1 /******************************************************************************
2 *
3 * Copyright(c) 2007 - 2019 Realtek Corporation.
4 *
5 * This program is free software; you can redistribute it and/or modify it
6 * under the terms of version 2 of the GNU General Public License as
7 * published by the Free Software Foundation.
8 *
9 * This program is distributed in the hope that it will be useful, but WITHOUT
10 * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
11 * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for
12 * more details.
13 *
14 *****************************************************************************/
15 #define _RTW_SECURITY_C_
16
17 #include <drv_types.h>
18 #include <rtw_swcrypto.h>
19
20 static const char *_security_type_str[] = {
21 "N/A",
22 "WEP40",
23 "TKIP",
24 "TKIP_WM",
25 "AES",
26 "WEP104",
27 "SMS4",
28 "GCMP",
29 };
30
31 static const char *_security_type_bip_str[] = {
32 "BIP_CMAC_128",
33 "BIP_GMAC_128",
34 "BIP_GMAC_256",
35 "BIP_CMAC_256",
36 };
37
security_type_str(u8 value)38 const char *security_type_str(u8 value)
39 {
40 #ifdef CONFIG_IEEE80211W
41 if ((_BIP_MAX_ > value) && (value >= _BIP_CMAC_128_))
42 return _security_type_bip_str[value & ~_SEC_TYPE_BIT_];
43 #endif
44
45 if (_CCMP_256_ == value)
46 return "CCMP_256";
47 if (_GCMP_256_ == value)
48 return "GCMP_256";
49
50 if (_SEC_TYPE_MAX_ > value)
51 return _security_type_str[value];
52
53 return NULL;
54 }
55
56 #ifdef CONFIG_IEEE80211W
security_type_bip_to_gmcs(enum security_type type)57 u32 security_type_bip_to_gmcs(enum security_type type)
58 {
59 switch (type) {
60 case _BIP_CMAC_128_:
61 return WPA_CIPHER_BIP_CMAC_128;
62 case _BIP_GMAC_128_:
63 return WPA_CIPHER_BIP_GMAC_128;
64 case _BIP_GMAC_256_:
65 return WPA_CIPHER_BIP_GMAC_256;
66 case _BIP_CMAC_256_:
67 return WPA_CIPHER_BIP_CMAC_256;
68 default:
69 return 0;
70 }
71 }
72 #endif
73
74 #ifdef DBG_SW_SEC_CNT
75 #define WEP_SW_ENC_CNT_INC(sec, ra) do {\
76 if (is_broadcast_mac_addr(ra)) \
77 sec->wep_sw_enc_cnt_bc++; \
78 else if (is_multicast_mac_addr(ra)) \
79 sec->wep_sw_enc_cnt_mc++; \
80 else \
81 sec->wep_sw_enc_cnt_uc++; \
82 } while (0)
83
84 #define WEP_SW_DEC_CNT_INC(sec, ra) do {\
85 if (is_broadcast_mac_addr(ra)) \
86 sec->wep_sw_dec_cnt_bc++; \
87 else if (is_multicast_mac_addr(ra)) \
88 sec->wep_sw_dec_cnt_mc++; \
89 else \
90 sec->wep_sw_dec_cnt_uc++; \
91 } while (0)
92
93 #define TKIP_SW_ENC_CNT_INC(sec, ra) do {\
94 if (is_broadcast_mac_addr(ra)) \
95 sec->tkip_sw_enc_cnt_bc++; \
96 else if (is_multicast_mac_addr(ra)) \
97 sec->tkip_sw_enc_cnt_mc++; \
98 else \
99 sec->tkip_sw_enc_cnt_uc++; \
100 } while (0)
101
102 #define TKIP_SW_DEC_CNT_INC(sec, ra) do {\
103 if (is_broadcast_mac_addr(ra)) \
104 sec->tkip_sw_dec_cnt_bc++; \
105 else if (is_multicast_mac_addr(ra)) \
106 sec->tkip_sw_dec_cnt_mc++; \
107 else \
108 sec->tkip_sw_dec_cnt_uc++; \
109 } while (0)
110
111 #define AES_SW_ENC_CNT_INC(sec, ra) do {\
112 if (is_broadcast_mac_addr(ra)) \
113 sec->aes_sw_enc_cnt_bc++; \
114 else if (is_multicast_mac_addr(ra)) \
115 sec->aes_sw_enc_cnt_mc++; \
116 else \
117 sec->aes_sw_enc_cnt_uc++; \
118 } while (0)
119
120 #define AES_SW_DEC_CNT_INC(sec, ra) do {\
121 if (is_broadcast_mac_addr(ra)) \
122 sec->aes_sw_dec_cnt_bc++; \
123 else if (is_multicast_mac_addr(ra)) \
124 sec->aes_sw_dec_cnt_mc++; \
125 else \
126 sec->aes_sw_dec_cnt_uc++; \
127 } while (0)
128
129 #define GCMP_SW_ENC_CNT_INC(sec, ra) do {\
130 if (is_broadcast_mac_addr(ra)) \
131 sec->gcmp_sw_enc_cnt_bc++; \
132 else if (is_multicast_mac_addr(ra)) \
133 sec->gcmp_sw_enc_cnt_mc++; \
134 else \
135 sec->gcmp_sw_enc_cnt_uc++; \
136 } while (0)
137
138 #define GCMP_SW_DEC_CNT_INC(sec, ra) do {\
139 if (is_broadcast_mac_addr(ra)) \
140 sec->gcmp_sw_dec_cnt_bc++; \
141 else if (is_multicast_mac_addr(ra)) \
142 sec->gcmp_sw_dec_cnt_mc++; \
143 else \
144 sec->gcmp_sw_dec_cnt_uc++; \
145 } while (0)
146 #else
147 #define WEP_SW_ENC_CNT_INC(sec, ra)
148 #define WEP_SW_DEC_CNT_INC(sec, ra)
149 #define TKIP_SW_ENC_CNT_INC(sec, ra)
150 #define TKIP_SW_DEC_CNT_INC(sec, ra)
151 #define AES_SW_ENC_CNT_INC(sec, ra)
152 #define AES_SW_DEC_CNT_INC(sec, ra)
153 #define GCMP_SW_ENC_CNT_INC(sec, ra)
154 #define GCMP_SW_DEC_CNT_INC(sec, ra)
155 #endif /* DBG_SW_SEC_CNT */
156
157 /* *****WEP related***** */
158
159 #define CRC32_POLY 0x04c11db7
160
161 struct arc4context {
162 u32 x;
163 u32 y;
164 u8 state[256];
165 };
166
167
arcfour_init(struct arc4context * parc4ctx,u8 * key,u32 key_len)168 static void arcfour_init(struct arc4context *parc4ctx, u8 *key, u32 key_len)
169 {
170 u32 t, u;
171 u32 keyindex;
172 u32 stateindex;
173 u8 *state;
174 u32 counter;
175 state = parc4ctx->state;
176 parc4ctx->x = 0;
177 parc4ctx->y = 0;
178 for (counter = 0; counter < 256; counter++)
179 state[counter] = (u8)counter;
180 keyindex = 0;
181 stateindex = 0;
182 for (counter = 0; counter < 256; counter++) {
183 t = state[counter];
184 stateindex = (stateindex + key[keyindex] + t) & 0xff;
185 u = state[stateindex];
186 state[stateindex] = (u8)t;
187 state[counter] = (u8)u;
188 if (++keyindex >= key_len)
189 keyindex = 0;
190 }
191 }
arcfour_byte(struct arc4context * parc4ctx)192 static u32 arcfour_byte(struct arc4context *parc4ctx)
193 {
194 u32 x;
195 u32 y;
196 u32 sx, sy;
197 u8 *state;
198 state = parc4ctx->state;
199 x = (parc4ctx->x + 1) & 0xff;
200 sx = state[x];
201 y = (sx + parc4ctx->y) & 0xff;
202 sy = state[y];
203 parc4ctx->x = x;
204 parc4ctx->y = y;
205 state[y] = (u8)sx;
206 state[x] = (u8)sy;
207 return state[(sx + sy) & 0xff];
208 }
209
210
arcfour_encrypt(struct arc4context * parc4ctx,u8 * dest,u8 * src,u32 len)211 static void arcfour_encrypt(struct arc4context *parc4ctx,
212 u8 *dest,
213 u8 *src,
214 u32 len)
215 {
216 u32 i;
217 for (i = 0; i < len; i++)
218 dest[i] = src[i] ^ (unsigned char)arcfour_byte(parc4ctx);
219 }
220
221 static sint bcrc32initialized = 0;
222 static u32 crc32_table[256];
223
224
crc32_reverseBit(u8 data)225 static u8 crc32_reverseBit(u8 data)
226 {
227 return (u8)((data << 7) & 0x80) | ((data << 5) & 0x40) | ((data << 3) & 0x20) | ((data << 1) & 0x10) | ((data >> 1) & 0x08) | ((data >> 3) & 0x04) | ((data >> 5) & 0x02) | ((
228 data >> 7) & 0x01) ;
229 }
230
crc32_init(void)231 static void crc32_init(void)
232 {
233 if (bcrc32initialized == 1)
234 goto exit;
235 else {
236 sint i, j;
237 u32 c;
238 u8 *p = (u8 *)&c, *p1;
239 u8 k;
240
241 c = 0x12340000;
242
243 for (i = 0; i < 256; ++i) {
244 k = crc32_reverseBit((u8)i);
245 for (c = ((u32)k) << 24, j = 8; j > 0; --j)
246 c = c & 0x80000000 ? (c << 1) ^ CRC32_POLY : (c << 1);
247 p1 = (u8 *)&crc32_table[i];
248
249 p1[0] = crc32_reverseBit(p[3]);
250 p1[1] = crc32_reverseBit(p[2]);
251 p1[2] = crc32_reverseBit(p[1]);
252 p1[3] = crc32_reverseBit(p[0]);
253 }
254 bcrc32initialized = 1;
255 }
256 exit:
257 return;
258 }
259
getcrc32(u8 * buf,sint len)260 static u32 getcrc32(u8 *buf, sint len)
261 {
262 u8 *p;
263 u32 crc;
264 if (bcrc32initialized == 0)
265 crc32_init();
266
267 crc = 0xffffffff; /* preload shift register, per CRC-32 spec */
268
269 for (p = buf; len > 0; ++p, --len)
270 crc = crc32_table[(crc ^ *p) & 0xff] ^ (crc >> 8);
271 return ~crc; /* transmit complement, per CRC-32 spec */
272 }
273
274 /*
275 Need to consider the fragment situation
276 */
rtw_wep_encrypt(_adapter * padapter,u8 * pxmitframe)277 void rtw_wep_encrypt(_adapter *padapter, u8 *pxmitframe)
278 {
279 struct xmit_frame *xf = (struct xmit_frame *)pxmitframe;
280 struct pkt_attrib *pattrib = &xf->attrib;
281 struct security_priv *psecuritypriv = &padapter->securitypriv;
282 struct rtw_xmit_req *txreq = NULL;
283 struct rtw_pkt_buf_list *pkt_list = NULL;
284 struct mlme_ext_priv *pmlmeext = &(padapter->mlmeextpriv);
285 struct mlme_ext_info *pmlmeinfo = &(pmlmeext->mlmext_info);
286 unsigned char crc[4];
287 struct arc4context mycontext;
288 sint curfragnum, length;
289 u32 keylength;
290 u8 *pframe, *payload, *iv, *key;
291 u8 wepkey[16];
292
293
294 if ((pattrib->encrypt != _WEP40_) && (pattrib->encrypt != _WEP104_))
295 return;
296
297 /* start to encrypt each fragment */
298 keylength = psecuritypriv->dot11DefKeylen[psecuritypriv->dot11PrivacyKeyIndex];
299 key = psecuritypriv->dot11DefKey[psecuritypriv->dot11PrivacyKeyIndex].skey;
300
301 for (curfragnum = 0; curfragnum < pattrib->nr_frags; curfragnum++) {
302 if (!(pmlmeinfo->state & WIFI_FW_AUTH_STATE)) {
303 txreq = &xf->phl_txreq[curfragnum];
304 rtw_warn_on(txreq->pkt_cnt != 1);
305 pkt_list = (struct rtw_pkt_buf_list *)txreq->pkt_list;
306 pframe = pkt_list->vir_addr;
307 length = pkt_list->length - pattrib->hdrlen
308 - pattrib->iv_len - pattrib->icv_len;
309 } else {
310 /* special case for WEP auth */
311 /* only valid when curfragnum==0 */
312 rtw_warn_on(pattrib->nr_frags > 1);
313 pframe = xf->buf_addr + TXDESC_OFFSET;
314 length = pattrib->last_txcmdsz - pattrib->hdrlen
315 - pattrib->iv_len - pattrib->icv_len;
316 }
317 iv = pframe + pattrib->hdrlen;
318 _rtw_memcpy(&wepkey[0], iv, 3);
319 _rtw_memcpy(&wepkey[3], key, keylength);
320 payload = pframe + pattrib->iv_len + pattrib->hdrlen;
321
322 *((u32 *)crc) = cpu_to_le32(getcrc32(payload, length));
323 arcfour_init(&mycontext, wepkey, 3 + keylength);
324 arcfour_encrypt(&mycontext, payload, payload, length);
325 arcfour_encrypt(&mycontext, payload + length, crc, 4);
326 }
327
328 WEP_SW_ENC_CNT_INC(psecuritypriv, pattrib->ra);
329 }
330
rtw_wep_decrypt(_adapter * padapter,u8 * precvframe)331 void rtw_wep_decrypt(_adapter *padapter, u8 *precvframe)
332 {
333 /* exclude ICV */
334 u8 crc[4];
335 struct arc4context mycontext;
336 sint length;
337 u32 keylength;
338 u8 *pframe, *payload, *iv, wepkey[16];
339 u8 keyindex;
340 struct rx_pkt_attrib *prxattrib = &(((union recv_frame *)precvframe)->u.hdr.attrib);
341 struct security_priv *psecuritypriv = &padapter->securitypriv;
342
343
344 pframe = (unsigned char *)((union recv_frame *)precvframe)->u.hdr.rx_data;
345
346 /* start to decrypt recvframe */
347 if ((prxattrib->encrypt == _WEP40_) || (prxattrib->encrypt == _WEP104_)) {
348 iv = pframe + prxattrib->hdrlen;
349 /* keyindex=(iv[3]&0x3); */
350 keyindex = prxattrib->key_index;
351 keylength = psecuritypriv->dot11DefKeylen[keyindex];
352 _rtw_memcpy(&wepkey[0], iv, 3);
353 /* _rtw_memcpy(&wepkey[3], &psecuritypriv->dot11DefKey[psecuritypriv->dot11PrivacyKeyIndex].skey[0],keylength); */
354 _rtw_memcpy(&wepkey[3], &psecuritypriv->dot11DefKey[keyindex].skey[0], keylength);
