staging/rtl8712/rtl871x_security.c

0001 // SPDX-License-Identifier: GPL-2.0
0002 /******************************************************************************
0003  * rtl871x_security.c
0004  *
0005  * Copyright(c) 2007 - 2010 Realtek Corporation. All rights reserved.
0006  * Linux device driver for RTL8192SU
0007  *
0008  * Modifications for inclusion into the Linux staging tree are
0009  * Copyright(c) 2010 Larry Finger. All rights reserved.
0010  *
0011  * Contact information:
0012  * WLAN FAE <wlanfae@realtek.com>
0013  * Larry Finger <Larry.Finger@lwfinger.net>
0014  *
0015  ******************************************************************************/
0016
0017 #define  _RTL871X_SECURITY_C_
0018
0019 #include <linux/compiler.h>
0020 #include <linux/kernel.h>
0021 #include <linux/errno.h>
0022 #include <linux/slab.h>
0023 #include <linux/module.h>
0024 #include <linux/kref.h>
0025 #include <linux/netdevice.h>
0026 #include <linux/skbuff.h>
0027 #include <linux/circ_buf.h>
0028 #include <linux/uaccess.h>
0029 #include <asm/byteorder.h>
0030 #include <linux/atomic.h>
0031 #include <linux/crc32poly.h>
0032 #include <linux/semaphore.h>
0033 #include <linux/ieee80211.h>
0034
0035 #include "osdep_service.h"
0036 #include "drv_types.h"
0037 #include "osdep_intf.h"
0038
0039 /* =====WEP related===== */
0040
0041 struct arc4context {
0042     u32 x;
0043     u32 y;
0044     u8 state[256];
0045 };
0046
0047 static void arcfour_init(struct arc4context *parc4ctx, u8 *key, u32 key_len)
0048 {
0049     u32 t, u;
0050     u32 keyindex;
0051     u32 stateindex;
0052     u8 *state;
0053     u32 counter;
0054
0055     state = parc4ctx->state;
0056     parc4ctx->x = 0;
0057     parc4ctx->y = 0;
0058     for (counter = 0; counter < 256; counter++)
0059         state[counter] = (u8)counter;
0060     keyindex = 0;
0061     stateindex = 0;
0062     for (counter = 0; counter < 256; counter++) {
0063         t = state[counter];
0064         stateindex = (stateindex + key[keyindex] + t) & 0xff;
0065         u = state[stateindex];
0066         state[stateindex] = (u8)t;
0067         state[counter] = (u8)u;
0068         if (++keyindex >= key_len)
0069             keyindex = 0;
0070     }
0071 }
0072
0073 static u32 arcfour_byte(struct arc4context *parc4ctx)
0074 {
0075     u32 x;
0076     u32 y;
0077     u32 sx, sy;
0078     u8 *state;
0079
0080     state = parc4ctx->state;
0081     x = (parc4ctx->x + 1) & 0xff;
0082     sx = state[x];
0083     y = (sx + parc4ctx->y) & 0xff;
0084     sy = state[y];
0085     parc4ctx->x = x;
0086     parc4ctx->y = y;
0087     state[y] = (u8)sx;
0088     state[x] = (u8)sy;
0089     return state[(sx + sy) & 0xff];
0090 }
0091
0092 static void arcfour_encrypt(struct arc4context  *parc4ctx,
0093              u8 *dest, u8 *src, u32 len)
0094 {
0095     u32 i;
0096
0097     for (i = 0; i < len; i++)
0098         dest[i] = src[i] ^ (unsigned char)arcfour_byte(parc4ctx);
0099 }
0100
0101 static sint bcrc32initialized;
0102 static u32 crc32_table[256];
0103
0104 static u8 crc32_reverseBit(u8 data)
0105 {
0106     return ((u8)(data << 7) & 0x80) | ((data << 5) & 0x40) | ((data << 3)
0107          & 0x20) | ((data << 1) & 0x10) | ((data >> 1) & 0x08) |
0108          ((data >> 3) & 0x04) | ((data >> 5) & 0x02) | ((data >> 7) &
0109          0x01);
0110 }
0111
0112 static void crc32_init(void)
0113 {
0114     sint i, j;
0115     u32 c;
0116     u8 *p = (u8 *)&c, *p1;
0117     u8 k;
0118
0119     if (bcrc32initialized == 1)
0120         return;
0121
0122     for (i = 0; i < 256; ++i) {
0123         k = crc32_reverseBit((u8)i);
0124         for (c = ((u32)k) << 24, j = 8; j > 0; --j)
0125             c = c & 0x80000000 ? (c << 1) ^ CRC32_POLY_BE : (c << 1);
0126         p1 = (u8 *)&crc32_table[i];
0127         p1[0] = crc32_reverseBit(p[3]);
0128         p1[1] = crc32_reverseBit(p[2]);
0129         p1[2] = crc32_reverseBit(p[1]);
0130         p1[3] = crc32_reverseBit(p[0]);
0131     }
0132     bcrc32initialized = 1;
0133 }
0134
0135 static u32 getcrc32(u8 *buf, u32 len)
0136 {
0137     u8 *p;
0138     u32  crc;
0139
0140     if (!bcrc32initialized)
0141         crc32_init();
0142     crc = 0xffffffff; /* preload shift register, per CRC-32 spec */
0143     for (p = buf; len > 0; ++p, --len)
0144         crc = crc32_table[(crc ^ *p) & 0xff] ^ (crc >> 8);
0145     return ~crc;    /* transmit complement, per CRC-32 spec */
0146 }
0147
0148 /*
0149  * Need to consider the fragment situation
0150  */
0151 void r8712_wep_encrypt(struct _adapter *padapter, u8 *pxmitframe)
0152 {   /* exclude ICV */
0153     unsigned char   crc[4];
0154     struct arc4context  mycontext;
0155     u32 curfragnum, length, keylength, pki;
0156     u8 *pframe, *payload, *iv;    /*,*wepkey*/
0157     u8 wepkey[16];
0158     struct  pkt_attrib  *pattrib = &((struct xmit_frame *)
0159                        pxmitframe)->attrib;
0160     struct  security_priv *psecuritypriv = &padapter->securitypriv;
0161     struct  xmit_priv *pxmitpriv = &padapter->xmitpriv;
0162
0163     if (((struct xmit_frame *)pxmitframe)->buf_addr == NULL)
0164         return;
0165     pframe = ((struct xmit_frame *)pxmitframe)->buf_addr + TXDESC_OFFSET;
0166     /*start to encrypt each fragment*/
0167     if ((pattrib->encrypt == _WEP40_) || (pattrib->encrypt == _WEP104_)) {
0168         pki = psecuritypriv->PrivacyKeyIndex;
0169         keylength = psecuritypriv->DefKeylen[pki];
0170         for (curfragnum = 0; curfragnum < pattrib->nr_frags;
0171              curfragnum++) {
0172             iv = pframe + pattrib->hdrlen;
0173             memcpy(&wepkey[0], iv, 3);
0174             memcpy(&wepkey[3], &psecuritypriv->DefKey[
0175                 psecuritypriv->PrivacyKeyIndex].skey[0],
0176                 keylength);
0177             payload = pframe + pattrib->iv_len + pattrib->hdrlen;
0178             if ((curfragnum + 1) == pattrib->nr_frags) {
0179                 length = pattrib->last_txcmdsz -
0180                     pattrib->hdrlen -
0181                     pattrib->iv_len -
0182                     pattrib->icv_len;
0183                 *((__le32 *)crc) = cpu_to_le32(getcrc32(
0184                         payload, length));
0185                 arcfour_init(&mycontext, wepkey, 3 + keylength);
0186                 arcfour_encrypt(&mycontext, payload, payload,
0187                         length);
0188                 arcfour_encrypt(&mycontext, payload + length,
0189                         crc, 4);
0190             } else {
0191                 length = pxmitpriv->frag_len -
