This source file includes following definitions.
- arcfour_init
- arcfour_byte
- arcfour_encrypt
- crc32_reverseBit
- crc32_init
- getcrc32
- rtw_wep_encrypt
- rtw_wep_decrypt
- secmicgetuint32
- secmicputuint32
- secmicclear
- rtw_secmicsetkey
- rtw_secmicappendbyte
- rtw_secmicappend
- rtw_secgetmic
- rtw_seccalctkipmic
- phase1
- phase2
- rtw_tkip_encrypt
- rtw_tkip_decrypt
- xor_128
- xor_32
- sbox
- next_key
- byte_sub
- shift_row
- mix_column
- aes128k128d
- construct_mic_iv
- construct_mic_header1
- construct_mic_header2
- construct_ctr_preload
- bitwise_xor
- aes_cipher
- rtw_aes_encrypt
- rtw_aes_decrypt
1
2
3
4
5
6
7 #define _RTW_SECURITY_C_
8
9 #include <osdep_service.h>
10 #include <drv_types.h>
11 #include <wifi.h>
12 #include <osdep_intf.h>
13 #include <net/lib80211.h>
14
15
16
17 #define CRC32_POLY 0x04c11db7
18
19 struct arc4context {
20 u32 x;
21 u32 y;
22 u8 state[256];
23 };
24
25 static void arcfour_init(struct arc4context *parc4ctx, u8 *key, u32 key_len)
26 {
27 u32 t, u;
28 u32 keyindex;
29 u32 stateindex;
30 u8 *state;
31 u32 counter;
32
33 state = parc4ctx->state;
34 parc4ctx->x = 0;
35 parc4ctx->y = 0;
36 for (counter = 0; counter < 256; counter++)
37 state[counter] = (u8)counter;
38 keyindex = 0;
39 stateindex = 0;
40 for (counter = 0; counter < 256; counter++) {
41 t = state[counter];
42 stateindex = (stateindex + key[keyindex] + t) & 0xff;
43 u = state[stateindex];
44 state[stateindex] = (u8)t;
45 state[counter] = (u8)u;
46 if (++keyindex >= key_len)
47 keyindex = 0;
48 }
49 }
50
51 static u32 arcfour_byte(struct arc4context *parc4ctx)
52 {
53 u32 x;
54 u32 y;
55 u32 sx, sy;
56 u8 *state;
57
58 state = parc4ctx->state;
59 x = (parc4ctx->x + 1) & 0xff;
60 sx = state[x];
61 y = (sx + parc4ctx->y) & 0xff;
62 sy = state[y];
63 parc4ctx->x = x;
64 parc4ctx->y = y;
65 state[y] = (u8)sx;
66 state[x] = (u8)sy;
67 return state[(sx + sy) & 0xff];
68 }
69
70 static void arcfour_encrypt(struct arc4context *parc4ctx, u8 *dest, u8 *src, u32 len)
71 {
72 u32 i;
73
74 for (i = 0; i < len; i++)
75 dest[i] = src[i] ^ (unsigned char)arcfour_byte(parc4ctx);
76 }
77
78 static int bcrc32initialized;
79 static u32 crc32_table[256];
80
81 static u8 crc32_reverseBit(u8 data)
82 {
83 return (u8)((data<<7)&0x80) | ((data<<5)&0x40) | ((data<<3)&0x20) |
84 ((data<<1)&0x10) | ((data>>1)&0x08) | ((data>>3)&0x04) |
85 ((data>>5)&0x02) | ((data>>7)&0x01);
86 }
87
88 static void crc32_init(void)
89 {
90 int i, j;
91 u32 c;
92 u8 *p = (u8 *)&c, *p1;
93 u8 k;
94
95 if (bcrc32initialized == 1)
96 return;
97
98 c = 0x12340000;
99
100 for (i = 0; i < 256; ++i) {
101 k = crc32_reverseBit((u8)i);
102 for (c = ((u32)k) << 24, j = 8; j > 0; --j)
103 c = c & 0x80000000 ? (c << 1) ^ CRC32_POLY : (c << 1);
104 p1 = (u8 *)&crc32_table[i];
105
106 p1[0] = crc32_reverseBit(p[3]);
107 p1[1] = crc32_reverseBit(p[2]);
108 p1[2] = crc32_reverseBit(p[1]);
109 p1[3] = crc32_reverseBit(p[0]);
110 }
111 bcrc32initialized = 1;
112 }
113
114 static __le32 getcrc32(u8 *buf, int len)
115 {
116 u8 *p;
117 u32 crc;
118
119 if (bcrc32initialized == 0)
120 crc32_init();
121
122 crc = 0xffffffff;
123
124 for (p = buf; len > 0; ++p, --len)
125 crc = crc32_table[(crc ^ *p) & 0xff] ^ (crc >> 8);
126 return cpu_to_le32(~crc);
127 }
128
129
130
131
132 void rtw_wep_encrypt(struct adapter *padapter, u8 *pxmitframe)
133 {
134 int curfragnum, length;
135 u8 *pframe;
136 u8 hw_hdr_offset = 0;
137 struct pkt_attrib *pattrib = &((struct xmit_frame *)pxmitframe)->attrib;
138 struct security_priv *psecuritypriv = &padapter->securitypriv;
139 struct xmit_priv *pxmitpriv = &padapter->xmitpriv;
140 const int keyindex = psecuritypriv->dot11PrivacyKeyIndex;
141 void *crypto_private;
142 struct sk_buff *skb;
143 struct lib80211_crypto_ops *crypto_ops;
144
145 if (((struct xmit_frame *)pxmitframe)->buf_addr == NULL)
146 return;
147
148 if ((pattrib->encrypt != _WEP40_) && (pattrib->encrypt != _WEP104_))
149 return;
150
151 hw_hdr_offset = TXDESC_SIZE +
152 (((struct xmit_frame *)pxmitframe)->pkt_offset * PACKET_OFFSET_SZ);
153
154 pframe = ((struct xmit_frame *)pxmitframe)->buf_addr + hw_hdr_offset;
155
156 crypto_ops = lib80211_get_crypto_ops("WEP");
157
158 if (!crypto_ops)
159 return;
160
161 crypto_private = crypto_ops->init(keyindex);
162 if (!crypto_private)
163 return;
164
165 if (crypto_ops->set_key(psecuritypriv->dot11DefKey[keyindex].skey,
166 psecuritypriv->dot11DefKeylen[keyindex], NULL, crypto_private) < 0)
167 goto free_crypto_private;
168
169 for (curfragnum = 0; curfragnum < pattrib->nr_frags; curfragnum++) {
170 if (curfragnum + 1 == pattrib->nr_frags)
171 length = pattrib->last_txcmdsz;
172 else
173 length = pxmitpriv->frag_len;
174 skb = dev_alloc_skb(length);
175 if (!skb)
176 goto free_crypto_private;
177
178 skb_put_data(skb, pframe, length);
179
180 memmove(skb->data + 4, skb->data, pattrib->hdrlen);
181 skb_pull(skb, 4);
182 skb_trim(skb, skb->len - 4);
183
184 if (crypto_ops->encrypt_mpdu(skb, pattrib->hdrlen, crypto_private)) {
185 kfree_skb(skb);
186 goto free_crypto_private;
187 }
188
189 memcpy(pframe, skb->data, skb->len);
190
191 pframe += skb->len;
192 pframe = (u8 *)round_up((size_t)(pframe), 4);
193
194 kfree_skb(skb);
195 }
196
197 free_crypto_private:
198 crypto_ops->deinit(crypto_private);
199 }
200
201 int rtw_wep_decrypt(struct adapter *padapter, u8 *precvframe)
202 {
203 struct rx_pkt_attrib *prxattrib = &(((struct recv_frame *)precvframe)->attrib);
204
205 if ((prxattrib->encrypt == _WEP40_) || (prxattrib->encrypt == _WEP104_)) {
206 struct security_priv *psecuritypriv = &padapter->securitypriv;
207 struct sk_buff *skb = ((struct recv_frame *)precvframe)->pkt;
208 u8 *pframe = skb->data;
209 void *crypto_private = NULL;
210 int status = _SUCCESS;
211 const int keyindex = prxattrib->key_index;
212 struct lib80211_crypto_ops *crypto_ops = lib80211_get_crypto_ops("WEP");
213 char iv[4], icv[4];
214
215 if (!crypto_ops) {
216 status = _FAIL;
217 goto exit;
218 }
219
220 memcpy(iv, pframe + prxattrib->hdrlen, 4);
221 memcpy(icv, pframe + skb->len - 4, 4);
222
223 crypto_private = crypto_ops->init(keyindex);