355 length = ((union recv_frame *)precvframe)->u.hdr.len - prxattrib->hdrlen - prxattrib->iv_len;
356
357 payload = pframe + prxattrib->iv_len + prxattrib->hdrlen;
358
359 /* decrypt payload include icv */
360 arcfour_init(&mycontext, wepkey, 3 + keylength);
361 arcfour_encrypt(&mycontext, payload, payload, length);
362
363 /* calculate icv and compare the icv */
364 *((u32 *)crc) = le32_to_cpu(getcrc32(payload, length - 4));
365
366
367 WEP_SW_DEC_CNT_INC(psecuritypriv, prxattrib->ra);
368 }
369
370
371 return;
372
373 }
374
375 /* 3 =====TKIP related===== */
376
secmicgetuint32(u8 * p)377 static u32 secmicgetuint32(u8 *p)
378 /* Convert from Byte[] to Us4Byte32 in a portable way */
379 {
380 s32 i;
381 u32 res = 0;
382 for (i = 0; i < 4; i++)
383 res |= ((u32)(*p++)) << (8 * i);
384 return res;
385 }
386
secmicputuint32(u8 * p,u32 val)387 static void secmicputuint32(u8 *p, u32 val)
388 /* Convert from Us4Byte32 to Byte[] in a portable way */
389 {
390 long i;
391 for (i = 0; i < 4; i++) {
392 *p++ = (u8)(val & 0xff);
393 val >>= 8;
394 }
395 }
396
secmicclear(struct mic_data * pmicdata)397 static void secmicclear(struct mic_data *pmicdata)
398 {
399 /* Reset the state to the empty message. */
400 pmicdata->L = pmicdata->K0;
401 pmicdata->R = pmicdata->K1;
402 pmicdata->nBytesInM = 0;
403 pmicdata->M = 0;
404 }
405
rtw_secmicsetkey(struct mic_data * pmicdata,u8 * key)406 void rtw_secmicsetkey(struct mic_data *pmicdata, u8 *key)
407 {
408 /* Set the key */
409 pmicdata->K0 = secmicgetuint32(key);
410 pmicdata->K1 = secmicgetuint32(key + 4);
411 /* and reset the message */
412 secmicclear(pmicdata);
413 }
414
rtw_secmicappendbyte(struct mic_data * pmicdata,u8 b)415 void rtw_secmicappendbyte(struct mic_data *pmicdata, u8 b)
416 {
417 /* Append the byte to our word-sized buffer */
418 pmicdata->M |= ((unsigned long)b) << (8 * pmicdata->nBytesInM);
419 pmicdata->nBytesInM++;
420 /* Process the word if it is full. */
421 if (pmicdata->nBytesInM >= 4) {
422 pmicdata->L ^= pmicdata->M;
423 pmicdata->R ^= ROL32(pmicdata->L, 17);
424 pmicdata->L += pmicdata->R;
425 pmicdata->R ^= ((pmicdata->L & 0xff00ff00) >> 8) | ((pmicdata->L & 0x00ff00ff) << 8);
426 pmicdata->L += pmicdata->R;
427 pmicdata->R ^= ROL32(pmicdata->L, 3);
428 pmicdata->L += pmicdata->R;
429 pmicdata->R ^= ROR32(pmicdata->L, 2);
430 pmicdata->L += pmicdata->R;
431 /* Clear the buffer */
432 pmicdata->M = 0;
433 pmicdata->nBytesInM = 0;
434 }
435 }
436
rtw_secmicappend(struct mic_data * pmicdata,u8 * src,u32 nbytes)437 void rtw_secmicappend(struct mic_data *pmicdata, u8 *src, u32 nbytes)
438 {
439 /* This is simple */
440 while (nbytes > 0) {
441 rtw_secmicappendbyte(pmicdata, *src++);
442 nbytes--;
443 }
444 }
445
rtw_secgetmic(struct mic_data * pmicdata,u8 * dst)446 void rtw_secgetmic(struct mic_data *pmicdata, u8 *dst)
447 {
448 /* Append the minimum padding */
449 rtw_secmicappendbyte(pmicdata, 0x5a);
450 rtw_secmicappendbyte(pmicdata, 0);
451 rtw_secmicappendbyte(pmicdata, 0);
452 rtw_secmicappendbyte(pmicdata, 0);
453 rtw_secmicappendbyte(pmicdata, 0);
454 /* and then zeroes until the length is a multiple of 4 */
455 while (pmicdata->nBytesInM != 0)
456 rtw_secmicappendbyte(pmicdata, 0);
457 /* The appendByte function has already computed the result. */
458 secmicputuint32(dst, pmicdata->L);
459 secmicputuint32(dst + 4, pmicdata->R);
460 /* Reset to the empty message. */
461 secmicclear(pmicdata);
462 }
463
464
rtw_seccalctkipmic(u8 * key,u8 * header,u8 * data,u32 data_len,u8 * mic_code,u8 pri)465 void rtw_seccalctkipmic(u8 *key, u8 *header, u8 *data, u32 data_len, u8 *mic_code, u8 pri)
466 {
467
468 struct mic_data micdata;
469 u8 priority[4] = {0x0, 0x0, 0x0, 0x0};
470 rtw_secmicsetkey(&micdata, key);
471 priority[0] = pri;
472
473 /* Michael MIC pseudo header: DA, SA, 3 x 0, Priority */
474 if (header[1] & 1) { /* ToDS==1 */
475 rtw_secmicappend(&micdata, &header[16], 6); /* DA */
476 if (header[1] & 2) /* From Ds==1 */
477 rtw_secmicappend(&micdata, &header[24], 6);
478 else
479 rtw_secmicappend(&micdata, &header[10], 6);
480 } else { /* ToDS==0 */
481 rtw_secmicappend(&micdata, &header[4], 6); /* DA */
482 if (header[1] & 2) /* From Ds==1 */
483 rtw_secmicappend(&micdata, &header[16], 6);
484 else
485 rtw_secmicappend(&micdata, &header[10], 6);
486
487 }
488 rtw_secmicappend(&micdata, &priority[0], 4);
489
490
491 rtw_secmicappend(&micdata, data, data_len);
492
493 rtw_secgetmic(&micdata, mic_code);
494 }
495
496
497
498
499 /* macros for extraction/creation of unsigned char/unsigned short values */
500 #define RotR1(v16) ((((v16) >> 1) & 0x7FFF) ^ (((v16) & 1) << 15))
501 #define Lo8(v16) ((u8)((v16) & 0x00FF))
502 #define Hi8(v16) ((u8)(((v16) >> 8) & 0x00FF))
503 #define Lo16(v32) ((u16)((v32) & 0xFFFF))
504 #define Hi16(v32) ((u16)(((v32) >> 16) & 0xFFFF))
505 #define Mk16(hi, lo) ((lo) ^ (((u16)(hi)) << 8))
506
507 /* select the Nth 16-bit word of the temporal key unsigned char array TK[] */
508 #define TK16(N) Mk16(tk[2*(N)+1], tk[2*(N)])
509
510 /* S-box lookup: 16 bits --> 16 bits */
511 #define _S_(v16) (Sbox1[0][Lo8(v16)] ^ Sbox1[1][Hi8(v16)])
512
513 /* fixed algorithm "parameters" */
514 #define PHASE1_LOOP_CNT 8 /* this needs to be "big enough" */
515 #define TA_SIZE 6 /* 48-bit transmitter address */
516 #define TK_SIZE 16 /* 128-bit temporal key */
517 #define P1K_SIZE 10 /* 80-bit Phase1 key */
518 #define RC4_KEY_SIZE 16 /* 128-bit RC4KEY (104 bits unknown) */
519
520
521 /* 2-unsigned char by 2-unsigned char subset of the full AES S-box table */
522 static const unsigned short Sbox1[2][256] = /* Sbox for hash (can be in ROM) */
523 { {
524 0xC6A5, 0xF884, 0xEE99, 0xF68D, 0xFF0D, 0xD6BD, 0xDEB1, 0x9154,
525 0x6050, 0x0203, 0xCEA9, 0x567D, 0xE719, 0xB562, 0x4DE6, 0xEC9A,
526 0x8F45, 0x1F9D, 0x8940, 0xFA87, 0xEF15, 0xB2EB, 0x8EC9, 0xFB0B,
527 0x41EC, 0xB367, 0x5FFD, 0x45EA, 0x23BF, 0x53F7, 0xE496, 0x9B5B,
528 0x75C2, 0xE11C, 0x3DAE, 0x4C6A, 0x6C5A, 0x7E41, 0xF502, 0x834F,
529 0x685C, 0x51F4, 0xD134, 0xF908, 0xE293, 0xAB73, 0x6253, 0x2A3F,
530 0x080C, 0x9552, 0x4665, 0x9D5E, 0x3028, 0x37A1, 0x0A0F, 0x2FB5,
531 0x0E09, 0x2436, 0x1B9B, 0xDF3D, 0xCD26, 0x4E69, 0x7FCD, 0xEA9F,
532 0x121B, 0x1D9E, 0x5874, 0x342E, 0x362D, 0xDCB2, 0xB4EE, 0x5BFB,
533 0xA4F6, 0x764D, 0xB761, 0x7DCE, 0x527B, 0xDD3E, 0x5E71, 0x1397,
534 0xA6F5, 0xB968, 0x0000, 0xC12C, 0x4060, 0xE31F, 0x79C8, 0xB6ED,
535 0xD4BE, 0x8D46, 0x67D9, 0x724B, 0x94DE, 0x98D4, 0xB0E8, 0x854A,
536 0xBB6B, 0xC52A, 0x4FE5, 0xED16, 0x86C5, 0x9AD7, 0x6655, 0x1194,
537 0x8ACF, 0xE910, 0x0406, 0xFE81, 0xA0F0, 0x7844, 0x25BA, 0x4BE3,
538 0xA2F3, 0x5DFE, 0x80C0, 0x058A, 0x3FAD, 0x21BC, 0x7048, 0xF104,
539 0x63DF, 0x77C1, 0xAF75, 0x4263, 0x2030, 0xE51A, 0xFD0E, 0xBF6D,
540 0x814C, 0x1814, 0x2635, 0xC32F, 0xBEE1, 0x35A2, 0x88CC, 0x2E39,
541 0x9357, 0x55F2, 0xFC82, 0x7A47, 0xC8AC, 0xBAE7, 0x322B, 0xE695,
542 0xC0A0, 0x1998, 0x9ED1, 0xA37F, 0x4466, 0x547E, 0x3BAB, 0x0B83,
543 0x8CCA, 0xC729, 0x6BD3, 0x283C, 0xA779, 0xBCE2, 0x161D, 0xAD76,
544 0xDB3B, 0x6456, 0x744E, 0x141E, 0x92DB, 0x0C0A, 0x486C, 0xB8E4,
545 0x9F5D, 0xBD6E, 0x43EF, 0xC4A6, 0x39A8, 0x31A4, 0xD337, 0xF28B,
546 0xD532, 0x8B43, 0x6E59, 0xDAB7, 0x018C, 0xB164, 0x9CD2, 0x49E0,
547 0xD8B4, 0xACFA, 0xF307, 0xCF25, 0xCAAF, 0xF48E, 0x47E9, 0x1018,
548 0x6FD5, 0xF088, 0x4A6F, 0x5C72, 0x3824, 0x57F1, 0x73C7, 0x9751,
549 0xCB23, 0xA17C, 0xE89C, 0x3E21, 0x96DD, 0x61DC, 0x0D86, 0x0F85,
550 0xE090, 0x7C42, 0x71C4, 0xCCAA, 0x90D8, 0x0605, 0xF701, 0x1C12,
551 0xC2A3, 0x6A5F, 0xAEF9, 0x69D0, 0x1791, 0x9958, 0x3A27, 0x27B9,
552 0xD938, 0xEB13, 0x2BB3, 0x2233, 0xD2BB, 0xA970, 0x0789, 0x33A7,
553 0x2DB6, 0x3C22, 0x1592, 0xC920, 0x8749, 0xAAFF, 0x5078, 0xA57A,
554 0x038F, 0x59F8, 0x0980, 0x1A17, 0x65DA, 0xD731, 0x84C6, 0xD0B8,
555 0x82C3, 0x29B0, 0x5A77, 0x1E11, 0x7BCB, 0xA8FC, 0x6DD6, 0x2C3A,
556 },
557
558
559 { /* second half of table is unsigned char-reversed version of first! */
560 0xA5C6, 0x84F8, 0x99EE, 0x8DF6, 0x0DFF, 0xBDD6, 0xB1DE, 0x5491,
561 0x5060, 0x0302, 0xA9CE, 0x7D56, 0x19E7, 0x62B5, 0xE64D, 0x9AEC,
562 0x458F, 0x9D1F, 0x4089, 0x87FA, 0x15EF, 0xEBB2, 0xC98E, 0x0BFB,
563 0xEC41, 0x67B3, 0xFD5F, 0xEA45, 0xBF23, 0xF753, 0x96E4, 0x5B9B,
564 0xC275, 0x1CE1, 0xAE3D, 0x6A4C, 0x5A6C, 0x417E, 0x02F5, 0x4F83,
565 0x5C68, 0xF451, 0x34D1, 0x08F9, 0x93E2, 0x73AB, 0x5362, 0x3F2A,
566 0x0C08, 0x5295, 0x6546, 0x5E9D, 0x2830, 0xA137, 0x0F0A, 0xB52F,
567 0x090E, 0x3624, 0x9B1B, 0x3DDF, 0x26CD, 0x694E, 0xCD7F, 0x9FEA,
568 0x1B12, 0x9E1D, 0x7458, 0x2E34, 0x2D36, 0xB2DC, 0xEEB4, 0xFB5B,
569 0xF6A4, 0x4D76, 0x61B7, 0xCE7D, 0x7B52, 0x3EDD, 0x715E, 0x9713,
570 0xF5A6, 0x68B9, 0x0000, 0x2CC1, 0x6040, 0x1FE3, 0xC879, 0xEDB6,
571 0xBED4, 0x468D, 0xD967, 0x4B72, 0xDE94, 0xD498, 0xE8B0, 0x4A85,
572 0x6BBB, 0x2AC5, 0xE54F, 0x16ED, 0xC586, 0xD79A, 0x5566, 0x9411,
573 0xCF8A, 0x10E9, 0x0604, 0x81FE, 0xF0A0, 0x4478, 0xBA25, 0xE34B,
574 0xF3A2, 0xFE5D, 0xC080, 0x8A05, 0xAD3F, 0xBC21, 0x4870, 0x04F1,
575 0xDF63, 0xC177, 0x75AF, 0x6342, 0x3020, 0x1AE5, 0x0EFD, 0x6DBF,
576 0x4C81, 0x1418, 0x3526, 0x2FC3, 0xE1BE, 0xA235, 0xCC88, 0x392E,
577 0x5793, 0xF255, 0x82FC, 0x477A, 0xACC8, 0xE7BA, 0x2B32, 0x95E6,
578 0xA0C0, 0x9819, 0xD19E, 0x7FA3, 0x6644, 0x7E54, 0xAB3B, 0x830B,
579 0xCA8C, 0x29C7, 0xD36B, 0x3C28, 0x79A7, 0xE2BC, 0x1D16, 0x76AD,
580 0x3BDB, 0x5664, 0x4E74, 0x1E14, 0xDB92, 0x0A0C, 0x6C48, 0xE4B8,
581 0x5D9F, 0x6EBD, 0xEF43, 0xA6C4, 0xA839, 0xA431, 0x37D3, 0x8BF2,
582 0x32D5, 0x438B, 0x596E, 0xB7DA, 0x8C01, 0x64B1, 0xD29C, 0xE049,
583 0xB4D8, 0xFAAC, 0x07F3, 0x25CF, 0xAFCA, 0x8EF4, 0xE947, 0x1810,
584 0xD56F, 0x88F0, 0x6F4A, 0x725C, 0x2438, 0xF157, 0xC773, 0x5197,
585 0x23CB, 0x7CA1, 0x9CE8, 0x213E, 0xDD96, 0xDC61, 0x860D, 0x850F,
586 0x90E0, 0x427C, 0xC471, 0xAACC, 0xD890, 0x0506, 0x01F7, 0x121C,
587 0xA3C2, 0x5F6A, 0xF9AE, 0xD069, 0x9117, 0x5899, 0x273A, 0xB927,
588 0x38D9, 0x13EB, 0xB32B, 0x3322, 0xBBD2, 0x70A9, 0x8907, 0xA733,
589 0xB62D, 0x223C, 0x9215, 0x20C9, 0x4987, 0xFFAA, 0x7850, 0x7AA5,
590 0x8F03, 0xF859, 0x8009, 0x171A, 0xDA65, 0x31D7, 0xC684, 0xB8D0,
591 0xC382, 0xB029, 0x775A, 0x111E, 0xCB7B, 0xFCA8, 0xD66D, 0x3A2C,
592 }
593 };
594
595 /*
596 **********************************************************************
597 * Routine: Phase 1 -- generate P1K, given TA, TK, IV32
598 *
599 * Inputs:
600 * tk[] = temporal key [128 bits]
601 * ta[] = transmitter's MAC address [ 48 bits]
602 * iv32 = upper 32 bits of IV [ 32 bits]
603 * Output:
604 * p1k[] = Phase 1 key [ 80 bits]
605 *
606 * Note:
607 * This function only needs to be called every 2**16 packets,
608 * although in theory it could be called every packet.
