1 // SPDX-License-Identifier: GPL-2.0
2 /******************************************************************************
4 * Copyright(c) 2007 - 2011 Realtek Corporation. All rights reserved.
6 ******************************************************************************/
7 #define _RTW_SECURITY_C_
9 #include <osdep_service.h>
10 #include <drv_types.h>
12 #include <osdep_intf.h>
13 #include <net/lib80211.h>
15 /* WEP related ===== */
17 #define CRC32_POLY 0x04c11db7
25 static void arcfour_init(struct arc4context *parc4ctx, u8 *key, u32 key_len)
33 state = parc4ctx->state;
36 for (counter = 0; counter < 256; counter++)
37 state[counter] = (u8)counter;
40 for (counter = 0; counter < 256; counter++) {
42 stateindex = (stateindex + key[keyindex] + t) & 0xff;
43 u = state[stateindex];
44 state[stateindex] = (u8)t;
45 state[counter] = (u8)u;
46 if (++keyindex >= key_len)
51 static u32 arcfour_byte(struct arc4context *parc4ctx)
58 state = parc4ctx->state;
59 x = (parc4ctx->x + 1) & 0xff;
61 y = (sx + parc4ctx->y) & 0xff;
67 return state[(sx + sy) & 0xff];
70 static void arcfour_encrypt(struct arc4context *parc4ctx, u8 *dest, u8 *src, u32 len)
74 for (i = 0; i < len; i++)
75 dest[i] = src[i] ^ (unsigned char)arcfour_byte(parc4ctx);
78 static int bcrc32initialized;
79 static u32 crc32_table[256];
81 static u8 crc32_reverseBit(u8 data)
83 return (u8)((data << 7) & 0x80) | ((data << 5) & 0x40) | ((data << 3) & 0x20) |
84 ((data << 1) & 0x10) | ((data >> 1) & 0x08) | ((data >> 3) & 0x04) |
85 ((data >> 5) & 0x02) | ((data >> 7) & 0x01);
88 static void crc32_init(void)
92 u8 *p = (u8 *)&c, *p1;
95 if (bcrc32initialized == 1)
100 for (i = 0; i < 256; ++i) {
101 k = crc32_reverseBit((u8)i);
102 for (c = ((u32)k) << 24, j = 8; j > 0; --j)
103 c = c & 0x80000000 ? (c << 1) ^ CRC32_POLY : (c << 1);
104 p1 = (u8 *)&crc32_table[i];
106 p1[0] = crc32_reverseBit(p[3]);
107 p1[1] = crc32_reverseBit(p[2]);
108 p1[2] = crc32_reverseBit(p[1]);
109 p1[3] = crc32_reverseBit(p[0]);
111 bcrc32initialized = 1;
114 static __le32 getcrc32(u8 *buf, int len)
119 if (bcrc32initialized == 0)
122 crc = 0xffffffff; /* preload shift register, per CRC-32 spec */
124 for (p = buf; len > 0; ++p, --len)
125 crc = crc32_table[(crc ^ *p) & 0xff] ^ (crc >> 8);
126 return cpu_to_le32(~crc); /* transmit complement, per CRC-32 spec */
129 /* Need to consider the fragment situation */
130 void rtw_wep_encrypt(struct adapter *padapter, struct xmit_frame *pxmitframe)
132 int curfragnum, length;
134 u8 hw_hdr_offset = 0;
135 struct pkt_attrib *pattrib = &pxmitframe->attrib;
136 struct security_priv *psecuritypriv = &padapter->securitypriv;
137 struct xmit_priv *pxmitpriv = &padapter->xmitpriv;
138 const int keyindex = psecuritypriv->dot11PrivacyKeyIndex;
139 void *crypto_private;
141 struct lib80211_crypto_ops *crypto_ops;
143 if (!pxmitframe->buf_addr)
146 if ((pattrib->encrypt != _WEP40_) && (pattrib->encrypt != _WEP104_))
149 hw_hdr_offset = TXDESC_SIZE +
150 (pxmitframe->pkt_offset * PACKET_OFFSET_SZ);
152 pframe = pxmitframe->buf_addr + hw_hdr_offset;
154 crypto_ops = lib80211_get_crypto_ops("WEP");
