root/drivers/staging/rtl8188eu/core/rtw_security.c

/* [<][>][^][v][top][bottom][index][help] */

DEFINITIONS

This source file includes following definitions.
  1. arcfour_init
  2. arcfour_byte
  3. arcfour_encrypt
  4. crc32_reverseBit
  5. crc32_init
  6. getcrc32
  7. rtw_wep_encrypt
  8. rtw_wep_decrypt
  9. secmicgetuint32
  10. secmicputuint32
  11. secmicclear
  12. rtw_secmicsetkey
  13. rtw_secmicappendbyte
  14. rtw_secmicappend
  15. rtw_secgetmic
  16. rtw_seccalctkipmic
  17. phase1
  18. phase2
  19. rtw_tkip_encrypt
  20. rtw_tkip_decrypt
  21. xor_128
  22. xor_32
  23. sbox
  24. next_key
  25. byte_sub
  26. shift_row
  27. mix_column
  28. aes128k128d
  29. construct_mic_iv
  30. construct_mic_header1
  31. construct_mic_header2
  32. construct_ctr_preload
  33. bitwise_xor
  34. aes_cipher
  35. rtw_aes_encrypt
  36. rtw_aes_decrypt

   1 // SPDX-License-Identifier: GPL-2.0
   2 /******************************************************************************
   3  *
   4  * Copyright(c) 2007 - 2011 Realtek Corporation. All rights reserved.
   5  *
   6  ******************************************************************************/
   7 #define  _RTW_SECURITY_C_
   8 
   9 #include <osdep_service.h>
  10 #include <drv_types.h>
  11 #include <wifi.h>
  12 #include <osdep_intf.h>
  13 #include <net/lib80211.h>
  14 
  15 /* WEP related ===== */
  16 
  17 #define CRC32_POLY 0x04c11db7
  18 
  19 struct arc4context {
  20         u32 x;
  21         u32 y;
  22         u8 state[256];
  23 };
  24 
  25 static void arcfour_init(struct arc4context *parc4ctx, u8 *key, u32     key_len)
  26 {
  27         u32     t, u;
  28         u32     keyindex;
  29         u32     stateindex;
  30         u8 *state;
  31         u32     counter;
  32 
  33         state = parc4ctx->state;
  34         parc4ctx->x = 0;
  35         parc4ctx->y = 0;
  36         for (counter = 0; counter < 256; counter++)
  37                 state[counter] = (u8)counter;
  38         keyindex = 0;
  39         stateindex = 0;
  40         for (counter = 0; counter < 256; counter++) {
  41                 t = state[counter];
  42                 stateindex = (stateindex + key[keyindex] + t) & 0xff;
  43                 u = state[stateindex];
  44                 state[stateindex] = (u8)t;
  45                 state[counter] = (u8)u;
  46                 if (++keyindex >= key_len)
  47                         keyindex = 0;
  48         }
  49 }
  50 
  51 static u32 arcfour_byte(struct arc4context *parc4ctx)
  52 {
  53         u32 x;
  54         u32 y;
  55         u32 sx, sy;
  56         u8 *state;
  57 
  58         state = parc4ctx->state;
  59         x = (parc4ctx->x + 1) & 0xff;
  60         sx = state[x];
  61         y = (sx + parc4ctx->y) & 0xff;
  62         sy = state[y];
  63         parc4ctx->x = x;
  64         parc4ctx->y = y;
  65         state[y] = (u8)sx;
  66         state[x] = (u8)sy;
  67         return state[(sx + sy) & 0xff];
  68 }
  69 
  70 static void arcfour_encrypt(struct arc4context *parc4ctx, u8 *dest, u8 *src, u32 len)
  71 {
  72         u32     i;
  73 
  74         for (i = 0; i < len; i++)
  75                 dest[i] = src[i] ^ (unsigned char)arcfour_byte(parc4ctx);
  76 }
  77 
  78 static int bcrc32initialized;
  79 static u32 crc32_table[256];
  80 
  81 static u8 crc32_reverseBit(u8 data)
  82 {
  83         return (u8)((data<<7)&0x80) | ((data<<5)&0x40) | ((data<<3)&0x20) |
  84                    ((data<<1)&0x10) | ((data>>1)&0x08) | ((data>>3)&0x04) |
  85                    ((data>>5)&0x02) | ((data>>7)&0x01);
  86 }
  87 
  88 static void crc32_init(void)
  89 {
  90         int i, j;
  91         u32 c;
  92         u8 *p = (u8 *)&c, *p1;
  93         u8 k;
  94 
  95         if (bcrc32initialized == 1)
  96                 return;
  97 
  98         c = 0x12340000;
  99 
 100         for (i = 0; i < 256; ++i) {
 101                 k = crc32_reverseBit((u8)i);
 102                 for (c = ((u32)k) << 24, j = 8; j > 0; --j)
 103                         c = c & 0x80000000 ? (c << 1) ^ CRC32_POLY : (c << 1);
 104                 p1 = (u8 *)&crc32_table[i];
 105 
 106                 p1[0] = crc32_reverseBit(p[3]);
 107                 p1[1] = crc32_reverseBit(p[2]);
 108                 p1[2] = crc32_reverseBit(p[1]);
 109                 p1[3] = crc32_reverseBit(p[0]);
 110         }
 111         bcrc32initialized = 1;
 112 }
 113 
 114 static __le32 getcrc32(u8 *buf, int len)
 115 {
 116         u8 *p;
 117         u32  crc;
 118 
 119         if (bcrc32initialized == 0)
 120                 crc32_init();
 121 
 122         crc = 0xffffffff;       /* preload shift register, per CRC-32 spec */
 123 
 124         for (p = buf; len > 0; ++p, --len)
 125                 crc = crc32_table[(crc ^ *p) & 0xff] ^ (crc >> 8);
 126         return cpu_to_le32(~crc);    /* transmit complement, per CRC-32 spec */
 127 }
 128 
 129 /*
 130         Need to consider the fragment  situation
 131 */
 132 void rtw_wep_encrypt(struct adapter *padapter, u8 *pxmitframe)
 133 {
 134         int     curfragnum, length;
 135         u8 *pframe;
 136         u8 hw_hdr_offset = 0;
 137         struct  pkt_attrib       *pattrib = &((struct xmit_frame *)pxmitframe)->attrib;
 138         struct  security_priv   *psecuritypriv = &padapter->securitypriv;
 139         struct  xmit_priv               *pxmitpriv = &padapter->xmitpriv;
 140         const int keyindex = psecuritypriv->dot11PrivacyKeyIndex;
 141         void *crypto_private;
 142         struct sk_buff *skb;
 143         struct lib80211_crypto_ops *crypto_ops;
 144 
 145         if (((struct xmit_frame *)pxmitframe)->buf_addr == NULL)
 146                 return;
 147 
 148         if ((pattrib->encrypt != _WEP40_) && (pattrib->encrypt != _WEP104_))
 149                 return;
 150 
 151         hw_hdr_offset = TXDESC_SIZE +
 152                  (((struct xmit_frame *)pxmitframe)->pkt_offset * PACKET_OFFSET_SZ);
 153 
 154         pframe = ((struct xmit_frame *)pxmitframe)->buf_addr + hw_hdr_offset;
 155 
 156         crypto_ops = lib80211_get_crypto_ops("WEP");
 157 
 158         if (!crypto_ops)
 159                 return;
 160 
 161         crypto_private = crypto_ops->init(keyindex);
 162         if (!crypto_private)
 163                 return;
 164 
 165         if (crypto_ops->set_key(psecuritypriv->dot11DefKey[keyindex].skey,
 166                                 psecuritypriv->dot11DefKeylen[keyindex], NULL, crypto_private) < 0)
 167                 goto free_crypto_private;
 168 
 169         for (curfragnum = 0; curfragnum < pattrib->nr_frags; curfragnum++) {
 170                 if (curfragnum + 1 == pattrib->nr_frags)
 171                         length = pattrib->last_txcmdsz;
 172                 else
 173                         length = pxmitpriv->frag_len;
 174                 skb = dev_alloc_skb(length);
 175                 if (!skb)
 176                         goto free_crypto_private;
 177 
 178                 skb_put_data(skb, pframe, length);
 179 
 180                 memmove(skb->data + 4, skb->data, pattrib->hdrlen);
 181                 skb_pull(skb, 4);
 182                 skb_trim(skb, skb->len - 4);
 183 
 184                 if (crypto_ops->encrypt_mpdu(skb, pattrib->hdrlen, crypto_private)) {
 185                         kfree_skb(skb);
 186                         goto free_crypto_private;
 187                 }
 188 
 189                 memcpy(pframe, skb->data, skb->len);
 190 
 191                 pframe += skb->len;
 192                 pframe = (u8 *)round_up((size_t)(pframe), 4);
 193 
 194                 kfree_skb(skb);
 195         }
 196 
 197 free_crypto_private:
 198         crypto_ops->deinit(crypto_private);
 199 }
 200 
 201 int rtw_wep_decrypt(struct adapter  *padapter, u8 *precvframe)
 202 {
 203         struct  rx_pkt_attrib    *prxattrib = &(((struct recv_frame *)precvframe)->attrib);
 204 
 205         if ((prxattrib->encrypt == _WEP40_) || (prxattrib->encrypt == _WEP104_)) {
 206                 struct  security_priv   *psecuritypriv = &padapter->securitypriv;
 207                 struct sk_buff *skb = ((struct recv_frame *)precvframe)->pkt;
 208                 u8 *pframe = skb->data;
 209                 void *crypto_private = NULL;
 210                 int status = _SUCCESS;
 211                 const int keyindex = prxattrib->key_index;
 212                 struct lib80211_crypto_ops *crypto_ops = lib80211_get_crypto_ops("WEP");
 213                 char iv[4], icv[4];
 214 
 215                 if (!crypto_ops) {
 216                         status = _FAIL;
 217                         goto exit;
 218                 }
 219 
 220                 memcpy(iv, pframe + prxattrib->hdrlen, 4);
 221                 memcpy(icv, pframe + skb->len - 4, 4);
 222 
 223                 crypto_private = crypto_ops->init(keyindex);
 224                 if (!crypto_private) {
 225                         status = _FAIL;
 226                         goto exit;
 227                 }
 228                 if (crypto_ops->set_key(psecuritypriv->dot11DefKey[keyindex].skey,
