1 // SPDX-License-Identifier: GPL-2.0
2 /******************************************************************************
4 * Copyright(c) 2007 - 2011 Realtek Corporation. All rights reserved.
6 ******************************************************************************/
7 #define _RTW_SECURITY_C_
9 #include <osdep_service.h>
10 #include <drv_types.h>
12 #include <osdep_intf.h>
13 #include <net/lib80211.h>
15 /* WEP related ===== */
17 #define CRC32_POLY 0x04c11db7
25 static void arcfour_init(struct arc4context *parc4ctx, u8 *key, u32 key_len)
33 state = parc4ctx->state;
36 for (counter = 0; counter < 256; counter++)
37 state[counter] = (u8)counter;
40 for (counter = 0; counter < 256; counter++) {
42 stateindex = (stateindex + key[keyindex] + t) & 0xff;
43 u = state[stateindex];
44 state[stateindex] = (u8)t;
45 state[counter] = (u8)u;
46 if (++keyindex >= key_len)
51 static u32 arcfour_byte(struct arc4context *parc4ctx)
58 state = parc4ctx->state;
59 x = (parc4ctx->x + 1) & 0xff;
61 y = (sx + parc4ctx->y) & 0xff;
67 return state[(sx + sy) & 0xff];
70 static void arcfour_encrypt(struct arc4context *parc4ctx, u8 *dest, u8 *src, u32 len)
74 for (i = 0; i < len; i++)
75 dest[i] = src[i] ^ (unsigned char)arcfour_byte(parc4ctx);
78 static int bcrc32initialized;
79 static u32 crc32_table[256];
81 static u8 crc32_reverseBit(u8 data)
83 return (u8)((data << 7) & 0x80) | ((data << 5) & 0x40) | ((data << 3) & 0x20) |
84 ((data << 1) & 0x10) | ((data >> 1) & 0x08) | ((data >> 3) & 0x04) |
85 ((data >> 5) & 0x02) | ((data >> 7) & 0x01);
88 static void crc32_init(void)
92 u8 *p = (u8 *)&c, *p1;
95 if (bcrc32initialized == 1)
100 for (i = 0; i < 256; ++i) {
101 k = crc32_reverseBit((u8)i);
102 for (c = ((u32)k) << 24, j = 8; j > 0; --j)
103 c = c & 0x80000000 ? (c << 1) ^ CRC32_POLY : (c << 1);
104 p1 = (u8 *)&crc32_table[i];
106 p1[0] = crc32_reverseBit(p[3]);
107 p1[1] = crc32_reverseBit(p[2]);
108 p1[2] = crc32_reverseBit(p[1]);
109 p1[3] = crc32_reverseBit(p[0]);
111 bcrc32initialized = 1;
114 static __le32 getcrc32(u8 *buf, int len)
119 if (bcrc32initialized == 0)
122 crc = 0xffffffff; /* preload shift register, per CRC-32 spec */
124 for (p = buf; len > 0; ++p, --len)
125 crc = crc32_table[(crc ^ *p) & 0xff] ^ (crc >> 8);
126 return cpu_to_le32(~crc); /* transmit complement, per CRC-32 spec */
129 /* Need to consider the fragment situation */
130 void rtw_wep_encrypt(struct adapter *padapter, struct xmit_frame *pxmitframe)
132 int curfragnum, length;
134 u8 hw_hdr_offset = 0;
135 struct pkt_attrib *pattrib = &pxmitframe->attrib;
136 struct security_priv *psecuritypriv = &padapter->securitypriv;
137 struct xmit_priv *pxmitpriv = &padapter->xmitpriv;
138 const int keyindex = psecuritypriv->dot11PrivacyKeyIndex;
139 void *crypto_private;
141 struct lib80211_crypto_ops *crypto_ops;
