1 /******************************************************************************
4 * Copyright(c) 2007 - 2010 Realtek Corporation. All rights reserved.
5 * Linux device driver for RTL8192SU
7 * This program is free software; you can redistribute it and/or modify it
8 * under the terms of version 2 of the GNU General Public License as
9 * published by the Free Software Foundation.
11 * This program is distributed in the hope that it will be useful, but WITHOUT
12 * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
13 * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for
16 * You should have received a copy of the GNU General Public License along with
17 * this program; if not, write to the Free Software Foundation, Inc.,
18 * 51 Franklin Street, Fifth Floor, Boston, MA 02110, USA
20 * Modifications for inclusion into the Linux staging tree are
21 * Copyright(c) 2010 Larry Finger. All rights reserved.
23 * Contact information:
24 * WLAN FAE <wlanfae@realtek.com>
25 * Larry Finger <Larry.Finger@lwfinger.net>
27 ******************************************************************************/
29 #define _RTL871X_SECURITY_C_
31 #include <linux/compiler.h>
32 #include <linux/kernel.h>
33 #include <linux/errno.h>
34 #include <linux/slab.h>
35 #include <linux/module.h>
36 #include <linux/kref.h>
37 #include <linux/netdevice.h>
38 #include <linux/skbuff.h>
39 #include <linux/circ_buf.h>
40 #include <linux/uaccess.h>
41 #include <asm/byteorder.h>
42 #include <linux/atomic.h>
43 #include <linux/semaphore.h>
45 #include "osdep_service.h"
46 #include "drv_types.h"
48 #include "osdep_intf.h"
50 /* =====WEP related===== */
52 #define CRC32_POLY 0x04c11db7
60 static void arcfour_init(struct arc4context *parc4ctx, u8 *key, u32 key_len)
68 state = parc4ctx->state;
71 for (counter = 0; counter < 256; counter++)
72 state[counter] = (u8)counter;
75 for (counter = 0; counter < 256; counter++) {
77 stateindex = (stateindex + key[keyindex] + t) & 0xff;
78 u = state[stateindex];
79 state[stateindex] = (u8)t;
80 state[counter] = (u8)u;
81 if (++keyindex >= key_len)
86 static u32 arcfour_byte(struct arc4context *parc4ctx)
93 state = parc4ctx->state;
94 x = (parc4ctx->x + 1) & 0xff;
96 y = (sx + parc4ctx->y) & 0xff;
102 return state[(sx + sy) & 0xff];
105 static void arcfour_encrypt(struct arc4context *parc4ctx,
106 u8 *dest, u8 *src, u32 len)
110 for (i = 0; i < len; i++)
111 dest[i] = src[i] ^ (unsigned char)arcfour_byte(parc4ctx);
114 static sint bcrc32initialized;
115 static u32 crc32_table[256];
117 static u8 crc32_reverseBit(u8 data)
119 return ((u8)(data << 7) & 0x80) | ((data << 5) & 0x40) | ((data << 3)
120 & 0x20) | ((data << 1) & 0x10) | ((data >> 1) & 0x08) |
121 ((data >> 3) & 0x04) | ((data >> 5) & 0x02) | ((data >> 7) &
125 static void crc32_init(void)
129 u8 *p = (u8 *)&c, *p1;
132 if (bcrc32initialized == 1)
135 for (i = 0; i < 256; ++i) {
136 k = crc32_reverseBit((u8)i);
137 for (c = ((u32)k) << 24, j = 8; j > 0; --j)
138 c = c & 0x80000000 ? (c << 1) ^ CRC32_POLY : (c << 1);
139 p1 = (u8 *)&crc32_table[i];
140 p1[0] = crc32_reverseBit(p[3]);
141 p1[1] = crc32_reverseBit(p[2]);
142 p1[2] = crc32_reverseBit(p[1]);
143 p1[3] = crc32_reverseBit(p[0]);
145 bcrc32initialized = 1;
148 static u32 getcrc32(u8 *buf, u32 len)
153 if (!bcrc32initialized)
155 crc = 0xffffffff; /* preload shift register, per CRC-32 spec */
156 for (p = buf; len > 0; ++p, --len)
157 crc = crc32_table[(crc ^ *p) & 0xff] ^ (crc >> 8);
158 return ~crc; /* transmit complement, per CRC-32 spec */
162 Need to consider the fragment situation
164 void r8712_wep_encrypt(struct _adapter *padapter, u8 *pxmitframe)
166 unsigned char crc[4];
167 struct arc4context mycontext;
168 u32 curfragnum, length, keylength;
169 u8 *pframe, *payload, *iv; /*,*wepkey*/
171 struct pkt_attrib *pattrib = &((struct xmit_frame *)
173 struct security_priv *psecuritypriv = &padapter->securitypriv;
174 struct xmit_priv *pxmitpriv = &padapter->xmitpriv;
176 if (((struct xmit_frame *)pxmitframe)->buf_addr == NULL)
178 pframe = ((struct xmit_frame *)pxmitframe)->buf_addr+TXDESC_OFFSET;
179 /*start to encrypt each fragment*/
180 if ((pattrib->encrypt == _WEP40_) || (pattrib->encrypt == _WEP104_)) {
181 keylength = psecuritypriv->DefKeylen[psecuritypriv->
183 for (curfragnum = 0; curfragnum < pattrib->nr_frags;
185 iv = pframe+pattrib->hdrlen;
186 memcpy(&wepkey[0], iv, 3);
187 memcpy(&wepkey[3], &psecuritypriv->DefKey[
188 psecuritypriv->PrivacyKeyIndex].skey[0],
190 payload = pframe+pattrib->iv_len+pattrib->hdrlen;
191 if ((curfragnum + 1) == pattrib->nr_frags) {
192 length = pattrib->last_txcmdsz-pattrib->
193 hdrlen-pattrib->iv_len -
195 *((u32 *)crc) = cpu_to_le32(getcrc32(
197 arcfour_init(&mycontext, wepkey, 3 + keylength);
198 arcfour_encrypt(&mycontext, payload, payload,
200 arcfour_encrypt(&mycontext, payload + length,
203 length = pxmitpriv->frag_len-pattrib->hdrlen -
204 pattrib->iv_len-pattrib->icv_len;
205 *((u32 *)crc) = cpu_to_le32(getcrc32(
207 arcfour_init(&mycontext, wepkey, 3 + keylength);
208 arcfour_encrypt(&mycontext, payload, payload,
210 arcfour_encrypt(&mycontext, payload+length,