0192                      pattrib->hdrlen - pattrib->iv_len -
0193                      pattrib->icv_len;
0194                 *((__le32 *)crc) = cpu_to_le32(getcrc32(
0195                         payload, length));
0196                 arcfour_init(&mycontext, wepkey, 3 + keylength);
0197                 arcfour_encrypt(&mycontext, payload, payload,
0198                         length);
0199                 arcfour_encrypt(&mycontext, payload + length,
0200                         crc, 4);
0201                 pframe += pxmitpriv->frag_len;
0202                 pframe = (u8 *)RND4((addr_t)(pframe));
0203             }
0204         }
0205     }
0206 }
0207
0208 void r8712_wep_decrypt(struct _adapter  *padapter, u8 *precvframe)
0209 {
0210     /* exclude ICV */
0211     u8 crc[4];
0212     struct arc4context  mycontext;
0213     u32 length, keylength;
0214     u8 *pframe, *payload, *iv, wepkey[16];
0215     u8  keyindex;
0216     struct rx_pkt_attrib  *prxattrib = &(((union recv_frame *)
0217                       precvframe)->u.hdr.attrib);
0218     struct security_priv *psecuritypriv = &padapter->securitypriv;
0219
0220     pframe = (unsigned char *)((union recv_frame *)precvframe)->
0221           u.hdr.rx_data;
0222     /* start to decrypt recvframe */
0223     if ((prxattrib->encrypt == _WEP40_) || (prxattrib->encrypt ==
0224          _WEP104_)) {
0225         iv = pframe + prxattrib->hdrlen;
0226         keyindex = (iv[3] & 0x3);
0227         keylength = psecuritypriv->DefKeylen[keyindex];
0228         memcpy(&wepkey[0], iv, 3);
0229         memcpy(&wepkey[3], &psecuritypriv->DefKey[
0230             psecuritypriv->PrivacyKeyIndex].skey[0],
0231             keylength);
0232         length = ((union recv_frame *)precvframe)->
0233                u.hdr.len - prxattrib->hdrlen - prxattrib->iv_len;
0234         payload = pframe + prxattrib->iv_len + prxattrib->hdrlen;
0235         /* decrypt payload include icv */
0236         arcfour_init(&mycontext, wepkey, 3 + keylength);
0237         arcfour_encrypt(&mycontext, payload, payload,  length);
0238         /* calculate icv and compare the icv */
0239         *((__le32 *)crc) = cpu_to_le32(getcrc32(payload, length - 4));
0240     }
0241 }
0242
0243 /* 3 =====TKIP related===== */
0244
0245 static u32 secmicgetuint32(u8 *p)
0246 /* Convert from Byte[] to Us4Byte32 in a portable way */
0247 {
0248     s32 i;
0249     u32 res = 0;
0250
0251     for (i = 0; i < 4; i++)
0252         res |= ((u32)(*p++)) << (8 * i);
0253     return res;
0254 }
0255
0256 static void secmicputuint32(u8 *p, u32 val)
0257 /* Convert from Us4Byte32 to Byte[] in a portable way */
0258 {
0259     long i;
0260
0261     for (i = 0; i < 4; i++) {
0262         *p++ = (u8)(val & 0xff);
0263         val >>= 8;
0264     }
0265 }
0266
0267 static void secmicclear(struct mic_data *pmicdata)
0268 {
0269 /* Reset the state to the empty message. */
0270     pmicdata->L = pmicdata->K0;
0271     pmicdata->R = pmicdata->K1;
0272     pmicdata->nBytesInM = 0;
0273     pmicdata->M = 0;
0274 }
0275
0276 void r8712_secmicsetkey(struct mic_data *pmicdata, u8 *key)
0277 {
0278     /* Set the key */
0279     pmicdata->K0 = secmicgetuint32(key);
0280     pmicdata->K1 = secmicgetuint32(key + 4);
0281     /* and reset the message */
0282     secmicclear(pmicdata);
0283 }
0284
0285 static void secmicappendbyte(struct mic_data *pmicdata, u8 b)
0286 {
0287     /* Append the byte to our word-sized buffer */
0288     pmicdata->M |= ((u32)b) << (8 * pmicdata->nBytesInM);
0289     pmicdata->nBytesInM++;
0290     /* Process the word if it is full. */
0291     if (pmicdata->nBytesInM >= 4) {
0292         pmicdata->L ^= pmicdata->M;
0293         pmicdata->R ^= ROL32(pmicdata->L, 17);
0294         pmicdata->L += pmicdata->R;
0295         pmicdata->R ^= ((pmicdata->L & 0xff00ff00) >> 8) |
0296                    ((pmicdata->L & 0x00ff00ff) << 8);
0297         pmicdata->L += pmicdata->R;
0298         pmicdata->R ^= ROL32(pmicdata->L, 3);
0299         pmicdata->L += pmicdata->R;
0300         pmicdata->R ^= ROR32(pmicdata->L, 2);
0301         pmicdata->L += pmicdata->R;
0302         /* Clear the buffer */
0303         pmicdata->M = 0;
0304         pmicdata->nBytesInM = 0;
0305     }
0306 }
0307
0308 void r8712_secmicappend(struct mic_data *pmicdata, u8 *src, u32 nbytes)
0309 {
0310     /* This is simple */
0311     while (nbytes > 0) {
0312         secmicappendbyte(pmicdata, *src++);
0313         nbytes--;
0314     }
0315 }
0316
0317 void r8712_secgetmic(struct mic_data *pmicdata, u8 *dst)
0318 {
0319     /* Append the minimum padding */
0320     secmicappendbyte(pmicdata, 0x5a);
0321     secmicappendbyte(pmicdata, 0);
0322     secmicappendbyte(pmicdata, 0);
0323     secmicappendbyte(pmicdata, 0);
0324     secmicappendbyte(pmicdata, 0);
0325     /* and then zeroes until the length is a multiple of 4 */
0326     while (pmicdata->nBytesInM != 0)
0327         secmicappendbyte(pmicdata, 0);
0328     /* The appendByte function has already computed the result. */
0329     secmicputuint32(dst, pmicdata->L);
0330     secmicputuint32(dst + 4, pmicdata->R);
0331     /* Reset to the empty message. */
0332     secmicclear(pmicdata);
0333 }
0334
0335 void seccalctkipmic(u8 *key, u8 *header, u8 *data, u32 data_len, u8 *mic_code,
0336             u8 pri)
0337 {
0338
0339     struct mic_data micdata;
0340     u8 priority[4] = {0x0, 0x0, 0x0, 0x0};
0341
0342     r8712_secmicsetkey(&micdata, key);
0343     priority[0] = pri;
0344     /* Michael MIC pseudo header: DA, SA, 3 x 0, Priority */
0345     if (header[1] & 1) {   /* ToDS==1 */
0346         r8712_secmicappend(&micdata, &header[16], 6);  /* DA */
0347         if (header[1] & 2)  /* From Ds==1 */
0348             r8712_secmicappend(&micdata, &header[24], 6);
0349         else
0350             r8712_secmicappend(&micdata, &header[10], 6);
0351     } else {    /* ToDS==0 */
0352         r8712_secmicappend(&micdata, &header[4], 6);   /* DA */
0353         if (header[1] & 2)  /* From Ds==1 */
0354             r8712_secmicappend(&micdata, &header[16], 6);
0355         else
0356             r8712_secmicappend(&micdata, &header[10], 6);
0357     }
0358     r8712_secmicappend(&micdata, &priority[0], 4);
0359     r8712_secmicappend(&micdata, data, data_len);
0360     r8712_secgetmic(&micdata, mic_code);
0361 }
0362
0363 /* macros for extraction/creation of unsigned char/unsigned short values  */
0364 #define RotR1(v16)   ((((v16) >> 1) & 0x7FFF) ^ (((v16) & 1) << 15))
