1 /******************************************************************************
2 *
3 * Copyright(c) 2007 - 2011 Realtek Corporation. All rights reserved.
4 *
5 * This program is free software; you can redistribute it and/or modify it
6 * under the terms of version 2 of the GNU General Public License as
7 * published by the Free Software Foundation.
8 *
9 * This program is distributed in the hope that it will be useful, but WITHOUT
10 * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
11 * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for
12 * more details.
13 *
14 ******************************************************************************/
15 #define _RTW_SECURITY_C_
16
17 #include <osdep_service.h>
18 #include <drv_types.h>
19 #include <wifi.h>
20 #include <osdep_intf.h>
21
22 /* WEP related ===== */
23
24 #define CRC32_POLY 0x04c11db7
25
26 struct arc4context
27 {
28 u32 x;
29 u32 y;
30 u8 state[256];
31 };
32
arcfour_init(struct arc4context * parc4ctx,u8 * key,u32 key_len)33 static void arcfour_init(struct arc4context *parc4ctx, u8 * key, u32 key_len)
34 {
35 u32 t, u;
36 u32 keyindex;
37 u32 stateindex;
38 u8 * state;
39 u32 counter;
40
41 state = parc4ctx->state;
42 parc4ctx->x = 0;
43 parc4ctx->y = 0;
44 for (counter = 0; counter < 256; counter++)
45 state[counter] = (u8)counter;
46 keyindex = 0;
47 stateindex = 0;
48 for (counter = 0; counter < 256; counter++)
49 {
50 t = state[counter];
51 stateindex = (stateindex + key[keyindex] + t) & 0xff;
52 u = state[stateindex];
53 state[stateindex] = (u8)t;
54 state[counter] = (u8)u;
55 if (++keyindex >= key_len)
56 keyindex = 0;
57 }
58
59 }
arcfour_byte(struct arc4context * parc4ctx)60 static u32 arcfour_byte( struct arc4context *parc4ctx)
61 {
62 u32 x;
63 u32 y;
64 u32 sx, sy;
65 u8 * state;
66
67 state = parc4ctx->state;
68 x = (parc4ctx->x + 1) & 0xff;
69 sx = state[x];
70 y = (sx + parc4ctx->y) & 0xff;
71 sy = state[y];
72 parc4ctx->x = x;
73 parc4ctx->y = y;
74 state[y] = (u8)sx;
75 state[x] = (u8)sy;
76
77 return state[(sx + sy) & 0xff];
78 }
79
arcfour_encrypt(struct arc4context * parc4ctx,u8 * dest,u8 * src,u32 len)80 static void arcfour_encrypt( struct arc4context *parc4ctx,
81 u8 * dest,
82 u8 * src,
83 u32 len)
84 {
85 u32 i;
86
87 for (i = 0; i < len; i++)
88 dest[i] = src[i] ^ (unsigned char)arcfour_byte(parc4ctx);
89
90 }
91
92 static int bcrc32initialized = 0;
93 static u32 crc32_table[256];
94
crc32_reverseBit(u8 data)95 static u8 crc32_reverseBit(u8 data)
96 {
97 u8 retval = ((data << 7) & 0x80) | ((data << 5) & 0x40) |
98 ((data << 3) & 0x20) | ((data << 1) & 0x10) |
99 ((data >> 1) & 0x08) | ((data >> 3) & 0x04) |
100 ((data >> 5) & 0x02) | ((data >> 7) & 0x01);
101 return retval;
102 }
103
crc32_init(void)104 static void crc32_init(void)
105 {
106
107 if (bcrc32initialized == 1)
108 return;
109 else{
110 int i, j;
111 u32 c;
112 u8 *p = (u8 *)&c, *p1;
113 u8 k;
114
115 c = 0x12340000;
116
117 for (i = 0; i < 256; ++i)
118 {
119 k = crc32_reverseBit((u8)i);
120 for (c = ((u32)k) << 24, j = 8; j > 0; --j) {
121 c = c & 0x80000000 ? (c << 1) ^ CRC32_POLY : (c << 1);
122 }
123 p1 = (u8 *)&crc32_table[i];
124
125 p1[0] = crc32_reverseBit(p[3]);
126 p1[1] = crc32_reverseBit(p[2]);
127 p1[2] = crc32_reverseBit(p[1]);
128 p1[3] = crc32_reverseBit(p[0]);
129 }
130 bcrc32initialized = 1;
131 }
132 }
133
getcrc32(u8 * buf,int len)134 static u32 getcrc32(u8 *buf, int len)
135 {
136 u8 *p;
137 u32 crc;
138
139 if (bcrc32initialized == 0) crc32_init();
140
141 crc = 0xffffffff; /* preload shift register, per CRC-32 spec */
142
143 for (p = buf; len > 0; ++p, --len)
144 crc = crc32_table[ (crc ^ *p) & 0xff] ^ (crc >> 8);
145
146 return ~crc; /* transmit complement, per CRC-32 spec */
147 }
148
149 /* Need to consider the fragment situation */
rtw_wep_encrypt23a(struct rtw_adapter * padapter,struct xmit_frame * pxmitframe)150 void rtw_wep_encrypt23a(struct rtw_adapter *padapter,
151 struct xmit_frame *pxmitframe)
152 {
153 /* exclude ICV */
154 unsigned char crc[4];
155 struct arc4context mycontext;
156 int curfragnum, length, index;
157 u32 keylength;
158 u8 *pframe, *payload, *iv; /* wepkey */
159 u8 wepkey[16];
160 u8 hw_hdr_offset = 0;
161 struct pkt_attrib *pattrib = &pxmitframe->attrib;
162 struct security_priv *psecuritypriv = &padapter->securitypriv;
163 struct xmit_priv *pxmitpriv = &padapter->xmitpriv;
164
165 if (!pxmitframe->buf_addr)
166 return;
167
168 hw_hdr_offset = TXDESC_OFFSET;
169
170 pframe = pxmitframe->buf_addr + hw_hdr_offset;
171
172 /* start to encrypt each fragment */
173 if (pattrib->encrypt != WLAN_CIPHER_SUITE_WEP40 &&
174 pattrib->encrypt != WLAN_CIPHER_SUITE_WEP104)
175 return;
176
177 index = psecuritypriv->dot11PrivacyKeyIndex;
178 keylength = psecuritypriv->wep_key[index].keylen;
179
180 for (curfragnum = 0; curfragnum < pattrib->nr_frags ; curfragnum++) {
181 iv = pframe + pattrib->hdrlen;
182 memcpy(&wepkey[0], iv, 3);
183 memcpy(&wepkey[3], &psecuritypriv->wep_key[index].key,
184 keylength);
185 payload = pframe + pattrib->iv_len + pattrib->hdrlen;
186
187 if ((curfragnum + 1) == pattrib->nr_frags) {
188 /* the last fragment */
189 length = pattrib->last_txcmdsz - pattrib->hdrlen -
190 pattrib->iv_len- pattrib->icv_len;
191
192 *((u32 *)crc) = cpu_to_le32(getcrc32(payload, length));
193
194 arcfour_init(&mycontext, wepkey, 3 + keylength);
195 arcfour_encrypt(&mycontext, payload, payload, length);
196 arcfour_encrypt(&mycontext, payload + length, crc, 4);
197 } else {
198 length = pxmitpriv->frag_len - pattrib->hdrlen -
199 pattrib->iv_len - pattrib->icv_len;
200 *((u32 *)crc) = cpu_to_le32(getcrc32(payload, length));
201 arcfour_init(&mycontext, wepkey, 3 + keylength);
202 arcfour_encrypt(&mycontext, payload, payload, length);
203 arcfour_encrypt(&mycontext, payload + length, crc, 4);
204
205 pframe += pxmitpriv->frag_len;
206 pframe = PTR_ALIGN(pframe, 4);
207 }
208 }
209
210 }
211
rtw_wep_decrypt23a(struct rtw_adapter * padapter,struct recv_frame * precvframe)212 void rtw_wep_decrypt23a(struct rtw_adapter *padapter,
213 struct recv_frame *precvframe)
214 {
215 /* exclude ICV */
216 u8 crc[4];
217 struct arc4context mycontext;
218 int length;
219 u32 keylength;
220 u8 *pframe, *payload, *iv, wepkey[16];
221 u8 keyindex;
222 struct rx_pkt_attrib *prxattrib = &precvframe->attrib;
223 struct security_priv *psecuritypriv = &padapter->securitypriv;
224 struct sk_buff * skb = precvframe->pkt;
225
226 pframe = skb->data;
227
228 /* start to decrypt recvframe */
229 if (prxattrib->encrypt != WLAN_CIPHER_SUITE_WEP40 &&
230 prxattrib->encrypt != WLAN_CIPHER_SUITE_WEP104)
231 return;
232
233 iv = pframe + prxattrib->hdrlen;
234 /* keyindex = (iv[3]&0x3); */
