1
2
3
4#define _RTW_SECURITY_C_
5
6#include "../include/osdep_service.h"
7#include "../include/drv_types.h"
8#include "../include/wifi.h"
9#include "../include/osdep_intf.h"
10
11
12
13#define CRC32_POLY 0x04c11db7
14
15struct arc4context {
16 u32 x;
17 u32 y;
18 u8 state[256];
19};
20
21static void arcfour_init(struct arc4context *parc4ctx, u8 *key, u32 key_len)
22{
23 u32 t, u;
24 u32 keyindex;
25 u32 stateindex;
26 u8 *state;
27 u32 counter;
28
29 state = parc4ctx->state;
30 parc4ctx->x = 0;
31 parc4ctx->y = 0;
32 for (counter = 0; counter < 256; counter++)
33 state[counter] = (u8)counter;
34 keyindex = 0;
35 stateindex = 0;
36 for (counter = 0; counter < 256; counter++) {
37 t = state[counter];
38 stateindex = (stateindex + key[keyindex] + t) & 0xff;
39 u = state[stateindex];
40 state[stateindex] = (u8)t;
41 state[counter] = (u8)u;
42 if (++keyindex >= key_len)
43 keyindex = 0;
44 }
45
46}
47
48static u32 arcfour_byte(struct arc4context *parc4ctx)
49{
50 u32 x;
51 u32 y;
52 u32 sx, sy;
53 u8 *state;
54
55 state = parc4ctx->state;
56 x = (parc4ctx->x + 1) & 0xff;
57 sx = state[x];
58 y = (sx + parc4ctx->y) & 0xff;
59 sy = state[y];
60 parc4ctx->x = x;
61 parc4ctx->y = y;
62 state[y] = (u8)sx;
63 state[x] = (u8)sy;
64
65 return state[(sx + sy) & 0xff];
66}
67
68static void arcfour_encrypt(struct arc4context *parc4ctx, u8 *dest, u8 *src, u32 len)
69{
70 u32 i;
71
72 for (i = 0; i < len; i++)
73 dest[i] = src[i] ^ (unsigned char)arcfour_byte(parc4ctx);
74
75}
76
77
78
79
80void rtw_wep_encrypt(struct adapter *padapter, u8 *pxmitframe)
81{
82 union {
83 __le32 f0;
84 u8 f1[4];
85 } crc;
86 struct arc4context mycontext;
87
88 int curfragnum, length;
89 u32 keylength;
90
91 u8 *pframe, *payload, *iv;
92 u8 wepkey[16];
93 u8 hw_hdr_offset = 0;
94 struct pkt_attrib *pattrib = &((struct xmit_frame *)pxmitframe)->attrib;
95 struct security_priv *psecuritypriv = &padapter->securitypriv;
96 struct xmit_priv *pxmitpriv = &padapter->xmitpriv;
97
98 if (!((struct xmit_frame *)pxmitframe)->buf_addr)
99 return;
100
101 hw_hdr_offset = TXDESC_SIZE +
102 (((struct xmit_frame *)pxmitframe)->pkt_offset * PACKET_OFFSET_SZ);
103
104 pframe = ((struct xmit_frame *)pxmitframe)->buf_addr + hw_hdr_offset;
105
106
107 if ((pattrib->encrypt == _WEP40_) || (pattrib->encrypt == _WEP104_)) {
108 keylength = psecuritypriv->dot11DefKeylen[psecuritypriv->dot11PrivacyKeyIndex];
109
110 for (curfragnum = 0; curfragnum < pattrib->nr_frags; curfragnum++) {
111 iv = pframe + pattrib->hdrlen;
112 memcpy(&wepkey[0], iv, 3);
113 memcpy(&wepkey[3], &psecuritypriv->dot11DefKey[psecuritypriv->dot11PrivacyKeyIndex].skey[0], keylength);
114 payload = pframe + pattrib->iv_len + pattrib->hdrlen;
115
116 if ((curfragnum + 1) == pattrib->nr_frags) {
117 length = pattrib->last_txcmdsz - pattrib->hdrlen - pattrib->iv_len - pattrib->icv_len;
118
119 crc.f0 = cpu_to_le32(~crc32_le(~0, payload, length));
120
121 arcfour_init(&mycontext, wepkey, 3 + keylength);
122 arcfour_encrypt(&mycontext, payload, payload, length);
123 arcfour_encrypt(&mycontext, payload + length, crc.f1, 4);
124 } else {
125 length = pxmitpriv->frag_len - pattrib->hdrlen - pattrib->iv_len - pattrib->icv_len;
126 crc.f0 = cpu_to_le32(~crc32_le(~0, payload, length));
127 arcfour_init(&mycontext, wepkey, 3 + keylength);
128 arcfour_encrypt(&mycontext, payload, payload, length);
129 arcfour_encrypt(&mycontext, payload + length, crc.f1, 4);
130
131 pframe += pxmitpriv->frag_len;
132 pframe = (u8 *)RND4((size_t)(pframe));
133 }
134 }
135 }
136
137}
138
139void rtw_wep_decrypt(struct adapter *padapter, u8 *precvframe)
140{
141
142 struct arc4context mycontext;
143 int length;
144 u32 keylength;
145 u8 *pframe, *payload, *iv, wepkey[16];
146 u8 keyindex;
147 struct rx_pkt_attrib *prxattrib = &(((struct recv_frame *)precvframe)->attrib);
148 struct security_priv *psecuritypriv = &padapter->securitypriv;
149
150 pframe = (unsigned char *)((struct recv_frame *)precvframe)->rx_data;
151
152
153 if ((prxattrib->encrypt == _WEP40_) || (prxattrib->encrypt == _WEP104_)) {
154 iv = pframe + prxattrib->hdrlen;
155 keyindex = prxattrib->key_index;
156 keylength = psecuritypriv->dot11DefKeylen[keyindex];
157 memcpy(&wepkey[0], iv, 3);
158 memcpy(&wepkey[3], &psecuritypriv->dot11DefKey[keyindex].skey[0], keylength);
159 length = ((struct recv_frame *)precvframe)->len - prxattrib->hdrlen - prxattrib->iv_len;
160
161 payload = pframe + prxattrib->iv_len + prxattrib->hdrlen;
162
163
164 arcfour_init(&mycontext, wepkey, 3 + keylength);
165 arcfour_encrypt(&mycontext, payload, payload, length);
166 }
167}
168
169
170
171static u32 secmicgetuint32(u8 *p)
172
173{
174 s32 i;
175 u32 res = 0;
176
177 for (i = 0; i < 4; i++)
178 res |= ((u32)(*p++)) << (8 * i);
179
180 return res;
181}
182
183static void secmicputuint32(u8 *p, u32 val)
184
185{
186 long i;
187
188 for (i = 0; i < 4; i++) {
189 *p++ = (u8)(val & 0xff);
190 val >>= 8;
191 }
192
193}
194
195static void secmicclear(struct mic_data *pmicdata)
196{
197
198
199 pmicdata->L = pmicdata->K0;
200 pmicdata->R = pmicdata->K1;
201 pmicdata->nBytesInM = 0;
202 pmicdata->M = 0;
203
204}
205
206void rtw_secmicsetkey(struct mic_data *pmicdata, u8 *key)
207{
208
209
210 pmicdata->K0 = secmicgetuint32(key);
211 pmicdata->K1 = secmicgetuint32(key + 4);
212
213 secmicclear(pmicdata);
214
215}
216
217void rtw_secmicappendbyte(struct mic_data *pmicdata, u8 b)
218{
219
220
221 pmicdata->M |= ((unsigned long)b) << (8 * pmicdata->nBytesInM);
222 pmicdata->nBytesInM++;
223
224 if (pmicdata->nBytesInM >= 4) {
225 pmicdata->L ^= pmicdata->M;
226 pmicdata->R ^= ROL32(pmicdata->L, 17);
227 pmicdata->L += pmicdata->R;
228 pmicdata->R ^= ((pmicdata->L & 0xff00ff00) >> 8) | ((pmicdata->L & 0x00ff00ff) << 8);
229 pmicdata->L += pmicdata->R;
230 pmicdata->R ^= ROL32(pmicdata->L, 3);
231 pmicdata->L += pmicdata->R;
232 pmicdata->R ^= ROR32(pmicdata->L, 2);
233 pmicdata->L += pmicdata->R;
234
235 pmicdata->M = 0;
236 pmicdata->nBytesInM = 0;
237 }
238
239}
240
241void rtw_secmicappend(struct mic_data *pmicdata, u8 *src, u32 nbytes)
242{
243
244
245 while (nbytes > 0) {
246 rtw_secmicappendbyte(pmicdata, *src++);
247 nbytes--;
248 }
249
250}
251
252void rtw_secgetmic(struct mic_data *pmicdata, u8 *dst)
253{
254
255
256 rtw_secmicappendbyte(pmicdata, 0x5a);
257 rtw_secmicappendbyte(pmicdata, 0);
258 rtw_secmicappendbyte(pmicdata, 0);
