1 // SPDX-License-Identifier: GPL-2.0
2 /******************************************************************************
3 *
4 * Copyright(c) 2007 - 2011 Realtek Corporation. All rights reserved.
5 *
6 ******************************************************************************/
7 #include <linux/crc32.h>
8 #include <drv_types.h>
9 #include <crypto/aes.h>
10 #include <crypto/utils.h>
11
12 static const char * const _security_type_str[] = {
13 "N/A",
14 "WEP40",
15 "TKIP",
16 "TKIP_WM",
17 "AES",
18 "WEP104",
19 "SMS4",
20 "WEP_WPA",
21 "BIP",
22 };
23
security_type_str(u8 value)24 const char *security_type_str(u8 value)
25 {
26 if (value <= _BIP_)
27 return _security_type_str[value];
28 return NULL;
29 }
30
31 /* WEP related ===== */
32
33 /* Need to consider the fragment situation */
rtw_wep_encrypt(struct adapter * padapter,u8 * pxmitframe)34 void rtw_wep_encrypt(struct adapter *padapter, u8 *pxmitframe)
35 { /* exclude ICV */
36 union {
37 __le32 f0;
38 unsigned char f1[4];
39 } crc;
40
41 signed int curfragnum, length;
42 u32 keylength;
43
44 u8 *pframe, *payload, *iv; /* wepkey */
45 u8 wepkey[16];
46 u8 hw_hdr_offset = 0;
47 struct pkt_attrib *pattrib = &((struct xmit_frame *)pxmitframe)->attrib;
48 struct security_priv *psecuritypriv = &padapter->securitypriv;
49 struct xmit_priv *pxmitpriv = &padapter->xmitpriv;
50 struct arc4_ctx *ctx = &psecuritypriv->xmit_arc4_ctx;
51
52 if (!((struct xmit_frame *)pxmitframe)->buf_addr)
53 return;
54
55 hw_hdr_offset = TXDESC_OFFSET;
56 pframe = ((struct xmit_frame *)pxmitframe)->buf_addr + hw_hdr_offset;
57
58 /* start to encrypt each fragment */
59 if ((pattrib->encrypt == _WEP40_) || (pattrib->encrypt == _WEP104_)) {
60 keylength = psecuritypriv->dot11DefKeylen[psecuritypriv->dot11PrivacyKeyIndex];
61
62 for (curfragnum = 0; curfragnum < pattrib->nr_frags; curfragnum++) {
63 iv = pframe + pattrib->hdrlen;
64 memcpy(&wepkey[0], iv, 3);
65 memcpy(&wepkey[3], &psecuritypriv->dot11DefKey[psecuritypriv->dot11PrivacyKeyIndex].skey[0], keylength);
66 payload = pframe + pattrib->iv_len + pattrib->hdrlen;
67
68 if ((curfragnum + 1) == pattrib->nr_frags) { /* the last fragment */
69
70 length = pattrib->last_txcmdsz - pattrib->hdrlen - pattrib->iv_len - pattrib->icv_len;
71
72 crc.f0 = cpu_to_le32(~crc32_le(~0, payload, length));
73
74 arc4_setkey(ctx, wepkey, 3 + keylength);
75 arc4_crypt(ctx, payload, payload, length);
76 arc4_crypt(ctx, payload + length, crc.f1, 4);
77
78 } else {
79 length = pxmitpriv->frag_len - pattrib->hdrlen - pattrib->iv_len - pattrib->icv_len;
80 crc.f0 = cpu_to_le32(~crc32_le(~0, payload, length));
81 arc4_setkey(ctx, wepkey, 3 + keylength);
82 arc4_crypt(ctx, payload, payload, length);
83 arc4_crypt(ctx, payload + length, crc.f1, 4);
84
85 pframe += pxmitpriv->frag_len;
86 pframe = (u8 *)round_up((SIZE_PTR)(pframe), 4);
87 }
88 }
89 }
90 }
91
rtw_wep_decrypt(struct adapter * padapter,u8 * precvframe)92 void rtw_wep_decrypt(struct adapter *padapter, u8 *precvframe)
93 {
94 /* exclude ICV */
95 u8 crc[4];
96 signed int length;
97 u32 keylength;
98 u8 *pframe, *payload, *iv, wepkey[16];
99 u8 keyindex;
100 struct rx_pkt_attrib *prxattrib = &(((union recv_frame *)precvframe)->u.hdr.attrib);
101 struct security_priv *psecuritypriv = &padapter->securitypriv;
102 struct arc4_ctx *ctx = &psecuritypriv->recv_arc4_ctx;
103
104 pframe = (unsigned char *)((union recv_frame *)precvframe)->u.hdr.rx_data;
105
106 /* start to decrypt recvframe */
107 if ((prxattrib->encrypt == _WEP40_) || (prxattrib->encrypt == _WEP104_)) {
108 iv = pframe + prxattrib->hdrlen;
109 /* keyindex =(iv[3]&0x3); */
110 keyindex = prxattrib->key_index;
111 keylength = psecuritypriv->dot11DefKeylen[keyindex];
112 memcpy(&wepkey[0], iv, 3);
113 /* memcpy(&wepkey[3], &psecuritypriv->dot11DefKey[psecuritypriv->dot11PrivacyKeyIndex].skey[0], keylength); */
114 memcpy(&wepkey[3], &psecuritypriv->dot11DefKey[keyindex].skey[0], keylength);
115 length = ((union recv_frame *)precvframe)->u.hdr.len - prxattrib->hdrlen - prxattrib->iv_len;
116
117 payload = pframe + prxattrib->iv_len + prxattrib->hdrlen;
118
119 /* decrypt payload include icv */
120 arc4_setkey(ctx, wepkey, 3 + keylength);
121 arc4_crypt(ctx, payload, payload, length);
122
123 /* calculate icv and compare the icv */
124 *((u32 *)crc) = ~crc32_le(~0, payload, length - 4);
125
126 }
127 }
128
129 /* 3 =====TKIP related ===== */
130
secmicgetuint32(u8 * p)131 static u32 secmicgetuint32(u8 *p)
132 /* Convert from Byte[] to Us3232 in a portable way */
133 {
134 s32 i;
135 u32 res = 0;
136
137 for (i = 0; i < 4; i++)
138 res |= ((u32)(*p++)) << (8 * i);
139
140 return res;
141 }
142
secmicputuint32(u8 * p,u32 val)143 static void secmicputuint32(u8 *p, u32 val)
144 /* Convert from Us3232 to Byte[] in a portable way */
145 {
146 long i;
147
148 for (i = 0; i < 4; i++) {
149 *p++ = (u8) (val & 0xff);
150 val >>= 8;
151 }
152 }
153
secmicclear(struct mic_data * pmicdata)154 static void secmicclear(struct mic_data *pmicdata)
155 {
156 /* Reset the state to the empty message. */
157 pmicdata->L = pmicdata->K0;
158 pmicdata->R = pmicdata->K1;
159 pmicdata->nBytesInM = 0;
160 pmicdata->M = 0;
161 }
162
rtw_secmicsetkey(struct mic_data * pmicdata,u8 * key)163 void rtw_secmicsetkey(struct mic_data *pmicdata, u8 *key)
164 {
165 /* Set the key */
166 pmicdata->K0 = secmicgetuint32(key);
167 pmicdata->K1 = secmicgetuint32(key + 4);
168 /* and reset the message */
169 secmicclear(pmicdata);
170 }
171
rtw_secmicappendbyte(struct mic_data * pmicdata,u8 b)172 void rtw_secmicappendbyte(struct mic_data *pmicdata, u8 b)
173 {
174 /* Append the byte to our word-sized buffer */
175 pmicdata->M |= ((unsigned long)b) << (8 * pmicdata->nBytesInM);
176 pmicdata->nBytesInM++;
177 /* Process the word if it is full. */
178 if (pmicdata->nBytesInM >= 4) {
179 pmicdata->L ^= pmicdata->M;
180 pmicdata->R ^= ROL32(pmicdata->L, 17);
181 pmicdata->L += pmicdata->R;
182 pmicdata->R ^= ((pmicdata->L & 0xff00ff00) >> 8) | ((pmicdata->L & 0x00ff00ff) << 8);
183 pmicdata->L += pmicdata->R;
184 pmicdata->R ^= ROL32(pmicdata->L, 3);
185 pmicdata->L += pmicdata->R;
186 pmicdata->R ^= ROR32(pmicdata->L, 2);
187 pmicdata->L += pmicdata->R;
188 /* Clear the buffer */
189 pmicdata->M = 0;
190 pmicdata->nBytesInM = 0;
191 }
192 }
193
rtw_secmicappend(struct mic_data * pmicdata,u8 * src,u32 nbytes)194 void rtw_secmicappend(struct mic_data *pmicdata, u8 *src, u32 nbytes)
195 {
196 /* This is simple */
197 while (nbytes > 0) {
198 rtw_secmicappendbyte(pmicdata, *src++);