609 *
610 **********************************************************************
611 */
phase1(u16 * p1k,const u8 * tk,const u8 * ta,u32 iv32)612 static void phase1(u16 *p1k, const u8 *tk, const u8 *ta, u32 iv32)
613 {
614 sint i;
615 /* Initialize the 80 bits of P1K[] from IV32 and TA[0..5] */
616 p1k[0] = Lo16(iv32);
617 p1k[1] = Hi16(iv32);
618 p1k[2] = Mk16(ta[1], ta[0]); /* use TA[] as little-endian */
619 p1k[3] = Mk16(ta[3], ta[2]);
620 p1k[4] = Mk16(ta[5], ta[4]);
621
622 /* Now compute an unbalanced Feistel cipher with 80-bit block */
623 /* size on the 80-bit block P1K[], using the 128-bit key TK[] */
624 for (i = 0; i < PHASE1_LOOP_CNT ; i++) {
625 /* Each add operation here is mod 2**16 */
626 p1k[0] += _S_(p1k[4] ^ TK16((i & 1) + 0));
627 p1k[1] += _S_(p1k[0] ^ TK16((i & 1) + 2));
628 p1k[2] += _S_(p1k[1] ^ TK16((i & 1) + 4));
629 p1k[3] += _S_(p1k[2] ^ TK16((i & 1) + 6));
630 p1k[4] += _S_(p1k[3] ^ TK16((i & 1) + 0));
631 p1k[4] += (unsigned short)i; /* avoid "slide attacks" */
632 }
633 }
634
635
636 /*
637 **********************************************************************
638 * Routine: Phase 2 -- generate RC4KEY, given TK, P1K, IV16
639 *
640 * Inputs:
641 * tk[] = Temporal key [128 bits]
642 * p1k[] = Phase 1 output key [ 80 bits]
643 * iv16 = low 16 bits of IV counter [ 16 bits]
644 * Output:
645 * rc4key[] = the key used to encrypt the packet [128 bits]
646 *
647 * Note:
648 * The value {TA,IV32,IV16} for Phase1/Phase2 must be unique
649 * across all packets using the same key TK value. Then, for a
650 * given value of TK[], this TKIP48 construction guarantees that
651 * the final RC4KEY value is unique across all packets.
652 *
653 * Suggested implementation optimization: if PPK[] is "overlaid"
654 * appropriately on RC4KEY[], there is no need for the final
655 * for loop below that copies the PPK[] result into RC4KEY[].
656 *
657 **********************************************************************
658 */
phase2(u8 * rc4key,const u8 * tk,const u16 * p1k,u16 iv16)659 static void phase2(u8 *rc4key, const u8 *tk, const u16 *p1k, u16 iv16)
660 {
661 sint i;
662 u16 PPK[6]; /* temporary key for mixing */
663 /* Note: all adds in the PPK[] equations below are mod 2**16 */
664 for (i = 0; i < 5; i++)
665 PPK[i] = p1k[i]; /* first, copy P1K to PPK */
666 PPK[5] = p1k[4] + iv16; /* next, add in IV16 */
667
668 /* Bijective non-linear mixing of the 96 bits of PPK[0..5] */
669 PPK[0] += _S_(PPK[5] ^ TK16(0)); /* Mix key in each "round" */
670 PPK[1] += _S_(PPK[0] ^ TK16(1));
671 PPK[2] += _S_(PPK[1] ^ TK16(2));
672 PPK[3] += _S_(PPK[2] ^ TK16(3));
673 PPK[4] += _S_(PPK[3] ^ TK16(4));
674 PPK[5] += _S_(PPK[4] ^ TK16(5)); /* Total # S-box lookups == 6 */
675
676 /* Final sweep: bijective, "linear". Rotates kill LSB correlations */
677 PPK[0] += RotR1(PPK[5] ^ TK16(6));
678 PPK[1] += RotR1(PPK[0] ^ TK16(7)); /* Use all of TK[] in Phase2 */
679 PPK[2] += RotR1(PPK[1]);
680 PPK[3] += RotR1(PPK[2]);
681 PPK[4] += RotR1(PPK[3]);
682 PPK[5] += RotR1(PPK[4]);
683 /* Note: At this point, for a given key TK[0..15], the 96-bit output */
684 /* value PPK[0..5] is guaranteed to be unique, as a function */
685 /* of the 96-bit "input" value {TA,IV32,IV16}. That is, P1K */
686 /* is now a keyed permutation of {TA,IV32,IV16}. */
687
688 /* Set RC4KEY[0..3], which includes "cleartext" portion of RC4 key */
689 rc4key[0] = Hi8(iv16); /* RC4KEY[0..2] is the WEP IV */
690 rc4key[1] = (Hi8(iv16) | 0x20) & 0x7F; /* Help avoid weak (FMS) keys */
691 rc4key[2] = Lo8(iv16);
692 rc4key[3] = Lo8((PPK[5] ^ TK16(0)) >> 1);
693
694
695 /* Copy 96 bits of PPK[0..5] to RC4KEY[4..15] (little-endian) */
696 for (i = 0; i < 6; i++) {
697 rc4key[4 + 2 * i] = Lo8(PPK[i]);
698 rc4key[5 + 2 * i] = Hi8(PPK[i]);
699 }
700 }
701
702
703 /* The hlen isn't include the IV */
rtw_tkip_encrypt(_adapter * padapter,u8 * pxmitframe)704 u32 rtw_tkip_encrypt(_adapter *padapter, u8 *pxmitframe)
705 {
706 struct xmit_frame *xf = (struct xmit_frame *)pxmitframe;
707 struct pkt_attrib *pattrib = &xf->attrib;
708 struct security_priv *psecuritypriv = &padapter->securitypriv;
709 struct rtw_xmit_req *txreq = NULL;
710 struct rtw_pkt_buf_list *pkt_list = NULL;
711 u16 pnl;
712 u32 pnh;
713 u8 rc4key[16];
714 u8 ttkey[16];
715 u8 crc[4];
716 struct arc4context mycontext;
717 sint curfragnum, length;
718 u32 prwskeylen;
719 u8 *pframe, *payload, *iv, *prwskey;
720 union pn48 dot11txpn;
721
722
723 if (pattrib->encrypt != _TKIP_)
724 return _SUCCESS;
725
726 /* start to encrypt each fragment */
727 if (IS_MCAST(pattrib->ra))
728 prwskey = psecuritypriv->dot118021XGrpKey[psecuritypriv->dot118021XGrpKeyid].skey;
729 else
730 prwskey = pattrib->dot118021x_UncstKey.skey;
731 prwskeylen = 16;
732
733 for (curfragnum = 0; curfragnum < pattrib->nr_frags; curfragnum++) {
734 txreq = &xf->phl_txreq[curfragnum];
735 rtw_warn_on(txreq->pkt_cnt != 1);
736 pkt_list = (struct rtw_pkt_buf_list *)txreq->pkt_list;
737 pframe = pkt_list->vir_addr;
738 length = pkt_list->length - pattrib->hdrlen
739 - pattrib->iv_len - pattrib->icv_len;
740
741 iv = pframe + pattrib->hdrlen;
742 payload = pframe + pattrib->iv_len + pattrib->hdrlen;
743
744 GET_TKIP_PN(iv, dot11txpn);
745
746 pnl = (u16)(dot11txpn.val);
747 pnh = (u32)(dot11txpn.val >> 16);
748
749 phase1((u16 *)&ttkey[0], prwskey, &pattrib->ta[0], pnh);
750 phase2(&rc4key[0], prwskey, (u16 *)&ttkey[0], pnl);
751
752 *((u32 *)crc) = cpu_to_le32(getcrc32(payload, length));
753
754 arcfour_init(&mycontext, rc4key, 16);
755 arcfour_encrypt(&mycontext, payload, payload, length);
756 arcfour_encrypt(&mycontext, payload + length, crc, 4);
757 }
758
759 TKIP_SW_ENC_CNT_INC(psecuritypriv, pattrib->ra);
760
761 return _SUCCESS;
762 }
763
764 /* The hlen isn't include the IV */
rtw_tkip_decrypt(_adapter * padapter,u8 * precvframe)765 u32 rtw_tkip_decrypt(_adapter *padapter, u8 *precvframe)
766 {
767 /* exclude ICV */
768 u16 pnl;
769 u32 pnh;
770 u8 rc4key[16];
771 u8 ttkey[16];
772 u8 crc[4];
773 struct arc4context mycontext;
774 sint length;
775 u32 prwskeylen;
776
777 u8 *pframe, *payload, *iv, *prwskey;
778 union pn48 dot11txpn;
779 struct sta_info *stainfo;
780 struct rx_pkt_attrib *prxattrib = &((union recv_frame *)precvframe)->u.hdr.attrib;
781 struct security_priv *psecuritypriv = &padapter->securitypriv;
782 u32 res = _SUCCESS;
783
784
785 pframe = (unsigned char *)((union recv_frame *)precvframe)->u.hdr.rx_data;
786
787 /* 4 start to decrypt recvframe */
788 if (prxattrib->encrypt == _TKIP_) {
789
790 stainfo = rtw_get_stainfo(&padapter->stapriv , &prxattrib->ta[0]);
791 if (stainfo != NULL) {
792
793 if (IS_MCAST(prxattrib->ra)) {
794 static systime start = 0;
795 static u32 no_gkey_bc_cnt = 0;
796 static u32 no_gkey_mc_cnt = 0;
797
798 if (psecuritypriv->binstallGrpkey == _FALSE) {
799 res = _FAIL;
800
801 if (start == 0)
802 start = rtw_get_current_time();
803
804 if (is_broadcast_mac_addr(prxattrib->ra))
805 no_gkey_bc_cnt++;
806 else
807 no_gkey_mc_cnt++;
808
809 if (rtw_get_passing_time_ms(start) > 1000) {
810 if (no_gkey_bc_cnt || no_gkey_mc_cnt) {
811 RTW_PRINT(FUNC_ADPT_FMT" no_gkey_bc_cnt:%u, no_gkey_mc_cnt:%u\n",
812 FUNC_ADPT_ARG(padapter), no_gkey_bc_cnt, no_gkey_mc_cnt);
813 }
814 start = rtw_get_current_time();
815 no_gkey_bc_cnt = 0;
816 no_gkey_mc_cnt = 0;
817 }
818 goto exit;
819 }
820
821 if (no_gkey_bc_cnt || no_gkey_mc_cnt) {
822 RTW_PRINT(FUNC_ADPT_FMT" gkey installed. no_gkey_bc_cnt:%u, no_gkey_mc_cnt:%u\n",
823 FUNC_ADPT_ARG(padapter), no_gkey_bc_cnt, no_gkey_mc_cnt);
824 }
825 start = 0;
826 no_gkey_bc_cnt = 0;
827 no_gkey_mc_cnt = 0;
828
829 /* RTW_INFO("rx bc/mc packets, to perform sw rtw_tkip_decrypt\n"); */
830 /* prwskey = psecuritypriv->dot118021XGrpKey[psecuritypriv->dot118021XGrpKeyid].skey; */
831 prwskey = psecuritypriv->dot118021XGrpKey[prxattrib->key_index].skey;
832 prwskeylen = 16;
833 } else {
834 prwskey = &stainfo->dot118021x_UncstKey.skey[0];
835 prwskeylen = 16;
836 }
837
838 iv = pframe + prxattrib->hdrlen;
839 payload = pframe + prxattrib->iv_len + prxattrib->hdrlen;
840 length = ((union recv_frame *)precvframe)->u.hdr.len - prxattrib->hdrlen - prxattrib->iv_len;
841
842 GET_TKIP_PN(iv, dot11txpn);
843
844 pnl = (u16)(dot11txpn.val);
845 pnh = (u32)(dot11txpn.val >> 16);
846
847 phase1((u16 *)&ttkey[0], prwskey, &prxattrib->ta[0], pnh);
848 phase2(&rc4key[0], prwskey, (unsigned short *)&ttkey[0], pnl);
849
850 /* 4 decrypt payload include icv */
851
852 arcfour_init(&mycontext, rc4key, 16);
853 arcfour_encrypt(&mycontext, payload, payload, length);
854
855 *((u32 *)crc) = le32_to_cpu(getcrc32(payload, length - 4));
856
857 if (crc[3] != payload[length - 1] || crc[2] != payload[length - 2] || crc[1] != payload[length - 3] || crc[0] != payload[length - 4]) {
858 res = _FAIL;
859 }
860
861 TKIP_SW_DEC_CNT_INC(psecuritypriv, prxattrib->ra);
862 } else {
863 res = _FAIL;
864 }
865
866 }
867 exit:
868 return res;
869
870 }
871
872
873 /* 3 =====AES related===== */
874 #if (NEW_CRYPTO == 0)
875
876 #define MAX_MSG_SIZE 2048
877 /*****************************/
878 /******** SBOX Table *********/
879 /*****************************/
880
881 static u8 sbox_table[256] = {
882 0x63, 0x7c, 0x77, 0x7b, 0xf2, 0x6b, 0x6f, 0xc5,
883 0x30, 0x01, 0x67, 0x2b, 0xfe, 0xd7, 0xab, 0x76,
884 0xca, 0x82, 0xc9, 0x7d, 0xfa, 0x59, 0x47, 0xf0,
885 0xad, 0xd4, 0xa2, 0xaf, 0x9c, 0xa4, 0x72, 0xc0,
886 0xb7, 0xfd, 0x93, 0x26, 0x36, 0x3f, 0xf7, 0xcc,
887 0x34, 0xa5, 0xe5, 0xf1, 0x71, 0xd8, 0x31, 0x15,
888 0x04, 0xc7, 0x23, 0xc3, 0x18, 0x96, 0x05, 0x9a,
889 0x07, 0x12, 0x80, 0xe2, 0xeb, 0x27, 0xb2, 0x75,
890 0x09, 0x83, 0x2c, 0x1a, 0x1b, 0x6e, 0x5a, 0xa0,
891 0x52, 0x3b, 0xd6, 0xb3, 0x29, 0xe3, 0x2f, 0x84,
892 0x53, 0xd1, 0x00, 0xed, 0x20, 0xfc, 0xb1, 0x5b,
893 0x6a, 0xcb, 0xbe, 0x39, 0x4a, 0x4c, 0x58, 0xcf,
894 0xd0, 0xef, 0xaa, 0xfb, 0x43, 0x4d, 0x33, 0x85,
895 0x45, 0xf9, 0x02, 0x7f, 0x50, 0x3c, 0x9f, 0xa8,
896 0x51, 0xa3, 0x40, 0x8f, 0x92, 0x9d, 0x38, 0xf5,
897 0xbc, 0xb6, 0xda, 0x21, 0x10, 0xff, 0xf3, 0xd2,
898 0xcd, 0x0c, 0x13, 0xec, 0x5f, 0x97, 0x44, 0x17,
899 0xc4, 0xa7, 0x7e, 0x3d, 0x64, 0x5d, 0x19, 0x73,
900 0x60, 0x81, 0x4f, 0xdc, 0x22, 0x2a, 0x90, 0x88,
901 0x46, 0xee, 0xb8, 0x14, 0xde, 0x5e, 0x0b, 0xdb,
902 0xe0, 0x32, 0x3a, 0x0a, 0x49, 0x06, 0x24, 0x5c,
903 0xc2, 0xd3, 0xac, 0x62, 0x91, 0x95, 0xe4, 0x79,
904 0xe7, 0xc8, 0x37, 0x6d, 0x8d, 0xd5, 0x4e, 0xa9,
905 0x6c, 0x56, 0xf4, 0xea, 0x65, 0x7a, 0xae, 0x08,
906 0xba, 0x78, 0x25, 0x2e, 0x1c, 0xa6, 0xb4, 0xc6,
907 0xe8, 0xdd, 0x74, 0x1f, 0x4b, 0xbd, 0x8b, 0x8a,
908 0x70, 0x3e, 0xb5, 0x66, 0x48, 0x03, 0xf6, 0x0e,
909 0x61, 0x35, 0x57, 0xb9, 0x86, 0xc1, 0x1d, 0x9e,
910 0xe1, 0xf8, 0x98, 0x11, 0x69, 0xd9, 0x8e, 0x94,
911 0x9b, 0x1e, 0x87, 0xe9, 0xce, 0x55, 0x28, 0xdf,
912 0x8c, 0xa1, 0x89, 0x0d, 0xbf, 0xe6, 0x42, 0x68,
913 0x41, 0x99, 0x2d, 0x0f, 0xb0, 0x54, 0xbb, 0x16
914 };
915
916 /*****************************/
917 /**** Function Prototypes ****/
918 /*****************************/
919
920 static void bitwise_xor(u8 *ina, u8 *inb, u8 *out);
921 static void construct_mic_iv(
922 u8 *mic_header1,
923 sint qc_exists,
924 sint a4_exists,
925 u8 *mpdu,
926 uint payload_length,
927 u8 *pn_vector,
928 uint frtype);/* add for CONFIG_IEEE80211W, none 11w also can use */
929 static void construct_mic_header1(
930 u8 *mic_header1,
931 sint header_length,
932 u8 *mpdu,
933 uint frtype);/* add for CONFIG_IEEE80211W, none 11w also can use */
934 static void construct_mic_header2(
935 u8 *mic_header2,
936 u8 *mpdu,
937 sint a4_exists,
938 sint qc_exists);
939 static void construct_ctr_preload(
940 u8 *ctr_preload,
941 sint a4_exists,
942 sint qc_exists,
943 u8 *mpdu,
944 u8 *pn_vector,
945 sint c,
946 uint frtype);/* add for CONFIG_IEEE80211W, none 11w also can use */
947 static void xor_128(u8 *a, u8 *b, u8 *out);
948 static void xor_32(u8 *a, u8 *b, u8 *out);
949 static u8 sbox(u8 a);
950 static void next_key(u8 *key, sint round);
951 static void byte_sub(u8 *in, u8 *out);
952 static void shift_row(u8 *in, u8 *out);
953 static void mix_column(u8 *in, u8 *out);
954 static void aes128k128d(u8 *key, u8 *data, u8 *ciphertext);
955
956
957 /****************************************/
958 /* aes128k128d() */
