Linux Kernel  3.7.1
 All Data Structures Namespaces Files Functions Variables Typedefs Enumerations Enumerator Macros Groups Pages
rtl871x_security.c
Go to the documentation of this file.
1 /******************************************************************************
2  * rtl871x_security.c
3  *
4  * Copyright(c) 2007 - 2010 Realtek Corporation. All rights reserved.
5  * Linux device driver for RTL8192SU
6  *
7  * This program is free software; you can redistribute it and/or modify it
8  * under the terms of version 2 of the GNU General Public License as
9  * published by the Free Software Foundation.
10  *
11  * This program is distributed in the hope that it will be useful, but WITHOUT
12  * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
13  * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for
14  * more details.
15  *
16  * You should have received a copy of the GNU General Public License along with
17  * this program; if not, write to the Free Software Foundation, Inc.,
18  * 51 Franklin Street, Fifth Floor, Boston, MA 02110, USA
19  *
20  * Modifications for inclusion into the Linux staging tree are
21  * Copyright(c) 2010 Larry Finger. All rights reserved.
22  *
23  * Contact information:
24  * WLAN FAE <[email protected]>
25  * Larry Finger <[email protected]>
26  *
27  ******************************************************************************/
28 
29 #define _RTL871X_SECURITY_C_
30 
31 #include <linux/compiler.h>
32 #include <linux/kernel.h>
33 #include <linux/errno.h>
34 #include <linux/init.h>
35 #include <linux/slab.h>
36 #include <linux/module.h>
37 #include <linux/kref.h>
38 #include <linux/netdevice.h>
39 #include <linux/skbuff.h>
40 #include <linux/circ_buf.h>
41 #include <linux/uaccess.h>
42 #include <asm/byteorder.h>
43 #include <linux/atomic.h>
44 #include <linux/semaphore.h>
45 
46 #include "osdep_service.h"
47 #include "drv_types.h"
48 #include "wifi.h"
49 #include "osdep_intf.h"
50 
51 /* =====WEP related===== */
52 
53 #define CRC32_POLY 0x04c11db7
54 
55 struct arc4context {
56  u32 x;
57  u32 y;
58  u8 state[256];
59 };
60 
61 static void arcfour_init(struct arc4context *parc4ctx, u8 *key, u32 key_len)
62 {
63  u32 t, u;
64  u32 keyindex;
65  u32 stateindex;
66  u8 *state;
67  u32 counter;
68 
69  state = parc4ctx->state;
70  parc4ctx->x = 0;
71  parc4ctx->y = 0;
72  for (counter = 0; counter < 256; counter++)
73  state[counter] = (u8)counter;
74  keyindex = 0;
75  stateindex = 0;
76  for (counter = 0; counter < 256; counter++) {
77  t = state[counter];
78  stateindex = (stateindex + key[keyindex] + t) & 0xff;
79  u = state[stateindex];
80  state[stateindex] = (u8)t;
81  state[counter] = (u8)u;
82  if (++keyindex >= key_len)
83  keyindex = 0;
84  }
85 }
86 
87 static u32 arcfour_byte(struct arc4context *parc4ctx)
88 {
89  u32 x;
90  u32 y;
91  u32 sx, sy;
92  u8 *state;
93 
94  state = parc4ctx->state;
95  x = (parc4ctx->x + 1) & 0xff;
96  sx = state[x];
97  y = (sx + parc4ctx->y) & 0xff;
98  sy = state[y];
99  parc4ctx->x = x;
100  parc4ctx->y = y;
101  state[y] = (u8)sx;
102  state[x] = (u8)sy;
103  return state[(sx + sy) & 0xff];
104 }
105 
106 static void arcfour_encrypt(struct arc4context *parc4ctx,
107  u8 *dest, u8 *src, u32 len)
108 {
109  u32 i;
110 
111  for (i = 0; i < len; i++)
112  dest[i] = src[i] ^ (unsigned char)arcfour_byte(parc4ctx);
113 }
114 
115 static sint bcrc32initialized;
116 static u32 crc32_table[256];
117 
118 static u8 crc32_reverseBit(u8 data)
119 {
120  return ((u8)(data << 7) & 0x80) | ((data << 5) & 0x40) | ((data << 3)
121  & 0x20) | ((data << 1) & 0x10) | ((data >> 1) & 0x08) |
122  ((data >> 3) & 0x04) | ((data >> 5) & 0x02) | ((data >> 7) &
123  0x01);
124 }
125 
126 static void crc32_init(void)
127 {
128  if (bcrc32initialized == 1)
129  return;
130  else {
131  sint i, j;
132  u32 c;
133  u8 *p = (u8 *)&c, *p1;
134  u8 k;
135 
136  c = 0x12340000;
137  for (i = 0; i < 256; ++i) {
138  k = crc32_reverseBit((u8)i);
139  for (c = ((u32)k) << 24, j = 8; j > 0; --j)
140  c = c & 0x80000000 ? (c << 1) ^ CRC32_POLY :
141  (c << 1);
142  p1 = (u8 *)&crc32_table[i];
143  p1[0] = crc32_reverseBit(p[3]);
144  p1[1] = crc32_reverseBit(p[2]);
145  p1[2] = crc32_reverseBit(p[1]);
146  p1[3] = crc32_reverseBit(p[0]);
147  }
148  bcrc32initialized = 1;
149  }
150 }
151 
152 static u32 getcrc32(u8 *buf, u32 len)
153 {
154  u8 *p;
155  u32 crc;
156 
157  if (bcrc32initialized == 0)
158  crc32_init();
159  crc = 0xffffffff; /* preload shift register, per CRC-32 spec */
160  for (p = buf; len > 0; ++p, --len)
161  crc = crc32_table[(crc ^ *p) & 0xff] ^ (crc >> 8);
162  return ~crc; /* transmit complement, per CRC-32 spec */
163 }
164 
165 /*
166  Need to consider the fragment situation
167 */
168 void r8712_wep_encrypt(struct _adapter *padapter, u8 *pxmitframe)
169 { /* exclude ICV */
170  unsigned char crc[4];
171  struct arc4context mycontext;
172  u32 curfragnum, length, keylength;
173  u8 *pframe, *payload, *iv; /*,*wepkey*/
174  u8 wepkey[16];
175  struct pkt_attrib *pattrib = &((struct xmit_frame *)
176  pxmitframe)->attrib;
177  struct security_priv *psecuritypriv = &padapter->securitypriv;
178  struct xmit_priv *pxmitpriv = &padapter->xmitpriv;
179 
180  if (((struct xmit_frame *)pxmitframe)->buf_addr == NULL)
181  return;
182  pframe = ((struct xmit_frame *)pxmitframe)->buf_addr+TXDESC_OFFSET;
183  /*start to encrypt each fragment*/
184  if ((pattrib->encrypt == _WEP40_) || (pattrib->encrypt == _WEP104_)) {
185  keylength = psecuritypriv->DefKeylen[psecuritypriv->
186  PrivacyKeyIndex];
187  for (curfragnum = 0; curfragnum < pattrib->nr_frags;
188  curfragnum++) {
189  iv = pframe+pattrib->hdrlen;
190  memcpy(&wepkey[0], iv, 3);
191  memcpy(&wepkey[3], &psecuritypriv->DefKey[
192  psecuritypriv->PrivacyKeyIndex].skey[0],
193  keylength);
194  payload = pframe+pattrib->iv_len+pattrib->hdrlen;
195  if ((curfragnum + 1) == pattrib->nr_frags) {
196  length = pattrib->last_txcmdsz-pattrib->
