root/drivers/staging/rtl8712/rtl871x_security.c

/* [<][>][^][v][top][bottom][index][help] */

DEFINITIONS

This source file includes following definitions.
  1. arcfour_init
  2. arcfour_byte
  3. arcfour_encrypt
  4. crc32_reverseBit
  5. crc32_init
  6. getcrc32
  7. r8712_wep_encrypt
  8. r8712_wep_decrypt
  9. secmicgetuint32
  10. secmicputuint32
  11. secmicclear
  12. r8712_secmicsetkey
  13. secmicappendbyte
  14. r8712_secmicappend
  15. r8712_secgetmic
  16. seccalctkipmic
  17. phase1
  18. phase2
  19. r8712_tkip_encrypt
  20. r8712_tkip_decrypt
  21. xor_128
  22. xor_32
  23. sbox
  24. next_key
  25. byte_sub
  26. shift_row
  27. mix_column
  28. aes128k128d
  29. construct_mic_iv
  30. construct_mic_header1
  31. construct_mic_header2
  32. construct_ctr_preload
  33. bitwise_xor
  34. aes_cipher
  35. r8712_aes_encrypt
  36. aes_decipher
  37. r8712_aes_decrypt
  38. r8712_use_tkipkey_handler

   1 // SPDX-License-Identifier: GPL-2.0
   2 /******************************************************************************
   3  * rtl871x_security.c
   4  *
   5  * Copyright(c) 2007 - 2010 Realtek Corporation. All rights reserved.
   6  * Linux device driver for RTL8192SU
   7  *
   8  * Modifications for inclusion into the Linux staging tree are
   9  * Copyright(c) 2010 Larry Finger. All rights reserved.
  10  *
  11  * Contact information:
  12  * WLAN FAE <wlanfae@realtek.com>
  13  * Larry Finger <Larry.Finger@lwfinger.net>
  14  *
  15  ******************************************************************************/
  16 
  17 #define  _RTL871X_SECURITY_C_
  18 
  19 #include <linux/compiler.h>
  20 #include <linux/kernel.h>
  21 #include <linux/errno.h>
  22 #include <linux/slab.h>
  23 #include <linux/module.h>
  24 #include <linux/kref.h>
  25 #include <linux/netdevice.h>
  26 #include <linux/skbuff.h>
  27 #include <linux/circ_buf.h>
  28 #include <linux/uaccess.h>
  29 #include <asm/byteorder.h>
  30 #include <linux/atomic.h>
  31 #include <linux/crc32poly.h>
  32 #include <linux/semaphore.h>
  33 
  34 #include "osdep_service.h"
  35 #include "drv_types.h"
  36 #include "wifi.h"
  37 #include "osdep_intf.h"
  38 
  39 /* =====WEP related===== */
  40 
  41 struct arc4context {
  42         u32 x;
  43         u32 y;
  44         u8 state[256];
  45 };
  46 
  47 static void arcfour_init(struct arc4context *parc4ctx, u8 *key, u32 key_len)
  48 {
  49         u32     t, u;
  50         u32     keyindex;
  51         u32     stateindex;
  52         u8 *state;
  53         u32     counter;
  54 
  55         state = parc4ctx->state;
  56         parc4ctx->x = 0;
  57         parc4ctx->y = 0;
  58         for (counter = 0; counter < 256; counter++)
  59                 state[counter] = (u8)counter;
  60         keyindex = 0;
  61         stateindex = 0;
  62         for (counter = 0; counter < 256; counter++) {
  63                 t = state[counter];
  64                 stateindex = (stateindex + key[keyindex] + t) & 0xff;
  65                 u = state[stateindex];
  66                 state[stateindex] = (u8)t;
  67                 state[counter] = (u8)u;
  68                 if (++keyindex >= key_len)
  69                         keyindex = 0;
  70         }
  71 }
  72 
  73 static u32 arcfour_byte(struct arc4context *parc4ctx)
  74 {
  75         u32 x;
  76         u32 y;
  77         u32 sx, sy;
  78         u8 *state;
  79 
  80         state = parc4ctx->state;
  81         x = (parc4ctx->x + 1) & 0xff;
  82         sx = state[x];
  83         y = (sx + parc4ctx->y) & 0xff;
  84         sy = state[y];
  85         parc4ctx->x = x;
  86         parc4ctx->y = y;
  87         state[y] = (u8)sx;
  88         state[x] = (u8)sy;
  89         return state[(sx + sy) & 0xff];
  90 }
  91 
  92 static void arcfour_encrypt(struct arc4context  *parc4ctx,
  93                      u8 *dest, u8 *src, u32 len)
  94 {
  95         u32 i;
  96 
  97         for (i = 0; i < len; i++)
  98                 dest[i] = src[i] ^ (unsigned char)arcfour_byte(parc4ctx);
  99 }
 100 
 101 static sint bcrc32initialized;
 102 static u32 crc32_table[256];
 103 
 104 static u8 crc32_reverseBit(u8 data)
 105 {
 106         return ((u8)(data << 7) & 0x80) | ((data << 5) & 0x40) | ((data << 3)
 107                  & 0x20) | ((data << 1) & 0x10) | ((data >> 1) & 0x08) |
 108                  ((data >> 3) & 0x04) | ((data >> 5) & 0x02) | ((data >> 7) &
 109                  0x01);
 110 }
 111 
 112 static void crc32_init(void)
 113 {
 114         sint i, j;
 115         u32 c;
 116         u8 *p = (u8 *)&c, *p1;
 117         u8 k;
 118 
 119         if (bcrc32initialized == 1)
 120                 return;
 121 
 122         for (i = 0; i < 256; ++i) {
 123                 k = crc32_reverseBit((u8)i);
 124                 for (c = ((u32)k) << 24, j = 8; j > 0; --j)
 125                         c = c & 0x80000000 ? (c << 1) ^ CRC32_POLY_BE : (c << 1);
 126                 p1 = (u8 *)&crc32_table[i];
 127                 p1[0] = crc32_reverseBit(p[3]);
 128                 p1[1] = crc32_reverseBit(p[2]);
 129                 p1[2] = crc32_reverseBit(p[1]);
 130                 p1[3] = crc32_reverseBit(p[0]);
 131         }
 132         bcrc32initialized = 1;
 133 }
 134 
 135 static u32 getcrc32(u8 *buf, u32 len)
 136 {
 137         u8 *p;
 138         u32  crc;
 139 
 140         if (!bcrc32initialized)
 141                 crc32_init();
 142         crc = 0xffffffff; /* preload shift register, per CRC-32 spec */
 143         for (p = buf; len > 0; ++p, --len)
 144                 crc = crc32_table[(crc ^ *p) & 0xff] ^ (crc >> 8);
 145         return ~crc;    /* transmit complement, per CRC-32 spec */
 146 }
 147 
 148 /*
 149  * Need to consider the fragment situation
 150  */
 151 void r8712_wep_encrypt(struct _adapter *padapter, u8 *pxmitframe)
 152 {       /* exclude ICV */
 153         unsigned char   crc[4];
 154         struct arc4context  mycontext;
 155         u32 curfragnum, length, keylength, pki;
 156         u8 *pframe, *payload, *iv;    /*,*wepkey*/
 157         u8 wepkey[16];
 158         struct  pkt_attrib  *pattrib = &((struct xmit_frame *)
 159                                        pxmitframe)->attrib;
 160         struct  security_priv *psecuritypriv = &padapter->securitypriv;
 161         struct  xmit_priv *pxmitpriv = &padapter->xmitpriv;
 162 
 163         if (((struct xmit_frame *)pxmitframe)->buf_addr == NULL)
 164                 return;
 165         pframe = ((struct xmit_frame *)pxmitframe)->buf_addr + TXDESC_OFFSET;
 166         /*start to encrypt each fragment*/
 167         if ((pattrib->encrypt == _WEP40_) || (pattrib->encrypt == _WEP104_)) {
 168                 pki = psecuritypriv->PrivacyKeyIndex;
 169                 keylength = psecuritypriv->DefKeylen[pki];
 170                 for (curfragnum = 0; curfragnum < pattrib->nr_frags;
 171                      curfragnum++) {
 172                         iv = pframe + pattrib->hdrlen;
 173                         memcpy(&wepkey[0], iv, 3);
 174                         memcpy(&wepkey[3], &psecuritypriv->DefKey[
 175                                 psecuritypriv->PrivacyKeyIndex].skey[0],
 176                                 keylength);
 177                         payload = pframe + pattrib->iv_len + pattrib->hdrlen;
 178                         if ((curfragnum + 1) == pattrib->nr_frags) {
 179                                 length = pattrib->last_txcmdsz -
 180                                         pattrib->hdrlen -
