r8712_secmicappend(&micdata, &priority[0], 4);
374 r8712_secmicappend(&micdata, data, data_len);
375 r8712_secgetmic(&micdata, mic_code);
376 }
377
378 /* macros for extraction/creation of unsigned char/unsigned short values */
379 #define RotR1(v16) ((((v16) >> 1) & 0x7FFF) ^ (((v16) & 1) << 15))
380 #define Lo8(v16) ((u8)((v16) & 0x00FF))
381 #define Hi8(v16) ((u8)(((v16) >> 8) & 0x00FF))
382 #define Lo16(v32) ((u16)((v32) & 0xFFFF))
383 #define Hi16(v32) ((u16)(((v32) >> 16) & 0xFFFF))
384 #define Mk16(hi, lo) ((lo) ^ (((u16)(hi)) << 8))
385
386 /* select the Nth 16-bit word of the temporal key unsigned char array TK[] */
387 #define TK16(N) Mk16(tk[2 * (N) + 1], tk[2 * (N)])
388
389 /* S-box lookup: 16 bits --> 16 bits */
390 #define _S_(v16) (Sbox1[0][Lo8(v16)] ^ Sbox1[1][Hi8(v16)])
391
392 /* fixed algorithm "parameters" */
393 #define PHASE1_LOOP_CNT 8 /* this needs to be "big enough" */
394 #define TA_SIZE 6 /* 48-bit transmitter address */
395 #define TK_SIZE 16 /* 128-bit temporal key */
396 #define P1K_SIZE 10 /* 80-bit Phase1 key */
397 #define RC4_KEY_SIZE 16 /* 128-bit RC4KEY (104 bits unknown) */
398
399
400 /* 2-unsigned char by 2-unsigned char subset of the full AES S-box table */
401 static const unsigned short Sbox1[2][256] = {/* Sbox for hash (can be in ROM) */
402 {
403 0xC6A5, 0xF884, 0xEE99, 0xF68D, 0xFF0D, 0xD6BD, 0xDEB1, 0x9154,
404 0x6050, 0x0203, 0xCEA9, 0x567D, 0xE719, 0xB562, 0x4DE6, 0xEC9A,
405 0x8F45, 0x1F9D, 0x8940, 0xFA87, 0xEF15, 0xB2EB, 0x8EC9, 0xFB0B,
406 0x41EC, 0xB367, 0x5FFD, 0x45EA, 0x23BF, 0x53F7, 0xE496, 0x9B5B,
407 0x75C2, 0xE11C, 0x3DAE, 0x4C6A, 0x6C5A, 0x7E41, 0xF502, 0x834F,
408 0x685C, 0x51F4, 0xD134, 0xF908, 0xE293, 0xAB73, 0x6253, 0x2A3F,
409 0x080C, 0x9552, 0x4665, 0x9D5E, 0x3028, 0x37A1, 0x0A0F, 0x2FB5,
410 0x0E09, 0x2436, 0x1B9B, 0xDF3D, 0xCD26, 0x4E69, 0x7FCD, 0xEA9F,
411 0x121B, 0x1D9E, 0x5874, 0x342E, 0x362D, 0xDCB2, 0xB4EE, 0x5BFB,
412 0xA4F6, 0x764D, 0xB761, 0x7DCE, 0x527B, 0xDD3E, 0x5E71, 0x1397,
413 0xA6F5, 0xB968, 0x0000, 0xC12C, 0x4060, 0xE31F, 0x79C8, 0xB6ED,
414 0xD4BE, 0x8D46, 0x67D9, 0x724B, 0x94DE, 0x98D4, 0xB0E8, 0x854A,
415 0xBB6B, 0xC52A, 0x4FE5, 0xED16, 0x86C5, 0x9AD7, 0x6655, 0x1194,
416 0x8ACF, 0xE910, 0x0406, 0xFE81, 0xA0F0, 0x7844, 0x25BA, 0x4BE3,
417 0xA2F3, 0x5DFE, 0x80C0, 0x058A, 0x3FAD, 0x21BC, 0x7048, 0xF104,
418 0x63DF, 0x77C1, 0xAF75, 0x4263, 0x2030, 0xE51A, 0xFD0E, 0xBF6D,
419 0x814C, 0x1814, 0x2635, 0xC32F, 0xBEE1, 0x35A2, 0x88CC, 0x2E39,
420 0x9357, 0x55F2, 0xFC82, 0x7A47, 0xC8AC, 0xBAE7, 0x322B, 0xE695,
421 0xC0A0, 0x1998, 0x9ED1, 0xA37F, 0x4466, 0x547E, 0x3BAB, 0x0B83,
422 0x8CCA, 0xC729, 0x6BD3, 0x283C, 0xA779, 0xBCE2, 0x161D, 0xAD76,
423 0xDB3B, 0x6456, 0x744E, 0x141E, 0x92DB, 0x0C0A, 0x486C, 0xB8E4,
424 0x9F5D, 0xBD6E, 0x43EF, 0xC4A6, 0x39A8, 0x31A4, 0xD337, 0xF28B,
425 0xD532, 0x8B43, 0x6E59, 0xDAB7, 0x018C, 0xB164, 0x9CD2, 0x49E0,
426 0xD8B4, 0xACFA, 0xF307, 0xCF25, 0xCAAF, 0xF48E, 0x47E9, 0x1018,
427 0x6FD5, 0xF088, 0x4A6F, 0x5C72, 0x3824, 0x57F1, 0x73C7, 0x9751,
428 0xCB23, 0xA17C, 0xE89C, 0x3E21, 0x96DD, 0x61DC, 0x0D86, 0x0F85,
429 0xE090, 0x7C42, 0x71C4, 0xCCAA, 0x90D8, 0x0605, 0xF701, 0x1C12,
430 0xC2A3, 0x6A5F, 0xAEF9, 0x69D0, 0x1791, 0x9958, 0x3A27, 0x27B9,
431 0xD938, 0xEB13, 0x2BB3, 0x2233, 0xD2BB, 0xA970, 0x0789, 0x33A7,
432 0x2DB6, 0x3C22, 0x1592, 0xC920, 0x8749, 0xAAFF, 0x5078, 0xA57A,
433 0x038F, 0x59F8, 0x0980, 0x1A17, 0x65DA, 0xD731, 0x84C6, 0xD0B8,
434 0x82C3, 0x29B0, 0x5A77, 0x1E11, 0x7BCB, 0xA8FC, 0x6DD6, 0x2C3A,
435 },
436 { /* second half is unsigned char-reversed version of first! */
437 0xA5C6, 0x84F8, 0x99EE, 0x8DF6, 0x0DFF, 0xBDD6, 0xB1DE, 0x5491,
438 0x5060, 0x0302, 0xA9CE, 0x7D56, 0x19E7, 0x62B5, 0xE64D, 0x9AEC,
439 0x458F, 0x9D1F, 0x4089, 0x87FA, 0x15EF, 0xEBB2, 0xC98E, 0x0BFB,
440 0xEC41, 0x67B3, 0xFD5F, 0xEA45, 0xBF23, 0xF753, 0x96E4, 0x5B9B,
441 0xC275, 0x1CE1, 0xAE3D, 0x6A4C, 0x5A6C, 0x417E, 0x02F5, 0x4F83,
442 0x5C68, 0xF451, 0x34D1, 0x08F9, 0x93E2, 0x73AB, 0x5362, 0x3F2A,
443 0x0C08, 0x5295, 0x6546, 0x5E9D, 0x2830, 0xA137, 0x0F0A, 0xB52F,