159 crypto_private = crypto_ops->init(keyindex);
163 if (crypto_ops->set_key(psecuritypriv->dot11DefKey[keyindex].skey,
164 psecuritypriv->dot11DefKeylen[keyindex], NULL, crypto_private) < 0)
165 goto free_crypto_private;
167 for (curfragnum = 0; curfragnum < pattrib->nr_frags; curfragnum++) {
168 if (curfragnum + 1 == pattrib->nr_frags)
169 length = pattrib->last_txcmdsz;
171 length = pxmitpriv->frag_len;
172 skb = dev_alloc_skb(length);
174 goto free_crypto_private;
176 skb_put_data(skb, pframe, length);
178 memmove(skb->data + 4, skb->data, pattrib->hdrlen);
180 skb_trim(skb, skb->len - 4);
182 if (crypto_ops->encrypt_mpdu(skb, pattrib->hdrlen, crypto_private)) {
184 goto free_crypto_private;
187 memcpy(pframe, skb->data, skb->len);
190 pframe = (u8 *)round_up((size_t)(pframe), 4);
196 crypto_ops->deinit(crypto_private);
199 int rtw_wep_decrypt(struct adapter *padapter, struct recv_frame *precvframe)
201 struct rx_pkt_attrib *prxattrib = &precvframe->attrib;
203 if ((prxattrib->encrypt == _WEP40_) || (prxattrib->encrypt == _WEP104_)) {
204 struct security_priv *psecuritypriv = &padapter->securitypriv;
205 struct sk_buff *skb = precvframe->pkt;
206 u8 *pframe = skb->data;
207 void *crypto_private = NULL;
208 int status = _SUCCESS;
209 const int keyindex = prxattrib->key_index;
210 struct lib80211_crypto_ops *crypto_ops = lib80211_get_crypto_ops("WEP");
218 memcpy(iv, pframe + prxattrib->hdrlen, 4);
219 memcpy(icv, pframe + skb->len - 4, 4);
221 crypto_private = crypto_ops->init(keyindex);
222 if (!crypto_private) {
226 if (crypto_ops->set_key(psecuritypriv->dot11DefKey[keyindex].skey,
227 psecuritypriv->dot11DefKeylen[keyindex], NULL, crypto_private) < 0) {
231 if (crypto_ops->decrypt_mpdu(skb, prxattrib->hdrlen, crypto_private)) {
236 memmove(pframe, pframe + 4, prxattrib->hdrlen);
240 memcpy(pframe + prxattrib->hdrlen, iv, 4);
241 memcpy(pframe + skb->len - 4, icv, 4);
244 if (crypto_ops && crypto_private)
245 crypto_ops->deinit(crypto_private);
252 /* 3 ===== TKIP related ===== */
254 static u32 secmicgetuint32(u8 *p)
255 /* Convert from Byte[] to Us3232 in a portable way */
260 for (i = 0; i < 4; i++)
261 res |= ((u32)(*p++)) << (8 * i);
265 static void secmicputuint32(u8 *p, u32 val)
266 /* Convert from Us3232 to Byte[] in a portable way */
270 for (i = 0; i < 4; i++) {
271 *p++ = (u8)(val & 0xff);
276 static void secmicclear(struct mic_data *pmicdata)
278 /* Reset the state to the empty message. */
279 pmicdata->L = pmicdata->K0;
280 pmicdata->R = pmicdata->K1;
281 pmicdata->nBytesInM = 0;
285 void rtw_secmicsetkey(struct mic_data *pmicdata, u8 *key)
288 pmicdata->K0 = secmicgetuint32(key);
289 pmicdata->K1 = secmicgetuint32(key + 4);
290 /* and reset the message */
291 secmicclear(pmicdata);
294 void rtw_secmicappendbyte(struct mic_data *pmicdata, u8 b)
296 /* Append the byte to our word-sized buffer */
297 pmicdata->M |= ((unsigned long)b) << (8 * pmicdata->nBytesInM);
298 pmicdata->nBytesInM++;
299 /* Process the word if it is full. */
300 if (pmicdata->nBytesInM >= 4) {
301 pmicdata->L ^= pmicdata->M;
302 pmicdata->R ^= ROL32(pmicdata->L, 17);