 229                                         psecuritypriv->dot11DefKeylen[keyindex], NULL, crypto_private) < 0) {
 230                         status = _FAIL;
 231                         goto exit;
 232                 }
 233                 if (crypto_ops->decrypt_mpdu(skb, prxattrib->hdrlen, crypto_private)) {
 234                         status = _FAIL;
 235                         goto exit;
 236                 }
 237 
 238                 memmove(pframe, pframe + 4, prxattrib->hdrlen);
 239                 skb_push(skb, 4);
 240                 skb_put(skb, 4);
 241 
 242                 memcpy(pframe + prxattrib->hdrlen, iv, 4);
 243                 memcpy(pframe + skb->len - 4, icv, 4);
 244 
 245 exit:
 246                 if (crypto_ops && crypto_private)
 247                         crypto_ops->deinit(crypto_private);
 248                 return status;
 249         }
 250 
 251         return _FAIL;
 252 }
 253 
 254 /* 3            ===== TKIP related ===== */
 255 
 256 static u32 secmicgetuint32(u8 *p)
 257 /*  Convert from Byte[] to Us3232 in a portable way */
 258 {
 259         s32 i;
 260         u32 res = 0;
 261 
 262         for (i = 0; i < 4; i++)
 263                 res |= ((u32)(*p++)) << (8*i);
 264         return res;
 265 }
 266 
 267 static void secmicputuint32(u8 *p, u32 val)
 268 /*  Convert from Us3232 to Byte[] in a portable way */
 269 {
 270         long i;
 271 
 272         for (i = 0; i < 4; i++) {
 273                 *p++ = (u8)(val & 0xff);
 274                 val >>= 8;
 275         }
 276 }
 277 
 278 static void secmicclear(struct mic_data *pmicdata)
 279 {
 280 /*  Reset the state to the empty message. */
 281         pmicdata->L = pmicdata->K0;
 282         pmicdata->R = pmicdata->K1;
 283         pmicdata->nBytesInM = 0;
 284         pmicdata->M = 0;
 285 }
 286 
 287 void rtw_secmicsetkey(struct mic_data *pmicdata, u8 *key)
 288 {
 289         /*  Set the key */
 290         pmicdata->K0 = secmicgetuint32(key);
 291         pmicdata->K1 = secmicgetuint32(key + 4);
 292         /*  and reset the message */
 293         secmicclear(pmicdata);
 294 }
 295 
 296 void rtw_secmicappendbyte(struct mic_data *pmicdata, u8 b)
 297 {
 298         /*  Append the byte to our word-sized buffer */
 299         pmicdata->M |= ((unsigned long)b) << (8*pmicdata->nBytesInM);
 300         pmicdata->nBytesInM++;
 301         /*  Process the word if it is full. */
 302         if (pmicdata->nBytesInM >= 4) {
 303                 pmicdata->L ^= pmicdata->M;
 304                 pmicdata->R ^= ROL32(pmicdata->L, 17);
 305                 pmicdata->L += pmicdata->R;
 306                 pmicdata->R ^= ((pmicdata->L & 0xff00ff00) >> 8) | ((pmicdata->L & 0x00ff00ff) << 8);
 307                 pmicdata->L += pmicdata->R;
 308                 pmicdata->R ^= ROL32(pmicdata->L, 3);
 309                 pmicdata->L += pmicdata->R;
 310                 pmicdata->R ^= ROR32(pmicdata->L, 2);
 311                 pmicdata->L += pmicdata->R;
 312                 /*  Clear the buffer */
 313                 pmicdata->M = 0;
 314                 pmicdata->nBytesInM = 0;
 315         }
 316 }
 317 
 318 void rtw_secmicappend(struct mic_data *pmicdata, u8 *src, u32 nbytes)
 319 {
 320         /*  This is simple */
 321         while (nbytes > 0) {
 322                 rtw_secmicappendbyte(pmicdata, *src++);
 323                 nbytes--;
 324         }
 325 }
 326 
 327 void rtw_secgetmic(struct mic_data *pmicdata, u8 *dst)
 328 {
 329         /*  Append the minimum padding */
 330         rtw_secmicappendbyte(pmicdata, 0x5a);
 331         rtw_secmicappendbyte(pmicdata, 0);
 332         rtw_secmicappendbyte(pmicdata, 0);
 333         rtw_secmicappendbyte(pmicdata, 0);
 334         rtw_secmicappendbyte(pmicdata, 0);
 335         /*  and then zeroes until the length is a multiple of 4 */
 336         while (pmicdata->nBytesInM != 0)
 337                 rtw_secmicappendbyte(pmicdata, 0);
 338         /*  The appendByte function has already computed the result. */
 339         secmicputuint32(dst, pmicdata->L);
 340         secmicputuint32(dst+4, pmicdata->R);
 341         /*  Reset to the empty message. */
 342         secmicclear(pmicdata);
 343 }
 344 
 345 void rtw_seccalctkipmic(u8 *key, u8 *header, u8 *data, u32 data_len, u8 *mic_code, u8 pri)
 346 {
 347         struct mic_data micdata;
 348         u8 priority[4] = {0x0, 0x0, 0x0, 0x0};
 349 
 350         rtw_secmicsetkey(&micdata, key);
 351         priority[0] = pri;
 352 
 353         /* Michael MIC pseudo header: DA, SA, 3 x 0, Priority */
 354         if (header[1]&1) {   /* ToDS == 1 */
 355                 rtw_secmicappend(&micdata, &header[16], 6);  /* DA */
 356                 if (header[1]&2)  /* From Ds == 1 */
 357                         rtw_secmicappend(&micdata, &header[24], 6);
 358                 else
 359                         rtw_secmicappend(&micdata, &header[10], 6);
 360         } else {        /* ToDS == 0 */
 361                 rtw_secmicappend(&micdata, &header[4], 6);   /* DA */
 362                 if (header[1]&2)  /* From Ds == 1 */
 363                         rtw_secmicappend(&micdata, &header[16], 6);
 364                 else
 365                         rtw_secmicappend(&micdata, &header[10], 6);
 366         }
 367         rtw_secmicappend(&micdata, &priority[0], 4);
 368 
 369         rtw_secmicappend(&micdata, data, data_len);
 370 
 371         rtw_secgetmic(&micdata, mic_code);
 372 }
 373 
 374 
 375 
 376 /* macros for extraction/creation of unsigned char/unsigned short values  */
 377 #define RotR1(v16)   ((((v16) >> 1) & 0x7FFF) ^ (((v16) & 1) << 15))
 378 #define   Lo8(v16)   ((u8)((v16)       & 0x00FF))
 379 #define   Hi8(v16)   ((u8)(((v16) >> 8) & 0x00FF))
 380 #define  Lo16(v32)   ((u16)((v32)       & 0xFFFF))
 381 #define  Hi16(v32)   ((u16)(((v32) >> 16) & 0xFFFF))
 382 #define  Mk16(hi, lo) ((lo) ^ (((u16)(hi)) << 8))
 383 
 384 /* select the Nth 16-bit word of the temporal key unsigned char array TK[]   */
 385 #define  TK16(N)     Mk16(tk[2*(N)+1], tk[2*(N)])
 386 
 387 /* S-box lookup: 16 bits --> 16 bits */
 388 #define _S_(v16)     (Sbox1[0][Lo8(v16)] ^ Sbox1[1][Hi8(v16)])
 389 
 390 /* fixed algorithm "parameters" */
 391 #define PHASE1_LOOP_CNT   8    /* this needs to be "big enough"     */
 392 #define TA_SIZE    6    /*  48-bit transmitter address       */
 393 #define TK_SIZE   16    /* 128-bit temporal key       */
 394 #define P1K_SIZE         10    /*  80-bit Phase1 key            */
 395 #define RC4_KEY_SIZE     16    /* 128-bit RC4KEY (104 bits unknown) */
 396 
 397 /* 2-unsigned char by 2-unsigned char subset of the full AES S-box table */
 398 static const unsigned short Sbox1[2][256] = {  /* Sbox for hash (can be in ROM)     */
 399 {
 400         0xC6A5, 0xF884, 0xEE99, 0xF68D, 0xFF0D, 0xD6BD, 0xDEB1, 0x9154,
 401         0x6050, 0x0203, 0xCEA9, 0x567D, 0xE719, 0xB562, 0x4DE6, 0xEC9A,
 402         0x8F45, 0x1F9D, 0x8940, 0xFA87, 0xEF15, 0xB2EB, 0x8EC9, 0xFB0B,
 403         0x41EC, 0xB367, 0x5FFD, 0x45EA, 0x23BF, 0x53F7, 0xE496, 0x9B5B,
 404         0x75C2, 0xE11C, 0x3DAE, 0x4C6A, 0x6C5A, 0x7E41, 0xF502, 0x834F,
 405         0x685C, 0x51F4, 0xD134, 0xF908, 0xE293, 0xAB73, 0x6253, 0x2A3F,
 406         0x080C, 0x9552, 0x4665, 0x9D5E, 0x3028, 0x37A1, 0x0A0F, 0x2FB5,
 407         0x0E09, 0x2436, 0x1B9B, 0xDF3D, 0xCD26, 0x4E69, 0x7FCD, 0xEA9F,
 408         0x121B, 0x1D9E, 0x5874, 0x342E, 0x362D, 0xDCB2, 0xB4EE, 0x5BFB,
 409         0xA4F6, 0x764D, 0xB761, 0x7DCE, 0x527B, 0xDD3E, 0x5E71, 0x1397,
 410         0xA6F5, 0xB968, 0x0000, 0xC12C, 0x4060, 0xE31F, 0x79C8, 0xB6ED,
 411         0xD4BE, 0x8D46, 0x67D9, 0x724B, 0x94DE, 0x98D4, 0xB0E8, 0x854A,
 412         0xBB6B, 0xC52A, 0x4FE5, 0xED16, 0x86C5, 0x9AD7, 0x6655, 0x1194,
 413         0x8ACF, 0xE910, 0x0406, 0xFE81, 0xA0F0, 0x7844, 0x25BA, 0x4BE3,
 414         0xA2F3, 0x5DFE, 0x80C0, 0x058A, 0x3FAD, 0x21BC, 0x7048, 0xF104,
 415         0x63DF, 0x77C1, 0xAF75, 0x4263, 0x2030, 0xE51A, 0xFD0E, 0xBF6D,
 416         0x814C, 0x1814, 0x2635, 0xC32F, 0xBEE1, 0x35A2, 0x88CC, 0x2E39,
 417         0x9357, 0x55F2, 0xFC82, 0x7A47, 0xC8AC, 0xBAE7, 0x322B, 0xE695,
 418         0xC0A0, 0x1998, 0x9ED1, 0xA37F, 0x4466, 0x547E, 0x3BAB, 0x0B83,
 419         0x8CCA, 0xC729, 0x6BD3, 0x283C, 0xA779, 0xBCE2, 0x161D, 0xAD76,
 420         0xDB3B, 0x6456, 0x744E, 0x141E, 0x92DB, 0x0C0A, 0x486C, 0xB8E4,
 421         0x9F5D, 0xBD6E, 0x43EF, 0xC4A6, 0x39A8, 0x31A4, 0xD337, 0xF28B,
 422         0xD532, 0x8B43, 0x6E59, 0xDAB7, 0x018C, 0xB164, 0x9CD2, 0x49E0,
 423         0xD8B4, 0xACFA, 0xF307, 0xCF25, 0xCAAF, 0xF48E, 0x47E9, 0x1018,
 424         0x6FD5, 0xF088, 0x4A6F, 0x5C72, 0x3824, 0x57F1, 0x73C7, 0x9751,
 425         0xCB23, 0xA17C, 0xE89C, 0x3E21, 0x96DD, 0x61DC, 0x0D86, 0x0F85,
 426         0xE090, 0x7C42, 0x71C4, 0xCCAA, 0x90D8, 0x0605, 0xF701, 0x1C12,
 427         0xC2A3, 0x6A5F, 0xAEF9, 0x69D0, 0x1791, 0x9958, 0x3A27, 0x27B9,
 428         0xD938, 0xEB13, 0x2BB3, 0x2233, 0xD2BB, 0xA970, 0x0789, 0x33A7,
 429         0x2DB6, 0x3C22, 0x1592, 0xC920, 0x8749, 0xAAFF, 0x5078, 0xA57A,
