1 // SPDX-License-Identifier: GPL-2.0
2 /* Copyright(c) 2007 - 2011 Realtek Corporation. */
3
4 #define _RTW_SECURITY_C_
5
6 #include "../include/osdep_service.h"
7 #include "../include/drv_types.h"
8 #include "../include/wifi.h"
9 #include "../include/osdep_intf.h"
10
11 /* WEP related ===== */
12
13 #define CRC32_POLY 0x04c11db7
14
15 struct arc4context {
16 u32 x;
17 u32 y;
18 u8 state[256];
19 };
20
arcfour_init(struct arc4context * parc4ctx,u8 * key,u32 key_len)21 static void arcfour_init(struct arc4context *parc4ctx, u8 *key, u32 key_len)
22 {
23 u32 t, u;
24 u32 keyindex;
25 u32 stateindex;
26 u8 *state;
27 u32 counter;
28
29 state = parc4ctx->state;
30 parc4ctx->x = 0;
31 parc4ctx->y = 0;
32 for (counter = 0; counter < 256; counter++)
33 state[counter] = (u8)counter;
34 keyindex = 0;
35 stateindex = 0;
36 for (counter = 0; counter < 256; counter++) {
37 t = state[counter];
38 stateindex = (stateindex + key[keyindex] + t) & 0xff;
39 u = state[stateindex];
40 state[stateindex] = (u8)t;
41 state[counter] = (u8)u;
42 if (++keyindex >= key_len)
43 keyindex = 0;
44 }
45
46 }
47
arcfour_byte(struct arc4context * parc4ctx)48 static u32 arcfour_byte(struct arc4context *parc4ctx)
49 {
50 u32 x;
51 u32 y;
52 u32 sx, sy;
53 u8 *state;
54
55 state = parc4ctx->state;
56 x = (parc4ctx->x + 1) & 0xff;
57 sx = state[x];
58 y = (sx + parc4ctx->y) & 0xff;
59 sy = state[y];
60 parc4ctx->x = x;
61 parc4ctx->y = y;
62 state[y] = (u8)sx;
63 state[x] = (u8)sy;
64
65 return state[(sx + sy) & 0xff];
66 }
67
arcfour_encrypt(struct arc4context * parc4ctx,u8 * dest,u8 * src,u32 len)68 static void arcfour_encrypt(struct arc4context *parc4ctx, u8 *dest, u8 *src, u32 len)
69 {
70 u32 i;
71
72 for (i = 0; i < len; i++)
73 dest[i] = src[i] ^ (unsigned char)arcfour_byte(parc4ctx);
74
75 }
76
77 /*
78 Need to consider the fragment situation
79 */
rtw_wep_encrypt(struct adapter * padapter,u8 * pxmitframe)80 void rtw_wep_encrypt(struct adapter *padapter, u8 *pxmitframe)
81 { /* exclude ICV */
82 union {
83 __le32 f0;
84 u8 f1[4];
85 } crc;
86 struct arc4context mycontext;
87
88 int curfragnum, length;
89 u32 keylength;
90
91 u8 *pframe, *payload, *iv; /* wepkey */
92 u8 wepkey[16];
93 u8 hw_hdr_offset = 0;
94 struct pkt_attrib *pattrib = &((struct xmit_frame *)pxmitframe)->attrib;
95 struct security_priv *psecuritypriv = &padapter->securitypriv;
96 struct xmit_priv *pxmitpriv = &padapter->xmitpriv;
97
98 if (!((struct xmit_frame *)pxmitframe)->buf_addr)
99 return;
100
101 hw_hdr_offset = TXDESC_SIZE +
102 (((struct xmit_frame *)pxmitframe)->pkt_offset * PACKET_OFFSET_SZ);
103
104 pframe = ((struct xmit_frame *)pxmitframe)->buf_addr + hw_hdr_offset;
105
106 /* start to encrypt each fragment */
107 if ((pattrib->encrypt == _WEP40_) || (pattrib->encrypt == _WEP104_)) {
108 keylength = psecuritypriv->dot11DefKeylen[psecuritypriv->dot11PrivacyKeyIndex];
109
110 for (curfragnum = 0; curfragnum < pattrib->nr_frags; curfragnum++) {
111 iv = pframe + pattrib->hdrlen;
112 memcpy(&wepkey[0], iv, 3);
113 memcpy(&wepkey[3], &psecuritypriv->dot11DefKey[psecuritypriv->dot11PrivacyKeyIndex].skey[0], keylength);
114 payload = pframe + pattrib->iv_len + pattrib->hdrlen;
115
116 if ((curfragnum + 1) == pattrib->nr_frags) { /* the last fragment */
117 length = pattrib->last_txcmdsz - pattrib->hdrlen - pattrib->iv_len - pattrib->icv_len;
118
119 crc.f0 = cpu_to_le32(~crc32_le(~0, payload, length));
120
121 arcfour_init(&mycontext, wepkey, 3 + keylength);
122 arcfour_encrypt(&mycontext, payload, payload, length);
123 arcfour_encrypt(&mycontext, payload + length, crc.f1, 4);
124 } else {
125 length = pxmitpriv->frag_len - pattrib->hdrlen - pattrib->iv_len - pattrib->icv_len;
126 crc.f0 = cpu_to_le32(~crc32_le(~0, payload, length));
127 arcfour_init(&mycontext, wepkey, 3 + keylength);
128 arcfour_encrypt(&mycontext, payload, payload, length);
129 arcfour_encrypt(&mycontext, payload + length, crc.f1, 4);
130
131 pframe += pxmitpriv->frag_len;
132 pframe = (u8 *)RND4((size_t)(pframe));
133 }
134 }
135 }
136
137 }
138
rtw_wep_decrypt(struct adapter * padapter,u8 * precvframe)139 void rtw_wep_decrypt(struct adapter *padapter, u8 *precvframe)
140 {
141 /* exclude ICV */
142 struct arc4context mycontext;
143 int length;
144 u32 keylength;
145 u8 *pframe, *payload, *iv, wepkey[16];
146 u8 keyindex;
147 struct rx_pkt_attrib *prxattrib = &(((struct recv_frame *)precvframe)->attrib);
148 struct security_priv *psecuritypriv = &padapter->securitypriv;
149
150 pframe = (unsigned char *)((struct recv_frame *)precvframe)->rx_data;
151
152 /* start to decrypt recvframe */
153 if ((prxattrib->encrypt == _WEP40_) || (prxattrib->encrypt == _WEP104_)) {
154 iv = pframe + prxattrib->hdrlen;
155 keyindex = prxattrib->key_index;
156 keylength = psecuritypriv->dot11DefKeylen[keyindex];
157 memcpy(&wepkey[0], iv, 3);
158 memcpy(&wepkey[3], &psecuritypriv->dot11DefKey[keyindex].skey[0], keylength);
159 length = ((struct recv_frame *)precvframe)->len - prxattrib->hdrlen - prxattrib->iv_len;
160
161 payload = pframe + prxattrib->iv_len + prxattrib->hdrlen;
162
163 /* decrypt payload include icv */
164 arcfour_init(&mycontext, wepkey, 3 + keylength);
165 arcfour_encrypt(&mycontext, payload, payload, length);
166 }
167 }
168
169 /* 3 ===== TKIP related ===== */
170
secmicgetuint32(u8 * p)171 static u32 secmicgetuint32(u8 *p)
172 /* Convert from Byte[] to Us3232 in a portable way */
173 {
174 s32 i;
175 u32 res = 0;
176
177 for (i = 0; i < 4; i++)
178 res |= ((u32)(*p++)) << (8 * i);
179
180 return res;
181 }
182
secmicputuint32(u8 * p,u32 val)183 static void secmicputuint32(u8 *p, u32 val)
184 /* Convert from Us3232 to Byte[] in a portable way */
185 {
186 long i;
187
188 for (i = 0; i < 4; i++) {
189 *p++ = (u8)(val & 0xff);
190 val >>= 8;
191 }
192
193 }
194
secmicclear(struct mic_data * pmicdata)195 static void secmicclear(struct mic_data *pmicdata)
196 {
197 /* Reset the state to the empty message. */
198
199 pmicdata->L = pmicdata->K0;
200 pmicdata->R = pmicdata->K1;
201 pmicdata->nBytesInM = 0;
202 pmicdata->M = 0;
203
204 }
205
rtw_secmicsetkey(struct mic_data * pmicdata,u8 * key)206 void rtw_secmicsetkey(struct mic_data *pmicdata, u8 *key)
207 {
208 /* Set the key */
209
210 pmicdata->K0 = secmicgetuint32(key);
211 pmicdata->K1 = secmicgetuint32(key + 4);
212 /* and reset the message */
213 secmicclear(pmicdata);
214
215 }
216
rtw_secmicappendbyte(struct mic_data * pmicdata,u8 b)217 void rtw_secmicappendbyte(struct mic_data *pmicdata, u8 b)
218 {
219
220 /* Append the byte to our word-sized buffer */
221 pmicdata->M |= ((unsigned long)b) << (8 * pmicdata->nBytesInM);
222 pmicdata->nBytesInM++;
223 /* Process the word if it is full. */
224 if (pmicdata->nBytesInM >= 4) {
225 pmicdata->L ^= pmicdata->M;
226 pmicdata->R ^= ROL32(pmicdata->L, 17);
227 pmicdata->L += pmicdata->R;
228 pmicdata->R ^= ((pmicdata->L & 0xff00ff00) >> 8) | ((pmicdata->L & 0x00ff00ff) << 8);
229 pmicdata->L += pmicdata->R;
230 pmicdata->R ^= ROL32(pmicdata->L, 3);
231 pmicdata->L += pmicdata->R;
232 pmicdata->R ^= ROR32(pmicdata->L, 2);
233 pmicdata->L += pmicdata->R;
234 /* Clear the buffer */
235 pmicdata->M = 0;
236 pmicdata->nBytesInM = 0;
237 }
238
239 }
240
rtw_secmicappend(struct mic_data * pmicdata,u8 * src,u32 nbytes)241 void rtw_secmicappend(struct mic_data *pmicdata, u8 *src, u32 nbytes)
242 {
243
244 /* This is simple */
245 while (nbytes > 0) {
246 rtw_secmicappendbyte(pmicdata, *src++);
247 nbytes--;
248 }
249
250 }
251
rtw_secgetmic(struct mic_data * pmicdata,u8 * dst)252 void rtw_secgetmic(struct mic_data *pmicdata, u8 *dst)
253 {
254
255 /* Append the minimum padding */
256 rtw_secmicappendbyte(pmicdata, 0x5a);