143 if (!pxmitframe->buf_addr)
146 if ((pattrib->encrypt != _WEP40_) && (pattrib->encrypt != _WEP104_))
149 hw_hdr_offset = TXDESC_SIZE +
150 (pxmitframe->pkt_offset * PACKET_OFFSET_SZ);
152 pframe = pxmitframe->buf_addr + hw_hdr_offset;
154 crypto_ops = lib80211_get_crypto_ops("WEP");
159 crypto_private = crypto_ops->init(keyindex);
163 if (crypto_ops->set_key(psecuritypriv->dot11DefKey[keyindex].skey,
164 psecuritypriv->dot11DefKeylen[keyindex], NULL, crypto_private) < 0)
165 goto free_crypto_private;
167 for (curfragnum = 0; curfragnum < pattrib->nr_frags; curfragnum++) {
168 if (curfragnum + 1 == pattrib->nr_frags)
169 length = pattrib->last_txcmdsz;
171 length = pxmitpriv->frag_len;
172 skb = dev_alloc_skb(length);
174 goto free_crypto_private;
176 skb_put_data(skb, pframe, length);
178 memmove(skb->data + 4, skb->data, pattrib->hdrlen);
180 skb_trim(skb, skb->len - 4);
182 if (crypto_ops->encrypt_mpdu(skb, pattrib->hdrlen, crypto_private)) {
184 goto free_crypto_private;
187 memcpy(pframe, skb->data, skb->len);
190 pframe = (u8 *)round_up((size_t)(pframe), 4);
196 crypto_ops->deinit(crypto_private);
199 int rtw_wep_decrypt(struct adapter *padapter, struct recv_frame *precvframe)
201 struct rx_pkt_attrib *prxattrib = &precvframe->attrib;
203 if ((prxattrib->encrypt == _WEP40_) || (prxattrib->encrypt == _WEP104_)) {
204 struct security_priv *psecuritypriv = &padapter->securitypriv;
205 struct sk_buff *skb = precvframe->pkt;
206 u8 *pframe = skb->data;
207 void *crypto_private = NULL;
208 int status = _SUCCESS;
209 const int keyindex = prxattrib->key_index;
210 struct lib80211_crypto_ops *crypto_ops = lib80211_get_crypto_ops("WEP");
218 memcpy(iv, pframe + prxattrib->hdrlen, 4);
219 memcpy(icv, pframe + skb->len - 4, 4);
221 crypto_private = crypto_ops->init(keyindex);
222 if (!crypto_private) {
226 if (crypto_ops->set_key(psecuritypriv->dot11DefKey[keyindex].skey,
227 psecuritypriv->dot11DefKeylen[keyindex], NULL, crypto_private) < 0) {
231 if (crypto_ops->decrypt_mpdu(skb, prxattrib->hdrlen, crypto_private)) {
236 memmove(pframe, pframe + 4, prxattrib->hdrlen);
240 memcpy(pframe + prxattrib->hdrlen, iv, 4);
241 memcpy(pframe + skb->len - 4, icv, 4);
244 if (crypto_ops && crypto_private)
245 crypto_ops->deinit(crypto_private);
252 /* 3 ===== TKIP related ===== */
254 static u32 secmicgetuint32(u8 *p)
255 /* Convert from Byte[] to Us3232 in a portable way */
260 for (i = 0; i < 4; i++)
261 res |= ((u32)(*p++)) << (8 * i);
265 static void secmicputuint32(u8 *p, u32 val)
266 /* Convert from Us3232 to Byte[] in a portable way */
270 for (i = 0; i < 4; i++) {
271 *p++ = (u8)(val & 0xff);
276 static void secmicclear(struct mic_data *pmicdata)
278 /* Reset the state to the empty message. */
279 pmicdata->L = pmicdata->K0;
280 pmicdata->R = pmicdata->K1;
281 pmicdata->nBytesInM = 0;