 430         0x038F, 0x59F8, 0x0980, 0x1A17, 0x65DA, 0xD731, 0x84C6, 0xD0B8,
 431         0x82C3, 0x29B0, 0x5A77, 0x1E11, 0x7BCB, 0xA8FC, 0x6DD6, 0x2C3A,
 432   },
 433 
 434   {  /* second half of table is unsigned char-reversed version of first! */
 435         0xA5C6, 0x84F8, 0x99EE, 0x8DF6, 0x0DFF, 0xBDD6, 0xB1DE, 0x5491,
 436         0x5060, 0x0302, 0xA9CE, 0x7D56, 0x19E7, 0x62B5, 0xE64D, 0x9AEC,
 437         0x458F, 0x9D1F, 0x4089, 0x87FA, 0x15EF, 0xEBB2, 0xC98E, 0x0BFB,
 438         0xEC41, 0x67B3, 0xFD5F, 0xEA45, 0xBF23, 0xF753, 0x96E4, 0x5B9B,
 439         0xC275, 0x1CE1, 0xAE3D, 0x6A4C, 0x5A6C, 0x417E, 0x02F5, 0x4F83,
 440         0x5C68, 0xF451, 0x34D1, 0x08F9, 0x93E2, 0x73AB, 0x5362, 0x3F2A,
 441         0x0C08, 0x5295, 0x6546, 0x5E9D, 0x2830, 0xA137, 0x0F0A, 0xB52F,
 442         0x090E, 0x3624, 0x9B1B, 0x3DDF, 0x26CD, 0x694E, 0xCD7F, 0x9FEA,
 443         0x1B12, 0x9E1D, 0x7458, 0x2E34, 0x2D36, 0xB2DC, 0xEEB4, 0xFB5B,
 444         0xF6A4, 0x4D76, 0x61B7, 0xCE7D, 0x7B52, 0x3EDD, 0x715E, 0x9713,
 445         0xF5A6, 0x68B9, 0x0000, 0x2CC1, 0x6040, 0x1FE3, 0xC879, 0xEDB6,
 446         0xBED4, 0x468D, 0xD967, 0x4B72, 0xDE94, 0xD498, 0xE8B0, 0x4A85,
 447         0x6BBB, 0x2AC5, 0xE54F, 0x16ED, 0xC586, 0xD79A, 0x5566, 0x9411,
 448         0xCF8A, 0x10E9, 0x0604, 0x81FE, 0xF0A0, 0x4478, 0xBA25, 0xE34B,
 449         0xF3A2, 0xFE5D, 0xC080, 0x8A05, 0xAD3F, 0xBC21, 0x4870, 0x04F1,
 450         0xDF63, 0xC177, 0x75AF, 0x6342, 0x3020, 0x1AE5, 0x0EFD, 0x6DBF,
 451         0x4C81, 0x1418, 0x3526, 0x2FC3, 0xE1BE, 0xA235, 0xCC88, 0x392E,
 452         0x5793, 0xF255, 0x82FC, 0x477A, 0xACC8, 0xE7BA, 0x2B32, 0x95E6,
 453         0xA0C0, 0x9819, 0xD19E, 0x7FA3, 0x6644, 0x7E54, 0xAB3B, 0x830B,
 454         0xCA8C, 0x29C7, 0xD36B, 0x3C28, 0x79A7, 0xE2BC, 0x1D16, 0x76AD,
 455         0x3BDB, 0x5664, 0x4E74, 0x1E14, 0xDB92, 0x0A0C, 0x6C48, 0xE4B8,
 456         0x5D9F, 0x6EBD, 0xEF43, 0xA6C4, 0xA839, 0xA431, 0x37D3, 0x8BF2,
 457         0x32D5, 0x438B, 0x596E, 0xB7DA, 0x8C01, 0x64B1, 0xD29C, 0xE049,
 458         0xB4D8, 0xFAAC, 0x07F3, 0x25CF, 0xAFCA, 0x8EF4, 0xE947, 0x1810,
 459         0xD56F, 0x88F0, 0x6F4A, 0x725C, 0x2438, 0xF157, 0xC773, 0x5197,
 460         0x23CB, 0x7CA1, 0x9CE8, 0x213E, 0xDD96, 0xDC61, 0x860D, 0x850F,
 461         0x90E0, 0x427C, 0xC471, 0xAACC, 0xD890, 0x0506, 0x01F7, 0x121C,
 462         0xA3C2, 0x5F6A, 0xF9AE, 0xD069, 0x9117, 0x5899, 0x273A, 0xB927,
 463         0x38D9, 0x13EB, 0xB32B, 0x3322, 0xBBD2, 0x70A9, 0x8907, 0xA733,
 464         0xB62D, 0x223C, 0x9215, 0x20C9, 0x4987, 0xFFAA, 0x7850, 0x7AA5,
 465         0x8F03, 0xF859, 0x8009, 0x171A, 0xDA65, 0x31D7, 0xC684, 0xB8D0,
 466         0xC382, 0xB029, 0x775A, 0x111E, 0xCB7B, 0xFCA8, 0xD66D, 0x3A2C,
 467   }
 468 };
 469 
 470  /*
 471 **********************************************************************
 472 * Routine: Phase 1 -- generate P1K, given TA, TK, IV32
 473 *
 474 * Inputs:
 475 *     tk[]      = temporal key                   [128 bits]
 476 *     ta[]      = transmitter's MAC address         [ 48 bits]
 477 *     iv32      = upper 32 bits of IV             [ 32 bits]
 478 * Output:
 479 *     p1k[]     = Phase 1 key                     [ 80 bits]
 480 *
 481 * Note:
 482 *     This function only needs to be called every 2**16 packets,
 483 *     although in theory it could be called every packet.
 484 *
 485 **********************************************************************
 486 */
 487 static void phase1(u16 *p1k, const u8 *tk, const u8 *ta, u32 iv32)
 488 {
 489         int  i;
 490         /* Initialize the 80 bits of P1K[] from IV32 and TA[0..5]     */
 491         p1k[0]      = Lo16(iv32);
 492         p1k[1]      = Hi16(iv32);
 493         p1k[2]      = Mk16(ta[1], ta[0]); /* use TA[] as little-endian */
 494         p1k[3]      = Mk16(ta[3], ta[2]);
 495         p1k[4]      = Mk16(ta[5], ta[4]);
 496 
 497         /* Now compute an unbalanced Feistel cipher with 80-bit block */
 498         /* size on the 80-bit block P1K[], using the 128-bit key TK[] */
 499         for (i = 0; i < PHASE1_LOOP_CNT; i++) { /* Each add operation here is mod 2**16 */
 500                 p1k[0] += _S_(p1k[4] ^ TK16((i&1)+0));
 501                 p1k[1] += _S_(p1k[0] ^ TK16((i&1)+2));
 502                 p1k[2] += _S_(p1k[1] ^ TK16((i&1)+4));
 503                 p1k[3] += _S_(p1k[2] ^ TK16((i&1)+6));
 504                 p1k[4] += _S_(p1k[3] ^ TK16((i&1)+0));
 505                 p1k[4] +=  (unsigned short)i;   /* avoid "slide attacks" */
 506         }
 507 }
 508 
 509 /*
 510 **********************************************************************
 511 * Routine: Phase 2 -- generate RC4KEY, given TK, P1K, IV16
 512 *
 513 * Inputs:
 514 *     tk[]      = Temporal key                   [128 bits]
 515 *     p1k[]     = Phase 1 output key               [ 80 bits]
 516 *     iv16      = low 16 bits of IV counter         [ 16 bits]
 517 * Output:
 518 *     rc4key[]  = the key used to encrypt the packet   [128 bits]
 519 *
 520 * Note:
 521 *     The value {TA, IV32, IV16} for Phase1/Phase2 must be unique
 522 *     across all packets using the same key TK value. Then, for a
 523 *     given value of TK[], this TKIP48 construction guarantees that
 524 *     the final RC4KEY value is unique across all packets.
 525 *
 526 * Suggested implementation optimization: if PPK[] is "overlaid"
 527 *     appropriately on RC4KEY[], there is no need for the final
 528 *     for loop below that copies the PPK[] result into RC4KEY[].
 529 *
 530 **********************************************************************
 531 */
 532 static void phase2(u8 *rc4key, const u8 *tk, const u16 *p1k, u16 iv16)
 533 {
 534         int  i;
 535         u16 PPK[6];                     /* temporary key for mixing    */
 536         /* Note: all adds in the PPK[] equations below are mod 2**16     */
 537         for (i = 0; i < 5; i++)
 538                 PPK[i] = p1k[i];        /* first, copy P1K to PPK      */
 539         PPK[5]  =  p1k[4] + iv16;       /* next,  add in IV16     */
 540 
 541         /* Bijective non-linear mixing of the 96 bits of PPK[0..5]         */
 542         PPK[0] +=    _S_(PPK[5] ^ TK16(0));   /* Mix key in each "round"     */
 543         PPK[1] +=    _S_(PPK[0] ^ TK16(1));
 544         PPK[2] +=    _S_(PPK[1] ^ TK16(2));
 545         PPK[3] +=    _S_(PPK[2] ^ TK16(3));
 546         PPK[4] +=    _S_(PPK[3] ^ TK16(4));
 547         PPK[5] +=    _S_(PPK[4] ^ TK16(5));   /* Total # S-box lookups == 6  */
 548 
 549         /* Final sweep: bijective, "linear". Rotates kill LSB correlations   */
 550         PPK[0] +=  RotR1(PPK[5] ^ TK16(6));
 551         PPK[1] +=  RotR1(PPK[0] ^ TK16(7));   /* Use all of TK[] in Phase2   */
 552         PPK[2] +=  RotR1(PPK[1]);
 553         PPK[3] +=  RotR1(PPK[2]);
 554         PPK[4] +=  RotR1(PPK[3]);
 555         PPK[5] +=  RotR1(PPK[4]);
 556         /* Note: At this point, for a given key TK[0..15], the 96-bit output */
 557         /*       value PPK[0..5] is guaranteed to be unique, as a function   */
 558         /*       of the 96-bit "input" value   {TA, IV32, IV16}. That is, P1K  */
 559         /*       is now a keyed permutation of {TA, IV32, IV16}.               */
 560 
 561         /* Set RC4KEY[0..3], which includes "cleartext" portion of RC4 key   */
 562         rc4key[0] = Hi8(iv16);          /* RC4KEY[0..2] is the WEP IV  */
 563         rc4key[1] = (Hi8(iv16) | 0x20) & 0x7F; /* Help avoid weak (FMS) keys  */
 564         rc4key[2] = Lo8(iv16);
 565         rc4key[3] = Lo8((PPK[5] ^ TK16(0)) >> 1);
 566 
 567         /* Copy 96 bits of PPK[0..5] to RC4KEY[4..15]  (little-endian)       */
 568         for (i = 0; i < 6; i++) {
 569                 rc4key[4+2*i] = Lo8(PPK[i]);
 570                 rc4key[5+2*i] = Hi8(PPK[i]);
 571         }
 572 }
 573 
 574 /* The hlen isn't include the IV */
 575 u32     rtw_tkip_encrypt(struct adapter *padapter, u8 *pxmitframe)
 576 {                                                                                                                                       /*  exclude ICV */
 577         u16     pnl;
 578         u32     pnh;
 579         u8      rc4key[16];
 580         u8   ttkey[16];
 581         u8      crc[4];
 582         u8   hw_hdr_offset = 0;
 583         struct arc4context mycontext;
 584         int                     curfragnum, length;
 585 
 586         u8      *pframe, *payload, *iv, *prwskey;
 587         union pn48 dot11txpn;
 588         struct  sta_info                *stainfo;
 589         struct  pkt_attrib       *pattrib = &((struct xmit_frame *)pxmitframe)->attrib;
 590         struct  security_priv   *psecuritypriv = &padapter->securitypriv;
 591         struct  xmit_priv               *pxmitpriv = &padapter->xmitpriv;
 592         u32     res = _SUCCESS;
 593 
 594         if (((struct xmit_frame *)pxmitframe)->buf_addr == NULL)
 595                 return _FAIL;
 596 
 597         hw_hdr_offset = TXDESC_SIZE +
 598                  (((struct xmit_frame *)pxmitframe)->pkt_offset * PACKET_OFFSET_SZ);
 599         pframe = ((struct xmit_frame *)pxmitframe)->buf_addr + hw_hdr_offset;
