1 /******************************************************************************
2 * rtl871x_security.c
3 *
4 * Copyright(c) 2007 - 2010 Realtek Corporation. All rights reserved.
5 * Linux device driver for RTL8192SU
6 *
7 * This program is free software; you can redistribute it and/or modify it
8 * under the terms of version 2 of the GNU General Public License as
9 * published by the Free Software Foundation.
10 *
11 * This program is distributed in the hope that it will be useful, but WITHOUT
12 * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
13 * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for
14 * more details.
15 *
16 * You should have received a copy of the GNU General Public License along with
17 * this program; if not, write to the Free Software Foundation, Inc.,
18 * 51 Franklin Street, Fifth Floor, Boston, MA 02110, USA
19 *
20 * Modifications for inclusion into the Linux staging tree are
21 * Copyright(c) 2010 Larry Finger. All rights reserved.
22 *
23 * Contact information:
24 * WLAN FAE <wlanfae@realtek.com>
25 * Larry Finger <Larry.Finger@lwfinger.net>
26 *
27 ******************************************************************************/
28
29 #define _RTL871X_SECURITY_C_
30
31 #include <linux/compiler.h>
32 #include <linux/kernel.h>
33 #include <linux/errno.h>
34 #include <linux/slab.h>
35 #include <linux/module.h>
36 #include <linux/kref.h>
37 #include <linux/netdevice.h>
38 #include <linux/skbuff.h>
39 #include <linux/circ_buf.h>
40 #include <linux/uaccess.h>
41 #include <asm/byteorder.h>
42 #include <linux/atomic.h>
43 #include <linux/crc32poly.h>
44 #include <linux/semaphore.h>
45
46 #include "osdep_service.h"
47 #include "drv_types.h"
48 #include "wifi.h"
49 #include "osdep_intf.h"
50
51 /* =====WEP related===== */
52
53 struct arc4context {
54 u32 x;
55 u32 y;
56 u8 state[256];
57 };
58
arcfour_init(struct arc4context * parc4ctx,u8 * key,u32 key_len)59 static void arcfour_init(struct arc4context *parc4ctx, u8 *key, u32 key_len)
60 {
61 u32 t, u;
62 u32 keyindex;
63 u32 stateindex;
64 u8 *state;
65 u32 counter;
66
67 state = parc4ctx->state;
68 parc4ctx->x = 0;
69 parc4ctx->y = 0;
70 for (counter = 0; counter < 256; counter++)
71 state[counter] = (u8)counter;
72 keyindex = 0;
73 stateindex = 0;
74 for (counter = 0; counter < 256; counter++) {
75 t = state[counter];
76 stateindex = (stateindex + key[keyindex] + t) & 0xff;
77 u = state[stateindex];
78 state[stateindex] = (u8)t;
79 state[counter] = (u8)u;
80 if (++keyindex >= key_len)
81 keyindex = 0;
82 }
83 }
84
arcfour_byte(struct arc4context * parc4ctx)85 static u32 arcfour_byte(struct arc4context *parc4ctx)
86 {
87 u32 x;
88 u32 y;
89 u32 sx, sy;
90 u8 *state;
91
92 state = parc4ctx->state;
93 x = (parc4ctx->x + 1) & 0xff;
94 sx = state[x];
95 y = (sx + parc4ctx->y) & 0xff;
96 sy = state[y];
97 parc4ctx->x = x;
98 parc4ctx->y = y;
99 state[y] = (u8)sx;
100 state[x] = (u8)sy;
101 return state[(sx + sy) & 0xff];
102 }
103
arcfour_encrypt(struct arc4context * parc4ctx,u8 * dest,u8 * src,u32 len)104 static void arcfour_encrypt(struct arc4context *parc4ctx,
105 u8 *dest, u8 *src, u32 len)
106 {
107 u32 i;
108
109 for (i = 0; i < len; i++)
110 dest[i] = src[i] ^ (unsigned char)arcfour_byte(parc4ctx);
111 }
112
113 static sint bcrc32initialized;
114 static u32 crc32_table[256];
115
crc32_reverseBit(u8 data)116 static u8 crc32_reverseBit(u8 data)
117 {
118 return ((u8)(data << 7) & 0x80) | ((data << 5) & 0x40) | ((data << 3)
119 & 0x20) | ((data << 1) & 0x10) | ((data >> 1) & 0x08) |
120 ((data >> 3) & 0x04) | ((data >> 5) & 0x02) | ((data >> 7) &
121 0x01);
122 }
123
crc32_init(void)124 static void crc32_init(void)
125 {
126 sint i, j;
127 u32 c;
128 u8 *p = (u8 *)&c, *p1;
129 u8 k;
130
131 if (bcrc32initialized == 1)
132 return;
133
134 for (i = 0; i < 256; ++i) {
135 k = crc32_reverseBit((u8)i);
136 for (c = ((u32)k) << 24, j = 8; j > 0; --j)
137 c = c & 0x80000000 ? (c << 1) ^ CRC32_POLY_BE : (c << 1);
138 p1 = (u8 *)&crc32_table[i];
139 p1[0] = crc32_reverseBit(p[3]);
140 p1[1] = crc32_reverseBit(p[2]);
141 p1[2] = crc32_reverseBit(p[1]);
142 p1[3] = crc32_reverseBit(p[0]);
143 }
144 bcrc32initialized = 1;
145 }
146
getcrc32(u8 * buf,u32 len)147 static u32 getcrc32(u8 *buf, u32 len)
148 {
149 u8 *p;
150 u32 crc;
151
152 if (!bcrc32initialized)
153 crc32_init();
154 crc = 0xffffffff; /* preload shift register, per CRC-32 spec */
155 for (p = buf; len > 0; ++p, --len)
156 crc = crc32_table[(crc ^ *p) & 0xff] ^ (crc >> 8);
157 return ~crc; /* transmit complement, per CRC-32 spec */
158 }
159
160 /*
161 * Need to consider the fragment situation
162 */
r8712_wep_encrypt(struct _adapter * padapter,u8 * pxmitframe)163 void r8712_wep_encrypt(struct _adapter *padapter, u8 *pxmitframe)
164 { /* exclude ICV */
165 unsigned char crc[4];
166 struct arc4context mycontext;
167 u32 curfragnum, length, keylength, pki;
168 u8 *pframe, *payload, *iv; /*,*wepkey*/
169 u8 wepkey[16];
170 struct pkt_attrib *pattrib = &((struct xmit_frame *)
171 pxmitframe)->attrib;
172 struct security_priv *psecuritypriv = &padapter->securitypriv;
173 struct xmit_priv *pxmitpriv = &padapter->xmitpriv;
174
175 if (((struct xmit_frame *)pxmitframe)->buf_addr == NULL)
176 return;
177 pframe = ((struct xmit_frame *)pxmitframe)->buf_addr + TXDESC_OFFSET;
178 /*start to encrypt each fragment*/
179 if ((pattrib->encrypt == _WEP40_) || (pattrib->encrypt == _WEP104_)) {
180 pki = psecuritypriv->PrivacyKeyIndex;
181 keylength = psecuritypriv->DefKeylen[pki];
182 for (curfragnum = 0; curfragnum < pattrib->nr_frags;
183 curfragnum++) {
184 iv = pframe + pattrib->hdrlen;
185 memcpy(&wepkey[0], iv, 3);
186 memcpy(&wepkey[3], &psecuritypriv->DefKey[
187 psecuritypriv->PrivacyKeyIndex].skey[0],
188 keylength);
189 payload = pframe + pattrib->iv_len + pattrib->hdrlen;
190 if ((curfragnum + 1) == pattrib->nr_frags) {
191 length = pattrib->last_txcmdsz -
192 pattrib->hdrlen -
193 pattrib->iv_len -
194 pattrib->icv_len;
195 *((__le32 *)crc) = cpu_to_le32(getcrc32(