199 nbytes--;
200 }
201 }
202
rtw_secgetmic(struct mic_data * pmicdata,u8 * dst)203 void rtw_secgetmic(struct mic_data *pmicdata, u8 *dst)
204 {
205 /* Append the minimum padding */
206 rtw_secmicappendbyte(pmicdata, 0x5a);
207 rtw_secmicappendbyte(pmicdata, 0);
208 rtw_secmicappendbyte(pmicdata, 0);
209 rtw_secmicappendbyte(pmicdata, 0);
210 rtw_secmicappendbyte(pmicdata, 0);
211 /* and then zeroes until the length is a multiple of 4 */
212 while (pmicdata->nBytesInM != 0)
213 rtw_secmicappendbyte(pmicdata, 0);
214 /* The appendByte function has already computed the result. */
215 secmicputuint32(dst, pmicdata->L);
216 secmicputuint32(dst + 4, pmicdata->R);
217 /* Reset to the empty message. */
218 secmicclear(pmicdata);
219 }
220
221
rtw_seccalctkipmic(u8 * key,u8 * header,u8 * data,u32 data_len,u8 * mic_code,u8 pri)222 void rtw_seccalctkipmic(u8 *key, u8 *header, u8 *data, u32 data_len, u8 *mic_code, u8 pri)
223 {
224
225 struct mic_data micdata;
226 u8 priority[4] = {0x0, 0x0, 0x0, 0x0};
227
228 rtw_secmicsetkey(&micdata, key);
229 priority[0] = pri;
230
231 /* Michael MIC pseudo header: DA, SA, 3 x 0, Priority */
232 if (header[1] & 1) { /* ToDS == 1 */
233 rtw_secmicappend(&micdata, &header[16], 6); /* DA */
234 if (header[1] & 2) /* From Ds == 1 */
235 rtw_secmicappend(&micdata, &header[24], 6);
236 else
237 rtw_secmicappend(&micdata, &header[10], 6);
238 } else { /* ToDS == 0 */
239 rtw_secmicappend(&micdata, &header[4], 6); /* DA */
240 if (header[1] & 2) /* From Ds == 1 */
241 rtw_secmicappend(&micdata, &header[16], 6);
242 else
243 rtw_secmicappend(&micdata, &header[10], 6);
244 }
245 rtw_secmicappend(&micdata, &priority[0], 4);
246
247
248 rtw_secmicappend(&micdata, data, data_len);
249
250 rtw_secgetmic(&micdata, mic_code);
251 }
252
253 /* macros for extraction/creation of unsigned char/unsigned short values */
254 #define RotR1(v16) ((((v16) >> 1) & 0x7FFF) ^ (((v16) & 1) << 15))
255 #define Lo8(v16) ((u8)((v16) & 0x00FF))
256 #define Hi8(v16) ((u8)(((v16) >> 8) & 0x00FF))
257 #define Lo16(v32) ((u16)((v32) & 0xFFFF))
258 #define Hi16(v32) ((u16)(((v32) >> 16) & 0xFFFF))
259 #define Mk16(hi, lo) ((lo) ^ (((u16)(hi)) << 8))
260
261 /* select the Nth 16-bit word of the temporal key unsigned char array TK[] */
262 #define TK16(N) Mk16(tk[2 * (N) + 1], tk[2 * (N)])
263
264 /* S-box lookup: 16 bits --> 16 bits */
265 #define _S_(v16) (Sbox1[0][Lo8(v16)] ^ Sbox1[1][Hi8(v16)])
266
267 /* fixed algorithm "parameters" */
268 #define PHASE1_LOOP_CNT 8 /* this needs to be "big enough" */
269
270 /* 2-unsigned char by 2-unsigned char subset of the full AES S-box table */
271 static const unsigned short Sbox1[2][256] = { /* Sbox for hash (can be in ROM) */
272 {
273 0xC6A5, 0xF884, 0xEE99, 0xF68D, 0xFF0D, 0xD6BD, 0xDEB1, 0x9154,
274 0x6050, 0x0203, 0xCEA9, 0x567D, 0xE719, 0xB562, 0x4DE6, 0xEC9A,
275 0x8F45, 0x1F9D, 0x8940, 0xFA87, 0xEF15, 0xB2EB, 0x8EC9, 0xFB0B,
276 0x41EC, 0xB367, 0x5FFD, 0x45EA, 0x23BF, 0x53F7, 0xE496, 0x9B5B,
277 0x75C2, 0xE11C, 0x3DAE, 0x4C6A, 0x6C5A, 0x7E41, 0xF502, 0x834F,
278 0x685C, 0x51F4, 0xD134, 0xF908, 0xE293, 0xAB73, 0x6253, 0x2A3F,
279 0x080C, 0x9552, 0x4665, 0x9D5E, 0x3028, 0x37A1, 0x0A0F, 0x2FB5,
280 0x0E09, 0x2436, 0x1B9B, 0xDF3D, 0xCD26, 0x4E69, 0x7FCD, 0xEA9F,
281 0x121B, 0x1D9E, 0x5874, 0x342E, 0x362D, 0xDCB2, 0xB4EE, 0x5BFB,
282 0xA4F6, 0x764D, 0xB761, 0x7DCE, 0x527B, 0xDD3E, 0x5E71, 0x1397,
283 0xA6F5, 0xB968, 0x0000, 0xC12C, 0x4060, 0xE31F, 0x79C8, 0xB6ED,
284 0xD4BE, 0x8D46, 0x67D9, 0x724B, 0x94DE, 0x98D4, 0xB0E8, 0x854A,
285 0xBB6B, 0xC52A, 0x4FE5, 0xED16, 0x86C5, 0x9AD7, 0x6655, 0x1194,
286 0x8ACF, 0xE910, 0x0406, 0xFE81, 0xA0F0, 0x7844, 0x25BA, 0x4BE3,
287 0xA2F3, 0x5DFE, 0x80C0, 0x058A, 0x3FAD, 0x21BC, 0x7048, 0xF104,
288 0x63DF, 0x77C1, 0xAF75, 0x4263, 0x2030, 0xE51A, 0xFD0E, 0xBF6D,
289 0x814C, 0x1814, 0x2635, 0xC32F, 0xBEE1, 0x35A2, 0x88CC, 0x2E39,
290 0x9357, 0x55F2, 0xFC82, 0x7A47, 0xC8AC, 0xBAE7, 0x322B, 0xE695,
291 0xC0A0, 0x1998, 0x9ED1, 0xA37F, 0x4466, 0x547E, 0x3BAB, 0x0B83,
292 0x8CCA, 0xC729, 0x6BD3, 0x283C, 0xA779, 0xBCE2, 0x161D, 0xAD76,
293 0xDB3B, 0x6456, 0x744E, 0x141E, 0x92DB, 0x0C0A, 0x486C, 0xB8E4,
294 0x9F5D, 0xBD6E, 0x43EF, 0xC4A6, 0x39A8, 0x31A4, 0xD337, 0xF28B,
295 0xD532, 0x8B43, 0x6E59, 0xDAB7, 0x018C, 0xB164, 0x9CD2, 0x49E0,
296 0xD8B4, 0xACFA, 0xF307, 0xCF25, 0xCAAF, 0xF48E, 0x47E9, 0x1018,
297 0x6FD5, 0xF088, 0x4A6F, 0x5C72, 0x3824, 0x57F1, 0x73C7, 0x9751,
298 0xCB23, 0xA17C, 0xE89C, 0x3E21, 0x96DD, 0x61DC, 0x0D86, 0x0F85,
299 0xE090, 0x7C42, 0x71C4, 0xCCAA, 0x90D8, 0x0605, 0xF701, 0x1C12,
300 0xC2A3, 0x6A5F, 0xAEF9, 0x69D0, 0x1791, 0x9958, 0x3A27, 0x27B9,
301 0xD938, 0xEB13, 0x2BB3, 0x2233, 0xD2BB, 0xA970, 0x0789, 0x33A7,
302 0x2DB6, 0x3C22, 0x1592, 0xC920, 0x8749, 0xAAFF, 0x5078, 0xA57A,
303 0x038F, 0x59F8, 0x0980, 0x1A17, 0x65DA, 0xD731, 0x84C6, 0xD0B8,
304 0x82C3, 0x29B0, 0x5A77, 0x1E11, 0x7BCB, 0xA8FC, 0x6DD6, 0x2C3A,
305 },
306
307
308 { /* second half of table is unsigned char-reversed version of first! */
309 0xA5C6, 0x84F8, 0x99EE, 0x8DF6, 0x0DFF, 0xBDD6, 0xB1DE, 0x5491,
310 0x5060, 0x0302, 0xA9CE, 0x7D56, 0x19E7, 0x62B5, 0xE64D, 0x9AEC,
311 0x458F, 0x9D1F, 0x4089, 0x87FA, 0x15EF, 0xEBB2, 0xC98E, 0x0BFB,
312 0xEC41, 0x67B3, 0xFD5F, 0xEA45, 0xBF23, 0xF753, 0x96E4, 0x5B9B,
313 0xC275, 0x1CE1, 0xAE3D, 0x6A4C, 0x5A6C, 0x417E, 0x02F5, 0x4F83,
314 0x5C68, 0xF451, 0x34D1, 0x08F9, 0x93E2, 0x73AB, 0x5362, 0x3F2A,
315 0x0C08, 0x5295, 0x6546, 0x5E9D, 0x2830, 0xA137, 0x0F0A, 0xB52F,
316 0x090E, 0x3624, 0x9B1B, 0x3DDF, 0x26CD, 0x694E, 0xCD7F, 0x9FEA,
317 0x1B12, 0x9E1D, 0x7458, 0x2E34, 0x2D36, 0xB2DC, 0xEEB4, 0xFB5B,
318 0xF6A4, 0x4D76, 0x61B7, 0xCE7D, 0x7B52, 0x3EDD, 0x715E, 0x9713,
319 0xF5A6, 0x68B9, 0x0000, 0x2CC1, 0x6040, 0x1FE3, 0xC879, 0xEDB6,
320 0xBED4, 0x468D, 0xD967, 0x4B72, 0xDE94, 0xD498, 0xE8B0, 0x4A85,
321 0x6BBB, 0x2AC5, 0xE54F, 0x16ED, 0xC586, 0xD79A, 0x5566, 0x9411,
322 0xCF8A, 0x10E9, 0x0604, 0x81FE, 0xF0A0, 0x4478, 0xBA25, 0xE34B,
323 0xF3A2, 0xFE5D, 0xC080, 0x8A05, 0xAD3F, 0xBC21, 0x4870, 0x04F1,
324 0xDF63, 0xC177, 0x75AF, 0x6342, 0x3020, 0x1AE5, 0x0EFD, 0x6DBF,
325 0x4C81, 0x1418, 0x3526, 0x2FC3, 0xE1BE, 0xA235, 0xCC88, 0x392E,
326 0x5793, 0xF255, 0x82FC, 0x477A, 0xACC8, 0xE7BA, 0x2B32, 0x95E6,
327 0xA0C0, 0x9819, 0xD19E, 0x7FA3, 0x6644, 0x7E54, 0xAB3B, 0x830B,
328 0xCA8C, 0x29C7, 0xD36B, 0x3C28, 0x79A7, 0xE2BC, 0x1D16, 0x76AD,
329 0x3BDB, 0x5664, 0x4E74, 0x1E14, 0xDB92, 0x0A0C, 0x6C48, 0xE4B8,
330 0x5D9F, 0x6EBD, 0xEF43, 0xA6C4, 0xA839, 0xA431, 0x37D3, 0x8BF2,
331 0x32D5, 0x438B, 0x596E, 0xB7DA, 0x8C01, 0x64B1, 0xD29C, 0xE049,