285 void rtw_secmicsetkey(struct mic_data *pmicdata, u8 *key)
288 pmicdata->K0 = secmicgetuint32(key);
289 pmicdata->K1 = secmicgetuint32(key + 4);
290 /* and reset the message */
291 secmicclear(pmicdata);
294 void rtw_secmicappendbyte(struct mic_data *pmicdata, u8 b)
296 /* Append the byte to our word-sized buffer */
297 pmicdata->M |= ((unsigned long)b) << (8 * pmicdata->nBytesInM);
298 pmicdata->nBytesInM++;
299 /* Process the word if it is full. */
300 if (pmicdata->nBytesInM >= 4) {
301 pmicdata->L ^= pmicdata->M;
302 pmicdata->R ^= ROL32(pmicdata->L, 17);
303 pmicdata->L += pmicdata->R;
304 pmicdata->R ^= ((pmicdata->L & 0xff00ff00) >> 8) | ((pmicdata->L & 0x00ff00ff) << 8);
305 pmicdata->L += pmicdata->R;
306 pmicdata->R ^= ROL32(pmicdata->L, 3);
307 pmicdata->L += pmicdata->R;
308 pmicdata->R ^= ROR32(pmicdata->L, 2);
309 pmicdata->L += pmicdata->R;
310 /* Clear the buffer */
312 pmicdata->nBytesInM = 0;
316 void rtw_secmicappend(struct mic_data *pmicdata, u8 *src, u32 nbytes)
320 rtw_secmicappendbyte(pmicdata, *src++);
325 void rtw_secgetmic(struct mic_data *pmicdata, u8 *dst)
327 /* Append the minimum padding */
328 rtw_secmicappendbyte(pmicdata, 0x5a);
329 rtw_secmicappendbyte(pmicdata, 0);
330 rtw_secmicappendbyte(pmicdata, 0);
331 rtw_secmicappendbyte(pmicdata, 0);
332 rtw_secmicappendbyte(pmicdata, 0);
333 /* and then zeroes until the length is a multiple of 4 */
334 while (pmicdata->nBytesInM != 0)
335 rtw_secmicappendbyte(pmicdata, 0);
336 /* The appendByte function has already computed the result. */
337 secmicputuint32(dst, pmicdata->L);
338 secmicputuint32(dst + 4, pmicdata->R);
339 /* Reset to the empty message. */
340 secmicclear(pmicdata);
343 void rtw_seccalctkipmic(u8 *key, u8 *header, u8 *data, u32 data_len, u8 *mic_code, u8 pri)
345 struct mic_data micdata;
346 u8 priority[4] = {0x0, 0x0, 0x0, 0x0};
348 rtw_secmicsetkey(&micdata, key);
351 /* Michael MIC pseudo header: DA, SA, 3 x 0, Priority */
352 if (header[1] & 1) { /* ToDS == 1 */
353 rtw_secmicappend(&micdata, &header[16], 6); /* DA */
354 if (header[1] & 2) /* From Ds == 1 */
355 rtw_secmicappend(&micdata, &header[24], 6);
357 rtw_secmicappend(&micdata, &header[10], 6);
358 } else { /* ToDS == 0 */
359 rtw_secmicappend(&micdata, &header[4], 6); /* DA */
360 if (header[1] & 2) /* From Ds == 1 */
361 rtw_secmicappend(&micdata, &header[16], 6);
363 rtw_secmicappend(&micdata, &header[10], 6);
365 rtw_secmicappend(&micdata, &priority[0], 4);
367 rtw_secmicappend(&micdata, data, data_len);
369 rtw_secgetmic(&micdata, mic_code);
372 /* macros for extraction/creation of unsigned char/unsigned short values */
373 #define RotR1(v16) ((((v16) >> 1) & 0x7FFF) ^ (((v16) & 1) << 15))
374 #define Lo8(v16) ((u8)((v16) & 0x00FF))
375 #define Hi8(v16) ((u8)(((v16) >> 8) & 0x00FF))
376 #define Lo16(v32) ((u16)((v32) & 0xFFFF))