 181                                         pattrib->iv_len -
 182                                         pattrib->icv_len;
 183                                 *((__le32 *)crc) = cpu_to_le32(getcrc32(
 184                                                 payload, length));
 185                                 arcfour_init(&mycontext, wepkey, 3 + keylength);
 186                                 arcfour_encrypt(&mycontext, payload, payload,
 187                                                 length);
 188                                 arcfour_encrypt(&mycontext, payload + length,
 189                                                 crc, 4);
 190                         } else {
 191                                 length = pxmitpriv->frag_len -
 192                                          pattrib->hdrlen - pattrib->iv_len -
 193                                          pattrib->icv_len;
 194                                 *((__le32 *)crc) = cpu_to_le32(getcrc32(
 195                                                 payload, length));
 196                                 arcfour_init(&mycontext, wepkey, 3 + keylength);
 197                                 arcfour_encrypt(&mycontext, payload, payload,
 198                                                 length);
 199                                 arcfour_encrypt(&mycontext, payload + length,
 200                                                 crc, 4);
 201                                 pframe += pxmitpriv->frag_len;
 202                                 pframe = (u8 *)RND4((addr_t)(pframe));
 203                         }
 204                 }
 205         }
 206 }
 207 
 208 void r8712_wep_decrypt(struct _adapter  *padapter, u8 *precvframe)
 209 {
 210         /* exclude ICV */
 211         u8 crc[4];
 212         struct arc4context  mycontext;
 213         u32 length, keylength;
 214         u8 *pframe, *payload, *iv, wepkey[16];
 215         u8  keyindex;
 216         struct rx_pkt_attrib  *prxattrib = &(((union recv_frame *)
 217                                           precvframe)->u.hdr.attrib);
 218         struct security_priv *psecuritypriv = &padapter->securitypriv;
 219 
 220         pframe = (unsigned char *)((union recv_frame *)precvframe)->
 221                   u.hdr.rx_data;
 222         /* start to decrypt recvframe */
 223         if ((prxattrib->encrypt == _WEP40_) || (prxattrib->encrypt ==
 224              _WEP104_)) {
 225                 iv = pframe + prxattrib->hdrlen;
 226                 keyindex = (iv[3] & 0x3);
 227                 keylength = psecuritypriv->DefKeylen[keyindex];
 228                 memcpy(&wepkey[0], iv, 3);
 229                 memcpy(&wepkey[3], &psecuritypriv->DefKey[
 230                         psecuritypriv->PrivacyKeyIndex].skey[0],
 231                         keylength);
 232                 length = ((union recv_frame *)precvframe)->
 233                            u.hdr.len - prxattrib->hdrlen - prxattrib->iv_len;
 234                 payload = pframe + prxattrib->iv_len + prxattrib->hdrlen;
 235                 /* decrypt payload include icv */
 236                 arcfour_init(&mycontext, wepkey, 3 + keylength);
 237                 arcfour_encrypt(&mycontext, payload, payload,  length);
 238                 /* calculate icv and compare the icv */
 239                 *((__le32 *)crc) = cpu_to_le32(getcrc32(payload, length - 4));
 240         }
 241 }
 242 
 243 /* 3 =====TKIP related===== */
 244 
 245 static u32 secmicgetuint32(u8 *p)
 246 /* Convert from Byte[] to Us4Byte32 in a portable way */
 247 {
 248         s32 i;
 249         u32 res = 0;
 250 
 251         for (i = 0; i < 4; i++)
 252                 res |= ((u32)(*p++)) << (8 * i);
 253         return res;
 254 }
 255 
 256 static void secmicputuint32(u8 *p, u32 val)
 257 /* Convert from Us4Byte32 to Byte[] in a portable way */
 258 {
 259         long i;
 260 
 261         for (i = 0; i < 4; i++) {
 262                 *p++ = (u8) (val & 0xff);
 263                 val >>= 8;
 264         }
 265 }
 266 
 267 static void secmicclear(struct mic_data *pmicdata)
 268 {
 269 /* Reset the state to the empty message. */
 270         pmicdata->L = pmicdata->K0;
 271         pmicdata->R = pmicdata->K1;
 272         pmicdata->nBytesInM = 0;
 273         pmicdata->M = 0;
 274 }
 275 
 276 void r8712_secmicsetkey(struct mic_data *pmicdata, u8 *key)
 277 {
 278         /* Set the key */
 279         pmicdata->K0 = secmicgetuint32(key);
 280         pmicdata->K1 = secmicgetuint32(key + 4);
 281         /* and reset the message */
 282         secmicclear(pmicdata);
 283 }
 284 
 285 static void secmicappendbyte(struct mic_data *pmicdata, u8 b)
 286 {
 287         /* Append the byte to our word-sized buffer */
 288         pmicdata->M |= ((u32)b) << (8 * pmicdata->nBytesInM);
 289         pmicdata->nBytesInM++;
 290         /* Process the word if it is full. */
 291         if (pmicdata->nBytesInM >= 4) {
 292                 pmicdata->L ^= pmicdata->M;
 293                 pmicdata->R ^= ROL32(pmicdata->L, 17);
 294                 pmicdata->L += pmicdata->R;
 295                 pmicdata->R ^= ((pmicdata->L & 0xff00ff00) >> 8) |
 296                                ((pmicdata->L & 0x00ff00ff) << 8);
 297                 pmicdata->L += pmicdata->R;
 298                 pmicdata->R ^= ROL32(pmicdata->L, 3);
 299                 pmicdata->L += pmicdata->R;
 300                 pmicdata->R ^= ROR32(pmicdata->L, 2);
 301                 pmicdata->L += pmicdata->R;
 302                 /* Clear the buffer */
 303                 pmicdata->M = 0;
 304                 pmicdata->nBytesInM = 0;
 305         }
 306 }
 307 
 308 void r8712_secmicappend(struct mic_data *pmicdata, u8 *src, u32 nbytes)
 309 {
 310         /* This is simple */
 311         while (nbytes > 0) {
 312                 secmicappendbyte(pmicdata, *src++);
 313                 nbytes--;
 314         }
 315 }
 316 
 317 void r8712_secgetmic(struct mic_data *pmicdata, u8 *dst)
 318 {
 319         /* Append the minimum padding */
 320         secmicappendbyte(pmicdata, 0x5a);
 321         secmicappendbyte(pmicdata, 0);
 322         secmicappendbyte(pmicdata, 0);
 323         secmicappendbyte(pmicdata, 0);
 324         secmicappendbyte(pmicdata, 0);
 325         /* and then zeroes until the length is a multiple of 4 */
 326         while (pmicdata->nBytesInM != 0)
 327                 secmicappendbyte(pmicdata, 0);
 328         /* The appendByte function has already computed the result. */
 329         secmicputuint32(dst, pmicdata->L);
 330         secmicputuint32(dst + 4, pmicdata->R);
 331         /* Reset to the empty message. */
 332         secmicclear(pmicdata);
 333 }
 334 
 335 void seccalctkipmic(u8 *key, u8 *header, u8 *data, u32 data_len, u8 *mic_code,
 336                     u8 pri)
 337 {
 338 
 339         struct mic_data micdata;
 340         u8 priority[4] = {0x0, 0x0, 0x0, 0x0};
 341 
 342         r8712_secmicsetkey(&micdata, key);
 343         priority[0] = pri;
 344         /* Michael MIC pseudo header: DA, SA, 3 x 0, Priority */
 345         if (header[1] & 1) {   /* ToDS==1 */
 346                 r8712_secmicappend(&micdata, &header[16], 6);  /* DA */
 347                 if (header[1] & 2)  /* From Ds==1 */
 348                         r8712_secmicappend(&micdata, &header[24], 6);
 349                 else
 350                         r8712_secmicappend(&micdata, &header[10], 6);
 351         } else {        /* ToDS==0 */
