1 /******************************************************************************
4 * Copyright(c) 2007 - 2010 Realtek Corporation. All rights reserved.
5 * Linux device driver for RTL8192SU
7 * This program is free software; you can redistribute it and/or modify it
8 * under the terms of version 2 of the GNU General Public License as
9 * published by the Free Software Foundation.
11 * This program is distributed in the hope that it will be useful, but WITHOUT
12 * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
13 * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for
16 * You should have received a copy of the GNU General Public License along with
17 * this program; if not, write to the Free Software Foundation, Inc.,
18 * 51 Franklin Street, Fifth Floor, Boston, MA 02110, USA
20 * Modifications for inclusion into the Linux staging tree are
21 * Copyright(c) 2010 Larry Finger. All rights reserved.
23 * Contact information:
27 ******************************************************************************/
29 #define _RTL871X_SECURITY_C_
31 #include <linux/compiler.h>
32 #include <linux/kernel.h>
33 #include <linux/errno.h>
34 #include <linux/slab.h>
35 #include <linux/module.h>
36 #include <linux/kref.h>
37 #include <linux/netdevice.h>
38 #include <linux/skbuff.h>
39 #include <linux/circ_buf.h>
40 #include <linux/uaccess.h>
41 #include <asm/byteorder.h>
42 #include <linux/atomic.h>
43 #include <linux/semaphore.h>
45 #include "osdep_service.h"
46 #include "drv_types.h"
48 #include "osdep_intf.h"
50 /* =====WEP related===== */
52 #define CRC32_POLY 0x04c11db7
60 static void arcfour_init(struct arc4context *parc4ctx, u8 *key, u32 key_len)
68 state = parc4ctx->state;
71 for (counter = 0; counter < 256; counter++)
72 state[counter] = (u8)counter;
75 for (counter = 0; counter < 256; counter++) {
77 stateindex = (stateindex + key[keyindex] + t) & 0xff;
78 u = state[stateindex];
79 state[stateindex] = (u8)t;
80 state[counter] = (u8)u;
81 if (++keyindex >= key_len)
86 static u32 arcfour_byte(struct arc4context *parc4ctx)
93 state = parc4ctx->state;
94 x = (parc4ctx->x + 1) & 0xff;
96 y = (sx + parc4ctx->y) & 0xff;
102 return state[(sx + sy) & 0xff];
105 static void arcfour_encrypt(struct arc4context *parc4ctx,
106 u8 *dest, u8 *src, u32 len)
110 for (i = 0; i < len; i++)
111 dest[i] = src[i] ^ (unsigned char)arcfour_byte(parc4ctx);
114 static sint bcrc32initialized;
115 static u32 crc32_table[256];
117 static u8 crc32_reverseBit(u8 data)
119 return ((u8)(data << 7) & 0x80) | ((data << 5) & 0x40) | ((data << 3)
120 & 0x20) | ((data << 1) & 0x10) | ((data >> 1) & 0x08) |
121 ((data >> 3) & 0x04) | ((data >> 5) & 0x02) | ((data >> 7) &
125 static void crc32_init(void)
129 u8 *p = (u8 *)&c, *p1;
132 if (bcrc32initialized == 1)
135 for (i = 0; i < 256; ++i) {
136 k = crc32_reverseBit((u8)i);
137 for (c = ((u32)k) << 24, j = 8; j > 0; --j)
138 c = c & 0x80000000 ? (c << 1) ^ CRC32_POLY : (c << 1);
139 p1 = (u8 *)&crc32_table[i];
140 p1[0] = crc32_reverseBit(p[3]);
141 p1[1] = crc32_reverseBit(p[2]);
142 p1[2] = crc32_reverseBit(p[1]);
143 p1[3] = crc32_reverseBit(p[0]);
145 bcrc32initialized = 1;
148 static u32 getcrc32(u8 *buf, u32 len)
153 if (!bcrc32initialized)
155 crc = 0xffffffff; /* preload shift register, per CRC-32 spec */
156 for (p = buf; len > 0; ++p, --len)
157 crc = crc32_table[(crc ^ *p) & 0xff] ^ (crc >> 8);
158 return ~crc; /* transmit complement, per CRC-32 spec */
162 * Need to consider the fragment situation
164 void r8712_wep_encrypt(struct _adapter *padapter, u8 *pxmitframe)
166 unsigned char crc[4];
167 struct arc4context mycontext;
168 u32 curfragnum, length, keylength, pki;
169 u8 *pframe, *payload, *iv; /*,*wepkey*/
171 struct pkt_attrib *pattrib = &((struct xmit_frame *)
173 struct security_priv *psecuritypriv = &padapter->securitypriv;
174 struct xmit_priv *pxmitpriv = &padapter->xmitpriv;
176 if (((struct xmit_frame *)pxmitframe)->buf_addr == NULL)
178 pframe = ((struct xmit_frame *)pxmitframe)->buf_addr + TXDESC_OFFSET;
179 /*start to encrypt each fragment*/
180 if ((pattrib->encrypt == _WEP40_) || (pattrib->encrypt == _WEP104_)) {
181 pki = psecuritypriv->PrivacyKeyIndex;
182 keylength = psecuritypriv->DefKeylen[pki];
183 for (curfragnum = 0; curfragnum < pattrib->nr_frags;
185 iv = pframe + pattrib->hdrlen;
186 memcpy(&wepkey[0], iv, 3);
187 memcpy(&wepkey[3], &psecuritypriv->DefKey[
188 psecuritypriv->PrivacyKeyIndex].skey[0],
190 payload = pframe + pattrib->iv_len + pattrib->hdrlen;
191 if ((curfragnum + 1) == pattrib->nr_frags) {
192 length = pattrib->last_txcmdsz -
196 *((__le32 *)crc) = cpu_to_le32(getcrc32(
198 arcfour_init(&mycontext, wepkey, 3 + keylength);
199 arcfour_encrypt(&mycontext, payload, payload,
201 arcfour_encrypt(&mycontext, payload + length,
204 length = pxmitpriv->frag_len -
205 pattrib->hdrlen - pattrib->iv_len -
207 *((__le32 *)crc) = cpu_to_le32(getcrc32(
209 arcfour_init(&mycontext, wepkey, 3 + keylength);
210 arcfour_encrypt(&mycontext, payload, payload,
212 arcfour_encrypt(&mycontext, payload + length,
214 pframe += pxmitpriv->frag_len;
215 pframe = (u8 *)RND4((addr_t)(pframe));