259 rtw_secmicappendbyte(pmicdata, 0);
260 rtw_secmicappendbyte(pmicdata, 0);
261
262 while (pmicdata->nBytesInM != 0)
263 rtw_secmicappendbyte(pmicdata, 0);
264
265 secmicputuint32(dst, pmicdata->L);
266 secmicputuint32(dst + 4, pmicdata->R);
267
268 secmicclear(pmicdata);
269
270}
271
272void rtw_seccalctkipmic(u8 *key, u8 *header, u8 *data, u32 data_len, u8 *mic_code, u8 pri)
273{
274 struct mic_data micdata;
275 u8 priority[4] = {0x0, 0x0, 0x0, 0x0};
276
277 rtw_secmicsetkey(&micdata, key);
278 priority[0] = pri;
279
280
281 if (header[1] & 1) {
282 rtw_secmicappend(&micdata, &header[16], 6);
283 if (header[1] & 2)
284 rtw_secmicappend(&micdata, &header[24], 6);
285 else
286 rtw_secmicappend(&micdata, &header[10], 6);
287 } else {
288 rtw_secmicappend(&micdata, &header[4], 6);
289 if (header[1] & 2)
290 rtw_secmicappend(&micdata, &header[16], 6);
291 else
292 rtw_secmicappend(&micdata, &header[10], 6);
293 }
294 rtw_secmicappend(&micdata, &priority[0], 4);
295
296 rtw_secmicappend(&micdata, data, data_len);
297
298 rtw_secgetmic(&micdata, mic_code);
299
300}
301
302
303#define RotR1(v16) ((((v16) >> 1) & 0x7FFF) ^ (((v16) & 1) << 15))
304#define Lo8(v16) ((u8)((v16) & 0x00FF))
305#define Hi8(v16) ((u8)(((v16) >> 8) & 0x00FF))
306#define Lo16(v32) ((u16)((v32) & 0xFFFF))
307#define Hi16(v32) ((u16)(((v32) >> 16) & 0xFFFF))
308#define Mk16(hi, lo) ((lo) ^ (((u16)(hi)) << 8))
309
310
311#define TK16(N) Mk16(tk[2 * (N) + 1], tk[2 * (N)])
312
313
314#define _S_(v16) (Sbox1[0][Lo8(v16)] ^ Sbox1[1][Hi8(v16)])
315
316
317#define PHASE1_LOOP_CNT 8
318#define TA_SIZE 6
319#define TK_SIZE 16
320#define P1K_SIZE 10
321#define RC4_KEY_SIZE 16
322
323
324static const unsigned short Sbox1[2][256] = {
325{
326 0xC6A5, 0xF884, 0xEE99, 0xF68D, 0xFF0D, 0xD6BD, 0xDEB1, 0x9154,
327 0x6050, 0x0203, 0xCEA9, 0x567D, 0xE719, 0xB562, 0x4DE6, 0xEC9A,
328 0x8F45, 0x1F9D, 0x8940, 0xFA87, 0xEF15, 0xB2EB, 0x8EC9, 0xFB0B,
329 0x41EC, 0xB367, 0x5FFD, 0x45EA, 0x23BF, 0x53F7, 0xE496, 0x9B5B,
330 0x75C2, 0xE11C, 0x3DAE, 0x4C6A, 0x6C5A, 0x7E41, 0xF502, 0x834F,
331 0x685C, 0x51F4, 0xD134, 0xF908, 0xE293, 0xAB73, 0x6253, 0x2A3F,
332 0x080C, 0x9552, 0x4665, 0x9D5E, 0x3028, 0x37A1, 0x0A0F, 0x2FB5,
333 0x0E09, 0x2436, 0x1B9B, 0xDF3D, 0xCD26, 0x4E69, 0x7FCD, 0xEA9F,
334 0x121B, 0x1D9E, 0x5874, 0x342E, 0x362D, 0xDCB2, 0xB4EE, 0x5BFB,
335 0xA4F6, 0x764D, 0xB761, 0x7DCE, 0x527B, 0xDD3E, 0x5E71, 0x1397,
336 0xA6F5, 0xB968, 0x0000, 0xC12C, 0x4060, 0xE31F, 0x79C8, 0xB6ED,
337 0xD4BE, 0x8D46, 0x67D9, 0x724B, 0x94DE, 0x98D4, 0xB0E8, 0x854A,
338 0xBB6B, 0xC52A, 0x4FE5, 0xED16, 0x86C5, 0x9AD7, 0x6655, 0x1194,
339 0x8ACF, 0xE910, 0x0406, 0xFE81, 0xA0F0, 0x7844, 0x25BA, 0x4BE3,
340 0xA2F3, 0x5DFE, 0x80C0, 0x058A, 0x3FAD, 0x21BC, 0x7048, 0xF104,
341 0x63DF, 0x77C1, 0xAF75, 0x4263, 0x2030, 0xE51A, 0xFD0E, 0xBF6D,
342 0x814C, 0x1814, 0x2635, 0xC32F, 0xBEE1, 0x35A2, 0x88CC, 0x2E39,
343 0x9357, 0x55F2, 0xFC82, 0x7A47, 0xC8AC, 0xBAE7, 0x322B, 0xE695,
344 0xC0A0, 0x1998, 0x9ED1, 0xA37F, 0x4466, 0x547E, 0x3BAB, 0x0B83,
345 0x8CCA, 0xC729, 0x6BD3, 0x283C, 0xA779, 0xBCE2, 0x161D, 0xAD76,
346 0xDB3B, 0x6456, 0x744E, 0x141E, 0x92DB, 0x0C0A, 0x486C, 0xB8E4,
347 0x9F5D, 0xBD6E, 0x43EF, 0xC4A6, 0x39A8, 0x31A4, 0xD337, 0xF28B,
348 0xD532, 0x8B43, 0x6E59, 0xDAB7, 0x018C, 0xB164, 0x9CD2, 0x49E0,
349 0xD8B4, 0xACFA, 0xF307, 0xCF25, 0xCAAF, 0xF48E, 0x47E9, 0x1018,
350 0x6FD5, 0xF088, 0x4A6F, 0x5C72, 0x3824, 0x57F1, 0x73C7, 0x9751,
351 0xCB23, 0xA17C, 0xE89C, 0x3E21, 0x96DD, 0x61DC, 0x0D86, 0x0F85,
352 0xE090, 0x7C42, 0x71C4, 0xCCAA, 0x90D8, 0x0605, 0xF701, 0x1C12,
353 0xC2A3, 0x6A5F, 0xAEF9, 0x69D0, 0x1791, 0x9958, 0x3A27, 0x27B9,
354 0xD938, 0xEB13, 0x2BB3, 0x2233, 0xD2BB, 0xA970, 0x0789, 0x33A7,
355 0x2DB6, 0x3C22, 0x1592, 0xC920, 0x8749, 0xAAFF, 0x5078, 0xA57A,
356 0x038F, 0x59F8, 0x0980, 0x1A17, 0x65DA, 0xD731, 0x84C6, 0xD0B8,
357 0x82C3, 0x29B0, 0x5A77, 0x1E11, 0x7BCB, 0xA8FC, 0x6DD6, 0x2C3A,
358 },
359
360 {
361 0xA5C6, 0x84F8, 0x99EE, 0x8DF6, 0x0DFF, 0xBDD6, 0xB1DE, 0x5491,
362 0x5060, 0x0302, 0xA9CE, 0x7D56, 0x19E7, 0x62B5, 0xE64D, 0x9AEC,
363 0x458F, 0x9D1F, 0x4089, 0x87FA, 0x15EF, 0xEBB2, 0xC98E, 0x0BFB,
364 0xEC41, 0x67B3, 0xFD5F, 0xEA45, 0xBF23, 0xF753, 0x96E4, 0x5B9B,
365 0xC275, 0x1CE1, 0xAE3D, 0x6A4C, 0x5A6C, 0x417E, 0x02F5, 0x4F83,
366 0x5C68, 0xF451, 0x34D1, 0x08F9, 0x93E2, 0x73AB, 0x5362, 0x3F2A,
367 0x0C08, 0x5295, 0x6546, 0x5E9D, 0x2830, 0xA137, 0x0F0A, 0xB52F,
368 0x090E, 0x3624, 0x9B1B, 0x3DDF, 0x26CD, 0x694E, 0xCD7F, 0x9FEA,
369 0x1B12, 0x9E1D, 0x7458, 0x2E34, 0x2D36, 0xB2DC, 0xEEB4, 0xFB5B,
370 0xF6A4, 0x4D76, 0x61B7, 0xCE7D, 0x7B52, 0x3EDD, 0x715E, 0x9713,
371 0xF5A6, 0x68B9, 0x0000, 0x2CC1, 0x6040, 0x1FE3, 0xC879, 0xEDB6,
372 0xBED4, 0x468D, 0xD967, 0x4B72, 0xDE94, 0xD498, 0xE8B0, 0x4A85,
373 0x6BBB, 0x2AC5, 0xE54F, 0x16ED, 0xC586, 0xD79A, 0x5566, 0x9411,
374 0xCF8A, 0x10E9, 0x0604, 0x81FE, 0xF0A0, 0x4478, 0xBA25, 0xE34B,
375 0xF3A2, 0xFE5D, 0xC080, 0x8A05, 0xAD3F, 0xBC21, 0x4870, 0x04F1,
376 0xDF63, 0xC177, 0x75AF, 0x6342, 0x3020, 0x1AE5, 0x0EFD, 0x6DBF,
377 0x4C81, 0x1418, 0x3526, 0x2FC3, 0xE1BE, 0xA235, 0xCC88, 0x392E,
378 0x5793, 0xF255, 0x82FC, 0x477A, 0xACC8, 0xE7BA, 0x2B32, 0x95E6,
379 0xA0C0, 0x9819, 0xD19E, 0x7FA3, 0x6644, 0x7E54, 0xAB3B, 0x830B,
380 0xCA8C, 0x29C7, 0xD36B, 0x3C28, 0x79A7, 0xE2BC, 0x1D16, 0x76AD,
381 0x3BDB, 0x5664, 0x4E74, 0x1E14, 0xDB92, 0x0A0C, 0x6C48, 0xE4B8,
382 0x5D9F, 0x6EBD, 0xEF43, 0xA6C4, 0xA839, 0xA431, 0x37D3, 0x8BF2,
383 0x32D5, 0x438B, 0x596E, 0xB7DA, 0x8C01, 0x64B1, 0xD29C, 0xE049,
384 0xB4D8, 0xFAAC, 0x07F3, 0x25CF, 0xAFCA, 0x8EF4, 0xE947, 0x1810,
385 0xD56F, 0x88F0, 0x6F4A, 0x725C, 0x2438, 0xF157, 0xC773, 0x5197,
386 0x23CB, 0x7CA1, 0x9CE8, 0x213E, 0xDD96, 0xDC61, 0x860D, 0x850F,
387 0x90E0, 0x427C, 0xC471, 0xAACC, 0xD890, 0x0506, 0x01F7, 0x121C,
388 0xA3C2, 0x5F6A, 0xF9AE, 0xD069, 0x9117, 0x5899, 0x273A, 0xB927,
389 0x38D9, 0x13EB, 0xB32B, 0x3322, 0xBBD2, 0x70A9, 0x8907, 0xA733,
390 0xB62D, 0x223C, 0x9215, 0x20C9, 0x4987, 0xFFAA, 0x7850, 0x7AA5,
391 0x8F03, 0xF859, 0x8009, 0x171A, 0xDA65, 0x31D7, 0xC684, 0xB8D0,
392 0xC382, 0xB029, 0x775A, 0x111E, 0xCB7B, 0xFCA8, 0xD66D, 0x3A2C,
393 }
394};
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413static void phase1(u16 *p1k, const u8 *tk, const u8 *ta, u32 iv32)
414{
415 int i;
416
417
418 p1k[0] = Lo16(iv32);
419 p1k[1] = Hi16(iv32);
420 p1k[2] = Mk16(ta[1], ta[0]);
421 p1k[3] = Mk16(ta[3], ta[2]);
422 p1k[4] = Mk16(ta[5], ta[4]);