 352                 r8712_secmicappend(&micdata, &header[4], 6);   /* DA */
 353                 if (header[1] & 2)  /* From Ds==1 */
 354                         r8712_secmicappend(&micdata, &header[16], 6);
 355                 else
 356                         r8712_secmicappend(&micdata, &header[10], 6);
 357         }
 358         r8712_secmicappend(&micdata, &priority[0], 4);
 359         r8712_secmicappend(&micdata, data, data_len);
 360         r8712_secgetmic(&micdata, mic_code);
 361 }
 362 
 363 /* macros for extraction/creation of unsigned char/unsigned short values  */
 364 #define RotR1(v16)   ((((v16) >> 1) & 0x7FFF) ^ (((v16) & 1) << 15))
 365 #define   Lo8(v16)   ((u8)((v16) & 0x00FF))
 366 #define   Hi8(v16)   ((u8)(((v16) >> 8) & 0x00FF))
 367 #define  Lo16(v32)   ((u16)((v32) & 0xFFFF))
 368 #define  Hi16(v32)   ((u16)(((v32) >> 16) & 0xFFFF))
 369 #define  Mk16(hi, lo) ((lo) ^ (((u16)(hi)) << 8))
 370 
 371 /* select the Nth 16-bit word of the temporal key unsigned char array TK[]   */
 372 #define  TK16(N)  Mk16(tk[2 * (N) + 1], tk[2 * (N)])
 373 
 374 /* S-box lookup: 16 bits --> 16 bits */
 375 #define _S_(v16)  (Sbox1[0][Lo8(v16)] ^ Sbox1[1][Hi8(v16)])
 376 
 377 /* fixed algorithm "parameters" */
 378 #define PHASE1_LOOP_CNT   8    /* this needs to be "big enough"     */
 379 #define TA_SIZE           6    /*  48-bit transmitter address       */
 380 #define TK_SIZE          16    /* 128-bit temporal key              */
 381 #define P1K_SIZE         10    /*  80-bit Phase1 key                */
 382 #define RC4_KEY_SIZE     16    /* 128-bit RC4KEY (104 bits unknown) */
 383 
 384 
 385 /* 2-unsigned char by 2-unsigned char subset of the full AES S-box table */
 386 static const unsigned short Sbox1[2][256] = {/* Sbox for hash (can be in ROM) */
 387         {
 388         0xC6A5, 0xF884, 0xEE99, 0xF68D, 0xFF0D, 0xD6BD, 0xDEB1, 0x9154,
 389         0x6050, 0x0203, 0xCEA9, 0x567D, 0xE719, 0xB562, 0x4DE6, 0xEC9A,
 390         0x8F45, 0x1F9D, 0x8940, 0xFA87, 0xEF15, 0xB2EB, 0x8EC9, 0xFB0B,
 391         0x41EC, 0xB367, 0x5FFD, 0x45EA, 0x23BF, 0x53F7, 0xE496, 0x9B5B,
 392         0x75C2, 0xE11C, 0x3DAE, 0x4C6A, 0x6C5A, 0x7E41, 0xF502, 0x834F,
 393         0x685C, 0x51F4, 0xD134, 0xF908, 0xE293, 0xAB73, 0x6253, 0x2A3F,
 394         0x080C, 0x9552, 0x4665, 0x9D5E, 0x3028, 0x37A1, 0x0A0F, 0x2FB5,
 395         0x0E09, 0x2436, 0x1B9B, 0xDF3D, 0xCD26, 0x4E69, 0x7FCD, 0xEA9F,
 396         0x121B, 0x1D9E, 0x5874, 0x342E, 0x362D, 0xDCB2, 0xB4EE, 0x5BFB,
 397         0xA4F6, 0x764D, 0xB761, 0x7DCE, 0x527B, 0xDD3E, 0x5E71, 0x1397,
 398         0xA6F5, 0xB968, 0x0000, 0xC12C, 0x4060, 0xE31F, 0x79C8, 0xB6ED,
 399         0xD4BE, 0x8D46, 0x67D9, 0x724B, 0x94DE, 0x98D4, 0xB0E8, 0x854A,
 400         0xBB6B, 0xC52A, 0x4FE5, 0xED16, 0x86C5, 0x9AD7, 0x6655, 0x1194,
 401         0x8ACF, 0xE910, 0x0406, 0xFE81, 0xA0F0, 0x7844, 0x25BA, 0x4BE3,
 402         0xA2F3, 0x5DFE, 0x80C0, 0x058A, 0x3FAD, 0x21BC, 0x7048, 0xF104,
 403         0x63DF, 0x77C1, 0xAF75, 0x4263, 0x2030, 0xE51A, 0xFD0E, 0xBF6D,
 404         0x814C, 0x1814, 0x2635, 0xC32F, 0xBEE1, 0x35A2, 0x88CC, 0x2E39,
 405         0x9357, 0x55F2, 0xFC82, 0x7A47, 0xC8AC, 0xBAE7, 0x322B, 0xE695,
 406         0xC0A0, 0x1998, 0x9ED1, 0xA37F, 0x4466, 0x547E, 0x3BAB, 0x0B83,
 407         0x8CCA, 0xC729, 0x6BD3, 0x283C, 0xA779, 0xBCE2, 0x161D, 0xAD76,
 408         0xDB3B, 0x6456, 0x744E, 0x141E, 0x92DB, 0x0C0A, 0x486C, 0xB8E4,
 409         0x9F5D, 0xBD6E, 0x43EF, 0xC4A6, 0x39A8, 0x31A4, 0xD337, 0xF28B,
 410         0xD532, 0x8B43, 0x6E59, 0xDAB7, 0x018C, 0xB164, 0x9CD2, 0x49E0,
 411         0xD8B4, 0xACFA, 0xF307, 0xCF25, 0xCAAF, 0xF48E, 0x47E9, 0x1018,
 412         0x6FD5, 0xF088, 0x4A6F, 0x5C72, 0x3824, 0x57F1, 0x73C7, 0x9751,
 413         0xCB23, 0xA17C, 0xE89C, 0x3E21, 0x96DD, 0x61DC, 0x0D86, 0x0F85,
 414         0xE090, 0x7C42, 0x71C4, 0xCCAA, 0x90D8, 0x0605, 0xF701, 0x1C12,
 415         0xC2A3, 0x6A5F, 0xAEF9, 0x69D0, 0x1791, 0x9958, 0x3A27, 0x27B9,
 416         0xD938, 0xEB13, 0x2BB3, 0x2233, 0xD2BB, 0xA970, 0x0789, 0x33A7,
 417         0x2DB6, 0x3C22, 0x1592, 0xC920, 0x8749, 0xAAFF, 0x5078, 0xA57A,
 418         0x038F, 0x59F8, 0x0980, 0x1A17, 0x65DA, 0xD731, 0x84C6, 0xD0B8,
 419         0x82C3, 0x29B0, 0x5A77, 0x1E11, 0x7BCB, 0xA8FC, 0x6DD6, 0x2C3A,
 420         },
 421         {  /* second half is unsigned char-reversed version of first! */
 422         0xA5C6, 0x84F8, 0x99EE, 0x8DF6, 0x0DFF, 0xBDD6, 0xB1DE, 0x5491,
 423         0x5060, 0x0302, 0xA9CE, 0x7D56, 0x19E7, 0x62B5, 0xE64D, 0x9AEC,
 424         0x458F, 0x9D1F, 0x4089, 0x87FA, 0x15EF, 0xEBB2, 0xC98E, 0x0BFB,
 425         0xEC41, 0x67B3, 0xFD5F, 0xEA45, 0xBF23, 0xF753, 0x96E4, 0x5B9B,
 426         0xC275, 0x1CE1, 0xAE3D, 0x6A4C, 0x5A6C, 0x417E, 0x02F5, 0x4F83,
 427         0x5C68, 0xF451, 0x34D1, 0x08F9, 0x93E2, 0x73AB, 0x5362, 0x3F2A,
 428         0x0C08, 0x5295, 0x6546, 0x5E9D, 0x2830, 0xA137, 0x0F0A, 0xB52F,
 429         0x090E, 0x3624, 0x9B1B, 0x3DDF, 0x26CD, 0x694E, 0xCD7F, 0x9FEA,
 430         0x1B12, 0x9E1D, 0x7458, 0x2E34, 0x2D36, 0xB2DC, 0xEEB4, 0xFB5B,
 431         0xF6A4, 0x4D76, 0x61B7, 0xCE7D, 0x7B52, 0x3EDD, 0x715E, 0x9713,
 432         0xF5A6, 0x68B9, 0x0000, 0x2CC1, 0x6040, 0x1FE3, 0xC879, 0xEDB6,
 433         0xBED4, 0x468D, 0xD967, 0x4B72, 0xDE94, 0xD498, 0xE8B0, 0x4A85,
 434         0x6BBB, 0x2AC5, 0xE54F, 0x16ED, 0xC586, 0xD79A, 0x5566, 0x9411,
 435         0xCF8A, 0x10E9, 0x0604, 0x81FE, 0xF0A0, 0x4478, 0xBA25, 0xE34B,
 436         0xF3A2, 0xFE5D, 0xC080, 0x8A05, 0xAD3F, 0xBC21, 0x4870, 0x04F1,
 437         0xDF63, 0xC177, 0x75AF, 0x6342, 0x3020, 0x1AE5, 0x0EFD, 0x6DBF,
 438         0x4C81, 0x1418, 0x3526, 0x2FC3, 0xE1BE, 0xA235, 0xCC88, 0x392E,
 439         0x5793, 0xF255, 0x82FC, 0x477A, 0xACC8, 0xE7BA, 0x2B32, 0x95E6,
 440         0xA0C0, 0x9819, 0xD19E, 0x7FA3, 0x6644, 0x7E54, 0xAB3B, 0x830B,
 441         0xCA8C, 0x29C7, 0xD36B, 0x3C28, 0x79A7, 0xE2BC, 0x1D16, 0x76AD,
 442         0x3BDB, 0x5664, 0x4E74, 0x1E14, 0xDB92, 0x0A0C, 0x6C48, 0xE4B8,
 443         0x5D9F, 0x6EBD, 0xEF43, 0xA6C4, 0xA839, 0xA431, 0x37D3, 0x8BF2,
 444         0x32D5, 0x438B, 0x596E, 0xB7DA, 0x8C01, 0x64B1, 0xD29C, 0xE049,
 445         0xB4D8, 0xFAAC, 0x07F3, 0x25CF, 0xAFCA, 0x8EF4, 0xE947, 0x1810,
 446         0xD56F, 0x88F0, 0x6F4A, 0x725C, 0x2438, 0xF157, 0xC773, 0x5197,
 447         0x23CB, 0x7CA1, 0x9CE8, 0x213E, 0xDD96, 0xDC61, 0x860D, 0x850F,
 448         0x90E0, 0x427C, 0xC471, 0xAACC, 0xD890, 0x0506, 0x01F7, 0x121C,
 449         0xA3C2, 0x5F6A, 0xF9AE, 0xD069, 0x9117, 0x5899, 0x273A, 0xB927,
 450         0x38D9, 0x13EB, 0xB32B, 0x3322, 0xBBD2, 0x70A9, 0x8907, 0xA733,
 451         0xB62D, 0x223C, 0x9215, 0x20C9, 0x4987, 0xFFAA, 0x7850, 0x7AA5,
 452         0x8F03, 0xF859, 0x8009, 0x171A, 0xDA65, 0x31D7, 0xC684, 0xB8D0,
 453         0xC382, 0xB029, 0x775A, 0x111E, 0xCB7B, 0xFCA8, 0xD66D, 0x3A2C,
 454         }
 455 };
 456 
 457 /*
 458  **********************************************************************
 459  * Routine: Phase 1 -- generate P1K, given TA, TK, IV32
 460  *
 461  * Inputs:
 462  *     tk[]      = temporal key                         [128 bits]
 463  *     ta[]      = transmitter's MAC address            [ 48 bits]
 464  *     iv32      = upper 32 bits of IV                  [ 32 bits]
 465  * Output:
 466  *     p1k[]     = Phase 1 key                          [ 80 bits]
 467  *
 468  * Note:
 469  *     This function only needs to be called every 2**16 packets,
 470  *     although in theory it could be called every packet.