377 #define Hi16(v32) ((u16)(((v32) >> 16) & 0xFFFF))
378 #define Mk16(hi, lo) ((lo) ^ (((u16)(hi)) << 8))
380 /* select the Nth 16-bit word of the temporal key unsigned char array TK[] */
381 #define TK16(N) Mk16(tk[2 * (N) + 1], tk[2 * (N)])
383 /* S-box lookup: 16 bits --> 16 bits */
384 #define _S_(v16) (Sbox1[0][Lo8(v16)] ^ Sbox1[1][Hi8(v16)])
386 /* fixed algorithm "parameters" */
387 #define PHASE1_LOOP_CNT 8 /* this needs to be "big enough" */
388 #define TA_SIZE 6 /* 48-bit transmitter address */
389 #define TK_SIZE 16 /* 128-bit temporal key */
390 #define P1K_SIZE 10 /* 80-bit Phase1 key */
391 #define RC4_KEY_SIZE 16 /* 128-bit RC4KEY (104 bits unknown) */
393 /* 2-unsigned char by 2-unsigned char subset of the full AES S-box table */
394 static const unsigned short Sbox1[2][256] = { /* Sbox for hash (can be in ROM) */
396 0xC6A5, 0xF884, 0xEE99, 0xF68D, 0xFF0D, 0xD6BD, 0xDEB1, 0x9154,
397 0x6050, 0x0203, 0xCEA9, 0x567D, 0xE719, 0xB562, 0x4DE6, 0xEC9A,
398 0x8F45, 0x1F9D, 0x8940, 0xFA87, 0xEF15, 0xB2EB, 0x8EC9, 0xFB0B,
399 0x41EC, 0xB367, 0x5FFD, 0x45EA, 0x23BF, 0x53F7, 0xE496, 0x9B5B,
400 0x75C2, 0xE11C, 0x3DAE, 0x4C6A, 0x6C5A, 0x7E41, 0xF502, 0x834F,
401 0x685C, 0x51F4, 0xD134, 0xF908, 0xE293, 0xAB73, 0x6253, 0x2A3F,
402 0x080C, 0x9552, 0x4665, 0x9D5E, 0x3028, 0x37A1, 0x0A0F, 0x2FB5,
403 0x0E09, 0x2436, 0x1B9B, 0xDF3D, 0xCD26, 0x4E69, 0x7FCD, 0xEA9F,
404 0x121B, 0x1D9E, 0x5874, 0x342E, 0x362D, 0xDCB2, 0xB4EE, 0x5BFB,
405 0xA4F6, 0x764D, 0xB761, 0x7DCE, 0x527B, 0xDD3E, 0x5E71, 0x1397,
406 0xA6F5, 0xB968, 0x0000, 0xC12C, 0x4060, 0xE31F, 0x79C8, 0xB6ED,
407 0xD4BE, 0x8D46, 0x67D9, 0x724B, 0x94DE, 0x98D4, 0xB0E8, 0x854A,
408 0xBB6B, 0xC52A, 0x4FE5, 0xED16, 0x86C5, 0x9AD7, 0x6655, 0x1194,
409 0x8ACF, 0xE910, 0x0406, 0xFE81, 0xA0F0, 0x7844, 0x25BA, 0x4BE3,
410 0xA2F3, 0x5DFE, 0x80C0, 0x058A, 0x3FAD, 0x21BC, 0x7048, 0xF104,
411 0x63DF, 0x77C1, 0xAF75, 0x4263, 0x2030, 0xE51A, 0xFD0E, 0xBF6D,
412 0x814C, 0x1814, 0x2635, 0xC32F, 0xBEE1, 0x35A2, 0x88CC, 0x2E39,
413 0x9357, 0x55F2, 0xFC82, 0x7A47, 0xC8AC, 0xBAE7, 0x322B, 0xE695,
414 0xC0A0, 0x1998, 0x9ED1, 0xA37F, 0x4466, 0x547E, 0x3BAB, 0x0B83,
415 0x8CCA, 0xC729, 0x6BD3, 0x283C, 0xA779, 0xBCE2, 0x161D, 0xAD76,
416 0xDB3B, 0x6456, 0x744E, 0x141E, 0x92DB, 0x0C0A, 0x486C, 0xB8E4,
417 0x9F5D, 0xBD6E, 0x43EF, 0xC4A6, 0x39A8, 0x31A4, 0xD337, 0xF28B,
418 0xD532, 0x8B43, 0x6E59, 0xDAB7, 0x018C, 0xB164, 0x9CD2, 0x49E0,
419 0xD8B4, 0xACFA, 0xF307, 0xCF25, 0xCAAF, 0xF48E, 0x47E9, 0x1018,
420 0x6FD5, 0xF088, 0x4A6F, 0x5C72, 0x3824, 0x57F1, 0x73C7, 0x9751,
421 0xCB23, 0xA17C, 0xE89C, 0x3E21, 0x96DD, 0x61DC, 0x0D86, 0x0F85,
422 0xE090, 0x7C42, 0x71C4, 0xCCAA, 0x90D8, 0x0605, 0xF701, 0x1C12,
423 0xC2A3, 0x6A5F, 0xAEF9, 0x69D0, 0x1791, 0x9958, 0x3A27, 0x27B9,
424 0xD938, 0xEB13, 0x2BB3, 0x2233, 0xD2BB, 0xA970, 0x0789, 0x33A7,