423
424
425
426 for (i = 0; i < PHASE1_LOOP_CNT; i++) {
427 p1k[0] += _S_(p1k[4] ^ TK16((i & 1) + 0));
428 p1k[1] += _S_(p1k[0] ^ TK16((i & 1) + 2));
429 p1k[2] += _S_(p1k[1] ^ TK16((i & 1) + 4));
430 p1k[3] += _S_(p1k[2] ^ TK16((i & 1) + 6));
431 p1k[4] += _S_(p1k[3] ^ TK16((i & 1) + 0));
432 p1k[4] += (unsigned short)i;
433 }
434
435}
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460static void phase2(u8 *rc4key, const u8 *tk, const u16 *p1k, u16 iv16)
461{
462 int i;
463 u16 PPK[6];
464
465
466 for (i = 0; i < 5; i++)
467 PPK[i] = p1k[i];
468 PPK[5] = p1k[4] + iv16;
469
470
471 PPK[0] += _S_(PPK[5] ^ TK16(0));
472 PPK[1] += _S_(PPK[0] ^ TK16(1));
473 PPK[2] += _S_(PPK[1] ^ TK16(2));
474 PPK[3] += _S_(PPK[2] ^ TK16(3));
475 PPK[4] += _S_(PPK[3] ^ TK16(4));
476 PPK[5] += _S_(PPK[4] ^ TK16(5));
477
478
479 PPK[0] += RotR1(PPK[5] ^ TK16(6));
480 PPK[1] += RotR1(PPK[0] ^ TK16(7));
481 PPK[2] += RotR1(PPK[1]);
482 PPK[3] += RotR1(PPK[2]);
483 PPK[4] += RotR1(PPK[3]);
484 PPK[5] += RotR1(PPK[4]);
485
486
487
488
489
490
491 rc4key[0] = Hi8(iv16);
492 rc4key[1] = (Hi8(iv16) | 0x20) & 0x7F;
493 rc4key[2] = Lo8(iv16);
494 rc4key[3] = Lo8((PPK[5] ^ TK16(0)) >> 1);
495
496
497 for (i = 0; i < 6; i++) {
498 rc4key[4 + 2 * i] = Lo8(PPK[i]);
499 rc4key[5 + 2 * i] = Hi8(PPK[i]);
500 }
501
502}
503
504
505u32 rtw_tkip_encrypt(struct adapter *padapter, u8 *pxmitframe)
506{
507 u16 pnl;
508 u32 pnh;
509 u8 rc4key[16];
510 u8 ttkey[16];
511 union {
512 __le32 f0;
513 u8 f1[4];
514 } crc;
515 u8 hw_hdr_offset = 0;
516 struct arc4context mycontext;
517 int curfragnum, length;
518
519 u8 *pframe, *payload, *iv, *prwskey;
520 union pn48 dot11txpn;
521 struct sta_info *stainfo;
522 struct pkt_attrib *pattrib = &((struct xmit_frame *)pxmitframe)->attrib;
523 struct security_priv *psecuritypriv = &padapter->securitypriv;
524 struct xmit_priv *pxmitpriv = &padapter->xmitpriv;
525 u32 res = _SUCCESS;
526
527 if (!((struct xmit_frame *)pxmitframe)->buf_addr)
528 return _FAIL;
529
530 hw_hdr_offset = TXDESC_SIZE +
531 (((struct xmit_frame *)pxmitframe)->pkt_offset * PACKET_OFFSET_SZ);
532 pframe = ((struct xmit_frame *)pxmitframe)->buf_addr + hw_hdr_offset;
533
534 if (pattrib->encrypt == _TKIP_) {
535 if (pattrib->psta)
536 stainfo = pattrib->psta;
537 else
538 stainfo = rtw_get_stainfo(&padapter->stapriv, &pattrib->ra[0]);
539
540 if (stainfo) {
541 if (is_multicast_ether_addr(pattrib->ra))
542 prwskey = psecuritypriv->dot118021XGrpKey[psecuritypriv->dot118021XGrpKeyid].skey;
543 else
544 prwskey = &stainfo->dot118021x_UncstKey.skey[0];
545
546 for (curfragnum = 0; curfragnum < pattrib->nr_frags; curfragnum++) {
547 iv = pframe + pattrib->hdrlen;
548 payload = pframe + pattrib->iv_len + pattrib->hdrlen;
549
550 GET_TKIP_PN(iv, dot11txpn);
551
552 pnl = (u16)(dot11txpn.val);
553 pnh = (u32)(dot11txpn.val >> 16);
554 phase1((u16 *)&ttkey[0], prwskey, &pattrib->ta[0], pnh);
555 phase2(&rc4key[0], prwskey, (u16 *)&ttkey[0], pnl);
556
557 if ((curfragnum + 1) == pattrib->nr_frags) {
558 length = pattrib->last_txcmdsz - pattrib->hdrlen - pattrib->iv_len - pattrib->icv_len;
559 crc.f0 = cpu_to_le32(~crc32_le(~0, payload, length));
560
561 arcfour_init(&mycontext, rc4key, 16);
562 arcfour_encrypt(&mycontext, payload, payload, length);
563 arcfour_encrypt(&mycontext, payload + length, crc.f1, 4);
564 } else {
565 length = pxmitpriv->frag_len - pattrib->hdrlen - pattrib->iv_len - pattrib->icv_len;
566 crc.f0 = cpu_to_le32(~crc32_le(~0, payload, length));
567
568 arcfour_init(&mycontext, rc4key, 16);
569 arcfour_encrypt(&mycontext, payload, payload, length);
570 arcfour_encrypt(&mycontext, payload + length, crc.f1, 4);
571
572 pframe += pxmitpriv->frag_len;
573 pframe = (u8 *)RND4((size_t)(pframe));
574 }
575 }
576 } else {
577 res = _FAIL;
578 }
579 }
580
581 return res;
582}
583
584
585u32 rtw_tkip_decrypt(struct adapter *padapter, u8 *precvframe)
586{
587 u16 pnl;
588 u32 pnh;
589 u8 rc4key[16];
590 u8 ttkey[16];
591 union {
592 __le32 f0;
593 u8 f1[4];
594 } crc;
595 struct arc4context mycontext;
596 int length;
597
598 u8 *pframe, *payload, *iv, *prwskey;
599 union pn48 dot11txpn;
600 struct sta_info *stainfo;
601 struct rx_pkt_attrib *prxattrib = &((struct recv_frame *)precvframe)->attrib;
602 struct security_priv *psecuritypriv = &padapter->securitypriv;
603 u32 res = _SUCCESS;
604
605 pframe = (unsigned char *)((struct recv_frame *)precvframe)->rx_data;
606
607
608 if (prxattrib->encrypt == _TKIP_) {
609 stainfo = rtw_get_stainfo(&padapter->stapriv, &prxattrib->ta[0]);
610 if (stainfo) {
611 if (is_multicast_ether_addr(prxattrib->ra)) {
612 if (!psecuritypriv->binstallGrpkey) {
613 res = _FAIL;
614 DBG_88E("%s:rx bc/mc packets, but didn't install group key!!!!!!!!!!\n", __func__);
615 goto exit;
616 }
617 prwskey = psecuritypriv->dot118021XGrpKey[prxattrib->key_index].skey;
618 } else {
619 prwskey = &stainfo->dot118021x_UncstKey.skey[0];
620 }
621
622 iv = pframe + prxattrib->hdrlen;
623 payload = pframe + prxattrib->iv_len + prxattrib->hdrlen;
624 length = ((struct recv_frame *)precvframe)->len - prxattrib->hdrlen - prxattrib->iv_len;
625
626 GET_TKIP_PN(iv, dot11txpn);
627
628 pnl = (u16)(dot11txpn.val);
629 pnh = (u32)(dot11txpn.val >> 16);
630
631 phase1((u16 *)&ttkey[0], prwskey, &prxattrib->ta[0], pnh);
632 phase2(&rc4key[0], prwskey, (unsigned short *)&ttkey[0], pnl);
633
634
635
636 arcfour_init(&mycontext, rc4key, 16);
637 arcfour_encrypt(&mycontext, payload, payload, length);
638
639 crc.f0 = cpu_to_le32(~crc32_le(~0, payload, length));
640
641 if (crc.f1[3] != payload[length - 1] ||
642 crc.f1[2] != payload[length - 2] ||
643 crc.f1[1] != payload[length - 3] ||
644 crc.f1[0] != payload[length - 4])
645 res = _FAIL;
646 } else {
647 res = _FAIL;
648 }
649 }
650
651exit:
652 return res;
653}
654
655
656
657#define MAX_MSG_SIZE 2048
658
659
660
661
662static u8 sbox_table[256] = {
663 0x63, 0x7c, 0x77, 0x7b, 0xf2, 0x6b, 0x6f, 0xc5,
664 0x30, 0x01, 0x67, 0x2b, 0xfe, 0xd7, 0xab, 0x76,
665 0xca, 0x82, 0xc9, 0x7d, 0xfa, 0x59, 0x47, 0xf0,
666 0xad, 0xd4, 0xa2, 0xaf, 0x9c, 0xa4, 0x72, 0xc0,
667 0xb7, 0xfd, 0x93, 0x26, 0x36, 0x3f, 0xf7, 0xcc,
668 0x34, 0xa5, 0xe5, 0xf1, 0x71, 0xd8, 0x31, 0x15,
669 0x04, 0xc7, 0x23, 0xc3, 0x18, 0x96, 0x05, 0x9a,
670 0x07, 0x12, 0x80, 0xe2, 0xeb, 0x27, 0xb2, 0x75,
671 0x09, 0x83, 0x2c, 0x1a, 0x1b, 0x6e, 0x5a, 0xa0,