196 payload, length));
197 arcfour_init(&mycontext, wepkey, 3 + keylength);
198 arcfour_encrypt(&mycontext, payload, payload,
199 length);
200 arcfour_encrypt(&mycontext, payload + length,
201 crc, 4);
202 } else {
203 length = pxmitpriv->frag_len -
204 pattrib->hdrlen - pattrib->iv_len -
205 pattrib->icv_len;
206 *((__le32 *)crc) = cpu_to_le32(getcrc32(
207 payload, length));
208 arcfour_init(&mycontext, wepkey, 3 + keylength);
209 arcfour_encrypt(&mycontext, payload, payload,
210 length);
211 arcfour_encrypt(&mycontext, payload + length,
212 crc, 4);
213 pframe += pxmitpriv->frag_len;
214 pframe = (u8 *)RND4((addr_t)(pframe));
215 }
216 }
217 }
218 }
219
r8712_wep_decrypt(struct _adapter * padapter,u8 * precvframe)220 void r8712_wep_decrypt(struct _adapter *padapter, u8 *precvframe)
221 {
222 /* exclude ICV */
223 u8 crc[4];
224 struct arc4context mycontext;
225 u32 length, keylength;
226 u8 *pframe, *payload, *iv, wepkey[16];
227 u8 keyindex;
228 struct rx_pkt_attrib *prxattrib = &(((union recv_frame *)
229 precvframe)->u.hdr.attrib);
230 struct security_priv *psecuritypriv = &padapter->securitypriv;
231
232 pframe = (unsigned char *)((union recv_frame *)precvframe)->
233 u.hdr.rx_data;
234 /* start to decrypt recvframe */
235 if ((prxattrib->encrypt == _WEP40_) || (prxattrib->encrypt ==
236 _WEP104_)) {
237 iv = pframe + prxattrib->hdrlen;
238 keyindex = (iv[3] & 0x3);
239 keylength = psecuritypriv->DefKeylen[keyindex];
240 memcpy(&wepkey[0], iv, 3);
241 memcpy(&wepkey[3], &psecuritypriv->DefKey[
242 psecuritypriv->PrivacyKeyIndex].skey[0],
243 keylength);
244 length = ((union recv_frame *)precvframe)->
245 u.hdr.len - prxattrib->hdrlen - prxattrib->iv_len;
246 payload = pframe + prxattrib->iv_len + prxattrib->hdrlen;
247 /* decrypt payload include icv */
248 arcfour_init(&mycontext, wepkey, 3 + keylength);
249 arcfour_encrypt(&mycontext, payload, payload, length);
250 /* calculate icv and compare the icv */
251 *((__le32 *)crc) = cpu_to_le32(getcrc32(payload, length - 4));
252 }
253 }
254
255 /* 3 =====TKIP related===== */
256
secmicgetuint32(u8 * p)257 static u32 secmicgetuint32(u8 *p)
258 /* Convert from Byte[] to Us4Byte32 in a portable way */
259 {
260 s32 i;
261 u32 res = 0;
262
263 for (i = 0; i < 4; i++)
264 res |= ((u32)(*p++)) << (8 * i);
265 return res;
266 }
267
secmicputuint32(u8 * p,u32 val)268 static void secmicputuint32(u8 *p, u32 val)
269 /* Convert from Us4Byte32 to Byte[] in a portable way */
270 {
271 long i;
272
273 for (i = 0; i < 4; i++) {
274 *p++ = (u8) (val & 0xff);
275 val >>= 8;
276 }
277 }
278
secmicclear(struct mic_data * pmicdata)279 static void secmicclear(struct mic_data *pmicdata)
280 {
281 /* Reset the state to the empty message. */
282 pmicdata->L = pmicdata->K0;
283 pmicdata->R = pmicdata->K1;
284 pmicdata->nBytesInM = 0;
285 pmicdata->M = 0;
286 }
287
r8712_secmicsetkey(struct mic_data * pmicdata,u8 * key)288 void r8712_secmicsetkey(struct mic_data *pmicdata, u8 *key)
289 {
290 /* Set the key */
291 pmicdata->K0 = secmicgetuint32(key);
292 pmicdata->K1 = secmicgetuint32(key + 4);
293 /* and reset the message */
294 secmicclear(pmicdata);
295 }
296
secmicappendbyte(struct mic_data * pmicdata,u8 b)297 static void secmicappendbyte(struct mic_data *pmicdata, u8 b)
298 {
299 /* Append the byte to our word-sized buffer */
300 pmicdata->M |= ((u32)b) << (8 * pmicdata->nBytesInM);
301 pmicdata->nBytesInM++;
302 /* Process the word if it is full. */
303 if (pmicdata->nBytesInM >= 4) {
304 pmicdata->L ^= pmicdata->M;
305 pmicdata->R ^= ROL32(pmicdata->L, 17);
306 pmicdata->L += pmicdata->R;
307 pmicdata->R ^= ((pmicdata->L & 0xff00ff00) >> 8) |
308 ((pmicdata->L & 0x00ff00ff) << 8);
309 pmicdata->L += pmicdata->R;
310 pmicdata->R ^= ROL32(pmicdata->L, 3);
311 pmicdata->L += pmicdata->R;
312 pmicdata->R ^= ROR32(pmicdata->L, 2);
313 pmicdata->L += pmicdata->R;
314 /* Clear the buffer */
315 pmicdata->M = 0;
316 pmicdata->nBytesInM = 0;
317 }
318 }
319
r8712_secmicappend(struct mic_data * pmicdata,u8 * src,u32 nbytes)320 void r8712_secmicappend(struct mic_data *pmicdata, u8 *src, u32 nbytes)
321 {
322 /* This is simple */
323 while (nbytes > 0) {
324 secmicappendbyte(pmicdata, *src++);
325 nbytes--;
326 }
327 }
328
r8712_secgetmic(struct mic_data * pmicdata,u8 * dst)329 void r8712_secgetmic(struct mic_data *pmicdata, u8 *dst)
330 {
331 /* Append the minimum padding */
332 secmicappendbyte(pmicdata, 0x5a);
333 secmicappendbyte(pmicdata, 0);
334 secmicappendbyte(pmicdata, 0);
335 secmicappendbyte(pmicdata, 0);
336 secmicappendbyte(pmicdata, 0);
337 /* and then zeroes until the length is a multiple of 4 */
338 while (pmicdata->nBytesInM != 0)
339 secmicappendbyte(pmicdata, 0);
340 /* The appendByte function has already computed the result. */
341 secmicputuint32(dst, pmicdata->L);
342 secmicputuint32(dst + 4, pmicdata->R);
343 /* Reset to the empty message. */
344 secmicclear(pmicdata);
345 }
346
seccalctkipmic(u8 * key,u8 * header,u8 * data,u32 data_len,u8 * mic_code,u8 pri)347 void seccalctkipmic(u8 *key, u8 *header, u8 *data, u32 data_len, u8 *mic_code,
348 u8 pri)
349 {
350
351 struct mic_data micdata;
352 u8 priority[4] = {0x0, 0x0, 0x0, 0x0};
353
354 r8712_secmicsetkey(&micdata, key);
355 priority[0] = pri;
356 /* Michael MIC pseudo header: DA, SA, 3 x 0, Priority */
357 if (header[1] & 1) { /* ToDS==1 */
358 r8712_secmicappend(&micdata, &header[16], 6); /* DA */
359 if (header[1] & 2) /* From Ds==1 */
360 r8712_secmicappend(&micdata, &header[24], 6);
361 else
362 r8712_secmicappend(&micdata, &header[10], 6);
363 } else { /* ToDS==0 */
364 r8712_secmicappend(&micdata, &header[4], 6); /* DA */
365 if (header[1] & 2) /* From Ds==1 */
366 r8712_secmicappend(&micdata, &header[16], 6);
367 else
368 r8712_secmicappend(&micdata, &header[10], 6);
369 }
370 r8712_secmicappend(&micdata, &priority[0], 4);
371 r8712_secmicappend(&micdata, data, data_len);
372 r8712_secgetmic(&micdata, mic_code);
373 }
374
375 /* macros for extraction/creation of unsigned char/unsigned short values */