332 0xB4D8, 0xFAAC, 0x07F3, 0x25CF, 0xAFCA, 0x8EF4, 0xE947, 0x1810,
333 0xD56F, 0x88F0, 0x6F4A, 0x725C, 0x2438, 0xF157, 0xC773, 0x5197,
334 0x23CB, 0x7CA1, 0x9CE8, 0x213E, 0xDD96, 0xDC61, 0x860D, 0x850F,
335 0x90E0, 0x427C, 0xC471, 0xAACC, 0xD890, 0x0506, 0x01F7, 0x121C,
336 0xA3C2, 0x5F6A, 0xF9AE, 0xD069, 0x9117, 0x5899, 0x273A, 0xB927,
337 0x38D9, 0x13EB, 0xB32B, 0x3322, 0xBBD2, 0x70A9, 0x8907, 0xA733,
338 0xB62D, 0x223C, 0x9215, 0x20C9, 0x4987, 0xFFAA, 0x7850, 0x7AA5,
339 0x8F03, 0xF859, 0x8009, 0x171A, 0xDA65, 0x31D7, 0xC684, 0xB8D0,
340 0xC382, 0xB029, 0x775A, 0x111E, 0xCB7B, 0xFCA8, 0xD66D, 0x3A2C,
341 }
342 };
343
344 /*
345 * Routine: Phase 1 -- generate P1K, given TA, TK, IV32
346 *
347 * Inputs:
348 * tk[] = temporal key [128 bits]
349 * ta[] = transmitter's MAC address [ 48 bits]
350 * iv32 = upper 32 bits of IV [ 32 bits]
351 * Output:
352 * p1k[] = Phase 1 key [ 80 bits]
353 *
354 * Note:
355 * This function only needs to be called every 2**16 packets,
356 * although in theory it could be called every packet.
357 */
phase1(u16 * p1k,const u8 * tk,const u8 * ta,u32 iv32)358 static void phase1(u16 *p1k, const u8 *tk, const u8 *ta, u32 iv32)
359 {
360 signed int i;
361
362 /* Initialize the 80 bits of P1K[] from IV32 and TA[0..5] */
363 p1k[0] = Lo16(iv32);
364 p1k[1] = Hi16(iv32);
365 p1k[2] = Mk16(ta[1], ta[0]); /* use TA[] as little-endian */
366 p1k[3] = Mk16(ta[3], ta[2]);
367 p1k[4] = Mk16(ta[5], ta[4]);
368
369 /* Now compute an unbalanced Feistel cipher with 80-bit block */
370 /* size on the 80-bit block P1K[], using the 128-bit key TK[] */
371 for (i = 0; i < PHASE1_LOOP_CNT; i++) {
372 /* Each add operation here is mod 2**16 */
373 p1k[0] += _S_(p1k[4] ^ TK16((i & 1) + 0));
374 p1k[1] += _S_(p1k[0] ^ TK16((i & 1) + 2));
375 p1k[2] += _S_(p1k[1] ^ TK16((i & 1) + 4));
376 p1k[3] += _S_(p1k[2] ^ TK16((i & 1) + 6));
377 p1k[4] += _S_(p1k[3] ^ TK16((i & 1) + 0));
378 p1k[4] += (unsigned short)i; /* avoid "slide attacks" */
379 }
380 }
381
382
383 /*
384 * Routine: Phase 2 -- generate RC4KEY, given TK, P1K, IV16
385 *
386 * Inputs:
387 * tk[] = Temporal key [128 bits]
388 * p1k[] = Phase 1 output key [ 80 bits]
389 * iv16 = low 16 bits of IV counter [ 16 bits]
390 * Output:
391 * rc4key[] = the key used to encrypt the packet [128 bits]
392 *
393 * Note:
394 * The value {TA, IV32, IV16} for Phase1/Phase2 must be unique
395 * across all packets using the same key TK value. Then, for a
396 * given value of TK[], this TKIP48 construction guarantees that
397 * the final RC4KEY value is unique across all packets.
398 *
399 * Suggested implementation optimization: if PPK[] is "overlaid"
400 * appropriately on RC4KEY[], there is no need for the final
401 * for loop below that copies the PPK[] result into RC4KEY[].
402 */
phase2(u8 * rc4key,const u8 * tk,const u16 * p1k,u16 iv16)403 static void phase2(u8 *rc4key, const u8 *tk, const u16 *p1k, u16 iv16)
404 {
405 signed int i;
406 u16 PPK[6]; /* temporary key for mixing */
407
408 /* Note: all adds in the PPK[] equations below are mod 2**16 */
409 for (i = 0; i < 5; i++)
410 PPK[i] = p1k[i]; /* first, copy P1K to PPK */
411
412 PPK[5] = p1k[4] + iv16; /* next, add in IV16 */
413
414 /* Bijective non-linear mixing of the 96 bits of PPK[0..5] */
415 PPK[0] += _S_(PPK[5] ^ TK16(0)); /* Mix key in each "round" */
416 PPK[1] += _S_(PPK[0] ^ TK16(1));
417 PPK[2] += _S_(PPK[1] ^ TK16(2));
418 PPK[3] += _S_(PPK[2] ^ TK16(3));
419 PPK[4] += _S_(PPK[3] ^ TK16(4));
420 PPK[5] += _S_(PPK[4] ^ TK16(5)); /* Total # S-box lookups == 6 */
421
422 /* Final sweep: bijective, "linear". Rotates kill LSB correlations */
423 PPK[0] += RotR1(PPK[5] ^ TK16(6));
424 PPK[1] += RotR1(PPK[0] ^ TK16(7)); /* Use all of TK[] in Phase2 */
425 PPK[2] += RotR1(PPK[1]);
426 PPK[3] += RotR1(PPK[2]);
427 PPK[4] += RotR1(PPK[3]);
428 PPK[5] += RotR1(PPK[4]);
429 /* Note: At this point, for a given key TK[0..15], the 96-bit output */
430 /* value PPK[0..5] is guaranteed to be unique, as a function */
431 /* of the 96-bit "input" value {TA, IV32, IV16}. That is, P1K */
432 /* is now a keyed permutation of {TA, IV32, IV16}. */
433
434 /* Set RC4KEY[0..3], which includes "cleartext" portion of RC4 key */
435 rc4key[0] = Hi8(iv16); /* RC4KEY[0..2] is the WEP IV */
436 rc4key[1] = (Hi8(iv16) | 0x20) & 0x7F; /* Help avoid weak (FMS) keys */
437 rc4key[2] = Lo8(iv16);
438 rc4key[3] = Lo8((PPK[5] ^ TK16(0)) >> 1);
439
440
441 /* Copy 96 bits of PPK[0..5] to RC4KEY[4..15] (little-endian) */
442 for (i = 0; i < 6; i++) {
443 rc4key[4 + 2 * i] = Lo8(PPK[i]);
444 rc4key[5 + 2 * i] = Hi8(PPK[i]);
445 }
446 }
447
448
449 /* The hlen isn't include the IV */
rtw_tkip_encrypt(struct adapter * padapter,u8 * pxmitframe)450 u32 rtw_tkip_encrypt(struct adapter *padapter, u8 *pxmitframe)
451 { /* exclude ICV */
452 u16 pnl;
453 u32 pnh;
454 u8 rc4key[16];
455 u8 ttkey[16];
456 union {
457 __le32 f0;
458 u8 f1[4];
459 } crc;
460 u8 hw_hdr_offset = 0;
461 signed int curfragnum, length;
462
463 u8 *pframe, *payload, *iv, *prwskey;
464 union pn48 dot11txpn;
465 struct pkt_attrib *pattrib = &((struct xmit_frame *)pxmitframe)->attrib;
466 struct security_priv *psecuritypriv = &padapter->securitypriv;
467 struct xmit_priv *pxmitpriv = &padapter->xmitpriv;
468 struct arc4_ctx *ctx = &psecuritypriv->xmit_arc4_ctx;
469 u32 res = _SUCCESS;
470
471 if (!((struct xmit_frame *)pxmitframe)->buf_addr)
472 return _FAIL;
473
474 hw_hdr_offset = TXDESC_OFFSET;
475 pframe = ((struct xmit_frame *)pxmitframe)->buf_addr + hw_hdr_offset;
476
477 /* 4 start to encrypt each fragment */
478 if (pattrib->encrypt == _TKIP_) {
479
480 {
481 if (is_multicast_ether_addr(pattrib->ra))
482 prwskey = psecuritypriv->dot118021XGrpKey[psecuritypriv->dot118021XGrpKeyid].skey;
483 else
484 prwskey = pattrib->dot118021x_UncstKey.skey;
485
486 for (curfragnum = 0; curfragnum < pattrib->nr_frags; curfragnum++) {
487 iv = pframe + pattrib->hdrlen;
488 payload = pframe + pattrib->iv_len + pattrib->hdrlen;
489
490 GET_TKIP_PN(iv, dot11txpn);
491
492 pnl = (u16)(dot11txpn.val);
493 pnh = (u32)(dot11txpn.val >> 16);
494
495 phase1((u16 *)&ttkey[0], prwskey, &pattrib->ta[0], pnh);
496
497 phase2(&rc4key[0], prwskey, (u16 *)&ttkey[0], pnl);
498
499 if ((curfragnum + 1) == pattrib->nr_frags) { /* 4 the last fragment */
500 length = pattrib->last_txcmdsz - pattrib->hdrlen - pattrib->iv_len - pattrib->icv_len;
501 crc.f0 = cpu_to_le32(~crc32_le(~0, payload, length));
502
503 arc4_setkey(ctx, rc4key, 16);
504 arc4_crypt(ctx, payload, payload, length);
