1 // SPDX-License-Identifier: GPL-2.0
2 /******************************************************************************
4 * Copyright(c) 2007 - 2011 Realtek Corporation. All rights reserved.
6 ******************************************************************************/
7 #include <linux/crc32.h>
10 #include <crypto/aes.h>
12 static const char * const _security_type_str[] = {
24 const char *security_type_str(u8 value)
27 return _security_type_str[value];
31 /* WEP related ===== */
34 Need to consider the fragment situation
36 void rtw_wep_encrypt(struct adapter *padapter, u8 *pxmitframe)
43 signed int curfragnum, length;
46 u8 *pframe, *payload, *iv; /* wepkey */
49 struct pkt_attrib *pattrib = &((struct xmit_frame *)pxmitframe)->attrib;
50 struct security_priv *psecuritypriv = &padapter->securitypriv;
51 struct xmit_priv *pxmitpriv = &padapter->xmitpriv;
52 struct arc4_ctx *ctx = &psecuritypriv->xmit_arc4_ctx;
54 if (!((struct xmit_frame *)pxmitframe)->buf_addr)
57 hw_hdr_offset = TXDESC_OFFSET;
58 pframe = ((struct xmit_frame *)pxmitframe)->buf_addr + hw_hdr_offset;
60 /* start to encrypt each fragment */
61 if ((pattrib->encrypt == _WEP40_) || (pattrib->encrypt == _WEP104_)) {
62 keylength = psecuritypriv->dot11DefKeylen[psecuritypriv->dot11PrivacyKeyIndex];
64 for (curfragnum = 0; curfragnum < pattrib->nr_frags; curfragnum++) {
65 iv = pframe+pattrib->hdrlen;
66 memcpy(&wepkey[0], iv, 3);
67 memcpy(&wepkey[3], &psecuritypriv->dot11DefKey[psecuritypriv->dot11PrivacyKeyIndex].skey[0], keylength);
68 payload = pframe+pattrib->iv_len+pattrib->hdrlen;
70 if ((curfragnum+1) == pattrib->nr_frags) { /* the last fragment */
72 length = pattrib->last_txcmdsz-pattrib->hdrlen-pattrib->iv_len-pattrib->icv_len;
74 crc.f0 = cpu_to_le32(~crc32_le(~0, payload, length));
76 arc4_setkey(ctx, wepkey, 3 + keylength);
77 arc4_crypt(ctx, payload, payload, length);
78 arc4_crypt(ctx, payload + length, crc.f1, 4);
81 length = pxmitpriv->frag_len-pattrib->hdrlen-pattrib->iv_len-pattrib->icv_len;
82 crc.f0 = cpu_to_le32(~crc32_le(~0, payload, length));
83 arc4_setkey(ctx, wepkey, 3 + keylength);
84 arc4_crypt(ctx, payload, payload, length);
85 arc4_crypt(ctx, payload + length, crc.f1, 4);
87 pframe += pxmitpriv->frag_len;
88 pframe = (u8 *)round_up((SIZE_PTR)(pframe), 4);
94 void rtw_wep_decrypt(struct adapter *padapter, u8 *precvframe)
100 u8 *pframe, *payload, *iv, wepkey[16];
102 struct rx_pkt_attrib *prxattrib = &(((union recv_frame *)precvframe)->u.hdr.attrib);
103 struct security_priv *psecuritypriv = &padapter->securitypriv;
104 struct arc4_ctx *ctx = &psecuritypriv->recv_arc4_ctx;
106 pframe = (unsigned char *)((union recv_frame *)precvframe)->u.hdr.rx_data;
108 /* start to decrypt recvframe */
109 if ((prxattrib->encrypt == _WEP40_) || (prxattrib->encrypt == _WEP104_)) {
110 iv = pframe+prxattrib->hdrlen;
111 /* keyindex =(iv[3]&0x3); */
112 keyindex = prxattrib->key_index;
113 keylength = psecuritypriv->dot11DefKeylen[keyindex];
114 memcpy(&wepkey[0], iv, 3);
115 /* memcpy(&wepkey[3], &psecuritypriv->dot11DefKey[psecuritypriv->dot11PrivacyKeyIndex].skey[0], keylength); */
116 memcpy(&wepkey[3], &psecuritypriv->dot11DefKey[keyindex].skey[0], keylength);
117 length = ((union recv_frame *)precvframe)->u.hdr.len-prxattrib->hdrlen-prxattrib->iv_len;
119 payload = pframe+prxattrib->iv_len+prxattrib->hdrlen;
121 /* decrypt payload include icv */
122 arc4_setkey(ctx, wepkey, 3 + keylength);
123 arc4_crypt(ctx, payload, payload, length);
125 /* calculate icv and compare the icv */
126 *((u32 *)crc) = ~crc32_le(~0, payload, length - 4);
131 /* 3 =====TKIP related ===== */
133 static u32 secmicgetuint32(u8 *p)
134 /* Convert from Byte[] to Us3232 in a portable way */
139 for (i = 0; i < 4; i++)
140 res |= ((u32)(*p++)) << (8 * i);
145 static void secmicputuint32(u8 *p, u32 val)
146 /* Convert from Us3232 to Byte[] in a portable way */
150 for (i = 0; i < 4; i++) {
151 *p++ = (u8) (val & 0xff);
156 static void secmicclear(struct mic_data *pmicdata)
158 /* Reset the state to the empty message. */
159 pmicdata->L = pmicdata->K0;
160 pmicdata->R = pmicdata->K1;
161 pmicdata->nBytesInM = 0;
165 void rtw_secmicsetkey(struct mic_data *pmicdata, u8 *key)
168 pmicdata->K0 = secmicgetuint32(key);
169 pmicdata->K1 = secmicgetuint32(key + 4);
170 /* and reset the message */
171 secmicclear(pmicdata);
174 void rtw_secmicappendbyte(struct mic_data *pmicdata, u8 b)
176 /* Append the byte to our word-sized buffer */
177 pmicdata->M |= ((unsigned long)b) << (8*pmicdata->nBytesInM);
178 pmicdata->nBytesInM++;
179 /* Process the word if it is full. */
180 if (pmicdata->nBytesInM >= 4) {
181 pmicdata->L ^= pmicdata->M;
182 pmicdata->R ^= ROL32(pmicdata->L, 17);