376 #define RotR1(v16) ((((v16) >> 1) & 0x7FFF) ^ (((v16) & 1) << 15))
377 #define Lo8(v16) ((u8)((v16) & 0x00FF))
378 #define Hi8(v16) ((u8)(((v16) >> 8) & 0x00FF))
379 #define Lo16(v32) ((u16)((v32) & 0xFFFF))
380 #define Hi16(v32) ((u16)(((v32) >> 16) & 0xFFFF))
381 #define Mk16(hi, lo) ((lo) ^ (((u16)(hi)) << 8))
382
383 /* select the Nth 16-bit word of the temporal key unsigned char array TK[] */
384 #define TK16(N) Mk16(tk[2 * (N) + 1], tk[2 * (N)])
385
386 /* S-box lookup: 16 bits --> 16 bits */
387 #define _S_(v16) (Sbox1[0][Lo8(v16)] ^ Sbox1[1][Hi8(v16)])
388
389 /* fixed algorithm "parameters" */
390 #define PHASE1_LOOP_CNT 8 /* this needs to be "big enough" */
391 #define TA_SIZE 6 /* 48-bit transmitter address */
392 #define TK_SIZE 16 /* 128-bit temporal key */
393 #define P1K_SIZE 10 /* 80-bit Phase1 key */
394 #define RC4_KEY_SIZE 16 /* 128-bit RC4KEY (104 bits unknown) */
395
396
397 /* 2-unsigned char by 2-unsigned char subset of the full AES S-box table */
398 static const unsigned short Sbox1[2][256] = {/* Sbox for hash (can be in ROM) */
399 {
400 0xC6A5, 0xF884, 0xEE99, 0xF68D, 0xFF0D, 0xD6BD, 0xDEB1, 0x9154,
401 0x6050, 0x0203, 0xCEA9, 0x567D, 0xE719, 0xB562, 0x4DE6, 0xEC9A,
402 0x8F45, 0x1F9D, 0x8940, 0xFA87, 0xEF15, 0xB2EB, 0x8EC9, 0xFB0B,
403 0x41EC, 0xB367, 0x5FFD, 0x45EA, 0x23BF, 0x53F7, 0xE496, 0x9B5B,
404 0x75C2, 0xE11C, 0x3DAE, 0x4C6A, 0x6C5A, 0x7E41, 0xF502, 0x834F,
405 0x685C, 0x51F4, 0xD134, 0xF908, 0xE293, 0xAB73, 0x6253, 0x2A3F,
406 0x080C, 0x9552, 0x4665, 0x9D5E, 0x3028, 0x37A1, 0x0A0F, 0x2FB5,
407 0x0E09, 0x2436, 0x1B9B, 0xDF3D, 0xCD26, 0x4E69, 0x7FCD, 0xEA9F,
408 0x121B, 0x1D9E, 0x5874, 0x342E, 0x362D, 0xDCB2, 0xB4EE, 0x5BFB,
409 0xA4F6, 0x764D, 0xB761, 0x7DCE, 0x527B, 0xDD3E, 0x5E71, 0x1397,
410 0xA6F5, 0xB968, 0x0000, 0xC12C, 0x4060, 0xE31F, 0x79C8, 0xB6ED,
411 0xD4BE, 0x8D46, 0x67D9, 0x724B, 0x94DE, 0x98D4, 0xB0E8, 0x854A,
412 0xBB6B, 0xC52A, 0x4FE5, 0xED16, 0x86C5, 0x9AD7, 0x6655, 0x1194,
413 0x8ACF, 0xE910, 0x0406, 0xFE81, 0xA0F0, 0x7844, 0x25BA, 0x4BE3,
414 0xA2F3, 0x5DFE, 0x80C0, 0x058A, 0x3FAD, 0x21BC, 0x7048, 0xF104,
415 0x63DF, 0x77C1, 0xAF75, 0x4263, 0x2030, 0xE51A, 0xFD0E, 0xBF6D,
416 0x814C, 0x1814, 0x2635, 0xC32F, 0xBEE1, 0x35A2, 0x88CC, 0x2E39,
417 0x9357, 0x55F2, 0xFC82, 0x7A47, 0xC8AC, 0xBAE7, 0x322B, 0xE695,
418 0xC0A0, 0x1998, 0x9ED1, 0xA37F, 0x4466, 0x547E, 0x3BAB, 0x0B83,
419 0x8CCA, 0xC729, 0x6BD3, 0x283C, 0xA779, 0xBCE2, 0x161D, 0xAD76,
420 0xDB3B, 0x6456, 0x744E, 0x141E, 0x92DB, 0x0C0A, 0x486C, 0xB8E4,
421 0x9F5D, 0xBD6E, 0x43EF, 0xC4A6, 0x39A8, 0x31A4, 0xD337, 0xF28B,
422 0xD532, 0x8B43, 0x6E59, 0xDAB7, 0x018C, 0xB164, 0x9CD2, 0x49E0,
423 0xD8B4, 0xACFA, 0xF307, 0xCF25, 0xCAAF, 0xF48E, 0x47E9, 0x1018,
424 0x6FD5, 0xF088, 0x4A6F, 0x5C72, 0x3824, 0x57F1, 0x73C7, 0x9751,
425 0xCB23, 0xA17C, 0xE89C, 0x3E21, 0x96DD, 0x61DC, 0x0D86, 0x0F85,
426 0xE090, 0x7C42, 0x71C4, 0xCCAA, 0x90D8, 0x0605, 0xF701, 0x1C12,
427 0xC2A3, 0x6A5F, 0xAEF9, 0x69D0, 0x1791, 0x9958, 0x3A27, 0x27B9,
428 0xD938, 0xEB13, 0x2BB3, 0x2233, 0xD2BB, 0xA970, 0x0789, 0x33A7,
429 0x2DB6, 0x3C22, 0x1592, 0xC920, 0x8749, 0xAAFF, 0x5078, 0xA57A,
430 0x038F, 0x59F8, 0x0980, 0x1A17, 0x65DA, 0xD731, 0x84C6, 0xD0B8,
431 0x82C3, 0x29B0, 0x5A77, 0x1E11, 0x7BCB, 0xA8FC, 0x6DD6, 0x2C3A,
432 },
433 { /* second half is unsigned char-reversed version of first! */
434 0xA5C6, 0x84F8, 0x99EE, 0x8DF6, 0x0DFF, 0xBDD6, 0xB1DE, 0x5491,
435 0x5060, 0x0302, 0xA9CE, 0x7D56, 0x19E7, 0x62B5, 0xE64D, 0x9AEC,
436 0x458F, 0x9D1F, 0x4089, 0x87FA, 0x15EF, 0xEBB2, 0xC98E, 0x0BFB,
437 0xEC41, 0x67B3, 0xFD5F, 0xEA45, 0xBF23, 0xF753, 0x96E4, 0x5B9B,
438 0xC275, 0x1CE1, 0xAE3D, 0x6A4C, 0x5A6C, 0x417E, 0x02F5, 0x4F83,
439 0x5C68, 0xF451, 0x34D1, 0x08F9, 0x93E2, 0x73AB, 0x5362, 0x3F2A,
440 0x0C08, 0x5295, 0x6546, 0x5E9D, 0x2830, 0xA137, 0x0F0A, 0xB52F,
441 0x090E, 0x3624, 0x9B1B, 0x3DDF, 0x26CD, 0x694E, 0xCD7F, 0x9FEA,
442 0x1B12, 0x9E1D, 0x7458, 0x2E34, 0x2D36, 0xB2DC, 0xEEB4, 0xFB5B,
443 0xF6A4, 0x4D76, 0x61B7, 0xCE7D, 0x7B52, 0x3EDD, 0x715E, 0x9713,
444 0xF5A6, 0x68B9, 0x0000, 0x2CC1, 0x6040, 0x1FE3, 0xC879, 0xEDB6,
445 0xBED4, 0x468D, 0xD967, 0x4B72, 0xDE94, 0xD498, 0xE8B0, 0x4A85,
446 0x6BBB, 0x2AC5, 0xE54F, 0x16ED, 0xC586, 0xD79A, 0x5566, 0x9411,
447 0xCF8A, 0x10E9, 0x0604, 0x81FE, 0xF0A0, 0x4478, 0xBA25, 0xE34B,
448 0xF3A2, 0xFE5D, 0xC080, 0x8A05, 0xAD3F, 0xBC21, 0x4870, 0x04F1,
449 0xDF63, 0xC177, 0x75AF, 0x6342, 0x3020, 0x1AE5, 0x0EFD, 0x6DBF,
450 0x4C81, 0x1418, 0x3526, 0x2FC3, 0xE1BE, 0xA235, 0xCC88, 0x392E,
451 0x5793, 0xF255, 0x82FC, 0x477A, 0xACC8, 0xE7BA, 0x2B32, 0x95E6,
452 0xA0C0, 0x9819, 0xD19E, 0x7FA3, 0x6644, 0x7E54, 0xAB3B, 0x830B,
453 0xCA8C, 0x29C7, 0xD36B, 0x3C28, 0x79A7, 0xE2BC, 0x1D16, 0x76AD,
454 0x3BDB, 0x5664, 0x4E74, 0x1E14, 0xDB92, 0x0A0C, 0x6C48, 0xE4B8,
455 0x5D9F, 0x6EBD, 0xEF43, 0xA6C4, 0xA839, 0xA431, 0x37D3, 0x8BF2,
456 0x32D5, 0x438B, 0x596E, 0xB7DA, 0x8C01, 0x64B1, 0xD29C, 0xE049,
457 0xB4D8, 0xFAAC, 0x07F3, 0x25CF, 0xAFCA, 0x8EF4, 0xE947, 0x1810,
458 0xD56F, 0x88F0, 0x6F4A, 0x725C, 0x2438, 0xF157, 0xC773, 0x5197,
459 0x23CB, 0x7CA1, 0x9CE8, 0x213E, 0xDD96, 0xDC61, 0x860D, 0x850F,
460 0x90E0, 0x427C, 0xC471, 0xAACC, 0xD890, 0x0506, 0x01F7, 0x121C,
461 0xA3C2, 0x5F6A, 0xF9AE, 0xD069, 0x9117, 0x5899, 0x273A, 0xB927,
462 0x38D9, 0x13EB, 0xB32B, 0x3322, 0xBBD2, 0x70A9, 0x8907, 0xA733,
463 0xB62D, 0x223C, 0x9215, 0x20C9, 0x4987, 0xFFAA, 0x7850, 0x7AA5,
464 0x8F03, 0xF859, 0x8009, 0x171A, 0xDA65, 0x31D7, 0xC684, 0xB8D0,
465 0xC382, 0xB029, 0x775A, 0x111E, 0xCB7B, 0xFCA8, 0xD66D, 0x3A2C,
466 }
467 };
468
469 /*
470 **********************************************************************
471 * Routine: Phase 1 -- generate P1K, given TA, TK, IV32
472 *
473 * Inputs:
474 * tk[] = temporal key [128 bits]
475 * ta[] = transmitter's MAC address [ 48 bits]
476 * iv32 = upper 32 bits of IV [ 32 bits]
477 * Output:
478 * p1k[] = Phase 1 key [ 80 bits]
479 *
480 * Note:
481 * This function only needs to be called every 2**16 packets,
482 * although in theory it could be called every packet.