505 arc4_crypt(ctx, payload + length, crc.f1, 4);
506
507 } else {
508 length = pxmitpriv->frag_len - pattrib->hdrlen - pattrib->iv_len - pattrib->icv_len;
509 crc.f0 = cpu_to_le32(~crc32_le(~0, payload, length));
510
511 arc4_setkey(ctx, rc4key, 16);
512 arc4_crypt(ctx, payload, payload, length);
513 arc4_crypt(ctx, payload + length, crc.f1, 4);
514
515 pframe += pxmitpriv->frag_len;
516 pframe = (u8 *)round_up((SIZE_PTR)(pframe), 4);
517 }
518 }
519 }
520 }
521 return res;
522 }
523
524
525 /* The hlen isn't include the IV */
rtw_tkip_decrypt(struct adapter * padapter,u8 * precvframe)526 u32 rtw_tkip_decrypt(struct adapter *padapter, u8 *precvframe)
527 { /* exclude ICV */
528 u16 pnl;
529 u32 pnh;
530 u8 rc4key[16];
531 u8 ttkey[16];
532 u8 crc[4];
533 signed int length;
534
535 u8 *pframe, *payload, *iv, *prwskey;
536 union pn48 dot11txpn;
537 struct sta_info *stainfo;
538 struct rx_pkt_attrib *prxattrib = &((union recv_frame *)precvframe)->u.hdr.attrib;
539 struct security_priv *psecuritypriv = &padapter->securitypriv;
540 struct arc4_ctx *ctx = &psecuritypriv->recv_arc4_ctx;
541 u32 res = _SUCCESS;
542
543 pframe = (unsigned char *)((union recv_frame *)precvframe)->u.hdr.rx_data;
544
545 /* 4 start to decrypt recvframe */
546 if (prxattrib->encrypt == _TKIP_) {
547 stainfo = rtw_get_stainfo(&padapter->stapriv, &prxattrib->ta[0]);
548 if (stainfo) {
549 if (is_multicast_ether_addr(prxattrib->ra)) {
550 static unsigned long start;
551 static u32 no_gkey_bc_cnt;
552 static u32 no_gkey_mc_cnt;
553
554 if (!psecuritypriv->binstallGrpkey) {
555 res = _FAIL;
556
557 if (start == 0)
558 start = jiffies;
559
560 if (is_broadcast_mac_addr(prxattrib->ra))
561 no_gkey_bc_cnt++;
562 else
563 no_gkey_mc_cnt++;
564
565 if (jiffies_to_msecs(jiffies - start) > 1000) {
566 if (no_gkey_bc_cnt || no_gkey_mc_cnt) {
567 netdev_dbg(padapter->pnetdev,
568 FUNC_ADPT_FMT " no_gkey_bc_cnt:%u, no_gkey_mc_cnt:%u\n",
569 FUNC_ADPT_ARG(padapter),
570 no_gkey_bc_cnt,
571 no_gkey_mc_cnt);
572 }
573 start = jiffies;
574 no_gkey_bc_cnt = 0;
575 no_gkey_mc_cnt = 0;
576 }
577 goto exit;
578 }
579
580 if (no_gkey_bc_cnt || no_gkey_mc_cnt) {
581 netdev_dbg(padapter->pnetdev,
582 FUNC_ADPT_FMT " gkey installed. no_gkey_bc_cnt:%u, no_gkey_mc_cnt:%u\n",
583 FUNC_ADPT_ARG(padapter),
584 no_gkey_bc_cnt,
585 no_gkey_mc_cnt);
586 }
587 start = 0;
588 no_gkey_bc_cnt = 0;
589 no_gkey_mc_cnt = 0;
590
591 prwskey = psecuritypriv->dot118021XGrpKey[prxattrib->key_index].skey;
592 } else {
593 prwskey = &stainfo->dot118021x_UncstKey.skey[0];
594 }
595
596 iv = pframe + prxattrib->hdrlen;
597 payload = pframe + prxattrib->iv_len + prxattrib->hdrlen;
598 length = ((union recv_frame *)precvframe)->u.hdr.len - prxattrib->hdrlen - prxattrib->iv_len;
599
600 GET_TKIP_PN(iv, dot11txpn);
601
602 pnl = (u16)(dot11txpn.val);
603 pnh = (u32)(dot11txpn.val >> 16);
604
605 phase1((u16 *)&ttkey[0], prwskey, &prxattrib->ta[0], pnh);
606 phase2(&rc4key[0], prwskey, (unsigned short *)&ttkey[0], pnl);
607
608 /* 4 decrypt payload include icv */
609
610 arc4_setkey(ctx, rc4key, 16);
611 arc4_crypt(ctx, payload, payload, length);
612
613 *((u32 *)crc) = ~crc32_le(~0, payload, length - 4);
614
615 if (crc[3] != payload[length - 1] || crc[2] != payload[length - 2] ||
616 crc[1] != payload[length - 3] || crc[0] != payload[length - 4])
617 res = _FAIL;
618 } else {
619 res = _FAIL;
620 }
621 }
622 exit:
623 return res;
624 }
625
626
627 /* 3 =====AES related ===== */
628
629
630
631 #define MAX_MSG_SIZE 2048
632
633 /****************************************/
634 /* aes128k128d() */
635 /* Performs a 128 bit AES encrypt with */
636 /* 128 bit data. */
637 /****************************************/
aes128k128d(u8 * key,u8 * data,u8 * ciphertext)638 static void aes128k128d(u8 *key, u8 *data, u8 *ciphertext)
639 {
640 struct crypto_aes_ctx ctx;
641
642 aes_expandkey(&ctx, key, 16);
643 aes_encrypt(&ctx, ciphertext, data);
644 memzero_explicit(&ctx, sizeof(ctx));
645 }
646
647 /************************************************/
648 /* construct_mic_iv() */
649 /* Builds the MIC IV from header fields and PN */
650 /* Baron think the function is construct CCM */
651 /* nonce */
652 /************************************************/
construct_mic_iv(u8 * mic_iv,signed int qc_exists,signed int a4_exists,u8 * mpdu,uint payload_length,u8 * pn_vector,uint frtype)653 static void construct_mic_iv(u8 *mic_iv,
654 signed int qc_exists,
655 signed int a4_exists,
656 u8 *mpdu,
657 uint payload_length,
658 u8 *pn_vector,
659 uint frtype) /* add for CONFIG_IEEE80211W, none 11w also can use */
660 {
661 signed int i;
662
663 mic_iv[0] = 0x59;
664
665 if (qc_exists && a4_exists)
666 mic_iv[1] = mpdu[30] & 0x0f; /* QoS_TC */
667
668 if (qc_exists && !a4_exists)
669 mic_iv[1] = mpdu[24] & 0x0f; /* mute bits 7-4 */
670
671 if (!qc_exists)
672 mic_iv[1] = 0x00;
673
674 /* 802.11w management frame should set management bit(4) */
675 if (frtype == WIFI_MGT_TYPE)
676 mic_iv[1] |= BIT(4);
677
678 for (i = 2; i < 8; i++)
679 mic_iv[i] = mpdu[i + 8]; /* mic_iv[2:7] = A2[0:5] = mpdu[10:15] */
680 #ifdef CONSISTENT_PN_ORDER
681 for (i = 8; i < 14; i++)
682 mic_iv[i] = pn_vector[i - 8]; /* mic_iv[8:13] = PN[0:5] */
683 #else
684 for (i = 8; i < 14; i++)
685 mic_iv[i] = pn_vector[13 - i]; /* mic_iv[8:13] = PN[5:0] */
686 #endif
687 mic_iv[14] = (unsigned char) (payload_length / 256);
688 mic_iv[15] = (unsigned char) (payload_length % 256);
689 }
690
691 /************************************************/
692 /* construct_mic_header1() */
693 /* Builds the first MIC header block from */
694 /* header fields. */
695 /* Build AAD SC, A1, A2 */
696 /************************************************/
construct_mic_header1(u8 * mic_header1,signed int header_length,u8 * mpdu,uint frtype)697 static void construct_mic_header1(u8 *mic_header1,
698 signed int header_length,
699 u8 *mpdu,
700 uint frtype) /* for CONFIG_IEEE80211W, none 11w also can use */
701 {
702 mic_header1[0] = (u8)((header_length - 2) / 256);
703 mic_header1[1] = (u8)((header_length - 2) % 256);
704
705 /* 802.11w management frame don't AND subtype bits 4, 5, 6 of frame control field */
706 if (frtype == WIFI_MGT_TYPE)
707 mic_header1[2] = mpdu[0];
708 else
709 mic_header1[2] = mpdu[0] & 0xcf; /* Mute CF poll & CF ack bits */
710
711 mic_header1[3] = mpdu[1] & 0xc7; /* Mute retry, more data and pwr mgt bits */
712 mic_header1[4] = mpdu[4]; /* A1 */
713 mic_header1[5] = mpdu[5];
714 mic_header1[6] = mpdu[6];
715 mic_header1[7] = mpdu[7];