183 pmicdata->L += pmicdata->R;
184 pmicdata->R ^= ((pmicdata->L & 0xff00ff00) >> 8) | ((pmicdata->L & 0x00ff00ff) << 8);
185 pmicdata->L += pmicdata->R;
186 pmicdata->R ^= ROL32(pmicdata->L, 3);
187 pmicdata->L += pmicdata->R;
188 pmicdata->R ^= ROR32(pmicdata->L, 2);
189 pmicdata->L += pmicdata->R;
190 /* Clear the buffer */
192 pmicdata->nBytesInM = 0;
196 void rtw_secmicappend(struct mic_data *pmicdata, u8 *src, u32 nbytes)
200 rtw_secmicappendbyte(pmicdata, *src++);
205 void rtw_secgetmic(struct mic_data *pmicdata, u8 *dst)
207 /* Append the minimum padding */
208 rtw_secmicappendbyte(pmicdata, 0x5a);
209 rtw_secmicappendbyte(pmicdata, 0);
210 rtw_secmicappendbyte(pmicdata, 0);
211 rtw_secmicappendbyte(pmicdata, 0);
212 rtw_secmicappendbyte(pmicdata, 0);
213 /* and then zeroes until the length is a multiple of 4 */
214 while (pmicdata->nBytesInM != 0)
215 rtw_secmicappendbyte(pmicdata, 0);
216 /* The appendByte function has already computed the result. */
217 secmicputuint32(dst, pmicdata->L);
218 secmicputuint32(dst + 4, pmicdata->R);
219 /* Reset to the empty message. */
220 secmicclear(pmicdata);
224 void rtw_seccalctkipmic(u8 *key, u8 *header, u8 *data, u32 data_len, u8 *mic_code, u8 pri)
227 struct mic_data micdata;
228 u8 priority[4] = {0x0, 0x0, 0x0, 0x0};
230 rtw_secmicsetkey(&micdata, key);
233 /* Michael MIC pseudo header: DA, SA, 3 x 0, Priority */
234 if (header[1] & 1) { /* ToDS == 1 */
235 rtw_secmicappend(&micdata, &header[16], 6); /* DA */
236 if (header[1] & 2) /* From Ds == 1 */
237 rtw_secmicappend(&micdata, &header[24], 6);
239 rtw_secmicappend(&micdata, &header[10], 6);
240 } else { /* ToDS == 0 */
241 rtw_secmicappend(&micdata, &header[4], 6); /* DA */
242 if (header[1] & 2) /* From Ds == 1 */
243 rtw_secmicappend(&micdata, &header[16], 6);
245 rtw_secmicappend(&micdata, &header[10], 6);
247 rtw_secmicappend(&micdata, &priority[0], 4);
250 rtw_secmicappend(&micdata, data, data_len);
252 rtw_secgetmic(&micdata, mic_code);
255 /* macros for extraction/creation of unsigned char/unsigned short values */
256 #define RotR1(v16) ((((v16) >> 1) & 0x7FFF) ^ (((v16) & 1) << 15))
257 #define Lo8(v16) ((u8)((v16) & 0x00FF))
258 #define Hi8(v16) ((u8)(((v16) >> 8) & 0x00FF))
259 #define Lo16(v32) ((u16)((v32) & 0xFFFF))
260 #define Hi16(v32) ((u16)(((v32) >> 16) & 0xFFFF))
261 #define Mk16(hi, lo) ((lo) ^ (((u16)(hi)) << 8))
263 /* select the Nth 16-bit word of the temporal key unsigned char array TK[] */
264 #define TK16(N) Mk16(tk[2*(N)+1], tk[2*(N)])
266 /* S-box lookup: 16 bits --> 16 bits */
267 #define _S_(v16) (Sbox1[0][Lo8(v16)] ^ Sbox1[1][Hi8(v16)])
269 /* fixed algorithm "parameters" */
270 #define PHASE1_LOOP_CNT 8 /* this needs to be "big enough" */
272 /* 2-unsigned char by 2-unsigned char subset of the full AES S-box table */
273 static const unsigned short Sbox1[2][256] = { /* Sbox for hash (can be in ROM) */
275 0xC6A5, 0xF884, 0xEE99, 0xF68D, 0xFF0D, 0xD6BD, 0xDEB1, 0x9154,
276 0x6050, 0x0203, 0xCEA9, 0x567D, 0xE719, 0xB562, 0x4DE6, 0xEC9A,
277 0x8F45, 0x1F9D, 0x8940, 0xFA87, 0xEF15, 0xB2EB, 0x8EC9, 0xFB0B,
278 0x41EC, 0xB367, 0x5FFD, 0x45EA, 0x23BF, 0x53F7, 0xE496, 0x9B5B,
279 0x75C2, 0xE11C, 0x3DAE, 0x4C6A, 0x6C5A, 0x7E41, 0xF502, 0x834F,
280 0x685C, 0x51F4, 0xD134, 0xF908, 0xE293, 0xAB73, 0x6253, 0x2A3F,
281 0x080C, 0x9552, 0x4665, 0x9D5E, 0x3028, 0x37A1, 0x0A0F, 0x2FB5,
282 0x0E09, 0x2436, 0x1B9B, 0xDF3D, 0xCD26, 0x4E69, 0x7FCD, 0xEA9F,
283 0x121B, 0x1D9E, 0x5874, 0x342E, 0x362D, 0xDCB2, 0xB4EE, 0x5BFB,
284 0xA4F6, 0x764D, 0xB761, 0x7DCE, 0x527B, 0xDD3E, 0x5E71, 0x1397,
285 0xA6F5, 0xB968, 0x0000, 0xC12C, 0x4060, 0xE31F, 0x79C8, 0xB6ED,
286 0xD4BE, 0x8D46, 0x67D9, 0x724B, 0x94DE, 0x98D4, 0xB0E8, 0x854A,
287 0xBB6B, 0xC52A, 0x4FE5, 0xED16, 0x86C5, 0x9AD7, 0x6655, 0x1194,
288 0x8ACF, 0xE910, 0x0406, 0xFE81, 0xA0F0, 0x7844, 0x25BA, 0x4BE3,
289 0xA2F3, 0x5DFE, 0x80C0, 0x058A, 0x3FAD, 0x21BC, 0x7048, 0xF104,
290 0x63DF, 0x77C1, 0xAF75, 0x4263, 0x2030, 0xE51A, 0xFD0E, 0xBF6D,
291 0x814C, 0x1814, 0x2635, 0xC32F, 0xBEE1, 0x35A2, 0x88CC, 0x2E39,
292 0x9357, 0x55F2, 0xFC82, 0x7A47, 0xC8AC, 0xBAE7, 0x322B, 0xE695,
293 0xC0A0, 0x1998, 0x9ED1, 0xA37F, 0x4466, 0x547E, 0x3BAB, 0x0B83,
294 0x8CCA, 0xC729, 0x6BD3, 0x283C, 0xA779, 0xBCE2, 0x161D, 0xAD76,
295 0xDB3B, 0x6456, 0x744E, 0x141E, 0x92DB, 0x0C0A, 0x486C, 0xB8E4,
296 0x9F5D, 0xBD6E, 0x43EF, 0xC4A6, 0x39A8, 0x31A4, 0xD337, 0xF28B,
297 0xD532, 0x8B43, 0x6E59, 0xDAB7, 0x018C, 0xB164, 0x9CD2, 0x49E0,
298 0xD8B4, 0xACFA, 0xF307, 0xCF25, 0xCAAF, 0xF48E, 0x47E9, 0x1018,
299 0x6FD5, 0xF088, 0x4A6F, 0x5C72, 0x3824, 0x57F1, 0x73C7, 0x9751,
300 0xCB23, 0xA17C, 0xE89C, 0x3E21, 0x96DD, 0x61DC, 0x0D86, 0x0F85,