483 *
484 **********************************************************************
485 */
phase1(u16 * p1k,const u8 * tk,const u8 * ta,u32 iv32)486 static void phase1(u16 *p1k, const u8 *tk, const u8 *ta, u32 iv32)
487 {
488 sint i;
489
490 /* Initialize the 80 bits of P1K[] from IV32 and TA[0..5] */
491 p1k[0] = Lo16(iv32);
492 p1k[1] = Hi16(iv32);
493 p1k[2] = Mk16(ta[1], ta[0]); /* use TA[] as little-endian */
494 p1k[3] = Mk16(ta[3], ta[2]);
495 p1k[4] = Mk16(ta[5], ta[4]);
496 /* Now compute an unbalanced Feistel cipher with 80-bit block */
497 /* size on the 80-bit block P1K[], using the 128-bit key TK[] */
498 for (i = 0; i < PHASE1_LOOP_CNT; i++) { /* Each add is mod 2**16 */
499 p1k[0] += _S_(p1k[4] ^ TK16((i & 1) + 0));
500 p1k[1] += _S_(p1k[0] ^ TK16((i & 1) + 2));
501 p1k[2] += _S_(p1k[1] ^ TK16((i & 1) + 4));
502 p1k[3] += _S_(p1k[2] ^ TK16((i & 1) + 6));
503 p1k[4] += _S_(p1k[3] ^ TK16((i & 1) + 0));
504 p1k[4] += (unsigned short)i; /* avoid "slide attacks" */
505 }
506 }
507
508 /*
509 **********************************************************************
510 * Routine: Phase 2 -- generate RC4KEY, given TK, P1K, IV16
511 *
512 * Inputs:
513 * tk[] = Temporal key [128 bits]
514 * p1k[] = Phase 1 output key [ 80 bits]
515 * iv16 = low 16 bits of IV counter [ 16 bits]
516 * Output:
517 * rc4key[] = the key used to encrypt the packet [128 bits]
518 *
519 * Note:
520 * The value {TA,IV32,IV16} for Phase1/Phase2 must be unique
521 * across all packets using the same key TK value. Then, for a
522 * given value of TK[], this TKIP48 construction guarantees that
523 * the final RC4KEY value is unique across all packets.
524 *
525 * Suggested implementation optimization: if PPK[] is "overlaid"
526 * appropriately on RC4KEY[], there is no need for the final
527 * for loop below that copies the PPK[] result into RC4KEY[].
528 *
529 **********************************************************************
530 */
phase2(u8 * rc4key,const u8 * tk,const u16 * p1k,u16 iv16)531 static void phase2(u8 *rc4key, const u8 *tk, const u16 *p1k, u16 iv16)
532 {
533 sint i;
534 u16 PPK[6]; /* temporary key for mixing */
535
536 /* Note: all adds in the PPK[] equations below are mod 2**16 */
537 for (i = 0; i < 5; i++)
538 PPK[i] = p1k[i]; /* first, copy P1K to PPK */
539 PPK[5] = p1k[4] + iv16; /* next, add in IV16 */
540 /* Bijective non-linear mixing of the 96 bits of PPK[0..5] */
541 PPK[0] += _S_(PPK[5] ^ TK16(0)); /* Mix key in each "round" */
542 PPK[1] += _S_(PPK[0] ^ TK16(1));
543 PPK[2] += _S_(PPK[1] ^ TK16(2));
544 PPK[3] += _S_(PPK[2] ^ TK16(3));
545 PPK[4] += _S_(PPK[3] ^ TK16(4));
546 PPK[5] += _S_(PPK[4] ^ TK16(5)); /* Total # S-box lookups == 6 */
547 /* Final sweep: bijective, "linear". Rotates kill LSB correlations */
548 PPK[0] += RotR1(PPK[5] ^ TK16(6));
549 PPK[1] += RotR1(PPK[0] ^ TK16(7)); /* Use all of TK[] in Phase2 */
550 PPK[2] += RotR1(PPK[1]);
551 PPK[3] += RotR1(PPK[2]);
552 PPK[4] += RotR1(PPK[3]);
553 PPK[5] += RotR1(PPK[4]);
554 /* Note: At this point, for a given key TK[0..15], the 96-bit output */
555 /* value PPK[0..5] is guaranteed to be unique, as a function */
556 /* of the 96-bit "input" value {TA,IV32,IV16}. That is, P1K */
557 /* is now a keyed permutation of {TA,IV32,IV16}. */
558 /* Set RC4KEY[0..3], which includes "cleartext" portion of RC4 key */
559 rc4key[0] = Hi8(iv16); /* RC4KEY[0..2] is the WEP IV */
560 rc4key[1] = (Hi8(iv16) | 0x20) & 0x7F; /* Help avoid weak (FMS) keys */
561 rc4key[2] = Lo8(iv16);
562 rc4key[3] = Lo8((PPK[5] ^ TK16(0)) >> 1);
563 /* Copy 96 bits of PPK[0..5] to RC4KEY[4..15] (little-endian) */
564 for (i = 0; i < 6; i++) {
565 rc4key[4 + 2 * i] = Lo8(PPK[i]);
566 rc4key[5 + 2 * i] = Hi8(PPK[i]);
567 }
568 }
569
570 /*The hlen isn't include the IV*/
r8712_tkip_encrypt(struct _adapter * padapter,u8 * pxmitframe)571 u32 r8712_tkip_encrypt(struct _adapter *padapter, u8 *pxmitframe)
572 { /* exclude ICV */
573 u16 pnl;
574 u32 pnh;
575 u8 rc4key[16];
576 u8 ttkey[16];
577 u8 crc[4];
578 struct arc4context mycontext;
579 u32 curfragnum, length;
580
581 u8 *pframe, *payload, *iv, *prwskey;
582 union pn48 txpn;
583 struct sta_info *stainfo;
584 struct pkt_attrib *pattrib = &((struct xmit_frame *)pxmitframe)->attrib;
585 struct xmit_priv *pxmitpriv = &padapter->xmitpriv;
586 u32 res = _SUCCESS;
587
588 if (((struct xmit_frame *)pxmitframe)->buf_addr == NULL)
589 return _FAIL;
590
591 pframe = ((struct xmit_frame *)pxmitframe)->buf_addr + TXDESC_OFFSET;
592 /* 4 start to encrypt each fragment */
593 if (pattrib->encrypt == _TKIP_) {
594 if (pattrib->psta)
595 stainfo = pattrib->psta;
596 else
597 stainfo = r8712_get_stainfo(&padapter->stapriv,
598 &pattrib->ra[0]);
599 if (stainfo != NULL) {
600 prwskey = &stainfo->x_UncstKey.skey[0];
601 for (curfragnum = 0; curfragnum < pattrib->nr_frags;
602 curfragnum++) {
603 iv = pframe + pattrib->hdrlen;
604 payload = pframe + pattrib->iv_len +
605 pattrib->hdrlen;
606 GET_TKIP_PN(iv, txpn);
607 pnl = (u16)(txpn.val);
608 pnh = (u32)(txpn.val >> 16);
609 phase1((u16 *)&ttkey[0], prwskey,
610 &pattrib->ta[0], pnh);
611 phase2(&rc4key[0], prwskey, (u16 *)&ttkey[0],
612 pnl);
613 if ((curfragnum + 1) == pattrib->nr_frags) {
614 /* 4 the last fragment */
615 length = pattrib->last_txcmdsz -
616 pattrib->hdrlen -
617 pattrib->iv_len -
618 pattrib->icv_len;
619 *((__le32 *)crc) = cpu_to_le32(
620 getcrc32(payload, length));
621 arcfour_init(&mycontext, rc4key, 16);
622 arcfour_encrypt(&mycontext, payload,
623 payload, length);
624 arcfour_encrypt(&mycontext, payload +
625 length, crc, 4);
626 } else {
627 length = pxmitpriv->frag_len -
628 pattrib->hdrlen -
629 pattrib->iv_len -
630 pattrib->icv_len;
631 *((__le32 *)crc) = cpu_to_le32(getcrc32(
632 payload, length));
633 arcfour_init(&mycontext, rc4key, 16);
634 arcfour_encrypt(&mycontext, payload,
635 payload, length);
636 arcfour_encrypt(&mycontext,
637 payload + length, crc,
638 4);
639 pframe += pxmitpriv->frag_len;
640 pframe = (u8 *)RND4((addr_t)(pframe));
641 }
642 }
643 } else {
644 res = _FAIL;
645 }
646 }
647 return res;
648 }
649
650 /* The hlen doesn't include the IV */
r8712_tkip_decrypt(struct _adapter * padapter,u8 * precvframe)651 u32 r8712_tkip_decrypt(struct _adapter *padapter, u8 *precvframe)
652 { /* exclude ICV */
653 u16 pnl;
654 u32 pnh;
655 u8 rc4key[16];
656 u8 ttkey[16];
657 u8 crc[4];
658 struct arc4context mycontext;
659 u32 length;