257 rtw_secmicappendbyte(pmicdata, 0);
258 rtw_secmicappendbyte(pmicdata, 0);
259 rtw_secmicappendbyte(pmicdata, 0);
260 rtw_secmicappendbyte(pmicdata, 0);
261 /* and then zeroes until the length is a multiple of 4 */
262 while (pmicdata->nBytesInM != 0)
263 rtw_secmicappendbyte(pmicdata, 0);
264 /* The appendByte function has already computed the result. */
265 secmicputuint32(dst, pmicdata->L);
266 secmicputuint32(dst + 4, pmicdata->R);
267 /* Reset to the empty message. */
268 secmicclear(pmicdata);
269
270 }
271
rtw_seccalctkipmic(u8 * key,u8 * header,u8 * data,u32 data_len,u8 * mic_code,u8 pri)272 void rtw_seccalctkipmic(u8 *key, u8 *header, u8 *data, u32 data_len, u8 *mic_code, u8 pri)
273 {
274 struct mic_data micdata;
275 u8 priority[4] = {0x0, 0x0, 0x0, 0x0};
276
277 rtw_secmicsetkey(&micdata, key);
278 priority[0] = pri;
279
280 /* Michael MIC pseudo header: DA, SA, 3 x 0, Priority */
281 if (header[1] & 1) { /* ToDS == 1 */
282 rtw_secmicappend(&micdata, &header[16], 6); /* DA */
283 if (header[1] & 2) /* From Ds == 1 */
284 rtw_secmicappend(&micdata, &header[24], 6);
285 else
286 rtw_secmicappend(&micdata, &header[10], 6);
287 } else { /* ToDS == 0 */
288 rtw_secmicappend(&micdata, &header[4], 6); /* DA */
289 if (header[1] & 2) /* From Ds == 1 */
290 rtw_secmicappend(&micdata, &header[16], 6);
291 else
292 rtw_secmicappend(&micdata, &header[10], 6);
293 }
294 rtw_secmicappend(&micdata, &priority[0], 4);
295
296 rtw_secmicappend(&micdata, data, data_len);
297
298 rtw_secgetmic(&micdata, mic_code);
299
300 }
301
302 /* macros for extraction/creation of unsigned char/unsigned short values */
303 #define RotR1(v16) ((((v16) >> 1) & 0x7FFF) ^ (((v16) & 1) << 15))
304 #define Lo8(v16) ((u8)((v16) & 0x00FF))
305 #define Hi8(v16) ((u8)(((v16) >> 8) & 0x00FF))
306 #define Lo16(v32) ((u16)((v32) & 0xFFFF))
307 #define Hi16(v32) ((u16)(((v32) >> 16) & 0xFFFF))
308 #define Mk16(hi, lo) ((lo) ^ (((u16)(hi)) << 8))
309
310 /* select the Nth 16-bit word of the temporal key unsigned char array TK[] */
311 #define TK16(N) Mk16(tk[2 * (N) + 1], tk[2 * (N)])
312
313 /* S-box lookup: 16 bits --> 16 bits */
314 #define _S_(v16) (Sbox1[0][Lo8(v16)] ^ Sbox1[1][Hi8(v16)])
315
316 /* fixed algorithm "parameters" */
317 #define PHASE1_LOOP_CNT 8 /* this needs to be "big enough" */
318 #define TA_SIZE 6 /* 48-bit transmitter address */
319 #define TK_SIZE 16 /* 128-bit temporal key */
320 #define P1K_SIZE 10 /* 80-bit Phase1 key */
321 #define RC4_KEY_SIZE 16 /* 128-bit RC4KEY (104 bits unknown) */
322
323 /* 2-unsigned char by 2-unsigned char subset of the full AES S-box table */
324 static const unsigned short Sbox1[2][256] = { /* Sbox for hash (can be in ROM) */
325 {
326 0xC6A5, 0xF884, 0xEE99, 0xF68D, 0xFF0D, 0xD6BD, 0xDEB1, 0x9154,
327 0x6050, 0x0203, 0xCEA9, 0x567D, 0xE719, 0xB562, 0x4DE6, 0xEC9A,
328 0x8F45, 0x1F9D, 0x8940, 0xFA87, 0xEF15, 0xB2EB, 0x8EC9, 0xFB0B,
329 0x41EC, 0xB367, 0x5FFD, 0x45EA, 0x23BF, 0x53F7, 0xE496, 0x9B5B,
330 0x75C2, 0xE11C, 0x3DAE, 0x4C6A, 0x6C5A, 0x7E41, 0xF502, 0x834F,
331 0x685C, 0x51F4, 0xD134, 0xF908, 0xE293, 0xAB73, 0x6253, 0x2A3F,
332 0x080C, 0x9552, 0x4665, 0x9D5E, 0x3028, 0x37A1, 0x0A0F, 0x2FB5,
333 0x0E09, 0x2436, 0x1B9B, 0xDF3D, 0xCD26, 0x4E69, 0x7FCD, 0xEA9F,
334 0x121B, 0x1D9E, 0x5874, 0x342E, 0x362D, 0xDCB2, 0xB4EE, 0x5BFB,
335 0xA4F6, 0x764D, 0xB761, 0x7DCE, 0x527B, 0xDD3E, 0x5E71, 0x1397,
336 0xA6F5, 0xB968, 0x0000, 0xC12C, 0x4060, 0xE31F, 0x79C8, 0xB6ED,
337 0xD4BE, 0x8D46, 0x67D9, 0x724B, 0x94DE, 0x98D4, 0xB0E8, 0x854A,
338 0xBB6B, 0xC52A, 0x4FE5, 0xED16, 0x86C5, 0x9AD7, 0x6655, 0x1194,
339 0x8ACF, 0xE910, 0x0406, 0xFE81, 0xA0F0, 0x7844, 0x25BA, 0x4BE3,
340 0xA2F3, 0x5DFE, 0x80C0, 0x058A, 0x3FAD, 0x21BC, 0x7048, 0xF104,
341 0x63DF, 0x77C1, 0xAF75, 0x4263, 0x2030, 0xE51A, 0xFD0E, 0xBF6D,
342 0x814C, 0x1814, 0x2635, 0xC32F, 0xBEE1, 0x35A2, 0x88CC, 0x2E39,
343 0x9357, 0x55F2, 0xFC82, 0x7A47, 0xC8AC, 0xBAE7, 0x322B, 0xE695,
344 0xC0A0, 0x1998, 0x9ED1, 0xA37F, 0x4466, 0x547E, 0x3BAB, 0x0B83,
345 0x8CCA, 0xC729, 0x6BD3, 0x283C, 0xA779, 0xBCE2, 0x161D, 0xAD76,
346 0xDB3B, 0x6456, 0x744E, 0x141E, 0x92DB, 0x0C0A, 0x486C, 0xB8E4,
347 0x9F5D, 0xBD6E, 0x43EF, 0xC4A6, 0x39A8, 0x31A4, 0xD337, 0xF28B,
348 0xD532, 0x8B43, 0x6E59, 0xDAB7, 0x018C, 0xB164, 0x9CD2, 0x49E0,
349 0xD8B4, 0xACFA, 0xF307, 0xCF25, 0xCAAF, 0xF48E, 0x47E9, 0x1018,
350 0x6FD5, 0xF088, 0x4A6F, 0x5C72, 0x3824, 0x57F1, 0x73C7, 0x9751,
351 0xCB23, 0xA17C, 0xE89C, 0x3E21, 0x96DD, 0x61DC, 0x0D86, 0x0F85,
352 0xE090, 0x7C42, 0x71C4, 0xCCAA, 0x90D8, 0x0605, 0xF701, 0x1C12,
353 0xC2A3, 0x6A5F, 0xAEF9, 0x69D0, 0x1791, 0x9958, 0x3A27, 0x27B9,
354 0xD938, 0xEB13, 0x2BB3, 0x2233, 0xD2BB, 0xA970, 0x0789, 0x33A7,
355 0x2DB6, 0x3C22, 0x1592, 0xC920, 0x8749, 0xAAFF, 0x5078, 0xA57A,
356 0x038F, 0x59F8, 0x0980, 0x1A17, 0x65DA, 0xD731, 0x84C6, 0xD0B8,
357 0x82C3, 0x29B0, 0x5A77, 0x1E11, 0x7BCB, 0xA8FC, 0x6DD6, 0x2C3A,
358 },
359
360 { /* second half of table is unsigned char-reversed version of first! */
361 0xA5C6, 0x84F8, 0x99EE, 0x8DF6, 0x0DFF, 0xBDD6, 0xB1DE, 0x5491,
362 0x5060, 0x0302, 0xA9CE, 0x7D56, 0x19E7, 0x62B5, 0xE64D, 0x9AEC,
363 0x458F, 0x9D1F, 0x4089, 0x87FA, 0x15EF, 0xEBB2, 0xC98E, 0x0BFB,
364 0xEC41, 0x67B3, 0xFD5F, 0xEA45, 0xBF23, 0xF753, 0x96E4, 0x5B9B,
365 0xC275, 0x1CE1, 0xAE3D, 0x6A4C, 0x5A6C, 0x417E, 0x02F5, 0x4F83,
366 0x5C68, 0xF451, 0x34D1, 0x08F9, 0x93E2, 0x73AB, 0x5362, 0x3F2A,
367 0x0C08, 0x5295, 0x6546, 0x5E9D, 0x2830, 0xA137, 0x0F0A, 0xB52F,
368 0x090E, 0x3624, 0x9B1B, 0x3DDF, 0x26CD, 0x694E, 0xCD7F, 0x9FEA,
369 0x1B12, 0x9E1D, 0x7458, 0x2E34, 0x2D36, 0xB2DC, 0xEEB4, 0xFB5B,
370 0xF6A4, 0x4D76, 0x61B7, 0xCE7D, 0x7B52, 0x3EDD, 0x715E, 0x9713,
371 0xF5A6, 0x68B9, 0x0000, 0x2CC1, 0x6040, 0x1FE3, 0xC879, 0xEDB6,
372 0xBED4, 0x468D, 0xD967, 0x4B72, 0xDE94, 0xD498, 0xE8B0, 0x4A85,
373 0x6BBB, 0x2AC5, 0xE54F, 0x16ED, 0xC586, 0xD79A, 0x5566, 0x9411,
374 0xCF8A, 0x10E9, 0x0604, 0x81FE, 0xF0A0, 0x4478, 0xBA25, 0xE34B,
375 0xF3A2, 0xFE5D, 0xC080, 0x8A05, 0xAD3F, 0xBC21, 0x4870, 0x04F1,
376 0xDF63, 0xC177, 0x75AF, 0x6342, 0x3020, 0x1AE5, 0x0EFD, 0x6DBF,
377 0x4C81, 0x1418, 0x3526, 0x2FC3, 0xE1BE, 0xA235, 0xCC88, 0x392E,
378 0x5793, 0xF255, 0x82FC, 0x477A, 0xACC8, 0xE7BA, 0x2B32, 0x95E6,
379 0xA0C0, 0x9819, 0xD19E, 0x7FA3, 0x6644, 0x7E54, 0xAB3B, 0x830B,
380 0xCA8C, 0x29C7, 0xD36B, 0x3C28, 0x79A7, 0xE2BC, 0x1D16, 0x76AD,
381 0x3BDB, 0x5664, 0x4E74, 0x1E14, 0xDB92, 0x0A0C, 0x6C48, 0xE4B8,
382 0x5D9F, 0x6EBD, 0xEF43, 0xA6C4, 0xA839, 0xA431, 0x37D3, 0x8BF2,
383 0x32D5, 0x438B, 0x596E, 0xB7DA, 0x8C01, 0x64B1, 0xD29C, 0xE049,
384 0xB4D8, 0xFAAC, 0x07F3, 0x25CF, 0xAFCA, 0x8EF4, 0xE947, 0x1810,
385 0xD56F, 0x88F0, 0x6F4A, 0x725C, 0x2438, 0xF157, 0xC773, 0x5197,
386 0x23CB, 0x7CA1, 0x9CE8, 0x213E, 0xDD96, 0xDC61, 0x860D, 0x850F,
387 0x90E0, 0x427C, 0xC471, 0xAACC, 0xD890, 0x0506, 0x01F7, 0x121C,
388 0xA3C2, 0x5F6A, 0xF9AE, 0xD069, 0x9117, 0x5899, 0x273A, 0xB927,
389 0x38D9, 0x13EB, 0xB32B, 0x3322, 0xBBD2, 0x70A9, 0x8907, 0xA733,
390 0xB62D, 0x223C, 0x9215, 0x20C9, 0x4987, 0xFFAA, 0x7850, 0x7AA5,
391 0x8F03, 0xF859, 0x8009, 0x171A, 0xDA65, 0x31D7, 0xC684, 0xB8D0,
392 0xC382, 0xB029, 0x775A, 0x111E, 0xCB7B, 0xFCA8, 0xD66D, 0x3A2C,
393 }
394 };
395
396 /*
397 **********************************************************************
398 * Routine: Phase 1 -- generate P1K, given TA, TK, IV32
399 *
400 * Inputs:
401 * tk[] = temporal key [128 bits]
402 * ta[] = transmitter's MAC address [ 48 bits]
403 * iv32 = upper 32 bits of IV [ 32 bits]
404 * Output:
405 * p1k[] = Phase 1 key [ 80 bits]
406 *
407 * Note:
408 * This function only needs to be called every 2**16 packets,
409 * although in theory it could be called every packet.