301 0xE090, 0x7C42, 0x71C4, 0xCCAA, 0x90D8, 0x0605, 0xF701, 0x1C12,
302 0xC2A3, 0x6A5F, 0xAEF9, 0x69D0, 0x1791, 0x9958, 0x3A27, 0x27B9,
303 0xD938, 0xEB13, 0x2BB3, 0x2233, 0xD2BB, 0xA970, 0x0789, 0x33A7,
304 0x2DB6, 0x3C22, 0x1592, 0xC920, 0x8749, 0xAAFF, 0x5078, 0xA57A,
305 0x038F, 0x59F8, 0x0980, 0x1A17, 0x65DA, 0xD731, 0x84C6, 0xD0B8,
306 0x82C3, 0x29B0, 0x5A77, 0x1E11, 0x7BCB, 0xA8FC, 0x6DD6, 0x2C3A,
310 { /* second half of table is unsigned char-reversed version of first! */
311 0xA5C6, 0x84F8, 0x99EE, 0x8DF6, 0x0DFF, 0xBDD6, 0xB1DE, 0x5491,
312 0x5060, 0x0302, 0xA9CE, 0x7D56, 0x19E7, 0x62B5, 0xE64D, 0x9AEC,
313 0x458F, 0x9D1F, 0x4089, 0x87FA, 0x15EF, 0xEBB2, 0xC98E, 0x0BFB,
314 0xEC41, 0x67B3, 0xFD5F, 0xEA45, 0xBF23, 0xF753, 0x96E4, 0x5B9B,
315 0xC275, 0x1CE1, 0xAE3D, 0x6A4C, 0x5A6C, 0x417E, 0x02F5, 0x4F83,
316 0x5C68, 0xF451, 0x34D1, 0x08F9, 0x93E2, 0x73AB, 0x5362, 0x3F2A,
317 0x0C08, 0x5295, 0x6546, 0x5E9D, 0x2830, 0xA137, 0x0F0A, 0xB52F,
318 0x090E, 0x3624, 0x9B1B, 0x3DDF, 0x26CD, 0x694E, 0xCD7F, 0x9FEA,
319 0x1B12, 0x9E1D, 0x7458, 0x2E34, 0x2D36, 0xB2DC, 0xEEB4, 0xFB5B,
320 0xF6A4, 0x4D76, 0x61B7, 0xCE7D, 0x7B52, 0x3EDD, 0x715E, 0x9713,
321 0xF5A6, 0x68B9, 0x0000, 0x2CC1, 0x6040, 0x1FE3, 0xC879, 0xEDB6,
322 0xBED4, 0x468D, 0xD967, 0x4B72, 0xDE94, 0xD498, 0xE8B0, 0x4A85,
323 0x6BBB, 0x2AC5, 0xE54F, 0x16ED, 0xC586, 0xD79A, 0x5566, 0x9411,
324 0xCF8A, 0x10E9, 0x0604, 0x81FE, 0xF0A0, 0x4478, 0xBA25, 0xE34B,
325 0xF3A2, 0xFE5D, 0xC080, 0x8A05, 0xAD3F, 0xBC21, 0x4870, 0x04F1,
326 0xDF63, 0xC177, 0x75AF, 0x6342, 0x3020, 0x1AE5, 0x0EFD, 0x6DBF,
327 0x4C81, 0x1418, 0x3526, 0x2FC3, 0xE1BE, 0xA235, 0xCC88, 0x392E,
328 0x5793, 0xF255, 0x82FC, 0x477A, 0xACC8, 0xE7BA, 0x2B32, 0x95E6,
329 0xA0C0, 0x9819, 0xD19E, 0x7FA3, 0x6644, 0x7E54, 0xAB3B, 0x830B,
330 0xCA8C, 0x29C7, 0xD36B, 0x3C28, 0x79A7, 0xE2BC, 0x1D16, 0x76AD,
331 0x3BDB, 0x5664, 0x4E74, 0x1E14, 0xDB92, 0x0A0C, 0x6C48, 0xE4B8,
332 0x5D9F, 0x6EBD, 0xEF43, 0xA6C4, 0xA839, 0xA431, 0x37D3, 0x8BF2,
333 0x32D5, 0x438B, 0x596E, 0xB7DA, 0x8C01, 0x64B1, 0xD29C, 0xE049,
334 0xB4D8, 0xFAAC, 0x07F3, 0x25CF, 0xAFCA, 0x8EF4, 0xE947, 0x1810,
335 0xD56F, 0x88F0, 0x6F4A, 0x725C, 0x2438, 0xF157, 0xC773, 0x5197,
336 0x23CB, 0x7CA1, 0x9CE8, 0x213E, 0xDD96, 0xDC61, 0x860D, 0x850F,
337 0x90E0, 0x427C, 0xC471, 0xAACC, 0xD890, 0x0506, 0x01F7, 0x121C,
338 0xA3C2, 0x5F6A, 0xF9AE, 0xD069, 0x9117, 0x5899, 0x273A, 0xB927,
339 0x38D9, 0x13EB, 0xB32B, 0x3322, 0xBBD2, 0x70A9, 0x8907, 0xA733,
340 0xB62D, 0x223C, 0x9215, 0x20C9, 0x4987, 0xFFAA, 0x7850, 0x7AA5,
341 0x8F03, 0xF859, 0x8009, 0x171A, 0xDA65, 0x31D7, 0xC684, 0xB8D0,
342 0xC382, 0xB029, 0x775A, 0x111E, 0xCB7B, 0xFCA8, 0xD66D, 0x3A2C,
347 **********************************************************************
348 * Routine: Phase 1 -- generate P1K, given TA, TK, IV32
351 * tk[] = temporal key [128 bits]
352 * ta[] = transmitter's MAC address [ 48 bits]
353 * iv32 = upper 32 bits of IV [ 32 bits]
355 * p1k[] = Phase 1 key [ 80 bits]
358 * This function only needs to be called every 2**16 packets,
359 * although in theory it could be called every packet.
361 **********************************************************************
363 static void phase1(u16 *p1k, const u8 *tk, const u8 *ta, u32 iv32)
367 /* Initialize the 80 bits of P1K[] from IV32 and TA[0..5] */
370 p1k[2] = Mk16(ta[1], ta[0]); /* use TA[] as little-endian */
371 p1k[3] = Mk16(ta[3], ta[2]);
372 p1k[4] = Mk16(ta[5], ta[4]);
374 /* Now compute an unbalanced Feistel cipher with 80-bit block */
375 /* size on the 80-bit block P1K[], using the 128-bit key TK[] */
376 for (i = 0; i < PHASE1_LOOP_CNT; i++) {
377 /* Each add operation here is mod 2**16 */
378 p1k[0] += _S_(p1k[4] ^ TK16((i&1)+0));
379 p1k[1] += _S_(p1k[0] ^ TK16((i&1)+2));
380 p1k[2] += _S_(p1k[1] ^ TK16((i&1)+4));
381 p1k[3] += _S_(p1k[2] ^ TK16((i&1)+6));
382 p1k[4] += _S_(p1k[3] ^ TK16((i&1)+0));
383 p1k[4] += (unsigned short)i; /* avoid "slide attacks" */
389 **********************************************************************
390 * Routine: Phase 2 -- generate RC4KEY, given TK, P1K, IV16
393 * tk[] = Temporal key [128 bits]
394 * p1k[] = Phase 1 output key [ 80 bits]
395 * iv16 = low 16 bits of IV counter [ 16 bits]
397 * rc4key[] = the key used to encrypt the packet [128 bits]
400 * The value {TA, IV32, IV16} for Phase1/Phase2 must be unique
401 * across all packets using the same key TK value. Then, for a
402 * given value of TK[], this TKIP48 construction guarantees that
403 * the final RC4KEY value is unique across all packets.
405 * Suggested implementation optimization: if PPK[] is "overlaid"
406 * appropriately on RC4KEY[], there is no need for the final
407 * for loop below that copies the PPK[] result into RC4KEY[].