425 0x2DB6, 0x3C22, 0x1592, 0xC920, 0x8749, 0xAAFF, 0x5078, 0xA57A,
426 0x038F, 0x59F8, 0x0980, 0x1A17, 0x65DA, 0xD731, 0x84C6, 0xD0B8,
427 0x82C3, 0x29B0, 0x5A77, 0x1E11, 0x7BCB, 0xA8FC, 0x6DD6, 0x2C3A,
430 { /* second half of table is unsigned char-reversed version of first! */
431 0xA5C6, 0x84F8, 0x99EE, 0x8DF6, 0x0DFF, 0xBDD6, 0xB1DE, 0x5491,
432 0x5060, 0x0302, 0xA9CE, 0x7D56, 0x19E7, 0x62B5, 0xE64D, 0x9AEC,
433 0x458F, 0x9D1F, 0x4089, 0x87FA, 0x15EF, 0xEBB2, 0xC98E, 0x0BFB,
434 0xEC41, 0x67B3, 0xFD5F, 0xEA45, 0xBF23, 0xF753, 0x96E4, 0x5B9B,
435 0xC275, 0x1CE1, 0xAE3D, 0x6A4C, 0x5A6C, 0x417E, 0x02F5, 0x4F83,
436 0x5C68, 0xF451, 0x34D1, 0x08F9, 0x93E2, 0x73AB, 0x5362, 0x3F2A,
437 0x0C08, 0x5295, 0x6546, 0x5E9D, 0x2830, 0xA137, 0x0F0A, 0xB52F,
438 0x090E, 0x3624, 0x9B1B, 0x3DDF, 0x26CD, 0x694E, 0xCD7F, 0x9FEA,
439 0x1B12, 0x9E1D, 0x7458, 0x2E34, 0x2D36, 0xB2DC, 0xEEB4, 0xFB5B,
440 0xF6A4, 0x4D76, 0x61B7, 0xCE7D, 0x7B52, 0x3EDD, 0x715E, 0x9713,
441 0xF5A6, 0x68B9, 0x0000, 0x2CC1, 0x6040, 0x1FE3, 0xC879, 0xEDB6,
442 0xBED4, 0x468D, 0xD967, 0x4B72, 0xDE94, 0xD498, 0xE8B0, 0x4A85,
443 0x6BBB, 0x2AC5, 0xE54F, 0x16ED, 0xC586, 0xD79A, 0x5566, 0x9411,
444 0xCF8A, 0x10E9, 0x0604, 0x81FE, 0xF0A0, 0x4478, 0xBA25, 0xE34B,
445 0xF3A2, 0xFE5D, 0xC080, 0x8A05, 0xAD3F, 0xBC21, 0x4870, 0x04F1,
446 0xDF63, 0xC177, 0x75AF, 0x6342, 0x3020, 0x1AE5, 0x0EFD, 0x6DBF,
447 0x4C81, 0x1418, 0x3526, 0x2FC3, 0xE1BE, 0xA235, 0xCC88, 0x392E,
448 0x5793, 0xF255, 0x82FC, 0x477A, 0xACC8, 0xE7BA, 0x2B32, 0x95E6,
449 0xA0C0, 0x9819, 0xD19E, 0x7FA3, 0x6644, 0x7E54, 0xAB3B, 0x830B,
450 0xCA8C, 0x29C7, 0xD36B, 0x3C28, 0x79A7, 0xE2BC, 0x1D16, 0x76AD,
451 0x3BDB, 0x5664, 0x4E74, 0x1E14, 0xDB92, 0x0A0C, 0x6C48, 0xE4B8,
452 0x5D9F, 0x6EBD, 0xEF43, 0xA6C4, 0xA839, 0xA431, 0x37D3, 0x8BF2,
453 0x32D5, 0x438B, 0x596E, 0xB7DA, 0x8C01, 0x64B1, 0xD29C, 0xE049,
454 0xB4D8, 0xFAAC, 0x07F3, 0x25CF, 0xAFCA, 0x8EF4, 0xE947, 0x1810,
455 0xD56F, 0x88F0, 0x6F4A, 0x725C, 0x2438, 0xF157, 0xC773, 0x5197,
456 0x23CB, 0x7CA1, 0x9CE8, 0x213E, 0xDD96, 0xDC61, 0x860D, 0x850F,
457 0x90E0, 0x427C, 0xC471, 0xAACC, 0xD890, 0x0506, 0x01F7, 0x121C,
458 0xA3C2, 0x5F6A, 0xF9AE, 0xD069, 0x9117, 0x5899, 0x273A, 0xB927,
459 0x38D9, 0x13EB, 0xB32B, 0x3322, 0xBBD2, 0x70A9, 0x8907, 0xA733,
460 0xB62D, 0x223C, 0x9215, 0x20C9, 0x4987, 0xFFAA, 0x7850, 0x7AA5,
461 0x8F03, 0xF859, 0x8009, 0x171A, 0xDA65, 0x31D7, 0xC684, 0xB8D0,
462 0xC382, 0xB029, 0x775A, 0x111E, 0xCB7B, 0xFCA8, 0xD66D, 0x3A2C,
467 * phase1() - generate P1K, given TA, TK, IV32
468 * @p1k: placeholder for the returned phase 1 key
469 * @tk: temporal key [128 bits]
470 * @ta: transmitter's MAC address [ 48 bits]
471 * @iv32: upper 32 bits of IV [ 32 bits]
473 * This function only needs to be called every 2**16 packets,
474 * although in theory it could be called every packet.