410 *
411 **********************************************************************
412 */
phase1(u16 * p1k,const u8 * tk,const u8 * ta,u32 iv32)413 static void phase1(u16 *p1k, const u8 *tk, const u8 *ta, u32 iv32)
414 {
415 int i;
416
417 /* Initialize the 80 bits of P1K[] from IV32 and TA[0..5] */
418 p1k[0] = Lo16(iv32);
419 p1k[1] = Hi16(iv32);
420 p1k[2] = Mk16(ta[1], ta[0]); /* use TA[] as little-endian */
421 p1k[3] = Mk16(ta[3], ta[2]);
422 p1k[4] = Mk16(ta[5], ta[4]);
423
424 /* Now compute an unbalanced Feistel cipher with 80-bit block */
425 /* size on the 80-bit block P1K[], using the 128-bit key TK[] */
426 for (i = 0; i < PHASE1_LOOP_CNT; i++) { /* Each add operation here is mod 2**16 */
427 p1k[0] += _S_(p1k[4] ^ TK16((i & 1) + 0));
428 p1k[1] += _S_(p1k[0] ^ TK16((i & 1) + 2));
429 p1k[2] += _S_(p1k[1] ^ TK16((i & 1) + 4));
430 p1k[3] += _S_(p1k[2] ^ TK16((i & 1) + 6));
431 p1k[4] += _S_(p1k[3] ^ TK16((i & 1) + 0));
432 p1k[4] += (unsigned short)i; /* avoid "slide attacks" */
433 }
434
435 }
436
437 /*
438 **********************************************************************
439 * Routine: Phase 2 -- generate RC4KEY, given TK, P1K, IV16
440 *
441 * Inputs:
442 * tk[] = Temporal key [128 bits]
443 * p1k[] = Phase 1 output key [ 80 bits]
444 * iv16 = low 16 bits of IV counter [ 16 bits]
445 * Output:
446 * rc4key[] = the key used to encrypt the packet [128 bits]
447 *
448 * Note:
449 * The value {TA, IV32, IV16} for Phase1/Phase2 must be unique
450 * across all packets using the same key TK value. Then, for a
451 * given value of TK[], this TKIP48 construction guarantees that
452 * the final RC4KEY value is unique across all packets.
453 *
454 * Suggested implementation optimization: if PPK[] is "overlaid"
455 * appropriately on RC4KEY[], there is no need for the final
456 * for loop below that copies the PPK[] result into RC4KEY[].
457 *
458 **********************************************************************
459 */
phase2(u8 * rc4key,const u8 * tk,const u16 * p1k,u16 iv16)460 static void phase2(u8 *rc4key, const u8 *tk, const u16 *p1k, u16 iv16)
461 {
462 int i;
463 u16 PPK[6]; /* temporary key for mixing */
464
465 /* Note: all adds in the PPK[] equations below are mod 2**16 */
466 for (i = 0; i < 5; i++)
467 PPK[i] = p1k[i]; /* first, copy P1K to PPK */
468 PPK[5] = p1k[4] + iv16; /* next, add in IV16 */
469
470 /* Bijective non-linear mixing of the 96 bits of PPK[0..5] */
471 PPK[0] += _S_(PPK[5] ^ TK16(0)); /* Mix key in each "round" */
472 PPK[1] += _S_(PPK[0] ^ TK16(1));
473 PPK[2] += _S_(PPK[1] ^ TK16(2));
474 PPK[3] += _S_(PPK[2] ^ TK16(3));
475 PPK[4] += _S_(PPK[3] ^ TK16(4));
476 PPK[5] += _S_(PPK[4] ^ TK16(5)); /* Total # S-box lookups == 6 */
477
478 /* Final sweep: bijective, "linear". Rotates kill LSB correlations */
479 PPK[0] += RotR1(PPK[5] ^ TK16(6));
480 PPK[1] += RotR1(PPK[0] ^ TK16(7)); /* Use all of TK[] in Phase2 */
481 PPK[2] += RotR1(PPK[1]);
482 PPK[3] += RotR1(PPK[2]);
483 PPK[4] += RotR1(PPK[3]);
484 PPK[5] += RotR1(PPK[4]);
485 /* Note: At this point, for a given key TK[0..15], the 96-bit output */
486 /* value PPK[0..5] is guaranteed to be unique, as a function */
487 /* of the 96-bit "input" value {TA, IV32, IV16}. That is, P1K */
488 /* is now a keyed permutation of {TA, IV32, IV16}. */
489
490 /* Set RC4KEY[0..3], which includes "cleartext" portion of RC4 key */
491 rc4key[0] = Hi8(iv16); /* RC4KEY[0..2] is the WEP IV */
492 rc4key[1] = (Hi8(iv16) | 0x20) & 0x7F; /* Help avoid weak (FMS) keys */
493 rc4key[2] = Lo8(iv16);
494 rc4key[3] = Lo8((PPK[5] ^ TK16(0)) >> 1);
495
496 /* Copy 96 bits of PPK[0..5] to RC4KEY[4..15] (little-endian) */
497 for (i = 0; i < 6; i++) {
498 rc4key[4 + 2 * i] = Lo8(PPK[i]);
499 rc4key[5 + 2 * i] = Hi8(PPK[i]);
500 }
501
502 }
503
504 /* The hlen isn't include the IV */
rtw_tkip_encrypt(struct adapter * padapter,u8 * pxmitframe)505 u32 rtw_tkip_encrypt(struct adapter *padapter, u8 *pxmitframe)
506 { /* exclude ICV */
507 u16 pnl;
508 u32 pnh;
509 u8 rc4key[16];
510 u8 ttkey[16];
511 union {
512 __le32 f0;
513 u8 f1[4];
514 } crc;
515 u8 hw_hdr_offset = 0;
516 struct arc4context mycontext;
517 int curfragnum, length;
518
519 u8 *pframe, *payload, *iv, *prwskey;
520 union pn48 dot11txpn;
521 struct sta_info *stainfo;
522 struct pkt_attrib *pattrib = &((struct xmit_frame *)pxmitframe)->attrib;
523 struct security_priv *psecuritypriv = &padapter->securitypriv;
524 struct xmit_priv *pxmitpriv = &padapter->xmitpriv;
525 u32 res = _SUCCESS;
526
527 if (!((struct xmit_frame *)pxmitframe)->buf_addr)
528 return _FAIL;
529
530 hw_hdr_offset = TXDESC_SIZE +
531 (((struct xmit_frame *)pxmitframe)->pkt_offset * PACKET_OFFSET_SZ);
532 pframe = ((struct xmit_frame *)pxmitframe)->buf_addr + hw_hdr_offset;
533 /* 4 start to encrypt each fragment */
534 if (pattrib->encrypt == _TKIP_) {
535 if (pattrib->psta)
536 stainfo = pattrib->psta;
537 else
538 stainfo = rtw_get_stainfo(&padapter->stapriv, &pattrib->ra[0]);
539
540 if (stainfo) {
541 if (is_multicast_ether_addr(pattrib->ra))
542 prwskey = psecuritypriv->dot118021XGrpKey[psecuritypriv->dot118021XGrpKeyid].skey;
543 else
544 prwskey = &stainfo->dot118021x_UncstKey.skey[0];
545
546 for (curfragnum = 0; curfragnum < pattrib->nr_frags; curfragnum++) {
547 iv = pframe + pattrib->hdrlen;
548 payload = pframe + pattrib->iv_len + pattrib->hdrlen;
549
550 GET_TKIP_PN(iv, dot11txpn);
551
552 pnl = (u16)(dot11txpn.val);
553 pnh = (u32)(dot11txpn.val >> 16);
554 phase1((u16 *)&ttkey[0], prwskey, &pattrib->ta[0], pnh);
555 phase2(&rc4key[0], prwskey, (u16 *)&ttkey[0], pnl);
556
557 if ((curfragnum + 1) == pattrib->nr_frags) { /* 4 the last fragment */
558 length = pattrib->last_txcmdsz - pattrib->hdrlen - pattrib->iv_len - pattrib->icv_len;
559 crc.f0 = cpu_to_le32(~crc32_le(~0, payload, length));
560
561 arcfour_init(&mycontext, rc4key, 16);
562 arcfour_encrypt(&mycontext, payload, payload, length);
563 arcfour_encrypt(&mycontext, payload + length, crc.f1, 4);
564 } else {
565 length = pxmitpriv->frag_len - pattrib->hdrlen - pattrib->iv_len - pattrib->icv_len;
566 crc.f0 = cpu_to_le32(~crc32_le(~0, payload, length));
567
568 arcfour_init(&mycontext, rc4key, 16);
569 arcfour_encrypt(&mycontext, payload, payload, length);
570 arcfour_encrypt(&mycontext, payload + length, crc.f1, 4);
571
572 pframe += pxmitpriv->frag_len;
573 pframe = (u8 *)RND4((size_t)(pframe));
574 }
575 }
576 } else {
577 res = _FAIL;
578 }
579 }
580
581 return res;
582 }
583
584 /* The hlen isn't include the IV */
rtw_tkip_decrypt(struct adapter * padapter,u8 * precvframe)585 u32 rtw_tkip_decrypt(struct adapter *padapter, u8 *precvframe)
586 { /* exclude ICV */
587 u16 pnl;
588 u32 pnh;
589 u8 rc4key[16];
590 u8 ttkey[16];
591 union {
592 __le32 f0;
593 u8 f1[4];
594 } crc;
595 struct arc4context mycontext;
596 int length;
597
598 u8 *pframe, *payload, *iv, *prwskey;
599 union pn48 dot11txpn;
600 struct sta_info *stainfo;
601 struct rx_pkt_attrib *prxattrib = &((struct recv_frame *)precvframe)->attrib;
602 struct security_priv *psecuritypriv = &padapter->securitypriv;
603 u32 res = _SUCCESS;
604
605 pframe = (unsigned char *)((struct recv_frame *)precvframe)->rx_data;
606
607 /* 4 start to decrypt recvframe */
608 if (prxattrib->encrypt == _TKIP_) {
609 stainfo = rtw_get_stainfo(&padapter->stapriv, &prxattrib->ta[0]);
610 if (stainfo) {
611 if (is_multicast_ether_addr(prxattrib->ra)) {
612 if (!psecuritypriv->binstallGrpkey) {
613 res = _FAIL;
614 DBG_88E("%s:rx bc/mc packets, but didn't install group key!!!!!!!!!!\n", __func__);
615 goto exit;
616 }
617 prwskey = psecuritypriv->dot118021XGrpKey[prxattrib->key_index].skey;
618 } else {