409 **********************************************************************
411 static void phase2(u8 *rc4key, const u8 *tk, const u16 *p1k, u16 iv16)
414 u16 PPK[6]; /* temporary key for mixing */
416 /* Note: all adds in the PPK[] equations below are mod 2**16 */
417 for (i = 0; i < 5; i++)
418 PPK[i] = p1k[i]; /* first, copy P1K to PPK */
420 PPK[5] = p1k[4]+iv16; /* next, add in IV16 */
422 /* Bijective non-linear mixing of the 96 bits of PPK[0..5] */
423 PPK[0] += _S_(PPK[5] ^ TK16(0)); /* Mix key in each "round" */
424 PPK[1] += _S_(PPK[0] ^ TK16(1));
425 PPK[2] += _S_(PPK[1] ^ TK16(2));
426 PPK[3] += _S_(PPK[2] ^ TK16(3));
427 PPK[4] += _S_(PPK[3] ^ TK16(4));
428 PPK[5] += _S_(PPK[4] ^ TK16(5)); /* Total # S-box lookups == 6 */
430 /* Final sweep: bijective, "linear". Rotates kill LSB correlations */
431 PPK[0] += RotR1(PPK[5] ^ TK16(6));
432 PPK[1] += RotR1(PPK[0] ^ TK16(7)); /* Use all of TK[] in Phase2 */
433 PPK[2] += RotR1(PPK[1]);
434 PPK[3] += RotR1(PPK[2]);
435 PPK[4] += RotR1(PPK[3]);
436 PPK[5] += RotR1(PPK[4]);
437 /* Note: At this point, for a given key TK[0..15], the 96-bit output */
438 /* value PPK[0..5] is guaranteed to be unique, as a function */
439 /* of the 96-bit "input" value {TA, IV32, IV16}. That is, P1K */
440 /* is now a keyed permutation of {TA, IV32, IV16}. */
442 /* Set RC4KEY[0..3], which includes "cleartext" portion of RC4 key */
443 rc4key[0] = Hi8(iv16); /* RC4KEY[0..2] is the WEP IV */
444 rc4key[1] = (Hi8(iv16) | 0x20) & 0x7F; /* Help avoid weak (FMS) keys */
445 rc4key[2] = Lo8(iv16);
446 rc4key[3] = Lo8((PPK[5] ^ TK16(0)) >> 1);
449 /* Copy 96 bits of PPK[0..5] to RC4KEY[4..15] (little-endian) */
450 for (i = 0; i < 6; i++) {
451 rc4key[4+2*i] = Lo8(PPK[i]);
452 rc4key[5+2*i] = Hi8(PPK[i]);
457 /* The hlen isn't include the IV */
458 u32 rtw_tkip_encrypt(struct adapter *padapter, u8 *pxmitframe)
468 u8 hw_hdr_offset = 0;
469 signed int curfragnum, length;
471 u8 *pframe, *payload, *iv, *prwskey;
472 union pn48 dot11txpn;
473 struct pkt_attrib *pattrib = &((struct xmit_frame *)pxmitframe)->attrib;
474 struct security_priv *psecuritypriv = &padapter->securitypriv;
475 struct xmit_priv *pxmitpriv = &padapter->xmitpriv;
476 struct arc4_ctx *ctx = &psecuritypriv->xmit_arc4_ctx;
479 if (!((struct xmit_frame *)pxmitframe)->buf_addr)
482 hw_hdr_offset = TXDESC_OFFSET;
483 pframe = ((struct xmit_frame *)pxmitframe)->buf_addr + hw_hdr_offset;
485 /* 4 start to encrypt each fragment */
486 if (pattrib->encrypt == _TKIP_) {
489 if (IS_MCAST(pattrib->ra))
490 prwskey = psecuritypriv->dot118021XGrpKey[psecuritypriv->dot118021XGrpKeyid].skey;
492 prwskey = pattrib->dot118021x_UncstKey.skey;
494 for (curfragnum = 0; curfragnum < pattrib->nr_frags; curfragnum++) {
495 iv = pframe+pattrib->hdrlen;
496 payload = pframe+pattrib->iv_len+pattrib->hdrlen;
498 GET_TKIP_PN(iv, dot11txpn);
500 pnl = (u16)(dot11txpn.val);
501 pnh = (u32)(dot11txpn.val>>16);
503 phase1((u16 *)&ttkey[0], prwskey, &pattrib->ta[0], pnh);
505 phase2(&rc4key[0], prwskey, (u16 *)&ttkey[0], pnl);
507 if ((curfragnum+1) == pattrib->nr_frags) { /* 4 the last fragment */
508 length = pattrib->last_txcmdsz-pattrib->hdrlen-pattrib->iv_len-pattrib->icv_len;
509 crc.f0 = cpu_to_le32(~crc32_le(~0, payload, length));
511 arc4_setkey(ctx, rc4key, 16);
512 arc4_crypt(ctx, payload, payload, length);
513 arc4_crypt(ctx, payload + length, crc.f1, 4);
516 length = pxmitpriv->frag_len-pattrib->hdrlen-pattrib->iv_len-pattrib->icv_len;
517 crc.f0 = cpu_to_le32(~crc32_le(~0, payload, length));
519 arc4_setkey(ctx, rc4key, 16);
520 arc4_crypt(ctx, payload, payload, length);
521 arc4_crypt(ctx, payload + length, crc.f1, 4);
523 pframe += pxmitpriv->frag_len;
524 pframe = (u8 *)round_up((SIZE_PTR)(pframe), 4);
533 /* The hlen isn't include the IV */
534 u32 rtw_tkip_decrypt(struct adapter *padapter, u8 *precvframe)
543 u8 *pframe, *payload, *iv, *prwskey;
544 union pn48 dot11txpn;
545 struct sta_info *stainfo;
546 struct rx_pkt_attrib *prxattrib = &((union recv_frame *)precvframe)->u.hdr.attrib;
547 struct security_priv *psecuritypriv = &padapter->securitypriv;
548 struct arc4_ctx *ctx = &psecuritypriv->recv_arc4_ctx;
551 pframe = (unsigned char *)((union recv_frame *)precvframe)->u.hdr.rx_data;
553 /* 4 start to decrypt recvframe */
554 if (prxattrib->encrypt == _TKIP_) {
555 stainfo = rtw_get_stainfo(&padapter->stapriv, &prxattrib->ta[0]);
557 if (IS_MCAST(prxattrib->ra)) {
558 static unsigned long start;
559 static u32 no_gkey_bc_cnt;
560 static u32 no_gkey_mc_cnt;
562 if (!psecuritypriv->binstallGrpkey) {
568 if (is_broadcast_mac_addr(prxattrib->ra))
573 if (jiffies_to_msecs(jiffies - start) > 1000) {
574 if (no_gkey_bc_cnt || no_gkey_mc_cnt) {
575 netdev_dbg(padapter->pnetdev,
576 FUNC_ADPT_FMT " no_gkey_bc_cnt:%u, no_gkey_mc_cnt:%u\n",
577 FUNC_ADPT_ARG(padapter),
588 if (no_gkey_bc_cnt || no_gkey_mc_cnt) {
589 netdev_dbg(padapter->pnetdev,
590 FUNC_ADPT_FMT " gkey installed. no_gkey_bc_cnt:%u, no_gkey_mc_cnt:%u\n",
591 FUNC_ADPT_ARG(padapter),
599 prwskey = psecuritypriv->dot118021XGrpKey[prxattrib->key_index].skey;
601 prwskey = &stainfo->dot118021x_UncstKey.skey[0];
604 iv = pframe+prxattrib->hdrlen;
605 payload = pframe+prxattrib->iv_len+prxattrib->hdrlen;
606 length = ((union recv_frame *)precvframe)->u.hdr.len-prxattrib->hdrlen-prxattrib->iv_len;
608 GET_TKIP_PN(iv, dot11txpn);
610 pnl = (u16)(dot11txpn.val);
611 pnh = (u32)(dot11txpn.val>>16);
613 phase1((u16 *)&ttkey[0], prwskey, &prxattrib->ta[0], pnh);
614 phase2(&rc4key[0], prwskey, (unsigned short *)&ttkey[0], pnl);
616 /* 4 decrypt payload include icv */
618 arc4_setkey(ctx, rc4key, 16);
619 arc4_crypt(ctx, payload, payload, length);
621 *((u32 *)crc) = ~crc32_le(~0, payload, length - 4);
623 if (crc[3] != payload[length - 1] || crc[2] != payload[length - 2] ||
624 crc[1] != payload[length - 3] || crc[0] != payload[length - 4])
635 /* 3 =====AES related ===== */
639 #define MAX_MSG_SIZE 2048
641 /*****************************/
642 /**** Function Prototypes ****/
643 /*****************************/
645 static void bitwise_xor(u8 *ina, u8 *inb, u8 *out);
646 static void construct_mic_iv(u8 *mic_header1,