197  hdrlen-pattrib->iv_len -
198  pattrib->icv_len;
199  *((u32 *)crc) = cpu_to_le32(getcrc32(
200  payload, length));
201  arcfour_init(&mycontext, wepkey, 3 + keylength);
202  arcfour_encrypt(&mycontext, payload, payload,
203  length);
204  arcfour_encrypt(&mycontext, payload + length,
205  crc, 4);
206  } else {
207  length = pxmitpriv->frag_len-pattrib->hdrlen -
208  pattrib->iv_len-pattrib->icv_len;
209  *((u32 *)crc) = cpu_to_le32(getcrc32(
210  payload, length));
211  arcfour_init(&mycontext, wepkey, 3 + keylength);
212  arcfour_encrypt(&mycontext, payload, payload,
213  length);
214  arcfour_encrypt(&mycontext, payload+length,
215  crc, 4);
216  pframe += pxmitpriv->frag_len;
217  pframe = (u8 *)RND4((addr_t)(pframe));
218  }
219  }
220  }
221 }
222 
223 void r8712_wep_decrypt(struct _adapter *padapter, u8 *precvframe)
224 {
225  /* exclude ICV */
226  u8 crc[4];
227  struct arc4context mycontext;
228  u32 length, keylength;
229  u8 *pframe, *payload, *iv, wepkey[16];
230  u8 keyindex;
231  struct rx_pkt_attrib *prxattrib = &(((union recv_frame *)
232  precvframe)->u.hdr.attrib);
233  struct security_priv *psecuritypriv = &padapter->securitypriv;
234 
235  pframe = (unsigned char *)((union recv_frame *)precvframe)->
236  u.hdr.rx_data;
237  /* start to decrypt recvframe */
238  if ((prxattrib->encrypt == _WEP40_) || (prxattrib->encrypt ==
239  _WEP104_)) {
240  iv = pframe + prxattrib->hdrlen;
241  keyindex = (iv[3] & 0x3);
242  keylength = psecuritypriv->DefKeylen[keyindex];
243  memcpy(&wepkey[0], iv, 3);
244  memcpy(&wepkey[3], &psecuritypriv->DefKey[
245  psecuritypriv->PrivacyKeyIndex].skey[0],
246  keylength);
247  length = ((union recv_frame *)precvframe)->
248  u.hdr.len-prxattrib->hdrlen-prxattrib->iv_len;
249  payload = pframe+prxattrib->iv_len+prxattrib->hdrlen;
250  /* decrypt payload include icv */
251  arcfour_init(&mycontext, wepkey, 3 + keylength);
252  arcfour_encrypt(&mycontext, payload, payload, length);
253  /* calculate icv and compare the icv */
254  *((u32 *)crc) = cpu_to_le32(getcrc32(payload, length - 4));
255  }
256  return;
257 }
258 
259 /* 3 =====TKIP related===== */
260 
261 static u32 secmicgetuint32(u8 *p)
262 /* Convert from Byte[] to Us4Byte32 in a portable way */
263 {
264  s32 i;
265  u32 res = 0;
266 
267  for (i = 0; i < 4; i++)
268  res |= ((u32)(*p++)) << (8 * i);
269  return res;
270 }
271 
272 static void secmicputuint32(u8 *p, u32 val)
273 /* Convert from Us4Byte32 to Byte[] in a portable way */
274 {
275  long i;
276  for (i = 0; i < 4; i++) {
277  *p++ = (u8) (val & 0xff);
278  val >>= 8;
279  }
280 }
281 
282 static void secmicclear(struct mic_data *pmicdata)
283 {
284 /* Reset the state to the empty message. */
285  pmicdata->L = pmicdata->K0;
286  pmicdata->R = pmicdata->K1;
287  pmicdata->nBytesInM = 0;
288  pmicdata->M = 0;
289 }
290 
291 void r8712_secmicsetkey(struct mic_data *pmicdata, u8 *key)
292 {
293  /* Set the key */
294  pmicdata->K0 = secmicgetuint32(key);
295  pmicdata->K1 = secmicgetuint32(key + 4);
296  /* and reset the message */
297  secmicclear(pmicdata);
298 }
299 
300 static void secmicappendbyte(struct mic_data *pmicdata, u8 b)
301 {
302  /* Append the byte to our word-sized buffer */
303  pmicdata->M |= ((u32)b) << (8 * pmicdata->nBytesInM);
304  pmicdata->nBytesInM++;
305  /* Process the word if it is full. */
306  if (pmicdata->nBytesInM >= 4) {
307  pmicdata->L ^= pmicdata->M;
308  pmicdata->R ^= ROL32(pmicdata->L, 17);
309  pmicdata->L += pmicdata->R;
310  pmicdata->R ^= ((pmicdata->L & 0xff00ff00) >> 8) |
311  ((pmicdata->L & 0x00ff00ff) << 8);
312  pmicdata->L += pmicdata->R;
313  pmicdata->R ^= ROL32(pmicdata->L, 3);
314  pmicdata->L += pmicdata->R;
315  pmicdata->R ^= ROR32(pmicdata->L, 2);
316  pmicdata->L += pmicdata->R;
317  /* Clear the buffer */
318  pmicdata->M = 0;
319  pmicdata->nBytesInM = 0;
320  }
321 }
322 
323 void r8712_secmicappend(struct mic_data *pmicdata, u8 *src, u32 nbytes)
324 {
325  /* This is simple */
326  while (nbytes > 0) {
327  secmicappendbyte(pmicdata, *src++);
328  nbytes--;
329  }
330 }
331 
332 void r8712_secgetmic(struct mic_data *pmicdata, u8 *dst)
333 {
334  /* Append the minimum padding */
335  secmicappendbyte(pmicdata, 0x5a);
336  secmicappendbyte(pmicdata, 0);
337  secmicappendbyte(pmicdata, 0);
338  secmicappendbyte(pmicdata, 0);
339  secmicappendbyte(pmicdata, 0);
340  /* and then zeroes until the length is a multiple of 4 */
341  while (pmicdata->nBytesInM != 0)
342  secmicappendbyte(pmicdata, 0);
343  /* The appendByte function has already computed the result. */
344  secmicputuint32(dst, pmicdata->L);
345  secmicputuint32(dst + 4, pmicdata->R);
346  /* Reset to the empty message. */
347  secmicclear(pmicdata);
348 }
349 
350 void seccalctkipmic(u8 *key, u8 *header, u8 *data, u32 data_len, u8 *mic_code,
351  u8 pri)
352 {
353 
354  struct mic_data micdata;
355  u8 priority[4] = {0x0, 0x0, 0x0, 0x0};
356 
357  r8712_secmicsetkey(&micdata, key);
358  priority[0] = pri;
359  /* Michael MIC pseudo header: DA, SA, 3 x 0, Priority */
360  if (header[1] & 1) { /* ToDS==1 */
361  r8712_secmicappend(&micdata, &header[16], 6); /* DA */
362  if (header[1] & 2) /* From Ds==1 */
363  r8712_secmicappend(&micdata, &header[24], 6);
364  else
365  r8712_secmicappend(&micdata, &header[10], 6);
366  } else { /* ToDS==0 */
367  r8712_secmicappend(&micdata, &header[4], 6); /* DA */
368  if (header[1] & 2) /* From Ds==1 */
369  r8712_secmicappend(&micdata, &header[16], 6);
370  else
371  r8712_secmicappend(&micdata, &header[10], 6);
372  }
373  r8712_secmicappend(&micdata, &priority[0], 4);
374  r8712_secmicappend(&micdata, data, data_len);
375  r8712_secgetmic(&micdata, mic_code);
376 }
377 
378 /* macros for extraction/creation of unsigned char/unsigned short values */
379 #define RotR1(v16) ((((v16) >> 1) & 0x7FFF) ^ (((v16) & 1) << 15))
380 #define Lo8(v16) ((u8)((v16) & 0x00FF))