303 pmicdata->L += pmicdata->R;
304 pmicdata->R ^= ((pmicdata->L & 0xff00ff00) >> 8) | ((pmicdata->L & 0x00ff00ff) << 8);
305 pmicdata->L += pmicdata->R;
306 pmicdata->R ^= ROL32(pmicdata->L, 3);
307 pmicdata->L += pmicdata->R;
308 pmicdata->R ^= ROR32(pmicdata->L, 2);
309 pmicdata->L += pmicdata->R;
310 /* Clear the buffer */
312 pmicdata->nBytesInM = 0;
316 void rtw_secmicappend(struct mic_data *pmicdata, u8 *src, u32 nbytes)
320 rtw_secmicappendbyte(pmicdata, *src++);
325 void rtw_secgetmic(struct mic_data *pmicdata, u8 *dst)
327 /* Append the minimum padding */
328 rtw_secmicappendbyte(pmicdata, 0x5a);
329 rtw_secmicappendbyte(pmicdata, 0);
330 rtw_secmicappendbyte(pmicdata, 0);
331 rtw_secmicappendbyte(pmicdata, 0);
332 rtw_secmicappendbyte(pmicdata, 0);
333 /* and then zeroes until the length is a multiple of 4 */
334 while (pmicdata->nBytesInM != 0)
335 rtw_secmicappendbyte(pmicdata, 0);
336 /* The appendByte function has already computed the result. */
337 secmicputuint32(dst, pmicdata->L);
338 secmicputuint32(dst + 4, pmicdata->R);
339 /* Reset to the empty message. */
340 secmicclear(pmicdata);
343 void rtw_seccalctkipmic(u8 *key, u8 *header, u8 *data, u32 data_len, u8 *mic_code, u8 pri)
345 struct mic_data micdata;
346 u8 priority[4] = {0x0, 0x0, 0x0, 0x0};
348 rtw_secmicsetkey(&micdata, key);
351 /* Michael MIC pseudo header: DA, SA, 3 x 0, Priority */
352 if (header[1] & 1) { /* ToDS == 1 */
353 rtw_secmicappend(&micdata, &header[16], 6); /* DA */
354 if (header[1] & 2) /* From Ds == 1 */
355 rtw_secmicappend(&micdata, &header[24], 6);
357 rtw_secmicappend(&micdata, &header[10], 6);
358 } else { /* ToDS == 0 */
359 rtw_secmicappend(&micdata, &header[4], 6); /* DA */
360 if (header[1] & 2) /* From Ds == 1 */
361 rtw_secmicappend(&micdata, &header[16], 6);
363 rtw_secmicappend(&micdata, &header[10], 6);
365 rtw_secmicappend(&micdata, &priority[0], 4);
367 rtw_secmicappend(&micdata, data, data_len);
369 rtw_secgetmic(&micdata, mic_code);
372 /* macros for extraction/creation of unsigned char/unsigned short values */
373 #define RotR1(v16) ((((v16) >> 1) & 0x7FFF) ^ (((v16) & 1) << 15))
374 #define Lo8(v16) ((u8)((v16) & 0x00FF))
375 #define Hi8(v16) ((u8)(((v16) >> 8) & 0x00FF))
376 #define Lo16(v32) ((u16)((v32) & 0xFFFF))
377 #define Hi16(v32) ((u16)(((v32) >> 16) & 0xFFFF))
378 #define Mk16(hi, lo) ((lo) ^ (((u16)(hi)) << 8))
380 /* select the Nth 16-bit word of the temporal key unsigned char array TK[] */
381 #define TK16(N) Mk16(tk[2 * (N) + 1], tk[2 * (N)])
383 /* S-box lookup: 16 bits --> 16 bits */
384 #define _S_(v16) (Sbox1[0][Lo8(v16)] ^ Sbox1[1][Hi8(v16)])
386 /* fixed algorithm "parameters" */
387 #define PHASE1_LOOP_CNT 8 /* this needs to be "big enough" */
388 #define TA_SIZE 6 /* 48-bit transmitter address */
389 #define TK_SIZE 16 /* 128-bit temporal key */
390 #define P1K_SIZE 10 /* 80-bit Phase1 key */
391 #define RC4_KEY_SIZE 16 /* 128-bit RC4KEY (104 bits unknown) */
393 /* 2-unsigned char by 2-unsigned char subset of the full AES S-box table */
394 static const unsigned short Sbox1[2][256] = { /* Sbox for hash (can be in ROM) */