221 void r8712_wep_decrypt(struct _adapter *padapter, u8 *precvframe)
225 struct arc4context mycontext;
226 u32 length, keylength;
227 u8 *pframe, *payload, *iv, wepkey[16];
229 struct rx_pkt_attrib *prxattrib = &(((union recv_frame *)
230 precvframe)->u.hdr.attrib);
231 struct security_priv *psecuritypriv = &padapter->securitypriv;
233 pframe = (unsigned char *)((union recv_frame *)precvframe)->
235 /* start to decrypt recvframe */
236 if ((prxattrib->encrypt == _WEP40_) || (prxattrib->encrypt ==
238 iv = pframe + prxattrib->hdrlen;
239 keyindex = (iv[3] & 0x3);
240 keylength = psecuritypriv->DefKeylen[keyindex];
241 memcpy(&wepkey[0], iv, 3);
242 memcpy(&wepkey[3], &psecuritypriv->DefKey[
243 psecuritypriv->PrivacyKeyIndex].skey[0],
245 length = ((union recv_frame *)precvframe)->
246 u.hdr.len - prxattrib->hdrlen - prxattrib->iv_len;
247 payload = pframe + prxattrib->iv_len + prxattrib->hdrlen;
248 /* decrypt payload include icv */
249 arcfour_init(&mycontext, wepkey, 3 + keylength);
250 arcfour_encrypt(&mycontext, payload, payload, length);
251 /* calculate icv and compare the icv */
252 *((__le32 *)crc) = cpu_to_le32(getcrc32(payload, length - 4));
256 /* 3 =====TKIP related===== */
258 static u32 secmicgetuint32(u8 *p)
259 /* Convert from Byte[] to Us4Byte32 in a portable way */
264 for (i = 0; i < 4; i++)
265 res |= ((u32)(*p++)) << (8 * i);
269 static void secmicputuint32(u8 *p, u32 val)
270 /* Convert from Us4Byte32 to Byte[] in a portable way */
274 for (i = 0; i < 4; i++) {
275 *p++ = (u8) (val & 0xff);
280 static void secmicclear(struct mic_data *pmicdata)
282 /* Reset the state to the empty message. */
283 pmicdata->L = pmicdata->K0;
284 pmicdata->R = pmicdata->K1;
285 pmicdata->nBytesInM = 0;
289 void r8712_secmicsetkey(struct mic_data *pmicdata, u8 *key)
292 pmicdata->K0 = secmicgetuint32(key);
293 pmicdata->K1 = secmicgetuint32(key + 4);
294 /* and reset the message */
295 secmicclear(pmicdata);
298 static void secmicappendbyte(struct mic_data *pmicdata, u8 b)
300 /* Append the byte to our word-sized buffer */
301 pmicdata->M |= ((u32)b) << (8 * pmicdata->nBytesInM);
302 pmicdata->nBytesInM++;
303 /* Process the word if it is full. */
304 if (pmicdata->nBytesInM >= 4) {
305 pmicdata->L ^= pmicdata->M;
306 pmicdata->R ^= ROL32(pmicdata->L, 17);
307 pmicdata->L += pmicdata->R;
308 pmicdata->R ^= ((pmicdata->L & 0xff00ff00) >> 8) |
309 ((pmicdata->L & 0x00ff00ff) << 8);
310 pmicdata->L += pmicdata->R;
311 pmicdata->R ^= ROL32(pmicdata->L, 3);
312 pmicdata->L += pmicdata->R;
313 pmicdata->R ^= ROR32(pmicdata->L, 2);
314 pmicdata->L += pmicdata->R;
315 /* Clear the buffer */
317 pmicdata->nBytesInM = 0;
321 void r8712_secmicappend(struct mic_data *pmicdata, u8 *src, u32 nbytes)
325 secmicappendbyte(pmicdata, *src++);
330 void r8712_secgetmic(struct mic_data *pmicdata, u8 *dst)
332 /* Append the minimum padding */
333 secmicappendbyte(pmicdata, 0x5a);
334 secmicappendbyte(pmicdata, 0);
335 secmicappendbyte(pmicdata, 0);
336 secmicappendbyte(pmicdata, 0);
337 secmicappendbyte(pmicdata, 0);
338 /* and then zeroes until the length is a multiple of 4 */
339 while (pmicdata->nBytesInM != 0)
340 secmicappendbyte(pmicdata, 0);
341 /* The appendByte function has already computed the result. */
342 secmicputuint32(dst, pmicdata->L);
343 secmicputuint32(dst + 4, pmicdata->R);
344 /* Reset to the empty message. */
345 secmicclear(pmicdata);
348 void seccalctkipmic(u8 *key, u8 *header, u8 *data, u32 data_len, u8 *mic_code,
352 struct mic_data micdata;
353 u8 priority[4] = {0x0, 0x0, 0x0, 0x0};
355 r8712_secmicsetkey(&micdata, key);
357 /* Michael MIC pseudo header: DA, SA, 3 x 0, Priority */
358 if (header[1] & 1) { /* ToDS==1 */
359 r8712_secmicappend(&micdata, &header[16], 6); /* DA */
360 if (header[1] & 2) /* From Ds==1 */
361 r8712_secmicappend(&micdata, &header[24], 6);
363 r8712_secmicappend(&micdata, &header[10], 6);
364 } else { /* ToDS==0 */
365 r8712_secmicappend(&micdata, &header[4], 6); /* DA */
366 if (header[1] & 2) /* From Ds==1 */
367 r8712_secmicappend(&micdata, &header[16], 6);
369 r8712_secmicappend(&micdata, &header[10], 6);
371 r8712_secmicappend(&micdata, &priority[0], 4);
372 r8712_secmicappend(&micdata, data, data_len);
373 r8712_secgetmic(&micdata, mic_code);
376 /* macros for extraction/creation of unsigned char/unsigned short values */
377 #define RotR1(v16) ((((v16) >> 1) & 0x7FFF) ^ (((v16) & 1) << 15))
378 #define Lo8(v16) ((u8)((v16) & 0x00FF))
379 #define Hi8(v16) ((u8)(((v16) >> 8) & 0x00FF))
380 #define Lo16(v32) ((u16)((v32) & 0xFFFF))
381 #define Hi16(v32) ((u16)(((v32) >> 16) & 0xFFFF))
382 #define Mk16(hi, lo) ((lo) ^ (((u16)(hi)) << 8))
384 /* select the Nth 16-bit word of the temporal key unsigned char array TK[] */
385 #define TK16(N) Mk16(tk[2 * (N) + 1], tk[2 * (N)])
387 /* S-box lookup: 16 bits --> 16 bits */
388 #define _S_(v16) (Sbox1[0][Lo8(v16)] ^ Sbox1[1][Hi8(v16)])
390 /* fixed algorithm "parameters" */
391 #define PHASE1_LOOP_CNT 8 /* this needs to be "big enough" */
392 #define TA_SIZE 6 /* 48-bit transmitter address */
393 #define TK_SIZE 16 /* 128-bit temporal key */