235 keyindex = prxattrib->key_index;
236 keylength = psecuritypriv->wep_key[keyindex].keylen;
237 memcpy(&wepkey[0], iv, 3);
238 /* memcpy(&wepkey[3], &psecuritypriv->dot11DefKey[psecuritypriv->dot11PrivacyKeyIndex].skey[0], keylength); */
239 memcpy(&wepkey[3], &psecuritypriv->wep_key[keyindex].key, keylength);
240 length = skb->len - prxattrib->hdrlen - prxattrib->iv_len;
241
242 payload = pframe + prxattrib->iv_len + prxattrib->hdrlen;
243
244 /* decrypt payload include icv */
245 arcfour_init(&mycontext, wepkey, 3 + keylength);
246 arcfour_encrypt(&mycontext, payload, payload, length);
247
248 /* calculate icv and compare the icv */
249 *((u32 *)crc) = le32_to_cpu(getcrc32(payload, length - 4));
250
251 if (crc[3] != payload[length - 1] || crc[2] != payload[length - 2] ||
252 crc[1] != payload[length - 3] || crc[0] != payload[length - 4]) {
253 RT_TRACE(_module_rtl871x_security_c_, _drv_err_,
254 ("rtw_wep_decrypt23a:icv error crc[3](%x)!= payload"
255 "[length-1](%x) || crc[2](%x)!= payload[length-2](%x)"
256 " || crc[1](%x)!= payload[length-3](%x) || crc[0](%x)"
257 "!= payload[length-4](%x)\n",
258 crc[3], payload[length - 1],
259 crc[2], payload[length - 2],
260 crc[1], payload[length - 3],
261 crc[0], payload[length - 4]));
262 }
263
264 return;
265 }
266
267 /* 3 ===== TKIP related ===== */
268
secmicgetuint32(u8 * p)269 static u32 secmicgetuint32(u8 * p)
270 /* Convert from Byte[] to u32 in a portable way */
271 {
272 s32 i;
273 u32 res = 0;
274
275 for (i = 0; i<4; i++)
276 {
277 res |= ((u32)(*p++)) << (8*i);
278 }
279
280 return res;
281 }
282
secmicputuint32(u8 * p,u32 val)283 static void secmicputuint32(u8 * p, u32 val)
284 /* Convert from long to Byte[] in a portable way */
285 {
286 long i;
287
288 for (i = 0; i<4; i++)
289 {
290 *p++ = (u8) (val & 0xff);
291 val >>= 8;
292 }
293
294 }
295
secmicclear(struct mic_data * pmicdata)296 static void secmicclear(struct mic_data *pmicdata)
297 {
298 /* Reset the state to the empty message. */
299
300 pmicdata->L = pmicdata->K0;
301 pmicdata->R = pmicdata->K1;
302 pmicdata->nBytesInM = 0;
303 pmicdata->M = 0;
304
305 }
306
rtw_secmicsetkey23a(struct mic_data * pmicdata,u8 * key)307 void rtw_secmicsetkey23a(struct mic_data *pmicdata, u8 * key)
308 {
309 /* Set the key */
310
311 pmicdata->K0 = secmicgetuint32(key);
312 pmicdata->K1 = secmicgetuint32(key + 4);
313 /* and reset the message */
314 secmicclear(pmicdata);
315
316 }
317
rtw_secmicappend23abyte23a(struct mic_data * pmicdata,u8 b)318 void rtw_secmicappend23abyte23a(struct mic_data *pmicdata, u8 b)
319 {
320
321 /* Append the byte to our word-sized buffer */
322 pmicdata->M |= ((unsigned long)b) << (8*pmicdata->nBytesInM);
323 pmicdata->nBytesInM++;
324 /* Process the word if it is full. */
325 if (pmicdata->nBytesInM >= 4)
326 {
327 pmicdata->L ^= pmicdata->M;
328 pmicdata->R ^= ROL32(pmicdata->L, 17);
329 pmicdata->L += pmicdata->R;
330 pmicdata->R ^= ((pmicdata->L & 0xff00ff00) >> 8) | ((pmicdata->L & 0x00ff00ff) << 8);
331 pmicdata->L += pmicdata->R;
332 pmicdata->R ^= ROL32(pmicdata->L, 3);
333 pmicdata->L += pmicdata->R;
334 pmicdata->R ^= ROR32(pmicdata->L, 2);
335 pmicdata->L += pmicdata->R;
336 /* Clear the buffer */
337 pmicdata->M = 0;
338 pmicdata->nBytesInM = 0;
339 }
340
341 }
342
rtw_secmicappend23a(struct mic_data * pmicdata,u8 * src,u32 nbytes)343 void rtw_secmicappend23a(struct mic_data *pmicdata, u8 * src, u32 nbytes)
344 {
345
346 /* This is simple */
347 while(nbytes > 0)
348 {
349 rtw_secmicappend23abyte23a(pmicdata, *src++);
350 nbytes--;
351 }
352
353 }
354
rtw_secgetmic23a(struct mic_data * pmicdata,u8 * dst)355 void rtw_secgetmic23a(struct mic_data *pmicdata, u8 * dst)
356 {
357
358 /* Append the minimum padding */
359 rtw_secmicappend23abyte23a(pmicdata, 0x5a);
360 rtw_secmicappend23abyte23a(pmicdata, 0);
361 rtw_secmicappend23abyte23a(pmicdata, 0);
362 rtw_secmicappend23abyte23a(pmicdata, 0);
363 rtw_secmicappend23abyte23a(pmicdata, 0);
364 /* and then zeroes until the length is a multiple of 4 */
365 while(pmicdata->nBytesInM != 0)
366 {
367 rtw_secmicappend23abyte23a(pmicdata, 0);
368 }
369 /* The appendByte function has already computed the result. */
370 secmicputuint32(dst, pmicdata->L);
371 secmicputuint32(dst+4, pmicdata->R);
372 /* Reset to the empty message. */
373 secmicclear(pmicdata);
374
375 }
376
rtw_seccalctkipmic23a(u8 * key,u8 * header,u8 * data,u32 data_len,u8 * mic_code,u8 pri)377 void rtw_seccalctkipmic23a(u8 * key, u8 *header, u8 *data, u32 data_len, u8 *mic_code, u8 pri)
378 {
379
380 struct mic_data micdata;
381 u8 priority[4]={0x0, 0x0, 0x0, 0x0};
382
383 rtw_secmicsetkey23a(&micdata, key);
384 priority[0]= pri;
385
386 /* Michael MIC pseudo header: DA, SA, 3 x 0, Priority */
387 if (header[1]&1) { /* ToDS == 1 */
388 rtw_secmicappend23a(&micdata, &header[16], 6); /* DA */
389 if (header[1]&2) /* From Ds == 1 */
390 rtw_secmicappend23a(&micdata, &header[24], 6);
391 else
392 rtw_secmicappend23a(&micdata, &header[10], 6);
393 }
394 else{ /* ToDS == 0 */
395 rtw_secmicappend23a(&micdata, &header[4], 6); /* DA */
396 if (header[1]&2) /* From Ds == 1 */
397 rtw_secmicappend23a(&micdata, &header[16], 6);
398 else
399 rtw_secmicappend23a(&micdata, &header[10], 6);
400
401 }
402 rtw_secmicappend23a(&micdata, &priority[0], 4);
403
404 rtw_secmicappend23a(&micdata, data, data_len);
405
406 rtw_secgetmic23a(&micdata, mic_code);
407
408 }
409
410 /* macros for extraction/creation of unsigned char/unsigned short values */
411 #define RotR1(v16) ((((v16) >> 1) & 0x7FFF) ^ (((v16) & 1) << 15))
412 #define Lo8(v16) ((u8)((v16) & 0x00FF))
413 #define Hi8(v16) ((u8)(((v16) >> 8) & 0x00FF))
414 #define Lo16(v32) ((u16)((v32) & 0xFFFF))
415 #define Hi16(v32) ((u16)(((v32) >>16) & 0xFFFF))
416 #define Mk16(hi, lo) ((lo) ^ (((u16)(hi)) << 8))
417
418 /* select the Nth 16-bit word of the temporal key unsigned char array TK[] */
419 #define TK16(N) Mk16(tk[2*(N)+1], tk[2*(N)])
420
421 /* S-box lookup: 16 bits --> 16 bits */
422 #define _S_(v16) (Sbox1[0][Lo8(v16)] ^ Sbox1[1][Hi8(v16)])
423
424 /* fixed algorithm "parameters" */
425 #define PHASE1_LOOP_CNT 8 /* this needs to be "big enough" */
426 #define TA_SIZE 6 /* 48-bit transmitter address */
427 #define TK_SIZE 16 /* 128-bit temporal key */
428 #define P1K_SIZE 10 /* 80-bit Phase1 key */
429 #define RC4_KEY_SIZE 16 /* 128-bit RC4KEY (104 bits unknown) */
430
431 /* 2-unsigned char by 2-unsigned char subset of the full AES S-box table */
432 static const unsigned short Sbox1[2][256]= /* Sbox for hash (can be in ROM) */
433 { {
434 0xC6A5, 0xF884, 0xEE99, 0xF68D, 0xFF0D, 0xD6BD, 0xDEB1, 0x9154,
435 0x6050, 0x0203, 0xCEA9, 0x567D, 0xE719, 0xB562, 0x4DE6, 0xEC9A,