0365 #define   Lo8(v16)   ((u8)((v16) & 0x00FF))
0366 #define   Hi8(v16)   ((u8)(((v16) >> 8) & 0x00FF))
0367 #define  Lo16(v32)   ((u16)((v32) & 0xFFFF))
0368 #define  Hi16(v32)   ((u16)(((v32) >> 16) & 0xFFFF))
0369 #define  Mk16(hi, lo) ((lo) ^ (((u16)(hi)) << 8))
0370
0371 /* select the Nth 16-bit word of the temporal key unsigned char array TK[]   */
0372 #define  TK16(N)  Mk16(tk[2 * (N) + 1], tk[2 * (N)])
0373
0374 /* S-box lookup: 16 bits --> 16 bits */
0375 #define _S_(v16)  (Sbox1[0][Lo8(v16)] ^ Sbox1[1][Hi8(v16)])
0376
0377 /* fixed algorithm "parameters" */
0378 #define PHASE1_LOOP_CNT   8    /* this needs to be "big enough"     */
0379 #define TA_SIZE           6    /*  48-bit transmitter address       */
0380 #define TK_SIZE          16    /* 128-bit temporal key              */
0381 #define P1K_SIZE         10    /*  80-bit Phase1 key                */
0382 #define RC4_KEY_SIZE     16    /* 128-bit RC4KEY (104 bits unknown) */
0383
0384 /* 2-unsigned char by 2-unsigned char subset of the full AES S-box table */
0385 static const unsigned short Sbox1[2][256] = {/* Sbox for hash (can be in ROM) */
0386     {
0387     0xC6A5, 0xF884, 0xEE99, 0xF68D, 0xFF0D, 0xD6BD, 0xDEB1, 0x9154,
0388     0x6050, 0x0203, 0xCEA9, 0x567D, 0xE719, 0xB562, 0x4DE6, 0xEC9A,
0389     0x8F45, 0x1F9D, 0x8940, 0xFA87, 0xEF15, 0xB2EB, 0x8EC9, 0xFB0B,
0390     0x41EC, 0xB367, 0x5FFD, 0x45EA, 0x23BF, 0x53F7, 0xE496, 0x9B5B,
0391     0x75C2, 0xE11C, 0x3DAE, 0x4C6A, 0x6C5A, 0x7E41, 0xF502, 0x834F,
0392     0x685C, 0x51F4, 0xD134, 0xF908, 0xE293, 0xAB73, 0x6253, 0x2A3F,
0393     0x080C, 0x9552, 0x4665, 0x9D5E, 0x3028, 0x37A1, 0x0A0F, 0x2FB5,
0394     0x0E09, 0x2436, 0x1B9B, 0xDF3D, 0xCD26, 0x4E69, 0x7FCD, 0xEA9F,
0395     0x121B, 0x1D9E, 0x5874, 0x342E, 0x362D, 0xDCB2, 0xB4EE, 0x5BFB,
0396     0xA4F6, 0x764D, 0xB761, 0x7DCE, 0x527B, 0xDD3E, 0x5E71, 0x1397,
0397     0xA6F5, 0xB968, 0x0000, 0xC12C, 0x4060, 0xE31F, 0x79C8, 0xB6ED,
0398     0xD4BE, 0x8D46, 0x67D9, 0x724B, 0x94DE, 0x98D4, 0xB0E8, 0x854A,
0399     0xBB6B, 0xC52A, 0x4FE5, 0xED16, 0x86C5, 0x9AD7, 0x6655, 0x1194,
0400     0x8ACF, 0xE910, 0x0406, 0xFE81, 0xA0F0, 0x7844, 0x25BA, 0x4BE3,
0401     0xA2F3, 0x5DFE, 0x80C0, 0x058A, 0x3FAD, 0x21BC, 0x7048, 0xF104,
0402     0x63DF, 0x77C1, 0xAF75, 0x4263, 0x2030, 0xE51A, 0xFD0E, 0xBF6D,
0403     0x814C, 0x1814, 0x2635, 0xC32F, 0xBEE1, 0x35A2, 0x88CC, 0x2E39,
0404     0x9357, 0x55F2, 0xFC82, 0x7A47, 0xC8AC, 0xBAE7, 0x322B, 0xE695,
0405     0xC0A0, 0x1998, 0x9ED1, 0xA37F, 0x4466, 0x547E, 0x3BAB, 0x0B83,
0406     0x8CCA, 0xC729, 0x6BD3, 0x283C, 0xA779, 0xBCE2, 0x161D, 0xAD76,
0407     0xDB3B, 0x6456, 0x744E, 0x141E, 0x92DB, 0x0C0A, 0x486C, 0xB8E4,
0408     0x9F5D, 0xBD6E, 0x43EF, 0xC4A6, 0x39A8, 0x31A4, 0xD337, 0xF28B,
0409     0xD532, 0x8B43, 0x6E59, 0xDAB7, 0x018C, 0xB164, 0x9CD2, 0x49E0,
0410     0xD8B4, 0xACFA, 0xF307, 0xCF25, 0xCAAF, 0xF48E, 0x47E9, 0x1018,
0411     0x6FD5, 0xF088, 0x4A6F, 0x5C72, 0x3824, 0x57F1, 0x73C7, 0x9751,
0412     0xCB23, 0xA17C, 0xE89C, 0x3E21, 0x96DD, 0x61DC, 0x0D86, 0x0F85,
0413     0xE090, 0x7C42, 0x71C4, 0xCCAA, 0x90D8, 0x0605, 0xF701, 0x1C12,
0414     0xC2A3, 0x6A5F, 0xAEF9, 0x69D0, 0x1791, 0x9958, 0x3A27, 0x27B9,
0415     0xD938, 0xEB13, 0x2BB3, 0x2233, 0xD2BB, 0xA970, 0x0789, 0x33A7,
0416     0x2DB6, 0x3C22, 0x1592, 0xC920, 0x8749, 0xAAFF, 0x5078, 0xA57A,
0417     0x038F, 0x59F8, 0x0980, 0x1A17, 0x65DA, 0xD731, 0x84C6, 0xD0B8,
0418     0x82C3, 0x29B0, 0x5A77, 0x1E11, 0x7BCB, 0xA8FC, 0x6DD6, 0x2C3A,
0419     },
0420     {  /* second half is unsigned char-reversed version of first! */
0421     0xA5C6, 0x84F8, 0x99EE, 0x8DF6, 0x0DFF, 0xBDD6, 0xB1DE, 0x5491,
0422     0x5060, 0x0302, 0xA9CE, 0x7D56, 0x19E7, 0x62B5, 0xE64D, 0x9AEC,
0423     0x458F, 0x9D1F, 0x4089, 0x87FA, 0x15EF, 0xEBB2, 0xC98E, 0x0BFB,
0424     0xEC41, 0x67B3, 0xFD5F, 0xEA45, 0xBF23, 0xF753, 0x96E4, 0x5B9B,
0425     0xC275, 0x1CE1, 0xAE3D, 0x6A4C, 0x5A6C, 0x417E, 0x02F5, 0x4F83,
0426     0x5C68, 0xF451, 0x34D1, 0x08F9, 0x93E2, 0x73AB, 0x5362, 0x3F2A,
0427     0x0C08, 0x5295, 0x6546, 0x5E9D, 0x2830, 0xA137, 0x0F0A, 0xB52F,
0428     0x090E, 0x3624, 0x9B1B, 0x3DDF, 0x26CD, 0x694E, 0xCD7F, 0x9FEA,
0429     0x1B12, 0x9E1D, 0x7458, 0x2E34, 0x2D36, 0xB2DC, 0xEEB4, 0xFB5B,
0430     0xF6A4, 0x4D76, 0x61B7, 0xCE7D, 0x7B52, 0x3EDD, 0x715E, 0x9713,
0431     0xF5A6, 0x68B9, 0x0000, 0x2CC1, 0x6040, 0x1FE3, 0xC879, 0xEDB6,
0432     0xBED4, 0x468D, 0xD967, 0x4B72, 0xDE94, 0xD498, 0xE8B0, 0x4A85,
0433     0x6BBB, 0x2AC5, 0xE54F, 0x16ED, 0xC586, 0xD79A, 0x5566, 0x9411,
0434     0xCF8A, 0x10E9, 0x0604, 0x81FE, 0xF0A0, 0x4478, 0xBA25, 0xE34B,
0435     0xF3A2, 0xFE5D, 0xC080, 0x8A05, 0xAD3F, 0xBC21, 0x4870, 0x04F1,
0436     0xDF63, 0xC177, 0x75AF, 0x6342, 0x3020, 0x1AE5, 0x0EFD, 0x6DBF,
0437     0x4C81, 0x1418, 0x3526, 0x2FC3, 0xE1BE, 0xA235, 0xCC88, 0x392E,
0438     0x5793, 0xF255, 0x82FC, 0x477A, 0xACC8, 0xE7BA, 0x2B32, 0x95E6,
0439     0xA0C0, 0x9819, 0xD19E, 0x7FA3, 0x6644, 0x7E54, 0xAB3B, 0x830B,
0440     0xCA8C, 0x29C7, 0xD36B, 0x3C28, 0x79A7, 0xE2BC, 0x1D16, 0x76AD,
0441     0x3BDB, 0x5664, 0x4E74, 0x1E14, 0xDB92, 0x0A0C, 0x6C48, 0xE4B8,
0442     0x5D9F, 0x6EBD, 0xEF43, 0xA6C4, 0xA839, 0xA431, 0x37D3, 0x8BF2,
0443     0x32D5, 0x438B, 0x596E, 0xB7DA, 0x8C01, 0x64B1, 0xD29C, 0xE049,
0444     0xB4D8, 0xFAAC, 0x07F3, 0x25CF, 0xAFCA, 0x8EF4, 0xE947, 0x1810,
0445     0xD56F, 0x88F0, 0x6F4A, 0x725C, 0x2438, 0xF157, 0xC773, 0x5197,
0446     0x23CB, 0x7CA1, 0x9CE8, 0x213E, 0xDD96, 0xDC61, 0x860D, 0x850F,
0447     0x90E0, 0x427C, 0xC471, 0xAACC, 0xD890, 0x0506, 0x01F7, 0x121C,
0448     0xA3C2, 0x5F6A, 0xF9AE, 0xD069, 0x9117, 0x5899, 0x273A, 0xB927,
0449     0x38D9, 0x13EB, 0xB32B, 0x3322, 0xBBD2, 0x70A9, 0x8907, 0xA733,
0450     0xB62D, 0x223C, 0x9215, 0x20C9, 0x4987, 0xFFAA, 0x7850, 0x7AA5,
0451     0x8F03, 0xF859, 0x8009, 0x171A, 0xDA65, 0x31D7, 0xC684, 0xB8D0,
0452     0xC382, 0xB029, 0x775A, 0x111E, 0xCB7B, 0xFCA8, 0xD66D, 0x3A2C,
0453     }
0454 };
0455
0456 /*
0457  **********************************************************************
0458  * Routine: Phase 1 -- generate P1K, given TA, TK, IV32
0459  *
0460  * Inputs:
0461  *     tk[]      = temporal key                         [128 bits]
0462  *     ta[]      = transmitter's MAC address            [ 48 bits]
0463  *     iv32      = upper 32 bits of IV                  [ 32 bits]
0464  * Output:
0465  *     p1k[]     = Phase 1 key                          [ 80 bits]
0466  *
0467  * Note:
0468  *     This function only needs to be called every 2**16 packets,
0469  *     although in theory it could be called every packet.