959 /* Performs a 128 bit AES encrypt with */
960 /* 128 bit data. */
961 /****************************************/
xor_128(u8 * a,u8 * b,u8 * out)962 static void xor_128(u8 *a, u8 *b, u8 *out)
963 {
964 sint i;
965 for (i = 0; i < 16; i++)
966 out[i] = a[i] ^ b[i];
967 }
968
969
xor_32(u8 * a,u8 * b,u8 * out)970 static void xor_32(u8 *a, u8 *b, u8 *out)
971 {
972 sint i;
973 for (i = 0; i < 4; i++)
974 out[i] = a[i] ^ b[i];
975 }
976
977
sbox(u8 a)978 static u8 sbox(u8 a)
979 {
980 return sbox_table[(sint)a];
981 }
982
983
next_key(u8 * key,sint round)984 static void next_key(u8 *key, sint round)
985 {
986 u8 rcon;
987 u8 sbox_key[4];
988 u8 rcon_table[12] = {
989 0x01, 0x02, 0x04, 0x08, 0x10, 0x20, 0x40, 0x80,
990 0x1b, 0x36, 0x36, 0x36
991 };
992 sbox_key[0] = sbox(key[13]);
993 sbox_key[1] = sbox(key[14]);
994 sbox_key[2] = sbox(key[15]);
995 sbox_key[3] = sbox(key[12]);
996
997 rcon = rcon_table[round];
998
999 xor_32(&key[0], sbox_key, &key[0]);
1000 key[0] = key[0] ^ rcon;
1001
1002 xor_32(&key[4], &key[0], &key[4]);
1003 xor_32(&key[8], &key[4], &key[8]);
1004 xor_32(&key[12], &key[8], &key[12]);
1005 }
1006
1007
byte_sub(u8 * in,u8 * out)1008 static void byte_sub(u8 *in, u8 *out)
1009 {
1010 sint i;
1011 for (i = 0; i < 16; i++)
1012 out[i] = sbox(in[i]);
1013 }
1014
1015
shift_row(u8 * in,u8 * out)1016 static void shift_row(u8 *in, u8 *out)
1017 {
1018 out[0] = in[0];
1019 out[1] = in[5];
1020 out[2] = in[10];
1021 out[3] = in[15];
1022 out[4] = in[4];
1023 out[5] = in[9];
1024 out[6] = in[14];
1025 out[7] = in[3];
1026 out[8] = in[8];
1027 out[9] = in[13];
1028 out[10] = in[2];
1029 out[11] = in[7];
1030 out[12] = in[12];
1031 out[13] = in[1];
1032 out[14] = in[6];
1033 out[15] = in[11];
1034 }
1035
1036
mix_column(u8 * in,u8 * out)1037 static void mix_column(u8 *in, u8 *out)
1038 {
1039 sint i;
1040 u8 add1b[4];
1041 u8 add1bf7[4];
1042 u8 rotl[4];
1043 u8 swap_halfs[4];
1044 u8 andf7[4];
1045 u8 rotr[4];
1046 u8 temp[4];
1047 u8 tempb[4];
1048 for (i = 0 ; i < 4; i++) {
1049 if ((in[i] & 0x80) == 0x80)
1050 add1b[i] = 0x1b;
1051 else
1052 add1b[i] = 0x00;
1053 }
1054
1055 swap_halfs[0] = in[2]; /* Swap halfs */
1056 swap_halfs[1] = in[3];
1057 swap_halfs[2] = in[0];
1058 swap_halfs[3] = in[1];
1059
1060 rotl[0] = in[3]; /* Rotate left 8 bits */
1061 rotl[1] = in[0];
1062 rotl[2] = in[1];
1063 rotl[3] = in[2];
1064
1065 andf7[0] = in[0] & 0x7f;
1066 andf7[1] = in[1] & 0x7f;
1067 andf7[2] = in[2] & 0x7f;
1068 andf7[3] = in[3] & 0x7f;
1069
1070 for (i = 3; i > 0; i--) { /* logical shift left 1 bit */
1071 andf7[i] = andf7[i] << 1;
1072 if ((andf7[i - 1] & 0x80) == 0x80)
1073 andf7[i] = (andf7[i] | 0x01);
1074 }
1075 andf7[0] = andf7[0] << 1;
1076 andf7[0] = andf7[0] & 0xfe;
1077
1078 xor_32(add1b, andf7, add1bf7);
1079
1080 xor_32(in, add1bf7, rotr);
1081
1082 temp[0] = rotr[0]; /* Rotate right 8 bits */
1083 rotr[0] = rotr[1];
1084 rotr[1] = rotr[2];
1085 rotr[2] = rotr[3];
1086 rotr[3] = temp[0];
1087
1088 xor_32(add1bf7, rotr, temp);
1089 xor_32(swap_halfs, rotl, tempb);
1090 xor_32(temp, tempb, out);
1091 }
1092
1093
aes128k128d(u8 * key,u8 * data,u8 * ciphertext)1094 static void aes128k128d(u8 *key, u8 *data, u8 *ciphertext)
1095 {
1096 sint round;
1097 sint i;
1098 u8 intermediatea[16];
1099 u8 intermediateb[16];
1100 u8 round_key[16];
1101 for (i = 0; i < 16; i++)
1102 round_key[i] = key[i];
1103
1104 for (round = 0; round < 11; round++) {
1105 if (round == 0) {
1106 xor_128(round_key, data, ciphertext);
1107 next_key(round_key, round);
1108 } else if (round == 10) {
1109 byte_sub(ciphertext, intermediatea);
1110 shift_row(intermediatea, intermediateb);
1111 xor_128(intermediateb, round_key, ciphertext);
1112 } else { /* 1 - 9 */
1113 byte_sub(ciphertext, intermediatea);
1114 shift_row(intermediatea, intermediateb);
1115 mix_column(&intermediateb[0], &intermediatea[0]);
1116 mix_column(&intermediateb[4], &intermediatea[4]);
1117 mix_column(&intermediateb[8], &intermediatea[8]);
1118 mix_column(&intermediateb[12], &intermediatea[12]);
1119 xor_128(intermediatea, round_key, ciphertext);
1120 next_key(round_key, round);
1121 }
1122 }
1123 }
1124
1125
1126 /************************************************/
1127 /* construct_mic_iv() */
1128 /* Builds the MIC IV from header fields and PN */
1129 /* Baron think the function is construct CCM */
1130 /* nonce */
1131 /************************************************/
construct_mic_iv(u8 * mic_iv,sint qc_exists,sint a4_exists,u8 * mpdu,uint payload_length,u8 * pn_vector,uint frtype)1132 static void construct_mic_iv(
1133 u8 *mic_iv,
1134 sint qc_exists,
1135 sint a4_exists,
1136 u8 *mpdu,
1137 uint payload_length,
1138 u8 *pn_vector,
1139 uint frtype/* add for CONFIG_IEEE80211W, none 11w also can use */
1140 )
1141 {
1142 sint i;
1143 mic_iv[0] = 0x59;
1144 if (qc_exists && a4_exists)
1145 mic_iv[1] = mpdu[30] & 0x0f; /* QoS_TC */
1146 if (qc_exists && !a4_exists)
1147 mic_iv[1] = mpdu[24] & 0x0f; /* mute bits 7-4 */
1148 if (!qc_exists)
1149 mic_iv[1] = 0x00;
1150 #if defined(CONFIG_IEEE80211W) || defined(CONFIG_RTW_MESH)
1151 /* 802.11w management frame should set management bit(4) */
1152 if (frtype == WIFI_MGT_TYPE)
1153 mic_iv[1] |= BIT(4);
1154 #endif
1155 for (i = 2; i < 8; i++)
1156 mic_iv[i] = mpdu[i + 8]; /* mic_iv[2:7] = A2[0:5] = mpdu[10:15] */
1157 #ifdef CONSISTENT_PN_ORDER
1158 for (i = 8; i < 14; i++)
1159 mic_iv[i] = pn_vector[i - 8]; /* mic_iv[8:13] = PN[0:5] */
1160 #else
1161 for (i = 8; i < 14; i++)
1162 mic_iv[i] = pn_vector[13 - i]; /* mic_iv[8:13] = PN[5:0] */
1163 #endif
1164 mic_iv[14] = (unsigned char)(payload_length / 256);
1165 mic_iv[15] = (unsigned char)(payload_length % 256);
1166 }
1167
1168
1169 /************************************************/
1170 /* construct_mic_header1() */
1171 /* Builds the first MIC header block from */
1172 /* header fields. */
1173 /* Build AAD SC,A1,A2 */
1174 /************************************************/
construct_mic_header1(u8 * mic_header1,sint header_length,u8 * mpdu,uint frtype)1175 static void construct_mic_header1(
1176 u8 *mic_header1,
1177 sint header_length,
1178 u8 *mpdu,
1179 uint frtype/* add for CONFIG_IEEE80211W, none 11w also can use */
1180 )
1181 {
1182 mic_header1[0] = (u8)((header_length - 2) / 256);
1183 mic_header1[1] = (u8)((header_length - 2) % 256);
1184 #if defined(CONFIG_IEEE80211W) || defined(CONFIG_RTW_MESH)
1185 /* 802.11w management frame don't AND subtype bits 4,5,6 of frame control field */
1186 if (frtype == WIFI_MGT_TYPE)
1187 mic_header1[2] = mpdu[0];
1188 else
1189 #endif
1190 mic_header1[2] = mpdu[0] & 0xcf; /* Mute CF poll & CF ack bits */
1191
1192 mic_header1[3] = mpdu[1] & 0xc7; /* Mute retry, more data and pwr mgt bits */
1193 mic_header1[4] = mpdu[4]; /* A1 */
1194 mic_header1[5] = mpdu[5];
1195 mic_header1[6] = mpdu[6];
1196 mic_header1[7] = mpdu[7];
1197 mic_header1[8] = mpdu[8];
1198 mic_header1[9] = mpdu[9];
1199 mic_header1[10] = mpdu[10]; /* A2 */
1200 mic_header1[11] = mpdu[11];
1201 mic_header1[12] = mpdu[12];
1202 mic_header1[13] = mpdu[13];
1203 mic_header1[14] = mpdu[14];
1204 mic_header1[15] = mpdu[15];
1205 }
1206
1207
1208 /************************************************/
1209 /* construct_mic_header2() */
1210 /* Builds the last MIC header block from */
1211 /* header fields. */
1212 /************************************************/
construct_mic_header2(u8 * mic_header2,u8 * mpdu,sint a4_exists,sint qc_exists)1213 static void construct_mic_header2(
1214 u8 *mic_header2,
1215 u8 *mpdu,
1216 sint a4_exists,
1217 sint qc_exists
1218 )
1219 {
1220 sint i;
1221 for (i = 0; i < 16; i++)
1222 mic_header2[i] = 0x00;
1223
1224 mic_header2[0] = mpdu[16]; /* A3 */
1225 mic_header2[1] = mpdu[17];
1226 mic_header2[2] = mpdu[18];
1227 mic_header2[3] = mpdu[19];
1228 mic_header2[4] = mpdu[20];
1229 mic_header2[5] = mpdu[21];
1230
1231 /* mic_header2[6] = mpdu[22] & 0xf0; SC */
1232 mic_header2[6] = 0x00;
1233 mic_header2[7] = 0x00; /* mpdu[23]; */
1234
1235
1236 if (!qc_exists && a4_exists) {
1237 for (i = 0; i < 6; i++)
1238 mic_header2[8 + i] = mpdu[24 + i]; /* A4 */
1239
1240 }
1241
1242 if (qc_exists && !a4_exists) {
1243 mic_header2[8] = mpdu[24] & 0x0f; /* mute bits 15 - 4 */
1244 mic_header2[9] = mpdu[25] & 0x00;
1245 }
1246
1247 if (qc_exists && a4_exists) {
1248 for (i = 0; i < 6; i++)
1249 mic_header2[8 + i] = mpdu[24 + i]; /* A4 */
1250
1251 mic_header2[14] = mpdu[30] & 0x0f;
1252 mic_header2[15] = mpdu[31] & 0x00;
1253 }
1254
1255 }
1256
1257
1258 /************************************************/
1259 /* construct_mic_header2() */
1260 /* Builds the last MIC header block from */
1261 /* header fields. */
1262 /* Baron think the function is construct CCM */
1263 /* nonce */
1264 /************************************************/
construct_ctr_preload(u8 * ctr_preload,sint a4_exists,sint qc_exists,u8 * mpdu,u8 * pn_vector,sint c,uint frtype)1265 static void construct_ctr_preload(
1266 u8 *ctr_preload,
1267 sint a4_exists,
1268 sint qc_exists,
1269 u8 *mpdu,
1270 u8 *pn_vector,
1271 sint c,
1272 uint frtype /* add for CONFIG_IEEE80211W, none 11w also can use */
1273 )
1274 {
1275 sint i = 0;
1276 for (i = 0; i < 16; i++)
1277 ctr_preload[i] = 0x00;
1278 i = 0;
1279
1280 ctr_preload[0] = 0x01; /* flag */
1281 if (qc_exists && a4_exists)
1282 ctr_preload[1] = mpdu[30] & 0x0f; /* QoC_Control */
1283 if (qc_exists && !a4_exists)
1284 ctr_preload[1] = mpdu[24] & 0x0f;
1285 #if defined(CONFIG_IEEE80211W) || defined(CONFIG_RTW_MESH)
1286 /* 802.11w management frame should set management bit(4) */
1287 if (frtype == WIFI_MGT_TYPE)
1288 ctr_preload[1] |= BIT(4);
1289 #endif
1290 for (i = 2; i < 8; i++)
1291 ctr_preload[i] = mpdu[i + 8]; /* ctr_preload[2:7] = A2[0:5] = mpdu[10:15] */
1292 #ifdef CONSISTENT_PN_ORDER
1293 for (i = 8; i < 14; i++)
1294 ctr_preload[i] = pn_vector[i - 8]; /* ctr_preload[8:13] = PN[0:5] */
1295 #else
1296 for (i = 8; i < 14; i++)
1297 ctr_preload[i] = pn_vector[13 - i]; /* ctr_preload[8:13] = PN[5:0] */
1298 #endif
1299 ctr_preload[14] = (unsigned char)(c / 256); /* Ctr */
1300 ctr_preload[15] = (unsigned char)(c % 256);
1301 }
1302
1303
1304 /************************************/
1305 /* bitwise_xor() */
1306 /* A 128 bit, bitwise exclusive or */
1307 /************************************/
bitwise_xor(u8 * ina,u8 * inb,u8 * out)1308 static void bitwise_xor(u8 *ina, u8 *inb, u8 *out)
1309 {
1310 sint i;
1311 for (i = 0; i < 16; i++)
1312 out[i] = ina[i] ^ inb[i];
1313 }
1314
1315
aes_cipher(u8 * key,uint hdrlen,u8 * pframe,uint plen)1316 static sint aes_cipher(u8 *key, uint hdrlen,
1317 u8 *pframe, uint plen)
1318 {
1319 /* static unsigned char message[MAX_MSG_SIZE]; */
1320 uint qc_exists, a4_exists, i, j, payload_remainder,
1321 num_blocks, payload_index;
1322
1323 u8 pn_vector[6];
1324 u8 mic_iv[16];
1325 u8 mic_header1[16];
1326 u8 mic_header2[16];
1327 u8 ctr_preload[16];
1328
1329 /* Intermediate Buffers */
1330 u8 chain_buffer[16];
1331 u8 aes_out[16];
1332 u8 padded_buffer[16];
1333 u8 mic[8];
1334 /* uint offset = 0; */
1335 uint frtype = GetFrameType(pframe);
1336 uint frsubtype = get_frame_sub_type(pframe);
1337
1338 frsubtype = frsubtype >> 4;
1339
1340
1341 _rtw_memset((void *)mic_iv, 0, 16);
1342 _rtw_memset((void *)mic_header1, 0, 16);
1343 _rtw_memset((void *)mic_header2, 0, 16);
1344 _rtw_memset((void *)ctr_preload, 0, 16);
1345 _rtw_memset((void *)chain_buffer, 0, 16);
1346 _rtw_memset((void *)aes_out, 0, 16);
1347 _rtw_memset((void *)padded_buffer, 0, 16);
1348
1349 if ((hdrlen == WLAN_HDR_A3_LEN) || (hdrlen == WLAN_HDR_A3_QOS_LEN))
1350 a4_exists = 0;
1351 else
1352 a4_exists = 1;
1353
1354 if (
1355 ((frtype | frsubtype) == WIFI_DATA_CFACK) ||
1356 ((frtype | frsubtype) == WIFI_DATA_CFPOLL) ||
1357 ((frtype | frsubtype) == WIFI_DATA_CFACKPOLL)) {
1358 qc_exists = 1;
1359 if (hdrlen != WLAN_HDR_A3_QOS_LEN && hdrlen != WLAN_HDR_A4_QOS_LEN)
1360 hdrlen += 2;
1361 }
1362 /* add for CONFIG_IEEE80211W, none 11w also can use */
1363 else if ((frtype == WIFI_DATA) &&
1364 ((frsubtype == 0x08) ||
1365 (frsubtype == 0x09) ||
1366 (frsubtype == 0x0a) ||
1367 (frsubtype == 0x0b))) {