394 #define P1K_SIZE 10 /* 80-bit Phase1 key */
395 #define RC4_KEY_SIZE 16 /* 128-bit RC4KEY (104 bits unknown) */
398 /* 2-unsigned char by 2-unsigned char subset of the full AES S-box table */
399 static const unsigned short Sbox1[2][256] = {/* Sbox for hash (can be in ROM) */
401 0xC6A5, 0xF884, 0xEE99, 0xF68D, 0xFF0D, 0xD6BD, 0xDEB1, 0x9154,
402 0x6050, 0x0203, 0xCEA9, 0x567D, 0xE719, 0xB562, 0x4DE6, 0xEC9A,
403 0x8F45, 0x1F9D, 0x8940, 0xFA87, 0xEF15, 0xB2EB, 0x8EC9, 0xFB0B,
404 0x41EC, 0xB367, 0x5FFD, 0x45EA, 0x23BF, 0x53F7, 0xE496, 0x9B5B,
405 0x75C2, 0xE11C, 0x3DAE, 0x4C6A, 0x6C5A, 0x7E41, 0xF502, 0x834F,
406 0x685C, 0x51F4, 0xD134, 0xF908, 0xE293, 0xAB73, 0x6253, 0x2A3F,
407 0x080C, 0x9552, 0x4665, 0x9D5E, 0x3028, 0x37A1, 0x0A0F, 0x2FB5,
408 0x0E09, 0x2436, 0x1B9B, 0xDF3D, 0xCD26, 0x4E69, 0x7FCD, 0xEA9F,
409 0x121B, 0x1D9E, 0x5874, 0x342E, 0x362D, 0xDCB2, 0xB4EE, 0x5BFB,
410 0xA4F6, 0x764D, 0xB761, 0x7DCE, 0x527B, 0xDD3E, 0x5E71, 0x1397,
411 0xA6F5, 0xB968, 0x0000, 0xC12C, 0x4060, 0xE31F, 0x79C8, 0xB6ED,
412 0xD4BE, 0x8D46, 0x67D9, 0x724B, 0x94DE, 0x98D4, 0xB0E8, 0x854A,
413 0xBB6B, 0xC52A, 0x4FE5, 0xED16, 0x86C5, 0x9AD7, 0x6655, 0x1194,
414 0x8ACF, 0xE910, 0x0406, 0xFE81, 0xA0F0, 0x7844, 0x25BA, 0x4BE3,
415 0xA2F3, 0x5DFE, 0x80C0, 0x058A, 0x3FAD, 0x21BC, 0x7048, 0xF104,
416 0x63DF, 0x77C1, 0xAF75, 0x4263, 0x2030, 0xE51A, 0xFD0E, 0xBF6D,
417 0x814C, 0x1814, 0x2635, 0xC32F, 0xBEE1, 0x35A2, 0x88CC, 0x2E39,
418 0x9357, 0x55F2, 0xFC82, 0x7A47, 0xC8AC, 0xBAE7, 0x322B, 0xE695,
419 0xC0A0, 0x1998, 0x9ED1, 0xA37F, 0x4466, 0x547E, 0x3BAB, 0x0B83,
420 0x8CCA, 0xC729, 0x6BD3, 0x283C, 0xA779, 0xBCE2, 0x161D, 0xAD76,
421 0xDB3B, 0x6456, 0x744E, 0x141E, 0x92DB, 0x0C0A, 0x486C, 0xB8E4,
422 0x9F5D, 0xBD6E, 0x43EF, 0xC4A6, 0x39A8, 0x31A4, 0xD337, 0xF28B,
423 0xD532, 0x8B43, 0x6E59, 0xDAB7, 0x018C, 0xB164, 0x9CD2, 0x49E0,
424 0xD8B4, 0xACFA, 0xF307, 0xCF25, 0xCAAF, 0xF48E, 0x47E9, 0x1018,
425 0x6FD5, 0xF088, 0x4A6F, 0x5C72, 0x3824, 0x57F1, 0x73C7, 0x9751,
426 0xCB23, 0xA17C, 0xE89C, 0x3E21, 0x96DD, 0x61DC, 0x0D86, 0x0F85,
427 0xE090, 0x7C42, 0x71C4, 0xCCAA, 0x90D8, 0x0605, 0xF701, 0x1C12,
428 0xC2A3, 0x6A5F, 0xAEF9, 0x69D0, 0x1791, 0x9958, 0x3A27, 0x27B9,
429 0xD938, 0xEB13, 0x2BB3, 0x2233, 0xD2BB, 0xA970, 0x0789, 0x33A7,
430 0x2DB6, 0x3C22, 0x1592, 0xC920, 0x8749, 0xAAFF, 0x5078, 0xA57A,
431 0x038F, 0x59F8, 0x0980, 0x1A17, 0x65DA, 0xD731, 0x84C6, 0xD0B8,
432 0x82C3, 0x29B0, 0x5A77, 0x1E11, 0x7BCB, 0xA8FC, 0x6DD6, 0x2C3A,
434 { /* second half is unsigned char-reversed version of first! */
435 0xA5C6, 0x84F8, 0x99EE, 0x8DF6, 0x0DFF, 0xBDD6, 0xB1DE, 0x5491,
436 0x5060, 0x0302, 0xA9CE, 0x7D56, 0x19E7, 0x62B5, 0xE64D, 0x9AEC,
437 0x458F, 0x9D1F, 0x4089, 0x87FA, 0x15EF, 0xEBB2, 0xC98E, 0x0BFB,
438 0xEC41, 0x67B3, 0xFD5F, 0xEA45, 0xBF23, 0xF753, 0x96E4, 0x5B9B,
439 0xC275, 0x1CE1, 0xAE3D, 0x6A4C, 0x5A6C, 0x417E, 0x02F5, 0x4F83,
440 0x5C68, 0xF451, 0x34D1, 0x08F9, 0x93E2, 0x73AB, 0x5362, 0x3F2A,
441 0x0C08, 0x5295, 0x6546, 0x5E9D, 0x2830, 0xA137, 0x0F0A, 0xB52F,
442 0x090E, 0x3624, 0x9B1B, 0x3DDF, 0x26CD, 0x694E, 0xCD7F, 0x9FEA,
443 0x1B12, 0x9E1D, 0x7458, 0x2E34, 0x2D36, 0xB2DC, 0xEEB4, 0xFB5B,
444 0xF6A4, 0x4D76, 0x61B7, 0xCE7D, 0x7B52, 0x3EDD, 0x715E, 0x9713,
445 0xF5A6, 0x68B9, 0x0000, 0x2CC1, 0x6040, 0x1FE3, 0xC879, 0xEDB6,
446 0xBED4, 0x468D, 0xD967, 0x4B72, 0xDE94, 0xD498, 0xE8B0, 0x4A85,
447 0x6BBB, 0x2AC5, 0xE54F, 0x16ED, 0xC586, 0xD79A, 0x5566, 0x9411,
448 0xCF8A, 0x10E9, 0x0604, 0x81FE, 0xF0A0, 0x4478, 0xBA25, 0xE34B,
449 0xF3A2, 0xFE5D, 0xC080, 0x8A05, 0xAD3F, 0xBC21, 0x4870, 0x04F1,
450 0xDF63, 0xC177, 0x75AF, 0x6342, 0x3020, 0x1AE5, 0x0EFD, 0x6DBF,
451 0x4C81, 0x1418, 0x3526, 0x2FC3, 0xE1BE, 0xA235, 0xCC88, 0x392E,
452 0x5793, 0xF255, 0x82FC, 0x477A, 0xACC8, 0xE7BA, 0x2B32, 0x95E6,
453 0xA0C0, 0x9819, 0xD19E, 0x7FA3, 0x6644, 0x7E54, 0xAB3B, 0x830B,
454 0xCA8C, 0x29C7, 0xD36B, 0x3C28, 0x79A7, 0xE2BC, 0x1D16, 0x76AD,
455 0x3BDB, 0x5664, 0x4E74, 0x1E14, 0xDB92, 0x0A0C, 0x6C48, 0xE4B8,
456 0x5D9F, 0x6EBD, 0xEF43, 0xA6C4, 0xA839, 0xA431, 0x37D3, 0x8BF2,
457 0x32D5, 0x438B, 0x596E, 0xB7DA, 0x8C01, 0x64B1, 0xD29C, 0xE049,
458 0xB4D8, 0xFAAC, 0x07F3, 0x25CF, 0xAFCA, 0x8EF4, 0xE947, 0x1810,
459 0xD56F, 0x88F0, 0x6F4A, 0x725C, 0x2438, 0xF157, 0xC773, 0x5197,
460 0x23CB, 0x7CA1, 0x9CE8, 0x213E, 0xDD96, 0xDC61, 0x860D, 0x850F,
461 0x90E0, 0x427C, 0xC471, 0xAACC, 0xD890, 0x0506, 0x01F7, 0x121C,
462 0xA3C2, 0x5F6A, 0xF9AE, 0xD069, 0x9117, 0x5899, 0x273A, 0xB927,
463 0x38D9, 0x13EB, 0xB32B, 0x3322, 0xBBD2, 0x70A9, 0x8907, 0xA733,
464 0xB62D, 0x223C, 0x9215, 0x20C9, 0x4987, 0xFFAA, 0x7850, 0x7AA5,
465 0x8F03, 0xF859, 0x8009, 0x171A, 0xDA65, 0x31D7, 0xC684, 0xB8D0,
466 0xC382, 0xB029, 0x775A, 0x111E, 0xCB7B, 0xFCA8, 0xD66D, 0x3A2C,
471 **********************************************************************
472 * Routine: Phase 1 -- generate P1K, given TA, TK, IV32
475 * tk[] = temporal key [128 bits]
476 * ta[] = transmitter's MAC address [ 48 bits]
477 * iv32 = upper 32 bits of IV [ 32 bits]
479 * p1k[] = Phase 1 key [ 80 bits]
482 * This function only needs to be called every 2**16 packets,
483 * although in theory it could be called every packet.