444 0x090E, 0x3624, 0x9B1B, 0x3DDF, 0x26CD, 0x694E, 0xCD7F, 0x9FEA,
445 0x1B12, 0x9E1D, 0x7458, 0x2E34, 0x2D36, 0xB2DC, 0xEEB4, 0xFB5B,
446 0xF6A4, 0x4D76, 0x61B7, 0xCE7D, 0x7B52, 0x3EDD, 0x715E, 0x9713,
447 0xF5A6, 0x68B9, 0x0000, 0x2CC1, 0x6040, 0x1FE3, 0xC879, 0xEDB6,
448 0xBED4, 0x468D, 0xD967, 0x4B72, 0xDE94, 0xD498, 0xE8B0, 0x4A85,
449 0x6BBB, 0x2AC5, 0xE54F, 0x16ED, 0xC586, 0xD79A, 0x5566, 0x9411,
450 0xCF8A, 0x10E9, 0x0604, 0x81FE, 0xF0A0, 0x4478, 0xBA25, 0xE34B,
451 0xF3A2, 0xFE5D, 0xC080, 0x8A05, 0xAD3F, 0xBC21, 0x4870, 0x04F1,
452 0xDF63, 0xC177, 0x75AF, 0x6342, 0x3020, 0x1AE5, 0x0EFD, 0x6DBF,
453 0x4C81, 0x1418, 0x3526, 0x2FC3, 0xE1BE, 0xA235, 0xCC88, 0x392E,
454 0x5793, 0xF255, 0x82FC, 0x477A, 0xACC8, 0xE7BA, 0x2B32, 0x95E6,
455 0xA0C0, 0x9819, 0xD19E, 0x7FA3, 0x6644, 0x7E54, 0xAB3B, 0x830B,
456 0xCA8C, 0x29C7, 0xD36B, 0x3C28, 0x79A7, 0xE2BC, 0x1D16, 0x76AD,
457 0x3BDB, 0x5664, 0x4E74, 0x1E14, 0xDB92, 0x0A0C, 0x6C48, 0xE4B8,
458 0x5D9F, 0x6EBD, 0xEF43, 0xA6C4, 0xA839, 0xA431, 0x37D3, 0x8BF2,
459 0x32D5, 0x438B, 0x596E, 0xB7DA, 0x8C01, 0x64B1, 0xD29C, 0xE049,
460 0xB4D8, 0xFAAC, 0x07F3, 0x25CF, 0xAFCA, 0x8EF4, 0xE947, 0x1810,
461 0xD56F, 0x88F0, 0x6F4A, 0x725C, 0x2438, 0xF157, 0xC773, 0x5197,
462 0x23CB, 0x7CA1, 0x9CE8, 0x213E, 0xDD96, 0xDC61, 0x860D, 0x850F,
463 0x90E0, 0x427C, 0xC471, 0xAACC, 0xD890, 0x0506, 0x01F7, 0x121C,
464 0xA3C2, 0x5F6A, 0xF9AE, 0xD069, 0x9117, 0x5899, 0x273A, 0xB927,
465 0x38D9, 0x13EB, 0xB32B, 0x3322, 0xBBD2, 0x70A9, 0x8907, 0xA733,
466 0xB62D, 0x223C, 0x9215, 0x20C9, 0x4987, 0xFFAA, 0x7850, 0x7AA5,
467 0x8F03, 0xF859, 0x8009, 0x171A, 0xDA65, 0x31D7, 0xC684, 0xB8D0,
468 0xC382, 0xB029, 0x775A, 0x111E, 0xCB7B, 0xFCA8, 0xD66D, 0x3A2C,
469 }
470 };
471
472 /*
473 **********************************************************************
474 * Routine: Phase 1 -- generate P1K, given TA, TK, IV32
475 *
476 * Inputs:
477 * tk[] = temporal key [128 bits]
478 * ta[] = transmitter's MAC address [ 48 bits]
479 * iv32 = upper 32 bits of IV [ 32 bits]
480 * Output:
481 * p1k[] = Phase 1 key [ 80 bits]
482 *
483 * Note:
484 * This function only needs to be called every 2**16 packets,
485 * although in theory it could be called every packet.
486 *
487 **********************************************************************
488 */
489 static void phase1(u16 *p1k, const u8 *tk, const u8 *ta, u32 iv32)
490 {
491 sint i;
492
493 /* Initialize the 80 bits of P1K[] from IV32 and TA[0..5] */
494 p1k[0] = Lo16(iv32);
495 p1k[1] = Hi16(iv32);
496 p1k[2] = Mk16(ta[1], ta[0]); /* use TA[] as little-endian */
497 p1k[3] = Mk16(ta[3], ta[2]);
498 p1k[4] = Mk16(ta[5], ta[4]);
499 /* Now compute an unbalanced Feistel cipher with 80-bit block */
500 /* size on the 80-bit block P1K[], using the 128-bit key TK[] */
501 for (i = 0; i < PHASE1_LOOP_CNT; i++) { /* Each add is mod 2**16 */
502 p1k[0] += _S_(p1k[4] ^ TK16((i&1) + 0));
503 p1k[1] += _S_(p1k[0] ^ TK16((i&1) + 2));
504 p1k[2] += _S_(p1k[1] ^ TK16((i&1) + 4));
505 p1k[3] += _S_(p1k[2] ^ TK16((i&1) + 6));
506 p1k[4] += _S_(p1k[3] ^ TK16((i&1) + 0));
507 p1k[4] += (unsigned short)i; /* avoid "slide attacks" */
508 }
509 }
510
511 /*
512 **********************************************************************
513 * Routine: Phase 2 -- generate RC4KEY, given TK, P1K, IV16
514 *
515 * Inputs:
516 * tk[] = Temporal key [128 bits]
517 * p1k[] = Phase 1 output key [ 80 bits]
518 * iv16 = low 16 bits of IV counter [ 16 bits]
519 * Output:
520 * rc4key[] = the key used to encrypt the packet [128 bits]
521 *
522 * Note:
523 * The value {TA,IV32,IV16} for Phase1/Phase2 must be unique
524 * across all packets using the same key TK value. Then, for a
525 * given value of TK[], this TKIP48 construction guarantees that
526 * the final RC4KEY value is unique across all packets.
527 *
528 * Suggested implementation optimization: if PPK[] is "overlaid"
529 * appropriately on RC4KEY[], there is no need for the final
530 * for loop below that copies the PPK[] result into RC4KEY[].