381 #define Hi8(v16) ((u8)(((v16) >> 8) & 0x00FF))
382 #define Lo16(v32) ((u16)((v32) & 0xFFFF))
383 #define Hi16(v32) ((u16)(((v32) >> 16) & 0xFFFF))
384 #define Mk16(hi, lo) ((lo) ^ (((u16)(hi)) << 8))
385 
386 /* select the Nth 16-bit word of the temporal key unsigned char array TK[] */
387 #define TK16(N) Mk16(tk[2 * (N) + 1], tk[2 * (N)])
388 
389 /* S-box lookup: 16 bits --> 16 bits */
390 #define _S_(v16) (Sbox1[0][Lo8(v16)] ^ Sbox1[1][Hi8(v16)])
391 
392 /* fixed algorithm "parameters" */
393 #define PHASE1_LOOP_CNT 8 /* this needs to be "big enough" */
394 #define TA_SIZE 6 /* 48-bit transmitter address */
395 #define TK_SIZE 16 /* 128-bit temporal key */
396 #define P1K_SIZE 10 /* 80-bit Phase1 key */
397 #define RC4_KEY_SIZE 16 /* 128-bit RC4KEY (104 bits unknown) */
398 
399 
400 /* 2-unsigned char by 2-unsigned char subset of the full AES S-box table */
401 static const unsigned short Sbox1[2][256] = {/* Sbox for hash (can be in ROM) */
402  {
403  0xC6A5, 0xF884, 0xEE99, 0xF68D, 0xFF0D, 0xD6BD, 0xDEB1, 0x9154,
404  0x6050, 0x0203, 0xCEA9, 0x567D, 0xE719, 0xB562, 0x4DE6, 0xEC9A,
405  0x8F45, 0x1F9D, 0x8940, 0xFA87, 0xEF15, 0xB2EB, 0x8EC9, 0xFB0B,
406  0x41EC, 0xB367, 0x5FFD, 0x45EA, 0x23BF, 0x53F7, 0xE496, 0x9B5B,
407  0x75C2, 0xE11C, 0x3DAE, 0x4C6A, 0x6C5A, 0x7E41, 0xF502, 0x834F,
408  0x685C, 0x51F4, 0xD134, 0xF908, 0xE293, 0xAB73, 0x6253, 0x2A3F,
409  0x080C, 0x9552, 0x4665, 0x9D5E, 0x3028, 0x37A1, 0x0A0F, 0x2FB5,
410  0x0E09, 0x2436, 0x1B9B, 0xDF3D, 0xCD26, 0x4E69, 0x7FCD, 0xEA9F,
411  0x121B, 0x1D9E, 0x5874, 0x342E, 0x362D, 0xDCB2, 0xB4EE, 0x5BFB,
412  0xA4F6, 0x764D, 0xB761, 0x7DCE, 0x527B, 0xDD3E, 0x5E71, 0x1397,
413  0xA6F5, 0xB968, 0x0000, 0xC12C, 0x4060, 0xE31F, 0x79C8, 0xB6ED,
414  0xD4BE, 0x8D46, 0x67D9, 0x724B, 0x94DE, 0x98D4, 0xB0E8, 0x854A,
415  0xBB6B, 0xC52A, 0x4FE5, 0xED16, 0x86C5, 0x9AD7, 0x6655, 0x1194,
416  0x8ACF, 0xE910, 0x0406, 0xFE81, 0xA0F0, 0x7844, 0x25BA, 0x4BE3,
417  0xA2F3, 0x5DFE, 0x80C0, 0x058A, 0x3FAD, 0x21BC, 0x7048, 0xF104,
418  0x63DF, 0x77C1, 0xAF75, 0x4263, 0x2030, 0xE51A, 0xFD0E, 0xBF6D,
419  0x814C, 0x1814, 0x2635, 0xC32F, 0xBEE1, 0x35A2, 0x88CC, 0x2E39,
420  0x9357, 0x55F2, 0xFC82, 0x7A47, 0xC8AC, 0xBAE7, 0x322B, 0xE695,
421  0xC0A0, 0x1998, 0x9ED1, 0xA37F, 0x4466, 0x547E, 0x3BAB, 0x0B83,
422  0x8CCA, 0xC729, 0x6BD3, 0x283C, 0xA779, 0xBCE2, 0x161D, 0xAD76,
423  0xDB3B, 0x6456, 0x744E, 0x141E, 0x92DB, 0x0C0A, 0x486C, 0xB8E4,
424  0x9F5D, 0xBD6E, 0x43EF, 0xC4A6, 0x39A8, 0x31A4, 0xD337, 0xF28B,
425  0xD532, 0x8B43, 0x6E59, 0xDAB7, 0x018C, 0xB164, 0x9CD2, 0x49E0,
426  0xD8B4, 0xACFA, 0xF307, 0xCF25, 0xCAAF, 0xF48E, 0x47E9, 0x1018,
427  0x6FD5, 0xF088, 0x4A6F, 0x5C72, 0x3824, 0x57F1, 0x73C7, 0x9751,
428  0xCB23, 0xA17C, 0xE89C, 0x3E21, 0x96DD, 0x61DC, 0x0D86, 0x0F85,
429  0xE090, 0x7C42, 0x71C4, 0xCCAA, 0x90D8, 0x0605, 0xF701, 0x1C12,
430  0xC2A3, 0x6A5F, 0xAEF9, 0x69D0, 0x1791, 0x9958, 0x3A27, 0x27B9,
431  0xD938, 0xEB13, 0x2BB3, 0x2233, 0xD2BB, 0xA970, 0x0789, 0x33A7,
432  0x2DB6, 0x3C22, 0x1592, 0xC920, 0x8749, 0xAAFF, 0x5078, 0xA57A,
433  0x038F, 0x59F8, 0x0980, 0x1A17, 0x65DA, 0xD731, 0x84C6, 0xD0B8,
434  0x82C3, 0x29B0, 0x5A77, 0x1E11, 0x7BCB, 0xA8FC, 0x6DD6, 0x2C3A,
435  },
436  { /* second half is unsigned char-reversed version of first! */
437  0xA5C6, 0x84F8, 0x99EE, 0x8DF6, 0x0DFF, 0xBDD6, 0xB1DE, 0x5491,
438  0x5060, 0x0302, 0xA9CE, 0x7D56, 0x19E7, 0x62B5, 0xE64D, 0x9AEC,
439  0x458F, 0x9D1F, 0x4089, 0x87FA, 0x15EF, 0xEBB2, 0xC98E, 0x0BFB,
440  0xEC41, 0x67B3, 0xFD5F, 0xEA45, 0xBF23, 0xF753, 0x96E4, 0x5B9B,
441  0xC275, 0x1CE1, 0xAE3D, 0x6A4C, 0x5A6C, 0x417E, 0x02F5, 0x4F83,
442  0x5C68, 0xF451, 0x34D1, 0x08F9, 0x93E2, 0x73AB, 0x5362, 0x3F2A,
443  0x0C08, 0x5295, 0x6546, 0x5E9D, 0x2830, 0xA137, 0x0F0A, 0xB52F,
444  0x090E, 0x3624, 0x9B1B, 0x3DDF, 0x26CD, 0x694E, 0xCD7F, 0x9FEA,
445  0x1B12, 0x9E1D, 0x7458, 0x2E34, 0x2D36, 0xB2DC, 0xEEB4, 0xFB5B,
446  0xF6A4, 0x4D76, 0x61B7, 0xCE7D, 0x7B52, 0x3EDD, 0x715E, 0x9713,
447  0xF5A6, 0x68B9, 0x0000, 0x2CC1, 0x6040, 0x1FE3, 0xC879, 0xEDB6,
448  0xBED4, 0x468D, 0xD967, 0x4B72, 0xDE94, 0xD498, 0xE8B0, 0x4A85,
449  0x6BBB, 0x2AC5, 0xE54F, 0x16ED, 0xC586, 0xD79A, 0x5566, 0x9411,
450  0xCF8A, 0x10E9, 0x0604, 0x81FE, 0xF0A0, 0x4478, 0xBA25, 0xE34B,
451  0xF3A2, 0xFE5D, 0xC080, 0x8A05, 0xAD3F, 0xBC21, 0x4870, 0x04F1,
452  0xDF63, 0xC177, 0x75AF, 0x6342, 0x3020, 0x1AE5, 0x0EFD, 0x6DBF,
453  0x4C81, 0x1418, 0x3526, 0x2FC3, 0xE1BE, 0xA235, 0xCC88, 0x392E,
454  0x5793, 0xF255, 0x82FC, 0x477A, 0xACC8, 0xE7BA, 0x2B32, 0x95E6,
455  0xA0C0, 0x9819, 0xD19E, 0x7FA3, 0x6644, 0x7E54, 0xAB3B, 0x830B,
456  0xCA8C, 0x29C7, 0xD36B, 0x3C28, 0x79A7, 0xE2BC, 0x1D16, 0x76AD,
457  0x3BDB, 0x5664, 0x4E74, 0x1E14, 0xDB92, 0x0A0C, 0x6C48, 0xE4B8,
458  0x5D9F, 0x6EBD, 0xEF43, 0xA6C4, 0xA839, 0xA431, 0x37D3, 0x8BF2,
459  0x32D5, 0x438B, 0x596E, 0xB7DA, 0x8C01, 0x64B1, 0xD29C, 0xE049,
460  0xB4D8, 0xFAAC, 0x07F3, 0x25CF, 0xAFCA, 0x8EF4, 0xE947, 0x1810,
461  0xD56F, 0x88F0, 0x6F4A, 0x725C, 0x2438, 0xF157, 0xC773, 0x5197,
462  0x23CB, 0x7CA1, 0x9CE8, 0x213E, 0xDD96, 0xDC61, 0x860D, 0x850F,
463  0x90E0, 0x427C, 0xC471, 0xAACC, 0xD890, 0x0506, 0x01F7, 0x121C,
464  0xA3C2, 0x5F6A, 0xF9AE, 0xD069, 0x9117, 0x5899, 0x273A, 0xB927,
465  0x38D9, 0x13EB, 0xB32B, 0x3322, 0xBBD2, 0x70A9, 0x8907, 0xA733,
466  0xB62D, 0x223C, 0x9215, 0x20C9, 0x4987, 0xFFAA, 0x7850, 0x7AA5,
467  0x8F03, 0xF859, 0x8009, 0x171A, 0xDA65, 0x31D7, 0xC684, 0xB8D0,
468  0xC382, 0xB029, 0x775A, 0x111E, 0xCB7B, 0xFCA8, 0xD66D, 0x3A2C,
469  }
470 };
471 
472 /*
473 **********************************************************************
474 * Routine: Phase 1 -- generate P1K, given TA, TK, IV32
475 *
476 * Inputs:
477 * tk[] = temporal key [128 bits]
478 * ta[] = transmitter's MAC address [ 48 bits]
479 * iv32 = upper 32 bits of IV [ 32 bits]
480 * Output:
481 * p1k[] = Phase 1 key [ 80 bits]
482 *
483 * Note:
484 * This function only needs to be called every 2**16 packets,
485 * although in theory it could be called every packet.