619 prwskey = &stainfo->dot118021x_UncstKey.skey[0];
620 }
621
622 iv = pframe + prxattrib->hdrlen;
623 payload = pframe + prxattrib->iv_len + prxattrib->hdrlen;
624 length = ((struct recv_frame *)precvframe)->len - prxattrib->hdrlen - prxattrib->iv_len;
625
626 GET_TKIP_PN(iv, dot11txpn);
627
628 pnl = (u16)(dot11txpn.val);
629 pnh = (u32)(dot11txpn.val >> 16);
630
631 phase1((u16 *)&ttkey[0], prwskey, &prxattrib->ta[0], pnh);
632 phase2(&rc4key[0], prwskey, (unsigned short *)&ttkey[0], pnl);
633
634 /* 4 decrypt payload include icv */
635
636 arcfour_init(&mycontext, rc4key, 16);
637 arcfour_encrypt(&mycontext, payload, payload, length);
638
639 crc.f0 = cpu_to_le32(~crc32_le(~0, payload, length));
640
641 if (crc.f1[3] != payload[length - 1] ||
642 crc.f1[2] != payload[length - 2] ||
643 crc.f1[1] != payload[length - 3] ||
644 crc.f1[0] != payload[length - 4])
645 res = _FAIL;
646 } else {
647 res = _FAIL;
648 }
649 }
650
651 exit:
652 return res;
653 }
654
655 /* 3 ===== AES related ===== */
656
657 #define MAX_MSG_SIZE 2048
658 /*****************************/
659 /******** SBOX Table *********/
660 /*****************************/
661
662 static u8 sbox_table[256] = {
663 0x63, 0x7c, 0x77, 0x7b, 0xf2, 0x6b, 0x6f, 0xc5,
664 0x30, 0x01, 0x67, 0x2b, 0xfe, 0xd7, 0xab, 0x76,
665 0xca, 0x82, 0xc9, 0x7d, 0xfa, 0x59, 0x47, 0xf0,
666 0xad, 0xd4, 0xa2, 0xaf, 0x9c, 0xa4, 0x72, 0xc0,
667 0xb7, 0xfd, 0x93, 0x26, 0x36, 0x3f, 0xf7, 0xcc,
668 0x34, 0xa5, 0xe5, 0xf1, 0x71, 0xd8, 0x31, 0x15,
669 0x04, 0xc7, 0x23, 0xc3, 0x18, 0x96, 0x05, 0x9a,
670 0x07, 0x12, 0x80, 0xe2, 0xeb, 0x27, 0xb2, 0x75,
671 0x09, 0x83, 0x2c, 0x1a, 0x1b, 0x6e, 0x5a, 0xa0,
672 0x52, 0x3b, 0xd6, 0xb3, 0x29, 0xe3, 0x2f, 0x84,
673 0x53, 0xd1, 0x00, 0xed, 0x20, 0xfc, 0xb1, 0x5b,
674 0x6a, 0xcb, 0xbe, 0x39, 0x4a, 0x4c, 0x58, 0xcf,
675 0xd0, 0xef, 0xaa, 0xfb, 0x43, 0x4d, 0x33, 0x85,
676 0x45, 0xf9, 0x02, 0x7f, 0x50, 0x3c, 0x9f, 0xa8,
677 0x51, 0xa3, 0x40, 0x8f, 0x92, 0x9d, 0x38, 0xf5,
678 0xbc, 0xb6, 0xda, 0x21, 0x10, 0xff, 0xf3, 0xd2,
679 0xcd, 0x0c, 0x13, 0xec, 0x5f, 0x97, 0x44, 0x17,
680 0xc4, 0xa7, 0x7e, 0x3d, 0x64, 0x5d, 0x19, 0x73,
681 0x60, 0x81, 0x4f, 0xdc, 0x22, 0x2a, 0x90, 0x88,
682 0x46, 0xee, 0xb8, 0x14, 0xde, 0x5e, 0x0b, 0xdb,
683 0xe0, 0x32, 0x3a, 0x0a, 0x49, 0x06, 0x24, 0x5c,
684 0xc2, 0xd3, 0xac, 0x62, 0x91, 0x95, 0xe4, 0x79,
685 0xe7, 0xc8, 0x37, 0x6d, 0x8d, 0xd5, 0x4e, 0xa9,
686 0x6c, 0x56, 0xf4, 0xea, 0x65, 0x7a, 0xae, 0x08,
687 0xba, 0x78, 0x25, 0x2e, 0x1c, 0xa6, 0xb4, 0xc6,
688 0xe8, 0xdd, 0x74, 0x1f, 0x4b, 0xbd, 0x8b, 0x8a,
689 0x70, 0x3e, 0xb5, 0x66, 0x48, 0x03, 0xf6, 0x0e,
690 0x61, 0x35, 0x57, 0xb9, 0x86, 0xc1, 0x1d, 0x9e,
691 0xe1, 0xf8, 0x98, 0x11, 0x69, 0xd9, 0x8e, 0x94,
692 0x9b, 0x1e, 0x87, 0xe9, 0xce, 0x55, 0x28, 0xdf,
693 0x8c, 0xa1, 0x89, 0x0d, 0xbf, 0xe6, 0x42, 0x68,
694 0x41, 0x99, 0x2d, 0x0f, 0xb0, 0x54, 0xbb, 0x16
695 };
696
697 /*****************************/
698 /**** Function Prototypes ****/
699 /*****************************/
700
701 static void bitwise_xor(u8 *ina, u8 *inb, u8 *out);
702 static void construct_mic_iv(u8 *mic_header1, int qc_exists, int a4_exists, u8 *mpdu, uint payload_length, u8 *pn_vector);
703 static void construct_mic_header1(u8 *mic_header1, int header_length, u8 *mpdu);
704 static void construct_mic_header2(u8 *mic_header2, u8 *mpdu, int a4_exists, int qc_exists);
705 static void construct_ctr_preload(u8 *ctr_preload, int a4_exists, int qc_exists, u8 *mpdu, u8 *pn_vector, int c);
706 static void xor_128(u8 *a, u8 *b, u8 *out);
707 static void xor_32(u8 *a, u8 *b, u8 *out);
708 static u8 sbox(u8 a);
709 static void next_key(u8 *key, int round);
710 static void byte_sub(u8 *in, u8 *out);
711 static void shift_row(u8 *in, u8 *out);
712 static void mix_column(u8 *in, u8 *out);
713 static void aes128k128d(u8 *key, u8 *data, u8 *ciphertext);
714
715 /****************************************/
716 /* aes128k128d() */
717 /* Performs a 128 bit AES encrypt with */
718 /* 128 bit data. */
719 /****************************************/
xor_128(u8 * a,u8 * b,u8 * out)720 static void xor_128(u8 *a, u8 *b, u8 *out)
721 {
722 int i;
723
724 for (i = 0; i < 16; i++)
725 out[i] = a[i] ^ b[i];
726
727 }
728
xor_32(u8 * a,u8 * b,u8 * out)729 static void xor_32(u8 *a, u8 *b, u8 *out)
730 {
731 int i;
732
733 for (i = 0; i < 4; i++)
734 out[i] = a[i] ^ b[i];
735
736 }
737
sbox(u8 a)738 static u8 sbox(u8 a)
739 {
740 return sbox_table[(int)a];
741 }
742
next_key(u8 * key,int round)743 static void next_key(u8 *key, int round)
744 {
745 u8 rcon;
746 u8 sbox_key[4];
747 u8 rcon_table[12] = {
748 0x01, 0x02, 0x04, 0x08, 0x10, 0x20, 0x40, 0x80,
749 0x1b, 0x36, 0x36, 0x36
750 };
751
752 sbox_key[0] = sbox(key[13]);
753 sbox_key[1] = sbox(key[14]);
754 sbox_key[2] = sbox(key[15]);
755 sbox_key[3] = sbox(key[12]);
756
757 rcon = rcon_table[round];
758
759 xor_32(&key[0], sbox_key, &key[0]);
760 key[0] = key[0] ^ rcon;
761
762 xor_32(&key[4], &key[0], &key[4]);
763 xor_32(&key[8], &key[4], &key[8]);
764 xor_32(&key[12], &key[8], &key[12]);
765
766 }
767
byte_sub(u8 * in,u8 * out)768 static void byte_sub(u8 *in, u8 *out)
769 {
770 int i;
771
772 for (i = 0; i < 16; i++)
773 out[i] = sbox(in[i]);
774
775 }
776
shift_row(u8 * in,u8 * out)777 static void shift_row(u8 *in, u8 *out)
778 {
779
780 out[0] = in[0];
781 out[1] = in[5];
782 out[2] = in[10];
783 out[3] = in[15];
784 out[4] = in[4];
785 out[5] = in[9];
786 out[6] = in[14];
787 out[7] = in[3];
788 out[8] = in[8];
789 out[9] = in[13];
790 out[10] = in[2];
791 out[11] = in[7];
792 out[12] = in[12];
793 out[13] = in[1];
794 out[14] = in[6];
795 out[15] = in[11];
796
797 }
798
mix_column(u8 * in,u8 * out)799 static void mix_column(u8 *in, u8 *out)
800 {
801 int i;
802 u8 add1b[4];
803 u8 add1bf7[4];
804 u8 rotl[4];
805 u8 swap_halfs[4];
806 u8 andf7[4];
807 u8 rotr[4];
808 u8 temp[4];
809 u8 tempb[4];
810
811 for (i = 0 ; i < 4; i++) {
812 if ((in[i] & 0x80) == 0x80)
813 add1b[i] = 0x1b;
814 else
815 add1b[i] = 0x00;
816 }
817
818 swap_halfs[0] = in[2]; /* Swap halves */
819 swap_halfs[1] = in[3];
820 swap_halfs[2] = in[0];
821 swap_halfs[3] = in[1];
822
823 rotl[0] = in[3]; /* Rotate left 8 bits */
824 rotl[1] = in[0];
825 rotl[2] = in[1];
826 rotl[3] = in[2];
827
828 andf7[0] = in[0] & 0x7f;
829 andf7[1] = in[1] & 0x7f;
830 andf7[2] = in[2] & 0x7f;
831 andf7[3] = in[3] & 0x7f;
832
833 for (i = 3; i > 0; i--) { /* logical shift left 1 bit */
834 andf7[i] = andf7[i] << 1;
835 if ((andf7[i - 1] & 0x80) == 0x80)
836 andf7[i] = (andf7[i] | 0x01);
837 }
838 andf7[0] = andf7[0] << 1;
839 andf7[0] = andf7[0] & 0xfe;
840
841 xor_32(add1b, andf7, add1bf7);
842
843 xor_32(in, add1bf7, rotr);
844
845 temp[0] = rotr[0]; /* Rotate right 8 bits */
846 rotr[0] = rotr[1];
847 rotr[1] = rotr[2];
848 rotr[2] = rotr[3];
849 rotr[3] = temp[0];
850
851 xor_32(add1bf7, rotr, temp);
852 xor_32(swap_halfs, rotl, tempb);
853 xor_32(temp, tempb, out);
854
855 }
856
aes128k128d(u8 * key,u8 * data,u8 * ciphertext)857 static void aes128k128d(u8 *key, u8 *data, u8 *ciphertext)
858 {
859 int round;
860 int i;
861 u8 intermediatea[16];
862 u8 intermediateb[16];
863 u8 round_key[16];
864
865 for (i = 0; i < 16; i++)
866 round_key[i] = key[i];
867 for (round = 0; round < 11; round++) {
868 if (round == 0) {
869 xor_128(round_key, data, ciphertext);
870 next_key(round_key, round);
871 } else if (round == 10) {
872 byte_sub(ciphertext, intermediatea);
873 shift_row(intermediatea, intermediateb);
874 xor_128(intermediateb, round_key, ciphertext);
875 } else { /* 1 - 9 */
876 byte_sub(ciphertext, intermediatea);
877 shift_row(intermediatea, intermediateb);
878 mix_column(&intermediateb[0], &intermediatea[0]);
879 mix_column(&intermediateb[4], &intermediatea[4]);