531 *
532 **********************************************************************
533 */
534 static void phase2(u8 *rc4key, const u8 *tk, const u16 *p1k, u16 iv16)
535 {
536 sint i;
537 u16 PPK[6]; /* temporary key for mixing */
538
539 /* Note: all adds in the PPK[] equations below are mod 2**16 */
540 for (i = 0; i < 5; i++)
541 PPK[i] = p1k[i]; /* first, copy P1K to PPK */
542 PPK[5] = p1k[4] + iv16; /* next, add in IV16 */
543 /* Bijective non-linear mixing of the 96 bits of PPK[0..5] */
544 PPK[0] += _S_(PPK[5] ^ TK16(0)); /* Mix key in each "round" */
545 PPK[1] += _S_(PPK[0] ^ TK16(1));
546 PPK[2] += _S_(PPK[1] ^ TK16(2));
547 PPK[3] += _S_(PPK[2] ^ TK16(3));
548 PPK[4] += _S_(PPK[3] ^ TK16(4));
549 PPK[5] += _S_(PPK[4] ^ TK16(5)); /* Total # S-box lookups == 6 */
550 /* Final sweep: bijective, "linear". Rotates kill LSB correlations */
551 PPK[0] += RotR1(PPK[5] ^ TK16(6));
552 PPK[1] += RotR1(PPK[0] ^ TK16(7)); /* Use all of TK[] in Phase2 */
553 PPK[2] += RotR1(PPK[1]);
554 PPK[3] += RotR1(PPK[2]);
555 PPK[4] += RotR1(PPK[3]);
556 PPK[5] += RotR1(PPK[4]);
557 /* Note: At this point, for a given key TK[0..15], the 96-bit output */
558 /* value PPK[0..5] is guaranteed to be unique, as a function */
559 /* of the 96-bit "input" value {TA,IV32,IV16}. That is, P1K */
560 /* is now a keyed permutation of {TA,IV32,IV16}. */
561 /* Set RC4KEY[0..3], which includes "cleartext" portion of RC4 key */
562 rc4key[0] = Hi8(iv16); /* RC4KEY[0..2] is the WEP IV */
563 rc4key[1] = (Hi8(iv16) | 0x20) & 0x7F; /* Help avoid weak (FMS) keys */
564 rc4key[2] = Lo8(iv16);
565 rc4key[3] = Lo8((PPK[5] ^ TK16(0)) >> 1);
566 /* Copy 96 bits of PPK[0..5] to RC4KEY[4..15] (little-endian) */
567 for (i = 0; i < 6; i++) {
568 rc4key[4 + 2 * i] = Lo8(PPK[i]);
569 rc4key[5 + 2 * i] = Hi8(PPK[i]);
570 }
571 }
572
573 /*The hlen isn't include the IV*/
574 u32 r8712_tkip_encrypt(struct _adapter *padapter, u8 *pxmitframe)
575 { /* exclude ICV */
576 u16 pnl;
577 u32 pnh;
578 u8 rc4key[16];
579 u8 ttkey[16];
580 u8 crc[4];
581 struct arc4context mycontext;
582 u32 curfragnum, length, prwskeylen;
583
584 u8 *pframe, *payload, *iv, *prwskey;
585 union pn48 txpn;
586 struct sta_info *stainfo;
587 struct pkt_attrib *pattrib = &((struct xmit_frame *)pxmitframe)->attrib;
588 struct xmit_priv *pxmitpriv = &padapter->xmitpriv;
589 u32 res = _SUCCESS;
590
591 if (((struct xmit_frame *)pxmitframe)->buf_addr == NULL)
592 return _FAIL;
593
594 pframe = ((struct xmit_frame *)pxmitframe)->buf_addr+TXDESC_OFFSET;
595 /* 4 start to encrypt each fragment */
596 if (pattrib->encrypt == _TKIP_) {
597 if (pattrib->psta)
598 stainfo = pattrib->psta;
599 else
600 stainfo = r8712_get_stainfo(&padapter->stapriv,
601 &pattrib->ra[0]);
602 if (stainfo != NULL) {
603 prwskey = &stainfo->x_UncstKey.skey[0];
604 prwskeylen = 16;
605 for (curfragnum = 0; curfragnum < pattrib->nr_frags;
606 curfragnum++) {
607 iv = pframe + pattrib->hdrlen;
608 payload = pframe+pattrib->iv_len +
609 pattrib->hdrlen;
610 GET_TKIP_PN(iv, txpn);
611 pnl = (u16)(txpn.val);
612 pnh = (u32)(txpn.val >> 16);
613 phase1((u16 *)&ttkey[0], prwskey, &pattrib->
614 ta[0], pnh);
615 phase2(&rc4key[0], prwskey, (u16 *)&ttkey[0],
616 pnl);
617 if ((curfragnum + 1) == pattrib->nr_frags) {
618 /* 4 the last fragment */
619 length = pattrib->last_txcmdsz -
620 pattrib->hdrlen-pattrib->iv_len -
621 pattrib->icv_len;
622 *((u32 *)crc) = cpu_to_le32(
623 getcrc32(payload, length));
624 arcfour_init(&mycontext, rc4key, 16);
625 arcfour_encrypt(&mycontext, payload,
626 payload, length);
627 arcfour_encrypt(&mycontext, payload +
628 length, crc, 4);
629 } else {
630 length = pxmitpriv->frag_len-pattrib->
631 hdrlen-pattrib->
632 iv_len-pattrib->icv_len;
633 *((u32 *)crc) = cpu_to_le32(getcrc32(
634 payload, length));
635 arcfour_init(&mycontext, rc4key, 16);
636 arcfour_encrypt(&mycontext, payload,
637 payload, length);
638 arcfour_encrypt(&mycontext,
639 payload+length, crc, 4);
640 pframe += pxmitpriv->frag_len;
641 pframe = (u8 *)RND4((addr_t)(pframe));
642 }
643 }
644 } else
645 res = _FAIL;
646 }
647 return res;
648 }
649
650 /* The hlen doesn't include the IV */
651 u32 r8712_tkip_decrypt(struct _adapter *padapter, u8 *precvframe)
652 { /* exclude ICV */
653 u16 pnl;
654 u32 pnh;
655 u8 rc4key[16];
656 u8 ttkey[16];
657 u8 crc[4];
658 struct arc4context mycontext;
659 u32 length, prwskeylen;
660 u8 *pframe, *payload, *iv, *prwskey, idx = 0;
661 union pn48 txpn;
662 struct sta_info *stainfo;
663 struct rx_pkt_attrib *prxattrib = &((union recv_frame *)
664 precvframe)->u.hdr.attrib;
665 struct security_priv *psecuritypriv = &padapter->securitypriv;
666
667 pframe = (unsigned char *)((union recv_frame *)
668 precvframe)->u.hdr.rx_data;
669 /* 4 start to decrypt recvframe */
670 if (prxattrib->encrypt == _TKIP_) {
671 stainfo = r8712_get_stainfo(&padapter->stapriv,
