1 // SPDX-License-Identifier: GPL-2.0
2 /* Copyright(c) 2007 - 2011 Realtek Corporation. */
4 #define _RTW_SECURITY_C_
6 #include "../include/osdep_service.h"
7 #include "../include/drv_types.h"
8 #include "../include/wifi.h"
9 #include "../include/osdep_intf.h"
11 /* WEP related ===== */
14 Need to consider the fragment situation
16 void rtw_wep_encrypt(struct adapter *padapter, struct xmit_frame *pxmitframe)
23 int curfragnum, length;
26 u8 *pframe, *payload, *iv; /* wepkey */
29 struct pkt_attrib *pattrib = &pxmitframe->attrib;
30 struct security_priv *psecuritypriv = &padapter->securitypriv;
31 struct xmit_priv *pxmitpriv = &padapter->xmitpriv;
32 struct arc4_ctx *ctx = &psecuritypriv->xmit_arc4_ctx;
34 if (!pxmitframe->buf_addr)
37 hw_hdr_offset = TXDESC_SIZE + pxmitframe->pkt_offset * PACKET_OFFSET_SZ;
38 pframe = pxmitframe->buf_addr + hw_hdr_offset;
40 /* start to encrypt each fragment */
41 if ((pattrib->encrypt == _WEP40_) || (pattrib->encrypt == _WEP104_)) {
42 keylength = psecuritypriv->dot11DefKeylen[psecuritypriv->dot11PrivacyKeyIndex];
44 for (curfragnum = 0; curfragnum < pattrib->nr_frags; curfragnum++) {
45 iv = pframe + pattrib->hdrlen;
46 memcpy(&wepkey[0], iv, 3);
47 memcpy(&wepkey[3], &psecuritypriv->dot11DefKey[psecuritypriv->dot11PrivacyKeyIndex].skey[0], keylength);
48 payload = pframe + pattrib->iv_len + pattrib->hdrlen;
50 if ((curfragnum + 1) == pattrib->nr_frags) { /* the last fragment */
51 length = pattrib->last_txcmdsz - pattrib->hdrlen - pattrib->iv_len - pattrib->icv_len;
53 crc.f0 = cpu_to_le32(~crc32_le(~0, payload, length));
55 arc4_setkey(ctx, wepkey, 3 + keylength);
56 arc4_crypt(ctx, payload, payload, length);
57 arc4_crypt(ctx, payload + length, crc.f1, 4);
59 length = pxmitpriv->frag_len - pattrib->hdrlen - pattrib->iv_len - pattrib->icv_len;
60 crc.f0 = cpu_to_le32(~crc32_le(~0, payload, length));
61 arc4_setkey(ctx, wepkey, 3 + keylength);
62 arc4_crypt(ctx, payload, payload, length);
63 arc4_crypt(ctx, payload + length, crc.f1, 4);
65 pframe += pxmitpriv->frag_len;
66 pframe = (u8 *)RND4((size_t)(pframe));
73 void rtw_wep_decrypt(struct adapter *padapter, struct recv_frame *precvframe)
78 u8 *pframe, *payload, *iv, wepkey[16];
80 struct rx_pkt_attrib *prxattrib = &precvframe->attrib;
81 struct security_priv *psecuritypriv = &padapter->securitypriv;
82 struct arc4_ctx *ctx = &psecuritypriv->recv_arc4_ctx;
84 pframe = precvframe->rx_data;
86 /* start to decrypt recvframe */
87 if ((prxattrib->encrypt == _WEP40_) || (prxattrib->encrypt == _WEP104_)) {
88 iv = pframe + prxattrib->hdrlen;
89 keyindex = prxattrib->key_index;
90 keylength = psecuritypriv->dot11DefKeylen[keyindex];
91 memcpy(&wepkey[0], iv, 3);
92 memcpy(&wepkey[3], &psecuritypriv->dot11DefKey[keyindex].skey[0], keylength);
93 length = precvframe->len - prxattrib->hdrlen - prxattrib->iv_len;
95 payload = pframe + prxattrib->iv_len + prxattrib->hdrlen;
97 /* decrypt payload include icv */
98 arc4_setkey(ctx, wepkey, 3 + keylength);
99 arc4_crypt(ctx, payload, payload, length);
103 /* 3 ===== TKIP related ===== */
105 static u32 secmicgetuint32(u8 *p)
106 /* Convert from Byte[] to Us3232 in a portable way */
111 for (i = 0; i < 4; i++)
112 res |= ((u32)(*p++)) << (8 * i);
117 static void secmicputuint32(u8 *p, u32 val)
118 /* Convert from Us3232 to Byte[] in a portable way */
122 for (i = 0; i < 4; i++) {
123 *p++ = (u8)(val & 0xff);
129 static void secmicclear(struct mic_data *pmicdata)
131 /* Reset the state to the empty message. */
133 pmicdata->L = pmicdata->K0;
134 pmicdata->R = pmicdata->K1;
135 pmicdata->nBytesInM = 0;
140 void rtw_secmicsetkey(struct mic_data *pmicdata, u8 *key)
144 pmicdata->K0 = secmicgetuint32(key);
145 pmicdata->K1 = secmicgetuint32(key + 4);
146 /* and reset the message */
147 secmicclear(pmicdata);
151 void rtw_secmicappendbyte(struct mic_data *pmicdata, u8 b)
154 /* Append the byte to our word-sized buffer */
155 pmicdata->M |= ((unsigned long)b) << (8 * pmicdata->nBytesInM);
156 pmicdata->nBytesInM++;
157 /* Process the word if it is full. */
158 if (pmicdata->nBytesInM >= 4) {
159 pmicdata->L ^= pmicdata->M;
160 pmicdata->R ^= ROL32(pmicdata->L, 17);
161 pmicdata->L += pmicdata->R;
162 pmicdata->R ^= ((pmicdata->L & 0xff00ff00) >> 8) | ((pmicdata->L & 0x00ff00ff) << 8);
163 pmicdata->L += pmicdata->R;
164 pmicdata->R ^= ROL32(pmicdata->L, 3);
165 pmicdata->L += pmicdata->R;
166 pmicdata->R ^= ROR32(pmicdata->L, 2);
167 pmicdata->L += pmicdata->R;
168 /* Clear the buffer */
170 pmicdata->nBytesInM = 0;
175 void rtw_secmicappend(struct mic_data *pmicdata, u8 *src, u32 nbytes)