1368 if (hdrlen != WLAN_HDR_A3_QOS_LEN && hdrlen != WLAN_HDR_A4_QOS_LEN)
1369 hdrlen += 2;
1370 qc_exists = 1;
1371 } else
1372 qc_exists = 0;
1373
1374 pn_vector[0] = pframe[hdrlen];
1375 pn_vector[1] = pframe[hdrlen + 1];
1376 pn_vector[2] = pframe[hdrlen + 4];
1377 pn_vector[3] = pframe[hdrlen + 5];
1378 pn_vector[4] = pframe[hdrlen + 6];
1379 pn_vector[5] = pframe[hdrlen + 7];
1380
1381 construct_mic_iv(
1382 mic_iv,
1383 qc_exists,
1384 a4_exists,
1385 pframe, /* message, */
1386 plen,
1387 pn_vector,
1388 frtype /* add for CONFIG_IEEE80211W, none 11w also can use */
1389 );
1390
1391 construct_mic_header1(
1392 mic_header1,
1393 hdrlen,
1394 pframe, /* message */
1395 frtype /* add for CONFIG_IEEE80211W, none 11w also can use */
1396 );
1397 construct_mic_header2(
1398 mic_header2,
1399 pframe, /* message, */
1400 a4_exists,
1401 qc_exists
1402 );
1403
1404
1405 payload_remainder = plen % 16;
1406 num_blocks = plen / 16;
1407
1408 /* Find start of payload */
1409 payload_index = (hdrlen + 8);
1410
1411 /* Calculate MIC */
1412 aes128k128d(key, mic_iv, aes_out);
1413 bitwise_xor(aes_out, mic_header1, chain_buffer);
1414 aes128k128d(key, chain_buffer, aes_out);
1415 bitwise_xor(aes_out, mic_header2, chain_buffer);
1416 aes128k128d(key, chain_buffer, aes_out);
1417
1418 for (i = 0; i < num_blocks; i++) {
1419 bitwise_xor(aes_out, &pframe[payload_index], chain_buffer);/* bitwise_xor(aes_out, &message[payload_index], chain_buffer); */
1420
1421 payload_index += 16;
1422 aes128k128d(key, chain_buffer, aes_out);
1423 }
1424
1425 /* Add on the final payload block if it needs padding */
1426 if (payload_remainder > 0) {
1427 for (j = 0; j < 16; j++)
1428 padded_buffer[j] = 0x00;
1429 for (j = 0; j < payload_remainder; j++) {
1430 padded_buffer[j] = pframe[payload_index++];/* padded_buffer[j] = message[payload_index++]; */
1431 }
1432 bitwise_xor(aes_out, padded_buffer, chain_buffer);
1433 aes128k128d(key, chain_buffer, aes_out);
1434
1435 }
1436
1437 for (j = 0 ; j < 8; j++)
1438 mic[j] = aes_out[j];
1439
1440 /* Insert MIC into payload */
1441 for (j = 0; j < 8; j++)
1442 pframe[payload_index + j] = mic[j]; /* message[payload_index+j] = mic[j]; */
1443
1444 payload_index = hdrlen + 8;
1445 for (i = 0; i < num_blocks; i++) {
1446 construct_ctr_preload(
1447 ctr_preload,
1448 a4_exists,
1449 qc_exists,
1450 pframe, /* message, */
1451 pn_vector,
1452 i + 1,
1453 frtype); /* add for CONFIG_IEEE80211W, none 11w also can use */
1454 aes128k128d(key, ctr_preload, aes_out);
1455 bitwise_xor(aes_out, &pframe[payload_index], chain_buffer);/* bitwise_xor(aes_out, &message[payload_index], chain_buffer); */
1456 for (j = 0; j < 16; j++)
1457 pframe[payload_index++] = chain_buffer[j];/* for (j=0; j<16;j++) message[payload_index++] = chain_buffer[j]; */
1458 }
1459
1460 if (payload_remainder > 0) { /* If there is a short final block, then pad it,*/
1461 /* encrypt it and copy the unpadded part back */
1462 construct_ctr_preload(
1463 ctr_preload,
1464 a4_exists,
1465 qc_exists,
1466 pframe, /* message, */
1467 pn_vector,
1468 num_blocks + 1,
1469 frtype); /* add for CONFIG_IEEE80211W, none 11w also can use */
1470
1471 for (j = 0; j < 16; j++)
1472 padded_buffer[j] = 0x00;
1473 for (j = 0; j < payload_remainder; j++) {
1474 padded_buffer[j] = pframe[payload_index + j]; /* padded_buffer[j] = message[payload_index+j]; */
1475 }
1476 aes128k128d(key, ctr_preload, aes_out);
1477 bitwise_xor(aes_out, padded_buffer, chain_buffer);
1478 for (j = 0; j < payload_remainder; j++)
1479 pframe[payload_index++] = chain_buffer[j];/* for (j=0; j<payload_remainder;j++) message[payload_index++] = chain_buffer[j]; */
1480 }
1481
1482 /* Encrypt the MIC */
1483 construct_ctr_preload(
1484 ctr_preload,
1485 a4_exists,
1486 qc_exists,
1487 pframe, /* message, */
1488 pn_vector,
1489 0,
1490 frtype); /* add for CONFIG_IEEE80211W, none 11w also can use */
1491
1492 for (j = 0; j < 16; j++)
1493 padded_buffer[j] = 0x00;
1494 for (j = 0; j < 8; j++) {
1495 padded_buffer[j] = pframe[j + hdrlen + 8 + plen]; /* padded_buffer[j] = message[j+hdrlen+8+plen]; */
1496 }
1497
1498 aes128k128d(key, ctr_preload, aes_out);
1499 bitwise_xor(aes_out, padded_buffer, chain_buffer);
1500 for (j = 0; j < 8; j++)
1501 pframe[payload_index++] = chain_buffer[j];/* for (j=0; j<8;j++) message[payload_index++] = chain_buffer[j]; */
1502 return _SUCCESS;
1503 }
1504 #endif /* (NEW_CRYPTO == 0) */
1505
1506
1507 #if 0 //RTW_PHL_TX: mark un-finished codes for reading
1508 u32 rtw_core_aes_encrypt(_adapter *padapter, u8 *pxmitframe)
1509 {
1510 struct security_priv *psecuritypriv = &padapter->securitypriv;
1511 struct xmit_priv *pxmitpriv = &padapter->xmitpriv;
1512 struct xmit_frame *pxframe = (struct xmit_frame *)pxmitframe;
1513 sint curfragnum;
1514 u32 prwskeylen;
1515 u8 *pwlanhdr, *payload;
1516 u8 *prwskey;
1517 u8 hw_hdr_offset = 0;
1518
1519 u32 res = _SUCCESS;
1520
1521 if (((struct xmit_frame *)pxmitframe)->buf_addr == NULL)
1522 return _FAIL;
1523
1524 pwlanhdr = pxframe->wlhdr[0];
1525 payload = pxframe->pkt->data + pxframe->attrib.pkt_hdrlen - RTW_SZ_LLC;
1526
1527 /* start to encrypt each fragment */
1528 if ((pxframe->attrib.encrypt == _AES_) ||
1529 (pxframe->attrib.encrypt == _CCMP_256_)) {
1530
1531 if (IS_MCAST(pxframe->attrib.ra))
1532 prwskey = psecuritypriv->dot118021XGrpKey[psecuritypriv->dot118021XGrpKeyid].skey;
1533 else {
1534 prwskey = pxframe->attrib.psta->dot118021x_UncstKey.skey;
1535 }
1536
1537 #ifdef CONFIG_TDLS
1538 {
1539 /* Swencryption */
1540 struct sta_info *ptdls_sta;
1541 ptdls_sta = rtw_get_stainfo(&padapter->stapriv, pxframe->attrib.dst);
1542 if ((ptdls_sta != NULL) && (ptdls_sta->tdls_sta_state & TDLS_LINKED_STATE)) {
1543 RTW_INFO("[%s] for tdls link\n", __FUNCTION__);
1544 prwskey = &ptdls_sta->tpk.tk[0];
1545 }
1546 }
1547 #endif /* CONFIG_TDLS */
1548
1549 prwskeylen = (pxframe->attrib.encrypt == _CCMP_256_) ? 32 : 16;
1550
1551 for (curfragnum = 0; curfragnum < pxframe->attrib.nr_frags; curfragnum++) {
1552 u8 *pdata = pxframe->pkt->data + pxframe->attrib.pkt_hdrlen - RTW_SZ_LLC + curfragnum*pxframe->attrib.frag_datalen;
1553
1554 if ((curfragnum + 1) == pxframe->attrib.nr_frags) { /* the last fragment */
1555 u32 ls_datelen = pxframe->pkt->len - curfragnum*pxframe->attrib.frag_datalen;
1556 _rtw_core_ccmp_encrypt(prwskey, prwskeylen,
1557 pxframe->attrib.hdrlen, pxframe->wlhdr[curfragnum], ls_datelen, pdata);
1558 } else {
1559 _rtw_core_ccmp_encrypt(prwskey, prwskeylen,
1560 pxframe->attrib.hdrlen, pxframe->wlhdr[curfragnum], pxframe->attrib.frag_datalen, pdata);
1561 }
1562 }
1563
1564 AES_SW_ENC_CNT_INC(psecuritypriv, pxframe->attrib.ra);
1565
1566 }
1567
1568 return res;
1569 }
1570 #endif
1571
rtw_aes_encrypt(_adapter * padapter,u8 * pxmitframe)1572 u32 rtw_aes_encrypt(_adapter *padapter, u8 *pxmitframe)
1573 {
1574 struct xmit_frame *xf = (struct xmit_frame *)pxmitframe;
1575 struct pkt_attrib *pattrib = &xf->attrib;
1576 struct security_priv *psecuritypriv = &padapter->securitypriv;
1577 struct rtw_xmit_req *txreq = NULL;
1578 struct rtw_pkt_buf_list *pkt_list = NULL;
1579 sint curfragnum, plen;
1580 u32 prwskeylen;
1581 u8 *pframe;
1582 u8 *prwskey;
1583
1584
1585 if ((pattrib->encrypt != _AES_) && (pattrib->encrypt != _CCMP_256_))
1586 return _SUCCESS;
1587
1588 /* start to encrypt each fragment */
1589 if (IS_MCAST(pattrib->ra))
1590 prwskey = psecuritypriv->dot118021XGrpKey[psecuritypriv->dot118021XGrpKeyid].skey;
1591 else
1592 prwskey = pattrib->dot118021x_UncstKey.skey;
1593
1594 #ifdef CONFIG_TDLS
1595 {
1596 /* Swencryption */
1597 struct sta_info *ptdls_sta;
1598 ptdls_sta = rtw_get_stainfo(&padapter->stapriv, &pattrib->dst[0]);
1599 if ((ptdls_sta != NULL) && (ptdls_sta->tdls_sta_state & TDLS_LINKED_STATE)) {
1600 RTW_INFO("[%s] for tdls link\n", __FUNCTION__);
1601 prwskey = &ptdls_sta->tpk.tk[0];
1602 }
1603 }
1604 #endif /* CONFIG_TDLS */
1605
1606 prwskeylen = (pattrib->encrypt == _CCMP_256_) ? 32 : 16;
1607
1608 for (curfragnum = 0; curfragnum < pattrib->nr_frags; curfragnum++) {
1609 txreq = &xf->phl_txreq[curfragnum];
1610 rtw_warn_on(txreq->pkt_cnt != 1);
1611 pkt_list = (struct rtw_pkt_buf_list *)txreq->pkt_list;
1612 pframe = pkt_list->vir_addr;
1613 plen = pkt_list->length - pattrib->hdrlen
1614 - pattrib->iv_len - pattrib->icv_len;
1615 _rtw_ccmp_encrypt(padapter, prwskey, prwskeylen, pattrib->hdrlen,
1616 pframe, plen);
1617 }
1618
1619 AES_SW_ENC_CNT_INC(psecuritypriv, pattrib->ra);
1620
1621 return _SUCCESS;
1622 }
1623
1624 #if (NEW_CRYPTO == 0)
aes_decipher(u8 * key,uint hdrlen,u8 * pframe,uint plen)1625 static sint aes_decipher(u8 *key, uint hdrlen,
1626 u8 *pframe, uint plen)
1627 {
1628 static u8 message[MAX_MSG_SIZE];
1629 uint qc_exists, a4_exists, i, j, payload_remainder,
1630 num_blocks, payload_index;
1631 sint res = _SUCCESS;
1632 u8 pn_vector[6];
1633 u8 mic_iv[16];
1634 u8 mic_header1[16];
1635 u8 mic_header2[16];
1636 u8 ctr_preload[16];
1637
1638 /* Intermediate Buffers */
1639 u8 chain_buffer[16];
1640 u8 aes_out[16];
1641 u8 padded_buffer[16];
1642 u8 mic[8];
1643
1644
1645 /* uint offset = 0; */
1646 uint frtype = GetFrameType(pframe);
1647 uint frsubtype = get_frame_sub_type(pframe);
1648 frsubtype = frsubtype >> 4;
1649
1650
1651 _rtw_memset((void *)mic_iv, 0, 16);
1652 _rtw_memset((void *)mic_header1, 0, 16);
1653 _rtw_memset((void *)mic_header2, 0, 16);
1654 _rtw_memset((void *)ctr_preload, 0, 16);
1655 _rtw_memset((void *)chain_buffer, 0, 16);
1656 _rtw_memset((void *)aes_out, 0, 16);
1657 _rtw_memset((void *)padded_buffer, 0, 16);
1658
1659 /* start to decrypt the payload */
1660
1661 num_blocks = (plen - 8) / 16; /* (plen including LLC, payload_length and mic ) */
1662
1663 payload_remainder = (plen - 8) % 16;
1664
1665 pn_vector[0] = pframe[hdrlen];
1666 pn_vector[1] = pframe[hdrlen + 1];
1667 pn_vector[2] = pframe[hdrlen + 4];
1668 pn_vector[3] = pframe[hdrlen + 5];
1669 pn_vector[4] = pframe[hdrlen + 6];
1670 pn_vector[5] = pframe[hdrlen + 7];
1671
1672 if ((hdrlen == WLAN_HDR_A3_LEN) || (hdrlen == WLAN_HDR_A3_QOS_LEN))
1673 a4_exists = 0;
1674 else
1675 a4_exists = 1;
1676
1677 if (
1678 ((frtype | frsubtype) == WIFI_DATA_CFACK) ||
1679 ((frtype | frsubtype) == WIFI_DATA_CFPOLL) ||
1680 ((frtype | frsubtype) == WIFI_DATA_CFACKPOLL)) {
1681 qc_exists = 1;
1682 if (hdrlen != WLAN_HDR_A3_QOS_LEN && hdrlen != WLAN_HDR_A4_QOS_LEN)
1683 hdrlen += 2;
1684 } /* only for data packet . add for CONFIG_IEEE80211W, none 11w also can use */
1685 else if ((frtype == WIFI_DATA) &&
1686 ((frsubtype == 0x08) ||
1687 (frsubtype == 0x09) ||
1688 (frsubtype == 0x0a) ||
1689 (frsubtype == 0x0b))) {
1690 if (hdrlen != WLAN_HDR_A3_QOS_LEN && hdrlen != WLAN_HDR_A4_QOS_LEN)
1691 hdrlen += 2;
1692 qc_exists = 1;
1693 } else
1694 qc_exists = 0;
1695
1696
1697 /* now, decrypt pframe with hdrlen offset and plen long */
1698
1699 payload_index = hdrlen + 8; /* 8 is for extiv */
1700
1701 for (i = 0; i < num_blocks; i++) {
1702 construct_ctr_preload(
1703 ctr_preload,
1704 a4_exists,
1705 qc_exists,
1706 pframe,
1707 pn_vector,
1708 i + 1,
1709 frtype /* add for CONFIG_IEEE80211W, none 11w also can use */
1710 );
1711
1712 aes128k128d(key, ctr_preload, aes_out);
1713 bitwise_xor(aes_out, &pframe[payload_index], chain_buffer);
1714
1715 for (j = 0; j < 16; j++)
1716 pframe[payload_index++] = chain_buffer[j];
1717 }
1718
1719 if (payload_remainder > 0) { /* If there is a short final block, then pad it,*/
1720 /* encrypt it and copy the unpadded part back */
1721 construct_ctr_preload(
1722 ctr_preload,
1723 a4_exists,
1724 qc_exists,
1725 pframe,
1726 pn_vector,
1727 num_blocks + 1,
1728 frtype /* add for CONFIG_IEEE80211W, none 11w also can use */
1729 );
1730
1731 for (j = 0; j < 16; j++)
1732 padded_buffer[j] = 0x00;
1733 for (j = 0; j < payload_remainder; j++)
1734 padded_buffer[j] = pframe[payload_index + j];
1735 aes128k128d(key, ctr_preload, aes_out);
1736 bitwise_xor(aes_out, padded_buffer, chain_buffer);
1737 for (j = 0; j < payload_remainder; j++)
1738 pframe[payload_index++] = chain_buffer[j];
1739 }
1740
1741 /* start to calculate the mic */
1742 if ((hdrlen + plen + 8) <= MAX_MSG_SIZE)
1743 _rtw_memcpy((void *)message, pframe, (hdrlen + plen + 8)); /* 8 is for ext iv len */