672 &prxattrib->ta[0]);
673 if (stainfo != NULL) {
674 iv = pframe+prxattrib->hdrlen;
675 payload = pframe+prxattrib->iv_len + prxattrib->hdrlen;
676 length = ((union recv_frame *)precvframe)->
677 u.hdr.len - prxattrib->hdrlen -
678 prxattrib->iv_len;
679 if (IS_MCAST(prxattrib->ra)) {
680 idx = iv[3];
681 prwskey = &psecuritypriv->XGrpKey[
682 ((idx >> 6) & 0x3) - 1].skey[0];
683 if (psecuritypriv->binstallGrpkey == false)
684 return _FAIL;
685 } else
686 prwskey = &stainfo->x_UncstKey.skey[0];
687 prwskeylen = 16;
688 GET_TKIP_PN(iv, txpn);
689 pnl = (u16)(txpn.val);
690 pnh = (u32)(txpn.val >> 16);
691 phase1((u16 *)&ttkey[0], prwskey, &prxattrib->ta[0],
692 pnh);
693 phase2(&rc4key[0], prwskey, (unsigned short *)
694 &ttkey[0], pnl);
695 /* 4 decrypt payload include icv */
696 arcfour_init(&mycontext, rc4key, 16);
697 arcfour_encrypt(&mycontext, payload, payload, length);
698 *((u32 *)crc) = cpu_to_le32(getcrc32(payload,
699 length - 4));
700 if (crc[3] != payload[length - 1] ||
701 crc[2] != payload[length - 2] ||
702 crc[1] != payload[length - 3] ||
703 crc[0] != payload[length - 4])
704 return _FAIL;
705 } else
706 return _FAIL;
707 }
708 return _SUCCESS;
709 }
710
711 /* 3 =====AES related===== */
712
713 #define MAX_MSG_SIZE 2048
714 /*****************************/
715 /******** SBOX Table *********/
716 /*****************************/
717
718 static const u8 sbox_table[256] = {
719 0x63, 0x7c, 0x77, 0x7b, 0xf2, 0x6b, 0x6f, 0xc5,
720 0x30, 0x01, 0x67, 0x2b, 0xfe, 0xd7, 0xab, 0x76,
721 0xca, 0x82, 0xc9, 0x7d, 0xfa, 0x59, 0x47, 0xf0,
722 0xad, 0xd4, 0xa2, 0xaf, 0x9c, 0xa4, 0x72, 0xc0,
723 0xb7, 0xfd, 0x93, 0x26, 0x36, 0x3f, 0xf7, 0xcc,
724 0x34, 0xa5, 0xe5, 0xf1, 0x71, 0xd8, 0x31, 0x15,
725 0x04, 0xc7, 0x23, 0xc3, 0x18, 0x96, 0x05, 0x9a,
726 0x07, 0x12, 0x80, 0xe2, 0xeb, 0x27, 0xb2, 0x75,
727 0x09, 0x83, 0x2c, 0x1a, 0x1b, 0x6e, 0x5a, 0xa0,
728 0x52, 0x3b, 0xd6, 0xb3, 0x29, 0xe3, 0x2f, 0x84,
729 0x53, 0xd1, 0x00, 0xed, 0x20, 0xfc, 0xb1, 0x5b,
730 0x6a, 0xcb, 0xbe, 0x39, 0x4a, 0x4c, 0x58, 0xcf,
731 0xd0, 0xef, 0xaa, 0xfb, 0x43, 0x4d, 0x33, 0x85,
732 0x45, 0xf9, 0x02, 0x7f, 0x50, 0x3c, 0x9f, 0xa8,
733 0x51, 0xa3, 0x40, 0x8f, 0x92, 0x9d, 0x38, 0xf5,
734 0xbc, 0xb6, 0xda, 0x21, 0x10, 0xff, 0xf3, 0xd2,
735 0xcd, 0x0c, 0x13, 0xec, 0x5f, 0x97, 0x44, 0x17,
736 0xc4, 0xa7, 0x7e, 0x3d, 0x64, 0x5d, 0x19, 0x73,
737 0x60, 0x81, 0x4f, 0xdc, 0x22, 0x2a, 0x90, 0x88,
738 0x46, 0xee, 0xb8, 0x14, 0xde, 0x5e, 0x0b, 0xdb,
739 0xe0, 0x32, 0x3a, 0x0a, 0x49, 0x06, 0x24, 0x5c,
740 0xc2, 0xd3, 0xac, 0x62, 0x91, 0x95, 0xe4, 0x79,
741 0xe7, 0xc8, 0x37, 0x6d, 0x8d, 0xd5, 0x4e, 0xa9,
742 0x6c, 0x56, 0xf4, 0xea, 0x65, 0x7a, 0xae, 0x08,
743 0xba, 0x78, 0x25, 0x2e, 0x1c, 0xa6, 0xb4, 0xc6,
744 0xe8, 0xdd, 0x74, 0x1f, 0x4b, 0xbd, 0x8b, 0x8a,
745 0x70, 0x3e, 0xb5, 0x66, 0x48, 0x03, 0xf6, 0x0e,
746 0x61, 0x35, 0x57, 0xb9, 0x86, 0xc1, 0x1d, 0x9e,
747 0xe1, 0xf8, 0x98, 0x11, 0x69, 0xd9, 0x8e, 0x94,
748 0x9b, 0x1e, 0x87, 0xe9, 0xce, 0x55, 0x28, 0xdf,
749 0x8c, 0xa1, 0x89, 0x0d, 0xbf, 0xe6, 0x42, 0x68,
750 0x41, 0x99, 0x2d, 0x0f, 0xb0, 0x54, 0xbb, 0x16
751 };
752
753 /****************************************/
754 /* aes128k128d() */
755 /* Performs a 128 bit AES encrypt with */
756 /* 128 bit data. */
757 /****************************************/
758 static void xor_128(u8 *a, u8 *b, u8 *out)
759 {
760 sint i;
761
762 for (i = 0; i < 16; i++)
763 out[i] = a[i] ^ b[i];
764 }
765
766 static void xor_32(u8 *a, u8 *b, u8 *out)
767 {
768 sint i;
769
770 for (i = 0; i < 4; i++)
771 out[i] = a[i] ^ b[i];
772 }
773
774 static u8 sbox(u8 a)
775 {
776 return sbox_table[(sint)a];
777 }
778
779 static void next_key(u8 *key, sint round)
780 {
781 u8 rcon;
782 u8 sbox_key[4];
783 u8 rcon_table[12] = {
784 0x01, 0x02, 0x04, 0x08, 0x10, 0x20, 0x40, 0x80,
785 0x1b, 0x36, 0x36, 0x36
786 };
787
788 sbox_key[0] = sbox(key[13]);
789 sbox_key[1] = sbox(key[14]);
790 sbox_key[2] = sbox(key[15]);
791 sbox_key[3] = sbox(key[12]);
792 rcon = rcon_table[round];
793 xor_32(&key[0], sbox_key, &key[0]);
794 key[0] = key[0] ^ rcon;
795 xor_32(&key[4], &key[0], &key[4]);
796 xor_32(&key[8], &key[4], &key[8]);
797 xor_32(&key[12], &key[8], &key[12]);
798 }
799
800 static void byte_sub(u8 *in, u8 *out)
801 {
802 sint i;
803
804 for (i = 0; i < 16; i++)
805 out[i] = sbox(in[i]);
806 }
807
808 static void shift_row(u8 *in, u8 *out)
809 {
810 out[0] = in[0];
811 out[1] = in[5];
812 out[2] = in[10];
813 out[3] = in[15];
814 out[4] = in[4];
815 out[5] = in[9];
816 out[6] = in[14];
817 out[7] = in[3];
818 out[8] = in[8];
819 out[9] = in[13];
820 out[10] = in[2];
821 out[11] = in[7];
822 out[12] = in[12];
823 out[13] = in[1];
824 out[14] = in[6];
825 out[15] = in[11];
826 }
827
828 static void mix_column(u8 *in, u8 *out)
829 {
830 sint i;
831 u8 add1b[4];
832 u8 add1bf7[4];
833 u8 rotl[4];
834 u8 swap_halfs[4];
835 u8 andf7[4];
836 u8 rotr[4];