212 pframe += pxmitpriv->frag_len;
213 pframe = (u8 *)RND4((addr_t)(pframe));
219 void r8712_wep_decrypt(struct _adapter *padapter, u8 *precvframe)
223 struct arc4context mycontext;
224 u32 length, keylength;
225 u8 *pframe, *payload, *iv, wepkey[16];
227 struct rx_pkt_attrib *prxattrib = &(((union recv_frame *)
228 precvframe)->u.hdr.attrib);
229 struct security_priv *psecuritypriv = &padapter->securitypriv;
231 pframe = (unsigned char *)((union recv_frame *)precvframe)->
233 /* start to decrypt recvframe */
234 if ((prxattrib->encrypt == _WEP40_) || (prxattrib->encrypt ==
236 iv = pframe + prxattrib->hdrlen;
237 keyindex = (iv[3] & 0x3);
238 keylength = psecuritypriv->DefKeylen[keyindex];
239 memcpy(&wepkey[0], iv, 3);
240 memcpy(&wepkey[3], &psecuritypriv->DefKey[
241 psecuritypriv->PrivacyKeyIndex].skey[0],
243 length = ((union recv_frame *)precvframe)->
244 u.hdr.len-prxattrib->hdrlen-prxattrib->iv_len;
245 payload = pframe+prxattrib->iv_len+prxattrib->hdrlen;
246 /* decrypt payload include icv */
247 arcfour_init(&mycontext, wepkey, 3 + keylength);
248 arcfour_encrypt(&mycontext, payload, payload, length);
249 /* calculate icv and compare the icv */
250 *((u32 *)crc) = cpu_to_le32(getcrc32(payload, length - 4));
254 /* 3 =====TKIP related===== */
256 static u32 secmicgetuint32(u8 *p)
257 /* Convert from Byte[] to Us4Byte32 in a portable way */
262 for (i = 0; i < 4; i++)
263 res |= ((u32)(*p++)) << (8 * i);
267 static void secmicputuint32(u8 *p, u32 val)
268 /* Convert from Us4Byte32 to Byte[] in a portable way */
272 for (i = 0; i < 4; i++) {
273 *p++ = (u8) (val & 0xff);
278 static void secmicclear(struct mic_data *pmicdata)
280 /* Reset the state to the empty message. */
281 pmicdata->L = pmicdata->K0;
282 pmicdata->R = pmicdata->K1;
283 pmicdata->nBytesInM = 0;
287 void r8712_secmicsetkey(struct mic_data *pmicdata, u8 *key)
290 pmicdata->K0 = secmicgetuint32(key);
291 pmicdata->K1 = secmicgetuint32(key + 4);
292 /* and reset the message */
293 secmicclear(pmicdata);
296 static void secmicappendbyte(struct mic_data *pmicdata, u8 b)
298 /* Append the byte to our word-sized buffer */
299 pmicdata->M |= ((u32)b) << (8 * pmicdata->nBytesInM);
300 pmicdata->nBytesInM++;
301 /* Process the word if it is full. */
302 if (pmicdata->nBytesInM >= 4) {
303 pmicdata->L ^= pmicdata->M;
304 pmicdata->R ^= ROL32(pmicdata->L, 17);
305 pmicdata->L += pmicdata->R;
306 pmicdata->R ^= ((pmicdata->L & 0xff00ff00) >> 8) |
307 ((pmicdata->L & 0x00ff00ff) << 8);
308 pmicdata->L += pmicdata->R;
309 pmicdata->R ^= ROL32(pmicdata->L, 3);
310 pmicdata->L += pmicdata->R;
311 pmicdata->R ^= ROR32(pmicdata->L, 2);
312 pmicdata->L += pmicdata->R;
313 /* Clear the buffer */
315 pmicdata->nBytesInM = 0;
319 void r8712_secmicappend(struct mic_data *pmicdata, u8 *src, u32 nbytes)
323 secmicappendbyte(pmicdata, *src++);
328 void r8712_secgetmic(struct mic_data *pmicdata, u8 *dst)
330 /* Append the minimum padding */
331 secmicappendbyte(pmicdata, 0x5a);
332 secmicappendbyte(pmicdata, 0);
333 secmicappendbyte(pmicdata, 0);
334 secmicappendbyte(pmicdata, 0);
335 secmicappendbyte(pmicdata, 0);
336 /* and then zeroes until the length is a multiple of 4 */
337 while (pmicdata->nBytesInM != 0)
338 secmicappendbyte(pmicdata, 0);
339 /* The appendByte function has already computed the result. */
340 secmicputuint32(dst, pmicdata->L);
341 secmicputuint32(dst + 4, pmicdata->R);
342 /* Reset to the empty message. */
343 secmicclear(pmicdata);
346 void seccalctkipmic(u8 *key, u8 *header, u8 *data, u32 data_len, u8 *mic_code,
350 struct mic_data micdata;
351 u8 priority[4] = {0x0, 0x0, 0x0, 0x0};
353 r8712_secmicsetkey(&micdata, key);
355 /* Michael MIC pseudo header: DA, SA, 3 x 0, Priority */
356 if (header[1] & 1) { /* ToDS==1 */
357 r8712_secmicappend(&micdata, &header[16], 6); /* DA */
358 if (header[1] & 2) /* From Ds==1 */
359 r8712_secmicappend(&micdata, &header[24], 6);
361 r8712_secmicappend(&micdata, &header[10], 6);
362 } else { /* ToDS==0 */
363 r8712_secmicappend(&micdata, &header[4], 6); /* DA */
364 if (header[1] & 2) /* From Ds==1 */
365 r8712_secmicappend(&micdata, &header[16], 6);
367 r8712_secmicappend(&micdata, &header[10], 6);
369 r8712_secmicappend(&micdata, &priority[0], 4);
370 r8712_secmicappend(&micdata, data, data_len);
371 r8712_secgetmic(&micdata, mic_code);
374 /* macros for extraction/creation of unsigned char/unsigned short values */
375 #define RotR1(v16) ((((v16) >> 1) & 0x7FFF) ^ (((v16) & 1) << 15))
376 #define Lo8(v16) ((u8)((v16) & 0x00FF))
377 #define Hi8(v16) ((u8)(((v16) >> 8) & 0x00FF))
378 #define Lo16(v32) ((u16)((v32) & 0xFFFF))
379 #define Hi16(v32) ((u16)(((v32) >> 16) & 0xFFFF))
380 #define Mk16(hi, lo) ((lo) ^ (((u16)(hi)) << 8))
382 /* select the Nth 16-bit word of the temporal key unsigned char array TK[] */
383 #define TK16(N) Mk16(tk[2 * (N) + 1], tk[2 * (N)])
385 /* S-box lookup: 16 bits --> 16 bits */
386 #define _S_(v16) (Sbox1[0][Lo8(v16)] ^ Sbox1[1][Hi8(v16)])
388 /* fixed algorithm "parameters" */
389 #define PHASE1_LOOP_CNT 8 /* this needs to be "big enough" */
390 #define TA_SIZE 6 /* 48-bit transmitter address */
391 #define TK_SIZE 16 /* 128-bit temporal key */