 471  *
 472  **********************************************************************
 473  */
 474 static void phase1(u16 *p1k, const u8 *tk, const u8 *ta, u32 iv32)
 475 {
 476         sint  i;
 477 
 478         /* Initialize the 80 bits of P1K[] from IV32 and TA[0..5]     */
 479         p1k[0] = Lo16(iv32);
 480         p1k[1] = Hi16(iv32);
 481         p1k[2] = Mk16(ta[1], ta[0]); /* use TA[] as little-endian */
 482         p1k[3] = Mk16(ta[3], ta[2]);
 483         p1k[4] = Mk16(ta[5], ta[4]);
 484         /* Now compute an unbalanced Feistel cipher with 80-bit block */
 485         /* size on the 80-bit block P1K[], using the 128-bit key TK[] */
 486         for (i = 0; i < PHASE1_LOOP_CNT; i++) {  /* Each add is mod 2**16 */
 487                 p1k[0] += _S_(p1k[4] ^ TK16((i & 1) + 0));
 488                 p1k[1] += _S_(p1k[0] ^ TK16((i & 1) + 2));
 489                 p1k[2] += _S_(p1k[1] ^ TK16((i & 1) + 4));
 490                 p1k[3] += _S_(p1k[2] ^ TK16((i & 1) + 6));
 491                 p1k[4] += _S_(p1k[3] ^ TK16((i & 1) + 0));
 492                 p1k[4] +=  (unsigned short)i;   /* avoid "slide attacks" */
 493         }
 494 }
 495 
 496 /*
 497  **********************************************************************
 498  * Routine: Phase 2 -- generate RC4KEY, given TK, P1K, IV16
 499  *
 500  * Inputs:
 501  *     tk[]      = Temporal key                         [128 bits]
 502  *     p1k[]     = Phase 1 output key                   [ 80 bits]
 503  *     iv16      = low 16 bits of IV counter            [ 16 bits]
 504  * Output:
 505  *     rc4key[]  = the key used to encrypt the packet   [128 bits]
 506  *
 507  * Note:
 508  *     The value {TA,IV32,IV16} for Phase1/Phase2 must be unique
 509  *     across all packets using the same key TK value. Then, for a
 510  *     given value of TK[], this TKIP48 construction guarantees that
 511  *     the final RC4KEY value is unique across all packets.
 512  *
 513  * Suggested implementation optimization: if PPK[] is "overlaid"
 514  *     appropriately on RC4KEY[], there is no need for the final
 515  *     for loop below that copies the PPK[] result into RC4KEY[].
 516  *
 517  **********************************************************************
 518  */
 519 static void phase2(u8 *rc4key, const u8 *tk, const u16 *p1k, u16 iv16)
 520 {
 521         sint  i;
 522         u16 PPK[6];                     /* temporary key for mixing    */
 523 
 524         /* Note: all adds in the PPK[] equations below are mod 2**16 */
 525         for (i = 0; i < 5; i++)
 526                 PPK[i] = p1k[i]; /* first, copy P1K to PPK */
 527         PPK[5]  =  p1k[4] + iv16; /* next,  add in IV16 */
 528         /* Bijective non-linear mixing of the 96 bits of PPK[0..5] */
 529         PPK[0] += _S_(PPK[5] ^ TK16(0));   /* Mix key in each "round" */
 530         PPK[1] += _S_(PPK[0] ^ TK16(1));
 531         PPK[2] += _S_(PPK[1] ^ TK16(2));
 532         PPK[3] += _S_(PPK[2] ^ TK16(3));
 533         PPK[4] += _S_(PPK[3] ^ TK16(4));
 534         PPK[5] += _S_(PPK[4] ^ TK16(5));   /* Total # S-box lookups == 6  */
 535         /* Final sweep: bijective, "linear". Rotates kill LSB correlations   */
 536         PPK[0] +=  RotR1(PPK[5] ^ TK16(6));
 537         PPK[1] +=  RotR1(PPK[0] ^ TK16(7));   /* Use all of TK[] in Phase2   */
 538         PPK[2] +=  RotR1(PPK[1]);
 539         PPK[3] +=  RotR1(PPK[2]);
 540         PPK[4] +=  RotR1(PPK[3]);
 541         PPK[5] +=  RotR1(PPK[4]);
 542         /* Note: At this point, for a given key TK[0..15], the 96-bit output */
 543         /* value PPK[0..5] is guaranteed to be unique, as a function   */
 544         /* of the 96-bit "input" value   {TA,IV32,IV16}. That is, P1K  */
 545         /* is now a keyed permutation of {TA,IV32,IV16}. */
 546         /* Set RC4KEY[0..3], which includes "cleartext" portion of RC4 key   */
 547         rc4key[0] = Hi8(iv16); /* RC4KEY[0..2] is the WEP IV  */
 548         rc4key[1] = (Hi8(iv16) | 0x20) & 0x7F; /* Help avoid weak (FMS) keys  */
 549         rc4key[2] = Lo8(iv16);
 550         rc4key[3] = Lo8((PPK[5] ^ TK16(0)) >> 1);
 551         /* Copy 96 bits of PPK[0..5] to RC4KEY[4..15]  (little-endian) */
 552         for (i = 0; i < 6; i++) {
 553                 rc4key[4 + 2 * i] = Lo8(PPK[i]);
 554                 rc4key[5 + 2 * i] = Hi8(PPK[i]);
 555         }
 556 }
 557 
 558 /*The hlen isn't include the IV*/
 559 u32 r8712_tkip_encrypt(struct _adapter *padapter, u8 *pxmitframe)
 560 {       /*  exclude ICV */
 561         u16 pnl;
 562         u32 pnh;
 563         u8 rc4key[16];
 564         u8 ttkey[16];
 565         u8 crc[4];
 566         struct arc4context mycontext;
 567         u32 curfragnum, length;
 568 
 569         u8 *pframe, *payload, *iv, *prwskey;
 570         union pn48 txpn;
 571         struct sta_info *stainfo;
 572         struct pkt_attrib *pattrib = &((struct xmit_frame *)pxmitframe)->attrib;
 573         struct xmit_priv *pxmitpriv = &padapter->xmitpriv;
 574         u32 res = _SUCCESS;
 575 
 576         if (((struct xmit_frame *)pxmitframe)->buf_addr == NULL)
 577                 return _FAIL;
 578 
 579         pframe = ((struct xmit_frame *)pxmitframe)->buf_addr + TXDESC_OFFSET;
 580         /* 4 start to encrypt each fragment */
 581         if (pattrib->encrypt == _TKIP_) {
 582                 if (pattrib->psta)
 583                         stainfo = pattrib->psta;
 584                 else
 585                         stainfo = r8712_get_stainfo(&padapter->stapriv,
 586                                   &pattrib->ra[0]);
 587                 if (stainfo != NULL) {
 588                         prwskey = &stainfo->x_UncstKey.skey[0];
 589                         for (curfragnum = 0; curfragnum < pattrib->nr_frags;
 590                              curfragnum++) {
 591                                 iv = pframe + pattrib->hdrlen;
 592                                 payload = pframe + pattrib->iv_len +
 593                                           pattrib->hdrlen;
 594                                 GET_TKIP_PN(iv, txpn);
 595                                 pnl = (u16)(txpn.val);
 596                                 pnh = (u32)(txpn.val >> 16);
 597                                 phase1((u16 *)&ttkey[0], prwskey,
 598                                        &pattrib->ta[0], pnh);
 599                                 phase2(&rc4key[0], prwskey, (u16 *)&ttkey[0],
 600                                        pnl);
 601                                 if ((curfragnum + 1) == pattrib->nr_frags) {
 602                                         /* 4 the last fragment */
 603                                         length = pattrib->last_txcmdsz -
 604                                              pattrib->hdrlen -
 605                                              pattrib->iv_len -
 606                                              pattrib->icv_len;
 607                                         *((__le32 *)crc) = cpu_to_le32(
 608                                                 getcrc32(payload, length));
 609                                         arcfour_init(&mycontext, rc4key, 16);
 610                                         arcfour_encrypt(&mycontext, payload,
 611                                                         payload, length);
 612                                         arcfour_encrypt(&mycontext, payload +
 613                                                         length, crc, 4);
 614                                 } else {
 615                                         length = pxmitpriv->frag_len -
 616                                                  pattrib->hdrlen -
 617                                                  pattrib->iv_len -
 618                                                  pattrib->icv_len;
 619                                         *((__le32 *)crc) = cpu_to_le32(getcrc32(
 620                                                         payload, length));
 621                                         arcfour_init(&mycontext, rc4key, 16);
 622                                         arcfour_encrypt(&mycontext, payload,
 623                                                          payload, length);
 624                                         arcfour_encrypt(&mycontext,
 625                                                         payload + length, crc,
 626                                                         4);
 627                                         pframe += pxmitpriv->frag_len;
 628                                         pframe = (u8 *)RND4((addr_t)(pframe));