0470  *
0471  **********************************************************************
0472  */
0473 static void phase1(u16 *p1k, const u8 *tk, const u8 *ta, u32 iv32)
0474 {
0475     sint  i;
0476
0477     /* Initialize the 80 bits of P1K[] from IV32 and TA[0..5]     */
0478     p1k[0] = Lo16(iv32);
0479     p1k[1] = Hi16(iv32);
0480     p1k[2] = Mk16(ta[1], ta[0]); /* use TA[] as little-endian */
0481     p1k[3] = Mk16(ta[3], ta[2]);
0482     p1k[4] = Mk16(ta[5], ta[4]);
0483     /* Now compute an unbalanced Feistel cipher with 80-bit block */
0484     /* size on the 80-bit block P1K[], using the 128-bit key TK[] */
0485     for (i = 0; i < PHASE1_LOOP_CNT; i++) {  /* Each add is mod 2**16 */
0486         p1k[0] += _S_(p1k[4] ^ TK16((i & 1) + 0));
0487         p1k[1] += _S_(p1k[0] ^ TK16((i & 1) + 2));
0488         p1k[2] += _S_(p1k[1] ^ TK16((i & 1) + 4));
0489         p1k[3] += _S_(p1k[2] ^ TK16((i & 1) + 6));
0490         p1k[4] += _S_(p1k[3] ^ TK16((i & 1) + 0));
0491         p1k[4] +=  (unsigned short)i;   /* avoid "slide attacks" */
0492     }
0493 }
0494
0495 /*
0496  **********************************************************************
0497  * Routine: Phase 2 -- generate RC4KEY, given TK, P1K, IV16
0498  *
0499  * Inputs:
0500  *     tk[]      = Temporal key                         [128 bits]
0501  *     p1k[]     = Phase 1 output key                   [ 80 bits]
0502  *     iv16      = low 16 bits of IV counter            [ 16 bits]
0503  * Output:
0504  *     rc4key[]  = the key used to encrypt the packet   [128 bits]
0505  *
0506  * Note:
0507  *     The value {TA,IV32,IV16} for Phase1/Phase2 must be unique
0508  *     across all packets using the same key TK value. Then, for a
0509  *     given value of TK[], this TKIP48 construction guarantees that
0510  *     the final RC4KEY value is unique across all packets.
0511  *
0512  * Suggested implementation optimization: if PPK[] is "overlaid"
0513  *     appropriately on RC4KEY[], there is no need for the final
0514  *     for loop below that copies the PPK[] result into RC4KEY[].
0515  *
0516  **********************************************************************
0517  */
0518 static void phase2(u8 *rc4key, const u8 *tk, const u16 *p1k, u16 iv16)
0519 {
0520     sint  i;
0521     u16 PPK[6];         /* temporary key for mixing    */
0522
0523     /* Note: all adds in the PPK[] equations below are mod 2**16 */
0524     for (i = 0; i < 5; i++)
0525         PPK[i] = p1k[i]; /* first, copy P1K to PPK */
0526     PPK[5]  =  p1k[4] + iv16; /* next,  add in IV16 */
0527     /* Bijective non-linear mixing of the 96 bits of PPK[0..5] */
0528     PPK[0] += _S_(PPK[5] ^ TK16(0));   /* Mix key in each "round" */
0529     PPK[1] += _S_(PPK[0] ^ TK16(1));
0530     PPK[2] += _S_(PPK[1] ^ TK16(2));
0531     PPK[3] += _S_(PPK[2] ^ TK16(3));
0532     PPK[4] += _S_(PPK[3] ^ TK16(4));
0533     PPK[5] += _S_(PPK[4] ^ TK16(5));   /* Total # S-box lookups == 6  */
0534     /* Final sweep: bijective, "linear". Rotates kill LSB correlations   */
0535     PPK[0] +=  RotR1(PPK[5] ^ TK16(6));
0536     PPK[1] +=  RotR1(PPK[0] ^ TK16(7));   /* Use all of TK[] in Phase2   */
0537     PPK[2] +=  RotR1(PPK[1]);
0538     PPK[3] +=  RotR1(PPK[2]);
0539     PPK[4] +=  RotR1(PPK[3]);
0540     PPK[5] +=  RotR1(PPK[4]);
0541     /* Note: At this point, for a given key TK[0..15], the 96-bit output */
0542     /* value PPK[0..5] is guaranteed to be unique, as a function   */
0543     /* of the 96-bit "input" value   {TA,IV32,IV16}. That is, P1K  */
0544     /* is now a keyed permutation of {TA,IV32,IV16}. */
0545     /* Set RC4KEY[0..3], which includes "cleartext" portion of RC4 key   */
0546     rc4key[0] = Hi8(iv16); /* RC4KEY[0..2] is the WEP IV  */
0547     rc4key[1] = (Hi8(iv16) | 0x20) & 0x7F; /* Help avoid weak (FMS) keys  */
0548     rc4key[2] = Lo8(iv16);
0549     rc4key[3] = Lo8((PPK[5] ^ TK16(0)) >> 1);
0550     /* Copy 96 bits of PPK[0..5] to RC4KEY[4..15]  (little-endian) */
0551     for (i = 0; i < 6; i++) {
0552         rc4key[4 + 2 * i] = Lo8(PPK[i]);
0553         rc4key[5 + 2 * i] = Hi8(PPK[i]);
0554     }
0555 }
0556
0557 /*The hlen isn't include the IV*/
0558 u32 r8712_tkip_encrypt(struct _adapter *padapter, u8 *pxmitframe)
0559 {   /*  exclude ICV */
0560     u16 pnl;
0561     u32 pnh;
0562     u8 rc4key[16];
0563     u8 ttkey[16];
0564     u8 crc[4];
0565     struct arc4context mycontext;
0566     u32 curfragnum, length;
0567
0568     u8 *pframe, *payload, *iv, *prwskey;
0569     union pn48 txpn;
0570     struct sta_info *stainfo;
0571     struct pkt_attrib *pattrib = &((struct xmit_frame *)pxmitframe)->attrib;
0572     struct xmit_priv *pxmitpriv = &padapter->xmitpriv;
0573     u32 res = _SUCCESS;
0574
0575     if (((struct xmit_frame *)pxmitframe)->buf_addr == NULL)
0576         return _FAIL;
0577
0578     pframe = ((struct xmit_frame *)pxmitframe)->buf_addr + TXDESC_OFFSET;
0579     /* 4 start to encrypt each fragment */
0580     if (pattrib->encrypt == _TKIP_) {
0581         if (pattrib->psta)
0582             stainfo = pattrib->psta;
0583         else
0584             stainfo = r8712_get_stainfo(&padapter->stapriv,
0585                   &pattrib->ra[0]);
0586         if (stainfo) {
0587             prwskey = &stainfo->x_UncstKey.skey[0];
0588             for (curfragnum = 0; curfragnum < pattrib->nr_frags;
0589                  curfragnum++) {
0590                 iv = pframe + pattrib->hdrlen;
0591                 payload = pframe + pattrib->iv_len +
0592                       pattrib->hdrlen;
0593                 GET_TKIP_PN(iv, txpn);
0594                 pnl = (u16)(txpn.val);
0595                 pnh = (u32)(txpn.val >> 16);
0596                 phase1((u16 *)&ttkey[0], prwskey,
0597                        &pattrib->ta[0], pnh);
0598                 phase2(&rc4key[0], prwskey, (u16 *)&ttkey[0],
0599                        pnl);
0600                 if ((curfragnum + 1) == pattrib->nr_frags) {
0601                     /* 4 the last fragment */
0602                     length = pattrib->last_txcmdsz -
0603                          pattrib->hdrlen -
0604                          pattrib->iv_len -
0605                          pattrib->icv_len;
0606                     *((__le32 *)crc) = cpu_to_le32(
0607                         getcrc32(payload, length));
0608                     arcfour_init(&mycontext, rc4key, 16);
0609                     arcfour_encrypt(&mycontext, payload,
0610                             payload, length);
0611                     arcfour_encrypt(&mycontext, payload +
0612                             length, crc, 4);
0613                 } else {
0614                     length = pxmitpriv->frag_len -
0615                          pattrib->hdrlen -
0616                          pattrib->iv_len -
0617                          pattrib->icv_len;
0618                     *((__le32 *)crc) = cpu_to_le32(getcrc32(
0619                             payload, length));
0620                     arcfour_init(&mycontext, rc4key, 16);
0621                     arcfour_encrypt(&mycontext, payload,
0622                              payload, length);
0623                     arcfour_encrypt(&mycontext,
0624                             payload + length, crc,
0625                             4);
0626                     pframe += pxmitpriv->frag_len;
0627                     pframe = (u8 *)RND4((addr_t)(pframe));
0628                 }
0629             }
0630         } else {
0631             res = _FAIL;
0632         }
0633     }