180 rtw_secmicappendbyte(pmicdata, *src++);
186 void rtw_secgetmic(struct mic_data *pmicdata, u8 *dst)
189 /* Append the minimum padding */
190 rtw_secmicappendbyte(pmicdata, 0x5a);
191 rtw_secmicappendbyte(pmicdata, 0);
192 rtw_secmicappendbyte(pmicdata, 0);
193 rtw_secmicappendbyte(pmicdata, 0);
194 rtw_secmicappendbyte(pmicdata, 0);
195 /* and then zeroes until the length is a multiple of 4 */
196 while (pmicdata->nBytesInM != 0)
197 rtw_secmicappendbyte(pmicdata, 0);
198 /* The appendByte function has already computed the result. */
199 secmicputuint32(dst, pmicdata->L);
200 secmicputuint32(dst + 4, pmicdata->R);
201 /* Reset to the empty message. */
202 secmicclear(pmicdata);
206 void rtw_seccalctkipmic(u8 *key, u8 *header, u8 *data, u32 data_len, u8 *mic_code, u8 pri)
208 struct mic_data micdata;
209 u8 priority[4] = {0x0, 0x0, 0x0, 0x0};
211 rtw_secmicsetkey(&micdata, key);
214 /* Michael MIC pseudo header: DA, SA, 3 x 0, Priority */
215 if (header[1] & 1) { /* ToDS == 1 */
216 rtw_secmicappend(&micdata, &header[16], 6); /* DA */
217 if (header[1] & 2) /* From Ds == 1 */
218 rtw_secmicappend(&micdata, &header[24], 6);
220 rtw_secmicappend(&micdata, &header[10], 6);
221 } else { /* ToDS == 0 */
222 rtw_secmicappend(&micdata, &header[4], 6); /* DA */
223 if (header[1] & 2) /* From Ds == 1 */
224 rtw_secmicappend(&micdata, &header[16], 6);
226 rtw_secmicappend(&micdata, &header[10], 6);
228 rtw_secmicappend(&micdata, &priority[0], 4);
230 rtw_secmicappend(&micdata, data, data_len);
232 rtw_secgetmic(&micdata, mic_code);
236 /* macros for extraction/creation of unsigned char/unsigned short values */
237 #define RotR1(v16) ((((v16) >> 1) & 0x7FFF) ^ (((v16) & 1) << 15))
238 #define Lo8(v16) ((u8)((v16) & 0x00FF))
239 #define Hi8(v16) ((u8)(((v16) >> 8) & 0x00FF))
240 #define Lo16(v32) ((u16)((v32) & 0xFFFF))
241 #define Hi16(v32) ((u16)(((v32) >> 16) & 0xFFFF))
242 #define Mk16(hi, lo) ((lo) ^ (((u16)(hi)) << 8))
244 /* select the Nth 16-bit word of the temporal key unsigned char array TK[] */
245 #define TK16(N) Mk16(tk[2 * (N) + 1], tk[2 * (N)])
247 /* S-box lookup: 16 bits --> 16 bits */
248 #define _S_(v16) (Sbox1[0][Lo8(v16)] ^ Sbox1[1][Hi8(v16)])
250 /* fixed algorithm "parameters" */
251 #define PHASE1_LOOP_CNT 8 /* this needs to be "big enough" */
252 #define TA_SIZE 6 /* 48-bit transmitter address */
253 #define TK_SIZE 16 /* 128-bit temporal key */
254 #define P1K_SIZE 10 /* 80-bit Phase1 key */
255 #define RC4_KEY_SIZE 16 /* 128-bit RC4KEY (104 bits unknown) */
257 /* 2-unsigned char by 2-unsigned char subset of the full AES S-box table */
258 static const unsigned short Sbox1[2][256] = { /* Sbox for hash (can be in ROM) */
260 0xC6A5, 0xF884, 0xEE99, 0xF68D, 0xFF0D, 0xD6BD, 0xDEB1, 0x9154,
261 0x6050, 0x0203, 0xCEA9, 0x567D, 0xE719, 0xB562, 0x4DE6, 0xEC9A,
262 0x8F45, 0x1F9D, 0x8940, 0xFA87, 0xEF15, 0xB2EB, 0x8EC9, 0xFB0B,
263 0x41EC, 0xB367, 0x5FFD, 0x45EA, 0x23BF, 0x53F7, 0xE496, 0x9B5B,
264 0x75C2, 0xE11C, 0x3DAE, 0x4C6A, 0x6C5A, 0x7E41, 0xF502, 0x834F,
265 0x685C, 0x51F4, 0xD134, 0xF908, 0xE293, 0xAB73, 0x6253, 0x2A3F,
266 0x080C, 0x9552, 0x4665, 0x9D5E, 0x3028, 0x37A1, 0x0A0F, 0x2FB5,
267 0x0E09, 0x2436, 0x1B9B, 0xDF3D, 0xCD26, 0x4E69, 0x7FCD, 0xEA9F,
268 0x121B, 0x1D9E, 0x5874, 0x342E, 0x362D, 0xDCB2, 0xB4EE, 0x5BFB,
269 0xA4F6, 0x764D, 0xB761, 0x7DCE, 0x527B, 0xDD3E, 0x5E71, 0x1397,
270 0xA6F5, 0xB968, 0x0000, 0xC12C, 0x4060, 0xE31F, 0x79C8, 0xB6ED,
271 0xD4BE, 0x8D46, 0x67D9, 0x724B, 0x94DE, 0x98D4, 0xB0E8, 0x854A,
272 0xBB6B, 0xC52A, 0x4FE5, 0xED16, 0x86C5, 0x9AD7, 0x6655, 0x1194,
273 0x8ACF, 0xE910, 0x0406, 0xFE81, 0xA0F0, 0x7844, 0x25BA, 0x4BE3,
274 0xA2F3, 0x5DFE, 0x80C0, 0x058A, 0x3FAD, 0x21BC, 0x7048, 0xF104,
275 0x63DF, 0x77C1, 0xAF75, 0x4263, 0x2030, 0xE51A, 0xFD0E, 0xBF6D,
276 0x814C, 0x1814, 0x2635, 0xC32F, 0xBEE1, 0x35A2, 0x88CC, 0x2E39,
277 0x9357, 0x55F2, 0xFC82, 0x7A47, 0xC8AC, 0xBAE7, 0x322B, 0xE695,
278 0xC0A0, 0x1998, 0x9ED1, 0xA37F, 0x4466, 0x547E, 0x3BAB, 0x0B83,
279 0x8CCA, 0xC729, 0x6BD3, 0x283C, 0xA779, 0xBCE2, 0x161D, 0xAD76,
280 0xDB3B, 0x6456, 0x744E, 0x141E, 0x92DB, 0x0C0A, 0x486C, 0xB8E4,
281 0x9F5D, 0xBD6E, 0x43EF, 0xC4A6, 0x39A8, 0x31A4, 0xD337, 0xF28B,
282 0xD532, 0x8B43, 0x6E59, 0xDAB7, 0x018C, 0xB164, 0x9CD2, 0x49E0,
283 0xD8B4, 0xACFA, 0xF307, 0xCF25, 0xCAAF, 0xF48E, 0x47E9, 0x1018,
284 0x6FD5, 0xF088, 0x4A6F, 0x5C72, 0x3824, 0x57F1, 0x73C7, 0x9751,
285 0xCB23, 0xA17C, 0xE89C, 0x3E21, 0x96DD, 0x61DC, 0x0D86, 0x0F85,
286 0xE090, 0x7C42, 0x71C4, 0xCCAA, 0x90D8, 0x0605, 0xF701, 0x1C12,
287 0xC2A3, 0x6A5F, 0xAEF9, 0x69D0, 0x1791, 0x9958, 0x3A27, 0x27B9,