 629                                 }
 630                         }
 631                 } else {
 632                         res = _FAIL;
 633                 }
 634         }
 635         return res;
 636 }
 637 
 638 /* The hlen doesn't include the IV */
 639 void r8712_tkip_decrypt(struct _adapter *padapter, u8 *precvframe)
 640 {       /* exclude ICV */
 641         u16 pnl;
 642         u32 pnh;
 643         u8 rc4key[16];
 644         u8 ttkey[16];
 645         u8 crc[4];
 646         struct arc4context mycontext;
 647         u32 length;
 648         u8 *pframe, *payload, *iv, *prwskey, idx = 0;
 649         union pn48 txpn;
 650         struct  sta_info *stainfo;
 651         struct  rx_pkt_attrib *prxattrib = &((union recv_frame *)
 652                                            precvframe)->u.hdr.attrib;
 653         struct  security_priv   *psecuritypriv = &padapter->securitypriv;
 654 
 655         pframe = (unsigned char *)((union recv_frame *)
 656                                    precvframe)->u.hdr.rx_data;
 657         /* 4 start to decrypt recvframe */
 658         if (prxattrib->encrypt == _TKIP_) {
 659                 stainfo = r8712_get_stainfo(&padapter->stapriv,
 660                                             &prxattrib->ta[0]);
 661                 if (stainfo != NULL) {
 662                         iv = pframe + prxattrib->hdrlen;
 663                         payload = pframe + prxattrib->iv_len +
 664                                   prxattrib->hdrlen;
 665                         length = ((union recv_frame *)precvframe)->
 666                                  u.hdr.len - prxattrib->hdrlen -
 667                                  prxattrib->iv_len;
 668                         if (is_multicast_ether_addr(prxattrib->ra)) {
 669                                 idx = iv[3];
 670                                 prwskey = &psecuritypriv->XGrpKey[
 671                                          ((idx >> 6) & 0x3) - 1].skey[0];
 672                                 if (!psecuritypriv->binstallGrpkey)
 673                                         return;
 674                         } else {
 675                                 prwskey = &stainfo->x_UncstKey.skey[0];
 676                         }
 677                         GET_TKIP_PN(iv, txpn);
 678                         pnl = (u16)(txpn.val);
 679                         pnh = (u32)(txpn.val >> 16);
 680                         phase1((u16 *)&ttkey[0], prwskey, &prxattrib->ta[0],
 681                                 pnh);
 682                         phase2(&rc4key[0], prwskey, (unsigned short *)
 683                                &ttkey[0], pnl);
 684                         /* 4 decrypt payload include icv */
 685                         arcfour_init(&mycontext, rc4key, 16);
 686                         arcfour_encrypt(&mycontext, payload, payload, length);
 687                         *((__le32 *)crc) = cpu_to_le32(getcrc32(payload,
 688                                         length - 4));
 689                 }
 690         }
 691 }
 692 
 693 /* 3 =====AES related===== */
 694 
 695 #define MAX_MSG_SIZE    2048
 696 /*****************************/
 697 /******** SBOX Table *********/
 698 /*****************************/
 699 
 700 static const u8 sbox_table[256] = {
 701         0x63, 0x7c, 0x77, 0x7b, 0xf2, 0x6b, 0x6f, 0xc5,
 702         0x30, 0x01, 0x67, 0x2b, 0xfe, 0xd7, 0xab, 0x76,
 703         0xca, 0x82, 0xc9, 0x7d, 0xfa, 0x59, 0x47, 0xf0,
 704         0xad, 0xd4, 0xa2, 0xaf, 0x9c, 0xa4, 0x72, 0xc0,
 705         0xb7, 0xfd, 0x93, 0x26, 0x36, 0x3f, 0xf7, 0xcc,
 706         0x34, 0xa5, 0xe5, 0xf1, 0x71, 0xd8, 0x31, 0x15,
 707         0x04, 0xc7, 0x23, 0xc3, 0x18, 0x96, 0x05, 0x9a,
 708         0x07, 0x12, 0x80, 0xe2, 0xeb, 0x27, 0xb2, 0x75,
 709         0x09, 0x83, 0x2c, 0x1a, 0x1b, 0x6e, 0x5a, 0xa0,
 710         0x52, 0x3b, 0xd6, 0xb3, 0x29, 0xe3, 0x2f, 0x84,
 711         0x53, 0xd1, 0x00, 0xed, 0x20, 0xfc, 0xb1, 0x5b,
 712         0x6a, 0xcb, 0xbe, 0x39, 0x4a, 0x4c, 0x58, 0xcf,
 713         0xd0, 0xef, 0xaa, 0xfb, 0x43, 0x4d, 0x33, 0x85,
 714         0x45, 0xf9, 0x02, 0x7f, 0x50, 0x3c, 0x9f, 0xa8,
 715         0x51, 0xa3, 0x40, 0x8f, 0x92, 0x9d, 0x38, 0xf5,
 716         0xbc, 0xb6, 0xda, 0x21, 0x10, 0xff, 0xf3, 0xd2,
 717         0xcd, 0x0c, 0x13, 0xec, 0x5f, 0x97, 0x44, 0x17,
 718         0xc4, 0xa7, 0x7e, 0x3d, 0x64, 0x5d, 0x19, 0x73,
 719         0x60, 0x81, 0x4f, 0xdc, 0x22, 0x2a, 0x90, 0x88,
 720         0x46, 0xee, 0xb8, 0x14, 0xde, 0x5e, 0x0b, 0xdb,
 721         0xe0, 0x32, 0x3a, 0x0a, 0x49, 0x06, 0x24, 0x5c,
 722         0xc2, 0xd3, 0xac, 0x62, 0x91, 0x95, 0xe4, 0x79,
 723         0xe7, 0xc8, 0x37, 0x6d, 0x8d, 0xd5, 0x4e, 0xa9,
 724         0x6c, 0x56, 0xf4, 0xea, 0x65, 0x7a, 0xae, 0x08,
 725         0xba, 0x78, 0x25, 0x2e, 0x1c, 0xa6, 0xb4, 0xc6,
 726         0xe8, 0xdd, 0x74, 0x1f, 0x4b, 0xbd, 0x8b, 0x8a,
 727         0x70, 0x3e, 0xb5, 0x66, 0x48, 0x03, 0xf6, 0x0e,
 728         0x61, 0x35, 0x57, 0xb9, 0x86, 0xc1, 0x1d, 0x9e,
 729         0xe1, 0xf8, 0x98, 0x11, 0x69, 0xd9, 0x8e, 0x94,
 730         0x9b, 0x1e, 0x87, 0xe9, 0xce, 0x55, 0x28, 0xdf,
 731         0x8c, 0xa1, 0x89, 0x0d, 0xbf, 0xe6, 0x42, 0x68,
 732         0x41, 0x99, 0x2d, 0x0f, 0xb0, 0x54, 0xbb, 0x16
 733 };
 734 
 735 /****************************************/
 736 /* aes128k128d()                        */
 737 /* Performs a 128 bit AES encrypt with  */
 738 /* 128 bit data.                        */
 739 /****************************************/
 740 static void xor_128(u8 *a, u8 *b, u8 *out)
 741 {
 742         sint i;
 743 
 744         for (i = 0; i < 16; i++)
 745                 out[i] = a[i] ^ b[i];
 746 }
 747 
 748 static void xor_32(u8 *a, u8 *b, u8 *out)
 749 {
 750         sint i;
 751 
 752         for (i = 0; i < 4; i++)
 753                 out[i] = a[i] ^ b[i];
 754 }
 755 
 756 static u8 sbox(u8 a)
 757 {
 758         return sbox_table[(sint)a];
 759 }
 760 
 761 static void next_key(u8 *key, sint round)
 762 {
 763         u8 rcon;
 764         u8 sbox_key[4];
 765         u8 rcon_table[12] = {
 766                 0x01, 0x02, 0x04, 0x08, 0x10, 0x20, 0x40, 0x80,
 767                 0x1b, 0x36, 0x36, 0x36
 768         };
 769 
 770         sbox_key[0] = sbox(key[13]);
 771         sbox_key[1] = sbox(key[14]);
 772         sbox_key[2] = sbox(key[15]);
 773         sbox_key[3] = sbox(key[12]);
 774         rcon = rcon_table[round];
 775         xor_32(&key[0], sbox_key, &key[0]);
 776         key[0] = key[0] ^ rcon;
 777         xor_32(&key[4], &key[0], &key[4]);
 778         xor_32(&key[8], &key[4], &key[8]);
 779         xor_32(&key[12], &key[8], &key[12]);
 780 }
 781 
 782 static void byte_sub(u8 *in, u8 *out)
 783 {
 784         sint i;
 785 
 786         for (i = 0; i < 16; i++)
 787                 out[i] = sbox(in[i]);
 788 }
 789 
 790 static void shift_row(u8 *in, u8 *out)
 791 {
 792         out[0] =  in[0];
 793         out[1] =  in[5];
 794         out[2] =  in[10];
 795         out[3] =  in[15];
 796         out[4] =  in[4];
 797         out[5] =  in[9];
 798         out[6] =  in[14];
 799         out[7] =  in[3];
 800         out[8] =  in[8];
 801         out[9] =  in[13];
 802         out[10] = in[2];
 803         out[11] = in[7];
 804         out[12] = in[12];
 805         out[13] = in[1];
 806         out[14] = in[6];
 807         out[15] = in[11];
 808 }
 809 
 810 static void mix_column(u8 *in, u8 *out)
 811 {
 812         sint i;
 813         u8 add1b[4];
 814         u8 add1bf7[4];
 815         u8 rotl[4];
 816         u8 swap_halves[4];
 817         u8 andf7[4];
 818         u8 rotr[4];
 819         u8 temp[4];
 820         u8 tempb[4];
 821 
 822         for (i = 0; i < 4; i++) {
 823                 if ((in[i] & 0x80) == 0x80)
 824                         add1b[i] = 0x1b;
 825                 else
 826                         add1b[i] = 0x00;
 827         }
 828         swap_halves[0] = in[2];    /* Swap halves */
 829         swap_halves[1] = in[3];
 830         swap_halves[2] = in[0];
 831         swap_halves[3] = in[1];
 832         rotl[0] = in[3];        /* Rotate left 8 bits */
 833         rotl[1] = in[0];
 834         rotl[2] = in[1];
 835         rotl[3] = in[2];
 836         andf7[0] = in[0] & 0x7f;
 837         andf7[1] = in[1] & 0x7f;
 838         andf7[2] = in[2] & 0x7f;
 839         andf7[3] = in[3] & 0x7f;
 840         for (i = 3; i > 0; i--) {   /* logical shift left 1 bit */
 841                 andf7[i] = andf7[i] << 1;
 842                 if ((andf7[i - 1] & 0x80) == 0x80)
 843                         andf7[i] = (andf7[i] | 0x01);
 844         }