672 0x52, 0x3b, 0xd6, 0xb3, 0x29, 0xe3, 0x2f, 0x84,
673 0x53, 0xd1, 0x00, 0xed, 0x20, 0xfc, 0xb1, 0x5b,
674 0x6a, 0xcb, 0xbe, 0x39, 0x4a, 0x4c, 0x58, 0xcf,
675 0xd0, 0xef, 0xaa, 0xfb, 0x43, 0x4d, 0x33, 0x85,
676 0x45, 0xf9, 0x02, 0x7f, 0x50, 0x3c, 0x9f, 0xa8,
677 0x51, 0xa3, 0x40, 0x8f, 0x92, 0x9d, 0x38, 0xf5,
678 0xbc, 0xb6, 0xda, 0x21, 0x10, 0xff, 0xf3, 0xd2,
679 0xcd, 0x0c, 0x13, 0xec, 0x5f, 0x97, 0x44, 0x17,
680 0xc4, 0xa7, 0x7e, 0x3d, 0x64, 0x5d, 0x19, 0x73,
681 0x60, 0x81, 0x4f, 0xdc, 0x22, 0x2a, 0x90, 0x88,
682 0x46, 0xee, 0xb8, 0x14, 0xde, 0x5e, 0x0b, 0xdb,
683 0xe0, 0x32, 0x3a, 0x0a, 0x49, 0x06, 0x24, 0x5c,
684 0xc2, 0xd3, 0xac, 0x62, 0x91, 0x95, 0xe4, 0x79,
685 0xe7, 0xc8, 0x37, 0x6d, 0x8d, 0xd5, 0x4e, 0xa9,
686 0x6c, 0x56, 0xf4, 0xea, 0x65, 0x7a, 0xae, 0x08,
687 0xba, 0x78, 0x25, 0x2e, 0x1c, 0xa6, 0xb4, 0xc6,
688 0xe8, 0xdd, 0x74, 0x1f, 0x4b, 0xbd, 0x8b, 0x8a,
689 0x70, 0x3e, 0xb5, 0x66, 0x48, 0x03, 0xf6, 0x0e,
690 0x61, 0x35, 0x57, 0xb9, 0x86, 0xc1, 0x1d, 0x9e,
691 0xe1, 0xf8, 0x98, 0x11, 0x69, 0xd9, 0x8e, 0x94,
692 0x9b, 0x1e, 0x87, 0xe9, 0xce, 0x55, 0x28, 0xdf,
693 0x8c, 0xa1, 0x89, 0x0d, 0xbf, 0xe6, 0x42, 0x68,
694 0x41, 0x99, 0x2d, 0x0f, 0xb0, 0x54, 0xbb, 0x16
695};
696
697
698
699
700
701static void bitwise_xor(u8 *ina, u8 *inb, u8 *out);
702static void construct_mic_iv(u8 *mic_header1, int qc_exists, int a4_exists, u8 *mpdu, uint payload_length, u8 *pn_vector);
703static void construct_mic_header1(u8 *mic_header1, int header_length, u8 *mpdu);
704static void construct_mic_header2(u8 *mic_header2, u8 *mpdu, int a4_exists, int qc_exists);
705static void construct_ctr_preload(u8 *ctr_preload, int a4_exists, int qc_exists, u8 *mpdu, u8 *pn_vector, int c);
706static void xor_128(u8 *a, u8 *b, u8 *out);
707static void xor_32(u8 *a, u8 *b, u8 *out);
708static u8 sbox(u8 a);
709static void next_key(u8 *key, int round);
710static void byte_sub(u8 *in, u8 *out);
711static void shift_row(u8 *in, u8 *out);
712static void mix_column(u8 *in, u8 *out);
713static void aes128k128d(u8 *key, u8 *data, u8 *ciphertext);
714
715
716
717
718
719
720static void xor_128(u8 *a, u8 *b, u8 *out)
721{
722 int i;
723
724 for (i = 0; i < 16; i++)
725 out[i] = a[i] ^ b[i];
726
727}
728
729static void xor_32(u8 *a, u8 *b, u8 *out)
730{
731 int i;
732
733 for (i = 0; i < 4; i++)
734 out[i] = a[i] ^ b[i];
735
736}
737
738static u8 sbox(u8 a)
739{
740 return sbox_table[(int)a];
741}
742
743static void next_key(u8 *key, int round)
744{
745 u8 rcon;
746 u8 sbox_key[4];
747 u8 rcon_table[12] = {
748 0x01, 0x02, 0x04, 0x08, 0x10, 0x20, 0x40, 0x80,
749 0x1b, 0x36, 0x36, 0x36
750 };
751
752 sbox_key[0] = sbox(key[13]);
753 sbox_key[1] = sbox(key[14]);
754 sbox_key[2] = sbox(key[15]);
755 sbox_key[3] = sbox(key[12]);
756
757 rcon = rcon_table[round];
758
759 xor_32(&key[0], sbox_key, &key[0]);
760 key[0] = key[0] ^ rcon;
761
762 xor_32(&key[4], &key[0], &key[4]);
763 xor_32(&key[8], &key[4], &key[8]);
764 xor_32(&key[12], &key[8], &key[12]);
765
766}
767
768static void byte_sub(u8 *in, u8 *out)
769{
770 int i;
771
772 for (i = 0; i < 16; i++)
773 out[i] = sbox(in[i]);
774
775}
776
777static void shift_row(u8 *in, u8 *out)
778{
779
780 out[0] = in[0];
781 out[1] = in[5];
782 out[2] = in[10];
783 out[3] = in[15];
784 out[4] = in[4];
785 out[5] = in[9];
786 out[6] = in[14];
787 out[7] = in[3];
788 out[8] = in[8];
789 out[9] = in[13];
790 out[10] = in[2];
791 out[11] = in[7];
792 out[12] = in[12];
793 out[13] = in[1];
794 out[14] = in[6];
795 out[15] = in[11];
796
797}
798
799static void mix_column(u8 *in, u8 *out)
800{
801 int i;
802 u8 add1b[4];
803 u8 add1bf7[4];
804 u8 rotl[4];
805 u8 swap_halfs[4];
806 u8 andf7[4];
807 u8 rotr[4];
808 u8 temp[4];
809 u8 tempb[4];
810
811 for (i = 0 ; i < 4; i++) {
812 if ((in[i] & 0x80) == 0x80)
813 add1b[i] = 0x1b;
814 else
815 add1b[i] = 0x00;
816 }
817
818 swap_halfs[0] = in[2];
819 swap_halfs[1] = in[3];
820 swap_halfs[2] = in[0];
821 swap_halfs[3] = in[1];
822
823 rotl[0] = in[3];
824 rotl[1] = in[0];
825 rotl[2] = in[1];
826 rotl[3] = in[2];
827
828 andf7[0] = in[0] & 0x7f;
829 andf7[1] = in[1] & 0x7f;
830 andf7[2] = in[2] & 0x7f;
831 andf7[3] = in[3] & 0x7f;
832
833 for (i = 3; i > 0; i--) {
834 andf7[i] = andf7[i] << 1;
835 if ((andf7[i - 1] & 0x80) == 0x80)
836 andf7[i] = (andf7[i] | 0x01);
837 }
838 andf7[0] = andf7[0] << 1;
839 andf7[0] = andf7[0] & 0xfe;
840
841 xor_32(add1b, andf7, add1bf7);
842
843 xor_32(in, add1bf7, rotr);
844
845 temp[0] = rotr[0];
846 rotr[0] = rotr[1];
847 rotr[1] = rotr[2];
848 rotr[2] = rotr[3];
849 rotr[3] = temp[0];
850
851 xor_32(add1bf7, rotr, temp);
852 xor_32(swap_halfs, rotl, tempb);
853 xor_32(temp, tempb, out);
854
855}
856
857static void aes128k128d(u8 *key, u8 *data, u8 *ciphertext)
858{
859 int round;
860 int i;
861 u8 intermediatea[16];
862 u8 intermediateb[16];
863 u8 round_key[16];
864
865 for (i = 0; i < 16; i++)
866 round_key[i] = key[i];
867 for (round = 0; round < 11; round++) {
868 if (round == 0) {
869 xor_128(round_key, data, ciphertext);
870 next_key(round_key, round);
871 } else if (round == 10) {
872 byte_sub(ciphertext, intermediatea);
873 shift_row(intermediatea, intermediateb);
874 xor_128(intermediateb, round_key, ciphertext);
875 } else {
876 byte_sub(ciphertext, intermediatea);
877 shift_row(intermediatea, intermediateb);
878 mix_column(&intermediateb[0], &intermediatea[0]);
879 mix_column(&intermediateb[4], &intermediatea[4]);
880 mix_column(&intermediateb[8], &intermediatea[8]);
881 mix_column(&intermediateb[12], &intermediatea[12]);
882 xor_128(intermediatea, round_key, ciphertext);
883 next_key(round_key, round);
884 }
885 }
886
887}
888
889
890
891
892
893static void construct_mic_iv(u8 *mic_iv, int qc_exists, int a4_exists, u8 *mpdu,
894 uint payload_length, u8 *pn_vector)
895{
896 int i;
897
898 mic_iv[0] = 0x59;
899 if (qc_exists && a4_exists)
900 mic_iv[1] = mpdu[30] & 0x0f;
901 if (qc_exists && !a4_exists)
902 mic_iv[1] = mpdu[24] & 0x0f;
903 if (!qc_exists)
904 mic_iv[1] = 0x00;
905 for (i = 2; i < 8; i++)
906 mic_iv[i] = mpdu[i + 8];
907 for (i = 8; i < 14; i++)
908 mic_iv[i] = pn_vector[13 - i];
909 mic_iv[14] = (unsigned char)(payload_length / 256);
910 mic_iv[15] = (unsigned char)(payload_length % 256);
911
912}
913
914
915
916
917
918
919static void construct_mic_header1(u8 *mic_header1, int header_length, u8 *mpdu)
920{
921
922 mic_header1[0] = (u8)((header_length - 2) / 256);