1744
1745
1746 pn_vector[0] = pframe[hdrlen];
1747 pn_vector[1] = pframe[hdrlen + 1];
1748 pn_vector[2] = pframe[hdrlen + 4];
1749 pn_vector[3] = pframe[hdrlen + 5];
1750 pn_vector[4] = pframe[hdrlen + 6];
1751 pn_vector[5] = pframe[hdrlen + 7];
1752
1753
1754
1755 construct_mic_iv(
1756 mic_iv,
1757 qc_exists,
1758 a4_exists,
1759 message,
1760 plen - 8,
1761 pn_vector,
1762 frtype /* add for CONFIG_IEEE80211W, none 11w also can use */
1763 );
1764
1765 construct_mic_header1(
1766 mic_header1,
1767 hdrlen,
1768 message,
1769 frtype /* add for CONFIG_IEEE80211W, none 11w also can use */
1770 );
1771 construct_mic_header2(
1772 mic_header2,
1773 message,
1774 a4_exists,
1775 qc_exists
1776 );
1777
1778
1779 payload_remainder = (plen - 8) % 16;
1780 num_blocks = (plen - 8) / 16;
1781
1782 /* Find start of payload */
1783 payload_index = (hdrlen + 8);
1784
1785 /* Calculate MIC */
1786 aes128k128d(key, mic_iv, aes_out);
1787 bitwise_xor(aes_out, mic_header1, chain_buffer);
1788 aes128k128d(key, chain_buffer, aes_out);
1789 bitwise_xor(aes_out, mic_header2, chain_buffer);
1790 aes128k128d(key, chain_buffer, aes_out);
1791
1792 for (i = 0; i < num_blocks; i++) {
1793 bitwise_xor(aes_out, &message[payload_index], chain_buffer);
1794
1795 payload_index += 16;
1796 aes128k128d(key, chain_buffer, aes_out);
1797 }
1798
1799 /* Add on the final payload block if it needs padding */
1800 if (payload_remainder > 0) {
1801 for (j = 0; j < 16; j++)
1802 padded_buffer[j] = 0x00;
1803 for (j = 0; j < payload_remainder; j++)
1804 padded_buffer[j] = message[payload_index++];
1805 bitwise_xor(aes_out, padded_buffer, chain_buffer);
1806 aes128k128d(key, chain_buffer, aes_out);
1807
1808 }
1809
1810 for (j = 0 ; j < 8; j++)
1811 mic[j] = aes_out[j];
1812
1813 /* Insert MIC into payload */
1814 for (j = 0; j < 8; j++)
1815 message[payload_index + j] = mic[j];
1816
1817 payload_index = hdrlen + 8;
1818 for (i = 0; i < num_blocks; i++) {
1819 construct_ctr_preload(
1820 ctr_preload,
1821 a4_exists,
1822 qc_exists,
1823 message,
1824 pn_vector,
1825 i + 1,
1826 frtype); /* add for CONFIG_IEEE80211W, none 11w also can use */
1827 aes128k128d(key, ctr_preload, aes_out);
1828 bitwise_xor(aes_out, &message[payload_index], chain_buffer);
1829 for (j = 0; j < 16; j++)
1830 message[payload_index++] = chain_buffer[j];
1831 }
1832
1833 if (payload_remainder > 0) { /* If there is a short final block, then pad it,*/
1834 /* encrypt it and copy the unpadded part back */
1835 construct_ctr_preload(
1836 ctr_preload,
1837 a4_exists,
1838 qc_exists,
1839 message,
1840 pn_vector,
1841 num_blocks + 1,
1842 frtype); /* add for CONFIG_IEEE80211W, none 11w also can use */
1843
1844 for (j = 0; j < 16; j++)
1845 padded_buffer[j] = 0x00;
1846 for (j = 0; j < payload_remainder; j++)
1847 padded_buffer[j] = message[payload_index + j];
1848 aes128k128d(key, ctr_preload, aes_out);
1849 bitwise_xor(aes_out, padded_buffer, chain_buffer);
1850 for (j = 0; j < payload_remainder; j++)
1851 message[payload_index++] = chain_buffer[j];
1852 }
1853
1854 /* Encrypt the MIC */
1855 construct_ctr_preload(
1856 ctr_preload,
1857 a4_exists,
1858 qc_exists,
1859 message,
1860 pn_vector,
1861 0,
1862 frtype); /* add for CONFIG_IEEE80211W, none 11w also can use */
1863
1864 for (j = 0; j < 16; j++)
1865 padded_buffer[j] = 0x00;
1866 for (j = 0; j < 8; j++)
1867 padded_buffer[j] = message[j + hdrlen + 8 + plen - 8];
1868
1869 aes128k128d(key, ctr_preload, aes_out);
1870 bitwise_xor(aes_out, padded_buffer, chain_buffer);
1871 for (j = 0; j < 8; j++)
1872 message[payload_index++] = chain_buffer[j];
1873
1874 /* compare the mic */
1875 for (i = 0; i < 8; i++) {
1876 if (pframe[hdrlen + 8 + plen - 8 + i] != message[hdrlen + 8 + plen - 8 + i]) {
1877 RTW_INFO("aes_decipher:mic check error mic[%d]: pframe(%x) != message(%x)\n",
1878 i, pframe[hdrlen + 8 + plen - 8 + i], message[hdrlen + 8 + plen - 8 + i]);
1879 res = _FAIL;
1880 }
1881 }
1882 return res;
1883 }
1884 #endif /* (NEW_CRYPTO == 0) */
1885
1886 #if NEW_CRYPTO
rtw_aes_decrypt(_adapter * padapter,u8 * precvframe)1887 u32 rtw_aes_decrypt(_adapter *padapter, u8 *precvframe)
1888 {
1889 struct sta_info *stainfo;
1890 struct rx_pkt_attrib *prxattrib = &((union recv_frame *)precvframe)->u.hdr.attrib;
1891 struct security_priv *psecuritypriv = &padapter->securitypriv;
1892 u8 *pframe;
1893 u8 *prwskey;
1894 u32 res = _SUCCESS;
1895
1896 pframe = (unsigned char *)((union recv_frame *)precvframe)->u.hdr.rx_data;
1897 /* start to encrypt each fragment */
1898 if ((prxattrib->encrypt == _AES_) ||
1899 (prxattrib->encrypt == _CCMP_256_)) {
1900
1901 stainfo = rtw_get_stainfo(&padapter->stapriv, &prxattrib->ta[0]);
1902 if (stainfo != NULL) {
1903
1904 if (IS_MCAST(prxattrib->ra)) {
1905 static systime start = 0;
1906 static u32 no_gkey_bc_cnt = 0;
1907 static u32 no_gkey_mc_cnt = 0;
1908
1909 if ((!MLME_IS_MESH(padapter) && psecuritypriv->binstallGrpkey == _FALSE)
1910 #ifdef CONFIG_RTW_MESH
1911 || !(stainfo->gtk_bmp | BIT(prxattrib->key_index))
1912 #endif
1913 ) {
1914 res = _FAIL;
1915
1916 if (start == 0)
1917 start = rtw_get_current_time();
1918
1919 if (is_broadcast_mac_addr(prxattrib->ra))
1920 no_gkey_bc_cnt++;
1921 else
1922 no_gkey_mc_cnt++;
1923
1924 if (rtw_get_passing_time_ms(start) > 1000) {
1925 if (no_gkey_bc_cnt || no_gkey_mc_cnt) {
1926 RTW_PRINT(FUNC_ADPT_FMT" no_gkey_bc_cnt:%u, no_gkey_mc_cnt:%u\n",
1927 FUNC_ADPT_ARG(padapter), no_gkey_bc_cnt, no_gkey_mc_cnt);
1928 }
1929 start = rtw_get_current_time();
1930 no_gkey_bc_cnt = 0;
1931 no_gkey_mc_cnt = 0;
1932 }
1933
1934 goto exit;
1935 }
1936
1937 if (no_gkey_bc_cnt || no_gkey_mc_cnt) {
1938 RTW_PRINT(FUNC_ADPT_FMT" gkey installed. no_gkey_bc_cnt:%u, no_gkey_mc_cnt:%u\n",
1939 FUNC_ADPT_ARG(padapter), no_gkey_bc_cnt, no_gkey_mc_cnt);
1940 }
1941 start = 0;
1942 no_gkey_bc_cnt = 0;
1943 no_gkey_mc_cnt = 0;
1944
1945 #ifdef CONFIG_RTW_MESH
1946 if (MLME_IS_MESH(padapter)) {
1947 /* TODO: multiple GK? */
1948 prwskey = &stainfo->gtk.skey[0];
1949 } else
1950 #endif
1951 {
1952 prwskey = psecuritypriv->dot118021XGrpKey[prxattrib->key_index].skey;
1953 if (psecuritypriv->dot118021XGrpKeyid != prxattrib->key_index) {
1954 RTW_DBG("not match packet_index=%d, install_index=%d\n"
1955 , prxattrib->key_index, psecuritypriv->dot118021XGrpKeyid);
1956 res = _FAIL;
1957 goto exit;
1958 }
1959 }
1960 } else
1961 prwskey = &stainfo->dot118021x_UncstKey.skey[0];
1962
1963 res = _rtw_ccmp_decrypt(padapter, prwskey,
1964 prxattrib->encrypt == _CCMP_256_ ? 32 : 16,
1965 prxattrib->hdrlen, pframe,
1966 ((union recv_frame *)precvframe)->u.hdr.len);
1967
1968 AES_SW_DEC_CNT_INC(psecuritypriv, prxattrib->ra);
1969 } else {
1970 res = _FAIL;
1971 }
1972
1973 }
1974 exit:
1975 return res;
1976 }
1977 #else
rtw_aes_decrypt(_adapter * padapter,u8 * precvframe)1978 u32 rtw_aes_decrypt(_adapter *padapter, u8 *precvframe)
1979 {
1980 /* exclude ICV */
1981
1982
1983 /*static*/
1984 /* unsigned char message[MAX_MSG_SIZE]; */
1985
1986
1987 /* Intermediate Buffers */
1988
1989
1990 sint length;
1991 u8 *pframe, *prwskey; /* , *payload,*iv */
1992 struct sta_info *stainfo;
1993 struct rx_pkt_attrib *prxattrib = &((union recv_frame *)precvframe)->u.hdr.attrib;
1994 struct security_priv *psecuritypriv = &padapter->securitypriv;
1995 u32 res = _SUCCESS;
1996 pframe = (unsigned char *)((union recv_frame *)precvframe)->u.hdr.rx_data;
1997 /* 4 start to encrypt each fragment */
1998 if ((prxattrib->encrypt == _AES_)) {
1999
2000 stainfo = rtw_get_stainfo(&padapter->stapriv , &prxattrib->ta[0]);
2001 if (stainfo != NULL) {
2002
2003 if (IS_MCAST(prxattrib->ra)) {
2004 static systime start = 0;
2005 static u32 no_gkey_bc_cnt = 0;
2006 static u32 no_gkey_mc_cnt = 0;
2007
2008 /* RTW_INFO("rx bc/mc packets, to perform sw rtw_aes_decrypt\n"); */
2009 /* prwskey = psecuritypriv->dot118021XGrpKey[psecuritypriv->dot118021XGrpKeyid].skey; */
2010 if ((!MLME_IS_MESH(padapter) && psecuritypriv->binstallGrpkey == _FALSE)
2011 #ifdef CONFIG_RTW_MESH
2012 || !(stainfo->gtk_bmp | BIT(prxattrib->key_index))
2013 #endif
2014 ) {
2015 res = _FAIL;
2016
2017 if (start == 0)
2018 start = rtw_get_current_time();
2019
2020 if (is_broadcast_mac_addr(prxattrib->ra))
2021 no_gkey_bc_cnt++;
2022 else
2023 no_gkey_mc_cnt++;
2024
2025 if (rtw_get_passing_time_ms(start) > 1000) {
2026 if (no_gkey_bc_cnt || no_gkey_mc_cnt) {
2027 RTW_PRINT(FUNC_ADPT_FMT" no_gkey_bc_cnt:%u, no_gkey_mc_cnt:%u\n",
2028 FUNC_ADPT_ARG(padapter), no_gkey_bc_cnt, no_gkey_mc_cnt);
2029 }
2030 start = rtw_get_current_time();
2031 no_gkey_bc_cnt = 0;
2032 no_gkey_mc_cnt = 0;
2033 }
2034
2035 goto exit;
2036 }
2037
2038 if (no_gkey_bc_cnt || no_gkey_mc_cnt) {
2039 RTW_PRINT(FUNC_ADPT_FMT" gkey installed. no_gkey_bc_cnt:%u, no_gkey_mc_cnt:%u\n",
2040 FUNC_ADPT_ARG(padapter), no_gkey_bc_cnt, no_gkey_mc_cnt);
2041 }
2042 start = 0;
2043 no_gkey_bc_cnt = 0;
2044 no_gkey_mc_cnt = 0;
2045
2046 #ifdef CONFIG_RTW_MESH
2047 if (MLME_IS_MESH(padapter)) {
2048 /* TODO: multiple GK? */
2049 prwskey = &stainfo->gtk.skey[0];
2050 } else
2051 #endif
2052 {
2053 prwskey = psecuritypriv->dot118021XGrpKey[prxattrib->key_index].skey;
2054 if (psecuritypriv->dot118021XGrpKeyid != prxattrib->key_index) {
2055 RTW_DBG("not match packet_index=%d, install_index=%d\n"
2056 , prxattrib->key_index, psecuritypriv->dot118021XGrpKeyid);
2057 res = _FAIL;
2058 goto exit;
2059 }
2060 }
2061 } else
2062 prwskey = &stainfo->dot118021x_UncstKey.skey[0];
2063
2064 length = ((union recv_frame *)precvframe)->u.hdr.len - prxattrib->hdrlen - prxattrib->iv_len;
2065 #if 0
2066 /* add for CONFIG_IEEE80211W, debug */
2067 if (0)
2068 printk("@@@@@@@@@@@@@@@@@@ length=%d, prxattrib->hdrlen=%d, prxattrib->pkt_len=%d\n"
2069 , length, prxattrib->hdrlen, prxattrib->pkt_len);
2070 if (0) {
2071 int no;
2072 /* test print PSK */
2073 printk("PSK key below:\n");
2074 for (no = 0; no < 16; no++)
2075 printk(" %02x ", prwskey[no]);
2076 printk("\n");
2077 }
2078 if (0) {
2079 int no;
2080 /* test print PSK */
2081 printk("frame:\n");
2082 for (no = 0; no < prxattrib->pkt_len; no++)
2083 printk(" %02x ", pframe[no]);
2084 printk("\n");
2085 }
2086 #endif
2087
2088 res = aes_decipher(prwskey, prxattrib->hdrlen, pframe, length);
2089
2090 AES_SW_DEC_CNT_INC(psecuritypriv, prxattrib->ra);
2091 } else {
2092 res = _FAIL;
2093 }
2094
2095 }
2096 exit:
2097 return res;
2098 }
2099 #endif
2100
2101 #ifdef CONFIG_RTW_MESH_AEK
2102 /* for AES-SIV, wrapper to ase_siv_encrypt and aes_siv_decrypt */
rtw_aes_siv_encrypt(const u8 * key,size_t key_len,const u8 * pw,size_t pwlen,size_t num_elem,const u8 * addr[],const size_t * len,u8 * out)2103 int rtw_aes_siv_encrypt(const u8 *key, size_t key_len, const u8 *pw,
2104 size_t pwlen, size_t num_elem,
2105 const u8 *addr[], const size_t *len, u8 *out)
2106 {
2107 return _aes_siv_encrypt(key, key_len, pw, pwlen,
2108 num_elem, addr, len, out);
2109 }
2110
rtw_aes_siv_decrypt(const u8 * key,size_t key_len,const u8 * iv_crypt,size_t iv_c_len,size_t num_elem,const u8 * addr[],const size_t * len,u8 * out)2111 int rtw_aes_siv_decrypt(const u8 *key, size_t key_len, const u8 *iv_crypt, size_t iv_c_len,
2112 size_t num_elem, const u8 *addr[], const size_t *len, u8 *out)
2113 {
2114 return _aes_siv_decrypt(key, key_len, iv_crypt,
2115 iv_c_len, num_elem, addr, len, out);
2116 }
2117 #endif /* CONFIG_RTW_MESH_AEK */
2118
2119 #ifdef CONFIG_TDLS
wpa_tdls_generate_tpk(_adapter * padapter,void * sta)2120 void wpa_tdls_generate_tpk(_adapter *padapter, void *sta)
2121 {
2122 struct sta_info *psta = (struct sta_info *)sta;
2123 struct mlme_priv *pmlmepriv = &padapter->mlmepriv;
2124
2125 _tdls_generate_tpk(psta, adapter_mac_addr(padapter), get_bssid(pmlmepriv));
2126 }
2127
2128 /**
2129 * wpa_tdls_ftie_mic - Calculate TDLS FTIE MIC
2130 * @kck: TPK-KCK
2131 * @lnkid: Pointer to the beginning of Link Identifier IE
2132 * @rsnie: Pointer to the beginning of RSN IE used for handshake
2133 * @timeoutie: Pointer to the beginning of Timeout IE used for handshake
2134 * @ftie: Pointer to the beginning of FT IE
2135 * @mic: Pointer for writing MIC
2136 *
2137 * Calculate MIC for TDLS frame.