224 if (!crypto_private) {
225 status = _FAIL;
226 goto exit;
227 }
228 if (crypto_ops->set_key(psecuritypriv->dot11DefKey[keyindex].skey,
229 psecuritypriv->dot11DefKeylen[keyindex], NULL, crypto_private) < 0) {
230 status = _FAIL;
231 goto exit;
232 }
233 if (crypto_ops->decrypt_mpdu(skb, prxattrib->hdrlen, crypto_private)) {
234 status = _FAIL;
235 goto exit;
236 }
237
238 memmove(pframe, pframe + 4, prxattrib->hdrlen);
239 skb_push(skb, 4);
240 skb_put(skb, 4);
241
242 memcpy(pframe + prxattrib->hdrlen, iv, 4);
243 memcpy(pframe + skb->len - 4, icv, 4);
244
245 exit:
246 if (crypto_ops && crypto_private)
247 crypto_ops->deinit(crypto_private);
248 return status;
249 }
250
251 return _FAIL;
252 }
253
254
255
256 static u32 secmicgetuint32(u8 *p)
257
258 {
259 s32 i;
260 u32 res = 0;
261
262 for (i = 0; i < 4; i++)
263 res |= ((u32)(*p++)) << (8*i);
264 return res;
265 }
266
267 static void secmicputuint32(u8 *p, u32 val)
268
269 {
270 long i;
271
272 for (i = 0; i < 4; i++) {
273 *p++ = (u8)(val & 0xff);
274 val >>= 8;
275 }
276 }
277
278 static void secmicclear(struct mic_data *pmicdata)
279 {
280
281 pmicdata->L = pmicdata->K0;
282 pmicdata->R = pmicdata->K1;
283 pmicdata->nBytesInM = 0;
284 pmicdata->M = 0;
285 }
286
287 void rtw_secmicsetkey(struct mic_data *pmicdata, u8 *key)
288 {
289
290 pmicdata->K0 = secmicgetuint32(key);
291 pmicdata->K1 = secmicgetuint32(key + 4);
292
293 secmicclear(pmicdata);
294 }
295
296 void rtw_secmicappendbyte(struct mic_data *pmicdata, u8 b)
297 {
298
299 pmicdata->M |= ((unsigned long)b) << (8*pmicdata->nBytesInM);
300 pmicdata->nBytesInM++;
301
302 if (pmicdata->nBytesInM >= 4) {
303 pmicdata->L ^= pmicdata->M;
304 pmicdata->R ^= ROL32(pmicdata->L, 17);
305 pmicdata->L += pmicdata->R;
306 pmicdata->R ^= ((pmicdata->L & 0xff00ff00) >> 8) | ((pmicdata->L & 0x00ff00ff) << 8);
307 pmicdata->L += pmicdata->R;
308 pmicdata->R ^= ROL32(pmicdata->L, 3);
309 pmicdata->L += pmicdata->R;
310 pmicdata->R ^= ROR32(pmicdata->L, 2);
311 pmicdata->L += pmicdata->R;
312
313 pmicdata->M = 0;
314 pmicdata->nBytesInM = 0;
315 }
316 }
317
318 void rtw_secmicappend(struct mic_data *pmicdata, u8 *src, u32 nbytes)
319 {
320
321 while (nbytes > 0) {
322 rtw_secmicappendbyte(pmicdata, *src++);
323 nbytes--;
324 }
325 }
326
327 void rtw_secgetmic(struct mic_data *pmicdata, u8 *dst)
328 {
329
330 rtw_secmicappendbyte(pmicdata, 0x5a);
331 rtw_secmicappendbyte(pmicdata, 0);
332 rtw_secmicappendbyte(pmicdata, 0);
333 rtw_secmicappendbyte(pmicdata, 0);
334 rtw_secmicappendbyte(pmicdata, 0);
335
336 while (pmicdata->nBytesInM != 0)
337 rtw_secmicappendbyte(pmicdata, 0);
338
339 secmicputuint32(dst, pmicdata->L);
340 secmicputuint32(dst+4, pmicdata->R);
341
342 secmicclear(pmicdata);
343 }
344
345 void rtw_seccalctkipmic(u8 *key, u8 *header, u8 *data, u32 data_len, u8 *mic_code, u8 pri)
346 {
347 struct mic_data micdata;
348 u8 priority[4] = {0x0, 0x0, 0x0, 0x0};
349
350 rtw_secmicsetkey(&micdata, key);
351 priority[0] = pri;
352
353
354 if (header[1]&1) {
355 rtw_secmicappend(&micdata, &header[16], 6);
356 if (header[1]&2)
357 rtw_secmicappend(&micdata, &header[24], 6);
358 else
359 rtw_secmicappend(&micdata, &header[10], 6);
360 } else {
361 rtw_secmicappend(&micdata, &header[4], 6);
362 if (header[1]&2)
363 rtw_secmicappend(&micdata, &header[16], 6);
364 else
365 rtw_secmicappend(&micdata, &header[10], 6);
366 }
367 rtw_secmicappend(&micdata, &priority[0], 4);
368
369 rtw_secmicappend(&micdata, data, data_len);
370
371 rtw_secgetmic(&micdata, mic_code);
372 }
373
374
375
376
377 #define RotR1(v16) ((((v16) >> 1) & 0x7FFF) ^ (((v16) & 1) << 15))
378 #define Lo8(v16) ((u8)((v16) & 0x00FF))
379 #define Hi8(v16) ((u8)(((v16) >> 8) & 0x00FF))
380 #define Lo16(v32) ((u16)((v32) & 0xFFFF))
381 #define Hi16(v32) ((u16)(((v32) >> 16) & 0xFFFF))
382 #define Mk16(hi, lo) ((lo) ^ (((u16)(hi)) << 8))
383
384
385 #define TK16(N) Mk16(tk[2*(N)+1], tk[2*(N)])
386
387
388 #define _S_(v16) (Sbox1[0][Lo8(v16)] ^ Sbox1[1][Hi8(v16)])
389
390
391 #define PHASE1_LOOP_CNT 8
392 #define TA_SIZE 6
393 #define TK_SIZE 16
394 #define P1K_SIZE 10
395 #define RC4_KEY_SIZE 16
396
397
398 static const unsigned short Sbox1[2][256] = {
399 {
400 0xC6A5, 0xF884, 0xEE99, 0xF68D, 0xFF0D, 0xD6BD, 0xDEB1, 0x9154,
401 0x6050, 0x0203, 0xCEA9, 0x567D, 0xE719, 0xB562, 0x4DE6, 0xEC9A,
402 0x8F45, 0x1F9D, 0x8940, 0xFA87, 0xEF15, 0xB2EB, 0x8EC9, 0xFB0B,
403 0x41EC, 0xB367, 0x5FFD, 0x45EA, 0x23BF, 0x53F7, 0xE496, 0x9B5B,
404 0x75C2, 0xE11C, 0x3DAE, 0x4C6A, 0x6C5A, 0x7E41, 0xF502, 0x834F,
405 0x685C, 0x51F4, 0xD134, 0xF908, 0xE293, 0xAB73, 0x6253, 0x2A3F,
406 0x080C, 0x9552, 0x4665, 0x9D5E, 0x3028, 0x37A1, 0x0A0F, 0x2FB5,
407 0x0E09, 0x2436, 0x1B9B, 0xDF3D, 0xCD26, 0x4E69, 0x7FCD, 0xEA9F,
408 0x121B, 0x1D9E, 0x5874, 0x342E, 0x362D, 0xDCB2, 0xB4EE, 0x5BFB,
409 0xA4F6, 0x764D, 0xB761, 0x7DCE, 0x527B, 0xDD3E, 0x5E71, 0x1397,
410 0xA6F5, 0xB968, 0x0000, 0xC12C, 0x4060, 0xE31F, 0x79C8, 0xB6ED,
411 0xD4BE, 0x8D46, 0x67D9, 0x724B, 0x94DE, 0x98D4, 0xB0E8, 0x854A,
412 0xBB6B, 0xC52A, 0x4FE5, 0xED16, 0x86C5, 0x9AD7, 0x6655, 0x1194,
413 0x8ACF, 0xE910, 0x0406, 0xFE81, 0xA0F0, 0x7844, 0x25BA, 0x4BE3,
414 0xA2F3, 0x5DFE, 0x80C0, 0x058A, 0x3FAD, 0x21BC, 0x7048, 0xF104,
415 0x63DF, 0x77C1, 0xAF75, 0x4263, 0x2030, 0xE51A, 0xFD0E, 0xBF6D,
416 0x814C, 0x1814, 0x2635, 0xC32F, 0xBEE1, 0x35A2, 0x88CC, 0x2E39,
417 0x9357, 0x55F2, 0xFC82, 0x7A47, 0xC8AC, 0xBAE7, 0x322B, 0xE695,
418 0xC0A0, 0x1998, 0x9ED1, 0xA37F, 0x4466, 0x547E, 0x3BAB, 0x0B83,
419 0x8CCA, 0xC729, 0x6BD3, 0x283C, 0xA779, 0xBCE2, 0x161D, 0xAD76,
420 0xDB3B, 0x6456, 0x744E, 0x141E, 0x92DB, 0x0C0A, 0x486C, 0xB8E4,
421 0x9F5D, 0xBD6E, 0x43EF, 0xC4A6, 0x39A8, 0x31A4, 0xD337, 0xF28B,
422 0xD532, 0x8B43, 0x6E59, 0xDAB7, 0x018C, 0xB164, 0x9CD2, 0x49E0,
423 0xD8B4, 0xACFA, 0xF307, 0xCF25, 0xCAAF, 0xF48E, 0x47E9, 0x1018,
424 0x6FD5, 0xF088, 0x4A6F, 0x5C72, 0x3824, 0x57F1, 0x73C7, 0x9751,
425 0xCB23, 0xA17C, 0xE89C, 0x3E21, 0x96DD, 0x61DC, 0x0D86, 0x0F85,
426 0xE090, 0x7C42, 0x71C4, 0xCCAA, 0x90D8, 0x0605, 0xF701, 0x1C12,
427 0xC2A3, 0x6A5F, 0xAEF9, 0x69D0, 0x1791, 0x9958, 0x3A27, 0x27B9,