485 **********************************************************************
487 static void phase1(u16 *p1k, const u8 *tk, const u8 *ta, u32 iv32)
491 /* Initialize the 80 bits of P1K[] from IV32 and TA[0..5] */
494 p1k[2] = Mk16(ta[1], ta[0]); /* use TA[] as little-endian */
495 p1k[3] = Mk16(ta[3], ta[2]);
496 p1k[4] = Mk16(ta[5], ta[4]);
497 /* Now compute an unbalanced Feistel cipher with 80-bit block */
498 /* size on the 80-bit block P1K[], using the 128-bit key TK[] */
499 for (i = 0; i < PHASE1_LOOP_CNT; i++) { /* Each add is mod 2**16 */
500 p1k[0] += _S_(p1k[4] ^ TK16((i & 1) + 0));
501 p1k[1] += _S_(p1k[0] ^ TK16((i & 1) + 2));
502 p1k[2] += _S_(p1k[1] ^ TK16((i & 1) + 4));
503 p1k[3] += _S_(p1k[2] ^ TK16((i & 1) + 6));
504 p1k[4] += _S_(p1k[3] ^ TK16((i & 1) + 0));
505 p1k[4] += (unsigned short)i; /* avoid "slide attacks" */
510 **********************************************************************
511 * Routine: Phase 2 -- generate RC4KEY, given TK, P1K, IV16
514 * tk[] = Temporal key [128 bits]
515 * p1k[] = Phase 1 output key [ 80 bits]
516 * iv16 = low 16 bits of IV counter [ 16 bits]
518 * rc4key[] = the key used to encrypt the packet [128 bits]
521 * The value {TA,IV32,IV16} for Phase1/Phase2 must be unique
522 * across all packets using the same key TK value. Then, for a
523 * given value of TK[], this TKIP48 construction guarantees that
524 * the final RC4KEY value is unique across all packets.
526 * Suggested implementation optimization: if PPK[] is "overlaid"
527 * appropriately on RC4KEY[], there is no need for the final
528 * for loop below that copies the PPK[] result into RC4KEY[].
530 **********************************************************************
532 static void phase2(u8 *rc4key, const u8 *tk, const u16 *p1k, u16 iv16)
535 u16 PPK[6]; /* temporary key for mixing */
537 /* Note: all adds in the PPK[] equations below are mod 2**16 */
538 for (i = 0; i < 5; i++)
539 PPK[i] = p1k[i]; /* first, copy P1K to PPK */
540 PPK[5] = p1k[4] + iv16; /* next, add in IV16 */
541 /* Bijective non-linear mixing of the 96 bits of PPK[0..5] */
542 PPK[0] += _S_(PPK[5] ^ TK16(0)); /* Mix key in each "round" */
543 PPK[1] += _S_(PPK[0] ^ TK16(1));
544 PPK[2] += _S_(PPK[1] ^ TK16(2));
545 PPK[3] += _S_(PPK[2] ^ TK16(3));
546 PPK[4] += _S_(PPK[3] ^ TK16(4));
547 PPK[5] += _S_(PPK[4] ^ TK16(5)); /* Total # S-box lookups == 6 */
548 /* Final sweep: bijective, "linear". Rotates kill LSB correlations */
549 PPK[0] += RotR1(PPK[5] ^ TK16(6));
550 PPK[1] += RotR1(PPK[0] ^ TK16(7)); /* Use all of TK[] in Phase2 */
551 PPK[2] += RotR1(PPK[1]);
552 PPK[3] += RotR1(PPK[2]);
553 PPK[4] += RotR1(PPK[3]);
554 PPK[5] += RotR1(PPK[4]);
555 /* Note: At this point, for a given key TK[0..15], the 96-bit output */
556 /* value PPK[0..5] is guaranteed to be unique, as a function */
557 /* of the 96-bit "input" value {TA,IV32,IV16}. That is, P1K */
558 /* is now a keyed permutation of {TA,IV32,IV16}. */
559 /* Set RC4KEY[0..3], which includes "cleartext" portion of RC4 key */
560 rc4key[0] = Hi8(iv16); /* RC4KEY[0..2] is the WEP IV */
561 rc4key[1] = (Hi8(iv16) | 0x20) & 0x7F; /* Help avoid weak (FMS) keys */
562 rc4key[2] = Lo8(iv16);
563 rc4key[3] = Lo8((PPK[5] ^ TK16(0)) >> 1);
564 /* Copy 96 bits of PPK[0..5] to RC4KEY[4..15] (little-endian) */
565 for (i = 0; i < 6; i++) {
566 rc4key[4 + 2 * i] = Lo8(PPK[i]);
567 rc4key[5 + 2 * i] = Hi8(PPK[i]);
571 /*The hlen isn't include the IV*/
572 u32 r8712_tkip_encrypt(struct _adapter *padapter, u8 *pxmitframe)
579 struct arc4context mycontext;
580 u32 curfragnum, length;
582 u8 *pframe, *payload, *iv, *prwskey;
584 struct sta_info *stainfo;
585 struct pkt_attrib *pattrib = &((struct xmit_frame *)pxmitframe)->attrib;
586 struct xmit_priv *pxmitpriv = &padapter->xmitpriv;
589 if (((struct xmit_frame *)pxmitframe)->buf_addr == NULL)
592 pframe = ((struct xmit_frame *)pxmitframe)->buf_addr + TXDESC_OFFSET;
593 /* 4 start to encrypt each fragment */
594 if (pattrib->encrypt == _TKIP_) {
596 stainfo = pattrib->psta;
598 stainfo = r8712_get_stainfo(&padapter->stapriv,
600 if (stainfo != NULL) {
601 prwskey = &stainfo->x_UncstKey.skey[0];
602 for (curfragnum = 0; curfragnum < pattrib->nr_frags;
604 iv = pframe + pattrib->hdrlen;
605 payload = pframe + pattrib->iv_len +
607 GET_TKIP_PN(iv, txpn);
608 pnl = (u16)(txpn.val);
609 pnh = (u32)(txpn.val >> 16);
610 phase1((u16 *)&ttkey[0], prwskey,
611 &pattrib->ta[0], pnh);
612 phase2(&rc4key[0], prwskey, (u16 *)&ttkey[0],
614 if ((curfragnum + 1) == pattrib->nr_frags) {
615 /* 4 the last fragment */
616 length = pattrib->last_txcmdsz -
620 *((__le32 *)crc) = cpu_to_le32(
621 getcrc32(payload, length));
622 arcfour_init(&mycontext, rc4key, 16);
623 arcfour_encrypt(&mycontext, payload,
625 arcfour_encrypt(&mycontext, payload +
628 length = pxmitpriv->frag_len -
632 *((__le32 *)crc) = cpu_to_le32(getcrc32(
634 arcfour_init(&mycontext, rc4key, 16);
635 arcfour_encrypt(&mycontext, payload,
637 arcfour_encrypt(&mycontext,
638 payload + length, crc,
640 pframe += pxmitpriv->frag_len;
641 pframe = (u8 *)RND4((addr_t)(pframe));
651 /* The hlen doesn't include the IV */
652 u32 r8712_tkip_decrypt(struct _adapter *padapter, u8 *precvframe)
659 struct arc4context mycontext;
661 u8 *pframe, *payload, *iv, *prwskey, idx = 0;
663 struct sta_info *stainfo;