647 signed int qc_exists,
648 signed int a4_exists,
652 uint frtype); /* add for CONFIG_IEEE80211W, none 11w also can use */
653 static void construct_mic_header1(u8 *mic_header1,
654 signed int header_length,
656 uint frtype); /* for CONFIG_IEEE80211W, none 11w also can use */
657 static void construct_mic_header2(u8 *mic_header2,
659 signed int a4_exists,
660 signed int qc_exists);
661 static void construct_ctr_preload(u8 *ctr_preload,
662 signed int a4_exists,
663 signed int qc_exists,
667 uint frtype); /* for CONFIG_IEEE80211W, none 11w also can use */
669 static void aes128k128d(u8 *key, u8 *data, u8 *ciphertext);
672 /****************************************/
674 /* Performs a 128 bit AES encrypt with */
676 /****************************************/
677 static void aes128k128d(u8 *key, u8 *data, u8 *ciphertext)
679 struct crypto_aes_ctx ctx;
681 aes_expandkey(&ctx, key, 16);
682 aes_encrypt(&ctx, ciphertext, data);
683 memzero_explicit(&ctx, sizeof(ctx));
686 /************************************************/
687 /* construct_mic_iv() */
688 /* Builds the MIC IV from header fields and PN */
689 /* Baron think the function is construct CCM */
691 /************************************************/
692 static void construct_mic_iv(u8 *mic_iv,
693 signed int qc_exists,
694 signed int a4_exists,
698 uint frtype) /* add for CONFIG_IEEE80211W, none 11w also can use */
704 if (qc_exists && a4_exists)
705 mic_iv[1] = mpdu[30] & 0x0f; /* QoS_TC */
707 if (qc_exists && !a4_exists)
708 mic_iv[1] = mpdu[24] & 0x0f; /* mute bits 7-4 */
713 /* 802.11w management frame should set management bit(4) */
714 if (frtype == WIFI_MGT_TYPE)
717 for (i = 2; i < 8; i++)
718 mic_iv[i] = mpdu[i + 8]; /* mic_iv[2:7] = A2[0:5] = mpdu[10:15] */
719 #ifdef CONSISTENT_PN_ORDER
720 for (i = 8; i < 14; i++)
721 mic_iv[i] = pn_vector[i - 8]; /* mic_iv[8:13] = PN[0:5] */
723 for (i = 8; i < 14; i++)
724 mic_iv[i] = pn_vector[13 - i]; /* mic_iv[8:13] = PN[5:0] */
726 mic_iv[14] = (unsigned char) (payload_length / 256);
727 mic_iv[15] = (unsigned char) (payload_length % 256);
730 /************************************************/
731 /* construct_mic_header1() */
732 /* Builds the first MIC header block from */
734 /* Build AAD SC, A1, A2 */
735 /************************************************/
736 static void construct_mic_header1(u8 *mic_header1,
737 signed int header_length,
739 uint frtype) /* for CONFIG_IEEE80211W, none 11w also can use */
741 mic_header1[0] = (u8)((header_length - 2) / 256);
742 mic_header1[1] = (u8)((header_length - 2) % 256);
744 /* 802.11w management frame don't AND subtype bits 4, 5, 6 of frame control field */
745 if (frtype == WIFI_MGT_TYPE)
746 mic_header1[2] = mpdu[0];
748 mic_header1[2] = mpdu[0] & 0xcf; /* Mute CF poll & CF ack bits */
750 mic_header1[3] = mpdu[1] & 0xc7; /* Mute retry, more data and pwr mgt bits */
751 mic_header1[4] = mpdu[4]; /* A1 */
752 mic_header1[5] = mpdu[5];
753 mic_header1[6] = mpdu[6];
754 mic_header1[7] = mpdu[7];
755 mic_header1[8] = mpdu[8];
756 mic_header1[9] = mpdu[9];
757 mic_header1[10] = mpdu[10]; /* A2 */
758 mic_header1[11] = mpdu[11];
759 mic_header1[12] = mpdu[12];
760 mic_header1[13] = mpdu[13];
761 mic_header1[14] = mpdu[14];
762 mic_header1[15] = mpdu[15];
765 /************************************************/
766 /* construct_mic_header2() */
767 /* Builds the last MIC header block from */
769 /************************************************/
770 static void construct_mic_header2(u8 *mic_header2,
772 signed int a4_exists,
773 signed int qc_exists)
777 for (i = 0; i < 16; i++)
778 mic_header2[i] = 0x00;
780 mic_header2[0] = mpdu[16]; /* A3 */
781 mic_header2[1] = mpdu[17];
782 mic_header2[2] = mpdu[18];
783 mic_header2[3] = mpdu[19];
784 mic_header2[4] = mpdu[20];
785 mic_header2[5] = mpdu[21];
787 mic_header2[6] = 0x00;
788 mic_header2[7] = 0x00; /* mpdu[23]; */
790 if (!qc_exists && a4_exists) {
791 for (i = 0; i < 6; i++)
792 mic_header2[8+i] = mpdu[24+i]; /* A4 */
795 if (qc_exists && !a4_exists) {
796 mic_header2[8] = mpdu[24] & 0x0f; /* mute bits 15 - 4 */
797 mic_header2[9] = mpdu[25] & 0x00;
800 if (qc_exists && a4_exists) {
801 for (i = 0; i < 6; i++)
802 mic_header2[8+i] = mpdu[24+i]; /* A4 */
804 mic_header2[14] = mpdu[30] & 0x0f;
805 mic_header2[15] = mpdu[31] & 0x00;
809 /************************************************/
810 /* construct_mic_header2() */
811 /* Builds the last MIC header block from */
813 /* Baron think the function is construct CCM */
815 /************************************************/
816 static void construct_ctr_preload(u8 *ctr_preload,
817 signed int a4_exists,
818 signed int qc_exists,
822 uint frtype) /* for CONFIG_IEEE80211W, none 11w also can use */
826 for (i = 0; i < 16; i++)
827 ctr_preload[i] = 0x00;
830 ctr_preload[0] = 0x01; /* flag */
831 if (qc_exists && a4_exists)
832 ctr_preload[1] = mpdu[30] & 0x0f; /* QoC_Control */
833 if (qc_exists && !a4_exists)
834 ctr_preload[1] = mpdu[24] & 0x0f;
836 /* 802.11w management frame should set management bit(4) */
837 if (frtype == WIFI_MGT_TYPE)
838 ctr_preload[1] |= BIT(4);
840 for (i = 2; i < 8; i++)
841 ctr_preload[i] = mpdu[i + 8]; /* ctr_preload[2:7] = A2[0:5] = mpdu[10:15] */
842 #ifdef CONSISTENT_PN_ORDER
843 for (i = 8; i < 14; i++)
844 ctr_preload[i] = pn_vector[i - 8]; /* ctr_preload[8:13] = PN[0:5] */
846 for (i = 8; i < 14; i++)
847 ctr_preload[i] = pn_vector[13 - i]; /* ctr_preload[8:13] = PN[5:0] */
849 ctr_preload[14] = (unsigned char) (c / 256); /* Ctr */
850 ctr_preload[15] = (unsigned char) (c % 256);
853 /************************************/
855 /* A 128 bit, bitwise exclusive or */
856 /************************************/
857 static void bitwise_xor(u8 *ina, u8 *inb, u8 *out)
861 for (i = 0; i < 16; i++)
862 out[i] = ina[i] ^ inb[i];
865 static signed int aes_cipher(u8 *key, uint hdrlen,
866 u8 *pframe, uint plen)
868 uint qc_exists, a4_exists, i, j, payload_remainder,
869 num_blocks, payload_index;
877 /* Intermediate Buffers */
880 u8 padded_buffer[16];
882 uint frtype = GetFrameType(pframe);
883 uint frsubtype = GetFrameSubType(pframe);
885 frsubtype = frsubtype>>4;
887 memset((void *)mic_iv, 0, 16);