923 mic_header1[1] = (u8)((header_length - 2) % 256);
924 mic_header1[2] = mpdu[0] & 0xcf;
925 mic_header1[3] = mpdu[1] & 0xc7;
926 mic_header1[4] = mpdu[4];
927 mic_header1[5] = mpdu[5];
928 mic_header1[6] = mpdu[6];
929 mic_header1[7] = mpdu[7];
930 mic_header1[8] = mpdu[8];
931 mic_header1[9] = mpdu[9];
932 mic_header1[10] = mpdu[10];
933 mic_header1[11] = mpdu[11];
934 mic_header1[12] = mpdu[12];
935 mic_header1[13] = mpdu[13];
936 mic_header1[14] = mpdu[14];
937 mic_header1[15] = mpdu[15];
938
939}
940
941
942
943
944
945
946static void construct_mic_header2(u8 *mic_header2, u8 *mpdu, int a4_exists, int qc_exists)
947{
948 int i;
949
950 for (i = 0; i < 16; i++)
951 mic_header2[i] = 0x00;
952
953 mic_header2[0] = mpdu[16];
954 mic_header2[1] = mpdu[17];
955 mic_header2[2] = mpdu[18];
956 mic_header2[3] = mpdu[19];
957 mic_header2[4] = mpdu[20];
958 mic_header2[5] = mpdu[21];
959
960 mic_header2[6] = 0x00;
961 mic_header2[7] = 0x00;
962
963 if (!qc_exists && a4_exists) {
964 for (i = 0; i < 6; i++)
965 mic_header2[8 + i] = mpdu[24 + i];
966 }
967
968 if (qc_exists && !a4_exists) {
969 mic_header2[8] = mpdu[24] & 0x0f;
970 mic_header2[9] = mpdu[25] & 0x00;
971 }
972
973 if (qc_exists && a4_exists) {
974 for (i = 0; i < 6; i++)
975 mic_header2[8 + i] = mpdu[24 + i];
976
977 mic_header2[14] = mpdu[30] & 0x0f;
978 mic_header2[15] = mpdu[31] & 0x00;
979 }
980
981}
982
983
984
985
986
987
988static void construct_ctr_preload(u8 *ctr_preload, int a4_exists, int qc_exists, u8 *mpdu, u8 *pn_vector, int c)
989{
990 int i;
991
992 for (i = 0; i < 16; i++)
993 ctr_preload[i] = 0x00;
994 i = 0;
995
996 ctr_preload[0] = 0x01;
997 if (qc_exists && a4_exists)
998 ctr_preload[1] = mpdu[30] & 0x0f;
999 if (qc_exists && !a4_exists)
1000 ctr_preload[1] = mpdu[24] & 0x0f;
1001
1002 for (i = 2; i < 8; i++)
1003 ctr_preload[i] = mpdu[i + 8];
1004 for (i = 8; i < 14; i++)
1005 ctr_preload[i] = pn_vector[13 - i];
1006 ctr_preload[14] = (unsigned char)(c / 256);
1007 ctr_preload[15] = (unsigned char)(c % 256);
1008
1009}
1010
1011
1012
1013
1014
1015static void bitwise_xor(u8 *ina, u8 *inb, u8 *out)
1016{
1017 int i;
1018
1019 for (i = 0; i < 16; i++)
1020 out[i] = ina[i] ^ inb[i];
1021
1022}
1023
1024static int aes_cipher(u8 *key, uint hdrlen, u8 *pframe, uint plen)
1025{
1026 uint qc_exists, a4_exists, i, j, payload_remainder,
1027 num_blocks, payload_index;
1028
1029 u8 pn_vector[6];
1030 u8 mic_iv[16];
1031 u8 mic_header1[16];
1032 u8 mic_header2[16];
1033 u8 ctr_preload[16];
1034
1035
1036 u8 chain_buffer[16];
1037 u8 aes_out[16];
1038 u8 padded_buffer[16];
1039 u8 mic[8];
1040 uint frtype = GetFrameType(pframe);
1041 uint frsubtype = GetFrameSubType(pframe);
1042
1043 frsubtype = frsubtype >> 4;
1044
1045 memset((void *)mic_iv, 0, 16);
1046 memset((void *)mic_header1, 0, 16);
1047 memset((void *)mic_header2, 0, 16);
1048 memset((void *)ctr_preload, 0, 16);
1049 memset((void *)chain_buffer, 0, 16);
1050 memset((void *)aes_out, 0, 16);
1051 memset((void *)padded_buffer, 0, 16);
1052
1053 if ((hdrlen == WLAN_HDR_A3_LEN) || (hdrlen == WLAN_HDR_A3_QOS_LEN))
1054 a4_exists = 0;
1055 else
1056 a4_exists = 1;
1057
1058 if ((frtype == WIFI_DATA_CFACK) || (frtype == WIFI_DATA_CFPOLL) || (frtype == WIFI_DATA_CFACKPOLL)) {
1059 qc_exists = 1;
1060 if (hdrlen != WLAN_HDR_A3_QOS_LEN)
1061 hdrlen += 2;
1062 } else if ((frsubtype == 0x08) || (frsubtype == 0x09) || (frsubtype == 0x0a) || (frsubtype == 0x0b)) {
1063 if (hdrlen != WLAN_HDR_A3_QOS_LEN)
1064 hdrlen += 2;
1065 qc_exists = 1;
1066 } else {
1067 qc_exists = 0;
1068 }
1069
1070 pn_vector[0] = pframe[hdrlen];
1071 pn_vector[1] = pframe[hdrlen + 1];
1072 pn_vector[2] = pframe[hdrlen + 4];
1073 pn_vector[3] = pframe[hdrlen + 5];
1074 pn_vector[4] = pframe[hdrlen + 6];
1075 pn_vector[5] = pframe[hdrlen + 7];
1076
1077 construct_mic_iv(mic_iv, qc_exists, a4_exists, pframe, plen, pn_vector);
1078
1079 construct_mic_header1(mic_header1, hdrlen, pframe);
1080 construct_mic_header2(mic_header2, pframe, a4_exists, qc_exists);
1081
1082 payload_remainder = plen % 16;
1083 num_blocks = plen / 16;
1084
1085
1086 payload_index = (hdrlen + 8);
1087
1088
1089 aes128k128d(key, mic_iv, aes_out);
1090 bitwise_xor(aes_out, mic_header1, chain_buffer);
1091 aes128k128d(key, chain_buffer, aes_out);
1092 bitwise_xor(aes_out, mic_header2, chain_buffer);
1093 aes128k128d(key, chain_buffer, aes_out);
1094
1095 for (i = 0; i < num_blocks; i++) {
1096 bitwise_xor(aes_out, &pframe[payload_index], chain_buffer);
1097
1098 payload_index += 16;
1099 aes128k128d(key, chain_buffer, aes_out);
1100 }
1101
1102
1103 if (payload_remainder > 0) {
1104 for (j = 0; j < 16; j++)
1105 padded_buffer[j] = 0x00;
1106 for (j = 0; j < payload_remainder; j++)
1107 padded_buffer[j] = pframe[payload_index++];
1108 bitwise_xor(aes_out, padded_buffer, chain_buffer);
1109 aes128k128d(key, chain_buffer, aes_out);
1110 }
1111
1112 for (j = 0; j < 8; j++)
1113 mic[j] = aes_out[j];
1114
1115
1116 for (j = 0; j < 8; j++)
1117 pframe[payload_index + j] = mic[j];
1118
1119 payload_index = hdrlen + 8;
1120 for (i = 0; i < num_blocks; i++) {
1121 construct_ctr_preload(ctr_preload, a4_exists, qc_exists, pframe, pn_vector, i + 1);
1122 aes128k128d(key, ctr_preload, aes_out);
1123 bitwise_xor(aes_out, &pframe[payload_index], chain_buffer);
1124 for (j = 0; j < 16; j++)
1125 pframe[payload_index++] = chain_buffer[j];
1126 }
1127
1128 if (payload_remainder > 0) {
1129
1130 construct_ctr_preload(ctr_preload, a4_exists, qc_exists, pframe, pn_vector, num_blocks + 1);
1131
1132 for (j = 0; j < 16; j++)
1133 padded_buffer[j] = 0x00;
1134 for (j = 0; j < payload_remainder; j++)
1135 padded_buffer[j] = pframe[payload_index + j];
1136 aes128k128d(key, ctr_preload, aes_out);
1137 bitwise_xor(aes_out, padded_buffer, chain_buffer);
1138 for (j = 0; j < payload_remainder; j++)
1139 pframe[payload_index++] = chain_buffer[j];
1140 }
1141
1142 construct_ctr_preload(ctr_preload, a4_exists, qc_exists, pframe, pn_vector, 0);
1143
1144 for (j = 0; j < 16; j++)
1145 padded_buffer[j] = 0x00;
1146 for (j = 0; j < 8; j++)
1147 padded_buffer[j] = pframe[j + hdrlen + 8 + plen];
1148
1149 aes128k128d(key, ctr_preload, aes_out);
1150 bitwise_xor(aes_out, padded_buffer, chain_buffer);
1151 for (j = 0; j < 8; j++)
1152 pframe[payload_index++] = chain_buffer[j];
1153
1154 return _SUCCESS;
1155}
1156
1157u32 rtw_aes_encrypt(struct adapter *padapter, u8 *pxmitframe)