396 0xC6A5, 0xF884, 0xEE99, 0xF68D, 0xFF0D, 0xD6BD, 0xDEB1, 0x9154,
397 0x6050, 0x0203, 0xCEA9, 0x567D, 0xE719, 0xB562, 0x4DE6, 0xEC9A,
398 0x8F45, 0x1F9D, 0x8940, 0xFA87, 0xEF15, 0xB2EB, 0x8EC9, 0xFB0B,
399 0x41EC, 0xB367, 0x5FFD, 0x45EA, 0x23BF, 0x53F7, 0xE496, 0x9B5B,
400 0x75C2, 0xE11C, 0x3DAE, 0x4C6A, 0x6C5A, 0x7E41, 0xF502, 0x834F,
401 0x685C, 0x51F4, 0xD134, 0xF908, 0xE293, 0xAB73, 0x6253, 0x2A3F,
402 0x080C, 0x9552, 0x4665, 0x9D5E, 0x3028, 0x37A1, 0x0A0F, 0x2FB5,
403 0x0E09, 0x2436, 0x1B9B, 0xDF3D, 0xCD26, 0x4E69, 0x7FCD, 0xEA9F,
404 0x121B, 0x1D9E, 0x5874, 0x342E, 0x362D, 0xDCB2, 0xB4EE, 0x5BFB,
405 0xA4F6, 0x764D, 0xB761, 0x7DCE, 0x527B, 0xDD3E, 0x5E71, 0x1397,
406 0xA6F5, 0xB968, 0x0000, 0xC12C, 0x4060, 0xE31F, 0x79C8, 0xB6ED,
407 0xD4BE, 0x8D46, 0x67D9, 0x724B, 0x94DE, 0x98D4, 0xB0E8, 0x854A,
408 0xBB6B, 0xC52A, 0x4FE5, 0xED16, 0x86C5, 0x9AD7, 0x6655, 0x1194,
409 0x8ACF, 0xE910, 0x0406, 0xFE81, 0xA0F0, 0x7844, 0x25BA, 0x4BE3,
410 0xA2F3, 0x5DFE, 0x80C0, 0x058A, 0x3FAD, 0x21BC, 0x7048, 0xF104,
411 0x63DF, 0x77C1, 0xAF75, 0x4263, 0x2030, 0xE51A, 0xFD0E, 0xBF6D,
412 0x814C, 0x1814, 0x2635, 0xC32F, 0xBEE1, 0x35A2, 0x88CC, 0x2E39,
413 0x9357, 0x55F2, 0xFC82, 0x7A47, 0xC8AC, 0xBAE7, 0x322B, 0xE695,
414 0xC0A0, 0x1998, 0x9ED1, 0xA37F, 0x4466, 0x547E, 0x3BAB, 0x0B83,
415 0x8CCA, 0xC729, 0x6BD3, 0x283C, 0xA779, 0xBCE2, 0x161D, 0xAD76,
416 0xDB3B, 0x6456, 0x744E, 0x141E, 0x92DB, 0x0C0A, 0x486C, 0xB8E4,
417 0x9F5D, 0xBD6E, 0x43EF, 0xC4A6, 0x39A8, 0x31A4, 0xD337, 0xF28B,
418 0xD532, 0x8B43, 0x6E59, 0xDAB7, 0x018C, 0xB164, 0x9CD2, 0x49E0,
419 0xD8B4, 0xACFA, 0xF307, 0xCF25, 0xCAAF, 0xF48E, 0x47E9, 0x1018,
420 0x6FD5, 0xF088, 0x4A6F, 0x5C72, 0x3824, 0x57F1, 0x73C7, 0x9751,
421 0xCB23, 0xA17C, 0xE89C, 0x3E21, 0x96DD, 0x61DC, 0x0D86, 0x0F85,
422 0xE090, 0x7C42, 0x71C4, 0xCCAA, 0x90D8, 0x0605, 0xF701, 0x1C12,
423 0xC2A3, 0x6A5F, 0xAEF9, 0x69D0, 0x1791, 0x9958, 0x3A27, 0x27B9,
424 0xD938, 0xEB13, 0x2BB3, 0x2233, 0xD2BB, 0xA970, 0x0789, 0x33A7,
425 0x2DB6, 0x3C22, 0x1592, 0xC920, 0x8749, 0xAAFF, 0x5078, 0xA57A,
426 0x038F, 0x59F8, 0x0980, 0x1A17, 0x65DA, 0xD731, 0x84C6, 0xD0B8,
427 0x82C3, 0x29B0, 0x5A77, 0x1E11, 0x7BCB, 0xA8FC, 0x6DD6, 0x2C3A,
430 { /* second half of table is unsigned char-reversed version of first! */
431 0xA5C6, 0x84F8, 0x99EE, 0x8DF6, 0x0DFF, 0xBDD6, 0xB1DE, 0x5491,
432 0x5060, 0x0302, 0xA9CE, 0x7D56, 0x19E7, 0x62B5, 0xE64D, 0x9AEC,
433 0x458F, 0x9D1F, 0x4089, 0x87FA, 0x15EF, 0xEBB2, 0xC98E, 0x0BFB,
434 0xEC41, 0x67B3, 0xFD5F, 0xEA45, 0xBF23, 0xF753, 0x96E4, 0x5B9B,
435 0xC275, 0x1CE1, 0xAE3D, 0x6A4C, 0x5A6C, 0x417E, 0x02F5, 0x4F83,
436 0x5C68, 0xF451, 0x34D1, 0x08F9, 0x93E2, 0x73AB, 0x5362, 0x3F2A,
437 0x0C08, 0x5295, 0x6546, 0x5E9D, 0x2830, 0xA137, 0x0F0A, 0xB52F,
438 0x090E, 0x3624, 0x9B1B, 0x3DDF, 0x26CD, 0x694E, 0xCD7F, 0x9FEA,
439 0x1B12, 0x9E1D, 0x7458, 0x2E34, 0x2D36, 0xB2DC, 0xEEB4, 0xFB5B,
440 0xF6A4, 0x4D76, 0x61B7, 0xCE7D, 0x7B52, 0x3EDD, 0x715E, 0x9713,
441 0xF5A6, 0x68B9, 0x0000, 0x2CC1, 0x6040, 0x1FE3, 0xC879, 0xEDB6,
442 0xBED4, 0x468D, 0xD967, 0x4B72, 0xDE94, 0xD498, 0xE8B0, 0x4A85,