476 * Return: p1k[] - Phase 1 key [ 80 bits]
478 static void phase1(u16 *p1k, const u8 *tk, const u8 *ta, u32 iv32)
481 /* Initialize the 80 bits of P1K[] from IV32 and TA[0..5] */
484 p1k[2] = Mk16(ta[1], ta[0]); /* use TA[] as little-endian */
485 p1k[3] = Mk16(ta[3], ta[2]);
486 p1k[4] = Mk16(ta[5], ta[4]);
488 /* Now compute an unbalanced Feistel cipher with 80-bit block */
489 /* size on the 80-bit block P1K[], using the 128-bit key TK[] */
490 for (i = 0; i < PHASE1_LOOP_CNT; i++) { /* Each add operation here is mod 2**16 */
491 p1k[0] += _S_(p1k[4] ^ TK16((i & 1) + 0));
492 p1k[1] += _S_(p1k[0] ^ TK16((i & 1) + 2));
493 p1k[2] += _S_(p1k[1] ^ TK16((i & 1) + 4));
494 p1k[3] += _S_(p1k[2] ^ TK16((i & 1) + 6));
495 p1k[4] += _S_(p1k[3] ^ TK16((i & 1) + 0));
496 p1k[4] += (unsigned short)i; /* avoid "slide attacks" */
501 * phase2() - generate RC4KEY, given TK, P1K, IV16
502 * @rc4key: Placeholder for the returned key
503 * @tk: Temporal key [128 bits]
504 * @p1k: Phase 1 output key [ 80 bits]
505 * @iv16: low 16 bits of IV counter [ 16 bits]
507 * The value {TA, IV32, IV16} for Phase1/Phase2 must be unique
508 * across all packets using the same key TK value. Then, for a
509 * given value of TK[], this TKIP48 construction guarantees that
510 * the final RC4KEY value is unique across all packets.
512 * Suggested implementation optimization: if PPK[] is "overlaid"
513 * appropriately on RC4KEY[], there is no need for the final
514 * for loop below that copies the PPK[] result into RC4KEY[].
516 * Return: rc4key[] - the key used to encrypt the packet [128 bits]
518 static void phase2(u8 *rc4key, const u8 *tk, const u16 *p1k, u16 iv16)
521 u16 PPK[6]; /* temporary key for mixing */
522 /* Note: all adds in the PPK[] equations below are mod 2**16 */
523 for (i = 0; i < 5; i++)
524 PPK[i] = p1k[i]; /* first, copy P1K to PPK */
525 PPK[5] = p1k[4] + iv16; /* next, add in IV16 */
527 /* Bijective non-linear mixing of the 96 bits of PPK[0..5] */
528 PPK[0] += _S_(PPK[5] ^ TK16(0)); /* Mix key in each "round" */
529 PPK[1] += _S_(PPK[0] ^ TK16(1));
530 PPK[2] += _S_(PPK[1] ^ TK16(2));
531 PPK[3] += _S_(PPK[2] ^ TK16(3));
532 PPK[4] += _S_(PPK[3] ^ TK16(4));
533 PPK[5] += _S_(PPK[4] ^ TK16(5)); /* Total # S-box lookups == 6 */
535 /* Final sweep: bijective, "linear". Rotates kill LSB correlations */
536 PPK[0] += RotR1(PPK[5] ^ TK16(6));
537 PPK[1] += RotR1(PPK[0] ^ TK16(7)); /* Use all of TK[] in Phase2 */
538 PPK[2] += RotR1(PPK[1]);
539 PPK[3] += RotR1(PPK[2]);
540 PPK[4] += RotR1(PPK[3]);
541 PPK[5] += RotR1(PPK[4]);
542 /* Note: At this point, for a given key TK[0..15], the 96-bit output */
543 /* value PPK[0..5] is guaranteed to be unique, as a function */
544 /* of the 96-bit "input" value {TA, IV32, IV16}. That is, P1K */
545 /* is now a keyed permutation of {TA, IV32, IV16}. */
547 /* Set RC4KEY[0..3], which includes "cleartext" portion of RC4 key */
548 rc4key[0] = Hi8(iv16); /* RC4KEY[0..2] is the WEP IV */
549 rc4key[1] = (Hi8(iv16) | 0x20) & 0x7F; /* Help avoid weak (FMS) keys */
550 rc4key[2] = Lo8(iv16);
551 rc4key[3] = Lo8((PPK[5] ^ TK16(0)) >> 1);
553 /* Copy 96 bits of PPK[0..5] to RC4KEY[4..15] (little-endian) */
554 for (i = 0; i < 6; i++) {
555 rc4key[4 + 2 * i] = Lo8(PPK[i]);
556 rc4key[5 + 2 * i] = Hi8(PPK[i]);
560 /* The hlen isn't include the IV */
561 u32 rtw_tkip_encrypt(struct adapter *padapter, struct xmit_frame *pxmitframe)
568 u8 hw_hdr_offset = 0;
569 struct arc4context mycontext;
570 int curfragnum, length;
572 u8 *pframe, *payload, *iv, *prwskey;
573 union pn48 dot11txpn;
574 struct sta_info *stainfo;