1158{
1159
1160
1161
1162
1163
1164 int curfragnum, length;
1165 u8 *pframe, *prwskey;
1166 u8 hw_hdr_offset = 0;
1167 struct sta_info *stainfo;
1168 struct pkt_attrib *pattrib = &((struct xmit_frame *)pxmitframe)->attrib;
1169 struct security_priv *psecuritypriv = &padapter->securitypriv;
1170 struct xmit_priv *pxmitpriv = &padapter->xmitpriv;
1171
1172
1173 u32 res = _SUCCESS;
1174
1175 if (!((struct xmit_frame *)pxmitframe)->buf_addr)
1176 return _FAIL;
1177
1178 hw_hdr_offset = TXDESC_SIZE +
1179 (((struct xmit_frame *)pxmitframe)->pkt_offset * PACKET_OFFSET_SZ);
1180
1181 pframe = ((struct xmit_frame *)pxmitframe)->buf_addr + hw_hdr_offset;
1182
1183
1184 if (pattrib->encrypt == _AES_) {
1185 if (pattrib->psta)
1186 stainfo = pattrib->psta;
1187 else
1188 stainfo = rtw_get_stainfo(&padapter->stapriv, &pattrib->ra[0]);
1189
1190 if (stainfo) {
1191 if (is_multicast_ether_addr(pattrib->ra))
1192 prwskey = psecuritypriv->dot118021XGrpKey[psecuritypriv->dot118021XGrpKeyid].skey;
1193 else
1194 prwskey = &stainfo->dot118021x_UncstKey.skey[0];
1195 for (curfragnum = 0; curfragnum < pattrib->nr_frags; curfragnum++) {
1196 if ((curfragnum + 1) == pattrib->nr_frags) {
1197 length = pattrib->last_txcmdsz - pattrib->hdrlen - pattrib->iv_len - pattrib->icv_len;
1198
1199 aes_cipher(prwskey, pattrib->hdrlen, pframe, length);
1200 } else {
1201 length = pxmitpriv->frag_len - pattrib->hdrlen - pattrib->iv_len - pattrib->icv_len;
1202
1203 aes_cipher(prwskey, pattrib->hdrlen, pframe, length);
1204 pframe += pxmitpriv->frag_len;
1205 pframe = (u8 *)RND4((size_t)(pframe));
1206 }
1207 }
1208 } else {
1209 res = _FAIL;
1210 }
1211 }
1212
1213 return res;
1214}
1215
1216static int aes_decipher(u8 *key, uint hdrlen,
1217 u8 *pframe, uint plen)
1218{
1219 static u8 message[MAX_MSG_SIZE];
1220 uint qc_exists, a4_exists, i, j, payload_remainder,
1221 num_blocks, payload_index;
1222 int res = _SUCCESS;
1223 u8 pn_vector[6];
1224 u8 mic_iv[16];
1225 u8 mic_header1[16];
1226 u8 mic_header2[16];
1227 u8 ctr_preload[16];
1228
1229
1230 u8 chain_buffer[16];
1231 u8 aes_out[16];
1232 u8 padded_buffer[16];
1233 u8 mic[8];
1234
1235
1236 uint frtype = GetFrameType(pframe);
1237 uint frsubtype = GetFrameSubType(pframe);
1238
1239 frsubtype = frsubtype >> 4;
1240
1241 memset((void *)mic_iv, 0, 16);
1242 memset((void *)mic_header1, 0, 16);
1243 memset((void *)mic_header2, 0, 16);
1244 memset((void *)ctr_preload, 0, 16);
1245 memset((void *)chain_buffer, 0, 16);
1246 memset((void *)aes_out, 0, 16);
1247 memset((void *)padded_buffer, 0, 16);
1248
1249
1250
1251 num_blocks = (plen - 8) / 16;
1252
1253 payload_remainder = (plen - 8) % 16;
1254
1255 pn_vector[0] = pframe[hdrlen];
1256 pn_vector[1] = pframe[hdrlen + 1];
1257 pn_vector[2] = pframe[hdrlen + 4];
1258 pn_vector[3] = pframe[hdrlen + 5];
1259 pn_vector[4] = pframe[hdrlen + 6];
1260 pn_vector[5] = pframe[hdrlen + 7];
1261
1262 if ((hdrlen == WLAN_HDR_A3_LEN) || (hdrlen == WLAN_HDR_A3_QOS_LEN))
1263 a4_exists = 0;
1264 else
1265 a4_exists = 1;
1266
1267 if ((frtype == WIFI_DATA_CFACK) || (frtype == WIFI_DATA_CFPOLL) ||
1268 (frtype == WIFI_DATA_CFACKPOLL)) {
1269 qc_exists = 1;
1270 if (hdrlen != WLAN_HDR_A3_QOS_LEN)
1271 hdrlen += 2;
1272 } else if ((frsubtype == 0x08) || (frsubtype == 0x09) ||
1273 (frsubtype == 0x0a) || (frsubtype == 0x0b)) {
1274 if (hdrlen != WLAN_HDR_A3_QOS_LEN)
1275 hdrlen += 2;
1276 qc_exists = 1;
1277 } else {
1278 qc_exists = 0;
1279 }
1280
1281
1282
1283 payload_index = hdrlen + 8;
1284
1285 for (i = 0; i < num_blocks; i++) {
1286 construct_ctr_preload(ctr_preload, a4_exists, qc_exists, pframe, pn_vector, i + 1);
1287
1288 aes128k128d(key, ctr_preload, aes_out);
1289 bitwise_xor(aes_out, &pframe[payload_index], chain_buffer);
1290
1291 for (j = 0; j < 16; j++)
1292 pframe[payload_index++] = chain_buffer[j];
1293 }
1294
1295 if (payload_remainder > 0) {
1296
1297 construct_ctr_preload(ctr_preload, a4_exists, qc_exists, pframe, pn_vector, num_blocks + 1);
1298
1299 for (j = 0; j < 16; j++)
1300 padded_buffer[j] = 0x00;
1301 for (j = 0; j < payload_remainder; j++)
1302 padded_buffer[j] = pframe[payload_index + j];
1303 aes128k128d(key, ctr_preload, aes_out);
1304 bitwise_xor(aes_out, padded_buffer, chain_buffer);
1305 for (j = 0; j < payload_remainder; j++)
1306 pframe[payload_index++] = chain_buffer[j];
1307 }
1308
1309
1310 if ((hdrlen + plen + 8) <= MAX_MSG_SIZE)
1311 memcpy(message, pframe, (hdrlen + plen + 8));
1312
1313 pn_vector[0] = pframe[hdrlen];
1314 pn_vector[1] = pframe[hdrlen + 1];
1315 pn_vector[2] = pframe[hdrlen + 4];
1316 pn_vector[3] = pframe[hdrlen + 5];
1317 pn_vector[4] = pframe[hdrlen + 6];
1318 pn_vector[5] = pframe[hdrlen + 7];
1319 construct_mic_iv(mic_iv, qc_exists, a4_exists, message, plen - 8, pn_vector);
1320
1321 construct_mic_header1(mic_header1, hdrlen, message);
1322 construct_mic_header2(mic_header2, message, a4_exists, qc_exists);
1323
1324 payload_remainder = (plen - 8) % 16;
1325 num_blocks = (plen - 8) / 16;
1326
1327
1328 payload_index = (hdrlen + 8);
1329
1330
1331 aes128k128d(key, mic_iv, aes_out);
1332 bitwise_xor(aes_out, mic_header1, chain_buffer);
1333 aes128k128d(key, chain_buffer, aes_out);
1334 bitwise_xor(aes_out, mic_header2, chain_buffer);
1335 aes128k128d(key, chain_buffer, aes_out);
1336
1337 for (i = 0; i < num_blocks; i++) {
1338 bitwise_xor(aes_out, &message[payload_index], chain_buffer);
1339
1340 payload_index += 16;
1341 aes128k128d(key, chain_buffer, aes_out);
1342 }
1343
1344
1345 if (payload_remainder > 0) {
1346 for (j = 0; j < 16; j++)
1347 padded_buffer[j] = 0x00;
1348 for (j = 0; j < payload_remainder; j++)
1349 padded_buffer[j] = message[payload_index++];
1350 bitwise_xor(aes_out, padded_buffer, chain_buffer);
1351 aes128k128d(key, chain_buffer, aes_out);
1352 }
1353
1354 for (j = 0 ; j < 8; j++)
1355 mic[j] = aes_out[j];
1356
1357
1358 for (j = 0; j < 8; j++)
1359 message[payload_index + j] = mic[j];
1360
1361 payload_index = hdrlen + 8;
1362 for (i = 0; i < num_blocks; i++) {
1363 construct_ctr_preload(ctr_preload, a4_exists, qc_exists, message, pn_vector, i + 1);
1364 aes128k128d(key, ctr_preload, aes_out);
1365 bitwise_xor(aes_out, &message[payload_index], chain_buffer);
1366 for (j = 0; j < 16; j++)
1367 message[payload_index++] = chain_buffer[j];
1368 }
1369
1370 if (payload_remainder > 0) {
1371