443 0x6BBB, 0x2AC5, 0xE54F, 0x16ED, 0xC586, 0xD79A, 0x5566, 0x9411,
444 0xCF8A, 0x10E9, 0x0604, 0x81FE, 0xF0A0, 0x4478, 0xBA25, 0xE34B,
445 0xF3A2, 0xFE5D, 0xC080, 0x8A05, 0xAD3F, 0xBC21, 0x4870, 0x04F1,
446 0xDF63, 0xC177, 0x75AF, 0x6342, 0x3020, 0x1AE5, 0x0EFD, 0x6DBF,
447 0x4C81, 0x1418, 0x3526, 0x2FC3, 0xE1BE, 0xA235, 0xCC88, 0x392E,
448 0x5793, 0xF255, 0x82FC, 0x477A, 0xACC8, 0xE7BA, 0x2B32, 0x95E6,
449 0xA0C0, 0x9819, 0xD19E, 0x7FA3, 0x6644, 0x7E54, 0xAB3B, 0x830B,
450 0xCA8C, 0x29C7, 0xD36B, 0x3C28, 0x79A7, 0xE2BC, 0x1D16, 0x76AD,
451 0x3BDB, 0x5664, 0x4E74, 0x1E14, 0xDB92, 0x0A0C, 0x6C48, 0xE4B8,
452 0x5D9F, 0x6EBD, 0xEF43, 0xA6C4, 0xA839, 0xA431, 0x37D3, 0x8BF2,
453 0x32D5, 0x438B, 0x596E, 0xB7DA, 0x8C01, 0x64B1, 0xD29C, 0xE049,
454 0xB4D8, 0xFAAC, 0x07F3, 0x25CF, 0xAFCA, 0x8EF4, 0xE947, 0x1810,
455 0xD56F, 0x88F0, 0x6F4A, 0x725C, 0x2438, 0xF157, 0xC773, 0x5197,
456 0x23CB, 0x7CA1, 0x9CE8, 0x213E, 0xDD96, 0xDC61, 0x860D, 0x850F,
457 0x90E0, 0x427C, 0xC471, 0xAACC, 0xD890, 0x0506, 0x01F7, 0x121C,
458 0xA3C2, 0x5F6A, 0xF9AE, 0xD069, 0x9117, 0x5899, 0x273A, 0xB927,
459 0x38D9, 0x13EB, 0xB32B, 0x3322, 0xBBD2, 0x70A9, 0x8907, 0xA733,
460 0xB62D, 0x223C, 0x9215, 0x20C9, 0x4987, 0xFFAA, 0x7850, 0x7AA5,
461 0x8F03, 0xF859, 0x8009, 0x171A, 0xDA65, 0x31D7, 0xC684, 0xB8D0,
462 0xC382, 0xB029, 0x775A, 0x111E, 0xCB7B, 0xFCA8, 0xD66D, 0x3A2C,
467 * phase1() - generate P1K, given TA, TK, IV32
468 * @tk[]: temporal key [128 bits]
469 * @ta[]: transmitter's MAC address [ 48 bits]
470 * @iv32: upper 32 bits of IV [ 32 bits]
472 * This function only needs to be called every 2**16 packets,
473 * although in theory it could be called every packet.
475 * Return: p1k[] - Phase 1 key [ 80 bits]
477 static void phase1(u16 *p1k, const u8 *tk, const u8 *ta, u32 iv32)
480 /* Initialize the 80 bits of P1K[] from IV32 and TA[0..5] */
483 p1k[2] = Mk16(ta[1], ta[0]); /* use TA[] as little-endian */
484 p1k[3] = Mk16(ta[3], ta[2]);
485 p1k[4] = Mk16(ta[5], ta[4]);
487 /* Now compute an unbalanced Feistel cipher with 80-bit block */
488 /* size on the 80-bit block P1K[], using the 128-bit key TK[] */
489 for (i = 0; i < PHASE1_LOOP_CNT; i++) { /* Each add operation here is mod 2**16 */
490 p1k[0] += _S_(p1k[4] ^ TK16((i & 1) + 0));
491 p1k[1] += _S_(p1k[0] ^ TK16((i & 1) + 2));
492 p1k[2] += _S_(p1k[1] ^ TK16((i & 1) + 4));
493 p1k[3] += _S_(p1k[2] ^ TK16((i & 1) + 6));
494 p1k[4] += _S_(p1k[3] ^ TK16((i & 1) + 0));
495 p1k[4] += (unsigned short)i; /* avoid "slide attacks" */
500 * phase2() - generate RC4KEY, given TK, P1K, IV16
501 * @tk[]: Temporal key [128 bits]
502 * @p1k[]: Phase 1 output key [ 80 bits]
503 * @iv16: low 16 bits of IV counter [ 16 bits]
505 * The value {TA, IV32, IV16} for Phase1/Phase2 must be unique
506 * across all packets using the same key TK value. Then, for a
507 * given value of TK[], this TKIP48 construction guarantees that
508 * the final RC4KEY value is unique across all packets.
510 * Suggested implementation optimization: if PPK[] is "overlaid"
511 * appropriately on RC4KEY[], there is no need for the final
512 * for loop below that copies the PPK[] result into RC4KEY[].