288 0xD938, 0xEB13, 0x2BB3, 0x2233, 0xD2BB, 0xA970, 0x0789, 0x33A7,
289 0x2DB6, 0x3C22, 0x1592, 0xC920, 0x8749, 0xAAFF, 0x5078, 0xA57A,
290 0x038F, 0x59F8, 0x0980, 0x1A17, 0x65DA, 0xD731, 0x84C6, 0xD0B8,
291 0x82C3, 0x29B0, 0x5A77, 0x1E11, 0x7BCB, 0xA8FC, 0x6DD6, 0x2C3A,
294 { /* second half of table is unsigned char-reversed version of first! */
295 0xA5C6, 0x84F8, 0x99EE, 0x8DF6, 0x0DFF, 0xBDD6, 0xB1DE, 0x5491,
296 0x5060, 0x0302, 0xA9CE, 0x7D56, 0x19E7, 0x62B5, 0xE64D, 0x9AEC,
297 0x458F, 0x9D1F, 0x4089, 0x87FA, 0x15EF, 0xEBB2, 0xC98E, 0x0BFB,
298 0xEC41, 0x67B3, 0xFD5F, 0xEA45, 0xBF23, 0xF753, 0x96E4, 0x5B9B,
299 0xC275, 0x1CE1, 0xAE3D, 0x6A4C, 0x5A6C, 0x417E, 0x02F5, 0x4F83,
300 0x5C68, 0xF451, 0x34D1, 0x08F9, 0x93E2, 0x73AB, 0x5362, 0x3F2A,
301 0x0C08, 0x5295, 0x6546, 0x5E9D, 0x2830, 0xA137, 0x0F0A, 0xB52F,
302 0x090E, 0x3624, 0x9B1B, 0x3DDF, 0x26CD, 0x694E, 0xCD7F, 0x9FEA,
303 0x1B12, 0x9E1D, 0x7458, 0x2E34, 0x2D36, 0xB2DC, 0xEEB4, 0xFB5B,
304 0xF6A4, 0x4D76, 0x61B7, 0xCE7D, 0x7B52, 0x3EDD, 0x715E, 0x9713,
305 0xF5A6, 0x68B9, 0x0000, 0x2CC1, 0x6040, 0x1FE3, 0xC879, 0xEDB6,
306 0xBED4, 0x468D, 0xD967, 0x4B72, 0xDE94, 0xD498, 0xE8B0, 0x4A85,
307 0x6BBB, 0x2AC5, 0xE54F, 0x16ED, 0xC586, 0xD79A, 0x5566, 0x9411,
308 0xCF8A, 0x10E9, 0x0604, 0x81FE, 0xF0A0, 0x4478, 0xBA25, 0xE34B,
309 0xF3A2, 0xFE5D, 0xC080, 0x8A05, 0xAD3F, 0xBC21, 0x4870, 0x04F1,
310 0xDF63, 0xC177, 0x75AF, 0x6342, 0x3020, 0x1AE5, 0x0EFD, 0x6DBF,
311 0x4C81, 0x1418, 0x3526, 0x2FC3, 0xE1BE, 0xA235, 0xCC88, 0x392E,
312 0x5793, 0xF255, 0x82FC, 0x477A, 0xACC8, 0xE7BA, 0x2B32, 0x95E6,
313 0xA0C0, 0x9819, 0xD19E, 0x7FA3, 0x6644, 0x7E54, 0xAB3B, 0x830B,
314 0xCA8C, 0x29C7, 0xD36B, 0x3C28, 0x79A7, 0xE2BC, 0x1D16, 0x76AD,
315 0x3BDB, 0x5664, 0x4E74, 0x1E14, 0xDB92, 0x0A0C, 0x6C48, 0xE4B8,
316 0x5D9F, 0x6EBD, 0xEF43, 0xA6C4, 0xA839, 0xA431, 0x37D3, 0x8BF2,
317 0x32D5, 0x438B, 0x596E, 0xB7DA, 0x8C01, 0x64B1, 0xD29C, 0xE049,
318 0xB4D8, 0xFAAC, 0x07F3, 0x25CF, 0xAFCA, 0x8EF4, 0xE947, 0x1810,
319 0xD56F, 0x88F0, 0x6F4A, 0x725C, 0x2438, 0xF157, 0xC773, 0x5197,
320 0x23CB, 0x7CA1, 0x9CE8, 0x213E, 0xDD96, 0xDC61, 0x860D, 0x850F,
321 0x90E0, 0x427C, 0xC471, 0xAACC, 0xD890, 0x0506, 0x01F7, 0x121C,
322 0xA3C2, 0x5F6A, 0xF9AE, 0xD069, 0x9117, 0x5899, 0x273A, 0xB927,
323 0x38D9, 0x13EB, 0xB32B, 0x3322, 0xBBD2, 0x70A9, 0x8907, 0xA733,
324 0xB62D, 0x223C, 0x9215, 0x20C9, 0x4987, 0xFFAA, 0x7850, 0x7AA5,
325 0x8F03, 0xF859, 0x8009, 0x171A, 0xDA65, 0x31D7, 0xC684, 0xB8D0,
326 0xC382, 0xB029, 0x775A, 0x111E, 0xCB7B, 0xFCA8, 0xD66D, 0x3A2C,
331 **********************************************************************
332 * Routine: Phase 1 -- generate P1K, given TA, TK, IV32
335 * tk[] = temporal key [128 bits]
336 * ta[] = transmitter's MAC address [ 48 bits]
337 * iv32 = upper 32 bits of IV [ 32 bits]
339 * p1k[] = Phase 1 key [ 80 bits]
342 * This function only needs to be called every 2**16 packets,
343 * although in theory it could be called every packet.
345 **********************************************************************
347 static void phase1(u16 *p1k, const u8 *tk, const u8 *ta, u32 iv32)
351 /* Initialize the 80 bits of P1K[] from IV32 and TA[0..5] */
354 p1k[2] = Mk16(ta[1], ta[0]); /* use TA[] as little-endian */
355 p1k[3] = Mk16(ta[3], ta[2]);
356 p1k[4] = Mk16(ta[5], ta[4]);
358 /* Now compute an unbalanced Feistel cipher with 80-bit block */
359 /* size on the 80-bit block P1K[], using the 128-bit key TK[] */
360 for (i = 0; i < PHASE1_LOOP_CNT; i++) { /* Each add operation here is mod 2**16 */
361 p1k[0] += _S_(p1k[4] ^ TK16((i & 1) + 0));
362 p1k[1] += _S_(p1k[0] ^ TK16((i & 1) + 2));
363 p1k[2] += _S_(p1k[1] ^ TK16((i & 1) + 4));
364 p1k[3] += _S_(p1k[2] ^ TK16((i & 1) + 6));
365 p1k[4] += _S_(p1k[3] ^ TK16((i & 1) + 0));
366 p1k[4] += (unsigned short)i; /* avoid "slide attacks" */
372 **********************************************************************
373 * Routine: Phase 2 -- generate RC4KEY, given TK, P1K, IV16
376 * tk[] = Temporal key [128 bits]
377 * p1k[] = Phase 1 output key [ 80 bits]
378 * iv16 = low 16 bits of IV counter [ 16 bits]
380 * rc4key[] = the key used to encrypt the packet [128 bits]
383 * The value {TA, IV32, IV16} for Phase1/Phase2 must be unique
384 * across all packets using the same key TK value. Then, for a
385 * given value of TK[], this TKIP48 construction guarantees that
386 * the final RC4KEY value is unique across all packets.
388 * Suggested implementation optimization: if PPK[] is "overlaid"
389 * appropriately on RC4KEY[], there is no need for the final
390 * for loop below that copies the PPK[] result into RC4KEY[].