486 *
487 **********************************************************************
488 */
489 static void phase1(u16 *p1k, const u8 *tk, const u8 *ta, u32 iv32)
490 {
491  sint i;
492 
493  /* Initialize the 80 bits of P1K[] from IV32 and TA[0..5] */
494  p1k[0] = Lo16(iv32);
495  p1k[1] = Hi16(iv32);
496  p1k[2] = Mk16(ta[1], ta[0]); /* use TA[] as little-endian */
497  p1k[3] = Mk16(ta[3], ta[2]);
498  p1k[4] = Mk16(ta[5], ta[4]);
499  /* Now compute an unbalanced Feistel cipher with 80-bit block */
500  /* size on the 80-bit block P1K[], using the 128-bit key TK[] */
501  for (i = 0; i < PHASE1_LOOP_CNT; i++) { /* Each add is mod 2**16 */
502  p1k[0] += _S_(p1k[4] ^ TK16((i&1) + 0));
503  p1k[1] += _S_(p1k[0] ^ TK16((i&1) + 2));
504  p1k[2] += _S_(p1k[1] ^ TK16((i&1) + 4));
505  p1k[3] += _S_(p1k[2] ^ TK16((i&1) + 6));
506  p1k[4] += _S_(p1k[3] ^ TK16((i&1) + 0));
507  p1k[4] += (unsigned short)i; /* avoid "slide attacks" */
508  }
509 }
510 
511 /*
512 **********************************************************************
513 * Routine: Phase 2 -- generate RC4KEY, given TK, P1K, IV16
514 *
515 * Inputs:
516 * tk[] = Temporal key [128 bits]
517 * p1k[] = Phase 1 output key [ 80 bits]
518 * iv16 = low 16 bits of IV counter [ 16 bits]
519 * Output:
520 * rc4key[] = the key used to encrypt the packet [128 bits]
521 *
522 * Note:
523 * The value {TA,IV32,IV16} for Phase1/Phase2 must be unique
524 * across all packets using the same key TK value. Then, for a
525 * given value of TK[], this TKIP48 construction guarantees that
526 * the final RC4KEY value is unique across all packets.
527 *
528 * Suggested implementation optimization: if PPK[] is "overlaid"
529 * appropriately on RC4KEY[], there is no need for the final
530 * for loop below that copies the PPK[] result into RC4KEY[].
531 *
532 **********************************************************************
533 */
534 static void phase2(u8 *rc4key, const u8 *tk, const u16 *p1k, u16 iv16)
535 {
536  sint i;
537  u16 PPK[6]; /* temporary key for mixing */
538 
539  /* Note: all adds in the PPK[] equations below are mod 2**16 */
540  for (i = 0; i < 5; i++)
541  PPK[i] = p1k[i]; /* first, copy P1K to PPK */
542  PPK[5] = p1k[4] + iv16; /* next, add in IV16 */
543  /* Bijective non-linear mixing of the 96 bits of PPK[0..5] */
544  PPK[0] += _S_(PPK[5] ^ TK16(0)); /* Mix key in each "round" */
545  PPK[1] += _S_(PPK[0] ^ TK16(1));
546  PPK[2] += _S_(PPK[1] ^ TK16(2));
547  PPK[3] += _S_(PPK[2] ^ TK16(3));
548  PPK[4] += _S_(PPK[3] ^ TK16(4));
549  PPK[5] += _S_(PPK[4] ^ TK16(5)); /* Total # S-box lookups == 6 */
550  /* Final sweep: bijective, "linear". Rotates kill LSB correlations */
551  PPK[0] += RotR1(PPK[5] ^ TK16(6));
552  PPK[1] += RotR1(PPK[0] ^ TK16(7)); /* Use all of TK[] in Phase2 */
553  PPK[2] += RotR1(PPK[1]);
554  PPK[3] += RotR1(PPK[2]);
555  PPK[4] += RotR1(PPK[3]);
556  PPK[5] += RotR1(PPK[4]);
557  /* Note: At this point, for a given key TK[0..15], the 96-bit output */
558  /* value PPK[0..5] is guaranteed to be unique, as a function */
559  /* of the 96-bit "input" value {TA,IV32,IV16}. That is, P1K */
560  /* is now a keyed permutation of {TA,IV32,IV16}. */
561  /* Set RC4KEY[0..3], which includes "cleartext" portion of RC4 key */
562  rc4key[0] = Hi8(iv16); /* RC4KEY[0..2] is the WEP IV */
563  rc4key[1] = (Hi8(iv16) | 0x20) & 0x7F; /* Help avoid weak (FMS) keys */
564  rc4key[2] = Lo8(iv16);
565  rc4key[3] = Lo8((PPK[5] ^ TK16(0)) >> 1);
566  /* Copy 96 bits of PPK[0..5] to RC4KEY[4..15] (little-endian) */
567  for (i = 0; i < 6; i++) {
568  rc4key[4 + 2 * i] = Lo8(PPK[i]);
569  rc4key[5 + 2 * i] = Hi8(PPK[i]);
570  }
571 }
572 
573 /*The hlen isn't include the IV*/
574 u32 r8712_tkip_encrypt(struct _adapter *padapter, u8 *pxmitframe)
575 { /* exclude ICV */
576  u16 pnl;
577  u32 pnh;
578  u8 rc4key[16];
579  u8 ttkey[16];
580  u8 crc[4];
581  struct arc4context mycontext;
582  u32 curfragnum, length, prwskeylen;
583 
584  u8 *pframe, *payload, *iv, *prwskey;
585  union pn48 txpn;
586  struct sta_info *stainfo;
587  struct pkt_attrib *pattrib = &((struct xmit_frame *)pxmitframe)->attrib;
588  struct xmit_priv *pxmitpriv = &padapter->xmitpriv;
589  u32 res = _SUCCESS;
590 
591  if (((struct xmit_frame *)pxmitframe)->buf_addr == NULL)
592  return _FAIL;
593 
594  pframe = ((struct xmit_frame *)pxmitframe)->buf_addr+TXDESC_OFFSET;
595  /* 4 start to encrypt each fragment */
596  if (pattrib->encrypt == _TKIP_) {
597  if (pattrib->psta)
598  stainfo = pattrib->psta;
599  else
600  stainfo = r8712_get_stainfo(&padapter->stapriv,
601  &pattrib->ra[0]);
602  if (stainfo != NULL) {
603  prwskey = &stainfo->x_UncstKey.skey[0];
604  prwskeylen = 16;
605  for (curfragnum = 0; curfragnum < pattrib->nr_frags;
606  curfragnum++) {
607  iv = pframe + pattrib->hdrlen;
608  payload = pframe+pattrib->iv_len +
609  pattrib->hdrlen;
610  GET_TKIP_PN(iv, txpn);
611  pnl = (u16)(txpn.val);
612  pnh = (u32)(txpn.val >> 16);
613  phase1((u16 *)&ttkey[0], prwskey, &pattrib->
614  ta[0], pnh);
615  phase2(&rc4key[0], prwskey, (u16 *)&ttkey[0],
616  pnl);
617  if ((curfragnum + 1) == pattrib->nr_frags) {
618  /* 4 the last fragment */
619  length = pattrib->last_txcmdsz -
620  pattrib->hdrlen-pattrib->iv_len -
621  pattrib->icv_len;
622  *((u32 *)crc) = cpu_to_le32(
623  getcrc32(payload, length));
624  arcfour_init(&mycontext, rc4key, 16);
625  arcfour_encrypt(&mycontext, payload,
626  payload, length);
627  arcfour_encrypt(&mycontext, payload +
628  length, crc, 4);
629  } else {
630  length = pxmitpriv->frag_len-pattrib->
631  hdrlen-pattrib->
632  iv_len-pattrib->icv_len;
633  *((u32 *)crc) = cpu_to_le32(getcrc32(
634  payload, length));
635  arcfour_init(&mycontext, rc4key, 16);
636  arcfour_encrypt(&mycontext, payload,
637  payload, length);
638  arcfour_encrypt(&mycontext,
639  payload+length, crc, 4);
640  pframe += pxmitpriv->frag_len;
641  pframe = (u8 *)RND4((addr_t)(pframe));
642  }
643  }
644  } else
645  res = _FAIL;
646  }
647  return res;
648 }
649 
650 /* The hlen doesn't include the IV */
651 u32 r8712_tkip_decrypt(struct _adapter *padapter, u8 *precvframe)
652 { /* exclude ICV */
653  u16 pnl;
654  u32 pnh;
655  u8 rc4key[16];
656  u8 ttkey[16];
657  u8 crc[4];
658  struct arc4context mycontext;
659  u32 length, prwskeylen;
660  u8 *pframe, *payload, *iv, *prwskey, idx = 0;