716 mic_header1[8] = mpdu[8];
717 mic_header1[9] = mpdu[9];
718 mic_header1[10] = mpdu[10]; /* A2 */
719 mic_header1[11] = mpdu[11];
720 mic_header1[12] = mpdu[12];
721 mic_header1[13] = mpdu[13];
722 mic_header1[14] = mpdu[14];
723 mic_header1[15] = mpdu[15];
724 }
725
726 /************************************************/
727 /* construct_mic_header2() */
728 /* Builds the last MIC header block from */
729 /* header fields. */
730 /************************************************/
construct_mic_header2(u8 * mic_header2,u8 * mpdu,signed int a4_exists,signed int qc_exists)731 static void construct_mic_header2(u8 *mic_header2,
732 u8 *mpdu,
733 signed int a4_exists,
734 signed int qc_exists)
735 {
736 signed int i;
737
738 for (i = 0; i < 16; i++)
739 mic_header2[i] = 0x00;
740
741 mic_header2[0] = mpdu[16]; /* A3 */
742 mic_header2[1] = mpdu[17];
743 mic_header2[2] = mpdu[18];
744 mic_header2[3] = mpdu[19];
745 mic_header2[4] = mpdu[20];
746 mic_header2[5] = mpdu[21];
747
748 mic_header2[6] = 0x00;
749 mic_header2[7] = 0x00; /* mpdu[23]; */
750
751 if (!qc_exists && a4_exists) {
752 for (i = 0; i < 6; i++)
753 mic_header2[8 + i] = mpdu[24 + i]; /* A4 */
754 }
755
756 if (qc_exists && !a4_exists) {
757 mic_header2[8] = mpdu[24] & 0x0f; /* mute bits 15 - 4 */
758 mic_header2[9] = mpdu[25] & 0x00;
759 }
760
761 if (qc_exists && a4_exists) {
762 for (i = 0; i < 6; i++)
763 mic_header2[8 + i] = mpdu[24 + i]; /* A4 */
764
765 mic_header2[14] = mpdu[30] & 0x0f;
766 mic_header2[15] = mpdu[31] & 0x00;
767 }
768 }
769
770 /************************************************/
771 /* construct_mic_header2() */
772 /* Builds the last MIC header block from */
773 /* header fields. */
774 /* Baron think the function is construct CCM */
775 /* nonce */
776 /************************************************/
construct_ctr_preload(u8 * ctr_preload,signed int a4_exists,signed int qc_exists,u8 * mpdu,u8 * pn_vector,signed int c,uint frtype)777 static void construct_ctr_preload(u8 *ctr_preload,
778 signed int a4_exists,
779 signed int qc_exists,
780 u8 *mpdu,
781 u8 *pn_vector,
782 signed int c,
783 uint frtype) /* for CONFIG_IEEE80211W, none 11w also can use */
784 {
785 signed int i = 0;
786
787 for (i = 0; i < 16; i++)
788 ctr_preload[i] = 0x00;
789 i = 0;
790
791 ctr_preload[0] = 0x01; /* flag */
792 if (qc_exists && a4_exists)
793 ctr_preload[1] = mpdu[30] & 0x0f; /* QoC_Control */
794 if (qc_exists && !a4_exists)
795 ctr_preload[1] = mpdu[24] & 0x0f;
796
797 /* 802.11w management frame should set management bit(4) */
798 if (frtype == WIFI_MGT_TYPE)
799 ctr_preload[1] |= BIT(4);
800
801 for (i = 2; i < 8; i++)
802 ctr_preload[i] = mpdu[i + 8]; /* ctr_preload[2:7] = A2[0:5] = mpdu[10:15] */
803 #ifdef CONSISTENT_PN_ORDER
804 for (i = 8; i < 14; i++)
805 ctr_preload[i] = pn_vector[i - 8]; /* ctr_preload[8:13] = PN[0:5] */
806 #else
807 for (i = 8; i < 14; i++)
808 ctr_preload[i] = pn_vector[13 - i]; /* ctr_preload[8:13] = PN[5:0] */
809 #endif
810 ctr_preload[14] = (unsigned char) (c / 256); /* Ctr */
811 ctr_preload[15] = (unsigned char) (c % 256);
812 }
813
aes_cipher(u8 * key,uint hdrlen,u8 * pframe,uint plen)814 static signed int aes_cipher(u8 *key, uint hdrlen,
815 u8 *pframe, uint plen)
816 {
817 uint qc_exists, a4_exists, i, j, payload_remainder,
818 num_blocks, payload_index;
819
820 u8 pn_vector[6];
821 u8 mic_iv[16] = {};
822 u8 mic_header1[16] = {};
823 u8 mic_header2[16] = {};
824 u8 ctr_preload[16] = {};
825
826 /* Intermediate Buffers */
827 u8 chain_buffer[16] = {};
828 u8 aes_out[16] = {};
829 u8 padded_buffer[16] = {};
830 u8 mic[8];
831 uint frtype = GetFrameType(pframe);
832 uint frsubtype = GetFrameSubType(pframe);
833
834 frsubtype = frsubtype >> 4;
835
836 if ((hdrlen == WLAN_HDR_A3_LEN) || (hdrlen == WLAN_HDR_A3_QOS_LEN))
837 a4_exists = 0;
838 else
839 a4_exists = 1;
840
841 if (((frtype | frsubtype) == WIFI_DATA_CFACK) ||
842 ((frtype | frsubtype) == WIFI_DATA_CFPOLL) ||
843 ((frtype | frsubtype) == WIFI_DATA_CFACKPOLL)) {
844 qc_exists = 1;
845 if (hdrlen != WLAN_HDR_A3_QOS_LEN)
846 hdrlen += 2;
847
848 } else if ((frtype == WIFI_DATA) && /* add for CONFIG_IEEE80211W, none 11w also can use */
849 ((frsubtype == 0x08) ||
850 (frsubtype == 0x09) ||
851 (frsubtype == 0x0a) ||
852 (frsubtype == 0x0b))) {
853 if (hdrlen != WLAN_HDR_A3_QOS_LEN)
854 hdrlen += 2;
855
856 qc_exists = 1;
857 } else {
858 qc_exists = 0;
859 }
860
861 pn_vector[0] = pframe[hdrlen];
862 pn_vector[1] = pframe[hdrlen + 1];
863 pn_vector[2] = pframe[hdrlen + 4];
864 pn_vector[3] = pframe[hdrlen + 5];
865 pn_vector[4] = pframe[hdrlen + 6];
866 pn_vector[5] = pframe[hdrlen + 7];
867
868 construct_mic_iv(mic_iv,
869 qc_exists,
870 a4_exists,
871 pframe, /* message, */
872 plen,
873 pn_vector,
874 frtype); /* add for CONFIG_IEEE80211W, none 11w also can use */
875
876 construct_mic_header1(mic_header1,
877 hdrlen,
878 pframe, /* message */
879 frtype); /* add for CONFIG_IEEE80211W, none 11w also can use */
880
881 construct_mic_header2(mic_header2,
882 pframe, /* message, */
883 a4_exists,
884 qc_exists);
885
886 payload_remainder = plen % 16;
887 num_blocks = plen / 16;
888
889 /* Find start of payload */
890 payload_index = (hdrlen + 8);
891
892 /* Calculate MIC */
893 aes128k128d(key, mic_iv, aes_out);
894 crypto_xor_cpy(chain_buffer, aes_out, mic_header1, 16);
895 aes128k128d(key, chain_buffer, aes_out);
896 crypto_xor_cpy(chain_buffer, aes_out, mic_header2, 16);
897 aes128k128d(key, chain_buffer, aes_out);
898
899 for (i = 0; i < num_blocks; i++) {
900 crypto_xor_cpy(chain_buffer, aes_out, &pframe[payload_index], 16);
901
902 payload_index += 16;
903 aes128k128d(key, chain_buffer, aes_out);
904 }
905
906 /* Add on the final payload block if it needs padding */
907 if (payload_remainder > 0) {
908 for (j = 0; j < 16; j++)
909 padded_buffer[j] = 0x00;
910 for (j = 0; j < payload_remainder; j++)
911 padded_buffer[j] = pframe[payload_index++];
912
913 crypto_xor_cpy(chain_buffer, aes_out, padded_buffer, 16);
914 aes128k128d(key, chain_buffer, aes_out);
915 }
916
917 for (j = 0 ; j < 8; j++)
918 mic[j] = aes_out[j];
919
920 /* Insert MIC into payload */
921 for (j = 0; j < 8; j++)
922 pframe[payload_index + j] = mic[j];
923
924 payload_index = hdrlen + 8;
925 for (i = 0; i < num_blocks; i++) {
926 construct_ctr_preload(ctr_preload, a4_exists, qc_exists, pframe, /* message, */
927 pn_vector, i + 1, frtype);
928 /* add for CONFIG_IEEE80211W, none 11w also can use */
929 aes128k128d(key, ctr_preload, aes_out);