392 **********************************************************************
394 static void phase2(u8 *rc4key, const u8 *tk, const u16 *p1k, u16 iv16)
397 u16 PPK[6]; /* temporary key for mixing */
399 /* Note: all adds in the PPK[] equations below are mod 2**16 */
400 for (i = 0; i < 5; i++)
401 PPK[i] = p1k[i]; /* first, copy P1K to PPK */
402 PPK[5] = p1k[4] + iv16; /* next, add in IV16 */
404 /* Bijective non-linear mixing of the 96 bits of PPK[0..5] */
405 PPK[0] += _S_(PPK[5] ^ TK16(0)); /* Mix key in each "round" */
406 PPK[1] += _S_(PPK[0] ^ TK16(1));
407 PPK[2] += _S_(PPK[1] ^ TK16(2));
408 PPK[3] += _S_(PPK[2] ^ TK16(3));
409 PPK[4] += _S_(PPK[3] ^ TK16(4));
410 PPK[5] += _S_(PPK[4] ^ TK16(5)); /* Total # S-box lookups == 6 */
412 /* Final sweep: bijective, "linear". Rotates kill LSB correlations */
413 PPK[0] += RotR1(PPK[5] ^ TK16(6));
414 PPK[1] += RotR1(PPK[0] ^ TK16(7)); /* Use all of TK[] in Phase2 */
415 PPK[2] += RotR1(PPK[1]);
416 PPK[3] += RotR1(PPK[2]);
417 PPK[4] += RotR1(PPK[3]);
418 PPK[5] += RotR1(PPK[4]);
419 /* Note: At this point, for a given key TK[0..15], the 96-bit output */
420 /* value PPK[0..5] is guaranteed to be unique, as a function */
421 /* of the 96-bit "input" value {TA, IV32, IV16}. That is, P1K */
422 /* is now a keyed permutation of {TA, IV32, IV16}. */
424 /* Set RC4KEY[0..3], which includes "cleartext" portion of RC4 key */
425 rc4key[0] = Hi8(iv16); /* RC4KEY[0..2] is the WEP IV */
426 rc4key[1] = (Hi8(iv16) | 0x20) & 0x7F; /* Help avoid weak (FMS) keys */
427 rc4key[2] = Lo8(iv16);
428 rc4key[3] = Lo8((PPK[5] ^ TK16(0)) >> 1);
430 /* Copy 96 bits of PPK[0..5] to RC4KEY[4..15] (little-endian) */
431 for (i = 0; i < 6; i++) {
432 rc4key[4 + 2 * i] = Lo8(PPK[i]);
433 rc4key[5 + 2 * i] = Hi8(PPK[i]);
438 /* The hlen isn't include the IV */
439 u32 rtw_tkip_encrypt(struct adapter *padapter, struct xmit_frame *pxmitframe)
449 u8 hw_hdr_offset = 0;
450 int curfragnum, length;
452 u8 *pframe, *payload, *iv, *prwskey;
453 union pn48 dot11txpn;
454 struct sta_info *stainfo;
455 struct pkt_attrib *pattrib = &pxmitframe->attrib;
456 struct security_priv *psecuritypriv = &padapter->securitypriv;
457 struct xmit_priv *pxmitpriv = &padapter->xmitpriv;
458 struct arc4_ctx *ctx = &psecuritypriv->xmit_arc4_ctx;
461 if (!pxmitframe->buf_addr)
464 hw_hdr_offset = TXDESC_SIZE + pxmitframe->pkt_offset * PACKET_OFFSET_SZ;
465 pframe = pxmitframe->buf_addr + hw_hdr_offset;
467 /* 4 start to encrypt each fragment */
468 if (pattrib->encrypt == _TKIP_) {
470 stainfo = pattrib->psta;
472 stainfo = rtw_get_stainfo(&padapter->stapriv, &pattrib->ra[0]);
475 if (is_multicast_ether_addr(pattrib->ra))
476 prwskey = psecuritypriv->dot118021XGrpKey[psecuritypriv->dot118021XGrpKeyid].skey;
478 prwskey = &stainfo->dot118021x_UncstKey.skey[0];
480 for (curfragnum = 0; curfragnum < pattrib->nr_frags; curfragnum++) {
481 iv = pframe + pattrib->hdrlen;
482 payload = pframe + pattrib->iv_len + pattrib->hdrlen;
484 GET_TKIP_PN(iv, dot11txpn);
486 pnl = (u16)(dot11txpn.val);
487 pnh = (u32)(dot11txpn.val >> 16);
488 phase1((u16 *)&ttkey[0], prwskey, &pattrib->ta[0], pnh);
489 phase2(&rc4key[0], prwskey, (u16 *)&ttkey[0], pnl);
491 if ((curfragnum + 1) == pattrib->nr_frags) { /* 4 the last fragment */
492 length = pattrib->last_txcmdsz - pattrib->hdrlen - pattrib->iv_len - pattrib->icv_len;
493 crc.f0 = cpu_to_le32(~crc32_le(~0, payload, length));
495 arc4_setkey(ctx, rc4key, 16);
496 arc4_crypt(ctx, payload, payload, length);
497 arc4_crypt(ctx, payload + length, crc.f1, 4);
499 length = pxmitpriv->frag_len - pattrib->hdrlen - pattrib->iv_len - pattrib->icv_len;
500 crc.f0 = cpu_to_le32(~crc32_le(~0, payload, length));
502 arc4_setkey(ctx, rc4key, 16);
503 arc4_crypt(ctx, payload, payload, length);
504 arc4_crypt(ctx, payload + length, crc.f1, 4);
506 pframe += pxmitpriv->frag_len;
507 pframe = (u8 *)RND4((size_t)(pframe));
518 /* The hlen isn't include the IV */
519 u32 rtw_tkip_decrypt(struct adapter *padapter, struct recv_frame *precvframe)
531 u8 *pframe, *payload, *iv, *prwskey;
532 union pn48 dot11txpn;
533 struct sta_info *stainfo;
534 struct rx_pkt_attrib *prxattrib = &precvframe->attrib;
535 struct security_priv *psecuritypriv = &padapter->securitypriv;
536 struct arc4_ctx *ctx = &psecuritypriv->recv_arc4_ctx;
539 pframe = precvframe->rx_data;
541 /* 4 start to decrypt recvframe */
542 if (prxattrib->encrypt == _TKIP_) {
543 stainfo = rtw_get_stainfo(&padapter->stapriv, &prxattrib->ta[0]);
545 if (is_multicast_ether_addr(prxattrib->ra)) {
546 if (!psecuritypriv->binstallGrpkey) {
550 prwskey = psecuritypriv->dot118021XGrpKey[prxattrib->key_index].skey;
552 prwskey = &stainfo->dot118021x_UncstKey.skey[0];
555 iv = pframe + prxattrib->hdrlen;
556 payload = pframe + prxattrib->iv_len + prxattrib->hdrlen;
557 length = precvframe->len - prxattrib->hdrlen - prxattrib->iv_len;
559 GET_TKIP_PN(iv, dot11txpn);
561 pnl = (u16)(dot11txpn.val);
562 pnh = (u32)(dot11txpn.val >> 16);
564 phase1((u16 *)&ttkey[0], prwskey, &prxattrib->ta[0], pnh);
565 phase2(&rc4key[0], prwskey, (unsigned short *)&ttkey[0], pnl);
567 /* 4 decrypt payload include icv */
569 arc4_setkey(ctx, rc4key, 16);
570 arc4_crypt(ctx, payload, payload, length);
572 crc.f0 = cpu_to_le32(~crc32_le(~0, payload, length));
574 if (crc.f1[3] != payload[length - 1] ||
575 crc.f1[2] != payload[length - 2] ||
576 crc.f1[1] != payload[length - 3] ||
577 crc.f1[0] != payload[length - 4])