664 struct rx_pkt_attrib *prxattrib = &((union recv_frame *)
665 precvframe)->u.hdr.attrib;
666 struct security_priv *psecuritypriv = &padapter->securitypriv;
668 pframe = (unsigned char *)((union recv_frame *)
669 precvframe)->u.hdr.rx_data;
670 /* 4 start to decrypt recvframe */
671 if (prxattrib->encrypt == _TKIP_) {
672 stainfo = r8712_get_stainfo(&padapter->stapriv,
674 if (stainfo != NULL) {
675 iv = pframe + prxattrib->hdrlen;
676 payload = pframe + prxattrib->iv_len +
678 length = ((union recv_frame *)precvframe)->
679 u.hdr.len - prxattrib->hdrlen -
681 if (IS_MCAST(prxattrib->ra)) {
683 prwskey = &psecuritypriv->XGrpKey[
684 ((idx >> 6) & 0x3) - 1].skey[0];
685 if (!psecuritypriv->binstallGrpkey)
688 prwskey = &stainfo->x_UncstKey.skey[0];
690 GET_TKIP_PN(iv, txpn);
691 pnl = (u16)(txpn.val);
692 pnh = (u32)(txpn.val >> 16);
693 phase1((u16 *)&ttkey[0], prwskey, &prxattrib->ta[0],
695 phase2(&rc4key[0], prwskey, (unsigned short *)
697 /* 4 decrypt payload include icv */
698 arcfour_init(&mycontext, rc4key, 16);
699 arcfour_encrypt(&mycontext, payload, payload, length);
700 *((__le32 *)crc) = cpu_to_le32(getcrc32(payload,
702 if (crc[3] != payload[length - 1] ||
703 crc[2] != payload[length - 2] ||
704 crc[1] != payload[length - 3] ||
705 crc[0] != payload[length - 4])
714 /* 3 =====AES related===== */
716 #define MAX_MSG_SIZE 2048
717 /*****************************/
718 /******** SBOX Table *********/
719 /*****************************/
721 static const u8 sbox_table[256] = {
722 0x63, 0x7c, 0x77, 0x7b, 0xf2, 0x6b, 0x6f, 0xc5,
723 0x30, 0x01, 0x67, 0x2b, 0xfe, 0xd7, 0xab, 0x76,
724 0xca, 0x82, 0xc9, 0x7d, 0xfa, 0x59, 0x47, 0xf0,
725 0xad, 0xd4, 0xa2, 0xaf, 0x9c, 0xa4, 0x72, 0xc0,
726 0xb7, 0xfd, 0x93, 0x26, 0x36, 0x3f, 0xf7, 0xcc,
727 0x34, 0xa5, 0xe5, 0xf1, 0x71, 0xd8, 0x31, 0x15,
728 0x04, 0xc7, 0x23, 0xc3, 0x18, 0x96, 0x05, 0x9a,
729 0x07, 0x12, 0x80, 0xe2, 0xeb, 0x27, 0xb2, 0x75,
730 0x09, 0x83, 0x2c, 0x1a, 0x1b, 0x6e, 0x5a, 0xa0,
731 0x52, 0x3b, 0xd6, 0xb3, 0x29, 0xe3, 0x2f, 0x84,
732 0x53, 0xd1, 0x00, 0xed, 0x20, 0xfc, 0xb1, 0x5b,
733 0x6a, 0xcb, 0xbe, 0x39, 0x4a, 0x4c, 0x58, 0xcf,
734 0xd0, 0xef, 0xaa, 0xfb, 0x43, 0x4d, 0x33, 0x85,
735 0x45, 0xf9, 0x02, 0x7f, 0x50, 0x3c, 0x9f, 0xa8,
736 0x51, 0xa3, 0x40, 0x8f, 0x92, 0x9d, 0x38, 0xf5,
737 0xbc, 0xb6, 0xda, 0x21, 0x10, 0xff, 0xf3, 0xd2,
738 0xcd, 0x0c, 0x13, 0xec, 0x5f, 0x97, 0x44, 0x17,
739 0xc4, 0xa7, 0x7e, 0x3d, 0x64, 0x5d, 0x19, 0x73,
740 0x60, 0x81, 0x4f, 0xdc, 0x22, 0x2a, 0x90, 0x88,
741 0x46, 0xee, 0xb8, 0x14, 0xde, 0x5e, 0x0b, 0xdb,
742 0xe0, 0x32, 0x3a, 0x0a, 0x49, 0x06, 0x24, 0x5c,
743 0xc2, 0xd3, 0xac, 0x62, 0x91, 0x95, 0xe4, 0x79,
744 0xe7, 0xc8, 0x37, 0x6d, 0x8d, 0xd5, 0x4e, 0xa9,
745 0x6c, 0x56, 0xf4, 0xea, 0x65, 0x7a, 0xae, 0x08,
746 0xba, 0x78, 0x25, 0x2e, 0x1c, 0xa6, 0xb4, 0xc6,
747 0xe8, 0xdd, 0x74, 0x1f, 0x4b, 0xbd, 0x8b, 0x8a,
748 0x70, 0x3e, 0xb5, 0x66, 0x48, 0x03, 0xf6, 0x0e,
749 0x61, 0x35, 0x57, 0xb9, 0x86, 0xc1, 0x1d, 0x9e,
750 0xe1, 0xf8, 0x98, 0x11, 0x69, 0xd9, 0x8e, 0x94,
751 0x9b, 0x1e, 0x87, 0xe9, 0xce, 0x55, 0x28, 0xdf,
752 0x8c, 0xa1, 0x89, 0x0d, 0xbf, 0xe6, 0x42, 0x68,
753 0x41, 0x99, 0x2d, 0x0f, 0xb0, 0x54, 0xbb, 0x16
756 /****************************************/
758 /* Performs a 128 bit AES encrypt with */
760 /****************************************/
761 static void xor_128(u8 *a, u8 *b, u8 *out)
765 for (i = 0; i < 16; i++)
766 out[i] = a[i] ^ b[i];
769 static void xor_32(u8 *a, u8 *b, u8 *out)
773 for (i = 0; i < 4; i++)
774 out[i] = a[i] ^ b[i];
779 return sbox_table[(sint)a];
782 static void next_key(u8 *key, sint round)
786 u8 rcon_table[12] = {
787 0x01, 0x02, 0x04, 0x08, 0x10, 0x20, 0x40, 0x80,
788 0x1b, 0x36, 0x36, 0x36
791 sbox_key[0] = sbox(key[13]);
792 sbox_key[1] = sbox(key[14]);
793 sbox_key[2] = sbox(key[15]);
794 sbox_key[3] = sbox(key[12]);
795 rcon = rcon_table[round];
796 xor_32(&key[0], sbox_key, &key[0]);
797 key[0] = key[0] ^ rcon;
798 xor_32(&key[4], &key[0], &key[4]);
799 xor_32(&key[8], &key[4], &key[8]);
800 xor_32(&key[12], &key[8], &key[12]);
803 static void byte_sub(u8 *in, u8 *out)
807 for (i = 0; i < 16; i++)
808 out[i] = sbox(in[i]);
811 static void shift_row(u8 *in, u8 *out)
831 static void mix_column(u8 *in, u8 *out)
843 for (i = 0; i < 4; i++) {
844 if ((in[i] & 0x80) == 0x80)
849 swap_halves[0] = in[2]; /* Swap halves */
850 swap_halves[1] = in[3];
851 swap_halves[2] = in[0];
852 swap_halves[3] = in[1];
853 rotl[0] = in[3]; /* Rotate left 8 bits */
857 andf7[0] = in[0] & 0x7f;
858 andf7[1] = in[1] & 0x7f;
859 andf7[2] = in[2] & 0x7f;
860 andf7[3] = in[3] & 0x7f;
861 for (i = 3; i > 0; i--) { /* logical shift left 1 bit */
862 andf7[i] = andf7[i] << 1;
863 if ((andf7[i - 1] & 0x80) == 0x80)
864 andf7[i] = (andf7[i] | 0x01);
866 andf7[0] = andf7[0] << 1;
867 andf7[0] = andf7[0] & 0xfe;
868 xor_32(add1b, andf7, add1bf7);
869 xor_32(in, add1bf7, rotr);
870 temp[0] = rotr[0]; /* Rotate right 8 bits */
875 xor_32(add1bf7, rotr, temp);
876 xor_32(swap_halves, rotl, tempb);
877 xor_32(temp, tempb, out);
880 static void aes128k128d(u8 *key, u8 *data, u8 *ciphertext)
884 u8 intermediatea[16];
885 u8 intermediateb[16];
888 for (i = 0; i < 16; i++)
889 round_key[i] = key[i];
890 for (round = 0; round < 11; round++) {
892 xor_128(round_key, data, ciphertext);