392 #define P1K_SIZE 10 /* 80-bit Phase1 key */
393 #define RC4_KEY_SIZE 16 /* 128-bit RC4KEY (104 bits unknown) */
396 /* 2-unsigned char by 2-unsigned char subset of the full AES S-box table */
397 static const unsigned short Sbox1[2][256] = {/* Sbox for hash (can be in ROM) */
399 0xC6A5, 0xF884, 0xEE99, 0xF68D, 0xFF0D, 0xD6BD, 0xDEB1, 0x9154,
400 0x6050, 0x0203, 0xCEA9, 0x567D, 0xE719, 0xB562, 0x4DE6, 0xEC9A,
401 0x8F45, 0x1F9D, 0x8940, 0xFA87, 0xEF15, 0xB2EB, 0x8EC9, 0xFB0B,
402 0x41EC, 0xB367, 0x5FFD, 0x45EA, 0x23BF, 0x53F7, 0xE496, 0x9B5B,
403 0x75C2, 0xE11C, 0x3DAE, 0x4C6A, 0x6C5A, 0x7E41, 0xF502, 0x834F,
404 0x685C, 0x51F4, 0xD134, 0xF908, 0xE293, 0xAB73, 0x6253, 0x2A3F,
405 0x080C, 0x9552, 0x4665, 0x9D5E, 0x3028, 0x37A1, 0x0A0F, 0x2FB5,
406 0x0E09, 0x2436, 0x1B9B, 0xDF3D, 0xCD26, 0x4E69, 0x7FCD, 0xEA9F,
407 0x121B, 0x1D9E, 0x5874, 0x342E, 0x362D, 0xDCB2, 0xB4EE, 0x5BFB,
408 0xA4F6, 0x764D, 0xB761, 0x7DCE, 0x527B, 0xDD3E, 0x5E71, 0x1397,
409 0xA6F5, 0xB968, 0x0000, 0xC12C, 0x4060, 0xE31F, 0x79C8, 0xB6ED,
410 0xD4BE, 0x8D46, 0x67D9, 0x724B, 0x94DE, 0x98D4, 0xB0E8, 0x854A,
411 0xBB6B, 0xC52A, 0x4FE5, 0xED16, 0x86C5, 0x9AD7, 0x6655, 0x1194,
412 0x8ACF, 0xE910, 0x0406, 0xFE81, 0xA0F0, 0x7844, 0x25BA, 0x4BE3,
413 0xA2F3, 0x5DFE, 0x80C0, 0x058A, 0x3FAD, 0x21BC, 0x7048, 0xF104,
414 0x63DF, 0x77C1, 0xAF75, 0x4263, 0x2030, 0xE51A, 0xFD0E, 0xBF6D,
415 0x814C, 0x1814, 0x2635, 0xC32F, 0xBEE1, 0x35A2, 0x88CC, 0x2E39,
416 0x9357, 0x55F2, 0xFC82, 0x7A47, 0xC8AC, 0xBAE7, 0x322B, 0xE695,
417 0xC0A0, 0x1998, 0x9ED1, 0xA37F, 0x4466, 0x547E, 0x3BAB, 0x0B83,
418 0x8CCA, 0xC729, 0x6BD3, 0x283C, 0xA779, 0xBCE2, 0x161D, 0xAD76,
419 0xDB3B, 0x6456, 0x744E, 0x141E, 0x92DB, 0x0C0A, 0x486C, 0xB8E4,
420 0x9F5D, 0xBD6E, 0x43EF, 0xC4A6, 0x39A8, 0x31A4, 0xD337, 0xF28B,
421 0xD532, 0x8B43, 0x6E59, 0xDAB7, 0x018C, 0xB164, 0x9CD2, 0x49E0,
422 0xD8B4, 0xACFA, 0xF307, 0xCF25, 0xCAAF, 0xF48E, 0x47E9, 0x1018,
423 0x6FD5, 0xF088, 0x4A6F, 0x5C72, 0x3824, 0x57F1, 0x73C7, 0x9751,
424 0xCB23, 0xA17C, 0xE89C, 0x3E21, 0x96DD, 0x61DC, 0x0D86, 0x0F85,
425 0xE090, 0x7C42, 0x71C4, 0xCCAA, 0x90D8, 0x0605, 0xF701, 0x1C12,
426 0xC2A3, 0x6A5F, 0xAEF9, 0x69D0, 0x1791, 0x9958, 0x3A27, 0x27B9,
427 0xD938, 0xEB13, 0x2BB3, 0x2233, 0xD2BB, 0xA970, 0x0789, 0x33A7,
428 0x2DB6, 0x3C22, 0x1592, 0xC920, 0x8749, 0xAAFF, 0x5078, 0xA57A,
429 0x038F, 0x59F8, 0x0980, 0x1A17, 0x65DA, 0xD731, 0x84C6, 0xD0B8,
430 0x82C3, 0x29B0, 0x5A77, 0x1E11, 0x7BCB, 0xA8FC, 0x6DD6, 0x2C3A,
432 { /* second half is unsigned char-reversed version of first! */
433 0xA5C6, 0x84F8, 0x99EE, 0x8DF6, 0x0DFF, 0xBDD6, 0xB1DE, 0x5491,
434 0x5060, 0x0302, 0xA9CE, 0x7D56, 0x19E7, 0x62B5, 0xE64D, 0x9AEC,
435 0x458F, 0x9D1F, 0x4089, 0x87FA, 0x15EF, 0xEBB2, 0xC98E, 0x0BFB,
436 0xEC41, 0x67B3, 0xFD5F, 0xEA45, 0xBF23, 0xF753, 0x96E4, 0x5B9B,
437 0xC275, 0x1CE1, 0xAE3D, 0x6A4C, 0x5A6C, 0x417E, 0x02F5, 0x4F83,
438 0x5C68, 0xF451, 0x34D1, 0x08F9, 0x93E2, 0x73AB, 0x5362, 0x3F2A,
439 0x0C08, 0x5295, 0x6546, 0x5E9D, 0x2830, 0xA137, 0x0F0A, 0xB52F,
440 0x090E, 0x3624, 0x9B1B, 0x3DDF, 0x26CD, 0x694E, 0xCD7F, 0x9FEA,
441 0x1B12, 0x9E1D, 0x7458, 0x2E34, 0x2D36, 0xB2DC, 0xEEB4, 0xFB5B,
442 0xF6A4, 0x4D76, 0x61B7, 0xCE7D, 0x7B52, 0x3EDD, 0x715E, 0x9713,
443 0xF5A6, 0x68B9, 0x0000, 0x2CC1, 0x6040, 0x1FE3, 0xC879, 0xEDB6,
444 0xBED4, 0x468D, 0xD967, 0x4B72, 0xDE94, 0xD498, 0xE8B0, 0x4A85,
445 0x6BBB, 0x2AC5, 0xE54F, 0x16ED, 0xC586, 0xD79A, 0x5566, 0x9411,
446 0xCF8A, 0x10E9, 0x0604, 0x81FE, 0xF0A0, 0x4478, 0xBA25, 0xE34B,
447 0xF3A2, 0xFE5D, 0xC080, 0x8A05, 0xAD3F, 0xBC21, 0x4870, 0x04F1,
448 0xDF63, 0xC177, 0x75AF, 0x6342, 0x3020, 0x1AE5, 0x0EFD, 0x6DBF,
449 0x4C81, 0x1418, 0x3526, 0x2FC3, 0xE1BE, 0xA235, 0xCC88, 0x392E,
450 0x5793, 0xF255, 0x82FC, 0x477A, 0xACC8, 0xE7BA, 0x2B32, 0x95E6,
451 0xA0C0, 0x9819, 0xD19E, 0x7FA3, 0x6644, 0x7E54, 0xAB3B, 0x830B,
452 0xCA8C, 0x29C7, 0xD36B, 0x3C28, 0x79A7, 0xE2BC, 0x1D16, 0x76AD,
453 0x3BDB, 0x5664, 0x4E74, 0x1E14, 0xDB92, 0x0A0C, 0x6C48, 0xE4B8,
454 0x5D9F, 0x6EBD, 0xEF43, 0xA6C4, 0xA839, 0xA431, 0x37D3, 0x8BF2,
455 0x32D5, 0x438B, 0x596E, 0xB7DA, 0x8C01, 0x64B1, 0xD29C, 0xE049,
456 0xB4D8, 0xFAAC, 0x07F3, 0x25CF, 0xAFCA, 0x8EF4, 0xE947, 0x1810,
457 0xD56F, 0x88F0, 0x6F4A, 0x725C, 0x2438, 0xF157, 0xC773, 0x5197,
458 0x23CB, 0x7CA1, 0x9CE8, 0x213E, 0xDD96, 0xDC61, 0x860D, 0x850F,
459 0x90E0, 0x427C, 0xC471, 0xAACC, 0xD890, 0x0506, 0x01F7, 0x121C,
460 0xA3C2, 0x5F6A, 0xF9AE, 0xD069, 0x9117, 0x5899, 0x273A, 0xB927,
461 0x38D9, 0x13EB, 0xB32B, 0x3322, 0xBBD2, 0x70A9, 0x8907, 0xA733,
462 0xB62D, 0x223C, 0x9215, 0x20C9, 0x4987, 0xFFAA, 0x7850, 0x7AA5,
463 0x8F03, 0xF859, 0x8009, 0x171A, 0xDA65, 0x31D7, 0xC684, 0xB8D0,
464 0xC382, 0xB029, 0x775A, 0x111E, 0xCB7B, 0xFCA8, 0xD66D, 0x3A2C,
469 **********************************************************************
470 * Routine: Phase 1 -- generate P1K, given TA, TK, IV32
473 * tk[] = temporal key [128 bits]
474 * ta[] = transmitter's MAC address [ 48 bits]
475 * iv32 = upper 32 bits of IV [ 32 bits]
477 * p1k[] = Phase 1 key [ 80 bits]
480 * This function only needs to be called every 2**16 packets,
481 * although in theory it could be called every packet.