436 0x8F45, 0x1F9D, 0x8940, 0xFA87, 0xEF15, 0xB2EB, 0x8EC9, 0xFB0B,
437 0x41EC, 0xB367, 0x5FFD, 0x45EA, 0x23BF, 0x53F7, 0xE496, 0x9B5B,
438 0x75C2, 0xE11C, 0x3DAE, 0x4C6A, 0x6C5A, 0x7E41, 0xF502, 0x834F,
439 0x685C, 0x51F4, 0xD134, 0xF908, 0xE293, 0xAB73, 0x6253, 0x2A3F,
440 0x080C, 0x9552, 0x4665, 0x9D5E, 0x3028, 0x37A1, 0x0A0F, 0x2FB5,
441 0x0E09, 0x2436, 0x1B9B, 0xDF3D, 0xCD26, 0x4E69, 0x7FCD, 0xEA9F,
442 0x121B, 0x1D9E, 0x5874, 0x342E, 0x362D, 0xDCB2, 0xB4EE, 0x5BFB,
443 0xA4F6, 0x764D, 0xB761, 0x7DCE, 0x527B, 0xDD3E, 0x5E71, 0x1397,
444 0xA6F5, 0xB968, 0x0000, 0xC12C, 0x4060, 0xE31F, 0x79C8, 0xB6ED,
445 0xD4BE, 0x8D46, 0x67D9, 0x724B, 0x94DE, 0x98D4, 0xB0E8, 0x854A,
446 0xBB6B, 0xC52A, 0x4FE5, 0xED16, 0x86C5, 0x9AD7, 0x6655, 0x1194,
447 0x8ACF, 0xE910, 0x0406, 0xFE81, 0xA0F0, 0x7844, 0x25BA, 0x4BE3,
448 0xA2F3, 0x5DFE, 0x80C0, 0x058A, 0x3FAD, 0x21BC, 0x7048, 0xF104,
449 0x63DF, 0x77C1, 0xAF75, 0x4263, 0x2030, 0xE51A, 0xFD0E, 0xBF6D,
450 0x814C, 0x1814, 0x2635, 0xC32F, 0xBEE1, 0x35A2, 0x88CC, 0x2E39,
451 0x9357, 0x55F2, 0xFC82, 0x7A47, 0xC8AC, 0xBAE7, 0x322B, 0xE695,
452 0xC0A0, 0x1998, 0x9ED1, 0xA37F, 0x4466, 0x547E, 0x3BAB, 0x0B83,
453 0x8CCA, 0xC729, 0x6BD3, 0x283C, 0xA779, 0xBCE2, 0x161D, 0xAD76,
454 0xDB3B, 0x6456, 0x744E, 0x141E, 0x92DB, 0x0C0A, 0x486C, 0xB8E4,
455 0x9F5D, 0xBD6E, 0x43EF, 0xC4A6, 0x39A8, 0x31A4, 0xD337, 0xF28B,
456 0xD532, 0x8B43, 0x6E59, 0xDAB7, 0x018C, 0xB164, 0x9CD2, 0x49E0,
457 0xD8B4, 0xACFA, 0xF307, 0xCF25, 0xCAAF, 0xF48E, 0x47E9, 0x1018,
458 0x6FD5, 0xF088, 0x4A6F, 0x5C72, 0x3824, 0x57F1, 0x73C7, 0x9751,
459 0xCB23, 0xA17C, 0xE89C, 0x3E21, 0x96DD, 0x61DC, 0x0D86, 0x0F85,
460 0xE090, 0x7C42, 0x71C4, 0xCCAA, 0x90D8, 0x0605, 0xF701, 0x1C12,
461 0xC2A3, 0x6A5F, 0xAEF9, 0x69D0, 0x1791, 0x9958, 0x3A27, 0x27B9,
462 0xD938, 0xEB13, 0x2BB3, 0x2233, 0xD2BB, 0xA970, 0x0789, 0x33A7,
463 0x2DB6, 0x3C22, 0x1592, 0xC920, 0x8749, 0xAAFF, 0x5078, 0xA57A,
464 0x038F, 0x59F8, 0x0980, 0x1A17, 0x65DA, 0xD731, 0x84C6, 0xD0B8,
465 0x82C3, 0x29B0, 0x5A77, 0x1E11, 0x7BCB, 0xA8FC, 0x6DD6, 0x2C3A,
466 },
467
468 { /* second half of table is unsigned char-reversed version of first! */
469 0xA5C6, 0x84F8, 0x99EE, 0x8DF6, 0x0DFF, 0xBDD6, 0xB1DE, 0x5491,
470 0x5060, 0x0302, 0xA9CE, 0x7D56, 0x19E7, 0x62B5, 0xE64D, 0x9AEC,
471 0x458F, 0x9D1F, 0x4089, 0x87FA, 0x15EF, 0xEBB2, 0xC98E, 0x0BFB,
472 0xEC41, 0x67B3, 0xFD5F, 0xEA45, 0xBF23, 0xF753, 0x96E4, 0x5B9B,
473 0xC275, 0x1CE1, 0xAE3D, 0x6A4C, 0x5A6C, 0x417E, 0x02F5, 0x4F83,
474 0x5C68, 0xF451, 0x34D1, 0x08F9, 0x93E2, 0x73AB, 0x5362, 0x3F2A,
475 0x0C08, 0x5295, 0x6546, 0x5E9D, 0x2830, 0xA137, 0x0F0A, 0xB52F,
476 0x090E, 0x3624, 0x9B1B, 0x3DDF, 0x26CD, 0x694E, 0xCD7F, 0x9FEA,
477 0x1B12, 0x9E1D, 0x7458, 0x2E34, 0x2D36, 0xB2DC, 0xEEB4, 0xFB5B,
478 0xF6A4, 0x4D76, 0x61B7, 0xCE7D, 0x7B52, 0x3EDD, 0x715E, 0x9713,
479 0xF5A6, 0x68B9, 0x0000, 0x2CC1, 0x6040, 0x1FE3, 0xC879, 0xEDB6,
480 0xBED4, 0x468D, 0xD967, 0x4B72, 0xDE94, 0xD498, 0xE8B0, 0x4A85,
481 0x6BBB, 0x2AC5, 0xE54F, 0x16ED, 0xC586, 0xD79A, 0x5566, 0x9411,
482 0xCF8A, 0x10E9, 0x0604, 0x81FE, 0xF0A0, 0x4478, 0xBA25, 0xE34B,
483 0xF3A2, 0xFE5D, 0xC080, 0x8A05, 0xAD3F, 0xBC21, 0x4870, 0x04F1,
484 0xDF63, 0xC177, 0x75AF, 0x6342, 0x3020, 0x1AE5, 0x0EFD, 0x6DBF,
485 0x4C81, 0x1418, 0x3526, 0x2FC3, 0xE1BE, 0xA235, 0xCC88, 0x392E,
486 0x5793, 0xF255, 0x82FC, 0x477A, 0xACC8, 0xE7BA, 0x2B32, 0x95E6,
487 0xA0C0, 0x9819, 0xD19E, 0x7FA3, 0x6644, 0x7E54, 0xAB3B, 0x830B,
488 0xCA8C, 0x29C7, 0xD36B, 0x3C28, 0x79A7, 0xE2BC, 0x1D16, 0x76AD,
489 0x3BDB, 0x5664, 0x4E74, 0x1E14, 0xDB92, 0x0A0C, 0x6C48, 0xE4B8,
490 0x5D9F, 0x6EBD, 0xEF43, 0xA6C4, 0xA839, 0xA431, 0x37D3, 0x8BF2,
491 0x32D5, 0x438B, 0x596E, 0xB7DA, 0x8C01, 0x64B1, 0xD29C, 0xE049,
492 0xB4D8, 0xFAAC, 0x07F3, 0x25CF, 0xAFCA, 0x8EF4, 0xE947, 0x1810,
493 0xD56F, 0x88F0, 0x6F4A, 0x725C, 0x2438, 0xF157, 0xC773, 0x5197,
494 0x23CB, 0x7CA1, 0x9CE8, 0x213E, 0xDD96, 0xDC61, 0x860D, 0x850F,
495 0x90E0, 0x427C, 0xC471, 0xAACC, 0xD890, 0x0506, 0x01F7, 0x121C,
496 0xA3C2, 0x5F6A, 0xF9AE, 0xD069, 0x9117, 0x5899, 0x273A, 0xB927,
497 0x38D9, 0x13EB, 0xB32B, 0x3322, 0xBBD2, 0x70A9, 0x8907, 0xA733,
498 0xB62D, 0x223C, 0x9215, 0x20C9, 0x4987, 0xFFAA, 0x7850, 0x7AA5,
499 0x8F03, 0xF859, 0x8009, 0x171A, 0xDA65, 0x31D7, 0xC684, 0xB8D0,
500 0xC382, 0xB029, 0x775A, 0x111E, 0xCB7B, 0xFCA8, 0xD66D, 0x3A2C,
501 }
502 };
503
504 /*
505 **********************************************************************
506 * Routine: Phase 1 -- generate P1K, given TA, TK, IV32
507 *
508 * Inputs:
509 * tk[] = temporal key [128 bits]
510 * ta[] = transmitter's MAC address [ 48 bits]
511 * iv32 = upper 32 bits of IV [ 32 bits]
512 * Output:
513 * p1k[] = Phase 1 key [ 80 bits]
514 *
515 * Note:
516 * This function only needs to be called every 2**16 packets,
517 * although in theory it could be called every packet.
518 *
519 **********************************************************************
520 */
phase1(u16 * p1k,const u8 * tk,const u8 * ta,u32 iv32)521 static void phase1(u16 *p1k, const u8 *tk, const u8 *ta, u32 iv32)
522 {
523 int i;
524
525 /* Initialize the 80 bits of P1K[] from IV32 and TA[0..5] */
526 p1k[0] = Lo16(iv32);
527 p1k[1] = Hi16(iv32);
528 p1k[2] = Mk16(ta[1], ta[0]); /* use TA[] as little-endian */
529 p1k[3] = Mk16(ta[3], ta[2]);
530 p1k[4] = Mk16(ta[5], ta[4]);
531
532 /* Now compute an unbalanced Feistel cipher with 80-bit block */
533 /* size on the 80-bit block P1K[], using the 128-bit key TK[] */
534 for (i = 0; i < PHASE1_LOOP_CNT ;i++)
535 { /* Each add operation here is mod 2**16 */
536 p1k[0] += _S_(p1k[4] ^ TK16((i&1)+0));
537 p1k[1] += _S_(p1k[0] ^ TK16((i&1)+2));
538 p1k[2] += _S_(p1k[1] ^ TK16((i&1)+4));
539 p1k[3] += _S_(p1k[2] ^ TK16((i&1)+6));
540 p1k[4] += _S_(p1k[3] ^ TK16((i&1)+0));
541 p1k[4] += (unsigned short)i; /* avoid "slide attacks" */
542 }
543
544 }
545
546 /*
547 **********************************************************************
548 * Routine: Phase 2 -- generate RC4KEY, given TK, P1K, IV16
549 *
550 * Inputs:
551 * tk[] = Temporal key [128 bits]
552 * p1k[] = Phase 1 output key [ 80 bits]
553 * iv16 = low 16 bits of IV counter [ 16 bits]
554 * Output:
555 * rc4key[] = the key used to encrypt the packet [128 bits]
556 *
557 * Note:
558 * The value {TA, IV32, IV16} for Phase1/Phase2 must be unique
559 * across all packets using the same key TK value. Then, for a
560 * given value of TK[], this TKIP48 construction guarantees that
561 * the final RC4KEY value is unique across all packets.
562 *
563 * Suggested implementation optimization: if PPK[] is "overlaid"
564 * appropriately on RC4KEY[], there is no need for the final
565 * for loop below that copies the PPK[] result into RC4KEY[].