930 crypto_xor_cpy(chain_buffer, aes_out, &pframe[payload_index], 16);
931 for (j = 0; j < 16; j++)
932 pframe[payload_index++] = chain_buffer[j];
933 }
934
935 if (payload_remainder > 0) {
936 /* If there is a short final block, then pad it,*/
937 /* encrypt it and copy the unpadded part back */
938 construct_ctr_preload(ctr_preload, a4_exists, qc_exists, pframe, /* message, */
939 pn_vector, num_blocks + 1, frtype);
940 /* add for CONFIG_IEEE80211W, none 11w also can use */
941
942 for (j = 0; j < 16; j++)
943 padded_buffer[j] = 0x00;
944 for (j = 0; j < payload_remainder; j++)
945 padded_buffer[j] = pframe[payload_index + j];
946
947 aes128k128d(key, ctr_preload, aes_out);
948 crypto_xor_cpy(chain_buffer, aes_out, padded_buffer, 16);
949 for (j = 0; j < payload_remainder; j++)
950 pframe[payload_index++] = chain_buffer[j];
951 }
952
953 /* Encrypt the MIC */
954 construct_ctr_preload(ctr_preload, a4_exists, qc_exists, pframe, /* message, */
955 pn_vector, 0, frtype);
956 /* add for CONFIG_IEEE80211W, none 11w also can use */
957
958 for (j = 0; j < 16; j++)
959 padded_buffer[j] = 0x00;
960 for (j = 0; j < 8; j++)
961 padded_buffer[j] = pframe[j + hdrlen + 8 + plen];
962
963 aes128k128d(key, ctr_preload, aes_out);
964 crypto_xor_cpy(chain_buffer, aes_out, padded_buffer, 16);
965 for (j = 0; j < 8; j++)
966 pframe[payload_index++] = chain_buffer[j];
967
968 return _SUCCESS;
969 }
970
rtw_aes_encrypt(struct adapter * padapter,u8 * pxmitframe)971 u32 rtw_aes_encrypt(struct adapter *padapter, u8 *pxmitframe)
972 { /* exclude ICV */
973
974 /*static*/
975 /* unsigned char message[MAX_MSG_SIZE]; */
976
977 /* Intermediate Buffers */
978 signed int curfragnum, length;
979 u8 *pframe, *prwskey; /* *payload,*iv */
980 u8 hw_hdr_offset = 0;
981 struct pkt_attrib *pattrib = &((struct xmit_frame *)pxmitframe)->attrib;
982 struct security_priv *psecuritypriv = &padapter->securitypriv;
983 struct xmit_priv *pxmitpriv = &padapter->xmitpriv;
984
985 u32 res = _SUCCESS;
986
987 if (!((struct xmit_frame *)pxmitframe)->buf_addr)
988 return _FAIL;
989
990 hw_hdr_offset = TXDESC_OFFSET;
991 pframe = ((struct xmit_frame *)pxmitframe)->buf_addr + hw_hdr_offset;
992
993 /* 4 start to encrypt each fragment */
994 if (pattrib->encrypt == _AES_) {
995 if (is_multicast_ether_addr(pattrib->ra))
996 prwskey = psecuritypriv->dot118021XGrpKey[psecuritypriv->dot118021XGrpKeyid].skey;
997 else
998 prwskey = pattrib->dot118021x_UncstKey.skey;
999
1000 for (curfragnum = 0; curfragnum < pattrib->nr_frags; curfragnum++) {
1001 if ((curfragnum + 1) == pattrib->nr_frags) { /* 4 the last fragment */
1002 length = pattrib->last_txcmdsz - pattrib->hdrlen - pattrib->iv_len - pattrib->icv_len;
1003
1004 aes_cipher(prwskey, pattrib->hdrlen, pframe, length);
1005 } else {
1006 length = pxmitpriv->frag_len - pattrib->hdrlen - pattrib->iv_len - pattrib->icv_len;
1007
1008 aes_cipher(prwskey, pattrib->hdrlen, pframe, length);
1009 pframe += pxmitpriv->frag_len;
1010 pframe = (u8 *)round_up((SIZE_PTR)(pframe), 4);
1011 }
1012 }
1013 }
1014 return res;
1015 }
1016
aes_decipher(u8 * key,uint hdrlen,u8 * pframe,uint plen)1017 static signed int aes_decipher(u8 *key, uint hdrlen,
1018 u8 *pframe, uint plen)
1019 {
1020 static u8 message[MAX_MSG_SIZE];
1021 uint qc_exists, a4_exists, i, j, payload_remainder,
1022 num_blocks, payload_index;
1023 signed int res = _SUCCESS;
1024 u8 pn_vector[6];
1025 u8 mic_iv[16] = {};
1026 u8 mic_header1[16] = {};
1027 u8 mic_header2[16] = {};
1028 u8 ctr_preload[16] = {};
1029
1030 /* Intermediate Buffers */
1031 u8 chain_buffer[16] = {};
1032 u8 aes_out[16] = {};
1033 u8 padded_buffer[16] = {};
1034 u8 mic[8];
1035
1036 uint frtype = GetFrameType(pframe);
1037 uint frsubtype = GetFrameSubType(pframe);
1038
1039 frsubtype = frsubtype >> 4;
1040
1041 /* start to decrypt the payload */
1042
1043 num_blocks = (plen - 8) / 16; /* plen including LLC, payload_length and mic) */
1044
1045 payload_remainder = (plen - 8) % 16;
1046
1047 pn_vector[0] = pframe[hdrlen];
1048 pn_vector[1] = pframe[hdrlen + 1];
1049 pn_vector[2] = pframe[hdrlen + 4];
1050 pn_vector[3] = pframe[hdrlen + 5];
1051 pn_vector[4] = pframe[hdrlen + 6];
1052 pn_vector[5] = pframe[hdrlen + 7];
1053
1054 if ((hdrlen == WLAN_HDR_A3_LEN) || (hdrlen == WLAN_HDR_A3_QOS_LEN))
1055 a4_exists = 0;
1056 else
1057 a4_exists = 1;
1058
1059 if (((frtype | frsubtype) == WIFI_DATA_CFACK) ||
1060 ((frtype | frsubtype) == WIFI_DATA_CFPOLL) ||
1061 ((frtype | frsubtype) == WIFI_DATA_CFACKPOLL)) {
1062 qc_exists = 1;
1063 if (hdrlen != WLAN_HDR_A3_QOS_LEN)
1064 hdrlen += 2;
1065
1066 } else if ((frtype == WIFI_DATA) && /* only for data packet . add for CONFIG_IEEE80211W, none 11w also can use */
1067 ((frsubtype == 0x08) ||
1068 (frsubtype == 0x09) ||
1069 (frsubtype == 0x0a) ||
1070 (frsubtype == 0x0b))) {
1071 if (hdrlen != WLAN_HDR_A3_QOS_LEN)
1072 hdrlen += 2;
1073
1074 qc_exists = 1;
1075 } else {
1076 qc_exists = 0;
1077 }
1078
1079 /* now, decrypt pframe with hdrlen offset and plen long */
1080
1081 payload_index = hdrlen + 8; /* 8 is for extiv */
1082
1083 for (i = 0; i < num_blocks; i++) {
1084 construct_ctr_preload(ctr_preload, a4_exists,
1085 qc_exists, pframe,
1086 pn_vector, i + 1,
1087 frtype); /* add for CONFIG_IEEE80211W, none 11w also can use */
1088
1089 aes128k128d(key, ctr_preload, aes_out);
1090 crypto_xor_cpy(chain_buffer, aes_out, &pframe[payload_index], 16);
1091
1092 for (j = 0; j < 16; j++)
1093 pframe[payload_index++] = chain_buffer[j];
1094 }
1095
1096 if (payload_remainder > 0) {
1097 /* If there is a short final block, then pad it,*/
1098 /* encrypt it and copy the unpadded part back */
1099 construct_ctr_preload(ctr_preload, a4_exists, qc_exists, pframe, pn_vector,
1100 num_blocks + 1, frtype);
1101 /* add for CONFIG_IEEE80211W, none 11w also can use */
1102
1103 for (j = 0; j < 16; j++)
1104 padded_buffer[j] = 0x00;
1105 for (j = 0; j < payload_remainder; j++)
1106 padded_buffer[j] = pframe[payload_index + j];
1107
1108 aes128k128d(key, ctr_preload, aes_out);
1109 crypto_xor_cpy(chain_buffer, aes_out, padded_buffer, 16);
1110 for (j = 0; j < payload_remainder; j++)
1111 pframe[payload_index++] = chain_buffer[j];
1112 }
1113
1114 /* start to calculate the mic */
1115 if ((hdrlen + plen + 8) <= MAX_MSG_SIZE)
1116 memcpy((void *)message, pframe, (hdrlen + plen + 8)); /* 8 is for ext iv len */
1117
1118 pn_vector[0] = pframe[hdrlen];
1119 pn_vector[1] = pframe[hdrlen + 1];
1120 pn_vector[2] = pframe[hdrlen + 4];
1121 pn_vector[3] = pframe[hdrlen + 5];
1122 pn_vector[4] = pframe[hdrlen + 6];