 600         /* 4 start to encrypt each fragment */
 601         if (pattrib->encrypt == _TKIP_) {
 602                 if (pattrib->psta)
 603                         stainfo = pattrib->psta;
 604                 else
 605                         stainfo = rtw_get_stainfo(&padapter->stapriv, &pattrib->ra[0]);
 606 
 607                 if (stainfo != NULL) {
 608                         RT_TRACE(_module_rtl871x_security_c_, _drv_err_, ("%s: stainfo!= NULL!!!\n", __func__));
 609 
 610                         if (is_multicast_ether_addr(pattrib->ra))
 611                                 prwskey = psecuritypriv->dot118021XGrpKey[psecuritypriv->dot118021XGrpKeyid].skey;
 612                         else
 613                                 prwskey = &stainfo->dot118021x_UncstKey.skey[0];
 614 
 615                         for (curfragnum = 0; curfragnum < pattrib->nr_frags; curfragnum++) {
 616                                 iv = pframe+pattrib->hdrlen;
 617                                 payload = pframe+pattrib->iv_len+pattrib->hdrlen;
 618 
 619                                 GET_TKIP_PN(iv, dot11txpn);
 620 
 621                                 pnl = (u16)(dot11txpn.val);
 622                                 pnh = (u32)(dot11txpn.val>>16);
 623                                 phase1((u16 *)&ttkey[0], prwskey, &pattrib->ta[0], pnh);
 624                                 phase2(&rc4key[0], prwskey, (u16 *)&ttkey[0], pnl);
 625 
 626                                 if ((curfragnum+1) == pattrib->nr_frags) {      /* 4 the last fragment */
 627                                         length = pattrib->last_txcmdsz-pattrib->hdrlen-pattrib->iv_len-pattrib->icv_len;
 628                                         RT_TRACE(_module_rtl871x_security_c_, _drv_info_,
 629                                                  ("pattrib->iv_len=%x, pattrib->icv_len=%x\n",
 630                                                  pattrib->iv_len, pattrib->icv_len));
 631                                         *((__le32 *)crc) = getcrc32(payload, length);/* modified by Amy*/
 632 
 633                                         arcfour_init(&mycontext, rc4key, 16);
 634                                         arcfour_encrypt(&mycontext, payload, payload, length);
 635                                         arcfour_encrypt(&mycontext, payload+length, crc, 4);
 636                                 } else {
 637                                         length = pxmitpriv->frag_len-pattrib->hdrlen-pattrib->iv_len-pattrib->icv_len;
 638                                         *((__le32 *)crc) = getcrc32(payload, length);/* modified by Amy*/
 639                                         arcfour_init(&mycontext, rc4key, 16);
 640                                         arcfour_encrypt(&mycontext, payload, payload, length);
 641                                         arcfour_encrypt(&mycontext, payload+length, crc, 4);
 642 
 643                                         pframe += pxmitpriv->frag_len;
 644                                         pframe = (u8 *)round_up((size_t)(pframe), 4);
 645                                 }
 646                         }
 647                 } else {
 648                         RT_TRACE(_module_rtl871x_security_c_, _drv_err_, ("%s: stainfo==NULL!!!\n", __func__));
 649                         res = _FAIL;
 650                 }
 651         }
 652         return res;
 653 }
 654 
 655 /* The hlen isn't include the IV */
 656 u32 rtw_tkip_decrypt(struct adapter *padapter, u8 *precvframe)
 657 {                                                                                                                                       /*  exclude ICV */
 658         u16 pnl;
 659         u32 pnh;
 660         u8   rc4key[16];
 661         u8   ttkey[16];
 662         u8      crc[4];
 663         struct arc4context mycontext;
 664         int                     length;
 665 
 666         u8      *pframe, *payload, *iv, *prwskey;
 667         union pn48 dot11txpn;
 668         struct  sta_info                *stainfo;
 669         struct  rx_pkt_attrib    *prxattrib = &((struct recv_frame *)precvframe)->attrib;
 670         struct  security_priv   *psecuritypriv = &padapter->securitypriv;
 671         u32             res = _SUCCESS;
 672 
 673 
 674         pframe = (unsigned char *)((struct recv_frame *)precvframe)->pkt->data;
 675 
 676         /* 4 start to decrypt recvframe */
 677         if (prxattrib->encrypt == _TKIP_) {
 678                 stainfo = rtw_get_stainfo(&padapter->stapriv, &prxattrib->ta[0]);
 679                 if (stainfo) {
 680                         if (is_multicast_ether_addr(prxattrib->ra)) {
 681                                 if (!psecuritypriv->binstallGrpkey) {
 682                                         res = _FAIL;
 683                                         DBG_88E("%s:rx bc/mc packets, but didn't install group key!!!!!!!!!!\n", __func__);
 684                                         goto exit;
 685                                 }
 686                                 prwskey = psecuritypriv->dot118021XGrpKey[prxattrib->key_index].skey;
 687                         } else {
 688                                 RT_TRACE(_module_rtl871x_security_c_, _drv_err_, ("%s: stainfo!= NULL!!!\n", __func__));
 689                                 prwskey = &stainfo->dot118021x_UncstKey.skey[0];
 690                         }
 691 
 692                         iv = pframe+prxattrib->hdrlen;
 693                         payload = pframe+prxattrib->iv_len+prxattrib->hdrlen;
 694                         length = ((struct recv_frame *)precvframe)->pkt->len-prxattrib->hdrlen-prxattrib->iv_len;
 695 
 696                         GET_TKIP_PN(iv, dot11txpn);
 697 
 698                         pnl = (u16)(dot11txpn.val);
 699                         pnh = (u32)(dot11txpn.val>>16);
 700 
 701                         phase1((u16 *)&ttkey[0], prwskey, &prxattrib->ta[0], pnh);
 702                         phase2(&rc4key[0], prwskey, (unsigned short *)&ttkey[0], pnl);
 703 
 704                         /* 4 decrypt payload include icv */
 705 
 706                         arcfour_init(&mycontext, rc4key, 16);
 707                         arcfour_encrypt(&mycontext, payload, payload, length);
 708 
 709                         *((__le32 *)crc) = getcrc32(payload, length-4);
 710 
 711                         if (crc[3] != payload[length-1] ||
 712                             crc[2] != payload[length-2] ||
 713                             crc[1] != payload[length-3] ||
 714                             crc[0] != payload[length-4]) {
 715                                 RT_TRACE(_module_rtl871x_security_c_, _drv_err_,
 716                                          ("rtw_wep_decrypt:icv error crc (%4ph)!=payload (%4ph)\n",
 717                                          &crc, &payload[length-4]));
 718                                 res = _FAIL;
 719                         }
 720                 } else {
 721                         RT_TRACE(_module_rtl871x_security_c_, _drv_err_, ("rtw_tkip_decrypt: stainfo==NULL!!!\n"));
 722                         res = _FAIL;
 723                 }
 724         }
 725 exit:
 726         return res;
 727 }
 728 
 729 /* 3                    ===== AES related ===== */
 730 
 731 
 732 #define MAX_MSG_SIZE    2048
 733 /*****************************/
 734 /******** SBOX Table *********/
 735 /*****************************/
 736 
 737 static  u8 sbox_table[256] = {
 738         0x63, 0x7c, 0x77, 0x7b, 0xf2, 0x6b, 0x6f, 0xc5,
 739         0x30, 0x01, 0x67, 0x2b, 0xfe, 0xd7, 0xab, 0x76,
 740         0xca, 0x82, 0xc9, 0x7d, 0xfa, 0x59, 0x47, 0xf0,
 741         0xad, 0xd4, 0xa2, 0xaf, 0x9c, 0xa4, 0x72, 0xc0,
 742         0xb7, 0xfd, 0x93, 0x26, 0x36, 0x3f, 0xf7, 0xcc,
 743         0x34, 0xa5, 0xe5, 0xf1, 0x71, 0xd8, 0x31, 0x15,
 744         0x04, 0xc7, 0x23, 0xc3, 0x18, 0x96, 0x05, 0x9a,
 745         0x07, 0x12, 0x80, 0xe2, 0xeb, 0x27, 0xb2, 0x75,
 746         0x09, 0x83, 0x2c, 0x1a, 0x1b, 0x6e, 0x5a, 0xa0,
 747         0x52, 0x3b, 0xd6, 0xb3, 0x29, 0xe3, 0x2f, 0x84,
 748         0x53, 0xd1, 0x00, 0xed, 0x20, 0xfc, 0xb1, 0x5b,
 749         0x6a, 0xcb, 0xbe, 0x39, 0x4a, 0x4c, 0x58, 0xcf,
 750         0xd0, 0xef, 0xaa, 0xfb, 0x43, 0x4d, 0x33, 0x85,
 751         0x45, 0xf9, 0x02, 0x7f, 0x50, 0x3c, 0x9f, 0xa8,
 752         0x51, 0xa3, 0x40, 0x8f, 0x92, 0x9d, 0x38, 0xf5,
 753         0xbc, 0xb6, 0xda, 0x21, 0x10, 0xff, 0xf3, 0xd2,
 754         0xcd, 0x0c, 0x13, 0xec, 0x5f, 0x97, 0x44, 0x17,
 755         0xc4, 0xa7, 0x7e, 0x3d, 0x64, 0x5d, 0x19, 0x73,
 756         0x60, 0x81, 0x4f, 0xdc, 0x22, 0x2a, 0x90, 0x88,
 757         0x46, 0xee, 0xb8, 0x14, 0xde, 0x5e, 0x0b, 0xdb,
 758         0xe0, 0x32, 0x3a, 0x0a, 0x49, 0x06, 0x24, 0x5c,
 759         0xc2, 0xd3, 0xac, 0x62, 0x91, 0x95, 0xe4, 0x79,
 760         0xe7, 0xc8, 0x37, 0x6d, 0x8d, 0xd5, 0x4e, 0xa9,
 761         0x6c, 0x56, 0xf4, 0xea, 0x65, 0x7a, 0xae, 0x08,
 762         0xba, 0x78, 0x25, 0x2e, 0x1c, 0xa6, 0xb4, 0xc6,