566 *
567 **********************************************************************
568 */
phase2(u8 * rc4key,const u8 * tk,const u16 * p1k,u16 iv16)569 static void phase2(u8 *rc4key, const u8 *tk, const u16 *p1k, u16 iv16)
570 {
571 int i;
572 u16 PPK[6]; /* temporary key for mixing */
573
574 /* Note: all adds in the PPK[] equations below are mod 2**16 */
575 for (i = 0;i<5;i++) PPK[i]= p1k[i]; /* first, copy P1K to PPK */
576 PPK[5] = p1k[4] +iv16; /* next, add in IV16 */
577
578 /* Bijective non-linear mixing of the 96 bits of PPK[0..5] */
579 PPK[0] += _S_(PPK[5] ^ TK16(0)); /* Mix key in each "round" */
580 PPK[1] += _S_(PPK[0] ^ TK16(1));
581 PPK[2] += _S_(PPK[1] ^ TK16(2));
582 PPK[3] += _S_(PPK[2] ^ TK16(3));
583 PPK[4] += _S_(PPK[3] ^ TK16(4));
584 PPK[5] += _S_(PPK[4] ^ TK16(5)); /* Total # S-box lookups == 6 */
585
586 /* Final sweep: bijective, "linear". Rotates kill LSB correlations */
587 PPK[0] += RotR1(PPK[5] ^ TK16(6));
588 PPK[1] += RotR1(PPK[0] ^ TK16(7)); /* Use all of TK[] in Phase2 */
589 PPK[2] += RotR1(PPK[1]);
590 PPK[3] += RotR1(PPK[2]);
591 PPK[4] += RotR1(PPK[3]);
592 PPK[5] += RotR1(PPK[4]);
593 /* Note: At this point, for a given key TK[0..15], the 96-bit output */
594 /* value PPK[0..5] is guaranteed to be unique, as a function */
595 /* of the 96-bit "input" value {TA, IV32, IV16}. That is, P1K */
596 /* is now a keyed permutation of {TA, IV32, IV16}. */
597
598 /* Set RC4KEY[0..3], which includes "cleartext" portion of RC4 key */
599 rc4key[0] = Hi8(iv16); /* RC4KEY[0..2] is the WEP IV */
600 rc4key[1] = (Hi8(iv16) | 0x20) & 0x7F; /* Help avoid weak (FMS) keys */
601 rc4key[2] = Lo8(iv16);
602 rc4key[3] = Lo8((PPK[5] ^ TK16(0)) >> 1);
603
604 /* Copy 96 bits of PPK[0..5] to RC4KEY[4..15] (little-endian) */
605 for (i = 0;i<6;i++)
606 {
607 rc4key[4+2*i] = Lo8(PPK[i]);
608 rc4key[5+2*i] = Hi8(PPK[i]);
609 }
610
611 }
612
613 /* The hlen isn't include the IV */
rtw_tkip_encrypt23a(struct rtw_adapter * padapter,struct xmit_frame * pxmitframe)614 int rtw_tkip_encrypt23a(struct rtw_adapter *padapter,
615 struct xmit_frame *pxmitframe)
616 {
617 u16 pnl;
618 u32 pnh;
619 u8 rc4key[16];
620 u8 ttkey[16];
621 u8 crc[4];
622 u8 hw_hdr_offset = 0;
623 struct arc4context mycontext;
624 int curfragnum, length;
625 u32 prwskeylen;
626 u8 *pframe, *payload, *iv, *prwskey;
627 union pn48 dot11txpn;
628 struct sta_info *stainfo;
629 struct pkt_attrib *pattrib = &pxmitframe->attrib;
630 struct security_priv *psecuritypriv = &padapter->securitypriv;
631 struct xmit_priv *pxmitpriv = &padapter->xmitpriv;
632 int res = _SUCCESS;
633
634 if (!pxmitframe->buf_addr)
635 return _FAIL;
636
637 hw_hdr_offset = TXDESC_OFFSET;
638
639 pframe = pxmitframe->buf_addr + hw_hdr_offset;
640 /* 4 start to encrypt each fragment */
641 if (pattrib->encrypt == WLAN_CIPHER_SUITE_TKIP) {
642 if (pattrib->psta)
643 stainfo = pattrib->psta;
644 else {
645 DBG_8723A("%s, call rtw_get_stainfo()\n", __func__);
646 stainfo = rtw_get_stainfo23a(&padapter->stapriv,
647 &pattrib->ra[0]);
648 }
649
650 if (stainfo!= NULL) {
651
652 if (!(stainfo->state &_FW_LINKED))
653 {
654 DBG_8723A("%s, psta->state(0x%x) != _FW_LINKED\n", __func__, stainfo->state);
655 return _FAIL;
656 }
657
658 RT_TRACE(_module_rtl871x_security_c_, _drv_err_, ("rtw_tkip_encrypt23a: stainfo!= NULL!!!\n"));
659
660 if (is_multicast_ether_addr(pattrib->ra))
661 prwskey = psecuritypriv->dot118021XGrpKey[psecuritypriv->dot118021XGrpKeyid].skey;
662 else
663 prwskey = &stainfo->dot118021x_UncstKey.skey[0];
664
665 prwskeylen = 16;
666
667 for (curfragnum = 0;curfragnum<pattrib->nr_frags;curfragnum++) {
668 iv = pframe+pattrib->hdrlen;
669 payload = pframe+pattrib->iv_len+pattrib->hdrlen;
670
671 GET_TKIP_PN(iv, dot11txpn);
672
673 pnl = (u16)(dot11txpn.val);
674 pnh = (u32)(dot11txpn.val>>16);
675
676 phase1((u16 *)&ttkey[0], prwskey,&pattrib->ta[0], pnh);
677
678 phase2(&rc4key[0], prwskey, (u16 *)&ttkey[0], pnl);
679
680 if ((curfragnum+1) == pattrib->nr_frags) { /* 4 the last fragment */
681 length = pattrib->last_txcmdsz-pattrib->hdrlen-pattrib->iv_len- pattrib->icv_len;
682 RT_TRACE(_module_rtl871x_security_c_, _drv_info_, ("pattrib->iv_len =%x, pattrib->icv_len =%x\n", pattrib->iv_len, pattrib->icv_len));
683 *((u32 *)crc) = cpu_to_le32(getcrc32(payload, length));/* modified by Amy*/
684
685 arcfour_init(&mycontext, rc4key, 16);
686 arcfour_encrypt(&mycontext, payload, payload, length);
687 arcfour_encrypt(&mycontext, payload+length, crc, 4);
688
689 }
690 else{
691 length = pxmitpriv->frag_len-pattrib->hdrlen-pattrib->iv_len-pattrib->icv_len ;
692 *((u32 *)crc) = cpu_to_le32(getcrc32(payload, length));/* modified by Amy*/
693 arcfour_init(&mycontext, rc4key, 16);
694 arcfour_encrypt(&mycontext, payload, payload, length);
695 arcfour_encrypt(&mycontext, payload+length, crc, 4);
696
697 pframe+= pxmitpriv->frag_len;
698 pframe = PTR_ALIGN(pframe, 4);
699 }
700 }
701
702 }
703 else{
704 RT_TRACE(_module_rtl871x_security_c_, _drv_err_, ("rtw_tkip_encrypt23a: stainfo == NULL!!!\n"));
705 DBG_8723A("%s, psta == NUL\n", __func__);
706 res = _FAIL;
707 }
708
709 }
710
711 return res;
712 }
713
714 /* The hlen isn't include the IV */
rtw_tkip_decrypt23a(struct rtw_adapter * padapter,struct recv_frame * precvframe)715 int rtw_tkip_decrypt23a(struct rtw_adapter *padapter,
716 struct recv_frame *precvframe)
717 {
718 u16 pnl;
719 u32 pnh;
720 u8 rc4key[16];
721 u8 ttkey[16];
722 u8 crc[4];
723 struct arc4context mycontext;
724 int length;
725 u32 prwskeylen;
726 u8 *pframe, *payload, *iv, *prwskey;
727 union pn48 dot11txpn;
728 struct sta_info *stainfo;
729 struct rx_pkt_attrib *prxattrib = &precvframe->attrib;
730 struct security_priv *psecuritypriv = &padapter->securitypriv;
731 struct sk_buff * skb = precvframe->pkt;
732 int res = _SUCCESS;
733
734 pframe = skb->data;
735
736 /* 4 start to decrypt recvframe */
737 if (prxattrib->encrypt == WLAN_CIPHER_SUITE_TKIP) {
738
739 stainfo = rtw_get_stainfo23a(&padapter->stapriv,
740 &prxattrib->ta[0]);
741 if (stainfo!= NULL) {
742
743 if (is_multicast_ether_addr(prxattrib->ra)) {
744 if (psecuritypriv->binstallGrpkey == 0) {
745 res = _FAIL;
746 DBG_8723A("%s:rx bc/mc packets, but didn't install group key!!!!!!!!!!\n", __func__);
747 goto exit;
748 }
749 prwskey = psecuritypriv->dot118021XGrpKey[prxattrib->key_index].skey;
750 prwskeylen = 16;
751 } else {
752 RT_TRACE(_module_rtl871x_security_c_, _drv_err_, ("rtw_tkip_decrypt23a: stainfo!= NULL!!!\n"));
753 prwskey = &stainfo->dot118021x_UncstKey.skey[0];
754 prwskeylen = 16;
755 }
756
757 iv = pframe+prxattrib->hdrlen;
758 payload = pframe+prxattrib->iv_len+prxattrib->hdrlen;
759 length = skb->len - prxattrib->hdrlen-prxattrib->iv_len;
760
761 GET_TKIP_PN(iv, dot11txpn);
762
763 pnl = (u16)(dot11txpn.val);
764 pnh = (u32)(dot11txpn.val>>16);
765
766 phase1((u16 *)&ttkey[0], prwskey,&prxattrib->ta[0], pnh);
767 phase2(&rc4key[0], prwskey, (unsigned short *)&ttkey[0], pnl);
768
769 /* 4 decrypt payload include icv */
770 arcfour_init(&mycontext, rc4key, 16);
771 arcfour_encrypt(&mycontext, payload, payload, length);