888 memset((void *)mic_header1, 0, 16);
889 memset((void *)mic_header2, 0, 16);
890 memset((void *)ctr_preload, 0, 16);
891 memset((void *)chain_buffer, 0, 16);
892 memset((void *)aes_out, 0, 16);
893 memset((void *)padded_buffer, 0, 16);
895 if ((hdrlen == WLAN_HDR_A3_LEN) || (hdrlen == WLAN_HDR_A3_QOS_LEN))
900 if (((frtype|frsubtype) == WIFI_DATA_CFACK) ||
901 ((frtype|frsubtype) == WIFI_DATA_CFPOLL) ||
902 ((frtype|frsubtype) == WIFI_DATA_CFACKPOLL)) {
904 if (hdrlen != WLAN_HDR_A3_QOS_LEN)
907 } else if ((frtype == WIFI_DATA) && /* add for CONFIG_IEEE80211W, none 11w also can use */
908 ((frsubtype == 0x08) ||
909 (frsubtype == 0x09) ||
910 (frsubtype == 0x0a) ||
911 (frsubtype == 0x0b))) {
912 if (hdrlen != WLAN_HDR_A3_QOS_LEN)
920 pn_vector[0] = pframe[hdrlen];
921 pn_vector[1] = pframe[hdrlen+1];
922 pn_vector[2] = pframe[hdrlen+4];
923 pn_vector[3] = pframe[hdrlen+5];
924 pn_vector[4] = pframe[hdrlen+6];
925 pn_vector[5] = pframe[hdrlen+7];
927 construct_mic_iv(mic_iv,
930 pframe, /* message, */
933 frtype); /* add for CONFIG_IEEE80211W, none 11w also can use */
935 construct_mic_header1(mic_header1,
937 pframe, /* message */
938 frtype); /* add for CONFIG_IEEE80211W, none 11w also can use */
940 construct_mic_header2(mic_header2,
941 pframe, /* message, */
945 payload_remainder = plen % 16;
946 num_blocks = plen / 16;
948 /* Find start of payload */
949 payload_index = (hdrlen + 8);
952 aes128k128d(key, mic_iv, aes_out);
953 bitwise_xor(aes_out, mic_header1, chain_buffer);
954 aes128k128d(key, chain_buffer, aes_out);
955 bitwise_xor(aes_out, mic_header2, chain_buffer);
956 aes128k128d(key, chain_buffer, aes_out);
958 for (i = 0; i < num_blocks; i++) {
959 bitwise_xor(aes_out, &pframe[payload_index], chain_buffer);
962 aes128k128d(key, chain_buffer, aes_out);
965 /* Add on the final payload block if it needs padding */
966 if (payload_remainder > 0) {
967 for (j = 0; j < 16; j++)
968 padded_buffer[j] = 0x00;
969 for (j = 0; j < payload_remainder; j++)
970 padded_buffer[j] = pframe[payload_index++];
972 bitwise_xor(aes_out, padded_buffer, chain_buffer);
973 aes128k128d(key, chain_buffer, aes_out);
976 for (j = 0 ; j < 8; j++)
979 /* Insert MIC into payload */
980 for (j = 0; j < 8; j++)
981 pframe[payload_index+j] = mic[j];
983 payload_index = hdrlen + 8;
984 for (i = 0; i < num_blocks; i++) {
985 construct_ctr_preload(ctr_preload, a4_exists, qc_exists, pframe, /* message, */
986 pn_vector, i+1, frtype);
987 /* add for CONFIG_IEEE80211W, none 11w also can use */
988 aes128k128d(key, ctr_preload, aes_out);
989 bitwise_xor(aes_out, &pframe[payload_index], chain_buffer);
990 for (j = 0; j < 16; j++)
991 pframe[payload_index++] = chain_buffer[j];
994 if (payload_remainder > 0) {
995 /* If there is a short final block, then pad it,*/
996 /* encrypt it and copy the unpadded part back */
997 construct_ctr_preload(ctr_preload, a4_exists, qc_exists, pframe, /* message, */
998 pn_vector, num_blocks+1, frtype);
999 /* add for CONFIG_IEEE80211W, none 11w also can use */
1001 for (j = 0; j < 16; j++)
1002 padded_buffer[j] = 0x00;
1003 for (j = 0; j < payload_remainder; j++)
1004 padded_buffer[j] = pframe[payload_index+j];
1006 aes128k128d(key, ctr_preload, aes_out);
1007 bitwise_xor(aes_out, padded_buffer, chain_buffer);
1008 for (j = 0; j < payload_remainder; j++)
1009 pframe[payload_index++] = chain_buffer[j];
1012 /* Encrypt the MIC */
1013 construct_ctr_preload(ctr_preload, a4_exists, qc_exists, pframe, /* message, */
1014 pn_vector, 0, frtype);
1015 /* add for CONFIG_IEEE80211W, none 11w also can use */
1017 for (j = 0; j < 16; j++)
1018 padded_buffer[j] = 0x00;
1019 for (j = 0; j < 8; j++)
1020 padded_buffer[j] = pframe[j+hdrlen+8+plen];
1022 aes128k128d(key, ctr_preload, aes_out);
1023 bitwise_xor(aes_out, padded_buffer, chain_buffer);
1024 for (j = 0; j < 8; j++)
1025 pframe[payload_index++] = chain_buffer[j];
1030 u32 rtw_aes_encrypt(struct adapter *padapter, u8 *pxmitframe)
1034 /* unsigned char message[MAX_MSG_SIZE]; */
1036 /* Intermediate Buffers */
1037 signed int curfragnum, length;
1038 u8 *pframe, *prwskey; /* *payload,*iv */
1039 u8 hw_hdr_offset = 0;
1040 struct pkt_attrib *pattrib = &((struct xmit_frame *)pxmitframe)->attrib;
1041 struct security_priv *psecuritypriv = &padapter->securitypriv;
1042 struct xmit_priv *pxmitpriv = &padapter->xmitpriv;
1046 if (!((struct xmit_frame *)pxmitframe)->buf_addr)
1049 hw_hdr_offset = TXDESC_OFFSET;
1050 pframe = ((struct xmit_frame *)pxmitframe)->buf_addr + hw_hdr_offset;
1052 /* 4 start to encrypt each fragment */
1053 if (pattrib->encrypt == _AES_) {
1054 if (IS_MCAST(pattrib->ra))
1055 prwskey = psecuritypriv->dot118021XGrpKey[psecuritypriv->dot118021XGrpKeyid].skey;
1057 prwskey = pattrib->dot118021x_UncstKey.skey;
1059 for (curfragnum = 0; curfragnum < pattrib->nr_frags; curfragnum++) {
1060 if ((curfragnum+1) == pattrib->nr_frags) { /* 4 the last fragment */
1061 length = pattrib->last_txcmdsz-pattrib->hdrlen-pattrib->iv_len-pattrib->icv_len;
1063 aes_cipher(prwskey, pattrib->hdrlen, pframe, length);
1065 length = pxmitpriv->frag_len-pattrib->hdrlen-pattrib->iv_len-pattrib->icv_len;
1067 aes_cipher(prwskey, pattrib->hdrlen, pframe, length);
1068 pframe += pxmitpriv->frag_len;
1069 pframe = (u8 *)round_up((SIZE_PTR)(pframe), 4);
1076 static signed int aes_decipher(u8 *key, uint hdrlen,
1077 u8 *pframe, uint plen)
1079 static u8 message[MAX_MSG_SIZE];
1080 uint qc_exists, a4_exists, i, j, payload_remainder,
1081 num_blocks, payload_index;
1082 signed int res = _SUCCESS;
1089 /* Intermediate Buffers */
1090 u8 chain_buffer[16];
1092 u8 padded_buffer[16];
1095 uint frtype = GetFrameType(pframe);
1096 uint frsubtype = GetFrameSubType(pframe);
1098 frsubtype = frsubtype>>4;
1100 memset((void *)mic_iv, 0, 16);
1101 memset((void *)mic_header1, 0, 16);
1102 memset((void *)mic_header2, 0, 16);
1103 memset((void *)ctr_preload, 0, 16);
1104 memset((void *)chain_buffer, 0, 16);
1105 memset((void *)aes_out, 0, 16);
1106 memset((void *)padded_buffer, 0, 16);
1108 /* start to decrypt the payload */
1110 num_blocks = (plen-8) / 16; /* plen including LLC, payload_length and mic) */
1112 payload_remainder = (plen-8) % 16;