1372 construct_ctr_preload(ctr_preload, a4_exists, qc_exists, message, pn_vector, num_blocks + 1);
1373
1374 for (j = 0; j < 16; j++)
1375 padded_buffer[j] = 0x00;
1376 for (j = 0; j < payload_remainder; j++)
1377 padded_buffer[j] = message[payload_index + j];
1378 aes128k128d(key, ctr_preload, aes_out);
1379 bitwise_xor(aes_out, padded_buffer, chain_buffer);
1380 for (j = 0; j < payload_remainder; j++)
1381 message[payload_index++] = chain_buffer[j];
1382 }
1383
1384
1385 construct_ctr_preload(ctr_preload, a4_exists, qc_exists, message, pn_vector, 0);
1386
1387 for (j = 0; j < 16; j++)
1388 padded_buffer[j] = 0x00;
1389 for (j = 0; j < 8; j++)
1390 padded_buffer[j] = message[j + hdrlen + 8 + plen - 8];
1391
1392 aes128k128d(key, ctr_preload, aes_out);
1393 bitwise_xor(aes_out, padded_buffer, chain_buffer);
1394 for (j = 0; j < 8; j++)
1395 message[payload_index++] = chain_buffer[j];
1396
1397
1398 for (i = 0; i < 8; i++) {
1399 if (pframe[hdrlen + 8 + plen - 8 + i] != message[hdrlen + 8 + plen - 8 + i]) {
1400 DBG_88E("aes_decipher:mic check error mic[%d]: pframe(%x)!=message(%x)\n",
1401 i, pframe[hdrlen + 8 + plen - 8 + i], message[hdrlen + 8 + plen - 8 + i]);
1402 res = _FAIL;
1403 }
1404 }
1405
1406 return res;
1407}
1408
1409u32 rtw_aes_decrypt(struct adapter *padapter, u8 *precvframe)
1410{
1411
1412 int length;
1413 u8 *pframe, *prwskey;
1414 struct sta_info *stainfo;
1415 struct rx_pkt_attrib *prxattrib = &((struct recv_frame *)precvframe)->attrib;
1416 struct security_priv *psecuritypriv = &padapter->securitypriv;
1417 u32 res = _SUCCESS;
1418
1419 pframe = (unsigned char *)((struct recv_frame *)precvframe)->rx_data;
1420
1421 if (prxattrib->encrypt == _AES_) {
1422 stainfo = rtw_get_stainfo(&padapter->stapriv, &prxattrib->ta[0]);
1423 if (stainfo) {
1424 if (is_multicast_ether_addr(prxattrib->ra)) {
1425
1426 if (!psecuritypriv->binstallGrpkey) {
1427 res = _FAIL;
1428 DBG_88E("%s:rx bc/mc packets, but didn't install group key!!!!!!!!!!\n", __func__);
1429 goto exit;
1430 }
1431 prwskey = psecuritypriv->dot118021XGrpKey[prxattrib->key_index].skey;
1432 if (psecuritypriv->dot118021XGrpKeyid != prxattrib->key_index) {
1433 DBG_88E("not match packet_index=%d, install_index=%d\n",
1434 prxattrib->key_index, psecuritypriv->dot118021XGrpKeyid);
1435 res = _FAIL;
1436 goto exit;
1437 }
1438 } else {
1439 prwskey = &stainfo->dot118021x_UncstKey.skey[0];
1440 }
1441 length = ((struct recv_frame *)precvframe)->len - prxattrib->hdrlen - prxattrib->iv_len;
1442 res = aes_decipher(prwskey, prxattrib->hdrlen, pframe, length);
1443 } else {
1444 res = _FAIL;
1445 }
1446 }
1447
1448exit:
1449 return res;
1450}
1451
1452
1453const u32 Te0[256] = {
1454 0xc66363a5U, 0xf87c7c84U, 0xee777799U, 0xf67b7b8dU,
1455 0xfff2f20dU, 0xd66b6bbdU, 0xde6f6fb1U, 0x91c5c554U,
1456 0x60303050U, 0x02010103U, 0xce6767a9U, 0x562b2b7dU,
1457 0xe7fefe19U, 0xb5d7d762U, 0x4dababe6U, 0xec76769aU,
1458 0x8fcaca45U, 0x1f82829dU, 0x89c9c940U, 0xfa7d7d87U,
1459 0xeffafa15U, 0xb25959ebU, 0x8e4747c9U, 0xfbf0f00bU,
1460 0x41adadecU, 0xb3d4d467U, 0x5fa2a2fdU, 0x45afafeaU,
1461 0x239c9cbfU, 0x53a4a4f7U, 0xe4727296U, 0x9bc0c05bU,
1462 0x75b7b7c2U, 0xe1fdfd1cU, 0x3d9393aeU, 0x4c26266aU,
1463 0x6c36365aU, 0x7e3f3f41U, 0xf5f7f702U, 0x83cccc4fU,
1464 0x6834345cU, 0x51a5a5f4U, 0xd1e5e534U, 0xf9f1f108U,
1465 0xe2717193U, 0xabd8d873U, 0x62313153U, 0x2a15153fU,
1466 0x0804040cU, 0x95c7c752U, 0x46232365U, 0x9dc3c35eU,
1467 0x30181828U, 0x379696a1U, 0x0a05050fU, 0x2f9a9ab5U,
1468 0x0e070709U, 0x24121236U, 0x1b80809bU, 0xdfe2e23dU,
1469 0xcdebeb26U, 0x4e272769U, 0x7fb2b2cdU, 0xea75759fU,
1470 0x1209091bU, 0x1d83839eU, 0x582c2c74U, 0x341a1a2eU,
1471 0x361b1b2dU, 0xdc6e6eb2U, 0xb45a5aeeU, 0x5ba0a0fbU,
1472 0xa45252f6U, 0x763b3b4dU, 0xb7d6d661U, 0x7db3b3ceU,
1473 0x5229297bU, 0xdde3e33eU, 0x5e2f2f71U, 0x13848497U,
1474 0xa65353f5U, 0xb9d1d168U, 0x00000000U, 0xc1eded2cU,
1475 0x40202060U, 0xe3fcfc1fU, 0x79b1b1c8U, 0xb65b5bedU,
1476 0xd46a6abeU, 0x8dcbcb46U, 0x67bebed9U, 0x7239394bU,
1477 0x944a4adeU, 0x984c4cd4U, 0xb05858e8U, 0x85cfcf4aU,
1478 0xbbd0d06bU, 0xc5efef2aU, 0x4faaaae5U, 0xedfbfb16U,
1479 0x864343c5U, 0x9a4d4dd7U, 0x66333355U, 0x11858594U,
1480 0x8a4545cfU, 0xe9f9f910U, 0x04020206U, 0xfe7f7f81U,
1481 0xa05050f0U, 0x783c3c44U, 0x259f9fbaU, 0x4ba8a8e3U,
1482 0xa25151f3U, 0x5da3a3feU, 0x804040c0U, 0x058f8f8aU,
1483 0x3f9292adU, 0x219d9dbcU, 0x70383848U, 0xf1f5f504U,
1484 0x63bcbcdfU, 0x77b6b6c1U, 0xafdada75U, 0x42212163U,
1485 0x20101030U, 0xe5ffff1aU, 0xfdf3f30eU, 0xbfd2d26dU,
1486 0x81cdcd4cU, 0x180c0c14U, 0x26131335U, 0xc3ecec2fU,
1487 0xbe5f5fe1U, 0x359797a2U, 0x884444ccU, 0x2e171739U,
1488 0x93c4c457U, 0x55a7a7f2U, 0xfc7e7e82U, 0x7a3d3d47U,
1489 0xc86464acU, 0xba5d5de7U, 0x3219192bU, 0xe6737395U,
1490 0xc06060a0U, 0x19818198U, 0x9e4f4fd1U, 0xa3dcdc7fU,
1491 0x44222266U, 0x542a2a7eU, 0x3b9090abU, 0x0b888883U,
1492 0x8c4646caU, 0xc7eeee29U, 0x6bb8b8d3U, 0x2814143cU,
1493 0xa7dede79U, 0xbc5e5ee2U, 0x160b0b1dU, 0xaddbdb76U,
1494 0xdbe0e03bU, 0x64323256U, 0x743a3a4eU, 0x140a0a1eU,
1495 0x924949dbU, 0x0c06060aU, 0x4824246cU, 0xb85c5ce4U,
1496 0x9fc2c25dU, 0xbdd3d36eU, 0x43acacefU, 0xc46262a6U,
1497 0x399191a8U, 0x319595a4U, 0xd3e4e437U, 0xf279798bU,
1498 0xd5e7e732U, 0x8bc8c843U, 0x6e373759U, 0xda6d6db7U,
1499 0x018d8d8cU, 0xb1d5d564U, 0x9c4e4ed2U, 0x49a9a9e0U,
1500 0xd86c6cb4U, 0xac5656faU, 0xf3f4f407U, 0xcfeaea25U,
1501 0xca6565afU, 0xf47a7a8eU, 0x47aeaee9U, 0x10080818U,
1502 0x6fbabad5U, 0xf0787888U, 0x4a25256fU, 0x5c2e2e72U,
1503 0x381c1c24U, 0x57a6a6f1U, 0x73b4b4c7U, 0x97c6c651U,
1504 0xcbe8e823U, 0xa1dddd7cU, 0xe874749cU, 0x3e1f1f21U,
1505 0x964b4bddU, 0x61bdbddcU, 0x0d8b8b86U, 0x0f8a8a85U,
1506 0xe0707090U, 0x7c3e3e42U, 0x71b5b5c4U, 0xcc6666aaU,
1507 0x904848d8U, 0x06030305U, 0xf7f6f601U, 0x1c0e0e12U,
1508 0xc26161a3U, 0x6a35355fU, 0xae5757f9U, 0x69b9b9d0U,
1509 0x17868691U, 0x99c1c158U, 0x3a1d1d27U, 0x279e9eb9U,
1510 0xd9e1e138U, 0xebf8f813U, 0x2b9898b3U, 0x22111133U,
1511 0xd26969bbU, 0xa9d9d970U, 0x078e8e89U, 0x339494a7U,
1512 0x2d9b9bb6U, 0x3c1e1e22U, 0x15878792U, 0xc9e9e920U,
1513 0x87cece49U, 0xaa5555ffU, 0x50282878U, 0xa5dfdf7aU,
1514 0x038c8c8fU, 0x59a1a1f8U, 0x09898980U, 0x1a0d0d17U,
1515 0x65bfbfdaU, 0xd7e6e631U, 0x844242c6U, 0xd06868b8U,
1516 0x824141c3U, 0x299999b0U, 0x5a2d2d77U, 0x1e0f0f11U,
1517 0x7bb0b0cbU, 0xa85454fcU, 0x6dbbbbd6U, 0x2c16163aU,
1518};
1519
1520const u32 Td0[256] = {