2138 */
wpa_tdls_ftie_mic(u8 * kck,u8 trans_seq,u8 * lnkid,u8 * rsnie,u8 * timeoutie,u8 * ftie,u8 * mic)2139 int wpa_tdls_ftie_mic(u8 *kck, u8 trans_seq,
2140 u8 *lnkid, u8 *rsnie, u8 *timeoutie, u8 *ftie,
2141 u8 *mic)
2142 {
2143 u8 *buf, *pos;
2144 struct wpa_tdls_ftie *_ftie;
2145 struct wpa_tdls_lnkid *_lnkid;
2146 int ret;
2147 int len = 2 * ETH_ALEN + 1 + 2 + lnkid[1] + 2 + rsnie[1] +
2148 2 + timeoutie[1] + 2 + ftie[1];
2149 buf = rtw_zmalloc(len);
2150 if (!buf) {
2151 RTW_INFO("TDLS: No memory for MIC calculation\n");
2152 return -1;
2153 }
2154
2155 pos = buf;
2156 _lnkid = (struct wpa_tdls_lnkid *) lnkid;
2157 /* 1) TDLS initiator STA MAC address */
2158 _rtw_memcpy(pos, _lnkid->init_sta, ETH_ALEN);
2159 pos += ETH_ALEN;
2160 /* 2) TDLS responder STA MAC address */
2161 _rtw_memcpy(pos, _lnkid->resp_sta, ETH_ALEN);
2162 pos += ETH_ALEN;
2163 /* 3) Transaction Sequence number */
2164 *pos++ = trans_seq;
2165 /* 4) Link Identifier IE */
2166 _rtw_memcpy(pos, lnkid, 2 + lnkid[1]);
2167 pos += 2 + lnkid[1];
2168 /* 5) RSN IE */
2169 _rtw_memcpy(pos, rsnie, 2 + rsnie[1]);
2170 pos += 2 + rsnie[1];
2171 /* 6) Timeout Interval IE */
2172 _rtw_memcpy(pos, timeoutie, 2 + timeoutie[1]);
2173 pos += 2 + timeoutie[1];
2174 /* 7) FTIE, with the MIC field of the FTIE set to 0 */
2175 _rtw_memcpy(pos, ftie, 2 + ftie[1]);
2176 _ftie = (struct wpa_tdls_ftie *) pos;
2177 _rtw_memset(_ftie->mic, 0, TDLS_MIC_LEN);
2178 pos += 2 + ftie[1];
2179
2180 /* ret = omac1_aes_128(kck, buf, pos - buf, mic); */
2181 ret = _bip_ccmp_protect(kck, 16, buf, pos - buf, mic);
2182 rtw_mfree(buf, len);
2183 return ret;
2184
2185 }
2186
2187 /**
2188 * wpa_tdls_teardown_ftie_mic - Calculate TDLS TEARDOWN FTIE MIC
2189 * @kck: TPK-KCK
2190 * @lnkid: Pointer to the beginning of Link Identifier IE
2191 * @reason: Reason code of TDLS Teardown
2192 * @dialog_token: Dialog token that was used in the MIC calculation for TPK Handshake Message 3
2193 * @trans_seq: Transaction Sequence number (1 octet) which shall be set to the value 4
2194 * @ftie: Pointer to the beginning of FT IE
2195 * @mic: Pointer for writing MIC
2196 *
2197 * Calculate MIC for TDLS TEARDOWN frame according to Section 10.22.5 in IEEE 802.11 - 2012.
2198 */
wpa_tdls_teardown_ftie_mic(u8 * kck,u8 * lnkid,u16 reason,u8 dialog_token,u8 trans_seq,u8 * ftie,u8 * mic)2199 int wpa_tdls_teardown_ftie_mic(u8 *kck, u8 *lnkid, u16 reason,
2200 u8 dialog_token, u8 trans_seq, u8 *ftie, u8 *mic)
2201 {
2202 u8 *buf, *pos;
2203 struct wpa_tdls_ftie *_ftie;
2204 int ret;
2205 int len = 2 + lnkid[1] + 2 + 1 + 1 + 2 + ftie[1];
2206
2207 buf = rtw_zmalloc(len);
2208 if (!buf) {
2209 RTW_INFO("TDLS: No memory for MIC calculation\n");
2210 return -1;
2211 }
2212
2213 pos = buf;
2214 /* 1) Link Identifier IE */
2215 _rtw_memcpy(pos, lnkid, 2 + lnkid[1]);
2216 pos += 2 + lnkid[1];
2217 /* 2) Reason Code */
2218 _rtw_memcpy(pos, (u8 *)&reason, 2);
2219 pos += 2;
2220 /* 3) Dialog Token */
2221 *pos++ = dialog_token;
2222 /* 4) Transaction Sequence number */
2223 *pos++ = trans_seq;
2224 /* 5) FTIE, with the MIC field of the FTIE set to 0 */
2225 _rtw_memcpy(pos, ftie, 2 + ftie[1]);
2226 _ftie = (struct wpa_tdls_ftie *) pos;
2227 _rtw_memset(_ftie->mic, 0, TDLS_MIC_LEN);
2228 pos += 2 + ftie[1];
2229
2230 /* ret = omac1_aes_128(kck, buf, pos - buf, mic); */
2231 ret = _bip_ccmp_protect(kck, 16, buf, pos - buf, mic);
2232 rtw_mfree(buf, len);
2233 return ret;
2234
2235 }
2236
tdls_verify_mic(u8 * kck,u8 trans_seq,u8 * lnkid,u8 * rsnie,u8 * timeoutie,u8 * ftie)2237 int tdls_verify_mic(u8 *kck, u8 trans_seq,
2238 u8 *lnkid, u8 *rsnie, u8 *timeoutie, u8 *ftie)
2239 {
2240 u8 *buf, *pos;
2241 int len;
2242 u8 mic[16];
2243 int ret;
2244 u8 *rx_ftie, *tmp_ftie;
2245
2246 if (lnkid == NULL || rsnie == NULL ||
2247 timeoutie == NULL || ftie == NULL)
2248 return _FAIL;
2249
2250 len = 2 * ETH_ALEN + 1 + 2 + 18 + 2 + *(rsnie + 1) + 2 + *(timeoutie + 1) + 2 + *(ftie + 1);
2251
2252 buf = rtw_zmalloc(len);
2253 if (buf == NULL)
2254 return _FAIL;
2255
2256 pos = buf;
2257 /* 1) TDLS initiator STA MAC address */
2258 _rtw_memcpy(pos, lnkid + ETH_ALEN + 2, ETH_ALEN);
2259 pos += ETH_ALEN;
2260 /* 2) TDLS responder STA MAC address */
2261 _rtw_memcpy(pos, lnkid + 2 * ETH_ALEN + 2, ETH_ALEN);
2262 pos += ETH_ALEN;
2263 /* 3) Transaction Sequence number */
2264 *pos++ = trans_seq;
2265 /* 4) Link Identifier IE */
2266 _rtw_memcpy(pos, lnkid, 2 + 18);
2267 pos += 2 + 18;
2268 /* 5) RSN IE */
2269 _rtw_memcpy(pos, rsnie, 2 + *(rsnie + 1));
2270 pos += 2 + *(rsnie + 1);
2271 /* 6) Timeout Interval IE */
2272 _rtw_memcpy(pos, timeoutie, 2 + *(timeoutie + 1));
2273 pos += 2 + *(timeoutie + 1);
2274 /* 7) FTIE, with the MIC field of the FTIE set to 0 */
2275 _rtw_memcpy(pos, ftie, 2 + *(ftie + 1));
2276 pos += 2;
2277 tmp_ftie = (u8 *)(pos + 2);
2278 _rtw_memset(tmp_ftie, 0, 16);
2279 pos += *(ftie + 1);
2280
2281 /* ret = omac1_aes_128(kck, buf, pos - buf, mic); */
2282 ret = _bip_ccmp_protect(kck, 16, buf, pos - buf, mic);
2283 rtw_mfree(buf, len);
2284 if (ret == _FAIL)
2285 return _FAIL;
2286 rx_ftie = ftie + 4;
2287
2288 if (_rtw_memcmp2(mic, rx_ftie, 16) == 0) {
2289 /* Valid MIC */
2290 return _SUCCESS;
2291 }
2292
2293 /* Invalid MIC */
2294 RTW_INFO("[%s] Invalid MIC\n", __FUNCTION__);
2295 return _FAIL;
2296
2297 }
2298 #endif /* CONFIG_TDLS */
2299
2300 /* Restore HW wep key setting according to key_mask */
rtw_sec_restore_wep_key(_adapter * adapter)2301 void rtw_sec_restore_wep_key(_adapter *adapter)
2302 {
2303 struct security_priv *securitypriv = &(adapter->securitypriv);
2304 sint keyid;
2305
2306 if ((_WEP40_ == securitypriv->dot11PrivacyAlgrthm) || (_WEP104_ == securitypriv->dot11PrivacyAlgrthm)) {
2307 for (keyid = 0; keyid < 4; keyid++) {
2308 if (securitypriv->key_mask & BIT(keyid)) {
2309 if (keyid == securitypriv->dot11PrivacyKeyIndex)
2310 rtw_set_key(adapter, securitypriv, keyid, 1, _FALSE);
2311 else
2312 rtw_set_key(adapter, securitypriv, keyid, 0, _FALSE);
2313 }
2314 }
2315 }
2316 }
2317
rtw_handle_tkip_countermeasure(_adapter * adapter,const char * caller)2318 u8 rtw_handle_tkip_countermeasure(_adapter *adapter, const char *caller)
2319 {
2320 struct security_priv *securitypriv = &(adapter->securitypriv);
2321 u8 status = _SUCCESS;
2322
2323 if (securitypriv->btkip_countermeasure == _TRUE) {
2324 u32 passing_ms = rtw_get_passing_time_ms(securitypriv->btkip_countermeasure_time);
2325 if (passing_ms > 60 * 1000) {
2326 RTW_PRINT("%s("ADPT_FMT") countermeasure time:%ds > 60s\n",
2327 caller, ADPT_ARG(adapter), passing_ms / 1000);
2328 securitypriv->btkip_countermeasure = _FALSE;
2329 securitypriv->btkip_countermeasure_time = 0;
2330 } else {
2331 RTW_PRINT("%s("ADPT_FMT") countermeasure time:%ds < 60s\n",
2332 caller, ADPT_ARG(adapter), passing_ms / 1000);
2333 status = _FAIL;
2334 }
2335 }
2336
2337 return status;
2338 }
2339
2340 #ifdef CONFIG_WOWLAN
rtw_cal_crc16(u8 data,u16 crc)2341 u16 rtw_cal_crc16(u8 data, u16 crc)
2342 {
2343 u8 shift_in, data_bit;
2344 u8 crc_bit4, crc_bit11, crc_bit15;
2345 u16 crc_result;
2346 int index;
2347
2348 for (index = 0; index < 8; index++) {
2349 crc_bit15 = ((crc & BIT15) ? 1 : 0);
2350 data_bit = (data & (BIT0 << index) ? 1 : 0);
2351 shift_in = crc_bit15 ^ data_bit;
2352 /*printf("crc_bit15=%d, DataBit=%d, shift_in=%d\n",
2353 * crc_bit15, data_bit, shift_in);*/
2354
2355 crc_result = crc << 1;
2356
2357 if (shift_in == 0)
2358 crc_result &= (~BIT0);
2359 else
2360 crc_result |= BIT0;
2361 /*printf("CRC =%x\n",CRC_Result);*/
2362
2363 crc_bit11 = ((crc & BIT11) ? 1 : 0) ^ shift_in;
2364
2365 if (crc_bit11 == 0)
2366 crc_result &= (~BIT12);
2367 else
2368 crc_result |= BIT12;
2369
2370 /*printf("bit12 CRC =%x\n",CRC_Result);*/
2371
2372 crc_bit4 = ((crc & BIT4) ? 1 : 0) ^ shift_in;
2373
2374 if (crc_bit4 == 0)
2375 crc_result &= (~BIT5);
2376 else
2377 crc_result |= BIT5;
2378
2379 /* printf("bit5 CRC =%x\n",CRC_Result); */
2380 /* repeat using the last result*/
2381 crc = crc_result;
2382 }
2383 return crc;
2384 }
2385
2386 /*
2387 * function name :rtw_calc_crc
2388 *
2389 * input: char* pattern , pattern size
2390 *
2391 */
rtw_calc_crc(u8 * pdata,int length)2392 u16 rtw_calc_crc(u8 *pdata, int length)
2393 {
2394 u16 crc = 0xffff;
2395 int i;
2396
2397 for (i = 0; i < length; i++)
2398 crc = rtw_cal_crc16(pdata[i], crc);
2399 /* get 1' complement */
2400 crc = ~crc;
2401
2402 return crc;
2403 }
2404 #endif /*CONFIG_WOWLAN*/
2405
rtw_calc_crc32(u8 * data,size_t len)2406 u32 rtw_calc_crc32(u8 *data, size_t len)
2407 {
2408 size_t i;
2409 u32 crc = 0xFFFFFFFF;
2410
2411 if (bcrc32initialized == 0)
2412 crc32_init();
2413
2414 for (i = 0; i < len; i++)
2415 crc = crc32_table[(crc ^ data[i]) & 0xff] ^ (crc >> 8);
2416
2417 /* return 1' complement */
2418 return ~crc;
2419 }
2420
2421
2422 /**
2423 * rtw_gcmp_encrypt -
2424 * @padapter:
2425 * @pxmitframe:
2426 *
2427 */
rtw_gcmp_encrypt(_adapter * padapter,u8 * pxmitframe)2428 u32 rtw_gcmp_encrypt(_adapter *padapter, u8 *pxmitframe)
2429 {
2430 struct xmit_frame *xf = (struct xmit_frame *)pxmitframe;
2431 struct pkt_attrib *pattrib = &xf->attrib;
2432 struct security_priv *psecuritypriv = &padapter->securitypriv;
2433 struct rtw_xmit_req *txreq = NULL;
2434 struct rtw_pkt_buf_list *pkt_list = NULL;
2435 sint curfragnum, plen;
2436 u32 prwskeylen;
2437 u8 *pframe = NULL;
2438 u8 *prwskey = NULL;
2439 u8 hw_hdr_offset = 0;
2440
2441
2442 if ((pattrib->encrypt != _GCMP_) && (pattrib->encrypt != _GCMP_256_))