837 u8 temp[4];
838 u8 tempb[4];
839
840 for (i = 0; i < 4; i++) {
841 if ((in[i] & 0x80) == 0x80)
842 add1b[i] = 0x1b;
843 else
844 add1b[i] = 0x00;
845 }
846 swap_halfs[0] = in[2]; /* Swap halves */
847 swap_halfs[1] = in[3];
848 swap_halfs[2] = in[0];
849 swap_halfs[3] = in[1];
850 rotl[0] = in[3]; /* Rotate left 8 bits */
851 rotl[1] = in[0];
852 rotl[2] = in[1];
853 rotl[3] = in[2];
854 andf7[0] = in[0] & 0x7f;
855 andf7[1] = in[1] & 0x7f;
856 andf7[2] = in[2] & 0x7f;
857 andf7[3] = in[3] & 0x7f;
858 for (i = 3; i > 0; i--) { /* logical shift left 1 bit */
859 andf7[i] = andf7[i] << 1;
860 if ((andf7[i-1] & 0x80) == 0x80)
861 andf7[i] = (andf7[i] | 0x01);
862 }
863 andf7[0] = andf7[0] << 1;
864 andf7[0] = andf7[0] & 0xfe;
865 xor_32(add1b, andf7, add1bf7);
866 xor_32(in, add1bf7, rotr);
867 temp[0] = rotr[0]; /* Rotate right 8 bits */
868 rotr[0] = rotr[1];
869 rotr[1] = rotr[2];
870 rotr[2] = rotr[3];
871 rotr[3] = temp[0];
872 xor_32(add1bf7, rotr, temp);
873 xor_32(swap_halfs, rotl, tempb);
874 xor_32(temp, tempb, out);
875 }
876
877 static void aes128k128d(u8 *key, u8 *data, u8 *ciphertext)
878 {
879 sint round;
880 sint i;
881 u8 intermediatea[16];
882 u8 intermediateb[16];
883 u8 round_key[16];
884
885 for (i = 0; i < 16; i++)
886 round_key[i] = key[i];
887 for (round = 0; round < 11; round++) {
888 if (round == 0) {
889 xor_128(round_key, data, ciphertext);
890 next_key(round_key, round);
891 } else if (round == 10) {
892 byte_sub(ciphertext, intermediatea);
893 shift_row(intermediatea, intermediateb);
894 xor_128(intermediateb, round_key, ciphertext);
895 } else { /* 1 - 9 */
896 byte_sub(ciphertext, intermediatea);
897 shift_row(intermediatea, intermediateb);
898 mix_column(&intermediateb[0], &intermediatea[0]);
899 mix_column(&intermediateb[4], &intermediatea[4]);
900 mix_column(&intermediateb[8], &intermediatea[8]);
901 mix_column(&intermediateb[12], &intermediatea[12]);
902 xor_128(intermediatea, round_key, ciphertext);
903 next_key(round_key, round);
904 }
905 }
906 }
907
908 /************************************************/
909 /* construct_mic_iv() */
910 /* Builds the MIC IV from header fields and PN */
911 /************************************************/
912 static void construct_mic_iv(u8 *mic_iv, sint qc_exists, sint a4_exists,
913 u8 *mpdu, uint payload_length, u8 *pn_vector)
914 {
915 sint i;
916
917 mic_iv[0] = 0x59;
918 if (qc_exists && a4_exists)
919 mic_iv[1] = mpdu[30] & 0x0f; /* QoS_TC */
920 if (qc_exists && !a4_exists)
921 mic_iv[1] = mpdu[24] & 0x0f; /* mute bits 7-4 */
922 if (!qc_exists)
923 mic_iv[1] = 0x00;
924 for (i = 2; i < 8; i++)
925 mic_iv[i] = mpdu[i + 8];
926 for (i = 8; i < 14; i++)
927 mic_iv[i] = pn_vector[13 - i]; /* mic_iv[8:13] = PN[5:0] */
928 mic_iv[14] = (unsigned char) (payload_length / 256);
929 mic_iv[15] = (unsigned char) (payload_length % 256);
930 }
931
932 /************************************************/
933 /* construct_mic_header1() */
934 /* Builds the first MIC header block from */
935 /* header fields. */
936 /************************************************/
937 static void construct_mic_header1(u8 *mic_header1, sint header_length, u8 *mpdu)
938 {
939 mic_header1[0] = (u8)((header_length - 2) / 256);
940 mic_header1[1] = (u8)((header_length - 2) % 256);
941 mic_header1[2] = mpdu[0] & 0xcf; /* Mute CF poll & CF ack bits */
942 /* Mute retry, more data and pwr mgt bits */
943 mic_header1[3] = mpdu[1] & 0xc7;
944 mic_header1[4] = mpdu[4]; /* A1 */
945 mic_header1[5] = mpdu[5];
946 mic_header1[6] = mpdu[6];
947 mic_header1[7] = mpdu[7];
948 mic_header1[8] = mpdu[8];
949 mic_header1[9] = mpdu[9];
950 mic_header1[10] = mpdu[10]; /* A2 */
951 mic_header1[11] = mpdu[11];
952 mic_header1[12] = mpdu[12];
953 mic_header1[13] = mpdu[13];
954 mic_header1[14] = mpdu[14];
955 mic_header1[15] = mpdu[15];
956 }
957
958 /************************************************/
959 /* construct_mic_header2() */
960 /* Builds the last MIC header block from */
961 /* header fields. */
962 /************************************************/
963 static void construct_mic_header2(u8 *mic_header2, u8 *mpdu, sint a4_exists,
964 sint qc_exists)
965 {
966 sint i;
967
968 for (i = 0; i < 16; i++)
969 mic_header2[i] = 0x00;
970 mic_header2[0] = mpdu[16]; /* A3 */
971 mic_header2[1] = mpdu[17];
972 mic_header2[2] = mpdu[18];
973 mic_header2[3] = mpdu[19];
974 mic_header2[4] = mpdu[20];
975 mic_header2[5] = mpdu[21];
976 mic_header2[6] = 0x00;
977 mic_header2[7] = 0x00; /* mpdu[23]; */
978 if (!qc_exists && a4_exists)
979 for (i = 0; i < 6; i++)
980 mic_header2[8 + i] = mpdu[24 + i]; /* A4 */
981 if (qc_exists && !a4_exists) {
982 mic_header2[8] = mpdu[24] & 0x0f; /* mute bits 15 - 4 */
983 mic_header2[9] = mpdu[25] & 0x00;
984 }
985 if (qc_exists && a4_exists) {
986 for (i = 0; i < 6; i++)
987 mic_header2[8 + i] = mpdu[24 + i]; /* A4 */