588 /* 3 ===== AES related ===== */
590 #define MAX_MSG_SIZE 2048
591 /*****************************/
592 /******** SBOX Table *********/
593 /*****************************/
595 static u8 sbox_table[256] = {
596 0x63, 0x7c, 0x77, 0x7b, 0xf2, 0x6b, 0x6f, 0xc5,
597 0x30, 0x01, 0x67, 0x2b, 0xfe, 0xd7, 0xab, 0x76,
598 0xca, 0x82, 0xc9, 0x7d, 0xfa, 0x59, 0x47, 0xf0,
599 0xad, 0xd4, 0xa2, 0xaf, 0x9c, 0xa4, 0x72, 0xc0,
600 0xb7, 0xfd, 0x93, 0x26, 0x36, 0x3f, 0xf7, 0xcc,
601 0x34, 0xa5, 0xe5, 0xf1, 0x71, 0xd8, 0x31, 0x15,
602 0x04, 0xc7, 0x23, 0xc3, 0x18, 0x96, 0x05, 0x9a,
603 0x07, 0x12, 0x80, 0xe2, 0xeb, 0x27, 0xb2, 0x75,
604 0x09, 0x83, 0x2c, 0x1a, 0x1b, 0x6e, 0x5a, 0xa0,
605 0x52, 0x3b, 0xd6, 0xb3, 0x29, 0xe3, 0x2f, 0x84,
606 0x53, 0xd1, 0x00, 0xed, 0x20, 0xfc, 0xb1, 0x5b,
607 0x6a, 0xcb, 0xbe, 0x39, 0x4a, 0x4c, 0x58, 0xcf,
608 0xd0, 0xef, 0xaa, 0xfb, 0x43, 0x4d, 0x33, 0x85,
609 0x45, 0xf9, 0x02, 0x7f, 0x50, 0x3c, 0x9f, 0xa8,
610 0x51, 0xa3, 0x40, 0x8f, 0x92, 0x9d, 0x38, 0xf5,
611 0xbc, 0xb6, 0xda, 0x21, 0x10, 0xff, 0xf3, 0xd2,
612 0xcd, 0x0c, 0x13, 0xec, 0x5f, 0x97, 0x44, 0x17,
613 0xc4, 0xa7, 0x7e, 0x3d, 0x64, 0x5d, 0x19, 0x73,
614 0x60, 0x81, 0x4f, 0xdc, 0x22, 0x2a, 0x90, 0x88,
615 0x46, 0xee, 0xb8, 0x14, 0xde, 0x5e, 0x0b, 0xdb,
616 0xe0, 0x32, 0x3a, 0x0a, 0x49, 0x06, 0x24, 0x5c,
617 0xc2, 0xd3, 0xac, 0x62, 0x91, 0x95, 0xe4, 0x79,
618 0xe7, 0xc8, 0x37, 0x6d, 0x8d, 0xd5, 0x4e, 0xa9,
619 0x6c, 0x56, 0xf4, 0xea, 0x65, 0x7a, 0xae, 0x08,
620 0xba, 0x78, 0x25, 0x2e, 0x1c, 0xa6, 0xb4, 0xc6,
621 0xe8, 0xdd, 0x74, 0x1f, 0x4b, 0xbd, 0x8b, 0x8a,
622 0x70, 0x3e, 0xb5, 0x66, 0x48, 0x03, 0xf6, 0x0e,
623 0x61, 0x35, 0x57, 0xb9, 0x86, 0xc1, 0x1d, 0x9e,
624 0xe1, 0xf8, 0x98, 0x11, 0x69, 0xd9, 0x8e, 0x94,
625 0x9b, 0x1e, 0x87, 0xe9, 0xce, 0x55, 0x28, 0xdf,
626 0x8c, 0xa1, 0x89, 0x0d, 0xbf, 0xe6, 0x42, 0x68,
627 0x41, 0x99, 0x2d, 0x0f, 0xb0, 0x54, 0xbb, 0x16
630 /*****************************/
631 /**** Function Prototypes ****/
632 /*****************************/
634 static void bitwise_xor(u8 *ina, u8 *inb, u8 *out);
635 static void construct_mic_iv(u8 *mic_header1, int qc_exists, int a4_exists, u8 *mpdu, uint payload_length, u8 *pn_vector);
636 static void construct_mic_header1(u8 *mic_header1, int header_length, u8 *mpdu);
637 static void construct_mic_header2(u8 *mic_header2, u8 *mpdu, int a4_exists, int qc_exists);
638 static void construct_ctr_preload(u8 *ctr_preload, int a4_exists, int qc_exists, u8 *mpdu, u8 *pn_vector, int c);
639 static void xor_128(u8 *a, u8 *b, u8 *out);
640 static void xor_32(u8 *a, u8 *b, u8 *out);
641 static u8 sbox(u8 a);
642 static void next_key(u8 *key, int round);
643 static void byte_sub(u8 *in, u8 *out);
644 static void shift_row(u8 *in, u8 *out);
645 static void mix_column(u8 *in, u8 *out);
646 static void aes128k128d(u8 *key, u8 *data, u8 *ciphertext);
648 /****************************************/
650 /* Performs a 128 bit AES encrypt with */
652 /****************************************/
653 static void xor_128(u8 *a, u8 *b, u8 *out)
657 for (i = 0; i < 16; i++)
658 out[i] = a[i] ^ b[i];
662 static void xor_32(u8 *a, u8 *b, u8 *out)
666 for (i = 0; i < 4; i++)
667 out[i] = a[i] ^ b[i];
673 return sbox_table[(int)a];
676 static void next_key(u8 *key, int round)
680 u8 rcon_table[12] = {
681 0x01, 0x02, 0x04, 0x08, 0x10, 0x20, 0x40, 0x80,
682 0x1b, 0x36, 0x36, 0x36
685 sbox_key[0] = sbox(key[13]);
686 sbox_key[1] = sbox(key[14]);
687 sbox_key[2] = sbox(key[15]);
688 sbox_key[3] = sbox(key[12]);
690 rcon = rcon_table[round];
692 xor_32(&key[0], sbox_key, &key[0]);
693 key[0] = key[0] ^ rcon;
695 xor_32(&key[4], &key[0], &key[4]);
696 xor_32(&key[8], &key[4], &key[8]);
697 xor_32(&key[12], &key[8], &key[12]);
701 static void byte_sub(u8 *in, u8 *out)
705 for (i = 0; i < 16; i++)
706 out[i] = sbox(in[i]);
710 static void shift_row(u8 *in, u8 *out)
732 static void mix_column(u8 *in, u8 *out)
744 for (i = 0 ; i < 4; i++) {
745 if ((in[i] & 0x80) == 0x80)
751 swap_halfs[0] = in[2]; /* Swap halves */
752 swap_halfs[1] = in[3];
753 swap_halfs[2] = in[0];
754 swap_halfs[3] = in[1];
756 rotl[0] = in[3]; /* Rotate left 8 bits */
761 andf7[0] = in[0] & 0x7f;
762 andf7[1] = in[1] & 0x7f;
763 andf7[2] = in[2] & 0x7f;
764 andf7[3] = in[3] & 0x7f;
766 for (i = 3; i > 0; i--) { /* logical shift left 1 bit */
767 andf7[i] = andf7[i] << 1;
768 if ((andf7[i - 1] & 0x80) == 0x80)
769 andf7[i] = (andf7[i] | 0x01);
771 andf7[0] = andf7[0] << 1;
772 andf7[0] = andf7[0] & 0xfe;
774 xor_32(add1b, andf7, add1bf7);
776 xor_32(in, add1bf7, rotr);
778 temp[0] = rotr[0]; /* Rotate right 8 bits */
784 xor_32(add1bf7, rotr, temp);
785 xor_32(swap_halfs, rotl, tempb);
786 xor_32(temp, tempb, out);
790 static void aes128k128d(u8 *key, u8 *data, u8 *ciphertext)
794 u8 intermediatea[16];
795 u8 intermediateb[16];
798 for (i = 0; i < 16; i++)
799 round_key[i] = key[i];
800 for (round = 0; round < 11; round++) {
802 xor_128(round_key, data, ciphertext);
803 next_key(round_key, round);
804 } else if (round == 10) {
805 byte_sub(ciphertext, intermediatea);
806 shift_row(intermediatea, intermediateb);
807 xor_128(intermediateb, round_key, ciphertext);
809 byte_sub(ciphertext, intermediatea);
810 shift_row(intermediatea, intermediateb);
811 mix_column(&intermediateb[0], &intermediatea[0]);
812 mix_column(&intermediateb[4], &intermediatea[4]);
813 mix_column(&intermediateb[8], &intermediatea[8]);
814 mix_column(&intermediateb[12], &intermediatea[12]);