575 struct pkt_attrib *pattrib = &pxmitframe->attrib;
576 struct security_priv *psecuritypriv = &padapter->securitypriv;
577 struct xmit_priv *pxmitpriv = &padapter->xmitpriv;
580 if (!pxmitframe->buf_addr)
583 hw_hdr_offset = TXDESC_SIZE +
584 (pxmitframe->pkt_offset * PACKET_OFFSET_SZ);
585 pframe = pxmitframe->buf_addr + hw_hdr_offset;
586 /* 4 start to encrypt each fragment */
587 if (pattrib->encrypt == _TKIP_) {
589 stainfo = pattrib->psta;
591 stainfo = rtw_get_stainfo(&padapter->stapriv, &pattrib->ra[0]);
594 if (is_multicast_ether_addr(pattrib->ra))
595 prwskey = psecuritypriv->dot118021XGrpKey[psecuritypriv->dot118021XGrpKeyid].skey;
597 prwskey = &stainfo->dot118021x_UncstKey.skey[0];
599 for (curfragnum = 0; curfragnum < pattrib->nr_frags; curfragnum++) {
600 iv = pframe + pattrib->hdrlen;
601 payload = pframe + pattrib->iv_len + pattrib->hdrlen;
603 GET_TKIP_PN(iv, dot11txpn);
605 pnl = (u16)(dot11txpn.val);
606 pnh = (u32)(dot11txpn.val >> 16);
607 phase1((u16 *)&ttkey[0], prwskey, &pattrib->ta[0], pnh);
608 phase2(&rc4key[0], prwskey, (u16 *)&ttkey[0], pnl);
610 if ((curfragnum + 1) == pattrib->nr_frags) { /* 4 the last fragment */
611 length = pattrib->last_txcmdsz - pattrib->hdrlen - pattrib->iv_len - pattrib->icv_len;
612 *((__le32 *)crc) = getcrc32(payload, length);/* modified by Amy*/
614 arcfour_init(&mycontext, rc4key, 16);
615 arcfour_encrypt(&mycontext, payload, payload, length);
616 arcfour_encrypt(&mycontext, payload + length, crc, 4);
618 length = pxmitpriv->frag_len - pattrib->hdrlen - pattrib->iv_len - pattrib->icv_len;
619 *((__le32 *)crc) = getcrc32(payload, length);/* modified by Amy*/
620 arcfour_init(&mycontext, rc4key, 16);
621 arcfour_encrypt(&mycontext, payload, payload, length);
622 arcfour_encrypt(&mycontext, payload + length, crc, 4);
624 pframe += pxmitpriv->frag_len;
625 pframe = (u8 *)round_up((size_t)(pframe), 4);
635 /* The hlen isn't include the IV */
636 u32 rtw_tkip_decrypt(struct adapter *padapter, struct recv_frame *precvframe)
643 struct arc4context mycontext;
645 u8 *pframe, *payload, *iv, *prwskey;
646 union pn48 dot11txpn;
647 struct sta_info *stainfo;
648 struct rx_pkt_attrib *prxattrib = &precvframe->attrib;
649 struct security_priv *psecuritypriv = &padapter->securitypriv;
652 pframe = (unsigned char *)precvframe->pkt->data;
654 /* 4 start to decrypt recvframe */
655 if (prxattrib->encrypt == _TKIP_) {
656 stainfo = rtw_get_stainfo(&padapter->stapriv, &prxattrib->ta[0]);
658 if (is_multicast_ether_addr(prxattrib->ra)) {
659 if (!psecuritypriv->binstallGrpkey) {
663 prwskey = psecuritypriv->dot118021XGrpKey[prxattrib->key_index].skey;
665 prwskey = &stainfo->dot118021x_UncstKey.skey[0];
668 iv = pframe + prxattrib->hdrlen;
669 payload = pframe + prxattrib->iv_len + prxattrib->hdrlen;
670 length = precvframe->pkt->len - prxattrib->hdrlen - prxattrib->iv_len;
672 GET_TKIP_PN(iv, dot11txpn);
674 pnl = (u16)(dot11txpn.val);
675 pnh = (u32)(dot11txpn.val >> 16);
677 phase1((u16 *)&ttkey[0], prwskey, &prxattrib->ta[0], pnh);
678 phase2(&rc4key[0], prwskey, (unsigned short *)&ttkey[0], pnl);
680 /* 4 decrypt payload include icv */
682 arcfour_init(&mycontext, rc4key, 16);
683 arcfour_encrypt(&mycontext, payload, payload, length);
685 *((__le32 *)crc) = getcrc32(payload, length - 4);
687 if (crc[3] != payload[length - 1] ||
688 crc[2] != payload[length - 2] ||
689 crc[1] != payload[length - 3] ||
690 crc[0] != payload[length - 4])
700 u32 rtw_aes_encrypt(struct adapter *padapter, struct xmit_frame *pxmitframe)
702 int curfragnum, length;
703 u8 *pframe; /* *payload,*iv */