428 0xD938, 0xEB13, 0x2BB3, 0x2233, 0xD2BB, 0xA970, 0x0789, 0x33A7,
429 0x2DB6, 0x3C22, 0x1592, 0xC920, 0x8749, 0xAAFF, 0x5078, 0xA57A,
430 0x038F, 0x59F8, 0x0980, 0x1A17, 0x65DA, 0xD731, 0x84C6, 0xD0B8,
431 0x82C3, 0x29B0, 0x5A77, 0x1E11, 0x7BCB, 0xA8FC, 0x6DD6, 0x2C3A,
432 },
433
434 {
435 0xA5C6, 0x84F8, 0x99EE, 0x8DF6, 0x0DFF, 0xBDD6, 0xB1DE, 0x5491,
436 0x5060, 0x0302, 0xA9CE, 0x7D56, 0x19E7, 0x62B5, 0xE64D, 0x9AEC,
437 0x458F, 0x9D1F, 0x4089, 0x87FA, 0x15EF, 0xEBB2, 0xC98E, 0x0BFB,
438 0xEC41, 0x67B3, 0xFD5F, 0xEA45, 0xBF23, 0xF753, 0x96E4, 0x5B9B,
439 0xC275, 0x1CE1, 0xAE3D, 0x6A4C, 0x5A6C, 0x417E, 0x02F5, 0x4F83,
440 0x5C68, 0xF451, 0x34D1, 0x08F9, 0x93E2, 0x73AB, 0x5362, 0x3F2A,
441 0x0C08, 0x5295, 0x6546, 0x5E9D, 0x2830, 0xA137, 0x0F0A, 0xB52F,
442 0x090E, 0x3624, 0x9B1B, 0x3DDF, 0x26CD, 0x694E, 0xCD7F, 0x9FEA,
443 0x1B12, 0x9E1D, 0x7458, 0x2E34, 0x2D36, 0xB2DC, 0xEEB4, 0xFB5B,
444 0xF6A4, 0x4D76, 0x61B7, 0xCE7D, 0x7B52, 0x3EDD, 0x715E, 0x9713,
445 0xF5A6, 0x68B9, 0x0000, 0x2CC1, 0x6040, 0x1FE3, 0xC879, 0xEDB6,
446 0xBED4, 0x468D, 0xD967, 0x4B72, 0xDE94, 0xD498, 0xE8B0, 0x4A85,
447 0x6BBB, 0x2AC5, 0xE54F, 0x16ED, 0xC586, 0xD79A, 0x5566, 0x9411,
448 0xCF8A, 0x10E9, 0x0604, 0x81FE, 0xF0A0, 0x4478, 0xBA25, 0xE34B,
449 0xF3A2, 0xFE5D, 0xC080, 0x8A05, 0xAD3F, 0xBC21, 0x4870, 0x04F1,
450 0xDF63, 0xC177, 0x75AF, 0x6342, 0x3020, 0x1AE5, 0x0EFD, 0x6DBF,
451 0x4C81, 0x1418, 0x3526, 0x2FC3, 0xE1BE, 0xA235, 0xCC88, 0x392E,
452 0x5793, 0xF255, 0x82FC, 0x477A, 0xACC8, 0xE7BA, 0x2B32, 0x95E6,
453 0xA0C0, 0x9819, 0xD19E, 0x7FA3, 0x6644, 0x7E54, 0xAB3B, 0x830B,
454 0xCA8C, 0x29C7, 0xD36B, 0x3C28, 0x79A7, 0xE2BC, 0x1D16, 0x76AD,
455 0x3BDB, 0x5664, 0x4E74, 0x1E14, 0xDB92, 0x0A0C, 0x6C48, 0xE4B8,
456 0x5D9F, 0x6EBD, 0xEF43, 0xA6C4, 0xA839, 0xA431, 0x37D3, 0x8BF2,
457 0x32D5, 0x438B, 0x596E, 0xB7DA, 0x8C01, 0x64B1, 0xD29C, 0xE049,
458 0xB4D8, 0xFAAC, 0x07F3, 0x25CF, 0xAFCA, 0x8EF4, 0xE947, 0x1810,
459 0xD56F, 0x88F0, 0x6F4A, 0x725C, 0x2438, 0xF157, 0xC773, 0x5197,
460 0x23CB, 0x7CA1, 0x9CE8, 0x213E, 0xDD96, 0xDC61, 0x860D, 0x850F,
461 0x90E0, 0x427C, 0xC471, 0xAACC, 0xD890, 0x0506, 0x01F7, 0x121C,
462 0xA3C2, 0x5F6A, 0xF9AE, 0xD069, 0x9117, 0x5899, 0x273A, 0xB927,
463 0x38D9, 0x13EB, 0xB32B, 0x3322, 0xBBD2, 0x70A9, 0x8907, 0xA733,
464 0xB62D, 0x223C, 0x9215, 0x20C9, 0x4987, 0xFFAA, 0x7850, 0x7AA5,
465 0x8F03, 0xF859, 0x8009, 0x171A, 0xDA65, 0x31D7, 0xC684, 0xB8D0,
466 0xC382, 0xB029, 0x775A, 0x111E, 0xCB7B, 0xFCA8, 0xD66D, 0x3A2C,
467 }
468 };
469
470
471
472
473
474
475
476
477
478
479
480
481
482
483
484
485
486
487 static void phase1(u16 *p1k, const u8 *tk, const u8 *ta, u32 iv32)
488 {
489 int i;
490
491 p1k[0] = Lo16(iv32);
492 p1k[1] = Hi16(iv32);
493 p1k[2] = Mk16(ta[1], ta[0]);
494 p1k[3] = Mk16(ta[3], ta[2]);
495 p1k[4] = Mk16(ta[5], ta[4]);
496
497
498
499 for (i = 0; i < PHASE1_LOOP_CNT; i++) {
500 p1k[0] += _S_(p1k[4] ^ TK16((i&1)+0));
501 p1k[1] += _S_(p1k[0] ^ TK16((i&1)+2));
502 p1k[2] += _S_(p1k[1] ^ TK16((i&1)+4));
503 p1k[3] += _S_(p1k[2] ^ TK16((i&1)+6));
504 p1k[4] += _S_(p1k[3] ^ TK16((i&1)+0));
505 p1k[4] += (unsigned short)i;
506 }
507 }
508
509
510
511
512
513
514
515
516
517
518
519
520
521
522
523
524
525
526
527
528
529
530
531
532 static void phase2(u8 *rc4key, const u8 *tk, const u16 *p1k, u16 iv16)
533 {
534 int i;
535 u16 PPK[6];
536
537 for (i = 0; i < 5; i++)
538 PPK[i] = p1k[i];
539 PPK[5] = p1k[4] + iv16;
540
541
542 PPK[0] += _S_(PPK[5] ^ TK16(0));
543 PPK[1] += _S_(PPK[0] ^ TK16(1));
544 PPK[2] += _S_(PPK[1] ^ TK16(2));
545 PPK[3] += _S_(PPK[2] ^ TK16(3));
546 PPK[4] += _S_(PPK[3] ^ TK16(4));
547 PPK[5] += _S_(PPK[4] ^ TK16(5));
548
549
550 PPK[0] += RotR1(PPK[5] ^ TK16(6));
551 PPK[1] += RotR1(PPK[0] ^ TK16(7));
552 PPK[2] += RotR1(PPK[1]);
553 PPK[3] += RotR1(PPK[2]);
554 PPK[4] += RotR1(PPK[3]);
555 PPK[5] += RotR1(PPK[4]);
556
557
558
559
560
561
562 rc4key[0] = Hi8(iv16);
563 rc4key[1] = (Hi8(iv16) | 0x20) & 0x7F;
564 rc4key[2] = Lo8(iv16);
565 rc4key[3] = Lo8((PPK[5] ^ TK16(0)) >> 1);
566
567
568 for (i = 0; i < 6; i++) {
569 rc4key[4+2*i] = Lo8(PPK[i]);
570 rc4key[5+2*i] = Hi8(PPK[i]);
571 }
572 }
573
574
575 u32 rtw_tkip_encrypt(struct adapter *padapter, u8 *pxmitframe)
576 {
577 u16 pnl;
578 u32 pnh;
579 u8 rc4key[16];
580 u8 ttkey[16];
581 u8 crc[4];
582 u8 hw_hdr_offset = 0;
583 struct arc4context mycontext;
584 int curfragnum, length;
585
586 u8 *pframe, *payload, *iv, *prwskey;
587 union pn48 dot11txpn;
588 struct sta_info *stainfo;
589 struct pkt_attrib *pattrib = &((struct xmit_frame *)pxmitframe)->attrib;
590 struct security_priv *psecuritypriv = &padapter->securitypriv;
591 struct xmit_priv *pxmitpriv = &padapter->xmitpriv;
592 u32 res = _SUCCESS;
593
594 if (((struct xmit_frame *)pxmitframe)->buf_addr == NULL)
595 return _FAIL;
596
597 hw_hdr_offset = TXDESC_SIZE +
598 (((struct xmit_frame *)pxmitframe)->pkt_offset * PACKET_OFFSET_SZ);
599 pframe = ((struct xmit_frame *)pxmitframe)->buf_addr + hw_hdr_offset;
600
601 if (pattrib->encrypt == _TKIP_) {
602 if (pattrib->psta)
603 stainfo = pattrib->psta;
604 else
605 stainfo = rtw_get_stainfo(&padapter->stapriv, &pattrib->ra[0]);
606
607 if (stainfo != NULL) {
608 RT_TRACE(_module_rtl871x_security_c_, _drv_err_, ("%s: stainfo!= NULL!!!\n", __func__));
609
610 if (is_multicast_ether_addr(pattrib->ra))
611 prwskey = psecuritypriv->dot118021XGrpKey[psecuritypriv->dot118021XGrpKeyid].skey;
612 else
613 prwskey = &stainfo->dot118021x_UncstKey.skey[0];
614
615 for (curfragnum = 0; curfragnum < pattrib->nr_frags; curfragnum++) {
616 iv = pframe+pattrib->hdrlen;
617 payload = pframe+pattrib->iv_len+pattrib->hdrlen;
618
619 GET_TKIP_PN(iv, dot11txpn);
620
621 pnl = (u16)(dot11txpn.val);
622 pnh = (u32)(dot11txpn.val>>16);
623 phase1((u16 *)&ttkey[0], prwskey, &pattrib->ta[0], pnh);
624 phase2(&rc4key[0], prwskey, (u16 *)&ttkey[0], pnl);
625
626 if ((curfragnum+1) == pattrib->nr_frags) {
627 length = pattrib->last_txcmdsz-pattrib->hdrlen-pattrib->iv_len-pattrib->icv_len;
628 RT_TRACE(_module_rtl871x_security_c_, _drv_info_,
629 ("pattrib->iv_len=%x, pattrib->icv_len=%x\n",