815 xor_128(intermediatea, round_key, ciphertext);
816 next_key(round_key, round);
822 /************************************************/
823 /* construct_mic_iv() */
824 /* Builds the MIC IV from header fields and PN */
825 /************************************************/
826 static void construct_mic_iv(u8 *mic_iv, int qc_exists, int a4_exists, u8 *mpdu,
827 uint payload_length, u8 *pn_vector)
832 if (qc_exists && a4_exists)
833 mic_iv[1] = mpdu[30] & 0x0f; /* QoS_TC */
834 if (qc_exists && !a4_exists)
835 mic_iv[1] = mpdu[24] & 0x0f; /* mute bits 7-4 */
838 for (i = 2; i < 8; i++)
839 mic_iv[i] = mpdu[i + 8]; /* mic_iv[2:7] = A2[0:5] = mpdu[10:15] */
840 for (i = 8; i < 14; i++)
841 mic_iv[i] = pn_vector[13 - i]; /* mic_iv[8:13] = PN[5:0] */
842 mic_iv[14] = (unsigned char)(payload_length / 256);
843 mic_iv[15] = (unsigned char)(payload_length % 256);
847 /************************************************/
848 /* construct_mic_header1() */
849 /* Builds the first MIC header block from */
851 /************************************************/
852 static void construct_mic_header1(u8 *mic_header1, int header_length, u8 *mpdu)
855 mic_header1[0] = (u8)((header_length - 2) / 256);
856 mic_header1[1] = (u8)((header_length - 2) % 256);
857 mic_header1[2] = mpdu[0] & 0xcf; /* Mute CF poll & CF ack bits */
858 mic_header1[3] = mpdu[1] & 0xc7; /* Mute retry, more data and pwr mgt bits */
859 mic_header1[4] = mpdu[4]; /* A1 */
860 mic_header1[5] = mpdu[5];
861 mic_header1[6] = mpdu[6];
862 mic_header1[7] = mpdu[7];
863 mic_header1[8] = mpdu[8];
864 mic_header1[9] = mpdu[9];
865 mic_header1[10] = mpdu[10]; /* A2 */
866 mic_header1[11] = mpdu[11];
867 mic_header1[12] = mpdu[12];
868 mic_header1[13] = mpdu[13];
869 mic_header1[14] = mpdu[14];
870 mic_header1[15] = mpdu[15];
874 /************************************************/
875 /* construct_mic_header2() */
876 /* Builds the last MIC header block from */
878 /************************************************/
879 static void construct_mic_header2(u8 *mic_header2, u8 *mpdu, int a4_exists, int qc_exists)
883 for (i = 0; i < 16; i++)
884 mic_header2[i] = 0x00;
886 mic_header2[0] = mpdu[16]; /* A3 */
887 mic_header2[1] = mpdu[17];
888 mic_header2[2] = mpdu[18];
889 mic_header2[3] = mpdu[19];
890 mic_header2[4] = mpdu[20];
891 mic_header2[5] = mpdu[21];
893 mic_header2[6] = 0x00;
894 mic_header2[7] = 0x00; /* mpdu[23]; */
896 if (!qc_exists && a4_exists) {
897 for (i = 0; i < 6; i++)
898 mic_header2[8 + i] = mpdu[24 + i]; /* A4 */
901 if (qc_exists && !a4_exists) {
902 mic_header2[8] = mpdu[24] & 0x0f; /* mute bits 15 - 4 */
903 mic_header2[9] = mpdu[25] & 0x00;
906 if (qc_exists && a4_exists) {
907 for (i = 0; i < 6; i++)
908 mic_header2[8 + i] = mpdu[24 + i]; /* A4 */
910 mic_header2[14] = mpdu[30] & 0x0f;
911 mic_header2[15] = mpdu[31] & 0x00;
916 /************************************************/
917 /* construct_mic_header2() */
918 /* Builds the last MIC header block from */
920 /************************************************/
921 static void construct_ctr_preload(u8 *ctr_preload, int a4_exists, int qc_exists, u8 *mpdu, u8 *pn_vector, int c)
925 for (i = 0; i < 16; i++)
926 ctr_preload[i] = 0x00;
929 ctr_preload[0] = 0x01; /* flag */
930 if (qc_exists && a4_exists)
931 ctr_preload[1] = mpdu[30] & 0x0f; /* QoC_Control */
932 if (qc_exists && !a4_exists)
933 ctr_preload[1] = mpdu[24] & 0x0f;
935 for (i = 2; i < 8; i++)
936 ctr_preload[i] = mpdu[i + 8]; /* ctr_preload[2:7] = A2[0:5] = mpdu[10:15] */
937 for (i = 8; i < 14; i++)
938 ctr_preload[i] = pn_vector[13 - i]; /* ctr_preload[8:13] = PN[5:0] */
939 ctr_preload[14] = (unsigned char)(c / 256); /* Ctr */
940 ctr_preload[15] = (unsigned char)(c % 256);
944 /************************************/
946 /* A 128 bit, bitwise exclusive or */
947 /************************************/
948 static void bitwise_xor(u8 *ina, u8 *inb, u8 *out)
952 for (i = 0; i < 16; i++)
953 out[i] = ina[i] ^ inb[i];
957 static int aes_cipher(u8 *key, uint hdrlen, u8 *pframe, uint plen)
959 uint qc_exists, a4_exists, i, j, payload_remainder,
960 num_blocks, payload_index;
968 /* Intermediate Buffers */
971 u8 padded_buffer[16];
973 uint frtype = GetFrameType(pframe);
974 uint frsubtype = GetFrameSubType(pframe);
976 frsubtype = frsubtype >> 4;
978 memset((void *)mic_iv, 0, 16);
979 memset((void *)mic_header1, 0, 16);
980 memset((void *)mic_header2, 0, 16);
981 memset((void *)ctr_preload, 0, 16);
982 memset((void *)chain_buffer, 0, 16);
983 memset((void *)aes_out, 0, 16);
984 memset((void *)padded_buffer, 0, 16);
986 if ((hdrlen == WLAN_HDR_A3_LEN) || (hdrlen == WLAN_HDR_A3_QOS_LEN))
991 if ((frtype == WIFI_DATA_CFACK) || (frtype == WIFI_DATA_CFPOLL) || (frtype == WIFI_DATA_CFACKPOLL)) {
993 if (hdrlen != WLAN_HDR_A3_QOS_LEN)
995 } else if ((frsubtype == 0x08) || (frsubtype == 0x09) || (frsubtype == 0x0a) || (frsubtype == 0x0b)) {
996 if (hdrlen != WLAN_HDR_A3_QOS_LEN)
1003 pn_vector[0] = pframe[hdrlen];
1004 pn_vector[1] = pframe[hdrlen + 1];
1005 pn_vector[2] = pframe[hdrlen + 4];
1006 pn_vector[3] = pframe[hdrlen + 5];
1007 pn_vector[4] = pframe[hdrlen + 6];
1008 pn_vector[5] = pframe[hdrlen + 7];
1010 construct_mic_iv(mic_iv, qc_exists, a4_exists, pframe, plen, pn_vector);
1012 construct_mic_header1(mic_header1, hdrlen, pframe);
1013 construct_mic_header2(mic_header2, pframe, a4_exists, qc_exists);
1015 payload_remainder = plen % 16;
1016 num_blocks = plen / 16;
1018 /* Find start of payload */