514 * Return: rc4key[] - the key used to encrypt the packet [128 bits]
516 static void phase2(u8 *rc4key, const u8 *tk, const u16 *p1k, u16 iv16)
519 u16 PPK[6]; /* temporary key for mixing */
520 /* Note: all adds in the PPK[] equations below are mod 2**16 */
521 for (i = 0; i < 5; i++)
522 PPK[i] = p1k[i]; /* first, copy P1K to PPK */
523 PPK[5] = p1k[4] + iv16; /* next, add in IV16 */
525 /* Bijective non-linear mixing of the 96 bits of PPK[0..5] */
526 PPK[0] += _S_(PPK[5] ^ TK16(0)); /* Mix key in each "round" */
527 PPK[1] += _S_(PPK[0] ^ TK16(1));
528 PPK[2] += _S_(PPK[1] ^ TK16(2));
529 PPK[3] += _S_(PPK[2] ^ TK16(3));
530 PPK[4] += _S_(PPK[3] ^ TK16(4));
531 PPK[5] += _S_(PPK[4] ^ TK16(5)); /* Total # S-box lookups == 6 */
533 /* Final sweep: bijective, "linear". Rotates kill LSB correlations */
534 PPK[0] += RotR1(PPK[5] ^ TK16(6));
535 PPK[1] += RotR1(PPK[0] ^ TK16(7)); /* Use all of TK[] in Phase2 */
536 PPK[2] += RotR1(PPK[1]);
537 PPK[3] += RotR1(PPK[2]);
538 PPK[4] += RotR1(PPK[3]);
539 PPK[5] += RotR1(PPK[4]);
540 /* Note: At this point, for a given key TK[0..15], the 96-bit output */
541 /* value PPK[0..5] is guaranteed to be unique, as a function */
542 /* of the 96-bit "input" value {TA, IV32, IV16}. That is, P1K */
543 /* is now a keyed permutation of {TA, IV32, IV16}. */
545 /* Set RC4KEY[0..3], which includes "cleartext" portion of RC4 key */
546 rc4key[0] = Hi8(iv16); /* RC4KEY[0..2] is the WEP IV */
547 rc4key[1] = (Hi8(iv16) | 0x20) & 0x7F; /* Help avoid weak (FMS) keys */
548 rc4key[2] = Lo8(iv16);
549 rc4key[3] = Lo8((PPK[5] ^ TK16(0)) >> 1);
551 /* Copy 96 bits of PPK[0..5] to RC4KEY[4..15] (little-endian) */
552 for (i = 0; i < 6; i++) {
553 rc4key[4 + 2 * i] = Lo8(PPK[i]);
554 rc4key[5 + 2 * i] = Hi8(PPK[i]);
558 /* The hlen isn't include the IV */
559 u32 rtw_tkip_encrypt(struct adapter *padapter, struct xmit_frame *pxmitframe)
566 u8 hw_hdr_offset = 0;
567 struct arc4context mycontext;
568 int curfragnum, length;
570 u8 *pframe, *payload, *iv, *prwskey;
571 union pn48 dot11txpn;
572 struct sta_info *stainfo;
573 struct pkt_attrib *pattrib = &pxmitframe->attrib;
574 struct security_priv *psecuritypriv = &padapter->securitypriv;
575 struct xmit_priv *pxmitpriv = &padapter->xmitpriv;
578 if (!pxmitframe->buf_addr)
581 hw_hdr_offset = TXDESC_SIZE +
582 (pxmitframe->pkt_offset * PACKET_OFFSET_SZ);
583 pframe = pxmitframe->buf_addr + hw_hdr_offset;
584 /* 4 start to encrypt each fragment */
585 if (pattrib->encrypt == _TKIP_) {
587 stainfo = pattrib->psta;
589 stainfo = rtw_get_stainfo(&padapter->stapriv, &pattrib->ra[0]);
592 RT_TRACE(_module_rtl871x_security_c_, _drv_err_, ("%s: stainfo!= NULL!!!\n", __func__));
594 if (is_multicast_ether_addr(pattrib->ra))
595 prwskey = psecuritypriv->dot118021XGrpKey[psecuritypriv->dot118021XGrpKeyid].skey;
597 prwskey = &stainfo->dot118021x_UncstKey.skey[0];
599 for (curfragnum = 0; curfragnum < pattrib->nr_frags; curfragnum++) {
600 iv = pframe + pattrib->hdrlen;
601 payload = pframe + pattrib->iv_len + pattrib->hdrlen;
603 GET_TKIP_PN(iv, dot11txpn);
605 pnl = (u16)(dot11txpn.val);
606 pnh = (u32)(dot11txpn.val >> 16);
607 phase1((u16 *)&ttkey[0], prwskey, &pattrib->ta[0], pnh);
608 phase2(&rc4key[0], prwskey, (u16 *)&ttkey[0], pnl);
610 if ((curfragnum + 1) == pattrib->nr_frags) { /* 4 the last fragment */
611 length = pattrib->last_txcmdsz - pattrib->hdrlen - pattrib->iv_len - pattrib->icv_len;
612 RT_TRACE(_module_rtl871x_security_c_, _drv_info_,