2443 return _SUCCESS;
2444
2445 /* start to encrypt each fragment */
2446 if (IS_MCAST(pattrib->ra))
2447 prwskey = psecuritypriv->dot118021XGrpKey[psecuritypriv->dot118021XGrpKeyid].skey;
2448 else
2449 prwskey = pattrib->dot118021x_UncstKey.skey;
2450 prwskeylen = (pattrib->encrypt == _GCMP_256_) ? 32 : 16;
2451
2452 for (curfragnum = 0; curfragnum < pattrib->nr_frags; curfragnum++) {
2453 txreq = &xf->phl_txreq[curfragnum];
2454 rtw_warn_on(txreq->pkt_cnt != 1);
2455 pkt_list = (struct rtw_pkt_buf_list *)txreq->pkt_list;
2456 pframe = pkt_list->vir_addr;
2457 plen = pkt_list->length - pattrib->hdrlen
2458 - pattrib->iv_len - pattrib->icv_len;
2459 _rtw_gcmp_encrypt(padapter, prwskey, prwskeylen, pattrib->hdrlen,
2460 pframe, plen);
2461 }
2462
2463 GCMP_SW_ENC_CNT_INC(psecuritypriv, pattrib->ra);
2464
2465 return _SUCCESS;
2466 }
2467
rtw_gcmp_decrypt(_adapter * padapter,u8 * precvframe)2468 u32 rtw_gcmp_decrypt(_adapter *padapter, u8 *precvframe)
2469 {
2470 u32 prwskeylen;
2471 u8 * pframe,*prwskey;
2472 struct sta_info *stainfo;
2473 struct rx_pkt_attrib *prxattrib = &((union recv_frame *)precvframe)->u.hdr.attrib;
2474 struct security_priv *psecuritypriv = &padapter->securitypriv;
2475 u32 res = _SUCCESS;
2476 pframe = (unsigned char *)((union recv_frame *)precvframe)->u.hdr.rx_data;
2477
2478 if ((prxattrib->encrypt == _GCMP_) ||
2479 (prxattrib->encrypt == _GCMP_256_)) {
2480 stainfo = rtw_get_stainfo(&padapter->stapriv, &prxattrib->ta[0]);
2481 if (stainfo != NULL) {
2482 if (IS_MCAST(prxattrib->ra)) {
2483 static systime start = 0;
2484 static u32 no_gkey_bc_cnt = 0;
2485 static u32 no_gkey_mc_cnt = 0;
2486
2487 if ((!MLME_IS_MESH(padapter) && psecuritypriv->binstallGrpkey == _FALSE)
2488 #ifdef CONFIG_RTW_MESH
2489 || !(stainfo->gtk_bmp | BIT(prxattrib->key_index))
2490 #endif
2491 ) {
2492 res = _FAIL;
2493
2494 if (start == 0)
2495 start = rtw_get_current_time();
2496
2497 if (is_broadcast_mac_addr(prxattrib->ra))
2498 no_gkey_bc_cnt++;
2499 else
2500 no_gkey_mc_cnt++;
2501
2502 if (rtw_get_passing_time_ms(start) > 1000) {
2503 if (no_gkey_bc_cnt || no_gkey_mc_cnt) {
2504 RTW_PRINT(FUNC_ADPT_FMT" no_gkey_bc_cnt:%u, no_gkey_mc_cnt:%u\n",
2505 FUNC_ADPT_ARG(padapter), no_gkey_bc_cnt, no_gkey_mc_cnt);
2506 }
2507 start = rtw_get_current_time();
2508 no_gkey_bc_cnt = 0;
2509 no_gkey_mc_cnt = 0;
2510 }
2511
2512 goto exit;
2513 }
2514
2515 if (no_gkey_bc_cnt || no_gkey_mc_cnt) {
2516 RTW_PRINT(FUNC_ADPT_FMT" gkey installed. no_gkey_bc_cnt:%u, no_gkey_mc_cnt:%u\n",
2517 FUNC_ADPT_ARG(padapter), no_gkey_bc_cnt, no_gkey_mc_cnt);
2518 }
2519 start = 0;
2520 no_gkey_bc_cnt = 0;
2521 no_gkey_mc_cnt = 0;
2522
2523 #ifdef CONFIG_RTW_MESH
2524 if (MLME_IS_MESH(padapter)) {
2525 /* TODO: multiple GK? */
2526 prwskey = &stainfo->gtk.skey[0];
2527 } else
2528 #endif
2529 {
2530 prwskey = psecuritypriv->dot118021XGrpKey[prxattrib->key_index].skey;
2531 if (psecuritypriv->dot118021XGrpKeyid != prxattrib->key_index) {
2532 RTW_DBG("not match packet_index=%d, install_index=%d\n"
2533 , prxattrib->key_index, psecuritypriv->dot118021XGrpKeyid);
2534 res = _FAIL;
2535 goto exit;
2536 }
2537 }
2538 } else
2539 prwskey = &stainfo->dot118021x_UncstKey.skey[0];
2540
2541 res = _rtw_gcmp_decrypt(padapter, prwskey,
2542 prxattrib->encrypt == _GCMP_256_ ? 32 : 16,
2543 prxattrib->hdrlen, pframe,
2544 ((union recv_frame *)precvframe)->u.hdr.len);
2545
2546 GCMP_SW_DEC_CNT_INC(psecuritypriv, prxattrib->ra);
2547 } else {
2548 res = _FAIL;
2549 }
2550
2551 }
2552 exit:
2553 return res;
2554 }
2555
2556
2557 #ifdef CONFIG_IEEE80211W
rtw_calculate_bip_mic(enum security_type gmcs,u8 * whdr_pos,s32 len,const u8 * key,const u8 * data,size_t data_len,u8 * mic)2558 u8 rtw_calculate_bip_mic(enum security_type gmcs, u8 *whdr_pos, s32 len,
2559 const u8 *key, const u8 *data, size_t data_len, u8 *mic)
2560 {
2561 u8 res = _SUCCESS;
2562
2563 if (gmcs == _BIP_CMAC_128_) {
2564 if (_bip_ccmp_protect(key, 16, data, data_len, mic) == _FALSE) {
2565 res = _FAIL;
2566 RTW_ERR("%s : _bip_ccmp_protect(128) fail!", __func__);
2567 }
2568 } else if (gmcs == _BIP_CMAC_256_) {
2569 if (_bip_ccmp_protect(key, 32, data, data_len, mic) == _FALSE) {
2570 res = _FAIL;
2571 RTW_ERR("%s : _bip_ccmp_protect(256) fail!", __func__);
2572 }
2573 } else if (gmcs == _BIP_GMAC_128_) {
2574 if (_bip_gcmp_protect(whdr_pos, len, key, 16,
2575 data, data_len, mic) == _FALSE) {
2576 res = _FAIL;
2577 RTW_ERR("%s : _bip_gcmp_protect(128) fail!", __func__);
2578 }
2579 } else if (gmcs == _BIP_GMAC_256_) {
2580 if (_bip_gcmp_protect(whdr_pos, len, key, 32,
2581 data, data_len, mic) == _FALSE) {
2582 res = _FAIL;
2583 RTW_ERR("%s : _bip_gcmp_protect(256) fail!", __func__);
2584 }
2585 } else {
2586 res = _FAIL;
2587 RTW_ERR("%s : unsupport dot11wCipher !\n", __func__);
2588 }
2589
2590 return res;
2591 }
2592
2593
rtw_bip_verify(enum security_type gmcs,u16 pkt_len,u8 * whdr_pos,sint flen,const u8 * key,u16 keyid,u64 * ipn,u8 * precvframe)2594 u32 rtw_bip_verify(enum security_type gmcs, u16 pkt_len,
2595 u8 *whdr_pos, sint flen, const u8 *key, u16 keyid, u64 *ipn,
2596 u8 *precvframe)
2597 {
2598 u8 * BIP_AAD,*mme;
2599 u32 res = _FAIL;
2600 uint len, ori_len;
2601 u16 pkt_keyid = 0;
2602 u64 pkt_ipn = 0;
2603 struct rtw_ieee80211_hdr *pwlanhdr;
2604 u8 mic[16];
2605 u8 mic_len, mme_offset;
2606 struct rx_pkt_attrib *prxattrib = &((union recv_frame *)precvframe)->u.hdr.attrib;
2607
2608 mic_len = (gmcs == _BIP_CMAC_128_) ? 8 : 16;
2609
2610 if (flen < WLAN_HDR_A3_LEN || flen - WLAN_HDR_A3_LEN < mic_len)
2611 return RTW_RX_HANDLED;
2612
2613 mme_offset = (mic_len == 8) ? 18 : 26;
2614 mme = whdr_pos + flen - mme_offset;
2615 if (*mme != _MME_IE_)
2616 return RTW_RX_HANDLED;
2617
2618 /* copy key index */
2619 _rtw_memcpy(&pkt_keyid, mme + 2, 2);
2620 pkt_keyid = le16_to_cpu(pkt_keyid);
2621 if (pkt_keyid != keyid) {
2622 RTW_INFO("BIP key index error!\n");
2623 return _FAIL;
2624 }
2625
2626 /* save packet number */
2627 _rtw_memcpy(&pkt_ipn, mme + 4, 6);
2628 pkt_ipn = le64_to_cpu(pkt_ipn);
2629 /* BIP packet number should bigger than previous BIP packet */
2630 if (pkt_ipn <= *ipn) { /* wrap around? */
2631 RTW_INFO("replay BIP packet\n");
2632 return _FAIL;
2633 }
2634
2635 /*HW decrtped case*/
2636 if (prxattrib->bdecrypted) {
2637 /*Need to record IPN value */
2638 *ipn = pkt_ipn;
2639 return _SUCCESS;
2640 }
2641
2642 ori_len = flen - WLAN_HDR_A3_LEN + BIP_AAD_SIZE;
2643 BIP_AAD = rtw_zmalloc(ori_len);
2644 if (BIP_AAD == NULL) {
2645 RTW_INFO("BIP AAD allocate fail\n");
2646 return _FAIL;
2647 }
2648
2649 /* mapping to wlan header */
2650 pwlanhdr = (struct rtw_ieee80211_hdr *)whdr_pos;
2651
2652 /* save the frame body + MME (w/o mic) */
2653 _rtw_memcpy(BIP_AAD + BIP_AAD_SIZE,
2654 whdr_pos + WLAN_HDR_A3_LEN,
2655 flen - WLAN_HDR_A3_LEN - mic_len);
2656
2657 /* conscruct AAD, copy frame control field */
2658 _rtw_memcpy(BIP_AAD, &pwlanhdr->frame_ctl, 2);
2659 ClearRetry(BIP_AAD);
2660 ClearPwrMgt(BIP_AAD);
2661 ClearMData(BIP_AAD);
2662 /* conscruct AAD, copy address 1 to address 3 */
2663 _rtw_memcpy(BIP_AAD + 2, pwlanhdr->addr1, 18);
2664
2665 if (rtw_calculate_bip_mic(gmcs, whdr_pos,
2666 pkt_len, key, BIP_AAD, ori_len, mic) == _FAIL)
2667 goto BIP_exit;
2668
2669 /* MIC field should be last 8 bytes of packet (packet without FCS) */
2670 if (_rtw_memcmp(mic, whdr_pos + flen - mic_len, mic_len)) {
2671 *ipn = pkt_ipn;
2672 res = _SUCCESS;
2673 } else
2674 RTW_INFO("BIP MIC error!\n");
2675
2676 #if 0
2677 /* management packet content */
2678 {
2679 int pp;
2680 RTW_INFO("pkt: ");
2681 RTW_INFO_DUMP("", whdr_pos, flen);
2682 RTW_INFO("\n");
2683 /* BIP AAD + management frame body + MME(MIC is zero) */
2684 RTW_INFO("AAD+PKT: ");
2685 RTW_INFO_DUMP("", BIP_AAD, ori_len);
2686 RTW_INFO("\n");
2687 /* show the MIC result */
2688 RTW_INFO("mic: ");
2689 RTW_INFO_DUMP("", mic, mic_len);
2690 RTW_INFO("\n");
2691 }
2692 #endif
2693
2694 BIP_exit:
2695
2696 rtw_mfree(BIP_AAD, ori_len);
2697 return res;
2698 }
2699
2700 #endif /* CONFIG_IEEE80211W */
2701
rtw_iv_to_pn(u8 * iv,u8 * pn,u8 * key_id,u32 enc_algo)2702 u8 rtw_iv_to_pn(u8 *iv, u8 *pn, u8 *key_id, u32 enc_algo)
2703 {
2704 /* iv and pn must be Little Endian format */
2705 switch (enc_algo) {
2706 case _TKIP_:
2707 *(pn) = *(iv + 2);
2708 *(pn + 1) = *(iv);
2709 break;
2710 case _AES_:
2711 case _GCMP_:
2712 case _CCMP_256_:
2713 case _GCMP_256_:
2714 *(pn) = *(iv);
2715 *(pn + 1) = *(iv + 1);
2716 break;
2717 default:
2718 return _FAIL;
2719 }
2720
2721 *(pn + 2) = *(iv + 4);
2722 *(pn + 3) = *(iv + 5);
2723 *(pn + 4) = *(iv + 6);
2724 *(pn + 5) = *(iv + 7);
2725
2726 if (key_id)
2727 *key_id = *(iv + 3) >> 6;
2728
2729 return _SUCCESS;
2730 }
2731
rtw_pn_to_iv(u8 * pn,u8 * iv,u8 key_id,u32 enc_algo)2732 u8 rtw_pn_to_iv(u8 *pn, u8 *iv, u8 key_id, u32 enc_algo)
2733 {
2734 /* iv and pn must be Little Endian format */
2735 switch (enc_algo) {
2736 case _TKIP_:
2737 *(iv) = *(pn + 1);
2738 *(iv + 1) = (*(pn + 1) | 0x20) & 0x7F;
2739 *(iv + 2) = *(pn);
2740 break;
2741 case _AES_:
2742 case _GCMP_:
2743 case _CCMP_256_:
2744 case _GCMP_256_:
2745 *(iv) = *(pn);
2746 *(iv + 1) = *(pn + 1);
2747 *(iv + 2) = 0;
2748 break;
2749 default:
2750 return _FAIL;
2751 }
2752
2753 *(iv + 3) = BIT(5) | ((key_id & 0x3) << 6);
2754 *(iv + 4) = *(pn + 2);
2755 *(iv + 5) = *(pn + 3);
2756 *(iv + 6) = *(pn + 4);
2757 *(iv + 7) = *(pn + 5);
2758
2759 return _SUCCESS;
2760 }
2761
2762