1019 payload_index = (hdrlen + 8);
1022 aes128k128d(key, mic_iv, aes_out);
1023 bitwise_xor(aes_out, mic_header1, chain_buffer);
1024 aes128k128d(key, chain_buffer, aes_out);
1025 bitwise_xor(aes_out, mic_header2, chain_buffer);
1026 aes128k128d(key, chain_buffer, aes_out);
1028 for (i = 0; i < num_blocks; i++) {
1029 bitwise_xor(aes_out, &pframe[payload_index], chain_buffer);/* bitwise_xor(aes_out, &message[payload_index], chain_buffer); */
1031 payload_index += 16;
1032 aes128k128d(key, chain_buffer, aes_out);
1035 /* Add on the final payload block if it needs padding */
1036 if (payload_remainder > 0) {
1037 for (j = 0; j < 16; j++)
1038 padded_buffer[j] = 0x00;
1039 for (j = 0; j < payload_remainder; j++)
1040 padded_buffer[j] = pframe[payload_index++];/* padded_buffer[j] = message[payload_index++]; */
1041 bitwise_xor(aes_out, padded_buffer, chain_buffer);
1042 aes128k128d(key, chain_buffer, aes_out);
1045 for (j = 0; j < 8; j++)
1046 mic[j] = aes_out[j];
1048 /* Insert MIC into payload */
1049 for (j = 0; j < 8; j++)
1050 pframe[payload_index + j] = mic[j]; /* message[payload_index+j] = mic[j]; */
1052 payload_index = hdrlen + 8;
1053 for (i = 0; i < num_blocks; i++) {
1054 construct_ctr_preload(ctr_preload, a4_exists, qc_exists, pframe, pn_vector, i + 1);
1055 aes128k128d(key, ctr_preload, aes_out);
1056 bitwise_xor(aes_out, &pframe[payload_index], chain_buffer);
1057 for (j = 0; j < 16; j++)
1058 pframe[payload_index++] = chain_buffer[j];
1061 if (payload_remainder > 0) { /* If there is a short final block, then pad it,*/
1062 /* encrypt it and copy the unpadded part back */
1063 construct_ctr_preload(ctr_preload, a4_exists, qc_exists, pframe, pn_vector, num_blocks + 1);
1065 for (j = 0; j < 16; j++)
1066 padded_buffer[j] = 0x00;
1067 for (j = 0; j < payload_remainder; j++)
1068 padded_buffer[j] = pframe[payload_index + j];
1069 aes128k128d(key, ctr_preload, aes_out);
1070 bitwise_xor(aes_out, padded_buffer, chain_buffer);
1071 for (j = 0; j < payload_remainder; j++)
1072 pframe[payload_index++] = chain_buffer[j];
1074 /* Encrypt the MIC */
1075 construct_ctr_preload(ctr_preload, a4_exists, qc_exists, pframe, pn_vector, 0);
1077 for (j = 0; j < 16; j++)
1078 padded_buffer[j] = 0x00;
1079 for (j = 0; j < 8; j++)
1080 padded_buffer[j] = pframe[j + hdrlen + 8 + plen];
1082 aes128k128d(key, ctr_preload, aes_out);
1083 bitwise_xor(aes_out, padded_buffer, chain_buffer);
1084 for (j = 0; j < 8; j++)
1085 pframe[payload_index++] = chain_buffer[j];
1090 u32 rtw_aes_encrypt(struct adapter *padapter, struct xmit_frame *pxmitframe)
1094 /* unsigned char message[MAX_MSG_SIZE]; */
1096 /* Intermediate Buffers */
1097 int curfragnum, length;
1098 u8 *pframe, *prwskey; /* *payload,*iv */
1099 u8 hw_hdr_offset = 0;
1100 struct sta_info *stainfo;
1101 struct pkt_attrib *pattrib = &pxmitframe->attrib;
1102 struct security_priv *psecuritypriv = &padapter->securitypriv;
1103 struct xmit_priv *pxmitpriv = &padapter->xmitpriv;
1105 /* uint offset = 0; */
1108 if (!pxmitframe->buf_addr)
1111 hw_hdr_offset = TXDESC_SIZE + pxmitframe->pkt_offset * PACKET_OFFSET_SZ;
1112 pframe = pxmitframe->buf_addr + hw_hdr_offset;
1114 /* 4 start to encrypt each fragment */
1115 if (pattrib->encrypt == _AES_) {
1117 stainfo = pattrib->psta;
1119 stainfo = rtw_get_stainfo(&padapter->stapriv, &pattrib->ra[0]);
1122 if (is_multicast_ether_addr(pattrib->ra))
1123 prwskey = psecuritypriv->dot118021XGrpKey[psecuritypriv->dot118021XGrpKeyid].skey;
1125 prwskey = &stainfo->dot118021x_UncstKey.skey[0];
1126 for (curfragnum = 0; curfragnum < pattrib->nr_frags; curfragnum++) {
1127 if ((curfragnum + 1) == pattrib->nr_frags) { /* 4 the last fragment */
1128 length = pattrib->last_txcmdsz - pattrib->hdrlen - pattrib->iv_len - pattrib->icv_len;
1130 aes_cipher(prwskey, pattrib->hdrlen, pframe, length);
1132 length = pxmitpriv->frag_len - pattrib->hdrlen - pattrib->iv_len - pattrib->icv_len;
1134 aes_cipher(prwskey, pattrib->hdrlen, pframe, length);
1135 pframe += pxmitpriv->frag_len;
1136 pframe = (u8 *)RND4((size_t)(pframe));
1147 static int aes_decipher(u8 *key, uint hdrlen,
1148 u8 *pframe, uint plen)
1150 static u8 message[MAX_MSG_SIZE];
1151 uint qc_exists, a4_exists, i, j, payload_remainder,
1152 num_blocks, payload_index;
1160 /* Intermediate Buffers */
1161 u8 chain_buffer[16];
1163 u8 padded_buffer[16];
1166 /* uint offset = 0; */
1167 uint frtype = GetFrameType(pframe);
1168 uint frsubtype = GetFrameSubType(pframe);
1170 frsubtype = frsubtype >> 4;
1172 memset((void *)mic_iv, 0, 16);
1173 memset((void *)mic_header1, 0, 16);
1174 memset((void *)mic_header2, 0, 16);
1175 memset((void *)ctr_preload, 0, 16);
1176 memset((void *)chain_buffer, 0, 16);
1177 memset((void *)aes_out, 0, 16);
1178 memset((void *)padded_buffer, 0, 16);
1180 /* start to decrypt the payload */
1182 num_blocks = (plen - 8) / 16; /* plen including llc, payload_length and mic) */
1184 payload_remainder = (plen - 8) % 16;
1186 pn_vector[0] = pframe[hdrlen];
1187 pn_vector[1] = pframe[hdrlen + 1];
1188 pn_vector[2] = pframe[hdrlen + 4];
1189 pn_vector[3] = pframe[hdrlen + 5];
1190 pn_vector[4] = pframe[hdrlen + 6];
1191 pn_vector[5] = pframe[hdrlen + 7];
1193 if ((hdrlen == WLAN_HDR_A3_LEN) || (hdrlen == WLAN_HDR_A3_QOS_LEN))
1198 if ((frtype == WIFI_DATA_CFACK) || (frtype == WIFI_DATA_CFPOLL) ||
1199 (frtype == WIFI_DATA_CFACKPOLL)) {
1201 if (hdrlen != WLAN_HDR_A3_QOS_LEN)