1521 0x51f4a750U, 0x7e416553U, 0x1a17a4c3U, 0x3a275e96U,
1522 0x3bab6bcbU, 0x1f9d45f1U, 0xacfa58abU, 0x4be30393U,
1523 0x2030fa55U, 0xad766df6U, 0x88cc7691U, 0xf5024c25U,
1524 0x4fe5d7fcU, 0xc52acbd7U, 0x26354480U, 0xb562a38fU,
1525 0xdeb15a49U, 0x25ba1b67U, 0x45ea0e98U, 0x5dfec0e1U,
1526 0xc32f7502U, 0x814cf012U, 0x8d4697a3U, 0x6bd3f9c6U,
1527 0x038f5fe7U, 0x15929c95U, 0xbf6d7aebU, 0x955259daU,
1528 0xd4be832dU, 0x587421d3U, 0x49e06929U, 0x8ec9c844U,
1529 0x75c2896aU, 0xf48e7978U, 0x99583e6bU, 0x27b971ddU,
1530 0xbee14fb6U, 0xf088ad17U, 0xc920ac66U, 0x7dce3ab4U,
1531 0x63df4a18U, 0xe51a3182U, 0x97513360U, 0x62537f45U,
1532 0xb16477e0U, 0xbb6bae84U, 0xfe81a01cU, 0xf9082b94U,
1533 0x70486858U, 0x8f45fd19U, 0x94de6c87U, 0x527bf8b7U,
1534 0xab73d323U, 0x724b02e2U, 0xe31f8f57U, 0x6655ab2aU,
1535 0xb2eb2807U, 0x2fb5c203U, 0x86c57b9aU, 0xd33708a5U,
1536 0x302887f2U, 0x23bfa5b2U, 0x02036abaU, 0xed16825cU,
1537 0x8acf1c2bU, 0xa779b492U, 0xf307f2f0U, 0x4e69e2a1U,
1538 0x65daf4cdU, 0x0605bed5U, 0xd134621fU, 0xc4a6fe8aU,
1539 0x342e539dU, 0xa2f355a0U, 0x058ae132U, 0xa4f6eb75U,
1540 0x0b83ec39U, 0x4060efaaU, 0x5e719f06U, 0xbd6e1051U,
1541 0x3e218af9U, 0x96dd063dU, 0xdd3e05aeU, 0x4de6bd46U,
1542 0x91548db5U, 0x71c45d05U, 0x0406d46fU, 0x605015ffU,
1543 0x1998fb24U, 0xd6bde997U, 0x894043ccU, 0x67d99e77U,
1544 0xb0e842bdU, 0x07898b88U, 0xe7195b38U, 0x79c8eedbU,
1545 0xa17c0a47U, 0x7c420fe9U, 0xf8841ec9U, 0x00000000U,
1546 0x09808683U, 0x322bed48U, 0x1e1170acU, 0x6c5a724eU,
1547 0xfd0efffbU, 0x0f853856U, 0x3daed51eU, 0x362d3927U,
1548 0x0a0fd964U, 0x685ca621U, 0x9b5b54d1U, 0x24362e3aU,
1549 0x0c0a67b1U, 0x9357e70fU, 0xb4ee96d2U, 0x1b9b919eU,
1550 0x80c0c54fU, 0x61dc20a2U, 0x5a774b69U, 0x1c121a16U,
1551 0xe293ba0aU, 0xc0a02ae5U, 0x3c22e043U, 0x121b171dU,
1552 0x0e090d0bU, 0xf28bc7adU, 0x2db6a8b9U, 0x141ea9c8U,
1553 0x57f11985U, 0xaf75074cU, 0xee99ddbbU, 0xa37f60fdU,
1554 0xf701269fU, 0x5c72f5bcU, 0x44663bc5U, 0x5bfb7e34U,
1555 0x8b432976U, 0xcb23c6dcU, 0xb6edfc68U, 0xb8e4f163U,
1556 0xd731dccaU, 0x42638510U, 0x13972240U, 0x84c61120U,
1557 0x854a247dU, 0xd2bb3df8U, 0xaef93211U, 0xc729a16dU,
1558 0x1d9e2f4bU, 0xdcb230f3U, 0x0d8652ecU, 0x77c1e3d0U,
1559 0x2bb3166cU, 0xa970b999U, 0x119448faU, 0x47e96422U,
1560 0xa8fc8cc4U, 0xa0f03f1aU, 0x567d2cd8U, 0x223390efU,
1561 0x87494ec7U, 0xd938d1c1U, 0x8ccaa2feU, 0x98d40b36U,
1562 0xa6f581cfU, 0xa57ade28U, 0xdab78e26U, 0x3fadbfa4U,
1563 0x2c3a9de4U, 0x5078920dU, 0x6a5fcc9bU, 0x547e4662U,
1564 0xf68d13c2U, 0x90d8b8e8U, 0x2e39f75eU, 0x82c3aff5U,
1565 0x9f5d80beU, 0x69d0937cU, 0x6fd52da9U, 0xcf2512b3U,
1566 0xc8ac993bU, 0x10187da7U, 0xe89c636eU, 0xdb3bbb7bU,
1567 0xcd267809U, 0x6e5918f4U, 0xec9ab701U, 0x834f9aa8U,
1568 0xe6956e65U, 0xaaffe67eU, 0x21bccf08U, 0xef15e8e6U,
1569 0xbae79bd9U, 0x4a6f36ceU, 0xea9f09d4U, 0x29b07cd6U,
1570 0x31a4b2afU, 0x2a3f2331U, 0xc6a59430U, 0x35a266c0U,
1571 0x744ebc37U, 0xfc82caa6U, 0xe090d0b0U, 0x33a7d815U,
1572 0xf104984aU, 0x41ecdaf7U, 0x7fcd500eU, 0x1791f62fU,
1573 0x764dd68dU, 0x43efb04dU, 0xccaa4d54U, 0xe49604dfU,
1574 0x9ed1b5e3U, 0x4c6a881bU, 0xc12c1fb8U, 0x4665517fU,
1575 0x9d5eea04U, 0x018c355dU, 0xfa877473U, 0xfb0b412eU,
1576 0xb3671d5aU, 0x92dbd252U, 0xe9105633U, 0x6dd64713U,
1577 0x9ad7618cU, 0x37a10c7aU, 0x59f8148eU, 0xeb133c89U,
1578 0xcea927eeU, 0xb761c935U, 0xe11ce5edU, 0x7a47b13cU,
1579 0x9cd2df59U, 0x55f2733fU, 0x1814ce79U, 0x73c737bfU,
1580 0x53f7cdeaU, 0x5ffdaa5bU, 0xdf3d6f14U, 0x7844db86U,
1581 0xcaaff381U, 0xb968c43eU, 0x3824342cU, 0xc2a3405fU,
1582 0x161dc372U, 0xbce2250cU, 0x283c498bU, 0xff0d9541U,
1583 0x39a80171U, 0x080cb3deU, 0xd8b4e49cU, 0x6456c190U,
1584 0x7bcb8461U, 0xd532b670U, 0x486c5c74U, 0xd0b85742U,
1585};
1586
1587const u8 Td4s[256] = {
1588 0x52U, 0x09U, 0x6aU, 0xd5U, 0x30U, 0x36U, 0xa5U, 0x38U,
1589 0xbfU, 0x40U, 0xa3U, 0x9eU, 0x81U, 0xf3U, 0xd7U, 0xfbU,
1590 0x7cU, 0xe3U, 0x39U, 0x82U, 0x9bU, 0x2fU, 0xffU, 0x87U,
1591 0x34U, 0x8eU, 0x43U, 0x44U, 0xc4U, 0xdeU, 0xe9U, 0xcbU,
1592 0x54U, 0x7bU, 0x94U, 0x32U, 0xa6U, 0xc2U, 0x23U, 0x3dU,
1593 0xeeU, 0x4cU, 0x95U, 0x0bU, 0x42U, 0xfaU, 0xc3U, 0x4eU,
1594 0x08U, 0x2eU, 0xa1U, 0x66U, 0x28U, 0xd9U, 0x24U, 0xb2U,
1595 0x76U, 0x5bU, 0xa2U, 0x49U, 0x6dU, 0x8bU, 0xd1U, 0x25U,
1596 0x72U, 0xf8U, 0xf6U, 0x64U, 0x86U, 0x68U, 0x98U, 0x16U,
1597 0xd4U, 0xa4U, 0x5cU, 0xccU, 0x5dU, 0x65U, 0xb6U, 0x92U,
1598 0x6cU, 0x70U, 0x48U, 0x50U, 0xfdU, 0xedU, 0xb9U, 0xdaU,
1599 0x5eU, 0x15U, 0x46U, 0x57U, 0xa7U, 0x8dU, 0x9dU, 0x84U,
1600 0x90U, 0xd8U, 0xabU, 0x00U, 0x8cU, 0xbcU, 0xd3U, 0x0aU,
1601 0xf7U, 0xe4U, 0x58U, 0x05U, 0xb8U, 0xb3U, 0x45U, 0x06U,
1602 0xd0U, 0x2cU, 0x1eU, 0x8fU, 0xcaU, 0x3fU, 0x0fU, 0x02U,
1603 0xc1U, 0xafU, 0xbdU, 0x03U, 0x01U, 0x13U, 0x8aU, 0x6bU,
1604 0x3aU, 0x91U, 0x11U, 0x41U, 0x4fU, 0x67U, 0xdcU, 0xeaU,
1605 0x97U, 0xf2U, 0xcfU, 0xceU, 0xf0U, 0xb4U, 0xe6U, 0x73U,
1606 0x96U, 0xacU, 0x74U, 0x22U, 0xe7U, 0xadU, 0x35U, 0x85U,
1607 0xe2U, 0xf9U, 0x37U, 0xe8U, 0x1cU, 0x75U, 0xdfU, 0x6eU,
1608 0x47U, 0xf1U, 0x1aU, 0x71U, 0x1dU, 0x29U, 0xc5U, 0x89U,
1609 0x6fU, 0xb7U, 0x62U, 0x0eU, 0xaaU, 0x18U, 0xbeU, 0x1bU,
1610 0xfcU, 0x56U, 0x3eU, 0x4bU, 0xc6U, 0xd2U, 0x79U, 0x20U,
1611 0x9aU, 0xdbU, 0xc0U, 0xfeU, 0x78U, 0xcdU, 0x5aU, 0xf4U,
1612 0x1fU, 0xddU, 0xa8U, 0x33U, 0x88U, 0x07U, 0xc7U, 0x31U,
1613 0xb1U, 0x12U, 0x10U, 0x59U, 0x27U, 0x80U, 0xecU, 0x5fU,
1614 0x60U, 0x51U, 0x7fU, 0xa9U, 0x19U, 0xb5U, 0x4aU, 0x0dU,
1615 0x2dU, 0xe5U, 0x7aU, 0x9fU, 0x93U, 0xc9U, 0x9cU, 0xefU,
1616 0xa0U, 0xe0U, 0x3bU, 0x4dU, 0xaeU, 0x2aU, 0xf5U, 0xb0U,
1617 0xc8U, 0xebU, 0xbbU, 0x3cU, 0x83U, 0x53U, 0x99U, 0x61U,
1618 0x17U, 0x2bU, 0x04U, 0x7eU, 0xbaU, 0x77U, 0xd6U, 0x26U,
1619 0xe1U, 0x69U, 0x14U, 0x63U, 0x55U, 0x21U, 0x0cU, 0x7dU,
1620};
1621const u8 rcons[] = {
1622 0x01, 0x02, 0x04, 0x08, 0x10, 0x20, 0x40, 0x80, 0x1B, 0x36
1623
1624};
1625
1626
1627
1628
1629
1630
1631#define ROUND(i, d, s) \
1632do { \
1633 d##0 = TE0(s##0) ^ TE1(s##1) ^ TE2(s##2) ^ TE3(s##3) ^ rk[4 * i]; \
1634 d##1 = TE0(s##1) ^ TE1(s##2) ^ TE2(s##3) ^ TE3(s##0) ^ rk[4 * i + 1]; \
1635 d##2 = TE0(s##2) ^ TE1(s##3) ^ TE2(s##0) ^ TE3(s##1) ^ rk[4 * i + 2]; \
1636 d##3 = TE0(s##3) ^ TE1(s##0) ^ TE2(s##1) ^ TE3(s##2) ^ rk[4 * i + 3]; \
1637} while (0);
1638
1639
1640
1641
1642
1643
1644
1645
1646
1647
1648
1649
1650
1651void rtw_use_tkipkey_handler(void *FunctionContext)
1652{
1653 struct adapter *padapter = (struct adapter *)FunctionContext;
1654
1655 padapter->securitypriv.busetkipkey = true;
1656}
1657