893 next_key(round_key, round);
894 } else if (round == 10) {
895 byte_sub(ciphertext, intermediatea);
896 shift_row(intermediatea, intermediateb);
897 xor_128(intermediateb, round_key, ciphertext);
899 byte_sub(ciphertext, intermediatea);
900 shift_row(intermediatea, intermediateb);
901 mix_column(&intermediateb[0], &intermediatea[0]);
902 mix_column(&intermediateb[4], &intermediatea[4]);
903 mix_column(&intermediateb[8], &intermediatea[8]);
904 mix_column(&intermediateb[12], &intermediatea[12]);
905 xor_128(intermediatea, round_key, ciphertext);
906 next_key(round_key, round);
911 /************************************************/
912 /* construct_mic_iv() */
913 /* Builds the MIC IV from header fields and PN */
914 /************************************************/
915 static void construct_mic_iv(u8 *mic_iv, sint qc_exists, sint a4_exists,
916 u8 *mpdu, uint payload_length, u8 *pn_vector)
921 if (qc_exists && a4_exists)
922 mic_iv[1] = mpdu[30] & 0x0f; /* QoS_TC */
923 if (qc_exists && !a4_exists)
924 mic_iv[1] = mpdu[24] & 0x0f; /* mute bits 7-4 */
927 for (i = 2; i < 8; i++)
928 mic_iv[i] = mpdu[i + 8];
929 for (i = 8; i < 14; i++)
930 mic_iv[i] = pn_vector[13 - i]; /* mic_iv[8:13] = PN[5:0] */
931 mic_iv[14] = (unsigned char) (payload_length / 256);
932 mic_iv[15] = (unsigned char) (payload_length % 256);
935 /************************************************/
936 /* construct_mic_header1() */
937 /* Builds the first MIC header block from */
939 /************************************************/
940 static void construct_mic_header1(u8 *mic_header1, sint header_length, u8 *mpdu)
942 mic_header1[0] = (u8)((header_length - 2) / 256);
943 mic_header1[1] = (u8)((header_length - 2) % 256);
944 mic_header1[2] = mpdu[0] & 0xcf; /* Mute CF poll & CF ack bits */
945 /* Mute retry, more data and pwr mgt bits */
946 mic_header1[3] = mpdu[1] & 0xc7;
947 mic_header1[4] = mpdu[4]; /* A1 */
948 mic_header1[5] = mpdu[5];
949 mic_header1[6] = mpdu[6];
950 mic_header1[7] = mpdu[7];
951 mic_header1[8] = mpdu[8];
952 mic_header1[9] = mpdu[9];
953 mic_header1[10] = mpdu[10]; /* A2 */
954 mic_header1[11] = mpdu[11];
955 mic_header1[12] = mpdu[12];
956 mic_header1[13] = mpdu[13];
957 mic_header1[14] = mpdu[14];
958 mic_header1[15] = mpdu[15];
961 /************************************************/
962 /* construct_mic_header2() */
963 /* Builds the last MIC header block from */
965 /************************************************/
966 static void construct_mic_header2(u8 *mic_header2, u8 *mpdu, sint a4_exists,
971 for (i = 0; i < 16; i++)
972 mic_header2[i] = 0x00;
973 mic_header2[0] = mpdu[16]; /* A3 */
974 mic_header2[1] = mpdu[17];
975 mic_header2[2] = mpdu[18];
976 mic_header2[3] = mpdu[19];
977 mic_header2[4] = mpdu[20];
978 mic_header2[5] = mpdu[21];
979 mic_header2[6] = 0x00;
980 mic_header2[7] = 0x00; /* mpdu[23]; */
981 if (!qc_exists && a4_exists)
982 for (i = 0; i < 6; i++)
983 mic_header2[8 + i] = mpdu[24 + i]; /* A4 */
984 if (qc_exists && !a4_exists) {
985 mic_header2[8] = mpdu[24] & 0x0f; /* mute bits 15 - 4 */
986 mic_header2[9] = mpdu[25] & 0x00;
988 if (qc_exists && a4_exists) {
989 for (i = 0; i < 6; i++)
990 mic_header2[8 + i] = mpdu[24 + i]; /* A4 */
991 mic_header2[14] = mpdu[30] & 0x0f;
992 mic_header2[15] = mpdu[31] & 0x00;
996 /************************************************/
997 /* construct_mic_header2() */
998 /* Builds the last MIC header block from */
1000 /************************************************/
1001 static void construct_ctr_preload(u8 *ctr_preload,
1002 sint a4_exists, sint qc_exists,
1003 u8 *mpdu, u8 *pn_vector, sint c)
1007 for (i = 0; i < 16; i++)
1008 ctr_preload[i] = 0x00;
1010 ctr_preload[0] = 0x01; /* flag */
1011 if (qc_exists && a4_exists)
1012 ctr_preload[1] = mpdu[30] & 0x0f;
1013 if (qc_exists && !a4_exists)
1014 ctr_preload[1] = mpdu[24] & 0x0f;
1015 for (i = 2; i < 8; i++)
1016 ctr_preload[i] = mpdu[i + 8];
1017 for (i = 8; i < 14; i++)
1018 ctr_preload[i] = pn_vector[13 - i];
1019 ctr_preload[14] = (unsigned char) (c / 256); /* Ctr */
1020 ctr_preload[15] = (unsigned char) (c % 256);
1023 /************************************/
1025 /* A 128 bit, bitwise exclusive or */
1026 /************************************/
1027 static void bitwise_xor(u8 *ina, u8 *inb, u8 *out)
1031 for (i = 0; i < 16; i++)
1032 out[i] = ina[i] ^ inb[i];
1035 static sint aes_cipher(u8 *key, uint hdrlen,
1036 u8 *pframe, uint plen)
1038 uint qc_exists, a4_exists, i, j, payload_remainder;
1039 uint num_blocks, payload_index;
1047 /* Intermediate Buffers */
1048 u8 chain_buffer[16];
1050 u8 padded_buffer[16];
1052 u16 frtype = GetFrameType(pframe);
1053 u16 frsubtype = GetFrameSubType(pframe);
1056 memset((void *)mic_iv, 0, 16);
1057 memset((void *)mic_header1, 0, 16);
1058 memset((void *)mic_header2, 0, 16);
1059 memset((void *)ctr_preload, 0, 16);
1060 memset((void *)chain_buffer, 0, 16);
1061 memset((void *)aes_out, 0, 16);
1062 memset((void *)padded_buffer, 0, 16);
1064 if ((hdrlen == WLAN_HDR_A3_LEN) || (hdrlen == WLAN_HDR_A3_QOS_LEN))
1069 if ((frtype == WIFI_DATA_CFACK) ||
1070 (frtype == WIFI_DATA_CFPOLL) ||
1071 (frtype == WIFI_DATA_CFACKPOLL)) {
1073 if (hdrlen != WLAN_HDR_A3_QOS_LEN)
1075 } else if ((frsubtype == 0x08) ||
1076 (frsubtype == 0x09) ||
1077 (frsubtype == 0x0a) ||