660 u8 *pframe, *payload, *iv, *prwskey, idx = 0;
661 union pn48 txpn;
662 struct sta_info *stainfo;
663 struct rx_pkt_attrib *prxattrib = &((union recv_frame *)
664 precvframe)->u.hdr.attrib;
665 struct security_priv *psecuritypriv = &padapter->securitypriv;
666
667 pframe = (unsigned char *)((union recv_frame *)
668 precvframe)->u.hdr.rx_data;
669 /* 4 start to decrypt recvframe */
670 if (prxattrib->encrypt == _TKIP_) {
671 stainfo = r8712_get_stainfo(&padapter->stapriv,
672 &prxattrib->ta[0]);
673 if (stainfo != NULL) {
674 iv = pframe + prxattrib->hdrlen;
675 payload = pframe + prxattrib->iv_len +
676 prxattrib->hdrlen;
677 length = ((union recv_frame *)precvframe)->
678 u.hdr.len - prxattrib->hdrlen -
679 prxattrib->iv_len;
680 if (IS_MCAST(prxattrib->ra)) {
681 idx = iv[3];
682 prwskey = &psecuritypriv->XGrpKey[
683 ((idx >> 6) & 0x3) - 1].skey[0];
684 if (!psecuritypriv->binstallGrpkey)
685 return _FAIL;
686 } else {
687 prwskey = &stainfo->x_UncstKey.skey[0];
688 }
689 GET_TKIP_PN(iv, txpn);
690 pnl = (u16)(txpn.val);
691 pnh = (u32)(txpn.val >> 16);
692 phase1((u16 *)&ttkey[0], prwskey, &prxattrib->ta[0],
693 pnh);
694 phase2(&rc4key[0], prwskey, (unsigned short *)
695 &ttkey[0], pnl);
696 /* 4 decrypt payload include icv */
697 arcfour_init(&mycontext, rc4key, 16);
698 arcfour_encrypt(&mycontext, payload, payload, length);
699 *((__le32 *)crc) = cpu_to_le32(getcrc32(payload,
700 length - 4));
701 if (crc[3] != payload[length - 1] ||
702 crc[2] != payload[length - 2] ||
703 crc[1] != payload[length - 3] ||
704 crc[0] != payload[length - 4])
705 return _FAIL;
706 } else {
707 return _FAIL;
708 }
709 }
710 return _SUCCESS;
711 }
712
713 /* 3 =====AES related===== */
714
715 #define MAX_MSG_SIZE 2048
716 /*****************************/
717 /******** SBOX Table *********/
718 /*****************************/
719
720 static const u8 sbox_table[256] = {
721 0x63, 0x7c, 0x77, 0x7b, 0xf2, 0x6b, 0x6f, 0xc5,
722 0x30, 0x01, 0x67, 0x2b, 0xfe, 0xd7, 0xab, 0x76,
723 0xca, 0x82, 0xc9, 0x7d, 0xfa, 0x59, 0x47, 0xf0,
724 0xad, 0xd4, 0xa2, 0xaf, 0x9c, 0xa4, 0x72, 0xc0,
725 0xb7, 0xfd, 0x93, 0x26, 0x36, 0x3f, 0xf7, 0xcc,
726 0x34, 0xa5, 0xe5, 0xf1, 0x71, 0xd8, 0x31, 0x15,
727 0x04, 0xc7, 0x23, 0xc3, 0x18, 0x96, 0x05, 0x9a,
728 0x07, 0x12, 0x80, 0xe2, 0xeb, 0x27, 0xb2, 0x75,
729 0x09, 0x83, 0x2c, 0x1a, 0x1b, 0x6e, 0x5a, 0xa0,
730 0x52, 0x3b, 0xd6, 0xb3, 0x29, 0xe3, 0x2f, 0x84,
731 0x53, 0xd1, 0x00, 0xed, 0x20, 0xfc, 0xb1, 0x5b,
732 0x6a, 0xcb, 0xbe, 0x39, 0x4a, 0x4c, 0x58, 0xcf,
733 0xd0, 0xef, 0xaa, 0xfb, 0x43, 0x4d, 0x33, 0x85,
734 0x45, 0xf9, 0x02, 0x7f, 0x50, 0x3c, 0x9f, 0xa8,
735 0x51, 0xa3, 0x40, 0x8f, 0x92, 0x9d, 0x38, 0xf5,
736 0xbc, 0xb6, 0xda, 0x21, 0x10, 0xff, 0xf3, 0xd2,
737 0xcd, 0x0c, 0x13, 0xec, 0x5f, 0x97, 0x44, 0x17,
738 0xc4, 0xa7, 0x7e, 0x3d, 0x64, 0x5d, 0x19, 0x73,
739 0x60, 0x81, 0x4f, 0xdc, 0x22, 0x2a, 0x90, 0x88,
740 0x46, 0xee, 0xb8, 0x14, 0xde, 0x5e, 0x0b, 0xdb,
741 0xe0, 0x32, 0x3a, 0x0a, 0x49, 0x06, 0x24, 0x5c,
742 0xc2, 0xd3, 0xac, 0x62, 0x91, 0x95, 0xe4, 0x79,
743 0xe7, 0xc8, 0x37, 0x6d, 0x8d, 0xd5, 0x4e, 0xa9,
744 0x6c, 0x56, 0xf4, 0xea, 0x65, 0x7a, 0xae, 0x08,
745 0xba, 0x78, 0x25, 0x2e, 0x1c, 0xa6, 0xb4, 0xc6,
746 0xe8, 0xdd, 0x74, 0x1f, 0x4b, 0xbd, 0x8b, 0x8a,
747 0x70, 0x3e, 0xb5, 0x66, 0x48, 0x03, 0xf6, 0x0e,
748 0x61, 0x35, 0x57, 0xb9, 0x86, 0xc1, 0x1d, 0x9e,
749 0xe1, 0xf8, 0x98, 0x11, 0x69, 0xd9, 0x8e, 0x94,
750 0x9b, 0x1e, 0x87, 0xe9, 0xce, 0x55, 0x28, 0xdf,
751 0x8c, 0xa1, 0x89, 0x0d, 0xbf, 0xe6, 0x42, 0x68,
752 0x41, 0x99, 0x2d, 0x0f, 0xb0, 0x54, 0xbb, 0x16
753 };
754
755 /****************************************/
756 /* aes128k128d() */
757 /* Performs a 128 bit AES encrypt with */
758 /* 128 bit data. */
759 /****************************************/
xor_128(u8 * a,u8 * b,u8 * out)760 static void xor_128(u8 *a, u8 *b, u8 *out)
761 {
762 sint i;
763
764 for (i = 0; i < 16; i++)
765 out[i] = a[i] ^ b[i];
766 }
767
xor_32(u8 * a,u8 * b,u8 * out)768 static void xor_32(u8 *a, u8 *b, u8 *out)
769 {
770 sint i;
771
772 for (i = 0; i < 4; i++)
773 out[i] = a[i] ^ b[i];
774 }
775
sbox(u8 a)776 static u8 sbox(u8 a)
777 {
778 return sbox_table[(sint)a];
779 }
780
next_key(u8 * key,sint round)781 static void next_key(u8 *key, sint round)
782 {
783 u8 rcon;
784 u8 sbox_key[4];
785 u8 rcon_table[12] = {
786 0x01, 0x02, 0x04, 0x08, 0x10, 0x20, 0x40, 0x80,
787 0x1b, 0x36, 0x36, 0x36
788 };
789
790 sbox_key[0] = sbox(key[13]);
791 sbox_key[1] = sbox(key[14]);
792 sbox_key[2] = sbox(key[15]);
793 sbox_key[3] = sbox(key[12]);
794 rcon = rcon_table[round];
795 xor_32(&key[0], sbox_key, &key[0]);
796 key[0] = key[0] ^ rcon;
797 xor_32(&key[4], &key[0], &key[4]);
798 xor_32(&key[8], &key[4], &key[8]);
799 xor_32(&key[12], &key[8], &key[12]);
800 }
801
byte_sub(u8 * in,u8 * out)802 static void byte_sub(u8 *in, u8 *out)
803 {
804 sint i;
805
806 for (i = 0; i < 16; i++)
807 out[i] = sbox(in[i]);
808 }
809
shift_row(u8 * in,u8 * out)810 static void shift_row(u8 *in, u8 *out)
811 {
812 out[0] = in[0];
813 out[1] = in[5];
814 out[2] = in[10];
815 out[3] = in[15];
816 out[4] = in[4];
817 out[5] = in[9];
818 out[6] = in[14];
819 out[7] = in[3];
820 out[8] = in[8];
821 out[9] = in[13];
822 out[10] = in[2];
823 out[11] = in[7];
824 out[12] = in[12];
825 out[13] = in[1];
826 out[14] = in[6];
827 out[15] = in[11];
828 }
829
mix_column(u8 * in,u8 * out)830 static void mix_column(u8 *in, u8 *out)
831 {
832 sint i;
833 u8 add1b[4];
834 u8 add1bf7[4];
835 u8 rotl[4];
836 u8 swap_halves[4];
837 u8 andf7[4];
838 u8 rotr[4];
839 u8 temp[4];
840 u8 tempb[4];
841
842 for (i = 0; i < 4; i++) {
843 if ((in[i] & 0x80) == 0x80)
844 add1b[i] = 0x1b;
845 else
846 add1b[i] = 0x00;
847 }
848 swap_halves[0] = in[2]; /* Swap halves */
849 swap_halves[1] = in[3];
850 swap_halves[2] = in[0];
851 swap_halves[3] = in[1];
852 rotl[0] = in[3]; /* Rotate left 8 bits */
853 rotl[1] = in[0];
854 rotl[2] = in[1];
855 rotl[3] = in[2];
856 andf7[0] = in[0] & 0x7f;
857 andf7[1] = in[1] & 0x7f;
858 andf7[2] = in[2] & 0x7f;
859 andf7[3] = in[3] & 0x7f;
860 for (i = 3; i > 0; i--) { /* logical shift left 1 bit */
861 andf7[i] = andf7[i] << 1;
862 if ((andf7[i - 1] & 0x80) == 0x80)
863 andf7[i] = (andf7[i] | 0x01);
864 }
865 andf7[0] = andf7[0] << 1;
866 andf7[0] = andf7[0] & 0xfe;
867 xor_32(add1b, andf7, add1bf7);
868 xor_32(in, add1bf7, rotr);
869 temp[0] = rotr[0]; /* Rotate right 8 bits */
870 rotr[0] = rotr[1];