880 mix_column(&intermediateb[8], &intermediatea[8]);
881 mix_column(&intermediateb[12], &intermediatea[12]);
882 xor_128(intermediatea, round_key, ciphertext);
883 next_key(round_key, round);
884 }
885 }
886
887 }
888
889 /************************************************/
890 /* construct_mic_iv() */
891 /* Builds the MIC IV from header fields and PN */
892 /************************************************/
construct_mic_iv(u8 * mic_iv,int qc_exists,int a4_exists,u8 * mpdu,uint payload_length,u8 * pn_vector)893 static void construct_mic_iv(u8 *mic_iv, int qc_exists, int a4_exists, u8 *mpdu,
894 uint payload_length, u8 *pn_vector)
895 {
896 int i;
897
898 mic_iv[0] = 0x59;
899 if (qc_exists && a4_exists)
900 mic_iv[1] = mpdu[30] & 0x0f; /* QoS_TC */
901 if (qc_exists && !a4_exists)
902 mic_iv[1] = mpdu[24] & 0x0f; /* mute bits 7-4 */
903 if (!qc_exists)
904 mic_iv[1] = 0x00;
905 for (i = 2; i < 8; i++)
906 mic_iv[i] = mpdu[i + 8]; /* mic_iv[2:7] = A2[0:5] = mpdu[10:15] */
907 for (i = 8; i < 14; i++)
908 mic_iv[i] = pn_vector[13 - i]; /* mic_iv[8:13] = PN[5:0] */
909 mic_iv[14] = (unsigned char)(payload_length / 256);
910 mic_iv[15] = (unsigned char)(payload_length % 256);
911
912 }
913
914 /************************************************/
915 /* construct_mic_header1() */
916 /* Builds the first MIC header block from */
917 /* header fields. */
918 /************************************************/
construct_mic_header1(u8 * mic_header1,int header_length,u8 * mpdu)919 static void construct_mic_header1(u8 *mic_header1, int header_length, u8 *mpdu)
920 {
921
922 mic_header1[0] = (u8)((header_length - 2) / 256);
923 mic_header1[1] = (u8)((header_length - 2) % 256);
924 mic_header1[2] = mpdu[0] & 0xcf; /* Mute CF poll & CF ack bits */
925 mic_header1[3] = mpdu[1] & 0xc7; /* Mute retry, more data and pwr mgt bits */
926 mic_header1[4] = mpdu[4]; /* A1 */
927 mic_header1[5] = mpdu[5];
928 mic_header1[6] = mpdu[6];
929 mic_header1[7] = mpdu[7];
930 mic_header1[8] = mpdu[8];
931 mic_header1[9] = mpdu[9];
932 mic_header1[10] = mpdu[10]; /* A2 */
933 mic_header1[11] = mpdu[11];
934 mic_header1[12] = mpdu[12];
935 mic_header1[13] = mpdu[13];
936 mic_header1[14] = mpdu[14];
937 mic_header1[15] = mpdu[15];
938
939 }
940
941 /************************************************/
942 /* construct_mic_header2() */
943 /* Builds the last MIC header block from */
944 /* header fields. */
945 /************************************************/
construct_mic_header2(u8 * mic_header2,u8 * mpdu,int a4_exists,int qc_exists)946 static void construct_mic_header2(u8 *mic_header2, u8 *mpdu, int a4_exists, int qc_exists)
947 {
948 int i;
949
950 for (i = 0; i < 16; i++)
951 mic_header2[i] = 0x00;
952
953 mic_header2[0] = mpdu[16]; /* A3 */
954 mic_header2[1] = mpdu[17];
955 mic_header2[2] = mpdu[18];
956 mic_header2[3] = mpdu[19];
957 mic_header2[4] = mpdu[20];
958 mic_header2[5] = mpdu[21];
959
960 mic_header2[6] = 0x00;
961 mic_header2[7] = 0x00; /* mpdu[23]; */
962
963 if (!qc_exists && a4_exists) {
964 for (i = 0; i < 6; i++)
965 mic_header2[8 + i] = mpdu[24 + i]; /* A4 */
966 }
967
968 if (qc_exists && !a4_exists) {
969 mic_header2[8] = mpdu[24] & 0x0f; /* mute bits 15 - 4 */
970 mic_header2[9] = mpdu[25] & 0x00;
971 }
972
973 if (qc_exists && a4_exists) {
974 for (i = 0; i < 6; i++)
975 mic_header2[8 + i] = mpdu[24 + i]; /* A4 */
976
977 mic_header2[14] = mpdu[30] & 0x0f;
978 mic_header2[15] = mpdu[31] & 0x00;
979 }
980
981 }
982
983 /************************************************/
984 /* construct_mic_header2() */
985 /* Builds the last MIC header block from */
986 /* header fields. */
987 /************************************************/
construct_ctr_preload(u8 * ctr_preload,int a4_exists,int qc_exists,u8 * mpdu,u8 * pn_vector,int c)988 static void construct_ctr_preload(u8 *ctr_preload, int a4_exists, int qc_exists, u8 *mpdu, u8 *pn_vector, int c)
989 {
990 int i;
991
992 for (i = 0; i < 16; i++)
993 ctr_preload[i] = 0x00;
994 i = 0;
995
996 ctr_preload[0] = 0x01; /* flag */
997 if (qc_exists && a4_exists)
998 ctr_preload[1] = mpdu[30] & 0x0f; /* QoC_Control */
999 if (qc_exists && !a4_exists)
1000 ctr_preload[1] = mpdu[24] & 0x0f;
1001
1002 for (i = 2; i < 8; i++)
1003 ctr_preload[i] = mpdu[i + 8]; /* ctr_preload[2:7] = A2[0:5] = mpdu[10:15] */
1004 for (i = 8; i < 14; i++)
1005 ctr_preload[i] = pn_vector[13 - i]; /* ctr_preload[8:13] = PN[5:0] */
1006 ctr_preload[14] = (unsigned char)(c / 256); /* Ctr */
1007 ctr_preload[15] = (unsigned char)(c % 256);
1008
1009 }
1010
1011 /************************************/
1012 /* bitwise_xor() */
1013 /* A 128 bit, bitwise exclusive or */
1014 /************************************/
bitwise_xor(u8 * ina,u8 * inb,u8 * out)1015 static void bitwise_xor(u8 *ina, u8 *inb, u8 *out)
1016 {
1017 int i;
1018
1019 for (i = 0; i < 16; i++)
1020 out[i] = ina[i] ^ inb[i];
1021
1022 }
1023
aes_cipher(u8 * key,uint hdrlen,u8 * pframe,uint plen)1024 static int aes_cipher(u8 *key, uint hdrlen, u8 *pframe, uint plen)
1025 {
1026 uint qc_exists, a4_exists, i, j, payload_remainder,
1027 num_blocks, payload_index;
1028
1029 u8 pn_vector[6];
1030 u8 mic_iv[16];
1031 u8 mic_header1[16];
1032 u8 mic_header2[16];
1033 u8 ctr_preload[16];
1034
1035 /* Intermediate Buffers */
1036 u8 chain_buffer[16];
1037 u8 aes_out[16];
1038 u8 padded_buffer[16];
1039 u8 mic[8];
1040 uint frtype = GetFrameType(pframe);
1041 uint frsubtype = GetFrameSubType(pframe);
1042
1043 frsubtype = frsubtype >> 4;
1044
1045 memset((void *)mic_iv, 0, 16);
1046 memset((void *)mic_header1, 0, 16);
1047 memset((void *)mic_header2, 0, 16);
1048 memset((void *)ctr_preload, 0, 16);
1049 memset((void *)chain_buffer, 0, 16);
1050 memset((void *)aes_out, 0, 16);
1051 memset((void *)padded_buffer, 0, 16);
1052
1053 if ((hdrlen == WLAN_HDR_A3_LEN) || (hdrlen == WLAN_HDR_A3_QOS_LEN))
1054 a4_exists = 0;
1055 else
1056 a4_exists = 1;
1057
1058 if ((frtype == WIFI_DATA_CFACK) || (frtype == WIFI_DATA_CFPOLL) || (frtype == WIFI_DATA_CFACKPOLL)) {
1059 qc_exists = 1;
1060 if (hdrlen != WLAN_HDR_A3_QOS_LEN)
1061 hdrlen += 2;
1062 } else if ((frsubtype == 0x08) || (frsubtype == 0x09) || (frsubtype == 0x0a) || (frsubtype == 0x0b)) {
1063 if (hdrlen != WLAN_HDR_A3_QOS_LEN)
1064 hdrlen += 2;
1065 qc_exists = 1;
1066 } else {
1067 qc_exists = 0;
1068 }
1069
1070 pn_vector[0] = pframe[hdrlen];
1071 pn_vector[1] = pframe[hdrlen + 1];
1072 pn_vector[2] = pframe[hdrlen + 4];
1073 pn_vector[3] = pframe[hdrlen + 5];
1074 pn_vector[4] = pframe[hdrlen + 6];
1075 pn_vector[5] = pframe[hdrlen + 7];
1076
1077 construct_mic_iv(mic_iv, qc_exists, a4_exists, pframe, plen, pn_vector);
1078
1079 construct_mic_header1(mic_header1, hdrlen, pframe);
1080 construct_mic_header2(mic_header2, pframe, a4_exists, qc_exists);
1081
1082 payload_remainder = plen % 16;
1083 num_blocks = plen / 16;
1084
1085 /* Find start of payload */
1086 payload_index = (hdrlen + 8);
1087
1088 /* Calculate MIC */
1089 aes128k128d(key, mic_iv, aes_out);
1090 bitwise_xor(aes_out, mic_header1, chain_buffer);
1091 aes128k128d(key, chain_buffer, aes_out);
1092 bitwise_xor(aes_out, mic_header2, chain_buffer);
1093 aes128k128d(key, chain_buffer, aes_out);
1094
1095 for (i = 0; i < num_blocks; i++) {
1096 bitwise_xor(aes_out, &pframe[payload_index], chain_buffer);/* bitwise_xor(aes_out, &message[payload_index], chain_buffer); */
1097
1098 payload_index += 16;
1099 aes128k128d(key, chain_buffer, aes_out);
1100 }
1101
1102 /* Add on the final payload block if it needs padding */
1103 if (payload_remainder > 0) {
1104 for (j = 0; j < 16; j++)
1105 padded_buffer[j] = 0x00;
1106 for (j = 0; j < payload_remainder; j++)