613 ("pattrib->iv_len=%x, pattrib->icv_len=%x\n",
614 pattrib->iv_len, pattrib->icv_len));
615 *((__le32 *)crc) = getcrc32(payload, length);/* modified by Amy*/
617 arcfour_init(&mycontext, rc4key, 16);
618 arcfour_encrypt(&mycontext, payload, payload, length);
619 arcfour_encrypt(&mycontext, payload + length, crc, 4);
621 length = pxmitpriv->frag_len - pattrib->hdrlen - pattrib->iv_len - pattrib->icv_len;
622 *((__le32 *)crc) = getcrc32(payload, length);/* modified by Amy*/
623 arcfour_init(&mycontext, rc4key, 16);
624 arcfour_encrypt(&mycontext, payload, payload, length);
625 arcfour_encrypt(&mycontext, payload + length, crc, 4);
627 pframe += pxmitpriv->frag_len;
628 pframe = (u8 *)round_up((size_t)(pframe), 4);
632 RT_TRACE(_module_rtl871x_security_c_, _drv_err_, ("%s: stainfo==NULL!!!\n", __func__));
639 /* The hlen isn't include the IV */
640 u32 rtw_tkip_decrypt(struct adapter *padapter, struct recv_frame *precvframe)
647 struct arc4context mycontext;
649 u8 *pframe, *payload, *iv, *prwskey;
650 union pn48 dot11txpn;
651 struct sta_info *stainfo;
652 struct rx_pkt_attrib *prxattrib = &precvframe->attrib;
653 struct security_priv *psecuritypriv = &padapter->securitypriv;
656 pframe = (unsigned char *)precvframe->pkt->data;
658 /* 4 start to decrypt recvframe */
659 if (prxattrib->encrypt == _TKIP_) {
660 stainfo = rtw_get_stainfo(&padapter->stapriv, &prxattrib->ta[0]);
662 if (is_multicast_ether_addr(prxattrib->ra)) {
663 if (!psecuritypriv->binstallGrpkey) {
665 DBG_88E("%s:rx bc/mc packets, but didn't install group key!!!!!!!!!!\n", __func__);
668 prwskey = psecuritypriv->dot118021XGrpKey[prxattrib->key_index].skey;
670 RT_TRACE(_module_rtl871x_security_c_, _drv_err_, ("%s: stainfo!= NULL!!!\n", __func__));
671 prwskey = &stainfo->dot118021x_UncstKey.skey[0];
674 iv = pframe + prxattrib->hdrlen;
675 payload = pframe + prxattrib->iv_len + prxattrib->hdrlen;
676 length = precvframe->pkt->len - prxattrib->hdrlen - prxattrib->iv_len;
678 GET_TKIP_PN(iv, dot11txpn);
680 pnl = (u16)(dot11txpn.val);
681 pnh = (u32)(dot11txpn.val >> 16);
683 phase1((u16 *)&ttkey[0], prwskey, &prxattrib->ta[0], pnh);
684 phase2(&rc4key[0], prwskey, (unsigned short *)&ttkey[0], pnl);
686 /* 4 decrypt payload include icv */
688 arcfour_init(&mycontext, rc4key, 16);
689 arcfour_encrypt(&mycontext, payload, payload, length);
691 *((__le32 *)crc) = getcrc32(payload, length - 4);
693 if (crc[3] != payload[length - 1] ||
694 crc[2] != payload[length - 2] ||
695 crc[1] != payload[length - 3] ||
696 crc[0] != payload[length - 4]) {
697 RT_TRACE(_module_rtl871x_security_c_, _drv_err_,
698 ("rtw_wep_decrypt:icv error crc (%4ph)!=payload (%4ph)\n",
699 &crc, &payload[length - 4]));
703 RT_TRACE(_module_rtl871x_security_c_, _drv_err_, ("%s: stainfo==NULL!!!\n", __func__));
711 u32 rtw_aes_encrypt(struct adapter *padapter, struct xmit_frame *pxmitframe)
713 int curfragnum, length;
714 u8 *pframe; /* *payload,*iv */
715 u8 hw_hdr_offset = 0;
716 struct sta_info *stainfo;
717 struct pkt_attrib *pattrib = &pxmitframe->attrib;
718 struct security_priv *psecuritypriv = &padapter->securitypriv;
719 struct xmit_priv *pxmitpriv = &padapter->xmitpriv;
721 void *crypto_private;
723 struct lib80211_crypto_ops *crypto_ops;
724 const int key_idx = is_multicast_ether_addr(pattrib->ra) ? psecuritypriv->dot118021XGrpKeyid : 0;
725 const int key_length = 16;
728 if (!pxmitframe->buf_addr)
731 hw_hdr_offset = TXDESC_SIZE +