772
773 *((u32 *)crc) = le32_to_cpu(getcrc32(payload, length-4));
774
775 if (crc[3]!= payload[length-1] || crc[2]!= payload[length-2] || crc[1]!= payload[length-3] || crc[0]!= payload[length-4])
776 {
777 RT_TRACE(_module_rtl871x_security_c_, _drv_err_, ("rtw_wep_decrypt23a:icv error crc[3](%x)!= payload[length-1](%x) || crc[2](%x)!= payload[length-2](%x) || crc[1](%x)!= payload[length-3](%x) || crc[0](%x)!= payload[length-4](%x)\n",
778 crc[3], payload[length-1], crc[2], payload[length-2], crc[1], payload[length-3], crc[0], payload[length-4]));
779 res = _FAIL;
780 }
781 } else {
782 RT_TRACE(_module_rtl871x_security_c_, _drv_err_, ("rtw_tkip_decrypt23a: stainfo == NULL!!!\n"));
783 res = _FAIL;
784 }
785 }
786 exit:
787 return res;
788 }
789
790 /* 3 ===== AES related ===== */
791
792 #define MAX_MSG_SIZE 2048
793 /*****************************/
794 /******** SBOX Table *********/
795 /*****************************/
796
797 static u8 sbox_table[256] = {
798 0x63, 0x7c, 0x77, 0x7b, 0xf2, 0x6b, 0x6f, 0xc5,
799 0x30, 0x01, 0x67, 0x2b, 0xfe, 0xd7, 0xab, 0x76,
800 0xca, 0x82, 0xc9, 0x7d, 0xfa, 0x59, 0x47, 0xf0,
801 0xad, 0xd4, 0xa2, 0xaf, 0x9c, 0xa4, 0x72, 0xc0,
802 0xb7, 0xfd, 0x93, 0x26, 0x36, 0x3f, 0xf7, 0xcc,
803 0x34, 0xa5, 0xe5, 0xf1, 0x71, 0xd8, 0x31, 0x15,
804 0x04, 0xc7, 0x23, 0xc3, 0x18, 0x96, 0x05, 0x9a,
805 0x07, 0x12, 0x80, 0xe2, 0xeb, 0x27, 0xb2, 0x75,
806 0x09, 0x83, 0x2c, 0x1a, 0x1b, 0x6e, 0x5a, 0xa0,
807 0x52, 0x3b, 0xd6, 0xb3, 0x29, 0xe3, 0x2f, 0x84,
808 0x53, 0xd1, 0x00, 0xed, 0x20, 0xfc, 0xb1, 0x5b,
809 0x6a, 0xcb, 0xbe, 0x39, 0x4a, 0x4c, 0x58, 0xcf,
810 0xd0, 0xef, 0xaa, 0xfb, 0x43, 0x4d, 0x33, 0x85,
811 0x45, 0xf9, 0x02, 0x7f, 0x50, 0x3c, 0x9f, 0xa8,
812 0x51, 0xa3, 0x40, 0x8f, 0x92, 0x9d, 0x38, 0xf5,
813 0xbc, 0xb6, 0xda, 0x21, 0x10, 0xff, 0xf3, 0xd2,
814 0xcd, 0x0c, 0x13, 0xec, 0x5f, 0x97, 0x44, 0x17,
815 0xc4, 0xa7, 0x7e, 0x3d, 0x64, 0x5d, 0x19, 0x73,
816 0x60, 0x81, 0x4f, 0xdc, 0x22, 0x2a, 0x90, 0x88,
817 0x46, 0xee, 0xb8, 0x14, 0xde, 0x5e, 0x0b, 0xdb,
818 0xe0, 0x32, 0x3a, 0x0a, 0x49, 0x06, 0x24, 0x5c,
819 0xc2, 0xd3, 0xac, 0x62, 0x91, 0x95, 0xe4, 0x79,
820 0xe7, 0xc8, 0x37, 0x6d, 0x8d, 0xd5, 0x4e, 0xa9,
821 0x6c, 0x56, 0xf4, 0xea, 0x65, 0x7a, 0xae, 0x08,
822 0xba, 0x78, 0x25, 0x2e, 0x1c, 0xa6, 0xb4, 0xc6,
823 0xe8, 0xdd, 0x74, 0x1f, 0x4b, 0xbd, 0x8b, 0x8a,
824 0x70, 0x3e, 0xb5, 0x66, 0x48, 0x03, 0xf6, 0x0e,
825 0x61, 0x35, 0x57, 0xb9, 0x86, 0xc1, 0x1d, 0x9e,
826 0xe1, 0xf8, 0x98, 0x11, 0x69, 0xd9, 0x8e, 0x94,
827 0x9b, 0x1e, 0x87, 0xe9, 0xce, 0x55, 0x28, 0xdf,
828 0x8c, 0xa1, 0x89, 0x0d, 0xbf, 0xe6, 0x42, 0x68,
829 0x41, 0x99, 0x2d, 0x0f, 0xb0, 0x54, 0xbb, 0x16
830 };
831
832 /*****************************/
833 /**** Function Prototypes ****/
834 /*****************************/
835
836 static void construct_mic_header2(u8 *mic_header2, u8 *mpdu, int a4_exists,
837 int qc_exists);
838
xor_128(u8 * a,u8 * b,u8 * out)839 static void xor_128(u8 *a, u8 *b, u8 *out)
840 {
841 int i;
842
843 for (i = 0;i<16; i++)
844 out[i] = a[i] ^ b[i];
845 }
846
xor_32(u8 * a,u8 * b,u8 * out)847 static void xor_32(u8 *a, u8 *b, u8 *out)
848 {
849 int i;
850
851 for (i = 0; i < 4; i++)
852 out[i] = a[i] ^ b[i];
853 }
854
sbox(u8 a)855 static u8 sbox(u8 a)
856 {
857 return sbox_table[(int)a];
858 }
859
next_key(u8 * key,int round)860 static void next_key(u8 *key, int round)
861 {
862 u8 rcon;
863 u8 sbox_key[4];
864 u8 rcon_table[12] =
865 {
866 0x01, 0x02, 0x04, 0x08, 0x10, 0x20, 0x40, 0x80,
867 0x1b, 0x36, 0x36, 0x36
868 };
869
870 sbox_key[0] = sbox(key[13]);
871 sbox_key[1] = sbox(key[14]);
872 sbox_key[2] = sbox(key[15]);
873 sbox_key[3] = sbox(key[12]);
874
875 rcon = rcon_table[round];
876
877 xor_32(&key[0], sbox_key, &key[0]);
878 key[0] = key[0] ^ rcon;
879
880 xor_32(&key[4], &key[0], &key[4]);
881 xor_32(&key[8], &key[4], &key[8]);
882 xor_32(&key[12], &key[8], &key[12]);
883
884 }
885
byte_sub(u8 * in,u8 * out)886 static void byte_sub(u8 *in, u8 *out)
887 {
888 int i;
889
890 for (i = 0; i< 16; i++)
891 {
892 out[i] = sbox(in[i]);
893 }
894
895 }
896
shift_row(u8 * in,u8 * out)897 static void shift_row(u8 *in, u8 *out)
898 {
899
900 out[0] = in[0];
901 out[1] = in[5];
902 out[2] = in[10];
903 out[3] = in[15];
904 out[4] = in[4];
905 out[5] = in[9];
906 out[6] = in[14];
907 out[7] = in[3];
908 out[8] = in[8];
909 out[9] = in[13];
910 out[10] = in[2];
911 out[11] = in[7];
912 out[12] = in[12];
913 out[13] = in[1];
914 out[14] = in[6];
915 out[15] = in[11];
916
917 }
918
mix_column(u8 * in,u8 * out)919 static void mix_column(u8 *in, u8 *out)
920 {
921 int i;
922 u8 add1b[4];
923 u8 add1bf7[4];
924 u8 rotl[4];
925 u8 swap_halfs[4];
926 u8 andf7[4];
927 u8 rotr[4];
928 u8 temp[4];
929 u8 tempb[4];
930
931 for (i = 0 ; i<4; i++)
932 {
933 if ((in[i] & 0x80) == 0x80)
934 add1b[i] = 0x1b;
935 else
936 add1b[i] = 0x00;
937 }
938
939 swap_halfs[0] = in[2]; /* Swap halfs */
940 swap_halfs[1] = in[3];
941 swap_halfs[2] = in[0];
942 swap_halfs[3] = in[1];
943
944 rotl[0] = in[3]; /* Rotate left 8 bits */
945 rotl[1] = in[0];
946 rotl[2] = in[1];
947 rotl[3] = in[2];
948
949 andf7[0] = in[0] & 0x7f;
950 andf7[1] = in[1] & 0x7f;
951 andf7[2] = in[2] & 0x7f;
952 andf7[3] = in[3] & 0x7f;
953
954 for (i = 3; i>0; i--) /* logical shift left 1 bit */
955 {
956 andf7[i] = andf7[i] << 1;
957 if ((andf7[i-1] & 0x80) == 0x80)
958 {
959 andf7[i] = (andf7[i] | 0x01);
960 }
961 }
962 andf7[0] = andf7[0] << 1;
963 andf7[0] = andf7[0] & 0xfe;
964
965 xor_32(add1b, andf7, add1bf7);
966
967 xor_32(in, add1bf7, rotr);
968
969 temp[0] = rotr[0]; /* Rotate right 8 bits */
970 rotr[0] = rotr[1];
971 rotr[1] = rotr[2];
972 rotr[2] = rotr[3];
973 rotr[3] = temp[0];
974
975 xor_32(add1bf7, rotr, temp);
976 xor_32(swap_halfs, rotl, tempb);
977 xor_32(temp, tempb, out);
978
979 }
980
aes128k128d(u8 * key,u8 * data,u8 * ciphertext)981 static void aes128k128d(u8 *key, u8 *data, u8 *ciphertext)
982 {
983 int round;
984 int i;
985 u8 intermediatea[16];
986 u8 intermediateb[16];
987 u8 round_key[16];
988
989 for (i = 0; i<16; i++) round_key[i] = key[i];
990
991 for (round = 0; round < 11; round++)
992 {
993 if (round == 0)
994 {
995 xor_128(round_key, data, ciphertext);
996 next_key(round_key, round);
997 }
998 else if (round == 10)
999 {
1000 byte_sub(ciphertext, intermediatea);
1001 shift_row(intermediatea, intermediateb);
1002 xor_128(intermediateb, round_key, ciphertext);
1003 }
1004 else /* 1 - 9 */
1005 {
1006 byte_sub(ciphertext, intermediatea);
1007 shift_row(intermediatea, intermediateb);
1008 mix_column(&intermediateb[0], &intermediatea[0]);
1009 mix_column(&intermediateb[4], &intermediatea[4]);
1010 mix_column(&intermediateb[8], &intermediatea[8]);
1011 mix_column(&intermediateb[12], &intermediatea[12]);
1012 xor_128(intermediatea, round_key, ciphertext);
1013 next_key(round_key, round);
1014 }
1015 }
1016
1017 }
1018
1019 /************************************************/
1020 /* construct_mic_iv() */
1021 /* Builds the MIC IV from header fields and PN */
1022 /************************************************/