0634     return res;
0635 }
0636
0637 /* The hlen doesn't include the IV */
0638 void r8712_tkip_decrypt(struct _adapter *padapter, u8 *precvframe)
0639 {   /* exclude ICV */
0640     u16 pnl;
0641     u32 pnh;
0642     u8 rc4key[16];
0643     u8 ttkey[16];
0644     u8 crc[4];
0645     struct arc4context mycontext;
0646     u32 length;
0647     u8 *pframe, *payload, *iv, *prwskey, idx = 0;
0648     union pn48 txpn;
0649     struct  sta_info *stainfo;
0650     struct  rx_pkt_attrib *prxattrib = &((union recv_frame *)
0651                        precvframe)->u.hdr.attrib;
0652     struct  security_priv   *psecuritypriv = &padapter->securitypriv;
0653
0654     pframe = (unsigned char *)((union recv_frame *)
0655                    precvframe)->u.hdr.rx_data;
0656     /* 4 start to decrypt recvframe */
0657     if (prxattrib->encrypt == _TKIP_) {
0658         stainfo = r8712_get_stainfo(&padapter->stapriv,
0659                         &prxattrib->ta[0]);
0660         if (stainfo) {
0661             iv = pframe + prxattrib->hdrlen;
0662             payload = pframe + prxattrib->iv_len +
0663                   prxattrib->hdrlen;
0664             length = ((union recv_frame *)precvframe)->
0665                  u.hdr.len - prxattrib->hdrlen -
0666                  prxattrib->iv_len;
0667             if (is_multicast_ether_addr(prxattrib->ra)) {
0668                 idx = iv[3];
0669                 prwskey = &psecuritypriv->XGrpKey[
0670                      ((idx >> 6) & 0x3) - 1].skey[0];
0671                 if (!psecuritypriv->binstallGrpkey)
0672                     return;
0673             } else {
0674                 prwskey = &stainfo->x_UncstKey.skey[0];
0675             }
0676             GET_TKIP_PN(iv, txpn);
0677             pnl = (u16)(txpn.val);
0678             pnh = (u32)(txpn.val >> 16);
0679             phase1((u16 *)&ttkey[0], prwskey, &prxattrib->ta[0],
0680                 pnh);
0681             phase2(&rc4key[0], prwskey, (unsigned short *)
0682                    &ttkey[0], pnl);
0683             /* 4 decrypt payload include icv */
0684             arcfour_init(&mycontext, rc4key, 16);
0685             arcfour_encrypt(&mycontext, payload, payload, length);
0686             *((__le32 *)crc) = cpu_to_le32(getcrc32(payload,
0687                     length - 4));
0688         }
0689     }
0690 }
0691
0692 /* 3 =====AES related===== */
0693
0694 #define MAX_MSG_SIZE    2048
0695 /*****************************/
0696 /******** SBOX Table *********/
0697 /*****************************/
0698
0699 static const u8 sbox_table[256] = {
0700     0x63, 0x7c, 0x77, 0x7b, 0xf2, 0x6b, 0x6f, 0xc5,
0701     0x30, 0x01, 0x67, 0x2b, 0xfe, 0xd7, 0xab, 0x76,
0702     0xca, 0x82, 0xc9, 0x7d, 0xfa, 0x59, 0x47, 0xf0,
0703     0xad, 0xd4, 0xa2, 0xaf, 0x9c, 0xa4, 0x72, 0xc0,
0704     0xb7, 0xfd, 0x93, 0x26, 0x36, 0x3f, 0xf7, 0xcc,
0705     0x34, 0xa5, 0xe5, 0xf1, 0x71, 0xd8, 0x31, 0x15,
0706     0x04, 0xc7, 0x23, 0xc3, 0x18, 0x96, 0x05, 0x9a,
0707     0x07, 0x12, 0x80, 0xe2, 0xeb, 0x27, 0xb2, 0x75,
0708     0x09, 0x83, 0x2c, 0x1a, 0x1b, 0x6e, 0x5a, 0xa0,
0709     0x52, 0x3b, 0xd6, 0xb3, 0x29, 0xe3, 0x2f, 0x84,
0710     0x53, 0xd1, 0x00, 0xed, 0x20, 0xfc, 0xb1, 0x5b,
0711     0x6a, 0xcb, 0xbe, 0x39, 0x4a, 0x4c, 0x58, 0xcf,
0712     0xd0, 0xef, 0xaa, 0xfb, 0x43, 0x4d, 0x33, 0x85,
0713     0x45, 0xf9, 0x02, 0x7f, 0x50, 0x3c, 0x9f, 0xa8,
0714     0x51, 0xa3, 0x40, 0x8f, 0x92, 0x9d, 0x38, 0xf5,
0715     0xbc, 0xb6, 0xda, 0x21, 0x10, 0xff, 0xf3, 0xd2,
0716     0xcd, 0x0c, 0x13, 0xec, 0x5f, 0x97, 0x44, 0x17,
0717     0xc4, 0xa7, 0x7e, 0x3d, 0x64, 0x5d, 0x19, 0x73,
0718     0x60, 0x81, 0x4f, 0xdc, 0x22, 0x2a, 0x90, 0x88,
0719     0x46, 0xee, 0xb8, 0x14, 0xde, 0x5e, 0x0b, 0xdb,
0720     0xe0, 0x32, 0x3a, 0x0a, 0x49, 0x06, 0x24, 0x5c,
0721     0xc2, 0xd3, 0xac, 0x62, 0x91, 0x95, 0xe4, 0x79,
0722     0xe7, 0xc8, 0x37, 0x6d, 0x8d, 0xd5, 0x4e, 0xa9,
0723     0x6c, 0x56, 0xf4, 0xea, 0x65, 0x7a, 0xae, 0x08,
0724     0xba, 0x78, 0x25, 0x2e, 0x1c, 0xa6, 0xb4, 0xc6,
0725     0xe8, 0xdd, 0x74, 0x1f, 0x4b, 0xbd, 0x8b, 0x8a,
0726     0x70, 0x3e, 0xb5, 0x66, 0x48, 0x03, 0xf6, 0x0e,
0727     0x61, 0x35, 0x57, 0xb9, 0x86, 0xc1, 0x1d, 0x9e,
0728     0xe1, 0xf8, 0x98, 0x11, 0x69, 0xd9, 0x8e, 0x94,
0729     0x9b, 0x1e, 0x87, 0xe9, 0xce, 0x55, 0x28, 0xdf,
0730     0x8c, 0xa1, 0x89, 0x0d, 0xbf, 0xe6, 0x42, 0x68,
0731     0x41, 0x99, 0x2d, 0x0f, 0xb0, 0x54, 0xbb, 0x16
0732 };
0733
0734 /****************************************/
0735 /* aes128k128d()                        */
0736 /* Performs a 128 bit AES encrypt with  */
0737 /* 128 bit data.                        */
0738 /****************************************/
0739 static void xor_128(u8 *a, u8 *b, u8 *out)
0740 {
0741     sint i;
0742
0743     for (i = 0; i < 16; i++)
0744         out[i] = a[i] ^ b[i];
0745 }
0746
0747 static void xor_32(u8 *a, u8 *b, u8 *out)
0748 {
0749     sint i;
0750
0751     for (i = 0; i < 4; i++)
0752         out[i] = a[i] ^ b[i];
0753 }
0754
0755 static u8 sbox(u8 a)
0756 {
0757     return sbox_table[(sint)a];
0758 }
0759
0760 static void next_key(u8 *key, sint round)
0761 {
0762     u8 rcon;
0763     u8 sbox_key[4];
0764     static const u8 rcon_table[12] = {
0765         0x01, 0x02, 0x04, 0x08, 0x10, 0x20, 0x40, 0x80,
0766         0x1b, 0x36, 0x36, 0x36
0767     };
0768
0769     sbox_key[0] = sbox(key[13]);
0770     sbox_key[1] = sbox(key[14]);
0771     sbox_key[2] = sbox(key[15]);
0772     sbox_key[3] = sbox(key[12]);
0773     rcon = rcon_table[round];
0774     xor_32(&key[0], sbox_key, &key[0]);
0775     key[0] = key[0] ^ rcon;
0776     xor_32(&key[4], &key[0], &key[4]);
0777     xor_32(&key[8], &key[4], &key[8]);
0778     xor_32(&key[12], &key[8], &key[12]);
0779 }
0780
0781 static void byte_sub(u8 *in, u8 *out)
0782 {
0783     sint i;
0784
0785     for (i = 0; i < 16; i++)
0786         out[i] = sbox(in[i]);
0787 }
0788
0789 static void shift_row(u8 *in, u8 *out)
0790 {
0791     out[0] =  in[0];
0792     out[1] =  in[5];
0793     out[2] =  in[10];
0794     out[3] =  in[15];
0795     out[4] =  in[4];
0796     out[5] =  in[9];
0797     out[6] =  in[14];
0798     out[7] =  in[3];
0799     out[8] =  in[8];
0800     out[9] =  in[13];
0801     out[10] = in[2];
0802     out[11] = in[7];
0803     out[12] = in[12];
0804     out[13] = in[1];
0805     out[14] = in[6];
0806     out[15] = in[11];
0807 }
0808
0809 static void mix_column(u8 *in, u8 *out)
0810 {
0811     sint i;
0812     u8 add1b[4];
0813     u8 add1bf7[4];
0814     u8 rotl[4];
0815     u8 swap_halves[4];
0816     u8 andf7[4];
0817     u8 rotr[4];
0818     u8 temp[4];
0819     u8 tempb[4];
0820
0821     for (i = 0; i < 4; i++) {
0822         if ((in[i] & 0x80) == 0x80)
0823             add1b[i] = 0x1b;
0824         else
0825             add1b[i] = 0x00;
0826     }
0827     swap_halves[0] = in[2];    /* Swap halves */
0828     swap_halves[1] = in[3];
0829     swap_halves[2] = in[0];
0830     swap_halves[3] = in[1];
0831     rotl[0] = in[3];        /* Rotate left 8 bits */
0832     rotl[1] = in[0];
0833     rotl[2] = in[1];
0834     rotl[3] = in[2];
0835     andf7[0] = in[0] & 0x7f;
0836     andf7[1] = in[1] & 0x7f;
0837     andf7[2] = in[2] & 0x7f;
0838     andf7[3] = in[3] & 0x7f;
0839     for (i = 3; i > 0; i--) {   /* logical shift left 1 bit */
0840         andf7[i] = andf7[i] << 1;
0841         if ((andf7[i - 1] & 0x80) == 0x80)
0842             andf7[i] = (andf7[i] | 0x01);
0843     }
0844     andf7[0] = andf7[0] << 1;
0845     andf7[0] = andf7[0] & 0xfe;
0846     xor_32(add1b, andf7, add1bf7);