1203 } else if ((frsubtype == 0x08) || (frsubtype == 0x09) ||
1204 (frsubtype == 0x0a) || (frsubtype == 0x0b)) {
1205 if (hdrlen != WLAN_HDR_A3_QOS_LEN)
1212 /* now, decrypt pframe with hdrlen offset and plen long */
1214 payload_index = hdrlen + 8; /* 8 is for extiv */
1216 for (i = 0; i < num_blocks; i++) {
1217 construct_ctr_preload(ctr_preload, a4_exists, qc_exists, pframe, pn_vector, i + 1);
1219 aes128k128d(key, ctr_preload, aes_out);
1220 bitwise_xor(aes_out, &pframe[payload_index], chain_buffer);
1222 for (j = 0; j < 16; j++)
1223 pframe[payload_index++] = chain_buffer[j];
1226 if (payload_remainder > 0) { /* If there is a short final block, then pad it,*/
1227 /* encrypt it and copy the unpadded part back */
1228 construct_ctr_preload(ctr_preload, a4_exists, qc_exists, pframe, pn_vector, num_blocks + 1);
1230 for (j = 0; j < 16; j++)
1231 padded_buffer[j] = 0x00;
1232 for (j = 0; j < payload_remainder; j++)
1233 padded_buffer[j] = pframe[payload_index + j];
1234 aes128k128d(key, ctr_preload, aes_out);
1235 bitwise_xor(aes_out, padded_buffer, chain_buffer);
1236 for (j = 0; j < payload_remainder; j++)
1237 pframe[payload_index++] = chain_buffer[j];
1240 /* start to calculate the mic */
1241 if ((hdrlen + plen + 8) <= MAX_MSG_SIZE)
1242 memcpy(message, pframe, (hdrlen + plen + 8)); /* 8 is for ext iv len */
1244 pn_vector[0] = pframe[hdrlen];
1245 pn_vector[1] = pframe[hdrlen + 1];
1246 pn_vector[2] = pframe[hdrlen + 4];
1247 pn_vector[3] = pframe[hdrlen + 5];
1248 pn_vector[4] = pframe[hdrlen + 6];
1249 pn_vector[5] = pframe[hdrlen + 7];
1250 construct_mic_iv(mic_iv, qc_exists, a4_exists, message, plen - 8, pn_vector);
1252 construct_mic_header1(mic_header1, hdrlen, message);
1253 construct_mic_header2(mic_header2, message, a4_exists, qc_exists);
1255 payload_remainder = (plen - 8) % 16;
1256 num_blocks = (plen - 8) / 16;
1258 /* Find start of payload */
1259 payload_index = (hdrlen + 8);
1262 aes128k128d(key, mic_iv, aes_out);
1263 bitwise_xor(aes_out, mic_header1, chain_buffer);
1264 aes128k128d(key, chain_buffer, aes_out);
1265 bitwise_xor(aes_out, mic_header2, chain_buffer);
1266 aes128k128d(key, chain_buffer, aes_out);
1268 for (i = 0; i < num_blocks; i++) {
1269 bitwise_xor(aes_out, &message[payload_index], chain_buffer);
1271 payload_index += 16;
1272 aes128k128d(key, chain_buffer, aes_out);
1275 /* Add on the final payload block if it needs padding */
1276 if (payload_remainder > 0) {
1277 for (j = 0; j < 16; j++)
1278 padded_buffer[j] = 0x00;
1279 for (j = 0; j < payload_remainder; j++)
1280 padded_buffer[j] = message[payload_index++];
1281 bitwise_xor(aes_out, padded_buffer, chain_buffer);
1282 aes128k128d(key, chain_buffer, aes_out);
1285 for (j = 0 ; j < 8; j++)
1286 mic[j] = aes_out[j];
1288 /* Insert MIC into payload */
1289 for (j = 0; j < 8; j++)
1290 message[payload_index + j] = mic[j];
1292 payload_index = hdrlen + 8;
1293 for (i = 0; i < num_blocks; i++) {
1294 construct_ctr_preload(ctr_preload, a4_exists, qc_exists, message, pn_vector, i + 1);
1295 aes128k128d(key, ctr_preload, aes_out);
1296 bitwise_xor(aes_out, &message[payload_index], chain_buffer);
1297 for (j = 0; j < 16; j++)
1298 message[payload_index++] = chain_buffer[j];
1301 if (payload_remainder > 0) { /* If there is a short final block, then pad it,*/
1302 /* encrypt it and copy the unpadded part back */
1303 construct_ctr_preload(ctr_preload, a4_exists, qc_exists, message, pn_vector, num_blocks + 1);
1305 for (j = 0; j < 16; j++)
1306 padded_buffer[j] = 0x00;
1307 for (j = 0; j < payload_remainder; j++)
1308 padded_buffer[j] = message[payload_index + j];
1309 aes128k128d(key, ctr_preload, aes_out);
1310 bitwise_xor(aes_out, padded_buffer, chain_buffer);
1311 for (j = 0; j < payload_remainder; j++)
1312 message[payload_index++] = chain_buffer[j];
1315 /* Encrypt the MIC */
1316 construct_ctr_preload(ctr_preload, a4_exists, qc_exists, message, pn_vector, 0);
1318 for (j = 0; j < 16; j++)
1319 padded_buffer[j] = 0x00;
1320 for (j = 0; j < 8; j++)
1321 padded_buffer[j] = message[j + hdrlen + 8 + plen - 8];
1323 aes128k128d(key, ctr_preload, aes_out);
1324 bitwise_xor(aes_out, padded_buffer, chain_buffer);
1325 for (j = 0; j < 8; j++)
1326 message[payload_index++] = chain_buffer[j];
1328 /* compare the mic */
1329 for (i = 0; i < 8; i++) {
1330 if (pframe[hdrlen + 8 + plen - 8 + i] != message[hdrlen + 8 + plen - 8 + i])
1337 u32 rtw_aes_decrypt(struct adapter *padapter, struct recv_frame *precvframe)
1339 /* Intermediate Buffers */
1341 u8 *pframe, *prwskey; /* *payload,*iv */
1342 struct sta_info *stainfo;
1343 struct rx_pkt_attrib *prxattrib = &precvframe->attrib;
1344 struct security_priv *psecuritypriv = &padapter->securitypriv;
1347 pframe = precvframe->rx_data;
1349 /* 4 start to encrypt each fragment */
1350 if (prxattrib->encrypt == _AES_) {
1351 stainfo = rtw_get_stainfo(&padapter->stapriv, &prxattrib->ta[0]);
1353 if (is_multicast_ether_addr(prxattrib->ra)) {
1354 /* in concurrent we should use sw descrypt in group key, so we remove this message */
1355 if (!psecuritypriv->binstallGrpkey) {
1359 prwskey = psecuritypriv->dot118021XGrpKey[prxattrib->key_index].skey;
1360 if (psecuritypriv->dot118021XGrpKeyid != prxattrib->key_index) {
1365 prwskey = &stainfo->dot118021x_UncstKey.skey[0];
1367 length = precvframe->len - prxattrib->hdrlen - prxattrib->iv_len;
1368 res = aes_decipher(prwskey, prxattrib->hdrlen, pframe, length);
git.samba.org / sfrench / cifs-2.6.git / blob