1107 padded_buffer[j] = pframe[payload_index++];/* padded_buffer[j] = message[payload_index++]; */
1108 bitwise_xor(aes_out, padded_buffer, chain_buffer);
1109 aes128k128d(key, chain_buffer, aes_out);
1110 }
1111
1112 for (j = 0; j < 8; j++)
1113 mic[j] = aes_out[j];
1114
1115 /* Insert MIC into payload */
1116 for (j = 0; j < 8; j++)
1117 pframe[payload_index + j] = mic[j]; /* message[payload_index+j] = mic[j]; */
1118
1119 payload_index = hdrlen + 8;
1120 for (i = 0; i < num_blocks; i++) {
1121 construct_ctr_preload(ctr_preload, a4_exists, qc_exists, pframe, pn_vector, i + 1);
1122 aes128k128d(key, ctr_preload, aes_out);
1123 bitwise_xor(aes_out, &pframe[payload_index], chain_buffer);
1124 for (j = 0; j < 16; j++)
1125 pframe[payload_index++] = chain_buffer[j];
1126 }
1127
1128 if (payload_remainder > 0) { /* If there is a short final block, then pad it,*/
1129 /* encrypt it and copy the unpadded part back */
1130 construct_ctr_preload(ctr_preload, a4_exists, qc_exists, pframe, pn_vector, num_blocks + 1);
1131
1132 for (j = 0; j < 16; j++)
1133 padded_buffer[j] = 0x00;
1134 for (j = 0; j < payload_remainder; j++)
1135 padded_buffer[j] = pframe[payload_index + j];
1136 aes128k128d(key, ctr_preload, aes_out);
1137 bitwise_xor(aes_out, padded_buffer, chain_buffer);
1138 for (j = 0; j < payload_remainder; j++)
1139 pframe[payload_index++] = chain_buffer[j];
1140 }
1141 /* Encrypt the MIC */
1142 construct_ctr_preload(ctr_preload, a4_exists, qc_exists, pframe, pn_vector, 0);
1143
1144 for (j = 0; j < 16; j++)
1145 padded_buffer[j] = 0x00;
1146 for (j = 0; j < 8; j++)
1147 padded_buffer[j] = pframe[j + hdrlen + 8 + plen];
1148
1149 aes128k128d(key, ctr_preload, aes_out);
1150 bitwise_xor(aes_out, padded_buffer, chain_buffer);
1151 for (j = 0; j < 8; j++)
1152 pframe[payload_index++] = chain_buffer[j];
1153
1154 return _SUCCESS;
1155 }
1156
rtw_aes_encrypt(struct adapter * padapter,u8 * pxmitframe)1157 u32 rtw_aes_encrypt(struct adapter *padapter, u8 *pxmitframe)
1158 { /* exclude ICV */
1159
1160 /*static*/
1161 /* unsigned char message[MAX_MSG_SIZE]; */
1162
1163 /* Intermediate Buffers */
1164 int curfragnum, length;
1165 u8 *pframe, *prwskey; /* *payload,*iv */
1166 u8 hw_hdr_offset = 0;
1167 struct sta_info *stainfo;
1168 struct pkt_attrib *pattrib = &((struct xmit_frame *)pxmitframe)->attrib;
1169 struct security_priv *psecuritypriv = &padapter->securitypriv;
1170 struct xmit_priv *pxmitpriv = &padapter->xmitpriv;
1171
1172 /* uint offset = 0; */
1173 u32 res = _SUCCESS;
1174
1175 if (!((struct xmit_frame *)pxmitframe)->buf_addr)
1176 return _FAIL;
1177
1178 hw_hdr_offset = TXDESC_SIZE +
1179 (((struct xmit_frame *)pxmitframe)->pkt_offset * PACKET_OFFSET_SZ);
1180
1181 pframe = ((struct xmit_frame *)pxmitframe)->buf_addr + hw_hdr_offset;
1182
1183 /* 4 start to encrypt each fragment */
1184 if (pattrib->encrypt == _AES_) {
1185 if (pattrib->psta)
1186 stainfo = pattrib->psta;
1187 else
1188 stainfo = rtw_get_stainfo(&padapter->stapriv, &pattrib->ra[0]);
1189
1190 if (stainfo) {
1191 if (is_multicast_ether_addr(pattrib->ra))
1192 prwskey = psecuritypriv->dot118021XGrpKey[psecuritypriv->dot118021XGrpKeyid].skey;
1193 else
1194 prwskey = &stainfo->dot118021x_UncstKey.skey[0];
1195 for (curfragnum = 0; curfragnum < pattrib->nr_frags; curfragnum++) {
1196 if ((curfragnum + 1) == pattrib->nr_frags) { /* 4 the last fragment */
1197 length = pattrib->last_txcmdsz - pattrib->hdrlen - pattrib->iv_len - pattrib->icv_len;
1198
1199 aes_cipher(prwskey, pattrib->hdrlen, pframe, length);
1200 } else {
1201 length = pxmitpriv->frag_len - pattrib->hdrlen - pattrib->iv_len - pattrib->icv_len;
1202
1203 aes_cipher(prwskey, pattrib->hdrlen, pframe, length);
1204 pframe += pxmitpriv->frag_len;
1205 pframe = (u8 *)RND4((size_t)(pframe));
1206 }
1207 }
1208 } else {
1209 res = _FAIL;
1210 }
1211 }
1212
1213 return res;
1214 }
1215
aes_decipher(u8 * key,uint hdrlen,u8 * pframe,uint plen)1216 static int aes_decipher(u8 *key, uint hdrlen,
1217 u8 *pframe, uint plen)
1218 {
1219 static u8 message[MAX_MSG_SIZE];
1220 uint qc_exists, a4_exists, i, j, payload_remainder,
1221 num_blocks, payload_index;
1222 int res = _SUCCESS;
1223 u8 pn_vector[6];
1224 u8 mic_iv[16];
1225 u8 mic_header1[16];
1226 u8 mic_header2[16];
1227 u8 ctr_preload[16];
1228
1229 /* Intermediate Buffers */
1230 u8 chain_buffer[16];
1231 u8 aes_out[16];
1232 u8 padded_buffer[16];
1233 u8 mic[8];
1234
1235 /* uint offset = 0; */
1236 uint frtype = GetFrameType(pframe);
1237 uint frsubtype = GetFrameSubType(pframe);
1238
1239 frsubtype = frsubtype >> 4;
1240
1241 memset((void *)mic_iv, 0, 16);
1242 memset((void *)mic_header1, 0, 16);
1243 memset((void *)mic_header2, 0, 16);
1244 memset((void *)ctr_preload, 0, 16);
1245 memset((void *)chain_buffer, 0, 16);
1246 memset((void *)aes_out, 0, 16);
1247 memset((void *)padded_buffer, 0, 16);
1248
1249 /* start to decrypt the payload */
1250
1251 num_blocks = (plen - 8) / 16; /* plen including llc, payload_length and mic) */
1252
1253 payload_remainder = (plen - 8) % 16;
1254
1255 pn_vector[0] = pframe[hdrlen];
1256 pn_vector[1] = pframe[hdrlen + 1];
1257 pn_vector[2] = pframe[hdrlen + 4];
1258 pn_vector[3] = pframe[hdrlen + 5];
1259 pn_vector[4] = pframe[hdrlen + 6];
1260 pn_vector[5] = pframe[hdrlen + 7];
1261
1262 if ((hdrlen == WLAN_HDR_A3_LEN) || (hdrlen == WLAN_HDR_A3_QOS_LEN))
1263 a4_exists = 0;
1264 else
1265 a4_exists = 1;
1266
1267 if ((frtype == WIFI_DATA_CFACK) || (frtype == WIFI_DATA_CFPOLL) ||
1268 (frtype == WIFI_DATA_CFACKPOLL)) {
1269 qc_exists = 1;
1270 if (hdrlen != WLAN_HDR_A3_QOS_LEN)
1271 hdrlen += 2;
1272 } else if ((frsubtype == 0x08) || (frsubtype == 0x09) ||
1273 (frsubtype == 0x0a) || (frsubtype == 0x0b)) {
1274 if (hdrlen != WLAN_HDR_A3_QOS_LEN)
1275 hdrlen += 2;
1276 qc_exists = 1;
1277 } else {
1278 qc_exists = 0;
1279 }
1280
1281 /* now, decrypt pframe with hdrlen offset and plen long */
1282
1283 payload_index = hdrlen + 8; /* 8 is for extiv */
1284
1285 for (i = 0; i < num_blocks; i++) {
1286 construct_ctr_preload(ctr_preload, a4_exists, qc_exists, pframe, pn_vector, i + 1);
1287
1288 aes128k128d(key, ctr_preload, aes_out);
1289 bitwise_xor(aes_out, &pframe[payload_index], chain_buffer);
1290
1291 for (j = 0; j < 16; j++)
1292 pframe[payload_index++] = chain_buffer[j];
1293 }
1294
1295 if (payload_remainder > 0) { /* If there is a short final block, then pad it,*/
1296 /* encrypt it and copy the unpadded part back */
1297 construct_ctr_preload(ctr_preload, a4_exists, qc_exists, pframe, pn_vector, num_blocks + 1);
1298
1299 for (j = 0; j < 16; j++)
1300 padded_buffer[j] = 0x00;
1301 for (j = 0; j < payload_remainder; j++)
1302 padded_buffer[j] = pframe[payload_index + j];
1303 aes128k128d(key, ctr_preload, aes_out);
1304 bitwise_xor(aes_out, padded_buffer, chain_buffer);
1305 for (j = 0; j < payload_remainder; j++)
1306 pframe[payload_index++] = chain_buffer[j];
1307 }
1308
1309 /* start to calculate the mic */
1310 if ((hdrlen + plen + 8) <= MAX_MSG_SIZE)
1311 memcpy(message, pframe, (hdrlen + plen + 8)); /* 8 is for ext iv len */
1312
1313 pn_vector[0] = pframe[hdrlen];
1314 pn_vector[1] = pframe[hdrlen + 1];
1315 pn_vector[2] = pframe[hdrlen + 4];
1316 pn_vector[3] = pframe[hdrlen + 5];
1317 pn_vector[4] = pframe[hdrlen + 6];
1318 pn_vector[5] = pframe[hdrlen + 7];
1319 construct_mic_iv(mic_iv, qc_exists, a4_exists, message, plen - 8, pn_vector);
1320
1321 construct_mic_header1(mic_header1, hdrlen, message);
1322 construct_mic_header2(mic_header2, message, a4_exists, qc_exists);
1323
1324 payload_remainder = (plen - 8) % 16;
1325 num_blocks = (plen - 8) / 16;
1326
1327 /* Find start of payload */
1328 payload_index = (hdrlen + 8);