 845         andf7[0] = andf7[0] << 1;
 846         andf7[0] = andf7[0] & 0xfe;
 847         xor_32(add1b, andf7, add1bf7);
 848         xor_32(in, add1bf7, rotr);
 849         temp[0] = rotr[0];         /* Rotate right 8 bits */
 850         rotr[0] = rotr[1];
 851         rotr[1] = rotr[2];
 852         rotr[2] = rotr[3];
 853         rotr[3] = temp[0];
 854         xor_32(add1bf7, rotr, temp);
 855         xor_32(swap_halves, rotl, tempb);
 856         xor_32(temp, tempb, out);
 857 }
 858 
 859 static void aes128k128d(u8 *key, u8 *data, u8 *ciphertext)
 860 {
 861         sint round;
 862         sint i;
 863         u8 intermediatea[16];
 864         u8 intermediateb[16];
 865         u8 round_key[16];
 866 
 867         for (i = 0; i < 16; i++)
 868                 round_key[i] = key[i];
 869         for (round = 0; round < 11; round++) {
 870                 if (round == 0) {
 871                         xor_128(round_key, data, ciphertext);
 872                         next_key(round_key, round);
 873                 } else if (round == 10) {
 874                         byte_sub(ciphertext, intermediatea);
 875                         shift_row(intermediatea, intermediateb);
 876                         xor_128(intermediateb, round_key, ciphertext);
 877                 } else {   /* 1 - 9 */
 878                         byte_sub(ciphertext, intermediatea);
 879                         shift_row(intermediatea, intermediateb);
 880                         mix_column(&intermediateb[0], &intermediatea[0]);
 881                         mix_column(&intermediateb[4], &intermediatea[4]);
 882                         mix_column(&intermediateb[8], &intermediatea[8]);
 883                         mix_column(&intermediateb[12], &intermediatea[12]);
 884                         xor_128(intermediatea, round_key, ciphertext);
 885                         next_key(round_key, round);
 886                 }
 887         }
 888 }
 889 
 890 /************************************************/
 891 /* construct_mic_iv()                           */
 892 /* Builds the MIC IV from header fields and PN  */
 893 /************************************************/
 894 static void construct_mic_iv(u8 *mic_iv, sint qc_exists, sint a4_exists,
 895                              u8 *mpdu, uint payload_length, u8 *pn_vector)
 896 {
 897         sint i;
 898 
 899         mic_iv[0] = 0x59;
 900         if (qc_exists && a4_exists)
 901                 mic_iv[1] = mpdu[30] & 0x0f;    /* QoS_TC           */
 902         if (qc_exists && !a4_exists)
 903                 mic_iv[1] = mpdu[24] & 0x0f;   /* mute bits 7-4    */
 904         if (!qc_exists)
 905                 mic_iv[1] = 0x00;
 906         for (i = 2; i < 8; i++)
 907                 mic_iv[i] = mpdu[i + 8];
 908         for (i = 8; i < 14; i++)
 909                 mic_iv[i] = pn_vector[13 - i]; /* mic_iv[8:13] = PN[5:0] */
 910         mic_iv[14] = (unsigned char) (payload_length / 256);
 911         mic_iv[15] = (unsigned char) (payload_length % 256);
 912 }
 913 
 914 /************************************************/
 915 /* construct_mic_header1()                      */
 916 /* Builds the first MIC header block from       */
 917 /* header fields.                               */
 918 /************************************************/
 919 static void construct_mic_header1(u8 *mic_header1, sint header_length, u8 *mpdu)
 920 {
 921         mic_header1[0] = (u8)((header_length - 2) / 256);
 922         mic_header1[1] = (u8)((header_length - 2) % 256);
 923         mic_header1[2] = mpdu[0] & 0xcf;    /* Mute CF poll & CF ack bits */
 924         /* Mute retry, more data and pwr mgt bits */
 925         mic_header1[3] = mpdu[1] & 0xc7;
 926         mic_header1[4] = mpdu[4];       /* A1 */
 927         mic_header1[5] = mpdu[5];
 928         mic_header1[6] = mpdu[6];
 929         mic_header1[7] = mpdu[7];
 930         mic_header1[8] = mpdu[8];
 931         mic_header1[9] = mpdu[9];
 932         mic_header1[10] = mpdu[10];     /* A2 */
 933         mic_header1[11] = mpdu[11];
 934         mic_header1[12] = mpdu[12];
 935         mic_header1[13] = mpdu[13];
 936         mic_header1[14] = mpdu[14];
 937         mic_header1[15] = mpdu[15];
 938 }
 939 
 940 /************************************************/
 941 /* construct_mic_header2()                      */
 942 /* Builds the last MIC header block from        */
 943 /* header fields.                               */
 944 /************************************************/
 945 static void construct_mic_header2(u8 *mic_header2, u8 *mpdu, sint a4_exists,
 946                            sint qc_exists)
 947 {
 948         sint i;
 949 
 950         for (i = 0; i < 16; i++)
 951                 mic_header2[i] = 0x00;
 952         mic_header2[0] = mpdu[16];    /* A3 */
 953         mic_header2[1] = mpdu[17];
 954         mic_header2[2] = mpdu[18];
 955         mic_header2[3] = mpdu[19];
 956         mic_header2[4] = mpdu[20];
 957         mic_header2[5] = mpdu[21];
 958         mic_header2[6] = 0x00;
 959         mic_header2[7] = 0x00; /* mpdu[23]; */
 960         if (!qc_exists && a4_exists)
 961                 for (i = 0; i < 6; i++)
 962                         mic_header2[8 + i] = mpdu[24 + i];   /* A4 */
 963         if (qc_exists && !a4_exists) {
 964                 mic_header2[8] = mpdu[24] & 0x0f; /* mute bits 15 - 4 */
 965                 mic_header2[9] = mpdu[25] & 0x00;
 966         }
 967         if (qc_exists && a4_exists) {
 968                 for (i = 0; i < 6; i++)
 969                         mic_header2[8 + i] = mpdu[24 + i];   /* A4 */
 970                 mic_header2[14] = mpdu[30] & 0x0f;
 971                 mic_header2[15] = mpdu[31] & 0x00;
 972         }
 973 }
 974 
 975 /************************************************/
 976 /* construct_mic_header2()                      */
 977 /* Builds the last MIC header block from        */
 978 /* header fields.                               */
 979 /************************************************/
 980 static void construct_ctr_preload(u8 *ctr_preload,
 981                                   sint a4_exists, sint qc_exists,
 982                                   u8 *mpdu, u8 *pn_vector, sint c)
 983 {
 984         sint i;
 985 
 986         for (i = 0; i < 16; i++)
 987                 ctr_preload[i] = 0x00;
 988         i = 0;
 989         ctr_preload[0] = 0x01;    /* flag */
 990         if (qc_exists && a4_exists)
 991                 ctr_preload[1] = mpdu[30] & 0x0f;
 992         if (qc_exists && !a4_exists)
 993                 ctr_preload[1] = mpdu[24] & 0x0f;
 994         for (i = 2; i < 8; i++)
 995                 ctr_preload[i] = mpdu[i + 8];
 996         for (i = 8; i < 14; i++)
 997                 ctr_preload[i] = pn_vector[13 - i];
 998         ctr_preload[14] = (unsigned char) (c / 256); /* Ctr */
 999         ctr_preload[15] = (unsigned char) (c % 256);
1000 }
1001 
1002 /************************************/
1003 /* bitwise_xor()                    */
1004 /* A 128 bit, bitwise exclusive or  */
1005 /************************************/
1006 static void bitwise_xor(u8 *ina, u8 *inb, u8 *out)
1007 {
1008         sint i;
1009 
1010         for (i = 0; i < 16; i++)
1011                 out[i] = ina[i] ^ inb[i];
1012 }
1013 
1014 static void aes_cipher(u8 *key, uint hdrlen,
1015                        u8 *pframe, uint plen)
1016 {
1017         uint qc_exists, a4_exists, i, j, payload_remainder;
1018         uint num_blocks, payload_index;
1019 
1020         u8 pn_vector[6];
1021         u8 mic_iv[16];
1022         u8 mic_header1[16];
1023         u8 mic_header2[16];
1024         u8 ctr_preload[16];
1025 
1026         /* Intermediate Buffers */
1027         u8 chain_buffer[16];
1028         u8 aes_out[16];
1029         u8 padded_buffer[16];
1030         u8 mic[8];
1031         u16 frtype  = GetFrameType(pframe);
1032         u16 frsubtype  = GetFrameSubType(pframe);
1033 
1034         frsubtype >>= 4;
1035         memset((void *)mic_iv, 0, 16);
1036         memset((void *)mic_header1, 0, 16);
1037         memset((void *)mic_header2, 0, 16);
1038         memset((void *)ctr_preload, 0, 16);
1039         memset((void *)chain_buffer, 0, 16);
1040         memset((void *)aes_out, 0, 16);
1041         memset((void *)padded_buffer, 0, 16);
1042 
1043         if ((hdrlen == WLAN_HDR_A3_LEN) || (hdrlen ==  WLAN_HDR_A3_QOS_LEN))
1044                 a4_exists = 0;
1045         else
1046                 a4_exists = 1;
1047 
1048         if ((frtype == WIFI_DATA_CFACK) ||
1049              (frtype == WIFI_DATA_CFPOLL) ||