871 rotr[1] = rotr[2];
872 rotr[2] = rotr[3];
873 rotr[3] = temp[0];
874 xor_32(add1bf7, rotr, temp);
875 xor_32(swap_halves, rotl, tempb);
876 xor_32(temp, tempb, out);
877 }
878
aes128k128d(u8 * key,u8 * data,u8 * ciphertext)879 static void aes128k128d(u8 *key, u8 *data, u8 *ciphertext)
880 {
881 sint round;
882 sint i;
883 u8 intermediatea[16];
884 u8 intermediateb[16];
885 u8 round_key[16];
886
887 for (i = 0; i < 16; i++)
888 round_key[i] = key[i];
889 for (round = 0; round < 11; round++) {
890 if (round == 0) {
891 xor_128(round_key, data, ciphertext);
892 next_key(round_key, round);
893 } else if (round == 10) {
894 byte_sub(ciphertext, intermediatea);
895 shift_row(intermediatea, intermediateb);
896 xor_128(intermediateb, round_key, ciphertext);
897 } else { /* 1 - 9 */
898 byte_sub(ciphertext, intermediatea);
899 shift_row(intermediatea, intermediateb);
900 mix_column(&intermediateb[0], &intermediatea[0]);
901 mix_column(&intermediateb[4], &intermediatea[4]);
902 mix_column(&intermediateb[8], &intermediatea[8]);
903 mix_column(&intermediateb[12], &intermediatea[12]);
904 xor_128(intermediatea, round_key, ciphertext);
905 next_key(round_key, round);
906 }
907 }
908 }
909
910 /************************************************/
911 /* construct_mic_iv() */
912 /* Builds the MIC IV from header fields and PN */
913 /************************************************/
construct_mic_iv(u8 * mic_iv,sint qc_exists,sint a4_exists,u8 * mpdu,uint payload_length,u8 * pn_vector)914 static void construct_mic_iv(u8 *mic_iv, sint qc_exists, sint a4_exists,
915 u8 *mpdu, uint payload_length, u8 *pn_vector)
916 {
917 sint i;
918
919 mic_iv[0] = 0x59;
920 if (qc_exists && a4_exists)
921 mic_iv[1] = mpdu[30] & 0x0f; /* QoS_TC */
922 if (qc_exists && !a4_exists)
923 mic_iv[1] = mpdu[24] & 0x0f; /* mute bits 7-4 */
924 if (!qc_exists)
925 mic_iv[1] = 0x00;
926 for (i = 2; i < 8; i++)
927 mic_iv[i] = mpdu[i + 8];
928 for (i = 8; i < 14; i++)
929 mic_iv[i] = pn_vector[13 - i]; /* mic_iv[8:13] = PN[5:0] */
930 mic_iv[14] = (unsigned char) (payload_length / 256);
931 mic_iv[15] = (unsigned char) (payload_length % 256);
932 }
933
934 /************************************************/
935 /* construct_mic_header1() */
936 /* Builds the first MIC header block from */
937 /* header fields. */
938 /************************************************/
construct_mic_header1(u8 * mic_header1,sint header_length,u8 * mpdu)939 static void construct_mic_header1(u8 *mic_header1, sint header_length, u8 *mpdu)
940 {
941 mic_header1[0] = (u8)((header_length - 2) / 256);
942 mic_header1[1] = (u8)((header_length - 2) % 256);
943 mic_header1[2] = mpdu[0] & 0xcf; /* Mute CF poll & CF ack bits */
944 /* Mute retry, more data and pwr mgt bits */
945 mic_header1[3] = mpdu[1] & 0xc7;
946 mic_header1[4] = mpdu[4]; /* A1 */
947 mic_header1[5] = mpdu[5];
948 mic_header1[6] = mpdu[6];
949 mic_header1[7] = mpdu[7];
950 mic_header1[8] = mpdu[8];
951 mic_header1[9] = mpdu[9];
952 mic_header1[10] = mpdu[10]; /* A2 */
953 mic_header1[11] = mpdu[11];
954 mic_header1[12] = mpdu[12];
955 mic_header1[13] = mpdu[13];
956 mic_header1[14] = mpdu[14];
957 mic_header1[15] = mpdu[15];
958 }
959
960 /************************************************/
961 /* construct_mic_header2() */
962 /* Builds the last MIC header block from */
963 /* header fields. */
964 /************************************************/
construct_mic_header2(u8 * mic_header2,u8 * mpdu,sint a4_exists,sint qc_exists)965 static void construct_mic_header2(u8 *mic_header2, u8 *mpdu, sint a4_exists,
966 sint qc_exists)
967 {
968 sint i;
969
970 for (i = 0; i < 16; i++)
971 mic_header2[i] = 0x00;
972 mic_header2[0] = mpdu[16]; /* A3 */
973 mic_header2[1] = mpdu[17];
974 mic_header2[2] = mpdu[18];
975 mic_header2[3] = mpdu[19];
976 mic_header2[4] = mpdu[20];
977 mic_header2[5] = mpdu[21];
978 mic_header2[6] = 0x00;
979 mic_header2[7] = 0x00; /* mpdu[23]; */
980 if (!qc_exists && a4_exists)
981 for (i = 0; i < 6; i++)
982 mic_header2[8 + i] = mpdu[24 + i]; /* A4 */
983 if (qc_exists && !a4_exists) {
984 mic_header2[8] = mpdu[24] & 0x0f; /* mute bits 15 - 4 */
985 mic_header2[9] = mpdu[25] & 0x00;
986 }
987 if (qc_exists && a4_exists) {
988 for (i = 0; i < 6; i++)
989 mic_header2[8 + i] = mpdu[24 + i]; /* A4 */
990 mic_header2[14] = mpdu[30] & 0x0f;
991 mic_header2[15] = mpdu[31] & 0x00;
992 }
993 }
994
995 /************************************************/
996 /* construct_mic_header2() */
997 /* Builds the last MIC header block from */
998 /* header fields. */
999 /************************************************/
construct_ctr_preload(u8 * ctr_preload,sint a4_exists,sint qc_exists,u8 * mpdu,u8 * pn_vector,sint c)1000 static void construct_ctr_preload(u8 *ctr_preload,
1001 sint a4_exists, sint qc_exists,
1002 u8 *mpdu, u8 *pn_vector, sint c)
1003 {
1004 sint i;
1005
1006 for (i = 0; i < 16; i++)
1007 ctr_preload[i] = 0x00;
1008 i = 0;
1009 ctr_preload[0] = 0x01; /* flag */
1010 if (qc_exists && a4_exists)
1011 ctr_preload[1] = mpdu[30] & 0x0f;
1012 if (qc_exists && !a4_exists)
1013 ctr_preload[1] = mpdu[24] & 0x0f;
1014 for (i = 2; i < 8; i++)
1015 ctr_preload[i] = mpdu[i + 8];
1016 for (i = 8; i < 14; i++)
1017 ctr_preload[i] = pn_vector[13 - i];
1018 ctr_preload[14] = (unsigned char) (c / 256); /* Ctr */
1019 ctr_preload[15] = (unsigned char) (c % 256);
1020 }
1021
1022 /************************************/
1023 /* bitwise_xor() */
1024 /* A 128 bit, bitwise exclusive or */
1025 /************************************/
bitwise_xor(u8 * ina,u8 * inb,u8 * out)1026 static void bitwise_xor(u8 *ina, u8 *inb, u8 *out)
1027 {
1028 sint i;
1029
1030 for (i = 0; i < 16; i++)
1031 out[i] = ina[i] ^ inb[i];
1032 }
1033
aes_cipher(u8 * key,uint hdrlen,u8 * pframe,uint plen)1034 static sint aes_cipher(u8 *key, uint hdrlen,
1035 u8 *pframe, uint plen)
1036 {
1037 uint qc_exists, a4_exists, i, j, payload_remainder;
1038 uint num_blocks, payload_index;
1039
1040 u8 pn_vector[6];
1041 u8 mic_iv[16];
1042 u8 mic_header1[16];
1043 u8 mic_header2[16];
1044 u8 ctr_preload[16];
1045
1046 /* Intermediate Buffers */
1047 u8 chain_buffer[16];
1048 u8 aes_out[16];
1049 u8 padded_buffer[16];
1050 u8 mic[8];
1051 u16 frtype = GetFrameType(pframe);
1052 u16 frsubtype = GetFrameSubType(pframe);
1053
1054 frsubtype >>= 4;
1055 memset((void *)mic_iv, 0, 16);
1056 memset((void *)mic_header1, 0, 16);
1057 memset((void *)mic_header2, 0, 16);