1114 pn_vector[0] = pframe[hdrlen];
1115 pn_vector[1] = pframe[hdrlen + 1];
1116 pn_vector[2] = pframe[hdrlen + 4];
1117 pn_vector[3] = pframe[hdrlen + 5];
1118 pn_vector[4] = pframe[hdrlen + 6];
1119 pn_vector[5] = pframe[hdrlen + 7];
1121 if ((hdrlen == WLAN_HDR_A3_LEN) || (hdrlen == WLAN_HDR_A3_QOS_LEN))
1126 if (((frtype|frsubtype) == WIFI_DATA_CFACK) ||
1127 ((frtype|frsubtype) == WIFI_DATA_CFPOLL) ||
1128 ((frtype|frsubtype) == WIFI_DATA_CFACKPOLL)) {
1130 if (hdrlen != WLAN_HDR_A3_QOS_LEN)
1133 } else if ((frtype == WIFI_DATA) && /* only for data packet . add for CONFIG_IEEE80211W, none 11w also can use */
1134 ((frsubtype == 0x08) ||
1135 (frsubtype == 0x09) ||
1136 (frsubtype == 0x0a) ||
1137 (frsubtype == 0x0b))) {
1138 if (hdrlen != WLAN_HDR_A3_QOS_LEN)
1146 /* now, decrypt pframe with hdrlen offset and plen long */
1148 payload_index = hdrlen + 8; /* 8 is for extiv */
1150 for (i = 0; i < num_blocks; i++) {
1151 construct_ctr_preload(ctr_preload, a4_exists,
1154 frtype); /* add for CONFIG_IEEE80211W, none 11w also can use */
1156 aes128k128d(key, ctr_preload, aes_out);
1157 bitwise_xor(aes_out, &pframe[payload_index], chain_buffer);
1159 for (j = 0; j < 16; j++)
1160 pframe[payload_index++] = chain_buffer[j];
1163 if (payload_remainder > 0) {
1164 /* If there is a short final block, then pad it,*/
1165 /* encrypt it and copy the unpadded part back */
1166 construct_ctr_preload(ctr_preload, a4_exists, qc_exists, pframe, pn_vector,
1167 num_blocks+1, frtype);
1168 /* add for CONFIG_IEEE80211W, none 11w also can use */
1170 for (j = 0; j < 16; j++)
1171 padded_buffer[j] = 0x00;
1172 for (j = 0; j < payload_remainder; j++)
1173 padded_buffer[j] = pframe[payload_index+j];
1175 aes128k128d(key, ctr_preload, aes_out);
1176 bitwise_xor(aes_out, padded_buffer, chain_buffer);
1177 for (j = 0; j < payload_remainder; j++)
1178 pframe[payload_index++] = chain_buffer[j];
1181 /* start to calculate the mic */
1182 if ((hdrlen + plen+8) <= MAX_MSG_SIZE)
1183 memcpy((void *)message, pframe, (hdrlen + plen+8)); /* 8 is for ext iv len */
1185 pn_vector[0] = pframe[hdrlen];
1186 pn_vector[1] = pframe[hdrlen+1];
1187 pn_vector[2] = pframe[hdrlen+4];
1188 pn_vector[3] = pframe[hdrlen+5];
1189 pn_vector[4] = pframe[hdrlen+6];
1190 pn_vector[5] = pframe[hdrlen+7];
1192 construct_mic_iv(mic_iv, qc_exists, a4_exists, message, plen-8, pn_vector, frtype);
1193 /* add for CONFIG_IEEE80211W, none 11w also can use */
1195 construct_mic_header1(mic_header1, hdrlen, message, frtype);
1196 /* add for CONFIG_IEEE80211W, none 11w also can use */
1197 construct_mic_header2(mic_header2, message, a4_exists, qc_exists);
1199 payload_remainder = (plen-8) % 16;
1200 num_blocks = (plen-8) / 16;
1202 /* Find start of payload */
1203 payload_index = (hdrlen + 8);
1206 aes128k128d(key, mic_iv, aes_out);
1207 bitwise_xor(aes_out, mic_header1, chain_buffer);
1208 aes128k128d(key, chain_buffer, aes_out);
1209 bitwise_xor(aes_out, mic_header2, chain_buffer);
1210 aes128k128d(key, chain_buffer, aes_out);
1212 for (i = 0; i < num_blocks; i++) {
1213 bitwise_xor(aes_out, &message[payload_index], chain_buffer);
1215 payload_index += 16;
1216 aes128k128d(key, chain_buffer, aes_out);
1219 /* Add on the final payload block if it needs padding */
1220 if (payload_remainder > 0) {
1221 for (j = 0; j < 16; j++)
1222 padded_buffer[j] = 0x00;
1223 for (j = 0; j < payload_remainder; j++)
1224 padded_buffer[j] = message[payload_index++];
1226 bitwise_xor(aes_out, padded_buffer, chain_buffer);
1227 aes128k128d(key, chain_buffer, aes_out);
1230 for (j = 0; j < 8; j++)
1231 mic[j] = aes_out[j];
1233 /* Insert MIC into payload */
1234 for (j = 0; j < 8; j++)
1235 message[payload_index+j] = mic[j];
1237 payload_index = hdrlen + 8;
1238 for (i = 0; i < num_blocks; i++) {
1239 construct_ctr_preload(ctr_preload, a4_exists, qc_exists, message, pn_vector, i+1,
1241 /* add for CONFIG_IEEE80211W, none 11w also can use */
1242 aes128k128d(key, ctr_preload, aes_out);
1243 bitwise_xor(aes_out, &message[payload_index], chain_buffer);
1244 for (j = 0; j < 16; j++)
1245 message[payload_index++] = chain_buffer[j];
1248 if (payload_remainder > 0) {
1249 /* If there is a short final block, then pad it,*/
1250 /* encrypt it and copy the unpadded part back */
1251 construct_ctr_preload(ctr_preload, a4_exists, qc_exists, message, pn_vector,
1252 num_blocks+1, frtype);
1253 /* add for CONFIG_IEEE80211W, none 11w also can use */
1255 for (j = 0; j < 16; j++)
1256 padded_buffer[j] = 0x00;
1257 for (j = 0; j < payload_remainder; j++)
1258 padded_buffer[j] = message[payload_index+j];
1260 aes128k128d(key, ctr_preload, aes_out);
1261 bitwise_xor(aes_out, padded_buffer, chain_buffer);
1262 for (j = 0; j < payload_remainder; j++)
1263 message[payload_index++] = chain_buffer[j];
1266 /* Encrypt the MIC */
1267 construct_ctr_preload(ctr_preload, a4_exists, qc_exists, message, pn_vector, 0, frtype);
1268 /* add for CONFIG_IEEE80211W, none 11w also can use */
1270 for (j = 0; j < 16; j++)
1271 padded_buffer[j] = 0x00;
1272 for (j = 0; j < 8; j++)
1273 padded_buffer[j] = message[j+hdrlen+8+plen-8];
1275 aes128k128d(key, ctr_preload, aes_out);
1276 bitwise_xor(aes_out, padded_buffer, chain_buffer);
1277 for (j = 0; j < 8; j++)
1278 message[payload_index++] = chain_buffer[j];
1280 /* compare the mic */
1281 for (i = 0; i < 8; i++) {
1282 if (pframe[hdrlen + 8 + plen - 8 + i] != message[hdrlen + 8 + plen - 8 + i])
1288 u32 rtw_aes_decrypt(struct adapter *padapter, u8 *precvframe)
1292 /* unsigned char message[MAX_MSG_SIZE]; */
1294 /* Intermediate Buffers */
1297 u8 *pframe, *prwskey; /* *payload,*iv */
1298 struct sta_info *stainfo;
1299 struct rx_pkt_attrib *prxattrib = &((union recv_frame *)precvframe)->u.hdr.attrib;
1300 struct security_priv *psecuritypriv = &padapter->securitypriv;
1303 pframe = (unsigned char *)((union recv_frame *)precvframe)->u.hdr.rx_data;
1304 /* 4 start to encrypt each fragment */
1305 if (prxattrib->encrypt == _AES_) {
1306 stainfo = rtw_get_stainfo(&padapter->stapriv, &prxattrib->ta[0]);
1308 if (IS_MCAST(prxattrib->ra)) {
1309 static unsigned long start;
1310 static u32 no_gkey_bc_cnt;
1311 static u32 no_gkey_mc_cnt;