630 pattrib->iv_len, pattrib->icv_len));
631 *((__le32 *)crc) = getcrc32(payload, length);
632
633 arcfour_init(&mycontext, rc4key, 16);
634 arcfour_encrypt(&mycontext, payload, payload, length);
635 arcfour_encrypt(&mycontext, payload+length, crc, 4);
636 } else {
637 length = pxmitpriv->frag_len-pattrib->hdrlen-pattrib->iv_len-pattrib->icv_len;
638 *((__le32 *)crc) = getcrc32(payload, length);
639 arcfour_init(&mycontext, rc4key, 16);
640 arcfour_encrypt(&mycontext, payload, payload, length);
641 arcfour_encrypt(&mycontext, payload+length, crc, 4);
642
643 pframe += pxmitpriv->frag_len;
644 pframe = (u8 *)round_up((size_t)(pframe), 4);
645 }
646 }
647 } else {
648 RT_TRACE(_module_rtl871x_security_c_, _drv_err_, ("%s: stainfo==NULL!!!\n", __func__));
649 res = _FAIL;
650 }
651 }
652 return res;
653 }
654
655
656 u32 rtw_tkip_decrypt(struct adapter *padapter, u8 *precvframe)
657 {
658 u16 pnl;
659 u32 pnh;
660 u8 rc4key[16];
661 u8 ttkey[16];
662 u8 crc[4];
663 struct arc4context mycontext;
664 int length;
665
666 u8 *pframe, *payload, *iv, *prwskey;
667 union pn48 dot11txpn;
668 struct sta_info *stainfo;
669 struct rx_pkt_attrib *prxattrib = &((struct recv_frame *)precvframe)->attrib;
670 struct security_priv *psecuritypriv = &padapter->securitypriv;
671 u32 res = _SUCCESS;
672
673
674 pframe = (unsigned char *)((struct recv_frame *)precvframe)->pkt->data;
675
676
677 if (prxattrib->encrypt == _TKIP_) {
678 stainfo = rtw_get_stainfo(&padapter->stapriv, &prxattrib->ta[0]);
679 if (stainfo) {
680 if (is_multicast_ether_addr(prxattrib->ra)) {
681 if (!psecuritypriv->binstallGrpkey) {
682 res = _FAIL;
683 DBG_88E("%s:rx bc/mc packets, but didn't install group key!!!!!!!!!!\n", __func__);
684 goto exit;
685 }
686 prwskey = psecuritypriv->dot118021XGrpKey[prxattrib->key_index].skey;
687 } else {
688 RT_TRACE(_module_rtl871x_security_c_, _drv_err_, ("%s: stainfo!= NULL!!!\n", __func__));
689 prwskey = &stainfo->dot118021x_UncstKey.skey[0];
690 }
691
692 iv = pframe+prxattrib->hdrlen;
693 payload = pframe+prxattrib->iv_len+prxattrib->hdrlen;
694 length = ((struct recv_frame *)precvframe)->pkt->len-prxattrib->hdrlen-prxattrib->iv_len;
695
696 GET_TKIP_PN(iv, dot11txpn);
697
698 pnl = (u16)(dot11txpn.val);
699 pnh = (u32)(dot11txpn.val>>16);
700
701 phase1((u16 *)&ttkey[0], prwskey, &prxattrib->ta[0], pnh);
702 phase2(&rc4key[0], prwskey, (unsigned short *)&ttkey[0], pnl);
703
704
705
706 arcfour_init(&mycontext, rc4key, 16);
707 arcfour_encrypt(&mycontext, payload, payload, length);
708
709 *((__le32 *)crc) = getcrc32(payload, length-4);
710
711 if (crc[3] != payload[length-1] ||
712 crc[2] != payload[length-2] ||
713 crc[1] != payload[length-3] ||
714 crc[0] != payload[length-4]) {
715 RT_TRACE(_module_rtl871x_security_c_, _drv_err_,
716 ("rtw_wep_decrypt:icv error crc (%4ph)!=payload (%4ph)\n",
717 &crc, &payload[length-4]));
718 res = _FAIL;
719 }
720 } else {
721 RT_TRACE(_module_rtl871x_security_c_, _drv_err_, ("rtw_tkip_decrypt: stainfo==NULL!!!\n"));
722 res = _FAIL;
723 }
724 }
725 exit:
726 return res;
727 }
728
729
730
731
732 #define MAX_MSG_SIZE 2048
733
734
735
736
737 static u8 sbox_table[256] = {
738 0x63, 0x7c, 0x77, 0x7b, 0xf2, 0x6b, 0x6f, 0xc5,
739 0x30, 0x01, 0x67, 0x2b, 0xfe, 0xd7, 0xab, 0x76,
740 0xca, 0x82, 0xc9, 0x7d, 0xfa, 0x59, 0x47, 0xf0,
741 0xad, 0xd4, 0xa2, 0xaf, 0x9c, 0xa4, 0x72, 0xc0,
742 0xb7, 0xfd, 0x93, 0x26, 0x36, 0x3f, 0xf7, 0xcc,
743 0x34, 0xa5, 0xe5, 0xf1, 0x71, 0xd8, 0x31, 0x15,
744 0x04, 0xc7, 0x23, 0xc3, 0x18, 0x96, 0x05, 0x9a,
745 0x07, 0x12, 0x80, 0xe2, 0xeb, 0x27, 0xb2, 0x75,
746 0x09, 0x83, 0x2c, 0x1a, 0x1b, 0x6e, 0x5a, 0xa0,
747 0x52, 0x3b, 0xd6, 0xb3, 0x29, 0xe3, 0x2f, 0x84,
748 0x53, 0xd1, 0x00, 0xed, 0x20, 0xfc, 0xb1, 0x5b,
749 0x6a, 0xcb, 0xbe, 0x39, 0x4a, 0x4c, 0x58, 0xcf,
750 0xd0, 0xef, 0xaa, 0xfb, 0x43, 0x4d, 0x33, 0x85,
751 0x45, 0xf9, 0x02, 0x7f, 0x50, 0x3c, 0x9f, 0xa8,
752 0x51, 0xa3, 0x40, 0x8f, 0x92, 0x9d, 0x38, 0xf5,
753 0xbc, 0xb6, 0xda, 0x21, 0x10, 0xff, 0xf3, 0xd2,
754 0xcd, 0x0c, 0x13, 0xec, 0x5f, 0x97, 0x44, 0x17,
755 0xc4, 0xa7, 0x7e, 0x3d, 0x64, 0x5d, 0x19, 0x73,
756 0x60, 0x81, 0x4f, 0xdc, 0x22, 0x2a, 0x90, 0x88,
757 0x46, 0xee, 0xb8, 0x14, 0xde, 0x5e, 0x0b, 0xdb,
758 0xe0, 0x32, 0x3a, 0x0a, 0x49, 0x06, 0x24, 0x5c,
759 0xc2, 0xd3, 0xac, 0x62, 0x91, 0x95, 0xe4, 0x79,
760 0xe7, 0xc8, 0x37, 0x6d, 0x8d, 0xd5, 0x4e, 0xa9,
761 0x6c, 0x56, 0xf4, 0xea, 0x65, 0x7a, 0xae, 0x08,
762 0xba, 0x78, 0x25, 0x2e, 0x1c, 0xa6, 0xb4, 0xc6,
763 0xe8, 0xdd, 0x74, 0x1f, 0x4b, 0xbd, 0x8b, 0x8a,
764 0x70, 0x3e, 0xb5, 0x66, 0x48, 0x03, 0xf6, 0x0e,
765 0x61, 0x35, 0x57, 0xb9, 0x86, 0xc1, 0x1d, 0x9e,
766 0xe1, 0xf8, 0x98, 0x11, 0x69, 0xd9, 0x8e, 0x94,
767 0x9b, 0x1e, 0x87, 0xe9, 0xce, 0x55, 0x28, 0xdf,
768 0x8c, 0xa1, 0x89, 0x0d, 0xbf, 0xe6, 0x42, 0x68,
769 0x41, 0x99, 0x2d, 0x0f, 0xb0, 0x54, 0xbb, 0x16
770 };
771
772
773
774
775
776 static void bitwise_xor(u8 *ina, u8 *inb, u8 *out);
777 static void construct_mic_iv(u8 *mic_header1, int qc_exists, int a4_exists, u8 *mpdu, uint payload_length, u8 *pn_vector);
778 static void construct_mic_header1(u8 *mic_header1, int header_length, u8 *mpdu);
779 static void construct_mic_header2(u8 *mic_header2, u8 *mpdu, int a4_exists, int qc_exists);
780 static void construct_ctr_preload(u8 *ctr_preload, int a4_exists, int qc_exists, u8 *mpdu, u8 *pn_vector, int c);
781 static void xor_128(u8 *a, u8 *b, u8 *out);
782 static void xor_32(u8 *a, u8 *b, u8 *out);
783 static u8 sbox(u8 a);
784 static void next_key(u8 *key, int round);
785 static void byte_sub(u8 *in, u8 *out);
786 static void shift_row(u8 *in, u8 *out);
787 static void mix_column(u8 *in, u8 *out);
788 static void aes128k128d(u8 *key, u8 *data, u8 *ciphertext);
789
790
791
792
793
794
795 static void xor_128(u8 *a, u8 *b, u8 *out)
796 {
797 int i;
798
799 for (i = 0; i < 16; i++)
800 out[i] = a[i] ^ b[i];
801 }
802
803 static void xor_32(u8 *a, u8 *b, u8 *out)
804 {
805 int i;
806
807 for (i = 0; i < 4; i++)
808 out[i] = a[i] ^ b[i];
809 }
810
811 static u8 sbox(u8 a)
812 {
813 return sbox_table[(int)a];
814 }
815