0847     xor_32(in, add1bf7, rotr);
0848     temp[0] = rotr[0];         /* Rotate right 8 bits */
0849     rotr[0] = rotr[1];
0850     rotr[1] = rotr[2];
0851     rotr[2] = rotr[3];
0852     rotr[3] = temp[0];
0853     xor_32(add1bf7, rotr, temp);
0854     xor_32(swap_halves, rotl, tempb);
0855     xor_32(temp, tempb, out);
0856 }
0857
0858 static void aes128k128d(u8 *key, u8 *data, u8 *ciphertext)
0859 {
0860     sint round;
0861     sint i;
0862     u8 intermediatea[16];
0863     u8 intermediateb[16];
0864     u8 round_key[16];
0865
0866     for (i = 0; i < 16; i++)
0867         round_key[i] = key[i];
0868     for (round = 0; round < 11; round++) {
0869         if (round == 0) {
0870             xor_128(round_key, data, ciphertext);
0871             next_key(round_key, round);
0872         } else if (round == 10) {
0873             byte_sub(ciphertext, intermediatea);
0874             shift_row(intermediatea, intermediateb);
0875             xor_128(intermediateb, round_key, ciphertext);
0876         } else {   /* 1 - 9 */
0877             byte_sub(ciphertext, intermediatea);
0878             shift_row(intermediatea, intermediateb);
0879             mix_column(&intermediateb[0], &intermediatea[0]);
0880             mix_column(&intermediateb[4], &intermediatea[4]);
0881             mix_column(&intermediateb[8], &intermediatea[8]);
0882             mix_column(&intermediateb[12], &intermediatea[12]);
0883             xor_128(intermediatea, round_key, ciphertext);
0884             next_key(round_key, round);
0885         }
0886     }
0887 }
0888
0889 /************************************************/
0890 /* construct_mic_iv()                           */
0891 /* Builds the MIC IV from header fields and PN  */
0892 /************************************************/
0893 static void construct_mic_iv(u8 *mic_iv, sint qc_exists, sint a4_exists,
0894                  u8 *mpdu, uint payload_length, u8 *pn_vector)
0895 {
0896     sint i;
0897
0898     mic_iv[0] = 0x59;
0899     if (qc_exists && a4_exists)
0900         mic_iv[1] = mpdu[30] & 0x0f;    /* QoS_TC           */
0901     if (qc_exists && !a4_exists)
0902         mic_iv[1] = mpdu[24] & 0x0f;   /* mute bits 7-4    */
0903     if (!qc_exists)
0904         mic_iv[1] = 0x00;
0905     for (i = 2; i < 8; i++)
0906         mic_iv[i] = mpdu[i + 8];
0907     for (i = 8; i < 14; i++)
0908         mic_iv[i] = pn_vector[13 - i]; /* mic_iv[8:13] = PN[5:0] */
0909     mic_iv[14] = (unsigned char)(payload_length / 256);
0910     mic_iv[15] = (unsigned char)(payload_length % 256);
0911 }
0912
0913 /************************************************/
0914 /* construct_mic_header1()                      */
0915 /* Builds the first MIC header block from       */
0916 /* header fields.                               */
0917 /************************************************/
0918 static void construct_mic_header1(u8 *mic_header1, sint header_length, u8 *mpdu)
0919 {
0920     mic_header1[0] = (u8)((header_length - 2) / 256);
0921     mic_header1[1] = (u8)((header_length - 2) % 256);
0922     mic_header1[2] = mpdu[0] & 0xcf;    /* Mute CF poll & CF ack bits */
0923     /* Mute retry, more data and pwr mgt bits */
0924     mic_header1[3] = mpdu[1] & 0xc7;
0925     mic_header1[4] = mpdu[4];       /* A1 */
0926     mic_header1[5] = mpdu[5];
0927     mic_header1[6] = mpdu[6];
0928     mic_header1[7] = mpdu[7];
0929     mic_header1[8] = mpdu[8];
0930     mic_header1[9] = mpdu[9];
0931     mic_header1[10] = mpdu[10];     /* A2 */
0932     mic_header1[11] = mpdu[11];
0933     mic_header1[12] = mpdu[12];
0934     mic_header1[13] = mpdu[13];
0935     mic_header1[14] = mpdu[14];
0936     mic_header1[15] = mpdu[15];
0937 }
0938
0939 /************************************************/
0940 /* construct_mic_header2()                      */
0941 /* Builds the last MIC header block from        */
0942 /* header fields.                               */
0943 /************************************************/
0944 static void construct_mic_header2(u8 *mic_header2, u8 *mpdu, sint a4_exists,
0945                sint qc_exists)
0946 {
0947     sint i;
0948
0949     for (i = 0; i < 16; i++)
0950         mic_header2[i] = 0x00;
0951     mic_header2[0] = mpdu[16];    /* A3 */
0952     mic_header2[1] = mpdu[17];
0953     mic_header2[2] = mpdu[18];
0954     mic_header2[3] = mpdu[19];
0955     mic_header2[4] = mpdu[20];
0956     mic_header2[5] = mpdu[21];
0957     mic_header2[6] = 0x00;
0958     mic_header2[7] = 0x00; /* mpdu[23]; */
0959     if (!qc_exists && a4_exists)
0960         for (i = 0; i < 6; i++)
0961             mic_header2[8 + i] = mpdu[24 + i];   /* A4 */
0962     if (qc_exists && !a4_exists) {
0963         mic_header2[8] = mpdu[24] & 0x0f; /* mute bits 15 - 4 */
0964         mic_header2[9] = mpdu[25] & 0x00;
0965     }
0966     if (qc_exists && a4_exists) {
0967         for (i = 0; i < 6; i++)
0968             mic_header2[8 + i] = mpdu[24 + i];   /* A4 */
0969         mic_header2[14] = mpdu[30] & 0x0f;
0970         mic_header2[15] = mpdu[31] & 0x00;
0971     }
0972 }
0973
0974 /************************************************/
0975 /* construct_mic_header2()                      */
0976 /* Builds the last MIC header block from        */
0977 /* header fields.                               */
0978 /************************************************/
0979 static void construct_ctr_preload(u8 *ctr_preload,
0980                   sint a4_exists, sint qc_exists,
0981                   u8 *mpdu, u8 *pn_vector, sint c)
0982 {
0983     sint i;
0984
0985     for (i = 0; i < 16; i++)
0986         ctr_preload[i] = 0x00;
0987     i = 0;
0988     ctr_preload[0] = 0x01;    /* flag */
0989     if (qc_exists && a4_exists)
0990         ctr_preload[1] = mpdu[30] & 0x0f;
0991     if (qc_exists && !a4_exists)
0992         ctr_preload[1] = mpdu[24] & 0x0f;
0993     for (i = 2; i < 8; i++)
0994         ctr_preload[i] = mpdu[i + 8];
0995     for (i = 8; i < 14; i++)
0996         ctr_preload[i] = pn_vector[13 - i];
0997     ctr_preload[14] = (unsigned char)(c / 256); /* Ctr */
0998     ctr_preload[15] = (unsigned char)(c % 256);
0999 }
1000
1001 /************************************/
1002 /* bitwise_xor()                    */
1003 /* A 128 bit, bitwise exclusive or  */
1004 /************************************/
1005 static void bitwise_xor(u8 *ina, u8 *inb, u8 *out)
1006 {
1007     sint i;
1008
1009     for (i = 0; i < 16; i++)
1010         out[i] = ina[i] ^ inb[i];
1011 }
1012
1013 static void aes_cipher(u8 *key, uint hdrlen,
1014                u8 *pframe, uint plen)
1015 {
1016     uint qc_exists, a4_exists, i, j, payload_remainder;
1017     uint num_blocks, payload_index;
1018
1019     u8 pn_vector[6];
1020     u8 mic_iv[16];
1021     u8 mic_header1[16];
1022     u8 mic_header2[16];
1023     u8 ctr_preload[16];
1024
1025     /* Intermediate Buffers */
1026     u8 chain_buffer[16];
1027     u8 aes_out[16];
1028     u8 padded_buffer[16];
1029     u8 mic[8];
1030     u16 frtype  = GetFrameType(pframe);
1031     u16 frsubtype  = GetFrameSubType(pframe);
1032
1033     frsubtype >>= 4;
1034     memset((void *)mic_iv, 0, 16);
1035     memset((void *)mic_header1, 0, 16);
1036     memset((void *)mic_header2, 0, 16);
1037     memset((void *)ctr_preload, 0, 16);
1038     memset((void *)chain_buffer, 0, 16);
1039     memset((void *)aes_out, 0, 16);
1040     memset((void *)padded_buffer, 0, 16);
1041
1042     if ((hdrlen == WLAN_HDR_A3_LEN) || (hdrlen ==  WLAN_HDR_A3_QOS_LEN))
1043         a4_exists = 0;