 763         0xe8, 0xdd, 0x74, 0x1f, 0x4b, 0xbd, 0x8b, 0x8a,
 764         0x70, 0x3e, 0xb5, 0x66, 0x48, 0x03, 0xf6, 0x0e,
 765         0x61, 0x35, 0x57, 0xb9, 0x86, 0xc1, 0x1d, 0x9e,
 766         0xe1, 0xf8, 0x98, 0x11, 0x69, 0xd9, 0x8e, 0x94,
 767         0x9b, 0x1e, 0x87, 0xe9, 0xce, 0x55, 0x28, 0xdf,
 768         0x8c, 0xa1, 0x89, 0x0d, 0xbf, 0xe6, 0x42, 0x68,
 769         0x41, 0x99, 0x2d, 0x0f, 0xb0, 0x54, 0xbb, 0x16
 770 };
 771 
 772 /*****************************/
 773 /**** Function Prototypes ****/
 774 /*****************************/
 775 
 776 static void bitwise_xor(u8 *ina, u8 *inb, u8 *out);
 777 static void construct_mic_iv(u8 *mic_header1, int qc_exists, int a4_exists, u8 *mpdu, uint payload_length, u8 *pn_vector);
 778 static void construct_mic_header1(u8 *mic_header1, int header_length, u8 *mpdu);
 779 static void construct_mic_header2(u8 *mic_header2, u8 *mpdu, int a4_exists, int qc_exists);
 780 static void construct_ctr_preload(u8 *ctr_preload, int a4_exists, int qc_exists, u8 *mpdu, u8 *pn_vector, int c);
 781 static void xor_128(u8 *a, u8 *b, u8 *out);
 782 static void xor_32(u8 *a, u8 *b, u8 *out);
 783 static u8 sbox(u8 a);
 784 static void next_key(u8 *key, int round);
 785 static void byte_sub(u8 *in, u8 *out);
 786 static void shift_row(u8 *in, u8 *out);
 787 static void mix_column(u8 *in, u8 *out);
 788 static void aes128k128d(u8 *key, u8 *data, u8 *ciphertext);
 789 
 790 /****************************************/
 791 /* aes128k128d()                        */
 792 /* Performs a 128 bit AES encrypt with  */
 793 /* 128 bit data.                        */
 794 /****************************************/
 795 static void xor_128(u8 *a, u8 *b, u8 *out)
 796 {
 797         int i;
 798 
 799         for (i = 0; i < 16; i++)
 800                 out[i] = a[i] ^ b[i];
 801 }
 802 
 803 static void xor_32(u8 *a, u8 *b, u8 *out)
 804 {
 805         int i;
 806 
 807         for (i = 0; i < 4; i++)
 808                 out[i] = a[i] ^ b[i];
 809 }
 810 
 811 static u8 sbox(u8 a)
 812 {
 813         return sbox_table[(int)a];
 814 }
 815 
 816 static void next_key(u8 *key, int round)
 817 {
 818         u8 rcon;
 819         u8 sbox_key[4];
 820         u8 rcon_table[12] = {
 821                 0x01, 0x02, 0x04, 0x08, 0x10, 0x20, 0x40, 0x80,
 822                 0x1b, 0x36, 0x36, 0x36
 823         };
 824 
 825         sbox_key[0] = sbox(key[13]);
 826         sbox_key[1] = sbox(key[14]);
 827         sbox_key[2] = sbox(key[15]);
 828         sbox_key[3] = sbox(key[12]);
 829 
 830         rcon = rcon_table[round];
 831 
 832         xor_32(&key[0], sbox_key, &key[0]);
 833         key[0] = key[0] ^ rcon;
 834 
 835         xor_32(&key[4], &key[0], &key[4]);
 836         xor_32(&key[8], &key[4], &key[8]);
 837         xor_32(&key[12], &key[8], &key[12]);
 838 }
 839 
 840 static void byte_sub(u8 *in, u8 *out)
 841 {
 842         int i;
 843         for (i = 0; i < 16; i++)
 844                 out[i] = sbox(in[i]);
 845 }
 846 
 847 static void shift_row(u8 *in, u8 *out)
 848 {
 849         out[0] =  in[0];
 850         out[1] =  in[5];
 851         out[2] =  in[10];
 852         out[3] =  in[15];
 853         out[4] =  in[4];
 854         out[5] =  in[9];
 855         out[6] =  in[14];
 856         out[7] =  in[3];
 857         out[8] =  in[8];
 858         out[9] =  in[13];
 859         out[10] = in[2];
 860         out[11] = in[7];
 861         out[12] = in[12];
 862         out[13] = in[1];
 863         out[14] = in[6];
 864         out[15] = in[11];
 865 }
 866 
 867 static void mix_column(u8 *in, u8 *out)
 868 {
 869         int i;
 870         u8 add1b[4];
 871         u8 add1bf7[4];
 872         u8 rotl[4];
 873         u8 swap_halves[4];
 874         u8 andf7[4];
 875         u8 rotr[4];
 876         u8 temp[4];
 877         u8 tempb[4];
 878 
 879         for (i = 0 ; i < 4; i++) {
 880                 if ((in[i] & 0x80) == 0x80)
 881                         add1b[i] = 0x1b;
 882                 else
 883                         add1b[i] = 0x00;
 884         }
 885 
 886         swap_halves[0] = in[2];    /* Swap halves */
 887         swap_halves[1] = in[3];
 888         swap_halves[2] = in[0];
 889         swap_halves[3] = in[1];
 890 
 891         rotl[0] = in[3];        /* Rotate left 8 bits */
 892         rotl[1] = in[0];
 893         rotl[2] = in[1];
 894         rotl[3] = in[2];
 895 
 896         andf7[0] = in[0] & 0x7f;
 897         andf7[1] = in[1] & 0x7f;
 898         andf7[2] = in[2] & 0x7f;
 899         andf7[3] = in[3] & 0x7f;
 900 
 901         for (i = 3; i > 0; i--) {    /* logical shift left 1 bit */
 902                 andf7[i] = andf7[i] << 1;
 903                 if ((andf7[i-1] & 0x80) == 0x80)
 904                         andf7[i] = (andf7[i] | 0x01);
 905         }
 906         andf7[0] = andf7[0] << 1;
 907         andf7[0] = andf7[0] & 0xfe;
 908 
 909         xor_32(add1b, andf7, add1bf7);
 910 
 911         xor_32(in, add1bf7, rotr);
 912 
 913         temp[0] = rotr[0];       /* Rotate right 8 bits */
 914         rotr[0] = rotr[1];
 915         rotr[1] = rotr[2];
 916         rotr[2] = rotr[3];
 917         rotr[3] = temp[0];
 918 
 919         xor_32(add1bf7, rotr, temp);
 920         xor_32(swap_halves, rotl, tempb);
 921         xor_32(temp, tempb, out);
 922 }
 923 
 924 static void aes128k128d(u8 *key, u8 *data, u8 *ciphertext)
 925 {
 926         int round;
 927         int i;
 928         u8 intermediatea[16];
 929         u8 intermediateb[16];
 930         u8 round_key[16];
 931 
 932         for (i = 0; i < 16; i++)
 933                 round_key[i] = key[i];
 934         for (round = 0; round < 11; round++) {
 935                 if (round == 0) {
 936                         xor_128(round_key, data, ciphertext);
 937                         next_key(round_key, round);
 938                 } else if (round == 10) {
 939                         byte_sub(ciphertext, intermediatea);
 940                         shift_row(intermediatea, intermediateb);
 941                         xor_128(intermediateb, round_key, ciphertext);
 942                 } else {    /* 1 - 9 */
 943                         byte_sub(ciphertext, intermediatea);
 944                         shift_row(intermediatea, intermediateb);
 945                         mix_column(&intermediateb[0], &intermediatea[0]);
 946                         mix_column(&intermediateb[4], &intermediatea[4]);
 947                         mix_column(&intermediateb[8], &intermediatea[8]);
 948                         mix_column(&intermediateb[12], &intermediatea[12]);
 949                         xor_128(intermediatea, round_key, ciphertext);
 950                         next_key(round_key, round);
 951                 }
 952         }
 953 }
 954 
 955 /************************************************/
 956 /* construct_mic_iv()                      */
 957 /* Builds the MIC IV from header fields and PN  */
 958 /************************************************/
 959 static void construct_mic_iv(u8 *mic_iv, int qc_exists, int a4_exists, u8 *mpdu,
 960                              uint payload_length, u8 *pn_vector)
 961 {
 962         int i;
 963 
 964         mic_iv[0] = 0x59;
 965         if (qc_exists && a4_exists)
 966                 mic_iv[1] = mpdu[30] & 0x0f;    /* QoS_TC          */
 967         if (qc_exists && !a4_exists)
 968                 mic_iv[1] = mpdu[24] & 0x0f;    /* mute bits 7-4    */
 969         if (!qc_exists)
 970                 mic_iv[1] = 0x00;
 971         for (i = 2; i < 8; i++)
 972                 mic_iv[i] = mpdu[i + 8];        /* mic_iv[2:7] = A2[0:5] = mpdu[10:15] */
 973         for (i = 8; i < 14; i++)
 974                 mic_iv[i] = pn_vector[13 - i];  /* mic_iv[8:13] = PN[5:0] */
 975         mic_iv[14] = (unsigned char)(payload_length / 256);
 976         mic_iv[15] = (unsigned char)(payload_length % 256);
 977 }
 978 
 979 /************************************************/
 980 /* construct_mic_header1()                    */
 981 /* Builds the first MIC header block from       */
 982 /* header fields.                              */
 983 /************************************************/
 984 static void construct_mic_header1(u8 *mic_header1, int header_length, u8 *mpdu)
 985 {
 986         mic_header1[0] = (u8)((header_length - 2) / 256);
 987         mic_header1[1] = (u8)((header_length - 2) % 256);
 988         mic_header1[2] = mpdu[0] & 0xcf;    /* Mute CF poll & CF ack bits */
 989         mic_header1[3] = mpdu[1] & 0xc7;    /* Mute retry, more data and pwr mgt bits */
 990         mic_header1[4] = mpdu[4];       /* A1 */
 991         mic_header1[5] = mpdu[5];
 992         mic_header1[6] = mpdu[6];
 993         mic_header1[7] = mpdu[7];
 994         mic_header1[8] = mpdu[8];
 995         mic_header1[9] = mpdu[9];
 996         mic_header1[10] = mpdu[10];     /* A2 */
 997         mic_header1[11] = mpdu[11];
 998         mic_header1[12] = mpdu[12];
 999         mic_header1[13] = mpdu[13];
1000         mic_header1[14] = mpdu[14];
1001         mic_header1[15] = mpdu[15];
1002 }
1003 
1004 /************************************************/