661  union pn48 txpn;
662  struct sta_info *stainfo;
663  struct rx_pkt_attrib *prxattrib = &((union recv_frame *)
664  precvframe)->u.hdr.attrib;
665  struct security_priv *psecuritypriv = &padapter->securitypriv;
666 
667  pframe = (unsigned char *)((union recv_frame *)
668  precvframe)->u.hdr.rx_data;
669  /* 4 start to decrypt recvframe */
670  if (prxattrib->encrypt == _TKIP_) {
671  stainfo = r8712_get_stainfo(&padapter->stapriv,
672  &prxattrib->ta[0]);
673  if (stainfo != NULL) {
674  iv = pframe+prxattrib->hdrlen;
675  payload = pframe+prxattrib->iv_len + prxattrib->hdrlen;
676  length = ((union recv_frame *)precvframe)->
677  u.hdr.len - prxattrib->hdrlen -
678  prxattrib->iv_len;
679  if (IS_MCAST(prxattrib->ra)) {
680  idx = iv[3];
681  prwskey = &psecuritypriv->XGrpKey[
682  ((idx >> 6) & 0x3) - 1].skey[0];
683  if (psecuritypriv->binstallGrpkey == false)
684  return _FAIL;
685  } else
686  prwskey = &stainfo->x_UncstKey.skey[0];
687  prwskeylen = 16;
688  GET_TKIP_PN(iv, txpn);
689  pnl = (u16)(txpn.val);
690  pnh = (u32)(txpn.val >> 16);
691  phase1((u16 *)&ttkey[0], prwskey, &prxattrib->ta[0],
692  pnh);
693  phase2(&rc4key[0], prwskey, (unsigned short *)
694  &ttkey[0], pnl);
695  /* 4 decrypt payload include icv */
696  arcfour_init(&mycontext, rc4key, 16);
697  arcfour_encrypt(&mycontext, payload, payload, length);
698  *((u32 *)crc) = cpu_to_le32(getcrc32(payload,
699  length - 4));
700  if (crc[3] != payload[length - 1] ||
701  crc[2] != payload[length - 2] ||
702  crc[1] != payload[length - 3] ||
703  crc[0] != payload[length - 4])
704  return _FAIL;
705  } else
706  return _FAIL;
707  }
708  return _SUCCESS;
709 }
710 
711 /* 3 =====AES related===== */
712 
713 #define MAX_MSG_SIZE 2048
714 /*****************************/
715 /******** SBOX Table *********/
716 /*****************************/
717 
718 static const u8 sbox_table[256] = {
719  0x63, 0x7c, 0x77, 0x7b, 0xf2, 0x6b, 0x6f, 0xc5,
720  0x30, 0x01, 0x67, 0x2b, 0xfe, 0xd7, 0xab, 0x76,
721  0xca, 0x82, 0xc9, 0x7d, 0xfa, 0x59, 0x47, 0xf0,
722  0xad, 0xd4, 0xa2, 0xaf, 0x9c, 0xa4, 0x72, 0xc0,
723  0xb7, 0xfd, 0x93, 0x26, 0x36, 0x3f, 0xf7, 0xcc,
724  0x34, 0xa5, 0xe5, 0xf1, 0x71, 0xd8, 0x31, 0x15,
725  0x04, 0xc7, 0x23, 0xc3, 0x18, 0x96, 0x05, 0x9a,
726  0x07, 0x12, 0x80, 0xe2, 0xeb, 0x27, 0xb2, 0x75,
727  0x09, 0x83, 0x2c, 0x1a, 0x1b, 0x6e, 0x5a, 0xa0,
728  0x52, 0x3b, 0xd6, 0xb3, 0x29, 0xe3, 0x2f, 0x84,
729  0x53, 0xd1, 0x00, 0xed, 0x20, 0xfc, 0xb1, 0x5b,
730  0x6a, 0xcb, 0xbe, 0x39, 0x4a, 0x4c, 0x58, 0xcf,
731  0xd0, 0xef, 0xaa, 0xfb, 0x43, 0x4d, 0x33, 0x85,
732  0x45, 0xf9, 0x02, 0x7f, 0x50, 0x3c, 0x9f, 0xa8,
733  0x51, 0xa3, 0x40, 0x8f, 0x92, 0x9d, 0x38, 0xf5,
734  0xbc, 0xb6, 0xda, 0x21, 0x10, 0xff, 0xf3, 0xd2,
735  0xcd, 0x0c, 0x13, 0xec, 0x5f, 0x97, 0x44, 0x17,
736  0xc4, 0xa7, 0x7e, 0x3d, 0x64, 0x5d, 0x19, 0x73,
737  0x60, 0x81, 0x4f, 0xdc, 0x22, 0x2a, 0x90, 0x88,
738  0x46, 0xee, 0xb8, 0x14, 0xde, 0x5e, 0x0b, 0xdb,
739  0xe0, 0x32, 0x3a, 0x0a, 0x49, 0x06, 0x24, 0x5c,
740  0xc2, 0xd3, 0xac, 0x62, 0x91, 0x95, 0xe4, 0x79,
741  0xe7, 0xc8, 0x37, 0x6d, 0x8d, 0xd5, 0x4e, 0xa9,
742  0x6c, 0x56, 0xf4, 0xea, 0x65, 0x7a, 0xae, 0x08,
743  0xba, 0x78, 0x25, 0x2e, 0x1c, 0xa6, 0xb4, 0xc6,
744  0xe8, 0xdd, 0x74, 0x1f, 0x4b, 0xbd, 0x8b, 0x8a,
745  0x70, 0x3e, 0xb5, 0x66, 0x48, 0x03, 0xf6, 0x0e,
746  0x61, 0x35, 0x57, 0xb9, 0x86, 0xc1, 0x1d, 0x9e,
747  0xe1, 0xf8, 0x98, 0x11, 0x69, 0xd9, 0x8e, 0x94,
748  0x9b, 0x1e, 0x87, 0xe9, 0xce, 0x55, 0x28, 0xdf,
749  0x8c, 0xa1, 0x89, 0x0d, 0xbf, 0xe6, 0x42, 0x68,
750  0x41, 0x99, 0x2d, 0x0f, 0xb0, 0x54, 0xbb, 0x16
751 };
752 
753 /****************************************/
754 /* aes128k128d() */
755 /* Performs a 128 bit AES encrypt with */
756 /* 128 bit data. */
757 /****************************************/
758 static void xor_128(u8 *a, u8 *b, u8 *out)
759 {
760  sint i;
761 
762  for (i = 0; i < 16; i++)
763  out[i] = a[i] ^ b[i];
764 }
765 
766 static void xor_32(u8 *a, u8 *b, u8 *out)
767 {
768  sint i;
769  for (i = 0; i < 4; i++)
770  out[i] = a[i] ^ b[i];
771 }
772 
773 static u8 sbox(u8 a)
774 {
775  return sbox_table[(sint)a];
776 }
777 
778 static void next_key(u8 *key, sint round)
779 {
780  u8 rcon;
781  u8 sbox_key[4];
782  u8 rcon_table[12] = {
783  0x01, 0x02, 0x04, 0x08, 0x10, 0x20, 0x40, 0x80,
784  0x1b, 0x36, 0x36, 0x36
785  };
786 
787  sbox_key[0] = sbox(key[13]);
788  sbox_key[1] = sbox(key[14]);
789  sbox_key[2] = sbox(key[15]);
790  sbox_key[3] = sbox(key[12]);
791  rcon = rcon_table[round];
792  xor_32(&key[0], sbox_key, &key[0]);
793  key[0] = key[0] ^ rcon;
794  xor_32(&key[4], &key[0], &key[4]);
795  xor_32(&key[8], &key[4], &key[8]);
796  xor_32(&key[12], &key[8], &key[12]);
797 }
798 
799 static void byte_sub(u8 *in, u8 *out)
800 {
801  sint i;
802  for (i = 0; i < 16; i++)
803  out[i] = sbox(in[i]);
804 }
805 
806 static void shift_row(u8 *in, u8 *out)
807 {
808  out[0] = in[0];
809  out[1] = in[5];
810  out[2] = in[10];
811  out[3] = in[15];
812  out[4] = in[4];
813  out[5] = in[9];
814  out[6] = in[14];
815  out[7] = in[3];
816  out[8] = in[8];
817  out[9] = in[13];
818  out[10] = in[2];
819  out[11] = in[7];
820  out[12] = in[12];
821  out[13] = in[1];
822  out[14] = in[6];
823  out[15] = in[11];
824 }
825 
826 static void mix_column(u8 *in, u8 *out)
827 {
828  sint i;
829  u8 add1b[4];
830  u8 add1bf7[4];
831  u8 rotl[4];
832  u8 swap_halfs[4];
833  u8 andf7[4];
834  u8 rotr[4];
835  u8 temp[4];
836  u8 tempb[4];
837 
838  for (i = 0 ; i < 4; i++) {
839  if ((in[i] & 0x80) == 0x80)
840  add1b[i] = 0x1b;
841  else
842  add1b[i] = 0x00;
843  }
844  swap_halfs[0] = in[2]; /* Swap halves */
845  swap_halfs[1] = in[3];
846  swap_halfs[2] = in[0];
847  swap_halfs[3] = in[1];
848  rotl[0] = in[3]; /* Rotate left 8 bits */
849  rotl[1] = in[0];
850  rotl[2] = in[1];
851  rotl[3] = in[2];
852  andf7[0] = in[0] & 0x7f;
853  andf7[1] = in[1] & 0x7f;
854  andf7[2] = in[2] & 0x7f;
855  andf7[3] = in[3] & 0x7f;
856  for (i = 3; i > 0; i--) { /* logical shift left 1 bit */
857  andf7[i] = andf7[i] << 1;
858  if ((andf7[i-1] & 0x80) == 0x80)
859  andf7[i] = (andf7[i] | 0x01);
860  }
861  andf7[0] = andf7[0] << 1;
862  andf7[0] = andf7[0] & 0xfe;
863  xor_32(add1b, andf7, add1bf7);
864  xor_32(in, add1bf7, rotr);
865  temp[0] = rotr[0]; /* Rotate right 8 bits */
866  rotr[0] = rotr[1];