1313 if (!psecuritypriv->binstallGrpkey) {
1319 if (is_broadcast_mac_addr(prxattrib->ra))
1324 if (jiffies_to_msecs(jiffies - start) > 1000) {
1325 if (no_gkey_bc_cnt || no_gkey_mc_cnt) {
1326 netdev_dbg(padapter->pnetdev,
1327 FUNC_ADPT_FMT " no_gkey_bc_cnt:%u, no_gkey_mc_cnt:%u\n",
1328 FUNC_ADPT_ARG(padapter),
1340 if (no_gkey_bc_cnt || no_gkey_mc_cnt) {
1341 netdev_dbg(padapter->pnetdev,
1342 FUNC_ADPT_FMT " gkey installed. no_gkey_bc_cnt:%u, no_gkey_mc_cnt:%u\n",
1343 FUNC_ADPT_ARG(padapter),
1351 prwskey = psecuritypriv->dot118021XGrpKey[prxattrib->key_index].skey;
1352 if (psecuritypriv->dot118021XGrpKeyid != prxattrib->key_index) {
1357 prwskey = &stainfo->dot118021x_UncstKey.skey[0];
1360 length = ((union recv_frame *)precvframe)->u.hdr.len-prxattrib->hdrlen-prxattrib->iv_len;
1362 res = aes_decipher(prwskey, prxattrib->hdrlen, pframe, length);
1372 u32 rtw_BIP_verify(struct adapter *padapter, u8 *precvframe)
1374 struct rx_pkt_attrib *pattrib = &((union recv_frame *)precvframe)->u.hdr.attrib;
1379 struct ieee80211_hdr *pwlanhdr;
1381 struct mlme_ext_priv *pmlmeext = &padapter->mlmeextpriv;
1385 ori_len = pattrib->pkt_len-WLAN_HDR_A3_LEN+BIP_AAD_SIZE;
1386 BIP_AAD = rtw_zmalloc(ori_len);
1392 pframe = (unsigned char *)((union recv_frame *)precvframe)->u.hdr.rx_data;
1393 /* mapping to wlan header */
1394 pwlanhdr = (struct ieee80211_hdr *)pframe;
1395 /* save the frame body + MME */
1396 memcpy(BIP_AAD+BIP_AAD_SIZE, pframe+WLAN_HDR_A3_LEN, pattrib->pkt_len-WLAN_HDR_A3_LEN);
1397 /* find MME IE pointer */
1398 p = rtw_get_ie(BIP_AAD+BIP_AAD_SIZE, WLAN_EID_MMIE, &len, pattrib->pkt_len-WLAN_HDR_A3_LEN);
1403 /* save packet number */
1404 memcpy(&le_tmp64, p+4, 6);
1405 temp_ipn = le64_to_cpu(le_tmp64);
1406 /* BIP packet number should bigger than previous BIP packet */
1407 if (temp_ipn <= pmlmeext->mgnt_80211w_IPN_rx)
1410 /* copy key index */
1411 memcpy(&le_tmp, p+2, 2);
1412 keyid = le16_to_cpu(le_tmp);
1413 if (keyid != padapter->securitypriv.dot11wBIPKeyid)
1416 /* clear the MIC field of MME to zero */
1417 memset(p+2+len-8, 0, 8);
1419 /* conscruct AAD, copy frame control field */
1420 memcpy(BIP_AAD, &pwlanhdr->frame_control, 2);
1421 ClearRetry(BIP_AAD);
1422 ClearPwrMgt(BIP_AAD);
1423 ClearMData(BIP_AAD);
1424 /* conscruct AAD, copy address 1 to address 3 */
1425 memcpy(BIP_AAD+2, pwlanhdr->addr1, 18);
1427 if (omac1_aes_128(padapter->securitypriv.dot11wBIPKey[padapter->securitypriv.dot11wBIPKeyid].skey
1428 , BIP_AAD, ori_len, mic))
1431 /* MIC field should be last 8 bytes of packet (packet without FCS) */
1432 if (!memcmp(mic, pframe+pattrib->pkt_len-8, 8)) {
1433 pmlmeext->mgnt_80211w_IPN_rx = temp_ipn;
1439 res = RTW_RX_HANDLED;
1447 static void gf_mulx(u8 *pad)
1451 carry = pad[0] & 0x80;
1452 for (i = 0; i < AES_BLOCK_SIZE - 1; i++)
1453 pad[i] = (pad[i] << 1) | (pad[i + 1] >> 7);
1455 pad[AES_BLOCK_SIZE - 1] <<= 1;
1457 pad[AES_BLOCK_SIZE - 1] ^= 0x87;
1461 * omac1_aes_128_vector - One-Key CBC MAC (OMAC1) hash with AES-128
1462 * @key: 128-bit key for the hash operation
1463 * @num_elem: Number of elements in the data vector
1464 * @addr: Pointers to the data areas
1465 * @len: Lengths of the data blocks
1466 * @mac: Buffer for MAC (128 bits, i.e., 16 bytes)
1467 * Returns: 0 on success, -1 on failure
1469 * This is a mode for using block cipher (AES in this case) for authentication.
1470 * OMAC1 was standardized with the name CMAC by NIST in a Special Publication
1473 static int omac1_aes_128_vector(u8 *key, size_t num_elem,
1474 u8 *addr[], size_t *len, u8 *mac)
1476 struct crypto_aes_ctx ctx;
1477 u8 cbc[AES_BLOCK_SIZE], pad[AES_BLOCK_SIZE];
1479 size_t i, e, left, total_len;
1482 ret = aes_expandkey(&ctx, key, 16);
1485 memset(cbc, 0, AES_BLOCK_SIZE);
1488 for (e = 0; e < num_elem; e++)
1489 total_len += len[e];
1496 while (left >= AES_BLOCK_SIZE) {
1497 for (i = 0; i < AES_BLOCK_SIZE; i++) {
1505 if (left > AES_BLOCK_SIZE)
1506 aes_encrypt(&ctx, cbc, cbc);
1507 left -= AES_BLOCK_SIZE;
1510 memset(pad, 0, AES_BLOCK_SIZE);
1511 aes_encrypt(&ctx, pad, pad);
1514 if (left || total_len == 0) {
1515 for (i = 0; i < left; i++) {
1527 for (i = 0; i < AES_BLOCK_SIZE; i++)
1529 aes_encrypt(&ctx, pad, mac);
1530 memzero_explicit(&ctx, sizeof(ctx));
1535 * omac1_aes_128 - One-Key CBC MAC (OMAC1) hash with AES-128 (aka AES-CMAC)
1536 * @key: 128-bit key for the hash operation
1537 * @data: Data buffer for which a MAC is determined
1538 * @data_len: Length of data buffer in bytes
1539 * @mac: Buffer for MAC (128 bits, i.e., 16 bytes)
1540 * Returns: 0 on success, -1 on failure
1542 * This is a mode for using block cipher (AES in this case) for authentication.
1543 * OMAC1 was standardized with the name CMAC by NIST in a Special Publication
1545 * modify for CONFIG_IEEE80211W */
1546 int omac1_aes_128(u8 *key, u8 *data, size_t data_len, u8 *mac)
1548 return omac1_aes_128_vector(key, 1, &data, &data_len, mac);
1551 /* Restore HW wep key setting according to key_mask */
1552 void rtw_sec_restore_wep_key(struct adapter *adapter)
1554 struct security_priv *securitypriv = &(adapter->securitypriv);
1557 if ((_WEP40_ == securitypriv->dot11PrivacyAlgrthm) || (_WEP104_ == securitypriv->dot11PrivacyAlgrthm)) {
1558 for (keyid = 0; keyid < 4; keyid++) {
1559 if (securitypriv->key_mask & BIT(keyid)) {
1560 if (keyid == securitypriv->dot11PrivacyKeyIndex)
1561 rtw_set_key(adapter, securitypriv, keyid, 1, false);
1563 rtw_set_key(adapter, securitypriv, keyid, 0, false);
1569 u8 rtw_handle_tkip_countermeasure(struct adapter *adapter, const char *caller)
1571 struct security_priv *securitypriv = &(adapter->securitypriv);
1572 u8 status = _SUCCESS;
1574 if (securitypriv->btkip_countermeasure) {
1575 unsigned long passing_ms = jiffies_to_msecs(jiffies - securitypriv->btkip_countermeasure_time);
1577 if (passing_ms > 60*1000) {
1578 netdev_dbg(adapter->pnetdev,
1579 "%s(%s) countermeasure time:%lus > 60s\n",
1580 caller, ADPT_ARG(adapter),
1582 securitypriv->btkip_countermeasure = false;
1583 securitypriv->btkip_countermeasure_time = 0;
1585 netdev_dbg(adapter->pnetdev,
1586 "%s(%s) countermeasure time:%lus < 60s\n",
1587 caller, ADPT_ARG(adapter),