1058 memset((void *)ctr_preload, 0, 16);
1059 memset((void *)chain_buffer, 0, 16);
1060 memset((void *)aes_out, 0, 16);
1061 memset((void *)padded_buffer, 0, 16);
1062
1063 if ((hdrlen == WLAN_HDR_A3_LEN) || (hdrlen == WLAN_HDR_A3_QOS_LEN))
1064 a4_exists = 0;
1065 else
1066 a4_exists = 1;
1067
1068 if ((frtype == WIFI_DATA_CFACK) ||
1069 (frtype == WIFI_DATA_CFPOLL) ||
1070 (frtype == WIFI_DATA_CFACKPOLL)) {
1071 qc_exists = 1;
1072 if (hdrlen != WLAN_HDR_A3_QOS_LEN)
1073 hdrlen += 2;
1074 } else if ((frsubtype == 0x08) ||
1075 (frsubtype == 0x09) ||
1076 (frsubtype == 0x0a) ||
1077 (frsubtype == 0x0b)) {
1078 if (hdrlen != WLAN_HDR_A3_QOS_LEN)
1079 hdrlen += 2;
1080 qc_exists = 1;
1081 } else {
1082 qc_exists = 0;
1083 }
1084 pn_vector[0] = pframe[hdrlen];
1085 pn_vector[1] = pframe[hdrlen + 1];
1086 pn_vector[2] = pframe[hdrlen + 4];
1087 pn_vector[3] = pframe[hdrlen + 5];
1088 pn_vector[4] = pframe[hdrlen + 6];
1089 pn_vector[5] = pframe[hdrlen + 7];
1090 construct_mic_iv(mic_iv, qc_exists, a4_exists, pframe, plen, pn_vector);
1091 construct_mic_header1(mic_header1, hdrlen, pframe);
1092 construct_mic_header2(mic_header2, pframe, a4_exists, qc_exists);
1093 payload_remainder = plen % 16;
1094 num_blocks = plen / 16;
1095 /* Find start of payload */
1096 payload_index = hdrlen + 8;
1097 /* Calculate MIC */
1098 aes128k128d(key, mic_iv, aes_out);
1099 bitwise_xor(aes_out, mic_header1, chain_buffer);
1100 aes128k128d(key, chain_buffer, aes_out);
1101 bitwise_xor(aes_out, mic_header2, chain_buffer);
1102 aes128k128d(key, chain_buffer, aes_out);
1103 for (i = 0; i < num_blocks; i++) {
1104 bitwise_xor(aes_out, &pframe[payload_index], chain_buffer);
1105 payload_index += 16;
1106 aes128k128d(key, chain_buffer, aes_out);
1107 }
1108 /* Add on the final payload block if it needs padding */
1109 if (payload_remainder > 0) {
1110 for (j = 0; j < 16; j++)
1111 padded_buffer[j] = 0x00;
1112 for (j = 0; j < payload_remainder; j++)
1113 padded_buffer[j] = pframe[payload_index++];
1114 bitwise_xor(aes_out, padded_buffer, chain_buffer);
1115 aes128k128d(key, chain_buffer, aes_out);
1116 }
1117 for (j = 0; j < 8; j++)
1118 mic[j] = aes_out[j];
1119 /* Insert MIC into payload */
1120 for (j = 0; j < 8; j++)
1121 pframe[payload_index + j] = mic[j];
1122 payload_index = hdrlen + 8;
1123 for (i = 0; i < num_blocks; i++) {
1124 construct_ctr_preload(ctr_preload, a4_exists, qc_exists,
1125 pframe, pn_vector, i + 1);
1126 aes128k128d(key, ctr_preload, aes_out);
1127 bitwise_xor(aes_out, &pframe[payload_index], chain_buffer);
1128 for (j = 0; j < 16; j++)
1129 pframe[payload_index++] = chain_buffer[j];
1130 }
1131 if (payload_remainder > 0) { /* If short final block, then pad it,*/
1132 /* encrypt and copy unpadded part back */
1133 construct_ctr_preload(ctr_preload, a4_exists, qc_exists,
1134 pframe, pn_vector, num_blocks + 1);
1135 for (j = 0; j < 16; j++)
1136 padded_buffer[j] = 0x00;
1137 for (j = 0; j < payload_remainder; j++)
1138 padded_buffer[j] = pframe[payload_index + j];
1139 aes128k128d(key, ctr_preload, aes_out);
1140 bitwise_xor(aes_out, padded_buffer, chain_buffer);
1141 for (j = 0; j < payload_remainder; j++)
1142 pframe[payload_index++] = chain_buffer[j];
1143 }
1144 /* Encrypt the MIC */
1145 construct_ctr_preload(ctr_preload, a4_exists, qc_exists,
1146 pframe, pn_vector, 0);
1147 for (j = 0; j < 16; j++)
1148 padded_buffer[j] = 0x00;
1149 for (j = 0; j < 8; j++)
1150 padded_buffer[j] = pframe[j + hdrlen + 8 + plen];
1151 aes128k128d(key, ctr_preload, aes_out);
1152 bitwise_xor(aes_out, padded_buffer, chain_buffer);
1153 for (j = 0; j < 8; j++)
1154 pframe[payload_index++] = chain_buffer[j];
1155 return _SUCCESS;
1156 }
1157
r8712_aes_encrypt(struct _adapter * padapter,u8 * pxmitframe)1158 u32 r8712_aes_encrypt(struct _adapter *padapter, u8 *pxmitframe)
1159 { /* exclude ICV */
1160 /* Intermediate Buffers */
1161 sint curfragnum, length;
1162 u8 *pframe, *prwskey;
1163 struct sta_info *stainfo;
1164 struct pkt_attrib *pattrib = &((struct xmit_frame *)
1165 pxmitframe)->attrib;
1166 struct xmit_priv *pxmitpriv = &padapter->xmitpriv;
1167 u32 res = _SUCCESS;
1168
1169 if (((struct xmit_frame *)pxmitframe)->buf_addr == NULL)
1170 return _FAIL;
1171 pframe = ((struct xmit_frame *)pxmitframe)->buf_addr + TXDESC_OFFSET;
1172 /* 4 start to encrypt each fragment */
1173 if (pattrib->encrypt == _AES_) {
1174 if (pattrib->psta)
1175 stainfo = pattrib->psta;
1176 else
1177 stainfo = r8712_get_stainfo(&padapter->stapriv,
1178 &pattrib->ra[0]);
1179 if (stainfo != NULL) {
1180 prwskey = &stainfo->x_UncstKey.skey[0];
1181 for (curfragnum = 0; curfragnum < pattrib->nr_frags;
1182 curfragnum++) {
1183 if ((curfragnum + 1) == pattrib->nr_frags) {
1184 length = pattrib->last_txcmdsz -
1185 pattrib->hdrlen -
1186 pattrib->iv_len -
1187 pattrib->icv_len;
1188 aes_cipher(prwskey, pattrib->hdrlen,
1189 pframe, length);
1190 } else {
1191 length = pxmitpriv->frag_len -
1192 pattrib->hdrlen -
1193 pattrib->iv_len -
1194 pattrib->icv_len;
1195 aes_cipher(prwskey, pattrib->hdrlen,
1196 pframe, length);
1197 pframe += pxmitpriv->frag_len;
1198 pframe = (u8 *)RND4((addr_t)(pframe));
1199 }
1200 }
1201 } else {
1202 res = _FAIL;
1203 }
1204 }
1205 return res;
1206 }
1207
aes_decipher(u8 * key,uint hdrlen,u8 * pframe,uint plen)1208 static sint aes_decipher(u8 *key, uint hdrlen,
1209 u8 *pframe, uint plen)
1210 {
1211 static u8 message[MAX_MSG_SIZE];
1212 uint qc_exists, a4_exists, i, j, payload_remainder;
1213 uint num_blocks, payload_index;
1214 u8 pn_vector[6];
1215 u8 mic_iv[16];
1216 u8 mic_header1[16];
1217 u8 mic_header2[16];
1218 u8 ctr_preload[16];
1219 /* Intermediate Buffers */
1220 u8 chain_buffer[16];
1221 u8 aes_out[16];
1222 u8 padded_buffer[16];
1223 u8 mic[8];
1224 uint frtype = GetFrameType(pframe);
1225 uint frsubtype = GetFrameSubType(pframe);
1226
1227 frsubtype >>= 4;
1228 memset((void *)mic_iv, 0, 16);
1229 memset((void *)mic_header1, 0, 16);
1230 memset((void *)mic_header2, 0, 16);
1231 memset((void *)ctr_preload, 0, 16);
1232 memset((void *)chain_buffer, 0, 16);
1233 memset((void *)aes_out, 0, 16);
1234 memset((void *)padded_buffer, 0, 16);
1235 /* start to decrypt the payload */
1236 /*(plen including llc, payload and mic) */
1237 num_blocks = (plen - 8) / 16;
1238 payload_remainder = (plen - 8) % 16;
1239 pn_vector[0] = pframe[hdrlen];
1240 pn_vector[1] = pframe[hdrlen + 1];