1329
1330 /* Calculate MIC */
1331 aes128k128d(key, mic_iv, aes_out);
1332 bitwise_xor(aes_out, mic_header1, chain_buffer);
1333 aes128k128d(key, chain_buffer, aes_out);
1334 bitwise_xor(aes_out, mic_header2, chain_buffer);
1335 aes128k128d(key, chain_buffer, aes_out);
1336
1337 for (i = 0; i < num_blocks; i++) {
1338 bitwise_xor(aes_out, &message[payload_index], chain_buffer);
1339
1340 payload_index += 16;
1341 aes128k128d(key, chain_buffer, aes_out);
1342 }
1343
1344 /* Add on the final payload block if it needs padding */
1345 if (payload_remainder > 0) {
1346 for (j = 0; j < 16; j++)
1347 padded_buffer[j] = 0x00;
1348 for (j = 0; j < payload_remainder; j++)
1349 padded_buffer[j] = message[payload_index++];
1350 bitwise_xor(aes_out, padded_buffer, chain_buffer);
1351 aes128k128d(key, chain_buffer, aes_out);
1352 }
1353
1354 for (j = 0 ; j < 8; j++)
1355 mic[j] = aes_out[j];
1356
1357 /* Insert MIC into payload */
1358 for (j = 0; j < 8; j++)
1359 message[payload_index + j] = mic[j];
1360
1361 payload_index = hdrlen + 8;
1362 for (i = 0; i < num_blocks; i++) {
1363 construct_ctr_preload(ctr_preload, a4_exists, qc_exists, message, pn_vector, i + 1);
1364 aes128k128d(key, ctr_preload, aes_out);
1365 bitwise_xor(aes_out, &message[payload_index], chain_buffer);
1366 for (j = 0; j < 16; j++)
1367 message[payload_index++] = chain_buffer[j];
1368 }
1369
1370 if (payload_remainder > 0) { /* If there is a short final block, then pad it,*/
1371 /* encrypt it and copy the unpadded part back */
1372 construct_ctr_preload(ctr_preload, a4_exists, qc_exists, message, pn_vector, num_blocks + 1);
1373
1374 for (j = 0; j < 16; j++)
1375 padded_buffer[j] = 0x00;
1376 for (j = 0; j < payload_remainder; j++)
1377 padded_buffer[j] = message[payload_index + j];
1378 aes128k128d(key, ctr_preload, aes_out);
1379 bitwise_xor(aes_out, padded_buffer, chain_buffer);
1380 for (j = 0; j < payload_remainder; j++)
1381 message[payload_index++] = chain_buffer[j];
1382 }
1383
1384 /* Encrypt the MIC */
1385 construct_ctr_preload(ctr_preload, a4_exists, qc_exists, message, pn_vector, 0);
1386
1387 for (j = 0; j < 16; j++)
1388 padded_buffer[j] = 0x00;
1389 for (j = 0; j < 8; j++)
1390 padded_buffer[j] = message[j + hdrlen + 8 + plen - 8];
1391
1392 aes128k128d(key, ctr_preload, aes_out);
1393 bitwise_xor(aes_out, padded_buffer, chain_buffer);
1394 for (j = 0; j < 8; j++)
1395 message[payload_index++] = chain_buffer[j];
1396
1397 /* compare the mic */
1398 for (i = 0; i < 8; i++) {
1399 if (pframe[hdrlen + 8 + plen - 8 + i] != message[hdrlen + 8 + plen - 8 + i]) {
1400 DBG_88E("aes_decipher:mic check error mic[%d]: pframe(%x)!=message(%x)\n",
1401 i, pframe[hdrlen + 8 + plen - 8 + i], message[hdrlen + 8 + plen - 8 + i]);
1402 res = _FAIL;
1403 }
1404 }
1405
1406 return res;
1407 }
1408
rtw_aes_decrypt(struct adapter * padapter,u8 * precvframe)1409 u32 rtw_aes_decrypt(struct adapter *padapter, u8 *precvframe)
1410 { /* exclude ICV */
1411 /* Intermediate Buffers */
1412 int length;
1413 u8 *pframe, *prwskey; /* *payload,*iv */
1414 struct sta_info *stainfo;
1415 struct rx_pkt_attrib *prxattrib = &((struct recv_frame *)precvframe)->attrib;
1416 struct security_priv *psecuritypriv = &padapter->securitypriv;
1417 u32 res = _SUCCESS;
1418
1419 pframe = (unsigned char *)((struct recv_frame *)precvframe)->rx_data;
1420 /* 4 start to encrypt each fragment */
1421 if (prxattrib->encrypt == _AES_) {
1422 stainfo = rtw_get_stainfo(&padapter->stapriv, &prxattrib->ta[0]);
1423 if (stainfo) {
1424 if (is_multicast_ether_addr(prxattrib->ra)) {
1425 /* in concurrent we should use sw descrypt in group key, so we remove this message */
1426 if (!psecuritypriv->binstallGrpkey) {
1427 res = _FAIL;
1428 DBG_88E("%s:rx bc/mc packets, but didn't install group key!!!!!!!!!!\n", __func__);
1429 goto exit;
1430 }
1431 prwskey = psecuritypriv->dot118021XGrpKey[prxattrib->key_index].skey;
1432 if (psecuritypriv->dot118021XGrpKeyid != prxattrib->key_index) {
1433 DBG_88E("not match packet_index=%d, install_index=%d\n",
1434 prxattrib->key_index, psecuritypriv->dot118021XGrpKeyid);
1435 res = _FAIL;
1436 goto exit;
1437 }
1438 } else {
1439 prwskey = &stainfo->dot118021x_UncstKey.skey[0];
1440 }
1441 length = ((struct recv_frame *)precvframe)->len - prxattrib->hdrlen - prxattrib->iv_len;
1442 res = aes_decipher(prwskey, prxattrib->hdrlen, pframe, length);
1443 } else {
1444 res = _FAIL;
1445 }
1446 }
1447
1448 exit:
1449 return res;
1450 }
1451
1452 /* AES tables*/
1453 const u32 Te0[256] = {
1454 0xc66363a5U, 0xf87c7c84U, 0xee777799U, 0xf67b7b8dU,
1455 0xfff2f20dU, 0xd66b6bbdU, 0xde6f6fb1U, 0x91c5c554U,
1456 0x60303050U, 0x02010103U, 0xce6767a9U, 0x562b2b7dU,
1457 0xe7fefe19U, 0xb5d7d762U, 0x4dababe6U, 0xec76769aU,
1458 0x8fcaca45U, 0x1f82829dU, 0x89c9c940U, 0xfa7d7d87U,
1459 0xeffafa15U, 0xb25959ebU, 0x8e4747c9U, 0xfbf0f00bU,
1460 0x41adadecU, 0xb3d4d467U, 0x5fa2a2fdU, 0x45afafeaU,
1461 0x239c9cbfU, 0x53a4a4f7U, 0xe4727296U, 0x9bc0c05bU,
1462 0x75b7b7c2U, 0xe1fdfd1cU, 0x3d9393aeU, 0x4c26266aU,
1463 0x6c36365aU, 0x7e3f3f41U, 0xf5f7f702U, 0x83cccc4fU,
1464 0x6834345cU, 0x51a5a5f4U, 0xd1e5e534U, 0xf9f1f108U,
1465 0xe2717193U, 0xabd8d873U, 0x62313153U, 0x2a15153fU,
1466 0x0804040cU, 0x95c7c752U, 0x46232365U, 0x9dc3c35eU,
1467 0x30181828U, 0x379696a1U, 0x0a05050fU, 0x2f9a9ab5U,
1468 0x0e070709U, 0x24121236U, 0x1b80809bU, 0xdfe2e23dU,
1469 0xcdebeb26U, 0x4e272769U, 0x7fb2b2cdU, 0xea75759fU,
1470 0x1209091bU, 0x1d83839eU, 0x582c2c74U, 0x341a1a2eU,
1471 0x361b1b2dU, 0xdc6e6eb2U, 0xb45a5aeeU, 0x5ba0a0fbU,
1472 0xa45252f6U, 0x763b3b4dU, 0xb7d6d661U, 0x7db3b3ceU,
1473 0x5229297bU, 0xdde3e33eU, 0x5e2f2f71U, 0x13848497U,
1474 0xa65353f5U, 0xb9d1d168U, 0x00000000U, 0xc1eded2cU,
1475 0x40202060U, 0xe3fcfc1fU, 0x79b1b1c8U, 0xb65b5bedU,
1476 0xd46a6abeU, 0x8dcbcb46U, 0x67bebed9U, 0x7239394bU,
1477 0x944a4adeU, 0x984c4cd4U, 0xb05858e8U, 0x85cfcf4aU,
1478 0xbbd0d06bU, 0xc5efef2aU, 0x4faaaae5U, 0xedfbfb16U,
1479 0x864343c5U, 0x9a4d4dd7U, 0x66333355U, 0x11858594U,
1480 0x8a4545cfU, 0xe9f9f910U, 0x04020206U, 0xfe7f7f81U,
1481 0xa05050f0U, 0x783c3c44U, 0x259f9fbaU, 0x4ba8a8e3U,
1482 0xa25151f3U, 0x5da3a3feU, 0x804040c0U, 0x058f8f8aU,
1483 0x3f9292adU, 0x219d9dbcU, 0x70383848U, 0xf1f5f504U,
1484 0x63bcbcdfU, 0x77b6b6c1U, 0xafdada75U, 0x42212163U,
1485 0x20101030U, 0xe5ffff1aU, 0xfdf3f30eU, 0xbfd2d26dU,
1486 0x81cdcd4cU, 0x180c0c14U, 0x26131335U, 0xc3ecec2fU,
1487 0xbe5f5fe1U, 0x359797a2U, 0x884444ccU, 0x2e171739U,
1488 0x93c4c457U, 0x55a7a7f2U, 0xfc7e7e82U, 0x7a3d3d47U,
1489 0xc86464acU, 0xba5d5de7U, 0x3219192bU, 0xe6737395U,
1490 0xc06060a0U, 0x19818198U, 0x9e4f4fd1U, 0xa3dcdc7fU,
1491 0x44222266U, 0x542a2a7eU, 0x3b9090abU, 0x0b888883U,
1492 0x8c4646caU, 0xc7eeee29U, 0x6bb8b8d3U, 0x2814143cU,
1493 0xa7dede79U, 0xbc5e5ee2U, 0x160b0b1dU, 0xaddbdb76U,
1494 0xdbe0e03bU, 0x64323256U, 0x743a3a4eU, 0x140a0a1eU,
1495 0x924949dbU, 0x0c06060aU, 0x4824246cU, 0xb85c5ce4U,
1496 0x9fc2c25dU, 0xbdd3d36eU, 0x43acacefU, 0xc46262a6U,
1497 0x399191a8U, 0x319595a4U, 0xd3e4e437U, 0xf279798bU,
1498 0xd5e7e732U, 0x8bc8c843U, 0x6e373759U, 0xda6d6db7U,
1499 0x018d8d8cU, 0xb1d5d564U, 0x9c4e4ed2U, 0x49a9a9e0U,
1500 0xd86c6cb4U, 0xac5656faU, 0xf3f4f407U, 0xcfeaea25U,
1501 0xca6565afU, 0xf47a7a8eU, 0x47aeaee9U, 0x10080818U,
1502 0x6fbabad5U, 0xf0787888U, 0x4a25256fU, 0x5c2e2e72U,
1503 0x381c1c24U, 0x57a6a6f1U, 0x73b4b4c7U, 0x97c6c651U,
1504 0xcbe8e823U, 0xa1dddd7cU, 0xe874749cU, 0x3e1f1f21U,
1505 0x964b4bddU, 0x61bdbddcU, 0x0d8b8b86U, 0x0f8a8a85U,
1506 0xe0707090U, 0x7c3e3e42U, 0x71b5b5c4U, 0xcc6666aaU,
1507 0x904848d8U, 0x06030305U, 0xf7f6f601U, 0x1c0e0e12U,
1508 0xc26161a3U, 0x6a35355fU, 0xae5757f9U, 0x69b9b9d0U,