988 mic_header2[14] = mpdu[30] & 0x0f;
989 mic_header2[15] = mpdu[31] & 0x00;
990 }
991 }
992
993 /************************************************/
994 /* construct_mic_header2() */
995 /* Builds the last MIC header block from */
996 /* header fields. */
997 /************************************************/
998 static void construct_ctr_preload(u8 *ctr_preload, sint a4_exists, sint qc_exists,
999 u8 *mpdu, u8 *pn_vector, sint c)
1000 {
1001 sint i;
1002
1003 for (i = 0; i < 16; i++)
1004 ctr_preload[i] = 0x00;
1005 i = 0;
1006 ctr_preload[0] = 0x01; /* flag */
1007 if (qc_exists && a4_exists)
1008 ctr_preload[1] = mpdu[30] & 0x0f;
1009 if (qc_exists && !a4_exists)
1010 ctr_preload[1] = mpdu[24] & 0x0f;
1011 for (i = 2; i < 8; i++)
1012 ctr_preload[i] = mpdu[i + 8];
1013 for (i = 8; i < 14; i++)
1014 ctr_preload[i] = pn_vector[13 - i];
1015 ctr_preload[14] = (unsigned char) (c / 256); /* Ctr */
1016 ctr_preload[15] = (unsigned char) (c % 256);
1017 }
1018
1019 /************************************/
1020 /* bitwise_xor() */
1021 /* A 128 bit, bitwise exclusive or */
1022 /************************************/
1023 static void bitwise_xor(u8 *ina, u8 *inb, u8 *out)
1024 {
1025 sint i;
1026
1027 for (i = 0; i < 16; i++)
1028 out[i] = ina[i] ^ inb[i];
1029 }
1030
1031 static sint aes_cipher(u8 *key, uint hdrlen,
1032 u8 *pframe, uint plen)
1033 {
1034 uint qc_exists, a4_exists, i, j, payload_remainder;
1035 uint num_blocks, payload_index;
1036
1037 u8 pn_vector[6];
1038 u8 mic_iv[16];
1039 u8 mic_header1[16];
1040 u8 mic_header2[16];
1041 u8 ctr_preload[16];
1042
1043 /* Intermediate Buffers */
1044 u8 chain_buffer[16];
1045 u8 aes_out[16];
1046 u8 padded_buffer[16];
1047 u8 mic[8];
1048 uint frtype = GetFrameType(pframe);
1049 uint frsubtype = GetFrameSubType(pframe);
1050
1051 frsubtype = frsubtype >> 4;
1052 memset((void *)mic_iv, 0, 16);
1053 memset((void *)mic_header1, 0, 16);
1054 memset((void *)mic_header2, 0, 16);
1055 memset((void *)ctr_preload, 0, 16);
1056 memset((void *)chain_buffer, 0, 16);
1057 memset((void *)aes_out, 0, 16);
1058 memset((void *)padded_buffer, 0, 16);
1059
1060 if ((hdrlen == WLAN_HDR_A3_LEN) || (hdrlen == WLAN_HDR_A3_QOS_LEN))
1061 a4_exists = 0;
1062 else
1063 a4_exists = 1;
1064
1065 if ((frtype == WIFI_DATA_CFACK) ||
1066 (frtype == WIFI_DATA_CFPOLL) ||
1067 (frtype == WIFI_DATA_CFACKPOLL)) {
1068 qc_exists = 1;
1069 if (hdrlen != WLAN_HDR_A3_QOS_LEN)
1070 hdrlen += 2;
1071 } else if ((frsubtype == 0x08) ||
1072 (frsubtype == 0x09) ||
1073 (frsubtype == 0x0a) ||
1074 (frsubtype == 0x0b)) {
1075 if (hdrlen != WLAN_HDR_A3_QOS_LEN)
1076 hdrlen += 2;
1077 qc_exists = 1;
1078 } else
1079 qc_exists = 0;
1080 pn_vector[0] = pframe[hdrlen];
1081 pn_vector[1] = pframe[hdrlen+1];
1082 pn_vector[2] = pframe[hdrlen+4];
1083 pn_vector[3] = pframe[hdrlen+5];
1084 pn_vector[4] = pframe[hdrlen+6];
1085 pn_vector[5] = pframe[hdrlen+7];
1086 construct_mic_iv(mic_iv, qc_exists, a4_exists, pframe, plen, pn_vector);
1087 construct_mic_header1(mic_header1, hdrlen, pframe);
1088 construct_mic_header2(mic_header2, pframe, a4_exists, qc_exists);
1089 payload_remainder = plen % 16;
1090 num_blocks = plen / 16;
1091 /* Find start of payload */
1092 payload_index = (hdrlen + 8);
1093 /* Calculate MIC */
1094 aes128k128d(key, mic_iv, aes_out);
1095 bitwise_xor(aes_out, mic_header1, chain_buffer);
1096 aes128k128d(key, chain_buffer, aes_out);
1097 bitwise_xor(aes_out, mic_header2, chain_buffer);
1098 aes128k128d(key, chain_buffer, aes_out);
1099 for (i = 0; i < num_blocks; i++) {
1100 bitwise_xor(aes_out, &pframe[payload_index], chain_buffer);
1101 payload_index += 16;
1102 aes128k128d(key, chain_buffer, aes_out);
1103 }
1104 /* Add on the final payload block if it needs padding */
1105 if (payload_remainder > 0) {
1106 for (j = 0; j < 16; j++)
1107 padded_buffer[j] = 0x00;
1108 for (j = 0; j < payload_remainder; j++)
1109 padded_buffer[j] = pframe[payload_index++];
1110 bitwise_xor(aes_out, padded_buffer, chain_buffer);
1111 aes128k128d(key, chain_buffer, aes_out);
1112 }
1113 for (j = 0; j < 8; j++)
1114 mic[j] = aes_out[j];
1115 /* Insert MIC into payload */
1116 for (j = 0; j < 8; j++)
1117 pframe[payload_index+j] = mic[j];
1118 payload_index = hdrlen + 8;
1119 for (i = 0; i < num_blocks; i++) {
1120 construct_ctr_preload(ctr_preload, a4_exists, qc_exists,
1121 pframe, pn_vector, i + 1);
1122 aes128k128d(key, ctr_preload, aes_out);
1123 bitwise_xor(aes_out, &pframe[payload_index], chain_buffer);
1124 for (j = 0; j < 16; j++)
1125 pframe[payload_index++] = chain_buffer[j];
1126 }
1127 if (payload_remainder > 0) { /* If short final block, then pad it,*/
1128 /* encrypt and copy unpadded part back */
1129 construct_ctr_preload(ctr_preload, a4_exists, qc_exists,
1130 pframe, pn_vector, num_blocks+1);
1131 for (j = 0; j < 16; j++)
1132 padded_buffer[j] = 0x00;