1123 pn_vector[5] = pframe[hdrlen + 7];
1124
1125 construct_mic_iv(mic_iv, qc_exists, a4_exists, message, plen - 8, pn_vector, frtype);
1126 /* add for CONFIG_IEEE80211W, none 11w also can use */
1127
1128 construct_mic_header1(mic_header1, hdrlen, message, frtype);
1129 /* add for CONFIG_IEEE80211W, none 11w also can use */
1130 construct_mic_header2(mic_header2, message, a4_exists, qc_exists);
1131
1132 payload_remainder = (plen - 8) % 16;
1133 num_blocks = (plen - 8) / 16;
1134
1135 /* Find start of payload */
1136 payload_index = (hdrlen + 8);
1137
1138 /* Calculate MIC */
1139 aes128k128d(key, mic_iv, aes_out);
1140 crypto_xor_cpy(chain_buffer, aes_out, mic_header1, 16);
1141 aes128k128d(key, chain_buffer, aes_out);
1142 crypto_xor_cpy(chain_buffer, aes_out, mic_header2, 16);
1143 aes128k128d(key, chain_buffer, aes_out);
1144
1145 for (i = 0; i < num_blocks; i++) {
1146 crypto_xor_cpy(chain_buffer, aes_out, &message[payload_index], 16);
1147
1148 payload_index += 16;
1149 aes128k128d(key, chain_buffer, aes_out);
1150 }
1151
1152 /* Add on the final payload block if it needs padding */
1153 if (payload_remainder > 0) {
1154 for (j = 0; j < 16; j++)
1155 padded_buffer[j] = 0x00;
1156 for (j = 0; j < payload_remainder; j++)
1157 padded_buffer[j] = message[payload_index++];
1158
1159 crypto_xor_cpy(chain_buffer, aes_out, padded_buffer, 16);
1160 aes128k128d(key, chain_buffer, aes_out);
1161 }
1162
1163 for (j = 0; j < 8; j++)
1164 mic[j] = aes_out[j];
1165
1166 /* Insert MIC into payload */
1167 for (j = 0; j < 8; j++)
1168 message[payload_index + j] = mic[j];
1169
1170 payload_index = hdrlen + 8;
1171 for (i = 0; i < num_blocks; i++) {
1172 construct_ctr_preload(ctr_preload, a4_exists, qc_exists, message, pn_vector, i + 1,
1173 frtype);
1174 /* add for CONFIG_IEEE80211W, none 11w also can use */
1175 aes128k128d(key, ctr_preload, aes_out);
1176 crypto_xor_cpy(chain_buffer, aes_out, &message[payload_index], 16);
1177 for (j = 0; j < 16; j++)
1178 message[payload_index++] = chain_buffer[j];
1179 }
1180
1181 if (payload_remainder > 0) {
1182 /* If there is a short final block, then pad it,*/
1183 /* encrypt it and copy the unpadded part back */
1184 construct_ctr_preload(ctr_preload, a4_exists, qc_exists, message, pn_vector,
1185 num_blocks + 1, frtype);
1186 /* add for CONFIG_IEEE80211W, none 11w also can use */
1187
1188 for (j = 0; j < 16; j++)
1189 padded_buffer[j] = 0x00;
1190 for (j = 0; j < payload_remainder; j++)
1191 padded_buffer[j] = message[payload_index + j];
1192
1193 aes128k128d(key, ctr_preload, aes_out);
1194 crypto_xor_cpy(chain_buffer, aes_out, padded_buffer, 16);
1195 for (j = 0; j < payload_remainder; j++)
1196 message[payload_index++] = chain_buffer[j];
1197 }
1198
1199 /* Encrypt the MIC */
1200 construct_ctr_preload(ctr_preload, a4_exists, qc_exists, message, pn_vector, 0, frtype);
1201 /* add for CONFIG_IEEE80211W, none 11w also can use */
1202
1203 for (j = 0; j < 16; j++)
1204 padded_buffer[j] = 0x00;
1205 for (j = 0; j < 8; j++)
1206 padded_buffer[j] = message[j + hdrlen + 8 + plen - 8];
1207
1208 aes128k128d(key, ctr_preload, aes_out);
1209 crypto_xor_cpy(chain_buffer, aes_out, padded_buffer, 16);
1210 for (j = 0; j < 8; j++)
1211 message[payload_index++] = chain_buffer[j];
1212
1213 /* compare the mic */
1214 for (i = 0; i < 8; i++) {
1215 if (pframe[hdrlen + 8 + plen - 8 + i] != message[hdrlen + 8 + plen - 8 + i])
1216 res = _FAIL;
1217 }
1218 return res;
1219 }
1220
rtw_aes_decrypt(struct adapter * padapter,u8 * precvframe)1221 u32 rtw_aes_decrypt(struct adapter *padapter, u8 *precvframe)
1222 { /* exclude ICV */
1223
1224 /*static*/
1225 /* unsigned char message[MAX_MSG_SIZE]; */
1226
1227 /* Intermediate Buffers */
1228
1229 signed int length;
1230 u8 *pframe, *prwskey; /* *payload,*iv */
1231 struct sta_info *stainfo;
1232 struct rx_pkt_attrib *prxattrib = &((union recv_frame *)precvframe)->u.hdr.attrib;
1233 struct security_priv *psecuritypriv = &padapter->securitypriv;
1234 u32 res = _SUCCESS;
1235
1236 pframe = (unsigned char *)((union recv_frame *)precvframe)->u.hdr.rx_data;
1237 /* 4 start to encrypt each fragment */
1238 if (prxattrib->encrypt == _AES_) {
1239 stainfo = rtw_get_stainfo(&padapter->stapriv, &prxattrib->ta[0]);
1240 if (stainfo) {
1241 if (is_multicast_ether_addr(prxattrib->ra)) {
1242 static unsigned long start;
1243 static u32 no_gkey_bc_cnt;
1244 static u32 no_gkey_mc_cnt;
1245
1246 if (!psecuritypriv->binstallGrpkey) {
1247 res = _FAIL;
1248
1249 if (start == 0)
1250 start = jiffies;
1251
1252 if (is_broadcast_mac_addr(prxattrib->ra))
1253 no_gkey_bc_cnt++;
1254 else
1255 no_gkey_mc_cnt++;
1256
1257 if (jiffies_to_msecs(jiffies - start) > 1000) {
1258 if (no_gkey_bc_cnt || no_gkey_mc_cnt) {
1259 netdev_dbg(padapter->pnetdev,
1260 FUNC_ADPT_FMT " no_gkey_bc_cnt:%u, no_gkey_mc_cnt:%u\n",
1261 FUNC_ADPT_ARG(padapter),
1262 no_gkey_bc_cnt,
1263 no_gkey_mc_cnt);
1264 }
1265 start = jiffies;
1266 no_gkey_bc_cnt = 0;
1267 no_gkey_mc_cnt = 0;
1268 }
1269
1270 goto exit;
1271 }
1272
1273 if (no_gkey_bc_cnt || no_gkey_mc_cnt) {
1274 netdev_dbg(padapter->pnetdev,
1275 FUNC_ADPT_FMT " gkey installed. no_gkey_bc_cnt:%u, no_gkey_mc_cnt:%u\n",
1276 FUNC_ADPT_ARG(padapter),
1277 no_gkey_bc_cnt,
1278 no_gkey_mc_cnt);
1279 }
1280 start = 0;
1281 no_gkey_bc_cnt = 0;
1282 no_gkey_mc_cnt = 0;
1283
1284 prwskey = psecuritypriv->dot118021XGrpKey[prxattrib->key_index].skey;
1285 if (psecuritypriv->dot118021XGrpKeyid != prxattrib->key_index) {
1286 res = _FAIL;
1287 goto exit;
1288 }
1289 } else {
1290 prwskey = &stainfo->dot118021x_UncstKey.skey[0];
1291 }
1292
1293 length = ((union recv_frame *)precvframe)->u.hdr.len - prxattrib->hdrlen - prxattrib->iv_len;
1294
1295 res = aes_decipher(prwskey, prxattrib->hdrlen, pframe, length);
1296
1297 } else {
1298 res = _FAIL;
1299 }
1300 }
1301 exit:
1302 return res;
1303 }
1304
rtw_BIP_verify(struct adapter * padapter,u8 * precvframe)1305 u32 rtw_BIP_verify(struct adapter *padapter, u8 *precvframe)
1306 {
1307 struct rx_pkt_attrib *pattrib = &((union recv_frame *)precvframe)->u.hdr.attrib;
1308 u8 *pframe;
1309 u8 *BIP_AAD, *p;
1310 u32 res = _FAIL;
1311 uint len, ori_len;
1312 struct ieee80211_hdr *pwlanhdr;
1313 u8 mic[16];
1314 struct mlme_ext_priv *pmlmeext = &padapter->mlmeextpriv;
1315 __le16 le_tmp;
1316 __le64 le_tmp64;
1317
1318 ori_len = pattrib->pkt_len - WLAN_HDR_A3_LEN + BIP_AAD_SIZE;
1319 BIP_AAD = rtw_zmalloc(ori_len);
1320
1321 if (!BIP_AAD)
1322 return _FAIL;
1323
1324 /* PKT start */