construct_mic_iv(u8 * mic_iv,int qc_exists,int a4_exists,u8 * mpdu,uint payload_length,u8 * pn_vector)1023 static void construct_mic_iv(u8 *mic_iv, int qc_exists, int a4_exists, u8 *mpdu,
1024 uint payload_length, u8 *pn_vector)
1025 {
1026 int i;
1027
1028 mic_iv[0] = 0x59;
1029 if (qc_exists && a4_exists)
1030 mic_iv[1] = mpdu[30] & 0x0f; /* QoS_TC */
1031 if (qc_exists && !a4_exists)
1032 mic_iv[1] = mpdu[24] & 0x0f; /* mute bits 7-4 */
1033 if (!qc_exists)
1034 mic_iv[1] = 0x00;
1035 for (i = 2; i < 8; i++)
1036 mic_iv[i] = mpdu[i + 8]; /* mic_iv[2:7] = A2[0:5] = mpdu[10:15] */
1037 for (i = 8; i < 14; i++)
1038 mic_iv[i] = pn_vector[13 - i]; /* mic_iv[8:13] = PN[5:0] */
1039 mic_iv[14] = (unsigned char)(payload_length / 256);
1040 mic_iv[15] = (unsigned char)(payload_length % 256);
1041 }
1042
1043 /************************************************/
1044 /* construct_mic_header1() */
1045 /* Builds the first MIC header block from */
1046 /* header fields. */
1047 /************************************************/
construct_mic_header1(u8 * mic_header1,int header_length,u8 * mpdu)1048 static void construct_mic_header1(u8 *mic_header1, int header_length, u8 *mpdu)
1049 {
1050 mic_header1[0] = (u8)((header_length - 2) / 256);
1051 mic_header1[1] = (u8)((header_length - 2) % 256);
1052 mic_header1[2] = mpdu[0] & 0xcf; /* Mute CF poll & CF ack bits */
1053 mic_header1[3] = mpdu[1] & 0xc7; /* Mute retry, more data and pwr mgt bits */
1054 mic_header1[4] = mpdu[4]; /* A1 */
1055 mic_header1[5] = mpdu[5];
1056 mic_header1[6] = mpdu[6];
1057 mic_header1[7] = mpdu[7];
1058 mic_header1[8] = mpdu[8];
1059 mic_header1[9] = mpdu[9];
1060 mic_header1[10] = mpdu[10]; /* A2 */
1061 mic_header1[11] = mpdu[11];
1062 mic_header1[12] = mpdu[12];
1063 mic_header1[13] = mpdu[13];
1064 mic_header1[14] = mpdu[14];
1065 mic_header1[15] = mpdu[15];
1066
1067 }
1068
1069 /************************************************/
1070 /* construct_mic_header2() */
1071 /* Builds the last MIC header block from */
1072 /* header fields. */
1073 /************************************************/
construct_mic_header2(u8 * mic_header2,u8 * mpdu,int a4_exists,int qc_exists)1074 static void construct_mic_header2(u8 *mic_header2, u8 *mpdu, int a4_exists,
1075 int qc_exists)
1076 {
1077 int i;
1078
1079 for (i = 0; i<16; i++) mic_header2[i]= 0x00;
1080
1081 mic_header2[0] = mpdu[16]; /* A3 */
1082 mic_header2[1] = mpdu[17];
1083 mic_header2[2] = mpdu[18];
1084 mic_header2[3] = mpdu[19];
1085 mic_header2[4] = mpdu[20];
1086 mic_header2[5] = mpdu[21];
1087
1088 mic_header2[6] = 0x00;
1089 mic_header2[7] = 0x00; /* mpdu[23]; */
1090
1091 if (!qc_exists && a4_exists)
1092 {
1093 for (i = 0;i<6;i++) mic_header2[8+i] = mpdu[24+i]; /* A4 */
1094
1095 }
1096
1097 if (qc_exists && !a4_exists)
1098 {
1099 mic_header2[8] = mpdu[24] & 0x0f; /* mute bits 15 - 4 */
1100 mic_header2[9] = mpdu[25] & 0x00;
1101 }
1102
1103 if (qc_exists && a4_exists)
1104 {
1105 for (i = 0;i<6;i++) mic_header2[8+i] = mpdu[24+i]; /* A4 */
1106
1107 mic_header2[14] = mpdu[30] & 0x0f;
1108 mic_header2[15] = mpdu[31] & 0x00;
1109 }
1110
1111 }
1112
1113 /************************************************/
1114 /* construct_mic_header2() */
1115 /* Builds the last MIC header block from */
1116 /* header fields. */
1117 /************************************************/
construct_ctr_preload(u8 * ctr_preload,int a4_exists,int qc_exists,u8 * mpdu,u8 * pn_vector,int c)1118 static void construct_ctr_preload(u8 *ctr_preload, int a4_exists, int qc_exists,
1119 u8 *mpdu, u8 *pn_vector, int c)
1120 {
1121 int i = 0;
1122
1123 for (i = 0; i<16; i++) ctr_preload[i] = 0x00;
1124 i = 0;
1125
1126 ctr_preload[0] = 0x01; /* flag */
1127 if (qc_exists && a4_exists)
1128 ctr_preload[1] = mpdu[30] & 0x0f; /* QoC_Control */
1129 if (qc_exists && !a4_exists)
1130 ctr_preload[1] = mpdu[24] & 0x0f;
1131
1132 for (i = 2; i < 8; i++)
1133 ctr_preload[i] = mpdu[i + 8]; /* ctr_preload[2:7] = A2[0:5] = mpdu[10:15] */
1134 for (i = 8; i < 14; i++)
1135 ctr_preload[i] = pn_vector[13 - i]; /* ctr_preload[8:13] = PN[5:0] */
1136 ctr_preload[14] = (unsigned char) (c / 256); /* Ctr */
1137 ctr_preload[15] = (unsigned char) (c % 256);
1138
1139 }
1140
1141 /************************************/
1142 /* bitwise_xor() */
1143 /* A 128 bit, bitwise exclusive or */
1144 /************************************/
bitwise_xor(u8 * ina,u8 * inb,u8 * out)1145 static void bitwise_xor(u8 *ina, u8 *inb, u8 *out)
1146 {
1147 int i;
1148
1149 for (i = 0; i < 16; i++)
1150 out[i] = ina[i] ^ inb[i];
1151 }
1152
aes_cipher(u8 * key,uint hdrlen,u8 * pframe,uint plen)1153 static int aes_cipher(u8 *key, uint hdrlen, u8 *pframe, uint plen)
1154 {
1155 uint qc_exists, a4_exists, i, j, payload_remainder,
1156 num_blocks, payload_index;
1157 u8 pn_vector[6];
1158 u8 mic_iv[16];
1159 u8 mic_header1[16];
1160 u8 mic_header2[16];
1161 u8 ctr_preload[16];
1162 /* Intermediate Buffers */
1163 u8 chain_buffer[16];
1164 u8 aes_out[16];
1165 u8 padded_buffer[16];
1166 u8 mic[8];
1167 struct ieee80211_hdr *hdr = (struct ieee80211_hdr *)pframe;
1168 u16 frsubtype = le16_to_cpu(hdr->frame_control) & IEEE80211_FCTL_STYPE;
1169
1170 memset((void *)mic_iv, 0, 16);
1171 memset((void *)mic_header1, 0, 16);
1172 memset((void *)mic_header2, 0, 16);
1173 memset((void *)ctr_preload, 0, 16);
1174 memset((void *)chain_buffer, 0, 16);
1175 memset((void *)aes_out, 0, 16);
1176 memset((void *)padded_buffer, 0, 16);
1177
1178 if ((hdrlen == sizeof(struct ieee80211_hdr_3addr) ||
1179 (hdrlen == sizeof(struct ieee80211_qos_hdr))))
1180 a4_exists = 0;
1181 else
1182 a4_exists = 1;
1183
1184 if (ieee80211_is_data(hdr->frame_control)) {
1185 if ((frsubtype == IEEE80211_STYPE_DATA_CFACK) ||
1186 (frsubtype == IEEE80211_STYPE_DATA_CFPOLL) ||
1187 (frsubtype == IEEE80211_STYPE_DATA_CFACKPOLL)) {
1188 qc_exists = 1;
1189 if (hdrlen != sizeof(struct ieee80211_qos_hdr))
1190 hdrlen += 2;
1191 } else if ((frsubtype == IEEE80211_STYPE_QOS_DATA) ||
1192 (frsubtype == IEEE80211_STYPE_QOS_DATA_CFACK) ||
1193 (frsubtype == IEEE80211_STYPE_QOS_DATA_CFPOLL) ||
1194 (frsubtype == IEEE80211_STYPE_QOS_DATA_CFACKPOLL)) {
1195 if (hdrlen != sizeof(struct ieee80211_qos_hdr))
1196 hdrlen += 2;
1197 qc_exists = 1;
1198 } else {
1199 qc_exists = 0;
1200 }
1201 } else {
1202 qc_exists = 0;
1203 }
1204 pn_vector[0]= pframe[hdrlen];
1205 pn_vector[1]= pframe[hdrlen+1];
1206 pn_vector[2]= pframe[hdrlen+4];
1207 pn_vector[3]= pframe[hdrlen+5];
1208 pn_vector[4]= pframe[hdrlen+6];
1209 pn_vector[5]= pframe[hdrlen+7];
1210
1211 construct_mic_iv(mic_iv, qc_exists, a4_exists, pframe, plen, pn_vector);
1212
1213 construct_mic_header1(mic_header1, hdrlen, pframe);
1214 construct_mic_header2(mic_header2, pframe, a4_exists, qc_exists);
1215
1216 payload_remainder = plen % 16;
1217 num_blocks = plen / 16;
1218
1219 /* Find start of payload */
1220 payload_index = (hdrlen + 8);
1221
1222 /* Calculate MIC */
1223 aes128k128d(key, mic_iv, aes_out);
1224 bitwise_xor(aes_out, mic_header1, chain_buffer);
1225 aes128k128d(key, chain_buffer, aes_out);
1226 bitwise_xor(aes_out, mic_header2, chain_buffer);