483 **********************************************************************
485 static void phase1(u16 *p1k, const u8 *tk, const u8 *ta, u32 iv32)
489 /* Initialize the 80 bits of P1K[] from IV32 and TA[0..5] */
492 p1k[2] = Mk16(ta[1], ta[0]); /* use TA[] as little-endian */
493 p1k[3] = Mk16(ta[3], ta[2]);
494 p1k[4] = Mk16(ta[5], ta[4]);
495 /* Now compute an unbalanced Feistel cipher with 80-bit block */
496 /* size on the 80-bit block P1K[], using the 128-bit key TK[] */
497 for (i = 0; i < PHASE1_LOOP_CNT; i++) { /* Each add is mod 2**16 */
498 p1k[0] += _S_(p1k[4] ^ TK16((i&1) + 0));
499 p1k[1] += _S_(p1k[0] ^ TK16((i&1) + 2));
500 p1k[2] += _S_(p1k[1] ^ TK16((i&1) + 4));
501 p1k[3] += _S_(p1k[2] ^ TK16((i&1) + 6));
502 p1k[4] += _S_(p1k[3] ^ TK16((i&1) + 0));
503 p1k[4] += (unsigned short)i; /* avoid "slide attacks" */
508 **********************************************************************
509 * Routine: Phase 2 -- generate RC4KEY, given TK, P1K, IV16
512 * tk[] = Temporal key [128 bits]
513 * p1k[] = Phase 1 output key [ 80 bits]
514 * iv16 = low 16 bits of IV counter [ 16 bits]
516 * rc4key[] = the key used to encrypt the packet [128 bits]
519 * The value {TA,IV32,IV16} for Phase1/Phase2 must be unique
520 * across all packets using the same key TK value. Then, for a
521 * given value of TK[], this TKIP48 construction guarantees that
522 * the final RC4KEY value is unique across all packets.
524 * Suggested implementation optimization: if PPK[] is "overlaid"
525 * appropriately on RC4KEY[], there is no need for the final
526 * for loop below that copies the PPK[] result into RC4KEY[].
528 **********************************************************************
530 static void phase2(u8 *rc4key, const u8 *tk, const u16 *p1k, u16 iv16)
533 u16 PPK[6]; /* temporary key for mixing */
535 /* Note: all adds in the PPK[] equations below are mod 2**16 */
536 for (i = 0; i < 5; i++)
537 PPK[i] = p1k[i]; /* first, copy P1K to PPK */
538 PPK[5] = p1k[4] + iv16; /* next, add in IV16 */
539 /* Bijective non-linear mixing of the 96 bits of PPK[0..5] */
540 PPK[0] += _S_(PPK[5] ^ TK16(0)); /* Mix key in each "round" */
541 PPK[1] += _S_(PPK[0] ^ TK16(1));
542 PPK[2] += _S_(PPK[1] ^ TK16(2));
543 PPK[3] += _S_(PPK[2] ^ TK16(3));
544 PPK[4] += _S_(PPK[3] ^ TK16(4));
545 PPK[5] += _S_(PPK[4] ^ TK16(5)); /* Total # S-box lookups == 6 */
546 /* Final sweep: bijective, "linear". Rotates kill LSB correlations */
547 PPK[0] += RotR1(PPK[5] ^ TK16(6));
548 PPK[1] += RotR1(PPK[0] ^ TK16(7)); /* Use all of TK[] in Phase2 */
549 PPK[2] += RotR1(PPK[1]);
550 PPK[3] += RotR1(PPK[2]);
551 PPK[4] += RotR1(PPK[3]);
552 PPK[5] += RotR1(PPK[4]);
553 /* Note: At this point, for a given key TK[0..15], the 96-bit output */
554 /* value PPK[0..5] is guaranteed to be unique, as a function */
555 /* of the 96-bit "input" value {TA,IV32,IV16}. That is, P1K */
556 /* is now a keyed permutation of {TA,IV32,IV16}. */
557 /* Set RC4KEY[0..3], which includes "cleartext" portion of RC4 key */
558 rc4key[0] = Hi8(iv16); /* RC4KEY[0..2] is the WEP IV */
559 rc4key[1] = (Hi8(iv16) | 0x20) & 0x7F; /* Help avoid weak (FMS) keys */
560 rc4key[2] = Lo8(iv16);
561 rc4key[3] = Lo8((PPK[5] ^ TK16(0)) >> 1);
562 /* Copy 96 bits of PPK[0..5] to RC4KEY[4..15] (little-endian) */
563 for (i = 0; i < 6; i++) {
564 rc4key[4 + 2 * i] = Lo8(PPK[i]);
565 rc4key[5 + 2 * i] = Hi8(PPK[i]);
569 /*The hlen isn't include the IV*/
570 u32 r8712_tkip_encrypt(struct _adapter *padapter, u8 *pxmitframe)
577 struct arc4context mycontext;
578 u32 curfragnum, length;
580 u8 *pframe, *payload, *iv, *prwskey;
582 struct sta_info *stainfo;
583 struct pkt_attrib *pattrib = &((struct xmit_frame *)pxmitframe)->attrib;
584 struct xmit_priv *pxmitpriv = &padapter->xmitpriv;
587 if (((struct xmit_frame *)pxmitframe)->buf_addr == NULL)
590 pframe = ((struct xmit_frame *)pxmitframe)->buf_addr+TXDESC_OFFSET;
591 /* 4 start to encrypt each fragment */
592 if (pattrib->encrypt == _TKIP_) {
594 stainfo = pattrib->psta;
596 stainfo = r8712_get_stainfo(&padapter->stapriv,
598 if (stainfo != NULL) {
599 prwskey = &stainfo->x_UncstKey.skey[0];
600 for (curfragnum = 0; curfragnum < pattrib->nr_frags;
602 iv = pframe + pattrib->hdrlen;
603 payload = pframe+pattrib->iv_len +
605 GET_TKIP_PN(iv, txpn);
606 pnl = (u16)(txpn.val);
607 pnh = (u32)(txpn.val >> 16);
608 phase1((u16 *)&ttkey[0], prwskey, &pattrib->
610 phase2(&rc4key[0], prwskey, (u16 *)&ttkey[0],
612 if ((curfragnum + 1) == pattrib->nr_frags) {
613 /* 4 the last fragment */
614 length = pattrib->last_txcmdsz -
615 pattrib->hdrlen-pattrib->iv_len -
617 *((u32 *)crc) = cpu_to_le32(
618 getcrc32(payload, length));
619 arcfour_init(&mycontext, rc4key, 16);
620 arcfour_encrypt(&mycontext, payload,
622 arcfour_encrypt(&mycontext, payload +
625 length = pxmitpriv->frag_len-pattrib->
627 iv_len-pattrib->icv_len;
628 *((u32 *)crc) = cpu_to_le32(getcrc32(
630 arcfour_init(&mycontext, rc4key, 16);
631 arcfour_encrypt(&mycontext, payload,
633 arcfour_encrypt(&mycontext,
634 payload+length, crc, 4);
635 pframe += pxmitpriv->frag_len;
636 pframe = (u8 *)RND4((addr_t)(pframe));
645 /* The hlen doesn't include the IV */
646 u32 r8712_tkip_decrypt(struct _adapter *padapter, u8 *precvframe)
653 struct arc4context mycontext;
655 u8 *pframe, *payload, *iv, *prwskey, idx = 0;