1044     else
1045         a4_exists = 1;
1046
1047     if ((frtype == (IEEE80211_FTYPE_DATA | IEEE80211_STYPE_DATA_CFACK)) ||
1048         (frtype == (IEEE80211_FTYPE_DATA | IEEE80211_STYPE_DATA_CFPOLL)) ||
1049         (frtype == (IEEE80211_FTYPE_DATA | IEEE80211_STYPE_DATA_CFACKPOLL))) {
1050         qc_exists = 1;
1051         if (hdrlen !=  WLAN_HDR_A3_QOS_LEN)
1052             hdrlen += 2;
1053     } else if ((frsubtype == 0x08) ||
1054            (frsubtype == 0x09) ||
1055            (frsubtype == 0x0a) ||
1056            (frsubtype == 0x0b)) {
1057         if (hdrlen !=  WLAN_HDR_A3_QOS_LEN)
1058             hdrlen += 2;
1059         qc_exists = 1;
1060     } else {
1061         qc_exists = 0;
1062     }
1063     pn_vector[0] = pframe[hdrlen];
1064     pn_vector[1] = pframe[hdrlen + 1];
1065     pn_vector[2] = pframe[hdrlen + 4];
1066     pn_vector[3] = pframe[hdrlen + 5];
1067     pn_vector[4] = pframe[hdrlen + 6];
1068     pn_vector[5] = pframe[hdrlen + 7];
1069     construct_mic_iv(mic_iv, qc_exists, a4_exists, pframe, plen, pn_vector);
1070     construct_mic_header1(mic_header1, hdrlen, pframe);
1071     construct_mic_header2(mic_header2, pframe, a4_exists, qc_exists);
1072     payload_remainder = plen % 16;
1073     num_blocks = plen / 16;
1074     /* Find start of payload */
1075     payload_index = hdrlen + 8;
1076     /* Calculate MIC */
1077     aes128k128d(key, mic_iv, aes_out);
1078     bitwise_xor(aes_out, mic_header1, chain_buffer);
1079     aes128k128d(key, chain_buffer, aes_out);
1080     bitwise_xor(aes_out, mic_header2, chain_buffer);
1081     aes128k128d(key, chain_buffer, aes_out);
1082     for (i = 0; i < num_blocks; i++) {
1083         bitwise_xor(aes_out, &pframe[payload_index], chain_buffer);
1084         payload_index += 16;
1085         aes128k128d(key, chain_buffer, aes_out);
1086     }
1087     /* Add on the final payload block if it needs padding */
1088     if (payload_remainder > 0) {
1089         for (j = 0; j < 16; j++)
1090             padded_buffer[j] = 0x00;
1091         for (j = 0; j < payload_remainder; j++)
1092             padded_buffer[j] = pframe[payload_index++];
1093         bitwise_xor(aes_out, padded_buffer, chain_buffer);
1094         aes128k128d(key, chain_buffer, aes_out);
1095     }
1096     for (j = 0; j < 8; j++)
1097         mic[j] = aes_out[j];
1098     /* Insert MIC into payload */
1099     for (j = 0; j < 8; j++)
1100         pframe[payload_index + j] = mic[j];
1101     payload_index = hdrlen + 8;
1102     for (i = 0; i < num_blocks; i++) {
1103         construct_ctr_preload(ctr_preload, a4_exists, qc_exists,
1104                       pframe, pn_vector, i + 1);
1105         aes128k128d(key, ctr_preload, aes_out);
1106         bitwise_xor(aes_out, &pframe[payload_index], chain_buffer);
1107         for (j = 0; j < 16; j++)
1108             pframe[payload_index++] = chain_buffer[j];
1109     }
1110     if (payload_remainder > 0) {  /* If short final block, then pad it,*/
1111                       /* encrypt and copy unpadded part back */
1112         construct_ctr_preload(ctr_preload, a4_exists, qc_exists,
1113                       pframe, pn_vector, num_blocks + 1);
1114         for (j = 0; j < 16; j++)
1115             padded_buffer[j] = 0x00;
1116         for (j = 0; j < payload_remainder; j++)
1117             padded_buffer[j] = pframe[payload_index + j];
1118         aes128k128d(key, ctr_preload, aes_out);
1119         bitwise_xor(aes_out, padded_buffer, chain_buffer);
1120         for (j = 0; j < payload_remainder; j++)
1121             pframe[payload_index++] = chain_buffer[j];
1122     }
1123     /* Encrypt the MIC */
1124     construct_ctr_preload(ctr_preload, a4_exists, qc_exists,
1125                   pframe, pn_vector, 0);
1126     for (j = 0; j < 16; j++)
1127         padded_buffer[j] = 0x00;
1128     for (j = 0; j < 8; j++)
1129         padded_buffer[j] = pframe[j + hdrlen + 8 + plen];
1130     aes128k128d(key, ctr_preload, aes_out);
1131     bitwise_xor(aes_out, padded_buffer, chain_buffer);
1132     for (j = 0; j < 8; j++)
1133         pframe[payload_index++] = chain_buffer[j];
1134 }
1135
1136 u32 r8712_aes_encrypt(struct _adapter *padapter, u8 *pxmitframe)
1137 {   /* exclude ICV */
1138     /* Intermediate Buffers */
1139     sint    curfragnum, length;
1140     u8  *pframe, *prwskey;
1141     struct  sta_info *stainfo;
1142     struct  pkt_attrib  *pattrib = &((struct xmit_frame *)
1143                        pxmitframe)->attrib;
1144     struct  xmit_priv *pxmitpriv = &padapter->xmitpriv;
1145     u32 res = _SUCCESS;
1146
1147     if (((struct xmit_frame *)pxmitframe)->buf_addr == NULL)
1148         return _FAIL;
1149     pframe = ((struct xmit_frame *)pxmitframe)->buf_addr + TXDESC_OFFSET;
1150     /* 4 start to encrypt each fragment */
1151     if (pattrib->encrypt == _AES_) {
1152         if (pattrib->psta)
1153             stainfo = pattrib->psta;
1154         else
1155             stainfo = r8712_get_stainfo(&padapter->stapriv,
1156                   &pattrib->ra[0]);
1157         if (stainfo) {
1158             prwskey = &stainfo->x_UncstKey.skey[0];
1159             for (curfragnum = 0; curfragnum < pattrib->nr_frags;
1160                  curfragnum++) {
1161                 if ((curfragnum + 1) == pattrib->nr_frags) {
1162                     length = pattrib->last_txcmdsz -
1163                          pattrib->hdrlen -
1164                          pattrib->iv_len -
1165                          pattrib->icv_len;
1166                     aes_cipher(prwskey, pattrib->hdrlen,
1167                            pframe, length);
1168                 } else {
1169                     length = pxmitpriv->frag_len -
1170                          pattrib->hdrlen -
1171                          pattrib->iv_len -
1172                          pattrib->icv_len;
1173                     aes_cipher(prwskey, pattrib->hdrlen,
1174                            pframe, length);
1175                     pframe += pxmitpriv->frag_len;
1176                     pframe = (u8 *)RND4((addr_t)(pframe));
1177                 }
1178             }
1179         } else {
1180             res = _FAIL;
1181         }
1182     }
1183     return res;
1184 }
1185
1186 static void aes_decipher(u8 *key, uint hdrlen,
1187              u8 *pframe, uint plen)
1188 {
1189     static u8 message[MAX_MSG_SIZE];
1190     uint qc_exists, a4_exists, i, j, payload_remainder;
1191     uint num_blocks, payload_index;
1192     u8 pn_vector[6];
1193     u8 mic_iv[16];
1194     u8 mic_header1[16];
1195     u8 mic_header2[16];
1196     u8 ctr_preload[16];
1197     /* Intermediate Buffers */
1198     u8 chain_buffer[16];
1199     u8 aes_out[16];
1200     u8 padded_buffer[16];
1201     u8 mic[8];
1202     uint frtype  = GetFrameType(pframe);
1203     uint frsubtype  = GetFrameSubType(pframe);
1204
1205     frsubtype >>= 4;
1206     memset((void *)mic_iv, 0, 16);
1207     memset((void *)mic_header1, 0, 16);
1208     memset((void *)mic_header2, 0, 16);
1209     memset((void *)ctr_preload, 0, 16);
1210     memset((void *)chain_buffer, 0, 16);
1211     memset((void *)aes_out, 0, 16);
1212     memset((void *)padded_buffer, 0, 16);
1213     /* start to decrypt the payload */
1214     /*(plen including llc, payload and mic) */
1215     num_blocks = (plen - 8) / 16;
1216     payload_remainder = (plen - 8) % 16;
1217     pn_vector[0] = pframe[hdrlen];
1218     pn_vector[1] = pframe[hdrlen + 1];
1219     pn_vector[2] = pframe[hdrlen + 4];