1050              (frtype == WIFI_DATA_CFACKPOLL)) {
1051                 qc_exists = 1;
1052                 if (hdrlen !=  WLAN_HDR_A3_QOS_LEN)
1053                         hdrlen += 2;
1054         } else if ((frsubtype == 0x08) ||
1055                    (frsubtype == 0x09) ||
1056                    (frsubtype == 0x0a) ||
1057                    (frsubtype == 0x0b)) {
1058                 if (hdrlen !=  WLAN_HDR_A3_QOS_LEN)
1059                         hdrlen += 2;
1060                 qc_exists = 1;
1061         } else {
1062                 qc_exists = 0;
1063         }
1064         pn_vector[0] = pframe[hdrlen];
1065         pn_vector[1] = pframe[hdrlen + 1];
1066         pn_vector[2] = pframe[hdrlen + 4];
1067         pn_vector[3] = pframe[hdrlen + 5];
1068         pn_vector[4] = pframe[hdrlen + 6];
1069         pn_vector[5] = pframe[hdrlen + 7];
1070         construct_mic_iv(mic_iv, qc_exists, a4_exists, pframe, plen, pn_vector);
1071         construct_mic_header1(mic_header1, hdrlen, pframe);
1072         construct_mic_header2(mic_header2, pframe, a4_exists, qc_exists);
1073         payload_remainder = plen % 16;
1074         num_blocks = plen / 16;
1075         /* Find start of payload */
1076         payload_index = hdrlen + 8;
1077         /* Calculate MIC */
1078         aes128k128d(key, mic_iv, aes_out);
1079         bitwise_xor(aes_out, mic_header1, chain_buffer);
1080         aes128k128d(key, chain_buffer, aes_out);
1081         bitwise_xor(aes_out, mic_header2, chain_buffer);
1082         aes128k128d(key, chain_buffer, aes_out);
1083         for (i = 0; i < num_blocks; i++) {
1084                 bitwise_xor(aes_out, &pframe[payload_index], chain_buffer);
1085                 payload_index += 16;
1086                 aes128k128d(key, chain_buffer, aes_out);
1087         }
1088         /* Add on the final payload block if it needs padding */
1089         if (payload_remainder > 0) {
1090                 for (j = 0; j < 16; j++)
1091                         padded_buffer[j] = 0x00;
1092                 for (j = 0; j < payload_remainder; j++)
1093                         padded_buffer[j] = pframe[payload_index++];
1094                 bitwise_xor(aes_out, padded_buffer, chain_buffer);
1095                 aes128k128d(key, chain_buffer, aes_out);
1096         }
1097         for (j = 0; j < 8; j++)
1098                 mic[j] = aes_out[j];
1099         /* Insert MIC into payload */
1100         for (j = 0; j < 8; j++)
1101                 pframe[payload_index + j] = mic[j];
1102         payload_index = hdrlen + 8;
1103         for (i = 0; i < num_blocks; i++) {
1104                 construct_ctr_preload(ctr_preload, a4_exists, qc_exists,
1105                                       pframe, pn_vector, i + 1);
1106                 aes128k128d(key, ctr_preload, aes_out);
1107                 bitwise_xor(aes_out, &pframe[payload_index], chain_buffer);
1108                 for (j = 0; j < 16; j++)
1109                         pframe[payload_index++] = chain_buffer[j];
1110         }
1111         if (payload_remainder > 0) {  /* If short final block, then pad it,*/
1112                                       /* encrypt and copy unpadded part back */
1113                 construct_ctr_preload(ctr_preload, a4_exists, qc_exists,
1114                                       pframe, pn_vector, num_blocks + 1);
1115                 for (j = 0; j < 16; j++)
1116                         padded_buffer[j] = 0x00;
1117                 for (j = 0; j < payload_remainder; j++)
1118                         padded_buffer[j] = pframe[payload_index + j];
1119                 aes128k128d(key, ctr_preload, aes_out);
1120                 bitwise_xor(aes_out, padded_buffer, chain_buffer);
1121                 for (j = 0; j < payload_remainder; j++)
1122                         pframe[payload_index++] = chain_buffer[j];
1123         }
1124         /* Encrypt the MIC */
1125         construct_ctr_preload(ctr_preload, a4_exists, qc_exists,
1126                               pframe, pn_vector, 0);
1127         for (j = 0; j < 16; j++)
1128                 padded_buffer[j] = 0x00;
1129         for (j = 0; j < 8; j++)
1130                 padded_buffer[j] = pframe[j + hdrlen + 8 + plen];
1131         aes128k128d(key, ctr_preload, aes_out);
1132         bitwise_xor(aes_out, padded_buffer, chain_buffer);
1133         for (j = 0; j < 8; j++)
1134                 pframe[payload_index++] = chain_buffer[j];
1135 }
1136 
1137 u32 r8712_aes_encrypt(struct _adapter *padapter, u8 *pxmitframe)
1138 {       /* exclude ICV */
1139         /* Intermediate Buffers */
1140         sint    curfragnum, length;
1141         u8      *pframe, *prwskey;
1142         struct  sta_info *stainfo;
1143         struct  pkt_attrib  *pattrib = &((struct xmit_frame *)
1144                                        pxmitframe)->attrib;
1145         struct  xmit_priv *pxmitpriv = &padapter->xmitpriv;
1146         u32 res = _SUCCESS;
1147 
1148         if (((struct xmit_frame *)pxmitframe)->buf_addr == NULL)
1149                 return _FAIL;
1150         pframe = ((struct xmit_frame *)pxmitframe)->buf_addr + TXDESC_OFFSET;
1151         /* 4 start to encrypt each fragment */
1152         if (pattrib->encrypt == _AES_) {
1153                 if (pattrib->psta)
1154                         stainfo = pattrib->psta;
1155                 else
1156                         stainfo = r8712_get_stainfo(&padapter->stapriv,
1157                                   &pattrib->ra[0]);
1158                 if (stainfo != NULL) {
1159                         prwskey = &stainfo->x_UncstKey.skey[0];
1160                         for (curfragnum = 0; curfragnum < pattrib->nr_frags;
1161                              curfragnum++) {
1162                                 if ((curfragnum + 1) == pattrib->nr_frags) {
1163                                         length = pattrib->last_txcmdsz -
1164                                                  pattrib->hdrlen -
1165                                                  pattrib->iv_len -
1166                                                  pattrib->icv_len;
1167                                         aes_cipher(prwskey, pattrib->hdrlen,
1168                                                    pframe, length);
1169                                 } else {
1170                                         length = pxmitpriv->frag_len -
1171                                                  pattrib->hdrlen -
1172                                                  pattrib->iv_len -
1173                                                  pattrib->icv_len;
1174                                         aes_cipher(prwskey, pattrib->hdrlen,
1175                                                    pframe, length);
1176                                         pframe += pxmitpriv->frag_len;
1177                                         pframe = (u8 *)RND4((addr_t)(pframe));
1178                                 }
1179                         }
1180                 } else {
1181                         res = _FAIL;
1182                 }
1183         }
1184         return res;
1185 }
1186 
1187 static void aes_decipher(u8 *key, uint hdrlen,
1188                          u8 *pframe, uint plen)
1189 {
1190         static u8 message[MAX_MSG_SIZE];
1191         uint qc_exists, a4_exists, i, j, payload_remainder;
1192         uint num_blocks, payload_index;
1193         u8 pn_vector[6];
1194         u8 mic_iv[16];
1195         u8 mic_header1[16];
1196         u8 mic_header2[16];
1197         u8 ctr_preload[16];
1198         /* Intermediate Buffers */
1199         u8 chain_buffer[16];
1200         u8 aes_out[16];
1201         u8 padded_buffer[16];
1202         u8 mic[8];
1203         uint frtype  = GetFrameType(pframe);
1204         uint frsubtype  = GetFrameSubType(pframe);
1205 
1206         frsubtype >>= 4;
1207         memset((void *)mic_iv, 0, 16);
1208         memset((void *)mic_header1, 0, 16);
1209         memset((void *)mic_header2, 0, 16);
1210         memset((void *)ctr_preload, 0, 16);
1211         memset((void *)chain_buffer, 0, 16);
1212         memset((void *)aes_out, 0, 16);
1213         memset((void *)padded_buffer, 0, 16);
1214         /* start to decrypt the payload */
1215         /*(plen including llc, payload and mic) */
1216         num_blocks = (plen - 8) / 16;
1217         payload_remainder = (plen - 8) % 16;
1218         pn_vector[0] = pframe[hdrlen];
1219         pn_vector[1] = pframe[hdrlen + 1];
1220         pn_vector[2] = pframe[hdrlen + 4];
1221         pn_vector[3] = pframe[hdrlen + 5];