657 struct sta_info *stainfo;
658 struct rx_pkt_attrib *prxattrib = &((union recv_frame *)
659 precvframe)->u.hdr.attrib;
660 struct security_priv *psecuritypriv = &padapter->securitypriv;
662 pframe = (unsigned char *)((union recv_frame *)
663 precvframe)->u.hdr.rx_data;
664 /* 4 start to decrypt recvframe */
665 if (prxattrib->encrypt == _TKIP_) {
666 stainfo = r8712_get_stainfo(&padapter->stapriv,
668 if (stainfo != NULL) {
669 iv = pframe+prxattrib->hdrlen;
670 payload = pframe+prxattrib->iv_len + prxattrib->hdrlen;
671 length = ((union recv_frame *)precvframe)->
672 u.hdr.len - prxattrib->hdrlen -
674 if (IS_MCAST(prxattrib->ra)) {
676 prwskey = &psecuritypriv->XGrpKey[
677 ((idx >> 6) & 0x3) - 1].skey[0];
678 if (psecuritypriv->binstallGrpkey == false)
681 prwskey = &stainfo->x_UncstKey.skey[0];
682 GET_TKIP_PN(iv, txpn);
683 pnl = (u16)(txpn.val);
684 pnh = (u32)(txpn.val >> 16);
685 phase1((u16 *)&ttkey[0], prwskey, &prxattrib->ta[0],
687 phase2(&rc4key[0], prwskey, (unsigned short *)
689 /* 4 decrypt payload include icv */
690 arcfour_init(&mycontext, rc4key, 16);
691 arcfour_encrypt(&mycontext, payload, payload, length);
692 *((u32 *)crc) = cpu_to_le32(getcrc32(payload,
694 if (crc[3] != payload[length - 1] ||
695 crc[2] != payload[length - 2] ||
696 crc[1] != payload[length - 3] ||
697 crc[0] != payload[length - 4])
705 /* 3 =====AES related===== */
707 #define MAX_MSG_SIZE 2048
708 /*****************************/
709 /******** SBOX Table *********/
710 /*****************************/
712 static const u8 sbox_table[256] = {
713 0x63, 0x7c, 0x77, 0x7b, 0xf2, 0x6b, 0x6f, 0xc5,
714 0x30, 0x01, 0x67, 0x2b, 0xfe, 0xd7, 0xab, 0x76,
715 0xca, 0x82, 0xc9, 0x7d, 0xfa, 0x59, 0x47, 0xf0,
716 0xad, 0xd4, 0xa2, 0xaf, 0x9c, 0xa4, 0x72, 0xc0,
717 0xb7, 0xfd, 0x93, 0x26, 0x36, 0x3f, 0xf7, 0xcc,
718 0x34, 0xa5, 0xe5, 0xf1, 0x71, 0xd8, 0x31, 0x15,
719 0x04, 0xc7, 0x23, 0xc3, 0x18, 0x96, 0x05, 0x9a,
720 0x07, 0x12, 0x80, 0xe2, 0xeb, 0x27, 0xb2, 0x75,
721 0x09, 0x83, 0x2c, 0x1a, 0x1b, 0x6e, 0x5a, 0xa0,
722 0x52, 0x3b, 0xd6, 0xb3, 0x29, 0xe3, 0x2f, 0x84,
723 0x53, 0xd1, 0x00, 0xed, 0x20, 0xfc, 0xb1, 0x5b,
724 0x6a, 0xcb, 0xbe, 0x39, 0x4a, 0x4c, 0x58, 0xcf,
725 0xd0, 0xef, 0xaa, 0xfb, 0x43, 0x4d, 0x33, 0x85,
726 0x45, 0xf9, 0x02, 0x7f, 0x50, 0x3c, 0x9f, 0xa8,
727 0x51, 0xa3, 0x40, 0x8f, 0x92, 0x9d, 0x38, 0xf5,
728 0xbc, 0xb6, 0xda, 0x21, 0x10, 0xff, 0xf3, 0xd2,
729 0xcd, 0x0c, 0x13, 0xec, 0x5f, 0x97, 0x44, 0x17,
730 0xc4, 0xa7, 0x7e, 0x3d, 0x64, 0x5d, 0x19, 0x73,
731 0x60, 0x81, 0x4f, 0xdc, 0x22, 0x2a, 0x90, 0x88,
732 0x46, 0xee, 0xb8, 0x14, 0xde, 0x5e, 0x0b, 0xdb,
733 0xe0, 0x32, 0x3a, 0x0a, 0x49, 0x06, 0x24, 0x5c,
734 0xc2, 0xd3, 0xac, 0x62, 0x91, 0x95, 0xe4, 0x79,
735 0xe7, 0xc8, 0x37, 0x6d, 0x8d, 0xd5, 0x4e, 0xa9,
736 0x6c, 0x56, 0xf4, 0xea, 0x65, 0x7a, 0xae, 0x08,
737 0xba, 0x78, 0x25, 0x2e, 0x1c, 0xa6, 0xb4, 0xc6,
738 0xe8, 0xdd, 0x74, 0x1f, 0x4b, 0xbd, 0x8b, 0x8a,
739 0x70, 0x3e, 0xb5, 0x66, 0x48, 0x03, 0xf6, 0x0e,
740 0x61, 0x35, 0x57, 0xb9, 0x86, 0xc1, 0x1d, 0x9e,
741 0xe1, 0xf8, 0x98, 0x11, 0x69, 0xd9, 0x8e, 0x94,
742 0x9b, 0x1e, 0x87, 0xe9, 0xce, 0x55, 0x28, 0xdf,
743 0x8c, 0xa1, 0x89, 0x0d, 0xbf, 0xe6, 0x42, 0x68,
744 0x41, 0x99, 0x2d, 0x0f, 0xb0, 0x54, 0xbb, 0x16
747 /****************************************/
749 /* Performs a 128 bit AES encrypt with */
751 /****************************************/
752 static void xor_128(u8 *a, u8 *b, u8 *out)
756 for (i = 0; i < 16; i++)
757 out[i] = a[i] ^ b[i];
760 static void xor_32(u8 *a, u8 *b, u8 *out)
764 for (i = 0; i < 4; i++)
765 out[i] = a[i] ^ b[i];
770 return sbox_table[(sint)a];
773 static void next_key(u8 *key, sint round)
777 u8 rcon_table[12] = {
778 0x01, 0x02, 0x04, 0x08, 0x10, 0x20, 0x40, 0x80,
779 0x1b, 0x36, 0x36, 0x36
782 sbox_key[0] = sbox(key[13]);
783 sbox_key[1] = sbox(key[14]);
784 sbox_key[2] = sbox(key[15]);
785 sbox_key[3] = sbox(key[12]);
786 rcon = rcon_table[round];
787 xor_32(&key[0], sbox_key, &key[0]);
788 key[0] = key[0] ^ rcon;
789 xor_32(&key[4], &key[0], &key[4]);
790 xor_32(&key[8], &key[4], &key[8]);
791 xor_32(&key[12], &key[8], &key[12]);
794 static void byte_sub(u8 *in, u8 *out)
798 for (i = 0; i < 16; i++)
799 out[i] = sbox(in[i]);
802 static void shift_row(u8 *in, u8 *out)
822 static void mix_column(u8 *in, u8 *out)
834 for (i = 0; i < 4; i++) {
835 if ((in[i] & 0x80) == 0x80)
840 swap_halfs[0] = in[2]; /* Swap halves */
841 swap_halfs[1] = in[3];
842 swap_halfs[2] = in[0];
843 swap_halfs[3] = in[1];
844 rotl[0] = in[3]; /* Rotate left 8 bits */
848 andf7[0] = in[0] & 0x7f;
849 andf7[1] = in[1] & 0x7f;
850 andf7[2] = in[2] & 0x7f;
851 andf7[3] = in[3] & 0x7f;
852 for (i = 3; i > 0; i--) { /* logical shift left 1 bit */
853 andf7[i] = andf7[i] << 1;
854 if ((andf7[i-1] & 0x80) == 0x80)
855 andf7[i] = (andf7[i] | 0x01);
857 andf7[0] = andf7[0] << 1;
858 andf7[0] = andf7[0] & 0xfe;
859 xor_32(add1b, andf7, add1bf7);
860 xor_32(in, add1bf7, rotr);
861 temp[0] = rotr[0]; /* Rotate right 8 bits */
866 xor_32(add1bf7, rotr, temp);
867 xor_32(swap_halfs, rotl, tempb);
868 xor_32(temp, tempb, out);
871 static void aes128k128d(u8 *key, u8 *data, u8 *ciphertext)
875 u8 intermediatea[16];
876 u8 intermediateb[16];
879 for (i = 0; i < 16; i++)
880 round_key[i] = key[i];
881 for (round = 0; round < 11; round++) {