1227 aes128k128d(key, chain_buffer, aes_out);
1228
1229 for (i = 0; i < num_blocks; i++) {
1230 bitwise_xor(aes_out, &pframe[payload_index], chain_buffer);
1231
1232 payload_index += 16;
1233 aes128k128d(key, chain_buffer, aes_out);
1234 }
1235
1236 /* Add on the final payload block if it needs padding */
1237 if (payload_remainder > 0) {
1238 for (j = 0; j < 16; j++)
1239 padded_buffer[j] = 0x00;
1240 for (j = 0; j < payload_remainder; j++)
1241 padded_buffer[j] = pframe[payload_index++];
1242 bitwise_xor(aes_out, padded_buffer, chain_buffer);
1243 aes128k128d(key, chain_buffer, aes_out);
1244 }
1245
1246 for (j = 0; j < 8; j++)
1247 mic[j] = aes_out[j];
1248
1249 /* Insert MIC into payload */
1250 for (j = 0; j < 8; j++)
1251 pframe[payload_index+j] = mic[j];
1252
1253 payload_index = hdrlen + 8;
1254 for (i = 0; i < num_blocks; i++) {
1255 construct_ctr_preload(ctr_preload, a4_exists, qc_exists,
1256 pframe, pn_vector, i+1);
1257 aes128k128d(key, ctr_preload, aes_out);
1258 bitwise_xor(aes_out, &pframe[payload_index], chain_buffer);
1259 for (j = 0; j < 16; j++)
1260 pframe[payload_index++] = chain_buffer[j];
1261 }
1262
1263 if (payload_remainder > 0) {
1264 /* If there is a short final block, then pad it,
1265 * encrypt it and copy the unpadded part back
1266 */
1267 construct_ctr_preload(ctr_preload, a4_exists, qc_exists, pframe,
1268 pn_vector, num_blocks+1);
1269
1270 for (j = 0; j < 16; j++)
1271 padded_buffer[j] = 0x00;
1272 for (j = 0; j < payload_remainder; j++)
1273 padded_buffer[j] = pframe[payload_index+j];
1274 aes128k128d(key, ctr_preload, aes_out);
1275 bitwise_xor(aes_out, padded_buffer, chain_buffer);
1276 for (j = 0; j < payload_remainder;j++)
1277 pframe[payload_index++] = chain_buffer[j];
1278 }
1279
1280 /* Encrypt the MIC */
1281 construct_ctr_preload(ctr_preload, a4_exists, qc_exists, pframe,
1282 pn_vector, 0);
1283
1284 for (j = 0; j < 16; j++)
1285 padded_buffer[j] = 0x00;
1286 for (j = 0; j < 8; j++)
1287 padded_buffer[j] = pframe[j+hdrlen+8+plen];
1288
1289 aes128k128d(key, ctr_preload, aes_out);
1290 bitwise_xor(aes_out, padded_buffer, chain_buffer);
1291 for (j = 0; j < 8;j++)
1292 pframe[payload_index++] = chain_buffer[j];
1293
1294 return _SUCCESS;
1295 }
1296
rtw_aes_encrypt23a(struct rtw_adapter * padapter,struct xmit_frame * pxmitframe)1297 int rtw_aes_encrypt23a(struct rtw_adapter *padapter,
1298 struct xmit_frame *pxmitframe)
1299 { /* exclude ICV */
1300 /* Intermediate Buffers */
1301 int curfragnum, length;
1302 u32 prwskeylen;
1303 u8 *pframe, *prwskey; /* *payload,*iv */
1304 u8 hw_hdr_offset = 0;
1305 struct sta_info *stainfo;
1306 struct pkt_attrib *pattrib = &pxmitframe->attrib;
1307 struct security_priv *psecuritypriv = &padapter->securitypriv;
1308 struct xmit_priv *pxmitpriv = &padapter->xmitpriv;
1309 int res = _SUCCESS;
1310
1311 if (!pxmitframe->buf_addr)
1312 return _FAIL;
1313
1314 hw_hdr_offset = TXDESC_OFFSET;
1315
1316 pframe = pxmitframe->buf_addr + hw_hdr_offset;
1317
1318 /* 4 start to encrypt each fragment */
1319 if (pattrib->encrypt != WLAN_CIPHER_SUITE_CCMP)
1320 return _FAIL;
1321
1322 if (pattrib->psta) {
1323 stainfo = pattrib->psta;
1324 } else {
1325 DBG_8723A("%s, call rtw_get_stainfo23a()\n", __func__);
1326 stainfo = rtw_get_stainfo23a(&padapter->stapriv, &pattrib->ra[0]);
1327 }
1328
1329 if (!stainfo) {
1330 RT_TRACE(_module_rtl871x_security_c_, _drv_err_,
1331 ("rtw_aes_encrypt23a: stainfo == NULL!!!\n"));
1332 DBG_8723A("%s, psta == NUL\n", __func__);
1333 res = _FAIL;
1334 goto out;
1335 }
1336 if (!(stainfo->state &_FW_LINKED)) {
1337 DBG_8723A("%s, psta->state(0x%x) != _FW_LINKED\n",
1338 __func__, stainfo->state);
1339 return _FAIL;
1340 }
1341 RT_TRACE(_module_rtl871x_security_c_, _drv_err_,
1342 ("rtw_aes_encrypt23a: stainfo!= NULL!!!\n"));
1343
1344 if (is_multicast_ether_addr(pattrib->ra))
1345 prwskey = psecuritypriv->dot118021XGrpKey[psecuritypriv->dot118021XGrpKeyid].skey;
1346 else
1347 prwskey = &stainfo->dot118021x_UncstKey.skey[0];
1348
1349 prwskeylen = 16;
1350
1351 for (curfragnum = 0; curfragnum < pattrib->nr_frags; curfragnum++) {
1352 /* 4 the last fragment */
1353 if ((curfragnum + 1) == pattrib->nr_frags) {
1354 length = pattrib->last_txcmdsz -
1355 pattrib->hdrlen-pattrib->iv_len -
1356 pattrib->icv_len;
1357
1358 aes_cipher(prwskey, pattrib->hdrlen, pframe, length);
1359 } else {
1360 length = pxmitpriv->frag_len-pattrib->hdrlen -
1361 pattrib->iv_len - pattrib->icv_len;
1362
1363 aes_cipher(prwskey, pattrib->hdrlen, pframe, length);
1364 pframe += pxmitpriv->frag_len;
1365 pframe = PTR_ALIGN(pframe, 4);
1366 }
1367 }
1368 out:
1369 return res;
1370 }
1371
aes_decipher(u8 * key,uint hdrlen,u8 * pframe,uint plen)1372 static int aes_decipher(u8 *key, uint hdrlen,
1373 u8 *pframe, uint plen)
1374 {
1375 static u8 message[MAX_MSG_SIZE];
1376 uint qc_exists, a4_exists, i, j, payload_remainder,
1377 num_blocks, payload_index;
1378 int res = _SUCCESS;
1379 u8 pn_vector[6];
1380 u8 mic_iv[16];
1381 u8 mic_header1[16];
1382 u8 mic_header2[16];
1383 u8 ctr_preload[16];
1384 /* Intermediate Buffers */
1385 u8 chain_buffer[16];
1386 u8 aes_out[16];
1387 u8 padded_buffer[16];
1388 u8 mic[8];
1389 struct ieee80211_hdr *hdr = (struct ieee80211_hdr *)pframe;
1390 u16 frsubtype = le16_to_cpu(hdr->frame_control) & IEEE80211_FCTL_STYPE;
1391
1392 memset((void *)mic_iv, 0, 16);
1393 memset((void *)mic_header1, 0, 16);
1394 memset((void *)mic_header2, 0, 16);
1395 memset((void *)ctr_preload, 0, 16);
1396 memset((void *)chain_buffer, 0, 16);
1397 memset((void *)aes_out, 0, 16);
1398 memset((void *)padded_buffer, 0, 16);
1399
1400 /* start to decrypt the payload */
1401
1402 num_blocks = (plen-8) / 16; /* plen including llc, payload_length and mic) */
1403
1404 payload_remainder = (plen-8) % 16;
1405
1406 pn_vector[0] = pframe[hdrlen];
1407 pn_vector[1] = pframe[hdrlen+1];
1408 pn_vector[2] = pframe[hdrlen+4];
1409 pn_vector[3] = pframe[hdrlen+5];
1410 pn_vector[4] = pframe[hdrlen+6];
1411 pn_vector[5] = pframe[hdrlen+7];
1412
1413 if ((hdrlen == sizeof(struct ieee80211_hdr_3addr) ||
1414 (hdrlen == sizeof(struct ieee80211_qos_hdr))))
1415 a4_exists = 0;
1416 else
1417 a4_exists = 1;
1418
1419 if (ieee80211_is_data(hdr->frame_control)) {
1420 if ((frsubtype == IEEE80211_STYPE_DATA_CFACK) ||
1421 (frsubtype == IEEE80211_STYPE_DATA_CFPOLL) ||
1422 (frsubtype == IEEE80211_STYPE_DATA_CFACKPOLL)) {
1423 qc_exists = 1;
1424 if (hdrlen != sizeof(struct ieee80211_hdr_3addr))
1425 hdrlen += 2;
1426 } else if ((frsubtype == IEEE80211_STYPE_QOS_DATA) ||
1427 (frsubtype == IEEE80211_STYPE_QOS_DATA_CFACK) ||
1428 (frsubtype == IEEE80211_STYPE_QOS_DATA_CFPOLL) ||
1429 (frsubtype == IEEE80211_STYPE_QOS_DATA_CFACKPOLL)) {
1430 if (hdrlen != sizeof(struct ieee80211_hdr_3addr))
1431 hdrlen += 2;
1432 qc_exists = 1;
1433 } else {
1434 qc_exists = 0;
1435 }
1436 } else {
1437 qc_exists = 0;
1438 }
1439
1440 /* now, decrypt pframe with hdrlen offset and plen long */
1441
1442 payload_index = hdrlen + 8; /* 8 is for extiv */
1443
1444 for (i = 0; i < num_blocks; i++) {