1509 0x17868691U, 0x99c1c158U, 0x3a1d1d27U, 0x279e9eb9U,
1510 0xd9e1e138U, 0xebf8f813U, 0x2b9898b3U, 0x22111133U,
1511 0xd26969bbU, 0xa9d9d970U, 0x078e8e89U, 0x339494a7U,
1512 0x2d9b9bb6U, 0x3c1e1e22U, 0x15878792U, 0xc9e9e920U,
1513 0x87cece49U, 0xaa5555ffU, 0x50282878U, 0xa5dfdf7aU,
1514 0x038c8c8fU, 0x59a1a1f8U, 0x09898980U, 0x1a0d0d17U,
1515 0x65bfbfdaU, 0xd7e6e631U, 0x844242c6U, 0xd06868b8U,
1516 0x824141c3U, 0x299999b0U, 0x5a2d2d77U, 0x1e0f0f11U,
1517 0x7bb0b0cbU, 0xa85454fcU, 0x6dbbbbd6U, 0x2c16163aU,
1518 };
1519
1520 const u32 Td0[256] = {
1521 0x51f4a750U, 0x7e416553U, 0x1a17a4c3U, 0x3a275e96U,
1522 0x3bab6bcbU, 0x1f9d45f1U, 0xacfa58abU, 0x4be30393U,
1523 0x2030fa55U, 0xad766df6U, 0x88cc7691U, 0xf5024c25U,
1524 0x4fe5d7fcU, 0xc52acbd7U, 0x26354480U, 0xb562a38fU,
1525 0xdeb15a49U, 0x25ba1b67U, 0x45ea0e98U, 0x5dfec0e1U,
1526 0xc32f7502U, 0x814cf012U, 0x8d4697a3U, 0x6bd3f9c6U,
1527 0x038f5fe7U, 0x15929c95U, 0xbf6d7aebU, 0x955259daU,
1528 0xd4be832dU, 0x587421d3U, 0x49e06929U, 0x8ec9c844U,
1529 0x75c2896aU, 0xf48e7978U, 0x99583e6bU, 0x27b971ddU,
1530 0xbee14fb6U, 0xf088ad17U, 0xc920ac66U, 0x7dce3ab4U,
1531 0x63df4a18U, 0xe51a3182U, 0x97513360U, 0x62537f45U,
1532 0xb16477e0U, 0xbb6bae84U, 0xfe81a01cU, 0xf9082b94U,
1533 0x70486858U, 0x8f45fd19U, 0x94de6c87U, 0x527bf8b7U,
1534 0xab73d323U, 0x724b02e2U, 0xe31f8f57U, 0x6655ab2aU,
1535 0xb2eb2807U, 0x2fb5c203U, 0x86c57b9aU, 0xd33708a5U,
1536 0x302887f2U, 0x23bfa5b2U, 0x02036abaU, 0xed16825cU,
1537 0x8acf1c2bU, 0xa779b492U, 0xf307f2f0U, 0x4e69e2a1U,
1538 0x65daf4cdU, 0x0605bed5U, 0xd134621fU, 0xc4a6fe8aU,
1539 0x342e539dU, 0xa2f355a0U, 0x058ae132U, 0xa4f6eb75U,
1540 0x0b83ec39U, 0x4060efaaU, 0x5e719f06U, 0xbd6e1051U,
1541 0x3e218af9U, 0x96dd063dU, 0xdd3e05aeU, 0x4de6bd46U,
1542 0x91548db5U, 0x71c45d05U, 0x0406d46fU, 0x605015ffU,
1543 0x1998fb24U, 0xd6bde997U, 0x894043ccU, 0x67d99e77U,
1544 0xb0e842bdU, 0x07898b88U, 0xe7195b38U, 0x79c8eedbU,
1545 0xa17c0a47U, 0x7c420fe9U, 0xf8841ec9U, 0x00000000U,
1546 0x09808683U, 0x322bed48U, 0x1e1170acU, 0x6c5a724eU,
1547 0xfd0efffbU, 0x0f853856U, 0x3daed51eU, 0x362d3927U,
1548 0x0a0fd964U, 0x685ca621U, 0x9b5b54d1U, 0x24362e3aU,
1549 0x0c0a67b1U, 0x9357e70fU, 0xb4ee96d2U, 0x1b9b919eU,
1550 0x80c0c54fU, 0x61dc20a2U, 0x5a774b69U, 0x1c121a16U,
1551 0xe293ba0aU, 0xc0a02ae5U, 0x3c22e043U, 0x121b171dU,
1552 0x0e090d0bU, 0xf28bc7adU, 0x2db6a8b9U, 0x141ea9c8U,
1553 0x57f11985U, 0xaf75074cU, 0xee99ddbbU, 0xa37f60fdU,
1554 0xf701269fU, 0x5c72f5bcU, 0x44663bc5U, 0x5bfb7e34U,
1555 0x8b432976U, 0xcb23c6dcU, 0xb6edfc68U, 0xb8e4f163U,
1556 0xd731dccaU, 0x42638510U, 0x13972240U, 0x84c61120U,
1557 0x854a247dU, 0xd2bb3df8U, 0xaef93211U, 0xc729a16dU,
1558 0x1d9e2f4bU, 0xdcb230f3U, 0x0d8652ecU, 0x77c1e3d0U,
1559 0x2bb3166cU, 0xa970b999U, 0x119448faU, 0x47e96422U,
1560 0xa8fc8cc4U, 0xa0f03f1aU, 0x567d2cd8U, 0x223390efU,
1561 0x87494ec7U, 0xd938d1c1U, 0x8ccaa2feU, 0x98d40b36U,
1562 0xa6f581cfU, 0xa57ade28U, 0xdab78e26U, 0x3fadbfa4U,
1563 0x2c3a9de4U, 0x5078920dU, 0x6a5fcc9bU, 0x547e4662U,
1564 0xf68d13c2U, 0x90d8b8e8U, 0x2e39f75eU, 0x82c3aff5U,
1565 0x9f5d80beU, 0x69d0937cU, 0x6fd52da9U, 0xcf2512b3U,
1566 0xc8ac993bU, 0x10187da7U, 0xe89c636eU, 0xdb3bbb7bU,
1567 0xcd267809U, 0x6e5918f4U, 0xec9ab701U, 0x834f9aa8U,
1568 0xe6956e65U, 0xaaffe67eU, 0x21bccf08U, 0xef15e8e6U,
1569 0xbae79bd9U, 0x4a6f36ceU, 0xea9f09d4U, 0x29b07cd6U,
1570 0x31a4b2afU, 0x2a3f2331U, 0xc6a59430U, 0x35a266c0U,
1571 0x744ebc37U, 0xfc82caa6U, 0xe090d0b0U, 0x33a7d815U,
1572 0xf104984aU, 0x41ecdaf7U, 0x7fcd500eU, 0x1791f62fU,
1573 0x764dd68dU, 0x43efb04dU, 0xccaa4d54U, 0xe49604dfU,
1574 0x9ed1b5e3U, 0x4c6a881bU, 0xc12c1fb8U, 0x4665517fU,
1575 0x9d5eea04U, 0x018c355dU, 0xfa877473U, 0xfb0b412eU,
1576 0xb3671d5aU, 0x92dbd252U, 0xe9105633U, 0x6dd64713U,
1577 0x9ad7618cU, 0x37a10c7aU, 0x59f8148eU, 0xeb133c89U,
1578 0xcea927eeU, 0xb761c935U, 0xe11ce5edU, 0x7a47b13cU,
1579 0x9cd2df59U, 0x55f2733fU, 0x1814ce79U, 0x73c737bfU,
1580 0x53f7cdeaU, 0x5ffdaa5bU, 0xdf3d6f14U, 0x7844db86U,
1581 0xcaaff381U, 0xb968c43eU, 0x3824342cU, 0xc2a3405fU,
1582 0x161dc372U, 0xbce2250cU, 0x283c498bU, 0xff0d9541U,
1583 0x39a80171U, 0x080cb3deU, 0xd8b4e49cU, 0x6456c190U,
1584 0x7bcb8461U, 0xd532b670U, 0x486c5c74U, 0xd0b85742U,
1585 };
1586
1587 const u8 Td4s[256] = {
1588 0x52U, 0x09U, 0x6aU, 0xd5U, 0x30U, 0x36U, 0xa5U, 0x38U,
1589 0xbfU, 0x40U, 0xa3U, 0x9eU, 0x81U, 0xf3U, 0xd7U, 0xfbU,
1590 0x7cU, 0xe3U, 0x39U, 0x82U, 0x9bU, 0x2fU, 0xffU, 0x87U,
1591 0x34U, 0x8eU, 0x43U, 0x44U, 0xc4U, 0xdeU, 0xe9U, 0xcbU,
1592 0x54U, 0x7bU, 0x94U, 0x32U, 0xa6U, 0xc2U, 0x23U, 0x3dU,
1593 0xeeU, 0x4cU, 0x95U, 0x0bU, 0x42U, 0xfaU, 0xc3U, 0x4eU,
1594 0x08U, 0x2eU, 0xa1U, 0x66U, 0x28U, 0xd9U, 0x24U, 0xb2U,
1595 0x76U, 0x5bU, 0xa2U, 0x49U, 0x6dU, 0x8bU, 0xd1U, 0x25U,
1596 0x72U, 0xf8U, 0xf6U, 0x64U, 0x86U, 0x68U, 0x98U, 0x16U,
1597 0xd4U, 0xa4U, 0x5cU, 0xccU, 0x5dU, 0x65U, 0xb6U, 0x92U,
1598 0x6cU, 0x70U, 0x48U, 0x50U, 0xfdU, 0xedU, 0xb9U, 0xdaU,
1599 0x5eU, 0x15U, 0x46U, 0x57U, 0xa7U, 0x8dU, 0x9dU, 0x84U,
1600 0x90U, 0xd8U, 0xabU, 0x00U, 0x8cU, 0xbcU, 0xd3U, 0x0aU,
1601 0xf7U, 0xe4U, 0x58U, 0x05U, 0xb8U, 0xb3U, 0x45U, 0x06U,
1602 0xd0U, 0x2cU, 0x1eU, 0x8fU, 0xcaU, 0x3fU, 0x0fU, 0x02U,
1603 0xc1U, 0xafU, 0xbdU, 0x03U, 0x01U, 0x13U, 0x8aU, 0x6bU,
1604 0x3aU, 0x91U, 0x11U, 0x41U, 0x4fU, 0x67U, 0xdcU, 0xeaU,
1605 0x97U, 0xf2U, 0xcfU, 0xceU, 0xf0U, 0xb4U, 0xe6U, 0x73U,
1606 0x96U, 0xacU, 0x74U, 0x22U, 0xe7U, 0xadU, 0x35U, 0x85U,
1607 0xe2U, 0xf9U, 0x37U, 0xe8U, 0x1cU, 0x75U, 0xdfU, 0x6eU,
1608 0x47U, 0xf1U, 0x1aU, 0x71U, 0x1dU, 0x29U, 0xc5U, 0x89U,
1609 0x6fU, 0xb7U, 0x62U, 0x0eU, 0xaaU, 0x18U, 0xbeU, 0x1bU,
1610 0xfcU, 0x56U, 0x3eU, 0x4bU, 0xc6U, 0xd2U, 0x79U, 0x20U,
1611 0x9aU, 0xdbU, 0xc0U, 0xfeU, 0x78U, 0xcdU, 0x5aU, 0xf4U,
1612 0x1fU, 0xddU, 0xa8U, 0x33U, 0x88U, 0x07U, 0xc7U, 0x31U,
1613 0xb1U, 0x12U, 0x10U, 0x59U, 0x27U, 0x80U, 0xecU, 0x5fU,
1614 0x60U, 0x51U, 0x7fU, 0xa9U, 0x19U, 0xb5U, 0x4aU, 0x0dU,
1615 0x2dU, 0xe5U, 0x7aU, 0x9fU, 0x93U, 0xc9U, 0x9cU, 0xefU,
1616 0xa0U, 0xe0U, 0x3bU, 0x4dU, 0xaeU, 0x2aU, 0xf5U, 0xb0U,
1617 0xc8U, 0xebU, 0xbbU, 0x3cU, 0x83U, 0x53U, 0x99U, 0x61U,
1618 0x17U, 0x2bU, 0x04U, 0x7eU, 0xbaU, 0x77U, 0xd6U, 0x26U,
1619 0xe1U, 0x69U, 0x14U, 0x63U, 0x55U, 0x21U, 0x0cU, 0x7dU,
1620 };
1621 const u8 rcons[] = {
1622 0x01, 0x02, 0x04, 0x08, 0x10, 0x20, 0x40, 0x80, 0x1B, 0x36
1623 /* for 128-bit blocks, Rijndael never uses more than 10 rcon values */
1624 };
1625
1626 /**
1627 * Expand the cipher key into the encryption key schedule.
1628 *
1629 * @return the number of rounds for the given cipher key size.
1630 */
1631 #define ROUND(i, d, s) \
1632 do { \
1633 d##0 = TE0(s##0) ^ TE1(s##1) ^ TE2(s##2) ^ TE3(s##3) ^ rk[4 * i]; \
1634 d##1 = TE0(s##1) ^ TE1(s##2) ^ TE2(s##3) ^ TE3(s##0) ^ rk[4 * i + 1]; \
1635 d##2 = TE0(s##2) ^ TE1(s##3) ^ TE2(s##0) ^ TE3(s##1) ^ rk[4 * i + 2]; \
1636 d##3 = TE0(s##3) ^ TE1(s##0) ^ TE2(s##1) ^ TE3(s##2) ^ rk[4 * i + 3]; \
1637 } while (0);
1638
1639 /**
1640 * omac1_aes_128 - One-Key CBC MAC (OMAC1) hash with AES-128 (aka AES-CMAC)
1641 * @key: 128-bit key for the hash operation
1642 * @data: Data buffer for which a MAC is determined
1643 * @data_len: Length of data buffer in bytes
1644 * @mac: Buffer for MAC (128 bits, i.e., 16 bytes)
1645 * Returns: 0 on success, -1 on failure
1646 *
1647 * This is a mode for using block cipher (AES in this case) for authentication.
1648 * OMAC1 was standardized with the name CMAC by NIST in a Special Publication
1649 * (SP) 800-38B.
1650 */
rtw_use_tkipkey_handler(void * FunctionContext)1651 void rtw_use_tkipkey_handler(void *FunctionContext)
1652 {
1653 struct adapter *padapter = (struct adapter *)FunctionContext;
1654
1655 padapter->securitypriv.busetkipkey = true;
1656 }
1657