1005 /* construct_mic_header2()                    */
1006 /* Builds the last MIC header block from        */
1007 /* header fields.                              */
1008 /************************************************/
1009 static void construct_mic_header2(u8 *mic_header2, u8 *mpdu, int a4_exists, int qc_exists)
1010 {
1011         int i;
1012 
1013         for (i = 0; i < 16; i++)
1014                 mic_header2[i] = 0x00;
1015 
1016         mic_header2[0] = mpdu[16];    /* A3 */
1017         mic_header2[1] = mpdu[17];
1018         mic_header2[2] = mpdu[18];
1019         mic_header2[3] = mpdu[19];
1020         mic_header2[4] = mpdu[20];
1021         mic_header2[5] = mpdu[21];
1022 
1023         mic_header2[6] = 0x00;
1024         mic_header2[7] = 0x00; /* mpdu[23]; */
1025 
1026         if (!qc_exists && a4_exists) {
1027                 for (i = 0; i < 6; i++)
1028                         mic_header2[8+i] = mpdu[24+i];   /* A4 */
1029         }
1030 
1031         if (qc_exists && !a4_exists) {
1032                 mic_header2[8] = mpdu[24] & 0x0f; /* mute bits 15 - 4 */
1033                 mic_header2[9] = mpdu[25] & 0x00;
1034         }
1035 
1036         if (qc_exists && a4_exists) {
1037                 for (i = 0; i < 6; i++)
1038                         mic_header2[8+i] = mpdu[24+i];   /* A4 */
1039 
1040                 mic_header2[14] = mpdu[30] & 0x0f;
1041                 mic_header2[15] = mpdu[31] & 0x00;
1042         }
1043 }
1044 
1045 /************************************************/
1046 /* construct_mic_header2()                    */
1047 /* Builds the last MIC header block from        */
1048 /* header fields.                              */
1049 /************************************************/
1050 static void construct_ctr_preload(u8 *ctr_preload, int a4_exists, int qc_exists, u8 *mpdu, u8 *pn_vector, int c)
1051 {
1052         int i;
1053 
1054         for (i = 0; i < 16; i++)
1055                 ctr_preload[i] = 0x00;
1056         i = 0;
1057 
1058         ctr_preload[0] = 0x01;                            /* flag */
1059         if (qc_exists && a4_exists)
1060                 ctr_preload[1] = mpdu[30] & 0x0f;   /* QoC_Control */
1061         if (qc_exists && !a4_exists)
1062                 ctr_preload[1] = mpdu[24] & 0x0f;
1063 
1064         for (i = 2; i < 8; i++)
1065                 ctr_preload[i] = mpdu[i + 8];                  /* ctr_preload[2:7] = A2[0:5] = mpdu[10:15] */
1066         for (i = 8; i < 14; i++)
1067                 ctr_preload[i] =    pn_vector[13 - i];    /* ctr_preload[8:13] = PN[5:0] */
1068         ctr_preload[14] =  (unsigned char)(c / 256); /* Ctr */
1069         ctr_preload[15] =  (unsigned char)(c % 256);
1070 }
1071 
1072 /************************************/
1073 /* bitwise_xor()                    */
1074 /* A 128 bit, bitwise exclusive or  */
1075 /************************************/
1076 static void bitwise_xor(u8 *ina, u8 *inb, u8 *out)
1077 {
1078         int i;
1079 
1080         for (i = 0; i < 16; i++)
1081                 out[i] = ina[i] ^ inb[i];
1082 }
1083 
1084 static int aes_cipher(u8 *key, uint hdrlen, u8 *pframe, uint plen)
1085 {
1086         uint    qc_exists, a4_exists, i, j, payload_remainder,
1087                 num_blocks, payload_index;
1088 
1089         u8 pn_vector[6];
1090         u8 mic_iv[16];
1091         u8 mic_header1[16];
1092         u8 mic_header2[16];
1093         u8 ctr_preload[16];
1094 
1095         /* Intermediate Buffers */
1096         u8 chain_buffer[16];
1097         u8 aes_out[16];
1098         u8 padded_buffer[16];
1099         u8 mic[8];
1100         uint    frtype  = GetFrameType(pframe);
1101         uint    frsubtype  = GetFrameSubType(pframe);
1102 
1103         frsubtype >>= 4;
1104 
1105         memset(mic_iv, 0, 16);
1106         memset(mic_header1, 0, 16);
1107         memset(mic_header2, 0, 16);
1108         memset(ctr_preload, 0, 16);
1109         memset(chain_buffer, 0, 16);
1110         memset(aes_out, 0, 16);
1111         memset(padded_buffer, 0, 16);
1112 
1113         if ((hdrlen == WLAN_HDR_A3_LEN) || (hdrlen ==  WLAN_HDR_A3_QOS_LEN))
1114                 a4_exists = 0;
1115         else
1116                 a4_exists = 1;
1117 
1118         if ((frtype == WIFI_DATA_CFACK) || (frtype == WIFI_DATA_CFPOLL) || (frtype == WIFI_DATA_CFACKPOLL)) {
1119                 qc_exists = 1;
1120                 if (hdrlen !=  WLAN_HDR_A3_QOS_LEN)
1121                         hdrlen += 2;
1122         } else if ((frsubtype == 0x08) || (frsubtype == 0x09) || (frsubtype == 0x0a) || (frsubtype == 0x0b)) {
1123                 if (hdrlen !=  WLAN_HDR_A3_QOS_LEN)
1124                         hdrlen += 2;
1125                 qc_exists = 1;
1126         } else {
1127                 qc_exists = 0;
1128         }
1129 
1130         pn_vector[0] = pframe[hdrlen];
1131         pn_vector[1] = pframe[hdrlen+1];
1132         pn_vector[2] = pframe[hdrlen+4];
1133         pn_vector[3] = pframe[hdrlen+5];
1134         pn_vector[4] = pframe[hdrlen+6];
1135         pn_vector[5] = pframe[hdrlen+7];
1136 
1137         construct_mic_iv(mic_iv, qc_exists, a4_exists, pframe, plen, pn_vector);
1138 
1139         construct_mic_header1(mic_header1, hdrlen, pframe);
1140         construct_mic_header2(mic_header2, pframe, a4_exists, qc_exists);
1141 
1142         payload_remainder = plen % 16;
1143         num_blocks = plen / 16;
1144 
1145         /* Find start of payload */
1146         payload_index = hdrlen + 8;
1147 
1148         /* Calculate MIC */
1149         aes128k128d(key, mic_iv, aes_out);
1150         bitwise_xor(aes_out, mic_header1, chain_buffer);
1151         aes128k128d(key, chain_buffer, aes_out);
1152         bitwise_xor(aes_out, mic_header2, chain_buffer);
1153         aes128k128d(key, chain_buffer, aes_out);
1154 
1155         for (i = 0; i < num_blocks; i++) {
1156                 bitwise_xor(aes_out, &pframe[payload_index], chain_buffer);/* bitwise_xor(aes_out, &message[payload_index], chain_buffer); */
1157 
1158                 payload_index += 16;
1159                 aes128k128d(key, chain_buffer, aes_out);
1160         }
1161 
1162         /* Add on the final payload block if it needs padding */
1163         if (payload_remainder > 0) {
1164                 for (j = 0; j < 16; j++)
1165                         padded_buffer[j] = 0x00;
1166                 for (j = 0; j < payload_remainder; j++)
1167                         padded_buffer[j] = pframe[payload_index++];/* padded_buffer[j] = message[payload_index++]; */
1168                 bitwise_xor(aes_out, padded_buffer, chain_buffer);
1169                 aes128k128d(key, chain_buffer, aes_out);
1170         }
1171 
1172         for (j = 0; j < 8; j++)
1173                 mic[j] = aes_out[j];
1174 
1175         /* Insert MIC into payload */
1176         for (j = 0; j < 8; j++)
1177                 pframe[payload_index+j] = mic[j];
1178 
1179         payload_index = hdrlen + 8;
1180         for (i = 0; i < num_blocks; i++) {
1181                 construct_ctr_preload(ctr_preload, a4_exists, qc_exists, pframe, pn_vector, i+1);
1182                 aes128k128d(key, ctr_preload, aes_out);
1183                 bitwise_xor(aes_out, &pframe[payload_index], chain_buffer);
1184                 for (j = 0; j < 16; j++)
1185                         pframe[payload_index++] = chain_buffer[j];
1186         }
1187 
1188         if (payload_remainder > 0) {    /* If there is a short final block, then pad it,*/
1189                                         /* encrypt it and copy the unpadded part back   */
1190                 construct_ctr_preload(ctr_preload, a4_exists, qc_exists, pframe, pn_vector, num_blocks+1);
1191 
1192                 for (j = 0; j < 16; j++)
1193                         padded_buffer[j] = 0x00;
1194                 for (j = 0; j < payload_remainder; j++)
1195                         padded_buffer[j] = pframe[payload_index+j];
1196                 aes128k128d(key, ctr_preload, aes_out);
1197                 bitwise_xor(aes_out, padded_buffer, chain_buffer);
1198                 for (j = 0; j < payload_remainder; j++)
1199                         pframe[payload_index++] = chain_buffer[j];
1200         }
1201         /* Encrypt the MIC */
1202         construct_ctr_preload(ctr_preload, a4_exists, qc_exists, pframe, pn_vector, 0);
1203 
1204         for (j = 0; j < 16; j++)
1205                 padded_buffer[j] = 0x00;
1206         for (j = 0; j < 8; j++)
1207                 padded_buffer[j] = pframe[j+hdrlen+8+plen];
1208 
1209         aes128k128d(key, ctr_preload, aes_out);
1210         bitwise_xor(aes_out, padded_buffer, chain_buffer);
1211         for (j = 0; j < 8; j++)
1212                 pframe[payload_index++] = chain_buffer[j];
1213         return _SUCCESS;
1214 }
1215 
1216 u32     rtw_aes_encrypt(struct adapter *padapter, u8 *pxmitframe)
1217 {       /*  exclude ICV */
1218 
1219         /*static*/
1220 /*      unsigned char   message[MAX_MSG_SIZE]; */
1221 
1222         /* Intermediate Buffers */
1223         int     curfragnum, length;