816 static void next_key(u8 *key, int round)
817 {
818 u8 rcon;
819 u8 sbox_key[4];
820 u8 rcon_table[12] = {
821 0x01, 0x02, 0x04, 0x08, 0x10, 0x20, 0x40, 0x80,
822 0x1b, 0x36, 0x36, 0x36
823 };
824
825 sbox_key[0] = sbox(key[13]);
826 sbox_key[1] = sbox(key[14]);
827 sbox_key[2] = sbox(key[15]);
828 sbox_key[3] = sbox(key[12]);
829
830 rcon = rcon_table[round];
831
832 xor_32(&key[0], sbox_key, &key[0]);
833 key[0] = key[0] ^ rcon;
834
835 xor_32(&key[4], &key[0], &key[4]);
836 xor_32(&key[8], &key[4], &key[8]);
837 xor_32(&key[12], &key[8], &key[12]);
838 }
839
840 static void byte_sub(u8 *in, u8 *out)
841 {
842 int i;
843 for (i = 0; i < 16; i++)
844 out[i] = sbox(in[i]);
845 }
846
847 static void shift_row(u8 *in, u8 *out)
848 {
849 out[0] = in[0];
850 out[1] = in[5];
851 out[2] = in[10];
852 out[3] = in[15];
853 out[4] = in[4];
854 out[5] = in[9];
855 out[6] = in[14];
856 out[7] = in[3];
857 out[8] = in[8];
858 out[9] = in[13];
859 out[10] = in[2];
860 out[11] = in[7];
861 out[12] = in[12];
862 out[13] = in[1];
863 out[14] = in[6];
864 out[15] = in[11];
865 }
866
867 static void mix_column(u8 *in, u8 *out)
868 {
869 int i;
870 u8 add1b[4];
871 u8 add1bf7[4];
872 u8 rotl[4];
873 u8 swap_halves[4];
874 u8 andf7[4];
875 u8 rotr[4];
876 u8 temp[4];
877 u8 tempb[4];
878
879 for (i = 0 ; i < 4; i++) {
880 if ((in[i] & 0x80) == 0x80)
881 add1b[i] = 0x1b;
882 else
883 add1b[i] = 0x00;
884 }
885
886 swap_halves[0] = in[2];
887 swap_halves[1] = in[3];
888 swap_halves[2] = in[0];
889 swap_halves[3] = in[1];
890
891 rotl[0] = in[3];
892 rotl[1] = in[0];
893 rotl[2] = in[1];
894 rotl[3] = in[2];
895
896 andf7[0] = in[0] & 0x7f;
897 andf7[1] = in[1] & 0x7f;
898 andf7[2] = in[2] & 0x7f;
899 andf7[3] = in[3] & 0x7f;
900
901 for (i = 3; i > 0; i--) {
902 andf7[i] = andf7[i] << 1;
903 if ((andf7[i-1] & 0x80) == 0x80)
904 andf7[i] = (andf7[i] | 0x01);
905 }
906 andf7[0] = andf7[0] << 1;
907 andf7[0] = andf7[0] & 0xfe;
908
909 xor_32(add1b, andf7, add1bf7);
910
911 xor_32(in, add1bf7, rotr);
912
913 temp[0] = rotr[0];
914 rotr[0] = rotr[1];
915 rotr[1] = rotr[2];
916 rotr[2] = rotr[3];
917 rotr[3] = temp[0];
918
919 xor_32(add1bf7, rotr, temp);
920 xor_32(swap_halves, rotl, tempb);
921 xor_32(temp, tempb, out);
922 }
923
924 static void aes128k128d(u8 *key, u8 *data, u8 *ciphertext)
925 {
926 int round;
927 int i;
928 u8 intermediatea[16];
929 u8 intermediateb[16];
930 u8 round_key[16];
931
932 for (i = 0; i < 16; i++)
933 round_key[i] = key[i];
934 for (round = 0; round < 11; round++) {
935 if (round == 0) {
936 xor_128(round_key, data, ciphertext);
937 next_key(round_key, round);
938 } else if (round == 10) {
939 byte_sub(ciphertext, intermediatea);
940 shift_row(intermediatea, intermediateb);
941 xor_128(intermediateb, round_key, ciphertext);
942 } else {
943 byte_sub(ciphertext, intermediatea);
944 shift_row(intermediatea, intermediateb);
945 mix_column(&intermediateb[0], &intermediatea[0]);
946 mix_column(&intermediateb[4], &intermediatea[4]);
947 mix_column(&intermediateb[8], &intermediatea[8]);
948 mix_column(&intermediateb[12], &intermediatea[12]);
949 xor_128(intermediatea, round_key, ciphertext);
950 next_key(round_key, round);
951 }
952 }
953 }
954
955
956
957
958
959 static void construct_mic_iv(u8 *mic_iv, int qc_exists, int a4_exists, u8 *mpdu,
960 uint payload_length, u8 *pn_vector)
961 {
962 int i;
963
964 mic_iv[0] = 0x59;
965 if (qc_exists && a4_exists)
966 mic_iv[1] = mpdu[30] & 0x0f;
967 if (qc_exists && !a4_exists)
968 mic_iv[1] = mpdu[24] & 0x0f;
969 if (!qc_exists)
970 mic_iv[1] = 0x00;
971 for (i = 2; i < 8; i++)
972 mic_iv[i] = mpdu[i + 8];
973 for (i = 8; i < 14; i++)
974 mic_iv[i] = pn_vector[13 - i];
975 mic_iv[14] = (unsigned char)(payload_length / 256);
976 mic_iv[15] = (unsigned char)(payload_length % 256);
977 }
978
979
980
981
982
983
984 static void construct_mic_header1(u8 *mic_header1, int header_length, u8 *mpdu)
985 {
986 mic_header1[0] = (u8)((header_length - 2) / 256);
987 mic_header1[1] = (u8)((header_length - 2) % 256);
988 mic_header1[2] = mpdu[0] & 0xcf;
989 mic_header1[3] = mpdu[1] & 0xc7;
990 mic_header1[4] = mpdu[4];
991 mic_header1[5] = mpdu[5];
992 mic_header1[6] = mpdu[6];
993 mic_header1[7] = mpdu[7];
994 mic_header1[8] = mpdu[8];
995 mic_header1[9] = mpdu[9];
996 mic_header1[10] = mpdu[10];
997 mic_header1[11] = mpdu[11];
998 mic_header1[12] = mpdu[12];
999 mic_header1[13] = mpdu[13];
1000 mic_header1[14] = mpdu[14];
1001 mic_header1[15] = mpdu[15];
1002 }
1003
1004
1005
1006
1007
1008
1009 static void construct_mic_header2(u8 *mic_header2, u8 *mpdu, int a4_exists, int qc_exists)
1010 {
1011 int i;
1012
1013 for (i = 0; i < 16; i++)
1014 mic_header2[i] = 0x00;
1015
1016 mic_header2[0] = mpdu[16];
1017 mic_header2[1] = mpdu[17];
1018 mic_header2[2] = mpdu[18];
1019 mic_header2[3] = mpdu[19];
1020 mic_header2[4] = mpdu[20];
1021 mic_header2[5] = mpdu[21];
1022
1023 mic_header2[6] = 0x00;
1024 mic_header2[7] = 0x00;
1025
1026 if (!qc_exists && a4_exists) {
1027 for (i = 0; i < 6; i++)
1028 mic_header2[8+i] = mpdu[24+i];
1029 }
1030
1031 if (qc_exists && !a4_exists) {
1032 mic_header2[8] = mpdu[24] & 0x0f;
1033 mic_header2[9] = mpdu[25] & 0x00;
1034 }
1035
1036 if (qc_exists && a4_exists) {
1037 for (i = 0; i < 6; i++)
1038 mic_header2[8+i] = mpdu[24+i];
1039
1040 mic_header2[14] = mpdu[30] & 0x0f;
1041 mic_header2[15] = mpdu[31] & 0x00;
1042 }
1043 }
1044
1045
1046
1047
1048
1049
1050 static void construct_ctr_preload(u8 *ctr_preload, int a4_exists, int qc_exists, u8 *mpdu, u8 *pn_vector, int c)
1051 {
1052 int i;
1053
1054 for (i = 0; i < 16; i++)
1055 ctr_preload[i] = 0x00;
1056 i = 0;
1057
1058 ctr_preload[0] = 0x01;
1059 if (qc_exists && a4_exists)
1060 ctr_preload[1] = mpdu[30] & 0x0f;
1061 if (qc_exists && !a4_exists)
1062 ctr_preload[1] = mpdu[24] & 0x0f;
1063
1064 for (i = 2; i < 8; i++)
1065 ctr_preload[i] = mpdu[i + 8];
1066 for (i = 8; i < 14; i++)
1067 ctr_preload[i] = pn_vector[13 - i];
1068 ctr_preload[14] = (unsigned char)(c / 256);
1069 ctr_preload[15] = (unsigned char)(c % 256);
1070 }
1071
1072
1073
1074
1075