1078 (frsubtype == 0x0b)) {
1079 if (hdrlen != WLAN_HDR_A3_QOS_LEN)
1085 pn_vector[0] = pframe[hdrlen];
1086 pn_vector[1] = pframe[hdrlen + 1];
1087 pn_vector[2] = pframe[hdrlen + 4];
1088 pn_vector[3] = pframe[hdrlen + 5];
1089 pn_vector[4] = pframe[hdrlen + 6];
1090 pn_vector[5] = pframe[hdrlen + 7];
1091 construct_mic_iv(mic_iv, qc_exists, a4_exists, pframe, plen, pn_vector);
1092 construct_mic_header1(mic_header1, hdrlen, pframe);
1093 construct_mic_header2(mic_header2, pframe, a4_exists, qc_exists);
1094 payload_remainder = plen % 16;
1095 num_blocks = plen / 16;
1096 /* Find start of payload */
1097 payload_index = hdrlen + 8;
1099 aes128k128d(key, mic_iv, aes_out);
1100 bitwise_xor(aes_out, mic_header1, chain_buffer);
1101 aes128k128d(key, chain_buffer, aes_out);
1102 bitwise_xor(aes_out, mic_header2, chain_buffer);
1103 aes128k128d(key, chain_buffer, aes_out);
1104 for (i = 0; i < num_blocks; i++) {
1105 bitwise_xor(aes_out, &pframe[payload_index], chain_buffer);
1106 payload_index += 16;
1107 aes128k128d(key, chain_buffer, aes_out);
1109 /* Add on the final payload block if it needs padding */
1110 if (payload_remainder > 0) {
1111 for (j = 0; j < 16; j++)
1112 padded_buffer[j] = 0x00;
1113 for (j = 0; j < payload_remainder; j++)
1114 padded_buffer[j] = pframe[payload_index++];
1115 bitwise_xor(aes_out, padded_buffer, chain_buffer);
1116 aes128k128d(key, chain_buffer, aes_out);
1118 for (j = 0; j < 8; j++)
1119 mic[j] = aes_out[j];
1120 /* Insert MIC into payload */
1121 for (j = 0; j < 8; j++)
1122 pframe[payload_index + j] = mic[j];
1123 payload_index = hdrlen + 8;
1124 for (i = 0; i < num_blocks; i++) {
1125 construct_ctr_preload(ctr_preload, a4_exists, qc_exists,
1126 pframe, pn_vector, i + 1);
1127 aes128k128d(key, ctr_preload, aes_out);
1128 bitwise_xor(aes_out, &pframe[payload_index], chain_buffer);
1129 for (j = 0; j < 16; j++)
1130 pframe[payload_index++] = chain_buffer[j];
1132 if (payload_remainder > 0) { /* If short final block, then pad it,*/
1133 /* encrypt and copy unpadded part back */
1134 construct_ctr_preload(ctr_preload, a4_exists, qc_exists,
1135 pframe, pn_vector, num_blocks + 1);
1136 for (j = 0; j < 16; j++)
1137 padded_buffer[j] = 0x00;
1138 for (j = 0; j < payload_remainder; j++)
1139 padded_buffer[j] = pframe[payload_index + j];
1140 aes128k128d(key, ctr_preload, aes_out);
1141 bitwise_xor(aes_out, padded_buffer, chain_buffer);
1142 for (j = 0; j < payload_remainder; j++)
1143 pframe[payload_index++] = chain_buffer[j];
1145 /* Encrypt the MIC */
1146 construct_ctr_preload(ctr_preload, a4_exists, qc_exists,
1147 pframe, pn_vector, 0);
1148 for (j = 0; j < 16; j++)
1149 padded_buffer[j] = 0x00;
1150 for (j = 0; j < 8; j++)
1151 padded_buffer[j] = pframe[j + hdrlen + 8 + plen];
1152 aes128k128d(key, ctr_preload, aes_out);
1153 bitwise_xor(aes_out, padded_buffer, chain_buffer);
1154 for (j = 0; j < 8; j++)
1155 pframe[payload_index++] = chain_buffer[j];
1159 u32 r8712_aes_encrypt(struct _adapter *padapter, u8 *pxmitframe)
1161 /* Intermediate Buffers */
1162 sint curfragnum, length;
1163 u8 *pframe, *prwskey;
1164 struct sta_info *stainfo;
1165 struct pkt_attrib *pattrib = &((struct xmit_frame *)
1166 pxmitframe)->attrib;
1167 struct xmit_priv *pxmitpriv = &padapter->xmitpriv;
1170 if (((struct xmit_frame *)pxmitframe)->buf_addr == NULL)
1172 pframe = ((struct xmit_frame *)pxmitframe)->buf_addr + TXDESC_OFFSET;
1173 /* 4 start to encrypt each fragment */
1174 if (pattrib->encrypt == _AES_) {
1176 stainfo = pattrib->psta;
1178 stainfo = r8712_get_stainfo(&padapter->stapriv,
1180 if (stainfo != NULL) {
1181 prwskey = &stainfo->x_UncstKey.skey[0];
1182 for (curfragnum = 0; curfragnum < pattrib->nr_frags;
1184 if ((curfragnum + 1) == pattrib->nr_frags) {
1185 length = pattrib->last_txcmdsz -
1189 aes_cipher(prwskey, pattrib->hdrlen,
1192 length = pxmitpriv->frag_len -
1196 aes_cipher(prwskey, pattrib->hdrlen,
1198 pframe += pxmitpriv->frag_len;
1199 pframe = (u8 *)RND4((addr_t)(pframe));
1209 static sint aes_decipher(u8 *key, uint hdrlen,
1210 u8 *pframe, uint plen)
1212 static u8 message[MAX_MSG_SIZE];
1213 uint qc_exists, a4_exists, i, j, payload_remainder;
1214 uint num_blocks, payload_index;
1220 /* Intermediate Buffers */
1221 u8 chain_buffer[16];
1223 u8 padded_buffer[16];
1225 uint frtype = GetFrameType(pframe);
1226 uint frsubtype = GetFrameSubType(pframe);
1229 memset((void *)mic_iv, 0, 16);
1230 memset((void *)mic_header1, 0, 16);
1231 memset((void *)mic_header2, 0, 16);
1232 memset((void *)ctr_preload, 0, 16);
1233 memset((void *)chain_buffer, 0, 16);
1234 memset((void *)aes_out, 0, 16);
1235 memset((void *)padded_buffer, 0, 16);
1236 /* start to decrypt the payload */
1237 /*(plen including llc, payload and mic) */
1238 num_blocks = (plen - 8) / 16;
1239 payload_remainder = (plen - 8) % 16;
1240 pn_vector[0] = pframe[hdrlen];
1241 pn_vector[1] = pframe[hdrlen + 1];
1242 pn_vector[2] = pframe[hdrlen + 4];
1243 pn_vector[3] = pframe[hdrlen + 5];
1244 pn_vector[4] = pframe[hdrlen + 6];
1245 pn_vector[5] = pframe[hdrlen + 7];
1246 if ((hdrlen == WLAN_HDR_A3_LEN) || (hdrlen == WLAN_HDR_A3_QOS_LEN))
1250 if ((frtype == WIFI_DATA_CFACK) ||
1251 (frtype == WIFI_DATA_CFPOLL) ||
1252 (frtype == WIFI_DATA_CFACKPOLL)) {
1254 if (hdrlen != WLAN_HDR_A3_QOS_LEN)
1256 } else if ((frsubtype == 0x08) ||