1224         u8      *pframe, *prwskey;      /*  *payload,*iv */
1225         u8   hw_hdr_offset = 0;
1226         struct  sta_info                *stainfo;
1227         struct  pkt_attrib       *pattrib = &((struct xmit_frame *)pxmitframe)->attrib;
1228         struct  security_priv   *psecuritypriv = &padapter->securitypriv;
1229         struct  xmit_priv               *pxmitpriv = &padapter->xmitpriv;
1230 
1231 /*      uint    offset = 0; */
1232         u32 res = _SUCCESS;
1233 
1234         if (((struct xmit_frame *)pxmitframe)->buf_addr == NULL)
1235                 return _FAIL;
1236 
1237         hw_hdr_offset = TXDESC_SIZE +
1238                  (((struct xmit_frame *)pxmitframe)->pkt_offset * PACKET_OFFSET_SZ);
1239 
1240         pframe = ((struct xmit_frame *)pxmitframe)->buf_addr + hw_hdr_offset;
1241 
1242         /* 4 start to encrypt each fragment */
1243         if (pattrib->encrypt == _AES_) {
1244                 if (pattrib->psta)
1245                         stainfo = pattrib->psta;
1246                 else
1247                         stainfo = rtw_get_stainfo(&padapter->stapriv, &pattrib->ra[0]);
1248 
1249                 if (stainfo) {
1250                         RT_TRACE(_module_rtl871x_security_c_, _drv_err_, ("%s: stainfo!= NULL!!!\n", __func__));
1251 
1252                         if (is_multicast_ether_addr(pattrib->ra))
1253                                 prwskey = psecuritypriv->dot118021XGrpKey[psecuritypriv->dot118021XGrpKeyid].skey;
1254                         else
1255                                 prwskey = &stainfo->dot118021x_UncstKey.skey[0];
1256                         for (curfragnum = 0; curfragnum < pattrib->nr_frags; curfragnum++) {
1257                                 if ((curfragnum+1) == pattrib->nr_frags) {      /* 4 the last fragment */
1258                                         length = pattrib->last_txcmdsz-pattrib->hdrlen-pattrib->iv_len-pattrib->icv_len;
1259 
1260                                         aes_cipher(prwskey, pattrib->hdrlen, pframe, length);
1261                                 } else {
1262                                         length = pxmitpriv->frag_len-pattrib->hdrlen-pattrib->iv_len-pattrib->icv_len;
1263 
1264                                         aes_cipher(prwskey, pattrib->hdrlen, pframe, length);
1265                                         pframe += pxmitpriv->frag_len;
1266                                         pframe = (u8 *)round_up((size_t)(pframe), 8);
1267                                 }
1268                         }
1269                 } else {
1270                         RT_TRACE(_module_rtl871x_security_c_, _drv_err_, ("%s: stainfo==NULL!!!\n", __func__));
1271                         res = _FAIL;
1272                 }
1273         }
1274 
1275         return res;
1276 }
1277 
1278 u32 rtw_aes_decrypt(struct adapter *padapter, u8 *precvframe)
1279 {
1280         struct rx_pkt_attrib *prxattrib = &((struct recv_frame *)precvframe)->attrib;
1281         u32 res = _SUCCESS;
1282 
1283         /* 4 start to encrypt each fragment */
1284         if (prxattrib->encrypt == _AES_) {
1285                 struct sta_info *stainfo = rtw_get_stainfo(&padapter->stapriv, &prxattrib->ta[0]);
1286 
1287                 if (stainfo != NULL) {
1288                         int key_idx;
1289                         const int key_length = 16, iv_len = 8, icv_len = 8;
1290                         struct sk_buff *skb = ((struct recv_frame *)precvframe)->pkt;
1291                         void *crypto_private = NULL;
1292                         u8 *key, *pframe = skb->data;
1293                         struct lib80211_crypto_ops *crypto_ops = lib80211_get_crypto_ops("CCMP");
1294                         struct security_priv *psecuritypriv = &padapter->securitypriv;
1295                         char iv[8], icv[8];
1296 
1297                         if (is_multicast_ether_addr(prxattrib->ra)) {
1298                                 /* in concurrent we should use sw descrypt in group key, so we remove this message */
1299                                 if (!psecuritypriv->binstallGrpkey) {
1300                                         res = _FAIL;
1301                                         DBG_88E("%s:rx bc/mc packets, but didn't install group key!!!!!!!!!!\n", __func__);
1302                                         goto exit;
1303                                 }
1304                                 key_idx = psecuritypriv->dot118021XGrpKeyid;
1305                                 key = psecuritypriv->dot118021XGrpKey[key_idx].skey;
1306                         } else {
1307                                 key_idx = 0;
1308                                 key = stainfo->dot118021x_UncstKey.skey;
1309                         }
1310 
1311                         if (!crypto_ops) {
1312                                 res = _FAIL;
1313                                 goto exit_lib80211_ccmp;
1314                         }
1315 
1316                         memcpy(iv, pframe + prxattrib->hdrlen, iv_len);
1317                         memcpy(icv, pframe + skb->len - icv_len, icv_len);
1318 
1319                         crypto_private = crypto_ops->init(key_idx);
1320                         if (!crypto_private) {
1321                                 res = _FAIL;
1322                                 goto exit_lib80211_ccmp;
1323                         }
1324                         if (crypto_ops->set_key(key, key_length, NULL, crypto_private) < 0) {
1325                                 res = _FAIL;
1326                                 goto exit_lib80211_ccmp;
1327                         }
1328                         if (crypto_ops->decrypt_mpdu(skb, prxattrib->hdrlen, crypto_private)) {
1329                                 res = _FAIL;
1330                                 goto exit_lib80211_ccmp;
1331                         }
1332 
1333                         memmove(pframe, pframe + iv_len, prxattrib->hdrlen);
1334                         skb_push(skb, iv_len);
1335                         skb_put(skb, icv_len);
1336 
1337                         memcpy(pframe + prxattrib->hdrlen, iv, iv_len);
1338                         memcpy(pframe + skb->len - icv_len, icv, icv_len);
1339 
1340 exit_lib80211_ccmp:
1341                         if (crypto_ops && crypto_private)
1342                                 crypto_ops->deinit(crypto_private);
1343                 } else {
1344                         RT_TRACE(_module_rtl871x_security_c_, _drv_err_, ("rtw_aes_encrypt: stainfo==NULL!!!\n"));
1345                         res = _FAIL;
1346                 }
1347         }
1348 exit:
1349         return res;
1350 }
1351 
1352 /* AES tables*/
1353 const u32 Te0[256] = {
1354         0xc66363a5U, 0xf87c7c84U, 0xee777799U, 0xf67b7b8dU,
1355         0xfff2f20dU, 0xd66b6bbdU, 0xde6f6fb1U, 0x91c5c554U,
1356         0x60303050U, 0x02010103U, 0xce6767a9U, 0x562b2b7dU,
1357         0xe7fefe19U, 0xb5d7d762U, 0x4dababe6U, 0xec76769aU,
1358         0x8fcaca45U, 0x1f82829dU, 0x89c9c940U, 0xfa7d7d87U,
1359         0xeffafa15U, 0xb25959ebU, 0x8e4747c9U, 0xfbf0f00bU,
1360         0x41adadecU, 0xb3d4d467U, 0x5fa2a2fdU, 0x45afafeaU,
1361         0x239c9cbfU, 0x53a4a4f7U, 0xe4727296U, 0x9bc0c05bU,
1362         0x75b7b7c2U, 0xe1fdfd1cU, 0x3d9393aeU, 0x4c26266aU,
1363         0x6c36365aU, 0x7e3f3f41U, 0xf5f7f702U, 0x83cccc4fU,
1364         0x6834345cU, 0x51a5a5f4U, 0xd1e5e534U, 0xf9f1f108U,
1365         0xe2717193U, 0xabd8d873U, 0x62313153U, 0x2a15153fU,
1366         0x0804040cU, 0x95c7c752U, 0x46232365U, 0x9dc3c35eU,
1367         0x30181828U, 0x379696a1U, 0x0a05050fU, 0x2f9a9ab5U,
1368         0x0e070709U, 0x24121236U, 0x1b80809bU, 0xdfe2e23dU,
1369         0xcdebeb26U, 0x4e272769U, 0x7fb2b2cdU, 0xea75759fU,
1370         0x1209091bU, 0x1d83839eU, 0x582c2c74U, 0x341a1a2eU,
1371         0x361b1b2dU, 0xdc6e6eb2U, 0xb45a5aeeU, 0x5ba0a0fbU,
1372         0xa45252f6U, 0x763b3b4dU, 0xb7d6d661U, 0x7db3b3ceU,
1373         0x5229297bU, 0xdde3e33eU, 0x5e2f2f71U, 0x13848497U,
1374         0xa65353f5U, 0xb9d1d168U, 0x00000000U, 0xc1eded2cU,
1375         0x40202060U, 0xe3fcfc1fU, 0x79b1b1c8U, 0xb65b5bedU,
1376         0xd46a6abeU, 0x8dcbcb46U, 0x67bebed9U, 0x7239394bU,
1377         0x944a4adeU, 0x984c4cd4U, 0xb05858e8U, 0x85cfcf4aU,
1378         0xbbd0d06bU, 0xc5efef2aU, 0x4faaaae5U, 0xedfbfb16U,
1379         0x864343c5U, 0x9a4d4dd7U, 0x66333355U, 0x11858594U,
1380         0x8a4545cfU, 0xe9f9f910U, 0x04020206U, 0xfe7f7f81U,
1381         0xa05050f0U, 0x783c3c44U, 0x259f9fbaU, 0x4ba8a8e3U,
1382         0xa25151f3U, 0x5da3a3feU, 0x804040c0U, 0x058f8f8aU,
1383         0x3f9292adU, 0x219d9dbcU, 0x70383848U, 0xf1f5f504U,
1384         0x63bcbcdfU, 0x77b6b6c1U, 0xafdada75U, 0x42212163U,
1385         0x20101030U, 0xe5ffff1aU, 0xfdf3f30eU, 0xbfd2d26dU,
1386         0x81cdcd4cU, 0x180c0c14U, 0x26131335U, 0xc3ecec2fU,
1387         0xbe5f5fe1U, 0x359797a2U, 0x884444ccU, 0x2e171739U,
1388         0x93c4c457U, 0x55a7a7f2U, 0xfc7e7e82U, 0x7a3d3d47U,
1389         0xc86464acU, 0xba5d5de7U, 0x3219192bU, 0xe6737395U,