1076 static void bitwise_xor(u8 *ina, u8 *inb, u8 *out)
1077 {
1078 int i;
1079
1080 for (i = 0; i < 16; i++)
1081 out[i] = ina[i] ^ inb[i];
1082 }
1083
1084 static int aes_cipher(u8 *key, uint hdrlen, u8 *pframe, uint plen)
1085 {
1086 uint qc_exists, a4_exists, i, j, payload_remainder,
1087 num_blocks, payload_index;
1088
1089 u8 pn_vector[6];
1090 u8 mic_iv[16];
1091 u8 mic_header1[16];
1092 u8 mic_header2[16];
1093 u8 ctr_preload[16];
1094
1095
1096 u8 chain_buffer[16];
1097 u8 aes_out[16];
1098 u8 padded_buffer[16];
1099 u8 mic[8];
1100 uint frtype = GetFrameType(pframe);
1101 uint frsubtype = GetFrameSubType(pframe);
1102
1103 frsubtype >>= 4;
1104
1105 memset(mic_iv, 0, 16);
1106 memset(mic_header1, 0, 16);
1107 memset(mic_header2, 0, 16);
1108 memset(ctr_preload, 0, 16);
1109 memset(chain_buffer, 0, 16);
1110 memset(aes_out, 0, 16);
1111 memset(padded_buffer, 0, 16);
1112
1113 if ((hdrlen == WLAN_HDR_A3_LEN) || (hdrlen == WLAN_HDR_A3_QOS_LEN))
1114 a4_exists = 0;
1115 else
1116 a4_exists = 1;
1117
1118 if ((frtype == WIFI_DATA_CFACK) || (frtype == WIFI_DATA_CFPOLL) || (frtype == WIFI_DATA_CFACKPOLL)) {
1119 qc_exists = 1;
1120 if (hdrlen != WLAN_HDR_A3_QOS_LEN)
1121 hdrlen += 2;
1122 } else if ((frsubtype == 0x08) || (frsubtype == 0x09) || (frsubtype == 0x0a) || (frsubtype == 0x0b)) {
1123 if (hdrlen != WLAN_HDR_A3_QOS_LEN)
1124 hdrlen += 2;
1125 qc_exists = 1;
1126 } else {
1127 qc_exists = 0;
1128 }
1129
1130 pn_vector[0] = pframe[hdrlen];
1131 pn_vector[1] = pframe[hdrlen+1];
1132 pn_vector[2] = pframe[hdrlen+4];
1133 pn_vector[3] = pframe[hdrlen+5];
1134 pn_vector[4] = pframe[hdrlen+6];
1135 pn_vector[5] = pframe[hdrlen+7];
1136
1137 construct_mic_iv(mic_iv, qc_exists, a4_exists, pframe, plen, pn_vector);
1138
1139 construct_mic_header1(mic_header1, hdrlen, pframe);
1140 construct_mic_header2(mic_header2, pframe, a4_exists, qc_exists);
1141
1142 payload_remainder = plen % 16;
1143 num_blocks = plen / 16;
1144
1145
1146 payload_index = hdrlen + 8;
1147
1148
1149 aes128k128d(key, mic_iv, aes_out);
1150 bitwise_xor(aes_out, mic_header1, chain_buffer);
1151 aes128k128d(key, chain_buffer, aes_out);
1152 bitwise_xor(aes_out, mic_header2, chain_buffer);
1153 aes128k128d(key, chain_buffer, aes_out);
1154
1155 for (i = 0; i < num_blocks; i++) {
1156 bitwise_xor(aes_out, &pframe[payload_index], chain_buffer);
1157
1158 payload_index += 16;
1159 aes128k128d(key, chain_buffer, aes_out);
1160 }
1161
1162
1163 if (payload_remainder > 0) {
1164 for (j = 0; j < 16; j++)
1165 padded_buffer[j] = 0x00;
1166 for (j = 0; j < payload_remainder; j++)
1167 padded_buffer[j] = pframe[payload_index++];
1168 bitwise_xor(aes_out, padded_buffer, chain_buffer);
1169 aes128k128d(key, chain_buffer, aes_out);
1170 }
1171
1172 for (j = 0; j < 8; j++)
1173 mic[j] = aes_out[j];
1174
1175
1176 for (j = 0; j < 8; j++)
1177 pframe[payload_index+j] = mic[j];
1178
1179 payload_index = hdrlen + 8;
1180 for (i = 0; i < num_blocks; i++) {
1181 construct_ctr_preload(ctr_preload, a4_exists, qc_exists, pframe, pn_vector, i+1);
1182 aes128k128d(key, ctr_preload, aes_out);
1183 bitwise_xor(aes_out, &pframe[payload_index], chain_buffer);
1184 for (j = 0; j < 16; j++)
1185 pframe[payload_index++] = chain_buffer[j];
1186 }
1187
1188 if (payload_remainder > 0) {
1189
1190 construct_ctr_preload(ctr_preload, a4_exists, qc_exists, pframe, pn_vector, num_blocks+1);
1191
1192 for (j = 0; j < 16; j++)
1193 padded_buffer[j] = 0x00;
1194 for (j = 0; j < payload_remainder; j++)
1195 padded_buffer[j] = pframe[payload_index+j];
1196 aes128k128d(key, ctr_preload, aes_out);
1197 bitwise_xor(aes_out, padded_buffer, chain_buffer);
1198 for (j = 0; j < payload_remainder; j++)
1199 pframe[payload_index++] = chain_buffer[j];
1200 }
1201
1202 construct_ctr_preload(ctr_preload, a4_exists, qc_exists, pframe, pn_vector, 0);
1203
1204 for (j = 0; j < 16; j++)
1205 padded_buffer[j] = 0x00;
1206 for (j = 0; j < 8; j++)
1207 padded_buffer[j] = pframe[j+hdrlen+8+plen];
1208
1209 aes128k128d(key, ctr_preload, aes_out);
1210 bitwise_xor(aes_out, padded_buffer, chain_buffer);
1211 for (j = 0; j < 8; j++)
1212 pframe[payload_index++] = chain_buffer[j];
1213 return _SUCCESS;
1214 }
1215
1216 u32 rtw_aes_encrypt(struct adapter *padapter, u8 *pxmitframe)
1217 {
1218
1219
1220
1221
1222
1223 int curfragnum, length;
1224 u8 *pframe, *prwskey;
1225 u8 hw_hdr_offset = 0;
1226 struct sta_info *stainfo;
1227 struct pkt_attrib *pattrib = &((struct xmit_frame *)pxmitframe)->attrib;
1228 struct security_priv *psecuritypriv = &padapter->securitypriv;
1229 struct xmit_priv *pxmitpriv = &padapter->xmitpriv;
1230
1231
1232 u32 res = _SUCCESS;
1233
1234 if (((struct xmit_frame *)pxmitframe)->buf_addr == NULL)
1235 return _FAIL;
1236
1237 hw_hdr_offset = TXDESC_SIZE +
1238 (((struct xmit_frame *)pxmitframe)->pkt_offset * PACKET_OFFSET_SZ);
1239
1240 pframe = ((struct xmit_frame *)pxmitframe)->buf_addr + hw_hdr_offset;
1241
1242
1243 if (pattrib->encrypt == _AES_) {
1244 if (pattrib->psta)
1245 stainfo = pattrib->psta;
1246 else
1247 stainfo = rtw_get_stainfo(&padapter->stapriv, &pattrib->ra[0]);
1248
1249 if (stainfo) {
1250 RT_TRACE(_module_rtl871x_security_c_, _drv_err_, ("%s: stainfo!= NULL!!!\n", __func__));
1251
1252 if (is_multicast_ether_addr(pattrib->ra))
1253 prwskey = psecuritypriv->dot118021XGrpKey[psecuritypriv->dot118021XGrpKeyid].skey;
1254 else
1255 prwskey = &stainfo->dot118021x_UncstKey.skey[0];
1256 for (curfragnum = 0; curfragnum < pattrib->nr_frags; curfragnum++) {
1257 if ((curfragnum+1) == pattrib->nr_frags) {
1258 length = pattrib->last_txcmdsz-pattrib->hdrlen-pattrib->iv_len-pattrib->icv_len;
1259
1260 aes_cipher(prwskey, pattrib->hdrlen, pframe, length);
1261 } else {
1262 length = pxmitpriv->frag_len-pattrib->hdrlen-pattrib->iv_len-pattrib->icv_len;
1263
1264 aes_cipher(prwskey, pattrib->hdrlen, pframe, length);
1265 pframe += pxmitpriv->frag_len;
1266 pframe = (u8 *)round_up((size_t)(pframe), 8);
1267 }
1268 }
1269 } else {
1270 RT_TRACE(_module_rtl871x_security_c_, _drv_err_, ("%s: stainfo==NULL!!!\n", __func__));
1271 res = _FAIL;
1272 }
1273 }
1274