1222         pn_vector[4] = pframe[hdrlen + 6];
1223         pn_vector[5] = pframe[hdrlen + 7];
1224         if ((hdrlen == WLAN_HDR_A3_LEN) || (hdrlen ==  WLAN_HDR_A3_QOS_LEN))
1225                 a4_exists = 0;
1226         else
1227                 a4_exists = 1;
1228         if ((frtype == WIFI_DATA_CFACK) ||
1229             (frtype == WIFI_DATA_CFPOLL) ||
1230             (frtype == WIFI_DATA_CFACKPOLL)) {
1231                 qc_exists = 1;
1232                 if (hdrlen != WLAN_HDR_A3_QOS_LEN)
1233                         hdrlen += 2;
1234         } else if ((frsubtype == 0x08) ||
1235                    (frsubtype == 0x09) ||
1236                    (frsubtype == 0x0a) ||
1237                    (frsubtype == 0x0b)) {
1238                 if (hdrlen != WLAN_HDR_A3_QOS_LEN)
1239                         hdrlen += 2;
1240                 qc_exists = 1;
1241         } else {
1242                 qc_exists = 0;
1243         }
1244         /* now, decrypt pframe with hdrlen offset and plen long */
1245         payload_index = hdrlen + 8; /* 8 is for extiv */
1246         for (i = 0; i < num_blocks; i++) {
1247                 construct_ctr_preload(ctr_preload, a4_exists, qc_exists,
1248                                       pframe, pn_vector, i + 1);
1249                 aes128k128d(key, ctr_preload, aes_out);
1250                 bitwise_xor(aes_out, &pframe[payload_index], chain_buffer);
1251                 for (j = 0; j < 16; j++)
1252                         pframe[payload_index++] = chain_buffer[j];
1253         }
1254         if (payload_remainder > 0) {  /* If short final block, pad it,*/
1255                 /* encrypt it and copy the unpadded part back   */
1256                 construct_ctr_preload(ctr_preload, a4_exists, qc_exists,
1257                                       pframe, pn_vector, num_blocks + 1);
1258                 for (j = 0; j < 16; j++)
1259                         padded_buffer[j] = 0x00;
1260                 for (j = 0; j < payload_remainder; j++)
1261                         padded_buffer[j] = pframe[payload_index + j];
1262                 aes128k128d(key, ctr_preload, aes_out);
1263                 bitwise_xor(aes_out, padded_buffer, chain_buffer);
1264                 for (j = 0; j < payload_remainder; j++)
1265                         pframe[payload_index++] = chain_buffer[j];
1266         }
1267         /* start to calculate the mic */
1268         memcpy((void *)message, pframe, (hdrlen + plen + 8));
1269         pn_vector[0] = pframe[hdrlen];
1270         pn_vector[1] = pframe[hdrlen + 1];
1271         pn_vector[2] = pframe[hdrlen + 4];
1272         pn_vector[3] = pframe[hdrlen + 5];
1273         pn_vector[4] = pframe[hdrlen + 6];
1274         pn_vector[5] = pframe[hdrlen + 7];
1275         construct_mic_iv(mic_iv, qc_exists, a4_exists, message, plen - 8,
1276                          pn_vector);
1277         construct_mic_header1(mic_header1, hdrlen, message);
1278         construct_mic_header2(mic_header2, message, a4_exists, qc_exists);
1279         payload_remainder = (plen - 8) % 16;
1280         num_blocks = (plen - 8) / 16;
1281         /* Find start of payload */
1282         payload_index = hdrlen + 8;
1283         /* Calculate MIC */
1284         aes128k128d(key, mic_iv, aes_out);
1285         bitwise_xor(aes_out, mic_header1, chain_buffer);
1286         aes128k128d(key, chain_buffer, aes_out);
1287         bitwise_xor(aes_out, mic_header2, chain_buffer);
1288         aes128k128d(key, chain_buffer, aes_out);
1289         for (i = 0; i < num_blocks; i++) {
1290                 bitwise_xor(aes_out, &message[payload_index], chain_buffer);
1291                 payload_index += 16;
1292                 aes128k128d(key, chain_buffer, aes_out);
1293         }
1294         /* Add on the final payload block if it needs padding */
1295         if (payload_remainder > 0) {
1296                 for (j = 0; j < 16; j++)
1297                         padded_buffer[j] = 0x00;
1298                 for (j = 0; j < payload_remainder; j++)
1299                         padded_buffer[j] = message[payload_index++];
1300                 bitwise_xor(aes_out, padded_buffer, chain_buffer);
1301                 aes128k128d(key, chain_buffer, aes_out);
1302         }
1303         for (j = 0; j < 8; j++)
1304                 mic[j] = aes_out[j];
1305         /* Insert MIC into payload */
1306         for (j = 0; j < 8; j++)
1307                 message[payload_index + j] = mic[j];
1308         payload_index = hdrlen + 8;
1309         for (i = 0; i < num_blocks; i++) {
1310                 construct_ctr_preload(ctr_preload, a4_exists, qc_exists,
1311                                       message, pn_vector, i + 1);
1312                 aes128k128d(key, ctr_preload, aes_out);
1313                 bitwise_xor(aes_out, &message[payload_index], chain_buffer);
1314                 for (j = 0; j < 16; j++)
1315                         message[payload_index++] = chain_buffer[j];
1316         }
1317         if (payload_remainder > 0) { /* If short final block, pad it,*/
1318                                      /* encrypt and copy unpadded part back */
1319                 construct_ctr_preload(ctr_preload, a4_exists, qc_exists,
1320                                       message, pn_vector, num_blocks + 1);
1321                 for (j = 0; j < 16; j++)
1322                         padded_buffer[j] = 0x00;
1323                 for (j = 0; j < payload_remainder; j++)
1324                         padded_buffer[j] = message[payload_index + j];
1325                 aes128k128d(key, ctr_preload, aes_out);
1326                 bitwise_xor(aes_out, padded_buffer, chain_buffer);
1327                 for (j = 0; j < payload_remainder; j++)
1328                         message[payload_index++] = chain_buffer[j];
1329         }
1330         /* Encrypt the MIC */
1331         construct_ctr_preload(ctr_preload, a4_exists, qc_exists, message,
1332                               pn_vector, 0);
1333         for (j = 0; j < 16; j++)
1334                 padded_buffer[j] = 0x00;
1335         for (j = 0; j < 8; j++)
1336                 padded_buffer[j] = message[j + hdrlen + plen];
1337         aes128k128d(key, ctr_preload, aes_out);
1338         bitwise_xor(aes_out, padded_buffer, chain_buffer);
1339         for (j = 0; j < 8; j++)
1340                 message[payload_index++] = chain_buffer[j];
1341         /* compare the mic */
1342 }
1343 
1344 void r8712_aes_decrypt(struct _adapter *padapter, u8 *precvframe)
1345 {       /* exclude ICV */
1346         /* Intermediate Buffers */
1347         sint            length;
1348         u8      *pframe, *prwskey, *iv, idx;
1349         struct  sta_info *stainfo;
1350         struct  rx_pkt_attrib *prxattrib = &((union recv_frame *)
1351                                            precvframe)->u.hdr.attrib;
1352         struct  security_priv *psecuritypriv = &padapter->securitypriv;
1353 
1354         pframe = (unsigned char *)((union recv_frame *)precvframe)->
1355                  u.hdr.rx_data;
1356         /* 4 start to encrypt each fragment */
1357         if (prxattrib->encrypt == _AES_) {
1358                 stainfo = r8712_get_stainfo(&padapter->stapriv,
1359                                             &prxattrib->ta[0]);
1360                 if (stainfo != NULL) {
1361                         if (is_multicast_ether_addr(prxattrib->ra)) {
1362                                 iv = pframe + prxattrib->hdrlen;
1363                                 idx = iv[3];
1364                                 prwskey = &psecuritypriv->XGrpKey[
1365                                           ((idx >> 6) & 0x3) - 1].skey[0];
1366                                 if (!psecuritypriv->binstallGrpkey)
1367                                         return;
1368 
1369                         } else {
1370                                 prwskey = &stainfo->x_UncstKey.skey[0];
1371                         }
1372                         length = ((union recv_frame *)precvframe)->
1373                                  u.hdr.len - prxattrib->hdrlen -
1374                                  prxattrib->iv_len;
1375                         aes_decipher(prwskey, prxattrib->hdrlen, pframe,
1376                                      length);
1377                 }
1378         }
1379 }
1380 
1381 void r8712_use_tkipkey_handler(struct timer_list *t)
1382 {
1383         struct _adapter *padapter =
1384                 from_timer(padapter, t, securitypriv.tkip_timer);
1385 
1386         padapter->securitypriv.busetkipkey = true;
1387 }

/* [<][>][^][v][top][bottom][index][help] */