867  rotr[1] = rotr[2];
868  rotr[2] = rotr[3];
869  rotr[3] = temp[0];
870  xor_32(add1bf7, rotr, temp);
871  xor_32(swap_halfs, rotl, tempb);
872  xor_32(temp, tempb, out);
873 }
874 
875 static void aes128k128d(u8 *key, u8 *data, u8 *ciphertext)
876 {
877  sint round;
878  sint i;
879  u8 intermediatea[16];
880  u8 intermediateb[16];
881  u8 round_key[16];
882 
883  for (i = 0; i < 16; i++)
884  round_key[i] = key[i];
885  for (round = 0; round < 11; round++) {
886  if (round == 0) {
887  xor_128(round_key, data, ciphertext);
888  next_key(round_key, round);
889  } else if (round == 10) {
890  byte_sub(ciphertext, intermediatea);
891  shift_row(intermediatea, intermediateb);
892  xor_128(intermediateb, round_key, ciphertext);
893  } else { /* 1 - 9 */
894  byte_sub(ciphertext, intermediatea);
895  shift_row(intermediatea, intermediateb);
896  mix_column(&intermediateb[0], &intermediatea[0]);
897  mix_column(&intermediateb[4], &intermediatea[4]);
898  mix_column(&intermediateb[8], &intermediatea[8]);
899  mix_column(&intermediateb[12], &intermediatea[12]);
900  xor_128(intermediatea, round_key, ciphertext);
901  next_key(round_key, round);
902  }
903  }
904 }
905 
906 /************************************************/
907 /* construct_mic_iv() */
908 /* Builds the MIC IV from header fields and PN */
909 /************************************************/
910 static void construct_mic_iv(u8 *mic_iv, sint qc_exists, sint a4_exists,
911  u8 *mpdu, uint payload_length, u8 *pn_vector)
912 {
913  sint i;
914 
915  mic_iv[0] = 0x59;
916  if (qc_exists && a4_exists)
917  mic_iv[1] = mpdu[30] & 0x0f; /* QoS_TC */
918  if (qc_exists && !a4_exists)
919  mic_iv[1] = mpdu[24] & 0x0f; /* mute bits 7-4 */
920  if (!qc_exists)
921  mic_iv[1] = 0x00;
922  for (i = 2; i < 8; i++)
923  mic_iv[i] = mpdu[i + 8];
924  for (i = 8; i < 14; i++)
925  mic_iv[i] = pn_vector[13 - i]; /* mic_iv[8:13] = PN[5:0] */
926  mic_iv[14] = (unsigned char) (payload_length / 256);
927  mic_iv[15] = (unsigned char) (payload_length % 256);
928 }
929 
930 /************************************************/
931 /* construct_mic_header1() */
932 /* Builds the first MIC header block from */
933 /* header fields. */
934 /************************************************/
935 static void construct_mic_header1(u8 *mic_header1, sint header_length, u8 *mpdu)
936 {
937  mic_header1[0] = (u8)((header_length - 2) / 256);
938  mic_header1[1] = (u8)((header_length - 2) % 256);
939  mic_header1[2] = mpdu[0] & 0xcf; /* Mute CF poll & CF ack bits */
940  /* Mute retry, more data and pwr mgt bits */
941  mic_header1[3] = mpdu[1] & 0xc7;
942  mic_header1[4] = mpdu[4]; /* A1 */
943  mic_header1[5] = mpdu[5];
944  mic_header1[6] = mpdu[6];
945  mic_header1[7] = mpdu[7];
946  mic_header1[8] = mpdu[8];
947  mic_header1[9] = mpdu[9];
948  mic_header1[10] = mpdu[10]; /* A2 */
949  mic_header1[11] = mpdu[11];
950  mic_header1[12] = mpdu[12];
951  mic_header1[13] = mpdu[13];
952  mic_header1[14] = mpdu[14];
953  mic_header1[15] = mpdu[15];
954 }
955 
956 /************************************************/
957 /* construct_mic_header2() */
958 /* Builds the last MIC header block from */
959 /* header fields. */
960 /************************************************/
961 static void construct_mic_header2(u8 *mic_header2, u8 *mpdu, sint a4_exists,
962  sint qc_exists)
963 {
964  sint i;
965 
966  for (i = 0; i < 16; i++)
967  mic_header2[i] = 0x00;
968  mic_header2[0] = mpdu[16]; /* A3 */
969  mic_header2[1] = mpdu[17];
970  mic_header2[2] = mpdu[18];
971  mic_header2[3] = mpdu[19];
972  mic_header2[4] = mpdu[20];
973  mic_header2[5] = mpdu[21];
974  mic_header2[6] = 0x00;
975  mic_header2[7] = 0x00; /* mpdu[23]; */
976  if (!qc_exists && a4_exists)
977  for (i = 0; i < 6; i++)
978  mic_header2[8 + i] = mpdu[24 + i]; /* A4 */
979  if (qc_exists && !a4_exists) {
980  mic_header2[8] = mpdu[24] & 0x0f; /* mute bits 15 - 4 */
981  mic_header2[9] = mpdu[25] & 0x00;
982  }
983  if (qc_exists && a4_exists) {
984  for (i = 0; i < 6; i++)
985  mic_header2[8 + i] = mpdu[24 + i]; /* A4 */
986  mic_header2[14] = mpdu[30] & 0x0f;
987  mic_header2[15] = mpdu[31] & 0x00;
988  }
989 }
990 
991 /************************************************/
992 /* construct_mic_header2() */
993 /* Builds the last MIC header block from */
994 /* header fields. */
995 /************************************************/
996 static void construct_ctr_preload(u8 *ctr_preload, sint a4_exists, sint qc_exists,
997  u8 *mpdu, u8 *pn_vector, sint c)
998 {
999  sint i;
1000 
1001  for (i = 0; i < 16; i++)
1002  ctr_preload[i] = 0x00;
1003  i = 0;
1004  ctr_preload[0] = 0x01; /* flag */
1005  if (qc_exists && a4_exists)
1006  ctr_preload[1] = mpdu[30] & 0x0f;
1007  if (qc_exists && !a4_exists)
1008  ctr_preload[1] = mpdu[24] & 0x0f;
1009  for (i = 2; i < 8; i++)
1010  ctr_preload[i] = mpdu[i + 8];
1011  for (i = 8; i < 14; i++)
1012  ctr_preload[i] = pn_vector[13 - i];
1013  ctr_preload[14] = (unsigned char) (c / 256); /* Ctr */
1014  ctr_preload[15] = (unsigned char) (c % 256);
1015 }
1016 
1017 /************************************/
1018 /* bitwise_xor() */
1019 /* A 128 bit, bitwise exclusive or */
1020 /************************************/
1021 static void bitwise_xor(u8 *ina, u8 *inb, u8 *out)
1022 {
1023  sint i;
1024 
1025  for (i = 0; i < 16; i++)
1026  out[i] = ina[i] ^ inb[i];
1027 }
1028 
1029 static sint aes_cipher(u8 *key, uint hdrlen,
1030  u8 *pframe, uint plen)
1031 {
1032  uint qc_exists, a4_exists, i, j, payload_remainder;
1033  uint num_blocks, payload_index;
1034 
1035  u8 pn_vector[6];
1036  u8 mic_iv[16];
1037  u8 mic_header1[16];
1038  u8 mic_header2[16];
1039  u8 ctr_preload[16];
1040 
1041  /* Intermediate Buffers */
1042  u8 chain_buffer[16];
1043  u8 aes_out[16];
1044  u8 padded_buffer[16];
1045  u8 mic[8];
1046  uint frtype = GetFrameType(pframe);
1047  uint frsubtype = GetFrameSubType(pframe);
1048 
1049  frsubtype = frsubtype >> 4;
1050  memset((void *)mic_iv, 0, 16);
1051  memset((void *)mic_header1, 0, 16);
1052  memset((void *)mic_header2, 0, 16);
1053  memset((void *)ctr_preload, 0, 16);
1054  memset((void *)chain_buffer, 0, 16);
1055  memset((void *)aes_out, 0, 16);
1056  memset((void *)padded_buffer, 0, 16);
1057 
1058  if ((hdrlen == WLAN_HDR_A3_LEN) || (hdrlen == WLAN_HDR_A3_QOS_LEN))
1059  a4_exists = 0;