1133 for (j = 0; j < payload_remainder; j++)
1134 padded_buffer[j] = pframe[payload_index+j];
1135 aes128k128d(key, ctr_preload, aes_out);
1136 bitwise_xor(aes_out, padded_buffer, chain_buffer);
1137 for (j = 0; j < payload_remainder; j++)
1138 pframe[payload_index++] = chain_buffer[j];
1139 }
1140 /* Encrypt the MIC */
1141 construct_ctr_preload(ctr_preload, a4_exists, qc_exists,
1142 pframe, pn_vector, 0);
1143 for (j = 0; j < 16; j++)
1144 padded_buffer[j] = 0x00;
1145 for (j = 0; j < 8; j++)
1146 padded_buffer[j] = pframe[j+hdrlen+8+plen];
1147 aes128k128d(key, ctr_preload, aes_out);
1148 bitwise_xor(aes_out, padded_buffer, chain_buffer);
1149 for (j = 0; j < 8; j++)
1150 pframe[payload_index++] = chain_buffer[j];
1151 return _SUCCESS;
1152 }
1153
1154 u32 r8712_aes_encrypt(struct _adapter *padapter, u8 *pxmitframe)
1155 { /* exclude ICV */
1156 /* Intermediate Buffers */
1157 sint curfragnum, length;
1158 u32 prwskeylen;
1159 u8 *pframe, *prwskey;
1160 struct sta_info *stainfo;
1161 struct pkt_attrib *pattrib = &((struct xmit_frame *)
1162 pxmitframe)->attrib;
1163 struct xmit_priv *pxmitpriv = &padapter->xmitpriv;
1164 u32 res = _SUCCESS;
1165
1166 if (((struct xmit_frame *)pxmitframe)->buf_addr == NULL)
1167 return _FAIL;
1168 pframe = ((struct xmit_frame *)pxmitframe)->buf_addr + TXDESC_OFFSET;
1169 /* 4 start to encrypt each fragment */
1170 if (pattrib->encrypt == _AES_) {
1171 if (pattrib->psta)
1172 stainfo = pattrib->psta;
1173 else
1174 stainfo = r8712_get_stainfo(&padapter->stapriv,
1175 &pattrib->ra[0]);
1176 if (stainfo != NULL) {
1177 prwskey = &stainfo->x_UncstKey.skey[0];
1178 prwskeylen = 16;
1179 for (curfragnum = 0; curfragnum < pattrib->nr_frags;
1180 curfragnum++) {
1181 if ((curfragnum + 1) == pattrib->nr_frags) {
1182 length = pattrib->last_txcmdsz -
1183 pattrib->hdrlen -
1184 pattrib->iv_len -
1185 pattrib->icv_len;
1186 aes_cipher(prwskey, pattrib->
1187 hdrlen, pframe, length);
1188 } else {
1189 length = pxmitpriv->frag_len -
1190 pattrib->hdrlen -
1191 pattrib->iv_len -
1192 pattrib->icv_len;
1193 aes_cipher(prwskey, pattrib->
1194 hdrlen, pframe, length);
1195 pframe += pxmitpriv->frag_len;
1196 pframe = (u8 *)RND4((addr_t)(pframe));
1197 }
1198 }
1199 } else
1200 res = _FAIL;
1201 }
1202 return res;
1203 }
1204
1205 static sint aes_decipher(u8 *key, uint hdrlen,
1206 u8 *pframe, uint plen)
1207 {
1208 static u8 message[MAX_MSG_SIZE];
1209 uint qc_exists, a4_exists, i, j, payload_remainder;
1210 uint num_blocks, payload_index;
1211 u8 pn_vector[6];
1212 u8 mic_iv[16];
1213 u8 mic_header1[16];
1214 u8 mic_header2[16];
1215 u8 ctr_preload[16];
1216 /* Intermediate Buffers */
1217 u8 chain_buffer[16];
1218 u8 aes_out[16];
1219 u8 padded_buffer[16];
1220 u8 mic[8];
1221 uint frtype = GetFrameType(pframe);
1222 uint frsubtype = GetFrameSubType(pframe);
1223
1224 frsubtype = frsubtype >> 4;
1225 memset((void *)mic_iv, 0, 16);
1226 memset((void *)mic_header1, 0, 16);
1227 memset((void *)mic_header2, 0, 16);
1228 memset((void *)ctr_preload, 0, 16);
1229 memset((void *)chain_buffer, 0, 16);
1230 memset((void *)aes_out, 0, 16);
1231 memset((void *)padded_buffer, 0, 16);
1232 /* start to decrypt the payload */
1233 /*(plen including llc, payload and mic) */
1234 num_blocks = (plen - 8) / 16;
1235 payload_remainder = (plen-8) % 16;
1236 pn_vector[0] = pframe[hdrlen];
1237 pn_vector[1] = pframe[hdrlen+1];
1238 pn_vector[2] = pframe[hdrlen+4];
1239 pn_vector[3] = pframe[hdrlen+5];
1240 pn_vector[4] = pframe[hdrlen+6];
1241 pn_vector[5] = pframe[hdrlen+7];
1242 if ((hdrlen == WLAN_HDR_A3_LEN) || (hdrlen == WLAN_HDR_A3_QOS_LEN))
1243 a4_exists = 0;
1244 else
1245 a4_exists = 1;
1246 if ((frtype == WIFI_DATA_CFACK) ||
1247 (frtype == WIFI_DATA_CFPOLL) ||
1248 (frtype == WIFI_DATA_CFACKPOLL)) {
1249 qc_exists = 1;
1250 if (hdrlen != WLAN_HDR_A3_QOS_LEN)
1251 hdrlen += 2;
1252 } else if ((frsubtype == 0x08) ||
1253 (frsubtype == 0x09) ||
1254 (frsubtype == 0x0a) ||
1255 (frsubtype == 0x0b)) {
1256 if (hdrlen != WLAN_HDR_A3_QOS_LEN)
1257 hdrlen += 2;
1258 qc_exists = 1;
1259 } else {
1260 qc_exists = 0;
1261 }
1262 /* now, decrypt pframe with hdrlen offset and plen long */
1263 payload_index = hdrlen + 8; /* 8 is for extiv */
1264 for (i = 0; i < num_blocks; i++) {
1265 construct_ctr_preload(ctr_preload, a4_exists, qc_exists,
1266 pframe, pn_vector, i + 1);
1267 aes128k128d(key, ctr_preload, aes_out);
1268 bitwise_xor(aes_out, &pframe[payload_index], chain_buffer);
1269 for (j = 0; j < 16; j++)
1270 pframe[payload_index++] = chain_buffer[j];
1271 }
1272 if (payload_remainder > 0) { /* If short final block, pad it,*/
1273 /* encrypt it and copy the unpadded part back */
1274 construct_ctr_preload(ctr_preload, a4_exists, qc_exists,
1275 pframe, pn_vector, num_blocks+1);
1276 for (j = 0; j < 16; j++)
1277 padded_buffer[j] = 0x00;
1278 for (j = 0; j < payload_remainder; j++)