1257 (frsubtype == 0x09) ||
1258 (frsubtype == 0x0a) ||
1259 (frsubtype == 0x0b)) {
1260 if (hdrlen != WLAN_HDR_A3_QOS_LEN)
1266 /* now, decrypt pframe with hdrlen offset and plen long */
1267 payload_index = hdrlen + 8; /* 8 is for extiv */
1268 for (i = 0; i < num_blocks; i++) {
1269 construct_ctr_preload(ctr_preload, a4_exists, qc_exists,
1270 pframe, pn_vector, i + 1);
1271 aes128k128d(key, ctr_preload, aes_out);
1272 bitwise_xor(aes_out, &pframe[payload_index], chain_buffer);
1273 for (j = 0; j < 16; j++)
1274 pframe[payload_index++] = chain_buffer[j];
1276 if (payload_remainder > 0) { /* If short final block, pad it,*/
1277 /* encrypt it and copy the unpadded part back */
1278 construct_ctr_preload(ctr_preload, a4_exists, qc_exists,
1279 pframe, pn_vector, num_blocks + 1);
1280 for (j = 0; j < 16; j++)
1281 padded_buffer[j] = 0x00;
1282 for (j = 0; j < payload_remainder; j++)
1283 padded_buffer[j] = pframe[payload_index + j];
1284 aes128k128d(key, ctr_preload, aes_out);
1285 bitwise_xor(aes_out, padded_buffer, chain_buffer);
1286 for (j = 0; j < payload_remainder; j++)
1287 pframe[payload_index++] = chain_buffer[j];
1289 /* start to calculate the mic */
1290 memcpy((void *)message, pframe, (hdrlen + plen + 8));
1291 pn_vector[0] = pframe[hdrlen];
1292 pn_vector[1] = pframe[hdrlen + 1];
1293 pn_vector[2] = pframe[hdrlen + 4];
1294 pn_vector[3] = pframe[hdrlen + 5];
1295 pn_vector[4] = pframe[hdrlen + 6];
1296 pn_vector[5] = pframe[hdrlen + 7];
1297 construct_mic_iv(mic_iv, qc_exists, a4_exists, message, plen - 8,
1299 construct_mic_header1(mic_header1, hdrlen, message);
1300 construct_mic_header2(mic_header2, message, a4_exists, qc_exists);
1301 payload_remainder = (plen - 8) % 16;
1302 num_blocks = (plen - 8) / 16;
1303 /* Find start of payload */
1304 payload_index = hdrlen + 8;
1306 aes128k128d(key, mic_iv, aes_out);
1307 bitwise_xor(aes_out, mic_header1, chain_buffer);
1308 aes128k128d(key, chain_buffer, aes_out);
1309 bitwise_xor(aes_out, mic_header2, chain_buffer);
1310 aes128k128d(key, chain_buffer, aes_out);
1311 for (i = 0; i < num_blocks; i++) {
1312 bitwise_xor(aes_out, &message[payload_index], chain_buffer);
1313 payload_index += 16;
1314 aes128k128d(key, chain_buffer, aes_out);
1316 /* Add on the final payload block if it needs padding */
1317 if (payload_remainder > 0) {
1318 for (j = 0; j < 16; j++)
1319 padded_buffer[j] = 0x00;
1320 for (j = 0; j < payload_remainder; j++)
1321 padded_buffer[j] = message[payload_index++];
1322 bitwise_xor(aes_out, padded_buffer, chain_buffer);
1323 aes128k128d(key, chain_buffer, aes_out);
1325 for (j = 0; j < 8; j++)
1326 mic[j] = aes_out[j];
1327 /* Insert MIC into payload */
1328 for (j = 0; j < 8; j++)
1329 message[payload_index + j] = mic[j];
1330 payload_index = hdrlen + 8;
1331 for (i = 0; i < num_blocks; i++) {
1332 construct_ctr_preload(ctr_preload, a4_exists, qc_exists,
1333 message, pn_vector, i + 1);
1334 aes128k128d(key, ctr_preload, aes_out);
1335 bitwise_xor(aes_out, &message[payload_index], chain_buffer);
1336 for (j = 0; j < 16; j++)
1337 message[payload_index++] = chain_buffer[j];
1339 if (payload_remainder > 0) { /* If short final block, pad it,*/
1340 /* encrypt and copy unpadded part back */
1341 construct_ctr_preload(ctr_preload, a4_exists, qc_exists,
1342 message, pn_vector, num_blocks + 1);
1343 for (j = 0; j < 16; j++)
1344 padded_buffer[j] = 0x00;
1345 for (j = 0; j < payload_remainder; j++)
1346 padded_buffer[j] = message[payload_index + j];
1347 aes128k128d(key, ctr_preload, aes_out);
1348 bitwise_xor(aes_out, padded_buffer, chain_buffer);
1349 for (j = 0; j < payload_remainder; j++)
1350 message[payload_index++] = chain_buffer[j];
1352 /* Encrypt the MIC */
1353 construct_ctr_preload(ctr_preload, a4_exists, qc_exists, message,
1355 for (j = 0; j < 16; j++)
1356 padded_buffer[j] = 0x00;
1357 for (j = 0; j < 8; j++)
1358 padded_buffer[j] = message[j + hdrlen + plen];
1359 aes128k128d(key, ctr_preload, aes_out);
1360 bitwise_xor(aes_out, padded_buffer, chain_buffer);
1361 for (j = 0; j < 8; j++)
1362 message[payload_index++] = chain_buffer[j];
1363 /* compare the mic */
1367 u32 r8712_aes_decrypt(struct _adapter *padapter, u8 *precvframe)
1369 /* Intermediate Buffers */
1371 u8 *pframe, *prwskey, *iv, idx;
1372 struct sta_info *stainfo;
1373 struct rx_pkt_attrib *prxattrib = &((union recv_frame *)
1374 precvframe)->u.hdr.attrib;
1375 struct security_priv *psecuritypriv = &padapter->securitypriv;
1377 pframe = (unsigned char *)((union recv_frame *)precvframe)->
1379 /* 4 start to encrypt each fragment */
1380 if (prxattrib->encrypt == _AES_) {
1381 stainfo = r8712_get_stainfo(&padapter->stapriv,
1383 if (stainfo != NULL) {
1384 if (IS_MCAST(prxattrib->ra)) {
1385 iv = pframe + prxattrib->hdrlen;
1387 prwskey = &psecuritypriv->XGrpKey[
1388 ((idx >> 6) & 0x3) - 1].skey[0];
1389 if (!psecuritypriv->binstallGrpkey)
1393 prwskey = &stainfo->x_UncstKey.skey[0];
1395 length = ((union recv_frame *)precvframe)->
1396 u.hdr.len - prxattrib->hdrlen -
1398 aes_decipher(prwskey, prxattrib->hdrlen, pframe,
1407 void r8712_use_tkipkey_handler(struct timer_list *t)
1409 struct _adapter *padapter =
1410 from_timer(padapter, t, securitypriv.tkip_timer);
1412 padapter->securitypriv.busetkipkey = true;
projects / linux.git / blob