1060  else
1061  a4_exists = 1;
1062 
1063  if ((frtype == WIFI_DATA_CFACK) ||
1064  (frtype == WIFI_DATA_CFPOLL) ||
1065  (frtype == WIFI_DATA_CFACKPOLL)) {
1066  qc_exists = 1;
1067  if (hdrlen != WLAN_HDR_A3_QOS_LEN)
1068  hdrlen += 2;
1069  } else if ((frsubtype == 0x08) ||
1070  (frsubtype == 0x09) ||
1071  (frsubtype == 0x0a) ||
1072  (frsubtype == 0x0b)) {
1073  if (hdrlen != WLAN_HDR_A3_QOS_LEN)
1074  hdrlen += 2;
1075  qc_exists = 1;
1076  } else
1077  qc_exists = 0;
1078  pn_vector[0] = pframe[hdrlen];
1079  pn_vector[1] = pframe[hdrlen+1];
1080  pn_vector[2] = pframe[hdrlen+4];
1081  pn_vector[3] = pframe[hdrlen+5];
1082  pn_vector[4] = pframe[hdrlen+6];
1083  pn_vector[5] = pframe[hdrlen+7];
1084  construct_mic_iv(mic_iv, qc_exists, a4_exists, pframe, plen, pn_vector);
1085  construct_mic_header1(mic_header1, hdrlen, pframe);
1086  construct_mic_header2(mic_header2, pframe, a4_exists, qc_exists);
1087  payload_remainder = plen % 16;
1088  num_blocks = plen / 16;
1089  /* Find start of payload */
1090  payload_index = (hdrlen + 8);
1091  /* Calculate MIC */
1092  aes128k128d(key, mic_iv, aes_out);
1093  bitwise_xor(aes_out, mic_header1, chain_buffer);
1094  aes128k128d(key, chain_buffer, aes_out);
1095  bitwise_xor(aes_out, mic_header2, chain_buffer);
1096  aes128k128d(key, chain_buffer, aes_out);
1097  for (i = 0; i < num_blocks; i++) {
1098  bitwise_xor(aes_out, &pframe[payload_index], chain_buffer);
1099  payload_index += 16;
1100  aes128k128d(key, chain_buffer, aes_out);
1101  }
1102  /* Add on the final payload block if it needs padding */
1103  if (payload_remainder > 0) {
1104  for (j = 0; j < 16; j++)
1105  padded_buffer[j] = 0x00;
1106  for (j = 0; j < payload_remainder; j++)
1107  padded_buffer[j] = pframe[payload_index++];
1108  bitwise_xor(aes_out, padded_buffer, chain_buffer);
1109  aes128k128d(key, chain_buffer, aes_out);
1110  }
1111  for (j = 0; j < 8; j++)
1112  mic[j] = aes_out[j];
1113  /* Insert MIC into payload */
1114  for (j = 0; j < 8; j++)
1115  pframe[payload_index+j] = mic[j];
1116  payload_index = hdrlen + 8;
1117  for (i = 0; i < num_blocks; i++) {
1118  construct_ctr_preload(ctr_preload, a4_exists, qc_exists,
1119  pframe, pn_vector, i + 1);
1120  aes128k128d(key, ctr_preload, aes_out);
1121  bitwise_xor(aes_out, &pframe[payload_index], chain_buffer);
1122  for (j = 0; j < 16; j++)
1123  pframe[payload_index++] = chain_buffer[j];
1124  }
1125  if (payload_remainder > 0) { /* If short final block, then pad it,*/
1126  /* encrypt and copy unpadded part back */
1127  construct_ctr_preload(ctr_preload, a4_exists, qc_exists,
1128  pframe, pn_vector, num_blocks+1);
1129  for (j = 0; j < 16; j++)
1130  padded_buffer[j] = 0x00;
1131  for (j = 0; j < payload_remainder; j++)
1132  padded_buffer[j] = pframe[payload_index+j];
1133  aes128k128d(key, ctr_preload, aes_out);
1134  bitwise_xor(aes_out, padded_buffer, chain_buffer);
1135  for (j = 0; j < payload_remainder; j++)
1136  pframe[payload_index++] = chain_buffer[j];
1137  }
1138  /* Encrypt the MIC */
1139  construct_ctr_preload(ctr_preload, a4_exists, qc_exists,
1140  pframe, pn_vector, 0);
1141  for (j = 0; j < 16; j++)
1142  padded_buffer[j] = 0x00;
1143  for (j = 0; j < 8; j++)
1144  padded_buffer[j] = pframe[j+hdrlen+8+plen];
1145  aes128k128d(key, ctr_preload, aes_out);
1146  bitwise_xor(aes_out, padded_buffer, chain_buffer);
1147  for (j = 0; j < 8; j++)
1148  pframe[payload_index++] = chain_buffer[j];
1149  return _SUCCESS;
1150 }
1151 
1152 u32 r8712_aes_encrypt(struct _adapter *padapter, u8 *pxmitframe)
1153 { /* exclude ICV */
1154  /* Intermediate Buffers */
1155  sint curfragnum, length;
1156  u32 prwskeylen;
1157  u8 *pframe, *prwskey;
1158  struct sta_info *stainfo;
1159  struct pkt_attrib *pattrib = &((struct xmit_frame *)
1160  pxmitframe)->attrib;
1161  struct xmit_priv *pxmitpriv = &padapter->xmitpriv;
1162  u32 res = _SUCCESS;
1163 
1164  if (((struct xmit_frame *)pxmitframe)->buf_addr == NULL)
1165  return _FAIL;
1166  pframe = ((struct xmit_frame *)pxmitframe)->buf_addr + TXDESC_OFFSET;
1167  /* 4 start to encrypt each fragment */
1168  if ((pattrib->encrypt == _AES_)) {
1169  if (pattrib->psta)
1170  stainfo = pattrib->psta;
1171  else
1172  stainfo = r8712_get_stainfo(&padapter->stapriv,
1173  &pattrib->ra[0]);
1174  if (stainfo != NULL) {
1175  prwskey = &stainfo->x_UncstKey.skey[0];
1176  prwskeylen = 16;
1177  for (curfragnum = 0; curfragnum < pattrib->nr_frags;
1178  curfragnum++) {
1179  if ((curfragnum + 1) == pattrib->nr_frags) {\
1180  length = pattrib->last_txcmdsz -
1181  pattrib->hdrlen -
1182  pattrib->iv_len -
1183  pattrib->icv_len;
1184  aes_cipher(prwskey, pattrib->
1185  hdrlen, pframe, length);
1186  } else {
1187  length = pxmitpriv->frag_len -
1188  pattrib->hdrlen -
1189  pattrib->iv_len -
1190  pattrib->icv_len ;
1191  aes_cipher(prwskey, pattrib->
1192  hdrlen, pframe, length);
1193  pframe += pxmitpriv->frag_len;
1194  pframe = (u8 *)RND4((addr_t)(pframe));
1195  }
1196  }
1197  } else
1198  res = _FAIL;
1199  }
1200  return res;
1201 }
1202 
1203 static sint aes_decipher(u8 *key, uint hdrlen,
1204  u8 *pframe, uint plen)
1205 {
1206  static u8 message[MAX_MSG_SIZE];
1207  uint qc_exists, a4_exists, i, j, payload_remainder;
1208  uint num_blocks, payload_index;
1209  u8 pn_vector[6];
1210  u8 mic_iv[16];
1211  u8 mic_header1[16];
1212  u8 mic_header2[16];
1213  u8 ctr_preload[16];
1214  /* Intermediate Buffers */
1215  u8 chain_buffer[16];
1216  u8 aes_out[16];
1217  u8 padded_buffer[16];
1218  u8 mic[8];
1219  uint frtype = GetFrameType(pframe);
1220  uint frsubtype = GetFrameSubType(pframe);
1221 
1222  frsubtype = frsubtype >> 4;
1223  memset((void *)mic_iv, 0, 16);
1224  memset((void *)mic_header1, 0, 16);
1225  memset((void *)mic_header2, 0, 16);
1226  memset((void *)ctr_preload, 0, 16);
1227  memset((void *)chain_buffer, 0, 16);
1228  memset((void *)aes_out, 0, 16);
1229  memset((void *)padded_buffer, 0, 16);
1230  /* start to decrypt the payload */
1231  /*(plen including llc, payload and mic) */
1232  num_blocks = (plen - 8) / 16;
1233  payload_remainder = (plen-8) % 16;
1234  pn_vector[0] = pframe[hdrlen];
1235  pn_vector[1] = pframe[hdrlen+1];
1236  pn_vector[2] = pframe[hdrlen+4];
1237  pn_vector[3] = pframe[hdrlen+5];
1238  pn_vector[4] = pframe[hdrlen+6];
1239  pn_vector[5] = pframe[hdrlen+7];