1279 padded_buffer[j] = pframe[payload_index + j];
1280 aes128k128d(key, ctr_preload, aes_out);
1281 bitwise_xor(aes_out, padded_buffer, chain_buffer);
1282 for (j = 0; j < payload_remainder; j++)
1283 pframe[payload_index++] = chain_buffer[j];
1284 }
1285 /* start to calculate the mic */
1286 memcpy((void *)message, pframe, (hdrlen + plen + 8));
1287 pn_vector[0] = pframe[hdrlen];
1288 pn_vector[1] = pframe[hdrlen+1];
1289 pn_vector[2] = pframe[hdrlen+4];
1290 pn_vector[3] = pframe[hdrlen+5];
1291 pn_vector[4] = pframe[hdrlen+6];
1292 pn_vector[5] = pframe[hdrlen+7];
1293 construct_mic_iv(mic_iv, qc_exists, a4_exists, message, plen-8,
1294 pn_vector);
1295 construct_mic_header1(mic_header1, hdrlen, message);
1296 construct_mic_header2(mic_header2, message, a4_exists, qc_exists);
1297 payload_remainder = (plen - 8) % 16;
1298 num_blocks = (plen - 8) / 16;
1299 /* Find start of payload */
1300 payload_index = (hdrlen + 8);
1301 /* Calculate MIC */
1302 aes128k128d(key, mic_iv, aes_out);
1303 bitwise_xor(aes_out, mic_header1, chain_buffer);
1304 aes128k128d(key, chain_buffer, aes_out);
1305 bitwise_xor(aes_out, mic_header2, chain_buffer);
1306 aes128k128d(key, chain_buffer, aes_out);
1307 for (i = 0; i < num_blocks; i++) {
1308 bitwise_xor(aes_out, &message[payload_index], chain_buffer);
1309 payload_index += 16;
1310 aes128k128d(key, chain_buffer, aes_out);
1311 }
1312 /* Add on the final payload block if it needs padding */
1313 if (payload_remainder > 0) {
1314 for (j = 0; j < 16; j++)
1315 padded_buffer[j] = 0x00;
1316 for (j = 0; j < payload_remainder; j++)
1317 padded_buffer[j] = message[payload_index++];
1318 bitwise_xor(aes_out, padded_buffer, chain_buffer);
1319 aes128k128d(key, chain_buffer, aes_out);
1320 }
1321 for (j = 0; j < 8; j++)
1322 mic[j] = aes_out[j];
1323 /* Insert MIC into payload */
1324 for (j = 0; j < 8; j++)
1325 message[payload_index+j] = mic[j];
1326 payload_index = hdrlen + 8;
1327 for (i = 0; i < num_blocks; i++) {
1328 construct_ctr_preload(ctr_preload, a4_exists, qc_exists,
1329 message, pn_vector, i + 1);
1330 aes128k128d(key, ctr_preload, aes_out);
1331 bitwise_xor(aes_out, &message[payload_index], chain_buffer);
1332 for (j = 0; j < 16; j++)
1333 message[payload_index++] = chain_buffer[j];
1334 }
1335 if (payload_remainder > 0) { /* If short final block, pad it,*/
1336 /* encrypt and copy unpadded part back */
1337 construct_ctr_preload(ctr_preload, a4_exists, qc_exists,
1338 message, pn_vector, num_blocks+1);
1339 for (j = 0; j < 16; j++)
1340 padded_buffer[j] = 0x00;
1341 for (j = 0; j < payload_remainder; j++)
1342 padded_buffer[j] = message[payload_index + j];
1343 aes128k128d(key, ctr_preload, aes_out);
1344 bitwise_xor(aes_out, padded_buffer, chain_buffer);
1345 for (j = 0; j < payload_remainder; j++)
1346 message[payload_index++] = chain_buffer[j];
1347 }
1348 /* Encrypt the MIC */
1349 construct_ctr_preload(ctr_preload, a4_exists, qc_exists, message,
1350 pn_vector, 0);
1351 for (j = 0; j < 16; j++)
1352 padded_buffer[j] = 0x00;
1353 for (j = 0; j < 8; j++)
1354 padded_buffer[j] = message[j + hdrlen + plen];
1355 aes128k128d(key, ctr_preload, aes_out);
1356 bitwise_xor(aes_out, padded_buffer, chain_buffer);
1357 for (j = 0; j < 8; j++)
1358 message[payload_index++] = chain_buffer[j];
1359 /* compare the mic */
1360 return _SUCCESS;
1361 }
1362
1363 u32 r8712_aes_decrypt(struct _adapter *padapter, u8 *precvframe)
1364 { /* exclude ICV */
1365 /* Intermediate Buffers */
1366 sint length;
1367 u32 prwskeylen;
1368 u8 *pframe, *prwskey, *iv, idx;
1369 struct sta_info *stainfo;
1370 struct rx_pkt_attrib *prxattrib = &((union recv_frame *)
1371 precvframe)->u.hdr.attrib;
1372 struct security_priv *psecuritypriv = &padapter->securitypriv;
1373
1374 pframe = (unsigned char *)((union recv_frame *)precvframe)->
1375 u.hdr.rx_data;
1376 /* 4 start to encrypt each fragment */
1377 if (prxattrib->encrypt == _AES_) {
1378 stainfo = r8712_get_stainfo(&padapter->stapriv,
1379 &prxattrib->ta[0]);
1380 if (stainfo != NULL) {
1381 if (IS_MCAST(prxattrib->ra)) {
1382 iv = pframe+prxattrib->hdrlen;
1383 idx = iv[3];
1384 prwskey = &psecuritypriv->XGrpKey[
1385 ((idx >> 6) & 0x3) - 1].skey[0];
1386 if (psecuritypriv->binstallGrpkey == false)
1387 return _FAIL;
1388
1389 } else
1390 prwskey = &stainfo->x_UncstKey.skey[0];
1391 prwskeylen = 16;
1392 length = ((union recv_frame *)precvframe)->
1393 u.hdr.len-prxattrib->hdrlen-prxattrib->iv_len;
1394 aes_decipher(prwskey, prxattrib->hdrlen, pframe,
1395 length);
1396 } else
1397 return _FAIL;
1398 }
1399 return _SUCCESS;
1400 }
1401
1402 void r8712_use_tkipkey_handler(void *FunctionContext)
1403 {
1404 struct _adapter *padapter = (struct _adapter *)FunctionContext;
1405
1406 padapter->securitypriv.busetkipkey = true;
1407 }
Linux kernel - Deliverables
This page took 0.111722 seconds and 6 git commands to generate.