704 u8 hw_hdr_offset = 0;
705 struct sta_info *stainfo;
706 struct pkt_attrib *pattrib = &pxmitframe->attrib;
707 struct security_priv *psecuritypriv = &padapter->securitypriv;
708 struct xmit_priv *pxmitpriv = &padapter->xmitpriv;
710 void *crypto_private;
712 struct lib80211_crypto_ops *crypto_ops;
713 const int key_idx = is_multicast_ether_addr(pattrib->ra) ? psecuritypriv->dot118021XGrpKeyid : 0;
714 const int key_length = 16;
717 if (!pxmitframe->buf_addr)
720 hw_hdr_offset = TXDESC_SIZE +
721 (pxmitframe->pkt_offset * PACKET_OFFSET_SZ);
723 pframe = pxmitframe->buf_addr + hw_hdr_offset;
725 /* 4 start to encrypt each fragment */
726 if (pattrib->encrypt != _AES_)
730 stainfo = pattrib->psta;
732 stainfo = rtw_get_stainfo(&padapter->stapriv, &pattrib->ra[0]);
737 crypto_ops = lib80211_get_crypto_ops("CCMP");
739 if (is_multicast_ether_addr(pattrib->ra))
740 key = psecuritypriv->dot118021XGrpKey[key_idx].skey;
742 key = stainfo->dot118021x_UncstKey.skey;
749 crypto_private = crypto_ops->init(key_idx);
750 if (!crypto_private) {
755 if (crypto_ops->set_key(key, key_length, NULL, crypto_private) < 0) {
757 goto exit_crypto_ops_deinit;
760 for (curfragnum = 0; curfragnum < pattrib->nr_frags; curfragnum++) {
761 if (curfragnum + 1 == pattrib->nr_frags)
762 length = pattrib->last_txcmdsz;
764 length = pxmitpriv->frag_len;
766 skb = dev_alloc_skb(length);
769 goto exit_crypto_ops_deinit;
772 skb_put_data(skb, pframe, length);
774 memmove(skb->data + pattrib->iv_len, skb->data, pattrib->hdrlen);
775 skb_pull(skb, pattrib->iv_len);
776 skb_trim(skb, skb->len - pattrib->icv_len);
778 if (crypto_ops->encrypt_mpdu(skb, pattrib->hdrlen, crypto_private)) {
781 goto exit_crypto_ops_deinit;
784 memcpy(pframe, skb->data, skb->len);
787 pframe = (u8 *)round_up((size_t)(pframe), 8);
792 exit_crypto_ops_deinit:
793 crypto_ops->deinit(crypto_private);
799 u32 rtw_aes_decrypt(struct adapter *padapter, struct recv_frame *precvframe)
801 struct rx_pkt_attrib *prxattrib = &precvframe->attrib;
804 /* 4 start to encrypt each fragment */
805 if (prxattrib->encrypt == _AES_) {
806 struct sta_info *stainfo = rtw_get_stainfo(&padapter->stapriv, &prxattrib->ta[0]);
810 const int key_length = 16, iv_len = 8, icv_len = 8;
811 struct sk_buff *skb = precvframe->pkt;
812 void *crypto_private = NULL;
813 u8 *key, *pframe = skb->data;
814 struct lib80211_crypto_ops *crypto_ops = lib80211_get_crypto_ops("CCMP");
815 struct security_priv *psecuritypriv = &padapter->securitypriv;
818 if (is_multicast_ether_addr(prxattrib->ra)) {
819 /* in concurrent we should use sw descrypt in group key, so we remove this message */
820 if (!psecuritypriv->binstallGrpkey) {
824 key_idx = psecuritypriv->dot118021XGrpKeyid;
825 key = psecuritypriv->dot118021XGrpKey[key_idx].skey;
828 key = stainfo->dot118021x_UncstKey.skey;
833 goto exit_lib80211_ccmp;
836 memcpy(iv, pframe + prxattrib->hdrlen, iv_len);
837 memcpy(icv, pframe + skb->len - icv_len, icv_len);
839 crypto_private = crypto_ops->init(key_idx);
840 if (!crypto_private) {
842 goto exit_lib80211_ccmp;
844 if (crypto_ops->set_key(key, key_length, NULL, crypto_private) < 0) {
846 goto exit_lib80211_ccmp;
848 if (crypto_ops->decrypt_mpdu(skb, prxattrib->hdrlen, crypto_private)) {
850 goto exit_lib80211_ccmp;
853 memmove(pframe, pframe + iv_len, prxattrib->hdrlen);
854 skb_push(skb, iv_len);
855 skb_put(skb, icv_len);
857 memcpy(pframe + prxattrib->hdrlen, iv, iv_len);
858 memcpy(pframe + skb->len - icv_len, icv, icv_len);
861 if (crypto_ops && crypto_private)
862 crypto_ops->deinit(crypto_private);