1445 construct_ctr_preload(ctr_preload, a4_exists, qc_exists,
1446 pframe, pn_vector, i+1);
1447
1448 aes128k128d(key, ctr_preload, aes_out);
1449 bitwise_xor(aes_out, &pframe[payload_index], chain_buffer);
1450
1451 for (j = 0; j < 16; j++)
1452 pframe[payload_index++] = chain_buffer[j];
1453 }
1454
1455 if (payload_remainder > 0) {
1456 /* If there is a short final block, then pad it,
1457 * encrypt it and copy the unpadded part back
1458 */
1459 construct_ctr_preload(ctr_preload, a4_exists, qc_exists, pframe,
1460 pn_vector, num_blocks+1);
1461
1462 for (j = 0; j < 16; j++)
1463 padded_buffer[j] = 0x00;
1464 for (j = 0; j < payload_remainder; j++)
1465 padded_buffer[j] = pframe[payload_index+j];
1466 aes128k128d(key, ctr_preload, aes_out);
1467 bitwise_xor(aes_out, padded_buffer, chain_buffer);
1468 for (j = 0; j < payload_remainder; j++)
1469 pframe[payload_index++] = chain_buffer[j];
1470 }
1471
1472 /* start to calculate the mic */
1473 if ((hdrlen +plen+8) <= MAX_MSG_SIZE)
1474 memcpy(message, pframe, (hdrlen+plen+8)); /* 8 is for ext iv len */
1475
1476 pn_vector[0] = pframe[hdrlen];
1477 pn_vector[1] = pframe[hdrlen+1];
1478 pn_vector[2] = pframe[hdrlen+4];
1479 pn_vector[3] = pframe[hdrlen+5];
1480 pn_vector[4] = pframe[hdrlen+6];
1481 pn_vector[5] = pframe[hdrlen+7];
1482
1483 construct_mic_iv(mic_iv, qc_exists, a4_exists, message,
1484 plen-8, pn_vector);
1485
1486 construct_mic_header1(mic_header1, hdrlen, message);
1487 construct_mic_header2(mic_header2, message, a4_exists, qc_exists);
1488
1489 payload_remainder = (plen-8) % 16;
1490 num_blocks = (plen-8) / 16;
1491
1492 /* Find start of payload */
1493 payload_index = (hdrlen + 8);
1494
1495 /* Calculate MIC */
1496 aes128k128d(key, mic_iv, aes_out);
1497 bitwise_xor(aes_out, mic_header1, chain_buffer);
1498 aes128k128d(key, chain_buffer, aes_out);
1499 bitwise_xor(aes_out, mic_header2, chain_buffer);
1500 aes128k128d(key, chain_buffer, aes_out);
1501
1502 for (i = 0; i < num_blocks; i++) {
1503 bitwise_xor(aes_out, &message[payload_index], chain_buffer);
1504
1505 payload_index += 16;
1506 aes128k128d(key, chain_buffer, aes_out);
1507 }
1508
1509 /* Add on the final payload block if it needs padding */
1510 if (payload_remainder > 0) {
1511 for (j = 0; j < 16; j++)
1512 padded_buffer[j] = 0x00;
1513 for (j = 0; j < payload_remainder; j++)
1514 padded_buffer[j] = message[payload_index++];
1515 bitwise_xor(aes_out, padded_buffer, chain_buffer);
1516 aes128k128d(key, chain_buffer, aes_out);
1517 }
1518
1519 for (j = 0 ; j < 8; j++)
1520 mic[j] = aes_out[j];
1521
1522 /* Insert MIC into payload */
1523 for (j = 0; j < 8; j++)
1524 message[payload_index+j] = mic[j];
1525
1526 payload_index = hdrlen + 8;
1527 for (i = 0; i< num_blocks; i++) {
1528 construct_ctr_preload(ctr_preload, a4_exists, qc_exists,
1529 message, pn_vector, i+1);
1530 aes128k128d(key, ctr_preload, aes_out);
1531 bitwise_xor(aes_out, &message[payload_index], chain_buffer);
1532 for (j = 0; j < 16; j++)
1533 message[payload_index++] = chain_buffer[j];
1534 }
1535
1536 if (payload_remainder > 0) {
1537 /* If there is a short final block, then pad it,
1538 * encrypt it and copy the unpadded part back
1539 */
1540 construct_ctr_preload(ctr_preload, a4_exists, qc_exists,
1541 message, pn_vector, num_blocks+1);
1542
1543 for (j = 0; j < 16; j++)
1544 padded_buffer[j] = 0x00;
1545 for (j = 0; j < payload_remainder; j++)
1546 padded_buffer[j] = message[payload_index+j];
1547 aes128k128d(key, ctr_preload, aes_out);
1548 bitwise_xor(aes_out, padded_buffer, chain_buffer);
1549 for (j = 0; j < payload_remainder; j++)
1550 message[payload_index++] = chain_buffer[j];
1551 }
1552
1553 /* Encrypt the MIC */
1554 construct_ctr_preload(ctr_preload, a4_exists, qc_exists, message,
1555 pn_vector, 0);
1556
1557 for (j = 0; j < 16; j++)
1558 padded_buffer[j] = 0x00;
1559 for (j = 0; j < 8; j++)
1560 padded_buffer[j] = message[j+hdrlen+8+plen-8];
1561
1562 aes128k128d(key, ctr_preload, aes_out);
1563 bitwise_xor(aes_out, padded_buffer, chain_buffer);
1564 for (j = 0; j < 8; j++)
1565 message[payload_index++] = chain_buffer[j];
1566
1567 /* compare the mic */
1568 for (i = 0; i < 8; i++) {
1569 if (pframe[hdrlen+8+plen-8+i] != message[hdrlen+8+plen-8+i]) {
1570 RT_TRACE(_module_rtl871x_security_c_, _drv_err_,
1571 ("aes_decipher:mic check error mic[%d]: pframe(%x) != message(%x)\n",
1572 i, pframe[hdrlen+8+plen-8+i], message[hdrlen+8+plen-8+i]));
1573 DBG_8723A("aes_decipher:mic check error mic[%d]: pframe(%x) != message(%x)\n",
1574 i, pframe[hdrlen+8+plen-8+i], message[hdrlen+8+plen-8+i]);
1575 res = _FAIL;
1576 }
1577 }
1578 return res;
1579 }
1580
rtw_aes_decrypt23a(struct rtw_adapter * padapter,struct recv_frame * precvframe)1581 int rtw_aes_decrypt23a(struct rtw_adapter *padapter,
1582 struct recv_frame *precvframe)
1583 { /* exclude ICV */
1584 struct sta_info *stainfo;
1585 struct rx_pkt_attrib *prxattrib = &precvframe->attrib;
1586 struct security_priv *psecuritypriv = &padapter->securitypriv;
1587 struct sk_buff *skb = precvframe->pkt;
1588 int length;
1589 u8 *pframe, *prwskey; /* *payload,*iv */
1590 int res = _SUCCESS;
1591
1592 pframe = skb->data;
1593 /* 4 start to encrypt each fragment */
1594 if (prxattrib->encrypt != WLAN_CIPHER_SUITE_CCMP)
1595 return _FAIL;
1596
1597 stainfo = rtw_get_stainfo23a(&padapter->stapriv, &prxattrib->ta[0]);
1598 if (!stainfo) {
1599 RT_TRACE(_module_rtl871x_security_c_, _drv_err_,
1600 ("rtw_aes_encrypt23a: stainfo == NULL!!!\n"));
1601 res = _FAIL;
1602 goto exit;
1603 }
1604
1605 RT_TRACE(_module_rtl871x_security_c_, _drv_err_,
1606 ("rtw_aes_decrypt23a: stainfo!= NULL!!!\n"));
1607
1608 if (is_multicast_ether_addr(prxattrib->ra)) {
1609 /* in concurrent we should use sw decrypt in group key,
1610 so we remove this message */
1611 if (!psecuritypriv->binstallGrpkey) {
1612 res = _FAIL;
1613 DBG_8723A("%s:rx bc/mc packets, but didn't install "
1614 "group key!!!!!!!!!!\n", __func__);
1615 goto exit;
1616 }
1617 prwskey = psecuritypriv->dot118021XGrpKey[prxattrib->key_index].skey;
1618 if (psecuritypriv->dot118021XGrpKeyid != prxattrib->key_index) {
1619 DBG_8723A("not match packet_index =%d, install_index ="
1620 "%d\n", prxattrib->key_index,
1621 psecuritypriv->dot118021XGrpKeyid);
1622 res = _FAIL;
1623 goto exit;
1624 }
1625 } else {
1626 prwskey = &stainfo->dot118021x_UncstKey.skey[0];
1627 }
1628
1629 length = skb->len - prxattrib->hdrlen - prxattrib->iv_len;
1630
1631 res = aes_decipher(prwskey, prxattrib->hdrlen, pframe, length);
1632 exit:
1633 return res;
1634 }
1635
rtw_use_tkipkey_handler23a(void * FunctionContext)1636 void rtw_use_tkipkey_handler23a(void *FunctionContext)
1637 {
1638 struct rtw_adapter *padapter = (struct rtw_adapter *)FunctionContext;
1639
1640 RT_TRACE(_module_rtl871x_security_c_, _drv_err_, ("^^^rtw_use_tkipkey_handler23a ^^^\n"));
1641 padapter->securitypriv.busetkipkey = 1;
1642 RT_TRACE(_module_rtl871x_security_c_, _drv_err_,
1643 ("^^^rtw_use_tkipkey_handler23a padapter->securitypriv.busetkipkey =%d^^^\n",
1644 padapter->securitypriv.busetkipkey));
1645 }
1646