1241 pn_vector[2] = pframe[hdrlen + 4];
1242 pn_vector[3] = pframe[hdrlen + 5];
1243 pn_vector[4] = pframe[hdrlen + 6];
1244 pn_vector[5] = pframe[hdrlen + 7];
1245 if ((hdrlen == WLAN_HDR_A3_LEN) || (hdrlen == WLAN_HDR_A3_QOS_LEN))
1246 a4_exists = 0;
1247 else
1248 a4_exists = 1;
1249 if ((frtype == WIFI_DATA_CFACK) ||
1250 (frtype == WIFI_DATA_CFPOLL) ||
1251 (frtype == WIFI_DATA_CFACKPOLL)) {
1252 qc_exists = 1;
1253 if (hdrlen != WLAN_HDR_A3_QOS_LEN)
1254 hdrlen += 2;
1255 } else if ((frsubtype == 0x08) ||
1256 (frsubtype == 0x09) ||
1257 (frsubtype == 0x0a) ||
1258 (frsubtype == 0x0b)) {
1259 if (hdrlen != WLAN_HDR_A3_QOS_LEN)
1260 hdrlen += 2;
1261 qc_exists = 1;
1262 } else {
1263 qc_exists = 0;
1264 }
1265 /* now, decrypt pframe with hdrlen offset and plen long */
1266 payload_index = hdrlen + 8; /* 8 is for extiv */
1267 for (i = 0; i < num_blocks; i++) {
1268 construct_ctr_preload(ctr_preload, a4_exists, qc_exists,
1269 pframe, pn_vector, i + 1);
1270 aes128k128d(key, ctr_preload, aes_out);
1271 bitwise_xor(aes_out, &pframe[payload_index], chain_buffer);
1272 for (j = 0; j < 16; j++)
1273 pframe[payload_index++] = chain_buffer[j];
1274 }
1275 if (payload_remainder > 0) { /* If short final block, pad it,*/
1276 /* encrypt it and copy the unpadded part back */
1277 construct_ctr_preload(ctr_preload, a4_exists, qc_exists,
1278 pframe, pn_vector, num_blocks + 1);
1279 for (j = 0; j < 16; j++)
1280 padded_buffer[j] = 0x00;
1281 for (j = 0; j < payload_remainder; j++)
1282 padded_buffer[j] = pframe[payload_index + j];
1283 aes128k128d(key, ctr_preload, aes_out);
1284 bitwise_xor(aes_out, padded_buffer, chain_buffer);
1285 for (j = 0; j < payload_remainder; j++)
1286 pframe[payload_index++] = chain_buffer[j];
1287 }
1288 /* start to calculate the mic */
1289 memcpy((void *)message, pframe, (hdrlen + plen + 8));
1290 pn_vector[0] = pframe[hdrlen];
1291 pn_vector[1] = pframe[hdrlen + 1];
1292 pn_vector[2] = pframe[hdrlen + 4];
1293 pn_vector[3] = pframe[hdrlen + 5];
1294 pn_vector[4] = pframe[hdrlen + 6];
1295 pn_vector[5] = pframe[hdrlen + 7];
1296 construct_mic_iv(mic_iv, qc_exists, a4_exists, message, plen - 8,
1297 pn_vector);
1298 construct_mic_header1(mic_header1, hdrlen, message);
1299 construct_mic_header2(mic_header2, message, a4_exists, qc_exists);
1300 payload_remainder = (plen - 8) % 16;
1301 num_blocks = (plen - 8) / 16;
1302 /* Find start of payload */
1303 payload_index = hdrlen + 8;
1304 /* Calculate MIC */
1305 aes128k128d(key, mic_iv, aes_out);
1306 bitwise_xor(aes_out, mic_header1, chain_buffer);
1307 aes128k128d(key, chain_buffer, aes_out);
1308 bitwise_xor(aes_out, mic_header2, chain_buffer);
1309 aes128k128d(key, chain_buffer, aes_out);
1310 for (i = 0; i < num_blocks; i++) {
1311 bitwise_xor(aes_out, &message[payload_index], chain_buffer);
1312 payload_index += 16;
1313 aes128k128d(key, chain_buffer, aes_out);
1314 }
1315 /* Add on the final payload block if it needs padding */
1316 if (payload_remainder > 0) {
1317 for (j = 0; j < 16; j++)
1318 padded_buffer[j] = 0x00;
1319 for (j = 0; j < payload_remainder; j++)
1320 padded_buffer[j] = message[payload_index++];
1321 bitwise_xor(aes_out, padded_buffer, chain_buffer);
1322 aes128k128d(key, chain_buffer, aes_out);
1323 }
1324 for (j = 0; j < 8; j++)
1325 mic[j] = aes_out[j];
1326 /* Insert MIC into payload */
1327 for (j = 0; j < 8; j++)
1328 message[payload_index + j] = mic[j];
1329 payload_index = hdrlen + 8;
1330 for (i = 0; i < num_blocks; i++) {
1331 construct_ctr_preload(ctr_preload, a4_exists, qc_exists,
1332 message, pn_vector, i + 1);
1333 aes128k128d(key, ctr_preload, aes_out);
1334 bitwise_xor(aes_out, &message[payload_index], chain_buffer);
1335 for (j = 0; j < 16; j++)
1336 message[payload_index++] = chain_buffer[j];
1337 }
1338 if (payload_remainder > 0) { /* If short final block, pad it,*/
1339 /* encrypt and copy unpadded part back */
1340 construct_ctr_preload(ctr_preload, a4_exists, qc_exists,
1341 message, pn_vector, num_blocks + 1);
1342 for (j = 0; j < 16; j++)
1343 padded_buffer[j] = 0x00;
1344 for (j = 0; j < payload_remainder; j++)
1345 padded_buffer[j] = message[payload_index + j];
1346 aes128k128d(key, ctr_preload, aes_out);
1347 bitwise_xor(aes_out, padded_buffer, chain_buffer);
1348 for (j = 0; j < payload_remainder; j++)
1349 message[payload_index++] = chain_buffer[j];
1350 }
1351 /* Encrypt the MIC */
1352 construct_ctr_preload(ctr_preload, a4_exists, qc_exists, message,
1353 pn_vector, 0);
1354 for (j = 0; j < 16; j++)
1355 padded_buffer[j] = 0x00;
1356 for (j = 0; j < 8; j++)
1357 padded_buffer[j] = message[j + hdrlen + plen];
1358 aes128k128d(key, ctr_preload, aes_out);
1359 bitwise_xor(aes_out, padded_buffer, chain_buffer);
1360 for (j = 0; j < 8; j++)
1361 message[payload_index++] = chain_buffer[j];
1362 /* compare the mic */
1363 return _SUCCESS;
1364 }
1365
r8712_aes_decrypt(struct _adapter * padapter,u8 * precvframe)1366 u32 r8712_aes_decrypt(struct _adapter *padapter, u8 *precvframe)
1367 { /* exclude ICV */
1368 /* Intermediate Buffers */
1369 sint length;
1370 u8 *pframe, *prwskey, *iv, idx;
1371 struct sta_info *stainfo;
1372 struct rx_pkt_attrib *prxattrib = &((union recv_frame *)
1373 precvframe)->u.hdr.attrib;
1374 struct security_priv *psecuritypriv = &padapter->securitypriv;
1375
1376 pframe = (unsigned char *)((union recv_frame *)precvframe)->
1377 u.hdr.rx_data;
1378 /* 4 start to encrypt each fragment */
1379 if (prxattrib->encrypt == _AES_) {
1380 stainfo = r8712_get_stainfo(&padapter->stapriv,
1381 &prxattrib->ta[0]);
1382 if (stainfo != NULL) {
1383 if (IS_MCAST(prxattrib->ra)) {
1384 iv = pframe + prxattrib->hdrlen;
1385 idx = iv[3];
1386 prwskey = &psecuritypriv->XGrpKey[
1387 ((idx >> 6) & 0x3) - 1].skey[0];
1388 if (!psecuritypriv->binstallGrpkey)
1389 return _FAIL;
1390
1391 } else {
1392 prwskey = &stainfo->x_UncstKey.skey[0];
1393 }
1394 length = ((union recv_frame *)precvframe)->
1395 u.hdr.len - prxattrib->hdrlen -
1396 prxattrib->iv_len;
1397 aes_decipher(prwskey, prxattrib->hdrlen, pframe,
1398 length);
1399 } else {
1400 return _FAIL;
1401 }
1402 }
1403 return _SUCCESS;
1404 }
1405
r8712_use_tkipkey_handler(struct timer_list * t)1406 void r8712_use_tkipkey_handler(struct timer_list *t)
1407 {
1408 struct _adapter *padapter =
1409 from_timer(padapter, t, securitypriv.tkip_timer);
1410
1411 padapter->securitypriv.busetkipkey = true;
1412 }
1413