883 xor_128(round_key, data, ciphertext);
884 next_key(round_key, round);
885 } else if (round == 10) {
886 byte_sub(ciphertext, intermediatea);
887 shift_row(intermediatea, intermediateb);
888 xor_128(intermediateb, round_key, ciphertext);
890 byte_sub(ciphertext, intermediatea);
891 shift_row(intermediatea, intermediateb);
892 mix_column(&intermediateb[0], &intermediatea[0]);
893 mix_column(&intermediateb[4], &intermediatea[4]);
894 mix_column(&intermediateb[8], &intermediatea[8]);
895 mix_column(&intermediateb[12], &intermediatea[12]);
896 xor_128(intermediatea, round_key, ciphertext);
897 next_key(round_key, round);
902 /************************************************/
903 /* construct_mic_iv() */
904 /* Builds the MIC IV from header fields and PN */
905 /************************************************/
906 static void construct_mic_iv(u8 *mic_iv, sint qc_exists, sint a4_exists,
907 u8 *mpdu, uint payload_length, u8 *pn_vector)
912 if (qc_exists && a4_exists)
913 mic_iv[1] = mpdu[30] & 0x0f; /* QoS_TC */
914 if (qc_exists && !a4_exists)
915 mic_iv[1] = mpdu[24] & 0x0f; /* mute bits 7-4 */
918 for (i = 2; i < 8; i++)
919 mic_iv[i] = mpdu[i + 8];
920 for (i = 8; i < 14; i++)
921 mic_iv[i] = pn_vector[13 - i]; /* mic_iv[8:13] = PN[5:0] */
922 mic_iv[14] = (unsigned char) (payload_length / 256);
923 mic_iv[15] = (unsigned char) (payload_length % 256);
926 /************************************************/
927 /* construct_mic_header1() */
928 /* Builds the first MIC header block from */
930 /************************************************/
931 static void construct_mic_header1(u8 *mic_header1, sint header_length, u8 *mpdu)
933 mic_header1[0] = (u8)((header_length - 2) / 256);
934 mic_header1[1] = (u8)((header_length - 2) % 256);
935 mic_header1[2] = mpdu[0] & 0xcf; /* Mute CF poll & CF ack bits */
936 /* Mute retry, more data and pwr mgt bits */
937 mic_header1[3] = mpdu[1] & 0xc7;
938 mic_header1[4] = mpdu[4]; /* A1 */
939 mic_header1[5] = mpdu[5];
940 mic_header1[6] = mpdu[6];
941 mic_header1[7] = mpdu[7];
942 mic_header1[8] = mpdu[8];
943 mic_header1[9] = mpdu[9];
944 mic_header1[10] = mpdu[10]; /* A2 */
945 mic_header1[11] = mpdu[11];
946 mic_header1[12] = mpdu[12];
947 mic_header1[13] = mpdu[13];
948 mic_header1[14] = mpdu[14];
949 mic_header1[15] = mpdu[15];
952 /************************************************/
953 /* construct_mic_header2() */
954 /* Builds the last MIC header block from */
956 /************************************************/
957 static void construct_mic_header2(u8 *mic_header2, u8 *mpdu, sint a4_exists,
962 for (i = 0; i < 16; i++)
963 mic_header2[i] = 0x00;
964 mic_header2[0] = mpdu[16]; /* A3 */
965 mic_header2[1] = mpdu[17];
966 mic_header2[2] = mpdu[18];
967 mic_header2[3] = mpdu[19];
968 mic_header2[4] = mpdu[20];
969 mic_header2[5] = mpdu[21];
970 mic_header2[6] = 0x00;
971 mic_header2[7] = 0x00; /* mpdu[23]; */
972 if (!qc_exists && a4_exists)
973 for (i = 0; i < 6; i++)
974 mic_header2[8 + i] = mpdu[24 + i]; /* A4 */
975 if (qc_exists && !a4_exists) {
976 mic_header2[8] = mpdu[24] & 0x0f; /* mute bits 15 - 4 */
977 mic_header2[9] = mpdu[25] & 0x00;
979 if (qc_exists && a4_exists) {
980 for (i = 0; i < 6; i++)
981 mic_header2[8 + i] = mpdu[24 + i]; /* A4 */
982 mic_header2[14] = mpdu[30] & 0x0f;
983 mic_header2[15] = mpdu[31] & 0x00;
987 /************************************************/
988 /* construct_mic_header2() */
989 /* Builds the last MIC header block from */
991 /************************************************/
992 static void construct_ctr_preload(u8 *ctr_preload, sint a4_exists, sint qc_exists,
993 u8 *mpdu, u8 *pn_vector, sint c)
997 for (i = 0; i < 16; i++)
998 ctr_preload[i] = 0x00;
1000 ctr_preload[0] = 0x01; /* flag */
1001 if (qc_exists && a4_exists)
1002 ctr_preload[1] = mpdu[30] & 0x0f;
1003 if (qc_exists && !a4_exists)
1004 ctr_preload[1] = mpdu[24] & 0x0f;
1005 for (i = 2; i < 8; i++)
1006 ctr_preload[i] = mpdu[i + 8];
1007 for (i = 8; i < 14; i++)
1008 ctr_preload[i] = pn_vector[13 - i];
1009 ctr_preload[14] = (unsigned char) (c / 256); /* Ctr */
1010 ctr_preload[15] = (unsigned char) (c % 256);
1013 /************************************/
1015 /* A 128 bit, bitwise exclusive or */
1016 /************************************/
1017 static void bitwise_xor(u8 *ina, u8 *inb, u8 *out)
1021 for (i = 0; i < 16; i++)
1022 out[i] = ina[i] ^ inb[i];
1025 static sint aes_cipher(u8 *key, uint hdrlen,
1026 u8 *pframe, uint plen)
1028 uint qc_exists, a4_exists, i, j, payload_remainder;
1029 uint num_blocks, payload_index;
1037 /* Intermediate Buffers */
1038 u8 chain_buffer[16];
1040 u8 padded_buffer[16];
1042 uint frtype = GetFrameType(pframe);
1043 uint frsubtype = GetFrameSubType(pframe);
1046 memset((void *)mic_iv, 0, 16);
1047 memset((void *)mic_header1, 0, 16);
1048 memset((void *)mic_header2, 0, 16);
1049 memset((void *)ctr_preload, 0, 16);
1050 memset((void *)chain_buffer, 0, 16);
1051 memset((void *)aes_out, 0, 16);
1052 memset((void *)padded_buffer, 0, 16);
1054 if ((hdrlen == WLAN_HDR_A3_LEN) || (hdrlen == WLAN_HDR_A3_QOS_LEN))
1059 if ((frtype == WIFI_DATA_CFACK) ||
1060 (frtype == WIFI_DATA_CFPOLL) ||
1061 (frtype == WIFI_DATA_CFACKPOLL)) {
1063 if (hdrlen != WLAN_HDR_A3_QOS_LEN)
1065 } else if ((frsubtype == 0x08) ||
1066 (frsubtype == 0x09) ||