1275 return res;
1276 }
1277
1278 u32 rtw_aes_decrypt(struct adapter *padapter, u8 *precvframe)
1279 {
1280 struct rx_pkt_attrib *prxattrib = &((struct recv_frame *)precvframe)->attrib;
1281 u32 res = _SUCCESS;
1282
1283
1284 if (prxattrib->encrypt == _AES_) {
1285 struct sta_info *stainfo = rtw_get_stainfo(&padapter->stapriv, &prxattrib->ta[0]);
1286
1287 if (stainfo != NULL) {
1288 int key_idx;
1289 const int key_length = 16, iv_len = 8, icv_len = 8;
1290 struct sk_buff *skb = ((struct recv_frame *)precvframe)->pkt;
1291 void *crypto_private = NULL;
1292 u8 *key, *pframe = skb->data;
1293 struct lib80211_crypto_ops *crypto_ops = lib80211_get_crypto_ops("CCMP");
1294 struct security_priv *psecuritypriv = &padapter->securitypriv;
1295 char iv[8], icv[8];
1296
1297 if (is_multicast_ether_addr(prxattrib->ra)) {
1298
1299 if (!psecuritypriv->binstallGrpkey) {
1300 res = _FAIL;
1301 DBG_88E("%s:rx bc/mc packets, but didn't install group key!!!!!!!!!!\n", __func__);
1302 goto exit;
1303 }
1304 key_idx = psecuritypriv->dot118021XGrpKeyid;
1305 key = psecuritypriv->dot118021XGrpKey[key_idx].skey;
1306 } else {
1307 key_idx = 0;
1308 key = stainfo->dot118021x_UncstKey.skey;
1309 }
1310
1311 if (!crypto_ops) {
1312 res = _FAIL;
1313 goto exit_lib80211_ccmp;
1314 }
1315
1316 memcpy(iv, pframe + prxattrib->hdrlen, iv_len);
1317 memcpy(icv, pframe + skb->len - icv_len, icv_len);
1318
1319 crypto_private = crypto_ops->init(key_idx);
1320 if (!crypto_private) {
1321 res = _FAIL;
1322 goto exit_lib80211_ccmp;
1323 }
1324 if (crypto_ops->set_key(key, key_length, NULL, crypto_private) < 0) {
1325 res = _FAIL;
1326 goto exit_lib80211_ccmp;
1327 }
1328 if (crypto_ops->decrypt_mpdu(skb, prxattrib->hdrlen, crypto_private)) {
1329 res = _FAIL;
1330 goto exit_lib80211_ccmp;
1331 }
1332
1333 memmove(pframe, pframe + iv_len, prxattrib->hdrlen);
1334 skb_push(skb, iv_len);
1335 skb_put(skb, icv_len);
1336
1337 memcpy(pframe + prxattrib->hdrlen, iv, iv_len);
1338 memcpy(pframe + skb->len - icv_len, icv, icv_len);
1339
1340 exit_lib80211_ccmp:
1341 if (crypto_ops && crypto_private)
1342 crypto_ops->deinit(crypto_private);
1343 } else {
1344 RT_TRACE(_module_rtl871x_security_c_, _drv_err_, ("rtw_aes_encrypt: stainfo==NULL!!!\n"));
1345 res = _FAIL;
1346 }
1347 }
1348 exit:
1349 return res;
1350 }
1351
1352
1353 const u32 Te0[256] = {
1354 0xc66363a5U, 0xf87c7c84U, 0xee777799U, 0xf67b7b8dU,
1355 0xfff2f20dU, 0xd66b6bbdU, 0xde6f6fb1U, 0x91c5c554U,
1356 0x60303050U, 0x02010103U, 0xce6767a9U, 0x562b2b7dU,
1357 0xe7fefe19U, 0xb5d7d762U, 0x4dababe6U, 0xec76769aU,
1358 0x8fcaca45U, 0x1f82829dU, 0x89c9c940U, 0xfa7d7d87U,
1359 0xeffafa15U, 0xb25959ebU, 0x8e4747c9U, 0xfbf0f00bU,
1360 0x41adadecU, 0xb3d4d467U, 0x5fa2a2fdU, 0x45afafeaU,
1361 0x239c9cbfU, 0x53a4a4f7U, 0xe4727296U, 0x9bc0c05bU,
1362 0x75b7b7c2U, 0xe1fdfd1cU, 0x3d9393aeU, 0x4c26266aU,
1363 0x6c36365aU, 0x7e3f3f41U, 0xf5f7f702U, 0x83cccc4fU,
1364 0x6834345cU, 0x51a5a5f4U, 0xd1e5e534U, 0xf9f1f108U,
1365 0xe2717193U, 0xabd8d873U, 0x62313153U, 0x2a15153fU,
1366 0x0804040cU, 0x95c7c752U, 0x46232365U, 0x9dc3c35eU,
1367 0x30181828U, 0x379696a1U, 0x0a05050fU, 0x2f9a9ab5U,
1368 0x0e070709U, 0x24121236U, 0x1b80809bU, 0xdfe2e23dU,
1369 0xcdebeb26U, 0x4e272769U, 0x7fb2b2cdU, 0xea75759fU,
1370 0x1209091bU, 0x1d83839eU, 0x582c2c74U, 0x341a1a2eU,
1371 0x361b1b2dU, 0xdc6e6eb2U, 0xb45a5aeeU, 0x5ba0a0fbU,
1372 0xa45252f6U, 0x763b3b4dU, 0xb7d6d661U, 0x7db3b3ceU,
1373 0x5229297bU, 0xdde3e33eU, 0x5e2f2f71U, 0x13848497U,
1374 0xa65353f5U, 0xb9d1d168U, 0x00000000U, 0xc1eded2cU,
1375 0x40202060U, 0xe3fcfc1fU, 0x79b1b1c8U, 0xb65b5bedU,
1376 0xd46a6abeU, 0x8dcbcb46U, 0x67bebed9U, 0x7239394bU,
1377 0x944a4adeU, 0x984c4cd4U, 0xb05858e8U, 0x85cfcf4aU,
1378 0xbbd0d06bU, 0xc5efef2aU, 0x4faaaae5U, 0xedfbfb16U,
1379 0x864343c5U, 0x9a4d4dd7U, 0x66333355U, 0x11858594U,
1380 0x8a4545cfU, 0xe9f9f910U, 0x04020206U, 0xfe7f7f81U,
1381 0xa05050f0U, 0x783c3c44U, 0x259f9fbaU, 0x4ba8a8e3U,
1382 0xa25151f3U, 0x5da3a3feU, 0x804040c0U, 0x058f8f8aU,
1383 0x3f9292adU, 0x219d9dbcU, 0x70383848U, 0xf1f5f504U,
1384 0x63bcbcdfU, 0x77b6b6c1U, 0xafdada75U, 0x42212163U,
1385 0x20101030U, 0xe5ffff1aU, 0xfdf3f30eU, 0xbfd2d26dU,
1386 0x81cdcd4cU, 0x180c0c14U, 0x26131335U, 0xc3ecec2fU,
1387 0xbe5f5fe1U, 0x359797a2U, 0x884444ccU, 0x2e171739U,
1388 0x93c4c457U, 0x55a7a7f2U, 0xfc7e7e82U, 0x7a3d3d47U,
1389 0xc86464acU, 0xba5d5de7U, 0x3219192bU, 0xe6737395U,
1390 0xc06060a0U, 0x19818198U, 0x9e4f4fd1U, 0xa3dcdc7fU,
1391 0x44222266U, 0x542a2a7eU, 0x3b9090abU, 0x0b888883U,
1392 0x8c4646caU, 0xc7eeee29U, 0x6bb8b8d3U, 0x2814143cU,
1393 0xa7dede79U, 0xbc5e5ee2U, 0x160b0b1dU, 0xaddbdb76U,
1394 0xdbe0e03bU, 0x64323256U, 0x743a3a4eU, 0x140a0a1eU,
1395 0x924949dbU, 0x0c06060aU, 0x4824246cU, 0xb85c5ce4U,
1396 0x9fc2c25dU, 0xbdd3d36eU, 0x43acacefU, 0xc46262a6U,
1397 0x399191a8U, 0x319595a4U, 0xd3e4e437U, 0xf279798bU,
1398 0xd5e7e732U, 0x8bc8c843U, 0x6e373759U, 0xda6d6db7U,
1399 0x018d8d8cU, 0xb1d5d564U, 0x9c4e4ed2U, 0x49a9a9e0U,
1400 0xd86c6cb4U, 0xac5656faU, 0xf3f4f407U, 0xcfeaea25U,
1401 0xca6565afU, 0xf47a7a8eU, 0x47aeaee9U, 0x10080818U,
1402 0x6fbabad5U, 0xf0787888U, 0x4a25256fU, 0x5c2e2e72U,
1403 0x381c1c24U, 0x57a6a6f1U, 0x73b4b4c7U, 0x97c6c651U,
1404 0xcbe8e823U, 0xa1dddd7cU, 0xe874749cU, 0x3e1f1f21U,
1405 0x964b4bddU, 0x61bdbddcU, 0x0d8b8b86U, 0x0f8a8a85U,
1406 0xe0707090U, 0x7c3e3e42U, 0x71b5b5c4U, 0xcc6666aaU,
1407 0x904848d8U, 0x06030305U, 0xf7f6f601U, 0x1c0e0e12U,
1408 0xc26161a3U, 0x6a35355fU, 0xae5757f9U, 0x69b9b9d0U,
1409 0x17868691U, 0x99c1c158U, 0x3a1d1d27U, 0x279e9eb9U,
1410 0xd9e1e138U, 0xebf8f813U, 0x2b9898b3U, 0x22111133U,
1411 0xd26969bbU, 0xa9d9d970U, 0x078e8e89U, 0x339494a7U,
1412 0x2d9b9bb6U, 0x3c1e1e22U, 0x15878792U, 0xc9e9e920U,
1413 0x87cece49U, 0xaa5555ffU, 0x50282878U, 0xa5dfdf7aU,
1414 0x038c8c8fU, 0x59a1a1f8U, 0x09898980U, 0x1a0d0d17U,
1415 0x65bfbfdaU, 0xd7e6e631U, 0x844242c6U, 0xd06868b8U,
1416 0x824141c3U, 0x299999b0U, 0x5a2d2d77U, 0x1e0f0f11U,
1417 0x7bb0b0cbU, 0xa85454fcU, 0x6dbbbbd6U, 0x2c16163aU,
1418 };
1419
1420 const u32 Td0[256] = {
1421 0x51f4a750U, 0x7e416553U, 0x1a17a4c3U, 0x3a275e96U,