1325 pframe = (unsigned char *)((union recv_frame *)precvframe)->u.hdr.rx_data;
1326 /* mapping to wlan header */
1327 pwlanhdr = (struct ieee80211_hdr *)pframe;
1328 /* save the frame body + MME */
1329 memcpy(BIP_AAD + BIP_AAD_SIZE, pframe + WLAN_HDR_A3_LEN, pattrib->pkt_len - WLAN_HDR_A3_LEN);
1330 /* find MME IE pointer */
1331 p = rtw_get_ie(BIP_AAD + BIP_AAD_SIZE, WLAN_EID_MMIE, &len, pattrib->pkt_len - WLAN_HDR_A3_LEN);
1332 /* Baron */
1333 if (p) {
1334 u16 keyid = 0;
1335 u64 temp_ipn = 0;
1336 /* save packet number */
1337 memcpy(&le_tmp64, p + 4, 6);
1338 temp_ipn = le64_to_cpu(le_tmp64);
1339 /* BIP packet number should bigger than previous BIP packet */
1340 if (temp_ipn <= pmlmeext->mgnt_80211w_IPN_rx)
1341 goto BIP_exit;
1342
1343 /* copy key index */
1344 memcpy(&le_tmp, p + 2, 2);
1345 keyid = le16_to_cpu(le_tmp);
1346 if (keyid != padapter->securitypriv.dot11wBIPKeyid)
1347 goto BIP_exit;
1348
1349 /* clear the MIC field of MME to zero */
1350 memset(p + 2 + len - 8, 0, 8);
1351
1352 /* conscruct AAD, copy frame control field */
1353 memcpy(BIP_AAD, &pwlanhdr->frame_control, 2);
1354 ClearRetry(BIP_AAD);
1355 ClearPwrMgt(BIP_AAD);
1356 ClearMData(BIP_AAD);
1357 /* conscruct AAD, copy address 1 to address 3 */
1358 memcpy(BIP_AAD + 2, &pwlanhdr->addrs, sizeof(pwlanhdr->addrs));
1359
1360 if (omac1_aes_128(padapter->securitypriv.dot11wBIPKey[padapter->securitypriv.dot11wBIPKeyid].skey
1361 , BIP_AAD, ori_len, mic))
1362 goto BIP_exit;
1363
1364 /* MIC field should be last 8 bytes of packet (packet without FCS) */
1365 if (!memcmp(mic, pframe+pattrib->pkt_len-8, 8)) {
1366 pmlmeext->mgnt_80211w_IPN_rx = temp_ipn;
1367 res = _SUCCESS;
1368 } else {
1369 }
1370
1371 } else {
1372 res = RTW_RX_HANDLED;
1373 }
1374 BIP_exit:
1375
1376 kfree(BIP_AAD);
1377 return res;
1378 }
1379
gf_mulx(u8 * pad)1380 static void gf_mulx(u8 *pad)
1381 {
1382 int i, carry;
1383
1384 carry = pad[0] & 0x80;
1385 for (i = 0; i < AES_BLOCK_SIZE - 1; i++)
1386 pad[i] = (pad[i] << 1) | (pad[i + 1] >> 7);
1387
1388 pad[AES_BLOCK_SIZE - 1] <<= 1;
1389 if (carry)
1390 pad[AES_BLOCK_SIZE - 1] ^= 0x87;
1391 }
1392
1393 /**
1394 * omac1_aes_128_vector - One-Key CBC MAC (OMAC1) hash with AES-128
1395 * @key: 128-bit key for the hash operation
1396 * @num_elem: Number of elements in the data vector
1397 * @addr: Pointers to the data areas
1398 * @len: Lengths of the data blocks
1399 * @mac: Buffer for MAC (128 bits, i.e., 16 bytes)
1400 * Returns: 0 on success, -1 on failure
1401 *
1402 * This is a mode for using block cipher (AES in this case) for authentication.
1403 * OMAC1 was standardized with the name CMAC by NIST in a Special Publication
1404 * (SP) 800-38B.
1405 */
omac1_aes_128_vector(u8 * key,size_t num_elem,u8 * addr[],size_t * len,u8 * mac)1406 static int omac1_aes_128_vector(u8 *key, size_t num_elem,
1407 u8 *addr[], size_t *len, u8 *mac)
1408 {
1409 struct crypto_aes_ctx ctx;
1410 u8 cbc[AES_BLOCK_SIZE], pad[AES_BLOCK_SIZE];
1411 u8 *pos, *end;
1412 size_t i, e, left, total_len;
1413 int ret;
1414
1415 ret = aes_expandkey(&ctx, key, 16);
1416 if (ret)
1417 return -1;
1418 memset(cbc, 0, AES_BLOCK_SIZE);
1419
1420 total_len = 0;
1421 for (e = 0; e < num_elem; e++)
1422 total_len += len[e];
1423 left = total_len;
1424
1425 e = 0;
1426 pos = addr[0];
1427 end = pos + len[0];
1428
1429 while (left >= AES_BLOCK_SIZE) {
1430 for (i = 0; i < AES_BLOCK_SIZE; i++) {
1431 cbc[i] ^= *pos++;
1432 if (pos >= end) {
1433 e++;
1434 pos = addr[e];
1435 end = pos + len[e];
1436 }
1437 }
1438 if (left > AES_BLOCK_SIZE)
1439 aes_encrypt(&ctx, cbc, cbc);
1440 left -= AES_BLOCK_SIZE;
1441 }
1442
1443 memset(pad, 0, AES_BLOCK_SIZE);
1444 aes_encrypt(&ctx, pad, pad);
1445 gf_mulx(pad);
1446
1447 if (left || total_len == 0) {
1448 for (i = 0; i < left; i++) {
1449 cbc[i] ^= *pos++;
1450 if (pos >= end) {
1451 e++;
1452 pos = addr[e];
1453 end = pos + len[e];
1454 }
1455 }
1456 cbc[left] ^= 0x80;
1457 gf_mulx(pad);
1458 }
1459
1460 for (i = 0; i < AES_BLOCK_SIZE; i++)
1461 pad[i] ^= cbc[i];
1462 aes_encrypt(&ctx, pad, mac);
1463 memzero_explicit(&ctx, sizeof(ctx));
1464 return 0;
1465 }
1466
1467 /**
1468 * omac1_aes_128 - One-Key CBC MAC (OMAC1) hash with AES-128 (aka AES-CMAC)
1469 * @key: 128-bit key for the hash operation
1470 * @data: Data buffer for which a MAC is determined
1471 * @data_len: Length of data buffer in bytes
1472 * @mac: Buffer for MAC (128 bits, i.e., 16 bytes)
1473 * Returns: 0 on success, -1 on failure
1474 *
1475 * This is a mode for using block cipher (AES in this case) for authentication.
1476 * OMAC1 was standardized with the name CMAC by NIST in a Special Publication
1477 * (SP) 800-38B.
1478 * modify for CONFIG_IEEE80211W
1479 */
omac1_aes_128(u8 * key,u8 * data,size_t data_len,u8 * mac)1480 int omac1_aes_128(u8 *key, u8 *data, size_t data_len, u8 *mac)
1481 {
1482 return omac1_aes_128_vector(key, 1, &data, &data_len, mac);
1483 }
1484
1485 /* Restore HW wep key setting according to key_mask */
rtw_sec_restore_wep_key(struct adapter * adapter)1486 void rtw_sec_restore_wep_key(struct adapter *adapter)
1487 {
1488 struct security_priv *securitypriv = &(adapter->securitypriv);
1489 signed int keyid;
1490
1491 if ((_WEP40_ == securitypriv->dot11PrivacyAlgrthm) || (_WEP104_ == securitypriv->dot11PrivacyAlgrthm)) {
1492 for (keyid = 0; keyid < 4; keyid++) {
1493 if (securitypriv->key_mask & BIT(keyid)) {
1494 if (keyid == securitypriv->dot11PrivacyKeyIndex)
1495 rtw_set_key(adapter, securitypriv, keyid, 1, false);
1496 else
1497 rtw_set_key(adapter, securitypriv, keyid, 0, false);
1498 }
1499 }
1500 }
1501 }
1502
rtw_handle_tkip_countermeasure(struct adapter * adapter,const char * caller)1503 u8 rtw_handle_tkip_countermeasure(struct adapter *adapter, const char *caller)
1504 {
1505 struct security_priv *securitypriv = &(adapter->securitypriv);
1506 u8 status = _SUCCESS;
1507
1508 if (securitypriv->btkip_countermeasure) {
1509 unsigned long passing_ms = jiffies_to_msecs(jiffies - securitypriv->btkip_countermeasure_time);
1510
1511 if (passing_ms > 60 * 1000) {
1512 netdev_dbg(adapter->pnetdev,
1513 "%s(%s) countermeasure time:%lus > 60s\n",
1514 caller, ADPT_ARG(adapter),
1515 passing_ms / 1000);
1516 securitypriv->btkip_countermeasure = false;
1517 securitypriv->btkip_countermeasure_time = 0;
1518 } else {
1519 netdev_dbg(adapter->pnetdev,
1520 "%s(%s) countermeasure time:%lus < 60s\n",
1521 caller, ADPT_ARG(adapter),
1522 passing_ms / 1000);
1523 status = _FAIL;
1524 }
1525 }
1526
1527 return status;
1528 }
1529