1067 (frsubtype == 0x0a) ||
1068 (frsubtype == 0x0b)) {
1069 if (hdrlen != WLAN_HDR_A3_QOS_LEN)
1074 pn_vector[0] = pframe[hdrlen];
1075 pn_vector[1] = pframe[hdrlen+1];
1076 pn_vector[2] = pframe[hdrlen+4];
1077 pn_vector[3] = pframe[hdrlen+5];
1078 pn_vector[4] = pframe[hdrlen+6];
1079 pn_vector[5] = pframe[hdrlen+7];
1080 construct_mic_iv(mic_iv, qc_exists, a4_exists, pframe, plen, pn_vector);
1081 construct_mic_header1(mic_header1, hdrlen, pframe);
1082 construct_mic_header2(mic_header2, pframe, a4_exists, qc_exists);
1083 payload_remainder = plen % 16;
1084 num_blocks = plen / 16;
1085 /* Find start of payload */
1086 payload_index = hdrlen + 8;
1088 aes128k128d(key, mic_iv, aes_out);
1089 bitwise_xor(aes_out, mic_header1, chain_buffer);
1090 aes128k128d(key, chain_buffer, aes_out);
1091 bitwise_xor(aes_out, mic_header2, chain_buffer);
1092 aes128k128d(key, chain_buffer, aes_out);
1093 for (i = 0; i < num_blocks; i++) {
1094 bitwise_xor(aes_out, &pframe[payload_index], chain_buffer);
1095 payload_index += 16;
1096 aes128k128d(key, chain_buffer, aes_out);
1098 /* Add on the final payload block if it needs padding */
1099 if (payload_remainder > 0) {
1100 for (j = 0; j < 16; j++)
1101 padded_buffer[j] = 0x00;
1102 for (j = 0; j < payload_remainder; j++)
1103 padded_buffer[j] = pframe[payload_index++];
1104 bitwise_xor(aes_out, padded_buffer, chain_buffer);
1105 aes128k128d(key, chain_buffer, aes_out);
1107 for (j = 0; j < 8; j++)
1108 mic[j] = aes_out[j];
1109 /* Insert MIC into payload */
1110 for (j = 0; j < 8; j++)
1111 pframe[payload_index+j] = mic[j];
1112 payload_index = hdrlen + 8;
1113 for (i = 0; i < num_blocks; i++) {
1114 construct_ctr_preload(ctr_preload, a4_exists, qc_exists,
1115 pframe, pn_vector, i + 1);
1116 aes128k128d(key, ctr_preload, aes_out);
1117 bitwise_xor(aes_out, &pframe[payload_index], chain_buffer);
1118 for (j = 0; j < 16; j++)
1119 pframe[payload_index++] = chain_buffer[j];
1121 if (payload_remainder > 0) { /* If short final block, then pad it,*/
1122 /* encrypt and copy unpadded part back */
1123 construct_ctr_preload(ctr_preload, a4_exists, qc_exists,
1124 pframe, pn_vector, num_blocks+1);
1125 for (j = 0; j < 16; j++)
1126 padded_buffer[j] = 0x00;
1127 for (j = 0; j < payload_remainder; j++)
1128 padded_buffer[j] = pframe[payload_index+j];
1129 aes128k128d(key, ctr_preload, aes_out);
1130 bitwise_xor(aes_out, padded_buffer, chain_buffer);
1131 for (j = 0; j < payload_remainder; j++)
1132 pframe[payload_index++] = chain_buffer[j];
1134 /* Encrypt the MIC */
1135 construct_ctr_preload(ctr_preload, a4_exists, qc_exists,
1136 pframe, pn_vector, 0);
1137 for (j = 0; j < 16; j++)
1138 padded_buffer[j] = 0x00;
1139 for (j = 0; j < 8; j++)
1140 padded_buffer[j] = pframe[j+hdrlen+8+plen];
1141 aes128k128d(key, ctr_preload, aes_out);
1142 bitwise_xor(aes_out, padded_buffer, chain_buffer);
1143 for (j = 0; j < 8; j++)
1144 pframe[payload_index++] = chain_buffer[j];
1148 u32 r8712_aes_encrypt(struct _adapter *padapter, u8 *pxmitframe)
1150 /* Intermediate Buffers */
1151 sint curfragnum, length;
1152 u8 *pframe, *prwskey;
1153 struct sta_info *stainfo;
1154 struct pkt_attrib *pattrib = &((struct xmit_frame *)
1155 pxmitframe)->attrib;
1156 struct xmit_priv *pxmitpriv = &padapter->xmitpriv;
1159 if (((struct xmit_frame *)pxmitframe)->buf_addr == NULL)
1161 pframe = ((struct xmit_frame *)pxmitframe)->buf_addr + TXDESC_OFFSET;
1162 /* 4 start to encrypt each fragment */
1163 if (pattrib->encrypt == _AES_) {
1165 stainfo = pattrib->psta;
1167 stainfo = r8712_get_stainfo(&padapter->stapriv,
1169 if (stainfo != NULL) {
1170 prwskey = &stainfo->x_UncstKey.skey[0];
1171 for (curfragnum = 0; curfragnum < pattrib->nr_frags;
1173 if ((curfragnum + 1) == pattrib->nr_frags) {
1174 length = pattrib->last_txcmdsz -
1178 aes_cipher(prwskey, pattrib->
1179 hdrlen, pframe, length);
1181 length = pxmitpriv->frag_len -
1185 aes_cipher(prwskey, pattrib->
1186 hdrlen, pframe, length);
1187 pframe += pxmitpriv->frag_len;
1188 pframe = (u8 *)RND4((addr_t)(pframe));
1197 static sint aes_decipher(u8 *key, uint hdrlen,
1198 u8 *pframe, uint plen)
1200 static u8 message[MAX_MSG_SIZE];
1201 uint qc_exists, a4_exists, i, j, payload_remainder;
1202 uint num_blocks, payload_index;
1208 /* Intermediate Buffers */
1209 u8 chain_buffer[16];
1211 u8 padded_buffer[16];
1213 uint frtype = GetFrameType(pframe);
1214 uint frsubtype = GetFrameSubType(pframe);
1217 memset((void *)mic_iv, 0, 16);
1218 memset((void *)mic_header1, 0, 16);
1219 memset((void *)mic_header2, 0, 16);
1220 memset((void *)ctr_preload, 0, 16);
1221 memset((void *)chain_buffer, 0, 16);
1222 memset((void *)aes_out, 0, 16);
1223 memset((void *)padded_buffer, 0, 16);
1224 /* start to decrypt the payload */
1225 /*(plen including llc, payload and mic) */
1226 num_blocks = (plen - 8) / 16;
1227 payload_remainder = (plen-8) % 16;
1228 pn_vector[0] = pframe[hdrlen];
1229 pn_vector[1] = pframe[hdrlen+1];
1230 pn_vector[2] = pframe[hdrlen+4];
1231 pn_vector[3] = pframe[hdrlen+5];
1232 pn_vector[4] = pframe[hdrlen+6];
1233 pn_vector[5] = pframe[hdrlen+7];
1234 if ((hdrlen == WLAN_HDR_A3_LEN) || (hdrlen == WLAN_HDR_A3_QOS_LEN))
1238 if ((frtype == WIFI_DATA_CFACK) ||
1239 (frtype == WIFI_DATA_CFPOLL) ||
1240 (frtype == WIFI_DATA_CFACKPOLL)) {