1422 0x3bab6bcbU, 0x1f9d45f1U, 0xacfa58abU, 0x4be30393U,
1423 0x2030fa55U, 0xad766df6U, 0x88cc7691U, 0xf5024c25U,
1424 0x4fe5d7fcU, 0xc52acbd7U, 0x26354480U, 0xb562a38fU,
1425 0xdeb15a49U, 0x25ba1b67U, 0x45ea0e98U, 0x5dfec0e1U,
1426 0xc32f7502U, 0x814cf012U, 0x8d4697a3U, 0x6bd3f9c6U,
1427 0x038f5fe7U, 0x15929c95U, 0xbf6d7aebU, 0x955259daU,
1428 0xd4be832dU, 0x587421d3U, 0x49e06929U, 0x8ec9c844U,
1429 0x75c2896aU, 0xf48e7978U, 0x99583e6bU, 0x27b971ddU,
1430 0xbee14fb6U, 0xf088ad17U, 0xc920ac66U, 0x7dce3ab4U,
1431 0x63df4a18U, 0xe51a3182U, 0x97513360U, 0x62537f45U,
1432 0xb16477e0U, 0xbb6bae84U, 0xfe81a01cU, 0xf9082b94U,
1433 0x70486858U, 0x8f45fd19U, 0x94de6c87U, 0x527bf8b7U,
1434 0xab73d323U, 0x724b02e2U, 0xe31f8f57U, 0x6655ab2aU,
1435 0xb2eb2807U, 0x2fb5c203U, 0x86c57b9aU, 0xd33708a5U,
1436 0x302887f2U, 0x23bfa5b2U, 0x02036abaU, 0xed16825cU,
1437 0x8acf1c2bU, 0xa779b492U, 0xf307f2f0U, 0x4e69e2a1U,
1438 0x65daf4cdU, 0x0605bed5U, 0xd134621fU, 0xc4a6fe8aU,
1439 0x342e539dU, 0xa2f355a0U, 0x058ae132U, 0xa4f6eb75U,
1440 0x0b83ec39U, 0x4060efaaU, 0x5e719f06U, 0xbd6e1051U,
1441 0x3e218af9U, 0x96dd063dU, 0xdd3e05aeU, 0x4de6bd46U,
1442 0x91548db5U, 0x71c45d05U, 0x0406d46fU, 0x605015ffU,
1443 0x1998fb24U, 0xd6bde997U, 0x894043ccU, 0x67d99e77U,
1444 0xb0e842bdU, 0x07898b88U, 0xe7195b38U, 0x79c8eedbU,
1445 0xa17c0a47U, 0x7c420fe9U, 0xf8841ec9U, 0x00000000U,
1446 0x09808683U, 0x322bed48U, 0x1e1170acU, 0x6c5a724eU,
1447 0xfd0efffbU, 0x0f853856U, 0x3daed51eU, 0x362d3927U,
1448 0x0a0fd964U, 0x685ca621U, 0x9b5b54d1U, 0x24362e3aU,
1449 0x0c0a67b1U, 0x9357e70fU, 0xb4ee96d2U, 0x1b9b919eU,
1450 0x80c0c54fU, 0x61dc20a2U, 0x5a774b69U, 0x1c121a16U,
1451 0xe293ba0aU, 0xc0a02ae5U, 0x3c22e043U, 0x121b171dU,
1452 0x0e090d0bU, 0xf28bc7adU, 0x2db6a8b9U, 0x141ea9c8U,
1453 0x57f11985U, 0xaf75074cU, 0xee99ddbbU, 0xa37f60fdU,
1454 0xf701269fU, 0x5c72f5bcU, 0x44663bc5U, 0x5bfb7e34U,
1455 0x8b432976U, 0xcb23c6dcU, 0xb6edfc68U, 0xb8e4f163U,
1456 0xd731dccaU, 0x42638510U, 0x13972240U, 0x84c61120U,
1457 0x854a247dU, 0xd2bb3df8U, 0xaef93211U, 0xc729a16dU,
1458 0x1d9e2f4bU, 0xdcb230f3U, 0x0d8652ecU, 0x77c1e3d0U,
1459 0x2bb3166cU, 0xa970b999U, 0x119448faU, 0x47e96422U,
1460 0xa8fc8cc4U, 0xa0f03f1aU, 0x567d2cd8U, 0x223390efU,
1461 0x87494ec7U, 0xd938d1c1U, 0x8ccaa2feU, 0x98d40b36U,
1462 0xa6f581cfU, 0xa57ade28U, 0xdab78e26U, 0x3fadbfa4U,
1463 0x2c3a9de4U, 0x5078920dU, 0x6a5fcc9bU, 0x547e4662U,
1464 0xf68d13c2U, 0x90d8b8e8U, 0x2e39f75eU, 0x82c3aff5U,
1465 0x9f5d80beU, 0x69d0937cU, 0x6fd52da9U, 0xcf2512b3U,
1466 0xc8ac993bU, 0x10187da7U, 0xe89c636eU, 0xdb3bbb7bU,
1467 0xcd267809U, 0x6e5918f4U, 0xec9ab701U, 0x834f9aa8U,
1468 0xe6956e65U, 0xaaffe67eU, 0x21bccf08U, 0xef15e8e6U,
1469 0xbae79bd9U, 0x4a6f36ceU, 0xea9f09d4U, 0x29b07cd6U,
1470 0x31a4b2afU, 0x2a3f2331U, 0xc6a59430U, 0x35a266c0U,
1471 0x744ebc37U, 0xfc82caa6U, 0xe090d0b0U, 0x33a7d815U,
1472 0xf104984aU, 0x41ecdaf7U, 0x7fcd500eU, 0x1791f62fU,
1473 0x764dd68dU, 0x43efb04dU, 0xccaa4d54U, 0xe49604dfU,
1474 0x9ed1b5e3U, 0x4c6a881bU, 0xc12c1fb8U, 0x4665517fU,
1475 0x9d5eea04U, 0x018c355dU, 0xfa877473U, 0xfb0b412eU,
1476 0xb3671d5aU, 0x92dbd252U, 0xe9105633U, 0x6dd64713U,
1477 0x9ad7618cU, 0x37a10c7aU, 0x59f8148eU, 0xeb133c89U,
1478 0xcea927eeU, 0xb761c935U, 0xe11ce5edU, 0x7a47b13cU,
1479 0x9cd2df59U, 0x55f2733fU, 0x1814ce79U, 0x73c737bfU,
1480 0x53f7cdeaU, 0x5ffdaa5bU, 0xdf3d6f14U, 0x7844db86U,
1481 0xcaaff381U, 0xb968c43eU, 0x3824342cU, 0xc2a3405fU,
1482 0x161dc372U, 0xbce2250cU, 0x283c498bU, 0xff0d9541U,
1483 0x39a80171U, 0x080cb3deU, 0xd8b4e49cU, 0x6456c190U,
1484 0x7bcb8461U, 0xd532b670U, 0x486c5c74U, 0xd0b85742U,
1485 };
1486
1487 const u8 Td4s[256] = {
1488 0x52U, 0x09U, 0x6aU, 0xd5U, 0x30U, 0x36U, 0xa5U, 0x38U,
1489 0xbfU, 0x40U, 0xa3U, 0x9eU, 0x81U, 0xf3U, 0xd7U, 0xfbU,
1490 0x7cU, 0xe3U, 0x39U, 0x82U, 0x9bU, 0x2fU, 0xffU, 0x87U,
1491 0x34U, 0x8eU, 0x43U, 0x44U, 0xc4U, 0xdeU, 0xe9U, 0xcbU,
1492 0x54U, 0x7bU, 0x94U, 0x32U, 0xa6U, 0xc2U, 0x23U, 0x3dU,
1493 0xeeU, 0x4cU, 0x95U, 0x0bU, 0x42U, 0xfaU, 0xc3U, 0x4eU,
1494 0x08U, 0x2eU, 0xa1U, 0x66U, 0x28U, 0xd9U, 0x24U, 0xb2U,
1495 0x76U, 0x5bU, 0xa2U, 0x49U, 0x6dU, 0x8bU, 0xd1U, 0x25U,
1496 0x72U, 0xf8U, 0xf6U, 0x64U, 0x86U, 0x68U, 0x98U, 0x16U,
1497 0xd4U, 0xa4U, 0x5cU, 0xccU, 0x5dU, 0x65U, 0xb6U, 0x92U,
1498 0x6cU, 0x70U, 0x48U, 0x50U, 0xfdU, 0xedU, 0xb9U, 0xdaU,
1499 0x5eU, 0x15U, 0x46U, 0x57U, 0xa7U, 0x8dU, 0x9dU, 0x84U,
1500 0x90U, 0xd8U, 0xabU, 0x00U, 0x8cU, 0xbcU, 0xd3U, 0x0aU,
1501 0xf7U, 0xe4U, 0x58U, 0x05U, 0xb8U, 0xb3U, 0x45U, 0x06U,
1502 0xd0U, 0x2cU, 0x1eU, 0x8fU, 0xcaU, 0x3fU, 0x0fU, 0x02U,
1503 0xc1U, 0xafU, 0xbdU, 0x03U, 0x01U, 0x13U, 0x8aU, 0x6bU,
1504 0x3aU, 0x91U, 0x11U, 0x41U, 0x4fU, 0x67U, 0xdcU, 0xeaU,
1505 0x97U, 0xf2U, 0xcfU, 0xceU, 0xf0U, 0xb4U, 0xe6U, 0x73U,
1506 0x96U, 0xacU, 0x74U, 0x22U, 0xe7U, 0xadU, 0x35U, 0x85U,
1507 0xe2U, 0xf9U, 0x37U, 0xe8U, 0x1cU, 0x75U, 0xdfU, 0x6eU,
1508 0x47U, 0xf1U, 0x1aU, 0x71U, 0x1dU, 0x29U, 0xc5U, 0x89U,
1509 0x6fU, 0xb7U, 0x62U, 0x0eU, 0xaaU, 0x18U, 0xbeU, 0x1bU,
1510 0xfcU, 0x56U, 0x3eU, 0x4bU, 0xc6U, 0xd2U, 0x79U, 0x20U,
1511 0x9aU, 0xdbU, 0xc0U, 0xfeU, 0x78U, 0xcdU, 0x5aU, 0xf4U,
1512 0x1fU, 0xddU, 0xa8U, 0x33U, 0x88U, 0x07U, 0xc7U, 0x31U,
1513 0xb1U, 0x12U, 0x10U, 0x59U, 0x27U, 0x80U, 0xecU, 0x5fU,
1514 0x60U, 0x51U, 0x7fU, 0xa9U, 0x19U, 0xb5U, 0x4aU, 0x0dU,
1515 0x2dU, 0xe5U, 0x7aU, 0x9fU, 0x93U, 0xc9U, 0x9cU, 0xefU,
1516 0xa0U, 0xe0U, 0x3bU, 0x4dU, 0xaeU, 0x2aU, 0xf5U, 0xb0U,
1517 0xc8U, 0xebU, 0xbbU, 0x3cU, 0x83U, 0x53U, 0x99U, 0x61U,
1518 0x17U, 0x2bU, 0x04U, 0x7eU, 0xbaU, 0x77U, 0xd6U, 0x26U,
1519 0xe1U, 0x69U, 0x14U, 0x63U, 0x55U, 0x21U, 0x0cU, 0x7dU,
1520 };
1521 const u8 rcons[] = {
1522 0x01, 0x02, 0x04, 0x08, 0x10, 0x20, 0x40, 0x80, 0x1B, 0x36
1523
1524 };
1525
1526
1527
1528
1529
1530
1531 #define ROUND(i, d, s) \
1532 do { \
1533 d##0 = TE0(s##0) ^ TE1(s##1) ^ TE2(s##2) ^ TE3(s##3) ^ rk[4 * i]; \
1534 d##1 = TE0(s##1) ^ TE1(s##2) ^ TE2(s##3) ^ TE3(s##0) ^ rk[4 * i + 1]; \
1535 d##2 = TE0(s##2) ^ TE1(s##3) ^ TE2(s##0) ^ TE3(s##1) ^ rk[4 * i + 2]; \
1536 d##3 = TE0(s##3) ^ TE1(s##0) ^ TE2(s##1) ^ TE3(s##2) ^ rk[4 * i + 3]; \
1537 } while (0)