1220     pn_vector[3] = pframe[hdrlen + 5];
1221     pn_vector[4] = pframe[hdrlen + 6];
1222     pn_vector[5] = pframe[hdrlen + 7];
1223     if ((hdrlen == WLAN_HDR_A3_LEN) || (hdrlen ==  WLAN_HDR_A3_QOS_LEN))
1224         a4_exists = 0;
1225     else
1226         a4_exists = 1;
1227     if ((frtype == (IEEE80211_FTYPE_DATA | IEEE80211_STYPE_DATA_CFACK)) ||
1228         (frtype == (IEEE80211_FTYPE_DATA | IEEE80211_STYPE_DATA_CFPOLL)) ||
1229         (frtype == (IEEE80211_FTYPE_DATA | IEEE80211_STYPE_DATA_CFACKPOLL))) {
1230         qc_exists = 1;
1231         if (hdrlen != WLAN_HDR_A3_QOS_LEN)
1232             hdrlen += 2;
1233     } else if ((frsubtype == 0x08) ||
1234            (frsubtype == 0x09) ||
1235            (frsubtype == 0x0a) ||
1236            (frsubtype == 0x0b)) {
1237         if (hdrlen != WLAN_HDR_A3_QOS_LEN)
1238             hdrlen += 2;
1239         qc_exists = 1;
1240     } else {
1241         qc_exists = 0;
1242     }
1243     /* now, decrypt pframe with hdrlen offset and plen long */
1244     payload_index = hdrlen + 8; /* 8 is for extiv */
1245     for (i = 0; i < num_blocks; i++) {
1246         construct_ctr_preload(ctr_preload, a4_exists, qc_exists,
1247                       pframe, pn_vector, i + 1);
1248         aes128k128d(key, ctr_preload, aes_out);
1249         bitwise_xor(aes_out, &pframe[payload_index], chain_buffer);
1250         for (j = 0; j < 16; j++)
1251             pframe[payload_index++] = chain_buffer[j];
1252     }
1253     if (payload_remainder > 0) {  /* If short final block, pad it,*/
1254         /* encrypt it and copy the unpadded part back   */
1255         construct_ctr_preload(ctr_preload, a4_exists, qc_exists,
1256                       pframe, pn_vector, num_blocks + 1);
1257         for (j = 0; j < 16; j++)
1258             padded_buffer[j] = 0x00;
1259         for (j = 0; j < payload_remainder; j++)
1260             padded_buffer[j] = pframe[payload_index + j];
1261         aes128k128d(key, ctr_preload, aes_out);
1262         bitwise_xor(aes_out, padded_buffer, chain_buffer);
1263         for (j = 0; j < payload_remainder; j++)
1264             pframe[payload_index++] = chain_buffer[j];
1265     }
1266     /* start to calculate the mic */
1267     memcpy((void *)message, pframe, (hdrlen + plen + 8));
1268     pn_vector[0] = pframe[hdrlen];
1269     pn_vector[1] = pframe[hdrlen + 1];
1270     pn_vector[2] = pframe[hdrlen + 4];
1271     pn_vector[3] = pframe[hdrlen + 5];
1272     pn_vector[4] = pframe[hdrlen + 6];
1273     pn_vector[5] = pframe[hdrlen + 7];
1274     construct_mic_iv(mic_iv, qc_exists, a4_exists, message, plen - 8,
1275              pn_vector);
1276     construct_mic_header1(mic_header1, hdrlen, message);
1277     construct_mic_header2(mic_header2, message, a4_exists, qc_exists);
1278     payload_remainder = (plen - 8) % 16;
1279     num_blocks = (plen - 8) / 16;
1280     /* Find start of payload */
1281     payload_index = hdrlen + 8;
1282     /* Calculate MIC */
1283     aes128k128d(key, mic_iv, aes_out);
1284     bitwise_xor(aes_out, mic_header1, chain_buffer);
1285     aes128k128d(key, chain_buffer, aes_out);
1286     bitwise_xor(aes_out, mic_header2, chain_buffer);
1287     aes128k128d(key, chain_buffer, aes_out);
1288     for (i = 0; i < num_blocks; i++) {
1289         bitwise_xor(aes_out, &message[payload_index], chain_buffer);
1290         payload_index += 16;
1291         aes128k128d(key, chain_buffer, aes_out);
1292     }
1293     /* Add on the final payload block if it needs padding */
1294     if (payload_remainder > 0) {
1295         for (j = 0; j < 16; j++)
1296             padded_buffer[j] = 0x00;
1297         for (j = 0; j < payload_remainder; j++)
1298             padded_buffer[j] = message[payload_index++];
1299         bitwise_xor(aes_out, padded_buffer, chain_buffer);
1300         aes128k128d(key, chain_buffer, aes_out);
1301     }
1302     for (j = 0; j < 8; j++)
1303         mic[j] = aes_out[j];
1304     /* Insert MIC into payload */
1305     for (j = 0; j < 8; j++)
1306         message[payload_index + j] = mic[j];
1307     payload_index = hdrlen + 8;
1308     for (i = 0; i < num_blocks; i++) {
1309         construct_ctr_preload(ctr_preload, a4_exists, qc_exists,
1310                       message, pn_vector, i + 1);
1311         aes128k128d(key, ctr_preload, aes_out);
1312         bitwise_xor(aes_out, &message[payload_index], chain_buffer);
1313         for (j = 0; j < 16; j++)
1314             message[payload_index++] = chain_buffer[j];
1315     }
1316     if (payload_remainder > 0) { /* If short final block, pad it,*/
1317                      /* encrypt and copy unpadded part back */
1318         construct_ctr_preload(ctr_preload, a4_exists, qc_exists,
1319                       message, pn_vector, num_blocks + 1);
1320         for (j = 0; j < 16; j++)
1321             padded_buffer[j] = 0x00;
1322         for (j = 0; j < payload_remainder; j++)
1323             padded_buffer[j] = message[payload_index + j];
1324         aes128k128d(key, ctr_preload, aes_out);
1325         bitwise_xor(aes_out, padded_buffer, chain_buffer);
1326         for (j = 0; j < payload_remainder; j++)
1327             message[payload_index++] = chain_buffer[j];
1328     }
1329     /* Encrypt the MIC */
1330     construct_ctr_preload(ctr_preload, a4_exists, qc_exists, message,
1331                   pn_vector, 0);
1332     for (j = 0; j < 16; j++)
1333         padded_buffer[j] = 0x00;
1334     for (j = 0; j < 8; j++)
1335         padded_buffer[j] = message[j + hdrlen + plen];
1336     aes128k128d(key, ctr_preload, aes_out);
1337     bitwise_xor(aes_out, padded_buffer, chain_buffer);
1338     for (j = 0; j < 8; j++)
1339         message[payload_index++] = chain_buffer[j];
1340     /* compare the mic */
1341 }
1342
1343 void r8712_aes_decrypt(struct _adapter *padapter, u8 *precvframe)
1344 {   /* exclude ICV */
1345     /* Intermediate Buffers */
1346     sint        length;
1347     u8  *pframe, *prwskey, *iv, idx;
1348     struct  sta_info *stainfo;
1349     struct  rx_pkt_attrib *prxattrib = &((union recv_frame *)
1350                        precvframe)->u.hdr.attrib;
1351     struct  security_priv *psecuritypriv = &padapter->securitypriv;
1352
1353     pframe = (unsigned char *)((union recv_frame *)precvframe)->
1354          u.hdr.rx_data;
1355     /* 4 start to encrypt each fragment */
1356     if (prxattrib->encrypt == _AES_) {
1357         stainfo = r8712_get_stainfo(&padapter->stapriv,
1358                         &prxattrib->ta[0]);
1359         if (stainfo) {
1360             if (is_multicast_ether_addr(prxattrib->ra)) {
1361                 iv = pframe + prxattrib->hdrlen;
1362                 idx = iv[3];
1363                 prwskey = &psecuritypriv->XGrpKey[
1364                       ((idx >> 6) & 0x3) - 1].skey[0];
1365                 if (!psecuritypriv->binstallGrpkey)
1366                     return;
1367
1368             } else {
1369                 prwskey = &stainfo->x_UncstKey.skey[0];
1370             }
1371             length = ((union recv_frame *)precvframe)->
1372                  u.hdr.len - prxattrib->hdrlen -
1373                  prxattrib->iv_len;
1374             aes_decipher(prwskey, prxattrib->hdrlen, pframe,
1375                      length);
1376         }
1377     }
1378 }
1379
1380 void r8712_use_tkipkey_handler(struct timer_list *t)
1381 {
1382     struct _adapter *padapter =
1383         from_timer(padapter, t, securitypriv.tkip_timer);
1384
1385     padapter->securitypriv.busetkipkey = true;
1386 }