1242 if (hdrlen != WLAN_HDR_A3_QOS_LEN)
1244 } else if ((frsubtype == 0x08) ||
1245 (frsubtype == 0x09) ||
1246 (frsubtype == 0x0a) ||
1247 (frsubtype == 0x0b)) {
1248 if (hdrlen != WLAN_HDR_A3_QOS_LEN)
1254 /* now, decrypt pframe with hdrlen offset and plen long */
1255 payload_index = hdrlen + 8; /* 8 is for extiv */
1256 for (i = 0; i < num_blocks; i++) {
1257 construct_ctr_preload(ctr_preload, a4_exists, qc_exists,
1258 pframe, pn_vector, i + 1);
1259 aes128k128d(key, ctr_preload, aes_out);
1260 bitwise_xor(aes_out, &pframe[payload_index], chain_buffer);
1261 for (j = 0; j < 16; j++)
1262 pframe[payload_index++] = chain_buffer[j];
1264 if (payload_remainder > 0) { /* If short final block, pad it,*/
1265 /* encrypt it and copy the unpadded part back */
1266 construct_ctr_preload(ctr_preload, a4_exists, qc_exists,
1267 pframe, pn_vector, num_blocks+1);
1268 for (j = 0; j < 16; j++)
1269 padded_buffer[j] = 0x00;
1270 for (j = 0; j < payload_remainder; j++)
1271 padded_buffer[j] = pframe[payload_index + j];
1272 aes128k128d(key, ctr_preload, aes_out);
1273 bitwise_xor(aes_out, padded_buffer, chain_buffer);
1274 for (j = 0; j < payload_remainder; j++)
1275 pframe[payload_index++] = chain_buffer[j];
1277 /* start to calculate the mic */
1278 memcpy((void *)message, pframe, (hdrlen + plen + 8));
1279 pn_vector[0] = pframe[hdrlen];
1280 pn_vector[1] = pframe[hdrlen+1];
1281 pn_vector[2] = pframe[hdrlen+4];
1282 pn_vector[3] = pframe[hdrlen+5];
1283 pn_vector[4] = pframe[hdrlen+6];
1284 pn_vector[5] = pframe[hdrlen+7];
1285 construct_mic_iv(mic_iv, qc_exists, a4_exists, message, plen-8,
1287 construct_mic_header1(mic_header1, hdrlen, message);
1288 construct_mic_header2(mic_header2, message, a4_exists, qc_exists);
1289 payload_remainder = (plen - 8) % 16;
1290 num_blocks = (plen - 8) / 16;
1291 /* Find start of payload */
1292 payload_index = hdrlen + 8;
1294 aes128k128d(key, mic_iv, aes_out);
1295 bitwise_xor(aes_out, mic_header1, chain_buffer);
1296 aes128k128d(key, chain_buffer, aes_out);
1297 bitwise_xor(aes_out, mic_header2, chain_buffer);
1298 aes128k128d(key, chain_buffer, aes_out);
1299 for (i = 0; i < num_blocks; i++) {
1300 bitwise_xor(aes_out, &message[payload_index], chain_buffer);
1301 payload_index += 16;
1302 aes128k128d(key, chain_buffer, aes_out);
1304 /* Add on the final payload block if it needs padding */
1305 if (payload_remainder > 0) {
1306 for (j = 0; j < 16; j++)
1307 padded_buffer[j] = 0x00;
1308 for (j = 0; j < payload_remainder; j++)
1309 padded_buffer[j] = message[payload_index++];
1310 bitwise_xor(aes_out, padded_buffer, chain_buffer);
1311 aes128k128d(key, chain_buffer, aes_out);
1313 for (j = 0; j < 8; j++)
1314 mic[j] = aes_out[j];
1315 /* Insert MIC into payload */
1316 for (j = 0; j < 8; j++)
1317 message[payload_index+j] = mic[j];
1318 payload_index = hdrlen + 8;
1319 for (i = 0; i < num_blocks; i++) {
1320 construct_ctr_preload(ctr_preload, a4_exists, qc_exists,
1321 message, pn_vector, i + 1);
1322 aes128k128d(key, ctr_preload, aes_out);
1323 bitwise_xor(aes_out, &message[payload_index], chain_buffer);
1324 for (j = 0; j < 16; j++)
1325 message[payload_index++] = chain_buffer[j];
1327 if (payload_remainder > 0) { /* If short final block, pad it,*/
1328 /* encrypt and copy unpadded part back */
1329 construct_ctr_preload(ctr_preload, a4_exists, qc_exists,
1330 message, pn_vector, num_blocks+1);
1331 for (j = 0; j < 16; j++)
1332 padded_buffer[j] = 0x00;
1333 for (j = 0; j < payload_remainder; j++)
1334 padded_buffer[j] = message[payload_index + j];
1335 aes128k128d(key, ctr_preload, aes_out);
1336 bitwise_xor(aes_out, padded_buffer, chain_buffer);
1337 for (j = 0; j < payload_remainder; j++)
1338 message[payload_index++] = chain_buffer[j];
1340 /* Encrypt the MIC */
1341 construct_ctr_preload(ctr_preload, a4_exists, qc_exists, message,
1343 for (j = 0; j < 16; j++)
1344 padded_buffer[j] = 0x00;
1345 for (j = 0; j < 8; j++)
1346 padded_buffer[j] = message[j + hdrlen + plen];
1347 aes128k128d(key, ctr_preload, aes_out);
1348 bitwise_xor(aes_out, padded_buffer, chain_buffer);
1349 for (j = 0; j < 8; j++)
1350 message[payload_index++] = chain_buffer[j];
1351 /* compare the mic */
1355 u32 r8712_aes_decrypt(struct _adapter *padapter, u8 *precvframe)
1357 /* Intermediate Buffers */
1359 u8 *pframe, *prwskey, *iv, idx;
1360 struct sta_info *stainfo;
1361 struct rx_pkt_attrib *prxattrib = &((union recv_frame *)
1362 precvframe)->u.hdr.attrib;
1363 struct security_priv *psecuritypriv = &padapter->securitypriv;
1365 pframe = (unsigned char *)((union recv_frame *)precvframe)->
1367 /* 4 start to encrypt each fragment */
1368 if (prxattrib->encrypt == _AES_) {
1369 stainfo = r8712_get_stainfo(&padapter->stapriv,
1371 if (stainfo != NULL) {
1372 if (IS_MCAST(prxattrib->ra)) {
1373 iv = pframe+prxattrib->hdrlen;
1375 prwskey = &psecuritypriv->XGrpKey[
1376 ((idx >> 6) & 0x3) - 1].skey[0];
1377 if (psecuritypriv->binstallGrpkey == false)
1381 prwskey = &stainfo->x_UncstKey.skey[0];
1382 length = ((union recv_frame *)precvframe)->
1383 u.hdr.len-prxattrib->hdrlen-prxattrib->iv_len;
1384 aes_decipher(prwskey, prxattrib->hdrlen, pframe,
1392 void r8712_use_tkipkey_handler(unsigned long data)
1394 struct _adapter *padapter = (struct _adapter *)data;
1396 padapter->securitypriv.busetkipkey = true;