732 (pxmitframe->pkt_offset * PACKET_OFFSET_SZ);
734 pframe = pxmitframe->buf_addr + hw_hdr_offset;
736 /* 4 start to encrypt each fragment */
737 if (pattrib->encrypt != _AES_)
741 stainfo = pattrib->psta;
743 stainfo = rtw_get_stainfo(&padapter->stapriv, &pattrib->ra[0]);
746 RT_TRACE(_module_rtl871x_security_c_, _drv_err_, ("%s: stainfo==NULL!!!\n", __func__));
750 crypto_ops = lib80211_get_crypto_ops("CCMP");
752 if (is_multicast_ether_addr(pattrib->ra))
753 key = psecuritypriv->dot118021XGrpKey[key_idx].skey;
755 key = stainfo->dot118021x_UncstKey.skey;
762 crypto_private = crypto_ops->init(key_idx);
763 if (!crypto_private) {
768 if (crypto_ops->set_key(key, key_length, NULL, crypto_private) < 0) {
770 goto exit_crypto_ops_deinit;
773 RT_TRACE(_module_rtl871x_security_c_, _drv_err_, ("%s: stainfo!= NULL!!!\n", __func__));
775 for (curfragnum = 0; curfragnum < pattrib->nr_frags; curfragnum++) {
776 if (curfragnum + 1 == pattrib->nr_frags)
777 length = pattrib->last_txcmdsz;
779 length = pxmitpriv->frag_len;
781 skb = dev_alloc_skb(length);
784 goto exit_crypto_ops_deinit;
787 skb_put_data(skb, pframe, length);
789 memmove(skb->data + pattrib->iv_len, skb->data, pattrib->hdrlen);
790 skb_pull(skb, pattrib->iv_len);
791 skb_trim(skb, skb->len - pattrib->icv_len);
793 if (crypto_ops->encrypt_mpdu(skb, pattrib->hdrlen, crypto_private)) {
796 goto exit_crypto_ops_deinit;
799 memcpy(pframe, skb->data, skb->len);
802 pframe = (u8 *)round_up((size_t)(pframe), 8);
807 exit_crypto_ops_deinit:
808 crypto_ops->deinit(crypto_private);
814 u32 rtw_aes_decrypt(struct adapter *padapter, struct recv_frame *precvframe)
816 struct rx_pkt_attrib *prxattrib = &precvframe->attrib;
819 /* 4 start to encrypt each fragment */
820 if (prxattrib->encrypt == _AES_) {
821 struct sta_info *stainfo = rtw_get_stainfo(&padapter->stapriv, &prxattrib->ta[0]);
825 const int key_length = 16, iv_len = 8, icv_len = 8;
826 struct sk_buff *skb = precvframe->pkt;
827 void *crypto_private = NULL;
828 u8 *key, *pframe = skb->data;
829 struct lib80211_crypto_ops *crypto_ops = lib80211_get_crypto_ops("CCMP");
830 struct security_priv *psecuritypriv = &padapter->securitypriv;
833 if (is_multicast_ether_addr(prxattrib->ra)) {
834 /* in concurrent we should use sw descrypt in group key, so we remove this message */
835 if (!psecuritypriv->binstallGrpkey) {
837 DBG_88E("%s:rx bc/mc packets, but didn't install group key!!!!!!!!!!\n", __func__);
840 key_idx = psecuritypriv->dot118021XGrpKeyid;
841 key = psecuritypriv->dot118021XGrpKey[key_idx].skey;
844 key = stainfo->dot118021x_UncstKey.skey;
849 goto exit_lib80211_ccmp;
852 memcpy(iv, pframe + prxattrib->hdrlen, iv_len);
853 memcpy(icv, pframe + skb->len - icv_len, icv_len);
855 crypto_private = crypto_ops->init(key_idx);
856 if (!crypto_private) {
858 goto exit_lib80211_ccmp;
860 if (crypto_ops->set_key(key, key_length, NULL, crypto_private) < 0) {
862 goto exit_lib80211_ccmp;
864 if (crypto_ops->decrypt_mpdu(skb, prxattrib->hdrlen, crypto_private)) {
866 goto exit_lib80211_ccmp;
869 memmove(pframe, pframe + iv_len, prxattrib->hdrlen);
870 skb_push(skb, iv_len);
871 skb_put(skb, icv_len);
873 memcpy(pframe + prxattrib->hdrlen, iv, iv_len);
874 memcpy(pframe + skb->len - icv_len, icv, icv_len);
877 if (crypto_ops && crypto_private)
878 crypto_ops->deinit(crypto_private);
880 RT_TRACE(_module_rtl871x_security_c_, _drv_err_, ("rtw_aes_encrypt: stainfo==NULL!!!\n"));
projects / linux-2.6-microblaze.git / blob