1390         0xc06060a0U, 0x19818198U, 0x9e4f4fd1U, 0xa3dcdc7fU,
1391         0x44222266U, 0x542a2a7eU, 0x3b9090abU, 0x0b888883U,
1392         0x8c4646caU, 0xc7eeee29U, 0x6bb8b8d3U, 0x2814143cU,
1393         0xa7dede79U, 0xbc5e5ee2U, 0x160b0b1dU, 0xaddbdb76U,
1394         0xdbe0e03bU, 0x64323256U, 0x743a3a4eU, 0x140a0a1eU,
1395         0x924949dbU, 0x0c06060aU, 0x4824246cU, 0xb85c5ce4U,
1396         0x9fc2c25dU, 0xbdd3d36eU, 0x43acacefU, 0xc46262a6U,
1397         0x399191a8U, 0x319595a4U, 0xd3e4e437U, 0xf279798bU,
1398         0xd5e7e732U, 0x8bc8c843U, 0x6e373759U, 0xda6d6db7U,
1399         0x018d8d8cU, 0xb1d5d564U, 0x9c4e4ed2U, 0x49a9a9e0U,
1400         0xd86c6cb4U, 0xac5656faU, 0xf3f4f407U, 0xcfeaea25U,
1401         0xca6565afU, 0xf47a7a8eU, 0x47aeaee9U, 0x10080818U,
1402         0x6fbabad5U, 0xf0787888U, 0x4a25256fU, 0x5c2e2e72U,
1403         0x381c1c24U, 0x57a6a6f1U, 0x73b4b4c7U, 0x97c6c651U,
1404         0xcbe8e823U, 0xa1dddd7cU, 0xe874749cU, 0x3e1f1f21U,
1405         0x964b4bddU, 0x61bdbddcU, 0x0d8b8b86U, 0x0f8a8a85U,
1406         0xe0707090U, 0x7c3e3e42U, 0x71b5b5c4U, 0xcc6666aaU,
1407         0x904848d8U, 0x06030305U, 0xf7f6f601U, 0x1c0e0e12U,
1408         0xc26161a3U, 0x6a35355fU, 0xae5757f9U, 0x69b9b9d0U,
1409         0x17868691U, 0x99c1c158U, 0x3a1d1d27U, 0x279e9eb9U,
1410         0xd9e1e138U, 0xebf8f813U, 0x2b9898b3U, 0x22111133U,
1411         0xd26969bbU, 0xa9d9d970U, 0x078e8e89U, 0x339494a7U,
1412         0x2d9b9bb6U, 0x3c1e1e22U, 0x15878792U, 0xc9e9e920U,
1413         0x87cece49U, 0xaa5555ffU, 0x50282878U, 0xa5dfdf7aU,
1414         0x038c8c8fU, 0x59a1a1f8U, 0x09898980U, 0x1a0d0d17U,
1415         0x65bfbfdaU, 0xd7e6e631U, 0x844242c6U, 0xd06868b8U,
1416         0x824141c3U, 0x299999b0U, 0x5a2d2d77U, 0x1e0f0f11U,
1417         0x7bb0b0cbU, 0xa85454fcU, 0x6dbbbbd6U, 0x2c16163aU,
1418 };
1419 
1420 const u32 Td0[256] = {
1421         0x51f4a750U, 0x7e416553U, 0x1a17a4c3U, 0x3a275e96U,
1422         0x3bab6bcbU, 0x1f9d45f1U, 0xacfa58abU, 0x4be30393U,
1423         0x2030fa55U, 0xad766df6U, 0x88cc7691U, 0xf5024c25U,
1424         0x4fe5d7fcU, 0xc52acbd7U, 0x26354480U, 0xb562a38fU,
1425         0xdeb15a49U, 0x25ba1b67U, 0x45ea0e98U, 0x5dfec0e1U,
1426         0xc32f7502U, 0x814cf012U, 0x8d4697a3U, 0x6bd3f9c6U,
1427         0x038f5fe7U, 0x15929c95U, 0xbf6d7aebU, 0x955259daU,
1428         0xd4be832dU, 0x587421d3U, 0x49e06929U, 0x8ec9c844U,
1429         0x75c2896aU, 0xf48e7978U, 0x99583e6bU, 0x27b971ddU,
1430         0xbee14fb6U, 0xf088ad17U, 0xc920ac66U, 0x7dce3ab4U,
1431         0x63df4a18U, 0xe51a3182U, 0x97513360U, 0x62537f45U,
1432         0xb16477e0U, 0xbb6bae84U, 0xfe81a01cU, 0xf9082b94U,
1433         0x70486858U, 0x8f45fd19U, 0x94de6c87U, 0x527bf8b7U,
1434         0xab73d323U, 0x724b02e2U, 0xe31f8f57U, 0x6655ab2aU,
1435         0xb2eb2807U, 0x2fb5c203U, 0x86c57b9aU, 0xd33708a5U,
1436         0x302887f2U, 0x23bfa5b2U, 0x02036abaU, 0xed16825cU,
1437         0x8acf1c2bU, 0xa779b492U, 0xf307f2f0U, 0x4e69e2a1U,
1438         0x65daf4cdU, 0x0605bed5U, 0xd134621fU, 0xc4a6fe8aU,
1439         0x342e539dU, 0xa2f355a0U, 0x058ae132U, 0xa4f6eb75U,
1440         0x0b83ec39U, 0x4060efaaU, 0x5e719f06U, 0xbd6e1051U,
1441         0x3e218af9U, 0x96dd063dU, 0xdd3e05aeU, 0x4de6bd46U,
1442         0x91548db5U, 0x71c45d05U, 0x0406d46fU, 0x605015ffU,
1443         0x1998fb24U, 0xd6bde997U, 0x894043ccU, 0x67d99e77U,
1444         0xb0e842bdU, 0x07898b88U, 0xe7195b38U, 0x79c8eedbU,
1445         0xa17c0a47U, 0x7c420fe9U, 0xf8841ec9U, 0x00000000U,
1446         0x09808683U, 0x322bed48U, 0x1e1170acU, 0x6c5a724eU,
1447         0xfd0efffbU, 0x0f853856U, 0x3daed51eU, 0x362d3927U,
1448         0x0a0fd964U, 0x685ca621U, 0x9b5b54d1U, 0x24362e3aU,
1449         0x0c0a67b1U, 0x9357e70fU, 0xb4ee96d2U, 0x1b9b919eU,
1450         0x80c0c54fU, 0x61dc20a2U, 0x5a774b69U, 0x1c121a16U,
1451         0xe293ba0aU, 0xc0a02ae5U, 0x3c22e043U, 0x121b171dU,
1452         0x0e090d0bU, 0xf28bc7adU, 0x2db6a8b9U, 0x141ea9c8U,
1453         0x57f11985U, 0xaf75074cU, 0xee99ddbbU, 0xa37f60fdU,
1454         0xf701269fU, 0x5c72f5bcU, 0x44663bc5U, 0x5bfb7e34U,
1455         0x8b432976U, 0xcb23c6dcU, 0xb6edfc68U, 0xb8e4f163U,
1456         0xd731dccaU, 0x42638510U, 0x13972240U, 0x84c61120U,
1457         0x854a247dU, 0xd2bb3df8U, 0xaef93211U, 0xc729a16dU,
1458         0x1d9e2f4bU, 0xdcb230f3U, 0x0d8652ecU, 0x77c1e3d0U,
1459         0x2bb3166cU, 0xa970b999U, 0x119448faU, 0x47e96422U,
1460         0xa8fc8cc4U, 0xa0f03f1aU, 0x567d2cd8U, 0x223390efU,
1461         0x87494ec7U, 0xd938d1c1U, 0x8ccaa2feU, 0x98d40b36U,
1462         0xa6f581cfU, 0xa57ade28U, 0xdab78e26U, 0x3fadbfa4U,
1463         0x2c3a9de4U, 0x5078920dU, 0x6a5fcc9bU, 0x547e4662U,
1464         0xf68d13c2U, 0x90d8b8e8U, 0x2e39f75eU, 0x82c3aff5U,
1465         0x9f5d80beU, 0x69d0937cU, 0x6fd52da9U, 0xcf2512b3U,
1466         0xc8ac993bU, 0x10187da7U, 0xe89c636eU, 0xdb3bbb7bU,
1467         0xcd267809U, 0x6e5918f4U, 0xec9ab701U, 0x834f9aa8U,
1468         0xe6956e65U, 0xaaffe67eU, 0x21bccf08U, 0xef15e8e6U,
1469         0xbae79bd9U, 0x4a6f36ceU, 0xea9f09d4U, 0x29b07cd6U,
1470         0x31a4b2afU, 0x2a3f2331U, 0xc6a59430U, 0x35a266c0U,
1471         0x744ebc37U, 0xfc82caa6U, 0xe090d0b0U, 0x33a7d815U,
1472         0xf104984aU, 0x41ecdaf7U, 0x7fcd500eU, 0x1791f62fU,
1473         0x764dd68dU, 0x43efb04dU, 0xccaa4d54U, 0xe49604dfU,
1474         0x9ed1b5e3U, 0x4c6a881bU, 0xc12c1fb8U, 0x4665517fU,
1475         0x9d5eea04U, 0x018c355dU, 0xfa877473U, 0xfb0b412eU,
1476         0xb3671d5aU, 0x92dbd252U, 0xe9105633U, 0x6dd64713U,
1477         0x9ad7618cU, 0x37a10c7aU, 0x59f8148eU, 0xeb133c89U,
1478         0xcea927eeU, 0xb761c935U, 0xe11ce5edU, 0x7a47b13cU,
1479         0x9cd2df59U, 0x55f2733fU, 0x1814ce79U, 0x73c737bfU,
1480         0x53f7cdeaU, 0x5ffdaa5bU, 0xdf3d6f14U, 0x7844db86U,
1481         0xcaaff381U, 0xb968c43eU, 0x3824342cU, 0xc2a3405fU,
1482         0x161dc372U, 0xbce2250cU, 0x283c498bU, 0xff0d9541U,
1483         0x39a80171U, 0x080cb3deU, 0xd8b4e49cU, 0x6456c190U,
1484         0x7bcb8461U, 0xd532b670U, 0x486c5c74U, 0xd0b85742U,
1485 };
1486 
1487 const u8 Td4s[256] = {
1488         0x52U, 0x09U, 0x6aU, 0xd5U, 0x30U, 0x36U, 0xa5U, 0x38U,
1489         0xbfU, 0x40U, 0xa3U, 0x9eU, 0x81U, 0xf3U, 0xd7U, 0xfbU,
1490         0x7cU, 0xe3U, 0x39U, 0x82U, 0x9bU, 0x2fU, 0xffU, 0x87U,
1491         0x34U, 0x8eU, 0x43U, 0x44U, 0xc4U, 0xdeU, 0xe9U, 0xcbU,
1492         0x54U, 0x7bU, 0x94U, 0x32U, 0xa6U, 0xc2U, 0x23U, 0x3dU,
1493         0xeeU, 0x4cU, 0x95U, 0x0bU, 0x42U, 0xfaU, 0xc3U, 0x4eU,
1494         0x08U, 0x2eU, 0xa1U, 0x66U, 0x28U, 0xd9U, 0x24U, 0xb2U,
1495         0x76U, 0x5bU, 0xa2U, 0x49U, 0x6dU, 0x8bU, 0xd1U, 0x25U,
1496         0x72U, 0xf8U, 0xf6U, 0x64U, 0x86U, 0x68U, 0x98U, 0x16U,
1497         0xd4U, 0xa4U, 0x5cU, 0xccU, 0x5dU, 0x65U, 0xb6U, 0x92U,
1498         0x6cU, 0x70U, 0x48U, 0x50U, 0xfdU, 0xedU, 0xb9U, 0xdaU,
1499         0x5eU, 0x15U, 0x46U, 0x57U, 0xa7U, 0x8dU, 0x9dU, 0x84U,
1500         0x90U, 0xd8U, 0xabU, 0x00U, 0x8cU, 0xbcU, 0xd3U, 0x0aU,
1501         0xf7U, 0xe4U, 0x58U, 0x05U, 0xb8U, 0xb3U, 0x45U, 0x06U,
1502         0xd0U, 0x2cU, 0x1eU, 0x8fU, 0xcaU, 0x3fU, 0x0fU, 0x02U,
1503         0xc1U, 0xafU, 0xbdU, 0x03U, 0x01U, 0x13U, 0x8aU, 0x6bU,
1504         0x3aU, 0x91U, 0x11U, 0x41U, 0x4fU, 0x67U, 0xdcU, 0xeaU,
1505         0x97U, 0xf2U, 0xcfU, 0xceU, 0xf0U, 0xb4U, 0xe6U, 0x73U,
1506         0x96U, 0xacU, 0x74U, 0x22U, 0xe7U, 0xadU, 0x35U, 0x85U,
1507         0xe2U, 0xf9U, 0x37U, 0xe8U, 0x1cU, 0x75U, 0xdfU, 0x6eU,
1508         0x47U, 0xf1U, 0x1aU, 0x71U, 0x1dU, 0x29U, 0xc5U, 0x89U,
1509         0x6fU, 0xb7U, 0x62U, 0x0eU, 0xaaU, 0x18U, 0xbeU, 0x1bU,
1510         0xfcU, 0x56U, 0x3eU, 0x4bU, 0xc6U, 0xd2U, 0x79U, 0x20U,
1511         0x9aU, 0xdbU, 0xc0U, 0xfeU, 0x78U, 0xcdU, 0x5aU, 0xf4U,
1512         0x1fU, 0xddU, 0xa8U, 0x33U, 0x88U, 0x07U, 0xc7U, 0x31U,
1513         0xb1U, 0x12U, 0x10U, 0x59U, 0x27U, 0x80U, 0xecU, 0x5fU,
1514         0x60U, 0x51U, 0x7fU, 0xa9U, 0x19U, 0xb5U, 0x4aU, 0x0dU,
1515         0x2dU, 0xe5U, 0x7aU, 0x9fU, 0x93U, 0xc9U, 0x9cU, 0xefU,
1516         0xa0U, 0xe0U, 0x3bU, 0x4dU, 0xaeU, 0x2aU, 0xf5U, 0xb0U,
1517         0xc8U, 0xebU, 0xbbU, 0x3cU, 0x83U, 0x53U, 0x99U, 0x61U,
1518         0x17U, 0x2bU, 0x04U, 0x7eU, 0xbaU, 0x77U, 0xd6U, 0x26U,
1519         0xe1U, 0x69U, 0x14U, 0x63U, 0x55U, 0x21U, 0x0cU, 0x7dU,
1520 };
1521 const u8 rcons[] = {
1522         0x01, 0x02, 0x04, 0x08, 0x10, 0x20, 0x40, 0x80, 0x1B, 0x36
1523         /* for 128-bit blocks, Rijndael never uses more than 10 rcon values */
1524 };
1525 
1526 /**
1527  * Expand the cipher key into the encryption key schedule.
1528  *
1529  * @return      the number of rounds for the given cipher key size.
1530  */
1531 #define ROUND(i, d, s) \
1532 do {                                                                    \
1533         d##0 = TE0(s##0) ^ TE1(s##1) ^ TE2(s##2) ^ TE3(s##3) ^ rk[4 * i]; \
1534         d##1 = TE0(s##1) ^ TE1(s##2) ^ TE2(s##3) ^ TE3(s##0) ^ rk[4 * i + 1]; \
1535         d##2 = TE0(s##2) ^ TE1(s##3) ^ TE2(s##0) ^ TE3(s##1) ^ rk[4 * i + 2]; \
1536         d##3 = TE0(s##3) ^ TE1(s##0) ^ TE2(s##1) ^ TE3(s##2) ^ rk[4 * i + 3]; \
1537 } while (0)

/* [<][>][^][v][top][bottom][index][help] */