1240  if ((hdrlen == WLAN_HDR_A3_LEN) || (hdrlen == WLAN_HDR_A3_QOS_LEN))
1241  a4_exists = 0;
1242  else
1243  a4_exists = 1;
1244  if ((frtype == WIFI_DATA_CFACK) ||
1245  (frtype == WIFI_DATA_CFPOLL) ||
1246  (frtype == WIFI_DATA_CFACKPOLL)) {
1247  qc_exists = 1;
1248  if (hdrlen != WLAN_HDR_A3_QOS_LEN)
1249  hdrlen += 2;
1250  } else if ((frsubtype == 0x08) ||
1251  (frsubtype == 0x09) ||
1252  (frsubtype == 0x0a) ||
1253  (frsubtype == 0x0b)) {
1254  if (hdrlen != WLAN_HDR_A3_QOS_LEN)
1255  hdrlen += 2;
1256  qc_exists = 1;
1257  } else
1258  qc_exists = 0;
1259  /* now, decrypt pframe with hdrlen offset and plen long */
1260  payload_index = hdrlen + 8; /* 8 is for extiv */
1261  for (i = 0; i < num_blocks; i++) {
1262  construct_ctr_preload(ctr_preload, a4_exists, qc_exists,
1263  pframe, pn_vector, i + 1);
1264  aes128k128d(key, ctr_preload, aes_out);
1265  bitwise_xor(aes_out, &pframe[payload_index], chain_buffer);
1266  for (j = 0; j < 16; j++)
1267  pframe[payload_index++] = chain_buffer[j];
1268  }
1269  if (payload_remainder > 0) { /* If short final block, pad it,*/
1270  /* encrypt it and copy the unpadded part back */
1271  construct_ctr_preload(ctr_preload, a4_exists, qc_exists,
1272  pframe, pn_vector, num_blocks+1);
1273  for (j = 0; j < 16; j++)
1274  padded_buffer[j] = 0x00;
1275  for (j = 0; j < payload_remainder; j++)
1276  padded_buffer[j] = pframe[payload_index + j];
1277  aes128k128d(key, ctr_preload, aes_out);
1278  bitwise_xor(aes_out, padded_buffer, chain_buffer);
1279  for (j = 0; j < payload_remainder; j++)
1280  pframe[payload_index++] = chain_buffer[j];
1281  }
1282  /* start to calculate the mic */
1283  memcpy((void *)message, pframe, (hdrlen + plen + 8));
1284  pn_vector[0] = pframe[hdrlen];
1285  pn_vector[1] = pframe[hdrlen+1];
1286  pn_vector[2] = pframe[hdrlen+4];
1287  pn_vector[3] = pframe[hdrlen+5];
1288  pn_vector[4] = pframe[hdrlen+6];
1289  pn_vector[5] = pframe[hdrlen+7];
1290  construct_mic_iv(mic_iv, qc_exists, a4_exists, message, plen-8,
1291  pn_vector);
1292  construct_mic_header1(mic_header1, hdrlen, message);
1293  construct_mic_header2(mic_header2, message, a4_exists, qc_exists);
1294  payload_remainder = (plen - 8) % 16;
1295  num_blocks = (plen - 8) / 16;
1296  /* Find start of payload */
1297  payload_index = (hdrlen + 8);
1298  /* Calculate MIC */
1299  aes128k128d(key, mic_iv, aes_out);
1300  bitwise_xor(aes_out, mic_header1, chain_buffer);
1301  aes128k128d(key, chain_buffer, aes_out);
1302  bitwise_xor(aes_out, mic_header2, chain_buffer);
1303  aes128k128d(key, chain_buffer, aes_out);
1304  for (i = 0; i < num_blocks; i++) {
1305  bitwise_xor(aes_out, &message[payload_index], chain_buffer);
1306  payload_index += 16;
1307  aes128k128d(key, chain_buffer, aes_out);
1308  }
1309  /* Add on the final payload block if it needs padding */
1310  if (payload_remainder > 0) {
1311  for (j = 0; j < 16; j++)
1312  padded_buffer[j] = 0x00;
1313  for (j = 0; j < payload_remainder; j++)
1314  padded_buffer[j] = message[payload_index++];
1315  bitwise_xor(aes_out, padded_buffer, chain_buffer);
1316  aes128k128d(key, chain_buffer, aes_out);
1317  }
1318  for (j = 0 ; j < 8; j++)
1319  mic[j] = aes_out[j];
1320  /* Insert MIC into payload */
1321  for (j = 0; j < 8; j++)
1322  message[payload_index+j] = mic[j];
1323  payload_index = hdrlen + 8;
1324  for (i = 0; i < num_blocks; i++) {
1325  construct_ctr_preload(ctr_preload, a4_exists, qc_exists,
1326  message, pn_vector, i + 1);
1327  aes128k128d(key, ctr_preload, aes_out);
1328  bitwise_xor(aes_out, &message[payload_index], chain_buffer);
1329  for (j = 0; j < 16; j++)
1330  message[payload_index++] = chain_buffer[j];
1331  }
1332  if (payload_remainder > 0) { /* If short final block, pad it,*/
1333  /* encrypt and copy unpadded part back */
1334  construct_ctr_preload(ctr_preload, a4_exists, qc_exists,
1335  message, pn_vector, num_blocks+1);
1336  for (j = 0; j < 16; j++)
1337  padded_buffer[j] = 0x00;
1338  for (j = 0; j < payload_remainder; j++)
1339  padded_buffer[j] = message[payload_index + j];
1340  aes128k128d(key, ctr_preload, aes_out);
1341  bitwise_xor(aes_out, padded_buffer, chain_buffer);
1342  for (j = 0; j < payload_remainder; j++)
1343  message[payload_index++] = chain_buffer[j];
1344  }
1345  /* Encrypt the MIC */
1346  construct_ctr_preload(ctr_preload, a4_exists, qc_exists, message,
1347  pn_vector, 0);
1348  for (j = 0; j < 16; j++)
1349  padded_buffer[j] = 0x00;
1350  for (j = 0; j < 8; j++)
1351  padded_buffer[j] = message[j + hdrlen + plen];
1352  aes128k128d(key, ctr_preload, aes_out);
1353  bitwise_xor(aes_out, padded_buffer, chain_buffer);
1354  for (j = 0; j < 8; j++)
1355  message[payload_index++] = chain_buffer[j];
1356  /* compare the mic */
1357  return _SUCCESS;
1358 }
1359 
1360 u32 r8712_aes_decrypt(struct _adapter *padapter, u8 *precvframe)
1361 { /* exclude ICV */
1362  /* Intermediate Buffers */
1363  sint length;
1364  u32 prwskeylen;
1365  u8 *pframe, *prwskey, *iv, idx;
1366  struct sta_info *stainfo;
1367  struct rx_pkt_attrib *prxattrib = &((union recv_frame *)
1368  precvframe)->u.hdr.attrib;
1369  struct security_priv *psecuritypriv = &padapter->securitypriv;
1370 
1371  pframe = (unsigned char *)((union recv_frame *)precvframe)->
1372  u.hdr.rx_data;
1373  /* 4 start to encrypt each fragment */
1374  if ((prxattrib->encrypt == _AES_)) {
1375  stainfo = r8712_get_stainfo(&padapter->stapriv,
1376  &prxattrib->ta[0]);
1377  if (stainfo != NULL) {
1378  if (IS_MCAST(prxattrib->ra)) {
1379  iv = pframe+prxattrib->hdrlen;
1380  idx = iv[3];
1381  prwskey = &psecuritypriv->XGrpKey[
1382  ((idx >> 6) & 0x3) - 1].skey[0];
1383  if (psecuritypriv->binstallGrpkey == false)
1384  return _FAIL;
1385 
1386  } else
1387  prwskey = &stainfo->x_UncstKey.skey[0];
1388  prwskeylen = 16;
1389  length = ((union recv_frame *)precvframe)->
1390  u.hdr.len-prxattrib->hdrlen-prxattrib->iv_len;
1391  aes_decipher(prwskey, prxattrib->hdrlen, pframe,
1392  length);
1393  } else
1394  return _FAIL;
1395  }
1396  return _SUCCESS;
1397 }
1398 
1399 void r8712_use_tkipkey_handler(void *FunctionContext)
1400 {
1401  struct _adapter *padapter = (struct _adapter *)FunctionContext;
1402 
1403  padapter->securitypriv.busetkipkey = true;
1404 }
Generated on Thu Jan 10 2013 14:31:13 for Linux Kernel by   doxygen 1.8.2